mirror of
https://github.com/adulau/ootp.git
synced 2024-12-27 03:06:08 +00:00
ootp-release-1.03 imported
This commit is contained in:
parent
61dce4ac29
commit
9a903d7a74
48 changed files with 2201 additions and 1126 deletions
|
@ -24,7 +24,7 @@
|
|||
' OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
' SUCH DAMAGE.
|
||||
'
|
||||
' $Id: HOTP.DEF 13 2009-11-26 16:37:03Z maf $
|
||||
' $Id: HOTP.DEF 91 2009-12-28 02:45:25Z maf $
|
||||
'
|
||||
|
||||
|
||||
|
@ -37,8 +37,8 @@
|
|||
' INS Name Format CapabilityID
|
||||
'------------------------------------------------------------------------
|
||||
' 00 PRDisplay (CLA=C8) - 00000001
|
||||
' RecordNumber(byte), DataFormat(byte), DigitCount(byte)
|
||||
' DecimalPoint(byte), Delay(byte), MoreData(byte),
|
||||
' RecordNumber(Byte), DataFormat(Byte), DigitCount(Byte)
|
||||
' DecimalPoint(Byte), Delay(Byte), MoreData(Byte),
|
||||
' Data(String)
|
||||
' 40 SetHost Idx,Count,Hostname,HOTPKey 00000002
|
||||
' 42 GetHost Idx,Count,Hostname,HOTPKey 00000004
|
||||
|
@ -63,15 +63,26 @@
|
|||
' A1 SetEEBlock P1=Idx,eeBlock XXXXXXXX
|
||||
|
||||
'
|
||||
' enable functions
|
||||
' HOTP display formats
|
||||
'
|
||||
Const FMTHEX40 = 1
|
||||
Const FMTDEC316 = 2
|
||||
Const FMTDEC317 = 3
|
||||
Const FMTDEC318 = 4
|
||||
Const FMTDEC319 = 5
|
||||
Const FMTDEC3110 = 6
|
||||
Const FMTDHEX40 = 7
|
||||
|
||||
|
||||
'
|
||||
' enable minimal functions for Spyrus Reader
|
||||
'
|
||||
'Const ENABLECSETHOST = 1
|
||||
'Const ENABLECGETHOST = 1
|
||||
Const ENABLECGETHOSTNAME = 1
|
||||
'Const ENABLECGETHOTP = 1
|
||||
Const ENABLECSETADMINMODE = 1
|
||||
'Const ENABLECSETBALANCECARDINDEX = 1
|
||||
Const ENABLECSETBALANCECARDINDEX = 1
|
||||
Const ENABLECSETPIN = 1
|
||||
Const ENABLECTESTPIN = 1
|
||||
Const ENABLECGETVERSION = 1
|
||||
|
@ -81,7 +92,7 @@ Const ENABLECGETHOST32 = 1
|
|||
Const ENABLECGETHOTPCOUNT32 = 1
|
||||
'Const ENABLECGETHOTPHOST = 1
|
||||
Const ENABLECGETHOTPHOSTCOUNT32 = 1
|
||||
'Const ENABLECPRDISPLAY = 1
|
||||
Const ENABLECPRDISPLAY = 1
|
||||
Const ENABLECCLEARALL = 1
|
||||
Const ENABLESETREADERKEY = 1
|
||||
|
||||
|
@ -197,55 +208,55 @@ Const CAPSETREADERKEY = &H00020000
|
|||
Const CAPSETREADERKEY = &H00000000
|
||||
#endif
|
||||
|
||||
declare command &HC8 &H00 PRDisplay(RecordNumber as Byte, DataFormat as Byte, _
|
||||
Declare Command &HC8 &H00 PRDisplay(RecordNumber as Byte, DataFormat as Byte, _
|
||||
DigitCount as Byte,DecimalPoint as Byte, _
|
||||
Delay as Byte, MoreData as Byte, _
|
||||
Data as String)
|
||||
|
||||
declare command &H80 &H40 SetHost(Idx as Byte, Count as Integer, _
|
||||
Declare Command &H80 &H40 SetHost(Idx as Byte, Count as Integer, _
|
||||
Hostname as String*12, HOTPKey as String*20)
|
||||
|
||||
declare command &H80 &H42 GetHost(Idx as Byte, Count as Integer, _
|
||||
Declare Command &H80 &H42 GetHost(Idx as Byte, Count as Integer, _
|
||||
Hostname as String*12, HOTPKey as String*20)
|
||||
|
||||
declare command &H80 &H44 GetHostName(Idx as Byte, myPIN as string*5, _
|
||||
Declare Command &H80 &H44 GetHostName(Idx as Byte, myPIN as String*5, _
|
||||
Hostname as String*12)
|
||||
|
||||
declare command &H80 &H46 GetHOTP(Idx as Byte, myPIN as String*5, _
|
||||
HOTP as string*5)
|
||||
Declare Command &H80 &H46 GetHOTP(Idx as Byte, myPIN as String*5, _
|
||||
HOTP as String*5)
|
||||
|
||||
declare command &H80 &H48 SetAdminMode(Mode as Byte, K as String*20)
|
||||
Declare Command &H80 &H48 SetAdminMode(Mode as Byte, K as String*20)
|
||||
|
||||
declare command &H80 &H4A SetBalanceCardIndex(Idx as Byte)
|
||||
Declare Command &H80 &H4A SetBalanceCardIndex(Idx as Byte)
|
||||
|
||||
declare command &H80 &H4C SetPIN(myPIN as String*5, newPIN as string*5)
|
||||
Declare Command &H80 &H4C SetPIN(myPIN as String*5, newPIN as String*5)
|
||||
|
||||
declare command &H80 &H4E TestPIN(myPIN as String*5)
|
||||
Declare Command &H80 &H4E TestPIN(myPIN as String*5)
|
||||
|
||||
declare command &H80 &H50 GetVersion(V as Byte)
|
||||
Declare Command &H80 &H50 GetVersion(V as Byte)
|
||||
|
||||
declare command &H80 &H52 SetAdminKey(K as String*20)
|
||||
Declare Command &H80 &H52 SetAdminKey(K as String*20)
|
||||
|
||||
declare command &H80 &H54 SetHost32(Idx as Byte, Count32 as Long, _
|
||||
Declare Command &H80 &H54 SetHost32(Idx as Byte, Count32 as Long, _
|
||||
Hostname as String*12, HOTPKey as String*20)
|
||||
|
||||
declare command &h80 &H56 GetHost32(Idx as Byte, Count32 as Long, _
|
||||
Declare Command &h80 &H56 GetHost32(Idx as Byte, Count32 as Long, _
|
||||
Hostname as String*12, HOTPKey as String*20)
|
||||
|
||||
declare command &H80 &H58 GetHOTPCount32(Idx as Byte, myPIN as String*5, _
|
||||
Count32 as Long, HOTP as string*5)
|
||||
Declare Command &H80 &H58 GetHOTPCount32(Idx as Byte, myPIN as String*5, _
|
||||
Count32 as Long, HOTP as String*5)
|
||||
|
||||
declare command &H80 &H5A GetHOTPHost(Idx as Byte, myPIN as String*5, _
|
||||
HOTP as string*5, Hostname as String*12)
|
||||
Declare Command &H80 &H5A GetHOTPHost(Idx as Byte, myPIN as String*5, _
|
||||
HOTP as String*5, Hostname as String*12)
|
||||
|
||||
declare command &H80 &H5C GetHOTPHostCount32(Idx as Byte, myPIN as String*5, _
|
||||
Count32 as Long, HOTP as string*5, Hostname as String*12)
|
||||
Declare Command &H80 &H5C GetHOTPHostCount32(Idx as Byte, myPIN as String*5, _
|
||||
Count32 as Long, HOTP as String*5, Hostname as String*12)
|
||||
|
||||
declare command &H80 &H5E ClearAll()
|
||||
Declare Command &H80 &H5E ClearAll()
|
||||
|
||||
declare command &H80 &H60 SetReaderKey(readerKey as String*5)
|
||||
Declare Command &H80 &H60 SetReaderKey(readerKey as String*5)
|
||||
|
||||
declare command &H80 &H90 GetCapabilities(Capabilities as Long)
|
||||
Declare Command &H80 &H90 GetCapabilities(Capabilities as Long)
|
||||
|
||||
'
|
||||
' error codes used
|
||||
|
|
File diff suppressed because it is too large
Load diff
Binary file not shown.
|
@ -26,7 +26,7 @@
|
|||
*
|
||||
* Ported from ZeitControl bcload.bas and download.bas sample source
|
||||
*
|
||||
* $Id: bcload.c 13 2009-11-26 16:37:03Z maf $
|
||||
* $Id: bcload.c 90 2009-12-28 02:44:52Z maf $
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
|
@ -120,7 +120,7 @@ int main(int argc, char **argv)
|
|||
paranoid = 1;
|
||||
debug = 0;
|
||||
verbose = 0;
|
||||
reader = SCR_DEFAULT_READER;
|
||||
reader = (char*)0L;
|
||||
list_readers = 0; /* no */
|
||||
scrctx = (struct scr_ctx*)0L;
|
||||
img_fname = "HOTPC.IMG";
|
||||
|
@ -700,8 +700,8 @@ void bcimg_read_version_section(struct bcimg *bcimg)
|
|||
* next two bytes are version number of oldest software that
|
||||
* can read the image file. Must be > 5.22
|
||||
*/
|
||||
if ((version[2] > 5) || ((version[2] == 5) && (version[3] > 22)))
|
||||
xerr_errx(1, "bcimg_read_version_section(): Unknown image file version.");
|
||||
if ((version[2] > 5) || ((version[2] == 5) && (version[3] > 71)))
|
||||
xerr_errx(1, "bcimg_read_version_section(): Untested image file version.");
|
||||
|
||||
} /* bcimg_read_version_section */
|
||||
|
||||
|
|
343
common/otplib.c
343
common/otplib.c
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: otplib.c 18 2009-11-26 19:40:06Z maf $
|
||||
* $Id: otplib.c 84 2009-12-27 17:29:51Z maf $
|
||||
*/
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
@ -48,9 +48,12 @@
|
|||
#include "str.h"
|
||||
#include "otpsc.h"
|
||||
|
||||
char *otp_l_status[] = {"error", "active", "inactive", "disabled"};
|
||||
char *otp_l_format[] = {"error", "hex40"};
|
||||
char *otp_l_type[] = {"error", "HOTP"};
|
||||
char *otp_status_l[] = {"error", "active", "inactive", "disabled"};
|
||||
char *otp_format_l[] = {"error", "hex40", "dhex40", "dec31.6", "dec31.7",
|
||||
"dec31.8", "dec31.9", "dec31.10"};
|
||||
char *otp_type_l[] = {"error", "HOTP"};
|
||||
|
||||
char *otp_flags_l[] = {"display-count"};
|
||||
|
||||
/*
|
||||
* One Time Password library with HOTP implementation.
|
||||
|
@ -66,6 +69,9 @@ char *otp_l_type[] = {"error", "HOTP"};
|
|||
* otp_hotp_hex40_auth() HOTP 40 bit hex key authentication
|
||||
* otp_hotp_hex40_crsp() HOTP 40 bit hex key challenge response generator
|
||||
*
|
||||
* otp_hotp_dec31_auth() HOTP 31 bit decimal key authentication
|
||||
* otp_hotp_dec31_crsp() HOTP 31 bit decimal key challenge response generator
|
||||
*
|
||||
****
|
||||
*
|
||||
* otp_db_open() open OTP db
|
||||
|
@ -355,9 +361,10 @@ int otp_hotp_hex40_auth(struct otp_ctx *otpctx, struct otp_user *ou,
|
|||
char *crsp, int window)
|
||||
{
|
||||
uint64_t tmp_count;
|
||||
uint8_t offset;
|
||||
u_int rlen;
|
||||
int i;
|
||||
u_char result[EVP_MAX_MD_SIZE], decoded[5];
|
||||
u_char result[EVP_MAX_MD_SIZE], decoded[5], dt[5];
|
||||
|
||||
if (otp_db_valid(otpctx, "otp_hotp_hex40_auth") < 0)
|
||||
return -1;
|
||||
|
@ -398,9 +405,122 @@ int otp_hotp_hex40_auth(struct otp_ctx *otpctx, struct otp_user *ou,
|
|||
SWAP64(tmp_count)
|
||||
#endif /* BYTE_ORDER */
|
||||
|
||||
/* compare the top 40 bits to authenticate user, match then return good */
|
||||
if (!bcmp(decoded, &result, 5)) {
|
||||
ou->count = tmp_count+1;
|
||||
if (ou->format == OTP_FORMAT_HEX40) {
|
||||
|
||||
/* compare top 40 bits to authenticate user, match then AUTH_PASS */
|
||||
if (!bcmp(decoded, &result, 5)) {
|
||||
ou->count = tmp_count+1;
|
||||
return OTP_AUTH_PASS;
|
||||
}
|
||||
|
||||
} else if (ou->format == OTP_FORMAT_DHEX40) {
|
||||
|
||||
offset = result[19] & 0xf;
|
||||
|
||||
dt[0] = result[offset]; dt[1] = result[offset+1];
|
||||
dt[2] = result[offset+2]; dt[3] = result[offset+3];
|
||||
dt[4] = result[offset+4];
|
||||
|
||||
/* compare dynamic 40 bits to authenticate user, match then AUTH_PASS */
|
||||
if (!bcmp(decoded, &dt, 5)) {
|
||||
ou->count = tmp_count+1;
|
||||
return OTP_AUTH_PASS;
|
||||
}
|
||||
|
||||
} /* ou->format */
|
||||
|
||||
} /* window */
|
||||
|
||||
return OTP_AUTH_FAIL;
|
||||
|
||||
} /* otp_hotp_hex40_auth */
|
||||
|
||||
/*
|
||||
* function: otp_hotp_dec31_auth()
|
||||
*
|
||||
* validate challenge HOTP 31 bit decimal format challenge response
|
||||
* for user ou with window.
|
||||
*
|
||||
* arguments:
|
||||
* ou - otp user struct
|
||||
* crsp - user response
|
||||
* window - window of challenge responses to attempt
|
||||
*
|
||||
* return: OTP_ERROR - error
|
||||
* OTP_AUTH_PASS - user authenticated
|
||||
* OTP_AUTH_FAIL - user not authenticated
|
||||
*
|
||||
*/
|
||||
int otp_hotp_dec31_auth(struct otp_ctx *otpctx, struct otp_user *ou,
|
||||
char *crsp, int window)
|
||||
{
|
||||
uint64_t tmp_count, mod64u;
|
||||
uint32_t crsp32u, tmp32u, hotp32u;
|
||||
uint8_t offset;
|
||||
u_int rlen;
|
||||
u_char result[EVP_MAX_MD_SIZE];
|
||||
int i;
|
||||
char *endptr;
|
||||
|
||||
if (otp_db_valid(otpctx, "otp_hotp_dec31_auth") < 0)
|
||||
return -1;
|
||||
|
||||
crsp32u = strtoul(crsp, &endptr, 10);
|
||||
|
||||
if (*endptr) {
|
||||
xerr_warnx("strtoul(%s): failed at %c.", crsp, *endptr);
|
||||
return OTP_AUTH_FAIL;
|
||||
}
|
||||
|
||||
tmp_count = ou->count;
|
||||
|
||||
/* try to authenticate with count, incrementing count up to count+window */
|
||||
for (i = 0; i < window; ++i, ++tmp_count) {
|
||||
|
||||
/* HOTP is big endian */
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
SWAP64(tmp_count)
|
||||
#endif /* BYTE_ORDER */
|
||||
|
||||
/* compute expected response to challenge */
|
||||
if (!HMAC(EVP_sha1(), ou->key, 20, (void*)&tmp_count, 8,
|
||||
result, &rlen)) {
|
||||
if (otpctx->verbose)
|
||||
xerr_warnx("HMAC(): failed.");
|
||||
return OTP_ERROR;
|
||||
}
|
||||
|
||||
/* restore from HOTP standard byte order */
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
SWAP64(tmp_count)
|
||||
#endif /* BYTE_ORDER */
|
||||
|
||||
offset = result[19] & 0xf;
|
||||
|
||||
tmp32u = (result[offset] & 0x7f) << 24 |
|
||||
(result[offset+1]) << 16 |
|
||||
(result[offset+2]) << 8 |
|
||||
(result[offset+3]);
|
||||
|
||||
if (ou->format == OTP_FORMAT_DEC31_6)
|
||||
mod64u = 1000000LL;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_7)
|
||||
mod64u = 10000000LL;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_8)
|
||||
mod64u = 100000000LL;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_9)
|
||||
mod64u = 1000000000LL;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_10)
|
||||
mod64u = 10000000000LL;
|
||||
else
|
||||
xerr_errx(1, "assertion failure: ou->format invalid for dec31.");
|
||||
|
||||
/* final OTP truncation */
|
||||
hotp32u = tmp32u % mod64u;
|
||||
|
||||
/* computed HOTP == user reponse? */
|
||||
if (hotp32u == crsp32u) {
|
||||
ou->count = tmp_count + 1;
|
||||
return OTP_AUTH_PASS;
|
||||
}
|
||||
|
||||
|
@ -408,13 +528,13 @@ int otp_hotp_hex40_auth(struct otp_ctx *otpctx, struct otp_user *ou,
|
|||
|
||||
return OTP_AUTH_FAIL;
|
||||
|
||||
} /* otp_hotp_hex40_auth */
|
||||
} /* otp_hotp_dec31_auth */
|
||||
|
||||
/*
|
||||
* function: otp_hotp_hex40_crsp()
|
||||
*
|
||||
* generate HOTP challenge response in hex40 format from data in ou
|
||||
* with optional * count_offset applied. Store results in buf as
|
||||
* with optional count_offset applied. Store results in buf as
|
||||
* null terminated ASCII string.
|
||||
*
|
||||
* arguments:
|
||||
|
@ -422,6 +542,7 @@ int otp_hotp_hex40_auth(struct otp_ctx *otpctx, struct otp_user *ou,
|
|||
* ou - otp_user struct source
|
||||
* count_offset - offset of count from current count in ou
|
||||
* buf - buffer with ASCII result. Min 11 bytes.
|
||||
* buf_size - size of buf
|
||||
*
|
||||
* returns: <0 : fail
|
||||
* 0 : success
|
||||
|
@ -431,7 +552,8 @@ int otp_hotp_hex40_crsp(struct otp_ctx *otpctx, struct otp_user *ou,
|
|||
int64_t count_offset, char *buf, size_t buf_size)
|
||||
{
|
||||
uint64_t tmp_count;
|
||||
u_char result[EVP_MAX_MD_SIZE];
|
||||
uint8_t offset;
|
||||
u_char result[EVP_MAX_MD_SIZE], dt[5];
|
||||
u_int rlen;
|
||||
|
||||
if (otp_db_valid(otpctx, "otp_hotp_hex40_crsp") < 0)
|
||||
|
@ -458,13 +580,109 @@ int otp_hotp_hex40_crsp(struct otp_ctx *otpctx, struct otp_user *ou,
|
|||
xerr_warnx("buf_size < 11");
|
||||
return OTP_ERROR;
|
||||
}
|
||||
|
||||
str_hex_dump(buf, result, 5);
|
||||
|
||||
if (ou->format == OTP_FORMAT_HEX40) {
|
||||
|
||||
str_hex_dump(buf, result, 5);
|
||||
|
||||
} else if (ou->format == OTP_FORMAT_DHEX40) {
|
||||
|
||||
offset = result[19] & 0xf;
|
||||
|
||||
dt[0] = result[offset]; dt[1] = result[offset+1];
|
||||
dt[2] = result[offset+2]; dt[3] = result[offset+3];
|
||||
dt[4] = result[offset+4];
|
||||
|
||||
str_hex_dump(buf, dt, 5);
|
||||
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
} /* otp_hotp_hex40_crsp */
|
||||
|
||||
/*
|
||||
* function: otp_hotp_dec31_crsp()
|
||||
*
|
||||
* generate HOTP challenge response in dec31d* format from data in ou
|
||||
* with optional count_offset applied. Store results in buf as
|
||||
* null terminated ASCII string.
|
||||
*
|
||||
* arguments:
|
||||
* otpctx - otp context from otp_db_open()
|
||||
* ou - otp_user struct source
|
||||
* count_offset - offset of count from current count in ou
|
||||
* buf - buffer with ASCII result. Min 11 bytes.
|
||||
* buf_size - size of buf
|
||||
*
|
||||
* returns: <0 : fail
|
||||
* 0 : success
|
||||
*
|
||||
*/
|
||||
int otp_hotp_dec31_crsp(struct otp_ctx *otpctx, struct otp_user *ou,
|
||||
int64_t count_offset, char *buf, size_t buf_size)
|
||||
{
|
||||
uint64_t tmp_count, mod64u;
|
||||
uint32_t tmp32u, hotp32u;
|
||||
uint8_t offset;
|
||||
u_char result[EVP_MAX_MD_SIZE];
|
||||
u_int rlen;
|
||||
|
||||
if (otp_db_valid(otpctx, "otp_hotp_dec31_crsp") < 0)
|
||||
return -1;
|
||||
|
||||
tmp_count = ou->count;
|
||||
tmp_count += count_offset;
|
||||
|
||||
/* HOTP is big endian */
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
SWAP64(tmp_count)
|
||||
#endif /* BYTE_ORDER */
|
||||
|
||||
/* compute expected response to challenge */
|
||||
if (!HMAC(EVP_sha1(), ou->key, 20, (void*)&tmp_count, 8,
|
||||
result, &rlen)) {
|
||||
if (otpctx->verbose)
|
||||
xerr_warnx("HMAC(): failed.");
|
||||
return OTP_ERROR;
|
||||
}
|
||||
|
||||
offset = result[19] & 0xf;
|
||||
|
||||
tmp32u = (result[offset] & 0x7f) << 24 |
|
||||
(result[offset+1]) << 16 |
|
||||
(result[offset+2]) << 8 |
|
||||
(result[offset+3]);
|
||||
|
||||
if (ou->format == OTP_FORMAT_DEC31_6)
|
||||
mod64u = 1000000LL;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_7)
|
||||
mod64u = 10000000LL;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_8)
|
||||
mod64u = 100000000LL;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_9)
|
||||
mod64u = 1000000000LL;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_10)
|
||||
mod64u = 10000000000LL;
|
||||
else
|
||||
xerr_errx(1, "assertion failure: ou->format invalid for dec31.");
|
||||
|
||||
/* final OTP truncation */
|
||||
hotp32u = tmp32u % mod64u;
|
||||
|
||||
if (buf_size < STR_UINT32_LEN) {
|
||||
if (otpctx->verbose)
|
||||
xerr_warnx("buf_size=%d < %d.", buf_size, STR_UINT32_LEN);
|
||||
return OTP_ERROR;
|
||||
}
|
||||
|
||||
str_uint32toa(buf, hotp32u);
|
||||
|
||||
return 0;
|
||||
|
||||
} /* otp_hotp_dec31_crsp */
|
||||
|
||||
|
||||
/*
|
||||
* function: otp_db_open()
|
||||
*
|
||||
|
@ -809,7 +1027,7 @@ otp_db_load_out:
|
|||
* u_count_ceil - count ceiling
|
||||
* u_status - status OTP_STATUS_*
|
||||
* u_type - type OTP_TYPE_HOTP (HOTP implemented)
|
||||
* u_format - format OTP_FORMAT_HEX40 (HEX40 implemented)
|
||||
* u_format - format OTP_FORMAT_*
|
||||
* u_version - version OTP_VERSION (version 1 implemented)
|
||||
*
|
||||
*
|
||||
|
@ -1043,21 +1261,22 @@ int otp_user_auth(struct otp_ctx *otpctx, char *u_username,
|
|||
{
|
||||
time_t now;
|
||||
struct otp_user ou;
|
||||
int ret, r, auth_status;
|
||||
int ret, r, auth_status, crsp_max;
|
||||
|
||||
if (otp_db_valid(otpctx, "otp_user_auth") < 0)
|
||||
return -1;
|
||||
|
||||
/* paranoia */
|
||||
str_safe(u_username, OTP_USER_NAME_LEN);
|
||||
|
||||
ret = -1; /* fail */
|
||||
bzero(&ou, sizeof ou);
|
||||
auth_status = OTP_AUTH_FAIL;
|
||||
|
||||
/* max length of challenge response */
|
||||
crsp_max = (OTP_HOTP_HEX40_LEN<<1) < OTP_HOTP_DEC31_LEN ?\
|
||||
(OTP_HOTP_HEX40_LEN<<1) : OTP_HOTP_DEC31_LEN;
|
||||
|
||||
/* paranoia */
|
||||
str_safe(u_username, OTP_USER_NAME_LEN);
|
||||
str_safe(u_crsp, OTP_HOTP_HEX40_LEN<<1);
|
||||
str_safe(u_crsp, crsp_max<<1);
|
||||
|
||||
/* open user record */
|
||||
if (otp_urec_open(otpctx, u_username, &ou, O_RDWR, FFDB_OP_LOCK_EX) < 0) {
|
||||
|
@ -1093,12 +1312,21 @@ int otp_user_auth(struct otp_ctx *otpctx, char *u_username,
|
|||
ou.last = now;
|
||||
|
||||
/* try to authenticate user */
|
||||
if (ou.status != OTP_STATUS_ACTIVE)
|
||||
if (ou.status != OTP_STATUS_ACTIVE) {
|
||||
auth_status = OTP_AUTH_FAIL;
|
||||
else if (ou.count >= ou.count_ceil)
|
||||
} else if (ou.count >= ou.count_ceil) {
|
||||
auth_status = OTP_AUTH_FAIL;
|
||||
else
|
||||
auth_status = otp_hotp_hex40_auth(otpctx, &ou, u_crsp, u_window);
|
||||
} else {
|
||||
if ((ou.format == OTP_FORMAT_HEX40) ||
|
||||
(ou.format == OTP_FORMAT_DHEX40))
|
||||
auth_status = otp_hotp_hex40_auth(otpctx, &ou, u_crsp, u_window);
|
||||
else if ((ou.format == OTP_FORMAT_DEC31_6) ||
|
||||
(ou.format == OTP_FORMAT_DEC31_7) ||
|
||||
(ou.format == OTP_FORMAT_DEC31_8) ||
|
||||
(ou.format == OTP_FORMAT_DEC31_9) ||
|
||||
(ou.format == OTP_FORMAT_DEC31_10))
|
||||
auth_status = otp_hotp_dec31_auth(otpctx, &ou, u_crsp, u_window);
|
||||
}
|
||||
|
||||
/*
|
||||
* regardless of authentication status update the db to reflect last access
|
||||
|
@ -1368,9 +1596,15 @@ int otp_urec_sanity(struct otp_ctx *otpctx, struct otp_user *ou)
|
|||
return -1;
|
||||
}
|
||||
|
||||
if (ou->format != OTP_FORMAT_HEX40) {
|
||||
if ((ou->format != OTP_FORMAT_HEX40) &&
|
||||
(ou->format != OTP_FORMAT_DHEX40) &&
|
||||
(ou->format != OTP_FORMAT_DEC31_6) &&
|
||||
(ou->format != OTP_FORMAT_DEC31_7) &&
|
||||
(ou->format != OTP_FORMAT_DEC31_8) &&
|
||||
(ou->format != OTP_FORMAT_DEC31_9) &&
|
||||
(ou->format != OTP_FORMAT_DEC31_10)) {
|
||||
if (otpctx->verbose)
|
||||
xerr_warnx("format != OTP_FORMAT_HEX40.");
|
||||
xerr_warnx("format invalid.");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -1394,7 +1628,6 @@ int otp_urec_sanity(struct otp_ctx *otpctx, struct otp_user *ou)
|
|||
* function: otp_urec_crsp()
|
||||
*
|
||||
* generate challenge response for ou
|
||||
* HOTP HEX40 implemented.
