diff options
Diffstat (limited to 'daemons')
12 files changed, 90 insertions, 101 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/Makefile.am b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/Makefile.am index d12fbcc89..cb6340960 100644 --- a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/Makefile.am +++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/Makefile.am @@ -3,7 +3,6 @@ PLUGIN_COMMON_DIR = ../common AM_CPPFLAGS = \ -I. \ -I$(srcdir) \ - -I$(srcdir)/../libotp \ -I$(PLUGIN_COMMON_DIR) \ -I/usr/include/dirsrv \ -DPREFIX=\""$(prefix)"\" \ diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c index 15b404dcd..19217ba7f 100644 --- a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c +++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c @@ -41,7 +41,7 @@ # include <config.h> #endif -#include <libotp.h> +#include "../libotp/otp_token.h" #include <time.h> #include "util.h" @@ -61,7 +61,7 @@ target_is_only_enabled_token(Slapi_PBlock *pb) { Slapi_DN *target_sdn = NULL; Slapi_DN *token_sdn = NULL; - struct otptoken **tokens; + struct otp_token **tokens; char *user_dn = NULL; bool match; @@ -75,10 +75,10 @@ target_is_only_enabled_token(Slapi_PBlock *pb) return false; /* Get the SDN of the only enabled token. */ - tokens = otptoken_find(plugin_id, user_dn, NULL, true, NULL); + tokens = otp_token_find(plugin_id, user_dn, NULL, true, NULL); if (tokens != NULL && tokens[0] != NULL && tokens[1] == NULL) - token_sdn = slapi_sdn_dup(otptoken_get_sdn(tokens[0])); - otptoken_free_array(tokens); + token_sdn = slapi_sdn_dup(otp_token_get_sdn(tokens[0])); + otp_token_free_array(tokens); if (token_sdn == NULL) return false; diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am index 77beca2da..eeb352611 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am @@ -11,7 +11,6 @@ ASN1_UTIL_DIR=../../../asn1 AM_CPPFLAGS = \ -I. \ -I$(srcdir) \ - -I$(srcdir)/../libotp \ -I$(PLUGIN_COMMON_DIR) \ -I$(KRB5_UTIL_DIR) \ -I$(ASN1_UTIL_DIR) \ diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h index f8851122b..2e9d4fe86 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h @@ -41,7 +41,7 @@ # include <config.h> #endif -#include <libotp.h> +#include "../libotp/otp_token.h" #include <stdio.h> #include <string.h> diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c index 1f595d01d..1dff6db1a 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c @@ -1140,11 +1140,11 @@ done: static bool ipapwd_do_otp_auth(const char *dn, Slapi_Entry *bind_entry, struct berval *creds) { - struct otptoken **tokens = NULL; + struct otp_token **tokens = NULL; bool success = false; /* Find all of the user's active tokens. */ - tokens = otptoken_find(ipapwd_plugin_id, dn, NULL, true, NULL); + tokens = otp_token_find(ipapwd_plugin_id, dn, NULL, true, NULL); if (tokens == NULL) { slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME, "%s: can't find tokens for '%s'.\n", __func__, dn); @@ -1157,12 +1157,12 @@ static bool ipapwd_do_otp_auth(const char *dn, Slapi_Entry *bind_entry, /* Loop through each token. */ for (int i = 0; tokens[i] && !success; i++) { /* Attempt authentication. */ - success = otptoken_validate_berval(tokens[i], OTP_VALIDATE_STEPS, + success = otp_token_validate_berval(tokens[i], OTP_VALIDATE_STEPS, creds, true); /* Truncate the password to remove the OTP code at the end. */ if (success) { - creds->bv_len -= otptoken_get_digits(tokens[i]); + creds->bv_len -= otp_token_get_digits(tokens[i]); creds->bv_val[creds->bv_len] = '\0'; } @@ -1170,10 +1170,10 @@ static bool ipapwd_do_otp_auth(const char *dn, Slapi_Entry *bind_entry, "%s: token authentication %s " "(user: '%s', token: '%s\').