Correctly handle the case where a given AUTH mechanism is requested by a
[stupid] MUA, but isn't implemented with existing auth plugins. Based on patch from Brian Szymanski. git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@660 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
parent
3837fabc9f
commit
d218bfea82
2
Changes
2
Changes
@ -1,4 +1,6 @@
|
|||||||
0.33
|
0.33
|
||||||
|
Do the right thing for unimplemented AUTH mechanisms (Brian Szymanski)
|
||||||
|
|
||||||
relay_only plugin for smart relay host. (John Peacock)
|
relay_only plugin for smart relay host. (John Peacock)
|
||||||
|
|
||||||
Experimental IPv6 support (forkserver only). (Mike Williams)
|
Experimental IPv6 support (forkserver only). (Mike Williams)
|
||||||
|
@ -17,7 +17,6 @@ sub SASL {
|
|||||||
# $DB::single = 1;
|
# $DB::single = 1;
|
||||||
my ( $session, $mechanism, $prekey ) = @_;
|
my ( $session, $mechanism, $prekey ) = @_;
|
||||||
my ( $user, $passClear, $passHash, $ticket, $loginas );
|
my ( $user, $passClear, $passHash, $ticket, $loginas );
|
||||||
$mechanism = lc($mechanism);
|
|
||||||
|
|
||||||
if ( $mechanism eq "plain" ) {
|
if ( $mechanism eq "plain" ) {
|
||||||
if (!$prekey) {
|
if (!$prekey) {
|
||||||
@ -76,7 +75,8 @@ sub SASL {
|
|||||||
( $user, $passHash ) = split( ' ', decode_base64($line) );
|
( $user, $passHash ) = split( ' ', decode_base64($line) );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$session->respond( 500, "Unrecognized authentification mechanism" );
|
#this error is now caught in SMTP.pm's sub auth
|
||||||
|
$session->respond( 500, "Internal server error" );
|
||||||
return DECLINED;
|
return DECLINED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package Qpsmtpd::SMTP;
|
package Qpsmtpd::SMTP;
|
||||||
use Qpsmtpd;
|
use Qpsmtpd;
|
||||||
@ISA = qw(Qpsmtpd);
|
@ISA = qw(Qpsmtpd);
|
||||||
|
my %auth_mechanisms = ();
|
||||||
|
|
||||||
package Qpsmtpd::SMTP;
|
package Qpsmtpd::SMTP;
|
||||||
use strict;
|
use strict;
|
||||||
@ -206,7 +207,6 @@ sub ehlo {
|
|||||||
: ();
|
: ();
|
||||||
|
|
||||||
# Check for possible AUTH mechanisms
|
# Check for possible AUTH mechanisms
|
||||||
my %auth_mechanisms;
|
|
||||||
HOOK: foreach my $hook ( keys %{$self->{hooks}} ) {
|
HOOK: foreach my $hook ( keys %{$self->{hooks}} ) {
|
||||||
if ( $hook =~ m/^auth-?(.+)?$/ ) {
|
if ( $hook =~ m/^auth-?(.+)?$/ ) {
|
||||||
if ( defined $1 ) {
|
if ( defined $1 ) {
|
||||||
@ -239,9 +239,11 @@ HOOK: foreach my $hook ( keys %{$self->{hooks}} ) {
|
|||||||
sub auth {
|
sub auth {
|
||||||
my ($self, $line) = @_;
|
my ($self, $line) = @_;
|
||||||
my ($rc, $sub) = $self->run_hooks('auth_parse');
|
my ($rc, $sub) = $self->run_hooks('auth_parse');
|
||||||
my ($ok, $arg, @stuff) = Qpsmtpd::Command->parse('auth', $line, $sub);
|
my ($ok, $mechanism, @stuff) = Qpsmtpd::Command->parse('auth', $line, $sub);
|
||||||
return $self->respond(501, $arg || "Syntax error in command")
|
return $self->respond(501, $mechanism || "Syntax error in command")
|
||||||
unless ($ok == OK);
|
unless ($ok == OK);
|
||||||
|
|
||||||
|
$mechanism = lc($mechanism);
|
||||||
|
|
||||||
|
|
||||||
#they AUTH'd once already
|
#they AUTH'd once already
|
||||||
@ -254,7 +256,14 @@ sub auth {
|
|||||||
if ( ($self->config('tls_before_auth'))[0]
|
if ( ($self->config('tls_before_auth'))[0]
|
||||||
and $self->transaction->notes('tls_enabled') );
|
and $self->transaction->notes('tls_enabled') );
|
||||||
|
|
||||||
return $self->{_auth} = Qpsmtpd::Auth::SASL( $self, $arg, @stuff );
|
# if we don't have a plugin implementing this auth mechanism, 504
|
||||||
|
if( exists $auth_mechanisms{$mechanism} ) {
|
||||||
|
return $self->{_auth} = Qpsmtpd::Auth::SASL( $self, $mechanism, @stuff );
|
||||||
|
} else {
|
||||||
|
$self->respond( 504, "Unimplemented authentification mechanism: $mechanism" );
|
||||||
|
return DENY;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub mail {
|
sub mail {
|
||||||
|
Loading…
Reference in New Issue
Block a user