IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Preliminary refactoring of libotp files

Browse Source 
There are no major changes in this commit other than changing filenames
and symbols to have consistent namespaces. This prepares for larger
changes to come in subsequent commits.

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
This commit is contained in:
Nathaniel McCallum 2014-11-10 20:58:20 -05:00 committed by Martin Kosek
parent faec4ef9de
commit bdccb0c721
12 changed files with 90 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
daemons/ipa-slapi-plugins/ipa-otp-lasttoken/Makefile.am
View File

@ -3,7 +3,6 @@ PLUGIN_COMMON_DIR = ../common
AM_CPPFLAGS = \
-I. \
-I$(srcdir) \
-I$(srcdir)/../libotp \
-I$(PLUGIN_COMMON_DIR) \
-I/usr/include/dirsrv \
-DPREFIX=\""$(prefix)"\" \

10
daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
View File

@ -41,7 +41,7 @@
# include <config.h>
#endif
#include <libotp.h>
#include "../libotp/otp_token.h"
#include <time.h>
#include "util.h"
@ -61,7 +61,7 @@ target_is_only_enabled_token(Slapi_PBlock *pb)
{
Slapi_DN *target_sdn = NULL;
Slapi_DN *token_sdn = NULL;
struct otptoken **tokens;
struct otp_token **tokens;
char *user_dn = NULL;
bool match;
@ -75,10 +75,10 @@ target_is_only_enabled_token(Slapi_PBlock *pb)
return false;
/* Get the SDN of the only enabled token. */
tokens = otptoken_find(plugin_id, user_dn, NULL, true, NULL);
tokens = otp_token_find(plugin_id, user_dn, NULL, true, NULL);
if (tokens != NULL && tokens[0] != NULL && tokens[1] == NULL)
token_sdn = slapi_sdn_dup(otptoken_get_sdn(tokens[0]));
otptoken_free_array(tokens);
token_sdn = slapi_sdn_dup(otp_token_get_sdn(tokens[0]));
otp_token_free_array(tokens);
if (token_sdn == NULL)
return false;

1
daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
View File

@ -11,7 +11,6 @@ ASN1_UTIL_DIR=../../../asn1
AM_CPPFLAGS = \
-I. \
-I$(srcdir) \
-I$(srcdir)/../libotp \
-I$(PLUGIN_COMMON_DIR) \
-I$(KRB5_UTIL_DIR) \
-I$(ASN1_UTIL_DIR) \

2
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
View File

@ -41,7 +41,7 @@
# include <config.h>
#endif
#include <libotp.h>
#include "../libotp/otp_token.h"
#include <stdio.h>
#include <string.h>

12
daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
View File

@ -1140,11 +1140,11 @@ done:
static bool ipapwd_do_otp_auth(const char *dn, Slapi_Entry *bind_entry,
struct berval *creds)
{
struct otptoken **tokens = NULL;
struct otp_token **tokens = NULL;
bool success = false;
/* Find all of the user's active tokens. */
tokens = otptoken_find(ipapwd_plugin_id, dn, NULL, true, NULL);
tokens = otp_token_find(ipapwd_plugin_id, dn, NULL, true, NULL);
if (tokens == NULL) {
slapi_log_error(SLAPI_LOG_FATAL, IPAPWD_PLUGIN_NAME,
"%s: can't find tokens for '%s'.\n", __func__, dn);
@ -1157,12 +1157,12 @@ static bool ipapwd_do_otp_auth(const char *dn, Slapi_Entry *bind_entry,
/* Loop through each token. */
for (int i = 0; tokens[i] && !success; i++) {
/* Attempt authentication. */
success = otptoken_validate_berval(tokens[i], OTP_VALIDATE_STEPS,
success = otp_token_validate_berval(tokens[i], OTP_VALIDATE_STEPS,
creds, true);
/* Truncate the password to remove the OTP code at the end. */
if (success) {
creds->bv_len -= otptoken_get_digits(tokens[i]);
creds->bv_len -= otp_token_get_digits(tokens[i]);
creds->bv_val[creds->bv_len] = '\0';
}
@ -1170,10 +1170,10 @@ static bool ipapwd_do_otp_auth(const char *dn, Slapi_Entry *bind_entry,
"%s: token authentication %s "
"(user: '%s', token: '%s\').\n", __func__,
success ? "succeeded" : "failed", dn,
slapi_sdn_get_ndn(otptoken_get_sdn(tokens[i])));
slapi_sdn_get_ndn(otp_token_get_sdn(tokens[i])));
}
otptoken_free_array(tokens);
otp_token_free_array(tokens);
return success;
}

11
daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c
View File

@ -37,8 +37,7 @@
* All rights reserved.
* END COPYRIGHT BLOCK **/
#include <libotp.h>
#include "../libotp/otp_token.h"
#include "syncreq.h"
#define OTP_SYNC_MAX_STEPS 25
@ -56,7 +55,7 @@ bool sync_request_present(Slapi_PBlock *pb)
bool sync_request_handle(Slapi_ComponentId *plugin_id, Slapi_PBlock *pb,
const char *user_dn)
{
struct otptoken **tokens = NULL;
struct otp_token **tokens = NULL;
LDAPControl **controls = NULL;
struct berval *second = NULL;
struct berval *first = NULL;
@ -91,10 +90,10 @@ bool sync_request_handle(Slapi_ComponentId *plugin_id, Slapi_PBlock *pb,
/* Process the synchronization. */
success = false;
if (ber_scanf(ber, "}") != LBER_ERROR) {
tokens = otptoken_find(plugin_id, user_dn, token_dn, true, NULL);
tokens = otp_token_find(plugin_id, user_dn, token_dn, true, NULL);
if (tokens != NULL) {
success = otptoken_sync_berval(tokens, OTP_SYNC_MAX_STEPS, first, second);
otptoken_free_array(tokens);
success = otp_token_sync_berval(tokens, OTP_SYNC_MAX_STEPS, first, second);
otp_token_free_array(tokens);
}
}

10
daemons/ipa-slapi-plugins/libotp/Makefile.am
View File

@ -1,9 +1,11 @@
MAINTAINERCLEANFILES = *~ Makefile.in
AM_CPPFLAGS = -I/usr/include/dirsrv
noinst_LTLIBRARIES = librfc.la libotp.la
libotp_la_LIBADD = librfc.la
noinst_LTLIBRARIES = libhotp.la libotp.la
libhotp_la_SOURCES = hotp.c hotp.h
libotp_la_SOURCES = otp_token.c otp_token.h
libotp_la_LIBADD = libhotp.la
check_PROGRAMS = t_librfc
check_PROGRAMS = t_hotp
TESTS = $(check_PROGRAMS)
t_librfc_LDADD = $(NSPR_LIBS) $(NSS_LIBS) librfc.la
t_hotp_LDADD = $(NSPR_LIBS) $(NSS_LIBS) libhotp.la

2
daemons/ipa-slapi-plugins/libotp/librfc.c → daemons/ipa-slapi-plugins/libotp/hotp.c
View File

@ -42,7 +42,7 @@
* For details of how these algorithms work, please see the relevant RFCs.
*/
#include "librfc.h"
#include "hotp.h"
#include <time.h>
#include <nss.h>

5
daemons/ipa-slapi-plugins/libotp/librfc.h → daemons/ipa-slapi-plugins/libotp/hotp.h
View File

@ -37,8 +37,7 @@
* All rights reserved.
* END COPYRIGHT BLOCK **/
#ifndef LIBRFC_H_
#define LIBRFC_H_
#pragma once
#include <stdbool.h>
#include <stdint.h>
@ -59,5 +58,3 @@ struct hotp_token {
* An implementation of HOTP (RFC 4226).
*/
bool hotp(const struct hotp_token *token, uint64_t counter, uint32_t *out);
#endif /* LIBRFC_H_ */

103
daemons/ipa-slapi-plugins/libotp/libotp.c → daemons/ipa-slapi-plugins/libotp/otp_token.c
View File

@ -37,8 +37,8 @@
* All rights reserved.
* END COPYRIGHT BLOCK **/
#include "libotp.h"
#include "librfc.h"
#include "otp_token.h"
#include "hotp.h"
#include <time.h>
#include <errno.h>
@ -52,18 +52,17 @@
#define IPA_OTP_OBJCLS_FILTER \
"(|(objectClass=ipaTokenTOTP)(objectClass=ipaTokenHOTP))"
enum otptoken_type {
OTPTOKEN_NONE = 0,
OTPTOKEN_TOTP,
OTPTOKEN_HOTP,
enum type {
TYPE_NONE = 0,
TYPE_TOTP,
TYPE_HOTP,
};
struct otptoken {
struct otp_token {
Slapi_ComponentId *plugin_id;
Slapi_DN *sdn;
struct hotp_token token;
enum otptoken_type type;
enum type type;
union {
struct {
uint64_t watermark;
@ -124,7 +123,7 @@ static const struct berval *entry_attr_get_berval(const Slapi_Entry* e,
return slapi_value_get_berval(v);
}
static bool writeattr(const struct otptoken *token, const char *attr,
static bool writeattr(const struct otp_token *token, const char *attr,
long long val)
{
Slapi_PBlock *pb = NULL;
@ -164,7 +163,7 @@ error:
*
* If the second token code is specified, perform synchronization.
*/
static bool validate(struct otptoken *token, time_t now, ssize_t step,
static bool validate(struct otp_token *token, time_t now, ssize_t step,
uint32_t first, const uint32_t *second)
{
const char *attr;
@ -172,13 +171,13 @@ static bool validate(struct otptoken *token, time_t now, ssize_t step,
/* Calculate the absolute step. */
switch (token->type) {
case OTPTOKEN_TOTP:
case TYPE_TOTP:
attr = T("watermark");
step = (now + token->totp.offset) / token->totp.step + step;
if (token->totp.watermark > 0 && step < token->totp.watermark)
return false;
break;
case OTPTOKEN_HOTP:
case TYPE_HOTP:
if (step < 0) /* NEVER go backwards! */
return false;
attr = H("counter");
@ -210,7 +209,7 @@ static bool validate(struct otptoken *token, time_t now, ssize_t step,
/* Save our modifications to the object. */
switch (token->type) {
case OTPTOKEN_TOTP:
case TYPE_TOTP:
/* Perform optional synchronization steps. */
if (second != NULL) {
tmp = (step - now / token->totp.step) * token->totp.step;
@ -220,7 +219,7 @@ static bool validate(struct otptoken *token, time_t now, ssize_t step,
}
token->totp.watermark = step;
break;
case OTPTOKEN_HOTP:
case TYPE_HOTP:
token->hotp.counter = step;
break;
default:
@ -230,8 +229,7 @@ static bool validate(struct otptoken *token, time_t now, ssize_t step,
return true;
}
static void otptoken_free(struct otptoken *token)
static void otp_token_free(struct otp_token *token)
{
if (token == NULL)
return;
@ -242,24 +240,25 @@ static void otptoken_free(struct otptoken *token)
free(token);
}
void otptoken_free_array(struct otptoken **tokens)
void otp_token_free_array(struct otp_token **tokens)
{
if (tokens == NULL)
return;
for (size_t i = 0; tokens[i] != NULL; i++)
otptoken_free(tokens[i]);
otp_token_free(tokens[i]);
free(tokens);
}
static struct otptoken *otptoken_new(Slapi_ComponentId *id, Slapi_Entry *entry)
static struct otp_token *otp_token_new(Slapi_ComponentId *id,
Slapi_Entry *entry)
{
const struct berval *tmp;
struct otptoken *token;
struct otp_token *token;
char **vals;
token = calloc(1, sizeof(struct otptoken));
token = calloc(1, sizeof(struct otp_token));
if (token == NULL)
return NULL;
token->plugin_id = id;
@ -268,15 +267,15 @@ static struct otptoken *otptoken_new(Slapi_ComponentId *id, Slapi_Entry *entry)
vals = slapi_entry_attr_get_charray(entry, "objectClass");
if (vals == NULL)
goto error;
token->type = OTPTOKEN_NONE;
token->type = TYPE_NONE;
for (int i = 0; vals[i] != NULL; i++) {
if (strcasecmp(vals[i], "ipaTokenTOTP") == 0)
token->type = OTPTOKEN_TOTP;
token->type = TYPE_TOTP;
else if (strcasecmp(vals[i], "ipaTokenHOTP") == 0)
token->type = OTPTOKEN_HOTP;
token->type = TYPE_HOTP;
}
slapi_ch_array_free(vals);
if (token->type == OTPTOKEN_NONE)
if (token->type == TYPE_NONE)
goto error;
/* Get SDN. */
@ -307,7 +306,7 @@ static struct otptoken *otptoken_new(Slapi_ComponentId *id, Slapi_Entry *entry)
goto error;
switch (token->type) {
case OTPTOKEN_TOTP:
case TYPE_TOTP:
/* Get offset. */
token->totp.offset = slapi_entry_attr_get_int(entry, T("clockOffset"));
@ -319,7 +318,7 @@ static struct otptoken *otptoken_new(Slapi_ComponentId *id, Slapi_Entry *entry)
