oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use getarg

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5817 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1999-04-01 14:53:10 +00:00
parent 4f3d9ec5ab
commit 5f6d5c8c09
2 changed files with 284 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

469
appl/otp/otp.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H<>gskolan * Copyright (c) 1995-1997, 1999 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -37,39 +37,39 @@
*/ */
#include "otp_locl.h" #include "otp_locl.h"
#include <getarg.h>
RCSID("$Id$"); RCSID("$Id$");
#define USAGE_STRING \ static int listp;
"Usage: %s [-r] [-f alg] [-u user] num seed\n" \ static int deletep;
" or -[d|l|o] [-u user]\n" \ static int openp;
" or -h\n" static int renewp;
static char* alg_string;
static char *user;
static int version_flag;
static int help_flag;
#define HELP_STRING \ struct getargs args[] = {
"This program sets, renews, deletes or lists one-time passwords (OTP)\n" \ { "list", 'l', arg_flag, &listp, "list OTP status" },
"\tdefault: set directly OTP\n" \ { "delete", 'd', arg_flag, &deletep, "delete OTP" },
"\t-r: renew securely OTP\n" \ { "open", 'o', arg_flag, &openp, "open a locked OTP" },
"\t-d: delete OTP\n" \ { "renew", 'r', arg_flag, &renewp, "securely renew OTP" },
"\t-l: list OTP status\n" \ { "hash", 'f', arg_string, &alg_string,
"\t-h: help!\n" \ "hash algorithm (md4, md5, or sha)", "algorithm"},
"\t-o: open up the locked OTP\n" \ { "user", 'u', arg_string, &user,
"\t-u user: specify a user, default is the current user.\n" \ "user other than current user (root only)", "user" },
"\t only root can use this option.\n" \ { "version", 0, arg_flag, &version_flag },
"\t-f alg: encryption algorithm (md4|md5|sha), default is md5.\n" \ { "help", 'h', arg_flag, &help_flag }
"\tnum seed: number of iterations and seed for OTP\n" };
int num_args = sizeof(args) / sizeof(args[0]);
static void static void
help (void) usage(int code)
{ {
fprintf(stderr, USAGE_STRING HELP_STRING, __progname); arg_printusage(args, num_args, NULL, "[num seed]");
exit (0); exit(code);
}
static void
usage (void)
{
fprintf(stderr, USAGE_STRING, __progname);
exit (1);
} }
/* /*
@@ -80,40 +80,37 @@ usage (void)
static int static int
renew (int argc, char **argv, OtpAlgorithm *alg, char *user) renew (int argc, char **argv, OtpAlgorithm *alg, char *user)
{ {
OtpContext newctx, *ctx; OtpContext newctx, *ctx;
char prompt[128]; char prompt[128];
char pw[64]; char pw[64];
void *dbm; void *dbm;
int ret; int ret;
if (argc != 2) newctx.alg = alg;
usage(); newctx.user = user;
newctx.n = atoi (argv[0]);
strcpy_truncate (newctx.seed, argv[1], sizeof(newctx.seed));
strlwr(newctx.seed);
snprintf (prompt, sizeof(prompt),
"[ otp-%s %u %s ]",
newctx.alg->name,
newctx.n,
newctx.seed);
if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 &&
otp_parse (newctx.key, pw, alg) == 0) {
ctx = &newctx;
ret = 0;
} else
return 1;
newctx.alg = alg; dbm = otp_db_open ();
newctx.user = user; if (dbm == NULL) {
newctx.n = atoi (argv[0]); warnx ("otp_db_open failed");
strcpy_truncate (newctx.seed, argv[1], sizeof(newctx.seed)); return 1;
strlwr(newctx.seed); }
snprintf (prompt, sizeof(prompt), otp_put (dbm, ctx);
"[ otp-%s %u %s ]", otp_db_close (dbm);
newctx.alg->name, return ret;
newctx.n,
newctx.seed);
if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 &&
otp_parse (newctx.key, pw, alg) == 0) {
ctx = &newctx;
ret = 0;
} else
return 1;
dbm = otp_db_open ();
if (dbm == NULL) {
warnx ("otp_db_open failed");
return 1;
}
otp_put (dbm, ctx);
otp_db_close (dbm);
return ret;
} }
/* /*
@@ -124,18 +121,18 @@ renew (int argc, char **argv, OtpAlgorithm *alg, char *user)
static int static int
verify_user_otp(char *username) verify_user_otp(char *username)
{ {
OtpContext ctx; OtpContext ctx;
char passwd[OTP_MAX_PASSPHRASE + 1]; char passwd[OTP_MAX_PASSPHRASE + 1];
