- Set the sameuser flag when a non-root user manipulates their own key.
- Rename the uri command to geturi (but retain backward compatibility). - Add a getkey command that prints the key in hexadecimal. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@818 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
37ff7929a0
commit
8ad7aa9039
|
@ -28,7 +28,7 @@
|
||||||
.\"
|
.\"
|
||||||
.\" $Id$
|
.\" $Id$
|
||||||
.\"
|
.\"
|
||||||
.Dd March 9, 2014
|
.Dd October 8, 2014
|
||||||
.Dt OATHKEY 1
|
.Dt OATHKEY 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -71,15 +71,20 @@ The commands are:
|
||||||
Generate a new key.
|
Generate a new key.
|
||||||
If writeback mode is enabled, the user's key is set; otherwise, it is
|
If writeback mode is enabled, the user's key is set; otherwise, it is
|
||||||
printed to standard output.
|
printed to standard output.
|
||||||
|
.It Cm getkey
|
||||||
|
Print the user's key.
|
||||||
|
.It Cm geturi
|
||||||
|
Print the user's key in otpauth URI form.
|
||||||
.It Cm setkey Ar uri
|
.It Cm setkey Ar uri
|
||||||
Set the user's key to the given otpauth URI.
|
Set the user's key to the given otpauth URI.
|
||||||
.It Cm uri
|
|
||||||
Print the user's key in otpauth URI form.
|
|
||||||
.It Cm verify Ar code
|
.It Cm verify Ar code
|
||||||
Verify that the given code is the correct current response for the
|
Verify that the given code is the correct current response for the
|
||||||
user's key.
|
user's key.
|
||||||
If writeback mode is enabled and the response matched, the user's
|
If writeback mode is enabled and the response matched, the user's
|
||||||
keyfile is updated to prevent reuse.
|
keyfile is updated to prevent reuse.
|
||||||
|
.It Cm uri
|
||||||
|
Deprecated synonym for
|
||||||
|
.Cm geturi .
|
||||||
.El
|
.El
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr oath_hotp 3 ,
|
.Xr oath_hotp 3 ,
|
||||||
|
|
|
@ -60,11 +60,25 @@ static int writeback;
|
||||||
static int isroot; /* running as root */
|
static int isroot; /* running as root */
|
||||||
static int issameuser; /* real user same as target user */
|
static int issameuser; /* real user same as target user */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Print key in hexadecimal form
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
oathkey_print_hex(struct oath_key *key)
|
||||||
|
{
|
||||||
|
unsigned int i;
|
||||||
|
|
||||||
|
for (i = 0; i < key->keylen; ++i)
|
||||||
|
printf("%02x", key->key[i]);
|
||||||
|
printf("\n");
|
||||||
|
return (RET_SUCCESS);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Print key in otpauth URI form
|
* Print key in otpauth URI form
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
oathkey_print(struct oath_key *key)
|
oathkey_print_uri(struct oath_key *key)
|
||||||
{
|
{
|
||||||
char *keyuri;
|
char *keyuri;
|
||||||
|
|
||||||
|
@ -87,6 +101,8 @@ oathkey_save(struct oath_key *key)
|
||||||
char *keyuri;
|
char *keyuri;
|
||||||
int fd, len, ret;
|
int fd, len, ret;
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
warnx("saving key to %s", keyfile);
|
||||||
keyuri = NULL;
|
keyuri = NULL;
|
||||||
len = 0;
|
len = 0;
|
||||||
fd = ret = -1;
|
fd = ret = -1;
|
||||||
|
@ -126,7 +142,7 @@ oathkey_genkey(int argc, char *argv[])
|
||||||
return (RET_UNAUTH);
|
return (RET_UNAUTH);
|
||||||
if ((key = oath_key_create(user, om_totp, oh_undef, NULL, 0)) == NULL)
|
if ((key = oath_key_create(user, om_totp, oh_undef, NULL, 0)) == NULL)
|
||||||
return (RET_ERROR);
|
return (RET_ERROR);
|
||||||
ret = writeback ? oathkey_save(key) : oathkey_print(key);
|
ret = writeback ? oathkey_save(key) : oathkey_print_uri(key);
|
||||||
oath_key_free(key);
|
oath_key_free(key);
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
|
@ -154,10 +170,10 @@ oathkey_setkey(int argc, char *argv[])
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Print the otpauth URI for a key
|
