diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2007-02-02 23:47:15 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2007-02-02 23:47:15 +0000 |
| commit | 071e48042c68f2dd41ff7332fee1d9307bb9a0a6 (patch) | |
| tree | ae7a4ccd0602e781afc28e570219960fc2ca2770 | |
| parent | 1d1c07809f7d00e32e8abd14ce2bb1f5f38e122c (diff) | |
| download | fetchmail-071e48042c68f2dd41ff7332fee1d9307bb9a0a6.tar.gz fetchmail-071e48042c68f2dd41ff7332fee1d9307bb9a0a6.tar.bz2 fetchmail-071e48042c68f2dd41ff7332fee1d9307bb9a0a6.zip | |
Do not send the real password with KPOP.
svn path=/branches/BRANCH_6-3/; revision=5021
| -rw-r--r-- | pop3.c | 20 |
1 files changed, 15 insertions, 5 deletions
@@ -610,13 +610,23 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) } #endif /* OPIE_ENABLE */ + /* KPOP uses out-of-band authentication and does not check what + * we send here, so send some random fixed string, to avoid + * users switching *to* KPOP accidentally revealing their + * password */ + if ((ctl->server.authenticate == A_ANY + || ctl->server.authenticate == A_KERBEROS_V4 + || ctl->server.authenticate == A_KERBEROS_V5) + && (ctl->server.service != NULL + && strcmp(ctl->server.service, KPOP_PORT) == 0)) + { + ok = gen_transact(sock, "PASS krb_ticket"); + break; + } + /* check if we are actually allowed to send the password */ if (ctl->server.authenticate == A_ANY - || ctl->server.authenticate == A_PASSWORD - || ((ctl->server.authenticate == A_KERBEROS_V4 - || ctl->server.authenticate == A_KERBEROS_V5) - && ctl->server.service - && strcmp(ctl->server.service, KPOP_PORT) == 0)) { + || ctl->server.authenticate == A_PASSWORD) { strlcpy(shroud, ctl->password, sizeof(shroud)); ok = gen_transact(sock, "PASS %s", ctl->password); } else { |