Mercurial > dovecot > core-2.2
annotate src/auth/mech-rpa.c @ 4382:f8d37e26a2b3 HEAD
Relicensed dovecot-auth to MIT.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 16 Jun 2006 13:38:56 +0300 |
parents | fcfd44f56b04 |
children | 9017db478693 |
rev | line source |
---|---|
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 * Compuserve RPA authentication mechanism. |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 * |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru> |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 * |
4382
f8d37e26a2b3
Relicensed dovecot-auth to MIT.
Timo Sirainen <tss@iki.fi>
parents:
4020
diff
changeset
|
6 * This software is released under the MIT license. |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 */ |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "common.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "mech.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "passdb.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "str.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "strfuncs.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include "safe-memset.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "randgen.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include "buffer.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 #include "hostpid.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 #include "hex-binary.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 #include "md5.h" |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 struct rpa_auth_request { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 struct auth_request auth_request; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 pool_t pool; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 int phase; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 /* cached: */ |
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
29 unsigned char pwd_md5[16]; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 size_t service_len; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 const unsigned char *service_ucs2be; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 size_t username_len; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 const unsigned char *username_ucs2be; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 size_t realm_len; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 const unsigned char *realm_ucs2be; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 /* requested: */ |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 unsigned char *service_challenge; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 unsigned char *service_timestamp; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 /* received: */ |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 unsigned int user_challenge_len; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 unsigned char *user_challenge; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 unsigned char *user_response; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 unsigned char *session_key; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 }; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 #define RPA_SCHALLENGE_LEN 32 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 #define RPA_UCHALLENGE_LEN 16 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 #define RPA_TIMESTAMP_LEN 14 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 #define ASN1_APPLICATION 0x60 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 /* Object id encoded using ASN.1 DER */ |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 static const unsigned char rpa_oid[] = { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x73, 0x01, 0x01 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
57 }; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 void *ucs2be_str(pool_t pool, const char *str, size_t *size); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 /* |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 * Compute client -> server authentication response. |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
64 static void rpa_user_response(struct rpa_auth_request *request, |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
65 unsigned char *digest) |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
66 { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 struct md5_context ctx; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 unsigned char z[48]; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 memset(z, 0, sizeof(z)); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 md5_init(&ctx); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
73 md5_update(&ctx, request->pwd_md5, 16); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 md5_update(&ctx, z, sizeof(z)); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
75 md5_update(&ctx, request->username_ucs2be, request->username_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
76 md5_update(&ctx, request->service_ucs2be, request->service_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
77 md5_update(&ctx, request->realm_ucs2be, request->realm_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
78 md5_update(&ctx, request->user_challenge, request->user_challenge_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
79 md5_update(&ctx, request->service_challenge, RPA_SCHALLENGE_LEN); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
80 md5_update(&ctx, request->service_timestamp, RPA_TIMESTAMP_LEN); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
81 md5_update(&ctx, request->pwd_md5, 16); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 md5_final(&ctx, digest); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 /* |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 * Compute server -> client authentication response. |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
88 static void rpa_server_response(struct rpa_auth_request *request, |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 unsigned char *digest) |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 struct md5_context ctx; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 unsigned char tmp[16]; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 unsigned char z[48]; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 int i; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 memset(z, 0, sizeof(z)); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 md5_init(&ctx); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
99 md5_update(&ctx, request->pwd_md5, 16); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 md5_update(&ctx, z, sizeof(z)); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
101 md5_update(&ctx, request->service_ucs2be, request->service_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
102 md5_update(&ctx, request->username_ucs2be, request->username_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
103 md5_update(&ctx, request->realm_ucs2be, request->realm_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
104 md5_update(&ctx, request->service_challenge, RPA_SCHALLENGE_LEN); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
105 md5_update(&ctx, request->user_challenge, request->user_challenge_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
106 md5_update(&ctx, request->service_timestamp, RPA_TIMESTAMP_LEN); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
107 md5_update(&ctx, request->pwd_md5, 16); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 md5_final(&ctx, tmp); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 for (i = 0; i < 16; i++) |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
111 tmp[i] = request->session_key[i] ^ tmp[i]; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 md5_init(&ctx); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
114 md5_update(&ctx, request->pwd_md5, 16); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 md5_update(&ctx, z, sizeof(z)); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
116 md5_update(&ctx, request->service_ucs2be, request->service_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
117 md5_update(&ctx, request->username_ucs2be, request->username_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
118 md5_update(&ctx, request->realm_ucs2be, request->realm_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
119 md5_update(&ctx, request->session_key, 16); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
120 md5_update(&ctx, request->service_challenge, RPA_SCHALLENGE_LEN); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
121 md5_update(&ctx, request->user_challenge, request->user_challenge_len); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
122 md5_update(&ctx, request->service_timestamp, RPA_TIMESTAMP_LEN); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 md5_update(&ctx, tmp, 16); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
124 md5_update(&ctx, request->pwd_md5, 16); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 md5_final(&ctx, digest); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 static const unsigned char * |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 rpa_check_message(const unsigned char *data, const unsigned char *end, |
2522
a07fb16b9a24
Changed "invalid username" error message.
