From cb0cd6213946b6e47435353b662b966390fc67f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Sun, 5 Mar 2017 01:02:49 +0100 Subject: [PATCH] Skeleton --- .gitignore | 26 +++ .travis.yml | 11 ++ CREDITS | 4 + HISTORY | 0 INSTALL | 0 Makefile.am | 13 ++ RELNOTES | 0 autogen.des | 41 ++++ autogen.sh | 7 + bin/Makefile.am | 5 + bin/otpkey/Makefile.am | 11 ++ bin/otpkey/otpkey.1 | 45 +++++ bin/otpkey/otpkey.c | 64 +++++++ configure.ac | 270 ++++++++++++++++++++++++++ include/Makefile.am | 1 + include/config.h | 352 ++++++++++++++++++++++++++++++++++ include/cryb/Makefile.am | 10 + include/cryb/otp-impl.h | 43 +++++ include/cryb/otp.h | 43 +++++ lib/Makefile.am | 5 + lib/otp/Makefile.am | 11 ++ lib/otp/cryb_otp.c | 44 +++++ libexec/Makefile.am | 5 + libexec/login_otp/Makefile.am | 10 + libexec/login_otp/login_otp.8 | 51 +++++ libexec/login_otp/login_otp.c | 77 ++++++++ m4/ax_gcc_builtin.m4 | 170 ++++++++++++++++ pam/Makefile.am | 5 + pam/pam_otp/Makefile.am | 14 ++ pam/pam_otp/pam_otp.8 | 85 ++++++++ pam/pam_otp/pam_otp.c | 65 +++++++ sbin/Makefile.am | 5 + sbin/otpradiusd/Makefile.am | 6 + sbin/otpradiusd/otpradiusd.8 | 46 +++++ sbin/otpradiusd/otpradiusd.c | 64 +++++++ t/Makefile.am | 28 +++ t/t_cxx.cc | 98 ++++++++++ 37 files changed, 1735 insertions(+) create mode 100644 .gitignore create mode 100644 .travis.yml create mode 100644 CREDITS create mode 100644 HISTORY create mode 100644 INSTALL create mode 100644 Makefile.am create mode 100644 RELNOTES create mode 100755 autogen.des create mode 100755 autogen.sh create mode 100644 bin/Makefile.am create mode 100644 bin/otpkey/Makefile.am create mode 100644 bin/otpkey/otpkey.1 create mode 100644 bin/otpkey/otpkey.c create mode 100644 configure.ac create mode 100644 include/Makefile.am create mode 100644 include/config.h create mode 100644 include/cryb/Makefile.am create mode 100644 include/cryb/otp-impl.h create mode 100644 include/cryb/otp.h create mode 100644 lib/Makefile.am create mode 100644 lib/otp/Makefile.am create mode 100644 lib/otp/cryb_otp.c create mode 100644 libexec/Makefile.am create mode 100644 libexec/login_otp/Makefile.am create mode 100644 libexec/login_otp/login_otp.8 create mode 100644 libexec/login_otp/login_otp.c create mode 100644 m4/ax_gcc_builtin.m4 create mode 100644 pam/Makefile.am create mode 100644 pam/pam_otp/Makefile.am create mode 100644 pam/pam_otp/pam_otp.8 create mode 100644 pam/pam_otp/pam_otp.c create mode 100644 sbin/Makefile.am create mode 100644 sbin/otpradiusd/Makefile.am create mode 100644 sbin/otpradiusd/otpradiusd.8 create mode 100644 sbin/otpradiusd/otpradiusd.c create mode 100644 t/Makefile.am create mode 100644 t/t_cxx.cc diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d45a0a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,26 @@ +/aclocal.m4 +/autom4te.cache +/compile +/config.guess +/config.log +/config.status +/config.sub +/configure +/depcomp +/test-driver +/install-sh +/libtool +/ltmain.sh +/missing +/mkpkgng +*~ +.deps +.libs +*.la +*.lo +*.log +*.o +*.trs +Makefile +Makefile.in +test.cov diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..2af44a9 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,11 @@ +language: c +compiler: + - clang + - gcc + +before_script: + - ./autogen.sh + - ./configure --enable-developer-warnings --enable-werror + +script: + - make check diff --git a/CREDITS b/CREDITS new file mode 100644 index 0000000..860acd9 --- /dev/null +++ b/CREDITS @@ -0,0 +1,4 @@ +The Cryb OTP package includes code written by Dag-Erling Smørgrav for +the University of Oslo. The University of Oslo has graciously granted +the Cryb.to project permission to reuse this code under the 3-clause +New BSD License. diff --git a/HISTORY b/HISTORY new file mode 100644 index 0000000..e69de29 diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..e69de29 diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..bd71afd --- /dev/null +++ b/Makefile.am @@ -0,0 +1,13 @@ +ACLOCAL_AMFLAGS = -I m4 + +SUBDIRS = include lib libexec pam bin sbin t + +EXTRA_DIST = \ + CREDITS \ + HISTORY \ + INSTALL \ + LICENSE \ + README \ + RELNOTES \ + autogen.sh \ + m4/ax_gcc_builtin.m4 diff --git a/RELNOTES b/RELNOTES new file mode 100644 index 0000000..e69de29 diff --git a/autogen.des b/autogen.des new file mode 100755 index 0000000..89fcfff --- /dev/null +++ b/autogen.des @@ -0,0 +1,41 @@ +#!/bin/sh + +has() { + which "$@" >/dev/null 2>&1 +} + +# BullseyeCoverage needs to know exactly which compiler we're using +if has "${CC}" "${CXX}" ; then + echo "using CC=${CC}" +elif has clang clang++ ; then + echo "using Clang" + export CC="${CC:-clang}" + export CXX="${CXX:-clang++}" +elif has gcc g++ ; then + echo "using GCC" + export CC="${CC:-gcc}" + export CXX="${CXX:-g++}" +else + echo "WARNING: using default compiler," \ + "coverage analysis may not work" +fi +export CPP="${CPP:-${CC} -E}" + +set -e + +if has cov01 ; then + cov01 -qu + cov01 -q0 +fi + +. ./autogen.sh + +./configure \ + --enable-all \ + --enable-developer-warnings \ + --enable-werror \ + "$@" + +if has cov01 ; then + cov01 -qo +fi diff --git a/autogen.sh b/autogen.sh new file mode 100755 index 0000000..dc35ab8 --- /dev/null +++ b/autogen.