Re: [PATCH v1] send-email: provide whitelist of SMTP AUTH mechanisms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 02 Aug 2015 11:28:49 -0700
Junio C Hamano <gitster@xxxxxxxxx> wrote:

> Jan Viktorin <viktorin@xxxxxxxxxxxxxx> writes:
> 
> > Authen::SASL gives:
> >
> > No SASL mechanism found
> >  at /usr/share/perl5/vendor_perl/Authen/SASL.pm line 77.
> >  at /usr/share/perl5/core_perl/Net/SMTP.pm line 207.
> >
> > The SASL library does not check validity of mechanisms'
> > names (or I did not find it). It just tries to load one
> > that matches both the ours and the server side ones.
> > ...
> > I would like to include the regex check based on RFC 4422
> > as I've already mentioned. at least, it filters out the
> > unwanted characters like '/', '.', etc.
> 
> Hmm, is there a way to ask Authen::SASL what SASL mechanism the
> installed system supports?  If so, the enhancement you are adding
> could be
> 
> 	my @to_use;
> 	if ($smtp_auth_whitelist is supplied) {
> 		my @installed = Authen::SASL::list_mechanisms();
>                 for (@installed) {
>                 	if ($_ is whitelisted) {
> 				push @to_use, $_;
> 			}
> 		}
> 	}
> 
> and @to_use can later be supplied when we open the connection as the
> list of mechanisms we allow the library to pick.
> 
> Just my $.02

I didn't find a way how to determine what mechanisms are supported by SASL.
This is a way how it looks for a mechanism (I think) on new():

Authen/SASL/Perl.pm

 57   my @mpkg = sort {
 58     $b->_order <=> $a->_order
 59   } grep {
 60     my $have = $have{$_} ||= (eval "require $_;" and $_->can('_secflags')) ? 1 : -1;
 61     $have > 0 and $_->_secflags(@sec) == @sec
 62   } map {
 63     (my $mpkg = __PACKAGE__ . "::$_") =~ s/-/_/g;
 64     $mpkg;
 65   } split /[^-\w]+/, $parent->mechanism
 66     or croak "No SASL mechanism found\n";

It just loads a package based on the names we provide. So it seems, the library
has no clue about the existing mechanisms. This would be possible by reading the
proper directory with packages which seems to be quite wierd anyway.

-- 
   Jan Viktorin                  E-mail: Viktorin@xxxxxxxxxxxxxx
   System Architect              Web:    www.RehiveTech.com
   RehiveTech
   Brno, Czech Republic
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]