Redo AUTH PLAIN and AUTH LOGIN correctly(?) this time. (Michael Holzt)

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@634 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
John Peacock 2006-04-24 15:48:24 +00:00
parent ff4e92bb4e
commit af93447e78

View File

@ -16,7 +16,7 @@ sub SASL {
# $DB::single = 1; # $DB::single = 1;
my ( $session, $mechanism, $prekey ) = @_; my ( $session, $mechanism, $prekey ) = @_;
my ( $user, $passClear, $passHash, $ticket ); my ( $user, $passClear, $passHash, $ticket, $loginas );
$mechanism = lc($mechanism); $mechanism = lc($mechanism);
if ( $mechanism eq "plain" ) { if ( $mechanism eq "plain" ) {
@ -24,45 +24,38 @@ sub SASL {
$session->respond( 334, "Please continue" ); $session->respond( 334, "Please continue" );
$prekey= <STDIN>; $prekey= <STDIN>;
} }
( $passHash, $user, $passClear ) = split /\x0/, ( $loginas, $user, $passClear ) = split /\x0/,
decode_base64($prekey); decode_base64($prekey);
unless ($user && $passClear) { # Authorization ID must not be different from
$session->respond(504, "Invalid authentification string"); # Authentication ID
if ( $loginas ne '' && $loginas != $user ) {
$session->respond(535, "Authentication invalid");
return DECLINED; return DECLINED;
} }
} }
elsif ($mechanism eq "login") { elsif ($mechanism eq "login") {
if ( $prekey ) { if ( $prekey ) {
( $passHash, $user, $passClear ) = split /\x0/, $user = decode_base64($prekey);
decode_base64($prekey);
unless ($user && $passClear) {
$session->respond(504, "Invalid authentification string");
return DECLINED;
}
} }
else { else {
$session->respond(334, e64("Username:")); $session->respond(334, e64("Username:"));
$user = decode_base64(<STDIN>); $user = decode_base64(<STDIN>);
#warn("Debug: User: '$user'");
if ($user eq '*') { if ($user eq '*') {
$session->respond(501, "Authentification canceled"); $session->respond(501, "Authentification canceled");
return DECLINED; return DECLINED;
} }
}
$session->respond(334, e64("Password:")); $session->respond(334, e64("Password:"));
$passClear = <STDIN>; $passClear = <STDIN>;
$passClear = decode_base64($passClear); $passClear = decode_base64($passClear);
#warn("Debug: Pass: '$pass'");
if ($passClear eq '*') { if ($passClear eq '*') {
$session->respond(501, "Authentification canceled"); $session->respond(501, "Authentification canceled");
return DECLINED; return DECLINED;
} }
} }
}
elsif ( $mechanism eq "cram-md5" ) { elsif ( $mechanism eq "cram-md5" ) {
# rand() is not cryptographic, but we only need to generate a globally # rand() is not cryptographic, but we only need to generate a globally
@ -87,6 +80,12 @@ sub SASL {
return DECLINED; return DECLINED;
} }
# Make sure that we have enough information to proceed
unless ( $user && ($passClear || $passHash) ) {
$session->respond(504, "Invalid authentification string");
return DECLINED;
}
# try running the specific hooks first # try running the specific hooks first
my ( $rc, $msg ) = my ( $rc, $msg ) =
$session->run_hooks( "auth-$mechanism", $mechanism, $user, $passClear, $session->run_hooks( "auth-$mechanism", $mechanism, $user, $passClear,