Mercurial > hg > nginx
comparison src/mail/ngx_mail_smtp_handler.c @ 9287:32d4582c484d
Mail: fixed EXTERNAL to be accepted only if enabled.
As originally implemented in 6774:bcb107bb89cd, it wasn't possible to
disable the EXTERNAL authentication method: it was always accepted
(but not advertised unless enabled). It is, however, believed that
it is better to reject attempts to use the disabled method, hence in
6869:b2915d99ee8d an attempt was made to address this. This attempt
was insufficient though: it was still possible to use the method as long
as initial SASL response was used.
With this patch both challenge-response and initial response forms are
disabled. Additionally, initial response handling for the PLAIN
authentication is removed from ngx_mail_auth_parse(), for consistency
and to don't provoke such bugs.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:05 +0300 |
parents | d7fd0acdea64 |
children | 4538c1ffb0f8 |
comparison
equal
deleted
inserted
replaced
9286:d9fe808c1841 | 9287:32d4582c484d |
---|---|
699 | 699 |
700 return ngx_mail_auth_login_username(s, c, 1); | 700 return ngx_mail_auth_login_username(s, c, 1); |
701 | 701 |
702 case NGX_MAIL_AUTH_PLAIN: | 702 case NGX_MAIL_AUTH_PLAIN: |
703 | 703 |
704 if (s->args.nelts == 2) { | |
705 return ngx_mail_auth_plain(s, c, 1); | |
706 } | |
707 | |
704 ngx_str_set(&s->out, smtp_next); | 708 ngx_str_set(&s->out, smtp_next); |
705 s->mail_state = ngx_smtp_auth_plain; | 709 s->mail_state = ngx_smtp_auth_plain; |
706 | 710 |
707 return NGX_OK; | 711 return NGX_OK; |
708 | 712 |
729 | 733 |
730 case NGX_MAIL_AUTH_EXTERNAL: | 734 case NGX_MAIL_AUTH_EXTERNAL: |
731 | 735 |
732 if (!(sscf->auth_methods & NGX_MAIL_AUTH_EXTERNAL_ENABLED)) { | 736 if (!(sscf->auth_methods & NGX_MAIL_AUTH_EXTERNAL_ENABLED)) { |
733 return NGX_MAIL_PARSE_INVALID_COMMAND; | 737 return NGX_MAIL_PARSE_INVALID_COMMAND; |
738 } | |
739 | |
740 if (s->args.nelts == 2) { | |
741 return ngx_mail_auth_external(s, c, 1); | |
734 } | 742 } |
735 | 743 |
736 ngx_str_set(&s->out, smtp_username); | 744 ngx_str_set(&s->out, smtp_username); |
737 s->mail_state = ngx_smtp_auth_external; | 745 s->mail_state = ngx_smtp_auth_external; |
738 | 746 |