[Dovecot] [PATCH, RFC 6/13] OTP: password scheme

Andrey Panin pazke at donpac.ru
Mon Jun 26 15:58:07 EEST 2006


Add OTP and SKEY password schemes. SKEY is the same as OTP but uses
MD4 algorithm always.

diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/Makefile.am dovecot/src/auth/Makefile.am
--- dovecot.vanilla/src/auth/Makefile.am	2006-06-23 13:42:22.122508080 +0400
+++ dovecot/src/auth/Makefile.am	2006-06-23 13:44:31.340863904 +0400
@@ -9,6 +9,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/lib-sql \
 	-I$(top_srcdir)/src/lib-settings \
 	-I$(top_srcdir)/src/lib-ntlm \
+	-I$(top_srcdir)/src/lib-otp \
 	-DAUTH_MODULE_DIR=\""$(moduledir)/auth"\" \
 	-DPKG_LIBEXECDIR=\""$(pkglibexecdir)"\" \
 	$(AUTH_CFLAGS)
@@ -21,12 +22,14 @@ libpassword_a_SOURCES = \
 	password-scheme-md5crypt.c \
 	password-scheme-cram-md5.c \
 	password-scheme-ntlm.c \
+	password-scheme-otp.c \
 	password-scheme-rpa.c
 
 dovecot_auth_LDADD = \
 	libpassword.a \
 	../lib-settings/libsettings.a \
 	../lib-ntlm/libntlm.a \
+	../lib-otp/libotp.a \
 	../lib-sql/libsql.a \
 	../lib/liblib.a \
 	$(AUTH_LIBS) \
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/passdb.c dovecot/src/auth/passdb.c
--- dovecot.vanilla/src/auth/passdb.c	2006-06-23 13:42:22.124507776 +0400
+++ dovecot/src/auth/passdb.c	2006-06-23 13:44:31.340863904 +0400
@@ -67,6 +67,10 @@ passdb_credentials_to_str(enum passdb_cr
 		return "LANMAN";
 	case PASSDB_CREDENTIALS_NTLM:
 		return "NTLM";
+	case PASSDB_CREDENTIALS_OTP:
+		return "OTP";
+	case PASSDB_CREDENTIALS_SKEY:
+		return "SKEY";
 	case PASSDB_CREDENTIALS_RPA:
 		return "RPA";
 	}
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/passdb.h dovecot/src/auth/passdb.h
--- dovecot.vanilla/src/auth/passdb.h	2006-06-23 13:42:22.124507776 +0400
+++ dovecot/src/auth/passdb.h	2006-06-23 13:44:31.340863904 +0400
@@ -15,6 +15,8 @@ enum passdb_credentials {
 	PASSDB_CREDENTIALS_DIGEST_MD5,
 	PASSDB_CREDENTIALS_LANMAN,
 	PASSDB_CREDENTIALS_NTLM,
+	PASSDB_CREDENTIALS_OTP,
+	PASSDB_CREDENTIALS_SKEY,
 	PASSDB_CREDENTIALS_RPA
 };
 
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/password-scheme.c dovecot/src/auth/password-scheme.c
--- dovecot.vanilla/src/auth/password-scheme.c	2006-06-23 13:42:22.125507624 +0400
+++ dovecot/src/auth/password-scheme.c	2006-06-23 13:44:31.340863904 +0400
@@ -10,6 +10,7 @@
 #include "mycrypt.h"
 #include "randgen.h"
 #include "sha1.h"
+#include "otp.h"
 #include "str.h"
 #include "password-scheme.h"
 
@@ -450,6 +451,25 @@ static const char *ntlm_generate(const c
 	return password_generate_ntlm(plaintext);
 }
 
