[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SASL/DIGEST-MD5 (fwd)
You're right, I just ran across this as well. The logic for the digest-uri
comparison is reversed. I believe this is the correct fix:
RCS file: /cvs/src/sasl/plugins/digestmd5.c,v
retrieving revision 1.150
diff -u -r1.150 digestmd5.c
--- digestmd5.c 18 Feb 2003 18:27:37 -0000 1.150
+++ digestmd5.c 6 Mar 2003 09:19:15 -0000
@@ -2271,7 +2271,7 @@
/* make sure it's the service that we're expecting */
service_len = strlen(sparams->service);
- if (!strncasecmp(digesturi, sparams->service, service_len) ||
+ if (strncasecmp(digesturi, sparams->service, service_len) &&
digesturi[service_len] != '/') {
result = SASL_BADAUTH;
SETERROR(sparams->utils,
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Igor Brezac
> I think that SASL/DIGEST-MD5 is broken in the latest cyrus-sasl (CVS
> version) and openldap.
>
> ldapwhoami -U igor -H ldapi:/// -Y DIGEST-MD5
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> additional info: SASL(-13): authentication failure:
> bad digest-uri: doesn't match service
>
> * from cvs log digestmd5.c
> revision 1.148
> date: 2003/02/12 20:04:27; author: leg; state: Exp; lines: +19 -3
> verify the service component of digest-uri
>
> I am not sure if this is openldap or cyrus-sasl question so I sent the
> message to both cyrus-sasl and openldap-software lists. Any ideas?
>
> --
> Igor
>
>
>
>
>