From d218bfea82dbcae4c25da01b4540be859d61f2e0 Mon Sep 17 00:00:00 2001
From: John Peacock <jpeacock@cpan.org>
Date: Fri, 22 Sep 2006 15:31:28 +0000
Subject: [PATCH] Correctly handle the case where a given AUTH mechanism is
 requested by a [stupid] MUA, but isn't implemented with existing auth
 plugins.  Based on patch from Brian Szymanski.

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@660 958fd67b-6ff1-0310-b445-bb7760255be9
---
 Changes             |  2 ++
 lib/Qpsmtpd/Auth.pm |  4 ++--
 lib/Qpsmtpd/SMTP.pm | 17 +++++++++++++----
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/Changes b/Changes
index 3838f9c..b51a93b 100644
--- a/Changes
+++ b/Changes
@@ -1,4 +1,6 @@
 0.33
+  Do the right thing for unimplemented AUTH mechanisms (Brian Szymanski)
+
   relay_only plugin for smart relay host. (John Peacock)
 
   Experimental IPv6 support (forkserver only). (Mike Williams)
diff --git a/lib/Qpsmtpd/Auth.pm b/lib/Qpsmtpd/Auth.pm
index d000616..6e9a2a5 100644
--- a/lib/Qpsmtpd/Auth.pm
+++ b/lib/Qpsmtpd/Auth.pm
@@ -17,7 +17,6 @@ sub SASL {
     # $DB::single = 1;
     my ( $session, $mechanism, $prekey ) = @_;
     my ( $user, $passClear, $passHash, $ticket, $loginas );
-    $mechanism = lc($mechanism);
 
     if ( $mechanism eq "plain" ) {
         if (!$prekey) {
@@ -76,7 +75,8 @@ sub SASL {
         ( $user, $passHash ) = split( ' ', decode_base64($line) );
     }
     else {
-        $session->respond( 500, "Unrecognized authentification mechanism" );
+        #this error is now caught in SMTP.pm's sub auth
+        $session->respond( 500, "Internal server error" );
         return DECLINED;
     }
 
diff --git a/lib/Qpsmtpd/SMTP.pm b/lib/Qpsmtpd/SMTP.pm
index cdace58..781c763 100644
--- a/lib/Qpsmtpd/SMTP.pm
+++ b/lib/Qpsmtpd/SMTP.pm
@@ -1,6 +1,7 @@
 package Qpsmtpd::SMTP;
 use Qpsmtpd;
 @ISA = qw(Qpsmtpd);
+my %auth_mechanisms = ();
 
 package Qpsmtpd::SMTP;
 use strict;
@@ -206,7 +207,6 @@ sub ehlo {
                         : ();  
 
     # Check for possible AUTH mechanisms
-    my %auth_mechanisms;
 HOOK: foreach my $hook ( keys %{$self->{hooks}} ) {
         if ( $hook =~ m/^auth-?(.+)?$/ ) {
             if ( defined $1 ) {
@@ -239,9 +239,11 @@ HOOK: foreach my $hook ( keys %{$self->{hooks}} ) {
 sub auth {
     my ($self, $line) = @_;
     my ($rc, $sub)    = $self->run_hooks('auth_parse');
-    my ($ok, $arg, @stuff) = Qpsmtpd::Command->parse('auth', $line, $sub);
-    return $self->respond(501, $arg || "Syntax error in command") 
+    my ($ok, $mechanism, @stuff) = Qpsmtpd::Command->parse('auth', $line, $sub);
+    return $self->respond(501, $mechanism || "Syntax error in command") 
       unless ($ok == OK);
+
+    $mechanism = lc($mechanism);
     
 
     #they AUTH'd once already
@@ -254,7 +256,14 @@ sub auth {
       if ( ($self->config('tls_before_auth'))[0] 
       	and $self->transaction->notes('tls_enabled') );
 
-    return $self->{_auth} = Qpsmtpd::Auth::SASL( $self, $arg, @stuff );
+    # if we don't have a plugin implementing this auth mechanism, 504
+    if( exists $auth_mechanisms{$mechanism} ) {
+      return $self->{_auth} = Qpsmtpd::Auth::SASL( $self, $mechanism, @stuff );
+    } else {
+      $self->respond( 504, "Unimplemented authentification mechanism: $mechanism" );
+      return DENY;
+    } 
+
 }
 
 sub mail {