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +libtoolize --copy --force +aclocal -I m4 +autoheader +automake -a -c --foreign +autoconf diff --git a/bin/Makefile.am b/bin/Makefile.am new file mode 100644 index 0000000..2f62bd3 --- /dev/null +++ b/bin/Makefile.am @@ -0,0 +1,5 @@ +SUBDIRS = + +if OTP_UTIL +SUBDIRS += otpkey +endif OTP_UTIL diff --git a/bin/otpkey/Makefile.am b/bin/otpkey/Makefile.am new file mode 100644 index 0000000..ab34c81 --- /dev/null +++ b/bin/otpkey/Makefile.am @@ -0,0 +1,11 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +bin_PROGRAMS = otpkey + +otpkey_SOURCES = otpkey.c +dist_man1_MANS = otpkey.1 + +if WITH_SETUID +install-exec-hook: + chmod u+s $(DESTDIR)$(bindir)/otpkey$(EXEEXT) +endif WITH_SETUID diff --git a/bin/otpkey/otpkey.1 b/bin/otpkey/otpkey.1 new file mode 100644 index 0000000..75866d4 --- /dev/null +++ b/bin/otpkey/otpkey.1 @@ -0,0 +1,45 @@ +.\"- +.\" Copyright (c) 2017 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd March 3, 2017 +.Dt OTPKEY 1 +.Os +.Sh NAME +.Nm otpkey +.Nd One-time password key management utility +.Sh SYNOPSIS +.Cm Nm +.Sh DESCRIPTION +TBW +.Sh SEE ALSO +.Xr otpverify 8 +.Sh AUTHORS +The +.Nm +utility and this manual page were written by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/bin/otpkey/otpkey.c b/bin/otpkey/otpkey.c new file mode 100644 index 0000000..e315e2c --- /dev/null +++ b/bin/otpkey/otpkey.c @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +#include +#include +#include + +#include + +static void +usage(void) +{ + + fprintf(stderr, "usage: otpkey\n"); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + int opt; + + while ((opt = getopt(argc, argv, "")) != -1) + switch (opt) { + default: + usage(); + } + + argc -= optind; + argv += optind; + + if (argc > 0) + usage(); + + exit(0); +} diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..166121f --- /dev/null +++ b/configure.ac @@ -0,0 +1,270 @@ +AC_PREREQ([2.63]) +AC_INIT([cryb.otp], [devel], [des@des.no], [cryb-otp], [http://cryb.to/]) +AC_CONFIG_SRCDIR([include/cryb/otp.h]) +AC_CONFIG_MACRO_DIR([m4]) +AM_INIT_AUTOMAKE([foreign no-dist-gzip dist-xz]) +AM_CONFIG_HEADER([include/config.h]) + +############################################################################ +# +# Toolchain +# + +# C compiler and features +AC_LANG(C) +AC_PROG_CC([clang gcc cc]) +AC_PROG_CC_STDC +AC_PROG_CPP +AC_PROG_CXX([clang++ g++ c++]) +AC_GNU_SOURCE +AC_C_CONST +AC_C_RESTRICT +AC_C_VOLATILE +AC_C_BIGENDIAN +AC_TYPE_INT16_T +AC_TYPE_INT32_T +AC_TYPE_INT8_T +AC_TYPE_INTMAX_T +AC_TYPE_INTPTR_T +AC_TYPE_OFF_T +AC_TYPE_SIZE_T +AC_TYPE_SSIZE_T +AC_TYPE_UINT16_T +AC_TYPE_UINT32_T +AC_TYPE_UINT8_T +AC_TYPE_UINTMAX_T +AC_TYPE_UINTPTR_T + +# libtool +LT_PREREQ([2.2.6]) +LT_INIT() + +# other programs +AC_PROG_INSTALL + +############################################################################ +# +# Headers and functions +# + +AC_CHECK_HEADERS([endian.h sys/endian.h]) +AX_GCC_BUILTIN([__builtin_bswap16]) +AX_GCC_BUILTIN([__builtin_bswap32]) +AX_GCC_BUILTIN([__builtin_bswap64]) +AC_CHECK_DECLS([ + bswap16, bswap32, bswap64, + be16enc, be16dec, le16enc, le16dec, + be32enc, be32dec, le32enc, le32dec, + be64enc, be64dec, le64enc, le64dec, + htobe16, be16toh, htole16, le16toh, + htobe32, be32toh, htole32, le32toh, + htobe64, be64toh, htole64, le64toh, + nothing +], [], [], [[ +#if HAVE_SYS_ENDIAN_H +#include +#endif +#if HAVE_ENDIAN_H +#include +#endif +]]) +AC_CHECK_FUNCS([strlcat strlcmp strlcpy]) +AC_CHECK_FUNCS([wcslcat wcslcmp wcslcpy]) + +############################################################################ +# +# Extra libraries +# + +# cryb-core +save_LIBS="${LIBS}" +LIBS="" +AC_SEARCH_LIBS([cryb_core_version], [cryb-core], [ + CRYB_CORE_LIBS="${LIBS}" +], [ + AC_MSG_ERROR([cryb-core library not found]) +]) +LIBS="${save_LIBS}" +AC_SUBST(CRYB_CORE_LIBS) + +# cryb-oath +save_LIBS="${LIBS}" +LIBS="" +AC_SEARCH_LIBS([cryb_oath_version], [cryb-oath], [ + CRYB_OATH_LIBS="${LIBS}" +], [ + AC_MSG_ERROR([cryb-oath library not found]) +]) +LIBS="${save_LIBS}" +AC_SUBST(CRYB_OATH_LIBS) + +# cryb-test +save_LIBS="${LIBS}" +LIBS="" +AC_SEARCH_LIBS([cryb_test_version], [cryb-test], [ + CRYB_TEST_LIBS="${LIBS}" +], [ + CRYB_TEST_LIBS="" + AC_MSG_WARN([cryb-test library not found, unit tests disabled]) +]) +LIBS="${save_LIBS}" +AC_SUBST(CRYB_TEST_LIBS) +AM_CONDITIONAL([WITH_CRYB_TEST], [ test x"$CRYB_TEST_LIBS" != x"" ]) + +# libpam +save_LIBS="${LIBS}" +LIBS="" +AC_SEARCH_LIBS([pam_start], [pam], [ + PAM_LIBS="${LIBS}" +], [ + PAM_LIBS="" +]) +LIBS="${save_LIBS}" +AC_SUBST(PAM_LIBS) + +############################################################################ +# +# Build options +# + +# Documentation +AC_ARG_ENABLE([doc], + AC_HELP_STRING([--disable-doc], + [do not build the documentation]), + [with_doc=$enableval]) +AM_CONDITIONAL([WITH_DOC], [test x"$with_doc" != x"no"]) + +# Make utilities setuid +AC_ARG_ENABLE([setuid], + AC_HELP_STRING([--disable-setuid], + [do not set the setuid bit on command-line utilities]), + [enable_setuid=$enableval], + [enable_setuid=yes]) +AM_CONDITIONAL([WITH_SETUID], [test x"$enable_setuid" = x"yes"]) + +############################################################################ +# +# Debugging +# + +# Developer-friendly compiler flags +AC_ARG_ENABLE([developer-warnings], + AS_HELP_STRING([--enable-developer-warnings], + [enable strict warnings (default is NO)]), + [CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual -Wshadow -Wno-unused-result"]) +AC_ARG_ENABLE([debugging-symbols], + AS_HELP_STRING([--enable-debugging-symbols], + [enable debugging symbols (default is NO)]), + [CFLAGS="${CFLAGS} -O0 -g -fno-inline"]) +AC_ARG_ENABLE([werror], + AS_HELP_STRING([--enable-werror], + [use -Werror (default is NO)]), + [CFLAGS="${CFLAGS} -Werror"]) + +############################################################################ +# +# Components +# + +# Everything +AC_ARG_ENABLE([all], + AC_HELP_STRING([--disable-all], + [disable all libraries and tools]), + [enable_all=$enableval], + [enable_all=yes]) + +# Library +elements="$elements lib" +AC_ARG_ENABLE([otp-lib], + AC_HELP_STRING([--enable-otp-lib], + [build the OTP library]), + [enable_otp_lib=$enableval], + [enable_otp_lib=$enable_all]) +AM_CONDITIONAL([OTP_LIB], [test x"$enable_otp_lib" = x"yes"]) + +# BSD Auth module +elements="$elements bsdauth" +requires="$requires bsdauth:lib" +AC_ARG_ENABLE([otp-bsdauth], + AC_HELP_STRING([--enable-otp-bsdauth], + [build the BSD Auth module]), + [enable_otp_bsdauth=$enableval], + [enable_otp_bsdauth=$enable_all]) +AM_CONDITIONAL([OTP_BSDAUTH], [test x"$enable_otp_bsdauth" = x"yes"]) + +# PAM module +elements="$elements pam" +requires="$requires pam:lib" +AC_ARG_ENABLE([otp-pam], + AC_HELP_STRING([--enable-otp-pam], + [build the PAM module]), + [enable_otp_pam=$enableval], + [enable_otp_pam=$enable_all]) +AM_CONDITIONAL([OTP_PAM], [test x"$enable_otp_pam" = x"yes"]) + +# RADIUS server +elements="$elements radius" +requires="$requires radius:lib" +AC_ARG_ENABLE([otp-radius], + AC_HELP_STRING([--enable-otp-radius], + [build the RADIUS server]), + [enable_otp_radius=$enableval], + [enable_otp_radius=$enable_all]) +AM_CONDITIONAL([OTP_RADIUS], [test x"$enable_otp_radius" = x"yes"]) + +# Command-line utilities +elements="$elements util" +requires="$requires util:lib" +AC_ARG_ENABLE([otp-util], + AC_HELP_STRING([--enable-otp-util], + [build the command-line utilities]), + [enable_otp_util=$enableval], + [enable_otp_util=$enable_all]) +AM_CONDITIONAL([OTP_UTIL], [test x"$enable_otp_util" = x"yes"]) + +# Check dependencies +AC_MSG_CHECKING([dependencies]) +for req in $requires ; do + lhs=${req%:*} + lhs_ena=`eval echo \\\$enable_otp_$lhs` + if test x"$lhs_ena" = x"yes" ; then + rhs=${req#*:} + rhs_ena=`eval echo \\\$enable_otp_$rhs` + if test x"$rhs_ena" != x"yes" ; then + AC_MSG_ERROR([otp-$lhs requires otp-$rhs]) + fi + fi +done +AC_MSG_RESULT([ok]) + +############################################################################ +# +# Output +# + +AC_CONFIG_FILES([ + Makefile + include/Makefile + include/cryb/Makefile + lib/Makefile + lib/otp/Makefile + pam/Makefile + pam/pam_otp/Makefile + libexec/Makefile + libexec/login_otp/Makefile + bin/Makefile + bin/otpkey/Makefile + sbin/Makefile + sbin/otpradiusd/Makefile + t/Makefile +]) +AC_OUTPUT + +echo +echo The following Cryb OTP components will be built: +echo +for elem in $elements ; do + enable=`eval echo \\\$enable_otp_$elem` + printf "%16s: %s\n" $elem ${enable:-no} +done +echo diff --git a/include/Makefile.am b/include/Makefile.am new file mode 100644 index 0000000..9e7eeec --- /dev/null +++ b/include/Makefile.am @@ -0,0 +1 @@ +SUBDIRS = cryb diff --git a/include/config.h b/include/config.h new file mode 100644 index 0000000..2200417 --- /dev/null +++ b/include/config.h @@ -0,0 +1,352 @@ +/* include/config.h. Generated from config.h.in by configure. */ +/* include/config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +/* #undef AC_APPLE_UNIVERSAL_BUILD */ + +/* Define to 1 if you have the declaration of `be16dec', and to 0 if you + don't. */ +#define HAVE_DECL_BE16DEC 1 + +/* Define to 1 if you have the declaration of `be16enc', and to 0 if you + don't. */ +#define HAVE_DECL_BE16ENC 1 + +/* Define to 1 if you have the declaration of `be16toh', and to 0 if you + don't. */ +#define HAVE_DECL_BE16TOH 1 + +/* Define to 1 if you have the declaration of `be32dec', and to 0 if you + don't. */ +#define HAVE_DECL_BE32DEC 1 + +/* Define to 1 if you have the declaration of `be32enc', and to 0 if you + don't. */ +#define HAVE_DECL_BE32ENC 1 + +/* Define to 1 if you have the declaration of `be32toh', and to 0 if you + don't. */ +#define HAVE_DECL_BE32TOH 1 + +/* Define to 1 if you have the declaration of `be64dec', and to 0 if you + don't. */ +#define HAVE_DECL_BE64DEC 1 + +/* Define to 1 if you have the declaration of `be64enc', and to 0 if you + don't. */ +#define HAVE_DECL_BE64ENC 1 + +/* Define to 1 if you have the declaration of `be64toh', and to 0 if you + don't. */ +#define HAVE_DECL_BE64TOH 1 + +/* Define to 1 if you have the declaration of `bswap16', and to 0 if you + don't. */ +#define HAVE_DECL_BSWAP16 1 + +/* Define to 1 if you have the declaration of `bswap32', and to 0 if you + don't. */ +#define HAVE_DECL_BSWAP32 1 + +/* Define to 1 if you have the declaration of `bswap64', and to 0 if you + don't. */ +#define HAVE_DECL_BSWAP64 1 + +/* Define to 1 if you have the declaration of `htobe16', and to 0 if you + don't. */ +#define HAVE_DECL_HTOBE16 1 + +/* Define to 1 if you have the declaration of `htobe32', and to 0 if you + don't. */ +#define HAVE_DECL_HTOBE32 1 + +/* Define to 1 if you have the declaration of `htobe64', and to 0 if you + don't. */ +#define HAVE_DECL_HTOBE64 1 + +/* Define to 1 if you have the declaration of `htole16', and to 0 if you + don't. */ +#define HAVE_DECL_HTOLE16 1 + +/* Define to 1 if you have the declaration of `htole32', and to 0 if you + don't. */ +#define HAVE_DECL_HTOLE32 1 + +/* Define to 1 if you have the declaration of `htole64', and to 0 if you + don't. */ +#define HAVE_DECL_HTOLE64 1 + +/* Define to 1 if you have the declaration of `le16dec', and to 0 if you + don't. */ +#define HAVE_DECL_LE16DEC 1 + +/* Define to 1 if you have the declaration of `le16enc', and to 0 if you + don't. */ +#define HAVE_DECL_LE16ENC 1 + +/* Define to 1 if you have the declaration of `le16toh', and to 0 if you + don't. */ +#define HAVE_DECL_LE16TOH 1 + +/* Define to 1 if you have the declaration of `le32dec', and to 0 if you + don't. */ +#define HAVE_DECL_LE32DEC 1 + +/* Define to 1 if you have the declaration of `le32enc', and to 0 if you + don't. */ +#define HAVE_DECL_LE32ENC 1 + +/* Define to 1 if you have the declaration of `le32toh', and to 0 if you + don't. */ +#define HAVE_DECL_LE32TOH 1 + +/* Define to 1 if you have the declaration of `le64dec', and to 0 if you + don't. */ +#define HAVE_DECL_LE64DEC 1 + +/* Define to 1 if you have the declaration of `le64enc', and to 0 if you + don't. */ +#define HAVE_DECL_LE64ENC 1 + +/* Define to 1 if you have the declaration of `le64toh', and to 0 if you + don't. */ +#define HAVE_DECL_LE64TOH 1 + +/* Define to 1 if you have the declaration of `nothing ', and to 0 if you + don't. */ +#define HAVE_DECL_NOTHING_ 0 + +/* Define to 1 if you have the header file. */ +#define HAVE_DLFCN_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_ENDIAN_H */ + +/* Define to 1 if the system has the type `intmax_t'. */ +#define HAVE_INTMAX_T 1 + +/* Define to 1 if the system has the type `intptr_t'. */ +#define HAVE_INTPTR_T 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_INTTYPES_H 1 + +/* Define to 1 if the system has the type `long long int'. */ +#define HAVE_LONG_LONG_INT 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strlcat' function. */ +#define HAVE_STRLCAT 1 + +/* Define to 1 if you have the `strlcmp' function. */ +/* #undef HAVE_STRLCMP */ + +/* Define to 1 if you have the `strlcpy' function. */ +#define HAVE_STRLCPY 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_ENDIAN_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if the system has the type `uintmax_t'. */ +#define HAVE_UINTMAX_T 1 + +/* Define to 1 if the system has the type `uintptr_t'. */ +#define HAVE_UINTPTR_T 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_UNISTD_H 1 + +/* Define to 1 if the system has the type `unsigned long long int'. */ +#define HAVE_UNSIGNED_LONG_LONG_INT 1 + +/* Define to 1 if you have the `wcslcat' function. */ +#define HAVE_WCSLCAT 1 + +/* Define to 1 if you have the `wcslcmp' function. */ +/* #undef HAVE_WCSLCMP */ + +/* Define to 1 if you have the `wcslcpy' function. */ +#define HAVE_WCSLCPY 1 + +/* Define to 1 if the system has the `__builtin_bswap16' built-in function */ +#define HAVE___BUILTIN_BSWAP16 1 + +/* Define to 1 if the system has the `__builtin_bswap32' built-in function */ +#define HAVE___BUILTIN_BSWAP32 1 + +/* Define to 1 if the system has the `__builtin_bswap64' built-in function */ +#define HAVE___BUILTIN_BSWAP64 1 + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ +#define LT_OBJDIR ".libs/" + +/* Name of package */ +#define PACKAGE "cryb-otp" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "des@des.no" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "cryb.otp" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "cryb.otp devel" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "cryb-otp" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "http://cryb.to/" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "devel" + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Enable extensions on AIX 3, Interix. */ +#ifndef _ALL_SOURCE +# define _ALL_SOURCE 1 +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE 1 +#endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +# define _POSIX_PTHREAD_SEMANTICS 1 +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +# define _TANDEM_SOURCE 1 +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# define __EXTENSIONS__ 1 +#endif + + +/* Version number of package */ +#define VERSION "devel" + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +/* # undef WORDS_BIGENDIAN */ +# endif +#endif + +/* Define to 1 if on MINIX. */ +/* #undef _MINIX */ + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +/* #undef _POSIX_1_SOURCE */ + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +/* #undef _POSIX_SOURCE */ + +/* Define for Solaris 2.5.1 so the uint32_t typedef from , + , or is not used. If the typedef were allowed, the + #define below would cause a syntax error. */ +/* #undef _UINT32_T */ + +/* Define for Solaris 2.5.1 so the uint8_t typedef from , + , or is not used. If the typedef were allowed, the + #define below would cause a syntax error. */ +/* #undef _UINT8_T */ + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* Define to the type of a signed integer type of width exactly 16 bits if + such a type exists and the standard includes do not define it. */ +/* #undef int16_t */ + +/* Define to the type of a signed integer type of width exactly 32 bits if + such a type exists and the standard includes do not define it. */ +/* #undef int32_t */ + +/* Define to the type of a signed integer type of width exactly 8 bits if such + a type exists and the standard includes do not define it. */ +/* #undef int8_t */ + +/* Define to the widest signed integer type if and do + not define. */ +/* #undef intmax_t */ + +/* Define to the type of a signed integer type wide enough to hold a pointer, + if such a type exists, and if the system does not define it. */ +/* #undef intptr_t */ + +/* Define to `long int' if does not define. */ +/* #undef off_t */ + +/* Define to the equivalent of the C99 'restrict' keyword, or to + nothing if this is not supported. Do not define if restrict is + supported directly. */ +#define restrict __restrict +/* Work around a bug in Sun C++: it does not support _Restrict or + __restrict__, even though the corresponding Sun C compiler ends up with + "#define restrict _Restrict" or "#define restrict __restrict__" in the + previous line. Perhaps some future version of Sun C++ will work with + restrict; if so, hopefully it defines __RESTRICT like Sun C does. */ +#if defined __SUNPRO_CC && !defined __RESTRICT +# define _Restrict +# define __restrict__ +#endif + +/* Define to `unsigned int' if does not define. */ +/* #undef size_t */ + +/* Define to `int' if does not define. */ +/* #undef ssize_t */ + +/* Define to the type of an unsigned integer type of width exactly 16 bits if + such a type exists and the standard includes do not define it. */ +/* #undef uint16_t */ + +/* Define to the type of an unsigned integer type of width exactly 32 bits if + such a type exists and the standard includes do not define it. */ +/* #undef uint32_t */ + +/* Define to the type of an unsigned integer type of width exactly 8 bits if + such a type exists and the standard includes do not define it. */ +/* #undef uint8_t */ + +/* Define to the widest unsigned integer type if and + do not define. */ +/* #undef uintmax_t */ + +/* Define to the type of an unsigned integer type wide enough to hold a + pointer, if such a type exists, and if the system does not define it. */ +/* #undef uintptr_t */ + +/* Define to empty if the keyword `volatile' does not work. Warning: valid + code using `volatile' can become incorrect without. Disable with care. */ +/* #undef volatile */ diff --git a/include/cryb/Makefile.am b/include/cryb/Makefile.am new file mode 100644 index 0000000..d8f825e --- /dev/null +++ b/include/cryb/Makefile.am @@ -0,0 +1,10 @@ +crybdir = $(includedir)/cryb + +cryb_HEADERS = + +if OTP_LIB +cryb_HEADERS += otp.h +endif OTP_LIB + +noinst_HEADERS = \ + otp-impl.h diff --git a/include/cryb/otp-impl.h b/include/cryb/otp-impl.h new file mode 100644 index 0000000..459132c --- /dev/null +++ b/include/cryb/otp-impl.h @@ -0,0 +1,43 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef CRYB_OTP_IMPL_H_INCLUDED +#define CRYB_OTP_IMPL_H_INCLUDED + +#if HAVE_CONFIG_H +#include "config.h" +#endif + +#ifndef CRYB_TO +#include +#endif + +#include + +#endif diff --git a/include/cryb/otp.h b/include/cryb/otp.h new file mode 100644 index 0000000..1c6640d --- /dev/null +++ b/include/cryb/otp.h @@ -0,0 +1,43 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef CRYB_OTP_H_INCLUDED +#define CRYB_OTP_H_INCLUDED + +#ifndef CRYB_TO +#include +#endif + +CRYB_BEGIN + +const char *cryb_otp_version(void); + +CRYB_END + +#endif diff --git a/lib/Makefile.am b/lib/Makefile.am new file mode 100644 index 0000000..49a14af --- /dev/null +++ b/lib/Makefile.am @@ -0,0 +1,5 @@ +SUBDIRS = + +if OTP_LIB +SUBDIRS += otp +endif OTP_LIB diff --git a/lib/otp/Makefile.am b/lib/otp/Makefile.am new file mode 100644 index 0000000..378349b --- /dev/null +++ b/lib/otp/Makefile.am @@ -0,0 +1,11 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +lib_LTLIBRARIES = libcryb-otp.la + +libcryb_otp_la_SOURCES = \ + \ + cryb_otp.c + +libcryb_otp_la_LIBADD = \ + $(CRYB_CORE_LIBS) \ + $(CRYB_OATH_LIBS) diff --git a/lib/otp/cryb_otp.c b/lib/otp/cryb_otp.c new file mode 100644 index 0000000..91752a2 --- /dev/null +++ b/lib/otp/cryb_otp.c @@ -0,0 +1,44 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +#include +#include + +#include + +static const char *cryb_otp_version_string = PACKAGE_VERSION; + +const char * +cryb_otp_version(void) +{ + + return (cryb_otp_version_string); +} diff --git a/libexec/Makefile.am b/libexec/Makefile.am new file mode 100644 index 0000000..afd5240 --- /dev/null +++ b/libexec/Makefile.am @@ -0,0 +1,5 @@ +SUBDIRS = + +if OTP_BSDAUTH +SUBDIRS += login_otp +endif diff --git a/libexec/login_otp/Makefile.am b/libexec/login_otp/Makefile.am new file mode 100644 index 0000000..cb2a152 --- /dev/null +++ b/libexec/login_otp/Makefile.am @@ -0,0 +1,10 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +libotp = $(top_builddir)/lib/otp/libcryb-otp.la + +libexec_PROGRAMS = login_otp + +login_otp_SOURCES = login_otp.c +login_otp_LDADD = $(libotp) + +dist_man8_MANS = login_otp.8 diff --git a/libexec/login_otp/login_otp.8 b/libexec/login_otp/login_otp.8 new file mode 100644 index 0000000..1e5f43c --- /dev/null +++ b/libexec/login_otp/login_otp.8 @@ -0,0 +1,51 @@ +.\"- +.\" Copyright (c) 2017 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd March 3, 2017 +.Dt LOGIN_OTP 8 +.Os +.Sh NAME +.Nm login_otp +.Nd BSD Authentication module for one-time passwords +.Sh SYNOPSIS +.Cm Nm +.Op Fl d +.Op Fl s Ar service +.Op Fl v Ar key Ns = Ns Ar value ... +.Op Ar class +.Ar user +.Sh DESCRIPTION +TBW +.Sh SEE ALSO +.Xr otpkey 1 , +.Xr otpverify 8 +.Sh AUTHORS +The +.Nm +module and this manual page were written by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/libexec/login_otp/login_otp.c b/libexec/login_otp/login_otp.c new file mode 100644 index 0000000..5d3587e --- /dev/null +++ b/libexec/login_otp/login_otp.c @@ -0,0 +1,77 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +#include +#include +#include + +#include + +static void +usage(void) +{ + + fprintf(stderr, "usage: " + "login_otp [-d] [-s service] [-o key=value ...] [class] user\n"); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + int opt; + + while ((opt = getopt(argc, argv, "ds:v:")) != -1) + switch (opt) { + case 'd': + break; + case 's': + break; + case 'v': + break; + default: + usage(); + } + + argc -= optind; + argv += optind; + + switch (argc) { + case 2: + /* fall through */ + case 1: + break; + default: + usage(); + } + + exit(0); +} diff --git a/m4/ax_gcc_builtin.m4 b/m4/ax_gcc_builtin.m4 new file mode 100644 index 0000000..54d8729 --- /dev/null +++ b/m4/ax_gcc_builtin.m4 @@ -0,0 +1,170 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_gcc_builtin.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_GCC_BUILTIN(BUILTIN) +# +# DESCRIPTION +# +# This macro checks if the compiler supports one of GCC's built-in +# functions; many other compilers also provide those same built-ins. +# +# The BUILTIN parameter is the name of the built-in function. +# +# If BUILTIN is supported define HAVE_. Keep in mind that since +# builtins usually start with two underscores they will be copied over +# into the HAVE_ definition (e.g. HAVE___BUILTIN_EXPECT for +# __builtin_expect()). +# +# The macro caches its result in the ax_cv_have_ variable (e.g. +# ax_cv_have___builtin_expect). +# +# The macro currently supports the following built-in functions: +# +# __builtin_assume_aligned +# __builtin_bswap16 +# __builtin_bswap32 +# __builtin_bswap64 +# __builtin_choose_expr +# __builtin___clear_cache +# __builtin_clrsb +# __builtin_clrsbl +# __builtin_clrsbll +# __builtin_clz +# __builtin_clzl +# __builtin_clzll +# __builtin_complex +# __builtin_constant_p +# __builtin_ctz +# __builtin_ctzl +# __builtin_ctzll +# __builtin_expect +# __builtin_ffs +# __builtin_ffsl +# __builtin_ffsll +# __builtin_fpclassify +# __builtin_huge_val +# __builtin_huge_valf +# __builtin_huge_vall +# __builtin_inf +# __builtin_infd128 +# __builtin_infd32 +# __builtin_infd64 +# __builtin_inff +# __builtin_infl +# __builtin_isinf_sign +# __builtin_nan +# __builtin_nand128 +# __builtin_nand32 +# __builtin_nand64 +# __builtin_nanf +# __builtin_nanl +# __builtin_nans +# __builtin_nansf +# __builtin_nansl +# __builtin_object_size +# __builtin_parity +# __builtin_parityl +# __builtin_parityll +# __builtin_popcount +# __builtin_popcountl +# __builtin_popcountll +# __builtin_powi +# __builtin_powif +# __builtin_powil +# __builtin_prefetch +# __builtin_trap +# __builtin_types_compatible_p +# __builtin_unreachable +# +# Unsuppored built-ins will be tested with an empty parameter set and the +# result of the check might be wrong or meaningless so use with care. +# +# LICENSE +# +# Copyright (c) 2013 Gabriele Svelto +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 3 + +AC_DEFUN([AX_GCC_BUILTIN], [ + AS_VAR_PUSHDEF([ac_var], [ax_cv_have_$1]) + + AC_CACHE_CHECK([for $1], [ac_var], [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [ + m4_case([$1], + [__builtin_assume_aligned], [$1("", 0)], + [__builtin_bswap16], [$1(0)], + [__builtin_bswap32], [$1(0)], + [__builtin_bswap64], [$1(0)], + [__builtin_choose_expr], [$1(0, 0, 0)], + [__builtin___clear_cache], [$1("", "")], + [__builtin_clrsb], [$1(0)], + [__builtin_clrsbl], [$1(0)], + [__builtin_clrsbll], [$1(0)], + [__builtin_clz], [$1(0)], + [__builtin_clzl], [$1(0)], + [__builtin_clzll], [$1(0)], + [__builtin_complex], [$1(0.0, 0.0)], + [__builtin_constant_p], [$1(0)], + [__builtin_ctz], [$1(0)], + [__builtin_ctzl], [$1(0)], + [__builtin_ctzll], [$1(0)], + [__builtin_expect], [$1(0, 0)], + [__builtin_ffs], [$1(0)], + [__builtin_ffsl], [$1(0)], + [__builtin_ffsll], [$1(0)], + [__builtin_fpclassify], [$1(0, 1, 2, 3, 4, 0.0)], + [__builtin_huge_val], [$1()], + [__builtin_huge_valf], [$1()], + [__builtin_huge_vall], [$1()], + [__builtin_inf], [$1()], + [__builtin_infd128], [$1()], + [__builtin_infd32], [$1()], + [__builtin_infd64], [$1()], + [__builtin_inff], [$1()], + [__builtin_infl], [$1()], + [__builtin_isinf_sign], [$1(0.0)], + [__builtin_nan], [$1("")], + [__builtin_nand128], [$1("")], + [__builtin_nand32], [$1("")], + [__builtin_nand64], [$1("")], + [__builtin_nanf], [$1("")], + [__builtin_nanl], [$1("")], + [__builtin_nans], [$1("")], + [__builtin_nansf], [$1("")], + [__builtin_nansl], [$1("")], + [__builtin_object_size], [$1("", 0)], + [__builtin_parity], [$1(0)], + [__builtin_parityl], [$1(0)], + [__builtin_parityll], [$1(0)], + [__builtin_popcount], [$1(0)], + [__builtin_popcountl], [$1(0)], + [__builtin_popcountll], [$1(0)], + [__builtin_powi], [$1(0, 0)], + [__builtin_powif], [$1(0, 0)], + [__builtin_powil], [$1(0, 0)], + [__builtin_prefetch], [$1("")], + [__builtin_trap], [$1()], + [__builtin_types_compatible_p], [$1(int, int)], + [__builtin_unreachable], [$1()], + [m4_warn([syntax], [Unsupported built-in $1, the test may fail]) + $1()] + ) + ])], + [AS_VAR_SET([ac_var], [yes])], + [AS_VAR_SET([ac_var], [no])]) + ]) + + AS_IF([test yes = AS_VAR_GET([ac_var])], + [AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_$1), 1, + [Define to 1 if the system has the `$1' built-in function])], []) + + AS_VAR_POPDEF([ac_var]) +]) diff --git a/pam/Makefile.am b/pam/Makefile.am new file mode 100644 index 0000000..8a3f53e --- /dev/null +++ b/pam/Makefile.am @@ -0,0 +1,5 @@ +SUBDIRS = + +if OTP_PAM +SUBDIRS += pam_otp +endif OTP_PAM diff --git a/pam/pam_otp/Makefile.am b/pam/pam_otp/Makefile.am new file mode 100644 index 0000000..1605e33 --- /dev/null +++ b/pam/pam_otp/Makefile.am @@ -0,0 +1,14 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +libotp = $(top_builddir)/lib/otp/libcryb-otp.la + +moduledir = $(libdir) +module_LTLIBRARIES = pam_otp.la + +pam_otp_la_SOURCES = pam_otp.c +pam_otp_la_LIBADD = \ + $(libotp) \ + $(PAM_LIBS) +pam_otp_la_LDFLAGS = -no-undefined -module -export-symbols-regex '^pam_sm_' + +dist_man8_MANS = pam_otp.8 diff --git a/pam/pam_otp/pam_otp.8 b/pam/pam_otp/pam_otp.8 new file mode 100644 index 0000000..2f57bb2 --- /dev/null +++ b/pam/pam_otp/pam_otp.8 @@ -0,0 +1,85 @@ +.\"- +.\" Copyright (c) 2012-2016 The University of Oslo +.\" Copyright (c) 2017 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd January 11, 2016 +.Dt PAM_OTP 8 +.Os +.Sh NAME +.Nm pam_otp +.Nd One-time password service module +.Sh SYNOPSIS +.Op Ar service +.Ar module-type +.Ar control-flag +.Cm Nm +.Op Ar arguments +.Sh DESCRIPTION +The +.Nm +service module implements counter-based and time-based one-time +passwords. +.Pp +The +.Nm +service module recognizes the following options: +.Bl -tag -width ".Cm echo_pass" +.It Cm nokey = Ar fail | fake | ignore +Specifies how the module should behave when no key is available for +the user: either fail immediately, prompt for a code but fail anyway, +or let authentication proceed by other means. +\" .It Cm nouser = Ar fail | fake | ignore +\" Specifies how the module should behave when the user does not exist. +\" See +\" .Bm nokey +\" above. +\" .It Cm badkey = Ar fail | fake | ignore +\" Specifies how the module should behave when the user exists and has a +\" key, but the key could not be loaded (e.g. due to a syntax error in +\" the keyfile). +\" See +\" .Bm nokey +\" above. +.El +.Pp +The +.Nm +service module uses +.Xr pam_get_authtok 3 +to prompt the user, and will therefore also be affected by the +standard options +.Sh SEE ALSO +.Xr oathkey 1 , +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no +for the University of Oslo. diff --git a/pam/pam_otp/pam_otp.c b/pam/pam_otp/pam_otp.c new file mode 100644 index 0000000..0a1ad28 --- /dev/null +++ b/pam/pam_otp/pam_otp.c @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +#define PAM_SM_AUTH + +#include +#include + +#include + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + /* unused */ + (void)pamh; + (void)flags; + (void)argc; + (void)argv; + return (PAM_AUTH_ERR); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + /* unused */ + (void)pamh; + (void)flags; + (void)argc; + (void)argv; + return (PAM_SUCCESS); +} + +PAM_MODULE_ENTRY("pam_otp"); diff --git a/sbin/Makefile.am b/sbin/Makefile.am new file mode 100644 index 0000000..9863ee3 --- /dev/null +++ b/sbin/Makefile.am @@ -0,0 +1,5 @@ +SUBDIRS = + +if OTP_RADIUS +SUBDIRS += otpradiusd +endif OTP_RADIUS diff --git a/sbin/otpradiusd/Makefile.am b/sbin/otpradiusd/Makefile.am new file mode 100644 index 0000000..72723f7 --- /dev/null +++ b/sbin/otpradiusd/Makefile.am @@ -0,0 +1,6 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +sbin_PROGRAMS = otpradiusd + +otpradiusd_SOURCES = otpradiusd.c +dist_man8_MANS = otpradiusd.8 diff --git a/sbin/otpradiusd/otpradiusd.8 b/sbin/otpradiusd/otpradiusd.8 new file mode 100644 index 0000000..a7b0dbb --- /dev/null +++ b/sbin/otpradiusd/otpradiusd.8 @@ -0,0 +1,46 @@ +.\"- +.\" Copyright (c) 2017 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd March 3, 2017 +.Dt OTPRADIUSD 8 +.Os +.Sh NAME +.Nm otpkey +.Nd One-time password RADIUS server +.Sh SYNOPSIS +.Cm Nm +.Sh DESCRIPTION +TBW +.Sh SEE ALSO +.Xr otpkey 1 , +.Xr otpverify 8 +.Sh AUTHORS +The +.Nm +utility and this manual page were written by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/sbin/otpradiusd/otpradiusd.c b/sbin/otpradiusd/otpradiusd.c new file mode 100644 index 0000000..9e5fa92 --- /dev/null +++ b/sbin/otpradiusd/otpradiusd.c @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +#include +#include +#include + +#include + +static void +usage(void) +{ + + fprintf(stderr, "usage: otpradiusd\n"); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + int opt; + + while ((opt = getopt(argc, argv, "")) != -1) + switch (opt) { + default: + usage(); + } + + argc -= optind; + argv += optind; + + if (argc > 0) + usage(); + + exit(0); +} diff --git a/t/Makefile.am b/t/Makefile.am new file mode 100644 index 0000000..11d5efc --- /dev/null +++ b/t/Makefile.am @@ -0,0 +1,28 @@ +AM_CPPFLAGS = -I$(top_srcdir)/include + +EXTRA_DIST = + +if WITH_CRYB_TEST + +libotp = $(top_builddir)/lib/otp/libcryb-otp.la + +# tests +TESTS = + +# c++ header test +TESTS += t_cxx +t_cxx_SOURCES = t_cxx.cc +t_cxx_CPPFLAGS = $(AM_CPPFLAGS) +t_cxx_LDADD = +if OTP_LIB +t_cxx_CPPFLAGS += -DWITH_OTP_LIB +t_cxx_LDADD += $(libotp) +endif OTP_LIB + +# libcryb-otp +if OTP_LIB +endif OTP_LIB + +check_PROGRAMS = $(TESTS) + +endif WITH_CRYB_TEST diff --git a/t/t_cxx.cc b/t/t_cxx.cc new file mode 100644 index 0000000..8203b53 --- /dev/null +++ b/t/t_cxx.cc @@ -0,0 +1,98 @@ +/*- + * Copyright (c) 2017 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "cryb/otp-impl.h" + +/* gcc's is broken */ +#include +#include +#include +#include + +#include + +CRYB_DISABLE_COVERAGE; + +class test { +public: + virtual const char *name() = 0; + virtual int run() = 0; +}; + +#define TEST(lib) \ + class test_##lib : public test { \ + public: \ + virtual const char *name() { \ + return (#lib); \ + } \ + virtual int run() { \ + return (std::strcmp(cryb_##lib##_version(), \ + PACKAGE_VERSION) == 0); \ + } \ + }; + +#if WITH_OTP_LIB +#include +TEST(otp) +#endif + +#undef TEST + +int +main(int argc, char *argv[]) +{ + std::vector tests; + int ret; + +#define TEST(lib) tests.push_back(new test_##lib()) + +#if WITH_CRYB_OTP + TEST(otp); +#endif + +#undef TEST + + + ret = 0; + if (tests.empty()) { + std::cout << "1..1" << std::endl << + "ok 1 - dummy" << std::endl; + } else { + std::cout << "1.." << tests.size() << std::endl; + for (int i = 0; i < tests.size(); ++i) { + if (!tests[i]->run()) { + std::cout << "not "; + ret = 1; + } + std::cout << "ok " << (i + 1) << " - " << + tests[i]->name() << std::endl; + } + } + return (ret); +}