Mercurial > dovecot > core-2.2
changeset 4046:29afb0f7665f HEAD
If no realms are given in configuration file, advertise an empty realm. Also
if realms are given and client sends an invalid realm, write the realm to
log.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 24 Feb 2006 12:05:16 +0200 |
parents | 5819e0190400 |
children | 20e742b83a79 |
files | src/auth/mech-digest-md5.c |
diffstat | 1 files changed, 14 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/mech-digest-md5.c Thu Feb 23 20:25:44 2006 +0200 +++ b/src/auth/mech-digest-md5.c Fri Feb 24 12:05:16 2006 +0200 @@ -9,11 +9,14 @@ #include "md5.h" #include "randgen.h" #include "str.h" +#include "str-sanitize.h" #include "mech.h" #include "passdb.h" #include <stdlib.h> +#define MAX_REALM_LEN 64 + /* Linear whitespace */ #define IS_LWS(c) ((c) == ' ' || (c) == '\t') @@ -86,9 +89,13 @@ str = t_str_new(256); - for (tmp = auth->auth_realms; *tmp != NULL; tmp++) { - str_printfa(str, "realm=\"%s\"", *tmp); - str_append_c(str, ','); + if (*auth->auth_realms == NULL) { + /* If no realms are given, at least Cyrus SASL client defaults + to destination host name */ + str_append(str, "realm=\"\","); + } else { + for (tmp = auth->auth_realms; *tmp != NULL; tmp++) + str_printfa(str, "realm=\"%s\",", *tmp); } str_printfa(str, "nonce=\"%s\",", request->nonce); @@ -232,7 +239,7 @@ tmp = request->auth_request.auth->auth_realms; for (; *tmp != NULL; tmp++) { - if (strcasecmp(realm, *tmp) == 0) + if (strcmp(realm, *tmp) == 0) return TRUE; } @@ -295,13 +302,14 @@ static bool auth_handle_response(struct digest_auth_request *request, char *key, char *value, const char **error) { - int i; + unsigned int i; str_lcase(key); if (strcmp(key, "realm") == 0) { if (!verify_realm(request, value)) { - *error = "Invalid realm"; + *error = t_strdup_printf("Invalid realm: %s", + str_sanitize(value, MAX_REALM_LEN)); return FALSE; } if (request->realm == NULL && *value != '\0') @@ -472,8 +480,6 @@ authzid="authzid-value" */ - t_push(); - *error = NULL; failed = FALSE; @@ -508,8 +514,6 @@ if (request->qop_value == NULL) request->qop_value = p_strdup(request->pool, "auth"); - t_pop(); - return !failed; }