INN commit: trunk/nnrpd (commands.c nnrpd.c sasl.c)
INN Commit
Russ_Allbery at isc.org
Sun Sep 7 18:14:45 UTC 2008
Date: Sunday, September 7, 2008 @ 11:14:44
Author: iulius
Revision: 8020
* Return 503 (and not 501) in case INN is built without SASL, when
AUTHINFO SASL is asked.
* Check the syntax of a mechanism.
Modified:
trunk/nnrpd/commands.c
trunk/nnrpd/nnrpd.c
trunk/nnrpd/sasl.c
------------+
commands.c | 9 ++++++---
nnrpd.c | 4 ++--
sasl.c | 43 +++++++++++++++++++++++++++++++++++++++++--
3 files changed, 49 insertions(+), 7 deletions(-)
Modified: commands.c
===================================================================
--- commands.c 2008-09-07 14:43:20 UTC (rev 8019)
+++ commands.c 2008-09-07 18:14:44 UTC (rev 8020)
@@ -198,6 +198,8 @@
case 0:
syslog(L_NOTICE, "%s bad_auth %s (%s)", Client.host, PERMuser,
logrec);
+ /* We keep the right 481 code here instead of the wrong 502
+ * answer suggested in RFC 2080. */
Reply("%d Authentication failed\r\n", NNTP_FAIL_AUTHINFO_BAD);
free(logrec);
return;
@@ -205,13 +207,14 @@
/* Lower level (-1) has already issued a reply. */
return;
}
-
+ } else if (strcasecmp(av[1], "SASL") == 0) {
#ifdef HAVE_SASL
- } else if (strcasecmp(av[1], "SASL") == 0) {
/* Arguments are checked by SASLauth(). */
SASLauth(ac, av);
+#else
+ Reply("%d SASL authentication unsupported\r\n", NNTP_ERR_UNAVAILABLE);
+ return;
#endif /* HAVE_SASL */
-
} else {
/* Each time AUTHINFO USER is used, the new username is cached. */
if (strcasecmp(av[1], "USER") == 0) {
Modified: nnrpd.c
===================================================================
--- nnrpd.c 2008-09-07 14:43:20 UTC (rev 8019)
+++ nnrpd.c 2008-09-07 18:14:44 UTC (rev 8020)
@@ -108,9 +108,9 @@
{ "AUTHINFO", CMDauthinfo, false, 3, CMDany,
"USER name|PASS password"
#ifdef HAVE_SASL
- "|SASL mech [init-resp]"
+ "|SASL mechanism [initial-response]"
#endif
- "|GENERIC prog [args ...]" },
+ "|GENERIC program [argument ...]" },
{ "BODY", CMDfetch, true, 1, 2,
CMDfetchhelp },
{ "DATE", CMDdate, false, 1, 1,
Modified: sasl.c
===================================================================
--- sasl.c 2008-09-07 14:43:20 UTC (rev 8019)
+++ sasl.c 2008-09-07 18:14:44 UTC (rev 8020)
@@ -24,6 +24,38 @@
#define BASE64_BUF_SIZE 21848 /* per RFC 2222bis: ((16K / 3) + 1) * 4 */
+
+/*
+** Check if the argument is a valid mechanism according to RFC 4643:
+**
+** mechanism = 1*20mech-char
+** mech-char = UPPER / DIGIT / "-" / "_"
+*/
+static bool
+IsValidMechanism(const char *string)
+{
+ int len = 0;
+ const unsigned char *p;
+
+ /* Not NULL. */
+ if (string == NULL)
+ return false;
+
+ p = (const unsigned char *) string;
+
+ for (; *p != '\0'; p++) {
+ len++;
+ if (!CTYPE(isalnum, *p) && *p != '-' && *p != '_')
+ return false;
+ }
+
+ if (len > 0 && len < 21)
+ return true;
+ else
+ return false;
+}
+
+
void
SASLauth(int ac, char *av[])
{
@@ -40,11 +72,18 @@
int r = SASL_OK;
if (ac < 3 || ac > 4) {
- Reply("%d AUTHINFO SASL mech [init-resp]>\r\n", NNTP_ERR_SYNTAX);
- return;
+ /* In fact, ac > 4 here. */
+ Reply("%d Too many arguments\r\n", NNTP_ERR_SYNTAX);
+ return;
}
mech = av[2];
+
+ if (!IsValidMechanism(mech)) {
+ Reply("%d Syntax error in mechanism\r\n", NNTP_ERR_SYNTAX);
+ return;
+ }
+
if (ac == 4) {
/* initial response */
clientin = av[3];
More information about the inn-committers
mailing list