The SASL library will refuse to use the EXTERNAL module when auth id is
not set.
Tested to work with Dovecot, using TLS client certificates for
authentication.
---
src/drv_imap.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/drv_imap.c b/src/drv_imap.c
index 8afb0c1..632b16b 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -2245,6 +2245,7 @@ imap_open_store_authenticate2( imap_store_t *ctx )
#ifdef HAVE_LIBSASL
const char *saslavail;
char saslmechs[1024], *saslend = saslmechs;
+ int have_external = 0;
#endif
// Ensure that there are no leftovers from previous runs. This is
needed in case
@@ -2280,6 +2281,9 @@ imap_open_store_authenticate2( imap_store_t *ctx )
*saslend++ = ' ';
memcpy( saslend, cmech->string, len + 1
);
saslend += len;
+
+ if (!strcasecmp( cmech->string,
"EXTERNAL" ))
+ have_external = 1;
#endif
}
}
@@ -2315,6 +2319,15 @@ imap_open_store_authenticate2( imap_store_t *ctx )
goto bail;
}
+ // set the authorization id string for EXTERNAL
+ if (have_external && ensure_user( srvc )) {
+ rc = sasl_setprop( ctx->sasl, SASL_AUTH_EXTERNAL,
ensure_user( srvc));
+ if (rc != SASL_OK ) {
+ error( "Error setting auth id: %s\n",
sasl_errdetail( ctx->sasl ));
+ goto bail;
+ }
+ }
+
rc = sasl_client_start( ctx->sasl, saslmechs + 1, &interact,
CAP(SASLIR) ? &out : NULL, &out_len, &gotmech );
if (rc == SASL_NOMECH)
goto notsasl;
--
2.20.1
_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel
