Redo AUTH PLAIN and AUTH LOGIN correctly(?) this time. (Michael Holzt)
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@634 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
parent
ff4e92bb4e
commit
af93447e78
@ -16,7 +16,7 @@ sub SASL {
|
|||||||
|
|
||||||
# $DB::single = 1;
|
# $DB::single = 1;
|
||||||
my ( $session, $mechanism, $prekey ) = @_;
|
my ( $session, $mechanism, $prekey ) = @_;
|
||||||
my ( $user, $passClear, $passHash, $ticket );
|
my ( $user, $passClear, $passHash, $ticket, $loginas );
|
||||||
$mechanism = lc($mechanism);
|
$mechanism = lc($mechanism);
|
||||||
|
|
||||||
if ( $mechanism eq "plain" ) {
|
if ( $mechanism eq "plain" ) {
|
||||||
@ -24,45 +24,38 @@ sub SASL {
|
|||||||
$session->respond( 334, "Please continue" );
|
$session->respond( 334, "Please continue" );
|
||||||
$prekey= <STDIN>;
|
$prekey= <STDIN>;
|
||||||
}
|
}
|
||||||
( $passHash, $user, $passClear ) = split /\x0/,
|
( $loginas, $user, $passClear ) = split /\x0/,
|
||||||
decode_base64($prekey);
|
decode_base64($prekey);
|
||||||
|
|
||||||
unless ($user && $passClear) {
|
# Authorization ID must not be different from
|
||||||
$session->respond(504, "Invalid authentification string");
|
# Authentication ID
|
||||||
|
if ( $loginas ne '' && $loginas != $user ) {
|
||||||
|
$session->respond(535, "Authentication invalid");
|
||||||
return DECLINED;
|
return DECLINED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
elsif ($mechanism eq "login") {
|
elsif ($mechanism eq "login") {
|
||||||
|
|
||||||
if ( $prekey ) {
|
if ( $prekey ) {
|
||||||
( $passHash, $user, $passClear ) = split /\x0/,
|
$user = decode_base64($prekey);
|
||||||
decode_base64($prekey);
|
|
||||||
|
|
||||||
unless ($user && $passClear) {
|
|
||||||
$session->respond(504, "Invalid authentification string");
|
|
||||||
return DECLINED;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
||||||
$session->respond(334, e64("Username:"));
|
$session->respond(334, e64("Username:"));
|
||||||
$user = decode_base64(<STDIN>);
|
$user = decode_base64(<STDIN>);
|
||||||
#warn("Debug: User: '$user'");
|
|
||||||
if ($user eq '*') {
|
if ($user eq '*') {
|
||||||
$session->respond(501, "Authentification canceled");
|
$session->respond(501, "Authentification canceled");
|
||||||
return DECLINED;
|
return DECLINED;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$session->respond(334, e64("Password:"));
|
$session->respond(334, e64("Password:"));
|
||||||
$passClear = <STDIN>;
|
$passClear = <STDIN>;
|
||||||
$passClear = decode_base64($passClear);
|
$passClear = decode_base64($passClear);
|
||||||
#warn("Debug: Pass: '$pass'");
|
|
||||||
if ($passClear eq '*') {
|
if ($passClear eq '*') {
|
||||||
$session->respond(501, "Authentification canceled");
|
$session->respond(501, "Authentification canceled");
|
||||||
return DECLINED;
|
return DECLINED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
elsif ( $mechanism eq "cram-md5" ) {
|
elsif ( $mechanism eq "cram-md5" ) {
|
||||||
|
|
||||||
# rand() is not cryptographic, but we only need to generate a globally
|
# rand() is not cryptographic, but we only need to generate a globally
|
||||||
@ -87,6 +80,12 @@ sub SASL {
|
|||||||
return DECLINED;
|
return DECLINED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Make sure that we have enough information to proceed
|
||||||
|
unless ( $user && ($passClear || $passHash) ) {
|
||||||
|
$session->respond(504, "Invalid authentification string");
|
||||||
|
return DECLINED;
|
||||||
|
}
|
||||||
|
|
||||||
# try running the specific hooks first
|
# try running the specific hooks first
|
||||||
my ( $rc, $msg ) =
|
my ( $rc, $msg ) =
|
||||||
$session->run_hooks( "auth-$mechanism", $mechanism, $user, $passClear,
|
$session->run_hooks( "auth-$mechanism", $mechanism, $user, $passClear,
|
||||||
|
Loading…
Reference in New Issue
Block a user