dovecot-2.1: auth: DIGEST-MD5 supports authorization id now.

Tue Jan 17 17:20:12 EET 2012

details:   http://hg.dovecot.org/dovecot-2.1/rev/c9c271502b32
changeset: 13939:c9c271502b32
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Jan 17 17:20:07 2012 +0200
description:
auth: DIGEST-MD5 supports authorization id now.
Patch by Yubao Liu.

diffstat:

 src/auth/mech-digest-md5.c |  32 ++++++++++++++++++++++++++++----
 1 files changed, 28 insertions(+), 4 deletions(-)

diffs (70 lines):

diff -r 387707dc020e -r c9c271502b32 src/auth/mech-digest-md5.c

--- a/src/auth/mech-digest-md5.c	Tue Jan 17 17:17:24 2012 +0200
+++ b/src/auth/mech-digest-md5.c	Tue Jan 17 17:20:07 2012 +0200
@@ -45,6 +45,7 @@
 	char *nonce_count;
 	char *qop_value;
 	char *digest_uri; /* may be NULL */
+	char *authzid; /* may be NULL, authorization ID */
 	unsigned char response[32];
 	unsigned long maxbuf;
 	unsigned int nonce_found:1;
@@ -132,7 +133,12 @@
 		     { nonce-value, ":" nc-value, ":",
 		       cnonce-value, ":", qop-value, ":", HEX(H(A2)) }))
 
-	   and since we don't support authzid yet:
+	   and if authzid is not empty:
+
+	   A1 = { H( { username-value, ":", realm-value, ":", passwd } ),
+		":", nonce-value, ":", cnonce-value, ":", authzid }
+
+	   else:
 
 	   A1 = { H( { username-value, ":", realm-value, ":", passwd } ),
 		":", nonce-value, ":", cnonce-value }
@@ -154,6 +160,10 @@
 	md5_update(&ctx, request->nonce, strlen(request->nonce));
 	md5_update(&ctx, ":", 1);
 	md5_update(&ctx, request->cnonce, strlen(request->cnonce));
+	if (request->authzid != NULL) {
+		md5_update(&ctx, ":", 1);
+		md5_update(&ctx, request->authzid, strlen(request->authzid));
+	}
 	md5_final(&ctx, digest);
 	a1_hex = binary_to_hex(digest, 16);
 
@@ -416,8 +426,18 @@
 	}
 
 	if (strcmp(key, "authzid") == 0) {
-		/* not supported, abort */
-		return FALSE;
+		if (request->authzid != NULL) {
+		    *error = "authzid must not exist more than once";
+		    return FALSE;
+		}
+
+		if (*value == '\0') {
+		    *error = "empty authzid";
+		    return FALSE;
+		}
+
+		request->authzid = p_strdup(request->pool, value);
+		return TRUE;
 	}
 
 	/* unknown key, ignore */
@@ -534,7 +554,11 @@
 			username = request->username;
 		}
 
-		if (auth_request_set_username(auth_request, username, &error)) {
+		if (auth_request_set_username(auth_request, username, &error) &&
+				(request->authzid == NULL ||
+				 auth_request_set_login_username(auth_request,
+								 request->authzid,
+								 &error))) {
 			auth_request_lookup_credentials(auth_request,
 					"DIGEST-MD5", credentials_callback);
 			return;