* Print raw key in hexadecimal
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
oathkey_uri(int argc, char *argv[])
|
oathkey_getkey(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
struct oath_key *key;
|
struct oath_key *key;
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -167,9 +183,34 @@ oathkey_uri(int argc, char *argv[])
|
||||||
(void)argv;
|
(void)argv;
|
||||||
if (!isroot && !issameuser)
|
if (!isroot && !issameuser)
|
||||||
return (RET_UNAUTH);
|
return (RET_UNAUTH);
|
||||||
|
if (verbose)
|
||||||
|
warnx("loading key from %s", keyfile);
|
||||||
if ((key = oath_key_from_file(keyfile)) == NULL)
|
if ((key = oath_key_from_file(keyfile)) == NULL)
|
||||||
return (RET_ERROR);
|
return (RET_ERROR);
|
||||||
ret = oathkey_print(key);
|
ret = oathkey_print_hex(key);
|
||||||
|
oath_key_free(key);
|
||||||
|
return (ret);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Print the otpauth URI for a key
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
oathkey_geturi(int argc, char *argv[])
|
||||||
|
{
|
||||||
|
struct oath_key *key;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if (argc != 0)
|
||||||
|
return (RET_USAGE);
|
||||||
|
(void)argv;
|
||||||
|
if (!isroot && !issameuser)
|
||||||
|
return (RET_UNAUTH);
|
||||||
|
if (verbose)
|
||||||
|
warnx("loading key from %s", keyfile);
|
||||||
|
if ((key = oath_key_from_file(keyfile)) == NULL)
|
||||||
|
return (RET_ERROR);
|
||||||
|
ret = oathkey_print_uri(key);
|
||||||
oath_key_free(key);
|
oath_key_free(key);
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
|
@ -187,6 +228,8 @@ oathkey_verify(int argc, char *argv[])
|
||||||
|
|
||||||
if (argc < 1)
|
if (argc < 1)
|
||||||
return (RET_USAGE);
|
return (RET_USAGE);
|
||||||
|
if (verbose)
|
||||||
|
warnx("loading key from %s", keyfile);
|
||||||
if ((key = oath_key_from_file(keyfile)) == NULL)
|
if ((key = oath_key_from_file(keyfile)) == NULL)
|
||||||
return (RET_ERROR);
|
return (RET_ERROR);
|
||||||
response = strtoul(*argv, &end, 10);
|
response = strtoul(*argv, &end, 10);
|
||||||
|
@ -224,8 +267,9 @@ usage(void)
|
||||||
"\n"
|
"\n"
|
||||||
"Commands:\n"
|
"Commands:\n"
|
||||||
" genkey Generate a new key\n"
|
" genkey Generate a new key\n"
|
||||||
|
" getkey Print the key in hexadecimal form\n"
|
||||||
|
" geturi Print the key in otpauth URI form\n"
|
||||||
" setkey Generate a new key\n"
|
" setkey Generate a new key\n"
|
||||||
" uri Print the key in otpauth URI form\n"
|
|
||||||
" verify <response>\n"
|
" verify <response>\n"
|
||||||
" Verify a response\n");
|
" Verify a response\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
|
@ -293,6 +337,7 @@ main(int argc, char *argv[])
|
||||||
errx(1, "who are you?");
|
errx(1, "who are you?");
|
||||||
if (asprintf(&user, "%s", pw->pw_name) < 0)
|
if (asprintf(&user, "%s", pw->pw_name) < 0)
|
||||||
err(1, "asprintf()");
|
err(1, "asprintf()");
|
||||||
|
issameuser = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -311,10 +356,12 @@ main(int argc, char *argv[])
|
||||||
ret = RET_USAGE;
|
ret = RET_USAGE;
|
||||||
else if (strcmp(cmd, "genkey") == 0)
|
else if (strcmp(cmd, "genkey") == 0)
|
||||||
ret = oathkey_genkey(argc, argv);
|
ret = oathkey_genkey(argc, argv);
|
||||||
|
else if (strcmp(cmd, "getkey") == 0)
|
||||||
|
ret = oathkey_getkey(argc, argv);
|
||||||
|
else if (strcmp(cmd, "geturi") == 0 || strcmp(cmd, "uri") == 0)
|
||||||
|
ret = oathkey_geturi(argc, argv);
|
||||||
else if (strcmp(cmd, "setkey") == 0)
|
else if (strcmp(cmd, "setkey") == 0)
|
||||||
ret = oathkey_setkey(argc, argv);
|
ret = oathkey_setkey(argc, argv);
|
||||||
else if (strcmp(cmd, "uri") == 0)
|
|
||||||
ret = oathkey_uri(argc, argv);
|
|
||||||
else if (strcmp(cmd, "verify") == 0)
|
else if (strcmp(cmd, "verify") == 0)
|
||||||
ret = oathkey_verify(argc, argv);
|
ret = oathkey_verify(argc, argv);
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue