adulau/ootp
1
0
Fork 0
mirror of https://github.com/adulau/ootp.git synced 2024-12-03 15:37:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

ootp-snap-06-12-2011-r200 imported

Browse source
This commit is contained in:
Alexandre Dulaunoy 2017-01-03 12:18:19 +01:00
parent b48b72effd
commit ba3d1d438f
25 changed files with 912 additions and 193 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
VERSION
View file

@ -1 +1 @@
snap-r184
snap-r200

4
bcload/Makefile
View file

@ -1,4 +1,4 @@
# $Id: Makefile 127 2010-06-15 14:24:34Z maf $
# $Id: Makefile 189 2011-05-26 03:50:39Z maf $
what:
@echo
@ -10,7 +10,7 @@ what:
@echo
i386-fbsd:
@make CC="gcc" CFLAGS="-I../common -I/usr/local/pcsc/include/PCSC -DSCR_PCSC -g -DHAVE_STRING_H -DHAVE_STRINGS_H -DDEBUG -Wall -std=c99 -pedantic" LFLAGS="-L/usr/local/pcsc/lib" LIBS="-lpcsclite" all
@make CC="gcc" CFLAGS="-I../common -I/usr/local/pcsc/include/PCSC -DSCR_PCSC -g -DHAVE_STRING_H -DHAVE_STRINGS_H -DDEBUG -Wall -std=c99 -pedantic" LFLAGS="-L/usr/local/pcsc/lib -L/usr/local/lib" LIBS="-lpcsclite" all
i386-linux:
@make CC="gcc" CFLAGS="-I../common -I/usr/local/include/PCSC -DSCR_PCSC -g -DHAVE_STRING_H -DHAVE_STRINGS_H -DDEBUG -Wall -D_BSD_SOURCE -D_XOPEN_SOURCE -std=c99 -pedantic" LFLAGS="-L/usr/local/pcsc/lib" LIBS="/usr/local/lib/libpcsclite.a -lpthread" all

33
common/otplib.c
View file

@ -24,7 +24,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: otplib.c 174 2011-05-16 02:09:26Z maf $
* $Id: otplib.c 193 2011-06-12 16:43:51Z maf $
*/
#include <openssl/ssl.h>
@ -1104,6 +1104,28 @@ int otp_user_add(struct otp_ctx *otpctx, char *u_username,
/*
* sanity checks
*/
if (!u_username) {
if (otpctx->verbose)
xerr_warnx("u_username is null.");
goto otp_user_add_out;
}
if (!u_key_val) {
if (otpctx->verbose)
xerr_warnx("u_key_val is null.");
goto otp_user_add_out;
}
/* u_loc can be null */
if (u_loc) {
if (strlen(u_loc) > OTP_USER_LOC_LEN) {
if (otpctx->verbose)
xerr_warnx("strlen(u_loc) > OTP_USER_LOC_LEN.");
goto otp_user_add_out;
}
}
if (ou.db_key.size > OTP_USER_NAME_LEN) {
if (otpctx->verbose)
xerr_warnx("strlen(u_username) > OTP_USER_NAME_LEN.");
@ -1116,19 +1138,14 @@ int otp_user_add(struct otp_ctx *otpctx, char *u_username,
goto otp_user_add_out;
}
if (strlen(u_loc) > OTP_USER_LOC_LEN) {
if (otpctx->verbose)
xerr_warnx("strlen(u_loc) > OTP_USER_LOC_LEN.");
goto otp_user_add_out;
}
/*
* copy in user fields to ou
*/
/* lengths checked above */
strncpy(ou.username, u_username, OTP_USER_NAME_LEN);
strncpy(ou.loc, u_loc, OTP_USER_LOC_LEN);
if (u_loc)
strncpy(ou.loc, u_loc, OTP_USER_LOC_LEN);
bcopy(u_key_val, &ou.key, u_key_size);
ou.key_size = u_key_size;
ou.count = u_count;

8
doc/CHANGES
View file

@ -1,5 +1,13 @@
# $Id:$
htsoft-downloader: Makefile install target fix - eshicks
pam_otp: allown_unknown typo - eshicks
otplib: more sanity checking on otp_user_add - eshicks
otp-tokend: smtp support, fork() on message
urd/rc.d/urd: updated for new flags
otp-control: mode generate will honor -c

7
doc/Makefile
View file

@ -1,4 +1,4 @@
# $Id: Makefile 153 2011-04-01 02:38:36Z maf $
# $Id: Makefile 196 2011-06-12 18:57:25Z maf $
INSTALL=install -c -m0644
@ -19,12 +19,13 @@ MISCDIR=/usr/local/ootp/doc
openjade -V nochunks -c /usr/local/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/3.1/dtd/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html
MAN1S = htsoft-downloader.1 bcload.1 otp-control.1 otp-ov-plugin.1\
pam_otp.1 urd.1 otp-sca.1 otp-sct.1
pam_otp.1 urd.1 otp-sca.1 otp-sct.1 otp-tokend.1
MAN7S = spyrus-par2.7
HTMLS = htsoft-downloader.html bcload.html otp-control.html otp-ov-plugin.html\
pam_otp.html urd.html otp-sca.html otp-sct.html spyrus-par2.html
pam_otp.html urd.html otp-sca.html otp-sct.html spyrus-par2.html\
otp-tokend.html
MISC = QUICKSTART LICENSE PAR2-USER-GENERIC BALANCE-USER HOTP-2009.pdf

