int validateTOTP(char * secret_hex, char * TOTP_string) { int t = ((int)time(NULL))/30; // period = 30 int i; uint8_t timer[8]; for( i = 7; i >= 0 ; i--){ timer[i] = t & 0xff; t >>= 8; } return validateOTP(secret_hex, timer, TOTP_string); }
int validateHOTP(char * secret_hex, char * HOTP_string) { // 8-byte counter array int i; long counter = 1; uint8_t text[sizeof(counter)]; for( i = sizeof(text)-1; i >= 0 ; i--){ text[i] = (char)(counter & 0xff); counter >>= 8; } return validateOTP(secret_hex, text, HOTP_string); }
bool CBaseSecurityManager::updateSettings(ISecUser & sec_user,IArrayOf<ISecResource>& rlist) { CSecureUser* user = (CSecureUser*)&sec_user; if(user == NULL) return false; int usernum = findUser(user->getName(),user->getRealm()); if(usernum < 0) { PrintLog("User number of %s can't be found", user->getName()); return false; } bool sqchecked = false, sqverified = false, otpchecked = false; int otpok = -1; ForEachItemIn(x, rlist) { ISecResource* secRes = (ISecResource*)(&(rlist.item(x))); if(secRes == NULL) continue; //AccessFlags default value is -1. Set it to 0 so that the settings can be cached. AccessFlags is not being used for settings. secRes->setAccessFlags(0); if(secRes->getParameter("userprop") && *secRes->getParameter("userprop")!='\0') { //if we have a parameter in the user or company table it will have been added as a parameter to the ISecUser when // the authentication query was run. We should keep this messiness here so that the the end user is insulated.... dbValidateSetting(*secRes,sec_user); continue; } const char* resource_name = secRes->getParameter("resource"); if(resource_name && *resource_name && (stricmp(resource_name, "SSN Masking") == 0 || stricmp(resource_name, "Driver License Masking") == 0)) { //If OTP Enabled and OTP2FACTOR cookie not valid, mask if(m_enableOTP) { if(!otpchecked) { const char* otpcookie = sec_user.getProperty("OTP2FACTOR"); // -1 means OTP is not enabled for the user. 0: failed verfication, 1: passed verification. otpok = validateOTP(&sec_user, otpcookie); otpchecked = true; } if(otpok == 0) { CSecurityResource* cres = dynamic_cast<CSecurityResource*>(secRes); if(resource_name && *resource_name && cres) { if(stricmp(resource_name, "SSN Masking") == 0) { cres->setValue("All"); continue; } else if(stricmp(resource_name, "Driver License Masking") == 0) { cres->setValue("1"); continue; } } } else if(otpok == 1) { CSecurityResource* cres = dynamic_cast<CSecurityResource*>(secRes); if(resource_name && *resource_name && cres) { if(stricmp(resource_name, "SSN Masking") == 0) { cres->setValue("None"); continue; } else if(stricmp(resource_name, "Driver License Masking") == 0) { cres->setValue("0"); continue; } } } } if(m_enableIPRoaming && sec_user.getPropertyInt("IPRoaming") == 1) { if(!sqchecked) { const char* sequest = sec_user.getProperty("SEQUEST"); if(sequest && *sequest) { sqverified = validateSecurityQuestion(&sec_user, sequest); } sqchecked = true; } if(!sqverified) { CSecurityResource* cres = dynamic_cast<CSecurityResource*>(secRes); if(resource_name && *resource_name && cres) { if(stricmp(resource_name, "SSN Masking") == 0) { cres->setValue("All"); continue; } else if(stricmp(resource_name, "Driver License Masking") == 0) { cres->setValue("1"); continue; } } } } } dbValidateSetting(*secRes,usernum,user->getRealm()); }