[Dovecot] PATCH: CRAM-MD5 for Dovecot

Timo Sirainen tss at iki.fi
Mon Nov 10 22:36:07 EET 2003


On Mon, 2003-11-10 at 17:29, Joshua Goodall wrote:
> Hi Timo,
> 
> Mozilla 1.5 doesn't understand DIGEST-MD5; it only speaks CRAM-MD5 or
> PLAIN.  Maybe other clients have the same problem.  My users like
> Mozilla, so I wrote new code for Dovecot to speak CRAM-MD5, using
> your mech-digest-md5.c as a reference.

Thanks. I thought CRAM-MD5 required plaintext password in server side,
but looks like you store them in some MD5 hash. That's good :)

> I don't know if I've caught precisely the coding style you use for
> Dovecot.   I hope so, but I'm unsure if I've used your string and
> buffer libraries properly.  Please enlighten me if you have time.

I did some cosmetical changes, but it was mostly ok. One real potential
problem was:

auth->challenge = p_strdup(auth->pool, str_data(str));

str_data() doesn't guarantee the returned string to be NUL-terminated,
str_c() would be correct.

And I rather try to avoid using 64bit integers which you used there, so
I changed them to just print 16 random digits.

It'd be nice to add CRAM-MD5 support to password_verify() too so that
plaintext authentication could work with such passwords. But not that
important.

> Would you consider including this in the next release?

Committed to CVS, see if it still works after my changes? ;)




More information about the dovecot mailing list