Mail proxy module - http auth - BUG : bad Auth-Method returned

When authenticate mechanism such as apop or cram-md5 are used, the
Auth-Method header sent to backend mismatch the auth method used.

e.g With cram-md5 mechanism
GET / HTTP/1.0
Host: localhost
Auth-Method: none
Auth-User: login
Auth-Pass: 3874a80406c560adb1c11853c266a44e
Auth-Salt: [email protected]
Auth-Protocol: imap
Auth-Login-Attempt: 1
Client-IP: 127.0.0.1

e.g With apop mechanism
GET / HTTP/1.0
Host: localhost
Auth-Method: cram-md5
Auth-User: login
Auth-Pass: password
Auth-Protocol: pop3
Auth-Login-Attempt: 1
Client-IP: 127.0.0.1

Actually the array ngx_mail_auth_http_method[] contained less values
than it should.
So the index pointed to the wrong string when the auth_method attribute
is used is several structures.
One occurrence of “plain” was missing.

Here comes the patch :

Index: src/mail/ngx_mail_auth_http_module.c

— src/mail/ngx_mail_auth_http_module.c
+++ src/mail/ngx_mail_auth_http_module.c
@@ -138,4 +138,5 @@

static ngx_str_t ngx_mail_auth_http_method[] = {

  • ngx_string(“plain”),
    ngx_string(“plain”),
    ngx_string(“plain”),


(Logo EmisFr)
Simon LECAILLE
EmisFR
/Infogérance, Sécurité et Serveurs, Développements métier et spécifiques/
10 rue Mazagran, 54000 NANCY, France
http://www.emisfr.com
Tel/Fax.: +33.3 83 32 25 75

Hello!

On Fri, Apr 24, 2009 at 10:06:44AM +0200, Simon Lécaille wrote:

When authenticate mechanism such as apop or cram-md5 are used, the
Auth-Method header sent to backend mismatch the auth method used.

[…]

Actually the array ngx_mail_auth_http_method[] contained less values
than it should.
So the index pointed to the wrong string when the auth_method attribute
is used is several structures.
One occurrence of “plain” was missing.

Yes, thank you.

To Igor: one more correct aproach would be to move
NGX_MAIL_AUTH_LOGIN_USERNAME to the last, as it was originally in
my patch.

Maxim D.

On Fri, Apr 24, 2009 at 12:27:53PM +0400, Maxim D. wrote:

than it should.
So the index pointed to the wrong string when the auth_method attribute
is used is several structures.
One occurrence of “plain” was missing.

Yes, thank you.

To Igor: one more correct aproach would be to move
NGX_MAIL_AUTH_LOGIN_USERNAME to the last, as it was originally in
my patch.

But in in this case the “Auth-Method” for NGX_MAIL_AUTH_LOGIN_USERNAME
will
be empty, is not it ?

Hello!

On Fri, Apr 24, 2009 at 02:08:19PM +0400, Igor S. wrote:

my patch.

But in in this case the “Auth-Method” for NGX_MAIL_AUTH_LOGIN_USERNAME will
be empty, is not it ?

No. NGX_MAIL_AUTH_LOGIN_USERNAME can’t appear in s->auth_method
with current code (and NGX_MAIL_AUTH_LOGIN too, actually), it will
be NGX_MAIL_AUTH_PLAIN.

$ grep 'auth_method = ’ *
ngx_mail_auth_http_module.c: s->auth_method =
NGX_MAIL_AUTH_PLAIN;
ngx_mail_handler.c: s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
ngx_mail_pop3_handler.c: s->auth_method = NGX_MAIL_AUTH_APOP;
ngx_mail_smtp_handler.c: s->auth_method = NGX_MAIL_AUTH_NONE;

But I actually think it’s better to explicitly set appropriate
constant in ngx_mail_auth_http_method[] as in Simon’s patch. Or
even move this array into ngx_mail.h to make sure they will be edited
together in the future.

Maxim D.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs