File cyrus-imapd_nntp-auth-vuln.dif of Package cyrus-imapd
Index: cyrus-imapd-2.3.14/imap/nntpd.c
===================================================================
--- cyrus-imapd-2.3.14.orig/imap/nntpd.c
+++ cyrus-imapd-2.3.14/imap/nntpd.c
@@ -887,7 +887,7 @@ static void cmdloop(void)
/* Only Authinfo/Capabilities/Check/Head/Help/Ihave/List Active/
Mode/Quit/Starttls/Stat/Takethis allowed when not logged in */
- if (!nntp_userid && !allowanonymous &&
+ if (!nntp_authstate && !allowanonymous &&
!strchr("ACHILMQST", cmd.s[0])) goto nologin;
switch (cmd.s[0]) {
@@ -928,7 +928,7 @@ static void cmdloop(void)
"501 Unrecognized AUTHINFO command\r\n");
}
else if (!(nntp_capa & MODE_READ)) goto noperm;
- else if (!nntp_userid && !allowanonymous) goto nologin;
+ else if (!nntp_authstate && !allowanonymous) goto nologin;
else if (!strcmp(cmd.s, "Article")) {
char curgroup[MAX_MAILBOX_BUFFER], *msgid;
@@ -1084,7 +1084,7 @@ static void cmdloop(void)
cmd_help();
}
else if (!(nntp_capa & MODE_READ)) goto noperm;
- else if (!nntp_userid && !allowanonymous) goto nologin;
+ else if (!nntp_authstate && !allowanonymous) goto nologin;
else if (!strcmp(cmd.s, "Hdr")) {
char curgroup[MAX_MAILBOX_BUFFER], *msgid;
@@ -1168,7 +1168,7 @@ static void cmdloop(void)
cmd_list(arg1.len ? arg1.s : NULL, arg2.len ? arg2.s : NULL);
}
else if (!(nntp_capa & MODE_READ)) goto noperm;
- else if (!nntp_userid && !allowanonymous) goto nologin;
+ else if (!nntp_authstate && !allowanonymous) goto nologin;
else if (!strcmp(cmd.s, "Last")) {
if (c == '\r') c = prot_getc(nntp_in);
if (c != '\n') goto extraargs;
@@ -1445,7 +1445,7 @@ static void cmdloop(void)
mode = ARTICLE_STAT;
goto article;
}
- else if (!nntp_userid && !allowanonymous) goto nologin;
+ else if (!nntp_authstate && !allowanonymous) goto nologin;
else if (!strcmp(cmd.s, "Slave")) {
if (c == '\r') c = prot_getc(nntp_in);
if (c != '\n') goto extraargs;
@@ -1813,7 +1813,7 @@ static int open_group(char *name, int ha
if (newserver) {
/* remote group */
backend_next = proxy_findserver(newserver, &nntp_protocol,
- nntp_userid ? nntp_userid : "anonymous",
+ nntp_authstate ? nntp_userid : "anonymous",
&backend_cached, &backend_current,
NULL, nntp_in);
if (!backend_next) return IMAP_SERVER_UNAVAILABLE;
@@ -1881,7 +1881,7 @@ static void cmd_capabilities(char *keywo
if (mechcount) prot_printf(nntp_out, "%s", mechlist);
/* add the reader capabilities/extensions */
- if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+ if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
prot_printf(nntp_out, "READER\r\n");
prot_printf(nntp_out, "POST\r\n");
if (config_getswitch(IMAPOPT_ALLOWNEWNEWS))
@@ -1899,7 +1899,7 @@ static void cmd_capabilities(char *keywo
/* add the LIST variants */
prot_printf(nntp_out, "LIST ACTIVE%s\r\n",
- ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) ?
+ ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) ?
