blob: 62045bbe85c7680897dfddd9e36ace985e86bc4d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
#!/bin/bash
# The OTP parsing code was taken from pass-otp
_otp_parse() {
urldecode() {
local url_encoded="${1//+/ }"
printf '%b' "${url_encoded//%/\\x}"
}
local uri="$1"
uri="${uri//\`/%60}"
uri="${uri//\"/%22}"
local pattern='^otpauth:\/\/(totp|hotp)(\/(([^:?]+)?(:([^:?]*))?)(:([0-9]+))?)?\?(.+)$'
[[ "$uri" =~ $pattern ]] || error "Cannot parse OTP key URI: $uri"
otp_uri=${BASH_REMATCH[0]}
otp_type=${BASH_REMATCH[1]}
otp_label=${BASH_REMATCH[3]}
otp_accountname=$(urldecode "${BASH_REMATCH[6]}")
[[ -z $otp_accountname ]] && otp_accountname=$(urldecode "${BASH_REMATCH[4]}") || otp_issuer=$(urldecode "${BASH_REMATCH[4]}")
[[ -z $otp_accountname ]] && error "Invalid key URI (missing accountname): $otp_uri"
local p=${BASH_REMATCH[9]}
local params
local IFS=\&; read -r -a params < <(echo "$p") ; unset IFS
pattern='^([^=]+)=(.+)$'
for param in "${params[@]}"; do
if [[ "$param" =~ $pattern ]]; then
case ${BASH_REMATCH[1]} in
secret) otp_secret=${BASH_REMATCH[2]} ;;
digits) otp_digits=${BASH_REMATCH[2]} ;;
algorithm) otp_algorithm=${BASH_REMATCH[2]} ;;
period) otp_period=${BASH_REMATCH[2]} ;;
counter) otp_counter=${BASH_REMATCH[2]} ;;
issuer) otp_issuer=$(urldecode "${BASH_REMATCH[2]}") ;;
*) ;;
esac
fi
done
[[ -z "$otp_secret" ]] && error "Invalid key URI (missing secret): $otp_uri"
pattern='^[0-9]+$'
[[ "$otp_type" == 'hotp' ]] && [[ ! "$otp_counter" =~ $pattern ]] && \
error "Invalid key URI (missing counter): $otp_uri"
}
BASE64="base64"
OATH=$(which oathtool)
otp_code() {
[[ -z "$OATH" ]] && error "oathtool is required by otp_code action."
while read -r line; do
if [[ "$line" == otpauth://* ]]; then
uri="$line"
_otp_parse "$line"
break
fi
done < "$FILE"
local cmd
case "$otp_type" in
totp) cmd="$OATH -b --totp"
[[ -n "$otp_algorithm" ]] && cmd+=$(echo "=${otp_algorithm}" | tr "[:upper:]" "[:lower:]")
[[ -n "$otp_period" ]] && cmd+=" --time-step-size=$otp_period"s
[[ -n "$otp_digits" ]] && cmd+=" --digits=$otp_digits"
cmd+=" $otp_secret"
;;
hotp)
counter=$((otp_counter + 1))
cmd="$OATH -b --hotp --counter=$counter"
[[ -n "$otp_digits" ]] && cmd+=" --digits=$otp_digits"
cmd+=" $otp_secret"
;;
*) error "OTP secret not found." ;;
esac
eval "$cmd" || error "Failed to generate OTP code."
if [[ "$otp_type" == "hotp" ]]; then
local line replaced uri=${otp_uri/&counter=$otp_counter/&counter=$counter}
while IFS= read -r line; do
[[ "$line" == otpauth://* ]] && line="$uri"
[[ -n "$replaced" ]] && replaced+=$'\n'
replaced+="$line"
done < "$FILE"
echo "$replaced" > "$FILE"
MESSAGE="Increment HOTP counter for $NAME."
fi
}
|
