diff options
Diffstat (limited to 'crypto/heimdal/appl/otp/otp.c')
| -rw-r--r-- | crypto/heimdal/appl/otp/otp.c | 366 |
1 files changed, 0 insertions, 366 deletions
diff --git a/crypto/heimdal/appl/otp/otp.c b/crypto/heimdal/appl/otp/otp.c deleted file mode 100644 index 66de4e0..0000000 --- a/crypto/heimdal/appl/otp/otp.c +++ /dev/null @@ -1,366 +0,0 @@ -/* - * Copyright (c) 1995-1997, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "otp_locl.h" -#include <getarg.h> - -RCSID("$Id: otp.c,v 1.33 2001/02/20 01:44:46 assar Exp $"); - -static int listp; -static int deletep; -static int openp; -static int renewp; -static char* alg_string; -static char *user; -static int version_flag; -static int help_flag; - -struct getargs args[] = { - { "list", 'l', arg_flag, &listp, "list OTP status" }, - { "delete", 'd', arg_flag, &deletep, "delete OTP" }, - { "open", 'o', arg_flag, &openp, "open a locked OTP" }, - { "renew", 'r', arg_flag, &renewp, "securely renew OTP" }, - { "hash", 'f', arg_string, &alg_string, - "hash algorithm (md4, md5, or sha)", "algorithm"}, - { "user", 'u', arg_string, &user, - "user other than current user (root only)", "user" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 'h', arg_flag, &help_flag } -}; - -int num_args = sizeof(args) / sizeof(args[0]); - -static void -usage(int code) -{ - arg_printusage(args, num_args, NULL, "[num seed]"); - exit(code); -} - -/* - * Renew the OTP for a user. - * The pass-phrase is not required (RFC 1938/8.0) - */ - -static int -renew (int argc, char **argv, OtpAlgorithm *alg, char *user) -{ - OtpContext newctx, *ctx; - char prompt[128]; - char pw[64]; - void *dbm; - int ret; - - newctx.alg = alg; - newctx.user = user; - newctx.n = atoi (argv[0]); - strlcpy (newctx.seed, argv[1], sizeof(newctx.seed)); - strlwr(newctx.seed); - snprintf (prompt, sizeof(prompt), - "[ otp-%s %u %s ]", - newctx.alg->name, - newctx.n, - newctx.seed); - if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 && - otp_parse (newctx.key, pw, alg) == 0) { - ctx = &newctx; - ret = 0; - } else - return 1; - - dbm = otp_db_open (); - if (dbm == NULL) { - warnx ("otp_db_open failed"); - return 1; - } - otp_put (dbm, ctx); - otp_db_close (dbm); - return ret; -} - -/* - * Return 0 if the user could enter the next OTP. - * I would rather have returned !=0 but it's shell-like here around. - */ - -static int -verify_user_otp(char *username) -{ - OtpContext ctx; - char passwd[OTP_MAX_PASSPHRASE + 1]; - char prompt[128], ss[256]; - - if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) { - warnx("no otp challenge found for %s", username); - return 1; - } - - snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss); - if(des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)) - return 1; - return otp_verify_user (&ctx, passwd); -} - -/* - * Set the OTP for a user - */ - -static int -set (int argc, char **argv, OtpAlgorithm *alg, char *user) -{ - void *db; - OtpContext ctx; - char pw[OTP_MAX_PASSPHRASE + 1]; - int ret; - int i; - - ctx.alg = alg; - ctx.user = strdup (user); - if (ctx.user == NULL) - err (1, "out of memory"); - - ctx.n = atoi (argv[0]); - strlcpy (ctx.seed, argv[1], sizeof(ctx.seed)); - strlwr(ctx.seed); - do { - if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1)) - return 1; - if (strlen (pw) < OTP_MIN_PASSPHRASE) - printf ("Too short pass-phrase. Use at least %d characters\n", - OTP_MIN_PASSPHRASE); - } while(strlen(pw) < OTP_MIN_PASSPHRASE); - ctx.alg->init (ctx.key, pw, ctx.seed); - for (i = 0; i < ctx.n; ++i) - ctx.alg->next (ctx.key); - db = otp_db_open (); - if(db == NULL) { - free (ctx.user); - err (1, "otp_db_open failed"); - } - ret = otp_put (db, &ctx); - otp_db_close (db); - free (ctx.user); - return