commit fc300fd811e56407d329a895e91e9dd84ca84297
Author: Anton Khirnov <[email protected]>
AuthorDate: Sun Jan 3 19:39:08 2021 +0100
Commit: Oswald Buddenhagen <[email protected]>
CommitDate: Tue Jan 5 19:50:21 2021 +0100
Set authentication id for the SASL EXTERNAL mechanism
The SASL library will refuse to use the EXTERNAL module when no auth id
is set a priori.
Tested to work with Dovecot, using TLS client certificates for
authentication.
src/drv_imap.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/drv_imap.c b/src/drv_imap.c
index 574f7cf..8d7c99b 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -2273,6 +2273,7 @@ imap_open_store_authenticate2( imap_store_t *ctx )
#ifdef HAVE_LIBSASL
const char *saslavail;
char saslmechs[1024], *saslend = saslmechs;
+ int want_external = 0;
#endif
// Ensure that there are no leftovers from previous runs. This is
needed in case
@@ -2308,6 +2309,9 @@ imap_open_store_authenticate2( imap_store_t *ctx )
*saslend++ = ' ';
memcpy( saslend, cmech->string, len + 1
);
saslend += len;
+
+ if (!strcasecmp( cmech->string,
"EXTERNAL" ))
+ want_external = 1;
#endif
}
}
@@ -2343,6 +2347,18 @@ imap_open_store_authenticate2( imap_store_t *ctx )
goto bail;
}
+ // The built-in EXTERNAL mechanism wants the authentication id
to be set
+ // even before instantiation; consequently it won't prompt for
it, either.
+ // While this clearly makes sense on the server side, it
arguably does not
+ // on the client side. Ah, well ...
+ if (want_external && ensure_user( srvc )) {
+ rc = sasl_setprop( ctx->sasl, SASL_AUTH_EXTERNAL,
srvc->user );
+ if (rc != SASL_OK ) {
+ error( "Error setting SASL authentication id:
%s\n", sasl_errdetail( ctx->sasl ) );
+ goto bail;
+ }
+ }
+
rc = sasl_client_start( ctx->sasl, saslmechs + 1, &interact,
CAP(SASLIR) ? &out : NULL, &out_len, &gotmech );
if (rc == SASL_NOMECH)
goto notsasl;
_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel
