Properly set the SASL external auth name when using SSL client certs.

Also zero out the account structure before filling it with available
data. Client certificates + SASL EXTERNAL were only working by luck.

diff --git a/ChangeLog b/ChangeLog
index 06a209fff50d74c3d2f9226ee18c34cca9cacdfa..66f1d06ba4f02be105a23ca5812eadac98b83684 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,16 @@
-2008-08-25 00:16 -0700  Brendan Cully  <brendan@kublai.com>  (53d9210aa4ee)
+2008-08-26 02:07 -0700  Brendan Cully  <brendan@kublai.com>  (22498996719f)
+
+       * imap/imap.c: Remove leftover IMAP IDLE handling from before
+       [53d9210aa4ee].
+
+2008-08-25 00:52 -0700  Brendan Cully  <brendan@kublai.com>  (36aa1130091a)
+
+       * UPDATING, globals.h, imap/command.c, imap/imap.c,
+       imap/imap_private.h, imap/util.c, init.c, init.h: Introduce
+       $imap_pipeline_depth. This lets users control the number of
+       commands that mutt will queue up before sending them to the
+       server. Setting this to 0 disables pipelining, which should close
+       #2892.
 
        * imap/command.c, imap/imap.c, imap/imap_private.h, imap/message.c:
        Rework IMAP command queueing to allow pipelining to be disabled.

diff --git a/imap/util.c b/imap/util.c
index eb3a1a16651a2f16d10dc0edbb091430bbd2b5ae..011df2b79695db755dba4ddbd2be92cfd187e5e9 100644 (file)
--- a/imap/util.c
+++ b/imap/util.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 1996-8 Michael R. Elkins <me@mutt.org>
  * Copyright (C) 1996-9 Brandon Long <blong@fiction.net>
- * Copyright (C) 1999-2005 Brendan Cully <brendan@kublai.com>
+ * Copyright (C) 1999-2008 Brendan Cully <brendan@kublai.com>
  * 
  *     This program is free software; you can redistribute it and/or modify
  *     it under the terms of the GNU General Public License as published by
@@ -189,7 +189,7 @@ int imap_parse_path (const char* path, IMAP_MBOX* mx)
   }
 
   /* Defaults */
-  mx->account.flags = 0;
+  memset(&mx->account, 0, sizeof(mx->account));
   mx->account.port = ImapPort;
   mx->account.type = M_ACCT_TYPE_IMAP;
 

diff --git a/mutt_sasl.c b/mutt_sasl.c
index 48d8ce0ce4f39d361859e0251d7929988fc5f9a0..2bc3020e3f837e205da669fa530bfdc998271290 100644 (file)
--- a/mutt_sasl.c
+++ b/mutt_sasl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000-7 Brendan Cully <brendan@kublai.com>
+ * Copyright (C) 2000-8 Brendan Cully <brendan@kublai.com>
  * 
  *     This program is free software; you can redistribute it and/or modify
  *     it under the terms of the GNU General Public License as published by
@@ -246,6 +246,9 @@ int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
       mutt_error (_("Error setting SASL external security strength"));
       return -1;
     }
+  }
+  if (conn->account.user[0])
+  {
     dprint (2, (debugfile, "External authentication name: %s\n", conn->account.user));
     if (sasl_setprop (*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) != SASL_OK)
     {

diff --git a/mutt_ssl.c b/mutt_ssl.c
index 5aeb815c44278a6a86a485c2bb20429dbaa00892..1c7a8b7c9b753f1c31754f45d9d0e276e33e05c8 100644 (file)
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -874,6 +874,9 @@ static void ssl_get_client_cert(sslsockdata *ssldata, CONNECTION *conn)
     SSL_CTX_set_default_passwd_cb(ssldata->ctx, ssl_passwd_cb);
     SSL_CTX_use_certificate_file(ssldata->ctx, SslClientCert, SSL_FILETYPE_PEM);
     SSL_CTX_use_PrivateKey_file(ssldata->ctx, SslClientCert, SSL_FILETYPE_PEM);
+    
+    /* if we are using a client cert, SASL may expect an external auth name */
+    mutt_account_getuser (&conn->account);
   }
 }
 

diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index 1c7f21bc55967867d3ff2050c941f86a53001c7a..0fbf2465bdcb16a34b844760c38a2f73b96d9d42 100644 (file)
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -215,7 +215,8 @@ static void tls_get_client_cert (CONNECTION* conn)
   if ((cnend = strstr (dn, ",EMAIL=")))
     *cnend = '\0';
 
-  dprint (2, (debugfile, "client CN: %s\n", cn));
+  /* if we are using a client cert, SASL may expect an external auth name */
+  mutt_account_getuser (&conn->account);
 
 err_dn:
   FREE (&dn);