dovecot/dovecot-2.3.20-nolibotp.patch
Michal Hlavinka 3327ce59b3 drop SHA1 OTP
2023-02-14 17:53:49 +01:00

296 lines
13 KiB
Diff

diff -up dovecot-2.3.20/configure.ac.nolibotp dovecot-2.3.20/configure.ac
--- dovecot-2.3.20/configure.ac.nolibotp 2022-12-21 09:49:12.000000000 +0100
+++ dovecot-2.3.20/configure.ac 2023-02-14 16:54:02.118531016 +0100
@@ -854,7 +854,6 @@ src/lib-lua/Makefile
src/lib-mail/Makefile
src/lib-master/Makefile
src/lib-program-client/Makefile
-src/lib-otp/Makefile
src/lib-dovecot/Makefile
src/lib-sasl/Makefile
src/lib-settings/Makefile
diff -up dovecot-2.3.20/src/auth/main.c.nolibotp dovecot-2.3.20/src/auth/main.c
--- dovecot-2.3.20/src/auth/main.c.nolibotp 2022-12-21 09:49:12.000000000 +0100
+++ dovecot-2.3.20/src/auth/main.c 2023-02-14 16:54:02.118531016 +0100
@@ -19,8 +19,6 @@
#include "password-scheme.h"
#include "passdb-cache.h"
#include "mech.h"
-#include "otp.h"
-#include "mech-otp-common.h"
#include "auth.h"
#include "auth-penalty.h"
#include "auth-token.h"
@@ -283,7 +281,6 @@ static void main_deinit(void)
auth_policy_deinit();
mech_register_deinit(&mech_reg);
- mech_otp_deinit();
mech_deinit(global_auth_settings);
/* allow modules to unregister their dbs/drivers/etc. before freeing
diff -up dovecot-2.3.20/src/auth/Makefile.am.nolibotp dovecot-2.3.20/src/auth/Makefile.am
--- dovecot-2.3.20/src/auth/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100
+++ dovecot-2.3.20/src/auth/Makefile.am 2023-02-14 16:54:02.118531016 +0100
@@ -45,7 +45,6 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/lib-sql \
-I$(top_srcdir)/src/lib-settings \
-I$(top_srcdir)/src/lib-old-stats \
- -I$(top_srcdir)/src/lib-otp \
-I$(top_srcdir)/src/lib-master \
-I$(top_srcdir)/src/lib-oauth2 \
-I$(top_srcdir)/src/lib-ssl-iostream \
@@ -67,7 +66,6 @@ libpassword_la_SOURCES = \
password-scheme-crypt.c \
password-scheme-md5crypt.c \
password-scheme-scram.c \
- password-scheme-otp.c \
password-scheme-pbkdf2.c \
password-scheme-sodium.c
libpassword_la_CFLAGS = $(AM_CPPFLAGS) $(LIBSODIUM_CFLAGS)
@@ -76,7 +74,6 @@ auth_libs = \
libauth.la \
libstats_auth.la \
libpassword.la \
- ../lib-otp/libotp.la \
$(AUTH_LUA_LIBS) \
$(LIBDOVECOT_SQL)
@@ -95,7 +92,6 @@ libauth_la_SOURCES = \
auth-client-connection.c \
auth-master-connection.c \
auth-policy.c \
- mech-otp-common.c \
mech-plain-common.c \
auth-penalty.c \
auth-request.c \
@@ -122,7 +118,6 @@ libauth_la_SOURCES = \
mech-digest-md5.c \
mech-external.c \
mech-gssapi.c \
- mech-otp.c \
mech-scram.c \
mech-apop.c \
mech-winbind.c \
@@ -161,7 +156,6 @@ headers = \
auth-client-connection.h \
auth-common.h \
auth-master-connection.h \
- mech-otp-common.h \
mech-plain-common.h \
mech-digest-md5-private.h \
mech-scram.h \
@@ -260,7 +254,6 @@ test_libs = \
test_libpassword_SOURCES = test-libpassword.c
test_libpassword_LDADD = \
libpassword.la \
- ../lib-otp/libotp.la \
$(CRYPT_LIBS) \
$(LIBDOVECOT_SQL) \
$(LIBSODIUM_LIBS) \
diff -up dovecot-2.3.20/src/auth/mech.c.nolibotp dovecot-2.3.20/src/auth/mech.c
--- dovecot-2.3.20/src/auth/mech.c.nolibotp 2023-02-14 16:55:38.421231797 +0100
+++ dovecot-2.3.20/src/auth/mech.c 2023-02-14 16:55:38.434231892 +0100
@@ -71,7 +71,6 @@ extern const struct mech_module mech_apo
extern const struct mech_module mech_cram_md5;
extern const struct mech_module mech_digest_md5;
extern const struct mech_module mech_external;
-extern const struct mech_module mech_otp;
extern const struct mech_module mech_scram_sha1;
extern const struct mech_module mech_scram_sha256;
extern const struct mech_module mech_anonymous;
@@ -206,7 +205,6 @@ void mech_init(const struct auth_setting
mech_register_module(&mech_gssapi_spnego);
#endif
}
- mech_register_module(&mech_otp);
mech_register_module(&mech_scram_sha1);
mech_register_module(&mech_scram_sha256);
mech_register_module(&mech_anonymous);
@@ -233,7 +231,6 @@ void mech_deinit(const struct auth_setti
mech_unregister_module(&mech_gssapi_spnego);
#endif
}
- mech_unregister_module(&mech_otp);
mech_unregister_module(&mech_scram_sha1);
mech_unregister_module(&mech_scram_sha256);
mech_unregister_module(&mech_anonymous);
diff -up dovecot-2.3.20/src/auth/password-scheme.c.nolibotp dovecot-2.3.20/src/auth/password-scheme.c
