Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-auth/libpam-google-authenticator/files/allow_time_config.patch
blob: 85c48b0d93f9d59567b656f425a8999b868c1d31 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

From ab2b4ba85e417eb0b4a497da84cd31b7e4a2bbe8 Mon Sep 17 00:00:00 2001
From: Brian Ristuccia <brian@ristuccia.com>
Date: Tue, 14 Aug 2012 11:42:55 -0400
Subject: [PATCH] Add configuration option for TOTP time step size. Previously the time step
 was hardcoded to 30 seconds, which is now the default.

---
 libpam/FILEFORMAT                 |    2 ++
 libpam/pam_google_authenticator.c |   19 ++++++++++++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/libpam/FILEFORMAT b/libpam/FILEFORMAT
index 0f0ad8a..b267b68 100644
--- a/libpam/FILEFORMAT
+++ b/libpam/FILEFORMAT
@@ -54,6 +54,8 @@ Currently, the following options are recognized:
     for most users as invalid login attempts and generated-but-not-used
     tokens both contribute to synchronization problems.
 
+  TIME_STEP_SIZE n
+    the default value time step size is 30 seconds.
 
 Any all-numeric sequence of eight-digit numbers are randomly generated
 one-time tokens. The user can enter any arbitrary one-time code
diff --git a/libpam/pam_google_authenticator.c b/libpam/pam_google_authenticator.c
index 159e89e..e8dd5ab 100644
--- a/libpam/pam_google_authenticator.c
+++ b/libpam/pam_google_authenticator.c
@@ -502,8 +502,8 @@ static time_t get_time(void) {
 }
 #endif
 
-static int get_timestamp(void) {
-  return get_time()/30;
+static int get_timestamp(int step_size) {
+  return get_time()/step_size;
 }
 
 static int comparator(const void *a, const void *b) {
@@ -1160,8 +1160,21 @@ static int check_timebased_code(pam_handle_t *pamh, const char*secret_filename,
     return 1;
   }
 
+  const char *step_size_str = get_cfg_value(pamh, "TIME_STEP_SIZE", *buf);
+  if (step_size_str == &oom) {
+    // Out of memory. This is a fatal error
+    return -1;
+  }
+  
+  // Default step size of 30s
+  int step_size = 30;
+  if (step_size_str) {
+    step_size = (int)strtol(step_size_str, NULL, 10);
+  }
+  free((void *)step_size_str);
+  
   // Compute verification codes and compare them with user input
-  const int tm = get_timestamp();
+  const int tm = get_timestamp(step_size);
   const char *skew_str = get_cfg_value(pamh, "TIME_SKEW", *buf);
   if (skew_str == &oom) {
     // Out of memory. This is a fatal error
-- 
1.7.2.5