" HEADERS NEWSGROUPS OVERVIEW.FMT" : "");
prot_printf(nntp_out, ".\r\n");
@@ -2333,7 +2333,7 @@ static void cmd_help(void)
{
prot_printf(nntp_out, "100 Supported commands:\r\n");
- if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+ if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
prot_printf(nntp_out, "\tARTICLE [ message-id | number ]\r\n"
"\t\tRetrieve entirety of the specified article.\r\n");
}
@@ -2348,7 +2348,7 @@ static void cmd_help(void)
prot_printf(nntp_out, "\tAUTHINFO PASS password\r\n"
"\t\tPresent clear-text password for authentication.\r\n");
}
- if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+ if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
prot_printf(nntp_out, "\tBODY [ message-id | number ]\r\n"
"\t\tRetrieve body of the specified article.\r\n");
}
@@ -2358,7 +2358,7 @@ static void cmd_help(void)
prot_printf(nntp_out, "\tCHECK message-id\r\n"
"\t\tCheck if the server wants the specified article.\r\n");
}
- if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+ if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
prot_printf(nntp_out, "\tDATE\r\n"
"\t\tRequest the current server UTC date and time.\r\n");
prot_printf(nntp_out, "\tGROUP group\r\n"
@@ -2375,13 +2375,13 @@ static void cmd_help(void)
prot_printf(nntp_out, "\tIHAVE message-id\r\n"
"\t\tPresent/transfer the specified article to the server.\r\n");
}
- if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+ if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
prot_printf(nntp_out, "\tLAST\r\n"
"\t\tSelect the previous article.\r\n");
}
prot_printf(nntp_out, "\tLIST [ ACTIVE wildmat ]\r\n"
"\t\tList the (subset of) valid newsgroups.\r\n");
- if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+ if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
prot_printf(nntp_out, "\tLIST HEADERS [ MSGID | RANGE ]\r\n"
"\t\tList the headers and metadata items available via HDR.\r\n");
prot_printf(nntp_out, "\tLIST NEWSGROUPS [wildmat]\r\n"
@@ -2414,7 +2414,7 @@ static void cmd_help(void)
prot_printf(nntp_out, "\tTAKETHIS message-id\r\n"
"\t\tTransfer the specified article to the server.\r\n");
}
- if ((nntp_capa & MODE_READ) && (nntp_userid || allowanonymous)) {
+ if ((nntp_capa & MODE_READ) && (nntp_authstate || allowanonymous)) {
prot_printf(nntp_out, "\tXPAT header message-id|range wildmat\r\n"
"\t\tList the specified article(s) in which the contents\r\n"
"\t\tof the specified header/metadata matches the wildmat.\r\n");
@@ -2484,7 +2484,7 @@ void list_proxy(char *server, void *data
char *result;
be = proxy_findserver(server, &nntp_protocol,
- nntp_userid ? nntp_userid : "anonymous",
+ nntp_authstate ? nntp_userid : "anonymous",
&backend_cached, &backend_current, NULL, nntp_in);
if (!be) return;
@@ -2621,7 +2621,8 @@ static void cmd_list(char *arg1, char *a
strcpy(pattern, newsprefix);
strcat(pattern, "*");
list_cb(NULL, 0, 0, NULL);
- mboxlist_findall(NULL, pattern, 0, nntp_userid, nntp_authstate,
+ mboxlist_findall(NULL, pattern, 0,
+ nntp_authstate ? nntp_userid : NULL, nntp_authstate,
list_cb, &lrock);
/* proxy to the backends */
@@ -2645,7 +2646,7 @@ static void cmd_list(char *arg1, char *a
prot_printf(nntp_out, "502 Permission denied\r\n");
return;
}
- else if (!nntp_userid && !allowanonymous) {
+ else if (!nntp_authstate && !allowanonymous) {
prot_printf(nntp_out, "480 Authentication required\r\n");
return;
}
@@ -2682,7 +2683,8 @@ static void cmd_list(char *arg1, char *a
strcpy(pattern, newsprefix);
strcat(pattern, "*");
list_cb(NULL, 0, 0, NULL);
- mboxlist_findall(NULL, pattern, 0, nntp_userid, nntp_authstate,
+ mboxlist_findall(NULL, pattern, 0,
+ nntp_authstate ? nntp_userid : NULL, nntp_authstate,
list_cb, &lrock);
/* proxy to the backends */
@@ -3245,7 +3247,7 @@ static int deliver_remote(message_data_t
char buf[4096];
be = proxy_findserver(d->server, &nntp_protocol,
- nntp_userid ? nntp_userid : "anonymous",
+ nntp_authstate ? nntp_userid : "anonymous",
&backend_cached, &backend_current,
NULL, nntp_in);
if (!be) return IMAP_SERVER_UNAVAILABLE;
@@ -3323,7 +3325,8 @@ static int deliver(message_data_t *msg)
}
r = append_setup(&as, rcpt, MAILBOX_FORMAT_NORMAL,
- nntp_userid, nntp_authstate, ACL_POST, 0);
+ nntp_authstate ? nntp_userid : NULL,
+ nntp_authstate, ACL_POST, 0);
if (!r) {
prot_rewind(msg->data);
