Index: dovecot-example.conf =================================================================== RCS file: /home/cvs/dovecot/dovecot-example.conf,v retrieving revision 1.77 diff -u -r1.77 dovecot-example.conf --- dovecot-example.conf 6 Sep 2003 17:25:33 -0000 1.77 +++ dovecot-example.conf 10 Nov 2003 22:41:07 -0000 @@ -386,7 +386,7 @@ auth default { # Space separated list of wanted authentication mechanisms: - # plain digest-md5 anonymous + # plain digest-md5 cram-md5 anonymous mechanisms = plain # Where user database is kept: Index: doc/auth.txt =================================================================== RCS file: /home/cvs/dovecot/doc/auth.txt,v retrieving revision 1.10 diff -u -r1.10 auth.txt --- doc/auth.txt 25 Jun 2003 23:15:35 -0000 1.10 +++ doc/auth.txt 10 Nov 2003 22:41:07 -0000 @@ -8,6 +8,8 @@ - DIGEST-MD5: Should be quite secure by itself. It also supports integrity protecting and crypting the rest of the communication, but we don't support those yet. + - CRAM-MD5: Protects the secret in transit from eavesdroppers. Doesn't + provide any integrity guarantees. - ANONYMOUS: No authentication required. User will be logged in as the user specified by auth_anonymous_username setting (default "anonymous"). There's no special restrictions given for anonymous users so you have to make sure @@ -46,6 +48,7 @@ - PLAIN: Although not that good idea, it enables support for all current and future authentication mechanisms. + - HMAC-MD5: HMAC-MD5 context of password, for the CRAM-MD5 mechanism. - DIGEST-MD5: MD5 sum of "user:realm:password", as required by DIGEST-MD5 mechanism. Index: src/auth/mech-cram-md5.c =================================================================== RCS file: /home/cvs/dovecot/src/auth/mech-cram-md5.c,v retrieving revision 1.2 diff -u -r1.2 mech-cram-md5.c --- src/auth/mech-cram-md5.c 10 Nov 2003 21:44:54 -0000 1.2 +++ src/auth/mech-cram-md5.c 10 Nov 2003 22:41:10 -0000 @@ -32,7 +32,7 @@ static const char *get_cram_challenge(void) { - char buf[17]; + unsigned char buf[17]; size_t i; hostpid_init(); @@ -42,7 +42,7 @@ buf[i] = (buf[i] % 10) + '0'; buf[sizeof(buf)-1] = '\0'; - return t_strdup_printf("%s.%s@%s", buf, dec2str(ioloop_time), + return t_strdup_printf("<%s.%s@%s>", buf, dec2str(ioloop_time), my_hostname); } Index: src/auth/passdb.c =================================================================== RCS file: /home/cvs/dovecot/src/auth/passdb.c,v retrieving revision 1.12 diff -u -r1.12 passdb.c --- src/auth/passdb.c 10 Nov 2003 20:36:02 -0000 1.12 +++ src/auth/passdb.c 10 Nov 2003 22:41:10 -0000 @@ -25,7 +25,7 @@ case PASSDB_CREDENTIALS_CRYPT: return "CRYPT"; case PASSDB_CREDENTIALS_CRAM_MD5: - return "CRAM-MD5"; + return "HMAC-MD5"; case PASSDB_CREDENTIALS_DIGEST_MD5: return "DIGEST-MD5"; } Index: src/auth/password-scheme-cram-md5.c =================================================================== RCS file: /home/cvs/dovecot/src/auth/password-scheme-cram-md5.c,v retrieving revision 1.1 diff -u -r1.1 password-scheme-cram-md5.c --- src/auth/password-scheme-cram-md5.c 10 Nov 2003 20:36:02 -0000 1.1 +++ src/auth/password-scheme-cram-md5.c 10 Nov 2003 22:41:10 -0000 @@ -1,4 +1,4 @@ -/* Copyright (C) 2003 Timo Sirainen */ +/* Copyright (C) 2003 Timo Sirainen / Joshua Goodall */ #include "lib.h" #include "md5.h" Index: src/auth/password-scheme.c =================================================================== RCS file: /home/cvs/dovecot/src/auth/password-scheme.c,v retrieving revision 1.4 diff -u -r1.4 password-scheme.c --- src/auth/password-scheme.c 10 Nov 2003 20:36:02 -0000 1.4 +++ src/auth/password-scheme.c 10 Nov 2003 22:41:11 -0000 @@ -30,6 +30,11 @@ if (strcasecmp(scheme, "PLAIN") == 0) return strcmp(password, plaintext) == 0; + if (strcasecmp(scheme, "HMAC-MD5") == 0) { + str = password_generate_cram_md5(plaintext); + return strcmp(str, password) == 0; + } + if (strcasecmp(scheme, "DIGEST-MD5") == 0) { /* user:realm:passwd */ realm = strchr(user, '@'); @@ -110,7 +115,7 @@ if (strcasecmp(scheme, "PLAIN") == 0) return plaintext; - if (strcasecmp(scheme, "CRAM-MD5") == 0) + if (strcasecmp(scheme, "HMAC-MD5") == 0) return password_generate_cram_md5(plaintext); if (strcasecmp(scheme, "DIGEST-MD5") == 0) {