[dovecot-cvs] dovecot/src/auth auth-request.c, 1.73, 1.74 password-scheme.c, 1.25, 1.26
tss at dovecot.org
tss at dovecot.org
Sun Dec 3 19:23:36 UTC 2006
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv16953
Modified Files:
auth-request.c password-scheme.c
Log Message:
Don't crash if plain-md5, plain-md4 or sha1 password is invalid and we're
not using digest-md5 authentication..
Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -d -r1.73 -r1.74
--- auth-request.c 18 Nov 2006 22:02:59 -0000 1.73
+++ auth-request.c 3 Dec 2006 19:23:33 -0000 1.74
@@ -906,8 +906,12 @@
return 0;
}
+ /* If original_username is set, use it. It may be important for some
+ password schemes (eg. digest-md5). Otherwise the username is used
+ only for logging purposes. */
ret = password_verify(plain_password, crypted_password, scheme,
- request->original_username);
+ request->original_username != NULL ?
+ request->original_username : request->user);
if (ret < 0) {
auth_request_log_error(request, subsystem,
"Unknown password scheme %s", scheme);
Index: password-scheme.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- password-scheme.c 12 Nov 2006 19:36:41 -0000 1.25
+++ password-scheme.c 3 Dec 2006 19:23:33 -0000 1.26
@@ -181,7 +181,7 @@
}
static bool sha1_verify(const char *plaintext, const char *password,
- const char *user __attr_unused__)
+ const char *user)
{
unsigned char sha1_digest[SHA1_RESULTLEN];
const char *data;
@@ -362,7 +362,7 @@
}
static bool plain_md4_verify(const char *plaintext, const char *password,
- const char *user __attr_unused__)
+ const char *user)
{
unsigned char digest[MD4_RESULTLEN];
const void *data;
@@ -388,7 +388,7 @@
}
static bool plain_md5_verify(const char *plaintext, const char *password,
- const char *user __attr_unused__)
+ const char *user)
{
unsigned char digest[MD5_RESULTLEN];
const void *data;
More information about the dovecot-cvs
mailing list