From 5f6d5c8c0929a29cde4faf2172087f628b9ac837 Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Thu, 1 Apr 1999 14:53:10 +0000 Subject: [PATCH] use getarg git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5817 ec53bebd-3082-4978-b11e-865c3cabbd6b --- appl/otp/otp.c | 481 +++++++++++++++++++++----------------------- appl/otp/otpprint.c | 105 +++++----- 2 files changed, 284 insertions(+), 302 deletions(-) diff --git a/appl/otp/otp.c b/appl/otp/otp.c index 0c7fe0156..cc7934326 100644 --- a/appl/otp/otp.c +++ b/appl/otp/otp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995-1997, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -37,39 +37,39 @@ */ #include "otp_locl.h" +#include RCSID("$Id$"); -#define USAGE_STRING \ - "Usage: %s [-r] [-f alg] [-u user] num seed\n" \ - " or -[d|l|o] [-u user]\n" \ - " or -h\n" +static int listp; +static int deletep; +static int openp; +static int renewp; +static char* alg_string; +static char *user; +static int version_flag; +static int help_flag; -#define HELP_STRING \ - "This program sets, renews, deletes or lists one-time passwords (OTP)\n" \ - "\tdefault: set directly OTP\n" \ - "\t-r: renew securely OTP\n" \ - "\t-d: delete OTP\n" \ - "\t-l: list OTP status\n" \ - "\t-h: help!\n" \ - "\t-o: open up the locked OTP\n" \ - "\t-u user: specify a user, default is the current user.\n" \ - "\t only root can use this option.\n" \ - "\t-f alg: encryption algorithm (md4|md5|sha), default is md5.\n" \ - "\tnum seed: number of iterations and seed for OTP\n" +struct getargs args[] = { + { "list", 'l', arg_flag, &listp, "list OTP status" }, + { "delete", 'd', arg_flag, &deletep, "delete OTP" }, + { "open", 'o', arg_flag, &openp, "open a locked OTP" }, + { "renew", 'r', arg_flag, &renewp, "securely renew OTP" }, + { "hash", 'f', arg_string, &alg_string, + "hash algorithm (md4, md5, or sha)", "algorithm"}, + { "user", 'u', arg_string, &user, + "user other than current user (root only)", "user" }, + { "version", 0, arg_flag, &version_flag }, + { "help", 'h', arg_flag, &help_flag } +}; + +int num_args = sizeof(args) / sizeof(args[0]); static void -help (void) +usage(int code) { - fprintf(stderr, USAGE_STRING HELP_STRING, __progname); - exit (0); -} - -static void -usage (void) -{ - fprintf(stderr, USAGE_STRING, __progname); - exit (1); + arg_printusage(args, num_args, NULL, "[num seed]"); + exit(code); } /* @@ -80,40 +80,37 @@ usage (void) static int renew (int argc, char **argv, OtpAlgorithm *alg, char *user) { - OtpContext newctx, *ctx; - char prompt[128]; - char pw[64]; - void *dbm; - int ret; + OtpContext newctx, *ctx; + char prompt[128]; + char pw[64]; + void *dbm; + int ret; - if (argc != 2) - usage(); + newctx.alg = alg; + newctx.user = user; + newctx.n = atoi (argv[0]); + strcpy_truncate (newctx.seed, argv[1], sizeof(newctx.seed)); + strlwr(newctx.seed); + snprintf (prompt, sizeof(prompt), + "[ otp-%s %u %s ]", + newctx.alg->name, + newctx.n, + newctx.seed); + if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 && + otp_parse (newctx.key, pw, alg) == 0) { + ctx = &newctx; + ret = 0; + } else + return 1; - newctx.alg = alg; - newctx.user = user; - newctx.n = atoi (argv[0]); - strcpy_truncate (newctx.seed, argv[1], sizeof(newctx.seed)); - strlwr(newctx.seed); - snprintf (prompt, sizeof(prompt), - "[ otp-%s %u %s ]", - newctx.alg->name, - newctx.n, - newctx.seed); - if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 && - otp_parse (newctx.key, pw, alg) == 0) { - ctx = &newctx; - ret = 0; - } else - return 1; - - dbm = otp_db_open (); - if (dbm == NULL) { - warnx ("otp_db_open failed"); - return 1; - } - otp_put (dbm, ctx); - otp_db_close (dbm); - return ret; + dbm = otp_db_open (); + if (dbm == NULL) { + warnx ("otp_db_open failed"); + return 1; + } + otp_put (dbm, ctx); + otp_db_close (dbm); + return ret; } /* @@ -124,18 +121,18 @@ renew (int argc, char **argv, OtpAlgorithm *alg, char *user) static int verify_user_otp(char *username) { - OtpContext ctx; - char passwd[OTP_MAX_PASSPHRASE + 1]; - char prompt[128], ss[256]; + OtpContext