From d2e71b5db5843dad24af6ca0967025cee0fa1e57 Mon Sep 17 00:00:00 2001
From: Johan Danielsson <joda@pdc.kth.se>
Date: Mon, 14 Jun 2004 08:14:16 +0000
Subject: [PATCH] if using SASL, don't allow plaintext USER/PASS

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13927 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/popper/pop_user.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/appl/popper/pop_user.c b/appl/popper/pop_user.c
index fc286b4d7..9a530260d 100644
--- a/appl/popper/pop_user.c
+++ b/appl/popper/pop_user.c
@@ -18,19 +18,19 @@ pop_user (POP *p)
 
     strlcpy(p->user, p->pop_parm[1], sizeof(p->user));
 
-#ifdef OTP
-    if (otp_challenge (&p->otp_ctx, p->user, ss, sizeof(ss)) == 0) {
-	return pop_msg(p, POP_SUCCESS, "Password %s required for %s.",
-		       ss, p->user);
-    } else
-#endif
-    if (p->auth_level != AUTH_NONE) {
+    if (p->auth_level == AUTH_OTP) {
 	char *s = NULL;
 #ifdef OTP
+	if(otp_challenge (&p->otp_ctx, p->user, ss, sizeof(ss)) == 0)
+	    return pop_msg(p, POP_SUCCESS, "Password %s required for %s.",
+			   ss, p->user);
 	s = otp_error(&p->otp_ctx);
-#endif
 	return pop_msg(p, POP_FAILURE, "Permission denied%s%s",
 		       s ? ":" : "", s ? s : "");
-    } else
-	return pop_msg(p, POP_SUCCESS, "Password required for %s.", p->user);
+#endif
+    }
+    if (p->auth_level == AUTH_SASL) {
+	return pop_msg(p, POP_FAILURE, "Permission denied");
+    }
+    return pop_msg(p, POP_SUCCESS, "Password required for %s.", p->user);
 }