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
130 const char **error) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 const unsigned char *p = data; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
133 unsigned int len = 0; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 if (p + 2 > end) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 *error = "message too short"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 return NULL; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 if (*p++ != ASN1_APPLICATION) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 *error = "invalid data type"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
142 return NULL; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
143 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
144 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 if ((*p & 0x80) != 0) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
146 unsigned int nbytes = *p++ & 0x7f; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 while (nbytes-- > 0) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 if (p >= end) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 *error = "invalid structure length"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 return NULL; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 len = (len << 8) | *p++; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 } else |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
157 len = *p++; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 if ((size_t)(end - p) != len) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 *error = "structure length disagrees with data size"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 return NULL; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 if (p + sizeof(rpa_oid) > end) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 *error = "not enough space for object id"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 return NULL; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 if (memcmp(p, rpa_oid, sizeof(rpa_oid)) != 0) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
170 *error = "invalid object id"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 return NULL; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 return p + sizeof(rpa_oid); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
177 static bool |
2522
a07fb16b9a24
Changed "invalid username" error message.
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
178 rpa_parse_token1(const void *data, size_t data_size, const char **error) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
179 { |
4020
fcfd44f56b04
While casting const pointers to something else, the const was often
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
180 const unsigned char *end = ((const unsigned char *) data) + data_size; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 const unsigned char *p; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 unsigned int version_lo, version_hi; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 p = rpa_check_message(data, end, error); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 if (p == NULL) |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
188 if (p + 6 > end) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 *error = "message too short"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 version_lo = p[0] + (p[1] << 8); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 version_hi = p[2] + (p[3] << 8); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 if ((version_lo > 3) || (version_hi < 3)) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 *error = "protocol version mismatch"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 p += 4; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 if ((p[0] != 0) || (p[1] != 1)) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 *error = "invalid message flags"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 p += 2; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
208 if (p != end) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 *error = "unneeded data found"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 return TRUE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
214 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
215 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 static unsigned int |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
217 rpa_read_buffer(pool_t pool, const unsigned char **data, |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 const unsigned char *end, unsigned char **buffer) |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
219 { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
220 const unsigned char *p = *data; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
221 unsigned int len; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
222 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 if (p > end) |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 return 0; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 len = *p++; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 if (p + len > end) |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
228 return 0; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 *buffer = p_malloc(pool, len); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 memcpy(*buffer, p, len); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 *data += 1 + len; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 return len; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
238 static bool |
3228
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
239 rpa_verify_realm(struct rpa_auth_request *request, const char *realm) |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
240 { |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
241 const char *default_realm; |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
242 const char *const *tmp; |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
243 |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
244 tmp = request->auth_request.auth->auth_realms; |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
245 for (; *tmp != NULL; tmp++) { |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
246 if (strcasecmp(realm, *tmp) == 0) |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
247 return TRUE; |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
248 } |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
249 |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
250 default_realm = request->auth_request.auth->default_realm != NULL ? |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
251 request->auth_request.auth->default_realm : |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
252 my_hostname; |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
253 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
254 return strcasecmp(realm, default_realm) == 0; |
3228
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
255 } |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
256 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
257 static bool |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
258 rpa_parse_token3(struct rpa_auth_request *request, const void *data, |
2522
a07fb16b9a24
Changed "invalid username" error message.
