Пример #1
0
  public void execute(AbstractPop3Handler handler, AbstractPop3Connection conn, String cmd) {
    try {
      if (!handler.isUsingAPOPAuthMethod(conn)) conn.println("-ERR APOP not authorized");
      else {
        String[] cmdLine = StringUtilities.split(cmd);
        if (cmdLine.length < 3) {
          conn.println("-ERR Required syntax: APOP <name> <digest>");
          return;
        }

        String username = cmdLine[1];
        Pop3State state = conn.getState();
        state.setUser(state.getUser(username));

        byte[] uniqueKey =
            (state.getGeneratedAPOPBanner() + state.getUser().getPassword())
                .getBytes(MailsterConstants.DEFAULT_CHARSET_NAME);

        String hash = null;

        synchronized (md5) {
          md5.Init();
          md5.Update(uniqueKey);
          hash = md5.asHex();
        }

        if (hash.equals(cmdLine[2])) tryLockingMailbox(conn);
        else conn.println("-ERR permission denied");
      }
    } catch (Exception ex) {
      // Shouldn't append cause we automatically create the mailbox.
      // RFC 1939 states it is a security threat to respond -ERR
      // as it is giving potential attackers clues about which names are
      // valid
      conn.println("-ERR " + ex.getMessage());
    }
  }
Пример #2
0
  public void execute(AbstractPop3Handler handler, AbstractPop3Connection conn, String cmd) {
    try {
      String[] cmdLine = StringUtilities.split(cmd);
      if (cmdLine.length > 1) {
        conn.println("-ERR Required syntax: STLS");
        return;
      }

      if (!MailsterKeyStoreFactory.getInstance().isStoreLoaded()) {
        conn.println("-ERR TLS is disabled because of wrong server configuration");
        return;
      }

      if (conn.isTLSConnection()) {
        conn.println("-ERR Command not permitted when TLS is already active");
        return;
      }

      conn.startTLS("+OK Begin TLS negotiation");
      conn.getState().reset(); // clean state
    } catch (Exception ex) {
      conn.println("-ERR " + ex.getMessage());
    }
  }