ret; -} - -/* - * Delete otp of user from the database - */ - -static int -delete_otp (int argc, char **argv, char *user) -{ - void *db; - OtpContext ctx; - int ret; - - db = otp_db_open (); - if(db == NULL) - errx (1, "otp_db_open failed"); - - ctx.user = user; - ret = otp_delete(db, &ctx); - otp_db_close (db); - return ret; -} - -/* - * Tell whether the user has an otp - */ - -static int -has_an_otp(char *user) -{ - void *db; - OtpContext ctx; - int ret; - - db = otp_db_open (); - if(db == NULL) { - warnx ("otp_db_open failed"); - return 0; /* if no db no otp! */ - } - - ctx.user = user; - ret = otp_simple_get(db, &ctx); - - otp_db_close (db); - return !ret; -} - -/* - * Get and print out the otp entry for some user - */ - -static void -print_otp_entry_for_name (void *db, char *user) -{ - OtpContext ctx; - - ctx.user = user; - if (!otp_simple_get(db, &ctx)) { - fprintf(stdout, - "%s\totp-%s %d %s", - ctx.user, ctx.alg->name, ctx.n, ctx.seed); - if (ctx.lock_time) - fprintf(stdout, - "\tlocked since %s", - ctime(&ctx.lock_time)); - else - fprintf(stdout, "\n"); - } -} - -static int -open_otp (int argc, char **argv, char *user) -{ - void *db; - OtpContext ctx; - int ret; - - db = otp_db_open (); - if (db == NULL) - errx (1, "otp_db_open failed"); - - ctx.user = user; - ret = otp_simple_get (db, &ctx); - if (ret == 0) - ret = otp_put (db, &ctx); - otp_db_close (db); - return ret; -} - -/* - * Print otp entries for one or all users - */ - -static int -list_otps (int argc, char **argv, char *user) -{ - void *db; - struct passwd *pw; - - db = otp_db_open (); - if(db == NULL) - errx (1, "otp_db_open failed"); - - if (user) - print_otp_entry_for_name(db, user); - else - /* scans all users... so as to get a deterministic order */ - while ((pw = getpwent())) - print_otp_entry_for_name(db, pw->pw_name); - - otp_db_close (db); - return 0; -} - -int -main (int argc, char **argv) -{ - int defaultp = 0; - int uid = getuid(); - OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT); - int optind = 0; - - setprogname (argv[0]); - if(getarg(args, num_args, argc, argv, &optind)) - usage(1); - if(help_flag) - usage(0); - if(version_flag) { - print_version(NULL); - exit(0); - } - - if(deletep && uid != 0) - errx (1, "Only root can delete OTPs"); - if(alg_string) { - alg = otp_find_alg (alg_string); - if (alg == NULL) - errx (1, "Unknown algorithm: %s", alg_string); - } - if (user && uid != 0) - errx (1, "Only root can use `-u'"); - argc -= optind; - argv += optind; - - if (!(listp || deletep || renewp || openp)) - defaultp = 1; - - if ( listp + deletep + renewp + defaultp + openp != 1) - usage(1); /* one of -d or -l or -r or none */ - - if(deletep || openp || listp) { - if(argc != 0) - errx(1, "delete, open, and list requires no arguments\n"); - } else { - if(argc != 2) - errx(1, "setup, and renew requires `num', and `seed'"); - } - if (listp) - return list_otps (argc, argv, user); - - if (user == NULL) { - struct passwd *pwd; - - pwd = k_getpwuid(uid); - if (pwd == NULL) - err (1, "You don't exist"); - user = pwd->pw_name; - } - - /* - * users other that root must provide the next OTP to update the sequence. - * it avoids someone to use a pending session to change an OTP sequence. - * see RFC 1938/8.0. - */ - if (uid != 0 && (defaultp || renewp)) { - if (!has_an_otp(user)) { - errx (1, "Only root can set an initial OTP"); - } else { /* Check the next OTP (RFC 1938/8.0: SHOULD) */ - if (verify_user_otp(user) != 0) { - errx (1, "User authentification failed"); - } - } - } - - if (deletep) - return delete_otp (argc, argv, user); - else if (renewp) - return renew (argc, argv, alg, user); - else if (openp) - return open_otp (argc, argv, user); - else - return set (argc, argv, alg, user); -} |