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
259 size_t data_size, const char **error) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
261 struct auth_request *auth_request = &request->auth_request; |
4020
fcfd44f56b04
While casting const pointers to something else, the const was often
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
262 const unsigned char *end = ((const unsigned char *)data) + data_size; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
263 const unsigned char *p; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
264 unsigned int len; |
3151
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
265 const char *user, *realm; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 p = rpa_check_message(data, end, error); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 if (p == NULL) |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 /* Read username@realm */ |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
272 if (p + 2 > end) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 *error = "message too short"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
275 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
276 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
277 len = (p[0] >> 8) + p[1]; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
278 if (p + 2 + len > end) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
279 *error = "message too short"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
282 p += 2; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
283 |
3151
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
284 user = t_strndup(p, len); |
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
285 realm = strrchr(user, '@'); |
3228
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
286 if ((realm == NULL) || !rpa_verify_realm(request, realm + 1)) { |
3151
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
287 *error = "invalid realm"; |
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
288 return FALSE; |
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
289 } |
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
290 user = t_strdup_until(user, realm++); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
291 p += len; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
292 |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
293 if (!auth_request_set_username(auth_request, user, error)) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
294 return FALSE; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
295 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
296 request->username_ucs2be = ucs2be_str(request->pool, auth_request->user, |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
297 &request->username_len); |
3151
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
298 request->realm_ucs2be = ucs2be_str(request->pool, realm, |
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
299 &request->realm_len); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
300 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
301 /* Read user challenge */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
302 request->user_challenge_len = rpa_read_buffer(request->pool, &p, end, |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
303 &request->user_challenge); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
304 if (request->user_challenge_len == 0) { |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
305 *error = "invalid user challenge"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
306 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
307 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
308 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
309 /* Read user response */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
310 len = rpa_read_buffer(request->pool, &p, end, &request->user_response); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
311 if (len != RPA_UCHALLENGE_LEN) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
312 *error = "invalid user response"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
313 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
314 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
315 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
316 if (p != end) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
317 *error = "unneeded data found"; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
318 return FALSE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
319 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
320 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
321 return TRUE; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
322 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
323 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
324 static void |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
325 buffer_append_asn1_length(buffer_t *buf, unsigned int length) |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
326 { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
327 if (length < 0x80) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
328 buffer_append_c(buf, length); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
329 } else if (length < 0x100) { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
330 buffer_append_c(buf, 0x81); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
331 buffer_append_c(buf, length); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
332 } else { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
333 buffer_append_c(buf, 0x82); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
334 buffer_append_c(buf, length >> 8); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
335 buffer_append_c(buf, length & 0xff); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
336 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
337 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
338 |
3228
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
339 static void |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
340 rpa_add_realm(string_t *realms, const char *realm, const char *service) |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
341 { |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
342 str_append(realms, service); |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
343 str_append_c(realms, '@'); |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
344 str_append(realms, realm); |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
345 str_append_c(realms, ' '); |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
346 } |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
347 |
2629
6ba9dcff11b9
Compiler warning fixes and cleanups
Timo Sirainen <tss@iki.fi>
parents:
2522
diff
changeset
|
348 static const unsigned char * |
3228
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
349 mech_rpa_build_token2(struct rpa_auth_request *request, size_t *size) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
350 { |
3228
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
351 struct auth *auth = request->auth_request.auth; |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
352 unsigned int realms_len, length; |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
353 string_t *realms; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
354 buffer_t *buf; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
355 unsigned char timestamp[RPA_TIMESTAMP_LEN / 2]; |
3228
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
356 const char *const *tmp; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
357 |
3228
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
358 realms = t_str_new(64); |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
359 for (tmp = auth->auth_realms; *tmp != NULL; tmp++) { |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
360 rpa_add_realm(realms, *tmp, request->auth_request.service); |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
361 } |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
362 |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
363 if (str_len(realms) == 0) { |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
