[dovecot-cvs] dovecot/src/pop3-login client-authenticate.c, 1.49,
	1.49.2.1
    cras at dovecot.org 
    cras at dovecot.org
       
    Tue May  9 23:47:57 EEST 2006
    
    
  
Update of /var/lib/cvs/dovecot/src/pop3-login
In directory talvi:/tmp/cvs-serv31435
Modified Files:
      Tag: branch_1_0
	client-authenticate.c 
Log Message:
If PASS command is given (after unsuccessful USER) with plaintext auth
disabled, give proper error message instead of "No username given".
Index: client-authenticate.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/pop3-login/client-authenticate.c,v
retrieving revision 1.49
retrieving revision 1.49.2.1
diff -u -d -r1.49 -r1.49.2.1
--- client-authenticate.c	14 Apr 2006 18:20:57 -0000	1.49
+++ client-authenticate.c	9 May 2006 20:47:55 -0000	1.49.2.1
@@ -244,17 +244,24 @@
 	return TRUE;
 }
 
-bool cmd_user(struct pop3_client *client, const char *args)
+static bool check_plaintext_auth(struct pop3_client *client)
 {
-	if (!client->common.secured && disable_plaintext_auth) {
-		if (verbose_auth) {
-			client_syslog(&client->common, "Login failed: "
-				      "Plaintext authentication disabled");
-		}
-		client_send_line(client,
-				 "-ERR Plaintext authentication disabled.");
+	if (client->common.secured || !disable_plaintext_auth)
 		return TRUE;
+
+	if (verbose_auth) {
+		client_syslog(&client->common, "Login failed: "
+			      "Plaintext authentication disabled");
 	}
+	client_send_line(client,
+			 "-ERR Plaintext authentication disabled.");
+	return FALSE;
+}
+
+bool cmd_user(struct pop3_client *client, const char *args)
+{
+	if (!check_plaintext_auth(client))
+		return TRUE;
 
 	i_free(client->last_user);
 	client->last_user = i_strdup(args);
@@ -268,6 +275,11 @@
 	string_t *plain_login, *base64;
 
 	if (client->last_user == NULL) {
+		/* client may ignore the USER reply and only display the error
+		   message from PASS */
+		if (!check_plaintext_auth(client))
+			return TRUE;
+
 		client_send_line(client, "-ERR No username given.");
 		return TRUE;
 	}
    
    
More information about the dovecot-cvs
mailing list