Mercurial > dovecot > original-hg > dovecot-1.2
changeset 9353:3c171f5eee8d HEAD
auth: digest-md5, rpa mechanisms no longer require the realm to be listed in auth_realms.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 01 Sep 2009 12:21:14 -0400 |
parents | 8bf54859b19b |
children | 687ac828b964 |
files | src/auth/mech-digest-md5.c src/auth/mech-rpa.c |
diffstat | 2 files changed, 2 insertions(+), 42 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/mech-digest-md5.c Mon Aug 31 19:44:39 2009 -0400 +++ b/src/auth/mech-digest-md5.c Tue Sep 01 12:21:14 2009 -0400 @@ -217,22 +217,6 @@ return TRUE; } -static bool verify_realm(struct digest_auth_request *request, const char *realm) -{ - char *const *tmp; - - if (*realm == '\0') - return TRUE; - - tmp = request->auth_request.auth->auth_realms; - for (; *tmp != NULL; tmp++) { - if (strcmp(realm, *tmp) == 0) - return TRUE; - } - - return FALSE; -} - static bool parse_next(char **data, char **key, char **value) { /* @UNSAFE */ @@ -294,11 +278,6 @@ str_lcase(key); if (strcmp(key, "realm") == 0) { - if (!verify_realm(request, value)) { - *error = t_strdup_printf("Invalid realm: %s", - str_sanitize(value, MAX_REALM_LEN)); - return FALSE; - } if (request->auth_request.realm == NULL && *value != '\0') request->auth_request.realm = p_strdup(request->pool, value);
--- a/src/auth/mech-rpa.c Mon Aug 31 19:44:39 2009 -0400 +++ b/src/auth/mech-rpa.c Tue Sep 01 12:21:14 2009 -0400 @@ -236,25 +236,6 @@ } static bool -rpa_verify_realm(struct rpa_auth_request *request, const char *realm) -{ - const char *default_realm; - char *const *tmp; - - tmp = request->auth_request.auth->auth_realms; - for (; *tmp != NULL; tmp++) { - if (strcasecmp(realm, *tmp) == 0) - return TRUE; - } - - default_realm = request->auth_request.auth->default_realm != NULL ? - request->auth_request.auth->default_realm : - my_hostname; - - return strcasecmp(realm, default_realm) == 0; -} - -static bool rpa_parse_token3(struct rpa_auth_request *request, const void *data, size_t data_size, const char **error) { @@ -283,8 +264,8 @@ user = t_strndup(p, len); realm = strrchr(user, '@'); - if ((realm == NULL) || !rpa_verify_realm(request, realm + 1)) { - *error = "invalid realm"; + if (realm == NULL) { + *error = "missing realm"; return FALSE; } user = t_strdup_until(user, realm++);