Attachment #148844 for bug #194723

View | Details | Raw Unified | Return to bug 194723 | Differences between
Collapse All | Expand All




*** pam_google_authenticator.c.orig	Thu Jan 30 15:17:38 2014
--- pam_google_authenticator.c	Fri Oct 31 19:42:43 2014
***************
*** 503,512 ****
  }
  #endif
  
- static int get_timestamp(void) {
-   return get_time()/30;
- }
- 
  static int comparator(const void *a, const void *b) {
    return *(unsigned int *)a - *(unsigned int *)b;
  }
--- 503,508 ----
***************
*** 538,543 ****
--- 534,574 ----
    return NULL;
  }
  
+ #if !defined(STEPSIZE)
+ static int get_timestamp(void) {
+   return get_time()/30;
+ }
+ #else
+ static int get_timestamp(pam_handle_t *pamh, const char *secret_filename,
+                        const char *buf) {
+   const char *value = get_cfg_value(pamh, "STEP_SIZE", buf);
+   if (!value) {
+     // Default step size is 30.
+     free((void *)value);
+     return 30;
+   } else if (value == &oom) {
+     // Out of memory. This is a fatal error.
+     return 0;
+   }
+ 
+   char *endptr;
+   errno = 0;
+   int step = (int)strtoul(value, &endptr, 10);
+   if (errno || !*value || value == endptr ||
+       (*endptr && *endptr != ' ' && *endptr != '\t' &&
+        *endptr != '\n' && *endptr != '\r') ||
+       step < 1 || step > 60) {
+     free((void *)value);
+     log_message(LOG_ERR, pamh, "Invalid STEP_SIZE option in \"%s\"",
+                 secret_filename);
+     return 0;
+   }
+   free((void *)value);
+ 
+   return get_time()/step;
+ }
+ #endif
+ 
  static int set_cfg_value(pam_handle_t *pamh, const char *key, const char *val,
                           char **buf) {
    size_t key_len = strlen(key);
***************
*** 1162,1168 ****
    }
  
    // Compute verification codes and compare them with user input
!   const int tm = get_timestamp();
    const char *skew_str = get_cfg_value(pamh, "TIME_SKEW", *buf);
    if (skew_str == &oom) {
      // Out of memory. This is a fatal error
--- 1193,1199 ----
    }
  
    // Compute verification codes and compare them with user input
!   const int tm = get_timestamp(pamh, secret_filename, *buf);
    const char *skew_str = get_cfg_value(pamh, "TIME_SKEW", *buf);
    if (skew_str == &oom) {
      // Out of memory. This is a fatal error

Return to bug 194723

Added Link Here

(-)./files/patch-pam_google_authenticator.c (+76 lines)
1	*** pam_google_authenticator.c.orig Thu Jan 30 15:17:38 2014
2	--- pam_google_authenticator.c Fri Oct 31 19:42:43 2014
3	***************
4	* 503,512 **
5	}
6	#endif
7
8	- static int get_timestamp(void) {
9	- return get_time()/30;
10	- }
11	-
12	static int comparator(const void a, const void b) {
13	return (unsigned int )a - (unsigned int )b;
14	}
15	--- 503,508 ----
16	***************
17	* 538,543 **
18	--- 534,574 ----
19	return NULL;
20	}
21
22	+ #if !defined(STEPSIZE)
23	+ static int get_timestamp(void) {
24	+ return get_time()/30;
25	+ }
26	+ #else
27	+ static int get_timestamp(pam_handle_t pamh, const char secret_filename,
28	+ const char *buf) {
29	+ const char *value = get_cfg_value(pamh, "STEP_SIZE", buf);
30	+ if (!value) {
31	+ // Default step size is 30.
32	+ free((void *)value);
33	+ return 30;
34	+ } else if (value == &oom) {
35	+ // Out of memory. This is a fatal error.
36	+ return 0;
37	+ }
38	+
39	+ char *endptr;
40	+ errno = 0;
41	+ int step = (int)strtoul(value, &endptr, 10);
42	+ if (errno \|\| !*value \|\| value == endptr \|\|
43	+ (endptr && endptr != ' ' && *endptr != '\t' &&
44	+ endptr != '\n' && endptr != '\r') \|\|
45	+ step < 1 \|\| step > 60) {
46	+ free((void *)value);
47	+ log_message(LOG_ERR, pamh, "Invalid STEP_SIZE option in \"%s\"",
48	+ secret_filename);
49	+ return 0;
50	+ }
51	+ free((void *)value);
52	+
53	+ return get_time()/step;
54	+ }
55	+ #endif
56	+
57	static int set_cfg_value(pam_handle_t pamh, const char key, const char *val,
58	char **buf) {
59	size_t key_len = strlen(key);
60	***************
61	* 1162,1168 **
62	}
63
64	// Compute verification codes and compare them with user input
65	! const int tm = get_timestamp();
66	const char skew_str = get_cfg_value(pamh, "TIME_SKEW", buf);
67	if (skew_str == &oom) {
68	// Out of memory. This is a fatal error
69	--- 1193,1199 ----
70	}
71
72	// Compute verification codes and compare them with user input
73	! const int tm = get_timestamp(pamh, secret_filename, *buf);
74	const char skew_str = get_cfg_value(pamh, "TIME_SKEW", buf);
75	if (skew_str == &oom) {
76	// Out of memory. This is a fatal error