char prompt[128], ss[256]; char prompt[128], ss[256];
if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) { if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) {
warnx("no otp challenge found for %s", username); warnx("no otp challenge found for %s", username);
return 1; return 1;
} }
snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss); snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss);
des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0); des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0);
return otp_verify_user (&ctx, passwd); return otp_verify_user (&ctx, passwd);
} }
/* /*
@@ -145,42 +142,39 @@ verify_user_otp(char *username)
static int static int
set (int argc, char **argv, OtpAlgorithm *alg, char *user) set (int argc, char **argv, OtpAlgorithm *alg, char *user)
{ {
void *db; void *db;
OtpContext ctx; OtpContext ctx;
char pw[OTP_MAX_PASSPHRASE + 1]; char pw[OTP_MAX_PASSPHRASE + 1];
int ret; int ret;
int i; int i;
if (argc != 2) ctx.alg = alg;
usage(); ctx.user = strdup (user);
if (ctx.user == NULL)
err (1, "out of memory");
ctx.alg = alg; ctx.n = atoi (argv[0]);
ctx.user = strdup (user); strcpy_truncate (ctx.seed, argv[1], sizeof(ctx.seed));
if (ctx.user == NULL) strlwr(ctx.seed);
err (1, "out of memory"); do {
if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1))
ctx.n = atoi (argv[0]); return 1;
strcpy_truncate (ctx.seed, argv[1], sizeof(ctx.seed)); if (strlen (pw) < OTP_MIN_PASSPHRASE)
strlwr(ctx.seed); printf ("Too short pass-phrase. Use at least %d characters\n",
do { OTP_MIN_PASSPHRASE);
if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1)) } while(strlen(pw) < OTP_MIN_PASSPHRASE);
return 1; ctx.alg->init (ctx.key, pw, ctx.seed);
if (strlen (pw) < OTP_MIN_PASSPHRASE) for (i = 0; i < ctx.n; ++i)
printf ("Too short pass-phrase. Use at least %d characters\n", ctx.alg->next (ctx.key);
OTP_MIN_PASSPHRASE); db = otp_db_open ();
} while(strlen(pw) < OTP_MIN_PASSPHRASE); if(db == NULL) {
ctx.alg->init (ctx.key, pw, ctx.seed); free (ctx.user);
for (i = 0; i < ctx.n; ++i) err (1, "otp_db_open failed");
ctx.alg->next (ctx.key); }
db = otp_db_open (); ret = otp_put (db, &ctx);
if(db == NULL) { otp_db_close (db);
free (ctx.user); free (ctx.user);
err (1, "otp_db_open failed"); return ret;
}
ret = otp_put (db, &ctx);
otp_db_close (db);
free (ctx.user);
return ret;
} }
/* /*
@@ -190,21 +184,18 @@ set (int argc, char **argv, OtpAlgorithm *alg, char *user)
static int static int
delete_otp (int argc, char **argv, char *user) delete_otp (int argc, char **argv, char *user)
{ {
void *db; void *db;
OtpContext ctx; OtpContext ctx;
int ret; int ret;
if (argc != 0) db = otp_db_open ();
usage(); if(db == NULL)
errx (1, "otp_db_open failed");
db = otp_db_open (); ctx.user = user;
if(db == NULL) ret = otp_delete(db, &ctx);
errx (1, "otp_db_open failed"); otp_db_close (db);
return ret;
ctx.user = user;
ret = otp_delete(db, &ctx);
otp_db_close (db);
return ret;
} }
/* /*
@@ -214,21 +205,21 @@ delete_otp (int argc, char **argv, char *user)
static int static int
has_an_otp(char *user) has_an_otp(char *user)
{ {
void *db; void *db;
OtpContext ctx; OtpContext ctx;
int ret; int ret;
db = otp_db_open (); db = otp_db_open ();
if(db == NULL) { if(db == NULL) {
warnx ("otp_db_open failed"); warnx ("otp_db_open failed");
return 0; /* if no db no otp! */ return 0; /* if no db no otp! */
} }
ctx.user = user; ctx.user = user;
ret = otp_simple_get(db, &ctx); ret = otp_simple_get(db, &ctx);
otp_db_close (db); otp_db_close (db);
return !ret; return !ret;
} }
/* /*
@@ -238,42 +229,39 @@ has_an_otp(char *user)
static void static void
print_otp_entry_for_name (void *db, char *user) print_otp_entry_for_name (void *db, char *user)
{ {
OtpContext ctx; OtpContext ctx;
ctx.user = user; ctx.user = user;
if (!otp_simple_get(db, &ctx)) { if (!otp_simple_get(db, &ctx)) {
fprintf(stdout, fprintf(stdout,
"%s\totp-%s %d %s", "%s\totp-%s %d %s",
