Changeset 627 in openpam

Timestamp:

Feb 28, 2013, 12:11:45 PM (8 years ago)

Author:

Dag-Erling Smørgrav

Message:

After decoding a URI, check the result and set default values.

Location:

trunk/modules/pam_oath

Files:

• oath.h (modified) (1 diff)
• oath_key.c (modified) (3 diffs)

trunk/modules/pam_oath/oath.h

@@ -32 +32 @@
 #ifndef OATH_H_INCLUDED
 #define OATH_H_INCLUDED
+
+/*
+ * Default time step for TOTP: 30 seconds.
+ */
+#define OATH_DEF_TIMESTEP       30
 
 /*

trunk/modules/pam_oath/oath_key.c

@@ -46 +46 @@
 #include <security/pam_appl.h>
 #include <security/openpam.h>
+
 #include "openpam_strlcmp.h"
 
@@ -126 +127 @@
         key->label = (char *)key->data;
         key->labellen = (q - p) + 1;
-        /* assert: key->labellen < key->datalen */
         memcpy(key->label, p, q - p);
         key->label[q - p] = '\0';
@@ -204 +204 @@
         }
 
+        /* sanity checks and default values */
+        if (key->mode == om_hotp) {
+                if (key->timestep != 0)
+                        goto invalid;
+                if (key->counter == UINTMAX_MAX)
+                        key->counter = 0;
+        } else if (key->mode == om_totp) {
+                if (key->counter != UINTMAX_MAX)
+                        goto invalid;
+                if (key->timestep == 0)
+                        key->timestep = OATH_DEF_TIMESTEP;
+        } else {
+                /* unreachable */
+                oath_key_free(key);
+                return (NULL);
+        }
+        if (key->hash == oh_undef)
+                key->hash = oh_sha1;
+        if (key->digits == 0)
+                key->digits = 6;
+        if (key->keylen == 0)
+                goto invalid;
+
 invalid:
         openpam_log(PAM_LOG_NOTICE, "invalid OATH URI: %s", uri);