Port knocking using two-factor authentication
List of commits:
| Subject | Hash | Author | Date (UTC) |
|---|---|---|---|
| Avoid a format string warning; added some tests | c6b5c9d46c3b2504f471889ebd8e1a11037e6bc7 | Catalin(ux) M. BOIE | 2018-05-20 18:39:06 |
| More protections for attaches (compiler) | 79bd62786a0549d557614ece28a978fca7fdf63b | Catalin(ux) M. BOIE | 2018-05-10 18:00:08 |
| Spelling corrections | aaa52f5924c18f691e9475a65c9a2223f2a13e14 | Catalin(ux) M. BOIE | 2018-04-26 19:56:31 |
| Small README update | 3535924e1cda76040cd1309de11fe9a8a0b2e39e | Catalin(ux) M. BOIE | 2018-04-26 19:53:22 |
| Use RAND_bytes instead of getrandom because it is not supported on CentOS7 | 86b71d957f8ca371f04837746c0ac9689306d48e | Catalin(ux) M. BOIE | 2018-04-03 03:49:17 |
| Small stuff dealing with ENOBUFS; doc updated | 17bb2fc3712e1704519d4c4257462e71350dfa93 | Catalin(ux) M. BOIE | 2018-03-23 03:28:39 |
| Add first support for ct marking | 19268d626b40bdd18480cc79fa597aa4bff9c824 | Catalin(ux) M. BOIE | 2018-03-21 17:23:01 |
| More tweakings all around | 0c5961860deadb8bcb1dfd1be429b2966f03312a | Catalin(ux) M. BOIE | 2018-03-11 21:10:32 |
| Added password support | df6d270a3e243084069a31fe980d76c97d89a861 | Catalin(ux) M. BOIE | 2018-02-13 22:46:53 |
| Checkpoint | 049e12584744b8a51bfc5867fd0e7b2db0592deb | Catalin(ux) M. BOIE | 2018-02-11 22:25:13 |
| Fixed a bug in totp, added keys in memory | abec61861e2f37398026dbe7342d7751390e95d8 | Catalin(ux) M. BOIE | 2018-02-04 18:36:12 |
| Initial version | c641fafbd46342cd24fde45129cc3637b7ca65bc | Catalin(ux) M. BOIE | 2018-02-03 23:42:32 |
Commit c6b5c9d46c3b2504f471889ebd8e1a11037e6bc7
- Avoid a format string warning; added some tests
Author: Catalin(ux) M. BOIE
Author date (UTC): 2018-05-20 18:39
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2018-05-20 18:39
Parent(s): 79bd62786a0549d557614ece28a978fca7fdf63b
Signing key:
Tree: fb5597839194e11812682df1445d49151ba8746f
Author: Catalin(ux) M. BOIE
Author date (UTC): 2018-05-20 18:39
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2018-05-20 18:39
Parent(s): 79bd62786a0549d557614ece28a978fca7fdf63b
Signing key:
Tree: fb5597839194e11812682df1445d49151ba8746f
| File | Lines added | Lines deleted |
|---|---|---|
| Makefile.in | 5 | 1 |
| totp.c | 20 | 6 |
| File Makefile.in changed (mode: 100644) (index fd1e2fa..56db202) | |||
| ... | ... | nf2fac: nf2fac.c $(OBJS) totp.h key.h protocol.h util.h conf.h $(DEP) | |
| 34 | 34 | ||
| 35 | 35 | .PHONY: clean | .PHONY: clean |
| 36 | 36 | clean: | clean: |
| 37 | @rm -fv $(TARGETS) $(OBJS) | ||
| 37 | @rm -fv test $(TARGETS) $(OBJS) | ||
| 38 | 38 | @-rm -f $(PRJ)-*.rpm $(PRJ)-*-*-*.tgz $(PRJ)-*.tar.gz | @-rm -f $(PRJ)-*.rpm $(PRJ)-*-*-*.tgz $(PRJ)-*.tar.gz |
| 39 | 39 | ||
| 40 | 40 | .PHONY: check | .PHONY: check |
| 41 | 41 | check: | check: |
| 42 | 42 | cppcheck --enable=all -I. . | cppcheck --enable=all -I. . |
| 43 | 43 | ||
| 44 | test: test.c $(OBJS) $(DEP) | ||
| 45 | gcc $(CFLAGS) test.c -o test $(OBJS) $(LIBS) | ||
| 46 | @./test | ||
| 47 | |||
| 44 | 48 | install: all | install: all |
| 45 | 49 | @mkdir -p $(I_USR_SBIN) | @mkdir -p $(I_USR_SBIN) |
| 46 | 50 | @cp -vd nf2fad $(I_USR_SBIN) | @cp -vd nf2fad $(I_USR_SBIN) |
| File totp.c changed (mode: 100644) (index e74860e..222ef77) | |||
