introcude authfile module

[pam_pcsc_cr.git] / pam_cr_setup.c
diff --git a/pam_cr_setup.c b/pam_cr_setup.c

index d9dfb66acd7c8290d119f908ec48b0a6240c0121..11a8e2ab9bfef0c33f5bf403d73bb8b6758c9e6f 100644 (file)
--- a/pam_cr_setup.c
+++ b/pam_cr_setup.c
@@ -6,73 +6,82 @@
  #include <string.h>
  #include <unistd.h>
  #include <errno.h>
  #include <string.h>
  #include <unistd.h>
  #include <errno.h>
-#include "authobj.h"
-#if 0
+#include <stdarg.h>
+#include "authfile.h"
  #include "pcsc_cr.h"
  #include "pcsc_cr.h"
-#endif
+
+int eprint(const char *format, ...)
+{
+       va_list ap;
+
+       va_start(ap, format);
+       return vfprintf(stderr, format, ap);
+       va_end(ap);
+}
  
  static void usage(const char const *cmd)
  {
  
  static void usage(const char const *cmd)
  {
-       fprintf(stderr,
-               "usage: %s [-f filename] {-s hexstring40 | -S file} [-u username] [-n nonce] [-l payload] [-p password]\n",
-               cmd);
+       eprint( "usage: %s [options] [username]\n"
+               "    -h                - show this help and exit\n"
+               "    -o backend-option - token option \"backend:key=val\"\n"
+               "    -f auth-file      - auth state file to read/write\n"
+               "    -a secret | -A file-with-secret | -A -\n"
+               "                      - 40-character hexadecimal secret\n"
+               "    -s token-serial   - public I.D. of the token\n"
+               "    -n nonce          - initial nonce\n"
+               "    -l payload        - keyring unlock password\n"
+               "    -p password       - login password\n"
+               , cmd);
  }
  
  int main(int argc, char *argv[])
  {
         int c;
         char *fn = NULL;
  }
  
  int main(int argc, char *argv[])
  {
         int c;
         char *fn = NULL;
-       FILE *fp;
         char *hsecret = NULL;
         char *secfn = NULL;
         char secbuf[43];
         char *hsecret = NULL;
         char *secfn = NULL;
         char secbuf[43];
-       unsigned char secret[20];
+       unsigned char bsecret[20];
+       unsigned char *secret = NULL;
         int i;
         char *nonce = "1";
         int i;
         char *nonce = "1";
+       char *tokenid = "";
         char *id = getlogin();
         char *payload = "";
         char *password = "";
         char *id = getlogin();
         char *payload = "";
         char *password = "";
-       int rc;
-       unsigned char authobj[256];
-       int authsize = sizeof(authobj);
  
  
-       while ((c = getopt(argc, argv, "h"
-#if 0
-                                       "o:"
-#endif
-                                       "f:s:S:u:n:l:p:")) != -1) switch (c) {
+       while ((c = getopt(argc, argv, "ho:f:a:A:s:n:l:p:")) != -1)
+           switch (c) {
         case 'h':
                 usage(argv[0]);
                 exit(EXIT_SUCCESS);
         case 'h':
                 usage(argv[0]);
                 exit(EXIT_SUCCESS);
-#if 0
         case 'o':
                 if (pcsc_option(optarg)) {
         case 'o':
                 if (pcsc_option(optarg)) {
-                       fprintf(stderr, "Option \"%s\" bad\n", optarg);
+                       eprint("Option \"%s\" bad\n", optarg);
                         exit(EXIT_FAILURE);
                 }
                 break;
                         exit(EXIT_FAILURE);
                 }
                 break;
-#endif
         case 'f':
                 fn = optarg;
                 break;
         case 'f':
                 fn = optarg;
                 break;
-       case 's':
+       case 'a':
                 if (!secfn) {
                         hsecret = optarg;
                 } else {
                 if (!secfn) {
                         hsecret = optarg;
                 } else {
-                       fprintf(stderr, "-s and -S are mutually exclusive\n");
+                       eprint("-a and -A are mutually exclusive\n");
                         exit(EXIT_FAILURE);
                 }
                 break;
                         exit(EXIT_FAILURE);
                 }
                 break;
-       case 'S':
+       case 'A':
                 if (!hsecret) {
                         secfn = optarg;
                 } else {
                 if (!hsecret) {
                         secfn = optarg;
                 } else {
-                       fprintf(stderr, "-S and -s are mutually exclusive\n");
+                       eprint("-A and -a are mutually exclusive\n");
                         exit(EXIT_FAILURE);
                 }
                 break;
                         exit(EXIT_FAILURE);
                 }
                 break;
-       case 'u':
-               id = optarg;
+       case 's':
+               tokenid = optarg;
                 break;
         case 'n':
                 nonce = optarg;
                 break;
         case 'n':
                 nonce = optarg;
@@ -87,8 +96,8 @@ int main(int argc, char *argv[])
                 usage(argv[0]);
                 exit(EXIT_FAILURE);
         }
                 usage(argv[0]);
                 exit(EXIT_FAILURE);
         }
-       if (optind == (argc - 1) && !secfn && !hsecret) {
-               hsecret = argv[optind];
+       if (optind == (argc - 1)) {
+               id = argv[optind];
                 optind++;
         }
         if (optind != argc) {
                 optind++;
         }
         if (optind != argc) {
@@ -102,12 +111,12 @@ int main(int argc, char *argv[])
                 if (!strcmp(secfn, "-")) sfp = stdin;
                 else sfp = fopen(secfn, "r");
                 if (!sfp) {
                 if (!strcmp(secfn, "-")) sfp = stdin;
                 else sfp = fopen(secfn, "r");
                 if (!sfp) {
-                       fprintf(stderr, "cannot open \"%s\": %s\n",
+                       eprint("cannot open \"%s\": %s\n",
                                 secfn, strerror(errno));
                         exit(EXIT_FAILURE);
                 }
                 if (!fgets(secbuf, sizeof(secbuf), sfp)) {
                                 secfn, strerror(errno));
                         exit(EXIT_FAILURE);
                 }
                 if (!fgets(secbuf, sizeof(secbuf), sfp)) {
-                       fprintf(stderr, "cannot read \"%s\": %s\n",
+                       eprint("cannot read \"%s\": %s\n",
                                 secfn, strerror(errno));
                         exit(EXIT_FAILURE);
                 }
                                 secfn, strerror(errno));
                         exit(EXIT_FAILURE);
                 }
@@ -117,52 +126,26 @@ int main(int argc, char *argv[])
                 fclose(sfp);
                 hsecret = secbuf;
         }
                 fclose(sfp);
                 hsecret = secbuf;
         }
-       if (!hsecret) {
-               fprintf(stderr, "secret missing, specify -s or -S\n");
-               exit(EXIT_FAILURE);
-       }
-       if (strlen(hsecret) != 40) {
-               fprintf(stderr, "secret wrong, must be exactly 40 chars\n");
-               exit(EXIT_FAILURE);
-       }
-       for (i = 0; i < 20; i++)
-           if (sscanf(hsecret + i * 2, "%2hhx", &secret[i]) != 1) {
-               fprintf(stderr, "secret wrong, must be hexadecimal\n");
-               exit(EXIT_FAILURE);
-       }
         if (!id) {
         if (!id) {
-               fprintf(stderr, "cannot determine userid\n");
-               exit(EXIT_FAILURE);
-       }
-       rc = make_authobj(id, password, nonce, secret, sizeof(secret),
-                       (unsigned char *)payload, strlen(payload),
-                       authobj, &authsize);
-       if (rc) {
-               fprintf(stderr, "error %d\n", rc);
-               exit(EXIT_FAILURE);
-       }
-       fp = fopen(fn, "w");
-       if (!fp) {
-               fprintf(stderr, "cannot open \"%s\": %s\n",
-                       fn, strerror(errno));
-               exit(EXIT_FAILURE);
-       }
-       if (fprintf(fp, "%s:%s:%s:", "", id, nonce) < 0) {
-               fprintf(stderr, "cannot write to \"%s\": %s\n",
-                       fn, strerror(errno));
+               eprint("cannot determine userid\n");
                 exit(EXIT_FAILURE);
         }
                 exit(EXIT_FAILURE);
         }
-       for (i = 0; i < authsize; i++)
-           if (fprintf(fp, "%02x", authobj[i]) < 0) {
-               fprintf(stderr, "cannot write to \"%s\": %s\n",
-                       fn, strerror(errno));
-               exit(EXIT_FAILURE);
-       }
-       fprintf(fp, "\n");
-       if (fclose(fp) < 0) {
-               fprintf(stderr, "cannot close \"%s\": %s\n",
-                       fn, strerror(errno));
-               exit(EXIT_FAILURE);
+       if (hsecret) {
+               if (strlen(hsecret) != 40) {
+                       fprintf(stderr,
+                               "secret wrong, must be exactly 40 chars\n");
+                       exit(EXIT_FAILURE);
+               }
+               if (strspn(hsecret, "0123456789abcdefABCDEF") != 40) {
+                       fprintf(stderr,
+                               "secret wrong, must be hexadecimal string\n");
+                       exit(EXIT_FAILURE);
+               }
+               for (i = 0; i < 20; i++)
+                       sscanf(hsecret + i * 2, "%2hhx", &bsecret[i]);
+               secret = bsecret;
         }
         }
-       return 0;
+       return update_authfile(fn, tokenid, id, password, nonce,
+                               secret, sizeof(bsecret),
+                               (unsigned char *)payload, strlen(payload));
  }
  }