dovecot/core-2.2: src/auth/mech-rpa.c annotate

annotate src/auth/mech-rpa.c @ 6936:aacc69cc267b HEAD

Allocate auth_realms from auth pool instead of from data stack.

author	Timo Sirainen <tss@iki.fi>
date	Wed, 05 Dec 2007 17:22:21 +0200
parents	7cad076906eb
children	a097b704be1b

rev	line source
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	1 /*
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	2 * Compuserve RPA authentication mechanism.
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	3 *
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	4 * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	5 *
4382 f8d37e26a2b3 Relicensed dovecot-auth to MIT. Timo Sirainen <tss@iki.fi> parents: 4020 diff changeset	6 * This software is released under the MIT license.
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	7 */
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	8
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	9 #include "common.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	10 #include "mech.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	11 #include "passdb.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	12 #include "str.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	13 #include "strfuncs.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	14 #include "safe-memset.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	15 #include "randgen.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	16 #include "buffer.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	17 #include "hostpid.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	18 #include "hex-binary.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	19 #include "md5.h"
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	20
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	21 struct rpa_auth_request {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	22 struct auth_request auth_request;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	23
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	24 pool_t pool;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	25
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	26 int phase;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	27
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	28 /* cached: */
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	29 unsigned char pwd_md5[MD5_RESULTLEN];
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	30 size_t service_len;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	31 const unsigned char *service_ucs2be;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	32 size_t username_len;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	33 const unsigned char *username_ucs2be;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	34 size_t realm_len;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	35 const unsigned char *realm_ucs2be;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	36
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	37 /* requested: */
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	38 unsigned char *service_challenge;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	39 unsigned char *service_timestamp;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	40
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	41 /* received: */
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	42 unsigned int user_challenge_len;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	43 unsigned char *user_challenge;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	44 unsigned char *user_response;
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	45 unsigned char session_key[16];
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	46 };
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	47
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	48 #define RPA_SCHALLENGE_LEN 32
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	49 #define RPA_UCHALLENGE_LEN 16
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	50 #define RPA_TIMESTAMP_LEN 14
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	51
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	52 #define ASN1_APPLICATION 0x60
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	53
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	54 /* Object id encoded using ASN.1 DER */
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	55 static const unsigned char rpa_oid[] = {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	56 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x73, 0x01, 0x01
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	57 };
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	58
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	59 void ucs2be_str(pool_t pool, const char str, size_t *size);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	60
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	61 /*
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	62 * Compute client -> server authentication response.
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	63 */
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	64 static void rpa_user_response(struct rpa_auth_request *request,
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	65 unsigned char digest[MD5_RESULTLEN])
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	66 {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	67 struct md5_context ctx;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	68 unsigned char z[48];
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	69
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	70 memset(z, 0, sizeof(z));
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	71
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	72 md5_init(&ctx);
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	73 md5_update(&ctx, request->pwd_md5, sizeof(request->pwd_md5));
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	74 md5_update(&ctx, z, sizeof(z));
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	75 md5_update(&ctx, request->username_ucs2be, request->username_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	76 md5_update(&ctx, request->service_ucs2be, request->service_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	77 md5_update(&ctx, request->realm_ucs2be, request->realm_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	78 md5_update(&ctx, request->user_challenge, request->user_challenge_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	79 md5_update(&ctx, request->service_challenge, RPA_SCHALLENGE_LEN);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	80 md5_update(&ctx, request->service_timestamp, RPA_TIMESTAMP_LEN);
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	81 md5_update(&ctx, request->pwd_md5, sizeof(request->pwd_md5));
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	82 md5_final(&ctx, digest);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	83 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	84
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	85 /*
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	86 * Compute server -> client authentication response.
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	87 */
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	88 static void rpa_server_response(struct rpa_auth_request *request,
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	89 unsigned char digest[MD5_RESULTLEN])
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	90 {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	91 struct md5_context ctx;
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	92 unsigned char tmp[MD5_RESULTLEN];
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	93 unsigned char z[48];
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	94 unsigned int i;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	95
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	96 memset(z, 0, sizeof(z));
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	97
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	98 md5_init(&ctx);
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	99 md5_update(&ctx, request->pwd_md5, sizeof(request->pwd_md5));
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	100 md5_update(&ctx, z, sizeof(z));
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	101 md5_update(&ctx, request->service_ucs2be, request->service_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	102 md5_update(&ctx, request->username_ucs2be, request->username_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	103 md5_update(&ctx, request->realm_ucs2be, request->realm_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	104 md5_update(&ctx, request->service_challenge, RPA_SCHALLENGE_LEN);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	105 md5_update(&ctx, request->user_challenge, request->user_challenge_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	106 md5_update(&ctx, request->service_timestamp, RPA_TIMESTAMP_LEN);
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	107 md5_update(&ctx, request->pwd_md5, sizeof(request->pwd_md5));
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	108 md5_final(&ctx, tmp);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	109
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	110 for (i = 0; i < sizeof(tmp); i++)
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	111 tmp[i] = request->session_key[i] ^ tmp[i];
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	112
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	113 md5_init(&ctx);
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	114 md5_update(&ctx, request->pwd_md5, sizeof(request->pwd_md5));
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	115 md5_update(&ctx, z, sizeof(z));
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	116 md5_update(&ctx, request->service_ucs2be, request->service_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	117 md5_update(&ctx, request->username_ucs2be, request->username_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	118 md5_update(&ctx, request->realm_ucs2be, request->realm_len);
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	119 md5_update(&ctx, request->session_key, sizeof(request->session_key));
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	120 md5_update(&ctx, request->service_challenge, RPA_SCHALLENGE_LEN);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	121 md5_update(&ctx, request->user_challenge, request->user_challenge_len);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	122 md5_update(&ctx, request->service_timestamp, RPA_TIMESTAMP_LEN);
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	123 md5_update(&ctx, tmp, sizeof(tmp));
e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	124 md5_update(&ctx, request->pwd_md5, sizeof(request->pwd_md5));
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	125 md5_final(&ctx, digest);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	126 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	127
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	128 static const unsigned char *
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	129 rpa_check_message(const unsigned char data, const unsigned char end,
2522 a07fb16b9a24 Changed "invalid username" error message. Timo Sirainen <tss@iki.fi> parents: 2510 diff changeset	130 const char **error)
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	131 {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	132 const unsigned char *p = data;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	133 unsigned int len = 0;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	134
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	135 if (p + 2 > end) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	136 *error = "message too short";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	137 return NULL;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	138 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	139
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	140 if (*p++ != ASN1_APPLICATION) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	141 *error = "invalid data type";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	142 return NULL;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	143 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	144
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	145 if ((*p & 0x80) != 0) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	146 unsigned int nbytes = *p++ & 0x7f;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	147
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	148 while (nbytes-- > 0) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	149 if (p >= end) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	150 *error = "invalid structure length";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	151 return NULL;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	152 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	153
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	154 len = (len << 8) \| *p++;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	155 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	156 } else
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	157 len = *p++;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	158
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	159 if ((size_t)(end - p) != len) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	160 *error = "structure length disagrees with data size";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	161 return NULL;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	162 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	163
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	164 if (p + sizeof(rpa_oid) > end) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	165 *error = "not enough space for object id";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	166 return NULL;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	167 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	168
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	169 if (memcmp(p, rpa_oid, sizeof(rpa_oid)) != 0) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	170 *error = "invalid object id";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	171 return NULL;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	172 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	173
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	174 return p + sizeof(rpa_oid);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	175 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	176
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3766 diff changeset	177 static bool
