X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=pam_cr_setup.c;h=e7e6006a23d6ccadfcb8a0a6db51f13e7ecac28f;hp=d9dfb66acd7c8290d119f908ec48b0a6240c0121;hb=3192bff3cc2b10a7b65d185ec1bc8bf31fd4f635;hpb=ce94565d49ed23d7d5ed96237ebf19c27336fcfe

diff --git a/pam_cr_setup.c b/pam_cr_setup.c
index d9dfb66..e7e6006 100644
--- a/pam_cr_setup.c
+++ b/pam_cr_setup.c
@@ -6,73 +6,86 @@
 #include <string.h>
 #include <unistd.h>
 #include <errno.h>
-#include "authobj.h"
-#if 0
+#include <stdarg.h>
+#include "authfile.h"
 #include "pcsc_cr.h"
-#endif
+
+int eprint(const char *format, ...)
+{
+	va_list ap;
+	char *nfmt;
+
+	nfmt = alloca(strlen(format)+2);
+	strcpy(nfmt, format);
+	strcat(nfmt, "\n");
+	va_start(ap, format);
+	return vfprintf(stderr, nfmt, ap);
+	va_end(ap);
+}
 
 static void usage(const char const *cmd)
 {
-	fprintf(stderr,
-		"usage: %s [-f filename] {-s hexstring40 | -S file} [-u username] [-n nonce] [-l payload] [-p password]\n",
-		cmd);
+	eprint(	"usage: %s [options] [username]\n"
+		"    -h                - show this help and exit\n"
+		"    -o backend-option - token option \"backend:key=val\"\n"
+		"    -f auth-file      - auth state file to read/write\n"
+		"    -a secret | -A file-with-secret | -A -\n"
+		"                      - 40-character hexadecimal secret\n"
+		"    -s token-serial   - public I.D. of the token\n"
+		"    -n nonce          - initial nonce\n"
+		"    -l payload        - keyring unlock password\n"
+		"    -p password       - login password"
+		, cmd);
 }
 
 int main(int argc, char *argv[])
 {
 	int c;
 	char *fn = NULL;
-	FILE *fp;
 	char *hsecret = NULL;
 	char *secfn = NULL;
 	char secbuf[43];
-	unsigned char secret[20];
+	unsigned char bsecret[20];
+	unsigned char *secret = NULL;
 	int i;
 	char *nonce = "1";
+	char *tokenid = "";
 	char *id = getlogin();
 	char *payload = "";
 	char *password = "";
-	int rc;
-	unsigned char authobj[256];
-	int authsize = sizeof(authobj);
 