ctx.user, ctx.alg->name, ctx.n, ctx.seed); ctx.user, ctx.alg->name, ctx.n, ctx.seed);
if (ctx.lock_time) if (ctx.lock_time)
fprintf(stdout, fprintf(stdout,
"\tlocked since %s", "\tlocked since %s",
ctime(&ctx.lock_time)); ctime(&ctx.lock_time));
else else
fprintf(stdout, "\n"); fprintf(stdout, "\n");
} }
} }
static int static int
open_otp (int argc, char **argv, char *user) open_otp (int argc, char **argv, char *user)
{ {
void *db; void *db;
OtpContext ctx; OtpContext ctx;
int ret; int ret;
if (argc != 0) db = otp_db_open ();
usage (); if (db == NULL)
errx (1, "otp_db_open failed");
db = otp_db_open (); ctx.user = user;
if (db == NULL) ret = otp_simple_get (db, &ctx);
errx (1, "otp_db_open failed"); if (ret == 0)
ret = otp_put (db, &ctx);
ctx.user = user; otp_db_close (db);
ret = otp_simple_get (db, &ctx); return ret;
if (ret == 0)
ret = otp_put (db, &ctx);
otp_db_close (db);
return ret;
} }
/* /*
@@ -283,113 +271,100 @@ open_otp (int argc, char **argv, char *user)
static int static int
list_otps (int argc, char **argv, char *user) list_otps (int argc, char **argv, char *user)
{ {
void *db; void *db;
struct passwd *pw; struct passwd *pw;
if (argc != 0) db = otp_db_open ();
usage(); if(db == NULL)
errx (1, "otp_db_open failed");
db = otp_db_open (); if (user)
if(db == NULL) print_otp_entry_for_name(db, user);
errx (1, "otp_db_open failed"); else
/* scans all users... so as to get a deterministic order */
while ((pw = getpwent()))
print_otp_entry_for_name(db, pw->pw_name);
if (user) otp_db_close (db);
print_otp_entry_for_name(db, user); return 0;
else
/* scans all users... so as to get a deterministic order */
while ((pw = getpwent()))
print_otp_entry_for_name(db, pw->pw_name);
otp_db_close (db);
return 0;
} }
int int
main (int argc, char **argv) main (int argc, char **argv)
{ {
int c; int defaultp = 0;
int renewp = 0, listp = 0, deletep = 0, defaultp = 0, openp = 0; int uid = getuid();
int uid = getuid(); OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT); int optind = 0;
char *user = NULL;
set_progname (argv[0]); set_progname (argv[0]);
if(getarg(args, num_args, argc, argv, &optind))
usage(1);
if(help_flag)
usage(0);
if(version_flag) {
print_version(NULL);
exit(0);
}
while ((c = getopt (argc, argv, "hrf:u:ldo")) != EOF) if(deletep && uid != 0)
switch (c) {
case 'h' :
help();
break;
case 'l' :
listp = 1;
break;
case 'd' :
if (uid != 0)
errx (1, "Only root can delete OTPs"); errx (1, "Only root can delete OTPs");
deletep = 1; if(alg_string) {
break; alg = otp_find_alg (alg_string);
case 'o': if (alg == NULL)
openp = 1; errx (1, "Unknown algorithm: %s", alg_string);
break; }
case 'r' : if (user && uid != 0)
renewp = 1;
break;
case 'f' :
alg = otp_find_alg (optarg);
if (alg == NULL)
errx (1, "Unknown algorithm: %s", optarg);
break;
case 'u' :
if (uid != 0)
errx (1, "Only root can use `-u'"); errx (1, "Only root can use `-u'");
user = optarg; argc -= optind;
break; argv += optind;
default :
usage (); if (!(listp || deletep || renewp || openp))
break; defaultp = 1;
if ( listp + deletep + renewp + defaultp + openp != 1)
usage(1); /* one of -d or -l or -r or none */
if(deletep || openp || listp) {
if(argc != 0)
errx(1, "delete, open, and list requires no arguments\n");
} else {
if(argc != 2)
errx(1, "setup, and renew requires `num', and `seed'");
} }
argc -= optind; if (listp)
argv += optind; return list_otps (argc, argv, user);
if (!(listp || deletep || renewp || openp)) if (user == NULL) {
defaultp = 1; struct passwd *pwd;
if ( listp + deletep + renewp + defaultp + openp != 1) pwd = k_getpwuid(uid);
usage(); /* one of -d or -l or -r or none */ if (pwd == NULL)
err (1, "You don't exist");
if (listp) user = pwd->pw_name;
return list_otps (argc, argv, user);
if (user == NULL) {
struct passwd *pwd;
pwd = k_getpwuid(uid);
if (pwd == NULL)
err (1, "You don't exist");
user = pwd->pw_name;
}
/*
* users other that root must provide the next OTP to update the sequence.
