Forum: NGINX Mail proxy module - http auth - BUG : bad Auth-Method returned

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Simon Lécaille (Guest)
on 2009-04-24 12:18
(Received via mailing list)
When authenticate mechanism such as apop or cram-md5 are used, the
Auth-Method header sent to backend mismatch the auth method used.

e.g With cram-md5 mechanism
GET / HTTP/1.0
Host: localhost
Auth-Method: none
Auth-User: login
Auth-Pass: 3874a80406c560adb1c11853c266a44e
Auth-Salt: <2086279695.1240477831@localhost>
Auth-Protocol: imap
Auth-Login-Attempt: 1
Client-IP: 127.0.0.1

e.g With apop mechanism
GET / HTTP/1.0
Host: localhost
Auth-Method: cram-md5
Auth-User: login
Auth-Pass: password
Auth-Protocol: pop3
Auth-Login-Attempt: 1
Client-IP: 127.0.0.1

Actually the array ngx_mail_auth_http_method[] contained less values
than it should.
So the index pointed to the wrong string when the auth_method attribute
is used is several structures.
One occurrence of "plain" was missing.

Here comes the patch :


Index: src/mail/ngx_mail_auth_http_module.c
===================================================================
--- src/mail/ngx_mail_auth_http_module.c
+++ src/mail/ngx_mail_auth_http_module.c
@@ -138,4 +138,5 @@

 static ngx_str_t   ngx_mail_auth_http_method[] = {
+    ngx_string("plain"),
     ngx_string("plain"),
     ngx_string("plain"),

--
(Logo EmisFr)
*Simon LECAILLE*
EmisFR
/Infogérance, Sécurité et Serveurs, Développements métier et spécifiques/
10 rue Mazagran, 54000 NANCY, France
http://www.emisfr.com
Tel/Fax.: +33.3 83 32 25 75
Maxim D. (Guest)
on 2009-04-24 12:37
(Received via mailing list)
Hello!

On Fri, Apr 24, 2009 at 10:06:44AM +0200, Simon Lécaille wrote:

> When authenticate mechanism such as apop or cram-md5 are used, the
> Auth-Method header sent to backend mismatch the auth method used.

[...]

> Actually the array ngx_mail_auth_http_method[] contained less values
> than it should.
> So the index pointed to the wrong string when the auth_method attribute
> is used is several structures.
> One occurrence of "plain" was missing.

Yes, thank you.

To Igor: one more correct aproach would be to move
NGX_MAIL_AUTH_LOGIN_USERNAME to the last, as it was originally in
my patch.

Maxim D.
Igor S. (Guest)
on 2009-04-24 14:22
(Received via mailing list)
On Fri, Apr 24, 2009 at 12:27:53PM +0400, Maxim D. wrote:

> > than it should.
> > So the index pointed to the wrong string when the auth_method attribute
> > is used is several structures.
> > One occurrence of "plain" was missing.
>
> Yes, thank you.
>
> To Igor: one more correct aproach would be to move
> NGX_MAIL_AUTH_LOGIN_USERNAME to the last, as it was originally in
> my patch.

But in in this case the "Auth-Method" for NGX_MAIL_AUTH_LOGIN_USERNAME
will
be empty, is not it ?
Maxim D. (Guest)
on 2009-04-24 14:57
(Received via mailing list)
Hello!

On Fri, Apr 24, 2009 at 02:08:19PM +0400, Igor S. wrote:

> >
> > my patch.
>
> But in in this case the "Auth-Method" for NGX_MAIL_AUTH_LOGIN_USERNAME will
> be empty, is not it ?

No.  NGX_MAIL_AUTH_LOGIN_USERNAME can't appear in s->auth_method
with current code (and NGX_MAIL_AUTH_LOGIN too, actually), it will
be NGX_MAIL_AUTH_PLAIN.

$ grep 'auth_method = ' *
ngx_mail_auth_http_module.c:        s->auth_method =
NGX_MAIL_AUTH_PLAIN;
ngx_mail_handler.c:    s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
ngx_mail_pop3_handler.c:    s->auth_method = NGX_MAIL_AUTH_APOP;
ngx_mail_smtp_handler.c:    s->auth_method = NGX_MAIL_AUTH_NONE;

But I actually think it's better to explicitly set appropriate
constant in ngx_mail_auth_http_method[] as in Simon's patch.  Or
even move this array into ngx_mail.h to make sure they will be edited
together in the future.

Maxim D.
This topic is locked and can not be replied to.