-
Notifications
You must be signed in to change notification settings - Fork 4
/
otpw.h
113 lines (94 loc) · 4.07 KB
/
otpw.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
/*
* One-time password login library
*
* Markus Kuhn <http://www.cl.cam.ac.uk/~mgk25/>
*/
#ifndef OTPW_H
#define OTPW_H
#include <pwd.h>
#include <sys/types.h>
#include "md.h"
/* password authentication results (returned by otpw_verify()) */
#define OTPW_OK 0 /* this was the correct password */
#define OTPW_WRONG 1 /* this was the wrong password */
#define OTPW_ERROR 2 /* user has not registered for the OTPW service
* or something else went wrong */
/* flags for otpw_prepare() */
#define OTPW_DEBUG 1 /* output debugging messages via DEBUG_LOG macro */
#define OTPW_NOLOCK 2 /* disable locking, never create or check OTPW_LOCK */
/*
* A data structure used by otpw_prepare to return the
* selected challenge
*/
struct challenge {
char challenge[81]; /* print this string before "Password:" */
int passwords; /* number of req. passwords (0, 1, otpw_multi) */
int locked; /* flag, whether lock has been set */
int entries; /* number of entries in OTPW file */
int pwlen; /* number of characters in password */
int challen; /* number of characters in challenge string */
int hlen; /* number of characters in hash value */
int remaining; /* number of remaining unused OTPW file entries */
uid_t uid; /* effective uid for OTPW file/lock access */
gid_t gid; /* effective gid for OTPW file/lock access */
int *selection; /* position of the otpw_multi requested passwords */
char **hash; /* base64 hash values of the otpw_multi requested
passwords, each otpw_hlen+1 bytes long */
int flags; /* 1 : debug messages, 2: no locking */
char *filename; /* path of .otpw file (malloc'ed) */
char *lockfilename; /* path of .optw.lock file (malloc'ed) */
};
/*
* Call otpw_prepare() after the user has entered their login name and
* has requested OTPW authentication, and after and you have retrieved
* their password database entry *user. After the call, ch->challenge
* will contain a string that you have to present to the user before
* they can enter the password. If ch->challenge[0] == 0 then one-time
* password authentication is not possible at this time. Once you have
* received the password, pass it to otpw_verify() along with the same
* struct *ch used here.
*/
void otpw_prepare(struct challenge *ch, struct passwd *user, int flags);
/*
* After the one-time password has been entered, call optw_verify() to
* find out whether the password was ok. The parameters are the
* challenge structure filled previously by otpw_prepare() and the
* password that the user has provided ('\0' terminated). Accept the
* user if and only if the return value is OTPW_OK.
*
* IMPORTANT: If otpw_prepare() returned a non-empty challenge string
* (ch->challenge[0] != 0), then you MUST call otpw_verify(), even if
* the login was aborted and you are not any more interested in the
* result. Otherwise a stale lock might remain.
*
* After a successful login, check whether ch->entries > 2 *
* ch->remaining and remind the user to generate new passwords if
* so.
*/
int otpw_verify(struct challenge *ch, char *password);
/* buffer to hold the result of getpwnam_r() or getpwuid_r();
* essentially a struct passwd plus space for the strings
* that it might refer to */
struct otpw_pwdbuf {
struct passwd pwd;
size_t buflen;
char buf[0]; /* actual size is buflen if allocated by otpw_malloc_pwdbuf() */
};
/* some functions for dealing with struct pwdbuf */
int otpw_getpwnam(const char *name, struct otpw_pwdbuf **result);
int otpw_getpwuid(uid_t uid, struct otpw_pwdbuf **result);
/*
* Check if the user otpw_autopseudouser exists and had a UID of not
* higher than otpw_autopseudouser_maxuid. If so, malloc and set
* otpw_pseudouser accordingly.
*/
int otpw_set_pseudouser();
/* some global variables with configuration options */
extern char *otpw_file;
extern char *otpw_locksuffix;
extern int otpw_multi;
extern int otpw_hlen;
extern char *otpw_magic;
extern double otpw_locktimeout;
extern struct otpw_pwdbuf *otpw_pseudouser;
#endif