|
|
@@ -36,7 +36,7 @@ def has_right(owner, user, password):
|
|
|
return False
|
|
|
|
|
|
line = "%s\nlogin\n%s\n%s" % (sys.argv[0], user, password)
|
|
|
- line = "%i\n%s" % (len(line), line)
|
|
|
+ line = "AUTH %i\n%s" % (len(line), line)
|
|
|
try:
|
|
|
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
|
|
sock.connect(COURIER_SOCKET)
|
|
|
@@ -51,7 +51,13 @@ def has_right(owner, user, password):
|
|
|
|
|
|
log.LOGGER.debug("Got Courier socket response: %r" % data)
|
|
|
|
|
|
- if repr(data) == "FAIL":
|
|
|
- return False
|
|
|
+ # Address, HOME, GID, and either UID or USERNAME are mandatory in resposne
|
|
|
+ # see http://www.courier-mta.org/authlib/README_authlib.html#authpipeproto
|
|
|
+ for line in data.split():
|
|
|
+ if 'GID' in line:
|
|
|
+ return True
|
|
|
|
|
|
- return True
|
|
|
+ # default is reject
|
|
|
+ # this alleviates the problem of a possibly empty reply from courier authlib
|
|
|
+ # see http://www.courier-mta.org/authlib/README_authlib.html#authpipeproto
|
|
|
+ return False
|
Benjamin Frank