The following code is given in chapter 32 of spec.txt as an example of
encoding AUTH data:
use MIME::Base64;
printf("%s", encode_base64(eval "\"$ARGV[0]\""));
Unfortunately this code also evals the username and password, so feeding
it '\0user@???\0pas$werd' returns 'AHVzZXIuY29tAHBhcw==', which
decodes to '\0user.com\0pas'. As you can see the eval treats @domain as
an empty list and $werd as an empty scalar.
a few thoughts on replacements:
$ARGV[0] =~ s|\\0|chr(0)|ge;
print encode_base64($ARGV[0]);
or if you really like one liners:
print encode_base64(join(chr(0), split(/\\0/, $ARGV[0])));
'course, these still have problems, but I don't think they have any
problem the others didn't have anyway. I realize you might not want to
change the example, but you might add a note that this will eat special
characters.
Also, FWIW, I wrote a general purpose auth tool that's useful. I wrote it
before I realized cramtest.pl was in the distribution and now I kind of
like it. It handles strings for PLAIN, LOGIN, and CRAM-MD5. Added
benefits are the ability to provide passwords on a stty -echo prompt if
you _have_ to test with live passwords and non-interpretation of data so
you can have special characters. If anyone's curious:
http://www.jetmore.org/john/code/gen-auth
--John