2522 a07fb16b9a24 Changed "invalid username" error message. Timo Sirainen <tss@iki.fi> parents: 2510 diff changeset	178 rpa_parse_token1(const void data, size_t data_size, const char *error)
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	179 {
4020 fcfd44f56b04 While casting const pointers to something else, the const was often Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	180 const unsigned char end = ((const unsigned char ) data) + data_size;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	181 const unsigned char *p;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	182 unsigned int version_lo, version_hi;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	183
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	184 p = rpa_check_message(data, end, error);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	185 if (p == NULL)
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	186 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	187
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	188 if (p + 6 > end) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	189 *error = "message too short";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	190 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	191 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	192
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	193 version_lo = p[0] + (p[1] << 8);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	194 version_hi = p[2] + (p[3] << 8);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	195
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	196 if ((version_lo > 3) \|\| (version_hi < 3)) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	197 *error = "protocol version mismatch";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	198 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	199 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	200 p += 4;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	201
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	202 if ((p[0] != 0) \|\| (p[1] != 1)) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	203 *error = "invalid message flags";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	204 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	205 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	206 p += 2;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	207
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	208 if (p != end) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	209 *error = "unneeded data found";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	210 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	211 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	212
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	213 return TRUE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	214 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	215
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	216 static unsigned int
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	217 rpa_read_buffer(pool_t pool, const unsigned char **data,
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	218 const unsigned char end, unsigned char *buffer)
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	219 {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	220 const unsigned char p = data;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	221 unsigned int len;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	222
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	223 if (p > end)
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	224 return 0;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	225
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	226 len = *p++;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	227 if (p + len > end)
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	228 return 0;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	229
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	230 *buffer = p_malloc(pool, len);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	231 memcpy(*buffer, p, len);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	232
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	233 *data += 1 + len;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	234
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	235 return len;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	236 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	237
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3766 diff changeset	238 static bool
3228 e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	239 rpa_verify_realm(struct rpa_auth_request request, const char realm)
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	240 {
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	241 const char *default_realm;
6936 aacc69cc267b Allocate auth_realms from auth pool instead of from data stack. Timo Sirainen <tss@iki.fi> parents: 6428 diff changeset	242 char const tmp;
3228 e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	243
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	244 tmp = request->auth_request.auth->auth_realms;
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	245 for (; *tmp != NULL; tmp++) {
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	246 if (strcasecmp(realm, *tmp) == 0)
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	247 return TRUE;
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	248 }
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	249
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	250 default_realm = request->auth_request.auth->default_realm != NULL ?
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	251 request->auth_request.auth->default_realm :
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	252 my_hostname;
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	253
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3766 diff changeset	254 return strcasecmp(realm, default_realm) == 0;
3228 e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	255 }
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	256
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3766 diff changeset	257 static bool
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	258 rpa_parse_token3(struct rpa_auth_request request, const void data,
2522 a07fb16b9a24 Changed "invalid username" error message. Timo Sirainen <tss@iki.fi> parents: 2510 diff changeset	259 size_t data_size, const char **error)
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	260 {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	261 struct auth_request *auth_request = &request->auth_request;
4020 fcfd44f56b04 While casting const pointers to something else, the const was often Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	262 const unsigned char end = ((const unsigned char )data) + data_size;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	263 const unsigned char *p;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	264 unsigned int len;
3151 400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	265 const char user, realm;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	266
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	267 p = rpa_check_message(data, end, error);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	268 if (p == NULL)
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	269 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	270
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	271 /* Read username@realm */
