Changeset 627 in openpam


Ignore:
Timestamp:
Feb 28, 2013, 12:11:45 PM (8 years ago)
Author:
Dag-Erling Smørgrav
Message:

After decoding a URI, check the result and set default values.

Location:
trunk/modules/pam_oath
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/modules/pam_oath/oath.h

    r626 r627  
    3232#ifndef OATH_H_INCLUDED
    3333#define OATH_H_INCLUDED
     34
     35/*
     36 * Default time step for TOTP: 30 seconds.
     37 */
     38#define OATH_DEF_TIMESTEP       30
    3439
    3540/*
  • trunk/modules/pam_oath/oath_key.c

    r626 r627  
    4646#include <security/pam_appl.h>
    4747#include <security/openpam.h>
     48
    4849#include "openpam_strlcmp.h"
    4950
     
    126127        key->label = (char *)key->data;
    127128        key->labellen = (q - p) + 1;
    128         /* assert: key->labellen < key->datalen */
    129129        memcpy(key->label, p, q - p);
    130130        key->label[q - p] = '\0';
     
    204204        }
    205205
     206        /* sanity checks and default values */
     207        if (key->mode == om_hotp) {
     208                if (key->timestep != 0)
     209                        goto invalid;
     210                if (key->counter == UINTMAX_MAX)
     211                        key->counter = 0;
     212        } else if (key->mode == om_totp) {
     213                if (key->counter != UINTMAX_MAX)
     214                        goto invalid;
     215                if (key->timestep == 0)
     216                        key->timestep = OATH_DEF_TIMESTEP;
     217        } else {
     218                /* unreachable */
     219                oath_key_free(key);
     220                return (NULL);
     221        }
     222        if (key->hash == oh_undef)
     223                key->hash = oh_sha1;
     224        if (key->digits == 0)
     225                key->digits = 6;
     226        if (key->keylen == 0)
     227                goto invalid;
     228
    206229invalid:
    207230        openpam_log(PAM_LOG_NOTICE, "invalid OATH URI: %s", uri);
Note: See TracChangeset for help on using the changeset viewer.