--- dovecot-2.3.20/src/auth/password-scheme.c.nolibotp 2023-02-14 16:54:02.109530950 +0100
+++ dovecot-2.3.20/src/auth/password-scheme.c 2023-02-14 16:54:02.119531023 +0100
@@ -13,7 +13,6 @@
#include "randgen.h"
#include "sha1.h"
#include "sha2.h"
-#include "otp.h"
#include "str.h"
#include "password-scheme.h"
@@ -709,32 +708,6 @@ plain_md5_generate(const char *plaintext
*size_r = MD5_RESULTLEN;
}
-static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
- const unsigned char *raw_password, size_t size,
- const char **error_r)
-{
- const char *password, *generated;
-
- password = t_strndup(raw_password, size);
- if (password_generate_otp(plaintext, password, UINT_MAX, &generated) < 0) {
- *error_r = "Invalid OTP data in passdb";
- return -1;
- }
-
- return strcasecmp(password, generated) == 0 ? 1 : 0;
-}
-
-static void
-otp_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
- const unsigned char **raw_password_r, size_t *size_r)
-{
- const char *password;
-
- if (password_generate_otp(plaintext, NULL, OTP_HASH_SHA1, &password) < 0)
- i_unreached();
- *raw_password_r = (const unsigned char *)password;
- *size_r = strlen(password);
-}
static const struct password_scheme builtin_schemes[] = {
{ "MD5", PW_ENCODING_NONE, 0, md5_verify, md5_crypt_generate },
@@ -770,7 +743,6 @@ static const struct password_scheme buil
NULL, plain_md5_generate },
{ "LDAP-MD5", PW_ENCODING_BASE64, MD5_RESULTLEN,
NULL, plain_md5_generate },
- { "OTP", PW_ENCODING_NONE, 0, otp_verify, otp_generate },
{ "PBKDF2", PW_ENCODING_NONE, 0, pbkdf2_verify, pbkdf2_generate },
};
diff -up dovecot-2.3.20/src/auth/password-scheme.h.nolibotp dovecot-2.3.20/src/auth/password-scheme.h
--- dovecot-2.3.20/src/auth/password-scheme.h.nolibotp 2023-02-14 16:56:50.929759540 +0100
+++ dovecot-2.3.20/src/auth/password-scheme.h 2023-02-14 16:56:50.947759671 +0100
@@ -92,9 +92,6 @@ void password_set_encryption_rounds(unsi
/* INTERNAL: */
const char *password_generate_salt(size_t len);
const char *password_generate_md5_crypt(const char *pw, const char *salt);
-int password_generate_otp(const char *pw, const char *state_data,
- unsigned int algo, const char **result_r)
- ATTR_NULL(2);
int crypt_verify(const char *plaintext,
const struct password_generate_params *params,
diff -up dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp dovecot-2.3.20/src/auth/test-libpassword.c
--- dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp 2023-02-14 16:54:55.880922175 +0100
+++ dovecot-2.3.20/src/auth/test-libpassword.c 2023-02-14 16:54:55.896922291 +0100
@@ -106,7 +106,6 @@ static void test_password_schemes(void)
test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test");
test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test");
test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test");
- test_password_scheme("OTP", "{OTP}sha1 1024 ae6b49aa481f7233 f69fc7f98b8fbf54", "test");
test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test");
test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
diff -up dovecot-2.3.20/src/auth/test-mech.c.nolibotp dovecot-2.3.20/src/auth/test-mech.c
--- dovecot-2.3.20/src/auth/test-mech.c.nolibotp 2022-12-21 09:49:12.000000000 +0100
+++ dovecot-2.3.20/src/auth/test-mech.c 2023-02-14 16:54:02.119531023 +0100
@@ -8,8 +8,6 @@
#include "auth-request-handler-private.h"
#include "auth-settings.h"
#include "mech-digest-md5-private.h"
-#include "otp.h"
-#include "mech-otp-common.h"
#include "settings-parser.h"
#include "password-scheme.h"
#include "auth-token.h"
@@ -27,7 +25,6 @@ extern const struct mech_module mech_dov
extern const struct mech_module mech_external;
extern const struct mech_module mech_login;
extern const struct mech_module mech_oauthbearer;
-extern const struct mech_module mech_otp;
extern const struct mech_module mech_plain;
extern const struct mech_module mech_scram_sha1;
extern const struct mech_module mech_scram_sha256;
@@ -65,10 +62,7 @@ request_handler_reply_mock_callback(stru
if (request->passdb_result == PASSDB_RESULT_OK)
request->failed = FALSE;
- else if (request->mech == &mech_otp) {
