diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-05-23 13:01:59 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-06-25 14:22:01 +0200 |
commit | 7b15fcd57b06482be36e95e50cbec596777955b4 (patch) | |
tree | 97345a8957f29edbfd6e0bce40e35e0ba51fbc77 /daemons/ipa-slapi-plugins/ipa-pwd-extop | |
parent | 6af1fc47636ea758c81dfd4351a41cddb452e266 (diff) | |
download | freeipa-7b15fcd57b06482be36e95e50cbec596777955b4.tar.gz freeipa-7b15fcd57b06482be36e95e50cbec596777955b4.tar.xz freeipa-7b15fcd57b06482be36e95e50cbec596777955b4.zip |
Change OTPSyncRequest structure to use OctetString
This change has two motivations:
1. Clients don't have to parse the string.
2. Future token types may have new formats.
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-pwd-extop')
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 4 | ||||
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c | 37 | ||||
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.h | 4 |
3 files changed, 22 insertions, 23 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c index 23c7cb18c..60ceaaa7a 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c @@ -1157,8 +1157,8 @@ static bool ipapwd_do_otp_auth(const char *dn, Slapi_Entry *bind_entry, /* Loop through each token. */ for (int i = 0; tokens[i] && !success; i++) { /* Attempt authentication. */ - success = otptoken_validate_string(tokens[i], OTP_VALIDATE_STEPS, - creds->bv_val, creds->bv_len, true); + success = otptoken_validate_berval(tokens[i], OTP_VALIDATE_STEPS, + creds, true); /* Truncate the password to remove the OTP code at the end. */ if (success) { diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c index 27878776f..2bfcf10a2 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c @@ -58,10 +58,11 @@ bool sync_request_handle(Slapi_ComponentId *plugin_id, Slapi_PBlock *pb, { struct otptoken **tokens = NULL; LDAPControl **controls = NULL; + struct berval *second = NULL; + struct berval *first = NULL; BerElement *ber = NULL; char *token_dn = NULL; - int second = 0; - int first = 0; + bool success; if (slapi_pblock_get(pb, SLAPI_REQCONTROLS, &controls) != 0) return false; @@ -79,32 +80,30 @@ bool sync_request_handle(Slapi_ComponentId *plugin_id, Slapi_PBlock *pb, return false; /* Decode the token codes. */ - if (ber_scanf(ber, "{ii", &first, &second) == LBER_ERROR) { + if (ber_scanf(ber, "{OO", &first, &second) == LBER_ERROR) { ber_free(ber, 1); return false; } /* Decode the optional token DN. */ ber_scanf(ber, "a", &token_dn); - if (ber_scanf(ber, "}") == LBER_ERROR) { - ber_free(ber, 1); - return false; - } - ber_free(ber, 1); - /* Find all the tokens. */ - tokens = otptoken_find(plugin_id, user_dn, token_dn, true, NULL); - ber_memfree(token_dn); - if (tokens == NULL) - return false; - - /* Synchronize the token. */ - if (!otptoken_sync(tokens, OTP_SYNC_MAX_STEPS, first, second)) { - otptoken_free_array(tokens); - return false; + /* Process the synchronization. */ + success = false; + if (ber_scanf(ber, "}") != LBER_ERROR) { + tokens = otptoken_find(plugin_id, user_dn, token_dn, true, NULL); + if (tokens != NULL) { + success = otptoken_sync_berval(tokens, OTP_SYNC_MAX_STEPS, first, second); + otptoken_free_array(tokens); + } } - otptoken_free_array(tokens); + ber_memfree(token_dn); token_dn = NULL; + ber_bvfree(second); + ber_bvfree(first); + ber_free(ber, 1); + if (!success) + return false; } return true; diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.h index 049a62102..34235901b 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.h +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.h @@ -48,8 +48,8 @@ * The ASN.1 encoding of the request structure: * * OTPSyncRequest ::= SEQUENCE { - * firstCode INTEGER, - * secondCode INTEGER, + * firstCode OCTET STRING, + * secondCode OCTET STRING, * tokenDN OCTET STRING OPTIONAL * } */ |