Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/mech-otp.c @ 9490:fd84592e817b HEAD
dovecot-example.conf: Updated dict comments.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 23 Nov 2009 13:08:47 -0500 |
parents | 84eea1977632 |
children |
rev | line source |
---|---|
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 * One-Time-Password (RFC 2444) authentication mechanism. |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 * |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 * Copyright (c) 2006 Andrey Panin <pazke@donpac.ru> |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 * |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 * This software is released under the MIT license. |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 */ |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "common.h" |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "safe-memset.h" |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "hash.h" |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "mech.h" |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "passdb.h" |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include "hex-binary.h" |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "otp.h" |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include "otp-skey-common.h" |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 static void |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 otp_send_challenge(struct auth_request *auth_request, |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
20 const unsigned char *credentials, size_t size) |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 struct otp_auth_request *request = |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 (struct otp_auth_request *)auth_request; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 const char *answer; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
26 if (otp_parse_dbentry(t_strndup(credentials, size), |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
27 &request->state) != 0) { |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 auth_request_log_error(&request->auth_request, "otp", |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 "invalid OTP data in passdb"); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 return; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 if (--request->state.seq < 1) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 auth_request_log_error(&request->auth_request, "otp", |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 "sequence number < 1"); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 return; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 request->lock = otp_try_lock(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 if (!request->lock) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 auth_request_log_error(&request->auth_request, "otp", |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 "user is locked, race attack?"); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 return; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 answer = p_strdup_printf(request->pool, "otp-%s %u %s ext", |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 digest_name(request->state.algo), |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 request->state.seq, request->state.seed); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 auth_request->callback(auth_request, |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 AUTH_CLIENT_RESULT_CONTINUE, |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 answer, strlen(answer)); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
57 |
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
58 static void |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 skey_credentials_callback(enum passdb_result result, |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
60 const unsigned char *credentials, size_t size, |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 struct auth_request *auth_request) |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 switch (result) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
64 case PASSDB_RESULT_OK: |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
65 otp_send_challenge(auth_request, credentials, size); |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
66 break; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 case PASSDB_RESULT_INTERNAL_FAILURE: |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 auth_request_internal_failure(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 break; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 default: |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 break; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 |
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
76 static void |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 otp_credentials_callback(enum passdb_result result, |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
78 const unsigned char *credentials, size_t size, |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 struct auth_request *auth_request) |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 switch (result) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 case PASSDB_RESULT_OK: |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
83 otp_send_challenge(auth_request, credentials, size); |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 break; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 case PASSDB_RESULT_INTERNAL_FAILURE: |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 auth_request_internal_failure(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 break; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 default: |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 /* OTP credentials not found, try S/KEY */ |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
90 auth_request_lookup_credentials(auth_request, "OTP", |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 skey_credentials_callback); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 break; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 static void |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 mech_otp_auth_phase1(struct auth_request *auth_request, |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 const unsigned char *data, size_t data_size) |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 struct otp_auth_request *request = |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
101 (struct otp_auth_request *)auth_request; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 const char *authzid, *authenid, *error; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 size_t i, count; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 /* authorization ID \0 authentication ID |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 FIXME: we'll ignore authorization ID for now. */ |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 authzid = (const char *) data; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 authenid = NULL; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 count = 0; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 for (i = 0; i < data_size; i++) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 if (data[i] == '\0') { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 if (++count == 1) |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 authenid = (const char *) data + i + 1; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
117 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 if ((count < 1) || (count > 2)) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 auth_request_log_error(&request->auth_request, "otp", |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 "invalid input"); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 return; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 if (!auth_request_set_username(auth_request, authenid, &error)) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 auth_request_log_info(auth_request, "otp", "%s", error); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 return; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
131 auth_request_lookup_credentials(auth_request, "OTP", |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 otp_credentials_callback); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
