[dovecot-cvs] dovecot/src/auth auth-request.c, 1.58.2.14, 1.58.2.15 password-scheme.c, 1.21.2.3, 1.21.2.4
tss at dovecot.org
tss at dovecot.org
Sun Dec 3 19:23:33 UTC 2006
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv16975
Modified Files:
Tag: branch_1_0
auth-request.c password-scheme.c
Log Message:
Don't crash if plain-md5, plain-md4 or sha1 password is invalid and we're
not using digest-md5 authentication..
Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.58.2.14
retrieving revision 1.58.2.15
diff -u -d -r1.58.2.14 -r1.58.2.15
--- auth-request.c 18 Nov 2006 22:02:57 -0000 1.58.2.14
+++ auth-request.c 3 Dec 2006 19:23:31 -0000 1.58.2.15
@@ -878,8 +878,12 @@
return 0;
}
+ /* If original_username is set, use it. It may be important for some
+ password schemes (eg. digest-md5). Otherwise the username is used
+ only for logging purposes. */
ret = password_verify(plain_password, crypted_password, scheme,
- request->original_username);
+ request->original_username != NULL ?
+ request->original_username : request->user);
if (ret < 0) {
auth_request_log_error(request, subsystem,
"Unknown password scheme %s", scheme);
Index: password-scheme.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme.c,v
retrieving revision 1.21.2.3
retrieving revision 1.21.2.4
diff -u -d -r1.21.2.3 -r1.21.2.4
--- password-scheme.c 8 Oct 2006 23:18:16 -0000 1.21.2.3
+++ password-scheme.c 3 Dec 2006 19:23:31 -0000 1.21.2.4
@@ -180,7 +180,7 @@
}
static bool sha1_verify(const char *plaintext, const char *password,
- const char *user __attr_unused__)
+ const char *user)
{
unsigned char sha1_digest[SHA1_RESULTLEN];
const char *data;
@@ -361,7 +361,7 @@
}
static bool plain_md4_verify(const char *plaintext, const char *password,
- const char *user __attr_unused__)
+ const char *user)
{
unsigned char digest[MD4_RESULTLEN];
const void *data;
@@ -387,7 +387,7 @@
}
static bool plain_md5_verify(const char *plaintext, const char *password,
- const char *user __attr_unused__)
+ const char *user)
{
unsigned char digest[MD5_RESULTLEN];
const void *data;
More information about the dovecot-cvs
mailing list