diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d45a0a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,26 @@ +/aclocal.m4 +/autom4te.cache +/compile +/config.guess +/config.log +/config.status +/config.sub +/configure +/depcomp +/test-driver +/install-sh +/libtool +/ltmain.sh +/missing +/mkpkgng +*~ +.deps +.libs +*.la +*.lo +*.log +*.o +*.trs +Makefile +Makefile.in +test.cov diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..2af44a9 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,11 @@ +language: c +compiler: + - clang + - gcc + +before_script: + - ./autogen.sh + - ./configure --enable-developer-warnings --enable-werror + +script: + - make check diff --git a/CREDITS b/CREDITS new file mode 100644 index 0000000..860acd9 --- /dev/null +++ b/CREDITS @@ -0,0 +1,4 @@ +The Cryb OTP package includes code written by Dag-Erling Smørgrav for +the University of Oslo. The University of Oslo has graciously granted +the Cryb.to project permission to reuse this code under the 3-clause +New BSD License. diff --git a/HISTORY b/HISTORY new file mode 100644 index 0000000..e69de29 diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..e69de29 diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..bd71afd --- /dev/null +++ b/Makefile.am @@ -0,0 +1,13 @@ +ACLOCAL_AMFLAGS = -I m4 + +SUBDIRS = include lib libexec pam bin sbin t + +EXTRA_DIST = \ + CREDITS \ + HISTORY \ + INSTALL \ + LICENSE \ + README \ + RELNOTES \ + autogen.sh \ + m4/ax_gcc_builtin.m4 diff --git a/RELNOTES b/RELNOTES new file mode 100644 index 0000000..e69de29 diff --git a/autogen.des b/autogen.des new file mode 100755 index 0000000..89fcfff --- /dev/null +++ b/autogen.des @@ -0,0 +1,41 @@ +#!/bin/sh + +has() { + which "$@" >/dev/null 2>&1 +} + +# BullseyeCoverage needs to know exactly which compiler we're using +if has "${CC}" "${CXX}" ; then + echo "using CC=${CC}" +elif has clang clang++ ; then + echo "using Clang" + export CC="${CC:-clang}" + export CXX="${CXX:-clang++}" +elif has gcc g++ ; then + echo "using GCC" + export CC="${CC:-gcc}" + export CXX="${CXX:-g++}" +else + echo "WARNING: using default compiler," \ + "coverage analysis may not work" +fi +export CPP="${CPP:-${CC} -E}" + +set -e + +if has cov01 ; then + cov01 -qu + cov01 -q0 +fi + +. ./autogen.sh + +./configure \ + --enable-all \ + --enable-developer-warnings \ + --enable-werror \ + "$@" + +if has cov01 ; then + cov01 -qo +fi diff --git a/autogen.sh b/autogen.sh new file mode 100755 index 0000000..dc35ab8 --- /dev/null +++ b/autogen.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +libtoolize --copy --force +aclocal -I m4 +autoheader +automake -a -c --foreign +autoconf diff --git a/bin/Makefile.am b/bin/Makefile.am new file mode 100644 index 0000000..2f62bd3 --- /dev/null +++ b/bin/Makefile.am @@ -0,0 +1,5 @@ +SUBDIRS = + +if OTP_UTIL +SUBDIRS += otpkey +endif OTP_UTIL diff --git a/bin/otpkey/Makefile.am b/bin/otpkey/Makefile.am new file mode 100644 index 0000000..ab34c81 --- /dev/null +++ b/bin/otpkey/Makefile.am @@ -0,0 +1,11 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +bin_PROGRAMS = otpkey + +otpkey_SOURCES = otpkey.c +dist_man1_MANS = otpkey.1 + +if WITH_SETUID +install-exec-hook: + chmod u+s $(DESTDIR)$(bindir)/otpkey$(EXEEXT) +endif WITH_SETUID diff --git a/bin/otpkey/otpkey.1 b/bin/otpkey/otpkey.1 new file mode 100644 index 0000000..75866d4 --- /dev/null +++ b/bin/otpkey/otpkey.1 @@ -0,0 +1,45 @@ +.\"- +.\" Copyright (c) 2017 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd March 3, 2017 +.Dt OTPKEY 1 +.Os +.Sh NAME +.Nm otpkey +.Nd One-time password key management utility +.Sh SYNOPSIS +.Cm Nm +.Sh DESCRIPTION +TBW +.Sh SEE ALSO +.Xr otpverify 8 +.Sh AUTHORS +The +.Nm +utility and this manual page were written by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/bin/otpkey/otpkey.c b/bin/otpkey/otpkey.c new file mode 100644 index 0000000..e315e2c --- /dev/null +++ b/bin/otpkey/otpkey.c @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +#include +#include +#include + +#include + +static void +usage(void) +{ + + fprintf(stderr, "usage: otpkey\n"); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + int opt; + + while ((opt = getopt(argc, argv, "")) != -1) + switch (opt) { + default: + usage(); + } + + argc -= optind; + argv += optind; + + if (argc > 0) + usage(); + + exit(0); +} diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..166121f --- /dev/null +++ b/configure.ac @@ -0,0 +1,270 @@ +AC_PREREQ([2.63]) +AC_INIT([cryb.otp], [devel], [des@des.no], [cryb-otp], [http://cryb.to/]) +AC_CONFIG_SRCDIR([include/cryb/otp.h]) +AC_CONFIG_MACRO_DIR([m4]) +AM_INIT_AUTOMAKE([foreign no-dist-gzip dist-xz]) +AM_CONFIG_HEADER([include/config.h]) + +############################################################################ +# +# Toolchain +# + +# C compiler and features +AC_LANG(C) +AC_PROG_CC([clang gcc cc]) +AC_PROG_CC_STDC +AC_PROG_CPP +AC_PROG_CXX([clang++ g++ c++]) +AC_GNU_SOURCE +AC_C_CONST +AC_C_RESTRICT +AC_C_VOLATILE +AC_C_BIGENDIAN +AC_TYPE_INT16_T +AC_TYPE_INT32_T +AC_TYPE_INT8_T +AC_TYPE_INTMAX_T +AC_TYPE_INTPTR_T +AC_TYPE_OFF_T +AC_TYPE_SIZE_T +AC_TYPE_SSIZE_T +AC_TYPE_UINT16_T +AC_TYPE_UINT32_T +AC_TYPE_UINT8_T +AC_TYPE_UINTMAX_T +AC_TYPE_UINTPTR_T + +# libtool +LT_PREREQ([2.2.6]) +LT_INIT() + +# other programs +AC_PROG_INSTALL + +############################################################################ +# +# Headers and functions +# + +AC_CHECK_HEADERS([endian.h sys/endian.h]) +AX_GCC_BUILTIN([__builtin_bswap16]) +AX_GCC_BUILTIN([__builtin_bswap32]) +AX_GCC_BUILTIN([__builtin_bswap64]) +AC_CHECK_DECLS([ + bswap16, bswap32, bswap64, + be16enc, be16dec, le16enc, le16dec, + be32enc, be32dec, le32enc, le32dec, + be64enc, be64dec, le64enc, le64dec, + htobe16, be16toh, htole16, le16toh, + htobe32, be32toh, htole32, le32toh, + htobe64, be64toh, htole64, le64toh, + nothing +], [], [], [[ +#if HAVE_SYS_ENDIAN_H +#include +#endif +#if HAVE_ENDIAN_H +#include +#endif +]]) +AC_CHECK_FUNCS([strlcat strlcmp strlcpy]) +AC_CHECK_FUNCS([wcslcat wcslcmp wcslcpy]) + +############################################################################ +# +# Extra libraries +# + +# cryb-core +save_LIBS="${LIBS}" +LIBS="" +AC_SEARCH_LIBS([cryb_core_version], [cryb-core], [ + CRYB_CORE_LIBS="${LIBS}" +], [ + AC_MSG_ERROR([cryb-core library not found]) +]) +LIBS="${save_LIBS}" +AC_SUBST(CRYB_CORE_LIBS) + +# cryb-oath +save_LIBS="${LIBS}" +LIBS="" +AC_SEARCH_LIBS([cryb_oath_version], [cryb-oath], [ + CRYB_OATH_LIBS="${LIBS}" +], [ + AC_MSG_ERROR([cryb-oath library not found]) +]) +LIBS="${save_LIBS}" +AC_SUBST(CRYB_OATH_LIBS) + +# cryb-test +save_LIBS="${LIBS}" +LIBS="" +AC_SEARCH_LIBS([cryb_test_version], [cryb-test], [ + CRYB_TEST_LIBS="${LIBS}" +], [ + CRYB_TEST_LIBS="" + AC_MSG_WARN([cryb-test library not found, unit tests disabled]) +]) +LIBS="${save_LIBS}" +AC_SUBST(CRYB_TEST_LIBS) +AM_CONDITIONAL([WITH_CRYB_TEST], [ test x"$CRYB_TEST_LIBS" != x"" ]) + +# libpam +save_LIBS="${LIBS}" +LIBS="" +AC_SEARCH_LIBS([pam_start], [pam], [ + PAM_LIBS="${LIBS}" +], [ + PAM_LIBS="" +]) +LIBS="${save_LIBS}" +AC_SUBST(PAM_LIBS) + +############################################################################ +# +# Build options +# + +# Documentation +AC_ARG_ENABLE([doc], + AC_HELP_STRING([--disable-doc], + [do not build the documentation]), + [with_doc=$enableval]) +AM_CONDITIONAL([WITH_DOC], [test x"$with_doc" != x"no"]) + +# Make utilities setuid +AC_ARG_ENABLE([setuid], + AC_HELP_STRING([--disable-setuid], + [do not set the setuid bit on command-line utilities]), + [enable_setuid=$enableval], + [enable_setuid=yes]) +AM_CONDITIONAL([WITH_SETUID], [test x"$enable_setuid" = x"yes"]) + +############################################################################ +# +# Debugging +# + +# Developer-friendly compiler flags +AC_ARG_ENABLE([developer-warnings], + AS_HELP_STRING([--enable-developer-warnings], + [enable strict warnings (default is NO)]), + [CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual -Wshadow -Wno-unused-result"]) +AC_ARG_ENABLE([debugging-symbols], + AS_HELP_STRING([--enable-debugging-symbols], + [enable debugging symbols (default is NO)]), + [CFLAGS="${CFLAGS} -O0 -g -fno-inline"]) +AC_ARG_ENABLE([werror], + AS_HELP_STRING([--enable-werror], + [use -Werror (default is NO)]), + [CFLAGS="${CFLAGS} -Werror"]) + +############################################################################ +# +# Components +# + +# Everything +AC_ARG_ENABLE([all], + AC_HELP_STRING([--disable-all], + [disable all libraries and tools]), + [enable_all=$enableval], + [enable_all=yes]) + +# Library +elements="$elements lib" +AC_ARG_ENABLE([otp-lib], + AC_HELP_STRING([--enable-otp-lib], + [build the OTP library]), + [enable_otp_lib=$enableval], + [enable_otp_lib=$enable_all]) +AM_CONDITIONAL([OTP_LIB], [test x"$enable_otp_lib" = x"yes"]) + +# BSD Auth module +elements="$elements bsdauth" +requires="$requires bsdauth:lib" +AC_ARG_ENABLE([otp-bsdauth], + AC_HELP_STRING([--enable-otp-bsdauth], + [build the BSD Auth