Subject: misc/1851: (Fixed) patch to add "zero" functionality to skeyinit
To: None <gnats-bugs@gnats.netbsd.org>
From: None <millert@cs.colorado.edu>
List: netbsd-bugs
Date: 12/19/1995 14:18:13
>Number: 1851
>Category: misc
>Synopsis: Patch that adds ability to zero out a user's skey key
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: misc-bug-people (Misc Bug People)
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue Dec 19 16:50:02 1995
>Last-Modified:
>Originator: Todd C. Miller
>Organization:
Todd C. Miller Sysadmin--University of Colorado Todd.Miller@cs.colorado.edu
>Release: NetBSD-current as of 12/17/95
>Environment:
System: NetBSD scrap.cs.colorado.edu 1.1A NetBSD 1.1A (PEECEE) #1: Mon Dec 18 15:09:44 MST 1995 millert@scrap.cs.colorado.edu:/usr/src/sys/arch/i386/compile/PEECEE i386
libskey.a
skeyinit
>Description:
There is no way to remove a key from the skeykeys database
without editing the file directly. The enclosed patch adds
a "-z" (zero) flag to skeyinit allowing users to zero out
their keys (it actually just comments out the entries).
The prevous patch I sent in did the wrong thing if the
user had no entry in /etc/skeykeys. Please disregard the
older patch.
>How-To-Repeat:
n/a
>Fix:
*** src/usr.bin/skeyinit/skeyinit.1.DIST Fri Oct 13 21:24:50 1995
--- src/usr.bin/skeyinit/skeyinit.1 Tue Dec 19 13:44:20 1995
***************
*** 10,15 ****
--- 10,16 ----
.Sh SYNOPSIS
.Nm skeyinit
.Op Fl s
+ .Op Fl z
.Op Ar user
.Sh DESCRIPTION
.Nm skeyinit
***************
*** 28,33 ****
--- 29,36 ----
in another window to generate the correct 6 english words
for that count and seed.
You can then "cut-and-paste" or type the words into the skeyinit window.
+ .It Fl z
+ allows the user to zero their S/Key entry.
.It Ar user
the username to be changed/added. By default the current user is
operated on.
*** src/usr.bin/skeyinit/skeyinit.c.DIST Fri Oct 13 21:24:51 1995
--- src/usr.bin/skeyinit/skeyinit.c Tue Dec 19 14:11:16 1995
***************
*** 29,41 ****
#define NAMELEN 2
int skeylookup __ARGS((struct skey * mp, char *name));
int
main(argc, argv)
int argc;
char *argv[];
{
! int rval, n, nn, i, defaultsetup, l;
time_t now;
char hostname[MAXHOSTNAMELEN];
char seed[18], tmp[80], key[8], defaultseed[17];
--- 29,42 ----
#define NAMELEN 2
int skeylookup __ARGS((struct skey * mp, char *name));
+ int skeyzero __ARGS((struct skey * mp, char *name));
int
main(argc, argv)
int argc;
char *argv[];
{
! int rval, n, nn, i, defaultsetup, l, zerokey = 0;
time_t now;
char hostname[MAXHOSTNAMELEN];
char seed[18], tmp[80], key[8], defaultseed[17];
***************
*** 63,76 ****
err(1, "Who are you?");
defaultsetup = 1;
! if (argc > 1) {
! if (strcmp("-s", argv[1]) == 0)
defaultsetup = 0;
! else
! pp = getpwnam(argv[1]);
!
! if (argc > 2)
! pp = getpwnam(argv[2]);
}
if (pp == NULL) {
err(1, "User unknown");
--- 64,78 ----
err(1, "Who are you?");
defaultsetup = 1;
! for (i=1; i < argc; i++) {
! if (strcmp("-s", argv[i]) == 0)
defaultsetup = 0;
! else if (strcmp("-z", argv[i]) == 0)
! zerokey = 1;
! else {
! pp = getpwnam(argv[i]);
! break;
! }
}
if (pp == NULL) {
err(1, "User unknown");
***************
*** 104,109 ****
--- 106,115 ----
case -1:
err(1, "cannot open database");
case 0:
+ /* comment out user if asked to */
+ if (zerokey)
+ exit(skeyzero(&skey, pp->pw_name));
+
printf("[Updating %s]\n", pp->pw_name);
printf("Old key: %s\n", skey.seed);
***************
*** 127,132 ****
--- 133,142 ----
}
break;
case 1:
+ if (zerokey) {
+ printf("You have no entry to zero.\n");
+ exit(1);
+ }
printf("[Adding %s]\n", pp->pw_name);
break;
}
*** src/lib/libskey/skeylogin.c.DIST Fri Oct 13 19:03:42 1995
--- src/lib/libskey/skeylogin.c Mon Dec 18 22:39:20 1995
***************
*** 364,366 ****
--- 364,394 ----
}
return -1;
}
+
+ /* Comment out user's entry in the s/key database
+ *
+ * Return codes:
+ * -1: Write error; database unchanged
+ * 0: Database updated
+ *
+ * The database file is always closed by this call.
+ */
+ int
+ skeyzero(mp,response)
+ struct skey *mp;
+ char *response;
+ {
+ /*
+ * Seek to the right place and write comment character
+ * which effectively zero's out the entry.
+ */
+ fseek(mp->keyfile,mp->recstart,0);
+ if (fputc('#', mp->keyfile) == EOF) {
+ fclose(mp->keyfile);
+ return -1;
+ }
+
+ fclose(mp->keyfile);
+
+ return 0;
+ }
>Audit-Trail:
>Unformatted: