Forum: NGINX Mail proxy module - http auth - BUG : bad Auth-Method returned

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Fbead4be729fe8b6672fee83be646431?d=identicon&s=25 Simon Lécaille (Guest)
on 2009-05-15 15:19
(Received via mailing list)
I forgot to say that this bug is present too in the stable release (i.e
nginx-0.6.36)
When authenticate mechanism such as apop or cram-md5 are used, the
Auth-Method header sent to backend mismatch the auth method used.

e.g With cram-md5 mechanism
GET / HTTP/1.0
Host: localhost
Auth-Method: none
Auth-User: login
Auth-Pass: 3874a80406c560adb1c11853c266a44e
Auth-Salt: <2086279695.1240477831@localhost>
Auth-Protocol: imap
Auth-Login-Attempt: 1
Client-IP: 127.0.0.1

e.g With apop mechanism
GET / HTTP/1.0
Host: localhost
Auth-Method: cram-md5
Auth-User: login
Auth-Pass: password
Auth-Protocol: pop3
Auth-Login-Attempt: 1
Client-IP: 127.0.0.1

Actually the array ngx_mail_auth_http_method[] contained less values
than it should.
So the index pointed to the wrong string when the auth_method attribute
is used is several structures.
One occurrence of "plain" was missing.

Here comes the patch :

--- ngx_mail_auth_http_module.c    2009-05-15 14:58:39.000000000 +0200
+++ old    2009-05-15 14:58:35.000000000 +0200
@@ -140,7 +140,6 @@
 static ngx_str_t   ngx_mail_auth_http_method[] = {
     ngx_string("plain"),
     ngx_string("plain"),
-    ngx_string("plain"),
     ngx_string("apop"),
     ngx_string("cram-md5")
 };


--
(Logo EmisFr)
*Simon LECAILLE*
EmisFR
/Infogérance, Sécurité et Serveurs, Développements métier et spécifiques/
10 rue Mazagran, 54000 NANCY, France
http://www.emisfr.com
Tel/Fax.: +33.3 83 32 25 75
This topic is locked and can not be replied to.