Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/password-scheme.h @ 9266:cd29b745c8dd HEAD
configure: clock_gettime()'s -lrt adding dropped everything else from $LIBS.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Mon, 27 Jul 2009 06:32:42 -0400 |
| parents | e4eb71ae8e96 |
| children | b48a4af4248d |
| rev | line source |
|---|---|
|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
6188
diff
changeset
|
1 #ifndef PASSWORD_SCHEME_H |
|
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
6188
diff
changeset
|
2 #define PASSWORD_SCHEME_H |
|
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
4 enum password_encoding { |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
5 PW_ENCODING_NONE, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
6 PW_ENCODING_BASE64, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
7 PW_ENCODING_HEX |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
8 }; |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
9 |
|
2084
9ba79ebae6ab
Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
10 struct password_scheme { |
|
9ba79ebae6ab
Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
11 const char *name; |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
12 enum password_encoding default_encoding; |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
13 /* If non-zero, this is the expected raw password length. |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
14 It can be used to automatically detect encoding between |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
15 hex and base64 encoded passwords. */ |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
16 unsigned int raw_password_len; |
|
2084
9ba79ebae6ab
Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
17 |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
18 bool (*password_verify)(const char *plaintext, const char *user, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
19 const unsigned char *raw_password, size_t size); |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
20 void (*password_generate)(const char *plaintext, const char *user, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
21 const unsigned char **raw_password_r, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
22 size_t *size_r); |
|
2084
9ba79ebae6ab
Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
23 }; |
|
6188
e609b4e3a35c
Added password_scheme_[un]register() and used it internally. Removed
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
24 ARRAY_DEFINE_TYPE(password_scheme_p, const struct password_scheme *); |
|
e609b4e3a35c
Added password_scheme_[un]register() and used it internally. Removed
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
25 |
|
e609b4e3a35c
Added password_scheme_[un]register() and used it internally. Removed
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
26 extern ARRAY_TYPE(password_scheme_p) password_schemes; |
|
2084
9ba79ebae6ab
Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
27 |
|
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 /* Returns 1 = matched, 0 = didn't match, -1 = unknown scheme */ |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
29 int password_verify(const char *plaintext, const char *user, const char *scheme, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
30 const unsigned char *raw_password, size_t size); |
|
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 |
|
5563
063b184597fa
Do scheme=MD5 password!=$1$.. -> PLAIN-MD5 change only with LDAP.
Timo Sirainen <tss@iki.fi>
parents:
4798
diff
changeset
|
32 /* Extracts scheme from password, or returns NULL if it isn't found. |
|
063b184597fa
Do scheme=MD5 password!=$1$.. -> PLAIN-MD5 change only with LDAP.
Timo Sirainen <tss@iki.fi>
parents:
4798
diff
changeset
|
33 If auth_request is given, it's used for debug logging. */ |
|
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 const char *password_get_scheme(const char **password); |
|
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
36 /* Decode encoded (base64/hex) password to raw form. Returns 1 if ok, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
37 0 if scheme is unknown, -1 if password is invalid. */ |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
38 int password_decode(const char *password, const char *scheme, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
39 const unsigned char **raw_password_r, size_t *size_r); |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
40 |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
41 /* Create password with wanted scheme out of plaintext password and username. |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
42 Potential base64/hex directives are ignored in scheme. Returns FALSE if |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
43 the scheme is unknown. */ |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
44 bool password_generate(const char *plaintext, const char *user, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
45 const char *scheme, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
46 const unsigned char **raw_password_r, size_t *size_r); |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
47 /* Like above, but generate encoded passwords. If hex/base64 directive isn't |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
48 specified in the scheme, the default encoding for the scheme is used. |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
49 Returns FALSE if the scheme is unknown. */ |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
50 bool password_generate_encoded(const char *plaintext, const char *user, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
51 const char *scheme, const char **password_r); |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
52 |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
53 /* Returns TRUE if schemes are equivalent. */ |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
54 bool password_scheme_is_alias(const char *scheme1, const char *scheme2); |
|
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 |
|
6188
e609b4e3a35c
Added password_scheme_[un]register() and used it internally. Removed
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
56 void password_scheme_register(const struct password_scheme *scheme); |
|
e609b4e3a35c
Added password_scheme_[un]register() and used it internally. Removed
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
57 void password_scheme_unregister(const struct password_scheme *scheme); |
|
2367
203938a7f45e
Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents:
2084
diff
changeset
|
58 |
|
2084
9ba79ebae6ab
Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
59 void password_schemes_init(void); |
|
9ba79ebae6ab
Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
60 void password_schemes_deinit(void); |
|
9ba79ebae6ab
Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents:
1873
diff
changeset
|
61 |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
62 /* INTERNAL: */ |
|
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
63 const char *password_generate_md5_crypt(const char *pw, const char *salt); |
|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
64 const char *password_generate_otp(const char *pw, const char *state, |
|
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
65 unsigned int algo); |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
66 void password_generate_rpa(const char *pw, unsigned char result[]); |
|
1873
ed5e808d934f
CRAM-MD5 mechanism by Joshua Goodall, plus some cleanups.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
67 |
|
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 #endif |