|
||||
*
|
||||
* arguments:
|
||||
* otpctx - otp db context returned by otp_db_open()
|
||||
|
@ -1407,13 +1640,31 @@ int otp_urec_sanity(struct otp_ctx *otpctx, struct otp_user *ou)
|
|||
int otp_urec_crsp(struct otp_ctx *otpctx, struct otp_user *ou,
|
||||
int64_t count_offset, char *buf, size_t buf_size)
|
||||
{
|
||||
int crsp_max;
|
||||
|
||||
if (otp_db_valid(otpctx, "otp_urec_crsp") < 0)
|
||||
return -1;
|
||||
|
||||
if (buf_size < 5) {
|
||||
/* max length of challenge response */
|
||||
if ((ou->format == OTP_FORMAT_HEX40) ||
|
||||
(ou->format == OTP_FORMAT_DHEX40))
|
||||
crsp_max = (OTP_HOTP_HEX40_LEN<<1);
|
||||
else if (ou->format == OTP_FORMAT_DEC31_6)
|
||||
crsp_max = 6;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_7)
|
||||
crsp_max = 7;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_8)
|
||||
crsp_max = 8;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_9)
|
||||
crsp_max = 9;
|
||||
else if (ou->format == OTP_FORMAT_DEC31_10)
|
||||
crsp_max = 10;
|
||||
else
|
||||
xerr_errx(1, "assertion failure: ou->format invalid.");
|
||||
|
||||
if (buf_size < (crsp_max+1)) {
|
||||
if (otpctx->verbose)
|
||||
xerr_warnx("buf_size < 5.");
|
||||
xerr_warnx("buf_size < %d.", (crsp_max+1));
|
||||
goto otp_urec_crsp_out;
|
||||
}
|
||||
|
||||
|
@ -1423,7 +1674,17 @@ int otp_urec_crsp(struct otp_ctx *otpctx, struct otp_user *ou,
|
|||
goto otp_urec_crsp_out;
|
||||
}
|
||||
|
||||
return (otp_hotp_hex40_crsp(otpctx, ou, count_offset, buf, buf_size));
|
||||
if ((ou->format == OTP_FORMAT_HEX40) ||
|
||||
(ou->format == OTP_FORMAT_DHEX40))
|
||||
return (otp_hotp_hex40_crsp(otpctx, ou, count_offset, buf, buf_size));
|
||||
else if ((ou->format == OTP_FORMAT_DEC31_6) ||
|
||||
(ou->format == OTP_FORMAT_DEC31_7) ||
|
||||
(ou->format == OTP_FORMAT_DEC31_8) ||
|
||||
(ou->format == OTP_FORMAT_DEC31_9) ||
|
||||
(ou->format == OTP_FORMAT_DEC31_10))
|
||||
return (otp_hotp_dec31_crsp(otpctx, ou, count_offset, buf, buf_size));
|
||||
else
|
||||
xerr_errx(1, "assertion failure: ou->format invalid.");
|
||||
|
||||
otp_urec_crsp_out:
|
||||
|
||||
|
@ -1447,7 +1708,7 @@ otp_urec_crsp_out:
|
|||
*/
|
||||
void otp_urec_disp(struct otp_ctx *otpctx, struct otp_user *ou)
|
||||
{
|
||||
char tmp[41];
|
||||
char tmp[41], buf[512];
|
||||
|
||||
if (otp_db_valid(otpctx, "otp_urec_disp") < 0)
|
||||
return;
|
||||
|
@ -1461,18 +1722,16 @@ void otp_urec_disp(struct otp_ctx *otpctx, struct otp_user *ou)
|
|||
ou->count_ceil);
|
||||
printf("Version........%u\n", (u_int)ou->version);
|
||||
printf("Status.........%s (%u)\n",
|
||||
otp_l_status[ou->status], (u_int)ou->status);
|
||||
str_lookup8(otp_status_l, ou->status, 1, OTP_STATUS_MAX),
|
||||
(u_int)ou->status);
|
||||
printf("Format.........%s (%u)\n",
|
||||
otp_l_format[ou->format], (u_int)ou->format);
|
||||
printf("Type...........%s (%u)\n", otp_l_type[ou->type], (u_int)ou->type);
|
||||
printf("Flags..........%2.2x", (u_int)ou->flags);
|
||||
if (ou->flags)
|
||||
printf(" [");
|
||||
if (ou->flags & OTP_USER_FLAGS_DSPCNT)
|
||||
printf(" display-count");
|
||||
if (ou->flags)
|
||||
printf(" ]");
|
||||
printf("\n");
|
||||
str_lookup8(otp_format_l, ou->format, 1, OTP_FORMAT_MAX),
|
||||
(u_int)ou->format);
|
||||
printf("Type...........%s (%u)\n",
|
||||
str_lookup8(otp_type_l, ou->type, 1, OTP_TYPE_MAX), (u_int)ou->type);
|
||||
printf("Flags..........[%s] (0x%2.2x)\n",
|
||||
str_flag8(otp_flags_l, ou->flags, OTP_FLAGS_BITS, buf, 512),
|
||||
(u_int)ou->flags);
|
||||
|
||||
} /* otp_urec_disp */
|
||||
|
||||
|
@ -1591,7 +1850,7 @@ int main(int argc, char **argv)
|
|||
|
||||
/* crsp[0] = 'F'; */
|
||||
|
||||
ret = otp_user_auth(otpctx, "maf", crsp, OTP_HOTP_WINDOW);
|
||||
ret = otp_user_auth(otpctx, "maf", crsp, OTP_WINDOW_DEFAULT);
|
||||
printf("otp_user_auth(): %d\n", ret);
|
||||
|
||||
/*
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: otplib.h 13 2009-11-26 16:37:03Z maf $
|
||||
* $Id: otplib.h 61 2009-12-17 03:57:22Z maf $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
|
@ -68,17 +68,30 @@
|
|||
|
||||
|
||||
|
||||
#define OTP_DB_FNAME "/etc/otpdb" /* location of user database */
|
||||
#define OTP_HOTP_WINDOW 10 /* Window of challenges to try */
|
||||
#define OTP_VERSION 1 /* version of library */
|
||||
#define OTP_FORMAT_HEX40 1 /* 40 bits in hex */
|
||||
#define OTP_TYPE_HOTP 1 /* protocol type */
|
||||
#define OTP_DB_FNAME "/etc/otpdb" /* location of user database */
|
||||
#define OTP_VERSION 1 /* version of library */
|
||||
|
||||
#define OTP_FORMAT_HEX40 1 /* 40 bits in hex */
|
||||
#define OTP_FORMAT_DHEX40 2 /* 40 bits in hex w. RFC 4226 DT */
|
||||
#define OTP_FORMAT_DEC31_6 3 /* 31 bits 6 digits in decimal RFC */
|
||||
#define OTP_FORMAT_DEC31_7 4 /* 31 bits 7 digits in decimal */
|
||||
#define OTP_FORMAT_DEC31_8 5 /* 31 bits 8 digits in decimal */
|
||||
#define OTP_FORMAT_DEC31_9 6 /* 31 bits 9 digits in decimal */
|
||||
#define OTP_FORMAT_DEC31_10 7 /* 31 bits 10 digits in decimal */
|
||||
#define OTP_FORMAT_MAX 7 /* highest valid format enum */
|
||||
|
||||
#define OTP_TYPE_HOTP 1 /* protocol type */
|
||||
#define OTP_TYPE_MAX 1 /* highest valid type enum */
|
||||
|
||||
#define OTP_WINDOW_DEFAULT 10 /* default challenge window */
|
||||
#define OTP_WINDOW_MAX 255 /* max challenge window */
|
||||
|
||||
#define OTP_VERSION_MIN 1 /* min version for this code */
|
||||
#define OTP_VERSION_MAX 1 /* max version for this code */
|
||||
#define OTP_VERSION_MAX 1 /* max version for this code */
|
||||
|
||||
#define OTP_HOTP_KEY_SIZE 20 /* HMAC SHA160 key length */
|
||||
#define OTP_HOTP_HEX40_LEN 5 /* HOTP challenge hex 40 bits */
|
||||
#define OTP_HOTP_KEY_SIZE 20 /* HMAC SHA160 key length */
|
||||
#define OTP_HOTP_HEX40_LEN 5 /* HOTP challenge hex 40 bits */
|
||||
#define OTP_HOTP_DEC31_LEN 10 /* max 10 digits */
|
||||
|
||||
#define OTP_AUTH_PASS 0 /* authenticated */
|
||||
#define OTP_AUTH_FAIL 1 /* not authenticated */
|
||||
|
@ -89,11 +102,14 @@
|
|||
#define OTP_STATUS_ACTIVE 1 /* user is active */
|
||||
#define OTP_STATUS_INACTIVE 2 /* user is not active */
|
||||
#define OTP_STATUS_DISABLED 3 /* user is locked (disabled) */
|
||||
#define OTP_STATUS_MAX 3 /* highest valid status enum */
|
||||
|
||||
|
||||
#define OTP_USER_N_FIELDS 10 /* n fields in ASCII encoding */
|
||||
#define OTP_USER_ASCII_LEN 139 /* max ASCII encoded length (w/o null) */
|
||||
|
||||
#define OTP_USER_FLAGS_DSPCNT 0x1 /* force display count */
|
||||
#define OTP_FLAGS_DSPCNT 0x1 /* force display count */
|
||||
#define OTP_FLAGS_BITS 1 /* bits used */
|
||||
|
||||
#define OTP_USER_NAME_LEN 32 /* max length of username (w/o null)*/
|
||||
#define OTP_USER_KEY_LEN 64 /* key length */
|
||||
|
@ -103,8 +119,8 @@
|
|||
#define OTP_DB_CREATE_SOFT 0x04 /* create database, soft fail on exist */
|
||||
|
||||
struct otp_user {
|
||||
struct ffdb_key db_key; /* database key */
|
||||
struct ffdb_val db_val; /* database value (this struct in ASCII) */
|
||||
struct ffdb_key db_key; /* database key */
|
||||
struct ffdb_val db_val; /* database value (this struct in ASCII) */
|
||||
uint64_t count; /* count */
|
||||
uint64_t count_ceil; /* count ceiling */
|
||||
uint64_t last; /* last access */
|
||||
|
@ -152,6 +168,10 @@ int otp_hotp_hex40_auth(struct otp_ctx *otpctx, struct otp_user *ou,
|
|||
char *crsp, int window);
|
||||
int otp_hotp_hex40_crsp(struct otp_ctx *otpctx, struct otp_user *ou,
|
||||
int64_t count_offset, char *buf, size_t buf_size);
|
||||
int otp_hotp_dec31_auth(struct otp_ctx *otpctx, struct otp_user *ou,
|
||||
char *crsp, int window);
|
||||
int otp_hotp_dec31_crsp(struct otp_ctx *otpctx, struct otp_user *ou,
|
||||
int64_t count_offset, char *buf, size_t buf_size);
|
||||
|
||||
struct otp_ctx *otp_db_open(char *dbname, int flags);
|
||||
int otp_db_close(struct otp_ctx *otpctx);
|
||||
|
@ -183,6 +203,12 @@ void otp_urec_dispsc(struct otp_ctx *otpctx, struct otp_user *ou,
|
|||
int otp_user_to_ascii(struct otp_ctx *otpctx, struct otp_user *ou);
|
||||
int otp_user_from_ascii(struct otp_ctx *otpctx, struct otp_user *ou);
|
||||
|
||||
char *otp_uflags_str(uint8_t flags, char *tmpbuf, size_t tmpbuf_size);
|
||||
|
||||
extern char *otp_status_l[];
|
||||
extern char *otp_format_l[];
|
||||
extern char *otp_type_l[];
|
||||
extern char *otp_flags_l[];
|
||||
|
||||
|
||||
#endif /* OTP_H */
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: otpsc.h 23 2009-11-28 06:26:22Z maf $
|
||||
* $Id: otpsc.h 86 2009-12-28 00:05:24Z maf $
|
||||
*/
|
||||
|
||||
/* highest supported index */
|
||||
|
@ -209,5 +209,11 @@
|
|||
|
||||
#define HOSTNAME_FLAG_MASK 0x80 /* high bit set */
|
||||
#define HOSTNAME_POS_CHALLENGE 0x00 /* require challenge input */
|
||||
#define HOSTNAME_POS_READERKEY 0x01 /* require reader key */
|
||||
#define HOSTNAME_POS_READERKEY 1 /* require reader key */
|
||||
#define HOSTNAME_POS_FMT 2 /* format, 0=hex, 1=decimal */
|
||||
#define HOSTNAME_POS_FMT3 8 /* 0000=HEX40, 0001=HEX40 */
|
||||
#define HOSTNAME_POS_FMT2 9 /* 0010=DEC31.6 0011=DEC31.7 */
|
||||
#define HOSTNAME_POS_FMT1 10 /* 0100=DEC31.8 0101=DEC31.9 */
|
||||
#define HOSTNAME_POS_FMT0 11 /* 0110=DEC31.10 0111=DHEX40 */
|
||||
|
||||
|
||||
|
|
97
common/scr.c
97
common/scr.c
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: scr.c 29 2009-11-30 01:11:17Z maf $
|
||||
* $Id: scr.c 73 2009-12-21 05:14:46Z maf $
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
|
@ -81,12 +81,11 @@ struct scr_ctx* scr_ctx_new(int valid_readers, int verbose)
|
|||
{
|
||||
struct scr_ctx *scrctx;
|
||||
size_t ralloc;
|
||||
int r, ret, cur_reader;
|
||||
int i, r, ret, cur_reader;
|
||||
char *buf;
|
||||
#ifdef SCR_PCSC
|
||||
char *pcsc_rdr_buf, *p;
|
||||
DWORD pcsc_rdr_buf_len;
|
||||
int pcsc_rdr_count;
|
||||
#endif /* SCR_PCSC */
|
||||
|
||||
ret = -1; /* fail */
|
||||
|
@ -104,25 +103,20 @@ struct scr_ctx* scr_ctx_new(int valid_readers, int verbose)
|
|||
bzero(scrctx, sizeof *scrctx);
|
||||
scrctx->verbose = verbose;
|
||||
|
||||
if (valid_readers & SCR_READER_EMBEDDED_ACR30S) {
|
||||
|
||||
++ scrctx->num_readers;
|
||||
|
||||
ralloc += strlen(SCR_EMBEDDED_ACR30S_NAME)+1;
|
||||
|
||||
}
|
||||
|
||||
#ifdef SCR_PCSC
|
||||
|
||||
if (valid_readers & SCR_READER_PCSC) {
|
||||
|
||||
if ((r = SCardEstablishContext(SCARD_SCOPE_SYSTEM, (void*)0L, (void*)0L,
|
||||
&scrctx->hContext)) != SCARD_S_SUCCESS) {
|
||||
|
||||
if (scrctx->verbose)
|
||||
xerr_warnx("SCardEstablishContext(): %s.", pcsc_stringify_error(r));
|
||||
}
|
||||
|
||||
pcsc_rdr_buf = (char*)0L;
|
||||
/* give up on PCSC readers */
|
||||
goto pcsc_done;
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
* SCARD_AUTOALLOCATE not portable. Do this in two steps
|
||||
|
@ -130,9 +124,13 @@ struct scr_ctx* scr_ctx_new(int valid_readers, int verbose)
|
|||
*/
|
||||
if ((r = SCardListReaders(scrctx->hContext, (void*)0L, (void*)0L,
|
||||
&pcsc_rdr_buf_len)) != SCARD_S_SUCCESS) {
|
||||
|
||||
if (scrctx->verbose)
|
||||
xerr_warnx("SCCardListReaders(): %s.", pcsc_stringify_error(r));
|
||||
goto scr_ctx_new_out;
|
||||
|
||||
/* give up on PCSC readers */
|
||||
goto pcsc_done;
|
||||
|
||||
}
|
||||
|
||||
if (!(pcsc_rdr_buf = malloc(pcsc_rdr_buf_len))) {
|
||||
|
@ -149,23 +147,33 @@ struct scr_ctx* scr_ctx_new(int valid_readers, int verbose)
|
|||
}
|
||||
|
||||
/* run through PSCS reader names to get count */
|
||||
for (p = pcsc_rdr_buf, pcsc_rdr_count = 0;*p;++pcsc_rdr_count)
|
||||
for (p = pcsc_rdr_buf;*p;++scrctx->pcsc_num_readers)
|
||||
p += strlen(p);
|
||||
|
||||
/* first PCSC reader in the list */
|
||||
if (pcsc_rdr_count)
|
||||
if (scrctx->pcsc_num_readers)
|
||||
scrctx->pcsc_reader_first = scrctx->num_readers;
|
||||
|
||||
/* add PCSC readers to total available via scr */
|
||||
scrctx->num_readers += pcsc_rdr_count;
|
||||
scrctx->num_readers += scrctx->pcsc_num_readers;
|
||||
|
||||
/* resrve space for reader name + "PCSC:" */
|
||||
ralloc += pcsc_rdr_buf_len + (pcsc_rdr_count * 5);
|
||||
ralloc += pcsc_rdr_buf_len + (scrctx->pcsc_num_readers * 5);
|
||||
|
||||
} /* SCR_READER_PCSC */
|
||||
|
||||
#endif /* SCR_PCSC */
|
||||
|
||||
pcsc_done:
|
||||
|
||||
if (valid_readers & SCR_READER_EMBEDDED_ACR30S) {
|
||||
|
||||
++ scrctx->num_readers;
|
||||
|
||||
ralloc += strlen(SCR_EMBEDDED_ACR30S_NAME)+1;
|
||||
|
||||
}
|
||||
|
||||
/* foreach reader allocate char */
|
||||
ralloc += (scrctx->num_readers) * sizeof (char*);
|
||||
|
||||
|
@ -179,18 +187,12 @@ struct scr_ctx* scr_ctx_new(int valid_readers, int verbose)
|
|||
buf = (char*)scrctx->readers + (sizeof (char*))*scrctx->num_readers;
|
||||
cur_reader = 0;
|
||||
|
||||
if (valid_readers & SCR_READER_EMBEDDED_ACR30S) {
|
||||
scrctx->readers[cur_reader++] = buf;
|
||||
strcpy(buf, SCR_EMBEDDED_ACR30S_NAME);
|
||||
buf += strlen(SCR_EMBEDDED_ACR30S_NAME) + 1;
|
||||
} /* SCR_READER_PCSC */
|
||||
|
||||
#ifdef SCR_PCSC
|
||||
|
||||
if (valid_readers & SCR_READER_PCSC) {
|
||||
|
||||
p = pcsc_rdr_buf;
|
||||
while (*p) {
|
||||
while (p && *p) {
|
||||
scrctx->readers[cur_reader++] = buf;
|
||||
bcopy("PCSC:", buf, 5);
|
||||
buf += 5;
|
||||
|
@ -203,6 +205,13 @@ struct scr_ctx* scr_ctx_new(int valid_readers, int verbose)
|
|||
|
||||
#endif /* SCR_PCSC */
|
||||
|
||||
if (valid_readers & SCR_READER_EMBEDDED_ACR30S) {
|
||||
scrctx->readers[cur_reader++] = buf;
|
||||
strcpy(buf, SCR_EMBEDDED_ACR30S_NAME);
|
||||
buf += strlen(SCR_EMBEDDED_ACR30S_NAME) + 1;
|
||||
} /* SCR_READER_PCSC */
|
||||
|
||||
|
||||
scrctx->valid = 1;
|
||||
scrctx->valid_readers = valid_readers;
|
||||
|
||||
|
@ -210,6 +219,12 @@ struct scr_ctx* scr_ctx_new(int valid_readers, int verbose)
|
|||
|
||||
scr_ctx_new_out:
|
||||
|
||||
/* dump list of readers? */
|
||||
if (scrctx->verbose) {
|
||||
for (i = 0; i < scrctx->num_readers; ++i)
|
||||
xerr_info("reader: %s", scrctx->readers[i]);
|
||||
}
|
||||
|
||||
#ifdef SCR_PCSC
|
||||
if (pcsc_rdr_buf)
|
||||
free(pcsc_rdr_buf);
|
||||
|
@ -329,6 +344,8 @@ void scr_ctx_free(struct scr_ctx *scrctx)
|
|||
* to the first reader, embedded:acr30s will default to
|
||||
* SCR_EMBEDDED_ACR30S_DEVICE
|
||||
*
|
||||
* An empty reader string will default to the first available reader
|
||||
*
|
||||
* returns: 0 success, connected to reader
|
||||
* <0 failure
|
||||
*
|
||||
|
@ -343,6 +360,19 @@ int scr_ctx_connect(struct scr_ctx *scrctx, char *reader)
|
|||
if (scr_ctx_valid(scrctx, (char*)__FUNCTION__) == -1)
|
||||
goto scr_ctx_connect_out;
|
||||
|
||||
|
||||
/* empty or no reader string */
|
||||
if ((!reader) || (reader[0] == 0)) {
|
||||
|
||||
if (scrctx->num_readers == 0) {
|
||||
xerr_warnx("No readers.");
|
||||
goto scr_ctx_connect_out;
|
||||
}
|
||||
|
||||
reader = scrctx->readers[0];
|
||||
|
||||
}
|
||||
|
||||
n = strlen(reader);
|
||||
|
||||
if (!(scrctx->reader = (char*)malloc(n+1))) {
|
||||
|
@ -387,10 +417,19 @@ int scr_ctx_connect(struct scr_ctx *scrctx, char *reader)
|
|||
/* skip PCSC: */
|
||||
scrctx->pcsc_active_reader = scrctx->reader + 5;
|
||||
|
||||
/* PCSC: alone defaults to first PCSC reader */
|
||||
if (!*scrctx->pcsc_active_reader)
|
||||
scrctx->pcsc_active_reader =\
|
||||
scrctx->readers[scrctx->pcsc_reader_first]+5;
|
||||
/* PCSC: alone defaults to first PCSC reader if defined */
|
||||
if (!*scrctx->pcsc_active_reader) {
|
||||
|
||||
/* if readers available, then default to first */
|
||||
if (scrctx->pcsc_num_readers) {
|
||||
scrctx->pcsc_active_reader =\
|
||||
scrctx->readers[scrctx->pcsc_reader_first]+5;
|
||||
} else {
|
||||
xerr_warnx("No PCSC readers.");
|
||||
goto scr_ctx_connect_out;
|
||||
}
|
||||
|
||||
} /* PSCS: */
|
||||
|
||||
if ((r = SCardConnect(scrctx->hContext, scrctx->pcsc_active_reader,
|
||||
SCARD_SHARE_EXCLUSIVE, SCARD_PROTOCOL_T1, &scrctx->hCard,
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: scr.h 26 2009-11-29 23:01:37Z maf $
|
||||
* $Id: scr.h 49 2009-12-14 22:03:08Z maf $
|
||||
*/
|
||||
|
||||
#include "acr30.h"
|
||||
|
@ -43,11 +43,6 @@
|
|||
#define SCR_EMBEDDED_ACR30S_NAME "embedded:acr30s"
|
||||
#define SCR_EMBEDDED_ACR30S_DEVICE "/dev/cuaU0"
|
||||
|
||||
#ifndef SCR_DEFAULT_READER
|
||||
/* #define SCR_DEFAULT_READER "embedded:acr30s:/dev/cuaU0" */
|
||||
#define SCR_DEFAULT_READER "PCSC:"
|
||||
#endif
|
||||
|
||||
#define SCR_TX_BUF_LEN 254
|
||||
#define SCR_RX_BUF_LEN 254
|
||||
|
||||
|
@ -66,12 +61,12 @@ struct scr_ctx
|
|||
SCARDHANDLE hCard;
|
||||
DWORD dwActiveProtocol;
|
||||
char *pcsc_active_reader;
|
||||
int pcsc_reader_first, pcsc_num_readers;
|
||||
#endif /* SCR_PCSC */
|
||||
int verbose, valid, valid_readers, active_reader;
|
||||
int num_readers;
|
||||
char **readers;
|
||||
char *reader;
|
||||
int pcsc_reader_first;
|
||||
};
|
||||
|
||||
struct scr_io {
|
||||
|
|
130
common/str.c
130
common/str.c
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: str.c 15 2009-11-26 18:29:41Z maf $
|
||||
* $Id: str.c 87 2009-12-28 00:05:53Z maf $
|
||||
*/
|
||||
|
||||
#include <termios.h>
|
||||
|
@ -36,6 +36,7 @@
|
|||
#endif
|
||||
#include <stdio.h>
|
||||
#include "str.h"
|
||||
#include "xerr.h"
|
||||
|
||||
/*
|
||||
* function: chr_hex_l()
|
||||
|
@ -149,7 +150,7 @@ int chr_ishex(char d)
|
|||
* n - length of b in bytes
|
||||
*
|
||||
*/
|
||||
void str_hex_dump(char *buf, u_char *b, size_t n)
|
||||
int str_hex_dump(char *buf, u_char *b, size_t n)
|
||||
{
|
||||
int i, j;
|
||||
for (i = 0, j = 0; i < n; ++i) {
|
||||
|
@ -157,6 +158,7 @@ void str_hex_dump(char *buf, u_char *b, size_t n)
|
|||
buf[j++] = chr_hex_r(*b++);
|
||||
}
|
||||
buf[j] = 0;
|
||||
return j;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -390,6 +392,130 @@ int str_safe(char *input, size_t len)
|
|||
|
||||
} /* str_safe */
|
||||
|
||||
/*
|
||||
* function: str_uint32toa()
|
||||
*
|
||||
* convert unsigned 32 bit integer to ascii. Left align.
|
||||
*
|
||||
* arguments:
|
||||
* s - pointer to output buffer. Must be at least 11 bytes.
