This commit is contained in:
Dag-Erling Smørgrav 2017-03-05 01:02:49 +01:00
parent 2341654fcc
commit cb0cd62139
37 changed files with 1735 additions and 0 deletions

26
.gitignore vendored Normal file
View File

@ -0,0 +1,26 @@
/aclocal.m4
/autom4te.cache
/compile
/config.guess
/config.log
/config.status
/config.sub
/configure
/depcomp
/test-driver
/install-sh
/libtool
/ltmain.sh
/missing
/mkpkgng
*~
.deps
.libs
*.la
*.lo
*.log
*.o
*.trs
Makefile
Makefile.in
test.cov

11
.travis.yml Normal file
View File

@ -0,0 +1,11 @@
language: c
compiler:
- clang
- gcc
before_script:
- ./autogen.sh
- ./configure --enable-developer-warnings --enable-werror
script:
- make check

4
CREDITS Normal file
View File

@ -0,0 +1,4 @@
The Cryb OTP package includes code written by Dag-Erling Smørgrav for
the University of Oslo. The University of Oslo has graciously granted
the Cryb.to project permission to reuse this code under the 3-clause
New BSD License.

0
HISTORY Normal file
View File

0
INSTALL Normal file
View File

13
Makefile.am Normal file
View File

@ -0,0 +1,13 @@
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = include lib libexec pam bin sbin t
EXTRA_DIST = \
CREDITS \
HISTORY \
INSTALL \
LICENSE \
README \
RELNOTES \
autogen.sh \
m4/ax_gcc_builtin.m4

0
RELNOTES Normal file
View File

41
autogen.des Executable file
View File

@ -0,0 +1,41 @@
#!/bin/sh
has() {
which "$@" >/dev/null 2>&1
}
# BullseyeCoverage needs to know exactly which compiler we're using
if has "${CC}" "${CXX}" ; then
echo "using CC=${CC}"
elif has clang clang++ ; then
echo "using Clang"
export CC="${CC:-clang}"
export CXX="${CXX:-clang++}"
elif has gcc g++ ; then
echo "using GCC"
export CC="${CC:-gcc}"
export CXX="${CXX:-g++}"
else
echo "WARNING: using default compiler," \
"coverage analysis may not work"
fi
export CPP="${CPP:-${CC} -E}"
set -e
if has cov01 ; then
cov01 -qu
cov01 -q0
fi
. ./autogen.sh
./configure \
--enable-all \
--enable-developer-warnings \
--enable-werror \
"$@"
if has cov01 ; then
cov01 -qo
fi

7
autogen.sh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
libtoolize --copy --force
aclocal -I m4
autoheader
automake -a -c --foreign
autoconf

5
bin/Makefile.am Normal file
View File

@ -0,0 +1,5 @@
SUBDIRS =
if OTP_UTIL
SUBDIRS += otpkey
endif OTP_UTIL

11
bin/otpkey/Makefile.am Normal file
View File

@ -0,0 +1,11 @@
AM_CPPFLAGS = -I$(top_srcdir)/include
bin_PROGRAMS = otpkey
otpkey_SOURCES = otpkey.c
dist_man1_MANS = otpkey.1
if WITH_SETUID
install-exec-hook:
chmod u+s $(DESTDIR)$(bindir)/otpkey$(EXEEXT)
endif WITH_SETUID

45
bin/otpkey/otpkey.1 Normal file
View File

@ -0,0 +1,45 @@
.\"-
.\" Copyright (c) 2017 Dag-Erling Smørgrav
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd March 3, 2017
.Dt OTPKEY 1
.Os
.Sh NAME
.Nm otpkey
.Nd One-time password key management utility
.Sh SYNOPSIS
.Cm Nm
.Sh DESCRIPTION
TBW
.Sh SEE ALSO
.Xr otpverify 8
.Sh AUTHORS
The
.Nm
utility and this manual page were written by
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

64
bin/otpkey/otpkey.c Normal file
View File

@ -0,0 +1,64 @@
/*-
* Copyright (c) 2017 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "cryb/otp-impl.h"
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <cryb/otp.h>
static void
usage(void)
{
fprintf(stderr, "usage: otpkey\n");
exit(1);
}
int
main(int argc, char *argv[])
{
int opt;
while ((opt = getopt(argc, argv, "")) != -1)
switch (opt) {
default:
usage();
}
argc -= optind;
argv += optind;
if (argc > 0)
usage();
exit(0);
}