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	272 if (p + 2 > end) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	273 *error = "message too short";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	274 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	275 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	276
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	277 len = (p[0] >> 8) + p[1];
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	278 if (p + 2 + len > end) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	279 *error = "message too short";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	280 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	281 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	282 p += 2;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	283
3151 400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	284 user = t_strndup(p, len);
400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	285 realm = strrchr(user, '@');
3228 e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	286 if ((realm == NULL) \|\| !rpa_verify_realm(request, realm + 1)) {
3151 400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	287 *error = "invalid realm";
400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	288 return FALSE;
400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	289 }
400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	290 user = t_strdup_until(user, realm++);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	291 p += len;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	292
3065 29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	293 if (!auth_request_set_username(auth_request, user, error))
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	294 return FALSE;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	295
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	296 request->username_ucs2be = ucs2be_str(request->pool, auth_request->user,
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	297 &request->username_len);
3151 400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	298 request->realm_ucs2be = ucs2be_str(request->pool, realm,
400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	299 &request->realm_len);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	300
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	301 /* Read user challenge */
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	302 request->user_challenge_len = rpa_read_buffer(request->pool, &p, end,
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	303 &request->user_challenge);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	304 if (request->user_challenge_len == 0) {
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	305 *error = "invalid user challenge";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	306 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	307 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	308
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	309 /* Read user response */
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	310 len = rpa_read_buffer(request->pool, &p, end, &request->user_response);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	311 if (len != RPA_UCHALLENGE_LEN) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	312 *error = "invalid user response";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	313 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	314 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	315
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	316 if (p != end) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	317 *error = "unneeded data found";
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	318 return FALSE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	319 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	320
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	321 return TRUE;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	322 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	323
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	324 static void
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	325 buffer_append_asn1_length(buffer_t *buf, unsigned int length)
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	326 {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	327 if (length < 0x80) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	328 buffer_append_c(buf, length);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	329 } else if (length < 0x100) {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	330 buffer_append_c(buf, 0x81);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	331 buffer_append_c(buf, length);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	332 } else {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	333 buffer_append_c(buf, 0x82);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	334 buffer_append_c(buf, length >> 8);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	335 buffer_append_c(buf, length & 0xff);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	336 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	337 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	338
3228 e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	339 static void
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	340 rpa_add_realm(string_t realms, const char realm, const char *service)
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	341 {
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	342 str_append(realms, service);
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	343 str_append_c(realms, '@');
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	344 str_append(realms, realm);
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	345 str_append_c(realms, ' ');
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	346 }
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	347
2629 6ba9dcff11b9 Compiler warning fixes and cleanups Timo Sirainen <tss@iki.fi> parents: 2522 diff changeset	348 static const unsigned char *
3228 e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	349 mech_rpa_build_token2(struct rpa_auth_request request, size_t size)
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	350 {
3228 e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	351 struct auth *auth = request->auth_request.auth;
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	352 unsigned int realms_len, length;
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	353 string_t *realms;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	354 buffer_t *buf;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	355 unsigned char timestamp[RPA_TIMESTAMP_LEN / 2];
6936 aacc69cc267b Allocate auth_realms from auth pool instead of from data stack. Timo Sirainen <tss@iki.fi> parents: 6428 diff changeset	356 char const tmp;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	357
3228 e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	358 realms = t_str_new(64);
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	359 for (tmp = auth->auth_realms; *tmp != NULL; tmp++) {
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	360 rpa_add_realm(realms, *tmp, request->auth_request.service);
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	361 }
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	362
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	363 if (str_len(realms) == 0) {
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	364 rpa_add_realm(realms, auth->default_realm != NULL ?
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	365 auth->default_realm : my_hostname,
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	366 request->auth_request.service);
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	367 }
