Redo AUTH PLAIN and AUTH LOGIN correctly(?) this time. (Michael Holzt)

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@634 958fd67b-6ff1-0310-b445-bb7760255be9
2006-04-24 15:48:24 +00:00 · 2006-04-24 15:48:24 +00:00 · af93447e78
commit af93447e78
parent ff4e92bb4e
1 changed files with 21 additions and 22 deletions
--- a/lib/Qpsmtpd/Auth.pm
+++ b/lib/Qpsmtpd/Auth.pm
@ -16,7 +16,7 @@ sub SASL {

    # $DB::single = 1;
    my ( $session, $mechanism, $prekey ) = @_;
-    my ( $user, $passClear, $passHash, $ticket );
+    my ( $user, $passClear, $passHash, $ticket, $loginas );
    $mechanism = lc($mechanism);

    if ( $mechanism eq "plain" ) {
@ -24,43 +24,36 @@ sub SASL {
          $session->respond( 334, "Please continue" );
          $prekey= <STDIN>;
        }
-        ( $passHash, $user, $passClear ) = split /\x0/,
+        ( $loginas, $user, $passClear ) = split /\x0/,
          decode_base64($prekey);
-
-        unless ($user && $passClear) {
-          $session->respond(504, "Invalid authentification string");
+          
+        # Authorization ID must not be different from
+        # Authentication ID
+        if ( $loginas ne '' && $loginas != $user ) {
+          $session->respond(535, "Authentication invalid");
          return DECLINED;
        }
    }
    elsif ($mechanism eq "login") {

        if ( $prekey ) {
-          ( $passHash, $user, $passClear ) = split /\x0/,
-	    decode_base64($prekey);
-
-          unless ($user && $passClear) {
-            $session->respond(504, "Invalid authentification string");
-            return DECLINED;
-          }
+          $user = decode_base64($prekey);
        }
        else {
-    
          $session->respond(334, e64("Username:"));
          $user = decode_base64(<STDIN>);
-          #warn("Debug: User: '$user'");
          if ($user eq '*') {
            $session->respond(501, "Authentification canceled");
            return DECLINED;
          }
+        }
    
-          $session->respond(334, e64("Password:"));
-          $passClear = <STDIN>;
-          $passClear = decode_base64($passClear);
-          #warn("Debug: Pass: '$pass'");
-          if ($passClear eq '*') {
-            $session->respond(501, "Authentification canceled");
-            return DECLINED;
-          }
+        $session->respond(334, e64("Password:"));
+        $passClear = <STDIN>;
+        $passClear = decode_base64($passClear);
+        if ($passClear eq '*') {
+          $session->respond(501, "Authentification canceled");
+          return DECLINED;
        }
    }
    elsif ( $mechanism eq "cram-md5" ) {
@ -87,6 +80,12 @@ sub SASL {
        return DECLINED;
    }

+    # Make sure that we have enough information to proceed
+    unless ( $user && ($passClear || $passHash) ) {
+      $session->respond(504, "Invalid authentification string");
+      return DECLINED;
+    }
+
    # try running the specific hooks first
    my ( $rc, $msg ) =
      $session->run_hooks( "auth-$mechanism", $mechanism, $user, $passClear,