/usr/include/otpw.h is in libotpw-dev 1.5-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | /*
* One-time password login library
*
* Markus Kuhn <http://www.cl.cam.ac.uk/~mgk25/>
*/
#ifndef OTPW_H
#define OTPW_H
#include <pwd.h>
#include <sys/types.h>
#include "md.h"
/* password authentication results (returned by otpw_verify()) */
#define OTPW_OK 0 /* this was the correct password */
#define OTPW_WRONG 1 /* this was the wrong password */
#define OTPW_ERROR 2 /* user has not registered for the OTPW service
* or something else went wrong */
/* flags for otpw_prepare() */
#define OTPW_DEBUG 1 /* output debugging messages via DEBUG_LOG macro */
#define OTPW_NOLOCK 2 /* disable locking, never create or check OTPW_LOCK */
/*
* A data structure used by otpw_prepare to return the
* selected challenge
*/
struct challenge {
char challenge[81]; /* print this string before "Password:" */
int passwords; /* number of req. passwords (0, 1, otpw_multi) */
int locked; /* flag, whether lock has been set */
int entries; /* number of entries in OTPW file */
int pwlen; /* number of characters in password */
int challen; /* number of characters in challenge string */
int hlen; /* number of characters in hash value */
int remaining; /* number of remaining unused OTPW file entries */
uid_t uid; /* effective uid for OTPW file/lock access */
gid_t gid; /* effective gid for OTPW file/lock access */
int *selection; /* position of the otpw_multi requested passwords */
char **hash; /* base64 hash values of the otpw_multi requested
passwords, each otpw_hlen+1 bytes long */
int flags; /* 1 : debug messages, 2: no locking */
char *filename; /* path of .otpw file (malloc'ed) */
char *lockfilename; /* path of .optw.lock file (malloc'ed) */
};
/*
* Call otpw_prepare() after the user has entered their login name and
* has requested OTPW authentication, and after and you have retrieved
* their password database entry *user. After the call, ch->challenge
* will contain a string that you have to present to the user before
* they can enter the password. If ch->challenge[0] == 0 then one-time
* password authentication is not possible at this time. Once you have
* received the password, pass it to otpw_verify() along with the same
* struct *ch used here.
*/
void otpw_prepare(struct challenge *ch, struct passwd *user, int flags);
/*
* After the one-time password has been entered, call optw_verify() to
* find out whether the password was ok. The parameters are the
* challenge structure filled previously by otpw_prepare() and the
* password that the user has provided ('\0' terminated). Accept the
* user if and only if the return value is OTPW_OK.
*
* IMPORTANT: If otpw_prepare() returned a non-empty challenge string
* (ch->challenge[0] != 0), then you MUST call otpw_verify(), even if
* the login was aborted and you are not any more interested in the
* result. Otherwise a stale lock might remain.
*
* After a successful login, check whether ch->entries > 2 *
* ch->remaining and remind the user to generate new passwords if
* so.
*/
int otpw_verify(struct challenge *ch, char *password);
/* buffer to hold the result of getpwnam_r() or getpwuid_r();
* essentially a struct passwd plus space for the strings
* that it might refer to */
struct otpw_pwdbuf {
struct passwd pwd;
size_t buflen;
char buf[0]; /* actual size is buflen if allocated by otpw_malloc_pwdbuf() */
};
/* some functions for dealing with struct pwdbuf */
int otpw_getpwnam(const char *name, struct otpw_pwdbuf **result);
int otpw_getpwuid(uid_t uid, struct otpw_pwdbuf **result);
/*
* Check if the user otpw_autopseudouser exists and had a UID of not
* higher than otpw_autopseudouser_maxuid. If so, malloc and set
* otpw_pseudouser accordingly.
*/
int otpw_set_pseudouser();
/* some global variables with configuration options */
extern char *otpw_file;
extern char *otpw_locksuffix;
extern int otpw_multi;
extern int otpw_hlen;
extern char *otpw_magic;
extern double otpw_locktimeout;
extern struct otpw_pwdbuf *otpw_pseudouser;
#endif
|