Mercurial > dovecot > core-2.2
changeset 13765:f2608c3a64ee
auth: If client gives "final-resp-ok" parameter, send it in OK reply with DIGEST-MD5, SCRAM-SHA-1
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 24 Nov 2011 00:51:27 +0200 |
parents | 34b3655ca484 |
children | a19fb078a259 |
files | src/auth/auth-request.c src/auth/auth-request.h src/auth/mech-digest-md5.c src/auth/mech-scram-sha1.c |
diffstat | 4 files changed, 20 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request.c Wed Nov 23 22:55:57 2011 +0200 +++ b/src/auth/auth-request.c Thu Nov 24 00:51:27 2011 +0200 @@ -111,8 +111,15 @@ return; } + request->successful = TRUE; + if (data_size > 0 && !request->final_resp_ok) { + /* we'll need one more SASL round, since client doesn't support + the final SASL response */ + auth_request_handler_reply_continue(request, data, data_size); + return; + } + auth_request_set_state(request, AUTH_REQUEST_STATE_FINISHED); - request->successful = TRUE; auth_request_refresh_last_access(request); auth_request_handler_reply(request, AUTH_CLIENT_RESULT_SUCCESS, data, data_size); @@ -235,6 +242,8 @@ /* auth client may set these */ if (strcmp(key, "secured") == 0) request->secured = TRUE; + else if (strcmp(key, "final-resp-ok") == 0) + request->final_resp_ok = TRUE; else if (strcmp(key, "no-penalty") == 0) request->no_penalty = TRUE; else if (strcmp(key, "valid-client-cert") == 0) @@ -296,6 +305,11 @@ { i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE); + if (request->successful) { + auth_request_success(request, NULL, 0); + return; + } + auth_request_refresh_last_access(request); request->mech->auth_continue(request, data, data_size); }
--- a/src/auth/auth-request.h Wed Nov 23 22:55:57 2011 +0200 +++ b/src/auth/auth-request.h Thu Nov 24 00:51:27 2011 +0200 @@ -111,6 +111,7 @@ unsigned int userdb_lookup:1; unsigned int userdb_lookup_failed:1; unsigned int secured:1; + unsigned int final_resp_ok:1; unsigned int removed_from_handler:1; /* ... mechanism specific data ... */
--- a/src/auth/mech-digest-md5.c Wed Nov 23 22:55:57 2011 +0200 +++ b/src/auth/mech-digest-md5.c Thu Nov 24 00:51:27 2011 +0200 @@ -34,7 +34,6 @@ struct auth_request auth_request; pool_t pool; - unsigned int authenticated:1; /* requested: */ char *nonce; @@ -505,10 +504,8 @@ return; } - request->authenticated = TRUE; - auth_request_handler_reply_continue(auth_request, - request->rspauth, - strlen(request->rspauth)); + auth_request_success(auth_request, request->rspauth, + strlen(request->rspauth)); break; case PASSDB_RESULT_INTERNAL_FAILURE: auth_request_internal_failure(auth_request); @@ -527,13 +524,6 @@ (struct digest_auth_request *)auth_request; const char *username, *error; - if (request->authenticated) { - /* authentication is done, we were just waiting the last - word from client */ - auth_request_success(auth_request, NULL, 0); - return; - } - if (parse_digest_response(request, data, data_size, &error)) { if (auth_request->realm != NULL && strchr(request->username, '@') == NULL) {
--- a/src/auth/mech-scram-sha1.c Wed Nov 23 22:55:57 2011 +0200 +++ b/src/auth/mech-scram-sha1.c Thu Nov 24 00:51:27 2011 +0200 @@ -25,7 +25,6 @@ struct auth_request auth_request; pool_t pool; - unsigned int authenticated:1; /* sent: */ const char *server_first_message; @@ -265,11 +264,9 @@ "password mismatch"); auth_request_fail(auth_request); } else { - request->authenticated = TRUE; server_final_message = get_scram_server_final(request); - auth_request_handler_reply_continue(auth_request, - server_final_message, - strlen(server_final_message)); + auth_request_success(auth_request, server_final_message, + strlen(server_final_message)); } break; case PASSDB_RESULT_INTERNAL_FAILURE: @@ -348,13 +345,6 @@ (struct scram_auth_request *)auth_request; const char *error = NULL; - if (request->authenticated) { - /* authentication is done, we were just waiting the last (empty) - client response */ - auth_request_success(auth_request, NULL, 0); - return; - } - if (!request->client_first_message_bare) { /* Received client-first-message */ if (parse_scram_client_first(request, data,