1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
# HG changeset patch
# User Brendan Cully <brendan@kublai.com>
# Date 1157736633 0
# Node ID 4b8ef24b823e8295d58f599cb1d7014270dec064
# Parent 6fd5fb51a9dc102a1b39dcda26201c60215ee954
Don't send protocol garbage to sasl_decode64 during POP authentication.
Also enable SASL plaintext: $foo_authenticators is a more general solution.
--- a/mutt_sasl.c Fri Sep 08 15:45:57 2006 +0000
+++ b/mutt_sasl.c Fri Sep 08 17:30:33 2006 +0000
@@ -221,15 +221,10 @@ int mutt_sasl_client_new (CONNECTION* co
return -1;
}
- /* set security properties. We use NOPLAINTEXT globally, since we can
- * just fall back to LOGIN in the IMAP case anyway. If that doesn't
- * work for POP, we can make it a flag or move this code into
- * imap/auth_sasl.c */
memset (&secprops, 0, sizeof (secprops));
/* Work around a casting bug in the SASL krb4 module */
secprops.max_ssf = 0x7fff;
secprops.maxbufsize = M_SASL_MAXBUF;
- secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
if (sasl_setprop (*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK)
{
dprint (1, (debugfile,
--- a/pop_auth.c Fri Sep 08 15:45:57 2006 +0000
+++ b/pop_auth.c Fri Sep 08 17:30:33 2006 +0000
@@ -46,8 +46,7 @@ static pop_auth_res_t pop_auth_sasl (POP
char inbuf[LONG_STRING];
const char* mech;
const char *pc = NULL;
- unsigned int len, olen;
- unsigned char client_start;
+ unsigned int len, olen, client_start;
if (mutt_sasl_client_new (pop_data->conn, &saslconn) < 0)
{
@@ -74,7 +73,7 @@ static pop_auth_res_t pop_auth_sasl (POP
return POP_A_UNAVAIL;
}
- client_start = (olen > 0);
+ client_start = olen;
mutt_message _("Authenticating (SASL)...");
@@ -93,11 +92,11 @@ static pop_auth_res_t pop_auth_sasl (POP
return POP_A_SOCKET;
}
- if (rc != SASL_CONTINUE)
+ if (!client_start && rc != SASL_CONTINUE)
break;
if (!mutt_strncmp (inbuf, "+ ", 2)
- && sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING-1, &len) != SASL_OK)
+ && sasl_decode64 (inbuf+2, strlen (inbuf+2), buf, LONG_STRING-1, &len) != SASL_OK)
{
dprint (1, (debugfile, "pop_auth_sasl: error base64-decoding server response.\n"));
goto bail;
@@ -112,7 +111,10 @@ static pop_auth_res_t pop_auth_sasl (POP
mutt_sasl_interact (interaction);
}
else
+ {
+ olen = client_start;
client_start = 0;
+ }
if (rc != SASL_CONTINUE && (olen == 0 || rc != SASL_OK))
break;
|
GitWeb
