removed skey and added otp

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@985 ec53bebd-3082-4978-b11e-865c3cabbd6b

appl/popper/Makefile.in

@@ -9,11 +9,10 @@ CC = @CC@
 AR = ar
 RANLIB = @RANLIB@
 DEFS = @DEFS@
-CFLAGS = @CFLAGS@ @SKEYINCLUDE@
+CFLAGS = @CFLAGS@
 LD_FLAGS = @LD_FLAGS@
 INSTALL = @INSTALL@
 LIBS = @LIBS@
-SKEYLIB = @SKEYLIB@
 MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
 
 prefix = @prefix@
@@ -76,8 +75,9 @@ dist: $(DISTFILES)
 	done
 
 KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes -L../../lib/roken -lroken
+OTPLIB=-L../../lib/otp -lotp
 
 popper: $(OBJECTS)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS) $(KLIB) $(LIBS) $(SKEYLIB)
+	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS) $(OTPLIB) $(KLIB) $(LIBS)
 
 $(OBJECTS): ../../config.h

appl/popper/pop_pass.c

@@ -51,22 +51,19 @@ pop_pass (POP *p)
 
 	 sprintf (tkt, TKT_ROOT "_popper.%d", (int)getpid());
 	 krb_set_tkt_string (tkt);
-#ifdef SKEY
+	 if (otp_verify_user (&p->otp_ctx, p->pop_parm[1]) == 0)
-	 if (skeyverify (&p->sk, p->pop_parm[1]) == 0)
 	     ;
-	 else if(!p->permit_passwd)
+	 else if(p->no_passwd)
 	     return pop_msg(p, POP_FAILURE,
 			    "Password supplied for \"%s\" is incorrect.",
 			    p->user);
-	 else
+	 else if (krb_verify_user(p->user, "", lrealm, p->pop_parm[1],
-#endif
+				  1, "pop") &&
-
+		  unix_verify_user(p->user, p->pop_parm[1])) {
-	 if (krb_verify_user(p->user, "", lrealm, p->pop_parm[1], 1, "pop") &&
+	     dest_tkt ();
-	     unix_verify_user(p->user, p->pop_parm[1])) {
+	     return (pop_msg(p,POP_FAILURE,
-	      dest_tkt ();
+			     "Password supplied for \"%s\" is incorrect.",
-	      return (pop_msg(p,POP_FAILURE,
+			     p->user));
-			      "Password supplied for \"%s\" is incorrect.",
-			      p->user));
 	 }
 	 dest_tkt ();
     } else {

appl/popper/pop_user.c

@@ -14,23 +14,17 @@ RCSID("$Id$");
 int
 pop_user (POP *p)
 {
-#ifdef SKEY
+    char ss[256];
-    char ss[256], msg[256];
-#endif
 
-    /*  Save the user name */
     strcpy(p->user, p->pop_parm[1]);
 
-#ifdef SKEY
+    if (otp_challenge (&p->otp_ctx, p->user, ss, sizeof(ss)) == 0) {
-    p->permit_passwd = skeyaccess(k_getpwnam (p->user), NULL,
+	return pop_msg(p, POP_SUCCESS, "Password %s required for %s.",
-				  p->client, NULL);
-    if (skeychallenge (&p->sk, p->user, ss) == 0) {
-	return pop_msg(p, POP_SUCCESS, "Password [%s] required for %s.",
 		       ss, p->user);
-    } else if (!p->permit_passwd)
+    } else if (p->no_passwd) {
-	return pop_msg(p, POP_FAILURE, "Access unauthorized for %s.",
+	char *s = otp_error(&p->otp_ctx);
-		       p->user);
+	return pop_msg(p, POP_FAILURE, "Permission denied%s%s",
-#endif
+		       s ? ":" : "", s);
-    /*  Tell the user that the password is required */
+    } else
-    return pop_msg(p, POP_SUCCESS, "Password required for %s.", p->user);
+	return pop_msg(p, POP_SUCCESS, "Password required for %s.", p->user);
 }

appl/popper/popper.h

@@ -122,9 +122,7 @@
 #include <maillock.h>
 #endif
 
-#if defined(SKEY)
+#include <otp.h>
-#include <skey.h>
-#endif
 
 #if defined(KRB4_MAILDIR)
 #define POP_MAILDIR	KRB4_MAILDIR
@@ -232,10 +230,8 @@ typedef struct  {                               /*  POP parameter block */
 #ifdef KERBEROS
     AUTH_DAT		kdata;
 #endif
-#ifdef SKEY
+    int			no_passwd;		/*  Dont allow cleartext */
-    struct skey		sk;			/*  Skey state */
+    OtpContext		otp_ctx;		/*  OTP context */
-    int			permit_passwd;          /*  allow cleartext pwd? */
-#endif
 } POP;
 
 typedef struct {                                /*  State information for