364 rpa_add_realm(realms, auth->default_realm != NULL ? |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
365 auth->default_realm : my_hostname, |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
366 request->auth_request.service); |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
367 } |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
368 |
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
369 realms_len = str_len(realms) - 1; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
370 length = sizeof(rpa_oid) + 3 + RPA_SCHALLENGE_LEN + |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
371 RPA_TIMESTAMP_LEN + 2 + realms_len; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
372 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
373 buf = buffer_create_dynamic(request->pool, length + 4); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
374 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
375 buffer_append_c(buf, ASN1_APPLICATION); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
376 buffer_append_asn1_length(buf, length); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
377 buffer_append(buf, rpa_oid, sizeof(rpa_oid)); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
378 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
379 /* Protocol version */ |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
380 buffer_append_c(buf, 3); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
381 buffer_append_c(buf, 0); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
382 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
383 /* Service challenge */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
384 request->service_challenge = |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
385 p_malloc(request->pool, RPA_SCHALLENGE_LEN); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
386 random_fill(request->service_challenge, RPA_SCHALLENGE_LEN); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
387 buffer_append_c(buf, RPA_SCHALLENGE_LEN); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
388 buffer_append(buf, request->service_challenge, RPA_SCHALLENGE_LEN); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
389 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
390 /* Timestamp, looks like clients accept anything we send */ |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
391 random_fill(timestamp, sizeof(timestamp)); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
392 request->service_timestamp = p_malloc(request->pool, RPA_TIMESTAMP_LEN); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
393 memcpy(request->service_timestamp, |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
394 binary_to_hex(timestamp, sizeof(timestamp)), |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
395 RPA_TIMESTAMP_LEN); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
396 buffer_append(buf, request->service_timestamp, RPA_TIMESTAMP_LEN); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
397 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
398 /* Realm list */ |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
399 buffer_append_c(buf, realms_len >> 8); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
400 buffer_append_c(buf, realms_len & 0xff); |
3228
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
401 buffer_append(buf, str_c(realms), realms_len); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
402 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
403 *size = buffer_get_used_size(buf); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
404 return buffer_free_without_data(buf); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
405 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
406 |
2629
6ba9dcff11b9
Compiler warning fixes and cleanups
Timo Sirainen <tss@iki.fi>
parents:
2522
diff
changeset
|
407 static const unsigned char * |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
408 mech_rpa_build_token4(struct rpa_auth_request *request, size_t *size) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
409 { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
410 unsigned int length = sizeof(rpa_oid) + 17 + 17 + 1; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
411 buffer_t *buf; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
412 unsigned char server_response[16]; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
413 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
414 buf = buffer_create_dynamic(request->pool, length + 4); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
415 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
416 buffer_append_c(buf, ASN1_APPLICATION); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
417 buffer_append_asn1_length(buf, length); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
418 buffer_append(buf, rpa_oid, sizeof(rpa_oid)); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
419 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
420 /* Generate random session key */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
421 request->session_key = p_malloc(request->pool, 16); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
422 random_fill(request->session_key, 16); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
423 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
424 /* Server authentication response */ |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
425 rpa_server_response(request, server_response); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
426 buffer_append_c(buf, 16); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
427 buffer_append(buf, server_response, 16); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
428 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
429 buffer_append_c(buf, 16); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
430 buffer_append(buf, request->session_key, 16); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
431 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
432 /* Status, 0 - success */ |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
433 buffer_append_c(buf, 0); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
434 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
435 *size = buffer_get_used_size(buf); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
436 return buffer_free_without_data(buf); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
437 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
438 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
439 static bool verify_credentials(struct rpa_auth_request *request, |
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
440 const char *credentials) |
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
441 { |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
442 unsigned char response[16]; |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
443 buffer_t *hash_buffer; |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
444 |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
445 hash_buffer = buffer_create_data(request->pool, request->pwd_md5, 16); |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
446 hex_to_binary(credentials, hash_buffer); |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
447 |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
448 rpa_user_response(request, response); |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
449 return memcmp(response, request->user_response, 16) == 0; |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
450 } |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
451 |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
452 static void |
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
453 rpa_credentials_callback(enum passdb_result result, |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
454 const char *credentials, |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
455 struct auth_request *auth_request) |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
456 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
457 struct rpa_auth_request *request = |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
458 (struct rpa_auth_request *)auth_request; |
2764
3cc4ebb5f42d
Didn't work with asynchronous passdb.
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
459 const unsigned char *token4; |
3cc4ebb5f42d
Didn't work with asynchronous passdb.
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
460 size_t token4_size; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
461 |
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
462 switch (result) { |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
463 case PASSDB_RESULT_OK: |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
464 if (!verify_credentials(request, credentials)) |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
465 auth_request_fail(auth_request); |
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
466 else { |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
467 token4 = mech_rpa_build_token4(request, &token4_size); |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
468 auth_request->callback(auth_request, |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
469 AUTH_CLIENT_RESULT_CONTINUE, |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
470 token4, token4_size); |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
471 request->phase = 2; |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
472 } |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
473 break; |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
474 case PASSDB_RESULT_INTERNAL_FAILURE: |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
475 auth_request_internal_failure(auth_request); |
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
476 break; |
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
477 default: |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
478 auth_request_fail(auth_request); |
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
479 break; |
2764
3cc4ebb5f42d
Didn't work with asynchronous passdb.
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
480 } |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
481 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
482 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
483 static void |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
484 mech_rpa_auth_phase1(struct auth_request *auth_request, |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
485 const unsigned char *data, size_t data_size) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
486 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
487 struct rpa_auth_request *request = |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
488 (struct rpa_auth_request *)auth_request; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
489 const unsigned char *token2; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
490 size_t token2_size; |
2522
a07fb16b9a24
Changed "invalid username" error message.
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
491 const char *service, *error; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
492 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
493 if (!rpa_parse_token1(data, data_size, &error)) { |
3069 | 494 auth_request_log_info(auth_request, "rpa", |
495 "invalid token 1: %s", error); | |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
496 auth_request_fail(auth_request); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
497 return; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
498 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
499 |
2781
e44a84dc947c
s/protocol/service/ in authentication
Timo Sirainen <tss@iki.fi>
parents:
2764
diff
changeset
|
500 service = t_str_lcase(auth_request->service); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
501 |
3228
e2d7f1db71e3
Proper realm support for RPA. Now RPA will use auth_realms and
Timo Sirainen <tss@iki.fi>
parents:
3151
diff
changeset
|
502 token2 = mech_rpa_build_token2(request, &token2_size); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
503 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
504 request->service_ucs2be = ucs2be_str(request->pool, service, |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
505 &request->service_len); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
506 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
507 auth_request->callback(auth_request, AUTH_CLIENT_RESULT_CONTINUE, |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
508 token2, token2_size); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
509 request->phase = 1; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
510 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
511 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
512 static void |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
513 mech_rpa_auth_phase2(struct auth_request *auth_request, |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
514 const unsigned char *data, size_t data_size) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
515 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
516 struct rpa_auth_request *request = |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
517 (struct rpa_auth_request *)auth_request; |
2522
a07fb16b9a24
Changed "invalid username" error message.
