*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
* Copyright 2001,2002 Google, Inc.
- * Copyright 2005 TRI-D Systems, Inc.
+ * Copyright 2005,2006 TRI-D Systems, Inc.
*/
/*
* - implement a site-specific transform of the challenge, and/or
* - only allow async mode from secure locations.
*
- * Note that you cannot easily just disallow async mode completely
- * as you typically must provide a way to resynchronize the token.
- *
* Please read the accompanying docs for more info.
*
* IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT
static const char rcsid[] = "$Id$";
-int
-otp_challenge_transform(
-#ifdef __GNUC__
-__attribute__ ((unused))
-#endif
- const char *username,
- char challenge[OTP_MAX_CHALLENGE_LEN + 1])
+/*
+ * The default transform appends the first 2 username chars to the
+ * challenge. This results in a challenge that generally cannot be
+ * entered on any supported token, thus forcing a site-specific
+ * implementation to support async mode.
+ */
+ssize_t
+otp_challenge_transform(const char *username,
+ unsigned char challenge[OTP_MAX_CHALLENGE_LEN],
+ size_t clen)
{
- (void) strcpy(challenge, "DISABLED");
- return 0;
-}
+ /* overwrite challenge in-place if not enough room */
+ switch (OTP_MAX_CHALLENGE_LEN - clen) {
+ case 0: clen -= 2; break;
+ case 1: clen -= 1; break;
+ }
+
+ /* append first 2 username chars to challenge */
+ if (*username)
+ challenge[clen++] = *username++;
+ if (*username)
+ challenge[clen++] = *username++;
+ return clen;
+}