From: Timo Sirainen <tss@iki.fi>
Date: Tue, 1 Sep 2009 16:22:46 +0000 (-0400)
Subject: auth: digest-md5, rpa mechanisms no longer require the realm to be listed in auth_realms.
X-Git-Tag: 2.0.alpha1~201
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7b4259e30aca35f80a490d0eaa6e7190e129585d;p=thirdparty%2Fdovecot%2Fcore.git

auth: digest-md5, rpa mechanisms no longer require the realm to be listed in auth_realms.

--HG--
branch : HEAD
---

diff --git a/src/auth/mech-digest-md5.c b/src/auth/mech-digest-md5.c
index 86f8b6604a..21f9c88ce5 100644
--- a/src/auth/mech-digest-md5.c
+++ b/src/auth/mech-digest-md5.c
@@ -217,22 +217,6 @@ static bool verify_credentials(struct digest_auth_request *request,
 	return TRUE;
 }
 
-static bool verify_realm(struct digest_auth_request *request, const char *realm)
-{
-	const char *const *tmp;
-
-	if (*realm == '\0')
-		return TRUE;
-
-        tmp = request->auth_request.auth->auth_realms;
-	for (; *tmp != NULL; tmp++) {
-		if (strcmp(realm, *tmp) == 0)
-			return TRUE;
-	}
-
-	return FALSE;
-}
-
 static bool parse_next(char **data, char **key, char **value)
 {
 	/* @UNSAFE */
@@ -294,11 +278,6 @@ static bool auth_handle_response(struct digest_auth_request *request,
 	str_lcase(key);
 
 	if (strcmp(key, "realm") == 0) {
-		if (!verify_realm(request, value)) {
-			*error = t_strdup_printf("Invalid realm: %s",
-					str_sanitize(value, MAX_REALM_LEN));
-			return FALSE;
-		}
 		if (request->auth_request.realm == NULL && *value != '\0')
 			request->auth_request.realm =
 				p_strdup(request->pool, value);
diff --git a/src/auth/mech-rpa.c b/src/auth/mech-rpa.c
index d3a1171395..45ee8db3c8 100644
--- a/src/auth/mech-rpa.c
+++ b/src/auth/mech-rpa.c
@@ -235,24 +235,6 @@ rpa_read_buffer(pool_t pool, const unsigned char **data,
 	return len;
 }
 
-static bool
-rpa_verify_realm(struct rpa_auth_request *request, const char *realm)
-{
-	const struct auth *auth = request->auth_request.auth;
-	const char *default_realm;
-	const char *const *tmp;
-
-	for (tmp = auth->auth_realms; *tmp != NULL; tmp++) {
-		if (strcasecmp(realm, *tmp) == 0)
-			return TRUE;
-	}
-
-	default_realm = *auth->set->default_realm != '\0' ?
-		auth->set->default_realm : my_hostname;
-
-	return strcasecmp(realm, default_realm) == 0;
-}
-
 static bool
 rpa_parse_token3(struct rpa_auth_request *request, const void *data,
 		 size_t data_size, const char **error)
@@ -282,8 +264,8 @@ rpa_parse_token3(struct rpa_auth_request *request, const void *data,
 
 	user = t_strndup(p, len);
 	realm = strrchr(user, '@');
-	if ((realm == NULL) || !rpa_verify_realm(request, realm + 1)) {
-		*error = "invalid realm";
+	if (realm == NULL) {
+		*error = "missing realm";
 		return FALSE;
 	}
 	user = t_strdup_until(user, realm++);