|
||||
* u - uint32_t to convert
|
||||
*
|
||||
* returns: length of string
|
||||
*
|
||||
*/
|
||||
int str_uint32toa(char *s, uint32_t u)
|
||||
{
|
||||
int len;
|
||||
char *s1;
|
||||
|
||||
len = 0;
|
||||
s1 = s;
|
||||
|
||||
/* 2^32-1 = 4294967295 = max 10 digits + NULL */
|
||||
s[10] = 0;
|
||||
|
||||
do {
|
||||
++len;
|
||||
*--s = '0' + (u % 10);
|
||||
u /= 10;
|
||||
} while (u);
|
||||
|
||||
bcopy(s, s1, len);
|
||||
s1[len] = 0;
|
||||
|
||||
return len;
|
||||
|
||||
} /* str_fmt_uint32 */
|
||||
|
||||
char *str_lookup8(char *list[], uint8_t id, uint8_t min, uint8_t max)
|
||||
{
|
||||
if (id > max) {
|
||||
xerr_warnx("str_lookup8(): id=%d, max=%d", (int)id, (int)max);
|
||||
return "err";
|
||||
}
|
||||
|
||||
if (id < min) {
|
||||
xerr_warnx("str_lookup8(): id=%d, min=%d", (int)id, (int)min);
|
||||
return "err";
|
||||
}
|
||||
|
||||
return list[id];
|
||||
|
||||
} /* str_lookup8 */
|
||||
|
||||
char *str_flag8(char *list[], uint8_t flags, uint8_t bits, char *tmpbuf,
|
||||
size_t tmpbuf_size)
|
||||
{
|
||||
int i, l, u;
|
||||
char *t;
|
||||
|
||||
u = 0;
|
||||
t = tmpbuf;
|
||||
|
||||
for (i = 0; i < bits; ++i) {
|
||||
if (flags & (1<<i)) {
|
||||
l = strlen(list[i]);
|
||||
if ((l + u + 2) < tmpbuf_size) {
|
||||
bcopy(list[i], t, l);
|
||||
t += l;
|
||||
u += l;
|
||||
*t++ = ' ';
|
||||
} else {
|
||||
goto str_flag8_err;
|
||||
}
|
||||
} /* if */
|
||||
} /* for */
|
||||
|
||||
/* any strings added then back up over trailing space */
|
||||
if (u)
|
||||
--t;
|
||||
|
||||
*t = 0;
|
||||
return tmpbuf;
|
||||
|
||||
str_flag8_err:
|
||||
xerr_warnx("str_flag8(): tmpbuf too small.");
|
||||
return "";
|
||||
|
||||
} /* str_flag8 */
|
||||
|
||||
int str_find8(char *list[], uint8_t *id, char *s, uint8_t min, uint8_t max)
|
||||
{
|
||||
int i;
|
||||
*id = 0;
|
||||
|
||||
for (i = min; i <= max; ++i) {
|
||||
if (!strcasecmp(s, list[i])) {
|
||||
*id = i;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
xerr_warnx("str_find8(): %s not found.", s);
|
||||
return -1;
|
||||
|
||||
} /* str_find8 */
|
||||
|
||||
int str_setflag8(char *list[], uint8_t *flags, char *s, uint8_t min,
|
||||
uint8_t max)
|
||||
{
|
||||
int i;
|
||||
*flags = 0;
|
||||
|
||||
for (i = min; i < max; ++i) {
|
||||
if (!strcasecmp(s, list[i]))
|
||||
*flags |= 1<<i;
|
||||
}
|
||||
|
||||
if (*flags)
|
||||
return 0;
|
||||
|
||||
xerr_warnx("str_setflag8(): %s not found.", s);
|
||||
return -1;
|
||||
|
||||
} /* str_setflag8 */
|
||||
|
||||
#ifdef STR_EXAMPLE
|
||||
|
||||
#include <stdio.h>
|
||||
|
|
19
common/str.h
19
common/str.h
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: str.h 15 2009-11-26 18:29:41Z maf $
|
||||
* $Id: str.h 85 2009-12-28 00:05:02Z maf $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
|
@ -38,10 +38,25 @@ int chr_ishex(char d);
|
|||
char chr_hex_l(u_char h);
|
||||
char chr_hex_r(u_char h);
|
||||
u_char chr_hex_decode(char h);
|
||||
void str_hex_dump(char *buf, u_char *b, size_t n);
|
||||
int str_hex_dump(char *buf, u_char *b, size_t n);
|
||||
int str_hex_decode(char *in, size_t in_len, u_char *out, size_t out_len);
|
||||
void str_ftoc(char *buf, char *f, size_t n);
|
||||
int str_input(const char *prompt, char *buf, size_t buf_size, int flags);
|
||||
int str_safe(char *input, size_t len);
|
||||
int str_uint32toa(char *s, uint32_t u);
|
||||
|
||||
char *str_lookup8(char *list[], uint8_t id, uint8_t min, uint8_t max);
|
||||
|
||||
char *str_flag8(char *list[], uint8_t flags, uint8_t bits, char *tmpbuf,
|
||||
size_t tmpbuf_size);
|
||||
|
||||
int str_setflag8(char *list[], uint8_t *flags, char *s, uint8_t min,
|
||||
uint8_t max);
|
||||
|
||||
int str_find8(char *list[], uint8_t *id, char *s, uint8_t min, uint8_t max);
|
||||
|
||||
#define STR_FLAGS_ECHO_OFF 0x1
|
||||
|
||||
#define STR_UINT32_LEN 11 /* 2^32-1=4294967295 + NULL = 11 bytes */
|
||||
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# $Id: QUICKSTART 32 2009-11-30 01:18:29Z maf $
|
||||
# $Id: QUICKSTART 76 2009-12-26 21:04:01Z maf $
|
||||
#
|
||||
|
||||
OpenOTP is an implementation of the HOTP protocol using a ZeitControl
|
||||
|
@ -10,7 +10,7 @@ Included is a C library implementation of the HOTP protocol and
|
|||
associated user database management, HOTP PAM library, OpenVPN plug-in module,
|
||||
micro RADIUS server with HOTP support, and utilties for managing the Smart
|
||||
Card, Spyrus reader, and host side HOTP user database. The PCSC-Lite
|
||||
API provides reader support for Smart Card management under FreeBSD and Linux.
|
||||
API provides reader support for Smart Card management.
|
||||
|
||||
The card management, firmware loaders, C API, and authentication methods
|
||||
have been developed & tested for FreeBSD and Linux.
|
||||
|
@ -25,7 +25,12 @@ downloading firmware to the reader with a Spyrus downloader cable.
|
|||
Source and Binary for the BasicCard firmware is supplied. Modification
|
||||
requires the Windows BasicCard development software available as
|
||||
a free download from ZeitControl. A Unix version of bcload implemented
|
||||
with the PCSC-Lite interface is included.
|
||||
with the PCSC-Lite interface and embedded ACR30S driver is included.
|
||||
|
||||
The Smart Card based token generator is standards based and may be
|
||||
used with other RFC compliant HOTP implementations. Other HOTP
|
||||
token generators may be used with the Unix side HOTP library
|
||||
and authentication modules.
|
||||
|
||||
Distribution:
|
||||
|
||||
|
@ -319,9 +324,9 @@ semanage fcontext -a -t textrel_shlib_t /lib/security/pam_otp.so
|
|||
# to temporarily disable SELinux for testing use
|
||||
# setenforce 0
|
||||
|
||||
# create the OTP database with one deactivated user (joe)
|
||||
# create the OTP database with one inactive user (joe)
|
||||
otp-control -n -u joe -m add
|
||||
otp-control -u joe -m deactivate
|
||||
otp-control -u joe -m set-status inactive
|
||||
otp-control -u joe -m list
|
||||
|
||||
>Username.......joe
|
||||
|
@ -392,7 +397,7 @@ Password:
|
|||
Last login: Tue Sep 1 23:21:20 2009 from 10.1.0.26
|
||||
|
||||
# activate user
|
||||
otp-control -u joe -m activate
|
||||
otp-control -u joe -m set-status -s active
|
||||
|
||||
# login with OTP generated earlier
|
||||
bastion.eng:~% ssh 10.1.0.25
|
||||
|
@ -420,22 +425,20 @@ arrow until the "DownloadApp" menu item is present.
|
|||
Start the htsoft-downloader utility using serial port at /dev/cuaU0 :
|
||||
|
||||
# FreeBSD USB Serial Adapter
|
||||
htsoft-downloader -v1 -f /dev/cuaU0 < $OOTP/firmware/spyrus1.3.hex
|
||||
htsoft-downloader -v1 -i -f /dev/cuaU0 < $OOTP/firmware/spyrus1.3.hex
|
||||
|
||||
# Linux USB Serial Adapter
|
||||
htsoft-downloader -v1 -f /dev/ttyS0 < $OOTP/firmware/spyrus1.3.hex
|
||||
htsoft-downloader -v1 -i -f /dev/ttyS0 < $OOTP/firmware/spyrus1.3.hex
|
||||
|
||||
Press Enter on the spyrus reader to start the download application:
|
||||
|
||||
Waiting for bootloader......
|
||||
|
||||
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwTwwwwPIC reset failed.
|
||||
htsoft-downloader: htsoft_v1bl_done(): failed
|
||||
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwTwF
|
||||
PIC reset sent, ignored last WOK timeout.
|
||||
|
||||
Note the htsoft_v1bl_done(): failed message is cosmetic. The bootloader code
|
||||
in the spyrus reader does not appear to send a final ACK per the source code
|
||||
documentation from htsoft/Microchip. Increase the verbosity level for more
|
||||
debugging information if necessary.
|
||||
Increase the verbosity level for more debugging information if necessary.
|
||||
The -i option is required for the bootloader provided with the Spyrus reader.
|
||||
|
||||
A Windows PIC downloader which will work with the Spyrus reader is available
|
||||
at http://www.ehl.cz/pic/pic_e.htm. It will also note an error when trying
|
||||
|
@ -747,18 +750,19 @@ the high bit of the 2nd character in the hostname.
|
|||
|
||||
|
||||
See also:
|
||||
This site http://www.splintered.net/sw/otp
|
||||
HOTP ID http://www.ietf.org/internet-drafts/draft-mraihi-oath-hmac-otp-02.txt
|
||||
IETF slides http://www3.ietf.org/proceedings/05mar/slides/saag-2/sld1.htm
|
||||
SHA-1 http://www.itl.nist.gov/fipspubs/fip180-1.htm
|
||||
HMAC http://www.faqs.org/rfcs/rfc2104.html
|
||||
BasicCard http://www.basiccard.com/
|
||||
Linux PAM http://www.kernel.org/pub/linux/libs/pam/
|
||||
PAM S-Key http://kreator.esa.fer.hr/projects/tarballs/pam_skey-1.1.3.tar.gz
|
||||
This site http://www.splintered.net/sw/otp
|
||||
HOTP ID http://www.ietf.org/internet-drafts/draft-mraihi-oath-hmac-otp-02.txt
|
||||
IETF slides http://www3.ietf.org/proceedings/05mar/slides/saag-2/sld1.htm
|
||||
SHA-1 http://www.itl.nist.gov/fipspubs/fip180-1.htm
|
||||
HMAC http://www.faqs.org/rfcs/rfc2104.html
|
||||
BasicCard http://www.basiccard.com/
|
||||
Linux PAM http://www.kernel.org/pub/linux/libs/pam/
|
||||
PAM S-Key http://kreator.esa.fer.hr/projects/tarballs/pam_skey-1.1.3.tar.gz
|
||||
(used as a reference PAM module)
|
||||
Spyrus http://www.spyrus.com
|
||||
PCSC-LITE http://pcsclite.alioth.debian.org/
|
||||
Smart Cards http://www.smartcardfocus.com/
|
||||
Spyrus http://www.spyrus.com
|
||||
PCSC-LITE http://pcsclite.alioth.debian.org/
|
||||
Smart Cards http://www.smartcardfocus.com/
|
||||
BalanceReader http://www.basiccard.com/chip/balanceR.pdf
|
||||
|
||||
#
|
||||
# The HOTP database is not encrypted. For added security use an encrypted
|
||||
|
|
28
doc/TODO
28
doc/TODO
|
@ -5,5 +5,31 @@ RADIUS dspcnt flag urd, force display count
|
|||
|
||||
RADIUS proxy support
|
||||
|
||||
default no GetHost() in BasicCard
|
||||
get documentation for the ACS balance reader
|
||||
ACS balance reader support dec31.6?
|
||||
|
||||
break out htsoft-downloader, urd, bcload?
|
||||
|
||||
architecture document
|
||||
formats
|
||||
post
|
||||
|
||||
basiccard build notes
|
||||
|
||||
full coverage testing for otplib and ffdb
|
||||
|
||||
otp-token (soft token)
|
||||
|
||||
count use 64 bit current time option
|
||||
|
||||
balance reader simulator
|
||||
|
||||
Break out Linux/FreeBSD/MAC build notes into separate file from QUICKSTART
|
||||
|
||||
Test with Linux PICC. Add spyrus Makefile to build without Windows
|
||||
|
||||
Spyrus main.c missing
|
||||
EE2LCD()
|
||||
U8 Temp[4];
|
||||
RESP_INFO *respDump = (RESP_INFO*) Temp;
|
||||
|
||||
|
|
13
doc/bcload.1
13
doc/bcload.1
|
@ -79,7 +79,14 @@ Disable paranoid check for ZC3\&.9 hardware\&. Enhanced Smart Cards will
|
|||
probably work, support for the professional cards require changes
|
||||
to \fBbcload\&.c\fP\&.
|
||||
.IP "-r\fI reader\fP" 10
|
||||
Set the smart card reader\&. Use -l to list available readers\&.
|
||||
Set Smart Card reader\&. Use -l to list available readers\&. A reader
|
||||
is defined as class:reader:[option]\&. PCSC and embedded
|
||||
are the two available classes\&. The embedded class contains the acr30s driver
|
||||
which is specified as embedded:acr30s:[serial_port]\&.
|
||||
If pcscd is running the first PC/SC reader will be the default followed by
|
||||
the embedded acr30s driver\&. Use PCSC: for the first available PC/SC
|
||||
reader\&. Use embedded:acr30s:/dev/cuaU0 for the embedded acr30s driver
|
||||
with serial port /dev/cuaU0\&.
|
||||
.IP "-t" 10
|
||||
Force card mode to TEST after programming\&. Defaults to the mode
|
||||
specified in the image file\&.
|
||||
|
@ -87,7 +94,7 @@ specified in the image file\&.
|
|||
Display verbose status messages while programming the card\&.
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Download the HOTPC\&.IMG file to the default smart card reader\&. Display
|
||||
Download the HOTPC\&.IMG file to the default Smart Card reader\&. Display
|
||||
verbose results\&.
|
||||
.PP
|
||||
.nf
|
||||
|
@ -127,4 +134,4 @@ Mark Fullmer maf@splintered\&.net
|
|||
\fBotp-ov-plugin\fP(1)
|
||||
\fBurd\fP(1)
|
||||
spyrus-par2(7)
|
||||
...\" created by instant / docbook-to-man, Mon 30 Nov 2009, 13:15
|
||||
...\" created by instant / docbook-to-man, Sun 27 Dec 2009, 22:01
|
||||
|
|
|
@ -150,7 +150,20 @@ CLASS="REPLACEABLE"
|
|||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Set the smart card reader. Use -l to list available readers.</P
|
||||
>Set Smart Card reader. Use -l to list available readers. A reader
|
||||
is defined as class:reader:[<SPAN
|
||||
CLASS="OPTIONAL"
|
||||
>option</SPAN
|
||||
>]. PCSC and embedded
|
||||
are the two available classes. The embedded class contains the acr30s driver
|
||||
which is specified as embedded:acr30s:[<SPAN
|
||||
CLASS="OPTIONAL"
|
||||
>serial_port</SPAN
|
||||
>].
|
||||
If pcscd is running the first PC/SC reader will be the default followed by
|
||||
the embedded acr30s driver. Use PCSC: for the first available PC/SC
|
||||
reader. Use embedded:acr30s:/dev/cuaU0 for the embedded acr30s driver
|
||||
with serial port /dev/cuaU0.</P
|
||||
></DD
|
||||
><DT
|
||||
>-t</DT
|
||||
|
@ -171,7 +184,7 @@ specified in the image file.</P
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN65"
|
||||
NAME="AEN67"
|
||||
></A
|
||||
><H2
|
||||
>EXAMPLES</H2
|
||||
|
@ -180,10 +193,10 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN67"
|
||||
NAME="AEN69"
|
||||
></A
|
||||
><P
|
||||
>Download the HOTPC.IMG file to the default smart card reader. Display
|
||||
>Download the HOTPC.IMG file to the default Smart Card reader. Display
|
||||
verbose results.</P
|
||||
><PRE
|
||||
CLASS="SCREEN"
|
||||
|
@ -223,7 +236,7 @@ BCSetState: test</SAMP
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN72"
|
||||
NAME="AEN74"
|
||||
></A
|
||||
><H2
|
||||
>AUTHOR</H2
|
||||
|
@ -240,7 +253,7 @@ HREF="mailto:maf@splintered.net"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN79"
|
||||
NAME="AEN81"
|
||||
></A
|
||||
><H2
|
||||
>SEE ALSO</H2
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
|
||||
|
||||
<!-- $Id: bcload.sgml 13 2009-11-26 16:37:03Z maf $ -->
|
||||
<!-- $Id: bcload.sgml 62 2009-12-18 17:26:31Z maf $ -->
|
||||
|
||||
<refentry>
|
||||
<refmeta>
|
||||
|
@ -95,7 +95,14 @@ to <filename>bcload.c</filename>.
|
|||
<term>-r<replaceable> reader</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the smart card reader. Use -l to list available readers.
|
||||
Set Smart Card reader. Use -l to list available readers. A reader
|
||||
is defined as class:reader:<optional>option</optional>. PCSC and embedded
|
||||
are the two available classes. The embedded class contains the acr30s driver
|
||||
which is specified as embedded:acr30s:<optional>serial_port</optional>.
|
||||
If pcscd is running the first PC/SC reader will be the default followed by
|
||||
the embedded acr30s driver. Use PCSC: for the first available PC/SC
|
||||
reader. Use embedded:acr30s:/dev/cuaU0 for the embedded acr30s driver
|
||||
with serial port /dev/cuaU0.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -128,7 +135,7 @@ Display verbose status messages while programming the card.
|
|||
|
||||
<informalexample>
|
||||
<para>
|
||||
Download the HOTPC.IMG file to the default smart card reader. Display
|
||||
Download the HOTPC.IMG file to the default Smart Card reader. Display
|
||||
verbose results.
|
||||
</para>
|
||||
<screen>
|
||||
|
|
|
@ -69,6 +69,8 @@ on standard output and downloaded to a PIC on the
|
|||
.SH "OPTIONS"
|
||||
.IP "-h" 10
|
||||
Help
|
||||
.IP "-i" 10
|
||||
Ignore timeout for last WOK after sending reset\&.
|
||||
.IP "-f\fI serial_device\fP" 10
|
||||
Serial device filename\&. Examples:
|
||||
.IP "" 10
|
||||
|
@ -93,7 +95,7 @@ Transfer the HEX file spyrus1\&.1\&.hex to a PIC connected to
|
|||
the bootloader in this device does not send the last WOK command, this
|
||||
appears to be harmless\&.
|
||||
.PP
|
||||
\fBpic-downloader -v9 -f /dev/ttyUSB0 < spyrys1\&.1\&.hex\fP
|
||||
\fBpic-downloader -v9 -i -f /dev/ttyUSB0 < spyrys1\&.1\&.hex\fP
|
||||
.PP
|
||||
.nf
|
||||
Waiting for bootloader\&.\&.\&.\&.\&.\&.\&.\&.\&.\&.
|
||||
|
@ -108,11 +110,10 @@ write: data=202530A0008430E8202017833010008430362020120A118A2DBD060401800A84
|
|||
|
||||
\&.\&.\&.
|
||||
|
||||
upload block: load_offset=0x1FFA bytes_to_send=6
|
||||
Dwrite: cmd=E3 load=0FFD bytes=06 csum=AA
|
||||
write: data=00CB30C42EBD
|
||||
wDONE: reply=F8, expecting E4wwwwpic-downloader: htsoft_v1bl_done(): failed
|
||||
PIC reset failed\&.
|
||||
upload block: load_offset=0x1FF8 bytes_to_send=8
|
||||
Dwrite: cmd=E3 load=0FFC bytes=08 csum=7E
|
||||
write: data=246B120A158A3400
|
||||
wDONE: reply=F0, expecting E4wPIC reset sent\&.
|
||||
.fi
|
||||
.SH "AUTHOR"
|
||||
.PP
|
||||
|
@ -124,4 +125,4 @@ Intel Hexadecimal Object File Format Specification Rev A
|
|||
www\&.htsoft\&.com
|
||||
.PP
|
||||
http://www\&.ehl\&.cz/pic/pic_e\&.htm
|
||||
...\" created by instant / docbook-to-man, Mon 30 Nov 2009, 13:15
|
||||
...\" created by instant / docbook-to-man, Sun 27 Dec 2009, 22:01
|
||||
|
|
|
@ -108,6 +108,12 @@ CLASS="VARIABLELIST"
|
|||
>Help</P
|
||||
></DD
|
||||
><DT
|
||||
>-i</DT
|
||||
><DD
|
||||
><P
|
||||
>Ignore timeout for last WOK after sending reset.</P
|
||||
></DD
|
||||
><DT
|
||||
>-f<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
|
@ -175,7 +181,7 @@ output. A level of 1 will indicate the overall status of the transfer.</P
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN60"
|
||||
NAME="AEN64"
|
||||
></A
|
||||
><H2
|
||||
>EXAMPLE</H2
|
||||
|
@ -184,7 +190,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN62"
|
||||
NAME="AEN66"
|
||||
></A
|
||||
><P
|
||||
>Transfer the HEX file spyrus1.1.hex to a PIC connected to
|
||||
|
@ -197,7 +203,7 @@ appears to be harmless.</P
|
|||
><P
|
||||
> <B
|
||||
CLASS="COMMAND"
|
||||
>pic-downloader -v9 -f /dev/ttyUSB0 < spyrys1.1.hex</B
|
||||
>pic-downloader -v9 -i -f /dev/ttyUSB0 < spyrys1.1.hex</B
|
||||
></P
|
||||
><PRE
|
||||
CLASS="SCREEN"
|
||||
|
@ -213,11 +219,10 @@ write: data=202530A0008430E8202017833010008430362020120A118A2DBD060401800A84
|
|||
|
||||
...
|
||||
|
||||
upload block: load_offset=0x1FFA bytes_to_send=6
|
||||
Dwrite: cmd=E3 load=0FFD bytes=06 csum=AA
|
||||
write: data=00CB30C42EBD
|
||||
wDONE: reply=F8, expecting E4wwwwpic-downloader: htsoft_v1bl_done(): failed
|
||||
PIC reset failed. </PRE
|
||||
upload block: load_offset=0x1FF8 bytes_to_send=8
|
||||
Dwrite: cmd=E3 load=0FFC bytes=08 csum=7E
|
||||
write: data=246B120A158A3400
|
||||
wDONE: reply=F0, expecting E4wPIC reset sent.</PRE
|
||||
><P
|
||||
></P
|
||||
></DIV
|
||||
|
@ -225,7 +230,7 @@ PIC reset failed. </PRE
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN68"
|
||||
NAME="AEN72"
|
||||
></A
|
||||
><H2
|
||||
>AUTHOR</H2
|
||||
|
@ -242,7 +247,7 @@ HREF="mailto:maf@splintered.net"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN75"
|
||||
NAME="AEN79"
|
||||
></A
|
||||
><H2
|
||||
>SEE ALSO</H2
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
|
||||
|
||||
<!-- $Id: htsoft-downloader.sgml 13 2009-11-26 16:37:03Z maf $ -->
|
||||
<!-- $Id: htsoft-downloader.sgml 74 2009-12-26 20:40:57Z maf $ -->
|
||||
|
||||
<refentry>
|
||||
|
||||
|
@ -58,6 +58,15 @@ Help
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-i</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Ignore timeout for last WOK after sending reset.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-f<replaceable> serial_device</replaceable></term>
|
||||
<listitem>
|
||||
|
@ -120,7 +129,7 @@ the bootloader in this device does not send the last WOK command, this
|
|||
appears to be harmless.
|
||||
</para>
|
||||
<para>
|
||||
<command>pic-downloader -v9 -f /dev/ttyUSB0 < spyrys1.1.hex</command>
|
||||
<command>pic-downloader -v9 -i -f /dev/ttyUSB0 < spyrys1.1.hex</command>
|
||||
</para>
|
||||
<screen>
|
||||
Waiting for bootloader..........
|
||||
|
@ -135,12 +144,10 @@ write: data=202530A0008430E8202017833010008430362020120A118A2DBD060401800A84
|
|||
|
||||
...
|
||||
|
||||
upload block: load_offset=0x1FFA bytes_to_send=6
|
||||
Dwrite: cmd=E3 load=0FFD bytes=06 csum=AA
|
||||
write: data=00CB30C42EBD
|
||||
wDONE: reply=F8, expecting E4wwwwpic-downloader: htsoft_v1bl_done(): failed
|
||||
PIC reset failed.
|
||||
|
||||
upload block: load_offset=0x1FF8 bytes_to_send=8
|
||||
Dwrite: cmd=E3 load=0FFC bytes=08 csum=7E
|
||||
write: data=246B120A158A3400
|
||||
wDONE: reply=F0, expecting E4wPIC reset sent.
|
||||
</screen>
|
||||
</informalexample>
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
\fBotp-control\fP \(em Local user database configuration for One Time Password package\&.
|
||||
.SH "SYNOPSIS"
|
||||
.PP
|
||||
\fBotp-control\fP [-?hnv] [-c\fI count\fP] [-C\fI count_ceil\fP] [-F\fI sc_flags\fP] [-H\fI sc_hostname\fP] [-I\fI sc_index\fP] [-k\fI key\fP] [-m\fI command_mode\fP] [-o\fI otpdb_pathname\fP] [-u\fI username\fP] [-w\fI window\fP]
|
||||
\fBotp-control\fP [-?hnv] [-c\fI count\fP] [-C\fI count_ceil\fP] [-f\fI format\fP] [-F\fI flags\fP] [-H\fI sc_hostname\fP] [-I\fI sc_index\fP] [-k\fI key\fP] [-m\fI command_mode\fP] [-o\fI otpdb_pathname\fP] [-s\fI status\fP] [-S\fI sc_flags\fP] [-t\fI type\fP] [-u\fI username\fP] [-w\fI window\fP]
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fBotp-control\fP command is a front end to the
|
||||
|
@ -86,10 +86,23 @@ must be presented to the OTP generator\&. The additional step of entering
|
|||
the count to the OTP generator is not necessary when keys are not
|
||||
shared, as the currrent count will increase on the OTP generator and
|
||||
system database during authentication\&.
|
||||
.IP "-f" 10
|
||||
OTP format\&. One of hex40 dhex40 dec31\&.6 dec31\&.7 dec31\&.8 dec31\&.9 dec31\&.10\&.
|
||||
hex40 (40 bit hex) is the default\&. dec31\&.6 (31 bit decimal truncated to 6
|
||||
digits) is suggested by RFC 4226 and may be required to interoperate with
|
||||
other HOTP implementations\&. dhex40 uses the dynamic truncate function
|
||||
in RFC 4226, where hex40 always uses the top 40 bits\&. dhex40 may be the
|
||||
default in future releases\&.
|
||||
.IP "-F" 10
|
||||
OTP flags\&. All flags are unset by default\&.
|
||||
.PP
|
||||
.nf
|
||||
Flag Description
|
||||
-----------------------------------------------------------------
|
||||
display-count : Display HOTP count when prompted for challenge\&.
|
||||
.fi
|
||||
.IP "-h" 10
|
||||
Help\&.
|
||||
.IP "-F\fI sc_flags\fP" 10
|
||||
Set the SC flags with the list-sc command mode\&. 0=CHALLENGE, 1=READERKEY\&.
|
||||
.IP "-H\fI sc_hostname\fP" 10
|
||||
Set the SC hostname with the list-sc command mode\&.
|
||||
.IP "-I\fI sc_index\fP" 10
|
||||
|
@ -106,26 +119,42 @@ C0C3D47F1CC68ECE0DF81D008F0C0D72D43EB745
|
|||
Mode Description
|
||||
-------------------------------------------------
|
||||
add - Add user
|
||||
activate - Activate user
|
||||
create - Create database
|
||||
deactivate - Deactivate user
|
||||
disable - Disable user
|
||||
dump - ASCII dump user record(s)
|
||||
flags-dspcnt - Set user display count flag\&.
|
||||
flags-no-dspcnt - Clear user display count flag\&.
|
||||
generate - Generate HOTP for user
|
||||
list - List user record (printable)
|
||||
list-sc - List user record (SC friendly)
|
||||
load - ASCII load user record(s)
|
||||
remove - Remove user
|
||||
set-count - Reset count for user
|
||||
set-count-ceil - Reset count ceiling for user
|
||||
set-count - Set user count
|
||||
set-count-ceil - Set user count ceiling
|
||||
set-flags - Set user flags
|
||||
set-format - Set user format
|
||||
set-status - Set user status
|
||||
set-type - Set user OTP type
|
||||
test - Test user
|
||||
.fi
|
||||
.IP "-n" 10
|
||||
Create new database if one does not exist\&.
|
||||
.IP "-o\fI otp_pathname\fP" 10
|
||||
Pathname of OTP database\&.
|
||||
.IP "-s\fI otp_pathname\fP" 10
|
||||
OTP Status\&. The default status is active\&.
|
||||
.PP
|
||||
.nf
|
||||
Status Description
|
||||
-----------------------------------------------------------------
|
||||
active : OTP is required for succesful authentication\&.
|
||||
inactive : OTP may not be required for successful authentication\&.
|
||||
The OTP authentication module may be configured to allow
|
||||
inactive accounts to authenticate\&. This may be used to
|
||||
temporarily remove the OTP authentication method for a user\&.
|
||||
disabled : Account is disabled\&. OTP authentication will fail\&.
|
||||
.fi
|
||||
.IP "-S\fI sc_flags\fP" 10
|
||||
Set the SC flags with the list-sc command mode\&. 0=CHALLENGE, 1=READERKEY\&.
|
||||
.IP "-t\fI type\fP" 10
|
||||
OTP Type\&. RFC 4226 HOTP is only supported type\&.
|
||||
.IP "-u\fI username\fP" 10
|
||||
Username to perform database operation on\&.
|
||||
.IP "-v" 10
|
||||
|
@ -144,32 +173,18 @@ of tokens generated\&.
|
|||
.PP
|
||||
\fBadd\fP : add user to OTP database\&. count_cur and count_ceiling may optionally
|
||||
be specified with -c and -C respectively\&. A random key will be generated
|
||||
if no key is specified with -k\&.
|
||||
.PP
|
||||
\fBactivate\fP : activate user\&. An active user must provide a OTP for successful
|
||||
authentication\&. An inactive user _may_ be successfully authenticated
|
||||
without a OTP depending on the application configuration\&. The pam_otp
|
||||
module can be configured to use this flag with the "allow_inactive" option\&.
|
||||
if no key is specified with -k\&. The format, flags, status, and type
|
||||
may be altered from the defaults with -f, -F, -s, and -t respectively\&.
|
||||
.PP
|
||||
\fBcreate\fP : create OTP database\&. The OTP database is a base directory with each
|
||||
user stored in a separate ASCII : delimited file in base_dir/d\&.
|
||||
.PP
|
||||
\fBdeactivate\fP : deactivate user\&. See activate\&.
|
||||
.PP
|
||||
\fBdisable\fP : disable user\&. A disabled user can not successfully authenticate\&.
|
||||
.PP
|
||||
\fBdump\fP : dump user database in ASCII\&. User records are separated by a newline\&.
|
||||
Fields are : separated\&. All fields except the username are HEX encoded\&.
|
||||
.PP
|
||||
#version:user:key:status:format:type:flags:count_cur:count_ceil:last
|
||||
01:test:1111111111111111111111111111111111111111:01:01:01:00:00000000000003E8:00000000000007D0:0000000000000000
|
||||
.PP
|
||||
\fBflags-dspcnt\fP : set the display count flag\&. An application such as pam_otp will use
|
||||
this flag to control the display of the OTP count when challenging a
|
||||
user\&.
|
||||
.PP
|
||||
\fBflags-no-dspcnt\fP : clear the display count flag\&.
|
||||
.PP
|
||||
\fBgenerate\fP : generate OTP for user\&. The -w flag may be used to generate multiple
|
||||
OTP tokens\&.
|
||||
.PP
|
||||
|
@ -188,6 +203,14 @@ specified with -I and -F\&.
|
|||
\fBset-count-ceil\fP : set count_ceiling for user\&. A OTP will not authenticate when
|
||||
count_cur >= count_cieiling\&.
|
||||
.PP
|
||||
\fBset-flags\fP : set flags for user\&. See option -F\&.
|
||||
.PP
|
||||
\fBset-format\fP : set format for user\&. See option -f\&.
|
||||
.PP
|
||||
\fBset-status\fP : set status for user\&. See option -s\&.
|
||||
.PP
|
||||
\fBset-type\fP : set status for user\&. See option -t\&.
|
||||
.PP
|
||||
\fBtest\fP : test OTP authentication for user\&.