21
doc/TODO
View file

@ -1,14 +1,15 @@
urd option c should not require arg
urd_oareng_pgm support in rc.d
sshd[41599]: v2 format has 11 fields, not 10.
sshd[41599]: otp_ou_fromascii(): failed.
sshd[41599]: otp_urec_open(maf): failed.
sshd[41599]: ffdb_rec_close(): rec_open_ref_count != 0.
sshd[41599]: otp_db_close(): failed.
OpenOTP patch: fix for weird balance reader
urd opt n should include character list
man page for option n
tokend
man page
usage
urd,openvpn
send-token
document send-token option
Enter PIN code does not issue a \n
@ -19,8 +20,6 @@ RADIUS proxy support
get documentation for the ACS balance reader
ACS balance reader support dec31.6?
break out htsoft-downloader, urd, bcload?
full coverage testing for otplib and ffdb
otp-token (soft token)
@ -50,5 +49,3 @@ otp-sca
urd - wtmp
otp-control -c should do the right thing when generating otp

2
doc/bcload.1
View file

@ -136,4 +136,4 @@ Mark Fullmer maf@splintered\&.net
\fBotp-ov-plugin\fP(1)
\fBurd\fP(1)
spyrus-par2(7)
...\" created by instant / docbook-to-man, Sun 15 May 2011, 23:57
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01

8
doc/htsoft-downloader.1
View file

@ -124,7 +124,11 @@ Mark Fullmer maf@splintered\&.net
.PP
Intel Hexadecimal Object File Format Specification Rev A
.PP
www\&.htsoft\&.com
http://www\&.htsoft\&.com
.PP
http://www\&.microchip\&.com
.PP
http://www\&.ehl\&.cz/pic/pic_e\&.htm
...\" created by instant / docbook-to-man, Sun 15 May 2011, 23:57
.PP
ftp://ftp\&.htsoft\&.com/hitech/samples/bootldr\&.zip
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01

6
doc/htsoft-downloader.html
View file

@ -260,9 +260,13 @@ NAME="AEN83"
><P
>Intel Hexadecimal Object File Format Specification Rev A</P
><P
>www.htsoft.com</P
>http://www.htsoft.com</P
><P
>http://www.microchip.com</P
><P
>http://www.ehl.cz/pic/pic_e.htm</P
><P
>ftp://ftp.htsoft.com/hitech/samples/bootldr.zip</P
></DIV
></BODY
></HTML

10
doc/htsoft-downloader.sgml
View file

@ -1,6 +1,6 @@
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
<!-- $Id: htsoft-downloader.sgml 126 2010-06-15 14:23:02Z maf $ -->
<!-- $Id: htsoft-downloader.sgml 199 2011-06-12 18:59:50Z maf $ -->
<refentry>
@ -179,11 +179,17 @@ wDONE: reply=F0, expecting E4wPIC reset sent.
Intel Hexadecimal Object File Format Specification Rev A
</para>
<para>
www.htsoft.com
http://www.htsoft.com
</para>
<para>
http://www.microchip.com
</para>
<para>
http://www.ehl.cz/pic/pic_e.htm
</para>
<para>
ftp://ftp.htsoft.com/hitech/samples/bootldr.zip
</para>
</refsect1>
</refentry>

2
doc/otp-control.1
View file

@ -299,4 +299,4 @@ Mark Fullmer maf@splintered\&.net
\fBurd\fP(1)
\fBbcload\fP(1)
spyrus-par2(7)
...\" created by instant / docbook-to-man, Sun 15 May 2011, 23:57
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01

2
doc/otp-ov-plugin.1
View file

@ -110,4 +110,4 @@ Mark Fullmer maf@splintered\&.net
\fBbcload\fP(1)
\fBOpenVPN\fP(8)
spyrus-par2(7)
...\" created by instant / docbook-to-man, Sun 15 May 2011, 23:57
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01

2
doc/otp-sca.1
View file

@ -428,4 +428,4 @@ Mark Fullmer maf@splintered\&.net
\fBbcload\fP(1)
\fBurd\fP(1)
spyrus-par2(7)
...\" created by instant / docbook-to-man, Sun 15 May 2011, 23:57
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01

2
doc/otp-sct.1
View file

@ -142,4 +142,4 @@ Mark Fullmer maf@splintered\&.net
\fBbcload\fP(1)
\fBurd\fP(1)
spyrus-par2(7)
...\" created by instant / docbook-to-man, Sun 15 May 2011, 23:57
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01

