diff options
| -rw-r--r-- | NEWS | 8 | ||||
| -rw-r--r-- | imap.c | 11 |
2 files changed, 17 insertions, 2 deletions
@@ -99,9 +99,15 @@ fetchmail-6.4.22 (not yet released): Schinzel. The paper did not mention fetchmail. * On IMAP connections, --auth ssh no longer prevents STARTTLS negotiation. -# BUG FIX: +# BUG FIXES: * On IMAP connections, when AUTHENTICATE EXTERNAL fails and we have received the tagged (= final) response, do not send "*". +* On IMAP connections, AUTHENTICATE EXTERNAL without username will properly send + a "=" for protocol compliance. +* On IMAP connections, AUTHENTICATE EXTERNAL will now check if the server + advertised SASL-IR (RFC-4959) support and otherwise refuse (fetchmail <= 6.4 + has not supported and does not support the separate challenge/response with + command continuation) -------------------------------------------------------------------------------- fetchmail-6.4.21 (released 2021-08-09, 30042 LoC): @@ -393,8 +393,15 @@ static int capa_probe(int sock, struct query *ctl) static int do_auth_external (int sock, const char *command, const char *name) /* do authentication "external" (authentication provided by client cert) */ { + /* FIXME: not compliant with RFC 4422 (SASL) without RFC 4959 (SASL-IR)- + * does not support the usual server challenge/response + */ char buf[256]; + if (!strstr(capabilities, "SASL-IR")) { + report(stderr, GT_("server did not advertise SASL-IR extension but fetchmail's implementation requires it for AUTHENTICATE EXTERNAL\n")); + return PS_AUTHFAIL; + } if (name && name[0]) { size_t len = strlen(name); @@ -404,7 +411,9 @@ static int do_auth_external (int sock, const char *command, const char *name) return PS_AUTHFAIL; /* buffer too small. */ } else - buf[0]=0; + { + strcpy(buf, "="); + } return gen_transact(sock, "%s EXTERNAL %s",command,buf); } |