270
configure.ac Normal file
View File

@ -0,0 +1,270 @@
AC_PREREQ([2.63])
AC_INIT([cryb.otp], [devel], [des@des.no], [cryb-otp], [http://cryb.to/])
AC_CONFIG_SRCDIR([include/cryb/otp.h])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE([foreign no-dist-gzip dist-xz])
AM_CONFIG_HEADER([include/config.h])
############################################################################
#
# Toolchain
#
# C compiler and features
AC_LANG(C)
AC_PROG_CC([clang gcc cc])
AC_PROG_CC_STDC
AC_PROG_CPP
AC_PROG_CXX([clang++ g++ c++])
AC_GNU_SOURCE
AC_C_CONST
AC_C_RESTRICT
AC_C_VOLATILE
AC_C_BIGENDIAN
AC_TYPE_INT16_T
AC_TYPE_INT32_T
AC_TYPE_INT8_T
AC_TYPE_INTMAX_T
AC_TYPE_INTPTR_T
AC_TYPE_OFF_T
AC_TYPE_SIZE_T
AC_TYPE_SSIZE_T
AC_TYPE_UINT16_T
AC_TYPE_UINT32_T
AC_TYPE_UINT8_T
AC_TYPE_UINTMAX_T
AC_TYPE_UINTPTR_T
# libtool
LT_PREREQ([2.2.6])
LT_INIT()
# other programs
AC_PROG_INSTALL
############################################################################
#
# Headers and functions
#
AC_CHECK_HEADERS([endian.h sys/endian.h])
AX_GCC_BUILTIN([__builtin_bswap16])
AX_GCC_BUILTIN([__builtin_bswap32])
AX_GCC_BUILTIN([__builtin_bswap64])
AC_CHECK_DECLS([
bswap16, bswap32, bswap64,
be16enc, be16dec, le16enc, le16dec,
be32enc, be32dec, le32enc, le32dec,
be64enc, be64dec, le64enc, le64dec,
htobe16, be16toh, htole16, le16toh,
htobe32, be32toh, htole32, le32toh,
htobe64, be64toh, htole64, le64toh,
nothing
], [], [], [[
#if HAVE_SYS_ENDIAN_H
#include <sys/endian.h>
#endif
#if HAVE_ENDIAN_H
#include <endian.h>
#endif
]])
AC_CHECK_FUNCS([strlcat strlcmp strlcpy])
AC_CHECK_FUNCS([wcslcat wcslcmp wcslcpy])
############################################################################
#
# Extra libraries
#
# cryb-core
save_LIBS="${LIBS}"
LIBS=""
AC_SEARCH_LIBS([cryb_core_version], [cryb-core], [
CRYB_CORE_LIBS="${LIBS}"
], [
AC_MSG_ERROR([cryb-core library not found])
])
LIBS="${save_LIBS}"
AC_SUBST(CRYB_CORE_LIBS)
# cryb-oath
save_LIBS="${LIBS}"
LIBS=""
AC_SEARCH_LIBS([cryb_oath_version], [cryb-oath], [
CRYB_OATH_LIBS="${LIBS}"
], [
AC_MSG_ERROR([cryb-oath library not found])
])
LIBS="${save_LIBS}"
AC_SUBST(CRYB_OATH_LIBS)
# cryb-test
save_LIBS="${LIBS}"
LIBS=""
AC_SEARCH_LIBS([cryb_test_version], [cryb-test], [
CRYB_TEST_LIBS="${LIBS}"
], [
CRYB_TEST_LIBS=""
AC_MSG_WARN([cryb-test library not found, unit tests disabled])
])
LIBS="${save_LIBS}"
AC_SUBST(CRYB_TEST_LIBS)
AM_CONDITIONAL([WITH_CRYB_TEST], [ test x"$CRYB_TEST_LIBS" != x"" ])
# libpam
save_LIBS="${LIBS}"
LIBS=""
AC_SEARCH_LIBS([pam_start], [pam], [
PAM_LIBS="${LIBS}"
], [
PAM_LIBS=""
])
LIBS="${save_LIBS}"
AC_SUBST(PAM_LIBS)
############################################################################
#
# Build options
#
# Documentation
AC_ARG_ENABLE([doc],
AC_HELP_STRING([--disable-doc],
[do not build the documentation]),
[with_doc=$enableval])
AM_CONDITIONAL([WITH_DOC], [test x"$with_doc" != x"no"])
# Make utilities setuid
AC_ARG_ENABLE([setuid],
AC_HELP_STRING([--disable-setuid],
[do not set the setuid bit on command-line utilities]),
[enable_setuid=$enableval],
[enable_setuid=yes])
AM_CONDITIONAL([WITH_SETUID], [test x"$enable_setuid" = x"yes"])
############################################################################
#
# Debugging
#
# Developer-friendly compiler flags
AC_ARG_ENABLE([developer-warnings],
AS_HELP_STRING([--enable-developer-warnings],
[enable strict warnings (default is NO)]),
[CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual -Wshadow -Wno-unused-result"])
AC_ARG_ENABLE([debugging-symbols],
AS_HELP_STRING([--enable-debugging-symbols],
[enable debugging symbols (default is NO)]),
[CFLAGS="${CFLAGS} -O0 -g -fno-inline"])
AC_ARG_ENABLE([werror],
AS_HELP_STRING([--enable-werror],
[use -Werror (default is NO)]),
[CFLAGS="${CFLAGS} -Werror"])
############################################################################
#
# Components
#
# Everything
AC_ARG_ENABLE([all],
AC_HELP_STRING([--disable-all],
[disable all libraries and tools]),
[enable_all=$enableval],
[enable_all=yes])
# Library
elements="$elements lib"
AC_ARG_ENABLE([otp-lib],
AC_HELP_STRING([--enable-otp-lib],
[build the OTP library]),
[enable_otp_lib=$enableval],
[enable_otp_lib=$enable_all])
AM_CONDITIONAL([OTP_LIB], [test x"$enable_otp_lib" = x"yes"])
# BSD Auth module
elements="$elements bsdauth"
requires="$requires bsdauth:lib"
AC_ARG_ENABLE([otp-bsdauth],
AC_HELP_STRING([--enable-otp-bsdauth],
[build the BSD Auth module]),
[enable_otp_bsdauth=$enableval],
[enable_otp_bsdauth=$enable_all])
AM_CONDITIONAL([OTP_BSDAUTH], [test x"$enable_otp_bsdauth" = x"yes"])
# PAM module
elements="$elements pam"
requires="$requires pam:lib"
AC_ARG_ENABLE([otp-pam],
AC_HELP_STRING([--enable-otp-pam],
[build the PAM module]),
[enable_otp_pam=$enableval],
[enable_otp_pam=$enable_all])
AM_CONDITIONAL([OTP_PAM], [test x"$enable_otp_pam" = x"yes"])
# RADIUS server
elements="$elements radius"
requires="$requires radius:lib"
AC_ARG_ENABLE([otp-radius],
AC_HELP_STRING([--enable-otp-radius],
[build the RADIUS server]),
[enable_otp_radius=$enableval],
[enable_otp_radius=$enable_all])
AM_CONDITIONAL([OTP_RADIUS], [test x"$enable_otp_radius" = x"yes"])
# Command-line utilities
elements="$elements util"
requires="$requires util:lib"
AC_ARG_ENABLE([otp-util],
AC_HELP_STRING([--enable-otp-util],
[build the command-line utilities]),
[enable_otp_util=$enableval],
[enable_otp_util=$enable_all])
AM_CONDITIONAL([OTP_UTIL], [test x"$enable_otp_util" = x"yes"])
# Check dependencies
AC_MSG_CHECKING([dependencies])
for req in $requires ; do
lhs=${req%:*}
lhs_ena=`eval echo \\\$enable_otp_$lhs`
if test x"$lhs_ena" = x"yes" ; then
rhs=${req#*:}
rhs_ena=`eval echo \\\$enable_otp_$rhs`
if test x"$rhs_ena" != x"yes" ; then
AC_MSG_ERROR([otp-$lhs requires otp-$rhs])
fi
fi
done
AC_MSG_RESULT([ok])
############################################################################
#
# Output
#
AC_CONFIG_FILES([
Makefile
include/Makefile
include/cryb/Makefile
lib/Makefile
lib/otp/Makefile
pam/Makefile
pam/pam_otp/Makefile
libexec/Makefile
libexec/login_otp/Makefile
bin/Makefile
bin/otpkey/Makefile
sbin/Makefile
sbin/otpradiusd/Makefile
t/Makefile
])
AC_OUTPUT
echo
echo The following Cryb OTP components will be built:
echo
for elem in $elements ; do
enable=`eval echo \\\$enable_otp_$elem`
printf "%16s: %s\n" $elem ${enable:-no}
done
echo