129
doc/otp-tokend.1 Normal file
View file

@ -0,0 +1,129 @@
...\" $Header: /usr/src/docbook-to-man/cmd/RCS/docbook-to-man.sh,v 1.3 1996/06/17 03:36:49 fld Exp $
...\"
...\" transcript compatibility for postscript use.
...\"
...\" synopsis: .P! <file.ps>
...\"
.de P!
\\&.
.fl \" force out current output buffer
\\!%PB
\\!/showpage{}def
...\" the following is from Ken Flowers -- it prevents dictionary overflows
\\!/tempdict 200 dict def tempdict begin
.fl \" prolog
.sy cat \\$1\" bring in postscript file
...\" the following line matches the tempdict above
\\!end % tempdict %
\\!PE
\\!.
.sp \\$2u \" move below the image
..
.de pF
.ie \\*(f1 .ds f1 \\n(.f
.el .ie \\*(f2 .ds f2 \\n(.f
.el .ie \\*(f3 .ds f3 \\n(.f
.el .ie \\*(f4 .ds f4 \\n(.f
.el .tm ? font overflow
.ft \\$1
..
.de fP
.ie !\\*(f4 \{\
. ft \\*(f4
. ds f4\"
' br \}
.el .ie !\\*(f3 \{\
. ft \\*(f3
. ds f3\"
' br \}
.el .ie !\\*(f2 \{\
. ft \\*(f2
. ds f2\"
' br \}
.el .ie !\\*(f1 \{\
. ft \\*(f1
. ds f1\"
' br \}
.el .tm ? font underflow
..
.ds f1\"
.ds f2\"
.ds f3\"
.ds f4\"
.ta 8n 16n 24n 32n 40n 48n 56n 64n 72n
.TH "\fBotp-tokend\fP" "1"
.SH "NAME"
\fBotp-tokend\fP \(em Deliver tokens via SMTP(S) or HTTP(S)\&.
.SH "SYNOPSIS"
.PP
\fBotp-tokend\fP [-?Dv] [-b\fI bind-path\fP] [-f\fI from-address\fP] [-s\fI subject\fP] [-S\fI smtp_url\fP] [-P\fI pidfile\fP] [-H\fI httl_url\fP]
.SH "DESCRIPTION"
.PP
The \fBotp-tokend\fP daemon processes send-token
requests from the Unix domain socket \fB/var/run/otp-tokend\fP\&.
Tokens are then delivered to the end-user via SMTP, SMTPS, HTTP, or HTTPS\&.
Delivery through SMS or other out of band mechanisms can be implemented
with a HTTPS back end\&.
.PP
Otplib will optionally generate a send-token request when the user record has
the send-token flag and location information set\&. This can be done with
\fBotp-control\fP\&.
.PP
The send-token request is a single datagram with the following ASCII fields
separated by newlines:
.PP
.nf
service
username
location
token
.fi
.PP
If the location (destination to send the token) is all digits the request is
sent via HTTP(S)\&. A request with the @ symbol is sent via SMTP(S)\&. All other
requests are ignored\&.
.SH "OPTIONS"
.IP "-b, --bind-path=\fI bind_path\fP" 10
Listen for send-token requests from an alternate Unix domain socket\&.
.IP "-D, --disable-daemon-mode" 10
Disable daemon mode\&. When specified \fBotp-tokend\fP will not
run in the background and stdout is available for debugging information\&.
.IP "-f, --from-address=\fI from_address\fP" 10
Specify the e-mail from address when using SMTP(S)\&.
.IP "-s, --subject=\fI subject\fP" 10
Specify the e-mail subject when using SMTP(S)\&.
.IP "-s, --smtp-url=\fI smtp_url\fP" 10
Specify the URL to an SMTP(S) server\&. Example smtp://127\&.0\&.0\&.1\&.
.IP "-P, --pidfile=\fI pid_file\fP" 10
Specify an alternate location for a file containing the process ID
of the \fBotp-tokend\fP server\&.
.IP "-H, --http-url=\fI http_url\fP" 10
Specify the URL to an HTTP(S) server\&. A form will be posted to the
url with the form "to" set to the location, and
"msg" set to the token\&.
.IP "-v, --verbose" 10
Increase verbosity\&. Can be used multiple times\&.
.IP "--version" 10
Display software version\&.
.SH "EXAMPLES"
.PP
Start the \fBotp-tokend\fP server in the foreground with verbose
output using https://127\&.0\&.0\&.1:443/sms for HTTP and and smtp://127\&.0\&.0\&.1 for SMTP requests\&.
.PP
.nf
otp-tokend -D -vvv -S smtp://127\&.0\&.0\&.1 -H https://127\&.0\&.0\&.1:443/sms
.fi
.SH "AUTHOR"
.PP
Mark Fullmer maf@splintered\&.net
.SH "SEE ALSO"
.PP
\fBotp-control\fP(1)
\fBotp-sca\fP(1)
\fBotp-sct\fP(1)
\fBpam_otp\fP(1)
\fBhtsoft-downloader\fP(1)
\fBbcload\fP(1)
\fBotp-ov-plugin\fP(1)
spyrus-par2(7)
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01

