mech-apop.c revision a8e132559a7ebe54c8269d79ce29fa3338c76199
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose * APOP (RFC-1460) authentication mechanism.
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose * This software is released under the MIT license.
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose /* requested: */
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose /* received: */
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bosestatic bool verify_credentials(struct apop_auth_request *request,
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose md5_update(&ctx, request->challenge, strlen(request->challenge));
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose md5_update(&ctx, credentials, strlen(credentials));
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Boseapop_credentials_callback(enum passdb_result result,
cf93f7c2f2031078bbbff095dae01eb4f8deff85Sumit Bosemech_apop_auth_initial(struct auth_request *auth_request,
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose const unsigned char *tmp, *end, *username = NULL;
cf93f7c2f2031078bbbff095dae01eb4f8deff85Sumit Bose const char *error;
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose /* Should never happen */
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose "no initial respone");
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose /* skip the challenge */
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose /* get the username */
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose /* Should never happen */
5e6622722e84d594298a8324f3685a1bda2b5868Sumit Bose auth_request_log_info(auth_request, "apop", "malformed data");
859bddc2bf51dc426a3dc56bd9f365e9c5722b65Sumit Bose /* the challenge must begin with trusted unique ID. we trust only
55f7d8034d783c01789d76a2b9ffc901045e8af8Sumit Bose ourself, so make sure it matches our connection specific UID
55f7d8034d783c01789d76a2b9ffc901045e8af8Sumit Bose which we told to client in handshake. Also require a timestamp
55f7d8034d783c01789d76a2b9ffc901045e8af8Sumit Bose which is later than this process's start time. */
859bddc2bf51dc426a3dc56bd9f365e9c5722b65Sumit Bose "invalid challenge");
859bddc2bf51dc426a3dc56bd9f365e9c5722b65Sumit Bose request->challenge = p_strdup(request->pool, (const char *)data);
859bddc2bf51dc426a3dc56bd9f365e9c5722b65Sumit Bose if (!auth_request_set_username(auth_request, (const char *)username,
859bddc2bf51dc426a3dc56bd9f365e9c5722b65Sumit Bose auth_request_log_info(auth_request, "apop", "%s", error);
859bddc2bf51dc426a3dc56bd9f365e9c5722b65Sumit Bose memcpy(request->digest, tmp, sizeof(request->digest));
859bddc2bf51dc426a3dc56bd9f365e9c5722b65Sumit Bose auth_request_lookup_credentials(auth_request, "PLAIN",
859bddc2bf51dc426a3dc56bd9f365e9c5722b65Sumit Bosestatic struct auth_request *mech_apop_auth_new(void)
859bddc2bf51dc426a3dc56bd9f365e9c5722b65Sumit Bose pool = pool_alloconly_create("apop_auth_request", 1024);
859bddc2bf51dc426a3dc56bd9f365e9c5722b65Sumit Bose request = p_new(pool, struct apop_auth_request, 1);