From d130c0ec09e1a1a531f67d061cb15cf566ff256d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Wed, 12 Nov 2014 16:21:15 +0000 Subject: [PATCH] Turn writeback mode on by default in oathkey(1). git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@841 185d5e19-27fe-0310-9dcf-9bff6b9f3609 --- bin/oathkey/oathkey.1 | 7 +++++-- bin/oathkey/oathkey.c | 17 ++++++++--------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/bin/oathkey/oathkey.1 b/bin/oathkey/oathkey.1 index a7407d9..55a594b 100644 --- a/bin/oathkey/oathkey.1 +++ b/bin/oathkey/oathkey.1 @@ -28,7 +28,7 @@ .\" .\" $Id$ .\" -.Dd October 22, 2014 +.Dd November 11, 2014 .Dt OATHKEY 1 .Os .Sh NAME @@ -36,7 +36,7 @@ .Nd OATH key management tool .Sh SYNOPSIS .Nm -.Op Fl hvw +.Op Fl hrvw .Op Fl u Ar user .Op Fl k Ar keyfile .Ar command @@ -55,6 +55,8 @@ Print a usage message and exit. Specify the location of the keyfile on which to operate. The default is .Pa /var/oath/ Ns Ar user Ns Pa .otpauth . +.It Fl r +Disable writeback mode. .It Fl u Ar user Specify the user on which to operate. The default is the current user. @@ -63,6 +65,7 @@ Only root may operate on other users. Enable verbose mode. .It Fl w Enable writeback mode (see below). +This is the default. .El .Pp The commands are: diff --git a/bin/oathkey/oathkey.c b/bin/oathkey/oathkey.c index f915ac0..a413fc7 100644 --- a/bin/oathkey/oathkey.c +++ b/bin/oathkey/oathkey.c @@ -55,7 +55,7 @@ enum { RET_SUCCESS, RET_FAILURE, RET_ERROR, RET_USAGE, RET_UNAUTH }; static char *user; static char *keyfile; static int verbose; -static int writeback; +static int readonly; static int isroot; /* running as root */ static int issameuser; /* real user same as target user */ @@ -160,7 +160,7 @@ oathkey_genkey(int argc, char *argv[]) return (RET_UNAUTH); if ((key = oath_key_create(user, om_totp, oh_undef, NULL, 0)) == NULL) return (RET_ERROR); - ret = writeback ? oathkey_save(key) : oathkey_print_uri(key); + ret = readonly ? oathkey_print_uri(key) : oathkey_save(key); oath_key_free(key); return (ret); } @@ -261,9 +261,7 @@ oathkey_verify(int argc, char *argv[]) if (verbose) warnx("response: %lu %s", response, match ? "matched" : "did not match"); - ret = match ? RET_SUCCESS : RET_FAILURE; - if (match && writeback) - ret = oathkey_save(key); + ret = match ? readonly ? RET_SUCCESS : oathkey_save(key) : RET_FAILURE; oath_key_free(key); return (ret); } @@ -294,9 +292,7 @@ oathkey_calc(int argc, char *argv[]) ret = RET_ERROR; } else { printf("%.*d\n", (int)key->digits, current); - ret = RET_SUCCESS; - if (writeback) - ret = oathkey_save(key); + ret = readonly ? RET_SUCCESS : oathkey_save(key); } oath_key_free(key); return (ret); @@ -337,6 +333,9 @@ main(int argc, char *argv[]) case 'k': keyfile = optarg; break; + case 'r': + readonly = 1; + break; case 'u': user = optarg; break; @@ -344,7 +343,7 @@ main(int argc, char *argv[]) ++verbose; break; case 'w': - ++writeback; + readonly = 0; break; case 'h': default: