OPIE OTP Support Patches for the Qualcomm Popper Daemon, Version 1.1 ==================================================================== This patch file, along with the OPIE software, should allow you to build a version of the Qualcomm Popper daemon (we used a beta of v2.1.4, YMMV) that supports OTP authentication. We are providing them as an example of how you might use OPIE to add OTP authentication to a POP server daemon. Please refer to the OPIE README file for information on OPIE, the license for OPIE software, and for a notice that there is NO WARRANTY of any kind on the software, including these patches. Installation ------------ First, obtain and compile the OPIE software. We built and tested these patches with OPIE 2.12. Other versions may or may not work. Copy the files 'opie.h' and 'libopie.a' into the qpopper2.1.4 directory where you have the Popper source code. From the parent of that directory, use patch(1) to apply this patch. Edit the appropriate Makefile for your system to add '-DOPIE=1' to the flags passed to the C compile (this will probably be on a CFLAGS line) and to add '-L. -lopie' to the flags passed to the loader/link editor (this will probably be either a LDFLAGS or LIBS line). Then build and install the Popper daemon normally. History ------- Modified at NRL for version 1.1. Added some documentation, changed original directory names to be more patch friendly. Created at NRL. *** qpopper2.1.4/pop_init.c Wed Jun 14 16:55:35 1995 --- qpopper2.1.4/pop_init.c Tue Dec 26 16:30:33 1995 *************** *** 51,54 **** --- 51,59 ---- */ + #if OPIE + #include "opie.h" + extern int af_pwok; + #endif /* OPIE */ + #ifdef STRDUP #include *************** *** 104,107 **** --- 109,116 ---- #endif /* KERBEROS */ + + #if OPIE + af_pwok = opieaccessfile(p->client); + #endif /* OPIE */ return(POP_SUCCESS); *** qpopper2.1.4/pop_pass.c Mon Oct 2 13:25:34 1995 --- qpopper2.1.4/pop_pass.c Tue Dec 26 16:29:41 1995 *************** *** 19,22 **** --- 19,29 ---- #include + + #if OPIE + #include "opie.h" + extern int pwok; + extern struct opie opiestate; + #endif /* OPIE */ + #include "popper.h" *************** *** 507,514 **** --- 514,532 ---- #endif + #if OPIE + if (opieverify(&opiestate, p->pop_parm[1])) { + if (pwok) + #endif /* OPIE */ if (auth_user(p, pwp) != POP_SUCCESS) { sleep(10); return(POP_FAILURE); } + #if OPIE + pop_msg(p, POP_FAILURE, pwerrmsg, p->user); + sleep(10); + return(POP_FAILURE); + } + #endif /* OPIE */ + #ifdef SECURENISPLUS *** qpopper2.1.4/pop_user.c Thu Sep 21 18:19:12 1995 --- qpopper2.1.4/pop_user.c Tue Dec 26 16:28:04 1995 *************** *** 34,37 **** --- 34,43 ---- #endif + #if OPIE + #include "opie.h" + int pwok, af_pwok; + struct opie opiestate; + #endif /* OPIE */ + #include "popper.h" *************** *** 55,58 **** --- 61,68 ---- datum key, value; # endif + #if OPIE + struct passwd *pw; + char prompt[OPIE_CHALLENGE_MAX + 1]; + #endif /* OPIE */ /* Save the user name */ *************** *** 127,131 **** --- 137,154 ---- /* Tell the user that the password is required */ + #if OPIE + if (((pw = getpwnam(p->user)) == NULL) || (pw->pw_passwd == NULL) || + (*pw->pw_passwd == '\0')) + return (pop_auth_fail(p, POP_FAILURE, pwerrmsg, p->user)); + + pwok = af_pwok && opiealways(pw->pw_dir); + + opiechallenge(&opiestate, p->user, prompt); + + return (pop_msg(p,POP_SUCCESS,"OTP response %s %s for %s.", prompt, + pwok ? "requested" : "required", p->user)); + #else /* OPIE */ return (pop_msg(p,POP_SUCCESS,"Password required for %s.",p->user)); + #endif /* OPIE */ }