"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/lib-oauth2/oauth2-jwt.c" between
dovecot-2.3.16.tar.gz and dovecot-2.3.17.tar.gz

About: Dovecot is an IMAP and POP3 server, written with security primarily in mind.

oauth2-jwt.c  (dovecot-2.3.16)	:	oauth2-jwt.c  (dovecot-2.3.17)
skipping to change at line 100		skipping to change at line 100
int ret;		int ret;
cache_key_id = t_strconcat(azp, ".", alg, ".", key_id, NULL);		cache_key_id = t_strconcat(azp, ".", alg, ".", key_id, NULL);
if (oauth2_validation_key_cache_lookup_hmac_key(		if (oauth2_validation_key_cache_lookup_hmac_key(
set->key_cache, cache_key_id, hmac_key_r) == 0)		set->key_cache, cache_key_id, hmac_key_r) == 0)
return 0;		return 0;
/* do a synchronous dict lookup */		/* do a synchronous dict lookup */
lookup_key = t_strconcat(DICT_PATH_SHARED, azp, "/", alg, "/", key_id,		lookup_key = t_strconcat(DICT_PATH_SHARED, azp, "/", alg, "/", key_id,
NULL);		NULL);
if ((ret = dict_lookup(set->key_dict, pool_datastack_create(),		struct dict_op_settings dict_set = {
		.username = NULL,
		};
		if ((ret = dict_lookup(set->key_dict, &dict_set, pool_datastack_create(),
lookup_key, &base64_key, error_r)) < 0) {		lookup_key, &base64_key, error_r)) < 0) {
return -1;		return -1;
} else if (ret == 0) {		} else if (ret == 0) {
*error_r = t_strdup_printf("%s key '%s' not found",		*error_r = t_strdup_printf("%s key '%s' not found",
alg, key_id);		alg, key_id);
return -1;		return -1;
}		}
/* decode key */		/* decode key */
buffer_t *key = t_base64_decode_str(base64_key);		buffer_t *key = t_base64_decode_str(base64_key);
skipping to change at line 180		skipping to change at line 183
int ret;		int ret;
cache_key_id = t_strconcat(azp, ".", alg, ".", key_id, NULL);		cache_key_id = t_strconcat(azp, ".", alg, ".", key_id, NULL);
if (oauth2_validation_key_cache_lookup_pubkey(		if (oauth2_validation_key_cache_lookup_pubkey(
set->key_cache, cache_key_id, key_r) == 0)		set->key_cache, cache_key_id, key_r) == 0)
return 0;		return 0;
/* do a synchronous dict lookup */		/* do a synchronous dict lookup */
lookup_key = t_strconcat(DICT_PATH_SHARED, azp, "/", alg, "/", key_id,		lookup_key = t_strconcat(DICT_PATH_SHARED, azp, "/", alg, "/", key_id,
NULL);		NULL);
if ((ret = dict_lookup(set->key_dict, pool_datastack_create(),		struct dict_op_settings dict_set = {
		.username = NULL,
		};
		if ((ret = dict_lookup(set->key_dict, &dict_set, pool_datastack_create(),
lookup_key, &key_str, error_r)) < 0) {		lookup_key, &key_str, error_r)) < 0) {
return -1;		return -1;
} else if (ret == 0) {		} else if (ret == 0) {
*error_r = t_strdup_printf("%s key '%s' not found",		*error_r = t_strdup_printf("%s key '%s' not found",
alg, key_id);		alg, key_id);
return -1;		return -1;
}		}
/* try to load key */		/* try to load key */
struct dcrypt_public_key *pubkey;		struct dcrypt_public_key *pubkey;
skipping to change at line 390		skipping to change at line 396
if (iat > t0) {		if (iat > t0) {
*error_r = "Token is issued in future";		*error_r = "Token is issued in future";
return -1;		return -1;
}		}
if (exp < t0) {		if (exp < t0) {
*error_r = "Token has expired";		*error_r = "Token has expired";
return -1;		return -1;
}		}
/* ensure token dates are not conflicting */		/* ensure token dates are not conflicting */
if (nbf < iat ||		if (exp < iat ||
exp < iat ||
exp < nbf) {		exp < nbf) {
*error_r = "Token time values are conflicting";		*error_r = "Token time values are conflicting";
return -1;		return -1;
}		}
const char *iss = get_field(tree, "iss");		const char *iss = get_field(tree, "iss");
if (set->issuers != NULL && *set->issuers != NULL) {		if (set->issuers != NULL && *set->issuers != NULL) {
if (iss == NULL) {		if (iss == NULL) {
*error_r = "Token is missing 'iss' field";		*error_r = "Token is missing 'iss' field";
return -1;		return -1;
End of changes. 3 change blocks.
4 lines changed or deleted		9 lines changed or added

---