133 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 static void mech_otp_verify(struct auth_request *auth_request, |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 const char *data, bool hex) |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 struct otp_auth_request *request = |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 (struct otp_auth_request *)auth_request; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 struct otp_state *state = &request->state; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 unsigned char hash[OTP_HASH_SIZE], cur_hash[OTP_HASH_SIZE]; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
142 int ret; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
143 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
144 ret = otp_parse_response(data, hash, hex); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 if (ret < 0) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
146 auth_request_log_error(&request->auth_request, "otp", |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 "invalid response"); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 otp_unlock(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 return; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 otp_next_hash(state->algo, hash, cur_hash); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 ret = memcmp(cur_hash, state->hash, OTP_HASH_SIZE); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 if (ret != 0) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
157 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 otp_unlock(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 return; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 memcpy(state->hash, hash, sizeof(state->hash)); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
164 auth_request_set_credentials(auth_request, "OTP", |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 otp_print_dbentry(state), |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 otp_set_credentials_callback); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 static void mech_otp_verify_init(struct auth_request *auth_request, |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
170 const char *data, bool hex) |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 struct otp_auth_request *request = |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 (struct otp_auth_request *)auth_request; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 struct otp_state new_state; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 unsigned char hash[OTP_HASH_SIZE], cur_hash[OTP_HASH_SIZE]; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 const char *error; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
177 int ret; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
178 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
179 ret = otp_parse_init_response(data, &new_state, cur_hash, hex, &error); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 if (ret < 0) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 auth_request_log_error(&request->auth_request, "otp", |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 "invalid init response, %s", error); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 otp_unlock(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 return; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
188 otp_next_hash(request->state.algo, cur_hash, hash); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 ret = memcmp(hash, request->state.hash, OTP_HASH_SIZE); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 if (ret != 0) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 otp_unlock(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 return; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
197 auth_request_set_credentials(auth_request, "OTP", |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 otp_print_dbentry(&new_state), |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 otp_set_credentials_callback); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 static void |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 mech_otp_auth_phase2(struct auth_request *auth_request, |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 const unsigned char *data, size_t data_size) |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 const char *str = t_strndup(data, data_size); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
208 if (strncmp(str, "hex:", 4) == 0) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 mech_otp_verify(auth_request, str + 4, TRUE); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 } else if (strncmp(str, "word:", 5) == 0) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 mech_otp_verify(auth_request, str + 5, FALSE); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 } else if (strncmp(str, "init-hex:", 9) == 0) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 mech_otp_verify_init(auth_request, str + 9, TRUE); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
214 } else if (strncmp(str, "init-word:", 10) == 0) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
215 mech_otp_verify_init(auth_request, str + 10, FALSE); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 } else { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
217 auth_request_log_error(auth_request, "otp", |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 "unsupported response type"); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
219 auth_request_fail(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
220 otp_unlock(auth_request); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
221 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
222 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 static void |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 mech_otp_auth_continue(struct auth_request *auth_request, |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 const unsigned char *data, size_t data_size) |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
228 if (auth_request->user == NULL) { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 mech_otp_auth_phase1(auth_request, data, data_size); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 } else { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 mech_otp_auth_phase2(auth_request, data, data_size); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 static struct auth_request *mech_otp_auth_new(void) |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 struct otp_auth_request *request; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 pool_t pool; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 otp_lock_init(); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 pool = pool_alloconly_create("otp_auth_request", 256); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 request = p_new(pool, struct otp_auth_request, 1); |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
244 request->pool = pool; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 request->lock = FALSE; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
246 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
247 request->auth_request.refcount = 1; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
248 request->auth_request.pool = pool; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
249 return &request->auth_request; |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
250 } |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
252 const struct mech_module mech_otp = { |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
253 "OTP", |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
254 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
255 MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, |
8605
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
256 MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS, |
4798
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 mech_otp_auth_new, |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 mech_generic_auth_initial, |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 mech_otp_auth_continue, |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
261 mech_otp_skey_auth_free |
c04189d77a59
Added OTP and S/KEY authentication mechanisms. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
262 }; |