INN commit: trunk/nnrpd (sasl.c)
INN Commit
Russ_Allbery at isc.org
Wed Dec 31 21:41:35 UTC 2008
Date: Wednesday, December 31, 2008 @ 13:41:34
Author: iulius
Revision: 8272
Prevent AUTHINFO SASL LOGIN (now a legacy mechanism) from being
used if a TLS layer is not active.
Modified:
trunk/nnrpd/sasl.c
--------+
sasl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Modified: sasl.c
===================================================================
--- sasl.c 2008-12-31 21:40:28 UTC (rev 8271)
+++ sasl.c 2008-12-31 21:41:34 UTC (rev 8272)
@@ -151,9 +151,10 @@
#ifdef HAVE_SSL
/* Check whether STARTTLS must be used before trying to authenticate
- * with AUTHINFO SASL PLAIN or AUTHINFO SASL EXTERNAL. */
+ * with AUTHINFO SASL PLAIN, LOGIN or EXTERNAL. */
if (PERMcanauthenticate && !PERMcanauthenticatewithoutSSL
&& !nnrpd_starttls_done && ((strcasecmp(mech, "PLAIN") == 0
+ || strcasecmp(mech, "LOGIN") == 0
|| strcasecmp(mech, "EXTERNAL") == 0))) {
Reply("%d Encryption required\r\n", NNTP_FAIL_PRIVACY_NEEDED);
return;
More information about the inn-committers
mailing list