static void unlock_token(struct securid_token *t, int get_pin, char **ret_pass) { char devid[BUFLEN] = { 0 }, pass[BUFLEN] = { 0 }, pin[BUFLEN]; int rc; if (securid_devid_required(t)) request_devid(t, devid); if (securid_pass_required(t)) request_pass("Enter password to decrypt token: ", t, pass, devid); rc = securid_decrypt_seed(t, pass, devid); if (rc != ERR_NONE) die("error: can't decrypt token: %s\n", stoken_errstr[rc]); if (t->enc_pin_str) if (securid_decrypt_pin(t->enc_pin_str, pass, t->pin) != ERR_NONE) warn("warning: can't decrypt PIN\n"); if (ret_pass && strlen(pass)) *ret_pass = xstrdup(pass); /* always allow --pin to override .stokenrc */ if (get_pin && securid_pin_required(t) && (!strlen(t->pin) || opt_pin)) { request_pin("Enter PIN:", pin); strncpy(t->pin, pin, MAX_PIN + 1); } }
int main(int argc, char **argv) { GtkWidget *window; char *cmd; gtk_init(&argc, &argv); gtk_window_set_default_icon_from_file( DATA_DIR "/pixmaps/stoken-gui.png", NULL); cmd = parse_cmdline(argc, argv, IS_GUI); /* check for a couple of error conditions */ if (common_init(cmd)) error_dialog("Application error", "Unable to initialize crypto library."); if (!current_token) error_dialog("Missing token", "Please use 'stoken import' to add a new seed."); if (securid_devid_required(current_token)) error_dialog("Unsupported token", "Please use 'stoken' to handle tokens encrypted with a device ID."); /* check for token expiration */ token_days_left = securid_check_exp(current_token, time(NULL)); if (!opt_force && !opt_small) { if (token_days_left < 0) error_dialog("Token expired", "Please obtain a new token from your administrator."); if (token_days_left < EXP_WARN_DAYS) { char msg[BUFLEN]; sprintf(msg, "This token will expire in %d day%s.", token_days_left, token_days_left == 1 ? "" : "s"); warning_dialog(NULL, "Expiration warning", msg); } } /* request password / PIN, if missing */ if (request_credentials(current_token) != ERR_NONE) return 1; token_interval = securid_token_interval(current_token); token_uses_pin = securid_pin_required(current_token); window = opt_small ? create_small_app_window() : create_app_window(); update_tokencode(NULL); gtk_widget_show_all(window); g_timeout_add(250, update_tokencode, NULL); gtk_main(); return 0; }
static int request_credentials(struct securid_token *t) { int rc, pass_required = 0, pin_required = 0; if (securid_pass_required(t)) { pass_required = 1; if (opt_password) { rc = securid_decrypt_seed(t, opt_password, NULL); if (rc == ERR_DECRYPT_FAILED) warn("warning: --password parameter is incorrect\n"); else if (rc != ERR_NONE) error_dialog("Token decrypt error", stoken_errstr[rc]); else pass_required = 0; } } else { rc = securid_decrypt_seed(t, opt_password, NULL); if (rc != ERR_NONE) error_dialog("Token decrypt error", stoken_errstr[rc]); } while (pass_required) { const char *pass = do_password_dialog(UIDIR "/password-dialog.ui"); if (!pass) return ERR_MISSING_PASSWORD; rc = securid_decrypt_seed(t, pass, NULL); if (rc == ERR_NONE) { if (t->enc_pin_str) { rc = securid_decrypt_pin(t->enc_pin_str, pass, t->pin); if (rc != ERR_NONE) error_dialog("PIN decrypt error", stoken_errstr[rc]); } pass_required = 0; } else if (rc == ERR_DECRYPT_FAILED) warning_dialog(NULL, "Bad password", "Please enter the correct password for this seed."); else error_dialog("Token decrypt error", stoken_errstr[rc]); } if (securid_pin_required(t)) { pin_required = 1; if (opt_pin) { if (securid_pin_format_ok(opt_pin) == ERR_NONE) { xstrncpy(t->pin, opt_pin, MAX_PIN + 1); pin_required = 0; } else warn("warning: --pin argument is invalid\n"); } else if (strlen(t->pin) || t->enc_pin_str) pin_required = 0; } while (pin_required) { const char *pin = do_password_dialog(UIDIR "/pin-dialog.ui"); if (!pin) { skipped_pin = 1; xstrncpy(t->pin, "0000", MAX_PIN + 1); break; } if (securid_pin_format_ok(pin) != ERR_NONE) { warning_dialog(NULL, "Bad PIN", "Please enter 4-8 digits, or click Skip for no PIN."); } else { xstrncpy(t->pin, pin, MAX_PIN + 1); break; } } return ERR_NONE; }
static int do_password_dialog(struct securid_token *t) { GtkWidget *dialog; GtkWidget *pass_entry = NULL, *pin_entry = NULL; gint resp; int rc, pass_required = 0, pin_required = 0; if (securid_pass_required(t)) { pass_required = 1; if (opt_password) { rc = securid_decrypt_seed(t, opt_password, NULL); if (rc == ERR_DECRYPT_FAILED) warn("warning: --password parameter is incorrect\n"); else if (rc != ERR_NONE) error_dialog("Token decrypt error", stoken_errstr[rc]); else pass_required = 0; } } else { rc = securid_decrypt_seed(t, opt_password, NULL); if (rc != ERR_NONE) error_dialog("Token decrypt error", stoken_errstr[rc]); } if (securid_pin_required(t)) { pin_required = 1; if (opt_pin) { if (securid_pin_format_ok(opt_pin) == ERR_NONE) { xstrncpy(t->pin, opt_pin, MAX_PIN + 1); pin_required = 0; } else warn("warning: --pin argument is invalid\n"); } else if (strlen(t->pin) || t->enc_pin_str) pin_required = 0; } if (!pin_required && !pass_required) return ERR_NONE; if (pass_required) pass_entry = gtk_entry_new(); if (pin_required) pin_entry = gtk_entry_new(); create_password_dialog(&dialog, pass_entry, pin_entry); while (1) { const char *pass = NULL, *pin = NULL; resp = gtk_dialog_run(GTK_DIALOG(dialog)); if (resp != GTK_RESPONSE_ACCEPT) { gtk_widget_destroy(dialog); return 1; } if (pass_required) { pass = gtk_entry_get_text(GTK_ENTRY(pass_entry)); rc = securid_decrypt_seed(current_token, pass, NULL); if (rc == ERR_DECRYPT_FAILED) { warning_dialog(dialog, "Bad password", "Please enter the correct password for this seed."); continue; } else if (rc != ERR_NONE) error_dialog("Token decrypt error", stoken_errstr[rc]); } if (t->enc_pin_str) { rc = securid_decrypt_pin(t->enc_pin_str, pass, t->pin); if (rc != ERR_NONE) error_dialog("PIN decrypt error", stoken_errstr[rc]); } if (pin_required) { pin = gtk_entry_get_text(GTK_ENTRY(pin_entry)); if (securid_pin_format_ok(pin) != ERR_NONE) { warning_dialog(dialog, "Bad PIN", "Please enter 4-8 digits, or '0000' to skip."); continue; } xstrncpy(t->pin, pin, MAX_PIN + 1); } break; } gtk_widget_destroy(dialog); return ERR_NONE; }