--- plugins/digestmd5.c.orig 2008-06-02 15:36:43.000000000 -0500 +++ plugins/digestmd5.c 2008-06-02 15:46:54.000000000 -0500 @@ -212,6 +212,7 @@ /* global context for reauth use */ typedef struct digest_glob_context { reauth_cache_t *reauth; + bool validate_service; } digest_glob_context_t; /* context that stores info */ @@ -220,6 +221,7 @@ enum Context_type i_am; /* are we the client or server? */ reauth_cache_t *reauth; + bool validate_service; char *authid; char *realm; @@ -1809,7 +1811,8 @@ text->state = 1; text->i_am = SERVER; text->reauth = ((digest_glob_context_t *) glob_context)->reauth; - + text->validate_service = ((digest_glob_context_t *) glob_context)->validate_service; + *conn_context = text; return SASL_OK; } @@ -2136,8 +2139,9 @@ /* make sure it's the service that we're expecting */ service_len = strlen(sparams->service); - if (strncasecmp(digesturi, sparams->service, service_len) || - digesturi[service_len] != '/') { + if (server_glob_context.validate_service && + (strncasecmp(digesturi, sparams->service, service_len) || + digesturi[service_len] != '/')) { result = SASL_BADAUTH; SETERROR(sparams->utils, "bad digest-uri: doesn't match service"); @@ -2745,7 +2749,9 @@ { reauth_cache_t *reauth_cache; const char *timeout = NULL; + const char *option = NULL; unsigned int len; + bool validate_service; if (maxversion < SASL_SERVER_PLUG_VERSION) return SASL_BADVERS; @@ -2782,6 +2788,12 @@ ((digest_glob_context_t *) digestmd5_server_plugins[0].glob_context)->reauth = reauth_cache; + validate_service = TRUE; + utils->getopt(utils->getopt_context, "DIGEST-MD5", "validate_service", &option, &len); + if (option && strcasecmp (option, "no") == 0) + validate_service = FALSE; + ((digest_glob_context_t *) digestmd5_server_plugins[0].glob_context)->validate_service = validate_service; + *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = digestmd5_server_plugins; *plugcount = 1;