Use a dummy bit in the key structure instead of relying on the label.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@726 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
01d54c2924
commit
3b992508b8
|
@ -44,6 +44,7 @@ struct oath_key {
|
||||||
uint64_t lastuse;
|
uint64_t lastuse;
|
||||||
|
|
||||||
/* housekeeping */
|
/* housekeeping */
|
||||||
|
unsigned int dummy:1;
|
||||||
unsigned int mapped:1;
|
unsigned int mapped:1;
|
||||||
unsigned int locked:1;
|
unsigned int locked:1;
|
||||||
|
|
||||||
|
|
|
@ -117,7 +117,6 @@ int
|
||||||
oath_hotp_match(struct oath_key *k, unsigned int response, int window)
|
oath_hotp_match(struct oath_key *k, unsigned int response, int window)
|
||||||
{
|
{
|
||||||
unsigned int code;
|
unsigned int code;
|
||||||
int dummy;
|
|
||||||
|
|
||||||
if (k == NULL)
|
if (k == NULL)
|
||||||
return (-1);
|
return (-1);
|
||||||
|
@ -127,10 +126,9 @@ oath_hotp_match(struct oath_key *k, unsigned int response, int window)
|
||||||
return (-1);
|
return (-1);
|
||||||
if (k->counter >= UINT64_MAX - window)
|
if (k->counter >= UINT64_MAX - window)
|
||||||
return (-1);
|
return (-1);
|
||||||
dummy = (strcmp(k->label, OATH_DUMMY_LABEL) == 0);
|
|
||||||
for (int i = 0; i < window; ++i) {
|
for (int i = 0; i < window; ++i) {
|
||||||
code = oath_hotp(k->key, k->keylen, k->counter + i, k->digits);
|
code = oath_hotp(k->key, k->keylen, k->counter + i, k->digits);
|
||||||
if (code == response && !dummy) {
|
if (code == response && !k->dummy) {
|
||||||
k->counter = k->counter + i;
|
k->counter = k->counter + i;
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
|
|
|
@ -51,13 +51,14 @@ oath_key_dummy(enum oath_mode mode, enum oath_hash hash, unsigned int digits)
|
||||||
|
|
||||||
if ((key = oath_key_alloc()) == NULL)
|
if ((key = oath_key_alloc()) == NULL)
|
||||||
return (NULL);
|
return (NULL);
|
||||||
|
key->dummy = 1;
|
||||||
key->mode = mode;
|
key->mode = mode;
|
||||||
key->digits = digits;
|
key->digits = digits;
|
||||||
key->counter = 0;
|
key->counter = 0;
|
||||||
key->timestep = 30;
|
key->timestep = 30;
|
||||||
key->hash = hash;
|
key->hash = hash;
|
||||||
strcpy(key->label, OATH_DUMMY_LABEL);
|
memcpy(key->label, OATH_DUMMY_LABEL, sizeof OATH_DUMMY_LABEL);
|
||||||
key->labellen = strlen(key->label);
|
key->labellen = sizeof OATH_DUMMY_LABEL - 1;
|
||||||
key->keylen = sizeof key->key;
|
key->keylen = sizeof key->key;
|
||||||
return (key);
|
return (key);
|
||||||
}
|
}
|
||||||
|
|
|
@ -77,7 +77,6 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window)
|
||||||
{
|
{
|
||||||
unsigned int code;
|
unsigned int code;
|
||||||
uint64_t seq;
|
uint64_t seq;
|
||||||
int dummy;
|
|
||||||
|
|
||||||
if (k == NULL)
|
if (k == NULL)
|
||||||
return (-1);
|
return (-1);
|
||||||
|
@ -88,7 +87,6 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window)
|
||||||
if (k->timestep == 0)
|
if (k->timestep == 0)
|
||||||
return (-1);
|
return (-1);
|
||||||
seq = time(NULL) / k->timestep;
|
seq = time(NULL) / k->timestep;
|
||||||
dummy = (strcmp(k->label, OATH_DUMMY_LABEL) == 0);
|
|
||||||
for (int i = -window; i <= window; ++i) {
|
for (int i = -window; i <= window; ++i) {
|
||||||
#if OATH_TOTP_PREVENT_REUSE
|
#if OATH_TOTP_PREVENT_REUSE
|
||||||
/* XXX disabled for now, should be a key parameter? */
|
/* XXX disabled for now, should be a key parameter? */
|
||||||
|
@ -96,7 +94,7 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window)
|
||||||
continue;
|
continue;
|
||||||
#endif
|
#endif
|
||||||
code = oath_hotp(k->key, k->keylen, seq + i, k->digits);
|
code = oath_hotp(k->key, k->keylen, seq + i, k->digits);
|
||||||
if (code == response && !dummy) {
|
if (code == response && !k->dummy) {
|
||||||
k->lastuse = seq;
|
k->lastuse = seq;
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue