dovecot-2.1: auth: DIGEST-MD5 supports authorization id now.
dovecot at dovecot.org
dovecot at dovecot.org
Tue Jan 17 17:20:12 EET 2012
details: http://hg.dovecot.org/dovecot-2.1/rev/c9c271502b32
changeset: 13939:c9c271502b32
user: Timo Sirainen <tss at iki.fi>
date: Tue Jan 17 17:20:07 2012 +0200
description:
auth: DIGEST-MD5 supports authorization id now.
Patch by Yubao Liu.
diffstat:
src/auth/mech-digest-md5.c | 32 ++++++++++++++++++++++++++++----
1 files changed, 28 insertions(+), 4 deletions(-)
diffs (70 lines):
diff -r 387707dc020e -r c9c271502b32 src/auth/mech-digest-md5.c
--- a/src/auth/mech-digest-md5.c Tue Jan 17 17:17:24 2012 +0200
+++ b/src/auth/mech-digest-md5.c Tue Jan 17 17:20:07 2012 +0200
@@ -45,6 +45,7 @@
char *nonce_count;
char *qop_value;
char *digest_uri; /* may be NULL */
+ char *authzid; /* may be NULL, authorization ID */
unsigned char response[32];
unsigned long maxbuf;
unsigned int nonce_found:1;
@@ -132,7 +133,12 @@
{ nonce-value, ":" nc-value, ":",
cnonce-value, ":", qop-value, ":", HEX(H(A2)) }))
- and since we don't support authzid yet:
+ and if authzid is not empty:
+
+ A1 = { H( { username-value, ":", realm-value, ":", passwd } ),
+ ":", nonce-value, ":", cnonce-value, ":", authzid }
+
+ else:
A1 = { H( { username-value, ":", realm-value, ":", passwd } ),
":", nonce-value, ":", cnonce-value }
@@ -154,6 +160,10 @@
md5_update(&ctx, request->nonce, strlen(request->nonce));
md5_update(&ctx, ":", 1);
md5_update(&ctx, request->cnonce, strlen(request->cnonce));
+ if (request->authzid != NULL) {
+ md5_update(&ctx, ":", 1);
+ md5_update(&ctx, request->authzid, strlen(request->authzid));
+ }
md5_final(&ctx, digest);
a1_hex = binary_to_hex(digest, 16);
@@ -416,8 +426,18 @@
}
if (strcmp(key, "authzid") == 0) {
- /* not supported, abort */
- return FALSE;
+ if (request->authzid != NULL) {
+ *error = "authzid must not exist more than once";
+ return FALSE;
+ }
+
+ if (*value == '\0') {
+ *error = "empty authzid";
+ return FALSE;
+ }
+
+ request->authzid = p_strdup(request->pool, value);
+ return TRUE;
}
/* unknown key, ignore */
@@ -534,7 +554,11 @@
username = request->username;
}
- if (auth_request_set_username(auth_request, username, &error)) {
+ if (auth_request_set_username(auth_request, username, &error) &&
+ (request->authzid == NULL ||
+ auth_request_set_login_username(auth_request,
+ request->authzid,
+ &error))) {
auth_request_lookup_credentials(auth_request,
"DIGEST-MD5", credentials_callback);
return;
More information about the dovecot-cvs
mailing list