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	368
e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	369 realms_len = str_len(realms) - 1;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	370 length = sizeof(rpa_oid) + 3 + RPA_SCHALLENGE_LEN +
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	371 RPA_TIMESTAMP_LEN + 2 + realms_len;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	372
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	373 buf = buffer_create_dynamic(request->pool, length + 4);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	374
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	375 buffer_append_c(buf, ASN1_APPLICATION);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	376 buffer_append_asn1_length(buf, length);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	377 buffer_append(buf, rpa_oid, sizeof(rpa_oid));
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	378
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	379 /* Protocol version */
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	380 buffer_append_c(buf, 3);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	381 buffer_append_c(buf, 0);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	382
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	383 /* Service challenge */
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	384 request->service_challenge =
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	385 p_malloc(request->pool, RPA_SCHALLENGE_LEN);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	386 random_fill(request->service_challenge, RPA_SCHALLENGE_LEN);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	387 buffer_append_c(buf, RPA_SCHALLENGE_LEN);
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	388 buffer_append(buf, request->service_challenge, RPA_SCHALLENGE_LEN);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	389
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	390 /* Timestamp, looks like clients accept anything we send */
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	391 random_fill(timestamp, sizeof(timestamp));
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	392 request->service_timestamp = p_malloc(request->pool, RPA_TIMESTAMP_LEN);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	393 memcpy(request->service_timestamp,
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	394 binary_to_hex(timestamp, sizeof(timestamp)),
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	395 RPA_TIMESTAMP_LEN);
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	396 buffer_append(buf, request->service_timestamp, RPA_TIMESTAMP_LEN);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	397
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	398 /* Realm list */
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	399 buffer_append_c(buf, realms_len >> 8);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	400 buffer_append_c(buf, realms_len & 0xff);
3228 e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	401 buffer_append(buf, str_c(realms), realms_len);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	402
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	403 *size = buffer_get_used_size(buf);
6414 a6a49d5efc59 Changed buffer_free() and buffer_free_without_data() APIs to take ** pointer Timo Sirainen <tss@iki.fi> parents: 5598 diff changeset	404 return buffer_free_without_data(&buf);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	405 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	406
2629 6ba9dcff11b9 Compiler warning fixes and cleanups Timo Sirainen <tss@iki.fi> parents: 2522 diff changeset	407 static const unsigned char *
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	408 mech_rpa_build_token4(struct rpa_auth_request request, size_t size)
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	409 {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	410 buffer_t *buf;
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	411 unsigned char server_response[MD5_RESULTLEN];
e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	412 unsigned int length = sizeof(rpa_oid) +
e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	413 sizeof(server_response) + 1 +
e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	414 sizeof(request->session_key) + 1 + 1;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	415
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	416 buf = buffer_create_dynamic(request->pool, length + 4);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	417
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	418 buffer_append_c(buf, ASN1_APPLICATION);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	419 buffer_append_asn1_length(buf, length);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	420 buffer_append(buf, rpa_oid, sizeof(rpa_oid));
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	421
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	422 /* Generate random session key */
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	423 random_fill(request->session_key, sizeof(request->session_key));
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	424
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	425 /* Server authentication response */
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	426 rpa_server_response(request, server_response);
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	427 buffer_append_c(buf, sizeof(server_response));
e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	428 buffer_append(buf, server_response, sizeof(server_response));
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	429
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	430 buffer_append_c(buf, sizeof(request->session_key));
e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	431 buffer_append(buf, request->session_key, sizeof(request->session_key));
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	432
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	433 /* Status, 0 - success */
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	434 buffer_append_c(buf, 0);
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	435
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	436 *size = buffer_get_used_size(buf);
6414 a6a49d5efc59 Changed buffer_free() and buffer_free_without_data() APIs to take ** pointer Timo Sirainen <tss@iki.fi> parents: 5598 diff changeset	437 return buffer_free_without_data(&buf);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	438 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	439
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3766 diff changeset	440 static bool verify_credentials(struct rpa_auth_request *request,
5598 971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is Timo Sirainen <tss@iki.fi> parents: 5597 diff changeset	441 const unsigned char *credentials, size_t size)
3058 052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	442 {
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	443 unsigned char response[MD5_RESULTLEN];
5089 18559c7e3a15 Cleanups and minor fixes Timo Sirainen <tss@iki.fi> parents: 4782 diff changeset	444
5598 971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is Timo Sirainen <tss@iki.fi> parents: 5597 diff changeset	445 if (size != sizeof(request->pwd_md5)) {
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is Timo Sirainen <tss@iki.fi> parents: 5597 diff changeset	446 auth_request_log_error(&request->auth_request, "rpa",
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is Timo Sirainen <tss@iki.fi> parents: 5597 diff changeset	447 "invalid credentials length");
