mirror of
https://github.com/Yubico/yubico-pam.git
synced 2024-12-03 03:24:12 +01:00
refactor to use chalresp function from ykpers
so challenge_response() now calls yk_challenge_response() to do the yubikey internal stuff.
This commit is contained in:
Klas Lindfors
parent
4faa544311
commit
eb78d4882b
@ -461,7 +461,6 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
|
||||
char buf[CR_RESPONSE_SIZE + 16], response_hex[CR_RESPONSE_SIZE * 2 + 1];
|
||||
int ret, fd;
|
||||
|
||||
unsigned int flags = 0;
|
||||
unsigned int response_len = 0;
|
||||
YK_KEY *yk = NULL;
|
||||
CR_STATE state;
|
||||
@ -472,7 +471,6 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
|
||||
struct stat st;
|
||||
|
||||
ret = PAM_AUTH_ERR;
|
||||
flags |= YK_FLAG_MAYBLOCK;
|
||||
|
||||
if (! init_yubikey(&yk)) {
|
||||
DBG(("Failed initializing YubiKey"));
|
||||
@ -544,7 +542,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
|
||||
}
|
||||
|
||||
if (! challenge_response(yk, state.slot, state.challenge, state.challenge_len,
|
||||
true, flags, false,
|
||||
true, true, false,
|
||||
buf, sizeof(buf), &response_len)) {
|
||||
DBG(("Challenge-response FAILED"));
|
||||
goto out;
|
||||
@ -573,7 +571,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
|
||||
|
||||
errstr = "Error communicating with Yubikey, please check syslog or contact your system administrator";
|
||||
if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE,
|
||||
true, flags, false,
|
||||
true, true, false,
|
||||
buf, sizeof(buf), &response_len)) {
|
||||
DBG(("Second challenge-response FAILED"));
|
||||
goto out;
|
||||
|
||||
35
util.c
35
util.c
@ -145,15 +145,19 @@ init_yubikey(YK_KEY **yk)
|
||||
|
||||
int challenge_response(YK_KEY *yk, int slot,
|
||||
char *challenge, unsigned int len,
|
||||
bool hmac, unsigned int flags, bool verbose,
|
||||
char *response, int res_size, unsigned int *res_len)
|
||||
bool hmac, bool may_block, bool verbose,
|
||||
char *response, unsigned int res_size, unsigned int *res_len)
|
||||
{
|
||||
int yk_cmd;
|
||||
unsigned int response_len = 0;
|
||||
unsigned int expect_bytes = 0;
|
||||
|
||||
if (res_size < sizeof(64 + 16))
|
||||
if(hmac == true) {
|
||||
*res_len = 20;
|
||||
} else {
|
||||
*res_len = 16;
|
||||
}
|
||||
if (res_size < *res_len) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
memset(response, 0, res_size);
|
||||
|
||||
@ -173,28 +177,11 @@ int challenge_response(YK_KEY *yk, int slot,
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!yk_write_to_key(yk, yk_cmd, challenge, len))
|
||||
if(! yk_challenge_response(yk, yk_cmd, may_block, len,
|
||||
(unsigned char*)challenge, res_size, (unsigned char*)response)) {
|
||||
return 0;
|
||||
|
||||
if (verbose) {
|
||||
fprintf(stderr, "Reading response...\n");
|
||||
}
|
||||
|
||||
/* HMAC responses are 160 bits, Yubico 128 */
|
||||
expect_bytes = (hmac == true) ? 20 : 16;
|
||||
|
||||
if (! yk_read_response_from_key(yk, slot, flags,
|
||||
response, res_size,
|
||||
expect_bytes,
|
||||
&response_len))
|
||||
return 0;
|
||||
|
||||
if (hmac && response_len > 20)
|
||||
response_len = 20;
|
||||
if (! hmac && response_len > 16)
|
||||
response_len = 16;
|
||||
|
||||
*res_len = response_len;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
4
util.h
4
util.h
@ -89,8 +89,8 @@ int init_yubikey(YK_KEY **yk);
|
||||
int check_firmware_version(YK_KEY *yk, bool verbose, bool quiet);
|
||||
int challenge_response(YK_KEY *yk, int slot,
|
||||
char *challenge, unsigned int len,
|
||||
bool hmac, unsigned int flags, bool verbose,
|
||||
char *response, int res_size, unsigned int *res_len);
|
||||
bool hmac, bool may_block, bool verbose,
|
||||
char *response, unsigned int res_size, unsigned int *res_len);
|
||||
|
||||
#endif /* HAVE_CR */
|
||||
|
||||
|
||||
@ -126,7 +126,6 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
|
||||
{
|
||||
char buf[CR_RESPONSE_SIZE + 16];
|
||||
CR_STATE state;
|
||||
unsigned int flags = 0;
|
||||
int ret = 0;
|
||||
unsigned int response_len;
|
||||
char *fn;
|
||||
@ -134,7 +133,6 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
|
||||
FILE *f = NULL;
|
||||
|
||||
state.slot = slot;
|
||||
flags |= YK_FLAG_MAYBLOCK;
|
||||
*exit_code = 1;
|
||||
|
||||
p = getpwuid (getuid ());
|
||||
@ -185,7 +183,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
|
||||
state.challenge_len = CR_CHALLENGE_SIZE;
|
||||
|
||||
if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE,
|
||||
true, flags, verbose,
|
||||
true, true, verbose,
|
||||
buf, sizeof(buf), &response_len))
|
||||
goto out;
|
||||
|
||||
@ -202,7 +200,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
|
||||
goto out;
|
||||
}
|
||||
if (! challenge_response(yk, state.slot, challenge, CR_CHALLENGE_SIZE,
|
||||
true, flags, verbose,
|
||||
true, true, verbose,
|
||||
buf2, sizeof(buf2), &response_len))
|
||||
goto out;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user