[exim-cvs] More bug-fixes, GSASL DIGEST-MD5 now works.

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Exim Git Commits Mailing List
Data:  
Para: exim-cvs
Assunto: [exim-cvs] More bug-fixes, GSASL DIGEST-MD5 now works.
Gitweb: http://git.exim.org/exim.git/commitdiff/ce52b325c3cdc39c3dbc933fb9630d894a03feb0
Commit:     ce52b325c3cdc39c3dbc933fb9630d894a03feb0
Parent:     b9c5be1c924b3414d135b40d6d75d6bd9af2f21e
Author:     Phil Pennock <pdp@???>
AuthorDate: Sun Feb 5 20:36:51 2012 -0500
Committer:  Phil Pennock <pdp@???>
CommitDate: Sun Feb 5 20:36:51 2012 -0500


    More bug-fixes, GSASL DIGEST-MD5 now works.


    Defined helper streqic() since I seem tired enough to be forgetting ==0 checks.
    Deal with left-over-data-to-send correctly.
    Now tested with PLAIN, CRAM-MD5, DIGEST-MD5.
    For DIGEST-MD5, check for server_realm, since GSASL doesn't error out without it.
---
 src/src/auths/gsasl_exim.c |   37 ++++++++++++++++++++++++++++---------
 src/src/macros.h           |    5 +++++
 2 files changed, 33 insertions(+), 9 deletions(-)


diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c
index e88bd25..3c8a250 100644
--- a/src/src/auths/gsasl_exim.c
+++ b/src/src/auths/gsasl_exim.c
@@ -146,14 +146,22 @@ auth_gsasl_init(auth_instance *ablock)
               ablock->name, ob->server_mech);


   if ((ablock->server_condition == NULL) &&
-      (strcmpic(ob->server_mech, US"EXTERNAL") ||
-       strcmpic(ob->server_mech, US"ANONYMOUS") ||
-       strcmpic(ob->server_mech, US"PLAIN") ||
-       strcmpic(ob->server_mech, US"LOGIN")))
+      (streqic(ob->server_mech, US"EXTERNAL") ||
+       streqic(ob->server_mech, US"ANONYMOUS") ||
+       streqic(ob->server_mech, US"PLAIN") ||
+       streqic(ob->server_mech, US"LOGIN")))
     log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator:  "
               "Need server_condition for %s mechanism",
               ablock->name, ob->server_mech);


+  /* This does *not* scale to new SASL mechanisms.  Need a better way to ask
+  which properties will be needed. */
+  if ((ob->server_realm == NULL) &&
+      streqic(ob->server_mech, US"DIGEST-MD5"))
+    log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator:  "
+              "Need server_realm for %s mechanism",
+              ablock->name, ob->server_mech);
+
   /* At present, for mechanisms we don't panic on absence of server_condition;
   need to figure out the most generically correct approach to deciding when
   it's critical and when it isn't.  Eg, for simple validation (PLAIN mechanism,
@@ -176,8 +184,9 @@ main_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop)
   struct callback_exim_state *cb_state =
     (struct callback_exim_state *)gsasl_session_hook_get(sctx);


-  HDEBUG(D_auth) debug_printf("Callback entered, prop=%d (loop prop=%d)\n",
-      prop, callback_loop);
+  HDEBUG(D_auth)
+    debug_printf("GNU SASL Callback entered, prop=%d (loop prop=%d)\n",
+        prop, callback_loop);


   if (cb_state == NULL) {
     HDEBUG(D_auth) debug_printf("  not from our server/client processing.\n");
@@ -305,7 +314,9 @@ auth_gsasl_server(auth_instance *ablock, uschar *initial_data)


     switch (rc) {
       case GSASL_OK:
-        goto STOP_INTERACTION;
+        if (!to_send)
+          goto STOP_INTERACTION;
+        break;


       case GSASL_NEEDS_MORE:
         break;
@@ -337,8 +348,16 @@ auth_gsasl_server(auth_instance *ablock, uschar *initial_data)
         goto STOP_INTERACTION;
     }


-    exim_error =
-      auth_get_no64_data((uschar **)&received, (uschar *)to_send);
+    if ((rc == GSASL_NEEDS_MORE) ||
+        (to_send && *to_send))
+      exim_error =
+        auth_get_no64_data((uschar **)&received, (uschar *)to_send);
+
+    if (to_send) {
+      free(to_send);
+      to_send = NULL;
+    }
+
     if (exim_error)
       break; /* handles * cancelled check */


diff --git a/src/src/macros.h b/src/src/macros.h
index 451bc56..c1c4cc3 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -72,6 +72,11 @@ as unsigned. */
((uschar)(c) > 127 && print_topbitchars))


+/* Convenience for testing strings */
+
+#define streqic(Foo, Bar) (strcmpic(Foo, Bar) == 0)
+
+
/* When built with TLS support, the act of flushing SMTP output becomes
a no-op once an SSL session is in progress. */