Changeset 818 in openpam


Ignore:
Timestamp:
Oct 8, 2014, 11:02:44 AM (6 years ago)
Author:
Dag-Erling Smørgrav
Message:
  • Set the sameuser flag when a non-root user manipulates their own key.
  • Rename the uri command to geturi (but retain backward compatibility).
  • Add a getkey command that prints the key in hexadecimal.
Location:
trunk/bin/oathkey
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/bin/oathkey/oathkey.1

    r799 r818  
    2929.\" $Id$
    3030.\"
    31 .Dd March 9, 2014
     31.Dd October 8, 2014
    3232.Dt OATHKEY 1
    3333.Os
     
    7272If writeback mode is enabled, the user's key is set; otherwise, it is
    7373printed to standard output.
     74.It Cm getkey
     75Print the user's key.
     76.It Cm geturi
     77Print the user's key in otpauth URI form.
    7478.It Cm setkey Ar uri
    7579Set the user's key to the given otpauth URI.
    76 .It Cm uri
    77 Print the user's key in otpauth URI form.
    7880.It Cm verify Ar code
    7981Verify that the given code is the correct current response for the
     
    8183If writeback mode is enabled and the response matched, the user's
    8284keyfile is updated to prevent reuse.
     85.It Cm uri
     86Deprecated synonym for
     87.Cm geturi .
    8388.El
    8489.Sh SEE ALSO
  • trunk/bin/oathkey/oathkey.c

    r817 r818  
    6262
    6363/*
     64 * Print key in hexadecimal form
     65 */
     66static int
     67oathkey_print_hex(struct oath_key *key)
     68{
     69        unsigned int i;
     70
     71        for (i = 0; i < key->keylen; ++i)
     72                printf("%02x", key->key[i]);
     73        printf("\n");
     74        return (RET_SUCCESS);
     75}
     76
     77/*
    6478 * Print key in otpauth URI form
    6579 */
    6680static int
    67 oathkey_print(struct oath_key *key)
     81oathkey_print_uri(struct oath_key *key)
    6882{
    6983        char *keyuri;
     
    88102        int fd, len, ret;
    89103
     104        if (verbose)
     105                warnx("saving key to %s", keyfile);
    90106        keyuri = NULL;
    91107        len = 0;
     
    127143        if ((key = oath_key_create(user, om_totp, oh_undef, NULL, 0)) == NULL)
    128144                return (RET_ERROR);
    129         ret = writeback ? oathkey_save(key) : oathkey_print(key);
     145        ret = writeback ? oathkey_save(key) : oathkey_print_uri(key);
    130146        oath_key_free(key);
    131147        return (ret);
     
    155171
    156172/*
    157  * Print the otpauth URI for a key
    158  */
    159 static int
    160 oathkey_uri(int argc, char *argv[])
     173 * Print raw key in hexadecimal
     174 */
     175static int
     176oathkey_getkey(int argc, char *argv[])
    161177{
    162178        struct oath_key *key;
     
    168184        if (!isroot && !issameuser)
    169185                return (RET_UNAUTH);
     186        if (verbose)
     187                warnx("loading key from %s", keyfile);
    170188        if ((key = oath_key_from_file(keyfile)) == NULL)
    171189                return (RET_ERROR);
    172         ret = oathkey_print(key);
     190        ret = oathkey_print_hex(key);
     191        oath_key_free(key);
     192        return (ret);
     193}
     194
     195/*
     196 * Print the otpauth URI for a key
     197 */
     198static int
     199oathkey_geturi(int argc, char *argv[])
     200{
     201        struct oath_key *key;
     202        int ret;
     203
     204        if (argc != 0)
     205                return (RET_USAGE);
     206        (void)argv;
     207        if (!isroot && !issameuser)
     208                return (RET_UNAUTH);
     209        if (verbose)
     210                warnx("loading key from %s", keyfile);
     211        if ((key = oath_key_from_file(keyfile)) == NULL)
     212                return (RET_ERROR);
     213        ret = oathkey_print_uri(key);
    173214        oath_key_free(key);
    174215        return (ret);
     
    188229        if (argc < 1)
    189230                return (RET_USAGE);
     231        if (verbose)
     232                warnx("loading key from %s", keyfile);
    190233        if ((key = oath_key_from_file(keyfile)) == NULL)
    191234                return (RET_ERROR);
     
    225268            "Commands:\n"
    226269            "    genkey      Generate a new key\n"
     270            "    getkey      Print the key in hexadecimal form\n"
     271            "    geturi      Print the key in otpauth URI form\n"
    227272            "    setkey      Generate a new key\n"
    228             "    uri         Print the key in otpauth URI form\n"
    229273            "    verify <response>\n"
    230274            "                Verify a response\n");
     
    294338                if (asprintf(&user, "%s", pw->pw_name) < 0)
    295339                        err(1, "asprintf()");
     340                issameuser = 1;
    296341        }
    297342
     
    312357        else if (strcmp(cmd, "genkey") == 0)
    313358                ret = oathkey_genkey(argc, argv);
     359        else if (strcmp(cmd, "getkey") == 0)
     360                ret = oathkey_getkey(argc, argv);       
     361        else if (strcmp(cmd, "geturi") == 0 || strcmp(cmd, "uri") == 0)
     362                ret = oathkey_geturi(argc, argv);
    314363        else if (strcmp(cmd, "setkey") == 0)
    315364                ret = oathkey_setkey(argc, argv);
    316         else if (strcmp(cmd, "uri") == 0)
    317                 ret = oathkey_uri(argc, argv);
    318365        else if (strcmp(cmd, "verify") == 0)
    319366                ret = oathkey_verify(argc, argv);
Note: See TracChangeset for help on using the changeset viewer.