After decoding a URI, check the result and set default values.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@627 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
3d15ee7552
commit
16e805fc4c
|
@ -32,6 +32,11 @@
|
||||||
#ifndef OATH_H_INCLUDED
|
#ifndef OATH_H_INCLUDED
|
||||||
#define OATH_H_INCLUDED
|
#define OATH_H_INCLUDED
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Default time step for TOTP: 30 seconds.
|
||||||
|
*/
|
||||||
|
#define OATH_DEF_TIMESTEP 30
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Maximum time step for TOTP: 10 minutes, which RFC 6238 cites as an
|
* Maximum time step for TOTP: 10 minutes, which RFC 6238 cites as an
|
||||||
* example of an unreasonably large time step.
|
* example of an unreasonably large time step.
|
||||||
|
|
|
@ -45,6 +45,7 @@
|
||||||
|
|
||||||
#include <security/pam_appl.h>
|
#include <security/pam_appl.h>
|
||||||
#include <security/openpam.h>
|
#include <security/openpam.h>
|
||||||
|
|
||||||
#include "openpam_strlcmp.h"
|
#include "openpam_strlcmp.h"
|
||||||
|
|
||||||
#include "oath.h"
|
#include "oath.h"
|
||||||
|
@ -125,7 +126,6 @@ oath_key_from_uri(const char *uri)
|
||||||
goto invalid;
|
goto invalid;
|
||||||
key->label = (char *)key->data;
|
key->label = (char *)key->data;
|
||||||
key->labellen = (q - p) + 1;
|
key->labellen = (q - p) + 1;
|
||||||
/* assert: key->labellen < key->datalen */
|
|
||||||
memcpy(key->label, p, q - p);
|
memcpy(key->label, p, q - p);
|
||||||
key->label[q - p] = '\0';
|
key->label[q - p] = '\0';
|
||||||
p = q + 1;
|
p = q + 1;
|
||||||
|
@ -203,6 +203,29 @@ oath_key_from_uri(const char *uri)
|
||||||
p = r + 1;
|
p = r + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* sanity checks and default values */
|
||||||
|
if (key->mode == om_hotp) {
|
||||||
|
if (key->timestep != 0)
|
||||||
|
goto invalid;
|
||||||
|
if (key->counter == UINTMAX_MAX)
|
||||||
|
key->counter = 0;
|
||||||
|
} else if (key->mode == om_totp) {
|
||||||
|
if (key->counter != UINTMAX_MAX)
|
||||||
|
goto invalid;
|
||||||
|
if (key->timestep == 0)
|
||||||
|
key->timestep = OATH_DEF_TIMESTEP;
|
||||||
|
} else {
|
||||||
|
/* unreachable */
|
||||||
|
oath_key_free(key);
|
||||||
|
return (NULL);
|
||||||
|
}
|
||||||
|
if (key->hash == oh_undef)
|
||||||
|
key->hash = oh_sha1;
|
||||||
|
if (key->digits == 0)
|
||||||
|
key->digits = 6;
|
||||||
|
if (key->keylen == 0)
|
||||||
|
goto invalid;
|
||||||
|
|
||||||
invalid:
|
invalid:
|
||||||
openpam_log(PAM_LOG_NOTICE, "invalid OATH URI: %s", uri);
|
openpam_log(PAM_LOG_NOTICE, "invalid OATH URI: %s", uri);
|
||||||
oath_key_free(key);
|
oath_key_free(key);
|
||||||
|
|
Loading…
Reference in New Issue