Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/mech-cram-md5.c @ 9324:5d53b1d66d1b HEAD
auth: Check for potentially dangerous NULs in usernames.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Fri, 14 Aug 2009 02:54:41 -0400 |
| parents | 84eea1977632 |
| children | 00cd9aacd03c |
| rev | line source |
|---|---|
|
8590
b9faf4db2a9f
Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents:
8064
diff
changeset
|
1 /* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */ |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 /* CRAM-MD5 SASL authentication, see RFC-2195 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 Joshua Goodall <joshua@roughtrade.net> */ |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 #include "common.h" |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "ioloop.h" |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "buffer.h" |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "hex-binary.h" |
|
2383
959136e08a70
Merged CRAM-MD5 and NTLM hmac-md5 code. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
10 #include "hmac-md5.h" |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "randgen.h" |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "mech.h" |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "passdb.h" |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include "hostpid.h" |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include <stdlib.h> |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 #include <time.h> |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 struct cram_auth_request { |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 struct auth_request auth_request; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 pool_t pool; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 /* requested: */ |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 char *challenge; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 /* received: */ |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 char *username; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 char *response; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 unsigned long maxbuf; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 }; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 static const char *get_cram_challenge(void) |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 { |
| 1879 | 35 unsigned char buf[17]; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 size_t i; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 random_fill(buf, sizeof(buf)-1); |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 for (i = 0; i < sizeof(buf)-1; i++) |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 buf[i] = (buf[i] % 10) + '0'; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 buf[sizeof(buf)-1] = '\0'; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
44 return t_strdup_printf("<%s.%s@%s>", (const char *)buf, |
| 1879 | 45 dec2str(ioloop_time), my_hostname); |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 |
|
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
48 static bool verify_credentials(struct cram_auth_request *request, |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5595
diff
changeset
|
49 const unsigned char *credentials, size_t size) |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 { |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 |
|
5595
8d8f8b31ac82
hmac-md5 API cleanups. Use arrays with MD5_RESULTLEN and CRAM_MD5_CONTEXTLEN
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
52 unsigned char digest[MD5_RESULTLEN]; |
|
2383
959136e08a70
Merged CRAM-MD5 and NTLM hmac-md5 code. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
53 struct hmac_md5_context ctx; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 const char *response_hex; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5595
diff
changeset
|
56 if (size != CRAM_MD5_CONTEXTLEN) { |
| 3069 | 57 auth_request_log_error(&request->auth_request, "cram-md5", |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5595
diff
changeset
|
58 "invalid credentials length"); |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 return FALSE; |
|
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
60 } |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5595
diff
changeset
|
62 hmac_md5_set_cram_context(&ctx, credentials); |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
63 hmac_md5_update(&ctx, request->challenge, strlen(request->challenge)); |
|
2383
959136e08a70
Merged CRAM-MD5 and NTLM hmac-md5 code. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents:
2102
diff
changeset
|
64 hmac_md5_final(&ctx, digest); |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
65 |
|
5595
8d8f8b31ac82
hmac-md5 API cleanups. Use arrays with MD5_RESULTLEN and CRAM_MD5_CONTEXTLEN
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
66 response_hex = binary_to_hex(digest, sizeof(digest)); |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 |
|
5595
8d8f8b31ac82
hmac-md5 API cleanups. Use arrays with MD5_RESULTLEN and CRAM_MD5_CONTEXTLEN
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
68 if (memcmp(response_hex, request->response, sizeof(digest)*2) != 0) { |
| 3069 | 69 auth_request_log_info(&request->auth_request, "cram-md5", |
| 70 "password mismatch"); | |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 return FALSE; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 return TRUE; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 |
|
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
77 static bool parse_cram_response(struct cram_auth_request *request, |
|
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
78 const unsigned char *data, size_t size, |
|
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
79 const char **error_r) |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 { |
| 2677 | 81 size_t i, space; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 |
|
1876
445fc3dfecad
Don't treat data as NUL-terminated string.
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
83 *error_r = NULL; |
|
445fc3dfecad
Don't treat data as NUL-terminated string.
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
84 |
| 2677 | 85 /* <username> SPACE <response>. Username may contain spaces, so assume |
| 86 the rightmost space is the response separator. */ | |
| 87 for (i = space = 0; i < size; i++) { | |
|
9324
5d53b1d66d1b
auth: Check for potentially dangerous NULs in usernames.
Timo Sirainen <tss@iki.fi>
parents:
8605
diff
changeset
|
88 if (data[i] == '\0') { |
|
5d53b1d66d1b
auth: Check for potentially dangerous NULs in usernames.
Timo Sirainen <tss@iki.fi>
parents:
8605
diff
changeset
|
89 *error_r = "NULs in response"; |
|
5d53b1d66d1b
auth: Check for potentially dangerous NULs in usernames.
Timo Sirainen <tss@iki.fi>
parents:
8605
diff
changeset
|
90 return FALSE; |
|
5d53b1d66d1b
auth: Check for potentially dangerous NULs in usernames.
Timo Sirainen <tss@iki.fi>
parents:
8605
diff
changeset
|
91 } |
|
1876
445fc3dfecad
Don't treat data as NUL-terminated string.
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
92 if (data[i] == ' ') |
| 2677 | 93 space = i; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 |
| 2677 | 96 if (space == 0) { |
|
1876
445fc3dfecad
Don't treat data as NUL-terminated string.
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
97 *error_r = "missing digest"; |
|
445fc3dfecad
Don't treat data as NUL-terminated string.
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
98 return FALSE; |
|
445fc3dfecad
Don't treat data as NUL-terminated string.
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
99 } |
|
445fc3dfecad
Don't treat data as NUL-terminated string.
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
100 |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
101 request->username = p_strndup(request->pool, data, space); |
| 2677 | 102 space++; |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
103 request->response = |
|
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
104 p_strndup(request->pool, data + space, size - space); |
|
1876
445fc3dfecad
Don't treat data as NUL-terminated string.
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
105 return TRUE; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 |
|
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
108 static void credentials_callback(enum passdb_result result, |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5595
diff
changeset
|
109 const unsigned char *credentials, size_t size, |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
110 struct auth_request *auth_request) |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 { |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
112 struct cram_auth_request *request = |
|
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
113 (struct cram_auth_request *)auth_request; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 |
|
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
115 switch (result) { |
|
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
116 case PASSDB_RESULT_OK: |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5595
diff
changeset
|
117 if (verify_credentials(request, credentials, size)) |
|
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
118 auth_request_success(auth_request, NULL, 0); |
|
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
119 else |
|
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
120 auth_request_fail(auth_request); |
|
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
121 break; |
|
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
122 case PASSDB_RESULT_INTERNAL_FAILURE: |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
123 auth_request_internal_failure(auth_request); |
|
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
124 break; |
|
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
125 default: |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
126 auth_request_fail(auth_request); |
|
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2736
diff
changeset
|
127 break; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
131 static void |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 mech_cram_md5_auth_continue(struct auth_request *auth_request, |
| 3071 | 133 const unsigned char *data, size_t data_size) |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 { |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
135 struct cram_auth_request *request = |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 (struct cram_auth_request *)auth_request; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 const char *error; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
139 if (parse_cram_response(request, data, data_size, &error)) { |
|
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
140 if (auth_request_set_username(auth_request, request->username, |
|
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
3064
diff
changeset
|
141 &error)) { |
| 3068 | 142 auth_request_lookup_credentials(auth_request, |
|
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
143 "CRAM-MD5", credentials_callback); |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
144 return; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
146 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 if (error == NULL) |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 error = "authentication failed"; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 |
| 3069 | 151 auth_request_log_info(auth_request, "cram-md5", "%s", error); |
|
3064
2d33734b16d5
Split auth_request* functions from mech.c to auth-request.c
Timo Sirainen <tss@iki.fi>
parents:
3058
diff
changeset
|
152 auth_request_fail(auth_request); |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
155 static void |
|
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
1879
diff
changeset
|
156 mech_cram_md5_auth_initial(struct auth_request *auth_request, |
|
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
5640
diff
changeset
|
157 const unsigned char *data ATTR_UNUSED, |
|
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
5640
diff
changeset
|
158 size_t data_size ATTR_UNUSED) |
|
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
1879
diff
changeset
|
159 { |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
160 struct cram_auth_request *request = |
|
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
1879
diff
changeset
|
161 (struct cram_auth_request *)auth_request; |
|
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
1879
diff
changeset
|
162 |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
163 request->challenge = p_strdup(request->pool, get_cram_challenge()); |
| 3071 | 164 auth_request->callback(auth_request, AUTH_CLIENT_RESULT_CONTINUE, |
| 165 request->challenge, strlen(request->challenge)); | |
|
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
1879
diff
changeset
|
166 } |
|
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
1879
diff
changeset
|
167 |
| 3072 | 168 static struct auth_request *mech_cram_md5_auth_new(void) |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 { |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
170 struct cram_auth_request *request; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 pool_t pool; |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 pool = pool_alloconly_create("cram_md5_auth_request", 2048); |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
174 request = p_new(pool, struct cram_auth_request, 1); |
|
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
175 request->pool = pool; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
177 request->auth_request.pool = pool; |
|
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
178 return &request->auth_request; |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
179 } |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 |
|
5640
8591bc9961d9
Constify struct mech_module.
Andrey Panin <pazke@donpac.ru>
parents:
5598
diff
changeset
|
181 const struct mech_module mech_cram_md5 = { |
|
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
1879
diff
changeset
|
182 "CRAM-MD5", |
|
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
1879
diff
changeset
|
183 |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
184 MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, |
|
8605
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
185 MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE, |
|
2077
d5b20d679b8a
Removed hardcoded mechanism lists. It's now possible to add them
Timo Sirainen <tss@iki.fi>
parents:
1879
diff
changeset
|
186 |
|
2736
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
187 mech_cram_md5_auth_new, |
|
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
188 mech_cram_md5_auth_initial, |
|
0f31778d3c34
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
Timo Sirainen <tss@iki.fi>
parents:
2708
diff
changeset
|
189 mech_cram_md5_auth_continue, |
|
4414
9017db478693
Added mech_generic_auth_internal() and mech_generic_auth_free() functions
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
190 mech_generic_auth_free |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 }; |