[Dovecot] [PATCH, RFC 6/13] OTP: password scheme

Add OTP and SKEY password schemes. SKEY is the same as OTP but uses MD4 algorithm always. diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/Makefile.am dovecot/src/auth/Makefile.am --- dovecot.vanilla/src/auth/Makefile.am 2006-06-23 13:42:22.122508080 +0400 +++ dovecot/src/auth/Makefile.am 2006-06-23 13:44:31.340863904 +0400 @@ -9,6 +9,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/lib-sql \ -I$(top_srcdir)/src/lib-settings \ -I$(top_srcdir)/src/lib-ntlm \ + -I$(top_srcdir)/src/lib-otp \ -DAUTH_MODULE_DIR=\""$(moduledir)/auth"\" \ -DPKG_LIBEXECDIR=\""$(pkglibexecdir)"\" \ $(AUTH_CFLAGS) @@ -21,12 +22,14 @@ libpassword_a_SOURCES = \ password-scheme-md5crypt.c \ password-scheme-cram-md5.c \ password-scheme-ntlm.c \ + password-scheme-otp.c \ password-scheme-rpa.c dovecot_auth_LDADD = \ libpassword.a \ ../lib-settings/libsettings.a \ ../lib-ntlm/libntlm.a \ + ../lib-otp/libotp.a \ ../lib-sql/libsql.a \ ../lib/liblib.a \ $(AUTH_LIBS) \ diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/passdb.c dovecot/src/auth/passdb.c --- dovecot.vanilla/src/auth/passdb.c 2006-06-23 13:42:22.124507776 +0400 +++ dovecot/src/auth/passdb.c 2006-06-23 13:44:31.340863904 +0400 @@ -67,6 +67,10 @@ passdb_credentials_to_str(enum passdb_cr return "LANMAN"; case PASSDB_CREDENTIALS_NTLM: return "NTLM"; + case PASSDB_CREDENTIALS_OTP: + return "OTP"; + case PASSDB_CREDENTIALS_SKEY: + return "SKEY"; case PASSDB_CREDENTIALS_RPA: return "RPA"; } diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/passdb.h dovecot/src/auth/passdb.h --- dovecot.vanilla/src/auth/passdb.h 2006-06-23 13:42:22.124507776 +0400 +++ dovecot/src/auth/passdb.h 2006-06-23 13:44:31.340863904 +0400 @@ -15,6 +15,8 @@ enum passdb_credentials { PASSDB_CREDENTIALS_DIGEST_MD5, PASSDB_CREDENTIALS_LANMAN, PASSDB_CREDENTIALS_NTLM, + PASSDB_CREDENTIALS_OTP, + PASSDB_CREDENTIALS_SKEY, PASSDB_CREDENTIALS_RPA }; diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/password-scheme.c dovecot/src/auth/password-scheme.c --- dovecot.vanilla/src/auth/password-scheme.c 2006-06-23 13:42:22.125507624 +0400 +++ dovecot/src/auth/password-scheme.c 2006-06-23 13:44:31.340863904 +0400 @@ -10,6 +10,7 @@ #include "mycrypt.h" #include "randgen.h" #include "sha1.h" +#include "otp.h" #include "str.h" #include "password-scheme.h" @@ -450,6 +451,25 @@ static const char *ntlm_generate(const c return password_generate_ntlm(plaintext); } +static bool otp_verify(const char *plaintext, const char *password, + const char *user __attr_unused__) +{ + return strcasecmp(password, + password_generate_otp(plaintext, password, -1)) == 0; +} + +static const char *otp_generate(const char *plaintext, + const char *user __attr_unused__) +{ + return password_generate_otp(plaintext, NULL, OTP_HASH_SHA1); +} + +static const char *skey_generate(const char *plaintext, + const char *user __attr_unused__) +{ + return password_generate_otp(plaintext, NULL, OTP_HASH_MD4); +} + static bool rpa_verify(const char *plaintext, const char *password, const char *user __attr_unused__) { @@ -478,6 +498,8 @@ static const struct password_scheme defa { "LDAP-MD5", ldap_md5_verify, ldap_md5_generate }, { "LANMAN", lm_verify, lm_generate }, { "NTLM", ntlm_verify, ntlm_generate }, + { "OTP", otp_verify, otp_generate }, + { "SKEY", otp_verify, skey_generate }, { "RPA", rpa_verify, rpa_generate }, { NULL, NULL, NULL } }; diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/password-scheme.h dovecot/src/auth/password-scheme.h --- dovecot.vanilla/src/auth/password-scheme.h 2006-06-23 13:42:22.125507624 +0400 +++ dovecot/src/auth/password-scheme.h 2006-06-23 13:44:31.340863904 +0400 @@ -32,6 +32,7 @@ const char *password_generate_md5_crypt( const char *password_generate_cram_md5(const char *pw); const char *password_generate_lm(const char *pw); const char *password_generate_ntlm(const char *pw); +const char *password_generate_otp(const char *pw, const char *state, int algo); const char *password_generate_rpa(const char *pw); #endif diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/password-scheme-otp.c dovecot/src/auth/password-scheme-otp.c --- dovecot.vanilla/src/auth/password-scheme-otp.c 1970-01-01 03:00:00.000000000 +0300 +++ dovecot/src/auth/password-scheme-otp.c 2006-06-23 13:44:31.341863752 +0400 @@ -0,0 +1,39 @@ +/* + * OTP password scheme. + * + * Copyright (c) 2006 Andrey Panin + * + * This software is released under the MIT license. + */ + +#include "lib.h" +#include "hex-binary.h" +#include "password-scheme.h" +#include "randgen.h" +#include "otp.h" + +const char *password_generate_otp(const char *pw, const char *data, int algo) +{ + struct otp_state state; + + if (data) { + if (otp_parse_dbentry(data, &state)) { + i_warning("Invalid OTP data in passdb"); + return ""; + } + } else { + /* Generate new OTP credentials from plaintext */ + unsigned char random_data[OTP_MAX_SEED_LEN / 2]; + + random_fill(random_data, sizeof(random_data)); + strncpy(state.seed, binary_to_hex(random_data, + OTP_MAX_SEED_LEN / 2), sizeof(state.seed)); + + state.seq = 1024; + state.algo = algo; + } + + otp_hash(state.algo, state.seed, pw, state.seq, state.hash); + + return otp_print_dbentry(&state); +} diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/util/Makefile.am dovecot/src/util/Makefile.am --- dovecot.vanilla/src/util/Makefile.am 2006-06-23 13:42:22.155503064 +0400 +++ dovecot/src/util/Makefile.am 2006-06-23 13:44:31.341863752 +0400 @@ -22,6 +22,7 @@ gdbhelper_SOURCES = \ dovecotpw_LDADD = \ ../auth/libpassword.a \ ../lib-ntlm/libntlm.a \ + ../lib-otp/libotp.a \ ../lib/liblib.a \ $(AUTH_LIBS) \ $(RAND_LIBS) \