diff --git a/ppp/pam_ppp.c b/ppp/pam_ppp.c index b1cca18..2183628 100644 --- a/ppp/pam_ppp.c +++ b/ppp/pam_ppp.c @@ -83,6 +83,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar goto cleanup; } + /* Reserve the passcode the user will have to type */ + reservePasscodeNum(); + struct pam_conv *conversation; struct pam_message message; struct pam_message *pmessage = &message; diff --git a/ppp/ppp.c b/ppp/ppp.c index 66b233b..ad5b3ac 100644 --- a/ppp/ppp.c +++ b/ppp/ppp.c @@ -77,6 +77,9 @@ static int nRounds = 0; static mp_int d_seqKey; static mp_int d_currPasscodeNum; +static mp_int d_reservedPasscodeNum; +static char d_reserved; + static mp_int d_lastCardGenerated; static mp_int d_maxPasscodes; static char d_passcode[5] = ""; @@ -276,6 +279,7 @@ static void _compute_passcode_block(mp_int *cipherNum, mp_int *cipherBlock) { void pppInit() { mp_init(&d_seqKey); mp_init(&d_currPasscodeNum); + d_reserved = 0; mp_init(&d_lastCardGenerated); /* Here, we compute the maximum number of passcodes handle by this @@ -362,13 +366,13 @@ char *currCode() { mp_init(&mp); mp_init(&row); - calculateCardContainingPasscode(currPasscodeNum(), &mp); + calculateCardContainingPasscode(currAuthPasscodeNum(), &mp); mp_add_d(&mp, 1, &mp); char *cardstr = mpToDecimalString(&mp, ','); mp_sub_d(&mp, 1, &mp); mp_mul_d(&mp, 70, &row); - mp_sub(currPasscodeNum(), &row, &row); + mp_sub(currAuthPasscodeNum(), &row, &row); mp_set_int(&mp, 7); mp_div(&row, &mp, &row, &mp); _mp_to_uint(&row, &r); @@ -394,18 +398,33 @@ char *currPrompt() { return d_prompt; } + int pppAuthenticate(const char *attempt) { int rv = 0; - if (strcmp(getPasscode(currPasscodeNum()), attempt) == 0) { + + if (strcmp(getPasscode(currAuthPasscodeNum()), attempt) == 0) { rv = 1; - incrCurrPasscodeNum(); - writeState(); - } else { - if ( ! pppCheckFlags(PPP_DONT_SKIP_ON_FAILURES)) { + if (!d_reserved) { + /* Increment now, wasn't incremented before */ incrCurrPasscodeNum(); writeState(); } + } else { + if ( ! pppCheckFlags(PPP_DONT_SKIP_ON_FAILURES)) { + if (!d_reserved) { + /* Increment now */ + incrCurrPasscodeNum(); + writeState(); + } + } else { + if (d_reserved) { + /* Was reserved, but failed and should be decreased... */ + decrCurrPasscodeNum(); + writeState(); + } + } } + d_reserved = 0; _zero_bytes((unsigned char *)d_passcode, 5); @@ -440,7 +459,7 @@ int pppWarning(char *buf, int size) { " more passcodes IMMEDIATELY so you can continue to log\n" " into your account.\n" "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n", - mpToDecimalString(&mp, NULL), (mp_cmp_d(&mp, 1) ? "s":"") + mpToDecimalString(&mp, 0), (mp_cmp_d(&mp, 1) ? "s":"") ); } break; @@ -489,11 +508,22 @@ void setSeqKey(mp_int *mp) { mp_copy(mp, &d_seqKey); } +mp_int *currAuthPasscodeNum() { + /* Return passcode which must be used for authentication */ + if (d_reserved) { + return &d_reservedPasscodeNum; + } else { + return &d_currPasscodeNum; + } +} + mp_int *currPasscodeNum() { + /* Return passcode */ return &d_currPasscodeNum; } -void setCurrPasscodeNum(mp_int *mp) { + +void setCurrPasscodeNum(const mp_int *mp) { mp_copy(mp, &d_currPasscodeNum); } @@ -505,6 +535,21 @@ void incrCurrPasscodeNum() { mp_add_d(&d_currPasscodeNum, 1, &d_currPasscodeNum); } +void decrCurrPasscodeNum() { + mp_sub_d(&d_currPasscodeNum, 1, &d_currPasscodeNum); +} + + +void reservePasscodeNum(void) { + mp_copy(&d_currPasscodeNum, &d_reservedPasscodeNum); + d_reserved = 1; + + /* Increment num, so parallel sessions won't reserve the same passCode */ + /* FIXME: Races should be fixed by some lock file */ + incrCurrPasscodeNum(); + writeState(); +} + mp_int *lastCardGenerated() { return &d_lastCardGenerated; } diff --git a/ppp/ppp.h b/ppp/ppp.h index ab49fdf..04f215d 100644 --- a/ppp/ppp.h +++ b/ppp/ppp.h @@ -55,9 +55,13 @@ int pppWarning(char *buf, int size); mp_int *seqKey(); void setSeqKey(mp_int *mp); mp_int *currPasscodeNum(); -void setCurrPasscodeNum(mp_int *mp); +mp_int *currAuthPasscodeNum(); +void setCurrPasscodeNum(const mp_int *mp); void zeroCurrPasscodeNum(); void incrCurrPasscodeNum(); +void decrCurrPasscodeNum(); +void reservePasscodeNum(void); +mp_int *reservedPasscodeNum(void); mp_int *lastCardGenerated(); void setLastCardGenerated(mp_int *mp); void zeroLastCardGenerated();