You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by rc...@apache.org on 2023/06/28 02:38:30 UTC
[james-project] branch 3.8.x updated: JAMES-3680 Warn when plain is not allowed (#1610)
This is an automated email from the ASF dual-hosted git repository.
rcordier pushed a commit to branch 3.8.x
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/3.8.x by this push:
new beabe70d92 JAMES-3680 Warn when plain is not allowed (#1610)
beabe70d92 is described below
commit beabe70d928705379d8196c246943ba360725d93
Author: Benoit TELLIER <bt...@linagora.com>
AuthorDate: Tue Jun 27 11:01:10 2023 +0200
JAMES-3680 Warn when plain is not allowed (#1610)
---
.../java/org/apache/james/imap/processor/AuthenticateProcessor.java | 1 +
.../src/main/java/org/apache/james/imap/processor/LoginProcessor.java | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java b/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
index fde4363f8b..40de07069c 100644
--- a/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
+++ b/protocols/imap/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
@@ -85,6 +85,7 @@ public class AuthenticateProcessor extends AbstractAuthProcessor<AuthenticateReq
if (authType.equalsIgnoreCase(AUTH_TYPE_PLAIN)) {
// See if AUTH=PLAIN is allowed. See IMAP-304
if (session.isPlainAuthDisallowed()) {
+ LOGGER.warn("Login attempt over clear channel rejected");
no(request, responder, HumanReadableText.DISABLED_LOGIN);
} else {
if (request instanceof IRAuthenticateRequest) {
diff --git a/protocols/imap/src/main/java/org/apache/james/imap/processor/LoginProcessor.java b/protocols/imap/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
index 673d7c5a63..ffb451c7fd 100644
--- a/protocols/imap/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
+++ b/protocols/imap/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
@@ -32,6 +32,8 @@ import org.apache.james.imap.message.request.LoginRequest;
import org.apache.james.mailbox.MailboxManager;
import org.apache.james.metrics.api.MetricFactory;
import org.apache.james.util.MDCBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import com.google.common.collect.ImmutableList;
@@ -40,6 +42,7 @@ import com.google.common.collect.ImmutableList;
*/
public class LoginProcessor extends AbstractAuthProcessor<LoginRequest> implements CapabilityImplementingProcessor {
private static final List<Capability> LOGINDISABLED_CAPS = ImmutableList.of(Capability.of("LOGINDISABLED"));
+ private static final Logger LOGGER = LoggerFactory.getLogger(LoginProcessor.class);
@Inject
public LoginProcessor(MailboxManager mailboxManager, StatusResponseFactory factory, MetricFactory metricFactory) {
@@ -50,6 +53,7 @@ public class LoginProcessor extends AbstractAuthProcessor<LoginRequest> implemen
protected void processRequest(LoginRequest request, ImapSession session, Responder responder) {
// check if the login is allowed with LOGIN command. See IMAP-304
if (session.isPlainAuthDisallowed()) {
+ LOGGER.warn("Login attempt over clear channel rejected");
no(request, responder, HumanReadableText.DISABLED_LOGIN);
} else {
doAuth(noDelegation(request.getUserid(), request.getPassword()),
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org