File cyrus-imapd_nntp-auth-vuln.dif of Package cyrus-imapd.import5240

Index: cyrus-imapd-2.3.16/imap/nntpd.c
===================================================================
--- cyrus-imapd-2.3.16.orig/imap/nntpd.c
+++ cyrus-imapd-2.3.16/imap/nntpd.c
@@ -887,7 +887,7 @@ static void cmdloop(void)
     
 	/* Only Authinfo/Capabilities/Check/Head/Help/Ihave/List Active/
 	   Mode/Quit/Starttls/Stat/Takethis allowed when not logged in */
-	if (!nntp_userid && !allowanonymous &&
+	if (!nntp_authstate && !allowanonymous &&
 	    !strchr("ACHILMQST", cmd.s[0])) goto nologin;
 
 	switch (cmd.s[0]) {
@@ -928,7 +928,7 @@ static void cmdloop(void)
 				"501 Unrecognized AUTHINFO command\r\n");
 	    }
 	    else if (!(nntp_capa & MODE_READ)) goto noperm;
-	    else if (!nntp_userid && !allowanonymous) goto nologin;
+	    else if (!nntp_authstate && !allowanonymous) goto nologin;
 	    else if (!strcmp(cmd.s, "Article")) {
 		char curgroup[MAX_MAILBOX_BUFFER], *msgid;
 
@@ -1084,7 +1084,7 @@ static void cmdloop(void)
 		cmd_help();
 	    }
 	    else if (!(nntp_capa & MODE_READ)) goto noperm;
-	    else if (!nntp_userid && !allowanonymous) goto nologin;
+	    else if (!nntp_authstate && !allowanonymous) goto nologin;
 	    else if (!strcmp(cmd.s, "Hdr")) {
 		char curgroup[MAX_MAILBOX_BUFFER], *msgid;
 
@@ -1168,7 +1168,7 @@ static void cmdloop(void)
 		cmd_list(arg1.len ? arg1.s : NULL, arg2.len ? arg2.s : NULL);
 	    }
 	    else if (!(nntp_capa & MODE_READ)) goto noperm;
-	    else if (!nntp_userid && !allowanonymous) goto nologin;
+	    else if (!nntp_authstate && !allowanonymous) goto nologin;
 	    else if (!strcmp(cmd.s, "Last")) {
 		if (c == '\r') c = prot_getc(nntp_in);
 		if (c != '\n') goto extraargs;
@@ -1445,7 +1445,7 @@ static void cmdloop(void)
 		mode = ARTICLE_STAT;
 		goto article;
 	    }
-	    else if (!nntp_userid && !allowanonymous) goto nologin;
+	    else if (!nntp_authstate && !allowanonymous) goto nologin;
 	    else if (!strcmp(cmd.s, "Slave")) {	
 		if (c == '\r') c = prot_getc(nntp_in);
 		if (c != '\n') goto extraargs;
@@ -1813,7 +1813,7 @@ static int open_group(char *name, int ha
     if (newserver) {
 	/* remote group */
 	backend_next = proxy_findserver(newserver, &nntp_protocol,
-					nntp_userid ? nntp_userid : "anonymous",
+					nntp_authstate ? nntp_userid : "anonymous",
 					&backend_cached, &backend_current,
 					NULL, nntp_in);
 	if (!backend_next) return IMAP_SERVER_UNAVAILABLE;
@@ -1881,7 +1881,7 @@ static void cmd_capabilities(char *keywo
     if (mechcount) prot_printf(nntp_out, "%s", mechlist);
 
     /* add the reader capabilities/extensions */
-    if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+    if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
 	prot_printf(nntp_out, "READER\r\n");
 	prot_printf(nntp_out, "POST\r\n");
 	if (config_getswitch(IMAPOPT_ALLOWNEWNEWS))
@@ -1899,7 +1899,7 @@ static void cmd_capabilities(char *keywo
 
     /* add the LIST variants */
     prot_printf(nntp_out, "LIST ACTIVE%s\r\n",
-		((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) ?
+	        ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) ?
 		" HEADERS NEWSGROUPS OVERVIEW.FMT" : "");
 
     prot_printf(nntp_out, ".\r\n");
@@ -2333,7 +2333,7 @@ static void cmd_help(void)
 {
     prot_printf(nntp_out, "100 Supported commands:\r\n");
 
