[dovecot-cvs] dovecot/src/pop3-login client-authenticate.c, 1.49,
1.50
cras at dovecot.org
cras at dovecot.org
Tue May 9 23:47:56 EEST 2006
Update of /var/lib/cvs/dovecot/src/pop3-login
In directory talvi:/tmp/cvs-serv28223
Modified Files:
client-authenticate.c
Log Message:
If PASS command is given (after unsuccessful USER) with plaintext auth
disabled, give proper error message instead of "No username given".
Index: client-authenticate.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/pop3-login/client-authenticate.c,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -d -r1.49 -r1.50
--- client-authenticate.c 14 Apr 2006 18:20:57 -0000 1.49
+++ client-authenticate.c 9 May 2006 20:47:54 -0000 1.50
@@ -244,17 +244,24 @@
return TRUE;
}
-bool cmd_user(struct pop3_client *client, const char *args)
+static bool check_plaintext_auth(struct pop3_client *client)
{
- if (!client->common.secured && disable_plaintext_auth) {
- if (verbose_auth) {
- client_syslog(&client->common, "Login failed: "
- "Plaintext authentication disabled");
- }
- client_send_line(client,
- "-ERR Plaintext authentication disabled.");
+ if (client->common.secured || !disable_plaintext_auth)
return TRUE;
+
+ if (verbose_auth) {
+ client_syslog(&client->common, "Login failed: "
+ "Plaintext authentication disabled");
}
+ client_send_line(client,
+ "-ERR Plaintext authentication disabled.");
+ return FALSE;
+}
+
+bool cmd_user(struct pop3_client *client, const char *args)
+{
+ if (!check_plaintext_auth(client))
+ return TRUE;
i_free(client->last_user);
client->last_user = i_strdup(args);
@@ -268,6 +275,11 @@
string_t *plain_login, *base64;
if (client->last_user == NULL) {
+ /* client may ignore the USER reply and only display the error
+ message from PASS */
+ if (!check_plaintext_auth(client))
+ return TRUE;
+
client_send_line(client, "-ERR No username given.");
return TRUE;
}
More information about the dovecot-cvs
mailing list