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
|
@ -213,7 +236,7 @@ Version\&.\&.\&.\&.\&.\&.\&.\&.1
|
|||
Status\&.\&.\&.\&.\&.\&.\&.\&.\&.active (1)
|
||||
Format\&.\&.\&.\&.\&.\&.\&.\&.\&.hex40 (1)
|
||||
Type\&.\&.\&.\&.\&.\&.\&.\&.\&.\&.\&.HOTP (1)
|
||||
Flags\&.\&.\&.\&.\&.\&.\&.\&.\&.\&.00
|
||||
Flags\&.\&.\&.\&.\&.\&.\&.\&.\&.\&.[] (0x00)
|
||||
.fi
|
||||
.PP
|
||||
Generate OTP for user bob\&.
|
||||
|
@ -267,4 +290,4 @@ Mark Fullmer maf@splintered\&.net
|
|||
\fBurd\fP(1)
|
||||
\fBbcload\fP(1)
|
||||
spyrus-par2(7)
|
||||
...\" created by instant / docbook-to-man, Mon 30 Nov 2009, 13:16
|
||||
...\" created by instant / docbook-to-man, Sun 27 Dec 2009, 22:01
|
||||
|
|
|
@ -53,10 +53,15 @@ CLASS="REPLACEABLE"
|
|||
><I
|
||||
> count_ceil</I
|
||||
></TT
|
||||
>] [-f<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> format</I
|
||||
></TT
|
||||
>] [-F<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> sc_flags</I
|
||||
> flags</I
|
||||
></TT
|
||||
>] [-H<TT
|
||||
CLASS="REPLACEABLE"
|
||||
|
@ -83,6 +88,21 @@ CLASS="REPLACEABLE"
|
|||
><I
|
||||
> otpdb_pathname</I
|
||||
></TT
|
||||
>] [-s<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> status</I
|
||||
></TT
|
||||
>] [-S<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> sc_flags</I
|
||||
></TT
|
||||
>] [-t<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> type</I
|
||||
></TT
|
||||
>] [-u<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
|
@ -98,7 +118,7 @@ CLASS="REPLACEABLE"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN34"
|
||||
NAME="AEN42"
|
||||
></A
|
||||
><H2
|
||||
>DESCRIPTION</H2
|
||||
|
@ -116,7 +136,7 @@ CLASS="COMMAND"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN39"
|
||||
NAME="AEN47"
|
||||
></A
|
||||
><H2
|
||||
>OPTIONS</H2
|
||||
|
@ -167,23 +187,35 @@ shared, as the currrent count will increase on the OTP generator and
|
|||
system database during authentication.</P
|
||||
></DD
|
||||
><DT
|
||||
>-f</DT
|
||||
><DD
|
||||
><P
|
||||
>OTP format. One of hex40 dhex40 dec31.6 dec31.7 dec31.8 dec31.9 dec31.10.
|
||||
hex40 (40 bit hex) is the default. dec31.6 (31 bit decimal truncated to 6
|
||||
digits) is suggested by RFC 4226 and may be required to interoperate with
|
||||
other HOTP implementations. dhex40 uses the dynamic truncate function
|
||||
in RFC 4226, where hex40 always uses the top 40 bits. dhex40 may be the
|
||||
default in future releases.</P
|
||||
></DD
|
||||
><DT
|
||||
>-F</DT
|
||||
><DD
|
||||
><P
|
||||
>OTP flags. All flags are unset by default.
|
||||
<PRE
|
||||
CLASS="SCREEN"
|
||||
> Flag Description
|
||||
-----------------------------------------------------------------
|
||||
display-count : Display HOTP count when prompted for challenge.</PRE
|
||||
></P
|
||||
></DD
|
||||
><DT
|
||||
>-h</DT
|
||||
><DD
|
||||
><P
|
||||
>Help.</P
|
||||
></DD
|
||||
><DT
|
||||
>-F<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> sc_flags</I
|
||||
></TT
|
||||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Set the SC flags with the list-sc command mode. 0=CHALLENGE, 1=READERKEY.</P
|
||||
></DD
|
||||
><DT
|
||||
>-H<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
|
@ -235,20 +267,19 @@ CLASS="SCREEN"
|
|||
> Mode Description
|
||||
-------------------------------------------------
|
||||
add - Add user
|
||||
activate - Activate user
|
||||
create - Create database
|
||||
deactivate - Deactivate user
|
||||
disable - Disable user
|
||||
dump - ASCII dump user record(s)
|
||||
flags-dspcnt - Set user display count flag.
|
||||
flags-no-dspcnt - Clear user display count flag.
|
||||
generate - Generate HOTP for user
|
||||
list - List user record (printable)
|
||||
list-sc - List user record (SC friendly)
|
||||
load - ASCII load user record(s)
|
||||
remove - Remove user
|
||||
set-count - Reset count for user
|
||||
set-count-ceil - Reset count ceiling for user
|
||||
set-count - Set user count
|
||||
set-count-ceil - Set user count ceiling
|
||||
set-flags - Set user flags
|
||||
set-format - Set user format
|
||||
set-status - Set user status
|
||||
set-type - Set user OTP type
|
||||
test - Test user</PRE
|
||||
></DD
|
||||
><DT
|
||||
|
@ -269,6 +300,50 @@ CLASS="REPLACEABLE"
|
|||
>Pathname of OTP database.</P
|
||||
></DD
|
||||
><DT
|
||||
>-s<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> otp_pathname</I
|
||||
></TT
|
||||
></DT
|
||||
><DD
|
||||
><P
|
||||
>OTP Status. The default status is active.
|
||||
<PRE
|
||||
CLASS="SCREEN"
|
||||
> Status Description
|
||||
-----------------------------------------------------------------
|
||||
active : OTP is required for succesful authentication.
|
||||
inactive : OTP may not be required for successful authentication.
|
||||
The OTP authentication module may be configured to allow
|
||||
inactive accounts to authenticate. This may be used to
|
||||
temporarily remove the OTP authentication method for a user.
|
||||
disabled : Account is disabled. OTP authentication will fail.</PRE
|
||||
></P
|
||||
></DD
|
||||
><DT
|
||||
>-S<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> sc_flags</I
|
||||
></TT
|
||||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Set the SC flags with the list-sc command mode. 0=CHALLENGE, 1=READERKEY.</P
|
||||
></DD
|
||||
><DT
|
||||
>-t<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> type</I
|
||||
></TT
|
||||
></DT
|
||||
><DD
|
||||
><P
|
||||
>OTP Type. RFC 4226 HOTP is only supported type.</P
|
||||
></DD
|
||||
><DT
|
||||
>-u<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
|
@ -310,7 +385,7 @@ of tokens generated.</P
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN111"
|
||||
NAME="AEN139"
|
||||
></A
|
||||
><H2
|
||||
>OTP-CONTROL COMMANDS</H2
|
||||
|
@ -321,16 +396,8 @@ CLASS="COMMAND"
|
|||
>
|
||||
: add user to OTP database. count_cur and count_ceiling may optionally
|
||||
be specified with -c and -C respectively. A random key will be generated
|
||||
if no key is specified with -k.</P
|
||||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>activate</B
|
||||
>
|
||||
: activate user. An active user must provide a OTP for successful
|
||||
authentication. An inactive user _may_ be successfully authenticated
|
||||
without a OTP depending on the application configuration. The pam_otp
|
||||
module can be configured to use this flag with the "allow_inactive" option.</P
|
||||
if no key is specified with -k. The format, flags, status, and type
|
||||
may be altered from the defaults with -f, -F, -s, and -t respectively.</P
|
||||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
|
@ -341,18 +408,6 @@ user stored in a separate ASCII : delimited file in base_dir/d.</P
|
|||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>deactivate</B
|
||||
>
|
||||
: deactivate user. See activate.</P
|
||||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>disable</B
|
||||
>
|
||||
: disable user. A disabled user can not successfully authenticate.</P
|
||||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>dump</B
|
||||
>
|
||||
: dump user database in ASCII. User records are separated by a newline.
|
||||
|
@ -363,20 +418,6 @@ Fields are : separated. All fields except the username are HEX encoded.</P
|
|||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>flags-dspcnt</B
|
||||
>
|
||||
: set the display count flag. An application such as pam_otp will use
|
||||
this flag to control the display of the OTP count when challenging a
|
||||
user.</P
|
||||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>flags-no-dspcnt</B
|
||||
>
|
||||
: clear the display count flag.</P
|
||||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>generate</B
|
||||
>
|
||||
: generate OTP for user. The -w flag may be used to generate multiple
|
||||
|
@ -423,6 +464,30 @@ count_cur >= count_cieiling.</P
|
|||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>set-flags</B
|
||||
>
|
||||
: set flags for user. See option -F.</P
|
||||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>set-format</B
|
||||
>
|
||||
: set format for user. See option -f.</P
|
||||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>set-status</B
|
||||
>
|
||||
: set status for user. See option -s.</P
|
||||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>set-type</B
|
||||
>
|
||||
: set status for user. See option -t.</P
|
||||
><P
|
||||
><B
|
||||
CLASS="COMMAND"
|
||||
>test</B
|
||||
>
|
||||
: test OTP authentication for user.</P
|
||||
|
@ -430,7 +495,7 @@ CLASS="COMMAND"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN146"
|
||||
NAME="AEN172"
|
||||
></A
|
||||
><H2
|
||||
>EXAMPLES</H2
|
||||
|
@ -439,7 +504,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN148"
|
||||
NAME="AEN174"
|
||||
></A
|
||||
><P
|
||||
>Create a new OTP database /etc/otpdb. Add user bob with random key.</P
|
||||
|
@ -460,7 +525,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN153"
|
||||
NAME="AEN179"
|
||||
></A
|
||||
><P
|
||||
>Display user bob OTP database entry.</P
|
||||
|
@ -479,7 +544,7 @@ Version........1
|
|||
Status.........active (1)
|
||||
Format.........hex40 (1)
|
||||
Type...........HOTP (1)
|
||||
Flags..........00</PRE
|
||||
Flags..........[] (0x00)</PRE
|
||||
><P
|
||||
></P
|
||||
></DIV
|
||||
|
@ -488,7 +553,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN158"
|
||||
NAME="AEN184"
|
||||
></A
|
||||
><P
|
||||
>Generate OTP for user bob.</P
|
||||
|
@ -508,7 +573,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN163"
|
||||
NAME="AEN189"
|
||||
></A
|
||||
><P
|
||||
>Test OTP for user bob.</P
|
||||
|
@ -530,7 +595,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN168"
|
||||
NAME="AEN194"
|
||||
></A
|
||||
><P
|
||||
>Dump OTP database to stdout. Fields other than username are hex encoded.
|
||||
|
@ -552,7 +617,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN173"
|
||||
NAME="AEN199"
|
||||
></A
|
||||
><P
|
||||
>Dump OTP user to stdout in format friendly to <B
|
||||
|
@ -580,7 +645,7 @@ CLASS="COMPUTEROUTPUT"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN180"
|
||||
NAME="AEN206"
|
||||
></A
|
||||
><H2
|
||||
>AUTHOR</H2
|
||||
|
@ -597,7 +662,7 @@ HREF="mailto:maf@splintered.net"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN187"
|
||||
NAME="AEN213"
|
||||
></A
|
||||
><H2
|
||||
>SEE ALSO</H2
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
|
||||
|
||||
<!-- $Id: otp-control.sgml 13 2009-11-26 16:37:03Z maf $ -->
|
||||
<!-- $Id: otp-control.sgml 80 2009-12-26 23:25:04Z maf $ -->
|
||||
|
||||
<refentry>
|
||||
|
||||
|
@ -26,12 +26,16 @@ Local user database configuration for One Time Password package.
|
|||
<arg>-?hnv</arg>
|
||||
<arg>-c<replaceable> count</replaceable></arg>
|
||||
<arg>-C<replaceable> count_ceil</replaceable></arg>
|
||||
<arg>-F<replaceable> sc_flags</replaceable></arg>
|
||||
<arg>-f<replaceable> format</replaceable></arg>
|
||||
<arg>-F<replaceable> flags</replaceable></arg>
|
||||
<arg>-H<replaceable> sc_hostname</replaceable></arg>
|
||||
<arg>-I<replaceable> sc_index</replaceable></arg>
|
||||
<arg>-k<replaceable> key</replaceable></arg>
|
||||
<arg>-m<replaceable> command_mode</replaceable></arg>
|
||||
<arg>-o<replaceable> otpdb_pathname</replaceable></arg>
|
||||
<arg>-s<replaceable> status</replaceable></arg>
|
||||
<arg>-S<replaceable> sc_flags</replaceable></arg>
|
||||
<arg>-t<replaceable> type</replaceable></arg>
|
||||
<arg>-u<replaceable> username</replaceable></arg>
|
||||
<arg>-w<replaceable> window</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
@ -88,6 +92,35 @@ system database during authentication.
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-f</term>
|
||||
<listitem>
|
||||
<para>
|
||||
OTP format. One of hex40 dhex40 dec31.6 dec31.7 dec31.8 dec31.9 dec31.10.
|
||||
hex40 (40 bit hex) is the default. dec31.6 (31 bit decimal truncated to 6
|
||||
digits) is suggested by RFC 4226 and may be required to interoperate with
|
||||
other HOTP implementations. dhex40 uses the dynamic truncate function
|
||||
in RFC 4226, where hex40 always uses the top 40 bits. dhex40 may be the
|
||||
default in future releases.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-F</term>
|
||||
<listitem>
|
||||
<para>
|
||||
OTP flags. All flags are unset by default.
|
||||
<screen>
|
||||
Flag Description
|
||||
-----------------------------------------------------------------
|
||||
display-count : Display HOTP count when prompted for challenge.
|
||||
</screen>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-h</term>
|
||||
<listitem>
|
||||
|
@ -97,14 +130,6 @@ Help.
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-F<replaceable> sc_flags</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the SC flags with the list-sc command mode. 0=CHALLENGE, 1=READERKEY.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-H<replaceable> sc_hostname</replaceable></term>
|
||||
|
@ -146,20 +171,19 @@ C0C3D47F1CC68ECE0DF81D008F0C0D72D43EB745
|
|||
Mode Description
|
||||
-------------------------------------------------
|
||||
add - Add user
|
||||
activate - Activate user
|
||||
create - Create database
|
||||
deactivate - Deactivate user
|
||||
disable - Disable user
|
||||
dump - ASCII dump user record(s)
|
||||
flags-dspcnt - Set user display count flag.
|
||||
flags-no-dspcnt - Clear user display count flag.
|
||||
generate - Generate HOTP for user
|
||||
list - List user record (printable)
|
||||
list-sc - List user record (SC friendly)
|
||||
load - ASCII load user record(s)
|
||||
remove - Remove user
|
||||
set-count - Reset count for user
|
||||
set-count-ceil - Reset count ceiling for user
|
||||
set-count - Set user count
|
||||
set-count-ceil - Set user count ceiling
|
||||
set-flags - Set user flags
|
||||
set-format - Set user format
|
||||
set-status - Set user status
|
||||
set-type - Set user OTP type
|
||||
test - Test user
|
||||
</screen>
|
||||
</listitem>
|
||||
|
@ -183,6 +207,44 @@ Pathname of OTP database.
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-s<replaceable> otp_pathname</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
OTP Status. The default status is active.
|
||||
<screen>
|
||||
Status Description
|
||||
-----------------------------------------------------------------
|
||||
active : OTP is required for succesful authentication.
|
||||
inactive : OTP may not be required for successful authentication.
|
||||
The OTP authentication module may be configured to allow
|
||||
inactive accounts to authenticate. This may be used to
|
||||
temporarily remove the OTP authentication method for a user.
|
||||
disabled : Account is disabled. OTP authentication will fail.
|
||||
</screen>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-S<replaceable> sc_flags</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the SC flags with the list-sc command mode. 0=CHALLENGE, 1=READERKEY.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-t<replaceable> type</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
OTP Type. RFC 4226 HOTP is only supported type.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-u<replaceable> username</replaceable></term>
|
||||
<listitem>
|
||||
|
@ -228,28 +290,16 @@ of tokens generated.
|
|||
<command>add</command>
|
||||
: add user to OTP database. count_cur and count_ceiling may optionally
|
||||
be specified with -c and -C respectively. A random key will be generated
|
||||
if no key is specified with -k.
|
||||
</para>
|
||||
<para>
|
||||
<command>activate</command>
|
||||
: activate user. An active user must provide a OTP for successful
|
||||
authentication. An inactive user _may_ be successfully authenticated
|
||||
without a OTP depending on the application configuration. The pam_otp
|
||||
module can be configured to use this flag with the "allow_inactive" option.
|
||||
if no key is specified with -k. The format, flags, status, and type
|
||||
may be altered from the defaults with -f, -F, -s, and -t respectively.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>create</command>
|
||||
: create OTP database. The OTP database is a base directory with each
|
||||
user stored in a separate ASCII : delimited file in base_dir/d.
|
||||
</para>
|
||||
<para>
|
||||
<command>deactivate</command>
|
||||
: deactivate user. See activate.
|
||||
</para>
|
||||
<para>
|
||||
<command>disable</command>
|
||||
: disable user. A disabled user can not successfully authenticate.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>dump</command>
|
||||
: dump user database in ASCII. User records are separated by a newline.
|
||||
|
@ -258,48 +308,66 @@ Fields are : separated. All fields except the username are HEX encoded.
|
|||
#version:user:key:status:format:type:flags:count_cur:count_ceil:last
|
||||
01:test:1111111111111111111111111111111111111111:01:01:01:00:00000000000003E8:00000000000007D0:0000000000000000
|
||||
</para>
|
||||
<para>
|
||||
<command>flags-dspcnt</command>
|
||||
: set the display count flag. An application such as pam_otp will use
|
||||
this flag to control the display of the OTP count when challenging a
|
||||
user.
|
||||
</para>
|
||||
<para>
|
||||
<command>flags-no-dspcnt</command>
|
||||
: clear the display count flag.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>generate</command>
|
||||
: generate OTP for user. The -w flag may be used to generate multiple
|
||||
OTP tokens.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>list</command>
|
||||
: list user record in user friendly format.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>list-sc</command>
|
||||
: list user record in otp-sc import friendly format. The SC hostname
|
||||
must be specified with -H. The SC index and SC flags may optionally be
|
||||
specified with -I and -F.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>load</command>
|
||||
: load user record(s)s in ASCII format. See dump.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>remove</command>
|
||||
: remove user from OTP database.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>set-count</command>
|
||||
: set count_current for user.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>set-count-ceil</command>
|
||||
: set count_ceiling for user. A OTP will not authenticate when
|
||||
count_cur >= count_cieiling.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>set-flags</command>
|
||||
: set flags for user. See option -F.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>set-format</command>
|
||||
: set format for user. See option -f.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>set-status</command>
|
||||
: set status for user. See option -s.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>set-type</command>
|
||||
: set status for user. See option -t.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<command>test</command>
|
||||
: test OTP authentication for user.
|
||||
|
@ -339,7 +407,7 @@ Version........1
|
|||
Status.........active (1)
|
||||
Format.........hex40 (1)
|
||||
Type...........HOTP (1)
|
||||
Flags..........00
|
||||
Flags..........[] (0x00)
|
||||
</screen>
|
||||
</informalexample>
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
\fBotp-ov-plugin\fP \(em OpenVPN plug-in authentication module for OTP database\&.
|
||||
.SH "SYNOPSIS"
|
||||
.PP
|
||||
\fBotp-ov-plugin\fP [-?hv] [-o\fI otpdb_fname\fP]
|
||||
\fBotp-ov-plugin\fP [-?hv] [-o\fI otpdb_fname\fP] [-w\fI otp_window\fP]
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fBotp-ov-plugin\fP command is plug-in authentication
|
||||
|
@ -74,6 +74,8 @@ Help
|
|||
Pathname of OTP database\&.
|
||||
.IP "-v" 10
|
||||
Verbose
|
||||
.IP "-w" 10
|
||||
Set the OTP challenge window\&.
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Test the module with user bob\&.
|
||||
|
@ -101,4 +103,4 @@ Mark Fullmer maf@splintered\&.net
|
|||
\fBbcload\fP(1)
|
||||
\fBOpenVPN\fP(8)
|
||||
spyrus-par2(7)
|
||||
...\" created by instant / docbook-to-man, Mon 30 Nov 2009, 13:16
|
||||
...\" created by instant / docbook-to-man, Sun 27 Dec 2009, 22:01
|
||||
|
|
|
@ -48,12 +48,17 @@ CLASS="REPLACEABLE"
|
|||
><I
|
||||
> otpdb_fname</I
|
||||
></TT
|
||||
>] [-w<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> otp_window</I
|
||||
></TT
|
||||
>]</P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN16"
|
||||
NAME="AEN18"
|
||||
></A
|
||||
><H2
|
||||
>DESCRIPTION</H2
|
||||
|
@ -94,7 +99,7 @@ CLASS="RETURNVALUE"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN25"
|
||||
NAME="AEN27"
|
||||
></A
|
||||
><H2
|
||||
>OPTIONS</H2
|
||||
|
@ -126,13 +131,19 @@ CLASS="REPLACEABLE"
|
|||
><P
|
||||
>Verbose</P
|
||||
></DD
|
||||
><DT
|
||||
>-w</DT
|
||||
><DD
|
||||
><P
|
||||
>Set the OTP challenge window.</P
|
||||
></DD
|
||||
></DL
|
||||
></DIV
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN41"
|
||||
NAME="AEN47"
|
||||
></A
|
||||
><H2
|
||||
>EXAMPLES</H2
|
||||
|
@ -141,7 +152,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN43"
|
||||
NAME="AEN49"
|
||||
></A
|
||||
><P
|
||||
>Test the module with user bob.</P
|
||||
|
@ -170,7 +181,7 @@ CLASS="SCREEN"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN52"
|
||||
NAME="AEN58"
|
||||
></A
|
||||
><H2
|
||||
>AUTHOR</H2
|
||||
|
@ -187,7 +198,7 @@ HREF="mailto:maf@splintered.net"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN59"
|
||||
NAME="AEN65"
|
||||
></A
|
||||
><H2
|
||||
>SEE ALSO</H2
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
|
||||
|
||||
<!-- $Id: otp-ov-plugin.sgml 13 2009-11-26 16:37:03Z maf $ -->
|
||||
<!-- $Id: otp-ov-plugin.sgml 50 2009-12-15 01:37:19Z maf $ -->
|
||||
|
||||
<refentry>
|
||||
|
||||
|
@ -25,6 +25,7 @@ OpenVPN plug-in authentication module for OTP database.
|
|||
<command>otp-ov-plugin</command>
|
||||
<arg>-?hv</arg>
|
||||
<arg>-o<replaceable> otpdb_fname</replaceable></arg>
|
||||
<arg>-w<replaceable> otp_window</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
|
@ -74,6 +75,16 @@ Verbose
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-w</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the OTP challenge window.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
@ -60,15 +60,15 @@
|
|||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fBotp-sca\fP command implements a terminal for an MCU based
|
||||
smart card loaded with the OTP firmware (HOTPC\&.IMG)\&. Host entries consisting
|
||||
of {hostname,count,shared_key} are downloaded to the smart card using
|
||||
Smart Card loaded with the OTP firmware (HOTPC\&.IMG)\&. Host entries consisting
|
||||
of {hostname,count,shared_key} are downloaded to the Smart Card using
|
||||
\fBotp-sca\fP\&. Additionally commands implemented on the
|
||||
smart card such as HOTP generation and PIN maintenance can be executed
|
||||
Smart Card such as HOTP generation and PIN maintenance can be executed
|
||||
with the appropriate administratative key\&.
|
||||
.SH "OPTIONS"
|
||||
.IP "-a\fI admin_keyfile\fP" 10
|
||||
Smart Card administratative key\&. The admin-enable command and
|
||||
administratative key are used to toggle the smart card into admin mode\&.
|
||||
administratative key are used to toggle the Smart Card into admin mode\&.
|
||||
Once in admin mode commands admin-disable, adminkey-set, balancecard-set,
|
||||
host-get, host-set, pin-set, and sc-clear can be executed\&. The default admin
|
||||
key, "3030303030303030303030303030303030303030" (HEX), should be changed to
|
||||
|
@ -80,10 +80,10 @@ Set debug level\&.
|
|||
.IP "-h" 10
|
||||
Help\&.
|
||||
.IP "-i\fI index\fP" 10
|
||||
Set the 8 bit index\&. The smart card contains numerically indexed records
|
||||
Set the 8 bit index\&. The Smart Card contains numerically indexed records
|
||||
for each host of the form {hostname,count,shared_key}\&. The firmware
|
||||
will support indexes in the range 0\&.\&.254\&. 255 is reserved\&. Memory
|
||||
capacity on the smart card may further restrict the index range\&. The
|
||||
capacity on the Smart Card may further restrict the index range\&. The
|
||||
ZC3\&.9 BasicCard with firmware revision 3 supports up to 85 records\&.