if (token->totp.step == 0)
token->totp.step = IPA_OTP_DEFAULT_TOKEN_STEP;
break;
case OTPTOKEN_HOTP:
case TYPE_HOTP:
/* Get counter. */
token->hotp.counter = slapi_entry_attr_get_int(entry, H("counter"));
break;
@ -330,15 +329,15 @@ static struct otptoken *otptoken_new(Slapi_ComponentId *id, Slapi_Entry *entry)
return token;
error:
otptoken_free(token);
otp_token_free(token);
return NULL;
}
static struct otptoken **find(Slapi_ComponentId *id, const char *user_dn,
const char *token_dn, const char *intfilter,
const char *extfilter)
static struct otp_token **find(Slapi_ComponentId *id, const char *user_dn,
const char *token_dn, const char *intfilter,
const char *extfilter)
{
struct otptoken **tokens = NULL;
struct otp_token **tokens = NULL;
Slapi_Entry **entries = NULL;
Slapi_PBlock *pb = NULL;
Slapi_DN *sdn = NULL;
@ -403,9 +402,9 @@ static struct otptoken **find(Slapi_ComponentId *id, const char *user_dn,
if (tokens == NULL)
goto error;
for (count = 0; entries[count] != NULL; count++) {
tokens[count] = otptoken_new(id, entries[count]);
tokens[count] = otp_token_new(id, entries[count]);
if (tokens[count] == NULL) {
otptoken_free_array(tokens);
otp_token_free_array(tokens);
tokens = NULL;
goto error;
}
@ -418,9 +417,9 @@ error:
return tokens;
}
struct otptoken **otptoken_find(Slapi_ComponentId *id, const char *user_dn,
const char *token_dn, bool active,
const char *filter)
struct otp_token **
otp_token_find(Slapi_ComponentId *id, const char *user_dn, const char *token_dn,
bool active, const char *filter)
{
static const char template[] =
"(|(ipatokenNotBefore<=%04d%02d%02d%02d%02d%02dZ)(!(ipatokenNotBefore=*)))"
@ -450,18 +449,18 @@ struct otptoken **otptoken_find(Slapi_ComponentId *id, const char *user_dn,
return find(id, user_dn, token_dn, actfilt, filter);
}
int otptoken_get_digits(struct otptoken *token)
int otp_token_get_digits(struct otp_token *token)
{
return token == NULL ? 0 : token->token.digits;
}
const Slapi_DN *otptoken_get_sdn(struct otptoken *token)
const Slapi_DN *otp_token_get_sdn(struct otp_token *token)
{
return token->sdn;
}
static bool otptoken_validate(struct otptoken *token, size_t steps,
uint32_t code)
static bool otp_token_validate(struct otp_token *token, size_t steps,
uint32_t code)
{
time_t now = 0;
@ -469,7 +468,7 @@ static bool otptoken_validate(struct otptoken *token, size_t steps,
return false;
/* We only need the local time for time-based tokens. */
if (token->type == OTPTOKEN_TOTP && time(&now) == (time_t) -1)
if (token->type == TYPE_TOTP && time(&now) == (time_t) -1)
return false;
for (int i = 0; i <= steps; i++) {
@ -507,8 +506,8 @@ static bool bvtod(const struct berval *code, uint32_t *out)
return code->bv_len != 0;
}
bool otptoken_validate_berval(struct otptoken *token, size_t steps,
const struct berval *code, bool tail)
bool otp_token_validate_berval(struct otp_token *token, size_t steps,
const struct berval *code, bool tail)
{
struct berval tmp;
uint32_t otp;
@ -527,11 +526,11 @@ bool otptoken_validate_berval(struct otptoken *token, size_t steps,
if (!bvtod(&tmp, &otp))
return false;
return otptoken_validate(token, steps, otp);
return otp_token_validate(token, steps, otp);
}
static bool otptoken_sync(struct otptoken * const *tokens, size_t steps,
uint32_t first_code, uint32_t second_code)
static bool otp_token_sync(struct otp_token * const *tokens, size_t steps,
uint32_t first_code, uint32_t second_code)
{
time_t now = 0;
@ -556,9 +555,9 @@ static bool otptoken_sync(struct otptoken * const *tokens, size_t steps,
return false;
}
bool otptoken_sync_berval(struct otptoken * const *tokens, size_t steps,
const struct berval *first_code,
const struct berval *second_code)
bool otp_token_sync_berval(struct otp_token * const *tokens, size_t steps,
const struct berval *first_code,
const struct berval *second_code)
{
uint32_t second = 0;
uint32_t first = 0;
@ -569,5 +568,5 @@ bool otptoken_sync_berval(struct otptoken * const *tokens, size_t steps,
if (!bvtod(second_code, &second))
return false;
return otptoken_sync(tokens, steps, first, second);
return otp_token_sync(tokens, steps, first, second);
}

