rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-12-01 15:24:12 +01:00
Code Issues Projects Releases Wiki Activity

refactor to use chalresp function from ykpers

Browse Source 
so challenge_response() now calls yk_challenge_response() to
do the yubikey internal stuff.
This commit is contained in:
Klas Lindfors 2013-09-18 09:57:52 +02:00
parent 4faa544311
commit eb78d4882b
4 changed files with 19 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pam_yubico.c
View File

@ -461,7 +461,6 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
char buf[CR_RESPONSE_SIZE + 16], response_hex[CR_RESPONSE_SIZE * 2 + 1]; char buf[CR_RESPONSE_SIZE + 16], response_hex[CR_RESPONSE_SIZE * 2 + 1];
int ret, fd; int ret, fd;
unsigned int flags = 0;
unsigned int response_len = 0; unsigned int response_len = 0;
YK_KEY *yk = NULL; YK_KEY *yk = NULL;
CR_STATE state; CR_STATE state;
@ -472,7 +471,6 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
struct stat st; struct stat st;
ret = PAM_AUTH_ERR; ret = PAM_AUTH_ERR;
flags |= YK_FLAG_MAYBLOCK;
if (! init_yubikey(&yk)) { if (! init_yubikey(&yk)) {
DBG(("Failed initializing YubiKey")); DBG(("Failed initializing YubiKey"));
@ -544,7 +542,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
} }
if (! challenge_response(yk, state.slot, state.challenge, state.challenge_len, if (! challenge_response(yk, state.slot, state.challenge, state.challenge_len,
true, flags, false, true, true, false,
buf, sizeof(buf), &response_len)) { buf, sizeof(buf), &response_len)) {
DBG(("Challenge-response FAILED")); DBG(("Challenge-response FAILED"));
goto out; goto out;
@ -573,7 +571,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
errstr = "Error communicating with Yubikey, please check syslog or contact your system administrator"; errstr = "Error communicating with Yubikey, please check syslog or contact your system administrator";
if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE, if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE,
true, flags, false, true, true, false,
buf, sizeof(buf), &response_len)) { buf, sizeof(buf), &response_len)) {
DBG(("Second challenge-response FAILED")); DBG(("Second challenge-response FAILED"));
goto out; goto out;

35
util.c
View File

@ -145,15 +145,19 @@ init_yubikey(YK_KEY **yk)
int challenge_response(YK_KEY *yk, int slot, int challenge_response(YK_KEY *yk, int slot,
char *challenge, unsigned int len, char *challenge, unsigned int len,
bool hmac, unsigned int flags, bool verbose, bool hmac, bool may_block, bool verbose,
char *response, int res_size, unsigned int *res_len) char *response, unsigned int res_size, unsigned int *res_len)
{ {
int yk_cmd; int yk_cmd;
unsigned int response_len = 0;
unsigned int expect_bytes = 0;
if (res_size < sizeof(64 + 16)) if(hmac == true) {
*res_len = 20;
} else {
*res_len = 16;
}
if (res_size < *res_len) {
return 0; return 0;
}
memset(response, 0, res_size); memset(response, 0, res_size);
@ -173,28 +177,11 @@ int challenge_response(YK_KEY *yk, int slot,
return 0; return 0;
} }
if (!yk_write_to_key(yk, yk_cmd, challenge, len)) if(! yk_challenge_response(yk, yk_cmd, may_block, len,
(unsigned char*)challenge, res_size, (unsigned char*)response)) {
return 0; return 0;
if (verbose) {
fprintf(stderr, "Reading response...\n");
} }
/* HMAC responses are 160 bits, Yubico 128 */
expect_bytes = (hmac == true) ? 20 : 16;
if (! yk_read_response_from_key(yk, slot, flags,
response, res_size,
expect_bytes,
&response_len))
return 0;
if (hmac && response_len > 20)
response_len = 20;
if (! hmac && response_len > 16)
response_len = 16;
*res_len = response_len;
return 1; return 1;
} }

4
util.h
View File

@ -89,8 +89,8 @@ int init_yubikey(YK_KEY **yk);
int check_firmware_version(YK_KEY *yk, bool verbose, bool quiet); int check_firmware_version(YK_KEY *yk, bool verbose, bool quiet);
int challenge_response(YK_KEY *yk, int slot, int challenge_response(YK_KEY *yk, int slot,
char *challenge, unsigned int len, char *challenge, unsigned int len,
bool hmac, unsigned int flags, bool verbose, bool hmac, bool may_block, bool verbose,
char *response, int res_size, unsigned int *res_len); char *response, unsigned int res_size, unsigned int *res_len);
#endif /* HAVE_CR */ #endif /* HAVE_CR */

6
ykpamcfg.c
View File

@ -126,7 +126,6 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
{ {
char buf[CR_RESPONSE_SIZE + 16]; char buf[CR_RESPONSE_SIZE + 16];
CR_STATE state; CR_STATE state;
unsigned int flags = 0;
int ret = 0; int ret = 0;
unsigned int response_len; unsigned int response_len;
char *fn; char *fn;
@ -134,7 +133,6 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
FILE *f = NULL; FILE *f = NULL;
state.slot = slot; state.slot = slot;
flags |= YK_FLAG_MAYBLOCK;
*exit_code = 1; *exit_code = 1;
p = getpwuid (getuid ()); p = getpwuid (getuid ());
@ -185,7 +183,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
state.challenge_len = CR_CHALLENGE_SIZE; state.challenge_len = CR_CHALLENGE_SIZE;
if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE, if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE,
true, flags, verbose, true, true, verbose,
buf, sizeof(buf), &response_len)) buf, sizeof(buf), &response_len))
goto out; goto out;
@ -202,7 +200,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
goto out; goto out;
} }
if (! challenge_response(yk, state.slot, challenge, CR_CHALLENGE_SIZE, if (! challenge_response(yk, state.slot, challenge, CR_CHALLENGE_SIZE,
true, flags, verbose, true, true, verbose,
buf2, sizeof(buf2), &response_len)) buf2, sizeof(buf2), &response_len))
goto out; goto out;