Turn writeback mode on by default in oathkey(1).

git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@841 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-11-12 16:21:15 +00:00 · 2014-11-12 16:21:15 +00:00 · d130c0ec09
parent fc5eeb8fd9
commit d130c0ec09
2 changed files with 13 additions and 11 deletions
--- a/bin/oathkey/oathkey.1
+++ b/bin/oathkey/oathkey.1
@ -28,7 +28,7 @@
 .\"
 .\" $Id$
 .\"
-.Dd October 22, 2014
+.Dd November 11, 2014
 .Dt OATHKEY 1
 .Os
 .Sh NAME
@ -36,7 +36,7 @@
 .Nd OATH key management tool
 .Sh SYNOPSIS
 .Nm
-.Op Fl hvw
+.Op Fl hrvw
 .Op Fl u Ar user
 .Op Fl k Ar keyfile
 .Ar command
@ -55,6 +55,8 @@ Print a usage message and exit.
 Specify the location of the keyfile on which to operate.
 The default is
 .Pa /var/oath/ Ns Ar user Ns Pa .otpauth .
+.It Fl r
+Disable writeback mode.
 .It Fl u Ar user
 Specify the user on which to operate.
 The default is the current user.
@ -63,6 +65,7 @@ Only root may operate on other users.
 Enable verbose mode.
 .It Fl w
 Enable writeback mode (see below).
+This is the default.
 .El
 .Pp
 The commands are:
--- a/bin/oathkey/oathkey.c
+++ b/bin/oathkey/oathkey.c
@ -55,7 +55,7 @@ enum { RET_SUCCESS, RET_FAILURE, RET_ERROR, RET_USAGE, RET_UNAUTH };
 static char *user;
 static char *keyfile;
 static int verbose;
-static int writeback;
+static int readonly;

 static int isroot;		/* running as root */
 static int issameuser;		/* real user same as target user */
@ -160,7 +160,7 @@ oathkey_genkey(int argc, char *argv[])
 		return (RET_UNAUTH);
 	if ((key = oath_key_create(user, om_totp, oh_undef, NULL, 0)) == NULL)
 		return (RET_ERROR);
-	ret = writeback ? oathkey_save(key) : oathkey_print_uri(key);
+	ret = readonly ? oathkey_print_uri(key) : oathkey_save(key);
 	oath_key_free(key);
 	return (ret);
 }
@ -261,9 +261,7 @@ oathkey_verify(int argc, char *argv[])
 	if (verbose)
 		warnx("response: %lu %s", response,
 		    match ? "matched" : "did not match");
-	ret = match ? RET_SUCCESS : RET_FAILURE;
-	if (match && writeback)
-		ret = oathkey_save(key);
+	ret = match ? readonly ? RET_SUCCESS : oathkey_save(key) : RET_FAILURE;
 	oath_key_free(key);
 	return (ret);
 }
@ -294,9 +292,7 @@ oathkey_calc(int argc, char *argv[])
 		ret = RET_ERROR;
 	} else {
 		printf("%.*d\n", (int)key->digits, current);
-		ret = RET_SUCCESS;
-		if (writeback)
-			ret = oathkey_save(key);
+		ret = readonly ? RET_SUCCESS : oathkey_save(key);
 	}
 	oath_key_free(key);
 	return (ret);
@ -337,6 +333,9 @@ main(int argc, char *argv[])
 		case 'k':
 			keyfile = optarg;
 			break;
+		case 'r':
+			readonly = 1;
+			break;
 		case 'u':
 			user = optarg;
 			break;
@ -344,7 +343,7 @@ main(int argc, char *argv[])
 			++verbose;
 			break;
 		case 'w':
-			++writeback;
+			readonly = 0;
 			break;
 		case 'h':
 		default: