* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2012 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
/* Copyright (c) Twitter Inc 2012
FALSE /* server_channelbinding */
};
+
+#ifdef MACRO_PREDEF
+
+/* Dummy values */
+void auth_gsasl_init(auth_instance *ablock) {}
+int auth_gsasl_server(auth_instance *ablock, uschar *data) {return 0;}
+int auth_gsasl_client(auth_instance *ablock, smtp_inblock * sx,
+ int timeout, uschar *buffer, int buffsize) {return 0;}
+void auth_gsasl_version_report(FILE *f) {}
+
+#else /*!MACRO_PREDEF*/
+
+
+
/* "Globals" for managing the gsasl interface. */
static Gsasl *gsasl_ctx = NULL;
ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc));
HDEBUG(D_auth) debug_printf("GNU SASL supports: %s\n", p);
- supported = gsasl_client_support_p(gsasl_ctx, (const char *)ob->server_mech);
+ supported = gsasl_client_support_p(gsasl_ctx, CCS ob->server_mech);
if (!supported)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
"GNU SASL does not support mechanism \"%s\"",
debug_printf("GNU SASL: initialising session for %s, mechanism %s.\n",
ablock->name, ob->server_mech);
- rc = gsasl_server_start(gsasl_ctx, (const char *)ob->server_mech, &sctx);
+ rc = gsasl_server_start(gsasl_ctx, CCS ob->server_mech, &sctx);
if (rc != GSASL_OK) {
auth_defer_msg = string_sprintf("GNU SASL: session start failure: %s (%s)",
gsasl_strerror_name(rc), gsasl_strerror(rc));
gsasl_property_set(sctx, GSASL_QOPS, "qop-auth");
#ifdef SUPPORT_TLS
if (tls_channelbinding_b64) {
- /* Some auth mechanisms can ensure that both sides are talking withing the
+ /* Some auth mechanisms can ensure that both sides are talking within the
same security context; for TLS, this means that even if a bad certificate
has been accepted, they remain MitM-proof because both sides must be within
the same negotiated session; if someone is terminating one session and
HDEBUG(D_auth) debug_printf("Auth %s: Enabling channel-binding\n",
ablock->name);
gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE,
- (const char *) tls_channelbinding_b64);
+ CCS tls_channelbinding_b64);
} else {
HDEBUG(D_auth)
debug_printf("Auth %s: Not enabling channel-binding (data available)\n",
if ((rc == GSASL_NEEDS_MORE) ||
(to_send && *to_send))
exim_error =
- auth_get_no64_data((uschar **)&received, (uschar *)to_send);
+ auth_get_no64_data((uschar **)&received, US to_send);
if (to_send) {
free(to_send);
switch (prop) {
case GSASL_VALIDATE_SIMPLE:
/* GSASL_AUTHID, GSASL_AUTHZID, and GSASL_PASSWORD */
- propval = (uschar *) gsasl_property_fast(sctx, GSASL_AUTHID);
+ propval = US gsasl_property_fast(sctx, GSASL_AUTHID);
auth_vars[0] = expand_nstring[1] = propval ? propval : US"";
- propval = (uschar *) gsasl_property_fast(sctx, GSASL_AUTHZID);
+ propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
auth_vars[1] = expand_nstring[2] = propval ? propval : US"";
- propval = (uschar *) gsasl_property_fast(sctx, GSASL_PASSWORD);
+ propval = US gsasl_property_fast(sctx, GSASL_PASSWORD);
auth_vars[2] = expand_nstring[3] = propval ? propval : US"";
expand_nmax = 3;
for (i = 1; i <= 3; ++i)
cbrc = GSASL_AUTHENTICATION_ERROR;
break;
}
- propval = (uschar *) gsasl_property_fast(sctx, GSASL_AUTHZID);
+ propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
/* We always set $auth1, even if only to empty string. */
auth_vars[0] = expand_nstring[1] = propval ? propval : US"";
expand_nlength[1] = Ustrlen(expand_nstring[1]);
cbrc = GSASL_AUTHENTICATION_ERROR;
break;
}
- propval = (uschar *) gsasl_property_fast(sctx, GSASL_ANONYMOUS_TOKEN);
+ propval = US gsasl_property_fast(sctx, GSASL_ANONYMOUS_TOKEN);
/* We always set $auth1, even if only to empty string. */
auth_vars[0] = expand_nstring[1] = propval ? propval : US"";
expand_nlength[1] = Ustrlen(expand_nstring[1]);
First coding, we had these values swapped, but for consistency and prior
to the first release of Exim with this authenticator, they've been
switched to match the ordering of GSASL_VALIDATE_SIMPLE. */
- propval = (uschar *) gsasl_property_fast(sctx, GSASL_GSSAPI_DISPLAY_NAME);
+ propval = US gsasl_property_fast(sctx, GSASL_GSSAPI_DISPLAY_NAME);
auth_vars[0] = expand_nstring[1] = propval ? propval : US"";
- propval = (uschar *) gsasl_property_fast(sctx, GSASL_AUTHZID);
+ propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
auth_vars[1] = expand_nstring[2] = propval ? propval : US"";
expand_nmax = 2;
for (i = 1; i <= 2; ++i)
a new mechanism is added to the library. It *shouldn't* result in us
needing to add more glue, since avoiding that is a large part of the
point of SASL. */
- propval = (uschar *) gsasl_property_fast(sctx, GSASL_AUTHID);
+ propval = US gsasl_property_fast(sctx, GSASL_AUTHID);
auth_vars[0] = expand_nstring[1] = propval ? propval : US"";
- propval = (uschar *) gsasl_property_fast(sctx, GSASL_AUTHZID);
+ propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
auth_vars[1] = expand_nstring[2] = propval ? propval : US"";
- propval = (uschar *) gsasl_property_fast(sctx, GSASL_REALM);
+ propval = US gsasl_property_fast(sctx, GSASL_REALM);
auth_vars[2] = expand_nstring[3] = propval ? propval : US"";
expand_nmax = 3;
for (i = 1; i <= 3; ++i)
tmps = CS expand_string(ob->server_password);
if (tmps == NULL) {
- sasl_error_should_defer = expand_string_forcedfail ? FALSE : TRUE;
+ sasl_error_should_defer = f.expand_string_forcedfail ? FALSE : TRUE;
HDEBUG(D_auth) debug_printf("server_password expansion failed, so "
"can't tell GNU SASL library the password for %s\n", auth_vars[0]);
return GSASL_AUTHENTICATION_ERROR;
int
auth_gsasl_client(
- auth_instance *ablock, /* authenticator block */
- smtp_inblock *inblock, /* connection inblock */
- smtp_outblock *outblock, /* connection outblock */
- int timeout, /* command timeout */
- uschar *buffer, /* buffer for reading response */
- int buffsize) /* size of buffer */
+ auth_instance *ablock, /* authenticator block */
+ smtp_inblock * sx, /* connection */
+ int timeout, /* command timeout */
+ uschar *buffer, /* buffer for reading response */
+ int buffsize) /* size of buffer */
{
HDEBUG(D_auth)
debug_printf("Client side NOT IMPLEMENTED: you should not see this!\n");
GSASL_VERSION, runtime);
}
+#endif /*!MACRO_PREDEF*/
#endif /* AUTH_GSASL */
/* End of gsasl_exim.c */
HCoop / hcoop / debian / exim4.git / blobdiff