-	while ((c = getopt(argc, argv, "h"
-#if 0
-					"o:"
-#endif
-					"f:s:S:u:n:l:p:")) != -1) switch (c) {
+	while ((c = getopt(argc, argv, "ho:f:a:A:s:n:l:p:")) != -1)
+	    switch (c) {
 	case 'h':
 		usage(argv[0]);
 		exit(EXIT_SUCCESS);
-#if 0
 	case 'o':
 		if (pcsc_option(optarg)) {
-			fprintf(stderr, "Option \"%s\" bad\n", optarg);
+			eprint("Option \"%s\" bad", optarg);
 			exit(EXIT_FAILURE);
 		}
 		break;
-#endif
 	case 'f':
 		fn = optarg;
 		break;
-	case 's':
+	case 'a':
 		if (!secfn) {
 			hsecret = optarg;
 		} else {
-			fprintf(stderr, "-s and -S are mutually exclusive\n");
+			eprint("-a and -A are mutually exclusive");
 			exit(EXIT_FAILURE);
 		}
 		break;
-	case 'S':
+	case 'A':
 		if (!hsecret) {
 			secfn = optarg;
 		} else {
-			fprintf(stderr, "-S and -s are mutually exclusive\n");
+			eprint("-A and -a are mutually exclusive");
 			exit(EXIT_FAILURE);
 		}
 		break;
-	case 'u':
-		id = optarg;
+	case 's':
+		tokenid = optarg;
 		break;
 	case 'n':
 		nonce = optarg;
@@ -87,8 +100,8 @@ int main(int argc, char *argv[])
 		usage(argv[0]);
 		exit(EXIT_FAILURE);
 	}
-	if (optind == (argc - 1) && !secfn && !hsecret) {
-		hsecret = argv[optind];
+	if (optind == (argc - 1)) {
+		id = argv[optind];
 		optind++;
 	}
 	if (optind != argc) {
@@ -102,12 +115,12 @@ int main(int argc, char *argv[])
 		if (!strcmp(secfn, "-")) sfp = stdin;
 		else sfp = fopen(secfn, "r");
 		if (!sfp) {
-			fprintf(stderr, "cannot open \"%s\": %s\n",
+			eprint("cannot open \"%s\": %s",
 				secfn, strerror(errno));
 			exit(EXIT_FAILURE);
 		}
 		if (!fgets(secbuf, sizeof(secbuf), sfp)) {
-			fprintf(stderr, "cannot read \"%s\": %s\n",
+			eprint("cannot read \"%s\": %s",
 				secfn, strerror(errno));
 			exit(EXIT_FAILURE);
 		}
@@ -117,52 +130,26 @@ int main(int argc, char *argv[])
 		fclose(sfp);
 		hsecret = secbuf;
 	}
-	if (!hsecret) {
-		fprintf(stderr, "secret missing, specify -s or -S\n");
-		exit(EXIT_FAILURE);
-	}
-	if (strlen(hsecret) != 40) {
-		fprintf(stderr, "secret wrong, must be exactly 40 chars\n");
-		exit(EXIT_FAILURE);
-	}
-	for (i = 0; i < 20; i++)
-	    if (sscanf(hsecret + i * 2, "%2hhx", &secret[i]) != 1) {
-		fprintf(stderr, "secret wrong, must be hexadecimal\n");
-		exit(EXIT_FAILURE);
-	}
 	if (!id) {
-		fprintf(stderr, "cannot determine userid\n");
-		exit(EXIT_FAILURE);
-	}
-	rc = make_authobj(id, password, nonce, secret, sizeof(secret),
-			(unsigned char *)payload, strlen(payload),
-			authobj, &authsize);
-	if (rc) {
-		fprintf(stderr, "error %d\n", rc);
-		exit(EXIT_FAILURE);
-	}
-	fp = fopen(fn, "w");
-	if (!fp) {
-		fprintf(stderr, "cannot open \"%s\": %s\n",
-			fn, strerror(errno));
-		exit(EXIT_FAILURE);
-	}
-	if (fprintf(fp, "%s:%s:%s:", "", id, nonce) < 0) {
-		fprintf(stderr, "cannot write to \"%s\": %s\n",
-			fn, strerror(errno));
+		eprint("cannot determine userid");
 		exit(EXIT_FAILURE);
 	}
-	for (i = 0; i < authsize; i++)
-	    if (fprintf(fp, "%02x", authobj[i]) < 0) {
-		fprintf(stderr, "cannot write to \"%s\": %s\n",
-			fn, strerror(errno));
-		exit(EXIT_FAILURE);
-	}
-	fprintf(fp, "\n");
-	if (fclose(fp) < 0) {
-		fprintf(stderr, "cannot close \"%s\": %s\n",
-			fn, strerror(errno));
-		exit(EXIT_FAILURE);
+	if (hsecret) {
+		if (strlen(hsecret) != 40) {
+			fprintf(stderr,
+				"secret wrong, must be exactly 40 chars\n");
+			exit(EXIT_FAILURE);
+		}
+		if (strspn(hsecret, "0123456789abcdefABCDEF") != 40) {
+			fprintf(stderr,
+				"secret wrong, must be hexadecimal string\n");
+			exit(EXIT_FAILURE);
+		}
+		for (i = 0; i < 20; i++)
+			sscanf(hsecret + i * 2, "%2hhx", &bsecret[i]);
+		secret = bsecret;
 	}
-	return 0;
+	return update_authfile(fn, tokenid, id, password, nonce,
+				secret, sizeof(bsecret),
+				(unsigned char *)payload, strlen(payload));
 }