rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-27 06:54:15 +01:00
Code Issues Projects Releases Wiki Activity

generate_challenge() only generated half as many bytes as it should.

Browse Source 
Changed generate_challenge() to generating bytes instead of a hex
encoded string, to not have to decode what we just encoded - instead
just generate plain bytes of randomness and then encode them once.
This commit is contained in:
Fredrik Thulin 2011-03-14 14:31:22 +01:00
parent 14e917ffae
commit 0142f265e5
1 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pam_yubico.c
View File

@ -383,24 +383,22 @@ struct cfg
char *chalresp_path; char *chalresp_path;
}; };
/* Fill buf with len/2 bytes of random data (hex-encoded) */ /* Fill buf with len bytes of random data */
static int generate_challenge(char *buf, int len) static int generate_challenge(char *buf, int len)
{ {
FILE *u; FILE *u;
int i; int i, res;
u = fopen("/dev/urandom", "r"); u = fopen("/dev/urandom", "r");
if (!u) { if (!u) {
return -1; return -1;
} }
for (i = 0; i < len/2; i++) { res = fread(buf, 1, (size_t) len, u);
int t = getc(u); fclose(u);
sprintf(buf, "%x", t);
buf++; return (res != len);
}
return 0;
} }
int int
@ -448,12 +446,12 @@ do_challenge_response(struct cfg *cfg, const char *username)
{ {
char *userfile = NULL; char *userfile = NULL;
FILE *f = NULL; FILE *f = NULL;
char challenge_hex[64], expected_response[64];
char challenge[32]; char challenge[32];
char challenge_hex[sizeof(challenge) * 2 + 1], expected_response[64];
int r, slot, ret, fd; int r, slot, ret, fd;
unsigned char response[64]; unsigned char response[64];
unsigned char response_hex[sizeof(response) * 2]; unsigned char response_hex[sizeof(response) * 2 + 1];
int yk_cmd; int yk_cmd;
unsigned int flags = 0; unsigned int flags = 0;
unsigned int response_len = 0; unsigned int response_len = 0;
@ -509,12 +507,14 @@ do_challenge_response(struct cfg *cfg, const char *username)
goto out; goto out;
} }
D(("Got the expected response, generating new challenge.")); D(("Got the expected response, generating new challenge (%i bytes).", sizeof(challenge)));
if (generate_challenge(challenge_hex, 64) < 0) if (generate_challenge(challenge, 20)) {
D(("Failed generating new challenge!"));
goto out; goto out;
yubikey_hex_decode(challenge, challenge_hex, strlen(challenge_hex)); }
if (!yk_write_to_key(yk, yk_cmd, challenge, strlen(challenge_hex)/2))
if (!yk_write_to_key(yk, yk_cmd, challenge, 20))
goto out; goto out;
if (! yk_read_response_from_key(yk, slot, flags, if (! yk_read_response_from_key(yk, slot, flags,
@ -526,6 +526,9 @@ do_challenge_response(struct cfg *cfg, const char *username)
/* the yk_* functions leave 'junk' in errno */ /* the yk_* functions leave 'junk' in errno */
errno = 0; errno = 0;
memset(challenge_hex, 0, sizeof(challenge_hex));
memset(response_hex, 0, sizeof(response_hex));
yubikey_hex_encode(challenge_hex, (char *)challenge, 20);
yubikey_hex_encode(response_hex, (char *)response, response_len > 20 ? 20 : response_len); yubikey_hex_encode(response_hex, (char *)response, response_len > 20 ? 20 : response_len);
rewind(f); rewind(f);
fd = fileno(f); fd = fileno(f);