[Dovecot] [PATCH, RFC 11/13] OTP: OTP and SKEY common code

Mon Jun 26 15:58:18 EEST 2006

Add common code shared by both OTP and SKEY authentication mechanism.

otp_try_lock() and otp_unlock() functions are used to implement race
attack protection which is required by RFC 2289.

diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/Makefile.am dovecot/src/auth/Makefile.am

--- dovecot.vanilla/src/auth/Makefile.am	2006-06-23 13:44:31.401854632 +0400
+++ dovecot/src/auth/Makefile.am	2006-06-23 13:44:31.711807512 +0400
@@ -62,6 +62,7 @@ dovecot_auth_SOURCES = \
 	mech-gssapi.c \
 	mech-rpa.c \
 	mech-apop.c \
+	otp-skey-common.c \
 	passdb.c \
 	passdb-blocking.c \
 	passdb-bsdauth.c \
@@ -104,6 +105,7 @@ noinst_HEADERS = \
 	common.h \
 	mech.h \
 	mycrypt.h \
+	otp-skey-common.h \
 	passdb.h \
 	passdb-blocking.h \
 	passdb-cache.h \
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/otp-skey-common.c dovecot/src/auth/otp-skey-common.c
--- dovecot.vanilla/src/auth/otp-skey-common.c	1970-01-01 03:00:00.000000000 +0300
+++ dovecot/src/auth/otp-skey-common.c	2006-06-23 13:44:31.711807512 +0400
@@ -0,0 +1,64 @@
+/*
+ * Common code for OTP and SKEY authentication mechanisms.
+ *
+ * Copyright (c) 2006 Andrey Panin <pazke at donpac.ru>
+ *
+ * This software is released under the MIT license.
+ */
+
+#include "common.h"
+#include "hash.h"
+#include "mech.h"
+
+#include "otp.h"
+#include "otp-skey-common.h"
+
+static struct hash_table *otp_lock_table;
+
+void otp_lock_init(void)
+{
+	if (otp_lock_table != NULL)
+		return;
+
+	otp_lock_table = hash_create(system_pool, system_pool,
+				     128, strcase_hash,
+				     (hash_cmp_callback_t *)strcasecmp);
+}
+
+int otp_try_lock(struct auth_request *auth_request)
+{
+	if (hash_lookup(otp_lock_table, auth_request->user))
+		return FALSE;
+
+	hash_insert(otp_lock_table, auth_request->user, auth_request);
+
+	return TRUE;
+}
+
+void otp_unlock(struct auth_request *auth_request)
+{
+	struct otp_auth_request *request =
+		(struct otp_auth_request *)auth_request;
+
+	if (request->lock == FALSE)
+		return;
+
+	hash_remove(otp_lock_table, auth_request->user);
+	request->lock = FALSE;
+}
+
+void otp_set_credentials_callback(enum passdb_result result,
+				  struct auth_request *auth_request)
+{
+	switch (result) {
+	case PASSDB_RESULT_OK:
+		auth_request_success(auth_request, NULL, 0);
+		break;
+	default:
+		auth_request_internal_failure(auth_request);
+		otp_unlock(auth_request);
+		break;
+	}
+
+	otp_unlock(auth_request);
+}
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/otp-skey-common.h dovecot/src/auth/otp-skey-common.h
--- dovecot.vanilla/src/auth/otp-skey-common.h	1970-01-01 03:00:00.000000000 +0300
+++ dovecot/src/auth/otp-skey-common.h	2006-06-23 13:44:31.711807512 +0400
@@ -0,0 +1,21 @@
+#ifndef __OTP_SKEY_COMMON_H__
+#define __OTP_SKEY_COMMON_H__
+
+struct otp_auth_request {
+	struct auth_request auth_request;
+
+	pool_t pool;
+
+	int lock;
+
+	struct otp_state state;
+};
+
+void otp_lock_init(void);
+int otp_try_lock(struct auth_request *auth_request);
+void otp_unlock(struct auth_request *auth_request);
+
+void otp_set_credentials_callback(enum passdb_result result,
+				  struct auth_request *auth_request);
+
+#endif	/* __OTP_SKEY_COMMON_H__ */

