[svn:qpsmtpd] r634 - branches/0.3x/lib/Qpsmtpd

Mon, 24 Apr 2006 08:48:53 -0700 

Author: jpeacock
Date: Mon Apr 24 08:48:24 2006
New Revision: 634

Modified:
   branches/0.3x/lib/Qpsmtpd/Auth.pm

Log:
Redo AUTH PLAIN and AUTH LOGIN correctly(?) this time. (Michael Holzt)

Modified: branches/0.3x/lib/Qpsmtpd/Auth.pm
==============================================================================
--- branches/0.3x/lib/Qpsmtpd/Auth.pm   (original)
+++ branches/0.3x/lib/Qpsmtpd/Auth.pm   Mon Apr 24 08:48:24 2006
@@ -16,7 +16,7 @@
 
     # $DB::single = 1;
     my ( $session, $mechanism, $prekey ) = @_;
-    my ( $user, $passClear, $passHash, $ticket );
+    my ( $user, $passClear, $passHash, $ticket, $loginas );
     $mechanism = lc($mechanism);
 
     if ( $mechanism eq "plain" ) {
@@ -24,43 +24,36 @@
           $session->respond( 334, "Please continue" );
           $prekey= <STDIN>;
         }
-        ( $passHash, $user, $passClear ) = split /\x0/,
+        ( $loginas, $user, $passClear ) = split /\x0/,
           decode_base64($prekey);
-
-        unless ($user && $passClear) {
-          $session->respond(504, "Invalid authentification string");
+          
+        # Authorization ID must not be different from
+        # Authentication ID
+        if ( $loginas ne '' && $loginas != $user ) {
+          $session->respond(535, "Authentication invalid");
           return DECLINED;
         }
     }
     elsif ($mechanism eq "login") {
 
         if ( $prekey ) {
-          ( $passHash, $user, $passClear ) = split /\x0/,
-           decode_base64($prekey);
-
-          unless ($user && $passClear) {
-            $session->respond(504, "Invalid authentification string");
-            return DECLINED;
-          }
+          $user = decode_base64($prekey);
         }
         else {
-    
           $session->respond(334, e64("Username:"));
           $user = decode_base64(<STDIN>);
-          #warn("Debug: User: '$user'");
           if ($user eq '*') {
             $session->respond(501, "Authentification canceled");
             return DECLINED;
           }
+        }
     
-          $session->respond(334, e64("Password:"));
-          $passClear = <STDIN>;
-          $passClear = decode_base64($passClear);
-          #warn("Debug: Pass: '$pass'");
-          if ($passClear eq '*') {
-            $session->respond(501, "Authentification canceled");
-            return DECLINED;
-          }
+        $session->respond(334, e64("Password:"));
+        $passClear = <STDIN>;
+        $passClear = decode_base64($passClear);
+        if ($passClear eq '*') {
+          $session->respond(501, "Authentification canceled");
+          return DECLINED;
         }
     }
     elsif ( $mechanism eq "cram-md5" ) {
@@ -87,6 +80,12 @@
         return DECLINED;
     }
 
+    # Make sure that we have enough information to proceed
+    unless ( $user && ($passClear || $passHash) ) {
+      $session->respond(504, "Invalid authentification string");
+      return DECLINED;
+    }
+
     # try running the specific hooks first
     my ( $rc, $msg ) =
       $session->run_hooks( "auth-$mechanism", $mechanism, $user, $passClear,

Reply via email to