5089 18559c7e3a15 Cleanups and minor fixes Timo Sirainen <tss@iki.fi> parents: 4782 diff changeset	448 return FALSE;
5598 971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is Timo Sirainen <tss@iki.fi> parents: 5597 diff changeset	449 }
3058 052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	450
5598 971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is Timo Sirainen <tss@iki.fi> parents: 5597 diff changeset	451 memcpy(request->pwd_md5, credentials, sizeof(request->pwd_md5));
3058 052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	452 rpa_user_response(request, response);
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	453 return memcmp(response, request->user_response, sizeof(response)) == 0;
3058 052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	454 }
052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	455
5475 769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	456 static void
3058 052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	457 rpa_credentials_callback(enum passdb_result result,
5598 971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is Timo Sirainen <tss@iki.fi> parents: 5597 diff changeset	458 const unsigned char *credentials, size_t size,
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	459 struct auth_request *auth_request)
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	460 {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	461 struct rpa_auth_request *request =
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	462 (struct rpa_auth_request *)auth_request;
2764 3cc4ebb5f42d Didn't work with asynchronous passdb. Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	463 const unsigned char *token4;
3cc4ebb5f42d Didn't work with asynchronous passdb. Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	464 size_t token4_size;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	465
3058 052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	466 switch (result) {
052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	467 case PASSDB_RESULT_OK:
5598 971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is Timo Sirainen <tss@iki.fi> parents: 5597 diff changeset	468 if (!verify_credentials(request, credentials, size))
5475 769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	469 auth_request_fail(auth_request);
769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	470 else {
769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	471 token4 = mech_rpa_build_token4(request, &token4_size);
769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	472 auth_request->callback(auth_request,
769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	473 AUTH_CLIENT_RESULT_CONTINUE,
769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	474 token4, token4_size);
769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	475 request->phase = 2;
769aaaee6821 Reverted accidental commit. This code isn't ready yet. Timo Sirainen <tss@iki.fi> parents: 5462 diff changeset	476 }
3058 052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	477 break;
052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	478 case PASSDB_RESULT_INTERNAL_FAILURE:
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: 3058 diff changeset	479 auth_request_internal_failure(auth_request);
3058 052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	480 break;
052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	481 default:
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: 3058 diff changeset	482 auth_request_fail(auth_request);
3058 052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	483 break;
2764 3cc4ebb5f42d Didn't work with asynchronous passdb. Timo Sirainen <tss@iki.fi> parents: 2736 diff changeset	484 }
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	485 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	486
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	487 static void
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	488 mech_rpa_auth_phase1(struct auth_request *auth_request,
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	489 const unsigned char *data, size_t data_size)
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	490 {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	491 struct rpa_auth_request *request =
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	492 (struct rpa_auth_request *)auth_request;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	493 const unsigned char *token2;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	494 size_t token2_size;
2522 a07fb16b9a24 Changed "invalid username" error message. Timo Sirainen <tss@iki.fi> parents: 2510 diff changeset	495 const char service, error;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	496
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	497 if (!rpa_parse_token1(data, data_size, &error)) {
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	498 auth_request_log_info(auth_request, "rpa",
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	499 "invalid token 1: %s", error);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: 3058 diff changeset	500 auth_request_fail(auth_request);
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	501 return;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	502 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	503
2781 e44a84dc947c s/protocol/service/ in authentication Timo Sirainen <tss@iki.fi> parents: 2764 diff changeset	504 service = t_str_lcase(auth_request->service);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	505
3228 e2d7f1db71e3 Proper realm support for RPA. Now RPA will use auth_realms and Timo Sirainen <tss@iki.fi> parents: 3151 diff changeset	506 token2 = mech_rpa_build_token2(request, &token2_size);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	507
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	508 request->service_ucs2be = ucs2be_str(request->pool, service,
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	509 &request->service_len);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	510
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	511 auth_request->callback(auth_request, AUTH_CLIENT_RESULT_CONTINUE,
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	512 token2, token2_size);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	513 request->phase = 1;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	514 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	515
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	516 static void
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	517 mech_rpa_auth_phase2(struct auth_request *auth_request,
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	518 const unsigned char *data, size_t data_size)
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	519 {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	520 struct rpa_auth_request *request =
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	521 (struct rpa_auth_request *)auth_request;
2522 a07fb16b9a24 Changed "invalid username" error message. Timo Sirainen <tss@iki.fi> parents: 2510 diff changeset	522 const char *error;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	523
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	524 if (!rpa_parse_token3(request, data, data_size, &error)) {
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	525 auth_request_log_info(auth_request, "rpa",
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	526 "invalid token 3: %s", error);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: 3058 diff changeset	527 auth_request_fail(auth_request);
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	528 return;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	529 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	530
