Re: [Exim] restricting AUTH Plain/Login to TLS connectionsy

Pàgina inicial
Delete this message
Reply to this message
Autor: Nico Erfurth
Data:  
A: exim-users
CC: Philip Hazel
Assumpte: Re: [Exim] restricting AUTH Plain/Login to TLS connectionsy
Philip Hazel wrote:
> On Wed, 8 Jan 2003, Nico Erfurth wrote:
>
>
>>Why?
>>IMHO, you need to loop through the authenticators anyway, to find the
>>requested authenticator, so checking the condition again and skipping if
>>it yields false shouldn't be a problem (around line 1793 in my version
>>of smtp_in.c). But I could be wrong, I just had a quick look ;)
>
>
> OK, you may be right. I *didn't* have a quick look. :-)


Proof of concept patch ;)

http://mail.tmtowtdi.de/exim/exim-4.12-conditional_auth.patch

This patch adds a advertise_condition option to the authenticators.
If it is undefined (default) or yields a true value after expansion
The string will be expanded and if the condition yields a true value or
is undefined, the auth-scheme will be advertised, otherwise it's skipped.

A flag is set for every advertised mechanism, it will be checked if the
client sends an AUTH command.

Warning: If the expansion of advertise_condition fails or defers, the
authenticator is just skipped and will not be advertised, a logentry
will be written to the paniclog in this case.

No warranty at all for this patch, whatever happens, it's you fault, not
mine ;)

ciao.