Esempio n. 1
0
  public void execute(AbstractPop3Handler handler, AbstractPop3Connection conn, String cmd) {
    try {
      if (!handler.isUsingAPOPAuthMethod(conn)) conn.println("-ERR APOP not authorized");
      else {
        String[] cmdLine = StringUtilities.split(cmd);
        if (cmdLine.length < 3) {
          conn.println("-ERR Required syntax: APOP <name> <digest>");
          return;
        }

        String username = cmdLine[1];
        Pop3State state = conn.getState();
        state.setUser(state.getUser(username));

        byte[] uniqueKey =
            (state.getGeneratedAPOPBanner() + state.getUser().getPassword())
                .getBytes(MailsterConstants.DEFAULT_CHARSET_NAME);

        String hash = null;

        synchronized (md5) {
          md5.Init();
          md5.Update(uniqueKey);
          hash = md5.asHex();
        }

        if (hash.equals(cmdLine[2])) tryLockingMailbox(conn);
        else conn.println("-ERR permission denied");
      }
    } catch (Exception ex) {
      // Shouldn't append cause we automatically create the mailbox.
      // RFC 1939 states it is a security threat to respond -ERR
      // as it is giving potential attackers clues about which names are
      // valid
      conn.println("-ERR " + ex.getMessage());
    }
  }
Esempio n. 2
0
 public boolean isValidForState(Pop3State state) {
   return !state.isAuthenticated();
 }