averello/pass-otp-mirror
1
0
Fork 0
mirror of https://github.com/tadfisher/pass-otp.git synced 2025-12-12 20:35:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Send secrets to oathtool via stdin instead of command-line arguments

Browse Source 
Check if the oathtool version supports this first and prefer
the safe oathtool version to the always unsafe otptool.

Fixes: https://github.com/tadfisher/pass-otp/issues/167
This commit is contained in:
Paul Wise
2023-05-12 14:14:04 +08:00
committed by Tad Fisher
parent 214eeb0d8d
commit 7bb50dbc4b
1 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
otp.bash
View File

@@ -361,6 +361,12 @@ cmd_otp_code() {
fi
done < <(echo "$contents")
# Check oathtool for stdin secrets feature
OATH_SAFE_VERSION=2.6.5
OATH_VERSION=$("$OATH" --version | head -n1 | tr ' ' '\n' | tail -n1)
printf -v OATH_VERSIONS '%s\n%s' "$OATH_SAFE_VERSION" "$OATH_VERSION"
[[ "$OATH_VERSIONS" = "$(sort -n <<< "$OATH_VERSIONS")" ]] && OATH_SAFE=1
local cmd
case "$otp_type" in
totp)
@@ -369,7 +375,12 @@ cmd_otp_code() {
[[ -n "$otp_algorithm" ]] && cmd+=(--totp="$(echo "${otp_algorithm}"|tr "[:upper:]" "[:lower:]")")
[[ -n "$otp_period" ]] && cmd+=(--time-step-size="$otp_period"s)
[[ -n "$otp_digits" ]] && cmd+=(--digits="$otp_digits")
cmd+=("$otp_secret")
if [[ -n "$OATH_SAFE" ]] ; then
cmd+=(-) # secrets on stdin
unset OTPTOOL
else
cmd+=("$otp_secret")
fi
[[ -n "$OTPTOOL" ]] && cmd=("$OTPTOOL" "$uri")
;;
@@ -377,7 +388,12 @@ cmd_otp_code() {
local counter=$((otp_counter+1))
cmd=("$OATH" --base32 --hotp --counter="$counter")
[[ -n "$otp_digits" ]] && cmd+=(--digits="$otp_digits")
cmd+=("$otp_secret")
if [[ -n "$OATH_SAFE" ]] ; then
cmd+=(-) # secrets on stdin
unset OTPTOOL
else
cmd+=("$otp_secret")
fi
[[ -n "$OTPTOOL" ]] && cmd=("$OTPTOOL" "$uri")
;;
@@ -386,7 +402,12 @@ cmd_otp_code() {
;;
esac
local out; out=$("${cmd[@]}") || die "$path: failed to generate OTP code."
local out
if [[ -n "$OATH" && -n "$OATH_SAFE" && -z "$OTPTOOL" ]] ; then
out=$("${cmd[@]}" <<< "$otp_secret") || die "$path: failed to generate OTP code."
else
out=$("${cmd[@]}") || die "$path: failed to generate OTP code."
fi
if [[ "$otp_type" == "hotp" ]]; then
# Increment HOTP counter in-place