-    if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+    if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
 	prot_printf(nntp_out, "\tARTICLE [ message-id | number ]\r\n"
 		    "\t\tRetrieve entirety of the specified article.\r\n");
     }
@@ -2348,7 +2348,7 @@ static void cmd_help(void)
 	prot_printf(nntp_out, "\tAUTHINFO PASS password\r\n"
 		    "\t\tPresent clear-text password for authentication.\r\n");
     }
-    if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+    if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
 	prot_printf(nntp_out, "\tBODY [ message-id | number ]\r\n"
 		    "\t\tRetrieve body of the specified article.\r\n");
     }
@@ -2358,7 +2358,7 @@ static void cmd_help(void)
 	prot_printf(nntp_out, "\tCHECK message-id\r\n"
 		    "\t\tCheck if the server wants the specified article.\r\n");
     }
-    if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+    if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
 	prot_printf(nntp_out, "\tDATE\r\n"
 		    "\t\tRequest the current server UTC date and time.\r\n");
 	prot_printf(nntp_out, "\tGROUP group\r\n"
@@ -2375,13 +2375,13 @@ static void cmd_help(void)
 	prot_printf(nntp_out, "\tIHAVE message-id\r\n"
 		    "\t\tPresent/transfer the specified article to the server.\r\n");
     }
-    if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+    if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
 	prot_printf(nntp_out, "\tLAST\r\n"
 		    "\t\tSelect the previous article.\r\n");
     }
     prot_printf(nntp_out, "\tLIST [ ACTIVE wildmat ]\r\n"
 		"\t\tList the (subset of) valid newsgroups.\r\n");
-    if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+    if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
 	prot_printf(nntp_out, "\tLIST HEADERS [ MSGID | RANGE ]\r\n"
 		    "\t\tList the headers and metadata items available via HDR.\r\n");
 	prot_printf(nntp_out, "\tLIST NEWSGROUPS [wildmat]\r\n"
@@ -2414,7 +2414,7 @@ static void cmd_help(void)
 	prot_printf(nntp_out, "\tTAKETHIS message-id\r\n"
 		    "\t\tTransfer the specified article to the server.\r\n");
     }
-    if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+    if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
 	prot_printf(nntp_out, "\tXPAT header message-id|range wildmat\r\n"
 		    "\t\tList the specified article(s) in which the contents\r\n"
 		    "\t\tof the specified header/metadata matches the wildmat.\r\n");
@@ -2484,7 +2484,7 @@ void list_proxy(char *server, void *data
     char *result;
 
     be = proxy_findserver(server, &nntp_protocol,
-			  nntp_userid ? nntp_userid : "anonymous",
+			  nntp_authstate ? nntp_userid : "anonymous",
 			  &backend_cached, &backend_current, NULL, nntp_in);
     if (!be) return;
 
@@ -2621,7 +2621,8 @@ static void cmd_list(char *arg1, char *a
 	strcpy(pattern, newsprefix);
 	strcat(pattern, "*");
 	list_cb(NULL, 0, 0, NULL);
-	mboxlist_findall(NULL, pattern, 0, nntp_userid, nntp_authstate,
+	mboxlist_findall(NULL, pattern, 0,
+			 nntp_authstate ? nntp_userid : NULL, nntp_authstate,
 			 list_cb, &lrock);
 
 	/* proxy to the backends */
@@ -2645,7 +2646,7 @@ static void cmd_list(char *arg1, char *a
 	prot_printf(nntp_out, "502 Permission denied\r\n");
 	return;
     }
-    else if (!nntp_userid && !allowanonymous) {
+    else if (!nntp_authstate && !allowanonymous) {
 	prot_printf(nntp_out, "480 Authentication required\r\n");
 	return;
     }
@@ -2682,7 +2683,8 @@ static void cmd_list(char *arg1, char *a
 	strcpy(pattern, newsprefix);
 	strcat(pattern, "*");
 	list_cb(NULL, 0, 0, NULL);
-	mboxlist_findall(NULL, pattern, 0, nntp_userid, nntp_authstate,
+	mboxlist_findall(NULL, pattern, 0,
+			 nntp_authstate ? nntp_userid : NULL, nntp_authstate,
 			 list_cb, &lrock);
 
 	/* proxy to the backends */
@@ -3245,7 +3247,7 @@ static int deliver_remote(message_data_t
 	char buf[4096];
 
 	be = proxy_findserver(d->server, &nntp_protocol,
-			      nntp_userid ? nntp_userid : "anonymous",
+			      nntp_authstate ? nntp_userid : "anonymous",
 			      &backend_cached, &backend_current,
 			      NULL, nntp_in);
 	if (!be) return IMAP_SERVER_UNAVAILABLE;
@@ -3323,7 +3325,8 @@ static int deliver(message_data_t *msg)
 	    }
 
 	    r = append_setup(&as, rcpt, MAILBOX_FORMAT_NORMAL,
-			     nntp_userid, nntp_authstate, ACL_POST, 0);
+			     nntp_authstate ? nntp_userid : NULL,
+			     nntp_authstate, ACL_POST, 0);
 
 	    if (!r) {
 		prot_rewind(msg->data);