module]), + [enable_otp_bsdauth=$enableval], + [enable_otp_bsdauth=$enable_all]) +AM_CONDITIONAL([OTP_BSDAUTH], [test x"$enable_otp_bsdauth" = x"yes"]) + +# PAM module +elements="$elements pam" +requires="$requires pam:lib" +AC_ARG_ENABLE([otp-pam], + AC_HELP_STRING([--enable-otp-pam], + [build the PAM module]), + [enable_otp_pam=$enableval], + [enable_otp_pam=$enable_all]) +AM_CONDITIONAL([OTP_PAM], [test x"$enable_otp_pam" = x"yes"]) + +# RADIUS server +elements="$elements radius" +requires="$requires radius:lib" +AC_ARG_ENABLE([otp-radius], + AC_HELP_STRING([--enable-otp-radius], + [build the RADIUS server]), + [enable_otp_radius=$enableval], + [enable_otp_radius=$enable_all]) +AM_CONDITIONAL([OTP_RADIUS], [test x"$enable_otp_radius" = x"yes"]) + +# Command-line utilities +elements="$elements util" +requires="$requires util:lib" +AC_ARG_ENABLE([otp-util], + AC_HELP_STRING([--enable-otp-util], + [build the command-line utilities]), + [enable_otp_util=$enableval], + [enable_otp_util=$enable_all]) +AM_CONDITIONAL([OTP_UTIL], [test x"$enable_otp_util" = x"yes"]) + +# Check dependencies +AC_MSG_CHECKING([dependencies]) +for req in $requires ; do + lhs=${req%:*} + lhs_ena=`eval echo \\\$enable_otp_$lhs` + if test x"$lhs_ena" = x"yes" ; then + rhs=${req#*:} + rhs_ena=`eval echo \\\$enable_otp_$rhs` + if test x"$rhs_ena" != x"yes" ; then + AC_MSG_ERROR([otp-$lhs requires otp-$rhs]) + fi + fi +done +AC_MSG_RESULT([ok]) + +############################################################################ +# +# Output +# + +AC_CONFIG_FILES([ + Makefile + include/Makefile + include/cryb/Makefile + lib/Makefile + lib/otp/Makefile + pam/Makefile + pam/pam_otp/Makefile + libexec/Makefile + libexec/login_otp/Makefile + bin/Makefile + bin/otpkey/Makefile + sbin/Makefile + sbin/otpradiusd/Makefile + t/Makefile +]) +AC_OUTPUT + +echo +echo The following Cryb OTP components will be built: +echo +for elem in $elements ; do + enable=`eval echo \\\$enable_otp_$elem` + printf "%16s: %s\n" $elem ${enable:-no} +done +echo diff --git a/include/Makefile.am b/include/Makefile.am new file mode 100644 index 0000000..9e7eeec --- /dev/null +++ b/include/Makefile.am @@ -0,0 +1 @@ +SUBDIRS = cryb diff --git a/include/config.h b/include/config.h new file mode 100644 index 0000000..2200417 --- /dev/null +++ b/include/config.h @@ -0,0 +1,352 @@ +/* include/config.h. Generated from config.h.in by configure. */ +/* include/config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +/* #undef AC_APPLE_UNIVERSAL_BUILD */ + +/* Define to 1 if you have the declaration of `be16dec', and to 0 if you + don't. */ +#define HAVE_DECL_BE16DEC 1 + +/* Define to 1 if you have the declaration of `be16enc', and to 0 if you + don't. */ +#define HAVE_DECL_BE16ENC 1 + +/* Define to 1 if you have the declaration of `be16toh', and to 0 if you + don't. */ +#define HAVE_DECL_BE16TOH 1 + +/* Define to 1 if you have the declaration of `be32dec', and to 0 if you + don't. */ +#define HAVE_DECL_BE32DEC 1 + +/* Define to 1 if you have the declaration of `be32enc', and to 0 if you + don't. */ +#define HAVE_DECL_BE32ENC 1 + +/* Define to 1 if you have the declaration of `be32toh', and to 0 if you + don't. */ +#define HAVE_DECL_BE32TOH 1 + +/* Define to 1 if you have the declaration of `be64dec', and to 0 if you + don't. */ +#define HAVE_DECL_BE64DEC 1 + +/* Define to 1 if you have the declaration of `be64enc', and to 0 if you + don't. */ +#define HAVE_DECL_BE64ENC 1 + +/* Define to 1 if you have the declaration of `be64toh', and to 0 if you + don't. */ +#define HAVE_DECL_BE64TOH 1 + +/* Define to 1 if you have the declaration of `bswap16', and to 0 if you + don't. */ +#define HAVE_DECL_BSWAP16 1 + +/* Define to 1 if you have the declaration of `bswap32', and to 0 if you + don't. */ +#define HAVE_DECL_BSWAP32 1 + +/* Define to 1 if you have the declaration of `bswap64', and to 0 if you + don't. */ +#define HAVE_DECL_BSWAP64 1 + +/* Define to 1 if you have the declaration of `htobe16', and to 0 if you + don't. */ +#define HAVE_DECL_HTOBE16 1 + +/* Define to 1 if you have the declaration of `htobe32', and to 0 if you + don't. */ +#define HAVE_DECL_HTOBE32 1 + +/* Define to 1 if you have the declaration of `htobe64', and to 0 if you + don't. */ +#define HAVE_DECL_HTOBE64 1 + +/* Define to 1 if you have the declaration of `htole16', and to 0 if you + don't. */ +#define HAVE_DECL_HTOLE16 1 + +/* Define to 1 if you have the declaration of `htole32', and to 0 if you + don't. */ +#define HAVE_DECL_HTOLE32 1 + +/* Define to 1 if you have the declaration of `htole64', and to 0 if you + don't. */ +#define HAVE_DECL_HTOLE64 1 + +/* Define to 1 if you have the declaration of `le16dec', and to 0 if you + don't. */ +#define HAVE_DECL_LE16DEC 1 + +/* Define to 1 if you have the declaration of `le16enc', and to 0 if you + don't. */ +#define HAVE_DECL_LE16ENC 1 + +/* Define to 1 if you have the declaration of `le16toh', and to 0 if you + don't. */ +#define HAVE_DECL_LE16TOH 1 + +/* Define to 1 if you have the declaration of `le32dec', and to 0 if you + don't. */ +#define HAVE_DECL_LE32DEC 1 + +/* Define to 1 if you have the declaration of `le32enc', and to 0 if you + don't. */ +#define HAVE_DECL_LE32ENC 1 + +/* Define to 1 if you have the declaration of `le32toh', and to 0 if you + don't. */ +#define HAVE_DECL_LE32TOH 1 + +/* Define to 1 if you have the declaration of `le64dec', and to 0 if you + don't. */ +#define HAVE_DECL_LE64DEC 1 + +/* Define to 1 if you have the declaration of `le64enc', and to 0 if you + don't. */ +#define HAVE_DECL_LE64ENC 1 + +/* Define to 1 if you have the declaration of `le64toh', and to 0 if you + don't. */ +#define HAVE_DECL_LE64TOH 1 + +/* Define to 1 if you have the declaration of `nothing ', and to 0 if you + don't. */ +#define HAVE_DECL_NOTHING_ 0 + +/* Define to 1 if you have the header file. */ +#define HAVE_DLFCN_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_ENDIAN_H */ + +/* Define to 1 if the system has the type `intmax_t'. */ +#define HAVE_INTMAX_T 1 + +/* Define to 1 if the system has the type `intptr_t'. */ +#define HAVE_INTPTR_T 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_INTTYPES_H 1 + +/* Define to 1 if the system has the type `long long int'. */ +#define HAVE_LONG_LONG_INT 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strlcat' function. */ +#define HAVE_STRLCAT 1 + +/* Define to 1 if you have the `strlcmp' function. */ +/* #undef HAVE_STRLCMP */ + +/* Define to 1 if you have the `strlcpy' function. */ +#define HAVE_STRLCPY 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_ENDIAN_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if the system has the type `uintmax_t'. */ +#define HAVE_UINTMAX_T 1 + +/* Define to 1 if the system has the type `uintptr_t'. */ +#define HAVE_UINTPTR_T 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_UNISTD_H 1 + +/* Define to 1 if the system has the type `unsigned long long int'. */ +#define HAVE_UNSIGNED_LONG_LONG_INT 1 + +/* Define to 1 if you have the `wcslcat' function. */ +#define HAVE_WCSLCAT 1 + +/* Define to 1 if you have the `wcslcmp' function. */ +/* #undef HAVE_WCSLCMP */ + +/* Define to 1 if you have the `wcslcpy' function. */ +#define HAVE_WCSLCPY 1 + +/* Define to 1 if the system has the `__builtin_bswap16' built-in function */ +#define HAVE___BUILTIN_BSWAP16 1 + +/* Define to 1 if the system has the `__builtin_bswap32' built-in function */ +#define HAVE___BUILTIN_BSWAP32 1 + +/* Define to 1 if the system has the `__builtin_bswap64' built-in function */ +#define HAVE___BUILTIN_BSWAP64 1 + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ +#define LT_OBJDIR ".libs/" + +/* Name of package */ +#define PACKAGE "cryb-otp" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "des@des.no" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "cryb.otp" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "cryb.otp devel" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "cryb-otp" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "http://cryb.to/" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "devel" + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Enable extensions on AIX 3, Interix. */ +#ifndef _ALL_SOURCE +# define _ALL_SOURCE 1 +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE 1 +#endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +# define _POSIX_PTHREAD_SEMANTICS 1 +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +# define _TANDEM_SOURCE 1 +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# define __EXTENSIONS__ 1 +#endif + + +/* Version number of package */ +#define VERSION "devel" + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +/* # undef WORDS_BIGENDIAN */ +# endif +#endif + +/* Define to 1 if on MINIX. */ +/* #undef _MINIX */ + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +/* #undef _POSIX_1_SOURCE */ + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +/* #undef _POSIX_SOURCE */ + +/* Define for Solaris 2.5.1 so the uint32_t typedef from , + , or is not used. If the typedef were allowed, the + #define below would cause a syntax error. */ +/* #undef _UINT32_T */ + +/* Define for Solaris 2.5.1 so the uint8_t typedef from , + , or is not used. If the typedef were allowed, the + #define below would cause a syntax error. */ +/* #undef _UINT8_T */ + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* Define to the type of a signed integer type of width exactly 16 bits if + such a type exists and the standard includes do not define it. */ +/* #undef int16_t */ + +/* Define to the type of a signed integer type of width exactly 32 bits if + such a type exists and the standard includes do not define it. */ +/* #undef int32_t */ + +/* Define to the type of a signed integer type of width exactly 8 bits if such + a type exists and the standard includes do not define it. */ +/* #undef int8_t */ + +/* Define to the widest signed integer type if and do + not define. */ +/* #undef intmax_t */ + +/* Define to the type of a signed integer type wide enough to hold a pointer, + if such a type exists, and if the system does not define it. */ +/* #undef intptr_t */ + +/* Define to `long int' if does not define. */ +/* #undef off_t */ + +/* Define to the equivalent of the C99 'restrict' keyword, or to + nothing if this is not supported. Do not define if restrict is + supported directly. */ +#define restrict __restrict +/* Work around a bug in Sun C++: it does not support _Restrict or + __restrict__, even though the corresponding Sun C compiler ends up with + "#define restrict _Restrict" or "#define restrict __restrict__" in the + previous line. Perhaps some future version of Sun C++ will work with + restrict; if so, hopefully it defines __RESTRICT like Sun C does. */ +#if defined __SUNPRO_CC && !defined __RESTRICT +# define _Restrict +# define __restrict__ +#endif + +/* Define to `unsigned int' if does not define. */ +/* #undef size_t */ + +/* Define to `int' if does not define. */ +/* #undef ssize_t */ + +/* Define to the type of an unsigned integer type of width exactly 16 bits if + such a type exists and the standard includes do not define it. */ +/* #undef uint16_t */ + +/* Define to the type of an unsigned integer type of width exactly 32 bits if + such a type exists and the standard includes do not define it. */ +/* #undef uint32_t */ + +/* Define to the type of an unsigned integer type of width exactly 8 bits if + such a type exists and the standard includes do not define it. */ +/* #undef uint8_t */ + +/* Define to the widest unsigned integer type if and + do not define. */ +/* #undef uintmax_t */ + +/* Define to the type of an unsigned integer type wide enough to hold a + pointer, if such a type exists, and if the system does not define it. */ +/* #undef uintptr_t */ + +/* Define to empty if the keyword `volatile' does not work. Warning: valid + code using `volatile' can become incorrect without. Disable with care. */ +/* #undef volatile */ diff --git a/include/cryb/Makefile.am b/include/cryb/Makefile.am new file mode 100644 index 0000000..d8f825e --- /dev/null +++ b/include/cryb/Makefile.am @@ -0,0 +1,10 @@ +crybdir = $(includedir)/cryb + +cryb_HEADERS = + +if OTP_LIB +cryb_HEADERS += otp.h +endif OTP_LIB + +noinst_HEADERS = \ + otp-impl.h diff --git a/include/cryb/otp-impl.h b/include/cryb/otp-impl.h new file mode 100644 index 0000000..459132c --- /dev/null +++ b/include/cryb/otp-impl.h @@ -0,0 +1,43 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef CRYB_OTP_IMPL_H_INCLUDED +#define CRYB_OTP_IMPL_H_INCLUDED + +#if HAVE_CONFIG_H +#include "config.h" +#endif + +#ifndef CRYB_TO +#include +#endif + +#include + +#endif diff --git a/include/cryb/otp.h b/include/cryb/otp.h new file mode 100644 index 0000000..1c6640d --- /dev/null +++ b/include/cryb/otp.h @@ -0,0 +1,43 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef CRYB_OTP_H_INCLUDED +#define CRYB_OTP_H_INCLUDED + +#ifndef CRYB_TO +#include +#endif + +CRYB_BEGIN + +const char *cryb_otp_version(void); + +CRYB_END + +#endif diff --git a/lib/Makefile.am b/lib/Makefile.am new file mode 100644 index 0000000..49a14af --- /dev/null +++ b/lib/Makefile.am @@ -0,0 +1,5 @@ +SUBDIRS = + +if OTP_LIB +SUBDIRS += otp +endif OTP_LIB diff --git a/lib/otp/Makefile.am b/lib/otp/Makefile.am new file mode 100644 index 0000000..378349b --- /dev/null +++ b/lib/otp/Makefile.am @@ -0,0 +1,11 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +lib_LTLIBRARIES = libcryb-otp.la + +libcryb_otp_la_SOURCES = \ + \ + cryb_otp.c + +libcryb_otp_la_LIBADD = \ + $(CRYB_CORE_LIBS) \ + $(CRYB_OATH_LIBS) diff --git a/lib/otp/cryb_otp.c b/lib/otp/cryb_otp.c new file mode 100644 index 0000000..91752a2 --- /dev/null +++ b/lib/otp/cryb_otp.c @@ -0,0 +1,44 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +#include +#include + +#include + +static const char *cryb_otp_version_string = PACKAGE_VERSION; + +const char * +cryb_otp_version(void) +{ + + return (cryb_otp_version_string); +} diff --git a/libexec/Makefile.am b/libexec/Makefile.am new file mode 100644 index 0000000..afd5240 --- /dev/null +++ b/libexec/Makefile.am @@ -0,0 +1,5 @@ +SUBDIRS = + +if OTP_BSDAUTH +SUBDIRS += login_otp +endif diff --git a/libexec/login_otp/Makefile.am b/libexec/login_otp/Makefile.am new file mode 100644 index 0000000..cb2a152 --- /dev/null +++ b/libexec/login_otp/Makefile.am @@ -0,0 +1,10 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +libotp = $(top_builddir)/lib/otp/libcryb-otp.la + +libexec_PROGRAMS = login_otp + +login_otp_SOURCES = login_otp.c +login_otp_LDADD = $(libotp) + +dist_man8_MANS = login_otp.8 diff --git a/libexec/login_otp/login_otp.8 b/libexec/login_otp/login_otp.8 new file mode 100644 index 0000000..1e5f43c --- /dev/null +++ b/libexec/login_otp/login_otp.8 @@ -0,0 +1,51 @@ +.\"- +.\" Copyright (c) 2017 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd March 3, 2017 +.Dt LOGIN_OTP 8 +.Os +.Sh NAME +.Nm login_otp +.Nd BSD Authentication module for one-time passwords +.Sh SYNOPSIS +.Cm Nm +.Op Fl d +.Op Fl s Ar service +.Op Fl v Ar key Ns = Ns Ar value ... +.Op Ar class +.Ar user +.Sh DESCRIPTION +TBW +.Sh SEE ALSO +.Xr otpkey 1 , +.Xr otpverify 8 +.Sh AUTHORS +The +.Nm +module and this manual page were written by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/libexec/login_otp/login_otp.c b/libexec/login_otp/login_otp.c new file mode 100644 index 0000000..5d3587e --- /dev/null +++ b/libexec/login_otp/login_otp.c @@ -0,0 +1,77 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +#include +#include +#include + +#include + +static void +usage(void) +{ + + fprintf(stderr, "usage: " + "login_otp [-d] [-s service] [-o key=value ...] [class] user\n"); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + int opt; + + while ((opt = getopt(argc, argv, "ds:v:")) != -1) + switch (opt) { + case 'd': + break; + case 's': + break; + case 'v': + break; + default: + usage(); + } + + argc -= optind; + argv += optind; + + switch (argc) { + case 2: + /* fall through */ + case 1: + break; + default: + usage(); + } + + exit(0); +} diff --git a/m4/ax_gcc_builtin.m4 b/m4/ax_gcc_builtin.m4 new file mode 100644 index 0000000..54d8729 --- /dev/null +++ b/m4/ax_gcc_builtin.m4 @@ -0,0 +1,170 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_gcc_builtin.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_GCC_BUILTIN(BUILTIN) +# +# DESCRIPTION +# +# This macro checks if the compiler supports one of GCC's built-in +# functions; many other compilers also provide those same built-ins. +# +# The BUILTIN parameter is the name of the built-in function. +# +# If BUILTIN is supported define HAVE_. Keep in mind that since +# builtins usually start with two underscores they will be copied over +# into the HAVE_ definition (e.g. HAVE___BUILTIN_EXPECT for +# __builtin_expect()). +# +# The macro caches its result in the ax_cv_have_ variable (e.g. +# ax_cv_have___builtin_expect). +# +# The macro currently supports the following built-in functions: +# +# __builtin_assume_aligned +# __builtin_bswap16 +# __builtin_bswap32 +# __builtin_bswap64 +# __builtin_choose_expr +# __builtin___clear_cache +# __builtin_clrsb +# __builtin_clrsbl +# __builtin_clrsbll +# __builtin_clz +# __builtin_clzl +# __builtin_clzll +# __builtin_complex +# __builtin_constant_p +# __builtin_ctz +# __builtin_ctzl +# __builtin_ctzll +# __builtin_expect +# __builtin_ffs +# __builtin_ffsl +# __builtin_ffsll +# __builtin_fpclassify +# __builtin_huge_val +# __builtin_huge_valf +# __builtin_huge_vall +# __builtin_inf +# __builtin_infd128 +# __builtin_infd32 +# __builtin_infd64 +# __builtin_inff +# __builtin_infl +# __builtin_isinf_sign +# __builtin_nan +# __builtin_nand128 +# __builtin_nand32 +# __builtin_nand64 +# __builtin_nanf +# __builtin_nanl +# __builtin_nans +# __builtin_nansf +# __builtin_nansl +# __builtin_object_size +# __builtin_parity +# __builtin_parityl +# __builtin_parityll +# __builtin_popcount +# __builtin_popcountl +# __builtin_popcountll +# __builtin_powi +# __builtin_powif +# __builtin_powil +# __builtin_prefetch +# __builtin_trap +# __builtin_types_compatible_p +# __builtin_unreachable +# +# Unsuppored built-ins will be tested with an empty parameter set and the +# result of the check might be wrong or meaningless so use with care. +# +# LICENSE +# +# Copyright (c) 2013 Gabriele Svelto +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 3 + +AC_DEFUN([AX_GCC_BUILTIN], [ + AS_VAR_PUSHDEF([ac_var], [ax_cv_have_$1]) + + AC_CACHE_CHECK([for $1], [ac_var], [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [ + m4_case([$1], + [__builtin_assume_aligned], [$1("", 0)], + [__builtin_bswap16], [$1(0)], + [__builtin_bswap32], [$1(0)], + [__builtin_bswap64], [$1(0)], + [__builtin_choose_expr], [$1(0, 0, 0)], + [__builtin___clear_cache], [$1("", "")], + [__builtin_clrsb], [$1(0)], + [__builtin_clrsbl], [$1(0)], + [__builtin_clrsbll], [$1(0)], + [__builtin_clz], [$1(0)], + [__builtin_clzl], [$1(0)], + [__builtin_clzll], [$1(0)], + [__builtin_complex], [$1(0.0, 0.0)], + [__builtin_constant_p], [$1(0)], + [__builtin_ctz], [$1(0)], + [__builtin_ctzl], [$1(0)], + [__builtin_ctzll], [$1(0)], + [__builtin_expect], [$1(0, 0)], + [__builtin_ffs], [$1(0)], + [__builtin_ffsl], [$1(0)], + [__builtin_ffsll], [$1(0)], + [__builtin_fpclassify], [$1(0, 1, 2, 3, 4, 0.0)], + [__builtin_huge_val], [$1()], + [__builtin_huge_valf], [$1()], + [__builtin_huge_vall], [$1()], + [__builtin_inf], [$1()], + [__builtin_infd128], [$1()], + [__builtin_infd32], [$1()], + [__builtin_infd64], [$1()], + [__builtin_inff], [$1()], + [__builtin_infl], [$1()], + [__builtin_isinf_sign], [$1(0.0)], + [__builtin_nan], [$1("")], + [__builtin_nand128], [$1("")], + [__builtin_nand32], [$1("")], + [__builtin_nand64], [$1("")], + [__builtin_nanf], [$1("")], + [__builtin_nanl], [$1("")], + [__builtin_nans], [$1("")], + [__builtin_nansf], [$1("")], + [__builtin_nansl], [$1("")], + [__builtin_object_size], [$1("", 0)], + [__builtin_parity], [$1(0)], + [__builtin_parityl], [$1(0)], + [__builtin_parityll], [$1(0)], + [__builtin_popcount], [$1(0)], + [__builtin_popcountl], [$1(0)], + [__builtin_popcountll], [$1(0)], + [__builtin_powi], [$1(0, 0)], + [__builtin_powif], [$1(0, 0)], + [__builtin_powil], [$1(0, 0)], + [__builtin_prefetch], [$1("")], + [__builtin_trap], [$1()], + [__builtin_types_compatible_p], [$1(int, int)], + [__builtin_unreachable], [$1()], + [m4_warn([syntax], [Unsupported built-in $1, the test may fail]) + $1()] + ) + ])], + [AS_VAR_SET([ac_var], [yes])], + [AS_VAR_SET([ac_var], [no])]) + ]) + + AS_IF([test yes = AS_VAR_GET([ac_var])], + [AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_$1), 1, + [Define to 1 if the system has the `$1' built-in function])], []) + + AS_VAR_POPDEF([ac_var]) +]) diff --git a/pam/Makefile.am b/pam/Makefile.am new file mode 100644 index 0000000..8a3f53e --- /dev/null +++ b/pam/Makefile.am @@ -0,0 +1,5 @@ +SUBDIRS = + +if OTP_PAM +SUBDIRS += pam_otp +endif OTP_PAM diff --git a/pam/pam_otp/Makefile.am b/pam/pam_otp/Makefile.am new file mode 100644 index 0000000..1605e33 --- /dev/null +++ b/pam/pam_otp/Makefile.am @@ -0,0 +1,14 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +libotp = $(top_builddir)/lib/otp/libcryb-otp.la + +moduledir = $(libdir) +module_LTLIBRARIES = pam_otp.la + +pam_otp_la_SOURCES = pam_otp.c +pam_otp_la_LIBADD = \ + $(libotp) \ + $(PAM_LIBS) +pam_otp_la_LDFLAGS = -no-undefined -module -export-symbols-regex '^pam_sm_' + +dist_man8_MANS = pam_otp.8 diff --git a/pam/pam_otp/pam_otp.8 b/pam/pam_otp/pam_otp.8 new file mode 100644 index 0000000..2f57bb2 --- /dev/null +++ b/pam/pam_otp/pam_otp.8 @@ -0,0 +1,85 @@ +.\"- +.\" Copyright (c) 2012-2016 The University of Oslo +.\" Copyright (c) 2017 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd January 11, 2016 +.Dt PAM_OTP 8 +.Os +.Sh NAME +.Nm pam_otp +.Nd One-time password service module +.Sh SYNOPSIS +.Op Ar service +.Ar module-type +.Ar control-flag +.Cm Nm +.Op Ar arguments +.Sh DESCRIPTION +The +.Nm +service module implements counter-based and time-based one-time +passwords. +.Pp +The +.Nm +service module recognizes the following options: +.Bl -tag -width ".Cm echo_pass" +.It Cm nokey = Ar fail | fake | ignore +Specifies how the module should behave when no key is available for +the user: either fail immediately, prompt for a code but fail anyway, +or let authentication proceed by other means. +\" .It Cm nouser = Ar fail | fake | ignore +\" Specifies how the module should behave when the user does not exist. +\" See +\" .Bm nokey +\" above. +\" .It Cm badkey = Ar fail | fake | ignore +\" Specifies how the module should behave when the user exists and has a +\" key, but the key could not be loaded (e.g. due to a syntax error in +\" the keyfile). +\" See +\" .Bm nokey +\" above. +.El +.Pp +The +.Nm +service module uses +.Xr pam_get_authtok 3 +to prompt the user, and will therefore also be affected by the +standard options +.Sh SEE ALSO +.Xr oathkey 1 , +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no +for the University of Oslo. diff --git a/pam/pam_otp/pam_otp.c b/pam/pam_otp/pam_otp.c new file mode 100644 index 0000000..0a1ad28 --- /dev/null +++ b/pam/pam_otp/pam_otp.c @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +#define PAM_SM_AUTH + +#include +#include + +#include + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + /* unused */ + (void)pamh; + (void)flags; + (void)argc; + (void)argv; + return (PAM_AUTH_ERR); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + /* unused */ + (void)pamh; + (void)flags; + (void)argc; + (void)argv; + return (PAM_SUCCESS); +} + +PAM_MODULE_ENTRY("pam_otp"); diff --git a/sbin/Makefile.am b/sbin/Makefile.am new file mode 100644 index 0000000..9863ee3 --- /dev/null +++ b/sbin/Makefile.am @@ -0,0 +1,5 @@ +SUBDIRS = + +if OTP_RADIUS +SUBDIRS += otpradiusd +endif OTP_RADIUS diff --git a/sbin/otpradiusd/Makefile.am b/sbin/otpradiusd/Makefile.am new file mode 100644 index 0000000..72723f7 --- /dev/null +++ b/sbin/otpradiusd/Makefile.am @@ -0,0 +1,6 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +sbin_PROGRAMS = otpradiusd + +otpradiusd_SOURCES = otpradiusd.c +dist_man8_MANS = otpradiusd.8 diff --git a/sbin/otpradiusd/otpradiusd.8 b/sbin/otpradiusd/otpradiusd.8 new file mode 100644 index 0000000..a7b0dbb --- /dev/null +++ b/sbin/otpradiusd/otpradiusd.8 @@ -0,0 +1,46 @@ +.\"- +.\" Copyright (c) 2017 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd March 3, 2017 +.Dt OTPRADIUSD 8 +.Os +.Sh NAME +.Nm otpkey +.Nd One-time password RADIUS server +.Sh SYNOPSIS +.Cm Nm +.Sh DESCRIPTION +TBW +.Sh SEE ALSO +.Xr otpkey 1 , +.Xr otpverify 8 +.Sh AUTHORS +The +.Nm +utility and this manual page were written by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/sbin/otpradiusd/otpradiusd.c b/sbin/otpradiusd/otpradiusd.c new file mode 100644 index 0000000..9e5fa92 --- /dev/null +++ b/sbin/otpradiusd/otpradiusd.c @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +#include +#include +#include + +#include + +static void +usage(void) +{ + + fprintf(stderr, "usage: otpradiusd\n"); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + int opt; + + while ((opt = getopt(argc, argv, "")) != -1) + switch (opt) { + default: + usage(); + } + + argc -= optind; + argv += optind; + + if (argc > 0) + usage(); + + exit(0); +} diff --git a/t/Makefile.am b/t/Makefile.am new file mode 100644 index 0000000..11d5efc --- /dev/null +++ b/t/Makefile.am @@ -0,0 +1,28 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +EXTRA_DIST = + +if WITH_CRYB_TEST + +libotp = $(top_builddir)/lib/otp/libcryb-otp.la + +# tests +TESTS = + +# c++ header test +TESTS += t_cxx +t_cxx_SOURCES = t_cxx.cc +t_cxx_CPPFLAGS = $(AM_CPPFLAGS) +t_cxx_LDADD = +if OTP_LIB +t_cxx_CPPFLAGS += -DWITH_OTP_LIB +t_cxx_LDADD += $(libotp) +endif OTP_LIB + +# libcryb-otp +if OTP_LIB +endif OTP_LIB + +check_PROGRAMS = $(TESTS) + +endif WITH_CRYB_TEST diff --git a/t/t_cxx.cc b/t/t_cxx.cc new file mode 100644 index 0000000..8203b53 --- /dev/null +++ b/t/t_cxx.cc @@ -0,0 +1,98 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +/* gcc's is broken */ +#include +#include +#include +#include + +#include + +CRYB_DISABLE_COVERAGE; + +class test { +public: + virtual const char *name() = 0; + virtual int run() = 0; +}; + +#define TEST(lib) \ + class test_##lib : public test { \ + public: \ + virtual const char *name() { \ + return (#lib); \ + } \ + virtual int run() { \ + return (std::strcmp(cryb_##lib##_version(), \ + PACKAGE_VERSION) == 0); \ + } \ + }; + +#if WITH_OTP_LIB +#include +TEST(otp) +#endif + +#undef TEST + +int +main(int argc, char *argv[]) +{ + std::vector tests; + int ret; + +#define TEST(lib) tests.push_back(new test_##lib()) + +#if WITH_CRYB_OTP + TEST(otp); +#endif + +#undef TEST + + + ret = 0; + if (tests.empty()) { + std::cout << "1..1" << std::endl << + "ok 1 - dummy" << std::endl; + } else { + std::cout << "1.." << tests.size() << std::endl; + for (int i = 0; i < tests.size(); ++i) { + if (!tests[i]->run()) { + std::cout << "not "; + ret = 1; + } + std::cout << "ok " << (i + 1) << " - " << + tests[i]->name() << std::endl; + } + } + return (ret); +}