\n", __func__, success ? "succeeded" : "failed", dn, - slapi_sdn_get_ndn(otptoken_get_sdn(tokens[i]))); + slapi_sdn_get_ndn(otp_token_get_sdn(tokens[i]))); } - otptoken_free_array(tokens); + otp_token_free_array(tokens); return success; } diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c index cbb4536e7..10c49b724 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c @@ -37,8 +37,7 @@ * All rights reserved. * END COPYRIGHT BLOCK **/ - -#include <libotp.h> +#include "../libotp/otp_token.h" #include "syncreq.h" #define OTP_SYNC_MAX_STEPS 25 @@ -56,7 +55,7 @@ bool sync_request_present(Slapi_PBlock *pb) bool sync_request_handle(Slapi_ComponentId *plugin_id, Slapi_PBlock *pb, const char *user_dn) { - struct otptoken **tokens = NULL; + struct otp_token **tokens = NULL; LDAPControl **controls = NULL; struct berval *second = NULL; struct berval *first = NULL; @@ -91,10 +90,10 @@ bool sync_request_handle(Slapi_ComponentId *plugin_id, Slapi_PBlock *pb, /* Process the synchronization. */ success = false; if (ber_scanf(ber, "}") != LBER_ERROR) { - tokens = otptoken_find(plugin_id, user_dn, token_dn, true, NULL); + tokens = otp_token_find(plugin_id, user_dn, token_dn, true, NULL); if (tokens != NULL) { - success = otptoken_sync_berval(tokens, OTP_SYNC_MAX_STEPS, first, second); - otptoken_free_array(tokens); + success = otp_token_sync_berval(tokens, OTP_SYNC_MAX_STEPS, first, second); + otp_token_free_array(tokens); } } diff --git a/daemons/ipa-slapi-plugins/libotp/Makefile.am b/daemons/ipa-slapi-plugins/libotp/Makefile.am index 6aa60c56a..012c83391 100644 --- a/daemons/ipa-slapi-plugins/libotp/Makefile.am +++ b/daemons/ipa-slapi-plugins/libotp/Makefile.am @@ -1,9 +1,11 @@ MAINTAINERCLEANFILES = *~ Makefile.in AM_CPPFLAGS = -I/usr/include/dirsrv -noinst_LTLIBRARIES = librfc.la libotp.la -libotp_la_LIBADD = librfc.la +noinst_LTLIBRARIES = libhotp.la libotp.la +libhotp_la_SOURCES = hotp.c hotp.h +libotp_la_SOURCES = otp_token.c otp_token.h +libotp_la_LIBADD = libhotp.la -check_PROGRAMS = t_librfc +check_PROGRAMS = t_hotp TESTS = $(check_PROGRAMS) -t_librfc_LDADD = $(NSPR_LIBS) $(NSS_LIBS) librfc.la +t_hotp_LDADD = $(NSPR_LIBS) $(NSS_LIBS) libhotp.la diff --git a/daemons/ipa-slapi-plugins/libotp/librfc.c b/daemons/ipa-slapi-plugins/libotp/hotp.c index d74820e95..619bc63ab 100644 --- a/daemons/ipa-slapi-plugins/libotp/librfc.c +++ b/daemons/ipa-slapi-plugins/libotp/hotp.c @@ -42,7 +42,7 @@ * For details of how these algorithms work, please see the relevant RFCs. */ -#include "librfc.h" +#include "hotp.h" #include <time.h> #include <nss.h> diff --git a/daemons/ipa-slapi-plugins/libotp/librfc.h b/daemons/ipa-slapi-plugins/libotp/hotp.h index 04b117600..06ae1fdae 100644 --- a/daemons/ipa-slapi-plugins/libotp/librfc.h +++ b/daemons/ipa-slapi-plugins/libotp/hotp.h @@ -37,8 +37,7 @@ * All rights reserved. * END COPYRIGHT BLOCK **/ -#ifndef LIBRFC_H_ -#define LIBRFC_H_ +#pragma once #include <stdbool.h> #include <stdint.h> @@ -59,5 +58,3 @@ struct hotp_token { * An implementation of HOTP (RFC 4226). */ bool hotp(const struct hotp_token *token, uint64_t counter, uint32_t *out); - -#endif /* LIBRFC_H_ */ diff --git a/daemons/ipa-slapi-plugins/libotp/libotp.c b/daemons/ipa-slapi-plugins/libotp/otp_token.c index c65aef043..7860c8aba 100644 --- a/daemons/ipa-slapi-plugins/libotp/libotp.c +++ b/daemons/ipa-slapi-plugins/libotp/otp_token.c @@ -37,8 +37,8 @@ * All rights reserved. * END COPYRIGHT BLOCK **/ -#include "libotp.h" -#include "librfc.h" +#include "otp_token.h" +#include "hotp.h" #include <time.h> #include <errno.h> @@ -52,18 +52,17 @@ #define IPA_OTP_OBJCLS_FILTER \ "(|(objectClass=ipaTokenTOTP)(objectClass=ipaTokenHOTP))" - -enum otptoken_type { - OTPTOKEN_NONE = 0, - OTPTOKEN_TOTP, - OTPTOKEN_HOTP, +enum type { + TYPE_NONE = 0, + TYPE_TOTP, + TYPE_HOTP, }; -struct otptoken { +struct otp_token { Slapi_ComponentId *plugin_id; Slapi_DN *sdn; struct hotp_token token; - enum otptoken_type type; + enum type type; union { struct { uint64_t watermark; @@ -124,7 +123,7 @@ static const struct berval *entry_attr_get_berval(const Slapi_Entry* e, return slapi_value_get_berval(v); } -static bool writeattr(const struct otptoken *token, const char *attr, +static bool writeattr(const struct otp_token *token, const char *attr, long long val) { Slapi_PBlock *pb = NULL; @@ -164,7 +163,7 @@ error: * * If the second token code is specified, perform synchronization. */ -static bool validate(struct otptoken *token, time_t now, ssize_t step, +static bool validate(struct otp_token *token, time_t now, ssize_t step, uint32_t first, const uint32_t *second) { const char *attr; @@ -172,13 +171,13 @@ static bool validate(struct otptoken *token, time_t now, ssize_t step, /* Calculate the absolute step. */ switch (token->type) { - case OTPTOKEN_TOTP: + case TYPE_TOTP: attr = T("watermark"); step = (now + token->totp.offset) / token->totp.step + step; if (token->totp.watermark > 0 && step < token->totp.watermark) return false; break; - case OTPTOKEN_HOTP: + case TYPE_HOTP: if (step < 0) /* NEVER go backwards! */ return false; attr = H("counter"); @@ -210,7 +209,7 @@ static bool validate(struct otptoken *token, time_t now, ssize_t step, /* Save our modifications to the object. */ switch (token->type) { - case OTPTOKEN_TOTP: + case TYPE_TOTP: /* Perform optional synchronization steps. */ if (second != NULL) { tmp = (step - now / token->totp.step) * token->totp.step; @@ -220,7 +219,7 @@ static bool validate(struct otptoken *token, time_t now, ssize_t step, } token->totp.watermark = step; break; - case OTPTOKEN_HOTP: + case TYPE_HOTP: token->hotp.counter = step; break; default: @@ -230,8 +229,7 @@ static bool validate(struct otptoken *token, time_t now, ssize_t step, return true; } - -static void otptoken_free(struct otptoken *token) +static void otp_token_free(struct otp_token *token) { if (token == NULL) return; @@ -242,24 +240,25 @@ static void otptoken_free(struct otptoken *token) free(token); } -void otptoken_free_array(struct otptoken **tokens) +void otp_token_free_array(struct otp_token **tokens) { if (tokens == NULL) return; for (size_t i = 0; tokens[i] != NULL; i++) - otptoken_free(tokens[i]); + otp_token_free(tokens[i]); free(tokens); } -static struct otptoken *otptoken_new(Slapi_ComponentId *id, Slapi_Entry *entry) +static struct otp_token *otp_token_new(Slapi_ComponentId *id, + Slapi_Entry *entry) { const struct berval *tmp; - struct otptoken *token; + struct otp_token *token; char **vals; - token = calloc(1, sizeof(struct otptoken)); + token = calloc(1, sizeof(struct otp_token)); if (token == NULL) return NULL; token->plugin_id = id; @@ -268,15 +267,15 @@ static struct otptoken *otptoken_new(Slapi_ComponentId *id, Slapi_Entry *entry) vals = slapi_entry_attr_get_charray(entry, "objectClass"); if (vals == NULL) goto error; - token->type = OTPTOKEN_NONE; + token->type = TYPE_NONE; for (int i = 0; vals[i] != NULL; i++) { if (strcasecmp(vals[i], "ipaTokenTOTP") == 0) - token->type = OTPTOKEN_TOTP; + token->type = TYPE_TOTP; else if (strcasecmp(vals[i], "ipaTokenHOTP") == 0) - token->type = OTPTOKEN_HOTP; + token->type = TYPE_HOTP; } slapi_ch_array_free(vals); - if (token->type == OTPTOKEN_NONE) + if (token->type == TYPE_NONE) goto error; /* Get SDN. */ @@ -307,7 +306,7 @@ static struct otptoken *otptoken_new(Slapi_ComponentId *id, Slapi_Entry *entry) goto error; switch (token->type) { - case OTPTOKEN_TOTP: + case TYPE_TOTP: /* Get offset. */ token->totp.offset = slapi_entry_attr_get_int(entry, T("clockOffset")); @@ -319,7 +318,7 @@ static struct otptoken *otptoken_new(Slapi_ComponentId *id, Slapi_Entry *entry) if (token->totp.step == 0) token->totp.step = IPA_OTP_DEFAULT_TOKEN_STEP; break; - case OTPTOKEN_HOTP: + case TYPE_HOTP: /* Get counter. */ token->hotp.counter = slapi_entry_attr_get_int(entry, H("counter")); break; @@ -330,15 +329,15 @@ static struct otptoken *otptoken_new(Slapi_ComponentId *id, Slapi_Entry *entry) return token; error: - otptoken_free(token); + otp_token_free(token); return NULL; } -static struct otptoken **find(Slapi_ComponentId *id, const char *user_dn, - const char *token_dn, const char *intfilter, - const char *extfilter) +static struct otp_token **find(Slapi_ComponentId *id, const char *user_dn, + const char *token_dn, const char *intfilter, + const char *extfilter) { - struct otptoken **tokens = NULL; + struct otp_token **tokens = NULL; Slapi_Entry **entries = NULL; Slapi_PBlock *pb = NULL; Slapi_DN *sdn = NULL; @@ -403,9 +402,9 @@ static struct otptoken **find(Slapi_ComponentId *id, const char *user_dn, if (tokens == NULL) goto error; for (count = 0; entries[count] != NULL; count++) { - tokens[count] = otptoken_new(id, entries[count]); + tokens[count] = otp_token_new(id, entries[count]); if (tokens[count] == NULL) { - otptoken_free_array(tokens); + otp_token_free_array(tokens); tokens = NULL; goto error; } @@ -418,9 +417,9 @@ error: return tokens; } -struct otptoken **otptoken_find(Slapi_ComponentId *id, const char *user_dn, - const char *token_dn, bool active, - const char *filter) +struct otp_token ** +otp_token_find(Slapi_ComponentId *id, const char *user_dn, const char *token_dn, + bool active, const char *filter) { static const char template[] = "(|(ipatokenNotBefore<=%04d%02d%02d%02d%02d%02dZ)(!(ipatokenNotBefore=*)))" @@ -450,18 +449,18 @@ struct otptoken **otptoken_find(Slapi_ComponentId *id, const char *user_dn, return find(id, user_dn, token_dn, actfilt, filter); } -int otptoken_get_digits(struct otptoken *token) +int otp_token_get_digits(struct otp_token *token) { return token == NULL ? 0 : token->token.digits; } -const Slapi_DN *otptoken_get_sdn(struct otptoken *token) +const Slapi_DN *otp_token_get_sdn(struct otp_token *token) { return token->sdn; } -static bool otptoken_validate(struct otptoken *token, size_t steps, - uint32_t code) +static bool otp_token_validate(struct otp_token *token, size_t steps, + uint32_t code) { time_t now = 0; @@ -469,7 +468,7 @@ static bool otptoken_validate(struct otptoken *token, size_t steps, return false; /* We only need the local time for time-based tokens. */ - if (token->type == OTPTOKEN_TOTP && time(&now) == (time_t) -1) + if (token->type == TYPE_TOTP && time(&now) == (time_t) -1) return false; for (int i = 0; i <= steps; i++) { @@ -507,8 +506,8 @@ static bool bvtod(const struct berval *code, uint32_t *out) return code->bv_len != 0; } -bool otptoken_validate_berval(struct otptoken *token, size_t steps, - const struct berval *code, bool tail) +bool otp_token_validate_berval(struct otp_token *token, size_t steps, + const struct berval *code, bool tail) { struct berval tmp; uint32_t otp; @@ -527,11 +526,11 @@ bool otptoken_validate_berval(struct otptoken *token, size_t steps, if (!bvtod(&tmp, &otp)) return