summaryrefslogtreecommitdiffstats
path: root/udev/ykfde.c
diff options
context:
space:
mode:
Diffstat (limited to 'udev/ykfde.c')
-rw-r--r--udev/ykfde.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/udev/ykfde.c b/udev/ykfde.c
index 35000d6..f8ccfd3 100644
--- a/udev/ykfde.c
+++ b/udev/ykfde.c
@@ -142,8 +142,10 @@ int main(int argc, char **argv) {
goto out30;
}
challenge[fsize] = 0;
+ /* finished challenge */
- /* try to read config file */
+ /* try to read config file
+ * if anything here fails we do not care... slot 2 is the default */
if ((ini = iniparser_load(CONFIGFILE)) != NULL) {
slot = iniparser_getint(ini, "general:Slot", slot);
@@ -159,6 +161,7 @@ int main(int argc, char **argv) {
iniparser_freedict(ini);
}
+ /* init and open Yubikey */
if (!yk_init()) {
perror("yk_init() failed");
goto out30;
@@ -171,6 +174,7 @@ int main(int argc, char **argv) {
memset(response, 0, sizeof(response));
+ /* do challenge/response and encode to hex */
if (!yk_challenge_response(yk, slot, 0, strlen(challenge), (unsigned char *)challenge, sizeof(response), response)) {
perror("yk_challenge_response() failed");
goto out50;
@@ -179,7 +183,7 @@ int main(int argc, char **argv) {
sprintf(response_askpass, "+%s", response_hex);
- /* change to directory so we do not have to assemble complete path */
+ /* change to directory so we do not have to assemble complete/absolute path */
if (chdir(ASK_PATH) != 0) {
perror("chdir() failed");
goto out50;
@@ -213,7 +217,8 @@ int main(int argc, char **argv) {
goto out70;
}
- /*actually read return the list of change events happens. Here, read the change event one by one and process it accordingly.*/
+ /* actually read return the list of change events happens.
+ * Here, read the change event one by one and process it accordingly. */
while (i < length) {
event = (struct inotify_event *)&buffer[i];
if (event->len > 0)
@@ -223,29 +228,36 @@ int main(int argc, char **argv) {
}
out70:
+ /* remove inotify watch and remove file handle */
inotify_rm_watch(fd_inotify, watch);
close(fd_inotify);
out60:
+ /* close dir */
closedir(dir);
out50:
+ /* wipe response (cleartext password!) from memory */
memset(response, 0, sizeof(response));
memset(response_hex, 0, sizeof(response_hex));
memset(response_askpass, 0, sizeof(response_askpass));
+ /* close Yubikey */
if (!yk_close_key(yk))
perror("yk_close_key() failed");
out40:
+ /* release Yubikey */
if (!yk_release())
perror("yk_release() failed");
out30:
- if (challenge != NULL)
- free(challenge);
+ /* free challenge */
+ free(challenge);
out20:
+ /* close and unlink challenge file
+ * we can not try again later! */
fclose(challengefile);
unlink(CHALLENGEFILE);