Redo AUTH PLAIN and AUTH LOGIN correctly(?) this time. (Michael Holzt)
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@634 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
parent
ff4e92bb4e
commit
af93447e78
@ -16,7 +16,7 @@ sub SASL {
|
||||
|
||||
# $DB::single = 1;
|
||||
my ( $session, $mechanism, $prekey ) = @_;
|
||||
my ( $user, $passClear, $passHash, $ticket );
|
||||
my ( $user, $passClear, $passHash, $ticket, $loginas );
|
||||
$mechanism = lc($mechanism);
|
||||
|
||||
if ( $mechanism eq "plain" ) {
|
||||
@ -24,45 +24,38 @@ sub SASL {
|
||||
$session->respond( 334, "Please continue" );
|
||||
$prekey= <STDIN>;
|
||||
}
|
||||
( $passHash, $user, $passClear ) = split /\x0/,
|
||||
( $loginas, $user, $passClear ) = split /\x0/,
|
||||
decode_base64($prekey);
|
||||
|
||||
unless ($user && $passClear) {
|
||||
$session->respond(504, "Invalid authentification string");
|
||||
# Authorization ID must not be different from
|
||||
# Authentication ID
|
||||
if ( $loginas ne '' && $loginas != $user ) {
|
||||
$session->respond(535, "Authentication invalid");
|
||||
return DECLINED;
|
||||
}
|
||||
}
|
||||
elsif ($mechanism eq "login") {
|
||||
|
||||
if ( $prekey ) {
|
||||
( $passHash, $user, $passClear ) = split /\x0/,
|
||||
decode_base64($prekey);
|
||||
|
||||
unless ($user && $passClear) {
|
||||
$session->respond(504, "Invalid authentification string");
|
||||
return DECLINED;
|
||||
}
|
||||
$user = decode_base64($prekey);
|
||||
}
|
||||
else {
|
||||
|
||||
$session->respond(334, e64("Username:"));
|
||||
$user = decode_base64(<STDIN>);
|
||||
#warn("Debug: User: '$user'");
|
||||
if ($user eq '*') {
|
||||
$session->respond(501, "Authentification canceled");
|
||||
return DECLINED;
|
||||
}
|
||||
}
|
||||
|
||||
$session->respond(334, e64("Password:"));
|
||||
$passClear = <STDIN>;
|
||||
$passClear = decode_base64($passClear);
|
||||
#warn("Debug: Pass: '$pass'");
|
||||
if ($passClear eq '*') {
|
||||
$session->respond(501, "Authentification canceled");
|
||||
return DECLINED;
|
||||
}
|
||||
}
|
||||
}
|
||||
elsif ( $mechanism eq "cram-md5" ) {
|
||||
|
||||
# rand() is not cryptographic, but we only need to generate a globally
|
||||
@ -87,6 +80,12 @@ sub SASL {
|
||||
return DECLINED;
|
||||
}
|
||||
|
||||
# Make sure that we have enough information to proceed
|
||||
unless ( $user && ($passClear || $passHash) ) {
|
||||
$session->respond(504, "Invalid authentification string");
|
||||
return DECLINED;
|
||||
}
|
||||
|
||||
# try running the specific hooks first
|
||||
my ( $rc, $msg ) =
|
||||
$session->run_hooks( "auth-$mechanism", $mechanism, $user, $passClear,
|
||||
|
Loading…
Reference in New Issue
Block a user