|
||||
.IP "-l" 10
|
||||
List SC Readers
|
||||
|
@ -125,11 +125,18 @@ List SC Readers
|
|||
Configure command_mode modifiers\&. Modifier d applied to the host-get
|
||||
command will generate output in otpdb format\&. Count (c) and Host (h)
|
||||
used with hotp-gen allow passing the Count and Host parameters
|
||||
respectively\&. The smart card may not be configured to support
|
||||
respectively\&. The Smart Card may not be configured to support
|
||||
all variations of a command\&.
|
||||
variations
|
||||
.IP "-r\fI reader\fP" 10
|
||||
Set the smart card reader\&. Use -l to list available readers\&.
|
||||
Set Smart Card reader\&. Use -l to list available readers\&. A reader
|
||||
is defined as class:reader:[option]\&. PCSC and embedded
|
||||
are the two available classes\&. The embedded class contains the acr30s driver
|
||||
which is specified as embedded:acr30s:[serial_port]\&.
|
||||
If pcscd is running the first PC/SC reader will be the default followed by
|
||||
the embedded acr30s driver\&. Use PCSC: for the first available PC/SC
|
||||
reader\&. Use embedded:acr30s:/dev/cuaU0 for the embedded acr30s driver
|
||||
with serial port /dev/cuaU0\&.
|
||||
.IP "-R\fI reader_keyfile\fP" 10
|
||||
Smart Card Reader key\&. The reader-key-set command can be used
|
||||
to set this key in the Smart Card\&. To emulate the behavior of
|
||||
|
@ -145,10 +152,10 @@ PAR II reader this is set in the PAR II EEProm\&.
|
|||
Set username\&. The username is used with the host-get command and
|
||||
d modifier\&.
|
||||
.IP "-v\fI card_api_version\fP" 10
|
||||
Set the smart card API version\&. The binary API between the terminal
|
||||
and smart card changed between version 2 and 3\&. See command_mode notes
|
||||
Set the Smart Card API version\&. The binary API between the terminal
|
||||
and Smart Card changed between version 2 and 3\&. See command_mode notes
|
||||
above\&. The default version is 3\&. Configuring version 2 will allow
|
||||
maintenance of smart card with version 2 firmware\&.
|
||||
maintenance of Smart Card with version 2 firmware\&.
|
||||
.SH "SMART CARD COMMANDS"
|
||||
.PP
|
||||
\fBadmin-enable\fP : enable administrative mode\&. The commands admin-disable, admin-key-set,
|
||||
|
@ -168,7 +175,7 @@ disable admin mode\&.
|
|||
this command\&. Using a balance reader to generate a HOTP does not require
|
||||
the use of a PIN, and is disabled by default\&.
|
||||
.PP
|
||||
\fBcapabilities-get\fP : each command on the smart card is represented by a capabilities bit and
|
||||
\fBcapabilities-get\fP : each command on the Smart Card is represented by a capabilities bit and
|
||||
conditionally compiled into HOTPC\&.IMG\&.
|
||||
capabilities-get will return the available, compiled-in commands\&. Commands
|
||||
are defined in \fBHOTP\&.DEF\fP:
|
||||
|
@ -254,7 +261,7 @@ to unlock a SC\&.
|
|||
SC when executing the GetHOTP* commands\&. If the F1 (flag 1) bit of
|
||||
the hostname is set, this key must match the key provided by the
|
||||
reader\&. This functionality allows the reader to weakly authenticate
|
||||
itself to the smart card and may be used to restrict HOTP generation to
|
||||
itself to the Smart Card and may be used to restrict HOTP generation to
|
||||
a Spyrus PAR II reader\&.
|
||||
.PP
|
||||
\fBsc-clear\fP : reset the SC to defaults, erase all host entries\&.
|
||||
|
@ -337,7 +344,7 @@ when done\&.
|
|||
.fi
|
||||
.PP
|
||||
Use \fBotp-control\fP to create a new database for system dev1 with
|
||||
user test, store the test user database entry to the smart card with
|
||||
user test, store the test user database entry to the Smart Card with
|
||||
\fBotp-sca\fP\&.
|
||||
.PP
|
||||
.nf
|
||||
|
@ -350,7 +357,7 @@ user test, store the test user database entry to the smart card with
|
|||
# list user test entry in format ready for otp-sca to import\&. Hostname
|
||||
# of system is dev1
|
||||
\fBotp-control -o /tmp/otpdb -u test -m list-sc -H dev1 | tail -1 > /tmp/test\&.list\fP
|
||||
# copy card entry to smart card as index 0
|
||||
# copy card entry to Smart Card as index 0
|
||||
\fBecho -n "00:"| cat - /tmp/test\&.list | \&./otp-sca -m host-set\fP
|
||||
\f(CWSetHost (0): Done\fP
|
||||
.fi
|
||||
|
@ -410,4 +417,4 @@ Mark Fullmer maf@splintered\&.net
|
|||
\fBbcload\fP(1)
|
||||
\fBurd\fP(1)
|
||||
spyrus-par2(7)
|
||||
...\" created by instant / docbook-to-man, Tue 01 Dec 2009, 17:12
|
||||
...\" created by instant / docbook-to-man, Sun 27 Dec 2009, 22:01
|
||||
|
|
|
@ -107,13 +107,13 @@ NAME="AEN34"
|
|||
CLASS="COMMAND"
|
||||
>otp-sca</B
|
||||
> command implements a terminal for an MCU based
|
||||
smart card loaded with the OTP firmware (HOTPC.IMG). Host entries consisting
|
||||
of {hostname,count,shared_key} are downloaded to the smart card using
|
||||
Smart Card loaded with the OTP firmware (HOTPC.IMG). Host entries consisting
|
||||
of {hostname,count,shared_key} are downloaded to the Smart Card using
|
||||
<B
|
||||
CLASS="COMMAND"
|
||||
>otp-sca</B
|
||||
>. Additionally commands implemented on the
|
||||
smart card such as HOTP generation and PIN maintenance can be executed
|
||||
Smart Card such as HOTP generation and PIN maintenance can be executed
|
||||
with the appropriate administratative key.</P
|
||||
></DIV
|
||||
><DIV
|
||||
|
@ -138,7 +138,7 @@ CLASS="REPLACEABLE"
|
|||
><DD
|
||||
><P
|
||||
>Smart Card administratative key. The admin-enable command and
|
||||
administratative key are used to toggle the smart card into admin mode.
|
||||
administratative key are used to toggle the Smart Card into admin mode.
|
||||
Once in admin mode commands admin-disable, adminkey-set, balancecard-set,
|
||||
host-get, host-set, pin-set, and sc-clear can be executed. The default admin
|
||||
key, "3030303030303030303030303030303030303030" (HEX), should be changed to
|
||||
|
@ -181,10 +181,10 @@ CLASS="REPLACEABLE"
|
|||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Set the 8 bit index. The smart card contains numerically indexed records
|
||||
>Set the 8 bit index. The Smart Card contains numerically indexed records
|
||||
for each host of the form {hostname,count,shared_key}. The firmware
|
||||
will support indexes in the range 0..254. 255 is reserved. Memory
|
||||
capacity on the smart card may further restrict the index range. The
|
||||
capacity on the Smart Card may further restrict the index range. The
|
||||
ZC3.9 BasicCard with firmware revision 3 supports up to 85 records.</P
|
||||
></DD
|
||||
><DT
|
||||
|
@ -248,7 +248,7 @@ CLASS="REPLACEABLE"
|
|||
>Configure command_mode modifiers. Modifier d applied to the host-get
|
||||
command will generate output in otpdb format. Count (c) and Host (h)
|
||||
used with hotp-gen allow passing the Count and Host parameters
|
||||
respectively. The smart card may not be configured to support
|
||||
respectively. The Smart Card may not be configured to support
|
||||
all variations of a command.
|
||||
variations </P
|
||||
></DD
|
||||
|
@ -261,7 +261,20 @@ CLASS="REPLACEABLE"
|
|||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Set the smart card reader. Use -l to list available readers.</P
|
||||
>Set Smart Card reader. Use -l to list available readers. A reader
|
||||
is defined as class:reader:[<SPAN
|
||||
CLASS="OPTIONAL"
|
||||
>option</SPAN
|
||||
>]. PCSC and embedded
|
||||
are the two available classes. The embedded class contains the acr30s driver
|
||||
which is specified as embedded:acr30s:[<SPAN
|
||||
CLASS="OPTIONAL"
|
||||
>serial_port</SPAN
|
||||
>].
|
||||
If pcscd is running the first PC/SC reader will be the default followed by
|
||||
the embedded acr30s driver. Use PCSC: for the first available PC/SC
|
||||
reader. Use embedded:acr30s:/dev/cuaU0 for the embedded acr30s driver
|
||||
with serial port /dev/cuaU0.</P
|
||||
></DD
|
||||
><DT
|
||||
>-R<TT
|
||||
|
@ -304,10 +317,10 @@ CLASS="REPLACEABLE"
|
|||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Set the smart card API version. The binary API between the terminal
|
||||
and smart card changed between version 2 and 3. See command_mode notes
|
||||
>Set the Smart Card API version. The binary API between the terminal
|
||||
and Smart Card changed between version 2 and 3. See command_mode notes
|
||||
above. The default version is 3. Configuring version 2 will allow
|
||||
maintenance of smart card with version 2 firmware.</P
|
||||
maintenance of Smart Card with version 2 firmware.</P
|
||||
></DD
|
||||
></DL
|
||||
></DIV
|
||||
|
@ -315,7 +328,7 @@ maintenance of smart card with version 2 firmware.</P
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN103"
|
||||
NAME="AEN105"
|
||||
></A
|
||||
><H2
|
||||
>SMART CARD COMMANDS</H2
|
||||
|
@ -360,7 +373,7 @@ the use of a PIN, and is disabled by default.</P
|
|||
CLASS="COMMAND"
|
||||
>capabilities-get</B
|
||||
>
|
||||
: each command on the smart card is represented by a capabilities bit and
|
||||
: each command on the Smart Card is represented by a capabilities bit and
|
||||
conditionally compiled into HOTPC.IMG.
|
||||
capabilities-get will return the available, compiled-in commands. Commands
|
||||
are defined in <TT
|
||||
|
@ -476,7 +489,7 @@ CLASS="COMMAND"
|
|||
SC when executing the GetHOTP* commands. If the F1 (flag 1) bit of
|
||||
the hostname is set, this key must match the key provided by the
|
||||
reader. This functionality allows the reader to weakly authenticate
|
||||
itself to the smart card and may be used to restrict HOTP generation to
|
||||
itself to the Smart Card and may be used to restrict HOTP generation to
|
||||
a Spyrus PAR II reader.</P
|
||||
><P
|
||||
><B
|
||||
|
@ -560,7 +573,7 @@ CLASS="COMMAND"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN145"
|
||||
NAME="AEN147"
|
||||
></A
|
||||
><H2
|
||||
>EXAMPLES</H2
|
||||
|
@ -569,7 +582,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN147"
|
||||
NAME="AEN149"
|
||||
></A
|
||||
><P
|
||||
>Change the administratative key from the default. Disable admin mode
|
||||
|
@ -623,14 +636,14 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN158"
|
||||
NAME="AEN160"
|
||||
></A
|
||||
><P
|
||||
>Use <B
|
||||
CLASS="COMMAND"
|
||||
>otp-control</B
|
||||
> to create a new database for system dev1 with
|
||||
user test, store the test user database entry to the smart card with
|
||||
user test, store the test user database entry to the Smart Card with
|
||||
<B
|
||||
CLASS="COMMAND"
|
||||
>otp-sca</B
|
||||
|
@ -666,7 +679,7 @@ CLASS="COMMAND"
|
|||
>otp-control -o /tmp/otpdb -u test -m list-sc -H dev1 | tail -1 > /tmp/test.list</B
|
||||
>
|
||||
|
||||
# copy card entry to smart card as index 0
|
||||
# copy card entry to Smart Card as index 0
|
||||
<B
|
||||
CLASS="COMMAND"
|
||||
>echo -n "00:"| cat - /tmp/test.list | ./otp-sca -m host-set</B
|
||||
|
@ -684,7 +697,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN170"
|
||||
NAME="AEN172"
|
||||
></A
|
||||
><P
|
||||
>Dump card contents to stdout. Note fields are encoded in HEX including
|
||||
|
@ -712,7 +725,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN175"
|
||||
NAME="AEN177"
|
||||
></A
|
||||
><P
|
||||
>Reset user PIN for card with secret.key as the admin key.</P
|
||||
|
@ -757,7 +770,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN184"
|
||||
NAME="AEN186"
|
||||
></A
|
||||
><P
|
||||
>Generate HOTP for dev1. Use hostname-get to find the index for dev1. Use
|
||||
|
@ -798,7 +811,7 @@ HOTP: 52DCD05FE5 -- dev1</SAMP
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN191"
|
||||
NAME="AEN193"
|
||||
></A
|
||||
><H2
|
||||
>AUTHOR</H2
|
||||
|
@ -815,7 +828,7 @@ HREF="mailto:maf@splintered.net"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN198"
|
||||
NAME="AEN200"
|
||||
></A
|
||||
><H2
|
||||
>SEE ALSO</H2
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
|
||||
|
||||
<!-- $Id: otp-sca.sgml 13 2009-11-26 16:37:03Z maf $ -->
|
||||
<!-- $Id: otp-sca.sgml 62 2009-12-18 17:26:31Z maf $ -->
|
||||
|
||||
<refentry>
|
||||
|
||||
|
@ -42,10 +42,10 @@ Smart Card Administration for One Time Password package.
|
|||
<title>DESCRIPTION</title>
|
||||
<para>
|
||||
The <command>otp-sca</command> command implements a terminal for an MCU based
|
||||
smart card loaded with the OTP firmware (HOTPC.IMG). Host entries consisting
|
||||
of {hostname,count,shared_key} are downloaded to the smart card using
|
||||
Smart Card loaded with the OTP firmware (HOTPC.IMG). Host entries consisting
|
||||
of {hostname,count,shared_key} are downloaded to the Smart Card using
|
||||
<command>otp-sca</command>. Additionally commands implemented on the
|
||||
smart card such as HOTP generation and PIN maintenance can be executed
|
||||
Smart Card such as HOTP generation and PIN maintenance can be executed
|
||||
with the appropriate administratative key.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
@ -59,7 +59,7 @@ with the appropriate administratative key.
|
|||
<listitem>
|
||||
<para>
|
||||
Smart Card administratative key. The admin-enable command and
|
||||
administratative key are used to toggle the smart card into admin mode.
|
||||
administratative key are used to toggle the Smart Card into admin mode.
|
||||
Once in admin mode commands admin-disable, adminkey-set, balancecard-set,
|
||||
host-get, host-set, pin-set, and sc-clear can be executed. The default admin
|
||||
key, "3030303030303030303030303030303030303030" (HEX), should be changed to
|
||||
|
@ -99,10 +99,10 @@ Help.
|
|||
<term>-i<replaceable> index</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the 8 bit index. The smart card contains numerically indexed records
|
||||
Set the 8 bit index. The Smart Card contains numerically indexed records
|
||||
for each host of the form {hostname,count,shared_key}. The firmware
|
||||
will support indexes in the range 0..254. 255 is reserved. Memory
|
||||
capacity on the smart card may further restrict the index range. The
|
||||
capacity on the Smart Card may further restrict the index range. The
|
||||
ZC3.9 BasicCard with firmware revision 3 supports up to 85 records.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -164,7 +164,7 @@ List SC Readers
|
|||
Configure command_mode modifiers. Modifier d applied to the host-get
|
||||
command will generate output in otpdb format. Count (c) and Host (h)
|
||||
used with hotp-gen allow passing the Count and Host parameters
|
||||
respectively. The smart card may not be configured to support
|
||||
respectively. The Smart Card may not be configured to support
|
||||
all variations of a command.
|
||||
variations
|
||||
</para>
|
||||
|
@ -175,7 +175,14 @@ variations
|
|||
<term>-r<replaceable> reader</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the smart card reader. Use -l to list available readers.
|
||||
Set Smart Card reader. Use -l to list available readers. A reader
|
||||
is defined as class:reader:<optional>option</optional>. PCSC and embedded
|
||||
are the two available classes. The embedded class contains the acr30s driver
|
||||
which is specified as embedded:acr30s:<optional>serial_port</optional>.
|
||||
If pcscd is running the first PC/SC reader will be the default followed by
|
||||
the embedded acr30s driver. Use PCSC: for the first available PC/SC
|
||||
reader. Use embedded:acr30s:/dev/cuaU0 for the embedded acr30s driver
|
||||
with serial port /dev/cuaU0.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -214,10 +221,10 @@ d modifier.
|
|||
<term>-v<replaceable> card_api_version</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the smart card API version. The binary API between the terminal
|
||||
and smart card changed between version 2 and 3. See command_mode notes
|
||||
Set the Smart Card API version. The binary API between the terminal
|
||||
and Smart Card changed between version 2 and 3. See command_mode notes
|
||||
above. The default version is 3. Configuring version 2 will allow
|
||||
maintenance of smart card with version 2 firmware.
|
||||
maintenance of Smart Card with version 2 firmware.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -256,7 +263,7 @@ the use of a PIN, and is disabled by default.
|
|||
</para>
|
||||
<para>
|
||||
<command>capabilities-get</command>
|
||||
: each command on the smart card is represented by a capabilities bit and
|
||||
: each command on the Smart Card is represented by a capabilities bit and
|
||||
conditionally compiled into HOTPC.IMG.
|
||||
capabilities-get will return the available, compiled-in commands. Commands
|
||||
are defined in <filename>HOTP.DEF</filename>:
|
||||
|
@ -354,7 +361,7 @@ to unlock a SC.
|
|||
SC when executing the GetHOTP* commands. If the F1 (flag 1) bit of
|
||||
the hostname is set, this key must match the key provided by the
|
||||
reader. This functionality allows the reader to weakly authenticate
|
||||
itself to the smart card and may be used to restrict HOTP generation to
|
||||
itself to the Smart Card and may be used to restrict HOTP generation to
|
||||
a Spyrus PAR II reader.
|
||||
</para>
|
||||
<para>
|
||||
|
@ -464,7 +471,7 @@ when done.
|
|||
<informalexample>
|
||||
<para>
|
||||
Use <command>otp-control</command> to create a new database for system dev1 with
|
||||
user test, store the test user database entry to the smart card with
|
||||
user test, store the test user database entry to the Smart Card with
|
||||
<command>otp-sca</command>.
|
||||
</para>
|
||||
<screen>
|
||||
|
@ -482,7 +489,7 @@ user test, store the test user database entry to the smart card with
|
|||
# of system is dev1
|
||||
<command>otp-control -o /tmp/otpdb -u test -m list-sc -H dev1 | tail -1 > /tmp/test.list</command>
|
||||
|
||||
# copy card entry to smart card as index 0
|
||||
# copy card entry to Smart Card as index 0
|
||||
<command>echo -n "00:"| cat - /tmp/test.list | ./otp-sca -m host-set</command>
|
||||
|
||||
<computeroutput>SetHost (0): Done</computeroutput>
|
||||
|
|
|
@ -60,33 +60,40 @@
|
|||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fBotp-sct\fP command is a user interface to generating
|
||||
One Time Passwords with a smart card loaded with OTP software\&.
|
||||
One Time Passwords with a Smart Card loaded with OTP software\&.
|
||||
.SH "OPTIONS"
|
||||
.IP "-c\fI count\fP" 10
|
||||
Configure the optional count parameter to sync a smart card to a challenge\&.
|
||||
Configure the optional count parameter to sync a Smart Card to a challenge\&.
|
||||
.IP "-d\fI debug_level\fP" 10
|
||||
Set debug level\&.
|
||||
.IP "-h" 10
|
||||
Help\&.
|
||||
.IP "-i\fI index\fP" 10
|
||||
Set the 8 bit index\&. The smart card contains numerically indexed records
|
||||
Set the 8 bit index\&. The Smart Card contains numerically indexed records
|
||||
for each host system\&. Use the -l option to list hostnames associated with
|
||||
the index\&. The default index is 0\&.
|
||||
.IP "-l" 10
|
||||
List SC Readers
|
||||
.IP "-L" 10
|
||||
List host systems configured on the smart card\&. The index is used with the -i option\&.
|
||||
List host systems configured on the Smart Card\&. The index is used with the -i option\&.
|
||||
.IP "-o" 10
|
||||
Set new PIN\&.
|
||||
.IP "-r\fI reader\fP" 10
|
||||
Set the smart card reader\&. Use -l to list available readers\&.
|
||||
Set Smart Card reader\&. Use -l to list available readers\&. A reader
|
||||
is defined as class:reader:[option]\&. PCSC and embedded
|
||||
are the two available classes\&. The embedded class contains the acr30s driver
|
||||
which is specified as embedded:acr30s:[serial_port]\&.
|
||||
If pcscd is running the first PC/SC reader will be the default followed by
|
||||
the embedded acr30s driver\&. Use PCSC: for the first available PC/SC
|
||||
reader\&. Use embedded:acr30s:/dev/cuaU0 for the embedded acr30s driver
|
||||
with serial port /dev/cuaU0\&.
|
||||
.IP "-v\fI card_api_version\fP" 10
|
||||
Set the smart card API version\&. The binary API between the terminal
|
||||
and smart card changed between version 2 and 3\&. See command mode notes
|
||||
Set the Smart Card API version\&. The binary API between the terminal
|
||||
and Smart Card changed between version 2 and 3\&. See command mode notes
|
||||
above\&. The default version is 3\&. Configuring version 2 will allow
|
||||
maintenance of smart card with version 2 firmware\&.
|
||||
maintenance of Smart Card with version 2 firmware\&.
|
||||
.IP "-V" 10
|
||||
List the smart card firmware version\&.
|
||||
List the Smart Card firmware version\&.
|
||||
.IP "-1" 10
|
||||
Use the version 1 GetHOTP command instead of the default GetHOTPHostCount32\&.
|
||||
The latter is not available on firmware revision 1\&. GetHOTP may be conditionally
|
||||
|
@ -101,7 +108,7 @@ Generate a HOTP for the first system on the first PCSC reader found\&.
|
|||
HOTP: dev1\&.eng 2A5AB4B78D\fP
|
||||
.fi
|
||||
.PP
|
||||
List systems configured on smart card in default reader\&. Generate HOTP
|
||||
List systems configured on Smart Card in default reader\&. Generate HOTP
|
||||
for dev3\&.eng with count 32\&.
|
||||
.PP
|
||||
.nf
|
||||
|
@ -131,4 +138,4 @@ Mark Fullmer maf@splintered\&.net
|
|||
\fBbcload\fP(1)
|
||||
\fBurd\fP(1)
|
||||
spyrus-par2(7)
|
||||
...\" created by instant / docbook-to-man, Tue 01 Dec 2009, 17:12
|
||||
...\" created by instant / docbook-to-man, Sun 27 Dec 2009, 22:01
|
||||
|
|
|
@ -82,7 +82,7 @@ NAME="AEN24"
|
|||
CLASS="COMMAND"
|
||||
>otp-sct</B
|
||||
> command is a user interface to generating
|
||||
One Time Passwords with a smart card loaded with OTP software.</P
|
||||
One Time Passwords with a Smart Card loaded with OTP software.</P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
|
@ -105,7 +105,7 @@ CLASS="REPLACEABLE"
|
|||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Configure the optional count parameter to sync a smart card to a challenge.</P
|
||||
>Configure the optional count parameter to sync a Smart Card to a challenge.</P
|
||||
></DD
|
||||
><DT
|
||||
>-d<TT
|
||||
|
@ -133,7 +133,7 @@ CLASS="REPLACEABLE"
|
|||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Set the 8 bit index. The smart card contains numerically indexed records
|
||||
>Set the 8 bit index. The Smart Card contains numerically indexed records
|
||||
for each host system. Use the -l option to list hostnames associated with
|
||||
the index. The default index is 0.</P
|
||||
></DD
|
||||
|
@ -147,7 +147,7 @@ the index. The default index is 0.</P
|
|||
>-L</DT
|
||||
><DD
|
||||
><P
|
||||
>List host systems configured on the smart card. The index is used with the -i option.</P
|
||||
>List host systems configured on the Smart Card. The index is used with the -i option.</P
|
||||
></DD
|
||||
><DT
|
||||
>-o</DT
|
||||
|
@ -164,7 +164,20 @@ CLASS="REPLACEABLE"
|
|||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Set the smart card reader. Use -l to list available readers.</P
|
||||
>Set Smart Card reader. Use -l to list available readers. A reader
|
||||
is defined as class:reader:[<SPAN
|
||||
CLASS="OPTIONAL"
|
||||
>option</SPAN
|
||||
>]. PCSC and embedded
|
||||
are the two available classes. The embedded class contains the acr30s driver
|
||||
which is specified as embedded:acr30s:[<SPAN
|
||||
CLASS="OPTIONAL"
|
||||
>serial_port</SPAN
|
||||
>].
|
||||
If pcscd is running the first PC/SC reader will be the default followed by
|
||||
the embedded acr30s driver. Use PCSC: for the first available PC/SC
|
||||
reader. Use embedded:acr30s:/dev/cuaU0 for the embedded acr30s driver
|
||||
with serial port /dev/cuaU0.</P
|
||||
></DD
|
||||
><DT
|
||||
>-v<TT
|
||||
|
@ -175,16 +188,16 @@ CLASS="REPLACEABLE"
|
|||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Set the smart card API version. The binary API between the terminal
|
||||
and smart card changed between version 2 and 3. See command mode notes
|
||||
>Set the Smart Card API version. The binary API between the terminal
|
||||
and Smart Card changed between version 2 and 3. See command mode notes
|
||||
above. The default version is 3. Configuring version 2 will allow
|
||||
maintenance of smart card with version 2 firmware.</P
|
||||
maintenance of Smart Card with version 2 firmware.</P
|
||||
></DD
|
||||
><DT
|
||||
>-V</DT
|
||||
><DD
|
||||
><P
|
||||
>List the smart card firmware version.</P
|
||||
>List the Smart Card firmware version.</P
|
||||
></DD
|
||||
><DT
|
||||
>-1</DT
|
||||
|
@ -200,7 +213,7 @@ compiled out of newer firmware.</P
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN80"
|
||||
NAME="AEN82"
|
||||
></A
|
||||
><H2
|
||||
>EXAMPLES</H2
|
||||
|
@ -209,7 +222,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN82"
|
||||
NAME="AEN84"
|
||||
></A
|
||||
><P
|
||||
>Generate a HOTP for the first system on the first PCSC reader found.</P
|
||||
|
@ -233,10 +246,10 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN87"
|
||||
NAME="AEN89"
|
||||
></A
|
||||
><P
|
||||
>List systems configured on smart card in default reader. Generate HOTP
|
||||
>List systems configured on Smart Card in default reader. Generate HOTP
|
||||
for dev3.eng with count 32.</P
|
||||
><PRE
|
||||
CLASS="SCREEN"
|
||||
|
@ -277,7 +290,7 @@ CLASS="COMMAND"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN96"
|
||||
NAME="AEN98"
|
||||
></A
|
||||
><H2
|
||||
>AUTHOR</H2
|
||||
|
@ -294,7 +307,7 @@ HREF="mailto:maf@splintered.net"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN103"
|
||||
NAME="AEN105"
|
||||
></A
|
||||
><H2
|
||||
>SEE ALSO</H2
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
|
||||
|
||||
<!-- $Id: otp-sct.sgml 13 2009-11-26 16:37:03Z maf $ -->
|
||||
<!-- $Id: otp-sct.sgml 62 2009-12-18 17:26:31Z maf $ -->
|
||||
|
||||
<refentry>
|
||||
|
||||
|
@ -37,7 +37,7 @@ Smart Card Terminal for One Time Password package.
|
|||
<title>DESCRIPTION</title>
|
||||
<para>
|
||||
The <command>otp-sct</command> command is a user interface to generating
|
||||
One Time Passwords with a smart card loaded with OTP software.
|
||||
One Time Passwords with a Smart Card loaded with OTP software.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
@ -49,7 +49,7 @@ One Time Passwords with a smart card loaded with OTP software.
|
|||
<term>-c<replaceable> count</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Configure the optional count parameter to sync a smart card to a challenge.
|
||||
Configure the optional count parameter to sync a Smart Card to a challenge.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -76,7 +76,7 @@ Help.
|
|||
<term>-i<replaceable> index</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the 8 bit index. The smart card contains numerically indexed records
|
||||
Set the 8 bit index. The Smart Card contains numerically indexed records
|
||||
for each host system. Use the -l option to list hostnames associated with
|
||||
the index. The default index is 0.
|
||||
</para>
|
||||
|
@ -95,7 +95,7 @@ List SC Readers
|
|||
<term>-L</term>
|
||||
<listitem>
|
||||
<para>
|
||||
List host systems configured on the smart card. The index is used with the -i option.
|
||||
List host systems configured on the Smart Card. The index is used with the -i option.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -113,7 +113,14 @@ Set new PIN.
|
|||
<term>-r<replaceable> reader</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the smart card reader. Use -l to list available readers.
|
||||
Set Smart Card reader. Use -l to list available readers. A reader
|
||||
is defined as class:reader:<optional>option</optional>. PCSC and embedded
|
||||
are the two available classes. The embedded class contains the acr30s driver
|
||||
which is specified as embedded:acr30s:<optional>serial_port</optional>.
|
||||
If pcscd is running the first PC/SC reader will be the default followed by
|
||||
the embedded acr30s driver. Use PCSC: for the first available PC/SC
|
||||
reader. Use embedded:acr30s:/dev/cuaU0 for the embedded acr30s driver
|
||||
with serial port /dev/cuaU0.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -122,10 +129,10 @@ Set the smart card reader. Use -l to list available readers.
|
|||
<term>-v<replaceable> card_api_version</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the smart card API version. The binary API between the terminal
|
||||
and smart card changed between version 2 and 3. See command mode notes
|
||||
Set the Smart Card API version. The binary API between the terminal
|
||||
and Smart Card changed between version 2 and 3. See command mode notes
|
||||
above. The default version is 3. Configuring version 2 will allow
|
||||
maintenance of smart card with version 2 firmware.
|
||||
maintenance of Smart Card with version 2 firmware.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -134,7 +141,7 @@ maintenance of smart card with version 2 firmware.
|
|||
<term>-V</term>
|
||||
<listitem>
|
||||
<para>
|
||||
List the smart card firmware version.
|
||||
List the Smart Card firmware version.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -171,7 +178,7 @@ HOTP: dev1.eng 2A5AB4B78D</computeroutput>
|
|||
|
||||
<informalexample>
|
||||
<para>
|
||||
List systems configured on smart card in default reader. Generate HOTP
|
||||
List systems configured on Smart Card in default reader. Generate HOTP
|
||||
for dev3.eng with count 32.
|
||||
</para>
|
||||
<screen>
|
||||
|
|
|
@ -79,6 +79,8 @@ require_db_entry option is set\&. By default users not in the OTP
|
|||
database are permitted\&.
|
||||
.IP "\fIotpdb=\fP\fBalternate_otpdb\fP" 10
|
||||
\fBalternate_otpdb\fP is used as the OTP database\&.
|
||||
.IP "\fIwindow=window\fP" 10
|
||||
Set OTP challenge window\&.
|
||||
.SH "AUTHOR"
|
||||
.PP
|
||||
Mark Fullmer maf@splintered\&.net
|
||||
|
@ -93,4 +95,4 @@ Mark Fullmer maf@splintered\&.net
|
|||
\fBbcload\fP(1)
|
||||
\fBpam\fP(8)
|
||||
spyrus-par2(7)
|
||||
...\" created by instant / docbook-to-man, Mon 30 Nov 2009, 13:16
|
||||
...\" created by instant / docbook-to-man, Sun 27 Dec 2009, 22:01
|
||||
|
|
|
@ -148,13 +148,24 @@ CLASS="FILENAME"
|
|||
>alternate_otpdb</TT
|
||||
> is used as the OTP database.</P
|
||||
></DD
|
||||
><DT
|
||||
><TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
>window=window</I
|
||||
></TT
|
||||
></DT
|
||||
><DD
|
||||
><P
|
||||
>Set OTP challenge window.</P
|
||||
></DD
|
||||
></DL
|
||||
></DIV
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN53"
|
||||
NAME="AEN58"
|
||||
></A
|
||||
><H2
|
||||
>AUTHOR</H2
|
||||
|
@ -171,7 +182,7 @@ HREF="mailto:maf@splintered.net"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN60"
|
||||
NAME="AEN65"
|
||||
></A
|
||||
><H2
|
||||
>SEE ALSO</H2
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
|
||||
|
||||
<!-- $Id: pam_otp.sgml 13 2009-11-26 16:37:03Z maf $ -->
|
||||
<!-- $Id: pam_otp.sgml 50 2009-12-15 01:37:19Z maf $ -->
|
||||
|
||||
<refentry>
|
||||
|
||||
|
@ -95,6 +95,15 @@ database are permitted.
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><replaceable>window=window</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set OTP challenge window.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
@ -65,8 +65,12 @@ menu and two digit shortcut methods are provided for host selection\&.
|
|||
Additional functionality includes Smart Card PIN change, overriding default
|
||||
increment-on-generate per-host HOTP count behavior, and firmware management\&.
|
||||
.PP
|
||||
With the HOTP displayed, press Enter to repeat the host selection process
|
||||
for additional token generation\&.
|
||||
With the HOTP displayed, press Enter to repeat the host
|
||||
selection process for additional token generation or Down Arrow
|
||||
to generate a token for the next host\&.
|
||||
.PP
|
||||
The HOTP token is displayed as 40 bit hexadecimal or 6-10 digit decimal
|
||||
based on the format bit field provided by the Smart Card\&.
|
||||
.PP
|
||||
Use the host selection shortcut to extend battery life\&.
|
||||
.SS "Basic Functions:"
|
||||
|
@ -107,6 +111,12 @@ with this option\&.
|
|||
\fB<UP>\fP Cursor up one line\&.
|
||||
.PP
|
||||
\fB<DOWN>\fP Cursor down one line\&.
|
||||
.SS "HOTP Display"
|
||||
.PP
|
||||
.PP
|
||||
\fB<Enter>\fP Jump back to host selection\&.
|
||||
.PP
|
||||
\fB<DOWN>\fP Generate token for next host\&.
|
||||
.SH "LOADING FIRMWARE"
|
||||
.PP
|
||||
The PAR II is factory loaded with the
|
||||
|
@ -191,4 +201,4 @@ may not\&.
|
|||
\fBurd\fP(1)
|
||||
\fBbcload\fP(1)
|
||||
\fBOpenVPN\fP(8)
|
||||
...\" created by instant / docbook-to-man, Mon 30 Nov 2009, 13:16
|
||||
...\" created by instant / docbook-to-man, Sun 27 Dec 2009, 22:01
|
||||
|
|
|
@ -58,14 +58,18 @@ menu and two digit shortcut methods are provided for host selection.
|
|||
Additional functionality includes Smart Card PIN change, overriding default
|
||||
increment-on-generate per-host HOTP count behavior, and firmware management.</P
|
||||
><P
|
||||
>With the HOTP displayed, press Enter to repeat the host selection process
|
||||
for additional token generation.</P
|
||||
>With the HOTP displayed, press Enter to repeat the host
|
||||
selection process for additional token generation or Down Arrow
|
||||
to generate a token for the next host.</P
|
||||
><P
|
||||
>The HOTP token is displayed as 40 bit hexadecimal or 6-10 digit decimal
|
||||
based on the format bit field provided by the Smart Card.</P
|
||||
><P
|
||||
>Use the host selection shortcut to extend battery life.</P
|
||||
><DIV
|
||||
CLASS="REFSECT2"
|
||||
><A
|
||||
NAME="AEN19"
|
||||
NAME="AEN20"
|
||||
></A
|
||||
><H3
|
||||
>Basic Functions:</H3
|
||||
|
@ -85,7 +89,7 @@ life. A timeout will turn off the reader off without intervention.</P
|
|||
><DIV
|
||||
CLASS="REFSECT2"
|
||||
><A
|
||||
NAME="AEN25"
|
||||
NAME="AEN26"
|
||||
></A
|
||||
><H3
|
||||
>PIN Entry:</H3
|
||||
|
@ -108,7 +112,7 @@ CLASS="KEYSYM"
|
|||
><DIV
|
||||
CLASS="REFSECT2"
|
||||
><A
|
||||
NAME="AEN33"
|
||||
NAME="AEN34"
|
||||
></A
|
||||
><H3
|
||||
>Host Selection:</H3
|
||||
|
@ -156,7 +160,7 @@ CLASS="KEYSYM"
|
|||
><DIV
|
||||
CLASS="REFSECT2"
|
||||
><A
|
||||
NAME="AEN49"
|
||||
NAME="AEN50"
|
||||
></A
|
||||
><H3
|
||||
>Host Selection With Menu:</H3
|
||||
|
@ -178,11 +182,31 @@ CLASS="KEYSYM"
|
|||
>DOWN</SPAN
|
||||
> Cursor down one line.</P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="REFSECT2"
|
||||
><A
|
||||
NAME="AEN59"
|
||||
></A
|
||||
><H3
|
||||
>HOTP Display</H3
|
||||
><P
|
||||
></P
|
||||
><P
|
||||
><SPAN
|
||||
CLASS="KEYSYM"
|
||||
>Enter</SPAN
|
||||
> Jump back to host selection.</P
|
||||
><P
|
||||
><SPAN
|
||||
CLASS="KEYSYM"
|
||||
>DOWN</SPAN
|
||||
> Generate token for next host.</P
|
||||
></DIV
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN58"
|
||||
NAME="AEN66"
|
||||
></A
|
||||
><H2
|
||||
>LOADING FIRMWARE</H2
|
||||
|
@ -248,7 +272,7 @@ CLASS="STEP"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN79"
|
||||
NAME="AEN87"
|
||||
></A
|
||||
><H2
|
||||
>EEPROM CUSTOMIZATION</H2
|
||||
|
@ -355,7 +379,7 @@ CLASS="STEP"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN103"
|
||||
NAME="AEN111"
|
||||
></A
|
||||
><H2
|
||||
>AUTHOR</H2
|
||||
|
@ -372,7 +396,7 @@ HREF="mailto:maf@splintered.net"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN110"
|
||||
NAME="AEN118"
|
||||
></A
|
||||
><H2
|
||||
>BUGS</H2
|
||||
|
@ -384,7 +408,7 @@ may not.</P
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN113"
|
||||
NAME="AEN121"
|
||||
></A
|
||||
><H2
|
||||
>SEE ALSO</H2
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
|
||||
|
||||
<!-- $Id: spyrus-par2.sgml 13 2009-11-26 16:37:03Z maf $ -->
|
||||
<!-- $Id: spyrus-par2.sgml 78 2009-12-26 23:23:40Z maf $ -->
|
||||
|
||||
<refentry>
|
||||
|
||||
|
@ -37,8 +37,13 @@ Additional functionality includes Smart Card PIN change, overriding default
|
|||
increment-on-generate per-host HOTP count behavior, and firmware management.
|
||||
</para>
|
||||
<para>
|
||||
With the HOTP displayed, press Enter to repeat the host selection process
|
||||
for additional token generation.
|
||||
With the HOTP displayed, press Enter to repeat the host
|
||||
selection process for additional token generation or Down Arrow
|
||||
to generate a token for the next host.
|
||||
</para>
|
||||
<para>
|
||||
The HOTP token is displayed as 40 bit hexadecimal or 6-10 digit decimal
|
||||
based on the format bit field provided by the Smart Card.
|
||||
</para>
|
||||
<para>
|
||||
Use the host selection shortcut to extend battery life.
|
||||
|
@ -126,6 +131,20 @@ Host Selection With Menu:
|
|||
</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>
|
||||
HOTP Display
|
||||
</title>
|
||||
<para>
|
||||
|
||||
<para>
|
||||
<keysym>Enter</keysym> Jump back to host selection.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<keysym>DOWN</keysym> Generate token for next host.
|
||||
</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
\fBurd\fP \(em Micro footprint RADIUS daemon with One Time Password support\&.
|
||||
.SH "SYNOPSIS"
|
||||
.PP
|
||||
\fBurd\fP [-?AhdDOux] [-a\fI allowed_users_file\fP] [-b\fI local_ip\fP] [-B\fI local_port\fP] [-o\fI otp_db\fP] [-p\fI passwd_file\fP] [-P\fI pid_file\fP] [-s\fI secret_file\fP]
|
||||
\fBurd\fP [-?AhdDOux] [-a\fI allowed_users_file\fP] [-b\fI local_ip\fP] [-B\fI local_port\fP] [-o\fI otp_db\fP] [-p\fI passwd_file\fP] [-P\fI pid_file\fP] [-s\fI secret_file\fP] [-w\fI otp_window\fP]
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fBurd\fP daemon implements a minimal subset
|
||||
|
@ -139,6 +139,8 @@ will be required\&.
|
|||
Drop every other RADIUS request from a NAS\&. This is a debugging feature
|
||||
intended to stress test the reply cache code\&. The reply cache
|
||||
implements state retention required for the use of One Time Passwords\&.
|
||||
.IP "-w" 10
|
||||
Set the OTP challenge window\&.
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
The following command will start the urd server, bind it to IP address
|
||||
|
@ -166,4 +168,4 @@ Mark Fullmer maf@splintered\&.net
|
|||
\fBbcload\fP(1)
|
||||
\fBotp-ov-plugin\fP(1)
|
||||
spyrus-par2(7)
|
||||
...\" created by instant / docbook-to-man, Mon 30 Nov 2009, 13:16
|
||||
...\" created by instant / docbook-to-man, Sun 27 Dec 2009, 22:01
|
||||
|
|
23
doc/urd.html
23
doc/urd.html
|
@ -78,12 +78,17 @@ CLASS="REPLACEABLE"
|
|||
><I
|
||||
> secret_file</I
|
||||
></TT
|
||||
>] [-w<TT
|
||||
CLASS="REPLACEABLE"
|
||||
><I
|
||||
> otp_window</I
|
||||
></TT
|
||||
>]</P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN28"
|
||||
NAME="AEN30"
|
||||
></A
|
||||
><H2
|
||||
>DESCRIPTION</H2
|
||||
|
@ -177,7 +182,7 @@ with a password this feature will be disabled.</P
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN53"
|
||||
NAME="AEN55"
|
||||
></A
|
||||
><H2
|
||||
>OPTIONS</H2
|
||||
|
@ -359,13 +364,19 @@ will be required.</P
|
|||
intended to stress test the reply cache code. The reply cache
|
||||
implements state retention required for the use of One Time Passwords.</P
|
||||
></DD
|
||||
><DT
|
||||
>-w</DT
|
||||
><DD
|
||||
><P
|
||||
>Set the OTP challenge window.</P
|
||||
></DD
|
||||
></DL
|
||||
></DIV
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN128"
|
||||
NAME="AEN134"
|
||||
></A
|
||||
><H2
|
||||
>EXAMPLES</H2
|
||||
|
@ -374,7 +385,7 @@ CLASS="INFORMALEXAMPLE"
|
|||
><P
|
||||
></P
|
||||
><A
|
||||
NAME="AEN130"
|
||||
NAME="AEN136"
|
||||
></A
|
||||
><P
|
||||
>The following command will start the urd server, bind it to IP address
|
||||
|
@ -408,7 +419,7 @@ CLASS="SCREEN"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN138"
|
||||
NAME="AEN144"
|
||||
></A
|
||||
><H2
|
||||
>AUTHOR</H2
|
||||
|
@ -425,7 +436,7 @@ HREF="mailto:maf@splintered.net"
|
|||
><DIV
|
||||
CLASS="REFSECT1"
|
||||
><A
|
||||
NAME="AEN145"
|
||||
NAME="AEN151"
|
||||
></A
|
||||
><H2
|
||||
>SEE ALSO</H2
|
||||
|
|
12
doc/urd.sgml
12
doc/urd.sgml
|
@ -1,6 +1,6 @@
|
|||
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
|
||||
|
||||
<!-- $Id: urd.sgml 13 2009-11-26 16:37:03Z maf $ -->
|
||||
<!-- $Id: urd.sgml 50 2009-12-15 01:37:19Z maf $ -->
|
||||
|
||||
<refentry>
|
||||
|
||||
|
@ -31,6 +31,7 @@ Micro footprint RADIUS daemon with One Time Password support.
|
|||
<arg>-p<replaceable> passwd_file</replaceable></arg>
|
||||
<arg>-P<replaceable> pid_file</replaceable></arg>
|
||||
<arg>-s<replaceable> secret_file</replaceable></arg>
|
||||
<arg>-w<replaceable> otp_window</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
|
@ -226,6 +227,15 @@ implements state retention required for the use of One Time Passwords.
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-w</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set the OTP challenge window.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: htsoft-downloader.c 13 2009-11-26 16:37:03Z maf $
|
||||
* $Id: htsoft-downloader.c 75 2009-12-26 20:59:23Z maf $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
|
@ -82,7 +82,7 @@ void help(void);
|
|||
int htsoft_v1bl_idack(int fd, int verbose);
|
||||
int htsoft_v1bl_upload(int fd, uint16_t load_offset, uint8_t *buf,
|
||||
uint8_t buf_len, int verbose, int max_retries);
|
||||
int htsoft_v1bl_done(int fd, int verbose, int retries);
|
||||
int htsoft_v1bl_done(int fd, int verbose, int retries, int ignore_wok_timeout);
|
||||
|
||||
int n22b(char *h, u_char *b);
|
||||
int n2b(char *h, u_char *b);
|
||||
|
@ -97,7 +97,7 @@ int main(int argc, char **argv)
|
|||
uint8_t ld_buf[256], ld_buf_len;
|
||||
uint16_t h_load_offset, tmp_load_offset, buf_load_offset;
|
||||
int i, r, pic_fd, lineno, lbuf_len, got_eof, pic_tmout, verbose;
|
||||
int max_retries;
|
||||
int max_retries, ignore_last_wok_timeout;
|
||||
char *pic_dev;
|
||||
|
||||
xerr_setid(argv[0]);
|
||||
|
@ -110,8 +110,9 @@ int main(int argc, char **argv)
|
|||
max_retries = HTSOFT_RETRIES;
|
||||
h_load_offset = 0;
|
||||
buf_load_offset = 0;
|
||||
ignore_last_wok_timeout = 0;
|
||||
|
||||
while ((i = getopt(argc, argv, "f:h?r:t:v:")) != -1) {
|
||||
while ((i = getopt(argc, argv, "f:h?ir:t:v:")) != -1) {
|
||||
|
||||
switch (i) {
|
||||
|
||||
|
@ -125,6 +126,10 @@ int main(int argc, char **argv)
|
|||
exit(0);
|
||||
break; /* notreached */
|
||||
|
||||
case 'i':
|
||||
ignore_last_wok_timeout = 1;
|
||||
break;
|
||||
|
||||
case 'r':
|
||||
max_retries = atoi(optarg);
|
||||
break;
|
||||
|
@ -380,7 +385,8 @@ int main(int argc, char **argv)
|
|||
if (!got_eof)
|
||||
xerr_warnx("Warning: Short file, no EOF.");
|
||||
|
||||
if (htsoft_v1bl_done(pic_fd, verbose, max_retries) < 0)
|
||||
if (htsoft_v1bl_done(pic_fd, verbose, max_retries,
|
||||
ignore_last_wok_timeout) < 0)
|
||||
xerr_errx(1, "htsoft_v1bl_done(): failed");
|
||||
|
||||
close(pic_fd);
|
||||
|
@ -680,20 +686,23 @@ int htsoft_v1bl_upload(int fd, uint16_t load_offset, uint8_t *buf,
|
|||
*
|
||||
* function will not return until WOK is received.
