dovecot-2.1: auth: If client gives "final-resp-ok" parameter, se...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Nov 24 00:53:50 EET 2011
details: http://hg.dovecot.org/dovecot-2.1/rev/f2608c3a64ee
changeset: 13765:f2608c3a64ee
user: Timo Sirainen <tss at iki.fi>
date: Thu Nov 24 00:51:27 2011 +0200
description:
auth: If client gives "final-resp-ok" parameter, send it in OK reply with DIGEST-MD5, SCRAM-SHA-1
diffstat:
src/auth/auth-request.c | 16 +++++++++++++++-
src/auth/auth-request.h | 1 +
src/auth/mech-digest-md5.c | 14 ++------------
src/auth/mech-scram-sha1.c | 14 ++------------
4 files changed, 20 insertions(+), 25 deletions(-)
diffs (129 lines):
diff -r 34b3655ca484 -r f2608c3a64ee src/auth/auth-request.c
--- a/src/auth/auth-request.c Wed Nov 23 22:55:57 2011 +0200
+++ b/src/auth/auth-request.c Thu Nov 24 00:51:27 2011 +0200
@@ -111,8 +111,15 @@
return;
}
+ request->successful = TRUE;
+ if (data_size > 0 && !request->final_resp_ok) {
+ /* we'll need one more SASL round, since client doesn't support
+ the final SASL response */
+ auth_request_handler_reply_continue(request, data, data_size);
+ return;
+ }
+
auth_request_set_state(request, AUTH_REQUEST_STATE_FINISHED);
- request->successful = TRUE;
auth_request_refresh_last_access(request);
auth_request_handler_reply(request, AUTH_CLIENT_RESULT_SUCCESS,
data, data_size);
@@ -235,6 +242,8 @@
/* auth client may set these */
if (strcmp(key, "secured") == 0)
request->secured = TRUE;
+ else if (strcmp(key, "final-resp-ok") == 0)
+ request->final_resp_ok = TRUE;
else if (strcmp(key, "no-penalty") == 0)
request->no_penalty = TRUE;
else if (strcmp(key, "valid-client-cert") == 0)
@@ -296,6 +305,11 @@
{
i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
+ if (request->successful) {
+ auth_request_success(request, NULL, 0);
+ return;
+ }
+
auth_request_refresh_last_access(request);
request->mech->auth_continue(request, data, data_size);
}
diff -r 34b3655ca484 -r f2608c3a64ee src/auth/auth-request.h
--- a/src/auth/auth-request.h Wed Nov 23 22:55:57 2011 +0200
+++ b/src/auth/auth-request.h Thu Nov 24 00:51:27 2011 +0200
@@ -111,6 +111,7 @@
unsigned int userdb_lookup:1;
unsigned int userdb_lookup_failed:1;
unsigned int secured:1;
+ unsigned int final_resp_ok:1;
unsigned int removed_from_handler:1;
/* ... mechanism specific data ... */
diff -r 34b3655ca484 -r f2608c3a64ee src/auth/mech-digest-md5.c
--- a/src/auth/mech-digest-md5.c Wed Nov 23 22:55:57 2011 +0200
+++ b/src/auth/mech-digest-md5.c Thu Nov 24 00:51:27 2011 +0200
@@ -34,7 +34,6 @@
struct auth_request auth_request;
pool_t pool;
- unsigned int authenticated:1;
/* requested: */
char *nonce;
@@ -505,10 +504,8 @@
return;
}
- request->authenticated = TRUE;
- auth_request_handler_reply_continue(auth_request,
- request->rspauth,
- strlen(request->rspauth));
+ auth_request_success(auth_request, request->rspauth,
+ strlen(request->rspauth));
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
auth_request_internal_failure(auth_request);
@@ -527,13 +524,6 @@
(struct digest_auth_request *)auth_request;
const char *username, *error;
- if (request->authenticated) {
- /* authentication is done, we were just waiting the last
- word from client */
- auth_request_success(auth_request, NULL, 0);
- return;
- }
-
if (parse_digest_response(request, data, data_size, &error)) {
if (auth_request->realm != NULL &&
strchr(request->username, '@') == NULL) {
diff -r 34b3655ca484 -r f2608c3a64ee src/auth/mech-scram-sha1.c
--- a/src/auth/mech-scram-sha1.c Wed Nov 23 22:55:57 2011 +0200
+++ b/src/auth/mech-scram-sha1.c Thu Nov 24 00:51:27 2011 +0200
@@ -25,7 +25,6 @@
struct auth_request auth_request;
pool_t pool;
- unsigned int authenticated:1;
/* sent: */
const char *server_first_message;
@@ -265,11 +264,9 @@
"password mismatch");
auth_request_fail(auth_request);
} else {
- request->authenticated = TRUE;
server_final_message = get_scram_server_final(request);
- auth_request_handler_reply_continue(auth_request,
- server_final_message,
- strlen(server_final_message));
+ auth_request_success(auth_request, server_final_message,
+ strlen(server_final_message));
}
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
@@ -348,13 +345,6 @@
(struct scram_auth_request *)auth_request;
const char *error = NULL;
- if (request->authenticated) {
- /* authentication is done, we were just waiting the last (empty)
- client response */
- auth_request_success(auth_request, NULL, 0);
- return;
- }
-
if (!request->client_first_message_bare) {
/* Received client-first-message */
if (parse_scram_client_first(request, data,
More information about the dovecot-cvs
mailing list