Correctly handle the case where a given AUTH mechanism is requested by a

[stupid] MUA, but isn't implemented with existing auth plugins.  Based on
patch from Brian Szymanski.

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@660 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
John Peacock 2006-09-22 15:31:28 +00:00
parent 3837fabc9f
commit d218bfea82
3 changed files with 17 additions and 6 deletions

View File

@ -1,4 +1,6 @@
0.33 0.33
Do the right thing for unimplemented AUTH mechanisms (Brian Szymanski)
relay_only plugin for smart relay host. (John Peacock) relay_only plugin for smart relay host. (John Peacock)
Experimental IPv6 support (forkserver only). (Mike Williams) Experimental IPv6 support (forkserver only). (Mike Williams)

View File

@ -17,7 +17,6 @@ sub SASL {
# $DB::single = 1; # $DB::single = 1;
my ( $session, $mechanism, $prekey ) = @_; my ( $session, $mechanism, $prekey ) = @_;
my ( $user, $passClear, $passHash, $ticket, $loginas ); my ( $user, $passClear, $passHash, $ticket, $loginas );
$mechanism = lc($mechanism);
if ( $mechanism eq "plain" ) { if ( $mechanism eq "plain" ) {
if (!$prekey) { if (!$prekey) {
@ -76,7 +75,8 @@ sub SASL {
( $user, $passHash ) = split( ' ', decode_base64($line) ); ( $user, $passHash ) = split( ' ', decode_base64($line) );
} }
else { else {
$session->respond( 500, "Unrecognized authentification mechanism" ); #this error is now caught in SMTP.pm's sub auth
$session->respond( 500, "Internal server error" );
return DECLINED; return DECLINED;
} }

View File

@ -1,6 +1,7 @@
package Qpsmtpd::SMTP; package Qpsmtpd::SMTP;
use Qpsmtpd; use Qpsmtpd;
@ISA = qw(Qpsmtpd); @ISA = qw(Qpsmtpd);
my %auth_mechanisms = ();
package Qpsmtpd::SMTP; package Qpsmtpd::SMTP;
use strict; use strict;
@ -206,7 +207,6 @@ sub ehlo {
: (); : ();
# Check for possible AUTH mechanisms # Check for possible AUTH mechanisms
my %auth_mechanisms;
HOOK: foreach my $hook ( keys %{$self->{hooks}} ) { HOOK: foreach my $hook ( keys %{$self->{hooks}} ) {
if ( $hook =~ m/^auth-?(.+)?$/ ) { if ( $hook =~ m/^auth-?(.+)?$/ ) {
if ( defined $1 ) { if ( defined $1 ) {
@ -239,10 +239,12 @@ HOOK: foreach my $hook ( keys %{$self->{hooks}} ) {
sub auth { sub auth {
my ($self, $line) = @_; my ($self, $line) = @_;
my ($rc, $sub) = $self->run_hooks('auth_parse'); my ($rc, $sub) = $self->run_hooks('auth_parse');
my ($ok, $arg, @stuff) = Qpsmtpd::Command->parse('auth', $line, $sub); my ($ok, $mechanism, @stuff) = Qpsmtpd::Command->parse('auth', $line, $sub);
return $self->respond(501, $arg || "Syntax error in command") return $self->respond(501, $mechanism || "Syntax error in command")
unless ($ok == OK); unless ($ok == OK);
$mechanism = lc($mechanism);
#they AUTH'd once already #they AUTH'd once already
return $self->respond( 503, "but you already said AUTH ..." ) return $self->respond( 503, "but you already said AUTH ..." )
@ -254,7 +256,14 @@ sub auth {
if ( ($self->config('tls_before_auth'))[0] if ( ($self->config('tls_before_auth'))[0]
and $self->transaction->notes('tls_enabled') ); and $self->transaction->notes('tls_enabled') );
return $self->{_auth} = Qpsmtpd::Auth::SASL( $self, $arg, @stuff ); # if we don't have a plugin implementing this auth mechanism, 504
if( exists $auth_mechanisms{$mechanism} ) {
return $self->{_auth} = Qpsmtpd::Auth::SASL( $self, $mechanism, @stuff );
} else {
$self->respond( 504, "Unimplemented authentification mechanism: $mechanism" );
return DENY;
}
} }
sub mail { sub mail {