[Exim] authentication documentation comment

Top Pagina
Delete this message
Reply to this message
Auteur: John Jetmore
Datum:  
Aan: exim-users
Onderwerp: [Exim] authentication documentation comment
The following code is given in chapter 32 of spec.txt as an example of
encoding AUTH data:

    use MIME::Base64;
    printf("%s", encode_base64(eval "\"$ARGV[0]\""));


Unfortunately this code also evals the username and password, so feeding
it '\0user@???\0pas$werd' returns 'AHVzZXIuY29tAHBhcw==', which
decodes to '\0user.com\0pas'. As you can see the eval treats @domain as
an empty list and $werd as an empty scalar.

a few thoughts on replacements:

    $ARGV[0] =~ s|\\0|chr(0)|ge;
    print encode_base64($ARGV[0]);


or if you really like one liners:

    print encode_base64(join(chr(0), split(/\\0/, $ARGV[0])));


'course, these still have problems, but I don't think they have any
problem the others didn't have anyway. I realize you might not want to
change the example, but you might add a note that this will eat special
characters.

Also, FWIW, I wrote a general purpose auth tool that's useful. I wrote it
before I realized cramtest.pl was in the distribution and now I kind of
like it. It handles strings for PLAIN, LOGIN, and CRAM-MD5. Added
benefits are the ability to provide passwords on a stty -echo prompt if
you _have_ to test with live passwords and non-interpretation of data so
you can have special characters. If anyone's curious:

http://www.jetmore.org/john/code/gen-auth

--John