static void unlock_token(struct securid_token *t, int get_pin, char **ret_pass)
{
char devid[BUFLEN] = { 0 }, pass[BUFLEN] = { 0 }, pin[BUFLEN];
int rc;
if (securid_devid_required(t))
request_devid(t, devid);
if (securid_pass_required(t))
request_pass("Enter password to decrypt token: ",
t, pass, devid);
rc = securid_decrypt_seed(t, pass, devid);
if (rc != ERR_NONE)
die("error: can't decrypt token: %s\n", stoken_errstr[rc]);
if (t->enc_pin_str)
if (securid_decrypt_pin(t->enc_pin_str, pass, t->pin) !=
ERR_NONE)
warn("warning: can't decrypt PIN\n");
if (ret_pass && strlen(pass))
*ret_pass = xstrdup(pass);
/* always allow --pin to override .stokenrc */
if (get_pin && securid_pin_required(t) &&
(!strlen(t->pin) || opt_pin)) {
request_pin("Enter PIN:", pin);
strncpy(t->pin, pin, MAX_PIN + 1);
}
}
static int request_credentials(struct securid_token *t)
{
int rc, pass_required = 0, pin_required = 0;
if (securid_pass_required(t)) {
pass_required = 1;
if (opt_password) {
rc = securid_decrypt_seed(t, opt_password, NULL);
if (rc == ERR_DECRYPT_FAILED)
warn("warning: --password parameter is incorrect\n");
else if (rc != ERR_NONE)
error_dialog("Token decrypt error",
stoken_errstr[rc]);
else
pass_required = 0;
}
} else {
rc = securid_decrypt_seed(t, opt_password, NULL);
if (rc != ERR_NONE)
error_dialog("Token decrypt error", stoken_errstr[rc]);
}
while (pass_required) {
const char *pass =
do_password_dialog(UIDIR "/password-dialog.ui");
if (!pass)
return ERR_MISSING_PASSWORD;
rc = securid_decrypt_seed(t, pass, NULL);
if (rc == ERR_NONE) {
if (t->enc_pin_str) {
rc = securid_decrypt_pin(t->enc_pin_str,
pass, t->pin);
if (rc != ERR_NONE)
error_dialog("PIN decrypt error",
stoken_errstr[rc]);
}
pass_required = 0;
} else if (rc == ERR_DECRYPT_FAILED)
warning_dialog(NULL, "Bad password",
"Please enter the correct password for this seed.");
else
error_dialog("Token decrypt error", stoken_errstr[rc]);
}
if (securid_pin_required(t)) {
pin_required = 1;
if (opt_pin) {
if (securid_pin_format_ok(opt_pin) == ERR_NONE) {
xstrncpy(t->pin, opt_pin, MAX_PIN + 1);
pin_required = 0;
} else
warn("warning: --pin argument is invalid\n");
} else if (strlen(t->pin) || t->enc_pin_str)
pin_required = 0;
}
while (pin_required) {
const char *pin =
do_password_dialog(UIDIR "/pin-dialog.ui");
if (!pin) {
skipped_pin = 1;
xstrncpy(t->pin, "0000", MAX_PIN + 1);
break;
}
if (securid_pin_format_ok(pin) != ERR_NONE) {
warning_dialog(NULL, "Bad PIN",
"Please enter 4-8 digits, or click Skip for no PIN.");
} else {
xstrncpy(t->pin, pin, MAX_PIN + 1);
break;
}
}
return ERR_NONE;
}
static int do_password_dialog(struct securid_token *t)
{
GtkWidget *dialog;
GtkWidget *pass_entry = NULL, *pin_entry = NULL;
gint resp;
int rc, pass_required = 0, pin_required = 0;
if (securid_pass_required(t)) {
pass_required = 1;
if (opt_password) {
rc = securid_decrypt_seed(t, opt_password, NULL);
if (rc == ERR_DECRYPT_FAILED)
warn("warning: --password parameter is incorrect\n");
else if (rc != ERR_NONE)
error_dialog("Token decrypt error",
stoken_errstr[rc]);
else
pass_required = 0;
}
} else {
rc = securid_decrypt_seed(t, opt_password, NULL);
if (rc != ERR_NONE)
error_dialog("Token decrypt error", stoken_errstr[rc]);
}
if (securid_pin_required(t)) {
pin_required = 1;
if (opt_pin) {
if (securid_pin_format_ok(opt_pin) == ERR_NONE) {
xstrncpy(t->pin, opt_pin, MAX_PIN + 1);
pin_required = 0;
} else
warn("warning: --pin argument is invalid\n");
} else if (strlen(t->pin) || t->enc_pin_str)
pin_required = 0;
}
if (!pin_required && !pass_required)
return ERR_NONE;
if (pass_required)
pass_entry = gtk_entry_new();
if (pin_required)
pin_entry = gtk_entry_new();
create_password_dialog(&dialog, pass_entry, pin_entry);
while (1) {
const char *pass = NULL, *pin = NULL;
resp = gtk_dialog_run(GTK_DIALOG(dialog));
if (resp != GTK_RESPONSE_ACCEPT) {
gtk_widget_destroy(dialog);
return 1;
}
if (pass_required) {
pass = gtk_entry_get_text(GTK_ENTRY(pass_entry));
rc = securid_decrypt_seed(current_token, pass, NULL);
if (rc == ERR_DECRYPT_FAILED) {
warning_dialog(dialog, "Bad password",
"Please enter the correct password for this seed.");
continue;
} else if (rc != ERR_NONE)
error_dialog("Token decrypt error",
stoken_errstr[rc]);
}
if (t->enc_pin_str) {
rc = securid_decrypt_pin(t->enc_pin_str, pass, t->pin);
if (rc != ERR_NONE)
error_dialog("PIN decrypt error",
stoken_errstr[rc]);
}
if (pin_required) {
pin = gtk_entry_get_text(GTK_ENTRY(pin_entry));
if (securid_pin_format_ok(pin) != ERR_NONE) {
warning_dialog(dialog, "Bad PIN",
"Please enter 4-8 digits, or '0000' to skip.");
continue;
}
xstrncpy(t->pin, pin, MAX_PIN + 1);
}
break;
}
gtk_widget_destroy(dialog);
return ERR_NONE;
}