+static bool otp_verify(const char *plaintext, const char *password,
+		       const char *user __attr_unused__)
+{
+	return strcasecmp(password,
+		password_generate_otp(plaintext, password, -1)) == 0;
+}
+
+static const char *otp_generate(const char *plaintext,
+				const char *user __attr_unused__)
+{
+	return password_generate_otp(plaintext, NULL, OTP_HASH_SHA1);
+}
+
+static const char *skey_generate(const char *plaintext,
+				 const char *user __attr_unused__)
+{
+	return password_generate_otp(plaintext, NULL, OTP_HASH_MD4);
+}
+
 static bool rpa_verify(const char *plaintext, const char *password,
 		       const char *user __attr_unused__)
 {
@@ -478,6 +498,8 @@ static const struct password_scheme defa
 	{ "LDAP-MD5", ldap_md5_verify, ldap_md5_generate },
 	{ "LANMAN", lm_verify, lm_generate },
 	{ "NTLM", ntlm_verify, ntlm_generate },
+	{ "OTP", otp_verify, otp_generate },
+	{ "SKEY", otp_verify, skey_generate },
 	{ "RPA", rpa_verify, rpa_generate },
 	{ NULL, NULL, NULL }
 };
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/password-scheme.h dovecot/src/auth/password-scheme.h
--- dovecot.vanilla/src/auth/password-scheme.h	2006-06-23 13:42:22.125507624 +0400
+++ dovecot/src/auth/password-scheme.h	2006-06-23 13:44:31.340863904 +0400
@@ -32,6 +32,7 @@ const char *password_generate_md5_crypt(
 const char *password_generate_cram_md5(const char *pw);
 const char *password_generate_lm(const char *pw);
 const char *password_generate_ntlm(const char *pw);
+const char *password_generate_otp(const char *pw, const char *state, int algo);
 const char *password_generate_rpa(const char *pw);
 
 #endif
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/auth/password-scheme-otp.c dovecot/src/auth/password-scheme-otp.c
--- dovecot.vanilla/src/auth/password-scheme-otp.c	1970-01-01 03:00:00.000000000 +0300
+++ dovecot/src/auth/password-scheme-otp.c	2006-06-23 13:44:31.341863752 +0400
@@ -0,0 +1,39 @@
+/*
+ * OTP password scheme.
+ *
+ * Copyright (c) 2006 Andrey Panin <pazke at donpac.ru>
+ *
+ * This software is released under the MIT license.
+ */
+
+#include "lib.h"
+#include "hex-binary.h"
+#include "password-scheme.h"
+#include "randgen.h"
+#include "otp.h"
+
+const char *password_generate_otp(const char *pw, const char *data, int algo)
+{
+	struct otp_state state;
+
+	if (data) {
+		if (otp_parse_dbentry(data, &state)) {
+			i_warning("Invalid OTP data in passdb");
+			return "";
+		}
+	} else {
+		/* Generate new OTP credentials from plaintext */
+		unsigned char random_data[OTP_MAX_SEED_LEN / 2];
+
+		random_fill(random_data, sizeof(random_data));
+		strncpy(state.seed, binary_to_hex(random_data,
+			OTP_MAX_SEED_LEN / 2), sizeof(state.seed));
+
+		state.seq = 1024;
+		state.algo = algo;
+	}
+
+	otp_hash(state.algo, state.seed, pw, state.seq, state.hash);
+
+	return otp_print_dbentry(&state);
+}
diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/util/Makefile.am dovecot/src/util/Makefile.am
--- dovecot.vanilla/src/util/Makefile.am	2006-06-23 13:42:22.155503064 +0400
+++ dovecot/src/util/Makefile.am	2006-06-23 13:44:31.341863752 +0400
@@ -22,6 +22,7 @@ gdbhelper_SOURCES = \
 dovecotpw_LDADD = \
 	../auth/libpassword.a \
 	../lib-ntlm/libntlm.a \
+	../lib-otp/libotp.a \
 	../lib/liblib.a \
 	$(AUTH_LIBS) \
 	$(RAND_LIBS) \



More information about the dovecot mailing list