Mercurial > dovecot > core-2.2
annotate src/auth/mech-otp.c @ 22614:cf66220d281e
doveadm proxy: Don't crash if remote doesn't support log proxying
| author | Timo Sirainen <timo.sirainen@dovecot.fi> |
|---|---|
| date | Sat, 14 Oct 2017 12:54:18 +0300 |
| parents | 569d41d21ec3 |
| children |
| rev | line source |
|---|---|
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 * One-Time-Password (RFC 2444) authentication mechanism. |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 * |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 * Copyright (c) 2006 Andrey Panin <pazke@donpac.ru> |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 * |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 * This software is released under the MIT license. |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 */ |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 |
|
9219
97cdfeb57129
Renamed headers to prevent collision if they were flattened on an install.
Mark Washenberger
parents:
8605
diff
changeset
|
9 #include "auth-common.h" |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "safe-memset.h" |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "hash.h" |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "mech.h" |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "passdb.h" |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include "hex-binary.h" |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "otp.h" |
|
9219
97cdfeb57129
Renamed headers to prevent collision if they were flattened on an install.
Mark Washenberger
parents:
8605
diff
changeset
|
16 #include "mech-otp-skey-common.h" |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 static void |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 otp_send_challenge(struct auth_request *auth_request, |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
20 const unsigned char *credentials, size_t size) |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 struct otp_auth_request *request = |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 (struct otp_auth_request *)auth_request; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 const char *answer; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
26 if (otp_parse_dbentry(t_strndup(credentials, size), |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
27 &request->state) != 0) { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
11497
diff
changeset
|
28 auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 "invalid OTP data in passdb"); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 return; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 if (--request->state.seq < 1) { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
11497
diff
changeset
|
35 auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 "sequence number < 1"); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 return; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 request->lock = otp_try_lock(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 if (!request->lock) { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
11497
diff
changeset
|
43 auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 "user is locked, race attack?"); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 return; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 answer = p_strdup_printf(request->pool, "otp-%s %u %s ext", |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 digest_name(request->state.algo), |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 request->state.seq, request->state.seed); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 |
|
11497
94f78f415811
auth: Removed unnecessary auth_request callback and context uses.
Timo Sirainen <tss@iki.fi>
parents:
11065
diff
changeset
|
53 auth_request_handler_reply_continue(auth_request, answer, |
|
94f78f415811
auth: Removed unnecessary auth_request callback and context uses.
Timo Sirainen <tss@iki.fi>
parents:
11065
diff
changeset
|
54 strlen(answer)); |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 |
|
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
57 static void |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 skey_credentials_callback(enum passdb_result result, |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
59 const unsigned char *credentials, size_t size, |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 struct auth_request *auth_request) |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 switch (result) { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 case PASSDB_RESULT_OK: |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
64 otp_send_challenge(auth_request, credentials, size); |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
65 break; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
66 case PASSDB_RESULT_INTERNAL_FAILURE: |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 auth_request_internal_failure(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 break; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 default: |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 break; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 |
|
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
75 static void |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 otp_credentials_callback(enum passdb_result result, |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
77 const unsigned char *credentials, size_t size, |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 struct auth_request *auth_request) |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 switch (result) { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 case PASSDB_RESULT_OK: |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
82 otp_send_challenge(auth_request, credentials, size); |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 break; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 case PASSDB_RESULT_INTERNAL_FAILURE: |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 auth_request_internal_failure(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 break; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 default: |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 /* OTP credentials not found, try S/KEY */ |
|
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
89 auth_request_lookup_credentials(auth_request, "OTP", |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 skey_credentials_callback); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 break; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 static void |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 mech_otp_auth_phase1(struct auth_request *auth_request, |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 const unsigned char *data, size_t data_size) |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 struct otp_auth_request *request = |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 (struct otp_auth_request *)auth_request; |
| 11065 | 101 const char *authenid, *error; |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 size_t i, count; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 /* authorization ID \0 authentication ID |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 FIXME: we'll ignore authorization ID for now. */ |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 authenid = NULL; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 count = 0; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 for (i = 0; i < data_size; i++) { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 if (data[i] == '\0') { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 if (++count == 1) |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 authenid = (const char *) data + i + 1; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 if ((count < 1) || (count > 2)) { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
11497
diff
changeset
|
117 auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 "invalid input"); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 return; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 if (!auth_request_set_username(auth_request, authenid, &error)) { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
11497
diff
changeset
|
124 auth_request_log_info(auth_request, AUTH_SUBSYS_MECH, "%s", error); |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 return; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 |
|
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
129 auth_request_lookup_credentials(auth_request, "OTP", |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 otp_credentials_callback); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
