FreeBSD Bugzilla – Attachment 149035 Details for
Bug 194723
[patch] update for variable time windows when using security/pam_google_authenticator for totp authn
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Unified diff for security/pam_google_authenticator/files/patch-pam_google_authenticator.c
patch-pam_google_authenticator.c (text/plain), 1.82 KB, created by
paul
on 2014-11-04 17:16:22 UTC
(
hide
)
Description:
Unified diff for security/pam_google_authenticator/files/patch-pam_google_authenticator.c
Filename:
MIME Type:
Creator:
paul
Created:
2014-11-04 17:16:22 UTC
Size:
1.82 KB
patch
obsolete
>--- pam_google_authenticator.c.orig 2014-01-30 15:17:38.000000000 +0000 >+++ pam_google_authenticator.c 2014-11-04 17:05:55.000000000 +0000 >@@ -503,10 +503,6 @@ > } > #endif > >-static int get_timestamp(void) { >- return get_time()/30; >-} >- > static int comparator(const void *a, const void *b) { > return *(unsigned int *)a - *(unsigned int *)b; > } >@@ -538,6 +534,41 @@ > return NULL; > } > >+#if !defined(STEPSIZE) >+static int get_timestamp(void) { >+ return get_time()/30; >+} >+#else >+static int get_timestamp(pam_handle_t *pamh, const char *secret_filename, >+ const char *buf) { >+ const char *value = get_cfg_value(pamh, "STEP_SIZE", buf); >+ if (!value) { >+ // Default step size is 30. >+ free((void *)value); >+ return get_time()/30; >+ } else if (value == &oom) { >+ // Out of memory. This is a fatal error. >+ return 0; >+ } >+ >+ char *endptr; >+ errno = 0; >+ int step = (int)strtoul(value, &endptr, 10); >+ if (errno || !*value || value == endptr || >+ (*endptr && *endptr != ' ' && *endptr != '\t' && >+ *endptr != '\n' && *endptr != '\r') || >+ step < 1 || step > 60) { >+ free((void *)value); >+ log_message(LOG_ERR, pamh, "Invalid STEP_SIZE option in \"%s\"", >+ secret_filename); >+ return 0; >+ } >+ free((void *)value); >+ >+ return get_time()/step; >+} >+#endif >+ > static int set_cfg_value(pam_handle_t *pamh, const char *key, const char *val, > char **buf) { > size_t key_len = strlen(key); >@@ -1162,7 +1193,11 @@ > } > > // Compute verification codes and compare them with user input >+#if !defined(STEPSIZE) > const int tm = get_timestamp(); >+#else >+ const int tm = get_timestamp(pamh, secret_filename, *buf); >+#endif > const char *skew_str = get_cfg_value(pamh, "TIME_SKEW", *buf); > if (skew_str == &oom) { > // Out of memory. This is a fatal error
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=149035">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 194723
:
148843
|
148844
|
149004
|
149005
|
149035
|
149036
|
149563