315
doc/otp-tokend.html Normal file
View file

@ -0,0 +1,315 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>otp-tokend</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="AEN1"
></A
><SPAN
CLASS="APPLICATION"
>otp-tokend</SPAN
></H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN6"
></A
><H2
>Name</H2
><SPAN
CLASS="APPLICATION"
>otp-tokend</SPAN
>&nbsp;--&nbsp;Deliver tokens via SMTP(S) or HTTP(S).</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN10"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>otp-tokend</B
> [-?Dv] [-b<TT
CLASS="REPLACEABLE"
><I
> bind-path</I
></TT
>] [-f<TT
CLASS="REPLACEABLE"
><I
> from-address</I
></TT
>] [-s<TT
CLASS="REPLACEABLE"
><I
> subject</I
></TT
>] [-S<TT
CLASS="REPLACEABLE"
><I
> smtp_url</I
></TT
>] [-P<TT
CLASS="REPLACEABLE"
><I
> pidfile</I
></TT
>] [-H<TT
CLASS="REPLACEABLE"
><I
> httl_url</I
></TT
>]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN26"
></A
><H2
>DESCRIPTION</H2
><P
>The <B
CLASS="COMMAND"
>otp-tokend</B
> daemon processes send-token
requests from the Unix domain socket <TT
CLASS="FILENAME"
>/var/run/otp-tokend</TT
>.
Tokens are then delivered to the end-user via SMTP, SMTPS, HTTP, or HTTPS.
Delivery through SMS or other out of band mechanisms can be implemented
with a HTTPS back end.</P
><P
>Otplib will optionally generate a send-token request when the user record has
the send-token flag and location information set. This can be done with
<B
CLASS="COMMAND"
>otp-control</B
>.</P
><P
>The send-token request is a single datagram with the following ASCII fields
separated by newlines:</P
><PRE
CLASS="SCREEN"
>service
username
location
token</PRE
><P
>If the location (destination to send the token) is all digits the request is
sent via HTTP(S). A request with the @ symbol is sent via SMTP(S). All other
requests are ignored.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN36"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-b, --bind-path=<TT
CLASS="REPLACEABLE"
><I
> bind_path</I
></TT
></DT
><DD
><P
>Listen for send-token requests from an alternate Unix domain socket.</P
></DD
><DT
>-D, --disable-daemon-mode</DT
><DD
><P
>Disable daemon mode. When specified <B
CLASS="COMMAND"
>otp-tokend</B
> will not
run in the background and stdout is available for debugging information.</P
></DD
><DT
>-f, --from-address=<TT
CLASS="REPLACEABLE"
><I
> from_address</I
></TT
></DT
><DD
><P
>Specify the e-mail from address when using SMTP(S).</P
></DD
><DT
>-s, --subject=<TT
CLASS="REPLACEABLE"
><I
> subject</I
></TT
></DT
><DD
><P
>Specify the e-mail subject when using SMTP(S).</P
></DD
><DT
>-s, --smtp-url=<TT
CLASS="REPLACEABLE"
><I
> smtp_url</I
></TT
></DT
><DD
><P
>Specify the URL to an SMTP(S) server. Example smtp://127.0.0.1.</P
></DD
><DT
>-P, --pidfile=<TT
CLASS="REPLACEABLE"
><I
> pid_file</I
></TT
></DT
><DD
><P
>Specify an alternate location for a file containing the process ID
of the <B
CLASS="COMMAND"
>otp-tokend</B
> server.</P
></DD
><DT
>-H, --http-url=<TT
CLASS="REPLACEABLE"
><I
> http_url</I
></TT
></DT
><DD
><P
>Specify the URL to an HTTP(S) server. A form will be posted to the
url with the form "to" set to the location, and
"msg" set to the token.</P
></DD
><DT
>-v, --verbose</DT
><DD
><P
>Increase verbosity. Can be used multiple times.</P
></DD
><DT
>--version</DT
><DD
><P
>Display software version.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN83"
></A
><H2
>EXAMPLES</H2
><DIV
CLASS="INFORMALEXAMPLE"
><P
></P
><A
NAME="AEN85"
></A
><P
>Start the <B
CLASS="COMMAND"
>otp-tokend</B
> server in the foreground with verbose
output using https://127.0.0.1:443/sms for HTTP and and smtp://127.0.0.1 for SMTP requests.
<PRE
CLASS="SCREEN"
>otp-tokend -D -vvv -S smtp://127.0.0.1 -H https://127.0.0.1:443/sms</PRE
></P
><P
></P
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN89"
></A
><H2
>AUTHOR</H2
><P
>Mark Fullmer
<CODE
CLASS="EMAIL"
>&#60;<A
HREF="mailto:maf@splintered.net"
>maf@splintered.net</A
>&#62;</CODE
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN96"
></A
><H2
>SEE ALSO</H2
><P
><SPAN
CLASS="APPLICATION"
>otp-control</SPAN
>(1)
<SPAN
CLASS="APPLICATION"
>otp-sca</SPAN
>(1)
<SPAN
CLASS="APPLICATION"
>otp-sct</SPAN
>(1)
<SPAN
CLASS="APPLICATION"
>pam_otp</SPAN
>(1)
<SPAN
CLASS="APPLICATION"
>htsoft-downloader</SPAN
>(1)
<SPAN
CLASS="APPLICATION"
>bcload</SPAN
>(1)
<SPAN
CLASS="APPLICATION"
>otp-ov-plugin</SPAN
>(1)
<SPAN
CLASS="HARDWARE"
>spyrus-par2</SPAN
>(7)</P
></DIV
></BODY
></HTML
>

