-
Notifications
You must be signed in to change notification settings - Fork 1
/
manage_OTP.c
377 lines (358 loc) · 10.4 KB
/
manage_OTP.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <getopt.h>
#include <stdlib.h>
#include "aes.h"
#include "otp.h"
#include "sql.h"
#include "util.h"
#define DEFAULT_DIGEST "sha512"
#define MAX_RETRIES 3
#define DIGEST_NAME_MAX_SIZE 20
static void
usage(int err)
{
if (err > 0) {
switch(err) {
case 1:
printf("Too many arguments\n");
break;
case 2:
printf("Database not set\n");
break;
case 3:
printf("User not set\n");
break;
case 4:
printf("Public ID not set\n");
break;
case 5:
printf("Private ID not set\n");
break;
case 6:
printf("AES key not set\n");
break;
case 7:
printf("Option missmatch: should be used with -a\n");
break;
default:
printf("Unknown usage error (%i), please contact us\n", err);
exit(-2);
break;
}
} else {
printf("manage_OTP: User interface to the database storing the yubikey informations\n");
printf(" (Package: %s. Bug report to %s)\n\n", PACKAGE_STRING, PACKAGE_BUGREPORT);
printf("Usage: ./manage_OTP [-hv] -s <database> [-lcagr] [sub-obtions]\n");
printf(" Exit code specifies the result: 0 = OK, !0 = ERROR\n");
printf("Options:\n");
printf(" -h, --help Print this ...\n");
printf("Modules:\n");
printf(" -l List the registered users\n");
printf(" -c Create a new database\n");
printf(" -g <username> Get the credentials for the <username>\n");
printf(" -a <username> Create new credentials for <username>:\n");
printf(" Interactively asks for the information\n");
printf(" -r <username> Delete the credentials for <username>:\n");
exit(err);
}
exit(-1);
}
enum manage_action {
MANAGE_ACTION_HELP,
MANAGE_ACTION_LIST,
MANAGE_ACTION_CREATE,
MANAGE_ACTION_GET,
MANAGE_ACTION_ADD,
MANAGE_ACTION_DELETE
};
static int
read_input_word(char *buf, size_t len, const char* name)
{
char *temp;
printf("Please enter the %s\n", name);
temp = fgets(buf, (int) len, stdin);
if (temp == NULL) {
printf("Unable to read input\n");
}
if (buf[len - 1] != 0) {
printf("%s too short (%c(%i)), please retry\n", name, buf[len - 1], buf[len - 1]);
return -1;
}
buf[len - 1] = (char) getc(stdin);
if (getc(stdin) != '\n') {
printf("%s too long, please retry\n", name);
return -1;
}
return 0;
}
int
main(int argc, char *argv[])
{
char *sql_db = NULL;
sqlite3* db;
char *username = NULL;
struct user user;
enum manage_action action = MANAGE_ACTION_HELP;
int opt;
char privid[OTP_PRIVID_HEX_LEN];
unsigned char *privid_bin;
int temp, ret;
struct otp_data* data;
char digest_name[DIGEST_NAME_MAX_SIZE];
char *ctemp;
while((opt = getopt(argc, argv, "hs:lg:r:a:c")) != -1) {
switch(opt) {
case 'h':
usage(0);
break;
case 's':
sql_db = optarg;
break;
case 'l':
if (action != MANAGE_ACTION_HELP) {
usage(1);
}
action = MANAGE_ACTION_LIST;
break;
case 'g':
if (action != MANAGE_ACTION_HELP) {
usage(1);
}
action = MANAGE_ACTION_GET;
username = optarg;
break;
case 'r':
if (action != MANAGE_ACTION_HELP) {
usage(1);
}
action = MANAGE_ACTION_DELETE;
username = optarg;
break;
case 'a':
if (action != MANAGE_ACTION_HELP) {
usage(1);
}
action = MANAGE_ACTION_ADD;
username = optarg;
break;
case 'c':
if (action != MANAGE_ACTION_HELP) {
usage(1);
}
action = MANAGE_ACTION_CREATE;
break;
default:
usage(0);
}
}
if(argc > optind) {
usage(1);
}
if (action == MANAGE_ACTION_HELP) {
usage(0);
}
if (sql_db == NULL) {
usage(2);
}
if (forget_real_credentials() != 0) {
printf("Unable to fix uid/gid\n");
return -EPERM;
}
db = init(sql_db);
if (db == NULL) {
printf("Unable to open the database\n");
return 1;
}
switch(action) {
case MANAGE_ACTION_HELP:
/* Already done */
break;
case MANAGE_ACTION_LIST:
list_users(db);
sql_close(db);
return 0;
case MANAGE_ACTION_CREATE:
create_database(db);
return 0;
case MANAGE_ACTION_GET:
case MANAGE_ACTION_ADD:
case MANAGE_ACTION_DELETE:
/* Later */
break;
}
if (username == NULL) {
usage(3);
}
if (verify_user(username, strlen(username), &user) != 0) {
printf("Unauthorized char in the username");
return OTP_ERR;
}
switch(action) {
case MANAGE_ACTION_HELP:
case MANAGE_ACTION_LIST:
case MANAGE_ACTION_CREATE:
/* Already done */
break;
case MANAGE_ACTION_GET:
data = get_otp_data(db, &user);
if (data == NULL) {
printf("No such user\n");
break;
}
printf("User '%.*s':\n", (unsigned int) user.len, user.name);
printf("Public ID : %.*s\n", (int) OTP_PUB_ID_HEX_LEN, data->pubid);
printf("Private Key: %.*s\n", (int) OTP_KEY_HEX_LEN, data->key);
printf("Private ID digest: %s\n", data->digest_name);
printf("Private ID hash: %s\n", data->privid_hash);
free(data);
break;
case MANAGE_ACTION_DELETE:
for (temp = 0; temp < MAX_RETRIES; ++temp) {
ret = try_start_transaction(db);
switch (ret) {
case OTP_SQL_ERR:
printf("SQL error during the transaction initialisation");
goto free_db;
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_OK:
ret = try_delete_credentials(db, &user);
switch (ret) {
case OTP_SQL_ERR:
printf("SQL error while trying to remove user");
goto free_db;
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_OK:
ret = try_end_transaction(db);
switch (ret) {
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_ERR:
printf("SQL error when trying to commit the transaction");
goto free_db;
case OTP_SQL_OK:
sql_close(db);
return 0;
}
}
}
}
printf("Unable to remove user (Database busy)\n");
break;
case MANAGE_ACTION_ADD:
data = calloc(sizeof(struct otp_data), 1ul);
if (data == NULL) {
printf("Malloc error\n");
goto free_db;
}
if (read_input_word(data->pubid, OTP_PUB_ID_HEX_LEN, "Public ID")) {
goto free_data;
}
if (check_modhex(data->pubid, OTP_PUB_ID_HEX_LEN) != 0) {
printf("Non hex character in input, please retry\n");
goto free_data;
}
if (read_input_word(data->key, OTP_KEY_HEX_LEN, "AES key")) {
goto free_data;
}
if (check_hex(data->key, (int) OTP_KEY_HEX_LEN) != 0) {
printf("Non hex character in input, please retry\n");
goto free_data;
}
if (read_input_word(privid, OTP_PRIVID_HEX_LEN, "Private ID")) {
goto free_data;
}
if (check_hex(privid, (int) OTP_PRIVID_HEX_LEN) != 0) {
printf("Non hex character in input, please retry\n");
goto free_data;
}
privid_bin = hex2bin(privid, OTP_PRIVID_HEX_LEN);
if (privid_bin == NULL) {
printf("Malloc error (bis)\n");
goto free_data;
}
printf("Please Specify a valid digest algorithm [%s]\n", DEFAULT_DIGEST);
memset(digest_name, 0, (size_t) DIGEST_NAME_MAX_SIZE);
ctemp = fgets(digest_name, DIGEST_NAME_MAX_SIZE, stdin);
if (ctemp == NULL) {
printf("Unable to read input\n");
goto free_data;
}
if (digest_name[DIGEST_NAME_MAX_SIZE - 1] != 0 && digest_name[DIGEST_NAME_MAX_SIZE - 1] != '\n') {
printf("Digest algorithm name too long, please retry\n");
goto free_data;
}
if (digest_name[0] == '\n') {
data->digest_name = strdup(DEFAULT_DIGEST);
} else {
ctemp = memchr(digest_name, '\n', (size_t) DIGEST_NAME_MAX_SIZE);
if (ctemp != NULL) {
*ctemp = '\0';
}
data->digest_name = digest_name;
}
ctemp = (char*)compute_hash(data->digest_name, (char*)privid_bin, OTP_PRIVID_BIN_LEN);
if (ctemp == NULL) {
goto free_data;
}
data->privid_hash = bin2hex(ctemp, strlen(ctemp));
if (data->privid_hash == NULL) {
goto free_data;
}
printf("New user :\n");
printf("Name: '%.*s':\n", (unsigned int) user.len, user.name);
printf("Public ID : %.*s\n", (int) OTP_PUB_ID_HEX_LEN, data->pubid);
printf("Private Key: %.*s\n", (int) OTP_KEY_HEX_LEN, data->key);
printf("Private ID: %.*s\n", (int) OTP_PRIVID_HEX_LEN, privid);
printf("Private ID digest: %s\n", data->digest_name);
printf("Private ID hash: %s\n", data->privid_hash);
printf("Press enter to create this new user\n");
if (getc(stdin) != '\n') {
goto free_data;
}
for (temp = 0; temp < MAX_RETRIES; ++temp) {
ret = try_start_transaction(db);
switch (ret) {
case OTP_SQL_ERR:
printf("SQL error during the transaction initialisation");
goto free_data;
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_OK:
ret = try_create_credentials(db, data, &user);
switch (ret) {
case OTP_SQL_ERR:
printf("SQL error while trying to add the user");
goto free_data;
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_OK:
ret = try_end_transaction(db);
switch (ret) {
case OTP_SQL_MAY_RETRY:
break;
case OTP_SQL_ERR:
printf("SQL error when trying to commit the transaction");
goto free_data;
case OTP_SQL_OK:
goto free_data;
}
}
}
}
printf("Unable to create user (Database busy)\n");
break;
}
goto free_db;
free_data:
free_otp_data(data);
free_db:
sql_close(db);
return 0;
}