Mercurial > dovecot > core-2.2
changeset 4269:b8fd29a53d47 HEAD
If PASS command is given (after unsuccessful USER) with plaintext auth
disabled, give proper error message instead of "No username given".
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 09 May 2006 23:47:54 +0300 |
parents | 7112aad504ae |
children | 455b8162e0a9 |
files | src/pop3-login/client-authenticate.c |
diffstat | 1 files changed, 20 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/src/pop3-login/client-authenticate.c Tue May 09 14:57:36 2006 +0300 +++ b/src/pop3-login/client-authenticate.c Tue May 09 23:47:54 2006 +0300 @@ -244,17 +244,24 @@ return TRUE; } +static bool check_plaintext_auth(struct pop3_client *client) +{ + if (client->common.secured || !disable_plaintext_auth) + return TRUE; + + if (verbose_auth) { + client_syslog(&client->common, "Login failed: " + "Plaintext authentication disabled"); + } + client_send_line(client, + "-ERR Plaintext authentication disabled."); + return FALSE; +} + bool cmd_user(struct pop3_client *client, const char *args) { - if (!client->common.secured && disable_plaintext_auth) { - if (verbose_auth) { - client_syslog(&client->common, "Login failed: " - "Plaintext authentication disabled"); - } - client_send_line(client, - "-ERR Plaintext authentication disabled."); + if (!check_plaintext_auth(client)) return TRUE; - } i_free(client->last_user); client->last_user = i_strdup(args); @@ -268,6 +275,11 @@ string_t *plain_login, *base64; if (client->last_user == NULL) { + /* client may ignore the USER reply and only display the error + message from PASS */ + if (!check_plaintext_auth(client)) + return TRUE; + client_send_line(client, "-ERR No username given."); return TRUE; }