X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/61ccf1dbeea93978803303d2cd43efa5da2cc7d1..76ab1c54655ccaafc68659f848c50a77df9a2201:/uip/popsbr.c

diff --git a/uip/popsbr.c b/uip/popsbr.c
index 0116febb..2eb823cf 100644
--- a/uip/popsbr.c
+++ b/uip/popsbr.c
@@ -23,7 +23,6 @@
 
 #include <h/popsbr.h>
 #include <h/signals.h>
-#include <signal.h>
 
 #define	TRM	"."
 #define	TRMLEN	(sizeof TRM - 1)
@@ -71,7 +70,7 @@ static int command(const char *, ...);
 static int multiline(void);
 
 #ifdef CYRUS_SASL
-static int pop_auth_sasl(char *, char *, char *, char *);
+static int pop_auth_sasl(char *, char *, char *);
 static int sasl_fgetc(FILE *);
 #endif /* CYRUS_SASL */
 
@@ -91,7 +90,7 @@ static int putline (char *, FILE *);
  */
 
 int
-pop_auth_sasl(char *user, char *password, char *host, char *mech)
+pop_auth_sasl(char *user, char *host, char *mech)
 {
     int result, status, sasl_capability = 0;
     unsigned int buflen, outlen;
@@ -159,7 +158,6 @@ pop_auth_sasl(char *user, char *password, char *host, char *mech)
     callbacks[POP_SASL_CB_N_USER].context = user;
     p_context.user = user;
     p_context.host = host;
-    p_context.password = password;
     callbacks[POP_SASL_CB_N_PASS].context = &p_context;
 
     result = sasl_client_init(callbacks);
@@ -352,7 +350,7 @@ static int
 sasl_get_pass(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret)
 {
     struct pass_context *p_context = (struct pass_context *) context;
-    char *pass = p_context->password;
+    struct nmh_creds creds = { 0, 0, 0 };
     int len;
 
     NMH_UNUSED (conn);
@@ -360,12 +358,25 @@ sasl_get_pass(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret)
     if (! psecret || id != SASL_CB_PASS)
 	return SASL_BADPARAM;
 
-    len = strlen(pass);
+    if (creds.password == NULL) {
+        /*
+         * Pass the 0 third argument to nmh_get_credentials() so
+         * that the default password isn't used.  With legacy/.netrc
+         * credentials support, we'll only get here if the -user
+         * switch to send(1)/post(8) wasn't used.
+         */
+        if (nmh_get_credentials (p_context->host, p_context->user, 0, &creds)
+            != OK) {
+            return SASL_BADPARAM;
+        }
+    }
+
+    len = strlen (creds.password);
 
     *psecret = (sasl_secret_t *) mh_xmalloc(sizeof(sasl_secret_t) + len);
 
     (*psecret)->len = len;
-    strcpy((char *) (*psecret)->data, pass);
+    strcpy((char *) (*psecret)->data, creds.password);
 
     return SASL_OK;
 }
@@ -436,9 +447,6 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy,
        int inpipe[2];	  /* for reading from the server */
        int outpipe[2];    /* for sending to the server */
 
-       /* first give up any root priviledges we may have for rpop */
-       setuid(getuid());
-
        pipe(inpipe);
        pipe(outpipe);
 
@@ -509,7 +517,7 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy,
 	    if (*response == '+') {
 #  ifdef CYRUS_SASL
 		if (sasl) {
-		    if (pop_auth_sasl(user, pass, host, mech) != NOTOK)
+		    if (pop_auth_sasl(user, host, mech) != NOTOK)
 			return OK;
 		} else
 #  endif /* CYRUS_SASL */