* it avoids someone to use a pending session to change an OTP sequence.
* see RFC 1938/8.0.
*/
if (uid != 0 && (defaultp || renewp)) {
if (!has_an_otp(user)) {
errx (1, "Only root can set an initial OTP");
} else { /* Check the next OTP (RFC 1938/8.0: SHOULD) */
if (verify_user_otp(user) != 0) {
errx (1, "User authentification failed");
}
} }
}
if (deletep) /*
return delete_otp (argc, argv, user); * users other that root must provide the next OTP to update the sequence.
else if (renewp) * it avoids someone to use a pending session to change an OTP sequence.
return renew (argc, argv, alg, user); * see RFC 1938/8.0.
else if (openp) */
return open_otp (argc, argv, user); if (uid != 0 && (defaultp || renewp)) {
else if (!has_an_otp(user)) {
return set (argc, argv, alg, user); errx (1, "Only root can set an initial OTP");
} else { /* Check the next OTP (RFC 1938/8.0: SHOULD) */
if (verify_user_otp(user) != 0) {
errx (1, "User authentification failed");
}
}
}
if (deletep)
return delete_otp (argc, argv, user);
else if (renewp)
return renew (argc, argv, alg, user);
else if (openp)
return open_otp (argc, argv, user);
else
return set (argc, argv, alg, user);
} }

103
appl/otp/otpprint.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H<>gskolan * Copyright (c) 1995-1999 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -37,16 +37,34 @@
*/ */
#include "otp_locl.h" #include "otp_locl.h"
#include <getarg.h>
RCSID("$Id$"); RCSID("$Id$");
static int extendedp;
static int count = 10;
static int hexp;
static char* alg_string;
static int version_flag;
static int help_flag;
struct getargs args[] = {
{ "extended", 'e', arg_flag, &extendedp, "print keys in extended format" },
{ "count", 'n', arg_integer, &count, "number of keys to print" },
{ "hexadecimal", 'h', arg_flag, &hexp, "output in hexadecimal" },
{ "hash", 'f', arg_string, &alg_string,
"hash algorithm (md4, md5, or sha)", "algorithm"},
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
int num_args = sizeof(args) / sizeof(args[0]);
static void static void
usage (void) usage(int code)
{ {
fprintf(stderr, arg_printusage(args, num_args, NULL, "num seed");
"Usage: %s [-e] [-h] [-n count] [-f alg] num seed\n", exit(code);
__progname);
exit (1);
} }
static int static int
@@ -63,7 +81,7 @@ print (int argc,
char *seed; char *seed;
if (argc != 2) if (argc != 2)
usage (); usage (1);
n = atoi(argv[0]); n = atoi(argv[0]);
seed = argv[1]; seed = argv[1];
if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 0)) if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 0))
@@ -84,50 +102,39 @@ print (int argc,
int int
main (int argc, char **argv) main (int argc, char **argv)
{ {
int c; int optind = 0;
int count = 10; void (*fn)(OtpKey, char *, size_t);
int hexp = 0; OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
int extendedp = 0;
void (*fn)(OtpKey, char *, size_t);
OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
set_progname (argv[0]); set_progname (argv[0]);
if(getarg(args, num_args, argc, argv, &optind))
while ((c = getopt (argc, argv, "ehn:f:")) != EOF) usage(1);
switch (c) { if(help_flag)
case 'e' : usage(0);
extendedp = 1; if(version_flag) {
break; print_version(NULL);
case 'n' : exit(0);
count = atoi (optarg);
break;
case 'h' :
hexp = 1;
break;
case 'f' :
alg = otp_find_alg (optarg);
if (alg == NULL)
errx(1, "Unknown algorithm: %s", optarg);
break;
default :
usage ();
break;
} }
argc -= optind; if(alg_string) {
argv += optind; alg = otp_find_alg (alg_string);
if (alg == NULL)
errx(1, "Unknown algorithm: %s", alg_string);
}
argc -= optind;
argv += optind;
if (hexp) { if (hexp) {
if (extendedp) if (extendedp)
fn = otp_print_hex_extended; fn = otp_print_hex_extended;
else else
fn = otp_print_hex; fn = otp_print_hex;
} else { } else {
if (extendedp) if (extendedp)
fn = otp_print_stddict_extended; fn = otp_print_stddict_extended;
else else
fn = otp_print_stddict; fn = otp_print_stddict;
} }
return print (argc, argv, count, alg, fn); return print (argc, argv, count, alg, fn);
} }