From 054bb5578c95f5762a739c09e9d31ac8a45f05cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Sun, 2 Oct 2022 15:51:45 +0200 Subject: [PATCH] wip --- .gitignore | 3 +- configure.ac | 2 +- include/cryb/otp.h | 4 ++- include/cryb/otp_constants.h | 46 ++++++++++++++++++++++++++++ include/cryb/otp_store.h | 59 ++++++++++++++++++++++++++++++++++++ include/cryb/otp_types.h | 57 ++++++++++++++++++++++++++++++++++ lib/otp/cryb_otp_config.c | 34 +++++++++++++++++++++ lib/otp/cryb_otp_configure.c | 34 +++++++++++++++++++++ lib/otp/cryb_otp_store.c | 37 ++++++++++++++++++++++ sbin/otpradiusd/radius.c | 28 +++++++++++++---- 10 files changed, 295 insertions(+), 9 deletions(-) create mode 100644 include/cryb/otp_constants.h create mode 100644 include/cryb/otp_store.h create mode 100644 include/cryb/otp_types.h create mode 100644 lib/otp/cryb_otp_config.c create mode 100644 lib/otp/cryb_otp_configure.c create mode 100644 lib/otp/cryb_otp_store.c diff --git a/.gitignore b/.gitignore index d6272d6..8f130f8 100644 --- a/.gitignore +++ b/.gitignore @@ -7,11 +7,11 @@ /config.sub /configure /depcomp -/test-driver /install-sh /libtool /ltmain.sh /missing +/test-driver *~ .deps .libs @@ -21,6 +21,7 @@ *.pc *.o *.trs +*.xz Makefile Makefile.in test.cov diff --git a/configure.ac b/configure.ac index 2b18962..783b6f4 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([cryb.otp], [0.20220916], [des@des.no], [cryb-otp], [http://cryb.to/]) +AC_INIT([cryb.otp], [0.20221002], [des@des.no], [cryb-otp], [http://cryb.to/]) AC_CONFIG_SRCDIR([include/cryb/otp.h]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE([foreign no-dist-gzip dist-xz]) diff --git a/include/cryb/otp.h b/include/cryb/otp.h index c01d35f..52ca54f 100644 --- a/include/cryb/otp.h +++ b/include/cryb/otp.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2017 Dag-Erling Smørgrav + * Copyright (c) 2017-2022 Dag-Erling Smørgrav * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,6 +34,8 @@ #include #endif +#include + CRYB_BEGIN const char *cryb_otp_version(void); diff --git a/include/cryb/otp_constants.h b/include/cryb/otp_constants.h new file mode 100644 index 0000000..2a4c8cd --- /dev/null +++ b/include/cryb/otp_constants.h @@ -0,0 +1,46 @@ +/*- + * Copyright (c) 2022 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef CRYB_OTP_CONSTANTS_H_INCLUDED +#define CRYB_OTP_CONSTANTS_H_INCLUDED + +#ifndef CRYB_TO +#include +#endif + +CRYB_BEGIN + +/* + * Maximum login length in characters, including terminating NUL. + */ +#define OTP_MAX_LOGINLEN 64 + +CRYB_END + +#endif diff --git a/include/cryb/otp_store.h b/include/cryb/otp_store.h new file mode 100644 index 0000000..3aae3d3 --- /dev/null +++ b/include/cryb/otp_store.h @@ -0,0 +1,59 @@ +/*- + * Copyright (c) 2022 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef CRYB_OTP_STORE_H_INCLUDED +#define CRYB_OTP_STORE_H_INCLUDED + +#ifndef CRYB_TO +#include +#endif + +CRYB_BEGIN + +#define otp_key cryb_otp_key +#define otp_store cryb_otp_store +#define otp_store_open cryb_otp_store_open +#define otp_store_close cryb_otp_store_close +#define otp_store_has cryb_otp_store_has +#define otp_store_lock cryb_otp_store_lock +#define otp_store_release cryb_otp_store_release +#define otp_store_commit cryb_otp_store_commit + +typedef struct otp_key otp_key; +typedef struct otp_store otp_store; + +otp_store *otp_store_open(const char *); +otp_key *otp_store_has(otp_store *, const char *); +otp_key *otp_store_lock(otp_store *, const char *); +otp_key *otp_store_release(otp_store *, const char *); +otp_key *otp_store_commit(otp_store *, const char *); + +CRYB_END + +#endif diff --git a/include/cryb/otp_types.h b/include/cryb/otp_types.h new file mode 100644 index 0000000..b2e0691 --- /dev/null +++ b/include/cryb/otp_types.h @@ -0,0 +1,57 @@ +/*- + * Copyright (c) 2022 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef CRYB_OTP_TYPES_H_INCLUDED +#define CRYB_OTP_TYPES_H_INCLUDED + +#ifndef CRYB_TO +#include +#endif + +CRYB_BEGIN + +#define otp_handle cryb_otp_handle +#define otp_id cryb_otp_id + +/* + * OTP handle: pointer to opaque structure used by the storage backend. + */ +typedef void *otp_handle; + +/* + * OTP identity + */ +typedef struct { + char login[OTP_MAX_LOGINLEN]; + otp_handle handle; +} otp_id; + +CRYB_END + +#endif diff --git a/lib/otp/cryb_otp_config.c b/lib/otp/cryb_otp_config.c new file mode 100644 index 0000000..5a97305 --- /dev/null +++ b/lib/otp/cryb_otp_config.c @@ -0,0 +1,34 @@ +/*- + * Copyright (c) 2022 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/impl.h" + +#include +#include + diff --git a/lib/otp/cryb_otp_configure.c b/lib/otp/cryb_otp_configure.c new file mode 100644 index 0000000..5a97305 --- /dev/null +++ b/lib/otp/cryb_otp_configure.c @@ -0,0 +1,34 @@ +/*- + * Copyright (c) 2022 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/impl.h" + +#include +#include + diff --git a/lib/otp/cryb_otp_store.c b/lib/otp/cryb_otp_store.c new file mode 100644 index 0000000..2158571 --- /dev/null +++ b/lib/otp/cryb_otp_store.c @@ -0,0 +1,37 @@ +/*- + * Copyright (c) 2022 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/impl.h" + +#include +#include + +#include +#include + diff --git a/sbin/otpradiusd/radius.c b/sbin/otpradiusd/radius.c index 2245c6c..78d15a9 100644 --- a/sbin/otpradiusd/radius.c +++ b/sbin/otpradiusd/radius.c @@ -1,5 +1,6 @@ /*- * Copyright (c) 2018 The University of Oslo + * Copyright (c) 2019-2022 Dag-Erling Smørgrav * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -44,6 +45,8 @@ #include "otpradiusd.h" +#define DEBUG_PRINTF 1 + static struct rad_msg_def { const char *name; } rad_msg_def[rmc_max] = { @@ -411,6 +414,16 @@ handle_access_request(rad_transaction *rx) fprintf(stderr, "\"\n"); #endif + /* + * TODO: + * + * Create concept of keystore in libcryb-otp + * Configure / open keystore at start of otpradiusd + * On receipt of request, request key from keystore + * Verify request + * Report outcome to keystore + * Report outcome to client + */ static int coin; if ((coin = !coin)) { /* accept */ @@ -447,6 +460,7 @@ int rad_handle(rad_transaction *rx) { rad_message *req, *rsp; + rad_msg_code rmc; int ret; req = &rx->request; @@ -460,18 +474,20 @@ rad_handle(rad_transaction *rx) warnx("invalid length: %zu", rx->reqlen); return (0); } - warnx("request 0x%02x (%s) ident 0x%02x", req->code, - rad_msg_name(req->code), req->identifier); + rmc = req->code; + if (rmc >= rmc_max || rad_attr_def[rmc].name == NULL) { + warnx("unknown message 0x%02x", req->code); + return (-1); + } + warnx("request 0x%02x (%s) ident 0x%02x", rmc, + rad_msg_name(rmc), req->identifier); memset(rsp, 0, sizeof *rsp); rsp->identifier = req->identifier; memcpy(rsp->authenticator, req->authenticator, 16); - switch ((rad_msg_code)req->code) { + switch (rmc) { case rmc_access_request: ret = handle_access_request(rx); break; - default: - warnx("unsupported RADIUS code %u", req->code); - return (0); } if (ret > 0) { rx->rsplen = ntohs(rsp->length);