On Mon, 2003-11-10 at 17:29, Joshua Goodall wrote:
Hi Timo,
Mozilla 1.5 doesn't understand DIGEST-MD5; it only speaks CRAM-MD5 or PLAIN. Maybe other clients have the same problem. My users like Mozilla, so I wrote new code for Dovecot to speak CRAM-MD5, using your mech-digest-md5.c as a reference.
Thanks. I thought CRAM-MD5 required plaintext password in server side, but looks like you store them in some MD5 hash. That's good :)
I don't know if I've caught precisely the coding style you use for Dovecot. I hope so, but I'm unsure if I've used your string and buffer libraries properly. Please enlighten me if you have time.
I did some cosmetical changes, but it was mostly ok. One real potential problem was:
auth->challenge = p_strdup(auth->pool, str_data(str));
str_data() doesn't guarantee the returned string to be NUL-terminated, str_c() would be correct.
And I rather try to avoid using 64bit integers which you used there, so I changed them to just print 16 random digits.
It'd be nice to add CRAM-MD5 support to password_verify() too so that plaintext authentication could work with such passwords. But not that important.
Would you consider including this in the next release?
Committed to CVS, see if it still works after my changes? ;)