1
include/Makefile.am Normal file
View File

@ -0,0 +1 @@
SUBDIRS = cryb

352
include/config.h Normal file
View File

@ -0,0 +1,352 @@
/* include/config.h. Generated from config.h.in by configure. */
/* include/config.h.in. Generated from configure.ac by autoheader. */
/* Define if building universal (internal helper macro) */
/* #undef AC_APPLE_UNIVERSAL_BUILD */
/* Define to 1 if you have the declaration of `be16dec', and to 0 if you
don't. */
#define HAVE_DECL_BE16DEC 1
/* Define to 1 if you have the declaration of `be16enc', and to 0 if you
don't. */
#define HAVE_DECL_BE16ENC 1
/* Define to 1 if you have the declaration of `be16toh', and to 0 if you
don't. */
#define HAVE_DECL_BE16TOH 1
/* Define to 1 if you have the declaration of `be32dec', and to 0 if you
don't. */
#define HAVE_DECL_BE32DEC 1
/* Define to 1 if you have the declaration of `be32enc', and to 0 if you
don't. */
#define HAVE_DECL_BE32ENC 1
/* Define to 1 if you have the declaration of `be32toh', and to 0 if you
don't. */
#define HAVE_DECL_BE32TOH 1
/* Define to 1 if you have the declaration of `be64dec', and to 0 if you
don't. */
#define HAVE_DECL_BE64DEC 1
/* Define to 1 if you have the declaration of `be64enc', and to 0 if you
don't. */
#define HAVE_DECL_BE64ENC 1
/* Define to 1 if you have the declaration of `be64toh', and to 0 if you
don't. */
#define HAVE_DECL_BE64TOH 1
/* Define to 1 if you have the declaration of `bswap16', and to 0 if you
don't. */
#define HAVE_DECL_BSWAP16 1
/* Define to 1 if you have the declaration of `bswap32', and to 0 if you
don't. */
#define HAVE_DECL_BSWAP32 1
/* Define to 1 if you have the declaration of `bswap64', and to 0 if you
don't. */
#define HAVE_DECL_BSWAP64 1
/* Define to 1 if you have the declaration of `htobe16', and to 0 if you
don't. */
#define HAVE_DECL_HTOBE16 1
/* Define to 1 if you have the declaration of `htobe32', and to 0 if you
don't. */
#define HAVE_DECL_HTOBE32 1
/* Define to 1 if you have the declaration of `htobe64', and to 0 if you
don't. */
#define HAVE_DECL_HTOBE64 1
/* Define to 1 if you have the declaration of `htole16', and to 0 if you
don't. */
#define HAVE_DECL_HTOLE16 1
/* Define to 1 if you have the declaration of `htole32', and to 0 if you
don't. */
#define HAVE_DECL_HTOLE32 1
/* Define to 1 if you have the declaration of `htole64', and to 0 if you
don't. */
#define HAVE_DECL_HTOLE64 1
/* Define to 1 if you have the declaration of `le16dec', and to 0 if you
don't. */
#define HAVE_DECL_LE16DEC 1
/* Define to 1 if you have the declaration of `le16enc', and to 0 if you
don't. */
#define HAVE_DECL_LE16ENC 1
/* Define to 1 if you have the declaration of `le16toh', and to 0 if you
don't. */
#define HAVE_DECL_LE16TOH 1
/* Define to 1 if you have the declaration of `le32dec', and to 0 if you
don't. */
#define HAVE_DECL_LE32DEC 1
/* Define to 1 if you have the declaration of `le32enc', and to 0 if you
don't. */
#define HAVE_DECL_LE32ENC 1
/* Define to 1 if you have the declaration of `le32toh', and to 0 if you
don't. */
#define HAVE_DECL_LE32TOH 1
/* Define to 1 if you have the declaration of `le64dec', and to 0 if you
don't. */
#define HAVE_DECL_LE64DEC 1
/* Define to 1 if you have the declaration of `le64enc', and to 0 if you
don't. */
#define HAVE_DECL_LE64ENC 1
/* Define to 1 if you have the declaration of `le64toh', and to 0 if you
don't. */
#define HAVE_DECL_LE64TOH 1
/* Define to 1 if you have the declaration of `nothing ', and to 0 if you
don't. */
#define HAVE_DECL_NOTHING_ 0
/* Define to 1 if you have the <dlfcn.h> header file. */
#define HAVE_DLFCN_H 1
/* Define to 1 if you have the <endian.h> header file. */
/* #undef HAVE_ENDIAN_H */
/* Define to 1 if the system has the type `intmax_t'. */
#define HAVE_INTMAX_T 1
/* Define to 1 if the system has the type `intptr_t'. */
#define HAVE_INTPTR_T 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
/* Define to 1 if the system has the type `long long int'. */
#define HAVE_LONG_LONG_INT 1
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the `strlcat' function. */
#define HAVE_STRLCAT 1
/* Define to 1 if you have the `strlcmp' function. */
/* #undef HAVE_STRLCMP */
/* Define to 1 if you have the `strlcpy' function. */
#define HAVE_STRLCPY 1
/* Define to 1 if you have the <sys/endian.h> header file. */
#define HAVE_SYS_ENDIAN_H 1
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if the system has the type `uintmax_t'. */
#define HAVE_UINTMAX_T 1
/* Define to 1 if the system has the type `uintptr_t'. */
#define HAVE_UINTPTR_T 1
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
/* Define to 1 if the system has the type `unsigned long long int'. */
#define HAVE_UNSIGNED_LONG_LONG_INT 1
/* Define to 1 if you have the `wcslcat' function. */
#define HAVE_WCSLCAT 1
/* Define to 1 if you have the `wcslcmp' function. */
/* #undef HAVE_WCSLCMP */
/* Define to 1 if you have the `wcslcpy' function. */
#define HAVE_WCSLCPY 1
/* Define to 1 if the system has the `__builtin_bswap16' built-in function */
#define HAVE___BUILTIN_BSWAP16 1
/* Define to 1 if the system has the `__builtin_bswap32' built-in function */
#define HAVE___BUILTIN_BSWAP32 1
/* Define to 1 if the system has the `__builtin_bswap64' built-in function */
#define HAVE___BUILTIN_BSWAP64 1
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#define LT_OBJDIR ".libs/"
/* Name of package */
#define PACKAGE "cryb-otp"
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT "des@des.no"
/* Define to the full name of this package. */
#define PACKAGE_NAME "cryb.otp"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "cryb.otp devel"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "cryb-otp"
/* Define to the home page for this package. */
#define PACKAGE_URL "http://cryb.to/"
/* Define to the version of this package. */
#define PACKAGE_VERSION "devel"
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# define _ALL_SOURCE 1
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# define _GNU_SOURCE 1
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# define _POSIX_PTHREAD_SEMANTICS 1
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# define _TANDEM_SOURCE 1
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# define __EXTENSIONS__ 1
#endif
/* Version number of package */
#define VERSION "devel"
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD
# if defined __BIG_ENDIAN__
# define WORDS_BIGENDIAN 1
# endif
#else
# ifndef WORDS_BIGENDIAN
/* # undef WORDS_BIGENDIAN */
# endif
#endif
/* Define to 1 if on MINIX. */
/* #undef _MINIX */
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
/* #undef _POSIX_1_SOURCE */
/* Define to 1 if you need to in order for `stat' and other things to work. */
/* #undef _POSIX_SOURCE */
/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
#define below would cause a syntax error. */
/* #undef _UINT32_T */
/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
#define below would cause a syntax error. */
/* #undef _UINT8_T */
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
/* Define to the type of a signed integer type of width exactly 16 bits if
such a type exists and the standard includes do not define it. */
/* #undef int16_t */
/* Define to the type of a signed integer type of width exactly 32 bits if
such a type exists and the standard includes do not define it. */
/* #undef int32_t */
/* Define to the type of a signed integer type of width exactly 8 bits if such
a type exists and the standard includes do not define it. */
/* #undef int8_t */
/* Define to the widest signed integer type if <stdint.h> and <inttypes.h> do
not define. */
/* #undef intmax_t */
/* Define to the type of a signed integer type wide enough to hold a pointer,
if such a type exists, and if the system does not define it. */
/* #undef intptr_t */
/* Define to `long int' if <sys/types.h> does not define. */
/* #undef off_t */
/* Define to the equivalent of the C99 'restrict' keyword, or to
nothing if this is not supported. Do not define if restrict is
supported directly. */
#define restrict __restrict
/* Work around a bug in Sun C++: it does not support _Restrict or
__restrict__, even though the corresponding Sun C compiler ends up with
"#define restrict _Restrict" or "#define restrict __restrict__" in the
previous line. Perhaps some future version of Sun C++ will work with
restrict; if so, hopefully it defines __RESTRICT like Sun C does. */
#if defined __SUNPRO_CC && !defined __RESTRICT
# define _Restrict
# define __restrict__
#endif
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef size_t */
/* Define to `int' if <sys/types.h> does not define. */
/* #undef ssize_t */
/* Define to the type of an unsigned integer type of width exactly 16 bits if
such a type exists and the standard includes do not define it. */
/* #undef uint16_t */
/* Define to the type of an unsigned integer type of width exactly 32 bits if
such a type exists and the standard includes do not define it. */
/* #undef uint32_t */
/* Define to the type of an unsigned integer type of width exactly 8 bits if
such a type exists and the standard includes do not define it. */
/* #undef uint8_t */
/* Define to the widest unsigned integer type if <stdint.h> and <inttypes.h>
do not define. */
/* #undef uintmax_t */
/* Define to the type of an unsigned integer type wide enough to hold a
pointer, if such a type exists, and if the system does not define it. */
/* #undef uintptr_t */
/* Define to empty if the keyword `volatile' does not work. Warning: valid
code using `volatile' can become incorrect without. Disable with care. */
/* #undef volatile */

10
include/cryb/Makefile.am Normal file
View File

@ -0,0 +1,10 @@
crybdir = $(includedir)/cryb
cryb_HEADERS =
if OTP_LIB
cryb_HEADERS += otp.h
endif OTP_LIB
noinst_HEADERS = \
otp-impl.h

43
include/cryb/otp-impl.h Normal file
View File

@ -0,0 +1,43 @@
/*-
* Copyright (c) 2017 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef CRYB_OTP_IMPL_H_INCLUDED
#define CRYB_OTP_IMPL_H_INCLUDED
#if HAVE_CONFIG_H
#include "config.h"
#endif
#ifndef CRYB_TO
#include <cryb/to.h>
#endif
#include <cryb/coverage.h>
#endif

43
include/cryb/otp.h Normal file
View File

@ -0,0 +1,43 @@
/*-
* Copyright (c) 2017 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef CRYB_OTP_H_INCLUDED
#define CRYB_OTP_H_INCLUDED
#ifndef CRYB_TO
#include <cryb/to.h>
#endif
CRYB_BEGIN
const char *cryb_otp_version(void);
CRYB_END
#endif

5
lib/Makefile.am Normal file
View File

@ -0,0 +1,5 @@
SUBDIRS =
if OTP_LIB
SUBDIRS += otp
endif OTP_LIB

11
lib/otp/Makefile.am Normal file
View File

@ -0,0 +1,11 @@
AM_CPPFLAGS = -I$(top_srcdir)/include
lib_LTLIBRARIES = libcryb-otp.la
libcryb_otp_la_SOURCES = \
\
cryb_otp.c
libcryb_otp_la_LIBADD = \
$(CRYB_CORE_LIBS) \
$(CRYB_OATH_LIBS)

44
lib/otp/cryb_otp.c Normal file
View File

@ -0,0 +1,44 @@
/*-
* Copyright (c) 2017 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "cryb/otp-impl.h"
#include <stdint.h>
#include <unistd.h>
#include <cryb/otp.h>
static const char *cryb_otp_version_string = PACKAGE_VERSION;
const char *
cryb_otp_version(void)
{
return (cryb_otp_version_string);
}

5
libexec/Makefile.am Normal file
View File

@ -0,0 +1,5 @@
SUBDIRS =
if OTP_BSDAUTH
SUBDIRS += login_otp
endif

View File

@ -0,0 +1,10 @@
AM_CPPFLAGS = -I$(top_srcdir)/include
libotp = $(top_builddir)/lib/otp/libcryb-otp.la
libexec_PROGRAMS = login_otp
login_otp_SOURCES = login_otp.c
login_otp_LDADD = $(libotp)
dist_man8_MANS = login_otp.8

View File

@ -0,0 +1,51 @@
.\"-
.\" Copyright (c) 2017 Dag-Erling Smørgrav
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd March 3, 2017
.Dt LOGIN_OTP 8
.Os
.Sh NAME
.Nm login_otp
.Nd BSD Authentication module for one-time passwords
.Sh SYNOPSIS
.Cm Nm
.Op Fl d
.Op Fl s Ar service
.Op Fl v Ar key Ns = Ns Ar value ...
.Op Ar class
.Ar user
.Sh DESCRIPTION
TBW
.Sh SEE ALSO
.Xr otpkey 1 ,
.Xr otpverify 8
.Sh AUTHORS
The
.Nm
module and this manual page were written by
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

View File

@ -0,0 +1,77 @@
/*-
* Copyright (c) 2017 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "cryb/otp-impl.h"
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <cryb/otp.h>
static void
usage(void)
{
fprintf(stderr, "usage: "
"login_otp [-d] [-s service] [-o key=value ...] [class] user\n");
exit(1);
}
int
main(int argc, char *argv[])
{
int opt;
while ((opt = getopt(argc, argv, "ds:v:")) != -1)
switch (opt) {
case 'd':
break;
case 's':
break;
case 'v':
break;
default:
usage();
}
argc -= optind;
argv += optind;
switch (argc) {
case 2:
/* fall through */
case 1:
break;
default:
usage();
}
exit(0);
}

170
m4/ax_gcc_builtin.m4 Normal file
View File

@ -0,0 +1,170 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_gcc_builtin.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_GCC_BUILTIN(BUILTIN)
#
# DESCRIPTION
#
# This macro checks if the compiler supports one of GCC's built-in
# functions; many other compilers also provide those same built-ins.
#
# The BUILTIN parameter is the name of the built-in function.
#
# If BUILTIN is supported define HAVE_<BUILTIN>. Keep in mind that since
# builtins usually start with two underscores they will be copied over
# into the HAVE_<BUILTIN> definition (e.g. HAVE___BUILTIN_EXPECT for
# __builtin_expect()).
#
# The macro caches its result in the ax_cv_have_<BUILTIN> variable (e.g.
# ax_cv_have___builtin_expect).
#
# The macro currently supports the following built-in functions:
#
# __builtin_assume_aligned
# __builtin_bswap16
# __builtin_bswap32
# __builtin_bswap64
# __builtin_choose_expr
# __builtin___clear_cache
# __builtin_clrsb
# __builtin_clrsbl
# __builtin_clrsbll
# __builtin_clz
# __builtin_clzl
# __builtin_clzll
# __builtin_complex
# __builtin_constant_p
# __builtin_ctz
# __builtin_ctzl
# __builtin_ctzll
# __builtin_expect
# __builtin_ffs
# __builtin_ffsl
# __builtin_ffsll
# __builtin_fpclassify
# __builtin_huge_val
# __builtin_huge_valf
# __builtin_huge_vall
# __builtin_inf
# __builtin_infd128
# __builtin_infd32
# __builtin_infd64
# __builtin_inff
# __builtin_infl
# __builtin_isinf_sign
# __builtin_nan
# __builtin_nand128
# __builtin_nand32
# __builtin_nand64
# __builtin_nanf
# __builtin_nanl
# __builtin_nans
# __builtin_nansf
# __builtin_nansl
# __builtin_object_size
# __builtin_parity
# __builtin_parityl
# __builtin_parityll
# __builtin_popcount
# __builtin_popcountl
# __builtin_popcountll
# __builtin_powi
# __builtin_powif
# __builtin_powil
# __builtin_prefetch
# __builtin_trap
# __builtin_types_compatible_p
# __builtin_unreachable
#
# Unsuppored built-ins will be tested with an empty parameter set and the
# result of the check might be wrong or meaningless so use with care.
#
# LICENSE
#
# Copyright (c) 2013 Gabriele Svelto <gabriele.svelto@gmail.com>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 3
AC_DEFUN([AX_GCC_BUILTIN], [
AS_VAR_PUSHDEF([ac_var], [ax_cv_have_$1])
AC_CACHE_CHECK([for $1], [ac_var], [
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [
m4_case([$1],
[__builtin_assume_aligned], [$1("", 0)],
[__builtin_bswap16], [$1(0)],
[__builtin_bswap32], [$1(0)],
[__builtin_bswap64], [$1(0)],
[__builtin_choose_expr], [$1(0, 0, 0)],
[__builtin___clear_cache], [$1("", "")],
[__builtin_clrsb], [$1(0)],
[__builtin_clrsbl], [$1(0)],
[__builtin_clrsbll], [$1(0)],
[__builtin_clz], [$1(0)],
[__builtin_clzl], [$1(0)],
[__builtin_clzll], [$1(0)],
[__builtin_complex], [$1(0.0, 0.0)],
[__builtin_constant_p], [$1(0)],
[__builtin_ctz], [$1(0)],
[__builtin_ctzl], [$1(0)],
[__builtin_ctzll], [$1(0)],
[__builtin_expect], [$1(0, 0)],
[__builtin_ffs], [$1(0)],
[__builtin_ffsl], [$1(0)],
[__builtin_ffsll], [$1(0)],
[__builtin_fpclassify], [$1(0, 1, 2, 3, 4, 0.0)],
[__builtin_huge_val], [$1()],
[__builtin_huge_valf], [$1()],
[__builtin_huge_vall], [$1()],
[__builtin_inf], [$1()],
[__builtin_infd128], [$1()],
[__builtin_infd32], [$1()],
[__builtin_infd64], [$1()],
[__builtin_inff], [$1()],
[__builtin_infl], [$1()],
[__builtin_isinf_sign], [$1(0.0)],
[__builtin_nan], [$1("")],
[__builtin_nand128], [$1("")],
[__builtin_nand32], [$1("")],
[__builtin_nand64], [$1("")],
[__builtin_nanf], [$1("")],
[__builtin_nanl], [$1("")],
[__builtin_nans], [$1("")],
[__builtin_nansf], [$1("")],
[__builtin_nansl], [$1("")],
[__builtin_object_size], [$1("", 0)],
[__builtin_parity], [$1(0)],
[__builtin_parityl], [$1(0)],
[__builtin_parityll], [$1(0)],
[__builtin_popcount], [$1(0)],
[__builtin_popcountl], [$1(0)],
[__builtin_popcountll], [$1(0)],
[__builtin_powi], [$1(0, 0)],
[__builtin_powif], [$1(0, 0)],
[__builtin_powil], [$1(0, 0)],
[__builtin_prefetch], [$1("")],
[__builtin_trap], [$1()],
[__builtin_types_compatible_p], [$1(int, int)],
[__builtin_unreachable], [$1()],
[m4_warn([syntax], [Unsupported built-in $1, the test may fail])
$1()]
)
])],
[AS_VAR_SET([ac_var], [yes])],
[AS_VAR_SET([ac_var], [no])])
])
AS_IF([test yes = AS_VAR_GET([ac_var])],
[AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_$1), 1,
[Define to 1 if the system has the `$1' built-in function])], [])
AS_VAR_POPDEF([ac_var])
])

5
pam/Makefile.am Normal file
View File

@ -0,0 +1,5 @@
SUBDIRS =
if OTP_PAM
SUBDIRS += pam_otp
endif OTP_PAM

14
pam/pam_otp/Makefile.am Normal file
View File

@ -0,0 +1,14 @@
AM_CPPFLAGS = -I$(top_srcdir)/include
libotp = $(top_builddir)/lib/otp/libcryb-otp.la
moduledir = $(libdir)
module_LTLIBRARIES = pam_otp.la
pam_otp_la_SOURCES = pam_otp.c
pam_otp_la_LIBADD = \
$(libotp) \
$(PAM_LIBS)
pam_otp_la_LDFLAGS = -no-undefined -module -export-symbols-regex '^pam_sm_'
dist_man8_MANS = pam_otp.8

85
pam/pam_otp/pam_otp.8 Normal file
View File

@ -0,0 +1,85 @@
.\"-
.\" Copyright (c) 2012-2016 The University of Oslo
.\" Copyright (c) 2017 Dag-Erling Smørgrav
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd January 11, 2016
.Dt PAM_OTP 8
.Os
.Sh NAME
.Nm pam_otp
.Nd One-time password service module
.Sh SYNOPSIS
.Op Ar service
.Ar module-type
.Ar control-flag
.Cm Nm
.Op Ar arguments
.Sh DESCRIPTION
The
.Nm
service module implements counter-based and time-based one-time
passwords.
.Pp
The
.Nm
service module recognizes the following options:
.Bl -tag -width ".Cm echo_pass"
.It Cm nokey = Ar fail | fake | ignore
Specifies how the module should behave when no key is available for
the user: either fail immediately, prompt for a code but fail anyway,
or let authentication proceed by other means.
\" .It Cm nouser = Ar fail | fake | ignore
\" Specifies how the module should behave when the user does not exist.
\" See
\" .Bm nokey
\" above.
\" .It Cm badkey = Ar fail | fake | ignore
\" Specifies how the module should behave when the user exists and has a
\" key, but the key could not be loaded (e.g. due to a syntax error in
\" the keyfile).
\" See
\" .Bm nokey
\" above.
.El
.Pp
The
.Nm
service module uses
.Xr pam_get_authtok 3
to prompt the user, and will therefore also be affected by the
standard options
.Sh SEE ALSO
.Xr oathkey 1 ,
.Xr pam.conf 5 ,
.Xr pam 8
.Sh AUTHORS
The
.Nm
module and this manual page were developed by
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no
for the University of Oslo.