32
daemons/ipa-slapi-plugins/libotp/libotp.h → daemons/ipa-slapi-plugins/libotp/otp_token.h
View File

@ -37,21 +37,16 @@
* All rights reserved.
* END COPYRIGHT BLOCK **/
#ifndef LIBOTP_H_
#define LIBOTP_H_
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#pragma once
#include <dirsrv/slapi-plugin.h>
#include <stdbool.h>
#include <stdlib.h>
struct otptoken;
struct otp_token;
/* Frees the token array. */
void otptoken_free_array(struct otptoken **tokens);
void otp_token_free_array(struct otp_token **tokens);
/* Find tokens.
*
@ -70,24 +65,23 @@ void otptoken_free_array(struct otptoken **tokens);
* Returns NULL on error. If no tokens are found, an empty array is returned.
* The array is NULL terminated.
*/
struct otptoken **otptoken_find(Slapi_ComponentId *id, const char *user_dn,
const char *token_dn, bool active,
const char *filter);
struct otp_token **otp_token_find(Slapi_ComponentId *id, const char *user_dn,
const char *token_dn, bool active,
const char *filter);
/* Get the length of the token code. */
int otptoken_get_digits(struct otptoken *token);
int otp_token_get_digits(struct otp_token *token);
/* Get the SDN of the token. */
const Slapi_DN *otptoken_get_sdn(struct otptoken *token);
const Slapi_DN *otp_token_get_sdn(struct otp_token *token);
/* Validate the token code within a range of steps. If tail is true,
* it will be assumed that the token is specified at the end of the string. */
bool otptoken_validate_berval(struct otptoken *token, size_t steps,
const struct berval *code, bool tail);
bool otp_token_validate_berval(struct otp_token *token, size_t steps,
const struct berval *code, bool tail);
/* Synchronize the token within a range of steps. */
bool otptoken_sync_berval(struct otptoken * const *tokens, size_t steps,
const struct berval *first_code,
const struct berval *second_code);
bool otp_token_sync_berval(struct otp_token * const *tokens, size_t steps,
const struct berval *first_code,
const struct berval *second_code);
#endif /* LIBOTP_H_ */

2
daemons/ipa-slapi-plugins/libotp/t_librfc.c → daemons/ipa-slapi-plugins/libotp/t_hotp.c
View File

@ -37,7 +37,7 @@
* All rights reserved.
* END COPYRIGHT BLOCK **/
#include "librfc.h"
#include "hotp.h"
#include <assert.h>
#include <stddef.h>