After decoding a URI, check the result and set default values.

git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@627 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-02-28 12:11:45 +00:00 · 2013-02-28 12:11:45 +00:00 · 16e805fc4c
parent 3d15ee7552
commit 16e805fc4c
2 changed files with 29 additions and 1 deletions
--- a/modules/pam_oath/oath.h
+++ b/modules/pam_oath/oath.h
@ -32,6 +32,11 @@
 #ifndef OATH_H_INCLUDED
 #define OATH_H_INCLUDED

+/*
+ * Default time step for TOTP: 30 seconds.
+ */
+#define OATH_DEF_TIMESTEP	30
+
 /*
 * Maximum time step for TOTP: 10 minutes, which RFC 6238 cites as an
 * example of an unreasonably large time step.
--- a/modules/pam_oath/oath_key.c
+++ b/modules/pam_oath/oath_key.c
@ -45,6 +45,7 @@

 #include <security/pam_appl.h>
 #include <security/openpam.h>
+
 #include "openpam_strlcmp.h"

 #include "oath.h"
@ -125,7 +126,6 @@ oath_key_from_uri(const char *uri)
 		goto invalid;
 	key->label = (char *)key->data;
 	key->labellen = (q - p) + 1;
-	/* assert: key->labellen < key->datalen */
 	memcpy(key->label, p, q - p);
 	key->label[q - p] = '\0';
 	p = q + 1;
@ -203,6 +203,29 @@ oath_key_from_uri(const char *uri)
 		p = r + 1;
 	}

+	/* sanity checks and default values */
+	if (key->mode == om_hotp) {
+		if (key->timestep != 0)
+			goto invalid;
+		if (key->counter == UINTMAX_MAX)
+			key->counter = 0;
+	} else if (key->mode == om_totp) {
+		if (key->counter != UINTMAX_MAX)
+			goto invalid;
+		if (key->timestep == 0)
+			key->timestep = OATH_DEF_TIMESTEP;
+	} else {
+		/* unreachable */
+		oath_key_free(key);
+		return (NULL);
+	}
+	if (key->hash == oh_undef)
+		key->hash = oh_sha1;
+	if (key->digits == 0)
+		key->digits = 6;
+	if (key->keylen == 0)
+		goto invalid;
+
 invalid:
 	openpam_log(PAM_LOG_NOTICE, "invalid OATH URI: %s", uri);
 	oath_key_free(key);