ctx; + char passwd[OTP_MAX_PASSPHRASE + 1]; + char prompt[128], ss[256]; - if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) { - warnx("no otp challenge found for %s", username); - return 1; - } + if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) { + warnx("no otp challenge found for %s", username); + return 1; + } - snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss); - des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0); - return otp_verify_user (&ctx, passwd); + snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss); + des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0); + return otp_verify_user (&ctx, passwd); } /* @@ -145,42 +142,39 @@ verify_user_otp(char *username) static int set (int argc, char **argv, OtpAlgorithm *alg, char *user) { - void *db; - OtpContext ctx; - char pw[OTP_MAX_PASSPHRASE + 1]; - int ret; - int i; + void *db; + OtpContext ctx; + char pw[OTP_MAX_PASSPHRASE + 1]; + int ret; + int i; - if (argc != 2) - usage(); + ctx.alg = alg; + ctx.user = strdup (user); + if (ctx.user == NULL) + err (1, "out of memory"); - ctx.alg = alg; - ctx.user = strdup (user); - if (ctx.user == NULL) - err (1, "out of memory"); - - ctx.n = atoi (argv[0]); - strcpy_truncate (ctx.seed, argv[1], sizeof(ctx.seed)); - strlwr(ctx.seed); - do { - if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1)) - return 1; - if (strlen (pw) < OTP_MIN_PASSPHRASE) - printf ("Too short pass-phrase. Use at least %d characters\n", - OTP_MIN_PASSPHRASE); - } while(strlen(pw) < OTP_MIN_PASSPHRASE); - ctx.alg->init (ctx.key, pw, ctx.seed); - for (i = 0; i < ctx.n; ++i) - ctx.alg->next (ctx.key); - db = otp_db_open (); - if(db == NULL) { + ctx.n = atoi (argv[0]); + strcpy_truncate (ctx.seed, argv[1], sizeof(ctx.seed)); + strlwr(ctx.seed); + do { + if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1)) + return 1; + if (strlen (pw) < OTP_MIN_PASSPHRASE) + printf ("Too short pass-phrase. Use at least %d characters\n", + OTP_MIN_PASSPHRASE); + } while(strlen(pw) < OTP_MIN_PASSPHRASE); + ctx.alg->init (ctx.key, pw, ctx.seed); + for (i = 0; i < ctx.n; ++i) + ctx.alg->next (ctx.key); + db = otp_db_open (); + if(db == NULL) { + free (ctx.user); + err (1, "otp_db_open failed"); + } + ret = otp_put (db, &ctx); + otp_db_close (db); free (ctx.user); - err (1, "otp_db_open failed"); - } - ret = otp_put (db, &ctx); - otp_db_close (db); - free (ctx.user); - return ret; + return ret; } /* @@ -190,21 +184,18 @@ set (int argc, char **argv, OtpAlgorithm *alg, char *user) static int delete_otp (int argc, char **argv, char *user) { - void *db; - OtpContext ctx; - int ret; + void *db; + OtpContext ctx; + int ret; - if (argc != 0) - usage(); + db = otp_db_open (); + if(db == NULL) + errx (1, "otp_db_open failed"); - db = otp_db_open (); - if(db == NULL) - errx (1, "otp_db_open failed"); - - ctx.user = user; - ret = otp_delete(db, &ctx); - otp_db_close (db); - return ret; + ctx.user = user; + ret = otp_delete(db, &ctx); + otp_db_close (db); + return ret; } /* @@ -214,21 +205,21 @@ delete_otp (int argc, char **argv, char *user) static int has_an_otp(char *user) { - void *db; - OtpContext ctx; - int ret; + void *db; + OtpContext ctx; + int ret; - db = otp_db_open (); - if(db == NULL) { - warnx ("otp_db_open failed"); - return 0; /* if no db no otp! */ - } + db = otp_db_open (); + if(db == NULL) { + warnx ("otp_db_open failed"); + return 0; /* if no db no otp! */ + } - ctx.user = user; - ret = otp_simple_get(db, &ctx); + ctx.user = user; + ret = otp_simple_get(db, &ctx); - otp_db_close (db); - return !ret; + otp_db_close (db); + return !ret; } /* @@ -238,42 +229,39 @@ has_an_otp(char *user) static void print_otp_entry_for_name (void *db, char *user) { - OtpContext ctx; + OtpContext ctx; - ctx.user = user; - if (!otp_simple_get(db, &ctx)) { - fprintf(stdout, - "%s\totp-%s %d %s", - ctx.user, ctx.alg->name, ctx.n, ctx.seed); - if (ctx.lock_time) - fprintf(stdout, - "\tlocked since %s", - ctime(&ctx.lock_time)); - else - fprintf(stdout, "\n"); - } + ctx.user = user; + if (!otp_simple_get(db, &ctx)) { + fprintf(stdout, + "%s\totp-%s %d %s", + ctx.user, ctx.alg->name, ctx.n, ctx.seed); + if (ctx.lock_time) + fprintf(stdout, + "\tlocked since %s", + ctime(&ctx.lock_time)); + else + fprintf(stdout, "\n"); + } } static int open_otp (int argc, char **argv, char *user) { - void *db; - OtpContext ctx; - int ret; + void *db; + OtpContext ctx; + int ret; - if (argc != 0) - usage (); - - db = otp_db_open (); - if (db == NULL) - errx (1, "otp_db_open failed"); + db = otp_db_open (); + if (db == NULL) + errx (1, "otp_db_open failed"); - ctx.user = user; - ret = otp_simple_get (db, &ctx); - if (ret == 0) - ret = otp_put (db, &ctx); - otp_db_close (db); - return ret; + ctx.user = user; + ret = otp_simple_get (db, &ctx); + if (ret == 0) + ret = otp_put (db, &ctx); + otp_db_close (db); + return ret; } /* @@ -283,113 +271,100 @@ open_otp (int argc, char **argv, char *user) static int list_otps (int argc, char **argv, char *user) { - void *db; - struct passwd *pw; + void *db; + struct passwd *pw; - if (argc != 0) - usage(); + db = otp_db_open (); + if(db == NULL) + errx (1, "otp_db_open failed"); - db = otp_db_open (); - if(db == NULL) - errx (1, "otp_db_open failed"); + if (user) + print_otp_entry_for_name(db, user); + else + /* scans all users... so as to get a deterministic order */ + while ((pw = getpwent())) + print_otp_entry_for_name(db, pw->pw_name); - if (user) - print_otp_entry_for_name(db, user); - else - /* scans all users... so as to get a deterministic order */ - while ((pw = getpwent())) - print_otp_entry_for_name(db, pw->pw_name); - - otp_db_close (db); - return 0; + otp_db_close (db); + return 0; } int main (int argc, char **argv) { - int c; - int renewp = 0, listp = 0, deletep = 0, defaultp = 0, openp = 0; - int uid = getuid(); - OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT); - char *user = NULL; - - set_progname (argv[0]); - - while ((c = getopt (argc, argv, "hrf:u:ldo")) != EOF) - switch (c) { - case 'h' : - help(); - break; - case 'l' : - listp = 1; - break; - case 'd' : - if (uid != 0) - errx (1, "Only root can delete OTPs"); - deletep = 1; - break; - case 'o': - openp = 1; - break; - case 'r' : - renewp = 1; - break; - case 'f' : - alg = otp_find_alg (optarg); - if (alg == NULL) - errx (1, "Unknown algorithm: %s", optarg); - break; - case 'u' : - if (uid != 0) - errx (1, "Only root can use `-u'"); - user = optarg; - break; - default : - usage (); - break; - } - argc -= optind; - argv += optind; - - if (!(listp || deletep || renewp || openp)) - defaultp = 1; - - if ( listp + deletep + renewp + defaultp + openp != 1) - usage(); /* one of -d or -l or -r or none */ - - if (listp) - return list_otps (argc, argv, user); - - if (user == NULL) { - struct passwd *pwd; - - pwd = k_getpwuid(uid); - if (pwd == NULL) - err (1, "You don't exist"); - user = pwd->pw_name; - } + int defaultp = 0; + int uid = getuid(); + OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT); + int optind = 0; - /* - * users other that root must provide the next OTP to update the sequence. - * it avoids someone to use a pending session to change an OTP sequence. - * see RFC 1938/8.0. - */ - if (uid != 0 && (defaultp || renewp)) { - if (!has_an_otp(user)) { - errx (1, "Only root can set an initial OTP"); - } else { /* Check the next OTP (RFC 1938/8.0: SHOULD) */ - if (verify_user_otp(user) != 0) { - errx (1, "User authentification failed"); - } + set_progname (argv[0]); + if(getarg(args, num_args, argc, argv, &optind)) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); } - } - if (deletep) - return delete_otp (argc, argv, user); - else if (renewp) - return renew (argc, argv, alg, user); - else if (openp) - return open_otp (argc, argv, user); - else - return set (argc, argv, alg, user); + if(deletep && uid != 0) + errx (1, "Only root can delete OTPs"); + if(alg_string) { + alg = otp_find_alg (alg_string); + if (alg == NULL) + errx (1, "Unknown algorithm: %s", alg_string); + } + if (user && uid != 0) + errx (1, "Only root can use `-u'"); + argc -= optind; + argv += optind; + + if (!