From ba67703a83775ce97c7002a46961b4a3c1ae9fe2 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Fri, 18 Oct 2002 10:20:44 +0000
Subject: OTP fix patches from Stanislav Brabec.

svn path=/trunk/; revision=3735
---
 pop3.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'pop3.c')

diff --git a/pop3.c b/pop3.c
index 76d6c437..e9ffbbaa 100644
--- a/pop3.c
+++ b/pop3.c
@@ -318,6 +318,32 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 
 	/* ordinary validation, no one-time password or RPA */ 
 	gen_transact(sock, "USER %s", ctl->remotename);
+
+#if OPIE_ENABLE
+	/* see RFC1938: A One-Time Password System */
+	if (challenge = strstr(lastok, "otp-")) {
+	  char response[OPIE_RESPONSE_MAX+1];
+	  int i;
+
+	  i = opiegenerator(challenge, !strcmp(ctl->password, "opie") ? "" : ctl->password, response);
+	  if ((i == -2) && !run.poll_interval) {
+	    char secret[OPIE_SECRET_MAX+1];
+	    fprintf(stderr, GT_("Secret pass phrase: "));
+	    if (opiereadpass(secret, sizeof(secret), 0))
+	      i = opiegenerator(challenge,  secret, response);
+	    memset(secret, 0, sizeof(secret));
+	  };
+
+	  if (i) {
+	    ok = PS_ERROR;
+	    break;
+	  };
+
+	  ok = gen_transact(sock, "PASS %s", response);
+	  break;
+	}
+#endif /* OPIE_ENABLE */
+
 	strcpy(shroud, ctl->password);
 	ok = gen_transact(sock, "PASS %s", ctl->password);
 	shroud[0] = '\0';
-- 
cgit v1.2.3