Add common code shared by both OTP and SKEY authentication mechanism. otp_try_lock() and otp_unlock() functions are used to implement race attack protection which is required by RFC 2289. diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/Makefile.am dovecot/src/auth/Makefile.am --- dovecot.vanilla/src/auth/Makefile.am 2006-06-23 13:44:31.401854632 +0400 +++ dovecot/src/auth/Makefile.am 2006-06-23 13:44:31.711807512 +0400 @@ -62,6 +62,7 @@ dovecot_auth_SOURCES = \ mech-gssapi.c \ mech-rpa.c \ mech-apop.c \ + otp-skey-common.c \ passdb.c \ passdb-blocking.c \ passdb-bsdauth.c \ @@ -104,6 +105,7 @@ noinst_HEADERS = \ common.h \ mech.h \ mycrypt.h \ + otp-skey-common.h \ passdb.h \ passdb-blocking.h \ passdb-cache.h \ diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/otp-skey-common.c dovecot/src/auth/otp-skey-common.c --- dovecot.vanilla/src/auth/otp-skey-common.c 1970-01-01 03:00:00.000000000 +0300 +++ dovecot/src/auth/otp-skey-common.c 2006-06-23 13:44:31.711807512 +0400 @@ -0,0 +1,64 @@ +/* + * Common code for OTP and SKEY authentication mechanisms. + * + * Copyright (c) 2006 Andrey Panin <pazke@donpac.ru> + * + * This software is released under the MIT license. + */ + +#include "common.h" +#include "hash.h" +#include "mech.h" + +#include "otp.h" +#include "otp-skey-common.h" + +static struct hash_table *otp_lock_table; + +void otp_lock_init(void) +{ + if (otp_lock_table != NULL) + return; + + otp_lock_table = hash_create(system_pool, system_pool, + 128, strcase_hash, + (hash_cmp_callback_t *)strcasecmp); +} + +int otp_try_lock(struct auth_request *auth_request) +{ + if (hash_lookup(otp_lock_table, auth_request->user)) + return FALSE; + + hash_insert(otp_lock_table, auth_request->user, auth_request); + + return TRUE; +} + +void otp_unlock(struct auth_request *auth_request) +{ + struct otp_auth_request *request = + (struct otp_auth_request *)auth_request; + + if (request->lock == FALSE) + return; + + hash_remove(otp_lock_table, auth_request->user); + request->lock = FALSE; +} + +void otp_set_credentials_callback(enum passdb_result result, + struct auth_request *auth_request) +{ + switch (result) { + case PASSDB_RESULT_OK: + auth_request_success(auth_request, NULL, 0); + break; + default: + auth_request_internal_failure(auth_request); + otp_unlock(auth_request); + break; + } + + otp_unlock(auth_request); +} diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/otp-skey-common.h dovecot/src/auth/otp-skey-common.h --- dovecot.vanilla/src/auth/otp-skey-common.h 1970-01-01 03:00:00.000000000 +0300 +++ dovecot/src/auth/otp-skey-common.h 2006-06-23 13:44:31.711807512 +0400 @@ -0,0 +1,21 @@ +#ifndef __OTP_SKEY_COMMON_H__ +#define __OTP_SKEY_COMMON_H__ + +struct otp_auth_request { + struct auth_request auth_request; + + pool_t pool; + + int lock; + + struct otp_state state; +}; + +void otp_lock_init(void); +int otp_try_lock(struct auth_request *auth_request); +void otp_unlock(struct auth_request *auth_request); + +void otp_set_credentials_callback(enum passdb_result result, + struct auth_request *auth_request); + +#endif /* __OTP_SKEY_COMMON_H__ */