false; - return otptoken_validate(token, steps, otp); + return otp_token_validate(token, steps, otp); } -static bool otptoken_sync(struct otptoken * const *tokens, size_t steps, - uint32_t first_code, uint32_t second_code) +static bool otp_token_sync(struct otp_token * const *tokens, size_t steps, + uint32_t first_code, uint32_t second_code) { time_t now = 0; @@ -556,9 +555,9 @@ static bool otptoken_sync(struct otptoken * const *tokens, size_t steps, return false; } -bool otptoken_sync_berval(struct otptoken * const *tokens, size_t steps, - const struct berval *first_code, - const struct berval *second_code) +bool otp_token_sync_berval(struct otp_token * const *tokens, size_t steps, + const struct berval *first_code, + const struct berval *second_code) { uint32_t second = 0; uint32_t first = 0; @@ -569,5 +568,5 @@ bool otptoken_sync_berval(struct otptoken * const *tokens, size_t steps, if (!bvtod(second_code, &second)) return false; - return otptoken_sync(tokens, steps, first, second); + return otp_token_sync(tokens, steps, first, second); } diff --git a/daemons/ipa-slapi-plugins/libotp/libotp.h b/daemons/ipa-slapi-plugins/libotp/otp_token.h index 24915f866..2f3367806 100644 --- a/daemons/ipa-slapi-plugins/libotp/libotp.h +++ b/daemons/ipa-slapi-plugins/libotp/otp_token.h @@ -37,21 +37,16 @@ * All rights reserved. * END COPYRIGHT BLOCK **/ -#ifndef LIBOTP_H_ -#define LIBOTP_H_ - -#ifdef HAVE_CONFIG_H -# include <config.h> -#endif +#pragma once #include <dirsrv/slapi-plugin.h> #include <stdbool.h> #include <stdlib.h> -struct otptoken; +struct otp_token; /* Frees the token array. */ -void otptoken_free_array(struct otptoken **tokens); +void otp_token_free_array(struct otp_token **tokens); /* Find tokens. * @@ -70,24 +65,23 @@ void otptoken_free_array(struct otptoken **tokens); * Returns NULL on error. If no tokens are found, an empty array is returned. * The array is NULL terminated. */ -struct otptoken **otptoken_find(Slapi_ComponentId *id, const char *user_dn, - const char *token_dn, bool active, - const char *filter); +struct otp_token **otp_token_find(Slapi_ComponentId *id, const char *user_dn, + const char *token_dn, bool active, + const char *filter); /* Get the length of the token code. */ -int otptoken_get_digits(struct otptoken *token); +int otp_token_get_digits(struct otp_token *token); /* Get the SDN of the token. */ -const Slapi_DN *otptoken_get_sdn(struct otptoken *token); +const Slapi_DN *otp_token_get_sdn(struct otp_token *token); /* Validate the token code within a range of steps. If tail is true, * it will be assumed that the token is specified at the end of the string. */ -bool otptoken_validate_berval(struct otptoken *token, size_t steps, - const struct berval *code, bool tail); +bool otp_token_validate_berval(struct otp_token *token, size_t steps, + const struct berval *code, bool tail); /* Synchronize the token within a range of steps. */ -bool otptoken_sync_berval(struct otptoken * const *tokens, size_t steps, - const struct berval *first_code, - const struct berval *second_code); +bool otp_token_sync_berval(struct otp_token * const *tokens, size_t steps, + const struct berval *first_code, + const struct berval *second_code); -#endif /* LIBOTP_H_ */ diff --git a/daemons/ipa-slapi-plugins/libotp/t_librfc.c b/daemons/ipa-slapi-plugins/libotp/t_hotp.c index f7eab7f78..2e995fdaa 100644 --- a/daemons/ipa-slapi-plugins/libotp/t_librfc.c +++ b/daemons/ipa-slapi-plugins/libotp/t_hotp.c @@ -37,7 +37,7 @@ * All rights reserved. * END COPYRIGHT BLOCK **/ -#include "librfc.h" +#include "hotp.h" #include <assert.h> #include <stddef.h> |