Re: Subject: patch for correct behavior with unimplemented auth mechanisms

Sun, 24 Sep 2006 13:31:25 -0700

Actually, I lied, the last patch does not fix the problem... Qpsmtpd::Plugin (and possibly other things) would also need to be aware of the new case we are using. And that would get ugly. Best bet IMO is to keep everything lowercase until we need it in uppercase. Otherwise, register_hook would have to be patched to map auth.* plugins to uppercase or something hideous like that (all other plugins are lowercase-only)
It's better to just call uc once, like so (patch is against rev 661, but it's easiest to see the changes by diffing against 660 or even 559 to se the patch in its totality) - this leaves non-case-related changes from 661 in place, altho it essentially reverts the case stuff to 559 and then adds an uc call before looking up mechanism in the auth_mechanism table: 


diff -ur qpsmtpd-661/lib/Qpsmtpd/Auth.pm qpsmtpd-661-patched/lib/ 
Qpsmtpd/Auth.pm

--- qpsmtpd-661/lib/Qpsmtpd/Auth.pm 2006-09-24 09:57:03.000000000 -0400

+++ qpsmtpd-661-patched/lib/Qpsmtpd/Auth.pm  2006-09-24  
10:00:53.000000000 -0400

@@ -17,6 +17,7 @@
     # $DB::single = 1;
     my ( $session, $mechanism, $prekey ) = @_;
     my ( $user, $passClear, $passHash, $ticket, $loginas );
+    $mechanism = lc($mechanism);

     if ( $mechanism eq "plain" ) {
         if (!$prekey) {

diff -ur qpsmtpd-661/lib/Qpsmtpd/SMTP.pm qpsmtpd-661-patched/lib/ 
Qpsmtpd/SMTP.pm

--- qpsmtpd-661/lib/Qpsmtpd/SMTP.pm 2006-09-24 09:57:03.000000000 -0400

+++ qpsmtpd-661-patched/lib/Qpsmtpd/SMTP.pm  2006-09-24  
09:56:08.000000000 -0400

@@ -243,9 +243,6 @@

     return $self->respond(501, $mechanism || "Syntax error in  
command")

       unless ($ok == OK);

-    $mechanism = uc($mechanism);
-
-
     #they AUTH'd once already
     return $self->respond( 503, "but you already said AUTH ..." )
       if ( defined $self->{_auth}
@@ -257,7 +254,7 @@
         and $self->transaction->notes('tls_enabled') );

     # if we don't have a plugin implementing this auth mechanism, 504
-    if( exists $auth_mechanisms{$mechanism} ) {
+    if( exists $auth_mechanisms{uc $mechanism} ) {

       return $self->{_auth} = Qpsmtpd::Auth::SASL( $self,  
$mechanism, @stuff );

     } else {

       $self->respond( 504, "Unimplemented authentification  
mechanism: $mechanism" );


Cheers,
B

On Sep 24, 2006, at 8:45 AM, Brian Szymanski wrote:


I've reproduced this behavior. The cAsE needs to be fixed in  
Auth::SASL as well... The below patch fixes.


Cheers,
B


[EMAIL PROTECTED]:/home/smtpd# diff -u qpsmtpd-0.3x/lib/Qpsmtpd/Auth.pm  
qpsmtpd/lib/Qpsmtpd/Auth.pm
--- qpsmtpd-0.3x/lib/Qpsmtpd/Auth.pm    2006-09-24  
08:43:28.000000000 -0400

+++ qpsmtpd/lib/Qpsmtpd/Auth.pm 2006-09-24 08:41:08.000000000 -0400
@@ -18,7 +18,7 @@
     my ( $session, $mechanism, $prekey ) = @_;
     my ( $user, $passClear, $passHash, $ticket, $loginas );
-    if ( $mechanism eq "plain" ) {
+    if ( $mechanism eq 'PLAIN' ) {
         if (!$prekey) {
           $session->respond( 334, "Please continue" );
           $prekey= <STDIN>;
@@ -33,7 +33,7 @@
           return DECLINED;
         }
     }
-    elsif ($mechanism eq "login") {
+    elsif ($mechanism eq 'LOGIN') {
         if ( $prekey ) {
           $user = decode_base64($prekey);
@@ -55,7 +55,7 @@
           return DECLINED;
         }
     }
-    elsif ( $mechanism eq "cram-md5" ) {
+    elsif ( $mechanism eq 'CRAM-MD5' ) {

         # rand() is not cryptographic, but we only need to  
generate a globally
         # unique number.  The rand() is there in case the user  
logs in more than





On Sep 24, 2006, at 6:38 AM, Robin Bowes wrote:


John Peacock wrote:

Brian Szymanski wrote:

The problem is this: $mechanism has been made lowercase, and  
keys of

%auth_mechanisms have all been made uppercase.



I swear that I tested this, but I had two different changes in my  
working copy
and I backed out both and applied one at a time, so I may have  
tested something
very slightly different than what I committed.  I chose to always  
uppercase the
$mechanism; it makes no sense to lowercase it at the top and then  
uppercase it

later when testing.

=== lib/Qpsmtpd/SMTP.pm
==================================================================
--- lib/Qpsmtpd/SMTP.pm (revision 852)
+++ lib/Qpsmtpd/SMTP.pm (revision 853)
@@ -243,7 +243,7 @@

     return $self->respond(501, $mechanism || "Syntax error in  
command")

       unless ($ok == OK);

-    $mechanism = lc($mechanism);
+    $mechanism = uc($mechanism);


     #they AUTH'd once already


John


p.s. the other bit I wound up committing "by accident" was a more  
conservative
way of dealing with "Incomplete DATA" or "Message too big"  
errors.  I'll tweak

the log entry...


John,


I'm now getting a "500 Internal server error" when trying to  
authenticate:


# swaks --to [EMAIL PROTECTED]  -a -au [EMAIL PROTECTED]
Password: xxxxx
=== Trying batmobile.robinbowes.com:25...
=== Connected to batmobile.robinbowes.com.

<-  220 batmobile.robinbowes.com ESMTP qpsmtpd 0.33-dev ready;  
send us

your mail, but not your spam.
 -> EHLO batmobile.robinbowes.com

<-  250-batmobile.robinbowes.com Hi batmobile.robinbowes.com  
[192.168.1.60]

<-  250-PIPELINING
<-  250-8BITMIME
<-  250-STARTTLS
<-  250 AUTH PLAIN LOGIN
 -> AUTH PLAIN <removed this time>
<** 500 Internal server error
 -> AUTH LOGIN
<** 500 Internal server error
*** No authentication type succeeded
 -> QUIT

<-  221 batmobile.robinbowes.com closing connection. Have a  
wonderful day.

=== Connection closed by foreign host.

I'm back on r659

R.



---
Brian Szymanski
[EMAIL PROTECTED]




---
Brian Szymanski
[EMAIL PROTECTED]



























					Reply via email to