Add a calc command that prints the current code.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@827 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
Dag-Erling Smørgrav
parent
e5b05552fc
commit
9c55e81bbb
|
|
@ -28,7 +28,7 @@
|
|||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Dd October 8, 2014
|
||||
.Dd October 22, 2014
|
||||
.Dt OATHKEY 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -67,6 +67,10 @@ Enable writeback mode (see below).
|
|||
.Pp
|
||||
The commands are:
|
||||
.Bl -tag -width 6n
|
||||
.It Cm calc
|
||||
Compute and display the current code for the given key.
|
||||
If writeback mode is enabled, the user's keyfile is updated to prevent
|
||||
reuse.
|
||||
.It Cm genkey
|
||||
Generate a new key.
|
||||
If writeback mode is enabled, the user's key is set; otherwise, it is
|
||||
|
|
@ -77,14 +81,14 @@ Print the user's key.
|
|||
Print the user's key in otpauth URI form.
|
||||
.It Cm setkey Ar uri
|
||||
Set the user's key to the given otpauth URI.
|
||||
.It Cm uri
|
||||
Deprecated synonym for
|
||||
.Cm geturi .
|
||||
.It Cm verify Ar code
|
||||
Verify that the given code is the correct current response for the
|
||||
user's key.
|
||||
If writeback mode is enabled and the response matched, the user's
|
||||
keyfile is updated to prevent reuse.
|
||||
.It Cm uri
|
||||
Deprecated synonym for
|
||||
.Cm geturi .
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr oath_hotp 3 ,
|
||||
|
|
|
|||
|
|
@ -91,6 +91,24 @@ oathkey_print_uri(struct oath_key *key)
|
|||
return (RET_SUCCESS);
|
||||
}
|
||||
|
||||
/*
|
||||
* Load key from file
|
||||
*/
|
||||
static int
|
||||
oathkey_load(struct oath_key **key)
|
||||
{
|
||||
|
||||
if (verbose)
|
||||
warnx("loading key from %s", keyfile);
|
||||
if ((*key = oath_key_from_file(keyfile)) == NULL) {
|
||||
warn("%s", keyfile);
|
||||
if (errno == EACCES || errno == EPERM)
|
||||
return (RET_UNAUTH);
|
||||
return (RET_ERROR);
|
||||
}
|
||||
return (RET_SUCCESS);
|
||||
}
|
||||
|
||||
/*
|
||||
* Save key to file
|
||||
* XXX liboath should take care of this for us
|
||||
|
|
@ -183,10 +201,8 @@ oathkey_getkey(int argc, char *argv[])
|
|||
(void)argv;
|
||||
if (!isroot && !issameuser)
|
||||
return (RET_UNAUTH);
|
||||
if (verbose)
|
||||
warnx("loading key from %s", keyfile);
|
||||
if ((key = oath_key_from_file(keyfile)) == NULL)
|
||||
return (RET_ERROR);
|
||||
if ((ret = oathkey_load(&key)) != RET_SUCCESS)
|
||||
return (ret);
|
||||
ret = oathkey_print_hex(key);
|
||||
oath_key_free(key);
|
||||
return (ret);
|
||||
|
|
@ -206,10 +222,8 @@ oathkey_geturi(int argc, char *argv[])
|
|||
(void)argv;
|
||||
if (!isroot && !issameuser)
|
||||
return (RET_UNAUTH);
|
||||
if (verbose)
|
||||
warnx("loading key from %s", keyfile);
|
||||
if ((key = oath_key_from_file(keyfile)) == NULL)
|
||||
return (RET_ERROR);
|
||||
if ((ret = oathkey_load(&key)) != RET_SUCCESS)
|
||||
return (ret);
|
||||
ret = oathkey_print_uri(key);
|
||||
oath_key_free(key);
|
||||
return (ret);
|
||||
|
|
@ -228,10 +242,8 @@ oathkey_verify(int argc, char *argv[])
|
|||
|
||||
if (argc < 1)
|
||||
return (RET_USAGE);
|
||||
if (verbose)
|
||||
warnx("loading key from %s", keyfile);
|
||||
if ((key = oath_key_from_file(keyfile)) == NULL)
|
||||
return (RET_ERROR);
|
||||
if ((ret = oathkey_load(&key)) != RET_SUCCESS)
|
||||
return (ret);
|
||||
response = strtoul(*argv, &end, 10);
|
||||
if (end == *argv || *end != '\0')
|
||||
response = ULONG_MAX; /* never valid */
|
||||
|
|
@ -256,6 +268,40 @@ oathkey_verify(int argc, char *argv[])
|
|||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
* Compute the current code
|
||||
*/
|
||||
static int
|
||||
oathkey_calc(int argc, char *argv[])
|
||||
{
|
||||
struct oath_key *key;
|
||||
unsigned int current;
|
||||
int ret;
|
||||
|
||||
if (argc != 0)
|
||||
return (RET_USAGE);
|
||||
(void)argv;
|
||||
if ((ret = oathkey_load(&key)) != RET_SUCCESS)
|
||||
return (ret);
|
||||
if (key->mode == om_totp)
|
||||
current = oath_totp_current(key);
|
||||
else if (key->mode == om_hotp)
|
||||
current = oath_hotp_current(key);
|
||||
else
|
||||
current = -1;
|
||||
if (current == (unsigned int)-1) {
|
||||
warnx("OATH error");
|
||||
ret = RET_ERROR;
|
||||
} else {
|
||||
printf("%.*d\n", (int)key->digits, current);
|
||||
ret = RET_SUCCESS;
|
||||
if (writeback)
|
||||
ret = oathkey_save(key);
|
||||
}
|
||||
oath_key_free(key);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
* Print usage string and exit.
|
||||
*/
|
||||
|
|
@ -266,6 +312,7 @@ usage(void)
|
|||
"usage: oathkey [-hvw] [-u user] [-k keyfile] <command>\n"
|
||||
"\n"
|
||||
"Commands:\n"
|
||||
" calc Print the current code\n"
|
||||
" genkey Generate a new key\n"
|
||||
" getkey Print the key in hexadecimal form\n"
|
||||
" geturi Print the key in otpauth URI form\n"
|
||||
|
|
@ -354,10 +401,12 @@ main(int argc, char *argv[])
|
|||
*/
|
||||
if (strcmp(cmd, "help") == 0)
|
||||
ret = RET_USAGE;
|
||||
else if (strcmp(cmd, "calc") == 0)
|
||||
ret = oathkey_calc(argc, argv);
|
||||
else if (strcmp(cmd, "genkey") == 0)
|
||||
ret = oathkey_genkey(argc, argv);
|
||||
else if (strcmp(cmd, "getkey") == 0)
|
||||
ret = oathkey_getkey(argc, argv);
|
||||
ret = oathkey_getkey(argc, argv);
|
||||
else if (strcmp(cmd, "geturi") == 0 || strcmp(cmd, "uri") == 0)
|
||||
ret = oathkey_geturi(argc, argv);
|
||||
else if (strcmp(cmd, "setkey") == 0)
|
||||
|
|
|
|||
Loading…
Reference in New Issue