static int multiline(void);
#ifdef CYRUS_SASL
-static int pop_auth_sasl(char *, char *, char *, char *);
+static int pop_auth_sasl(char *, char *, char *);
static int sasl_fgetc(FILE *);
#endif /* CYRUS_SASL */
*/
int
-pop_auth_sasl(char *user, char *password, char *host, char *mech)
+pop_auth_sasl(char *user, char *host, char *mech)
{
int result, status, sasl_capability = 0;
unsigned int buflen, outlen;
callbacks[POP_SASL_CB_N_USER].context = user;
p_context.user = user;
p_context.host = host;
- p_context.password = password;
callbacks[POP_SASL_CB_N_PASS].context = &p_context;
result = sasl_client_init(callbacks);
sasl_get_pass(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret)
{
struct pass_context *p_context = (struct pass_context *) context;
- char *pass = p_context->password;
+ struct nmh_creds creds = { 0, 0, 0 };
int len;
NMH_UNUSED (conn);
if (! psecret || id != SASL_CB_PASS)
return SASL_BADPARAM;
- len = strlen(pass);
+ if (creds.password == NULL) {
+ /*
+ * Pass the 0 third argument to nmh_get_credentials() so
+ * that the default password isn't used. With legacy/.netrc
+ * credentials support, we'll only get here if the -user
+ * switch to send(1)/post(8) wasn't used.
+ */
+ if (nmh_get_credentials (p_context->host, p_context->user, 0, &creds)
+ != OK) {
+ return SASL_BADPARAM;
+ }
+ }
+
+ len = strlen (creds.password);
*psecret = (sasl_secret_t *) mh_xmalloc(sizeof(sasl_secret_t) + len);
(*psecret)->len = len;
- strcpy((char *) (*psecret)->data, pass);
+ strcpy((char *) (*psecret)->data, creds.password);
return SASL_OK;
}
int inpipe[2]; /* for reading from the server */
int outpipe[2]; /* for sending to the server */
- /* first give up any root priviledges we may have for rpop */
- setuid(getuid());
-
pipe(inpipe);
pipe(outpipe);
if (*response == '+') {
# ifdef CYRUS_SASL
if (sasl) {
- if (pop_auth_sasl(user, pass, host, mech) != NOTOK)
+ if (pop_auth_sasl(user, host, mech) != NOTOK)
return OK;
} else
# endif /* CYRUS_SASL */
projects / nmh / blobdiff