[dovecot-cvs] dovecot/src/pop3-login client-authenticate.c, 1.49, 1.50

cras at dovecot.org cras at dovecot.org
Tue May 9 23:47:56 EEST 2006


Update of /var/lib/cvs/dovecot/src/pop3-login
In directory talvi:/tmp/cvs-serv28223

Modified Files:
	client-authenticate.c 
Log Message:
If PASS command is given (after unsuccessful USER) with plaintext auth
disabled, give proper error message instead of "No username given".



Index: client-authenticate.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/pop3-login/client-authenticate.c,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -d -r1.49 -r1.50
--- client-authenticate.c	14 Apr 2006 18:20:57 -0000	1.49
+++ client-authenticate.c	9 May 2006 20:47:54 -0000	1.50
@@ -244,17 +244,24 @@
 	return TRUE;
 }
 
-bool cmd_user(struct pop3_client *client, const char *args)
+static bool check_plaintext_auth(struct pop3_client *client)
 {
-	if (!client->common.secured && disable_plaintext_auth) {
-		if (verbose_auth) {
-			client_syslog(&client->common, "Login failed: "
-				      "Plaintext authentication disabled");
-		}
-		client_send_line(client,
-				 "-ERR Plaintext authentication disabled.");
+	if (client->common.secured || !disable_plaintext_auth)
 		return TRUE;
+
+	if (verbose_auth) {
+		client_syslog(&client->common, "Login failed: "
+			      "Plaintext authentication disabled");
 	}
+	client_send_line(client,
+			 "-ERR Plaintext authentication disabled.");
+	return FALSE;
+}
+
+bool cmd_user(struct pop3_client *client, const char *args)
+{
+	if (!check_plaintext_auth(client))
+		return TRUE;
 
 	i_free(client->last_user);
 	client->last_user = i_strdup(args);
@@ -268,6 +275,11 @@
 	string_t *plain_login, *base64;
 
 	if (client->last_user == NULL) {
+		/* client may ignore the USER reply and only display the error
+		   message from PASS */
+		if (!check_plaintext_auth(client))
+			return TRUE;
+
 		client_send_line(client, "-ERR No username given.");
 		return TRUE;
 	}



More information about the dovecot-cvs mailing list