Mercurial > dovecot > original-hg > dovecot-1.2
changeset 3228:e2d7f1db71e3 HEAD
Proper realm support for RPA. Now RPA will use auth_realms and
auth_default_realm configuration parameters instead of my_hostname variable.
Patch by Andrey Panin.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 25 Mar 2005 00:37:44 +0200 |
parents | ce26413ea766 |
children | bb7282d1e2da |
files | src/auth/mech-rpa.c |
diffstat | 1 files changed, 48 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/mech-rpa.c Fri Mar 25 00:35:37 2005 +0200 +++ b/src/auth/mech-rpa.c Fri Mar 25 00:37:44 2005 +0200 @@ -239,6 +239,25 @@ } static int +rpa_verify_realm(struct rpa_auth_request *request, const char *realm) +{ + const char *default_realm; + const char *const *tmp; + + tmp = request->auth_request.auth->auth_realms; + for (; *tmp != NULL; tmp++) { + if (strcasecmp(realm, *tmp) == 0) + return TRUE; + } + + default_realm = request->auth_request.auth->default_realm != NULL ? + request->auth_request.auth->default_realm : + my_hostname; + + return strcasecmp(realm, default_realm) == 0 ? TRUE : FALSE; +} + +static int rpa_parse_token3(struct rpa_auth_request *request, const void *data, size_t data_size, const char **error) { @@ -267,7 +286,7 @@ user = t_strndup(p, len); realm = strrchr(user, '@'); - if ((realm == NULL) || (strcmp(realm + 1, my_hostname) != 0)) { + if ((realm == NULL) || !rpa_verify_realm(request, realm + 1)) { *error = "invalid realm"; return FALSE; } @@ -320,16 +339,37 @@ } } +static void +rpa_add_realm(string_t *realms, const char *realm, const char *service) +{ + str_append(realms, service); + str_append_c(realms, '@'); + str_append(realms, realm); + str_append_c(realms, ' '); +} + static const unsigned char * -mech_rpa_build_token2(struct rpa_auth_request *request, - const char *realms, size_t *size) +mech_rpa_build_token2(struct rpa_auth_request *request, size_t *size) { - unsigned int realms_len; - unsigned int length; + struct auth *auth = request->auth_request.auth; + unsigned int realms_len, length; + string_t *realms; buffer_t *buf; unsigned char timestamp[RPA_TIMESTAMP_LEN / 2]; + const char *const *tmp; - realms_len = strlen(realms); + realms = t_str_new(64); + for (tmp = auth->auth_realms; *tmp != NULL; tmp++) { + rpa_add_realm(realms, *tmp, request->auth_request.service); + } + + if (str_len(realms) == 0) { + rpa_add_realm(realms, auth->default_realm != NULL ? + auth->default_realm : my_hostname, + request->auth_request.service); + } + + realms_len = str_len(realms) - 1; length = sizeof(rpa_oid) + 3 + RPA_SCHALLENGE_LEN + RPA_TIMESTAMP_LEN + 2 + realms_len; @@ -361,7 +401,7 @@ /* Realm list */ buffer_append_c(buf, realms_len >> 8); buffer_append_c(buf, realms_len & 0xff); - buffer_append(buf, realms, realms_len); + buffer_append(buf, str_c(realms), realms_len); *size = buffer_get_used_size(buf); return buffer_free_without_data(buf); @@ -462,8 +502,7 @@ service = t_str_lcase(auth_request->service); - token2 = mech_rpa_build_token2(request, t_strconcat(service, "@", - my_hostname, NULL), &token2_size); + token2 = mech_rpa_build_token2(request, &token2_size); request->service_ucs2be = ucs2be_str(request->pool, service, &request->service_len);