200
doc/otp-tokend.sgml Normal file
View file

@ -0,0 +1,200 @@
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">
<!-- $Id:$ -->
<refentry>
<refmeta>
<refentrytitle>
<application>otp-tokend</application>
</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>
<application>otp-tokend</application>
</refname>
<refpurpose>
Deliver tokens via SMTP(S) or HTTP(S).
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>otp-tokend</command>
<arg>-?Dv</arg>
<arg>-b<replaceable> bind-path</replaceable></arg>
<arg>-f<replaceable> from-address</replaceable></arg>
<arg>-s<replaceable> subject</replaceable></arg>
<arg>-S<replaceable> smtp_url</replaceable></arg>
<arg>-P<replaceable> pidfile</replaceable></arg>
<arg>-H<replaceable> httl_url</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>
The <command>otp-tokend</command> daemon processes send-token
requests from the Unix domain socket <filename>/var/run/otp-tokend</filename>.
Tokens are then delivered to the end-user via SMTP, SMTPS, HTTP, or HTTPS.
Delivery through SMS or other out of band mechanisms can be implemented
with a HTTPS back end.
</para>
<para>
Otplib will optionally generate a send-token request when the user record has
the send-token flag and location information set. This can be done with
<command>otp-control</command>.
</para>
<para>
The send-token request is a single datagram with the following ASCII fields
separated by newlines:
</para>
<screen>
service
username
location
token
</screen>
<para>
If the location (destination to send the token) is all digits the request is
sent via HTTP(S). A request with the @ symbol is sent via SMTP(S). All other
requests are ignored.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-b, --bind-path=<replaceable> bind_path</replaceable></term>
<listitem>
<para>
Listen for send-token requests from an alternate Unix domain socket.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-D, --disable-daemon-mode</term>
<listitem>
<para>
Disable daemon mode. When specified <command>otp-tokend</command> will not
run in the background and stdout is available for debugging information.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-f, --from-address=<replaceable> from_address</replaceable></term>
<listitem>
<para>
Specify the e-mail from address when using SMTP(S).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s, --subject=<replaceable> subject</replaceable></term>
<listitem>
<para>
Specify the e-mail subject when using SMTP(S).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s, --smtp-url=<replaceable> smtp_url</replaceable></term>
<listitem>
<para>
Specify the URL to an SMTP(S) server. Example smtp://127.0.0.1.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-P, --pidfile=<replaceable> pid_file</replaceable></term>
<listitem>
<para>
Specify an alternate location for a file containing the process ID
of the <command>otp-tokend</command> server.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-H, --http-url=<replaceable> http_url</replaceable></term>
<listitem>
<para>
Specify the URL to an HTTP(S) server. A form will be posted to the
url with the form "to" set to the location, and
"msg" set to the token.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-v, --verbose</term>
<listitem>
<para>
Increase verbosity. Can be used multiple times.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>--version</term>
<listitem>
<para>
Display software version.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<informalexample>
<para>
Start the <command>otp-tokend</command> server in the foreground with verbose
output using https://127.0.0.1:443/sms for HTTP and and smtp://127.0.0.1 for SMTP requests.
<screen>
otp-tokend -D -vvv -S smtp://127.0.0.1 -H https://127.0.0.1:443/sms
</screen>
</para>
</informalexample>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
<author>
<firstname>Mark</firstname>
<surname>Fullmer</surname>
</author>
<email>maf@splintered.net</email>
</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
<application>otp-control</application>(1)
<application>otp-sca</application>(1)
<application>otp-sct</application>(1)
<application>pam_otp</application>(1)
<application>htsoft-downloader</application>(1)
<application>bcload</application>(1)
<application>otp-ov-plugin</application>(1)
<hardware>spyrus-par2</hardware>(7)
</para>
</refsect1>
</refentry>

2
doc/pam_otp.1
View file

@ -103,4 +103,4 @@ Mark Fullmer maf@splintered\&.net
\fBbcload\fP(1)
\fBpam\fP(8)
spyrus-par2(7)
...\" created by instant / docbook-to-man, Sun 15 May 2011, 23:57
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01

2
doc/spyrus-par2.7
View file

@ -202,4 +202,4 @@ may not\&.
\fBurd\fP(1)
\fBbcload\fP(1)
\fBOpenVPN\fP(8)
...\" created by instant / docbook-to-man, Sun 15 May 2011, 23:57
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01

2
doc/urd.1
View file

@ -189,4 +189,4 @@ Mark Fullmer maf@splintered\&.net
\fBbcload\fP(1)
\fBotp-ov-plugin\fP(1)
spyrus-par2(7)
...\" created by instant / docbook-to-man, Sun 15 May 2011, 23:57
...\" created by instant / docbook-to-man, Sun 12 Jun 2011, 15:01

4
htsoft-downloader/Makefile
View file

@ -1,4 +1,4 @@
# $Id: Makefile 128 2010-06-15 14:25:09Z maf $
# $Id: Makefile 192 2011-06-12 16:33:42Z maf $
what:
@echo
@ -37,7 +37,7 @@ version.c:
install:
mkdir -p ${BINDIR}
${INSTALL} ${BINS} ${BINDIR}
${INSTALL} ${BIN} ${BINDIR}
@echo files installed in ${BINDIR}
clean:

4
otp-pam/pam_otp.c
View file

@ -24,7 +24,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: pam_otp.c 168 2011-05-11 04:03:38Z maf $
* $Id: pam_otp.c 191 2011-06-12 16:32:33Z maf $
*/
#include <stdio.h>
@ -378,7 +378,7 @@ void load_opts(struct opts *opts, int argc, const char **argv)
opts->allow_inactive = 1;
} else if (!strcmp(*argv, "require_db_entry")) {
opts->allow_unknown = 0;
} else if (!strcmp(*argv, "allown_unknown")) {
} else if (!strcmp(*argv, "allow_unknown")) {
opts->allow_unknown = 1;
} else if (!strncmp(*argv, "otpdb=", 6)) {
opts->otpdb_fname=(char*)(*argv)+6;