65
pam/pam_otp/pam_otp.c Normal file
View File

@ -0,0 +1,65 @@
/*-
* Copyright (c) 2017 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "cryb/otp-impl.h"
#define PAM_SM_AUTH
#include <security/pam_modules.h>
#include <security/pam_appl.h>
#include <cryb/otp.h>
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
/* unused */
(void)pamh;
(void)flags;
(void)argc;
(void)argv;
return (PAM_AUTH_ERR);
}
PAM_EXTERN int
pam_sm_setcred(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
/* unused */
(void)pamh;
(void)flags;
(void)argc;
(void)argv;
return (PAM_SUCCESS);
}
PAM_MODULE_ENTRY("pam_otp");

5
sbin/Makefile.am Normal file
View File

@ -0,0 +1,5 @@
SUBDIRS =
if OTP_RADIUS
SUBDIRS += otpradiusd
endif OTP_RADIUS

View File

@ -0,0 +1,6 @@
AM_CPPFLAGS = -I$(top_srcdir)/include
sbin_PROGRAMS = otpradiusd
otpradiusd_SOURCES = otpradiusd.c
dist_man8_MANS = otpradiusd.8

View File

@ -0,0 +1,46 @@
.\"-
.\" Copyright (c) 2017 Dag-Erling Smørgrav
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd March 3, 2017
.Dt OTPRADIUSD 8
.Os
.Sh NAME
.Nm otpkey
.Nd One-time password RADIUS server
.Sh SYNOPSIS
.Cm Nm
.Sh DESCRIPTION
TBW
.Sh SEE ALSO
.Xr otpkey 1 ,
.Xr otpverify 8
.Sh AUTHORS
The
.Nm
utility and this manual page were written by
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

View File

@ -0,0 +1,64 @@
/*-
* Copyright (c) 2017 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "cryb/otp-impl.h"
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <cryb/otp.h>
static void
usage(void)
{
fprintf(stderr, "usage: otpradiusd\n");
exit(1);
}
int
main(int argc, char *argv[])
{
int opt;
while ((opt = getopt(argc, argv, "")) != -1)
switch (opt) {
default:
usage();
}
argc -= optind;
argv += optind;
if (argc > 0)
usage();
exit(0);
}

28
t/Makefile.am Normal file
View File

@ -0,0 +1,28 @@
AM_CPPFLAGS = -I$(top_srcdir)/include
EXTRA_DIST =
if WITH_CRYB_TEST
libotp = $(top_builddir)/lib/otp/libcryb-otp.la
# tests
TESTS =
# c++ header test
TESTS += t_cxx
t_cxx_SOURCES = t_cxx.cc
t_cxx_CPPFLAGS = $(AM_CPPFLAGS)
t_cxx_LDADD =
if OTP_LIB
t_cxx_CPPFLAGS += -DWITH_OTP_LIB
t_cxx_LDADD += $(libotp)
endif OTP_LIB
# libcryb-otp
if OTP_LIB
endif OTP_LIB
check_PROGRAMS = $(TESTS)
endif WITH_CRYB_TEST

98
t/t_cxx.cc Normal file
View File

@ -0,0 +1,98 @@
/*-
* Copyright (c) 2017 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "cryb/otp-impl.h"
/* gcc's <cstdint> is broken */
#include <stdint.h>
#include <cstring>
#include <iostream>
#include <vector>
#include <cryb/coverage.h>
CRYB_DISABLE_COVERAGE;
class test {
public:
virtual const char *name() = 0;
virtual int run() = 0;
};
#define TEST(lib) \
class test_##lib : public test { \
public: \
virtual const char *name() { \
return (#lib); \
} \
virtual int run() { \
return (std::strcmp(cryb_##lib##_version(), \
PACKAGE_VERSION) == 0); \
} \
};
#if WITH_OTP_LIB
#include <cryb/otp.h>
TEST(otp)
#endif
#undef TEST
int
main(int argc, char *argv[])
{
std::vector<test *> tests;
int ret;
#define TEST(lib) tests.push_back(new test_##lib())
#if WITH_CRYB_OTP
TEST(otp);
#endif
#undef TEST
ret = 0;
if (tests.empty()) {
std::cout << "1..1" << std::endl <<
"ok 1 - dummy" << std::endl;
} else {
std::cout << "1.." << tests.size() << std::endl;
for (int i = 0; i < tests.size(); ++i) {
if (!tests[i]->run()) {
std::cout << "not ";
ret = 1;
}
std::cout << "ok " << (i + 1) << " - " <<
tests[i]->name() << std::endl;
}
}
return (ret);
}