[dovecot-cvs] dovecot/src/auth mech-rpa.c,1.16,1.17

Wed Feb 9 22:12:32 EET 2005

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv28387

Modified Files:
	mech-rpa.c 
Log Message:
Realm fixes. Patch by Andrey Panin



Index: mech-rpa.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-rpa.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17

--- mech-rpa.c	8 Jan 2005 21:37:32 -0000	1.16
+++ mech-rpa.c	9 Feb 2005 20:12:29 -0000	1.17
@@ -246,7 +246,7 @@
 	const unsigned char *end = ((unsigned char *)data) + data_size;
 	const unsigned char *p;
 	unsigned int len;
-	const char *user;
+	const char *user, *realm;
 
 	p = rpa_check_message(data, end, error);
 	if (p == NULL)
@@ -265,7 +265,13 @@
 	}
 	p += 2;
 
-	user = t_strcut(t_strndup(p, len), '@');
+	user = t_strndup(p, len);
+	realm = strrchr(user, '@');
+	if ((realm == NULL) || (strcmp(realm + 1, my_hostname) != 0)) {
+		*error = "invalid realm";
+		return FALSE;
+	}
+	user = t_strdup_until(user, realm++);
 	p += len;
 
 	if (!auth_request_set_username(auth_request, user, error))
@@ -273,6 +279,8 @@
 
 	request->username_ucs2be = ucs2be_str(request->pool, auth_request->user,
 					      &request->username_len);
+	request->realm_ucs2be = ucs2be_str(request->pool, realm,
+					   &request->realm_len);
 
 	/* Read user challenge */
 	request->user_challenge_len = rpa_read_buffer(request->pool, &p, end,
@@ -459,8 +467,6 @@
 
 	request->service_ucs2be = ucs2be_str(request->pool, service,
 					     &request->service_len);
-	request->realm_ucs2be = ucs2be_str(request->pool, my_hostname,
-					   &request->realm_len);
 
 	auth_request->callback(auth_request, AUTH_CLIENT_RESULT_CONTINUE,
 			       token2, token2_size);
@@ -566,7 +572,8 @@
 const struct mech_module mech_rpa = {
 	"RPA",
 
-	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
+	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE |
+		MECH_SEC_MUTUAL_AUTH,
 
 	MEMBER(passdb_need_plain) FALSE,
 	MEMBER(passdb_need_credentials) TRUE,

