From cbd3a0b35222d2f720da82df0504469da064ff68 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Tue, 13 Jan 2004 07:02:39 +0000 Subject: [PATCH] POP3 strong authentication fixes. svn path=/trunk/; revision=3873 --- NEWS | 4 +++- fetchmail.h | 2 +- gssapi.c | 4 ++-- imap.c | 2 +- pop3.c | 9 +++++++-- 5 files changed, 14 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 5aebe8de..c998e507 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,9 @@ * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP. * PopDel.py removed from contrib at author's request. * Matthias Andree's fix for Sunil Shetye's fetvh-split patch -* include James Stone's moldremover.py script. +* Include James Stone's moldremover.py script. +* Enable .fetchmailrc permissions checking under Cygwin. +* Nalin Dahyabai's fix for POP3 strong authentication. fetchmail-6.2.5 (Wed Oct 15 18:39:22 EDT 2003), 23079 lines: diff --git a/fetchmail.h b/fetchmail.h index ac89f42c..7d73032a 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -600,7 +600,7 @@ int doODMR (struct query *); /* authentication functions */ int do_cram_md5(int sock, char *command, struct query *ctl, char *strip); int do_rfc1731(int sock, char *command, char *truename); -int do_gssauth(int sock, char *command, char *hostname, char *username); +int do_gssauth(int sock, char *command, char *service, char *hostname, char *username); int do_otp(int sock, char *command, struct query *ctl); /* miscellanea */ diff --git a/gssapi.c b/gssapi.c index 2769ca46..3b70a934 100644 --- a/gssapi.c +++ b/gssapi.c @@ -38,7 +38,7 @@ #define GSSAUTH_P_INTEGRITY 2 #define GSSAUTH_P_PRIVACY 4 -int do_gssauth(int sock, char *command, char *hostname, char *username) +int do_gssauth(int sock, char *command, char *service, char *hostname, char *username) { gss_buffer_desc request_buf, send_token; gss_buffer_t sec_token; @@ -53,7 +53,7 @@ int do_gssauth(int sock, char *command, char *hostname, char *username) int result; /* first things first: get an imap ticket for host */ - sprintf(buf1, "imap@%s", hostname); + sprintf(buf1, "%s@%s", service, hostname); request_buf.value = buf1; request_buf.length = strlen(buf1) + 1; maj_stat = gss_import_name(&min_stat, &request_buf, GSS_C_NT_HOSTBASED_SERVICE, diff --git a/imap.c b/imap.c index 13bc170d..b667c4a6 100644 --- a/imap.c +++ b/imap.c @@ -392,7 +392,7 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) if ((ctl->server.authenticate == A_ANY || ctl->server.authenticate == A_GSSAPI) && strstr(capabilities, "AUTH=GSSAPI")) - if(ok = do_gssauth(sock, "AUTHENTICATE", ctl->server.truename, ctl->remotename)) + if(ok = do_gssauth(sock, "AUTHENTICATE", "imap", ctl->server.truename, ctl->remotename)) { /* SASL cancellation of authentication */ gen_send(sock, "*"); diff --git a/pop3.c b/pop3.c index 8e356f18..a3d2d63f 100644 --- a/pop3.c +++ b/pop3.c @@ -365,7 +365,12 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) * These authentication methods are blessed by RFC1734, * describing the POP3 AUTHentication command. */ - if (ctl->server.authenticate == A_ANY) + if ((ctl->use_ssl != FLAG_FALSE) || + (ctl->server.authenticate == A_ANY) || + (ctl->server.authenticate == A_GSSAPI) || + (ctl->server.authenticate == A_KERBEROS_V4) || + (ctl->server.authenticate == A_OTP) || + (ctl->server.authenticate == A_CRAM_MD5)) { if ((ok = capa_probe(sock)) != PS_SUCCESS) /* we are in STAGE_GETAUTH! */ @@ -455,7 +460,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) (ctl->server.authenticate == A_GSSAPI || ctl->server.authenticate == A_ANY)) { - ok = do_gssauth(sock,"AUTH",ctl->server.truename,ctl->remotename); + ok = do_gssauth(sock,"AUTH","pop",ctl->server.truename,ctl->remotename); if (ok == PS_SUCCESS || ctl->server.authenticate != A_ANY) break; } -- 2.43.2