Mercurial > dovecot > core-2.2
changeset 2622:033d2fd1cd38 HEAD
Replaced timestamp in APOP challenge with 128 bits of randomness.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 12 Sep 2004 17:55:47 +0300 |
parents | c6cc163344c3 |
children | 0157839e3c78 |
files | src/login-common/main.c src/pop3-login/client.c |
diffstat | 2 files changed, 19 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/main.c Sun Sep 12 17:26:58 2004 +0300 +++ b/src/login-common/main.c Sun Sep 12 17:55:47 2004 +0300 @@ -3,6 +3,7 @@ #include "common.h" #include "ioloop.h" #include "lib-signals.h" +#include "randgen.h" #include "restrict-access.h" #include "restrict-process-size.h" #include "process-title.h" @@ -136,6 +137,7 @@ /* Initialize SSL proxy so it can read certificate and private key file. */ + random_init(); ssl_proxy_init(); /* Refuse to run as root - we should never need it and it's
--- a/src/pop3-login/client.c Sun Sep 12 17:26:58 2004 +0300 +++ b/src/pop3-login/client.c Sun Sep 12 17:55:47 2004 +0300 @@ -1,11 +1,13 @@ /* Copyright (C) 2002 Timo Sirainen */ #include "common.h" +#include "base64.h" #include "buffer.h" #include "hash.h" #include "ioloop.h" #include "istream.h" #include "ostream.h" +#include "randgen.h" #include "process-title.h" #include "safe-memset.h" #include "strescape.h" @@ -14,7 +16,6 @@ #include "auth-client.h" #include "ssl-proxy.h" #include "hostpid.h" -#include "imem.h" /* max. length of input command line (spec says 512), or max reply length in SASL authentication */ @@ -258,12 +259,25 @@ static char *get_apop_challenge(struct pop3_client *client) { struct auth_connect_id *id = &client->auth_id; + unsigned char buffer[16]; + buffer_t *buf; + char *ret; if (!auth_client_reserve_connection(auth_client, "APOP", id)) return NULL; - return i_strdup_printf("<%x.%x.%s@%s>", id->server_pid, id->connect_uid, - dec2str(ioloop_time), my_hostname); + t_push(); + random_fill(buffer, sizeof(buffer)); + buf = buffer_create_static_hard(pool_datastack_create(), + MAX_BASE64_ENCODED_SIZE(sizeof(buffer)) + 1); + base64_encode(buffer, sizeof(buffer), buf); + buffer_append_c(buf, '\0'); + + ret = i_strdup_printf("<%x.%x.%s@%s>", + id->server_pid, id->connect_uid, + (const char *)buf->data, my_hostname); + t_pop(); + return ret; } static void client_auth_ready(struct pop3_client *client)