- if (null_strcmp(request->fields.user, "otp_phase_2") == 0)
- request->failed = FALSE;
- } else if (request->mech == &mech_oauthbearer) {
+ else if (request->mech == &mech_oauthbearer) {
}
};
@@ -224,10 +218,6 @@ static void test_mechs(void)
{&mech_plain, UCHAR_LEN("\0testuser\0testpass"), "testuser", NULL, TRUE, FALSE, FALSE},
{&mech_plain, UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", NULL, TRUE, FALSE, FALSE},
{&mech_plain, UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", NULL, TRUE, FALSE, FALSE},
- {&mech_otp, UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", NULL, TRUE, TRUE, FALSE},
- {&mech_otp, UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", NULL, TRUE, TRUE, FALSE},
- {&mech_otp, UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", NULL, TRUE, TRUE, FALSE},
- {&mech_otp, UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", NULL , TRUE, TRUE, FALSE},
{&mech_oauthbearer, UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", NULL, FALSE, TRUE, FALSE},
{&mech_scram_sha1, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE},
{&mech_scram_sha256, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE},
@@ -242,8 +232,6 @@ static void test_mechs(void)
{&mech_external, UCHAR_LEN(""), "testuser", NULL, FALSE, TRUE, FALSE},
{&mech_external, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
{&mech_login, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
- {&mech_otp, UCHAR_LEN(""), NULL, "invalid input", FALSE, FALSE, FALSE},
- {&mech_otp, UCHAR_LEN(""), "testuser", "invalid input", FALSE, FALSE, FALSE},
{&mech_plain, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
{&mech_oauthbearer, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
{&mech_xoauth2, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
@@ -255,7 +243,6 @@ static void test_mechs(void)
{&mech_apop, UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, NULL, FALSE, FALSE, FALSE},
{&mech_apop, UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, NULL, FALSE, FALSE, FALSE},
{&mech_apop, UCHAR_LEN("1.1.1"), NULL, NULL, FALSE, FALSE, FALSE},
- {&mech_otp, UCHAR_LEN("somebody\0testuser"), "testuser", "otp(testuser): unsupported response type", FALSE, TRUE, FALSE},
{&mech_cram_md5, UCHAR_LEN("testuser\0response"), "testuser", NULL, FALSE, FALSE, FALSE},
{&mech_plain, UCHAR_LEN("testuser\0"), "testuser", NULL, FALSE, FALSE, FALSE},
@@ -297,9 +284,7 @@ static void test_mechs(void)
{&mech_plain, UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE},
{&mech_plain, UCHAR_LEN("failingwiththis"), NULL, NULL, FALSE, FALSE, FALSE},
{&mech_plain, UCHAR_LEN("failing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE},
- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), NULL, "invalid input", FALSE, FALSE, FALSE},
/* phase 2 */
- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), "testuser", "otp(testuser): unsupported response type", FALSE, TRUE, FALSE},
{&mech_scram_sha1, UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, NULL, FALSE, FALSE, FALSE},
{&mech_scram_sha1, UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, NULL, FALSE, FALSE, FALSE},
{&mech_scram_sha1, UCHAR_LEN("n,a=masteruser,,"), NULL, NULL, FALSE, FALSE, FALSE},
@@ -387,7 +372,6 @@ static void test_mechs(void)
test_end();
} T_END;
- mech_otp_deinit();
auths_deinit();
auth_token_deinit();
password_schemes_deinit();
diff -up dovecot-2.3.20/src/doveadm/Makefile.am.nolibotp dovecot-2.3.20/src/doveadm/Makefile.am
--- dovecot-2.3.20/src/doveadm/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100
+++ dovecot-2.3.20/src/doveadm/Makefile.am 2023-02-14 16:54:02.119531023 +0100
@@ -36,8 +36,7 @@ AM_CPPFLAGS = \
$(BINARY_CFLAGS)
cmd_pw_libs = \
- ../auth/libpassword.la \
- ../lib-otp/libotp.la
+ ../auth/libpassword.la
libs = \
dsync/libdsync.la \
diff -up dovecot-2.3.20/src/Makefile.am.nolibotp dovecot-2.3.20/src/Makefile.am
--- dovecot-2.3.20/src/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100
+++ dovecot-2.3.20/src/Makefile.am 2023-02-14 16:54:02.119531023 +0100
@@ -40,7 +40,6 @@ SUBDIRS = \
lib-index \
lib-storage \
lib-sql \
- lib-otp \
lib-lda \
lib-dict-backend \
anvil \