After decoding a URI, check the result and set default values.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@627 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
3d15ee7552
commit
16e805fc4c
|
@ -32,6 +32,11 @@
|
|||
#ifndef OATH_H_INCLUDED
|
||||
#define OATH_H_INCLUDED
|
||||
|
||||
/*
|
||||
* Default time step for TOTP: 30 seconds.
|
||||
*/
|
||||
#define OATH_DEF_TIMESTEP 30
|
||||
|
||||
/*
|
||||
* Maximum time step for TOTP: 10 minutes, which RFC 6238 cites as an
|
||||
* example of an unreasonably large time step.
|
||||
|
|
|
@ -45,6 +45,7 @@
|
|||
|
||||
#include <security/pam_appl.h>
|
||||
#include <security/openpam.h>
|
||||
|
||||
#include "openpam_strlcmp.h"
|
||||
|
||||
#include "oath.h"
|
||||
|
@ -125,7 +126,6 @@ oath_key_from_uri(const char *uri)
|
|||
goto invalid;
|
||||
key->label = (char *)key->data;
|
||||
key->labellen = (q - p) + 1;
|
||||
/* assert: key->labellen < key->datalen */
|
||||
memcpy(key->label, p, q - p);
|
||||
key->label[q - p] = '\0';
|
||||
p = q + 1;
|
||||
|
@ -203,6 +203,29 @@ oath_key_from_uri(const char *uri)
|
|||
p = r + 1;
|
||||
}
|
||||
|
||||
/* sanity checks and default values */
|
||||
if (key->mode == om_hotp) {
|
||||
if (key->timestep != 0)
|
||||
goto invalid;
|
||||
if (key->counter == UINTMAX_MAX)
|
||||
key->counter = 0;
|
||||
} else if (key->mode == om_totp) {
|
||||
if (key->counter != UINTMAX_MAX)
|
||||
goto invalid;
|
||||
if (key->timestep == 0)
|
||||
key->timestep = OATH_DEF_TIMESTEP;
|
||||
} else {
|
||||
/* unreachable */
|
||||
oath_key_free(key);
|
||||
return (NULL);
|
||||
}
|
||||
if (key->hash == oh_undef)
|
||||
key->hash = oh_sha1;
|
||||
if (key->digits == 0)
|
||||
key->digits = 6;
|
||||
if (key->keylen == 0)
|
||||
goto invalid;
|
||||
|
||||
invalid:
|
||||
openpam_log(PAM_LOG_NOTICE, "invalid OATH URI: %s", uri);
|
||||
oath_key_free(key);
|
||||
|
|
Loading…
Reference in New Issue