|
||||
*
|
||||
* fd - serial com port
|
||||
* verbose - verbosity level
|
||||
* fd - serial com port
|
||||
* verbose - verbosity level
|
||||
* retries - number of retries
|
||||
* ignore_wok_timeout - ignore last WOK -- some devices do not send this
|
||||
*
|
||||
* returns 0 success
|
||||
* <0 failure
|
||||
*
|
||||
*/
|
||||
int htsoft_v1bl_done(int fd, int verbose, int retries)
|
||||
int htsoft_v1bl_done(int fd, int verbose, int retries, int ignore_wok_timeout)
|
||||
{
|
||||
uint8_t t,r;
|
||||
int n, good_write, i;
|
||||
int n, good_write, i, timeout;
|
||||
|
||||
t = HTSOFT_V1BL_DONE;
|
||||
good_write = 0;
|
||||
timeout = 0;
|
||||
|
||||
for (i = 0; i < retries; ++i) {
|
||||
|
||||
|
@ -708,6 +717,13 @@ int htsoft_v1bl_done(int fd, int verbose, int retries)
|
|||
if ((n = read(fd, &r, 1)) < 0)
|
||||
xerr_err(1, "read()");
|
||||
|
||||
/* some devices may not send this */
|
||||
if (ignore_wok_timeout && n == 0) {
|
||||
timeout = 1;
|
||||
good_write = 1;
|
||||
break;
|
||||
}
|
||||
|
||||
/* timeout? */
|
||||
if (n == 0)
|
||||
continue;
|
||||
|
@ -734,8 +750,12 @@ int htsoft_v1bl_done(int fd, int verbose, int retries)
|
|||
fflush(stdout);
|
||||
}
|
||||
|
||||
if (verbose && !good_write)
|
||||
if (verbose && !good_write)
|
||||
printf("PIC reset failed.\n");
|
||||
else if (verbose && good_write && ignore_wok_timeout && timeout)
|
||||
printf("PIC reset sent, ignored last WOK timeout.\n");
|
||||
else
|
||||
printf("PIC reset complete.\n");
|
||||
|
||||
if (good_write)
|
||||
return 0; /* success */
|
||||
|
@ -747,7 +767,7 @@ int htsoft_v1bl_done(int fd, int verbose, int retries)
|
|||
void help(void)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"htsoft-downloader [-h?v] [-f serial_device] [-r retries]\n");
|
||||
"htsoft-downloader [-hi?v] [-f serial_device] [-r retries]\n");
|
||||
fprintf(stderr,
|
||||
" [-t timeout (.1 second/timeout)] [-v verbose_level]\n");
|
||||
} /* help */
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: otp-control.c 13 2009-11-26 16:37:03Z maf $
|
||||
* $Id: otp-control.c 55 2009-12-17 01:59:35Z maf $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
|
@ -39,24 +39,23 @@
|
|||
#include "ffdb.h"
|
||||
#include "str.h"
|
||||
|
||||
#define MODE_ADD 1
|
||||
#define MODE_ACTIVATE 2
|
||||
#define MODE_DEACTIVATE 3
|
||||
#define MODE_DISABLE 4
|
||||
#define MODE_DUMP 5
|
||||
#define MODE_GENERATE 6
|
||||
#define MODE_LIST 7
|
||||
#define MODE_LOAD 8
|
||||
#define MODE_REMOVE 9
|
||||
#define MODE_SET_COUNT 10
|
||||
#define MODE_SET_COUNT_CEIL 11
|
||||
#define MODE_TEST 12
|
||||
#define MODE_CREATE 13
|
||||
#define MODE_FLAGS_DSPCNT_SET 14
|
||||
#define MODE_FLAGS_DSPCNT_CLEAR 15
|
||||
#define MODE_LIST_SC 18
|
||||
#define MODE_ADD 1
|
||||
#define MODE_DUMP 5
|
||||
#define MODE_GENERATE 6
|
||||
#define MODE_LIST 7
|
||||
#define MODE_LOAD 8
|
||||
#define MODE_REMOVE 9
|
||||
#define MODE_SET_COUNT 10
|
||||
#define MODE_SET_COUNT_CEIL 11
|
||||
#define MODE_TEST 12
|
||||
#define MODE_CREATE 13
|
||||
#define MODE_LIST_SC 18
|
||||
#define MODE_SET_STATUS 19
|
||||
#define MODE_SET_TYPE 20
|
||||
#define MODE_SET_FORMAT 21
|
||||
#define MODE_SET_FLAGS 22
|
||||
|
||||
#define KEY_HEX160_LEN 40
|
||||
#define KEY_HEX160_LEN 40
|
||||
|
||||
#define DEV_RANDOM "/dev/urandom"
|
||||
|
||||
|
@ -71,13 +70,13 @@ int main (int argc, char **argv)
|
|||
int i, j, r, mode, window, db_flags, open_mode, open_op, verbose;
|
||||
char *otpdb_fname;
|
||||
uint64_t u_count, u_count_ceil, count_offset, tmp64u;
|
||||
uint8_t u_version, u_status, u_format, u_type, sc_index;
|
||||
uint8_t u_version, u_status, u_format, u_type, u_flags, sc_index;
|
||||
uint8_t sc_flags[SC_HOSTNAME_LEN];
|
||||
unsigned char u_key160[20];
|
||||
char key_hex160[KEY_HEX160_LEN+1];
|
||||
char crsp_tmp[11];
|
||||
char *u_username, *u_key_ascii, *sc_hostname;
|
||||
char *endptr;
|
||||
char *endptr, *i_status, *i_format, *i_type, *i_flags;
|
||||
|
||||
otpdb_fname = OTP_DB_FNAME;
|
||||
sc_index = 0;
|
||||
|
@ -92,16 +91,18 @@ int main (int argc, char **argv)
|
|||
u_format = OTP_FORMAT_HEX40;
|
||||
u_type = OTP_TYPE_HOTP;
|
||||
u_status = OTP_STATUS_ACTIVE;
|
||||
u_flags = 0;
|
||||
u_username = (char*)0L;
|
||||
u_key_ascii = (char*)0L;
|
||||
endptr = (char*)0L;
|
||||
sc_hostname = (char*)0L;
|
||||
bzero(sc_flags, SC_HOSTNAME_LEN);
|
||||
i_status = i_type = i_format = i_flags = (char*)0L;
|
||||
|
||||
/* init xerr */
|
||||
xerr_setid(argv[0]);
|
||||
|
||||
while ((i = getopt(argc, argv, "c:C:hF:H:I:?k:m:no:u:w:v")) != -1) {
|
||||
while ((i = getopt(argc, argv, "c:C:hf:F:H:I:?k:m:no:s:S:t:u:w:v")) != -1) {
|
||||
|
||||
switch (i) {
|
||||
|
||||
|
@ -117,15 +118,13 @@ int main (int argc, char **argv)
|
|||
xerr_errx(1, "strtoull(%s): failed at %c.", optarg, *endptr);
|
||||
break;
|
||||
|
||||
case 'F' :
|
||||
for (j = 0; j < strlen(optarg); ++j) {
|
||||
if (optarg[j] == '0')
|
||||
sc_flags[HOSTNAME_POS_CHALLENGE] = HOSTNAME_FLAG_MASK;
|
||||
else if (optarg[j] == '1')
|
||||
sc_flags[HOSTNAME_POS_READERKEY] = HOSTNAME_FLAG_MASK;
|
||||
else
|
||||
xerr_errx(1, "Unknown sc_flag %c.", optarg[j]);
|
||||
} /* j */
|
||||
case 'f':
|
||||
i_format = optarg;
|
||||
break;
|
||||
|
||||
case 'F':
|
||||
if (str_setflag8(otp_flags_l, &u_flags, optarg, 0, OTP_FLAGS_BITS) < 0)
|
||||
xerr_errx(1, "Invalid flag %s.", optarg);
|
||||
break;
|
||||
|
||||
case 'H':
|
||||
|
@ -153,20 +152,10 @@ int main (int argc, char **argv)
|
|||
|
||||
if (!strcasecmp(optarg, "add")) {
|
||||
mode = MODE_ADD;
|
||||
} else if (!strcasecmp(optarg, "activate")) {
|
||||
mode = MODE_ACTIVATE;
|
||||
} else if (!strcasecmp(optarg, "create")) {
|
||||
mode = MODE_CREATE;
|
||||
} else if (!strcasecmp(optarg, "deactivate")) {
|
||||
mode = MODE_DEACTIVATE;
|
||||
} else if (!strcasecmp(optarg, "disable")) {
|
||||
mode = MODE_DISABLE;
|
||||
} else if (!strcasecmp(optarg, "dump")) {
|
||||
mode = MODE_DUMP;
|
||||
} else if (!strcasecmp(optarg, "flags-dspcnt")) {
|
||||
mode = MODE_FLAGS_DSPCNT_SET;
|
||||
} else if (!strcasecmp(optarg, "flags-no-dspcnt")) {
|
||||
mode = MODE_FLAGS_DSPCNT_CLEAR;
|
||||
} else if (!strcasecmp(optarg, "generate")) {
|
||||
mode = MODE_GENERATE;
|
||||
} else if (!strcasecmp(optarg, "list")) {
|
||||
|
@ -181,6 +170,14 @@ int main (int argc, char **argv)
|
|||
mode = MODE_SET_COUNT;
|
||||
} else if (!strcasecmp(optarg, "set-count-ceil")) {
|
||||
mode = MODE_SET_COUNT_CEIL;
|
||||
} else if (!strcasecmp(optarg, "set-flags")) {
|
||||
mode = MODE_SET_FLAGS;
|
||||
} else if (!strcasecmp(optarg, "set-format")) {
|
||||
mode = MODE_SET_FORMAT;
|
||||
} else if (!strcasecmp(optarg, "set-status")) {
|
||||
mode = MODE_SET_STATUS;
|
||||
} else if (!strcasecmp(optarg, "set-type")) {
|
||||
mode = MODE_SET_TYPE;
|
||||
} else if (!strcasecmp(optarg, "test")) {
|
||||
mode = MODE_TEST;
|
||||
} else {
|
||||
|
@ -188,6 +185,25 @@ int main (int argc, char **argv)
|
|||
}
|
||||
break;
|
||||
|
||||
case 's':
|
||||
i_status = optarg;
|
||||
break;
|
||||
|
||||
case 'S' :
|
||||
for (j = 0; j < strlen(optarg); ++j) {
|
||||
if (optarg[j] == '0')
|
||||
sc_flags[HOSTNAME_POS_CHALLENGE] = HOSTNAME_FLAG_MASK;
|
||||
else if (optarg[j] == '1')
|
||||
sc_flags[HOSTNAME_POS_READERKEY] = HOSTNAME_FLAG_MASK;
|
||||
else
|
||||
xerr_errx(1, "Unknown sc_flag %c.", optarg[j]);
|
||||
} /* j */
|
||||
break;
|
||||
|
||||
case 't':
|
||||
i_type = optarg;
|
||||
break;
|
||||
|
||||
case 'n':
|
||||
db_flags |= OTP_DB_CREATE_SOFT;
|
||||
break;
|
||||
|
@ -232,12 +248,38 @@ int main (int argc, char **argv)
|
|||
if ((mode == MODE_LIST_SC) && (!sc_hostname))
|
||||
xerr_errx(1, "Hostname required.");
|
||||
|
||||
/* check username length */
|
||||
if (u_username && (strlen(u_username) > OTP_USER_NAME_LEN))
|
||||
xerr_errx(1, "Username > OTP_USER_NAME_LEN.");
|
||||
|
||||
/* input key */
|
||||
if (u_key_ascii && u_key_ascii[0] != '-')
|
||||
xerr_errx(1, "Key not accepted on command line, use - for stdin");
|
||||
|
||||
/* format */
|
||||
if (i_format)
|
||||
if (str_find8(otp_format_l, &u_format, i_format, 1, OTP_FORMAT_MAX))
|
||||
xerr_errx(1, "Invalid format %s.", i_format);
|
||||
|
||||
if ((mode == MODE_SET_FORMAT) && (!i_format))
|
||||
xerr_errx(1, "Format value not specified.");
|
||||
|
||||
/* status */
|
||||
if (i_status)
|
||||
if (str_find8(otp_status_l, &u_status, i_status, 1, OTP_STATUS_MAX))
|
||||
xerr_errx(1, "Invalid status %s.", i_status);
|
||||
|
||||
if ((mode == MODE_SET_STATUS) && (!i_status))
|
||||
xerr_errx(1, "Status value not specified.");
|
||||
|
||||
/* type */
|
||||
if (i_type)
|
||||
if (str_find8(otp_type_l, &u_type, i_type, 1, OTP_TYPE_MAX))
|
||||
xerr_errx(1, "Invalid type %s.", i_type);
|
||||
|
||||
if ((mode == MODE_SET_TYPE) && (!i_type))
|
||||
xerr_errx(1, "Type value not specified.");
|
||||
|
||||
/* user specified key? need key material? */
|
||||
if (mode == MODE_ADD) {
|
||||
|
||||
|
@ -307,20 +349,16 @@ int main (int argc, char **argv)
|
|||
|
||||
/*
|
||||
* modes requiring open and get of user record:
|
||||
* ACTIVATE, DEACTIVATE, DISABLE, GENERATE, LIST, SET_COUNT,
|
||||
* SET_COUNT_CEIL, TEST, FLAGS_DSPCNT_SET, FLAGS_DSPCNT_CLEAR
|
||||
*/
|
||||
|
||||
if ((mode == MODE_ACTIVATE) ||
|
||||
(mode == MODE_DEACTIVATE) ||
|
||||
(mode == MODE_DISABLE) ||
|
||||
(mode == MODE_FLAGS_DSPCNT_SET) ||
|
||||
(mode == MODE_FLAGS_DSPCNT_CLEAR) ||
|
||||
(mode == MODE_GENERATE) ||
|
||||
if ((mode == MODE_GENERATE) ||
|
||||
(mode == MODE_LIST) ||
|
||||
(mode == MODE_LIST_SC) ||
|
||||
(mode == MODE_SET_COUNT) ||
|
||||
(mode == MODE_SET_COUNT_CEIL) ||
|
||||
(mode == MODE_SET_FLAGS) ||
|
||||
(mode == MODE_SET_FORMAT) ||
|
||||
(mode == MODE_SET_STATUS) ||
|
||||
(mode == MODE_SET_TYPE) ||
|
||||
(mode == MODE_TEST)) {
|
||||
|
||||
/* rw or ro? */
|
||||
|
@ -381,29 +419,25 @@ int main (int argc, char **argv)
|
|||
|
||||
} /* MODE_GENERATE */
|
||||
|
||||
if ((mode == MODE_ACTIVATE) ||
|
||||
(mode == MODE_DEACTIVATE) ||
|
||||
(mode == MODE_DISABLE) ||
|
||||
(mode == MODE_FLAGS_DSPCNT_SET) ||
|
||||
(mode == MODE_FLAGS_DSPCNT_CLEAR) ||
|
||||
(mode == MODE_SET_COUNT) ||
|
||||
(mode == MODE_SET_COUNT_CEIL)) {
|
||||
if ((mode == MODE_SET_COUNT) ||
|
||||
(mode == MODE_SET_COUNT_CEIL) ||
|
||||
(mode == MODE_SET_FLAGS) ||
|
||||
(mode == MODE_SET_FORMAT) ||
|
||||
(mode == MODE_SET_STATUS) ||
|
||||
(mode == MODE_SET_TYPE)) {
|
||||
|
||||
if (mode == MODE_ACTIVATE)
|
||||
ou.status = OTP_STATUS_ACTIVE;
|
||||
else if (mode == MODE_DEACTIVATE)
|
||||
ou.status = OTP_STATUS_INACTIVE;
|
||||
else if (mode == MODE_DISABLE)
|
||||
ou.status = OTP_STATUS_DISABLED;
|
||||
else if (mode == MODE_SET_COUNT)
|
||||
if (mode == MODE_SET_COUNT)
|
||||
ou.count = u_count;
|
||||
else if (mode == MODE_SET_COUNT_CEIL)
|
||||
ou.count_ceil = u_count_ceil;
|
||||
else if (mode == MODE_FLAGS_DSPCNT_SET)
|
||||
ou.flags |= OTP_USER_FLAGS_DSPCNT;
|
||||
else if (mode == MODE_FLAGS_DSPCNT_CLEAR)
|
||||
ou.flags &= ~OTP_USER_FLAGS_DSPCNT;
|
||||
|
||||
else if (mode == MODE_SET_FLAGS)
|
||||
ou.flags = u_flags;
|
||||
else if (mode == MODE_SET_FORMAT)
|
||||
ou.format = u_format;
|
||||
else if (mode == MODE_SET_STATUS)
|
||||
ou.status = u_status;
|
||||
else if (mode == MODE_SET_TYPE)
|
||||
ou.type = u_type;
|
||||
|
||||
if (otp_urec_put(otpctx, &ou) < 0)
|
||||
xerr_errx(1, "otp_urec_put(): failed.");
|
||||
|
@ -435,35 +469,58 @@ mode_done:
|
|||
|
||||
return 0;
|
||||
|
||||
}
|
||||
} /* main */
|
||||
|
||||
void help(void)
|
||||
{
|
||||
fprintf(stderr, "otp-control [-?hnv] [-c count] [-C count_ceil] [-F sc_flags] [-H sc_hostname]\n");
|
||||
fprintf(stderr, " [-I sc_index] [-k key] [ -m command_mode] [-o otbdb_pathname]\n");
|
||||
fprintf(stderr, " [-u username] [-w window]\n\n");
|
||||
int i;
|
||||
|
||||
fprintf(stderr, "otp-control [-?hnv] [-c count] [-C count_ceil] [-f format] [-F flags]\n");
|
||||
fprintf(stderr, " [-H sc_hostname] [-I sc_index] [-k key] [-m command_mode]\n");
|
||||
fprintf(stderr, " [-o otbdb_pathname] [-s status] [-S sc_flags] [ -t type]\n");
|
||||
fprintf(stderr, " [-u username] [-w window]\n");
|
||||
fprintf(stderr, " -h : help\n");
|
||||
fprintf(stderr, " -n : create database\n");
|
||||
fprintf(stderr, " -v : enable verbose output\n\n");
|
||||
fprintf(stderr, " sc_flags : 0=CHALLENGE, 1=READERKEY\n");
|
||||
fprintf(stderr, " sc_flags : 0=CHALLENGE 1=READERKEY\n");
|
||||
|
||||
fprintf(stderr, " flags : ");
|
||||
for (i = 0; i < OTP_FLAGS_BITS; ++i)
|
||||
fprintf(stderr, "%s ", otp_flags_l[i]);
|
||||
fprintf(stderr, "\n");
|
||||
|
||||
fprintf(stderr, " format list : ");
|
||||
for (i = 1; i <= OTP_FORMAT_MAX; ++i)
|
||||
fprintf(stderr, "%s ", otp_format_l[i]);
|
||||
fprintf(stderr, "\n");
|
||||
|
||||
fprintf(stderr, " type list : ");
|
||||
for (i = 1; i <= OTP_TYPE_MAX; ++i)
|
||||
fprintf(stderr, "%s ", otp_type_l[i]);
|
||||
fprintf(stderr, "\n");
|
||||
|
||||
fprintf(stderr, " status list : ");
|
||||
for (i = 1; i <= OTP_STATUS_MAX; ++i)
|
||||
fprintf(stderr, "%s ", otp_status_l[i]);
|
||||
fprintf(stderr, "\n");
|
||||
|
||||
fprintf(stderr, "\n");
|
||||
fprintf(stderr, " Mode Description\n");
|
||||
fprintf(stderr, " -------------------------------------------------\n");
|
||||
fprintf(stderr, " add - Add user\n");
|
||||
fprintf(stderr, " activate - Activate user\n");
|
||||
fprintf(stderr, " create - Create database\n");
|
||||
fprintf(stderr, " deactivate - Deactivate user\n");
|
||||
fprintf(stderr, " disable - Disable user\n");
|
||||
fprintf(stderr, " dump - ASCII dump user record(s)\n");
|
||||
fprintf(stderr, " flags-dspcnt - Set user display count flag.\n");
|
||||
fprintf(stderr, " flags-no-dspcnt - Clear user display count flag.\n");
|
||||
fprintf(stderr, " generate - Generate HOTP for user\n");
|
||||
fprintf(stderr, " list - List user record (printable)\n");
|
||||
fprintf(stderr, " list-sc - List user record (SC friendly)\n");
|
||||
fprintf(stderr, " load - ASCII load user record(s)\n");
|
||||
fprintf(stderr, " remove - Remove user\n");
|
||||
fprintf(stderr, " set-count - Reset count for user\n");
|
||||
fprintf(stderr, " set-count-ceil - Reset count ceiling for user\n");
|
||||
fprintf(stderr, " set-count - Set user count\n");
|
||||
fprintf(stderr, " set-count-ceil - Set user count ceiling\n");
|
||||
fprintf(stderr, " set-flags - Set user flags\n");
|
||||
fprintf(stderr, " set-format - Set user format\n");
|
||||
fprintf(stderr, " set-status - Set user status\n");
|
||||
fprintf(stderr, " set-type - Set user OTP type\n");
|
||||
fprintf(stderr, " test - Test user\n");
|
||||
}
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: otp-ov-plugin.c 13 2009-11-26 16:37:03Z maf $
|
||||
* $Id: otp-ov-plugin.c 50 2009-12-15 01:37:19Z maf $
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
|
@ -41,17 +41,19 @@ void help(void);
|
|||
int main (int argc, char **argv)
|
||||
{
|
||||
struct otp_ctx *otpctx;
|
||||
char *otpdb_fname, *username, *pass;
|
||||
int db_flags, i, r, ret;
|
||||
u_long tmpul;
|
||||
char *otpdb_fname, *username, *pass, *endptr;
|
||||
int db_flags, i, r, ret, otp_window;
|
||||
|
||||
/* init xerr */
|
||||
xerr_setid(argv[0]);
|
||||
|
||||
otpdb_fname = OTP_DB_FNAME;
|
||||
db_flags = 0;
|
||||
otp_window = OTP_WINDOW_DEFAULT;
|
||||
ret = -1; /* fail */
|
||||
|
||||
while ((i = getopt(argc, argv, "h?o:v")) != -1) {
|
||||
while ((i = getopt(argc, argv, "h?o:vw:")) != -1) {
|
||||
|
||||
switch (i) {
|
||||
|
||||
|
@ -68,6 +70,15 @@ int main (int argc, char **argv)
|
|||
db_flags |= OTP_DB_VERBOSE;
|
||||
break;
|
||||
|
||||
case 'w':
|
||||
tmpul = strtoul(optarg, &endptr, 0);
|
||||
if (*endptr)
|
||||
xerr_errx(1, "stroul(%s): failed at %c.", optarg, *endptr);
|
||||
if (tmpul > OTP_WINDOW_MAX)
|
||||
xerr_errx(1, "Challenge window %lu > %lu.", tmpul, OTP_WINDOW_MAX);
|
||||
otp_window = tmpul;
|
||||
break;
|
||||
|
||||
default:
|
||||
help();
|
||||
exit(1);
|
||||
|
@ -91,7 +102,7 @@ int main (int argc, char **argv)
|
|||
if (r != 0)
|
||||
xerr_errx(1, "User %s does not exist in otp database.", username);
|
||||
|
||||
if ((r = otp_user_auth(otpctx, username, pass, OTP_HOTP_WINDOW)) < 0)
|
||||
if ((r = otp_user_auth(otpctx, username, pass, otp_window)) < 0)
|
||||
xerr_errx(1, "otp_user_auth(): failed.");
|
||||
|
||||
if (otp_db_close(otpctx) < 0)
|
||||
|
@ -114,7 +125,7 @@ int main (int argc, char **argv)
|
|||
|
||||
void help()
|
||||
{
|
||||
fprintf(stderr, "otp-ov-plugin [-?hv] [-o otpdb_pathname]\n");
|
||||
fprintf(stderr, "otp-ov-plugin [-?hv] [-o otpdb_pathname] [-w otp_window]\n");
|
||||
fprintf(stderr, " -h : help\n");
|
||||
fprintf(stderr, " -v : enable verbose output\n");
|
||||
} /* help */
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: pam_otp.c 13 2009-11-26 16:37:03Z maf $
|
||||
* $Id: pam_otp.c 56 2009-12-17 02:08:05Z maf $
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
|
@ -80,10 +80,11 @@ struct opts {
|
|||
int display_count;
|
||||
int allow_inactive;
|
||||
int require_db_entry;
|
||||
int otp_window;
|
||||
char *otpdb_fname;
|
||||
};
|
||||
|
||||
int load_opts(struct opts *opts, int argc, const char **argv);
|
||||
void load_opts(struct opts *opts, int argc, const char **argv);
|
||||
|
||||
PAM_EXTERN
|
||||
int pam_sm_authenticate(pam_handle_t *ph, int flags, int argc,
|
||||
|
@ -212,7 +213,7 @@ int pam_sm_authenticate(pam_handle_t *ph, int flags, int argc,
|
|||
pam_msg.msg = (char *)&message;
|
||||
|
||||
/* prompt for challenge with optional count */
|
||||
if (opts.display_count || (ou.flags & OTP_USER_FLAGS_DSPCNT))
|
||||
if (opts.display_count || (ou.flags & OTP_FLAGS_DSPCNT))
|
||||
sprintf(message, "HOTP Challenge (%" PRIu64 "): ", ou.count);
|
||||
else
|
||||
sprintf(message, "HOTP Challenge: ");
|
||||
|
@ -236,10 +237,11 @@ int pam_sm_authenticate(pam_handle_t *ph, int flags, int argc,
|
|||
}
|
||||
|
||||
if (opts.expose_account)
|
||||
xerr_info("OTP: user=%s response=%s", user, pam_resp->resp);
|
||||
xerr_info("OTP: user=%s response=%s window=%d", user,
|
||||
pam_resp->resp, opts.otp_window);
|
||||
|
||||
if ((r = otp_user_auth(otpctx, (char*)user, pam_resp->resp,
|
||||
OTP_HOTP_WINDOW)) < 0) {
|
||||
opts.otp_window)) < 0) {
|
||||
xerr_warnx("otp_user_auth(): failed.");
|
||||
ret = PAM_SERVICE_ERR;
|
||||
goto cleanup;
|
||||
|
@ -321,12 +323,14 @@ struct pam_module _pam_test_modstruct = {
|
|||
|
||||
#endif
|
||||
|
||||
int load_opts(struct opts *opts, int argc, const char **argv)
|
||||
void load_opts(struct opts *opts, int argc, const char **argv)
|
||||
{
|
||||
int ret = 0;
|
||||
u_long tmpul;
|
||||
char *endptr;
|
||||
|
||||
bzero(opts, sizeof *opts);
|
||||
opts->otpdb_fname = OTP_DB_FNAME;
|
||||
opts->otp_window = OTP_WINDOW_DEFAULT;
|
||||
|
||||
/* foreach argument */
|
||||
while (argc--) {
|
||||
|
@ -347,9 +351,15 @@ int load_opts(struct opts *opts, int argc, const char **argv)
|
|||
opts->require_db_entry = 1;
|
||||
} else if (!strncmp(*argv, "otpdb=", 6)) {
|
||||
opts->otpdb_fname=(char*)(*argv)+6;
|
||||
} else if (!strncmp(*argv, "window=", 7)) {
|
||||
tmpul = strtoul(optarg, &endptr, 0);
|
||||
if (*endptr)
|
||||
xerr_errx(1, "stroul(%s): failed at %c.", *argv, *endptr);
|
||||
if (tmpul > OTP_WINDOW_MAX)
|
||||
xerr_errx(1, "Challenge window %lu > %lu.", tmpul, OTP_WINDOW_MAX);
|
||||
opts->otp_window = tmpul;
|
||||
} else {
|
||||
xerr_warnx("Unrecognized argument - %s", argv);
|
||||
ret = -1;
|
||||
xerr_errx(1, "Unrecognized argument - %s", argv);
|
||||
}
|
||||
|
||||
++argv;
|
||||
|
@ -362,6 +372,4 @@ int load_opts(struct opts *opts, int argc, const char **argv)
|
|||
opts->otpdb_fname);
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
||||
} /* load_opts */
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: otp-sca.c 13 2009-11-26 16:37:03Z maf $
|
||||
* $Id: otp-sca.c 88 2009-12-28 00:12:01Z maf $
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
|
@ -118,7 +118,7 @@ int main(int argc, char **argv)
|
|||
struct scr_ctx *scrctx;
|
||||
int i, j, k, r, mode, sc_idx_set, j_start, j_end, done, sc_idx_tmp, opt_mod;
|
||||
int no_PIN, list_readers;
|
||||
uint32_t tmp_count, tmp_cap;
|
||||
uint32_t tmp_count, tmp_cap, tmp32u;
|
||||
uint64_t tmp64u;
|
||||
char sc_hostname[SC_HOSTNAME_LEN+1], sc_PIN[SC_PIN_LEN+1];
|
||||
char sc_newPIN[SC_PIN_LEN+1], sc_newPIN2[SC_PIN_LEN+1];
|
||||
|
@ -149,9 +149,9 @@ int main(int argc, char **argv)
|
|||
sc_fv = 5;
|
||||
tmp_count = 0;
|
||||
username = "USER";
|
||||
reader = SCR_DEFAULT_READER;
|
||||
list_readers = 0; /* no */
|
||||
scrctx = (struct scr_ctx*)0L;
|
||||
reader = (char*)0L;
|
||||
|
||||
BZS(sc_hotp);
|
||||
BZS(sc_idx);
|
||||
|
@ -673,6 +673,19 @@ int main(int argc, char **argv)
|
|||
/* successful SC transaction? */
|
||||
if (r == 0) {
|
||||
|
||||
if (sc_hostname[HOSTNAME_POS_FMT] & HOSTNAME_FLAG_MASK) {
|
||||
|
||||
tmp32u = (sc_hotp[0] << 24) | (sc_hotp[1] << 16) |
|
||||
(sc_hotp[2] << 8) | sc_hotp[3];
|
||||
|
||||
k = str_uint32toa(fmt_buf, tmp32u);
|
||||
|
||||
} else {
|
||||
|
||||
k = str_hex_dump(fmt_buf, sc_hotp, 5);
|
||||
|
||||
}
|
||||
|
||||
for (i = 0, j = 0; i < SC_HOSTNAME_LEN; ++i) {
|
||||
|
||||
/* high bit flag set? */
|
||||
|
@ -686,7 +699,12 @@ int main(int argc, char **argv)
|
|||
xerr_warnx("readerkey flag set and key not in SC transaction.");
|
||||
|
||||
} else if ((i != HOSTNAME_POS_CHALLENGE) &&
|
||||
(i != HOSTNAME_POS_READERKEY)) {
|
||||
(i != HOSTNAME_POS_READERKEY) &&
|
||||
(i != HOSTNAME_POS_FMT) &&
|
||||
(i != HOSTNAME_POS_FMT3) &&
|
||||
(i != HOSTNAME_POS_FMT2) &&
|
||||
(i != HOSTNAME_POS_FMT1) &&
|
||||
(i != HOSTNAME_POS_FMT0)) {
