wip

.gitignore

@@ -7,11 +7,11 @@
 /config.sub
 /configure
 /depcomp
-/test-driver
 /install-sh
 /libtool
 /ltmain.sh
 /missing
+/test-driver
 *~
 .deps
 .libs
@@ -21,6 +21,7 @@
 *.pc
 *.o
 *.trs
+*.xz
 Makefile
 Makefile.in
 test.cov

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.69])
-AC_INIT([cryb.otp], [0.20220916], [des@des.no], [cryb-otp], [http://cryb.to/])
+AC_INIT([cryb.otp], [0.20221002], [des@des.no], [cryb-otp], [http://cryb.to/])
 AC_CONFIG_SRCDIR([include/cryb/otp.h])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE([foreign no-dist-gzip dist-xz])

include/cryb/otp.h

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2017 Dag-Erling Smørgrav
+ * Copyright (c) 2017-2022 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -34,6 +34,8 @@
 #include <cryb/to.h>
 #endif
 
+#include <cryb/otp_store.h>
+
 CRYB_BEGIN
 
 const char *cryb_otp_version(void);

include/cryb/otp_constants.h

@@ -0,0 +1,46 @@
+/*-
+ * Copyright (c) 2022 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef CRYB_OTP_CONSTANTS_H_INCLUDED
+#define CRYB_OTP_CONSTANTS_H_INCLUDED
+
+#ifndef CRYB_TO
+#include <cryb/to.h>
+#endif
+
+CRYB_BEGIN
+
+/*
+ * Maximum login length in characters, including terminating NUL.
+ */
+#define OTP_MAX_LOGINLEN	64
+
+CRYB_END
+
+#endif

include/cryb/otp_store.h

@@ -0,0 +1,59 @@
+/*-
+ * Copyright (c) 2022 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef CRYB_OTP_STORE_H_INCLUDED
+#define CRYB_OTP_STORE_H_INCLUDED
+
+#ifndef CRYB_TO
+#include <cryb/to.h>
+#endif
+
+CRYB_BEGIN
+
+#define otp_key			cryb_otp_key
+#define otp_store		cryb_otp_store
+#define otp_store_open		cryb_otp_store_open
+#define otp_store_close		cryb_otp_store_close
+#define otp_store_has		cryb_otp_store_has
+#define otp_store_lock		cryb_otp_store_lock
+#define otp_store_release	cryb_otp_store_release
+#define otp_store_commit	cryb_otp_store_commit
+
+typedef struct otp_key otp_key;
+typedef struct otp_store otp_store;
+
+otp_store *otp_store_open(const char *);
+otp_key *otp_store_has(otp_store *, const char *);
+otp_key *otp_store_lock(otp_store *, const char *);
+otp_key *otp_store_release(otp_store *, const char *);
+otp_key *otp_store_commit(otp_store *, const char *);
+
+CRYB_END
+
+#endif

include/cryb/otp_types.h

@@ -0,0 +1,57 @@
+/*-
+ * Copyright (c) 2022 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef CRYB_OTP_TYPES_H_INCLUDED
+#define CRYB_OTP_TYPES_H_INCLUDED
+
+#ifndef CRYB_TO
+#include <cryb/to.h>
+#endif
+
+CRYB_BEGIN
+
+#define otp_handle	cryb_otp_handle
+#define otp_id		cryb_otp_id
+
+/*
+ * OTP handle: pointer to opaque structure used by the storage backend.
+ */
+typedef void *otp_handle;
+
+/*
+ * OTP identity
+ */
+typedef struct {
+	char		 login[OTP_MAX_LOGINLEN];
+	otp_handle	 handle;
+} otp_id;
+
+CRYB_END
+
+#endif

lib/otp/cryb_otp_config.c

@@ -0,0 +1,34 @@
+/*-
+ * Copyright (c) 2022 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "cryb/impl.h"
+
+#include <cryb/oath.h>
+#include <cryb/otp.h>
+

lib/otp/cryb_otp_configure.c

@@ -0,0 +1,34 @@
+/*-
+ * Copyright (c) 2022 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "cryb/impl.h"
+
+#include <cryb/oath.h>
+#include <cryb/otp.h>
+

lib/otp/cryb_otp_store.c

@@ -0,0 +1,37 @@
+/*-
+ * Copyright (c) 2022 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "cryb/impl.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <cryb/oath.h>
+#include <cryb/otp.h>
+

sbin/otpradiusd/radius.c

@@ -1,5 +1,6 @@
 /*-
  * Copyright (c) 2018 The University of Oslo
+ * Copyright (c) 2019-2022 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -44,6 +45,8 @@
 
 #include "otpradiusd.h"
 
+#define DEBUG_PRINTF 1
+
 static struct rad_msg_def {
 	const char		*name;
 } rad_msg_def[rmc_max] = {
@@ -411,6 +414,16 @@ handle_access_request(rad_transaction *rx)
 	fprintf(stderr, "\"\n");
 #endif
 
+	/*
+	 * TODO:
+	 *
+	 * Create concept of keystore in libcryb-otp
+	 * Configure / open keystore at start of otpradiusd
+	 * On receipt of request, request key from keystore
+	 * Verify request
+	 * Report outcome to keystore
+	 * Report outcome to client
+	 */
 	static int coin;
 	if ((coin = !coin)) {
 		/* accept */
@@ -447,6 +460,7 @@ int
 rad_handle(rad_transaction *rx)
 {
 	rad_message *req, *rsp;
+	rad_msg_code rmc;
 	int ret;
 
 	req = &rx->request;
@@ -460,18 +474,20 @@ rad_handle(rad_transaction *rx)
 		warnx("invalid length: %zu", rx->reqlen);
 		return (0);
 	}
-	warnx("request 0x%02x (%s) ident 0x%02x", req->code,
-	    rad_msg_name(req->code), req->identifier);
+	rmc = req->code;
+	if (rmc >= rmc_max || rad_attr_def[rmc].name == NULL) {
+		warnx("unknown message 0x%02x", req->code);
+		return (-1);
+	}
+	warnx("request 0x%02x (%s) ident 0x%02x", rmc,
+	    rad_msg_name(rmc), req->identifier);
 	memset(rsp, 0, sizeof *rsp);
 	rsp->identifier = req->identifier;
 	memcpy(rsp->authenticator, req->authenticator, 16);
-	switch ((rad_msg_code)req->code) {
+	switch (rmc) {
 	case rmc_access_request:
 		ret = handle_access_request(rx);
 		break;
-	default:
-		warnx("unsupported RADIUS code %u", req->code);
-		return (0);
 	}
 	if (ret > 0) {
 		rx->rsplen = ntohs(rsp->length);