Rename --token-mode=yubikey to --token-mode=yubioath

The Yubikey can do a bunch of stuff, not just the OATH tokens. The OATH tokens aren't even its *major* functionality. So call this 'yubioath' to avoid confusion and make it easier to support other things in the future if they make sense. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Nov 17, 2014 · 88b17a3 · 88b17a3
1 parent f21f7ca
commit 88b17a3
Show file tree

Hide file tree

Showing 10 changed files with 42 additions and 11 deletions.
diff --git a/auth.c b/auth.c
@@ -1066,7 +1066,7 @@ static int can_gen_tokencode(struct openconnect_info *vpninfo,
 		return can_gen_hotp_code(vpninfo, form, opt);
 #endif
 #ifdef HAVE_LIBPCSCLITE
-	case OC_TOKEN_MODE_YUBIKEY:
+	case OC_TOKEN_MODE_YUBIOATH:
 		return can_gen_yubikey_code(vpninfo, form, opt);
 #endif
 	default:
@@ -1104,7 +1104,7 @@ static int do_gen_tokencode(struct openconnect_info *vpninfo,
 		return do_gen_hotp_code(vpninfo, form, opt);
 #endif
 #ifdef HAVE_LIBPCSCLITE
-	case OC_TOKEN_MODE_YUBIKEY:
+	case OC_TOKEN_MODE_YUBIOATH:
 		return do_gen_yubikey_code(vpninfo, form, opt);
 #endif
 	default:

diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
@@ -159,6 +159,7 @@ public synchronized native void setMobileInfo(String mobilePlatformVersion,
 	public static native boolean hasTSSBlobSupport();
 	public static native boolean hasStokenSupport();
 	public static native boolean hasOATHSupport();
+	public static native boolean hasYubiOATHSupport();
 
 	/* public data structures */
 

diff --git a/jni.c b/jni.c
@@ -856,6 +856,12 @@ JNIEXPORT jboolean JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_hasO
 	return openconnect_has_oath_support();
 }
 
+JNIEXPORT jboolean JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_hasYubiOATHSupport(
+	JNIEnv *jenv, jclass jcls)
+{
+	return openconnect_has_yubioath_support();
+}
+
 /* simple cases: void or int params */
 
 JNIEXPORT jint JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getPort(

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
@@ -31,6 +31,7 @@ OPENCONNECT_5.0 {
 	openconnect_has_tss_blob_support;
 	openconnect_has_pkcs11_support;
 	openconnect_has_stoken_support;
+	openconnect_has_yubioath_support;
 	openconnect_set_stoken_mode;
 	openconnect_set_reported_os;
 	openconnect_has_oath_support;

diff --git a/library.c b/library.c
@@ -259,7 +259,7 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
 	}
 #endif /* HAVE_LIBOATH */
 #ifdef HAVE_LIBPCSCLITE
-	if (vpninfo->token_mode == OC_TOKEN_MODE_YUBIKEY) {
+	if (vpninfo->token_mode == OC_TOKEN_MODE_YUBIOATH) {
 		SCardDisconnect(vpninfo->pcsc_card, SCARD_LEAVE_CARD);
 		SCardReleaseContext(vpninfo->pcsc_ctx);
 	}
@@ -559,6 +559,15 @@ int openconnect_has_oath_support(void)
 #endif
 }
 
+int openconnect_has_yubioath_support(void)
+{
+#ifdef HAVE_LIBPCSCLITE
+	return 1;
+#else
+	return 0;
+#endif
+}
+
 int openconnect_set_token_callbacks(struct openconnect_info *vpninfo,
 				    void *tokdata,
 				    openconnect_lock_token_vfn lock,
@@ -611,7 +620,7 @@ int openconnect_set_token_mode(struct openconnect_info *vpninfo,
 		return set_hotp_mode(vpninfo, token_str);
 #endif
 #ifdef HAVE_LIBPCSCLITE
-	case OC_TOKEN_MODE_YUBIKEY:
+	case OC_TOKEN_MODE_YUBIOATH:
 		return set_yubikey_mode(vpninfo, token_str);
 #endif
 	default:

diff --git a/main.c b/main.c
@@ -576,6 +576,10 @@ static void print_build_opts(void)
 		printf("%sTOTP software token", sep);
 		sep = comma;
 	}
+	if (openconnect_has_yubioath_support()) {
+		printf("%sYubikey OATH", sep);
+		sep = comma;
+	}
 
 #ifdef HAVE_DTLS
 	printf("%sDTLS", sep);
@@ -746,6 +750,9 @@ static void usage(void)
 #endif
 #ifndef HAVE_LIBOATH
 	printf("                                  %s\n", _("(NOTE: liboath (TOTP,HOTP) disabled in this build)"));
+#endif
+#ifndef HAVE_LIBPCSCLITE
+	printf("                                  %s\n", _("(NOTE: Yubikey OATH disabled in this build)"));
 #endif
 	printf("      --reconnect-timeout         %s\n", _("Connection retry timeout in seconds"));
 	printf("      --servercert=FINGERPRINT    %s\n", _("Server's certificate SHA1 fingerprint"));
@@ -1218,8 +1225,8 @@ int main(int argc, char **argv)
 				token_mode = OC_TOKEN_MODE_TOTP;
 			} else if (strcasecmp(config_arg, "hotp") == 0) {
 				token_mode = OC_TOKEN_MODE_HOTP;
-			} else if (strcasecmp(config_arg, "yubikey") == 0) {
-				token_mode = OC_TOKEN_MODE_YUBIKEY;
+			} else if (strcasecmp(config_arg, "yubioath") == 0) {
+				token_mode = OC_TOKEN_MODE_YUBIOATH;
 			} else {
 				fprintf(stderr, _("Invalid software token mode \"%s\"\n"),
 					config_arg);
@@ -1902,7 +1909,7 @@ static void init_token(struct openconnect_info *vpninfo,
 
 		break;
 
-	case OC_TOKEN_MODE_YUBIKEY:
+	case OC_TOKEN_MODE_YUBIOATH:
 		switch(ret) {
 		case 0:
 			return;

diff --git a/openconnect.8.in b/openconnect.8.in
@@ -399,7 +399,9 @@ will call libstoken to generate an RSA SecurID tokencode,
 .B \-\-token\-mode=totp
 will call liboath to generate an RFC 6238 time-based password, and
 .B \-\-token\-mode=hotp
-will call liboath to generate an RFC 4226 HMAC-based password.
+will call liboath to generate an RFC 4226 HMAC-based password. Yubikey
+tokens which generate OATH codes in hardware are supported with
+.B \-\-token\-mode=yubioath
 .TP
 .B \-\-token\-secret={ SECRET[,COUNTER] | @FILENAME }
 The secret to use when generating one-time passwords/verification codes.
@@ -410,6 +412,10 @@ specified following a comma.
 RSA SecurID secrets can be specified as an Android/iPhone URI or a raw numeric
 CTF string (with or without dashes).
 
+For Yubikey OATH the token secret specifies the name of the credential to be
+used. If not provided, the first OATH credential found on the device will be
+used.
+
 .IR FILENAME ,
 if specified, can contain any of the above strings.  Or, it can contain a
 SecurID XML (SDTID) seed.

diff --git a/openconnect.h b/openconnect.h
@@ -273,7 +273,7 @@ typedef enum {
 	OC_TOKEN_MODE_STOKEN,
 	OC_TOKEN_MODE_TOTP,
 	OC_TOKEN_MODE_HOTP,
-	OC_TOKEN_MODE_YUBIKEY,
+	OC_TOKEN_MODE_YUBIOATH,
 } oc_token_mode_t;
 
 /* All strings are UTF-8. If operating in a legacy environment where
@@ -548,5 +548,6 @@ int openconnect_has_tss_blob_support(void);
 /* Software token capabilities. */
 int openconnect_has_stoken_support(void);
 int openconnect_has_oath_support(void);
+int openconnect_has_yubioath_support(void);
 
 #endif /* __OPENCONNECT_H__ */
diff --git a/www/token.xml b/www/token.xml
@@ -26,7 +26,7 @@ generating one-time passwords:</p>
  and similar devices</li></ul>
 
 <p>On the command line, the token mode is specified with the <tt>--token-mode</tt>
-argument, which can be one of <tt>rsa</tt>, <tt>totp</tt>, <tt>hotp</tt> or <tt>yubikey</tt>.</p>
+argument, which can be one of <tt>rsa</tt>, <tt>totp</tt>, <tt>hotp</tt> or <tt>yubioath</tt>.</p>
 <p>The token secret is provided with the <tt>--token-secret</tt>
 argument, and the precise form it takes is dependent on the type of
 token as described below.</p>

diff --git a/yubikey.c b/yubikey.c
@@ -369,7 +369,7 @@ int set_yubikey_mode(struct openconnect_info *vpninfo, const char *token_str)
 				vpninfo->yubikey_mode = mode;
 				vpninfo->pcsc_ctx = pcsc_ctx;
 				vpninfo->pcsc_card = pcsc_card;
-				vpninfo->token_mode = OC_TOKEN_MODE_YUBIKEY;
+				vpninfo->token_mode = OC_TOKEN_MODE_YUBIOATH;
 				SCardEndTransaction(pcsc_card, SCARD_LEAVE_CARD);
 
 				goto success;