[Dovecot] PATCH: CRAM-MD5 for Dovecot
Hi Timo,
Mozilla 1.5 doesn't understand DIGEST-MD5; it only speaks CRAM-MD5 or PLAIN. Maybe other clients have the same problem. My users like Mozilla, so I wrote new code for Dovecot to speak CRAM-MD5, using your mech-digest-md5.c as a reference.
Attached diff in two formats i) for current CVS ii) against last release
both tested and working with Mozilla and KMail's CRAM-MD5.
I don't know if I've caught precisely the coding style you use for Dovecot. I hope so, but I'm unsure if I've used your string and buffer libraries properly. Please enlighten me if you have time.
Would you consider including this in the next release?
Regards, Joshua
-- Joshua Goodall joshua@roughtrade.net "Your object hit ratio is weak, old man" "If you cache me now, I will dump more core than you can possibly imagine"
On Tue, Nov 11, 2003 at 02:29:16AM +1100, I wrote:
Attached diff in two formats i) for current CVS ii) against last release
both tested and working with Mozilla and KMail's CRAM-MD5.
To be more precise, it's specifically tested and known to authenticate/deny correctly with clients Mozilla 1.5 and KMail version 1.5.4 (KDE3.1.4), connecting to Dovecot 0.99.10 and CVS20031111 running on FreeBSD 5.1 (actually 5-CURRENT), with the LDAP backend fetching unhashed userPasswords from OpenLDAP 2.1.
- J
On Mon, 2003-11-10 at 17:29, Joshua Goodall wrote:
Hi Timo,
Mozilla 1.5 doesn't understand DIGEST-MD5; it only speaks CRAM-MD5 or PLAIN. Maybe other clients have the same problem. My users like Mozilla, so I wrote new code for Dovecot to speak CRAM-MD5, using your mech-digest-md5.c as a reference.
Thanks. I thought CRAM-MD5 required plaintext password in server side, but looks like you store them in some MD5 hash. That's good :)
I don't know if I've caught precisely the coding style you use for Dovecot. I hope so, but I'm unsure if I've used your string and buffer libraries properly. Please enlighten me if you have time.
I did some cosmetical changes, but it was mostly ok. One real potential problem was:
auth->challenge = p_strdup(auth->pool, str_data(str));
str_data() doesn't guarantee the returned string to be NUL-terminated, str_c() would be correct.
And I rather try to avoid using 64bit integers which you used there, so I changed them to just print 16 random digits.
It'd be nice to add CRAM-MD5 support to password_verify() too so that plaintext authentication could work with such passwords. But not that important.
Would you consider including this in the next release?
Committed to CVS, see if it still works after my changes? ;)
On Mon, Nov 10, 2003 at 10:36:07PM +0200, Timo Sirainen wrote:
Thanks. I thought CRAM-MD5 required plaintext password in server side, but looks like you store them in some MD5 hash. That's good :)
Well - sort of good. Unfortunately, the HMAC-MD5 encoding used doesn't salt the passwords as they're hashed.
Theft of the hash allows an attacker to authenticate as that user, and also permits a dictionary attack. These weaknessess partially motivate DIGEST-MD5, of course, but it's still better than pure cleartext.
The format is the same as that used by Courier IMAP. Properly, it should be called {HMAC-MD5}, so the attached patch makes that change before this settles.
[snip]
And I rather try to avoid using 64bit integers which you used there, so I changed them to just print 16 random digits.
:) I was trying to minimise the amount of entropy pulled from the PRNG. (For the same amount of entropy, using ints produced a challenge space of 2^128 integers vs roughly 2^53).
It'd be nice to add CRAM-MD5 support to password_verify() too so that plaintext authentication could work with such passwords. But not that important.
done. tested with passwd-file. see attached.
Would you consider including this in the next release?
Committed to CVS, see if it still works after my changes? ;)
I had problems with RFC noncompliance of the challenge (missing "<",">" and comedy challenge characters with %10 of signed chars). fixed, see patch.
It Works For Me(tm).
I've also added a doco update, and claimed copyright of the HMAC routine :)
Joshua.
-- Joshua Goodall joshua@roughtrade.net "Your object hit ratio is weak, old man" "If you cache me now, I will dump more core than you can possibly imagine"
On Mon, Nov 10, 2003 at 10:36:07PM +0200, Timo Sirainen wrote:
Committed to CVS, see if it still works after my changes? ;)
I'm now maintaining a backport of this for the 0.99.10.2 release at my website. Recently also tested with NetBSD and Mail.app.
http://www.roughtrade.net/dovecot/
Joshua.
participants (2)
-
Joshua Goodall
-
Timo Sirainen