Re: Subject: patch for correct behavior with unimplemented auth mechanisms

Wed, 20 Sep 2006 07:55:10 -0700 

On Sep 20, 2006, at 9:57 AM, John Peacock wrote:


Brian Szymanski wrote:

The fix:
In ehlo(), when we determine the available auth mechanisms, save this bit of information in $self->{_auth_mechanisms}. Then, in auth (), instead of calling Qsmtpd::Auth::SASL, respond 504 and return DENY if the authentication method requested is not in $self-> {_auth_mechanisms}. 


I agree that this is a bug we want to fix (even though the *client*  
is at fault here).  However, I don't see any benefit to caching  
this information in the $self object, since the auth mechanisms are  
global (i.e. not specific to any transaction).



I'm working on a variant of your patch which makes %auth_mechanisms  
a package variable, and the test hits that directly, instead of  
carrying it around in the $self container.  I think this will also  
make it easier to remove the auth code from Qpsmtpd/SMTP.pm (which  
is a goal I have).



Hmmm... Pardon my ignorance, as I'm new to qpsmtp hacking (as the  
following will probably lay bare!) - would having the information in % 
auth_mechanisms in a package variable result in that information  
staying "cached" when the plugins are changed? If so, could that  
result in unexpected behavior for some folks as they are changing  
auth plugins? (Yeah, I'm green). Besides that, it sounds like a nicer  
way to do things, and it could conceivably useful to have access to  
the info in auth_mechanisms hash in the plugins themselves.



Incidentally, on the subject of auth methods, I was looking at adding  
CRAM-SHA1 support in Auth.pm, but it seemed to me that the framework  
that's in place wouldn't deal with this quite right... For example,  
it seems to me that the $clearPassword vs. $hashPassword distinction  
seems unnecessary since the plugin can dispatch on $method to know if  
$pass is encrypted or not (and if you don't like that, you can create  
a seperate hook for your method)... I also can't help but thinking  
that a method with 7 arguments, at least 2 of which are optional,  
might be better served with a hash. Anyone have ideas on what this  
"should" look like?


Cheers,
Brian


---
Brian Szymanski
[EMAIL PROTECTED]
cell: 202.747.4019
work: 202.546.0777 ext. 114
skype:  xbrianskix
aim:  xbrianskix

























					Reply via email to