Changeset 784 in openpam


Ignore:
Timestamp:
Mar 10, 2014, 3:31:30 PM (7 years ago)
Author:
Dag-Erling Smørgrav
Message:

Implement keyfile writeback.

Location:
trunk/bin/oathkey
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/bin/oathkey/oathkey.1

    r780 r784  
    3737.Sh SYNOPSIS
    3838.Nm
    39 .Op Fl hv
     39.Op Fl hvw
    4040.Op Fl u Ar user
    4141.Op Fl k Ar keyfile
     
    6262.It Fl v
    6363Enable verbose mode.
     64.It Fl w
     65Enable writeback mode (see below).
    6466.El
    6567.Pp
     
    6870.It Cm genkey
    6971Generate a new key.
     72If writeback mode is enabled, the user's key is set; otherwise, it is
     73printed to standard output.
    7074.It Cm setkey Ar uri
    7175Set the user's key to the given otpauth URI.
     
    7579Verify that the given code is the correct current response for the
    7680user's key.
     81If writeback mode is enabled and the response matched, the user's
     82keyfile is updated to prevent reuse.
    7783.El
    7884.Sh SEE ALSO
  • trunk/bin/oathkey/oathkey.c

    r780 r784  
    3838#include <err.h>
    3939#include <errno.h>
     40#include <fcntl.h>
    4041#include <limits.h>
    4142#include <pwd.h>
     
    5556static char *keyfile;
    5657static int verbose;
     58static int writeback;
    5759
    5860static int isroot;              /* running as root */
     
    6062
    6163/*
     64 * Print key in otpauth URI form
     65 */
     66static int
     67oathkey_print(struct oath_key *key)
     68{
     69        char *keyuri;
     70
     71        if ((keyuri = oath_key_to_uri(key)) == NULL) {
     72                warnx("failed to convert key to otpauth URI");
     73                return (RET_ERROR);
     74        }
     75        printf("%s\n", keyuri);
     76        free(keyuri);
     77        return (RET_SUCCESS);
     78}
     79
     80/*
     81 * Save key to file
     82 * XXX liboath should take care of this for us
     83 */
     84static int
     85oathkey_save(struct oath_key *key)
     86{
     87        char *keyuri;
     88        int fd, len, ret;
     89
     90        keyuri = NULL;
     91        len = 0;
     92        fd = ret = -1;
     93        if ((keyuri = oath_key_to_uri(key)) == NULL) {
     94                warnx("failed to convert key to otpauth URI");
     95                goto done;
     96        }
     97        len = strlen(keyuri);
     98        if ((fd = open(keyfile, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0 ||
     99            write(fd, keyuri, len) != len || write(fd, "\n", 1) != 1) {
     100                warn("%s", keyfile);
     101                goto done;
     102        }
     103        ret = 0;
     104done:
     105        if (fd >= 0)
     106                close(fd);
     107        if (keyuri != NULL)
     108                free(keyuri);
     109        return (ret);
     110}
     111
     112/*
    62113 * Generate a new key
    63114 */
     
    66117{
    67118        struct oath_key *key;
     119        int ret;
    68120
    69121        /* XXX add parameters later */
     
    78130        if ((key = oath_key_create(user, om_totp, oh_undef, NULL, 0)) == NULL)
    79131                return (RET_ERROR);
    80         /* XXX should save to file, not print */
    81         printf("%s\n", oath_key_to_uri(key));
     132        ret = writeback ? oathkey_save(key) : oathkey_print(key);
    82133        oath_key_free(key);
    83         return (RET_SUCCESS);
     134        return (ret);
    84135}
    85136
     
    91142{
    92143        struct oath_key *key;
     144        int ret;
    93145
    94146        /* XXX add parameters later */
     
    103155        if ((key = oath_key_from_uri(argv[0])) == NULL)
    104156                return (RET_ERROR);
    105         /* XXX should save to file, not print */
    106         printf("%s\n", oath_key_to_uri(key));
     157        ret = oathkey_save(key);
    107158        oath_key_free(key);
    108         return (RET_SUCCESS);
     159        return (ret);
    109160}
    110161
     
    116167{
    117168        struct oath_key *key;
     169        int ret;
    118170
    119171        if (argc != 0)
     
    127179        if ((key = oath_key_from_file(keyfile)) == NULL)
    128180                return (RET_ERROR);
    129         printf("%s\n", oath_key_to_uri(key));
     181        ret = oathkey_print(key);
    130182        oath_key_free(key);
    131         return (RET_SUCCESS);
     183        return (ret);
    132184}
    133185
     
    141193        unsigned long response;
    142194        char *end;
    143         int match;
     195        int match, ret;
    144196
    145197        if (argc < 1)
     
    164216                warnx("response: %lu %s", response,
    165217                    match ? "matched" : "did not match");
    166         if (match) {
    167                 /* XXX write key back! */
    168         }
     218        ret = match ? RET_SUCCESS : RET_FAILURE;
     219        if (match && writeback)
     220                ret = oathkey_save(key);
    169221        oath_key_free(key);
    170         return (match ? RET_SUCCESS : RET_FAILURE);
     222        return (ret);
    171223}
    172224
     
    178230{
    179231        fprintf(stderr,
    180             "usage: oathkey [-hv] [-u user] [-k keyfile] <command>\n"
     232            "usage: oathkey [-hvw] [-u user] [-k keyfile] <command>\n"
    181233            "\n"
    182234            "Commands:\n"
     
    199251         * Parse command-line options
    200252         */
    201         while ((opt = getopt(argc, argv, "hk:u:v")) != -1)
     253        while ((opt = getopt(argc, argv, "hk:u:vw")) != -1)
    202254                switch (opt) {
    203255                case 'k':
     
    209261                case 'v':
    210262                        ++verbose;
     263                        break;
     264                case 'w':
     265                        ++writeback;
    211266                        break;
    212267                case 'h':
Note: See TracChangeset for help on using the changeset viewer.