From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Mon, 6 Mar 2023 02:22:51 +0000 (+0100)
Subject: auth: sasl-server-mech-digest-md5 - Centralize realm handling in sasl-server-request.c
X-Git-Tag: 2.4.2~260
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50c58c018e4d6f30a4afffd77b6f9a73ed45e4b2;p=thirdparty%2Fdovecot%2Fcore.git

auth: sasl-server-mech-digest-md5 - Centralize realm handling in sasl-server-request.c
---

diff --git a/src/auth/auth-sasl.c b/src/auth/auth-sasl.c
index dca821e8cb..a161d2ad90 100644
--- a/src/auth/auth-sasl.c
+++ b/src/auth/auth-sasl.c
@@ -20,6 +20,12 @@ auth_sasl_request_set_authid(struct auth_request *request,
 
 	switch (authid_type) {
 	case SASL_SERVER_AUTHID_TYPE_USERNAME:
+		if (request->fields.realm != NULL &&
+		    strchr(authid, '@') == NULL) {
+			authid = t_strconcat(
+				authid, "@", request->fields.realm, NULL);
+			request->domain_is_realm = TRUE;
+		}
 		if (!auth_request_set_username(request, authid, &error)) {
 			e_info(request->event, "%s", error);
 			return FALSE;
diff --git a/src/auth/sasl-server-mech-digest-md5.c b/src/auth/sasl-server-mech-digest-md5.c
index f89433eef0..dd41de4c8a 100644
--- a/src/auth/sasl-server-mech-digest-md5.c
+++ b/src/auth/sasl-server-mech-digest-md5.c
@@ -553,7 +553,7 @@ mech_digest_md5_auth_continue(struct auth_request *auth_request,
 	struct digest_auth_request *request =
 		container_of(auth_request, struct digest_auth_request,
 			     auth_request);
-	const char *username, *error;
+	const char *error;
 
 	if (!parse_digest_response(request, data, data_size, &error)) {
 		e_info(auth_request->mech_event, "%s", error);
@@ -561,17 +561,9 @@ mech_digest_md5_auth_continue(struct auth_request *auth_request,
 		return;
 	}
 
-	if (auth_request->fields.realm != NULL &&
-	    strchr(request->username, '@') == NULL) {
-		username = t_strconcat(request->username, "@",
-				       auth_request->fields.realm, NULL);
-		auth_request->domain_is_realm = TRUE;
-	} else {
-		username = request->username;
-	}
 	if (!sasl_server_request_set_authid(auth_request,
 					    SASL_SERVER_AUTHID_TYPE_USERNAME,
-					    username)) {
+					    request->username)) {
 		sasl_server_request_failure(auth_request);
 		return;
 	}