Re: [exim] SPA Authenticator: using @ in Outlook username do…

Top Page
Delete this message
Reply to this message
Author: Jan Catrysse
Date:  
To: Exim-users
Subject: Re: [exim] SPA Authenticator: using @ in Outlook username does not work
On 2021-07-30 14:39, Jeremy Harris wrote:
> The server-side spa code only writes $auth1 in one place, before
> the call to evaluate the server_password.  Since you're doing a
> lookup, the use there should be visible in debug.
>
> I assume it's wrong at that time.


Yes, indeed. The $auth1 only has the "user" part and not the "domain" part in it.

> The value being used appears to derive from data sent by the
> client in response to a challenge from the server.  There's enogh
> code munging it I can't swear it won't fall over on an '@' -
> but I don't see one mentioned explicitly.
>
> Are you certain that the full string is being supplied by the client?


No, I am not sure and I am not sure how I can verify this. But I am under the impression it has something to do with the "optional" domain part not being used correctly.

> The docs chapter mentions that the domain is optional, so I could
> imaging it being treated as a separate item.  Unfortunately, it also
> only describes $auth1 as getting the user name; no mention of the
> domain around the same place.
>
> Hmm.  A relevant data structure does have separate fields "uUser" and "uDomain" -
> and the server-side code doesn't use it.  The client-side code does.
> OK, this has likely never worked.  For now, you're out of luck with SPA.


That seems a logic explanation.

> --
> Cheers,
>    Jeremy


Thanks, Jan