Merge pull request #163 from james-d-elliott/feat-auth-login-x-draft

feat(smtp): auth login extension draft support
wneessen · Jan 7, 2024 · 01e5deb · 01e5deb
2 parents 6cb8290 + a73a914
commit 01e5deb
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 9 deletions.
diff --git a/smtp/auth_login.go b/smtp/auth_login.go
@@ -16,11 +16,31 @@ type loginAuth struct {
 }
 
 const (
- // ServerRespUsername represents the "Username:" response by the SMTP server
- ServerRespUsername = "Username:"
+ // LoginXUsernameChallenge represents the Username Challenge response sent by the SMTP server per the AUTH LOGIN
+ // extension.
+ //
+ // See: https://learn.microsoft.com/en-us/openspecs/exchange_server_protocols/ms-xlogin/.
+ LoginXUsernameChallenge = "Username:"
 
- // ServerRespPassword represents the "Password:" response by the SMTP server
- ServerRespPassword = "Password:"
+ // LoginXPasswordChallenge represents the Password Challenge response sent by the SMTP server per the AUTH LOGIN
+ // extension.
+ //
+ // See: https://learn.microsoft.com/en-us/openspecs/exchange_server_protocols/ms-xlogin/.
+ LoginXPasswordChallenge = "Password:"
+
+ // LoginXDraftUsernameChallenge represents the Username Challenge response sent by the SMTP server per the IETF
+ // draft AUTH LOGIN extension. It should be noted this extension is an expired draft which was never formally
+ // published and was deprecated in favor of the AUTH PLAIN extension.
+ //
+ // See: https://datatracker.ietf.org/doc/html/draft-murchison-sasl-login-00.
+ LoginXDraftUsernameChallenge = "User Name\x00"
+
+ // LoginXDraftPasswordChallenge represents the Password Challenge response sent by the SMTP server per the IETF
+ // draft AUTH LOGIN extension. It should be noted this extension is an expired draft which was never formally
+ // published and was deprecated in favor of the AUTH PLAIN extension.
+ //
+ // See: https://datatracker.ietf.org/doc/html/draft-murchison-sasl-login-00.
+ LoginXDraftPasswordChallenge = "Password\x00"
 )
 
 // LoginAuth returns an Auth that implements the LOGIN authentication
@@ -56,9 +76,9 @@ func (a *loginAuth) Start(server *ServerInfo) (string, []byte, error) {
 func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
  if more {
  switch string(fromServer) {
- case ServerRespUsername:
+ case LoginXUsernameChallenge, LoginXDraftUsernameChallenge:
  return []byte(a.username), nil
- case ServerRespPassword:
+ case LoginXPasswordChallenge, LoginXDraftPasswordChallenge:
  return []byte(a.password), nil
  default:
  return nil, fmt.Errorf("unexpected server response: %s", string(fromServer))

diff --git a/smtp/smtp_test.go b/smtp/smtp_test.go
@@ -57,10 +57,10 @@ var authTests = []authTest{
  },
  {
  LoginAuth("user", "pass", "testserver"),
- []string{"Username:", "Password:", "Invalid:"},
+ []string{"Username:", "Password:", "User Name\x00", "Password\x00", "Invalid:"},
  "LOGIN",
- []string{"", "user", "pass", ""},
- []bool{false, false, true},
+ []string{"", "user", "pass", "user", "pass", ""},
+ []bool{false, false, false, false, true},
  },
  {
  CRAMMD5Auth("user", "pass"),