--- a/src/auth/mech-digest-md5.c	Thu Feb 23 20:25:44 2006 +0200
+++ b/src/auth/mech-digest-md5.c	Fri Feb 24 12:05:16 2006 +0200
@@ -9,11 +9,14 @@
 #include "md5.h"
 #include "randgen.h"
 #include "str.h"
+#include "str-sanitize.h"
 #include "mech.h"
 #include "passdb.h"
 
 #include <stdlib.h>
 
+#define MAX_REALM_LEN 64
+
 /* Linear whitespace */
 #define IS_LWS(c) ((c) == ' ' || (c) == '\t')
 
@@ -86,9 +89,13 @@
 
 	str = t_str_new(256);
 
-	for (tmp = auth->auth_realms; *tmp != NULL; tmp++) {
-		str_printfa(str, "realm=\"%s\"", *tmp);
-		str_append_c(str, ',');
+	if (*auth->auth_realms == NULL) {
+		/* If no realms are given, at least Cyrus SASL client defaults
+		   to destination host name */
+		str_append(str, "realm=\"\",");
+	} else {
+		for (tmp = auth->auth_realms; *tmp != NULL; tmp++)
+			str_printfa(str, "realm=\"%s\",", *tmp);
 	}
 
 	str_printfa(str, "nonce=\"%s\",", request->nonce);
@@ -232,7 +239,7 @@
 
         tmp = request->auth_request.auth->auth_realms;
 	for (; *tmp != NULL; tmp++) {
-		if (strcasecmp(realm, *tmp) == 0)
+		if (strcmp(realm, *tmp) == 0)
 			return TRUE;
 	}
 
@@ -295,13 +302,14 @@
 static bool auth_handle_response(struct digest_auth_request *request,
 				 char *key, char *value, const char **error)
 {
-	int i;
+	unsigned int i;
 
 	str_lcase(key);
 
 	if (strcmp(key, "realm") == 0) {
 		if (!verify_realm(request, value)) {
-			*error = "Invalid realm";
+			*error = t_strdup_printf("Invalid realm: %s",
+					str_sanitize(value, MAX_REALM_LEN));
 			return FALSE;
 		}
 		if (request->realm == NULL && *value != '\0')
@@ -472,8 +480,6 @@
 	   authzid="authzid-value"
 	*/
 
-	t_push();
-
 	*error = NULL;
 	failed = FALSE;
 
@@ -508,8 +514,6 @@
 	if (request->qop_value == NULL)
 		request->qop_value = p_strdup(request->pool, "auth");
 
-	t_pop();
-
 	return !failed;
 }