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
518 const char *error; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
519 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
520 if (!rpa_parse_token3(request, data, data_size, &error)) { |
3069 | 521 auth_request_log_info(auth_request, "rpa", |
522 "invalid token 3: %s", error); | |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
523 auth_request_fail(auth_request); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
524 return; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
525 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
526 |
3068 | 527 auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_RPA, |
528 rpa_credentials_callback); | |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
529 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
530 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
531 static void |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
532 mech_rpa_auth_phase3(struct auth_request *auth_request, |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
533 const unsigned char *data, size_t data_size) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
534 { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
535 static const unsigned char client_ack[3] = { 0x60, 0x01, 0x00 }; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
536 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
537 if ((data_size != sizeof(client_ack)) || |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
538 (memcmp(data, client_ack, sizeof(client_ack)) != 0)) { |
3069 | 539 auth_request_log_info(auth_request, "rpa", |
540 "invalid token 5 or client rejects us"); | |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
541 auth_request_fail(auth_request); |
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2915
diff
changeset
|
542 } else { |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
543 auth_request_success(auth_request, NULL, 0); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
544 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
545 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
546 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
547 static void |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
548 mech_rpa_auth_continue(struct auth_request *auth_request, |
3071 | 549 const unsigned char *data, size_t data_size) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
550 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
551 struct rpa_auth_request *request = |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
552 (struct rpa_auth_request *)auth_request; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
553 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
554 switch (request->phase) { |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
555 case 0: |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
556 mech_rpa_auth_phase1(auth_request, data, data_size); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
557 break; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
558 case 1: |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
559 mech_rpa_auth_phase2(auth_request, data, data_size); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
560 break; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
561 case 2: |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
562 mech_rpa_auth_phase3(auth_request, data, data_size); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
563 break; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
564 default: |
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
565 auth_request_fail(auth_request); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
566 break; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
567 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
568 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
569 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
570 static void |
2915
25bc79e67271
Initial response support for NTLM and RPA. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2781
diff
changeset
|
571 mech_rpa_auth_initial(struct auth_request *request, |
3071 | 572 const unsigned char *data, size_t data_size) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
573 { |
3071 | 574 if (data_size == 0) { |
575 request->callback(request, AUTH_CLIENT_RESULT_CONTINUE, | |
576 NULL, 0); | |
577 } else { | |
578 mech_rpa_auth_continue(request, data, data_size); | |
579 } | |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
580 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
581 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
582 static void |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
583 mech_rpa_auth_free(struct auth_request *auth_request) |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
584 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
585 struct rpa_auth_request *request = |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
586 (struct rpa_auth_request *)auth_request; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
587 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
588 if (request->pwd_md5 != NULL) |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
589 safe_memset(request->pwd_md5, 0, 16); |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
590 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
591 pool_unref(auth_request->pool); |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
592 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
593 |
3072 | 594 static struct auth_request *mech_rpa_auth_new(void) |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
595 { |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
596 struct rpa_auth_request *request; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
597 pool_t pool; |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
598 |
3695
4f8598b0ca62
Use a bit larger initial pool sizes
Timo Sirainen <tss@iki.fi>
parents:
3683
diff
changeset
|
599 pool = pool_alloconly_create("rpa_auth_request", 1024); |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
600 request = p_new(pool, struct rpa_auth_request, 1); |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
601 request->pool = pool; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
602 request->phase = 0; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
603 |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
604 request->auth_request.pool = pool; |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
605 return &request->auth_request; |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
606 } |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
607 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
608 const struct mech_module mech_rpa = { |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
609 "RPA", |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
610 |
3151
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
611 MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE | |
400624966554
Realm fixes. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents:
3072
diff
changeset
|
612 MECH_SEC_MUTUAL_AUTH, |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
613 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
614 MEMBER(passdb_need_plain) FALSE, |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
615 MEMBER(passdb_need_credentials) TRUE, |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
616 |
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
617 mech_rpa_auth_new, |
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
618 mech_rpa_auth_initial, |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
619 mech_rpa_auth_continue, |
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
620 mech_rpa_auth_free |
2428
abef2ac8843a
Added Compuserve RPA authentication. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
621 }; |