diff options
| author | Brad Fitzpatrick <bradfitz@golang.org> | 2013-04-03 10:52:20 -0700 |
|---|---|---|
| committer | Brad Fitzpatrick <bradfitz@golang.org> | 2013-04-03 10:52:20 -0700 |
| commit | ca24f9ec00c65f8e75e38ad33d1b0b3bb287e2a3 (patch) | |
| tree | 9fc936c87cffefb20f3c0aeb7ab7b8aeacd4f007 /src/pkg | |
| parent | 3c0a5b8636409ca69f6afa8309e6cbe299a5af1d (diff) | |
| download | go-ca24f9ec00c65f8e75e38ad33d1b0b3bb287e2a3.tar.xz | |
net/smtp: allow PLAIN auth when advertised
The smtp package originally allowed PLAIN whenever, but then
the TLS check was added for paranoia, but it's too paranoid:
it prevents using PLAIN auth even from localhost to localhost
when the server advertises PLAIN support.
This CL also permits the client to send PLAIN if the server
advertises it.
Fixes #5184
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/8279043
Diffstat (limited to 'src/pkg')
| -rw-r--r-- | src/pkg/net/smtp/auth.go | 11 | ||||
| -rw-r--r-- | src/pkg/net/smtp/smtp_test.go | 35 |
2 files changed, 45 insertions, 1 deletions
diff --git a/src/pkg/net/smtp/auth.go b/src/pkg/net/smtp/auth.go index d401e3c21f..3f1339ebc5 100644 --- a/src/pkg/net/smtp/auth.go +++ b/src/pkg/net/smtp/auth.go @@ -54,7 +54,16 @@ func PlainAuth(identity, username, password, host string) Auth { func (a *plainAuth) Start(server *ServerInfo) (string, []byte, error) { if !server.TLS { - return "", nil, errors.New("unencrypted connection") + advertised := false + for _, mechanism := range server.Auth { + if mechanism == "PLAIN" { + advertised = true + break + } + } + if !advertised { + return "", nil, errors.New("unencrypted connection") + } } if server.Name != a.host { return "", nil, errors.New("wrong host name") diff --git a/src/pkg/net/smtp/smtp_test.go b/src/pkg/net/smtp/smtp_test.go index 8317428cb8..c190b32c05 100644 --- a/src/pkg/net/smtp/smtp_test.go +++ b/src/pkg/net/smtp/smtp_test.go @@ -57,6 +57,41 @@ testLoop: } } +func TestAuthPlain(t *testing.T) { + auth := PlainAuth("foo", "bar", "baz", "servername") + + tests := []struct { + server *ServerInfo + err string + }{ + { + server: &ServerInfo{Name: "servername", TLS: true}, + }, + { + // Okay; explicitly advertised by server. + server: &ServerInfo{Name: "servername", Auth: []string{"PLAIN"}}, + }, + { + server: &ServerInfo{Name: "servername", Auth: []string{"CRAM-MD5"}}, + err: "unencrypted connection", + }, + { + server: &ServerInfo{Name: "attacker", TLS: true}, + err: "wrong host name", + }, + } + for i, tt := range tests { + _, _, err := auth.Start(tt.server) + got := "" + if err != nil { + got = err.Error() + } + if got != tt.err { + t.Errorf("%d. got error = %q; want %q", i, got, tt.err) + } + } +} + type faker struct { io.ReadWriter } |