Redo AUTH PLAIN and AUTH LOGIN correctly(?) this time. (Michael Holzt)

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@634 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
John Peacock 2006-04-24 15:48:24 +00:00
parent ff4e92bb4e
commit af93447e78

View File

@ -16,7 +16,7 @@ sub SASL {
# $DB::single = 1;
my ( $session, $mechanism, $prekey ) = @_;
my ( $user, $passClear, $passHash, $ticket );
my ( $user, $passClear, $passHash, $ticket, $loginas );
$mechanism = lc($mechanism);
if ( $mechanism eq "plain" ) {
@ -24,45 +24,38 @@ sub SASL {
$session->respond( 334, "Please continue" );
$prekey= <STDIN>;
}
( $passHash, $user, $passClear ) = split /\x0/,
( $loginas, $user, $passClear ) = split /\x0/,
decode_base64($prekey);
unless ($user && $passClear) {
$session->respond(504, "Invalid authentification string");
# Authorization ID must not be different from
# Authentication ID
if ( $loginas ne '' && $loginas != $user ) {
$session->respond(535, "Authentication invalid");
return DECLINED;
}
}
elsif ($mechanism eq "login") {
if ( $prekey ) {
( $passHash, $user, $passClear ) = split /\x0/,
decode_base64($prekey);
unless ($user && $passClear) {
$session->respond(504, "Invalid authentification string");
return DECLINED;
}
$user = decode_base64($prekey);
}
else {
$session->respond(334, e64("Username:"));
$user = decode_base64(<STDIN>);
#warn("Debug: User: '$user'");
if ($user eq '*') {
$session->respond(501, "Authentification canceled");
return DECLINED;
}
}
$session->respond(334, e64("Password:"));
$passClear = <STDIN>;
$passClear = decode_base64($passClear);
#warn("Debug: Pass: '$pass'");
if ($passClear eq '*') {
$session->respond(501, "Authentification canceled");
return DECLINED;
}
}
}
elsif ( $mechanism eq "cram-md5" ) {
# rand() is not cryptographic, but we only need to generate a globally
@ -87,6 +80,12 @@ sub SASL {
return DECLINED;
}
# Make sure that we have enough information to proceed
unless ( $user && ($passClear || $passHash) ) {
$session->respond(504, "Invalid authentification string");
return DECLINED;
}
# try running the specific hooks first
my ( $rc, $msg ) =
$session->run_hooks( "auth-$mechanism", $mechanism, $user, $passClear,