[dovecot-cvs] dovecot/src/auth auth-request.c, 1.58.2.14, 1.58.2.15 password-scheme.c, 1.21.2.3, 1.21.2.4

tss at dovecot.org tss at dovecot.org
Sun Dec 3 19:23:33 UTC 2006


Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv16975

Modified Files:
      Tag: branch_1_0
	auth-request.c password-scheme.c 
Log Message:
Don't crash if plain-md5, plain-md4 or sha1 password is invalid and we're
not using digest-md5 authentication..



Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.58.2.14
retrieving revision 1.58.2.15
diff -u -d -r1.58.2.14 -r1.58.2.15
--- auth-request.c	18 Nov 2006 22:02:57 -0000	1.58.2.14
+++ auth-request.c	3 Dec 2006 19:23:31 -0000	1.58.2.15
@@ -878,8 +878,12 @@
 		return 0;
 	}
 
+	/* If original_username is set, use it. It may be important for some
+	   password schemes (eg. digest-md5). Otherwise the username is used
+	   only for logging purposes. */
 	ret = password_verify(plain_password, crypted_password, scheme,
-			      request->original_username);
+			      request->original_username != NULL ?
+			      request->original_username : request->user);
 	if (ret < 0) {
 		auth_request_log_error(request, subsystem,
 				       "Unknown password scheme %s", scheme);

Index: password-scheme.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme.c,v
retrieving revision 1.21.2.3
retrieving revision 1.21.2.4
diff -u -d -r1.21.2.3 -r1.21.2.4
--- password-scheme.c	8 Oct 2006 23:18:16 -0000	1.21.2.3
+++ password-scheme.c	3 Dec 2006 19:23:31 -0000	1.21.2.4
@@ -180,7 +180,7 @@
 }
 
 static bool sha1_verify(const char *plaintext, const char *password,
-			const char *user __attr_unused__)
+			const char *user)
 {
 	unsigned char sha1_digest[SHA1_RESULTLEN];
 	const char *data;
@@ -361,7 +361,7 @@
 }
 
 static bool plain_md4_verify(const char *plaintext, const char *password,
-			     const char *user __attr_unused__)
+			     const char *user)
 {
 	unsigned char digest[MD4_RESULTLEN];
 	const void *data;
@@ -387,7 +387,7 @@
 }
 
 static bool plain_md5_verify(const char *plaintext, const char *password,
-			     const char *user __attr_unused__)
+			     const char *user)
 {
 	unsigned char digest[MD5_RESULTLEN];
 	const void *data;



More information about the dovecot-cvs mailing list