133 static void mech_otp_verify(struct auth_request *auth_request, |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 const char *data, bool hex) |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 struct otp_auth_request *request = |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 (struct otp_auth_request *)auth_request; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 struct otp_state *state = &request->state; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 unsigned char hash[OTP_HASH_SIZE], cur_hash[OTP_HASH_SIZE]; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 int ret; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
142 ret = otp_parse_response(data, hash, hex); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
143 if (ret < 0) { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
11497
diff
changeset
|
144 auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 "invalid response"); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
146 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 otp_unlock(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 return; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 otp_next_hash(state->algo, hash, cur_hash); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 ret = memcmp(cur_hash, state->hash, OTP_HASH_SIZE); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 if (ret != 0) { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 otp_unlock(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
157 return; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 memcpy(state->hash, hash, sizeof(state->hash)); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 |
|
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
162 auth_request_set_credentials(auth_request, "OTP", |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 otp_print_dbentry(state), |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 otp_set_credentials_callback); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 static void mech_otp_verify_init(struct auth_request *auth_request, |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 const char *data, bool hex) |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
170 struct otp_auth_request *request = |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 (struct otp_auth_request *)auth_request; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 struct otp_state new_state; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 unsigned char hash[OTP_HASH_SIZE], cur_hash[OTP_HASH_SIZE]; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 const char *error; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 int ret; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
177 ret = otp_parse_init_response(data, &new_state, cur_hash, hex, &error); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
178 if (ret < 0) { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
11497
diff
changeset
|
179 auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH, |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 "invalid init response, %s", error); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 otp_unlock(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 return; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 otp_next_hash(request->state.algo, cur_hash, hash); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
188 ret = memcmp(hash, request->state.hash, OTP_HASH_SIZE); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 if (ret != 0) { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 otp_unlock(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 return; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 |
|
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
195 auth_request_set_credentials(auth_request, "OTP", |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 otp_print_dbentry(&new_state), |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 otp_set_credentials_callback); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 static void |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 mech_otp_auth_phase2(struct auth_request *auth_request, |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 const unsigned char *data, size_t data_size) |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 const char *str = t_strndup(data, data_size); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 if (strncmp(str, "hex:", 4) == 0) { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 mech_otp_verify(auth_request, str + 4, TRUE); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
208 } else if (strncmp(str, "word:", 5) == 0) { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 mech_otp_verify(auth_request, str + 5, FALSE); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 } else if (strncmp(str, "init-hex:", 9) == 0) { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 mech_otp_verify_init(auth_request, str + 9, TRUE); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 } else if (strncmp(str, "init-word:", 10) == 0) { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 mech_otp_verify_init(auth_request, str + 10, FALSE); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
214 } else { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
11497
diff
changeset
|
215 auth_request_log_error(auth_request, AUTH_SUBSYS_MECH, |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 "unsupported response type"); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
217 auth_request_fail(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 otp_unlock(auth_request); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
219 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
220 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
221 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
222 static void |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 mech_otp_auth_continue(struct auth_request *auth_request, |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 const unsigned char *data, size_t data_size) |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 if (auth_request->user == NULL) { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 mech_otp_auth_phase1(auth_request, data, data_size); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
228 } else { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 mech_otp_auth_phase2(auth_request, data, data_size); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 static struct auth_request *mech_otp_auth_new(void) |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 struct otp_auth_request *request; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 pool_t pool; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 otp_lock_init(); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 |
|
17837
569d41d21ec3
auth: Mark memory pools as growing and use the same sizes for all mechanisms.
Timo Sirainen <tss@iki.fi>
parents:
17235
diff
changeset
|
240 pool = pool_alloconly_create(MEMPOOL_GROWING"otp_auth_request", 2048); |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 request = p_new(pool, struct otp_auth_request, 1); |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 request->pool = pool; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 request->lock = FALSE; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
244 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 request->auth_request.refcount = 1; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
246 request->auth_request.pool = pool; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
247 return &request->auth_request; |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
248 } |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
249 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
250 const struct mech_module mech_otp = { |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 "OTP", |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
252 |
|
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
9219
diff
changeset
|
253 .flags = MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, |
|
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
9219
diff
changeset
|
254 .passdb_need = MECH_PASSDB_NEED_SET_CREDENTIALS, |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
255 |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
256 mech_otp_auth_new, |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 mech_generic_auth_initial, |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 mech_otp_auth_continue, |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 mech_otp_skey_auth_free |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 }; |