5593 f8dc0bdb06a7 Removed enum passdb_credentials. Use scheme strings directly instead. This Timo Sirainen <tss@iki.fi> parents: 5475 diff changeset	531 auth_request_lookup_credentials(auth_request, "RPA",
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	532 rpa_credentials_callback);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	533 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	534
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	535 static void
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	536 mech_rpa_auth_phase3(struct auth_request *auth_request,
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	537 const unsigned char *data, size_t data_size)
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	538 {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	539 static const unsigned char client_ack[3] = { 0x60, 0x01, 0x00 };
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	540
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	541 if ((data_size != sizeof(client_ack)) \|\|
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	542 (memcmp(data, client_ack, sizeof(client_ack)) != 0)) {
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	543 auth_request_log_info(auth_request, "rpa",
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	544 "invalid token 5 or client rejects us");
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: 3058 diff changeset	545 auth_request_fail(auth_request);
3058 052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed Timo Sirainen <tss@iki.fi> parents: 2915 diff changeset	546 } else {
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: 3058 diff changeset	547 auth_request_success(auth_request, NULL, 0);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	548 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	549 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	550
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	551 static void
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	552 mech_rpa_auth_continue(struct auth_request *auth_request,
3071 c7db6b291daa API cleanup Timo Sirainen <tss@iki.fi> parents: 3069 diff changeset	553 const unsigned char *data, size_t data_size)
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	554 {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	555 struct rpa_auth_request *request =
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	556 (struct rpa_auth_request *)auth_request;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	557
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	558 switch (request->phase) {
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	559 case 0:
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	560 mech_rpa_auth_phase1(auth_request, data, data_size);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	561 break;
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	562 case 1:
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	563 mech_rpa_auth_phase2(auth_request, data, data_size);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	564 break;
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	565 case 2:
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	566 mech_rpa_auth_phase3(auth_request, data, data_size);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	567 break;
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	568 default:
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: 3058 diff changeset	569 auth_request_fail(auth_request);
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	570 break;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	571 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	572 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	573
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	574 static void
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	575 mech_rpa_auth_free(struct auth_request *auth_request)
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	576 {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	577 struct rpa_auth_request *request =
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	578 (struct rpa_auth_request *)auth_request;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	579
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	580 if (request->pwd_md5 != NULL)
5597 e9c43a73180c cleanup: use a bit less magic numbers Timo Sirainen <tss@iki.fi> parents: 5593 diff changeset	581 safe_memset(request->pwd_md5, 0, sizeof(request->pwd_md5));
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	582
6428 7cad076906eb pool_unref() now takes ** pointer. Timo Sirainen <tss@iki.fi> parents: 6414 diff changeset	583 pool_unref(&auth_request->pool);
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	584 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	585
3072 289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	586 static struct auth_request *mech_rpa_auth_new(void)
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	587 {
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	588 struct rpa_auth_request *request;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	589 pool_t pool;
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	590
3695 4f8598b0ca62 Use a bit larger initial pool sizes Timo Sirainen <tss@iki.fi> parents: 3683 diff changeset	591 pool = pool_alloconly_create("rpa_auth_request", 1024);
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	592 request = p_new(pool, struct rpa_auth_request, 1);
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	593 request->pool = pool;
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	594 request->phase = 0;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	595
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	596 request->auth_request.pool = pool;
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	597 return &request->auth_request;
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	598 }
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	599
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	600 const struct mech_module mech_rpa = {
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	601 "RPA",
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	602
3151 400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	603 MEMBER(flags) MECH_SEC_DICTIONARY \| MECH_SEC_ACTIVE \|
400624966554 Realm fixes. Patch by Andrey Panin Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	604 MECH_SEC_MUTUAL_AUTH,
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	605
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	606 MEMBER(passdb_need_plain) FALSE,
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	607 MEMBER(passdb_need_credentials) TRUE,
4782 2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and Timo Sirainen <tss@iki.fi> parents: 4414 diff changeset	608 MEMBER(passdb_need_set_credentials) FALSE,
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	609
abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	610 mech_rpa_auth_new,
4414 9017db478693 Added mech_generic_auth_internal() and mech_generic_auth_free() functions Timo Sirainen <tss@iki.fi> parents: 4382 diff changeset	611 mech_generic_auth_initial,
2736 0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	612 mech_rpa_auth_continue,
0f31778d3c34 Changed dovecot-auth protocol to ASCII based. Should be easier now to write Timo Sirainen <tss@iki.fi> parents: 2708 diff changeset	613 mech_rpa_auth_free
2428 abef2ac8843a Added Compuserve RPA authentication. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: diff changeset	614 };

Mercurial > dovecot > core-2.2

annotate src/auth/mech-rpa.c @ 6936:aacc69cc267b HEAD