On Sun, 29 Nov 2009, Rick wrote:
Also I noticed that Auth.pm does not respond to a client "*" command
during AUTH PLAIN. * is supposed to cancel the AUTH exchange regardless
of the mechanism. Here's what I get:
AUTH PLAIN
334
*
504 Invalid authentificat
*
500 Unrecognized command
According to RFC2554:
"If the client wishes to cancel an authentication exchange, it issues a
line with a single "*". If the server receives such an answer, it MUST
reject the AUTH command by sending a 501 reply."
Like this (from a Postfix session):
AUTH PLAIN
334
*
501 5.7.0 Authentication aborted
Signed-off-by: Charlie Brady <charl...@budge.apana.org.au>
diff --git a/lib/Qpsmtpd/Auth.pm b/lib/Qpsmtpd/Auth.pm
index 993c176..b23402d 100644
--- a/lib/Qpsmtpd/Auth.pm
+++ b/lib/Qpsmtpd/Auth.pm
@@ -20,8 +20,11 @@ sub SASL {
if ( $mechanism eq "plain" ) {
if (!$prekey) {
- $session->respond( 334, "Please continue" );
+ $session->respond( 334, " " );
$prekey= <STDIN>;
+ if ($prekey eq '*') {
+ $session->respond(501, "Authentication canceled");
+ return DECLINED;
}
( $loginas, $user, $passClear ) = split /\x0/,
decode_base64($prekey);