(listp || deletep || renewp || openp)) + defaultp = 1; + + if ( listp + deletep + renewp + defaultp + openp != 1) + usage(1); /* one of -d or -l or -r or none */ + + if(deletep || openp || listp) { + if(argc != 0) + errx(1, "delete, open, and list requires no arguments\n"); + } else { + if(argc != 2) + errx(1, "setup, and renew requires `num', and `seed'"); + } + if (listp) + return list_otps (argc, argv, user); + + if (user == NULL) { + struct passwd *pwd; + + pwd = k_getpwuid(uid); + if (pwd == NULL) + err (1, "You don't exist"); + user = pwd->pw_name; + } + + /* + * users other that root must provide the next OTP to update the sequence. + * it avoids someone to use a pending session to change an OTP sequence. + * see RFC 1938/8.0. + */ + if (uid != 0 && (defaultp || renewp)) { + if (!has_an_otp(user)) { + errx (1, "Only root can set an initial OTP"); + } else { /* Check the next OTP (RFC 1938/8.0: SHOULD) */ + if (verify_user_otp(user) != 0) { + errx (1, "User authentification failed"); + } + } + } + + if (deletep) + return delete_otp (argc, argv, user); + else if (renewp) + return renew (argc, argv, alg, user); + else if (openp) + return open_otp (argc, argv, user); + else + return set (argc, argv, alg, user); } diff --git a/appl/otp/otpprint.c b/appl/otp/otpprint.c index a0a63e8bf..43022d1f0 100644 --- a/appl/otp/otpprint.c +++ b/appl/otp/otpprint.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -37,16 +37,34 @@ */ #include "otp_locl.h" +#include RCSID("$Id$"); +static int extendedp; +static int count = 10; +static int hexp; +static char* alg_string; +static int version_flag; +static int help_flag; + +struct getargs args[] = { + { "extended", 'e', arg_flag, &extendedp, "print keys in extended format" }, + { "count", 'n', arg_integer, &count, "number of keys to print" }, + { "hexadecimal", 'h', arg_flag, &hexp, "output in hexadecimal" }, + { "hash", 'f', arg_string, &alg_string, + "hash algorithm (md4, md5, or sha)", "algorithm"}, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +int num_args = sizeof(args) / sizeof(args[0]); + static void -usage (void) +usage(int code) { - fprintf(stderr, - "Usage: %s [-e] [-h] [-n count] [-f alg] num seed\n", - __progname); - exit (1); + arg_printusage(args, num_args, NULL, "num seed"); + exit(code); } static int @@ -63,7 +81,7 @@ print (int argc, char *seed; if (argc != 2) - usage (); + usage (1); n = atoi(argv[0]); seed = argv[1]; if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 0)) @@ -84,50 +102,39 @@ print (int argc, int main (int argc, char **argv) { - int c; - int count = 10; - int hexp = 0; - int extendedp = 0; - void (*fn)(OtpKey, char *, size_t); - OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT); + int optind = 0; + void (*fn)(OtpKey, char *, size_t); + OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT); - set_progname (argv[0]); - - while ((c = getopt (argc, argv, "ehn:f:")) != EOF) - switch (c) { - case 'e' : - extendedp = 1; - break; - case 'n' : - count = atoi (optarg); - break; - case 'h' : - hexp = 1; - break; - case 'f' : - alg = otp_find_alg (optarg); - if (alg == NULL) - errx(1, "Unknown algorithm: %s", optarg); - break; - default : - usage (); - break; + set_progname (argv[0]); + if(getarg(args, num_args, argc, argv, &optind)) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); } - - argc -= optind; - argv += optind; - if (hexp) { - if (extendedp) - fn = otp_print_hex_extended; - else - fn = otp_print_hex; - } else { - if (extendedp) - fn = otp_print_stddict_extended; - else - fn = otp_print_stddict; - } + if(alg_string) { + alg = otp_find_alg (alg_string); + if (alg == NULL) + errx(1, "Unknown algorithm: %s", alg_string); + } + argc -= optind; + argv += optind; - return print (argc, argv, count, alg, fn); + if (hexp) { + if (extendedp) + fn = otp_print_hex_extended; + else + fn = otp_print_hex; + } else { + if (extendedp) + fn = otp_print_stddict_extended; + else + fn = otp_print_stddict; + } + + return print (argc, argv, count, alg, fn); }