|
||||
xerr_warnx("sc_hostname high bit set on byte %d.", i);
|
||||
}
|
||||
}
|
||||
|
@ -696,20 +714,22 @@ int main(int argc, char **argv)
|
|||
|
||||
}
|
||||
|
||||
str_hex_dump(fmt_buf, sc_hotp, 5);
|
||||
|
||||
if (opt_mod & OPT_MOD_HOST) {
|
||||
strcpy(fmt_buf+10, " -- ");
|
||||
str_ftoc(fmt_buf+14, sc_hostname, SC_HOSTNAME_LEN);
|
||||
strcpy(fmt_buf+k, " -- ");
|
||||
str_ftoc(fmt_buf+k+4, sc_hostname, SC_HOSTNAME_LEN);
|
||||
}
|
||||
|
||||
printf("HOTP: %s\n", fmt_buf);
|
||||
|
||||
} else if (r == 1) {
|
||||
|
||||
printf("HOTP: rejected\n");
|
||||
|
||||
} else {
|
||||
|
||||
xerr_errx(1, err_msg);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
} /* MODE_HOTP_GEN */
|
||||
|
||||
|
@ -820,9 +840,9 @@ int main(int argc, char **argv)
|
|||
xerr_errx(1, "sccmd_SetAdminKey(): failed.");
|
||||
|
||||
if (r == 0)
|
||||
printf("Set AdminKey: Done\n");
|
||||
printf("Set AdminKey: Done.\n");
|
||||
else if (r == 1)
|
||||
printf("Set AdminKey: Fail\n");
|
||||
printf("Set AdminKey: Fail.\n");
|
||||
else
|
||||
xerr_errx(1, "sccmd_SetAdminKey(): fatal.");
|
||||
|
||||
|
@ -832,18 +852,29 @@ int main(int argc, char **argv)
|
|||
|
||||
if (mode == MODE_BALANCECARD_SET) {
|
||||
|
||||
sc_idx[0] = SC_BALANCECARD_DISABLE;
|
||||
if (!sc_idx_set)
|
||||
sc_idx[0] = SC_BALANCECARD_DISABLE;
|
||||
|
||||
if ((r = sccmd_SetBalanceCardIndex(scrctx, sc_fv, sc_idx)) < 0)
|
||||
xerr_errx(1, "sccmd_SetBalanceCardIndex(): failed.");
|
||||
|
||||
if (r == 0)
|
||||
printf("Set BalanceCardIndex: Disabled\n");
|
||||
else if (r == 1)
|
||||
printf("Set BalanceCardIndex: Fail\n");
|
||||
else
|
||||
if (r == 0) {
|
||||
|
||||
if (sc_idx[0] == SC_BALANCECARD_DISABLE)
|
||||
printf("Disable BalanceCard: Done.\n");
|
||||
else
|
||||
printf("Set BalanceCardIndex: Done.\n");
|
||||
|
||||
} else if (r == 1) {
|
||||
|
||||
printf("Set BalanceCardIndex: Fail.\n");
|
||||
|
||||
} else {
|
||||
|
||||
xerr_errx(1, "sccmd_SetBalanceCardIndex(): fatal.");
|
||||
|
||||
}
|
||||
|
||||
} /* MODE_BALANCECARD_SET */
|
||||
|
||||
/****************/
|
||||
|
@ -1027,9 +1058,9 @@ int main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (r == 0)
|
||||
printf("SetHost (%d): Done\n", (int)sc_idx[0]);
|
||||
printf("SetHost (%d): Done.\n", (int)sc_idx[0]);
|
||||
else if (r == 1)
|
||||
printf("SetHost (%d): Fail\n", (int)sc_idx[0]);
|
||||
printf("SetHost (%d): Fail.\n", (int)sc_idx[0]);
|
||||
else
|
||||
xerr_errx(1, err_msg);
|
||||
|
||||
|
@ -1060,10 +1091,10 @@ int main(int argc, char **argv)
|
|||
|
||||
|
||||
if (r == 0)
|
||||
printf("SetSpyrusEEBlock (%d): Done\n",
|
||||
printf("SetSpyrusEEBlock (%d): Done.\n",
|
||||
(int)sc_spyrusee_idx[0] & ~HOSTNAME_FLAG_MASK);
|
||||
else if (r == 1)
|
||||
printf("SetSpyrusEEBlock (%d): Fail\n",
|
||||
printf("SetSpyrusEEBlock (%d): Fail.\n",
|
||||
(int)sc_spyrusee_idx[0] & ~HOSTNAME_FLAG_MASK);
|
||||
else
|
||||
xerr_errx(1, err_msg);
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: otp-sct.c 13 2009-11-26 16:37:03Z maf $
|
||||
* $Id: otp-sct.c 88 2009-12-28 00:12:01Z maf $
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
|
@ -80,7 +80,7 @@ int main(int argc, char **argv)
|
|||
struct scr_ctx *scrctx;
|
||||
int i, j, k, r, sc_idx_set, sc_idx_tmp, j_start, j_end;
|
||||
int reset_pin, list_readers, list_version, get_hotp_version, list_hostnames;
|
||||
uint32_t tmp_count;
|
||||
uint32_t tmp_count, tmp32u;
|
||||
uint64_t tmp64u;
|
||||
char sc_hostname[SC_HOSTNAME_LEN+1], sc_pin[SC_PIN_LEN+1];
|
||||
char sc_newpin[SC_PIN_LEN+1], sc_newpin2[SC_PIN_LEN+1];
|
||||
|
@ -98,7 +98,7 @@ int main(int argc, char **argv)
|
|||
sc_idx_set = 0;
|
||||
reset_pin = 0; /* no */
|
||||
tmp_count = 0;
|
||||
reader = SCR_DEFAULT_READER;
|
||||
reader = (char*)0L;
|
||||
list_readers = 0; /* no */
|
||||
list_version = 0; /* no */
|
||||
list_hostnames = 0; /* no */
|
||||
|
@ -217,7 +217,8 @@ int main(int argc, char **argv)
|
|||
|
||||
} /* need PIN */
|
||||
|
||||
if (!(scrctx = scr_ctx_new(SCR_READER_EMBEDDED_ACR30S|SCR_READER_PCSC, debug))) {
|
||||
if (!(scrctx = scr_ctx_new(SCR_READER_EMBEDDED_ACR30S|SCR_READER_PCSC,
|
||||
debug))) {
|
||||
xerr_errx(1, "scr_ctx_new(): failed");
|
||||
}
|
||||
|
||||
|
@ -389,6 +390,19 @@ int main(int argc, char **argv)
|
|||
/* successful SC transaction? */
|
||||
if (r == 0) {
|
||||
|
||||
if (sc_hostname[HOSTNAME_POS_FMT] & HOSTNAME_FLAG_MASK) {
|
||||
|
||||
tmp32u = (sc_hotp[0] << 24) | (sc_hotp[1] << 16) |
|
||||
(sc_hotp[2] << 8) | sc_hotp[3];
|
||||
|
||||
str_uint32toa(fmt_buf, tmp32u);
|
||||
|
||||
} else {
|
||||
|
||||
str_hex_dump(fmt_buf, sc_hotp, 5);
|
||||
|
||||
}
|
||||
|
||||
for (i = 0, j = 0; i < SC_HOSTNAME_LEN; ++i) {
|
||||
|
||||
/* clear high bit for display */
|
||||
|
@ -396,7 +410,6 @@ int main(int argc, char **argv)
|
|||
|
||||
}
|
||||
|
||||
str_hex_dump(fmt_buf, sc_hotp, 5);
|
||||
|
||||
if (get_hotp_version == 3) {
|
||||
str_ftoc(fmt_buf2, sc_hostname, SC_HOSTNAME_LEN);
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: main.c 13 2009-11-26 16:37:03Z maf $
|
||||
* $Id: main.c 89 2009-12-28 01:35:00Z maf $
|
||||
*/
|
||||
|
||||
#include <htc.h>
|
||||
|
@ -65,7 +65,6 @@ GOTO 0x04; Jump to startup
|
|||
#define SC_GETHOTPHOSTCOUNT32_CLA 0x80
|
||||
#define SC_GETSPYRUSEEBLOCK_CLA 0x80
|
||||
|
||||
|
||||
#define SC_GETHOSTNAME_INS 0x44
|
||||
#define SC_GETHOTP_INS 0x46
|
||||
#define SC_SETPIN_INS 0x4C
|
||||
|
@ -75,12 +74,11 @@ GOTO 0x04; Jump to startup
|
|||
#define SC_GETHOTPHOSTCOUNT32_INS 0x5C
|
||||
#define SC_GETSPYRUSEEBLOCK_INS 0xA2
|
||||
|
||||
|
||||
U8 protocol = 0x03;
|
||||
RESP_INFO *Resp;
|
||||
bank1 U8 Buf[72]; /* Spyrus I/O buffer */
|
||||
bank2 U8 dbuf[2][16]; /* two current hostnames for menu */
|
||||
bank2 U8 obuf[2][1]; /* option buffer for menu items */
|
||||
bank2 U8 obuf[2]; /* option buffer for menu items */
|
||||
|
||||
U8 myPIN[5]; /* PIN */
|
||||
U8 newPIN[5]; /* newPIN if set */
|
||||
|
@ -216,12 +214,12 @@ const U8 VERSION[] = {
|
|||
/* Serial # */
|
||||
0x0A, 'm', 'a', 'f', ' ', 'H', 'O', 'T', 'P', ' ', ' ',\
|
||||
/* AE kernel version / program access (unused) */
|
||||
0x13, 0x22, 0x33
|
||||
0x14, 0x22, 0x33
|
||||
};
|
||||
|
||||
U8 getPIN(U8 *dest, U8 pos);
|
||||
void getCount(void);
|
||||
void dispHOTP(void);
|
||||
U8 dispHOTP(U8 fmt);
|
||||
|
||||
U8 hexdigit(U8 d);
|
||||
|
||||
|
@ -236,6 +234,7 @@ void cmdSCGetSpyrusEEBlock(U8 i);
|
|||
U8 doSCGetHostname(U8 idx, U8 row);
|
||||
|
||||
void powerdown(void);
|
||||
void msg_powerdown(void);
|
||||
|
||||
void menuUpdateCursor(void);
|
||||
void menuUpdate(void);
|
||||
|
@ -254,13 +253,19 @@ U8 EELen(U8 addr, U8 len);
|
|||
|
||||
#define HOSTNAME_FLAG_MASK 0x80 /* high bit set */
|
||||
#define HOSTNAME_POS_CHALLENGE 0x00 /* require challenge input */
|
||||
#define HOSTNAME_POS_READERKEY 0x01 /* require reader key */
|
||||
#define HOSTNAME_POS_READERKEY 1 /* require reader key */
|
||||
#define HOSTNAME_POS_FMT 2 /* format, 0=hex, 1=decimal */
|
||||
#define HOSTNAME_POS_FMT3 8 /* 0000=HEX40, 0001=HEX40 */
|
||||
#define HOSTNAME_POS_FMT2 9 /* 0010=DEC31.6 0011=DEC31.7 */
|
||||
#define HOSTNAME_POS_FMT1 10 /* 0100=DEC31.8 0101=DEC31.9 */
|
||||
#define HOSTNAME_POS_FMT0 11 /* 0110=DEC31.10 0111=DHEX40 */
|
||||
|
||||
#define OPTION_FLAG_CHALLENGE 0x01 /* option set to request challenge */
|
||||
#define OPTION_FLAG_FMT 0x02 /* option to format HOTP */
|
||||
|
||||
int main(void)
|
||||
{
|
||||
U8 i, c, j, addr;
|
||||
U8 i, c, j, addr, fmt;
|
||||
|
||||
/* init */
|
||||
Resp = (RESP_INFO*)Buf;
|
||||
|
@ -278,7 +283,7 @@ int main(void)
|
|||
Str2Lcd(0,0,&Resp->data[2]);
|
||||
#else
|
||||
EE2LCD(0, 0, EE_CALC_MSG_ADDR, EE_CALC_MSG_LEN);
|
||||
powerdown();
|
||||
msg_powerdown();
|
||||
#endif /* NO_CALC */
|
||||
} /* SQ_CALC */
|
||||
|
||||
|
@ -301,7 +306,7 @@ int main(void)
|
|||
/* initial greeting */
|
||||
EE2LCD(0, 0, EE_L1GREET_ADDR, EE_L1GREET_LEN);
|
||||
EE2LCD(1, 0, EE_L2GREET_ADDR, EE_L2GREET_LEN);
|
||||
|
||||
|
||||
/* Get PIN */
|
||||
i = getPIN(myPIN,4);
|
||||
|
||||
|
@ -405,7 +410,7 @@ int main(void)
|
|||
/* no hosts on card then nothing to do */
|
||||
if (menu_active == 0) {
|
||||
EE2LCD(0, 0, EE_NOHOSTS_ADDR, EE_NOHOSTS_LEN);
|
||||
powerdown();
|
||||
msg_powerdown();
|
||||
}
|
||||
|
||||
/* display menu */
|
||||
|
@ -479,7 +484,7 @@ int main(void)
|
|||
sc_idx = menu_idx - menu_active + menu_cursor;
|
||||
|
||||
/* challenge input? */
|
||||
if ((obuf[menu_cursor][0] & OPTION_FLAG_CHALLENGE) ||
|
||||
if ((obuf[menu_cursor] & OPTION_FLAG_CHALLENGE) ||
|
||||
(ml_flags & FLAGS_INPUT_COUNT))
|
||||
getCount();
|
||||
|
||||
|
@ -503,16 +508,23 @@ int main(void)
|
|||
dbuf[0][i] = dbuf[menu_cursor][i+3];
|
||||
dbuf[0][12] = 0;
|
||||
|
||||
/* display HOTP screen */
|
||||
dispHOTP();
|
||||
/* Binary/Hex HOTP format */
|
||||
(obuf[menu_cursor] & OPTION_FLAG_FMT) ? fmt = 1 : fmt = 0;
|
||||
|
||||
/* display HOTP and maybe cycle to next system */
|
||||
if (dispHOTP(fmt)) {
|
||||
|
||||
ClearLcd();
|
||||
sc_idx ++;
|
||||
goto enter_shortcut;
|
||||
|
||||
} /* dispHOTP() */
|
||||
|
||||
} else {
|
||||
|
||||
/* Failure */
|
||||
Str2Lcd(0,0,"GHPC32 Fail");
|
||||
|
||||
/* any key to continue */
|
||||
GetRawKey(Resp);
|
||||
Str2Lcd(0,0,"GHPC32:fail");
|
||||
msg_powerdown();
|
||||
|
||||
} /* SC transaction */
|
||||
|
||||
|
@ -521,7 +533,8 @@ int main(void)
|
|||
|
||||
/* next input */
|
||||
continue;
|
||||
}
|
||||
|
||||
} /* RAW_ENTER */
|
||||
|
||||
/****** CHANGE PIN ****/
|
||||
if (key == RAW_STAR) {
|
||||
|
@ -544,7 +557,7 @@ int main(void)
|
|||
ClearLcd();
|
||||
EE2LCD(0, 0, EE_TRYHARDER_ADDR, EE_TRYHARDER_LEN);
|
||||
Beep(2);
|
||||
GetRawKey(Resp);
|
||||
keyGet();
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -579,14 +592,15 @@ int main(void)
|
|||
myPIN[4] = newPIN[4];
|
||||
} else {
|
||||
/* Failure */
|
||||
Str2Lcd(0,0,"SetPIN Fail");
|
||||
Str2Lcd(0,0,"SetPIN:fail");
|
||||
msg_powerdown();
|
||||
}
|
||||
|
||||
/* go back to initial screen */
|
||||
ml_flags |= FLAGS_SCREEN0_UPDATE;
|
||||
|
||||
/* any key to continue */
|
||||
GetRawKey(Resp);
|
||||
keyGet();
|
||||
|
||||
/* success / next input */
|
||||
continue;
|
||||
|
@ -596,10 +610,12 @@ int main(void)
|
|||
/***** CLEAN INPUT DIGITS */
|
||||
|
||||
if (key == RAW_CANCEL) {
|
||||
|
||||
short_d0 = 0;
|
||||
ml_flags &= ~FLAGS_MENU_SHORT_D0;
|
||||
continue;
|
||||
}
|
||||
|
||||
} /* RAW_CANCEL */
|
||||
|
||||
/****** MENU SHORTCUT WITH DIGIT ENTRY ***** */
|
||||
|
||||
|
@ -637,48 +653,75 @@ int main(void)
|
|||
|
||||
enter_shortcut:
|
||||
|
||||
/* input count first? */
|
||||
if (ml_flags & FLAGS_INPUT_COUNT)
|
||||
getCount();
|
||||
/* the next sequential HOTP can be selected with the down arrow */
|
||||
while (1) {
|
||||
|
||||
/* GetHOTPHostCount32 command */
|
||||
cmdSCGetHOTPHostCount32();
|
||||
/* input count first? */
|
||||
if (ml_flags & FLAGS_INPUT_COUNT)
|
||||
getCount();
|
||||
|
||||
/* initiate SC transaction */
|
||||
if (SCTransact() == 0) {
|
||||
/* GetHOTPHostCount32 command */
|
||||
cmdSCGetHOTPHostCount32();
|
||||
|
||||
/*
|
||||
* 2 byte resp (2) : 0,1
|
||||
* NAD,PCB,LEN (3) : 2,3,4
|
||||
* idx (1) : 5
|
||||
* PIN (5) : 6,7,8,9,10
|
||||
* count (4) : 11,12,13,14
|
||||
* HOTP (5) : 15,16,17,18,19
|
||||
* HostName(12) : 20..31
|
||||
*/
|
||||
/* initiate SC transaction */
|
||||
if (SCTransact() == 0) {
|
||||
|
||||
/* skip display for empty hostname */
|
||||
if (Buf[20] != 0) {
|
||||
/*
|
||||
* 2 byte resp (2) : 0,1
|
||||
* NAD,PCB,LEN (3) : 2,3,4
|
||||
* idx (1) : 5
|
||||
* PIN (5) : 6,7,8,9,10
|
||||
* count (4) : 11,12,13,14
|
||||
* HOTP (5) : 15,16,17,18,19
|
||||
* HostName(12) : 20..31
|
||||
*/
|
||||
|
||||
/* display hostname on top */
|
||||
for (i = 0; i < 12; ++i)
|
||||
dbuf[0][i] = (Buf[20+i]&0x7F);
|
||||
dbuf[0][12] = 0;
|
||||
/* skip display for empty hostname */
|
||||
if (Buf[20] != 0) {
|
||||
|
||||
/* display HOTP screen */
|
||||
dispHOTP();
|
||||
/* display hostname on top */
|
||||
for (i = 0; i < 12; ++i)
|
||||
dbuf[0][i] = (Buf[20+i]&0x7F);
|
||||
dbuf[0][12] = 0;
|
||||
|
||||
}
|
||||
/* Binary/Hex HOTP format */
|
||||
(Buf[20+HOSTNAME_POS_FMT] & HOSTNAME_FLAG_MASK) ? fmt = 1 : fmt = 0;
|
||||
|
||||
} else {
|
||||
/* display HOTP and maybe cycle to next system */
|
||||
if(dispHOTP(fmt)) {
|
||||
|
||||
/* Failure */
|
||||
Str2Lcd(0,0,"GHPHC32 Fail");
|
||||
sc_idx ++;
|
||||
ClearLcd();
|
||||
continue;
|
||||
|
||||
/* any key to continue */
|
||||
GetRawKey(Resp);
|
||||
} else {
|
||||
|
||||
} /* SC transaction */
|
||||
break; /* done */
|
||||
|
||||
}
|
||||
|
||||
|
||||
} else {
|
||||
|
||||
Str2Lcd(0,0,"GHPHC32:empt");
|
||||
|
||||
/* fatal */
|
||||
msg_powerdown();
|
||||
|
||||
} /* hostname not empty */
|
||||
|
||||
|
||||
} else {
|
||||
|
||||
/* Failure */
|
||||
Str2Lcd(0,0,"GHPHC32:fail");
|
||||
|
||||
/* fatal */
|
||||
msg_powerdown();
|
||||
|
||||
} /* SC transaction */
|
||||
|
||||
} /* while 1 */
|
||||
|
||||
/* initialize for main screen input */
|
||||
menuInit();
|
||||
|
@ -814,7 +857,8 @@ U8 getPIN(U8 *dest, U8 pos)
|
|||
|
||||
void keyGet(void)
|
||||
{
|
||||
GetRawKey(Resp);
|
||||
if (GetRawKey(Resp))
|
||||
powerdown();
|
||||
key = *Resp->data;
|
||||
} /* keyGet */
|
||||
|
||||
|
@ -1017,6 +1061,7 @@ U8 SCTransact(void)
|
|||
if (CardPowerOn(Resp)) {
|
||||
ClearLcd();
|
||||
EE2LCD(0, 0, EE_NOCARD_ADDR, EE_NOCARD_LEN);
|
||||
CardPowerOff();
|
||||
r = 1; /* no card */
|
||||
goto SCTransact_err2;
|
||||
}
|
||||
|
@ -1070,7 +1115,7 @@ SCTransact_err:
|
|||
|
||||
/* get any key */
|
||||
SCTransact_err2:
|
||||
GetRawKey(Resp);
|
||||
keyGet();
|
||||
|
||||
ClearLcd();
|
||||
|
||||
|
@ -1128,9 +1173,12 @@ U8 doSCGetHostname(U8 idx, U8 row)
|
|||
|
||||
/* high bit set on first character signals challenge required */
|
||||
if (Buf[11+HOSTNAME_POS_CHALLENGE] & HOSTNAME_FLAG_MASK)
|
||||
obuf[row][0] = OPTION_FLAG_CHALLENGE;
|
||||
obuf[row] = OPTION_FLAG_CHALLENGE;
|
||||
else
|
||||
obuf[row][0] = 0;
|
||||
obuf[row] = 0;
|
||||
|
||||
if (Buf[11+HOSTNAME_POS_FMT] & HOSTNAME_FLAG_MASK)
|
||||
obuf[row] |= OPTION_FLAG_FMT;
|
||||
|
||||
/* empty hostname is last */
|
||||
if (Buf[11] == 0)
|
||||
|
@ -1150,7 +1198,8 @@ U8 doSCGetHostname(U8 idx, U8 row)
|
|||
|
||||
} else {
|
||||
|
||||
powerdown();
|
||||
Str2Lcd(0,0,"GHN:fail");
|
||||
msg_powerdown();
|
||||
|
||||
}
|
||||
|
||||
|
@ -1158,13 +1207,17 @@ U8 doSCGetHostname(U8 idx, U8 row)
|
|||
|
||||
} /* doSCGetHostname */
|
||||
|
||||
void powerdown(void)
|
||||
void msg_powerdown(void)
|
||||
{
|
||||
CardPowerOff();
|
||||
GetRawKey(Resp);
|
||||
DeactivateRdr();
|
||||
} /* off */
|
||||
|
||||
void powerdown(void)
|
||||
{
|
||||
DeactivateRdr();
|
||||
}
|
||||
|
||||
void menuUpdate(void)
|
||||
{
|
||||
ClearLcd();
|
||||
|
@ -1197,17 +1250,40 @@ void menuUpdateCursor(void)
|
|||
|
||||
} /* menuUpdateCursor() */
|
||||
|
||||
void dispHOTP(void)
|
||||
U8 dispHOTP(U8 fmt)
|
||||
{
|
||||
U8 i, j, c;
|
||||
U32 u32;
|
||||
char *s;
|
||||
|
||||
|
||||
if (fmt == 0) { /* HEX */
|
||||
for (i = 0, j = 0; i < 5; ++i) {
|
||||
c = Buf[15+i];
|
||||
dbuf[1][j++] = hexdigit(c>>4);
|
||||
dbuf[1][j++] = hexdigit(c&0x0F);
|
||||
}
|
||||
dbuf[1][j] = 0;
|
||||
} else { /* decimal */
|
||||
|
||||
s = (char*)&u32;
|
||||
|
||||
s[3] = Buf[15];
|
||||
s[2] = Buf[16];
|
||||
s[1] = Buf[17];
|
||||
s[0] = Buf[18];
|
||||
|
||||
s = Buf; /* starts at Buf+1 */
|
||||
|
||||
do {
|
||||
*++s = u32 % 10 + '0';
|
||||
} while ((u32 /= 10) > 0);
|
||||
|
||||
for (i = 0; s != Buf; --s, ++i)
|
||||
dbuf[1][i] = *s;
|
||||
dbuf[1][i] = 0;
|
||||
|
||||
/* HOTP to hex */
|
||||
for (i = 0, j = 0; i < 5; ++i) {
|
||||
c = Buf[15+i];
|
||||
dbuf[1][j++] = hexdigit(c>>4);
|
||||
dbuf[1][j++] = hexdigit(c&0x0F);
|
||||
}
|
||||
dbuf[1][j] = 0;
|
||||
|
||||
/*
|
||||
* note the following code will not compile properly. certain
|
||||
|
@ -1237,9 +1313,18 @@ void dispHOTP(void)
|
|||
}
|
||||
}
|
||||
|
||||
/* any key will return, timeout to powerdown */
|
||||
if (j == 0)
|
||||
powerdown();
|
||||
if (j == 1) {
|
||||
key = *Resp->data;
|
||||
if (key == RAW_DOWN)
|
||||
return 1; /* again */
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* timeout */
|
||||
powerdown();
|
||||
|
||||
return 0; /* unreached */
|
||||
|
||||
} /* dispHOTP */
|
||||
|
||||
|
@ -1315,3 +1400,4 @@ U8 EELen(U8 addr, U8 len)
|
|||
return i;
|
||||
|
||||
} /* EELen */
|
||||
|
||||
|
|
44
urd/urd.c
44
urd/urd.c
|
@ -24,7 +24,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: urd.c 13 2009-11-26 16:37:03Z maf $
|
||||
* $Id: urd.c 50 2009-12-15 01:37:19Z maf $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
|
@ -59,7 +59,6 @@
|
|||
* urd_rep_msg in access-challenge hard coded to ABC..
|
||||
* copy proxy variables into reply packet per RFC?
|
||||
* packet stress testing
|
||||
* rc.d script
|
||||
*/
|
||||
|
||||
static void usage(void);
|
||||
|
@ -77,18 +76,19 @@ int main(int argc, char **argv)
|
|||
struct otp_ctx *otpctx;
|
||||
struct otp_user ou;
|
||||
char *otpdb_fname;
|
||||
int otp_skip_unknown, otpdb_flags;
|
||||
int otp_skip_unknown, otpdb_flags, otp_enable;
|
||||
#endif /* OOTP_ENABLE */
|
||||
fd_set rfd;
|
||||
u_long tmpul;
|
||||
uint64_t rep_state;
|
||||
uint32_t local_ip, tmp32u;
|
||||
uint32_t local_ip;
|
||||
uint16_t local_port;
|
||||
uint8_t rep_code;
|
||||
uint rem_addr_len;
|
||||
char *authorized_users_fname, *pwfile_fname, *server_secret_fname, *endptr;
|
||||
char server_secret[URD_SECRET_LEN+1], buf[1024], *pid_fname;
|
||||
int rep_enc_flags, rep_cache_flags, debug, daemon_mode;
|
||||
int drop, drop_mode, req_cache_hit, buf_l, pkt_fd, r, i;
|
||||
int drop, drop_mode, req_cache_hit, buf_l, pkt_fd, r, i, otp_window;
|
||||
|
||||
bzero(&loc_addr, sizeof loc_addr);
|
||||
bzero(&pkt_fd, sizeof pkt_fd);
|
||||
|
@ -103,19 +103,21 @@ int main(int argc, char **argv)
|
|||
local_port = URD_PORT;
|
||||
drop = 1;
|
||||
drop_mode = 0;
|
||||
otp_window = OTP_WINDOW_DEFAULT;
|
||||
#ifdef OOTP_ENABLE
|
||||
otpctx = (struct otp_ctx*)0L;
|
||||
otpdb_fname = OTP_DB_FNAME;
|
||||
otp_skip_unknown = 0;
|
||||
otpdb_flags = 0;
|
||||
otp_enable = 1;
|
||||
#endif /* OOTP_ENABLE */
|
||||
|
||||
xerr_setid(argv[0]);
|
||||
|
||||
#ifdef OOTP_ENABLE
|
||||
while ((i = getopt(argc, argv, "AhduDOx?a:b:B:o:p:s:P:")) != -1) {
|
||||
while ((i = getopt(argc, argv, "AhduDOx?a:b:B:o:p:s:P:w:")) != -1) {
|
||||
#else
|
||||
while ((i = getopt(argc, argv, "AhdDx?a:b:B:p:s:P:")) != -1) {
|
||||
while ((i = getopt(argc, argv, "AhdDx?a:b:B:p:s:P:w:")) != -1) {
|
||||
#endif /* OOTP_ENABLE */
|
||||
|
||||
switch (i) {
|
||||
|
@ -134,12 +136,12 @@ int main(int argc, char **argv)
|
|||
break;
|
||||
|
||||
case 'B':
|
||||
tmp32u = strtoul(optarg, &endptr, 0);
|
||||
tmpul = strtoul(optarg, &endptr, 0);
|
||||
if (*endptr)
|
||||
xerr_errx(1, "stroul(%s): failed at %c.", optarg, *endptr);
|
||||
if (tmp32u > 0xFFFF)
|
||||
if (tmpul > 0xFFFF)
|
||||
xerr_errx(1, "UDP port out of range 0..65535.");
|
||||
local_port = tmp32u;
|
||||
local_port = tmpul;
|
||||
break;
|
||||
|
||||
case 'd':
|
||||
|
@ -165,7 +167,7 @@ int main(int argc, char **argv)
|
|||
break;
|
||||
|
||||
case 'O':
|
||||
otpdb_fname = (char*)0L;
|
||||
otp_enable = 0;
|
||||
break;
|
||||
#endif /* OOTP_ENABLE */
|
||||
|
||||
|
@ -187,6 +189,15 @@ int main(int argc, char **argv)
|
|||
break;
|
||||
#endif /* OOTP_ENABLE */
|
||||
|
||||
case 'w':
|
||||
tmpul = strtoul(optarg, &endptr, 0);
|
||||
if (*endptr)
|
||||
xerr_errx(1, "stroul(%s): failed at %c.", optarg, *endptr);
|
||||
if (tmpul > OTP_WINDOW_MAX)
|
||||
xerr_errx(1, "Challenge window %lu > %lu.", tmpul, OTP_WINDOW_MAX);
|
||||
otp_window = tmpul;
|
||||
break;
|
||||
|
||||
case 'x':
|
||||
drop_mode = 1;
|
||||
break;
|
||||
|
@ -264,7 +275,7 @@ int main(int argc, char **argv)
|
|||
|
||||
#ifdef OOTP_ENABLE
|
||||
/* creat OTP context */
|
||||
if (otpdb_fname)
|
||||
if (otp_enable)
|
||||
if (!(otpctx = otp_db_open(otpdb_fname, otpdb_flags)))
|
||||
xerr_errx(1, "otp_db_open(%s): failed", otpdb_fname);
|
||||
#endif /* OOTP_ENABLE */
|
||||
|
@ -487,7 +498,7 @@ int main(int argc, char **argv)
|
|||
*
|
||||
*/
|
||||
|
||||
if (!otpdb_fname) {
|
||||
if (!otp_enable) {
|
||||
|
||||
rep_code = RADIUS_CODE_ACCESS_ACCEPT;
|
||||
rep_enc_flags = 0x0;
|
||||
|
@ -720,7 +731,7 @@ int main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if ((r = otp_user_auth(otpctx, urdctx->req.user_name,
|
||||
urdctx->req.user_pass, OTP_HOTP_WINDOW)) < 0)
|
||||
urdctx->req.user_pass, otp_window)) < 0)
|
||||
xerr_errx(1, "otp_user_auth(): failed.");
|
||||
|
||||
if (r == OTP_AUTH_PASS) {
|
||||
|
@ -989,14 +1000,15 @@ void usage(void)
|
|||
fprintf(stderr,
|
||||
"urd [-AhdDOux?] [-a allowed_users_file] [-b local_ip] [-B local_port ]\n");
|
||||
fprintf(stderr,
|
||||
" [-o otp_db] [-p passwd_file] [-P pid_file] [-s secret_file]\n\n");
|
||||
" [-o otp_db] [-p passwd_file] [-P pid_file] [-s secret_file]\n");
|
||||
#else
|
||||
fprintf(stderr,
|
||||
"urd [-AhdDx?] [-a allowed_users_file] [-b local_ip] [-B local_port ]\n");
|
||||
fprintf(stderr,
|
||||
" [-p passwd_file] [-P pid_file] [-s secret_file]\n\n");
|
||||
" [-p passwd_file] [-P pid_file] [-s secret_file]\n");
|
||||
|
||||
#endif /* OOTP_ENABLE */
|
||||
fprintf(stderr, " [-w otp_window]\n\n");
|
||||
fprintf(stderr, " -A disable authorized_users file (all users in passwd_file valid)\n");
|
||||
fprintf(stderr, " -h help\n");
|
||||
fprintf(stderr, " -d enable debugging\n");
|
||||
|
|
Loading…
Reference in a new issue