| ... | ... | int totp_base64_generate(char *out, const unsigned char digits) | |
| 46 | 46 | } | } |
| 47 | 47 | ||
| 48 | 48 | /* | /* |
| 49 | * Returns | ||
| 49 | * Returns the index of the char | ||
| 50 | 50 | */ | */ |
| 51 | 51 | unsigned char totp_char_to_index(const char c) | unsigned char totp_char_to_index(const char c) |
| 52 | 52 | { | { |
| ... | ... | unsigned char totp_char_to_index(const char c) | |
| 55 | 55 | ||
| 56 | 56 | q = toupper(c); | q = toupper(c); |
| 57 | 57 | x = strchr(totp_base32_tab, q); | x = strchr(totp_base32_tab, q); |
| 58 | if (x == NULL) | ||
| 58 | if (x == NULL) { | ||
| 59 | snprintf(error, sizeof(error), "invalid base32 char"); | ||
| 59 | 60 | return 0xFF; | return 0xFF; |
| 61 | } | ||
| 60 | 62 | ||
| 61 | 63 | return x - totp_base32_tab; | return x - totp_base32_tab; |
| 62 | 64 | } | } |
| ... | ... | static unsigned char totp_hex2bin(const char *s) | |
| 131 | 133 | * Compute a code based on a key, a timestamp/30 and number of digits | * Compute a code based on a key, a timestamp/30 and number of digits |
| 132 | 134 | * Returns -1 on error (probably the key is invalid), 0 on success (@out | * Returns -1 on error (probably the key is invalid), 0 on success (@out |
| 133 | 135 | * will contain the digits) | * will contain the digits) |
| 136 | * Use maximum 10 digits. | ||
| 134 | 137 | */ | */ |
| 135 | 138 | int totp_compute(char *out, const char *key, unsigned int tc, | int totp_compute(char *out, const char *key, unsigned int tc, |
| 136 | 139 | unsigned char digits) | unsigned char digits) |
| 137 | 140 | { | { |
| 138 | unsigned char key_bin[64], key_len, btc[8], i, *p, o; | ||
| 141 | unsigned char key_bin[64], key_len, btc[8], i, *p, o, number_len; | ||
| 139 | 142 | int r; | int r; |
| 140 | char stc[17], format[8]; | ||
| 143 | char stc[17], number[11]; | ||
| 141 | 144 | unsigned int v; | unsigned int v; |
| 142 | 145 | unsigned long long z; | unsigned long long z; |
| 143 | 146 | ||
| 144 | 147 | //printf("DEBUG: %s: key=%s tc=%u\n", __func__, key, tc); | //printf("DEBUG: %s: key=%s tc=%u\n", __func__, key, tc); |
| 145 | 148 | ||
| 149 | if (digits > 10) { | ||
| 150 | snprintf(error, sizeof(error), "too many digits"); | ||
| 151 | return -1; | ||
| 152 | } | ||
| 153 | |||
| 146 | 154 | r = totp_base32_decode(key_bin, sizeof(key_bin), key); | r = totp_base32_decode(key_bin, sizeof(key_bin), key); |
| 147 | 155 | if (r == -1) | if (r == -1) |
| 148 | 156 | return -1; | return -1; |
| ... | ... | int totp_compute(char *out, const char *key, unsigned int tc, | |
| 164 | 172 | for (i = 0; i < digits; i++) | for (i = 0; i < digits; i++) |
| 165 | 173 | z *= 10; | z *= 10; |
| 166 | 174 | ||
| 167 | sprintf(format, "%%0%hhuu", digits); | ||
| 168 | sprintf(out, format, v % z); | ||
| 175 | number_len = snprintf(number, sizeof(number), "%llu", v % z); | ||
| 176 | |||
| 177 | // Prepending zeros | ||
| 178 | for (i = 0; i < digits - number_len; i++) | ||
| 179 | out[i] = '0'; | ||
| 180 | out[i] = '\0'; | ||
| 181 | |||
| 182 | strcat(out, number); | ||
| 169 | 183 | ||
| 170 | 184 | return 0; | return 0; |
| 171 | 185 | } | } |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/nf2fa
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/nf2fa
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/nf2fa
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!