Mercurial > dovecot > original-hg > dovecot-1.2
changeset 1879:6d37e8554dbb HEAD
cram-md5 updates.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 11 Nov 2003 11:59:27 +0200 |
parents | 435e7fc5093f |
children | fe922b90ef08 |
files | doc/auth.txt dovecot-example.conf src/auth/mech-cram-md5.c src/auth/passdb.c src/auth/password-scheme-cram-md5.c src/auth/password-scheme.c |
diffstat | 6 files changed, 15 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/doc/auth.txt Mon Nov 10 23:57:29 2003 +0200 +++ b/doc/auth.txt Tue Nov 11 11:59:27 2003 +0200 @@ -8,6 +8,8 @@ - DIGEST-MD5: Should be quite secure by itself. It also supports integrity protecting and crypting the rest of the communication, but we don't support those yet. + - CRAM-MD5: Protects the secret in transit from eavesdroppers. Doesn't + provide any integrity guarantees. - ANONYMOUS: No authentication required. User will be logged in as the user specified by auth_anonymous_username setting (default "anonymous"). There's no special restrictions given for anonymous users so you have to make sure @@ -46,6 +48,7 @@ - PLAIN: Although not that good idea, it enables support for all current and future authentication mechanisms. + - HMAC-MD5: HMAC-MD5 context of password, for the CRAM-MD5 mechanism. - DIGEST-MD5: MD5 sum of "user:realm:password", as required by DIGEST-MD5 mechanism.
--- a/dovecot-example.conf Mon Nov 10 23:57:29 2003 +0200 +++ b/dovecot-example.conf Tue Nov 11 11:59:27 2003 +0200 @@ -386,7 +386,7 @@ auth default { # Space separated list of wanted authentication mechanisms: - # plain digest-md5 anonymous + # plain digest-md5 cram-md5 anonymous mechanisms = plain # Where user database is kept:
--- a/src/auth/mech-cram-md5.c Mon Nov 10 23:57:29 2003 +0200 +++ b/src/auth/mech-cram-md5.c Tue Nov 11 11:59:27 2003 +0200 @@ -32,7 +32,7 @@ static const char *get_cram_challenge(void) { - char buf[17]; + unsigned char buf[17]; size_t i; hostpid_init(); @@ -42,8 +42,8 @@ buf[i] = (buf[i] % 10) + '0'; buf[sizeof(buf)-1] = '\0'; - return t_strdup_printf("%s.%s@%s", buf, dec2str(ioloop_time), - my_hostname); + return t_strdup_printf("<%s.%s@%s>", (const char *) buf, + dec2str(ioloop_time), my_hostname); } static int verify_credentials(struct cram_auth_request *auth,
--- a/src/auth/passdb.c Mon Nov 10 23:57:29 2003 +0200 +++ b/src/auth/passdb.c Tue Nov 11 11:59:27 2003 +0200 @@ -25,7 +25,7 @@ case PASSDB_CREDENTIALS_CRYPT: return "CRYPT"; case PASSDB_CREDENTIALS_CRAM_MD5: - return "CRAM-MD5"; + return "HMAC-MD5"; case PASSDB_CREDENTIALS_DIGEST_MD5: return "DIGEST-MD5"; }
--- a/src/auth/password-scheme-cram-md5.c Mon Nov 10 23:57:29 2003 +0200 +++ b/src/auth/password-scheme-cram-md5.c Tue Nov 11 11:59:27 2003 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2003 Timo Sirainen */ +/* Copyright (C) 2003 Timo Sirainen / Joshua Goodall */ #include "lib.h" #include "md5.h"
--- a/src/auth/password-scheme.c Mon Nov 10 23:57:29 2003 +0200 +++ b/src/auth/password-scheme.c Tue Nov 11 11:59:27 2003 +0200 @@ -30,6 +30,11 @@ if (strcasecmp(scheme, "PLAIN") == 0) return strcmp(password, plaintext) == 0; + if (strcasecmp(scheme, "HMAC-MD5") == 0) { + str = password_generate_cram_md5(plaintext); + return strcmp(str, password) == 0; + } + if (strcasecmp(scheme, "DIGEST-MD5") == 0) { /* user:realm:passwd */ realm = strchr(user, '@'); @@ -110,7 +115,7 @@ if (strcasecmp(scheme, "PLAIN") == 0) return plaintext; - if (strcasecmp(scheme, "CRAM-MD5") == 0) + if (strcasecmp(scheme, "HMAC-MD5") == 0) return password_generate_cram_md5(plaintext); if (strcasecmp(scheme, "DIGEST-MD5") == 0) {