It just occured to me that my previous 2 messages didn't get thru to
the list because I was sending from the wrong address. Here is the
relevant, latter one, in all it's glory.
Here's hoping it saves you a few of the missteps I took, John.
Cheers,
Brian
Begin forwarded message:
From: Brian Szymanski <[EMAIL PROTECTED]>
Date: September 24, 2006 10:20:10 AM EDT
To: [email protected]
Cc: Robin Bowes <[EMAIL PROTECTED]>
Subject: Re: Subject: patch for correct behavior with unimplemented
auth mechanisms
Actually, I lied, the last patch does not fix the problem...
Qpsmtpd::Plugin (and possibly other things) would also need to be
aware of the new case we are using. And that would get ugly. Best
bet IMO is to keep everything lowercase until we need it in
uppercase. Otherwise, register_hook would have to be patched to map
auth.* plugins to uppercase or something hideous like that (all
other plugins are lowercase-only)
It's better to just call uc once, like so (patch is against rev
661, but it's easiest to see the changes by diffing against 660 or
even 559 to se the patch in its totality) - this leaves non-case-
related changes from 661 in place, altho it essentially reverts the
case stuff to 559 and then adds an uc call before looking up
mechanism in the auth_mechanism table:
diff -ur qpsmtpd-661/lib/Qpsmtpd/Auth.pm qpsmtpd-661-patched/lib/
Qpsmtpd/Auth.pm
--- qpsmtpd-661/lib/Qpsmtpd/Auth.pm 2006-09-24 09:57:03.000000000
-0400
+++ qpsmtpd-661-patched/lib/Qpsmtpd/Auth.pm 2006-09-24
10:00:53.000000000 -0400
@@ -17,6 +17,7 @@
# $DB::single = 1;
my ( $session, $mechanism, $prekey ) = @_;
my ( $user, $passClear, $passHash, $ticket, $loginas );
+ $mechanism = lc($mechanism);
if ( $mechanism eq "plain" ) {
if (!$prekey) {
diff -ur qpsmtpd-661/lib/Qpsmtpd/SMTP.pm qpsmtpd-661-patched/lib/
Qpsmtpd/SMTP.pm
--- qpsmtpd-661/lib/Qpsmtpd/SMTP.pm 2006-09-24 09:57:03.000000000
-0400
+++ qpsmtpd-661-patched/lib/Qpsmtpd/SMTP.pm 2006-09-24
09:56:08.000000000 -0400
@@ -243,9 +243,6 @@
return $self->respond(501, $mechanism || "Syntax error in
command")
unless ($ok == OK);
- $mechanism = uc($mechanism);
-
-
#they AUTH'd once already
return $self->respond( 503, "but you already said AUTH ..." )
if ( defined $self->{_auth}
@@ -257,7 +254,7 @@
and $self->transaction->notes('tls_enabled') );
# if we don't have a plugin implementing this auth mechanism, 504
- if( exists $auth_mechanisms{$mechanism} ) {
+ if( exists $auth_mechanisms{uc $mechanism} ) {
return $self->{_auth} = Qpsmtpd::Auth::SASL( $self,
$mechanism, @stuff );
} else {
$self->respond( 504, "Unimplemented authentification
mechanism: $mechanism" );
Cheers,
B
On Sep 24, 2006, at 8:45 AM, Brian Szymanski wrote:
I've reproduced this behavior. The cAsE needs to be fixed in
Auth::SASL as well... The below patch fixes.
Cheers,
B
[EMAIL PROTECTED]:/home/smtpd# diff -u qpsmtpd-0.3x/lib/Qpsmtpd/
Auth.pm qpsmtpd/lib/Qpsmtpd/Auth.pm
--- qpsmtpd-0.3x/lib/Qpsmtpd/Auth.pm 2006-09-24
08:43:28.000000000 -0400
+++ qpsmtpd/lib/Qpsmtpd/Auth.pm 2006-09-24 08:41:08.000000000 -0400
@@ -18,7 +18,7 @@
my ( $session, $mechanism, $prekey ) = @_;
my ( $user, $passClear, $passHash, $ticket, $loginas );
- if ( $mechanism eq "plain" ) {
+ if ( $mechanism eq 'PLAIN' ) {
if (!$prekey) {
$session->respond( 334, "Please continue" );
$prekey= <STDIN>;
@@ -33,7 +33,7 @@
return DECLINED;
}
}
- elsif ($mechanism eq "login") {
+ elsif ($mechanism eq 'LOGIN') {
if ( $prekey ) {
$user = decode_base64($prekey);
@@ -55,7 +55,7 @@
return DECLINED;
}
}
- elsif ( $mechanism eq "cram-md5" ) {
+ elsif ( $mechanism eq 'CRAM-MD5' ) {
# rand() is not cryptographic, but we only need to
generate a globally
# unique number. The rand() is there in case the user
logs in more than
On Sep 24, 2006, at 6:38 AM, Robin Bowes wrote:
John Peacock wrote:
Brian Szymanski wrote:
The problem is this: $mechanism has been made lowercase, and
keys of
%auth_mechanisms have all been made uppercase.
I swear that I tested this, but I had two different changes in
my working copy
and I backed out both and applied one at a time, so I may have
tested something
very slightly different than what I committed. I chose to
always uppercase the
$mechanism; it makes no sense to lowercase it at the top and
then uppercase it
later when testing.
=== lib/Qpsmtpd/SMTP.pm
==================================================================
--- lib/Qpsmtpd/SMTP.pm (revision 852)
+++ lib/Qpsmtpd/SMTP.pm (revision 853)
@@ -243,7 +243,7 @@
return $self->respond(501, $mechanism || "Syntax error in
command")
unless ($ok == OK);
- $mechanism = lc($mechanism);
+ $mechanism = uc($mechanism);
#they AUTH'd once already
John
p.s. the other bit I wound up committing "by accident" was a
more conservative
way of dealing with "Incomplete DATA" or "Message too big"
errors. I'll tweak
the log entry...
John,
I'm now getting a "500 Internal server error" when trying to
authenticate:
# swaks --to [EMAIL PROTECTED] -a -au [EMAIL PROTECTED]
Password: xxxxx
=== Trying batmobile.robinbowes.com:25...
=== Connected to batmobile.robinbowes.com.
<- 220 batmobile.robinbowes.com ESMTP qpsmtpd 0.33-dev ready;
send us
your mail, but not your spam.
-> EHLO batmobile.robinbowes.com
<- 250-batmobile.robinbowes.com Hi batmobile.robinbowes.com
[192.168.1.60]
<- 250-PIPELINING
<- 250-8BITMIME
<- 250-STARTTLS
<- 250 AUTH PLAIN LOGIN
-> AUTH PLAIN <removed this time>
<** 500 Internal server error
-> AUTH LOGIN
<** 500 Internal server error
*** No authentication type succeeded
-> QUIT
<- 221 batmobile.robinbowes.com closing connection. Have a
wonderful day.
=== Connection closed by foreign host.
I'm back on r659
R.
---
Brian Szymanski
[EMAIL PROTECTED]
---
Brian Szymanski
[EMAIL PROTECTED]
---
Brian Szymanski
[EMAIL PROTECTED]
