[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#7817) jldap DigesetMD5SaslClient is using authzid for username when it should use authcid
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#7817) jldap DigesetMD5SaslClient is using authzid for username when it should use authcid
- From: flo@geekplace.eu
- Date: Mon, 10 Mar 2014 14:46:50 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Florian Schmaus
Version:
OS:
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (88.217.98.14)
The openldap-jldap's com.novell.sasl.cient.DigestMD5SaslClient is using
authorization id (authzid) as value for the username. But the relevant RFC2831
states in section 2.1.2 that there is an extra attribute 'authzid' when
assembling the response. The value of username should use m_name (the authcid)
and the response should only add the authzid if it's set (Note that authzid is
*optional*).
--- a/com/novell/sasl/client/DigestMD5SaslClient.java
+++ b/com/novell/sasl/client/DigestMD5SaslClient.java
@@ -661,7 +661,7 @@ public class DigestMD5SaslClient implements SaslClient
true);
digestResponse.append("username=\"");
- digestResponse.append(m_authorizationId);
+ digestResponse.append(m_name);
if (0 != m_realm.length())
{
digestResponse.append("\",realm=\"");
@@ -679,8 +679,12 @@ public class DigestMD5SaslClient implements SaslClient
digestResponse.append(response);
digestResponse.append(",charset=utf-8,nonce=\"");
digestResponse.append(m_dc.getNonce());
+ if (m_authorizationId != null && m_authorizationId.length() >= 0)
+ {
+ digestResponse.append("\",authzid=\"");
+ digestResponse.append(m_authorizationId);
+ }
digestResponse.append("\"");
-
return digestResponse.toString();
}