Mercurial > dovecot > original-hg > dovecot-1.2

changeset 1879:6d37e8554dbb HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cram-md5 updates.
author Timo Sirainen <tss@iki.fi>
date Tue, 11 Nov 2003 11:59:27 +0200
parents 435e7fc5093f
children fe922b90ef08
files doc/auth.txt dovecot-example.conf src/auth/mech-cram-md5.c src/auth/passdb.c src/auth/password-scheme-cram-md5.c src/auth/password-scheme.c
diffstat 6 files changed, 15 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/doc/auth.txt	Mon Nov 10 23:57:29 2003 +0200
+++ b/doc/auth.txt	Tue Nov 11 11:59:27 2003 +0200
@@ -8,6 +8,8 @@
  - DIGEST-MD5: Should be quite secure by itself. It also supports
    integrity protecting and crypting the rest of the communication, but
    we don't support those yet.
+ - CRAM-MD5: Protects the secret in transit from eavesdroppers.  Doesn't
+   provide any integrity guarantees.
  - ANONYMOUS: No authentication required. User will be logged in as the user
    specified by auth_anonymous_username setting (default "anonymous"). There's
    no special restrictions given for anonymous users so you have to make sure
@@ -46,6 +48,7 @@
 
  - PLAIN: Although not that good idea, it enables support for all current
    and future authentication mechanisms.
+ - HMAC-MD5: HMAC-MD5 context of password, for the CRAM-MD5 mechanism.
  - DIGEST-MD5: MD5 sum of "user:realm:password", as required by DIGEST-MD5
    mechanism.
 
--- a/dovecot-example.conf	Mon Nov 10 23:57:29 2003 +0200
+++ b/dovecot-example.conf	Tue Nov 11 11:59:27 2003 +0200
@@ -386,7 +386,7 @@
 
 auth default {
   # Space separated list of wanted authentication mechanisms:
-  #   plain digest-md5 anonymous
+  #   plain digest-md5 cram-md5 anonymous
   mechanisms = plain
 
   # Where user database is kept:
--- a/src/auth/mech-cram-md5.c	Mon Nov 10 23:57:29 2003 +0200
+++ b/src/auth/mech-cram-md5.c	Tue Nov 11 11:59:27 2003 +0200
@@ -32,7 +32,7 @@
 
 static const char *get_cram_challenge(void)
 {
-	char buf[17];
+	unsigned char buf[17];
 	size_t i;
 
 	hostpid_init();
@@ -42,8 +42,8 @@
 		buf[i] = (buf[i] % 10) + '0';
 	buf[sizeof(buf)-1] = '\0';
 
-	return t_strdup_printf("%s.%s@%s", buf, dec2str(ioloop_time),
-			       my_hostname);
+	return t_strdup_printf("<%s.%s@%s>", (const char *) buf,
+			       dec2str(ioloop_time), my_hostname);
 }
 
 static int verify_credentials(struct cram_auth_request *auth,
--- a/src/auth/passdb.c	Mon Nov 10 23:57:29 2003 +0200
+++ b/src/auth/passdb.c	Tue Nov 11 11:59:27 2003 +0200
@@ -25,7 +25,7 @@
 	case PASSDB_CREDENTIALS_CRYPT:
 		return "CRYPT";
 	case PASSDB_CREDENTIALS_CRAM_MD5:
-		return "CRAM-MD5";
+		return "HMAC-MD5";
 	case PASSDB_CREDENTIALS_DIGEST_MD5:
 		return "DIGEST-MD5";
 	}
--- a/src/auth/password-scheme-cram-md5.c	Mon Nov 10 23:57:29 2003 +0200
+++ b/src/auth/password-scheme-cram-md5.c	Tue Nov 11 11:59:27 2003 +0200
@@ -1,4 +1,4 @@
-/* Copyright (C) 2003 Timo Sirainen */
+/* Copyright (C) 2003 Timo Sirainen / Joshua Goodall */
 
 #include "lib.h"
 #include "md5.h"
--- a/src/auth/password-scheme.c	Mon Nov 10 23:57:29 2003 +0200
+++ b/src/auth/password-scheme.c	Tue Nov 11 11:59:27 2003 +0200
@@ -30,6 +30,11 @@
 	if (strcasecmp(scheme, "PLAIN") == 0)
 		return strcmp(password, plaintext) == 0;
 
+	if (strcasecmp(scheme, "HMAC-MD5") == 0) {
+		str = password_generate_cram_md5(plaintext);
+		return strcmp(str, password) == 0;
+	}
+
 	if (strcasecmp(scheme, "DIGEST-MD5") == 0) {
 		/* user:realm:passwd */
 		realm = strchr(user, '@');
@@ -110,7 +115,7 @@
 	if (strcasecmp(scheme, "PLAIN") == 0)
 		return plaintext;
 
-	if (strcasecmp(scheme, "CRAM-MD5") == 0)
+	if (strcasecmp(scheme, "HMAC-MD5") == 0)
 		return password_generate_cram_md5(plaintext);
 
 	if (strcasecmp(scheme, "DIGEST-MD5") == 0) {