Christian Hesse <[email protected]> on Wed, 2013/01/09 11:02:
> Simon Josefsson <[email protected]> on Tue, 2013/01/08 21:32:
> > Christian Hesse <[email protected]> writes:
> >
> > > Hello everybody,
> > >
> > > some time ago support was added to handles multiple lines for a single
> > > user. This works only if the (two factor) password is identical.
> > >
> > > The attached patch makes liboath try other configurations for the same
> > > user if status is OATH_BAD_PASSWORD. Hope this is correct.
> >
> > Hi. Could you give an example two lines and what verification call is
> > triggering this problem? So that can be added to the regression tests.
> >
> > Sorry that you just missed the 2.0.2 release, I'll try to get another
> > released pulled together soon.
>
> My patch was wrong, it gave some wrong return codes and did not apply
> against git. Updated my patch and added the required checks. This compiles
> and works (including tests) fine for me.
Just an updated version... Added explicit braces to avoid ambiguous 'else'.
--
Schoene Gruesse
Chris
O< ascii ribbon campaign
stop html mail - www.asciiribbon.org
diff --git a/liboath/tests/expect.oath b/liboath/tests/expect.oath
index 530c5b5..73a584d 100644
--- a/liboath/tests/expect.oath
+++ b/liboath/tests/expect.oath
@@ -22,3 +22,5 @@ HOTP/E fiveuser - 22222222 5 746888 2006-12-07T00:00:00L
HOTP/E fiveuser - 33333333
HOTP/E fiveuser - 44444444 9 893841 2006-12-07T00:00:00L
HOTP/E fiveuser - 55555555 7 730790 2006-12-07T00:00:00L
+HOTP password - 0815 2 898463 2006-12-07T00:00:00L
+HOTP password test 1630 3 989803 2006-12-07T00:00:00L
diff --git a/liboath/tests/tst_usersfile.c b/liboath/tests/tst_usersfile.c
index 2cc844e..5a40c8c 100644
--- a/liboath/tests/tst_usersfile.c
+++ b/liboath/tests/tst_usersfile.c
@@ -372,6 +372,25 @@ main (void)
return 1;
}
+ /* Test different tokens with different passwords for one user */
+ rc = oath_authenticate_usersfile (CREDS,
+ "password", "898463", 5, NULL, &last_otp);
+ if (rc != OATH_OK)
+ {
+ printf ("oath_authenticate_usersfile[28]: %s (%d)\n",
+ oath_strerror_name (rc), rc);
+ return 1;
+ }
+
+ rc = oath_authenticate_usersfile (CREDS,
+ "password", "989803", 5, "test", &last_otp);
+ if (rc != OATH_OK)
+ {
+ printf ("oath_authenticate_usersfile[29]: %s (%d)\n",
+ oath_strerror_name (rc), rc);
+ return 1;
+ }
+
rc = oath_done ();
if (rc != OATH_OK)
{
diff --git a/liboath/tests/users.oath b/liboath/tests/users.oath
index c9cf617..095deab 100644
--- a/liboath/tests/users.oath
+++ b/liboath/tests/users.oath
@@ -22,3 +22,5 @@ HOTP/E fiveuser - 22222222
HOTP/E fiveuser - 33333333
HOTP/E fiveuser - 44444444
HOTP/E fiveuser - 55555555
+HOTP password - 0815
+HOTP password test 1630
diff --git a/liboath/usersfile.c b/liboath/usersfile.c
index 462926d..2f3978d 100644
--- a/liboath/usersfile.c
+++ b/liboath/usersfile.c
@@ -85,6 +85,8 @@ parse_usersfile (const char *username,
char **lineptr, size_t * n, uint64_t * new_moving_factor,
size_t * skipped_users)
{
+ int bad_password = 0;
+
*skipped_users = 0;
while (getline (lineptr, n, infh) != -1)
@@ -95,7 +97,7 @@ parse_usersfile (const char *username,
char secret[32];
size_t secret_length = sizeof (secret);
uint64_t start_moving_factor = 0;
- int rc;
+ int rc = 0;
char *prev_otp = NULL;
if (p == NULL)
@@ -119,14 +121,26 @@ parse_usersfile (const char *username,
if (strcmp (p, "-") == 0)
{
if (*passwd != '\0')
- return OATH_BAD_PASSWORD;
+ {
+ bad_password = 1;
+ rc = OATH_BAD_PASSWORD;
+ }
}
else if (strcmp (p, "+") == 0)
{
/* Externally verified. */
}
else if (strcmp (p, passwd) != 0)
- return OATH_BAD_PASSWORD;
+ {
+ bad_password = 1;
+ rc = OATH_BAD_PASSWORD;
+ }
+ if (rc == OATH_BAD_PASSWORD)
+ {
+ (*skipped_users)++;
+ continue;
+ }
+ bad_password = 0;
}
/* Read key. */
@@ -210,7 +224,12 @@ parse_usersfile (const char *username,
}
if (*skipped_users)
- return OATH_INVALID_OTP;
+ {
+ if (bad_password)
+ return OATH_BAD_PASSWORD;
+ else
+ return OATH_INVALID_OTP;
+ }
return OATH_UNKNOWN_USER;
}
