[Dovecot] [PATCH, RFC 11/13] OTP: OTP and SKEY common code
Andrey Panin
pazke at donpac.ru
Mon Jun 26 15:58:18 EEST 2006
Add common code shared by both OTP and SKEY authentication mechanism.
otp_try_lock() and otp_unlock() functions are used to implement race
attack protection which is required by RFC 2289.
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/Makefile.am dovecot/src/auth/Makefile.am
--- dovecot.vanilla/src/auth/Makefile.am 2006-06-23 13:44:31.401854632 +0400
+++ dovecot/src/auth/Makefile.am 2006-06-23 13:44:31.711807512 +0400
@@ -62,6 +62,7 @@ dovecot_auth_SOURCES = \
mech-gssapi.c \
mech-rpa.c \
mech-apop.c \
+ otp-skey-common.c \
passdb.c \
passdb-blocking.c \
passdb-bsdauth.c \
@@ -104,6 +105,7 @@ noinst_HEADERS = \
common.h \
mech.h \
mycrypt.h \
+ otp-skey-common.h \
passdb.h \
passdb-blocking.h \
passdb-cache.h \
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/otp-skey-common.c dovecot/src/auth/otp-skey-common.c
--- dovecot.vanilla/src/auth/otp-skey-common.c 1970-01-01 03:00:00.000000000 +0300
+++ dovecot/src/auth/otp-skey-common.c 2006-06-23 13:44:31.711807512 +0400
@@ -0,0 +1,64 @@
+/*
+ * Common code for OTP and SKEY authentication mechanisms.
+ *
+ * Copyright (c) 2006 Andrey Panin <pazke at donpac.ru>
+ *
+ * This software is released under the MIT license.
+ */
+
+#include "common.h"
+#include "hash.h"
+#include "mech.h"
+
+#include "otp.h"
+#include "otp-skey-common.h"
+
+static struct hash_table *otp_lock_table;
+
+void otp_lock_init(void)
+{
+ if (otp_lock_table != NULL)
+ return;
+
+ otp_lock_table = hash_create(system_pool, system_pool,
+ 128, strcase_hash,
+ (hash_cmp_callback_t *)strcasecmp);
+}
+
+int otp_try_lock(struct auth_request *auth_request)
+{
+ if (hash_lookup(otp_lock_table, auth_request->user))
+ return FALSE;
+
+ hash_insert(otp_lock_table, auth_request->user, auth_request);
+
+ return TRUE;
+}
+
+void otp_unlock(struct auth_request *auth_request)
+{
+ struct otp_auth_request *request =
+ (struct otp_auth_request *)auth_request;
+
+ if (request->lock == FALSE)
+ return;
+
+ hash_remove(otp_lock_table, auth_request->user);
+ request->lock = FALSE;
+}
+
+void otp_set_credentials_callback(enum passdb_result result,
+ struct auth_request *auth_request)
+{
+ switch (result) {
+ case PASSDB_RESULT_OK:
+ auth_request_success(auth_request, NULL, 0);
+ break;
+ default:
+ auth_request_internal_failure(auth_request);
+ otp_unlock(auth_request);
+ break;
+ }
+
+ otp_unlock(auth_request);
+}
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/otp-skey-common.h dovecot/src/auth/otp-skey-common.h
--- dovecot.vanilla/src/auth/otp-skey-common.h 1970-01-01 03:00:00.000000000 +0300
+++ dovecot/src/auth/otp-skey-common.h 2006-06-23 13:44:31.711807512 +0400
@@ -0,0 +1,21 @@
+#ifndef __OTP_SKEY_COMMON_H__
+#define __OTP_SKEY_COMMON_H__
+
+struct otp_auth_request {
+ struct auth_request auth_request;
+
+ pool_t pool;
+
+ int lock;
+
+ struct otp_state state;
+};
+
+void otp_lock_init(void);
+int otp_try_lock(struct auth_request *auth_request);
+void otp_unlock(struct auth_request *auth_request);
+
+void otp_set_credentials_callback(enum passdb_result result,
+ struct auth_request *auth_request);
+
+#endif /* __OTP_SKEY_COMMON_H__ */
More information about the dovecot
mailing list