[dovecot-cvs] dovecot/src/auth mech-rpa.c,1.16,1.17
cras at dovecot.org
cras at dovecot.org
Wed Feb 9 22:12:32 EET 2005
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv28387
Modified Files:
mech-rpa.c
Log Message:
Realm fixes. Patch by Andrey Panin
Index: mech-rpa.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-rpa.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- mech-rpa.c 8 Jan 2005 21:37:32 -0000 1.16
+++ mech-rpa.c 9 Feb 2005 20:12:29 -0000 1.17
@@ -246,7 +246,7 @@
const unsigned char *end = ((unsigned char *)data) + data_size;
const unsigned char *p;
unsigned int len;
- const char *user;
+ const char *user, *realm;
p = rpa_check_message(data, end, error);
if (p == NULL)
@@ -265,7 +265,13 @@
}
p += 2;
- user = t_strcut(t_strndup(p, len), '@');
+ user = t_strndup(p, len);
+ realm = strrchr(user, '@');
+ if ((realm == NULL) || (strcmp(realm + 1, my_hostname) != 0)) {
+ *error = "invalid realm";
+ return FALSE;
+ }
+ user = t_strdup_until(user, realm++);
p += len;
if (!auth_request_set_username(auth_request, user, error))
@@ -273,6 +279,8 @@
request->username_ucs2be = ucs2be_str(request->pool, auth_request->user,
&request->username_len);
+ request->realm_ucs2be = ucs2be_str(request->pool, realm,
+ &request->realm_len);
/* Read user challenge */
request->user_challenge_len = rpa_read_buffer(request->pool, &p, end,
@@ -459,8 +467,6 @@
request->service_ucs2be = ucs2be_str(request->pool, service,
&request->service_len);
- request->realm_ucs2be = ucs2be_str(request->pool, my_hostname,
- &request->realm_len);
auth_request->callback(auth_request, AUTH_CLIENT_RESULT_CONTINUE,
token2, token2_size);
@@ -566,7 +572,8 @@
const struct mech_module mech_rpa = {
"RPA",
- MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
+ MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE |
+ MECH_SEC_MUTUAL_AUTH,
MEMBER(passdb_need_plain) FALSE,
MEMBER(passdb_need_credentials) TRUE,
More information about the dovecot-cvs
mailing list