6
otp-sca/Makefile
View file

@ -1,4 +1,4 @@
# $Id: Makefile 130 2010-06-15 14:26:10Z maf $
# $Id: Makefile 187 2011-05-26 03:50:28Z maf $
what:
@echo
@ -10,7 +10,7 @@ what:
@echo
i386-fbsd:
@make CC="gcc" CFLAGS="-I../common -I/usr/local/pcsc/include/PCSC -DSCR_PCSC -g -DHAVE_STRING_H -DHAVE_STRINGS_H -DDEBUG -Wall -std=c99 -pedantic" LFLAGS="-L/usr/local/pcsc/lib" LIBS="-lpcsclite" all
@make CC="gcc" CFLAGS="-I../common -I/usr/local/pcsc/include/PCSC -DSCR_PCSC -g -DHAVE_STRING_H -DHAVE_STRINGS_H -DDEBUG -Wall -std=c99 -pedantic" LFLAGS="-L/usr/local/pcsc/lib -L/usr/local/lib" LIBS="-lpcsclite" all
i386-linux:
@make CC="gcc" CFLAGS="-I../common -I/usr/local/include/PCSC -DSCR_PCSC -g -DHAVE_STRING_H -DHAVE_STRINGS_H -DDEBUG -D_BSD_SOURCE -D_XOPEN_SOURCE -Wall -std=c99 -pedantic" LFLAGS="-L/usr/local/pcsc/lib" LIBS="/usr/local/lib/libpcsclite.a -lpthread" all
@ -23,7 +23,7 @@ i386-macosx:
INSTALL=install -c -m0755
.c.o:; $(CC) $(CFLAGS) -c $*.c -o $*.o
.c.o:; $(CC) $(CFLAGS) $(INC) -c $*.c -o $*.o
BIN = otp-sca
COBJS = ../common/xerr.o ../common/str.o ../common/acr30.o ../common/scr.o ../common/sccmd.o

4
otp-sct/Makefile
View file

@ -1,4 +1,4 @@
# $Id: Makefile 131 2010-06-15 14:26:23Z maf $
# $Id: Makefile 188 2011-05-26 03:50:33Z maf $
what:
@echo
@ -10,7 +10,7 @@ what:
@echo
i386-fbsd:
@make CC="gcc" CFLAGS="-I../common -I/usr/local/pcsc/include/PCSC -DSCR_PCSC -g -DHAVE_STRING_H -DHAVE_STRINGS_H -DDEBUG -Wall -std=c99 -pedantic" LFLAGS="-L/usr/local/pcsc/lib" LIBS="-lpcsclite" all
@make CC="gcc" CFLAGS="-I../common -I/usr/local/pcsc/include/PCSC -DSCR_PCSC -g -DHAVE_STRING_H -DHAVE_STRINGS_H -DDEBUG -Wall -std=c99 -pedantic" LFLAGS="-L/usr/local/pcsc/lib -L/usr/local/lib" LIBS="-lpcsclite" all
i386-linux:
@make CC="gcc" CFLAGS="-I../common -I/usr/local/include/PCSC -DSCR_PCSC -g -DHAVE_STRING_H -DHAVE_STRINGS_H -DDEBUG -Wall -D_BSD_SOURCE -D_XOPEN_SOURCE -std=c99 -pedantic" LFLAGS="-L/usr/local/pcsc/lib" LIBS="/usr/local/lib/libpcsclite.a -lpthread" all

328
otp-tokend/otp-tokend.c
View file

@ -10,6 +10,7 @@
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <signal.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <string.h>
@ -19,14 +20,15 @@
#include "xerr.h"
#include "otplib.h"
/* XXX usage
/*
* XXX man page
*/
static u_long scan_ip(char *s);
static void usage(void);
static int write_pidfile(char *fname);
#define REQ_MODE_HTTP 0x1
#define REQ_MODE_SMTP 0x2
#define NXT_FIELD(V1,V2)\
f = strsep(&c, "\n");\
if (!f) {\
@ -36,38 +38,57 @@ static int write_pidfile(char *fname);
V2 = c;\
size_t curl_write_cb(void *ptr, size_t size, size_t nmemb, void *userdata);
size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *userdata);
char *global_token;
char *global_svc;
char *global_hdr_subject;
char *global_hdr_from;
int main(int argc, char **argv)
{
extern char *ootp_version;
struct sockaddr_un rx_path;
pid_t pid_child;
CURL *curl;
struct curl_slist *smtp_rcpt = NULL;
char rx_buf[1024], *c, *f, *msg_svc, *msg_user, *msg_loc, *msg_token;
char msg_buf[1024], post_buf[1024], *msg_ue, *loc_ue, *rx_pathname;
char buf[1024], *pid_fname, *url;
char buf[1024], *pid_fname, *url_http, *url_smtp, *url, *hdr_from;
char *hdr_subject;
int rx_sock, len, verbose, opt_version, daemon_mode, buf_l, i;
int req_mode, isdigits, isemail;
struct option longopts[] = {
{ "bind-path", 1, (void*)0L, 'b'},
{ "disable-daemon-mode", 1, (void*)0L, 'D'},
{ "disable-daemon-mode", 0, (void*)0L, 'D'},
{ "from-address", 1, (void*)0L, 'f'},
{ "help", 0, (void*)0L, 'h'},
{ "help", 0, (void*)0L, '?'},
{ "subject", 1, (void*)0L, 's'},
{ "smtp-url", 1, (void*)0L, 'S'},
{ "pidfile", 1, (void*)0L, 'P'},
{ "url", 1, (void*)0L, 'u'},
{ "http-url", 1, (void*)0L, 'H'},
{ "verbose", 0, (void*)0L, 'v'},
{ "version", 1, &opt_version, 1},
{ 0, 0, 0, 0},
};
req_mode = 0;
daemon_mode = 1;
opt_version = 0;
pid_fname = (char*)0L;
smtp_rcpt = (struct curl_slist*)0L;
pid_fname = "/var/run/otp-tokend.pid";
url_http = (char*)0L;
url_smtp = (char*)0L;
url = (char*)0L;
hdr_from = "hotp@eng.oar.net";
hdr_subject = "HOTP Token";
verbose = 0;
xerr_setid(argv[0]);
rx_pathname = OTP_SEND_TOKEN_PATHNAME;
while ((i = getopt_long(argc, argv, "b:Dh?P:u:v", longopts,
while ((i = getopt_long(argc, argv, "b:Df:h?H:P:s:S:v", longopts,
(int*)0L)) != -1) {
switch (i) {
@ -80,6 +101,10 @@ int main(int argc, char **argv)
daemon_mode = 0;
break;
case 'f':
hdr_from = optarg;
break;
case 'h':
case '?':
usage();
@ -90,8 +115,16 @@ int main(int argc, char **argv)
pid_fname = optarg;
break;
case 'u':
url = optarg;
case 's':
hdr_subject = optarg;
break;
case 'S':
url_smtp = optarg;
break;
case 'H':
url_http = optarg;
break;
case 'v':
@ -111,8 +144,11 @@ int main(int argc, char **argv)
} /* while getopt_long() */
if (!url)
xerr_errx(1, "url required.");
global_hdr_subject = hdr_subject;
global_hdr_from = hdr_from;
if (!url_http || !url_smtp)
xerr_errx(1, "HTTP and SMTP url required.");
if (daemon_mode) {
@ -137,31 +173,10 @@ int main(int argc, char **argv)
xerr_errx(1, "rx_pathname too long.");
strncpy(rx_path.sun_path, rx_pathname, sizeof(rx_path.sun_path));
/* construct pid file name */
if (!pid_fname) {
if (strcmp(rx_pathname, OTP_SEND_TOKEN_PATHNAME)) {
snprintf(buf, sizeof(buf), "/var/run/otp-tokend.pid.%s",
rx_pathname);
} else {
snprintf(buf, sizeof(buf), "/var/run/otp-tokend.pid");
}
pid_fname = (char*)&buf;
}
/* write out pidfile */
if (write_pidfile(pid_fname) < 0)
xerr_errx(1, "write_pidfile(%s): fatal", buf);
if (!(curl = curl_easy_init()))
xerr_errx(1, "curl_easy_init()");
if ((rx_sock = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0)
xerr_err(1, "socket()");
@ -172,30 +187,31 @@ int main(int argc, char **argv)
if (bind(rx_sock, (struct sockaddr*)&rx_path, sizeof(rx_path)) < 0)
xerr_err(1, "bind(%s)", rx_pathname);
if (verbose > 1)
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
if (curl_easy_setopt(curl, CURLOPT_URL, url) != CURLE_OK)
xerr_errx(1, "curl_easy_setopt(url): failed.");
if (curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
&curl_write_cb) != CURLE_OK)
xerr_errx(1, "curl_easy_setopt(CURLOPT_WRITEFUNCTION): failed.");
/* reap children */
if (signal(SIGCHLD, SIG_IGN) == SIG_ERR)
xerr_errx(1, "signal(SIGCHLD)");
while (1) {
if ((len = recv(rx_sock, &rx_buf, sizeof(rx_buf), 0)) < 0)
xerr_err(1, "recv()");
if (len == 0) {
xerr_warnx("rx_buf empty.");
continue;
}
if ((pid_child = fork()) == -1)
xerr_err(1, "fork()");
if (rx_buf[len - 1] != 0) {
xerr_warnx("recv(): rx_buf not null terminated, skipping.");
/* parent? */
if (pid_child)
continue;
}
/* child */
if (verbose > 2)
xerr_info("Child pid=%lu.", (unsigned long)getpid());
if (len == 0)
xerr_errx(1, "rx_buf empty.");
if (rx_buf[len - 1] != 0)
xerr_errx(1, "recv(): rx_buf not null terminated, skipping.");
c = rx_buf;
@ -208,34 +224,107 @@ int main(int argc, char **argv)
if (*c == '\n')
*c = 0;
snprintf(msg_buf, sizeof(msg_buf), "%s: %s", msg_svc, msg_token);
if (!(msg_ue = curl_escape(msg_buf, 0))) {
xerr_warnx("curl_escape(msg_buf): failed.");
continue;
/* guess destination. All digits == http, @ == smtp */
isdigits = 1;
isemail = 0;
for (c = msg_loc; *c; ++c) {
if (!isdigit(*c))
isdigits = 0;
if (*c == '@')
isemail = 1;
}
if (isdigits) {
req_mode = REQ_MODE_HTTP;
url = url_http;
} else if (isemail) {
req_mode = REQ_MODE_SMTP;
url = url_smtp;
} else {
xerr_errx(1, "Req mode not set for %s.", msg_loc);
}
if (!(loc_ue = curl_escape(msg_loc, 0))) {
xerr_warnx("curl_escape(msg_loc): failed.");
free(msg_ue);
continue;
}
if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK)
xerr_errx(1, "curl_global_init(): failed.");
snprintf(post_buf, sizeof(post_buf), "to=%s&msg=%s", loc_ue, msg_ue);
if (!(curl = curl_easy_init()))
xerr_errx(1, "curl_easy_init()");
if (curl_easy_setopt(curl, CURLOPT_POSTFIELDS, post_buf) != CURLE_OK)
xerr_errx(1, "curl_easy_setopt(CURLOPT_POSTFIELDS, %s): failed.",
post_buf);
if (curl_easy_perform(curl) != CURLE_OK)
xerr_warnx("1, curl_easy_perform(): failed.");
if (curl_easy_setopt(curl, CURLOPT_URL, url) != CURLE_OK)
xerr_errx(1, "curl_easy_setopt(url): failed.");
if (verbose > 1)
xerr_info("msg_buf=%s", msg_buf);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
}
if (req_mode == REQ_MODE_HTTP) {
}
if (curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
&curl_write_cb) != CURLE_OK)
xerr_errx(1, "curl_easy_setopt(CURLOPT_WRITEFUNCTION): failed.");
snprintf(msg_buf, sizeof(msg_buf), "%s: %s", msg_svc, msg_token);
if (!(msg_ue = curl_escape(msg_buf, 0)))
xerr_errx(1, "curl_escape(%s): failed.", msg_buf);
if (!(loc_ue = curl_escape(msg_loc, 0))) {
free(msg_ue);
xerr_errx(1, "curl_escape(%s): failed.", msg_loc);
}
snprintf(post_buf, sizeof(post_buf), "to=%s&msg=%s", loc_ue, msg_ue);
if (curl_easy_setopt(curl, CURLOPT_POSTFIELDS, post_buf) != CURLE_OK)
xerr_errx(1, "curl_easy_setopt(CURLOPT_POSTFIELDS, %s): failed.",
post_buf);
if (curl_easy_perform(curl) != CURLE_OK)
xerr_errx(1, "curl_easy_perform(): failed.");
if (verbose > 1)
xerr_info("msg_buf=%s", msg_buf);
curl_easy_cleanup(curl);
curl_global_cleanup();
} else if (req_mode == REQ_MODE_SMTP) {
if (curl_easy_setopt(curl, CURLOPT_MAIL_FROM, hdr_from) != CURLE_OK)
xerr_errx(1, "curl_easy_setopt(CURLOPT_MAIL_FROM): failed.");
if (!(smtp_rcpt = curl_slist_append(smtp_rcpt, msg_loc)))
xerr_errx(1, "curl_slist_append(smtp_rcpt, msg_loc): failed.");
if (curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, smtp_rcpt) != CURLE_OK)
xerr_errx(1, "curl_easy_setopt(CURLOPT_MAIL_RCPT): failed.");
/* needed by read_cb */
global_token = msg_token;
global_svc = msg_svc;
if (curl_easy_setopt(curl, CURLOPT_READFUNCTION,
&curl_read_cb) != CURLE_OK)
xerr_errx(1, "curl_easy_setopt(CURLOPT_READFUNCTION): failed.");
if (curl_easy_perform(curl) != CURLE_OK)
xerr_errx(1, "curl_easy_perform(): failed.");
curl_slist_free_all(smtp_rcpt);
} else {
xerr_errx(1, "req_mode");
}
/* exit child */
if (verbose > 2)
xerr_info("child exit");
exit(0);
} /* forever waiting messages */
} /* main */
size_t curl_write_cb(void *ptr, size_t size, size_t nmemb, void *userdata)
{
@ -248,8 +337,33 @@ size_t curl_write_cb(void *ptr, size_t size, size_t nmemb, void *userdata)
return size*nmemb;
}
size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *userdata)
{
size_t t, r;
static int cd;
if (cd == 0) {
t = size*nmemb;
r = snprintf(ptr, t,
"From: %s <HOTP>\r\nSubject: %s\r\n\r\nToken for %s: %s\r\n",
global_hdr_from, global_hdr_subject, global_svc, global_token);
++cd;
return r;
} else {
return 0;
}
}
void usage(void)
{
extern char *ootp_version;
fprintf(stderr, "otp-tokend [-?Dhv] [-b bind-path] [-f from-address] [-s subject]\n");
fprintf(stderr, " -S smtp-url [-P pidfile] -H http-url\n");
printf("%s\n", ootp_version);
}
/*
@ -282,79 +396,3 @@ int write_pidfile(char *fname)
} /* write_pidfile */
/*
* function: scan_ip
*
* IP address in string S is converted to a u_long
* (borrowed from tcpdump)
*
* left shift any partial dotted quads, ie 10 is 0x0a000000 not 0x0a
* so scan_ip_prefix() works for standard prefix notation, ie 10/8
*/
u_long scan_ip(char *s)
{
struct hostent *he;
struct in_addr *ina;
u_long addr = 0;
uint n;
int dns, shift;
char *t;
/* if there is anything ascii in here, this may be a hostname */
for (dns = 0, t = s; *t; ++t) {
if (islower((int)*t) || isupper((int)*t)) {
dns = 1;
break;
}
}
if (dns) {
if (!(he = gethostbyname(s)))
goto numeric;
if (he->h_addrtype != AF_INET)
goto numeric;
if (he->h_length != sizeof (uint32_t))
goto numeric;
ina = (struct in_addr*)*he->h_addr_list;
return (ntohl(ina->s_addr));
} /* dns */
shift = 0;
numeric:
while (1) {
/* n is the nibble */
n = 0;
/* nibble's are . bounded */
while (*s && (*s != '.') && (*s != ' ') && (*s != '\t'))
n = n * 10 + *s++ - '0';
/* shift in the nibble */
addr <<=8;
addr |= n & 0xff;
++shift;
/* return on end of string */
if ((!*s) || (*s == ' ') || (*s == '\t'))
goto ndone;
/* skip the . */
++s;
} /* forever */
ndone:
for (; shift < 4; ++shift)
addr <<=8;
return addr;
} /* scan_ip */