Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/skeyinit Bring s/key closer to RFC2289 conformance b...
details: https://anonhg.NetBSD.org/src/rev/9bd46e7d2a7f
branches: trunk
changeset: 494488:9bd46e7d2a7f
user: mjl <mjl%NetBSD.org@localhost>
date: Fri Jul 07 00:18:29 2000 +0000
description:
Bring s/key closer to RFC2289 conformance by pulling in changes
from OpenBSD to make use of different hash functions possible.
Also ANSIfy, make it use getopt instead of home-grown arg parsing,
and clean up a bit.
diffstat:
usr.bin/skeyinit/skeyinit.c | 282 +++++++++++++++++++++++++++++--------------
1 files changed, 189 insertions(+), 93 deletions(-)
diffs (truncated from 408 to 300 lines):
diff -r 1d4afc367464 -r 9bd46e7d2a7f usr.bin/skeyinit/skeyinit.c
--- a/usr.bin/skeyinit/skeyinit.c Thu Jul 06 23:29:13 2000 +0000
+++ b/usr.bin/skeyinit/skeyinit.c Fri Jul 07 00:18:29 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: skeyinit.c,v 1.12 1998/12/19 22:18:00 christos Exp $ */
+/* $NetBSD: skeyinit.c,v 1.13 2000/07/07 00:18:29 mjl Exp $ */
/* S/KEY v1.1b (skeyinit.c)
*
@@ -8,6 +8,9 @@
* John S. Walden <jsw%thumper.bellcore.com@localhost>
* Scott Chasin <chasin%crimelab.com@localhost>
*
+ * Modifications:
+ * Todd C. Miller <Todd.Miller%courtesan.com@localhost>
+ *
* S/KEY initialization and seed update
*/
@@ -15,48 +18,51 @@
#include <sys/time.h>
#include <sys/resource.h>
+#include <ctype.h>
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <err.h>
-#include <pwd.h>
+#include <time.h>
#include <unistd.h>
-#include <time.h>
-#include <ctype.h>
+#include <utmp.h>
+
+#include <skey.h>
-#include "skey.h"
-
-#define NAMELEN 2
+#ifndef SKEY_NAMELEN
+#define SKEY_NAMELEN 4
+#endif
int main __P((int, char **));
-int
-main(argc, argv)
- int argc;
- char *argv[];
+int main(int argc, char **argv)
{
- int rval, n, nn, i, defaultsetup, l;
+ int rval, nn, i, l;
+ int n = 0, defaultsetup = 1, zerokey = 0, hexmode = 0;
time_t now;
char hostname[MAXHOSTNAMELEN + 1];
- char seed[18], tmp[80], key[8], defaultseed[17];
- char passwd[256], passwd2[256], tbuf[27], buf[60];
- char lastc, me[80], *p, *pw;
+ char seed[SKEY_MAX_PW_LEN+2], key[SKEY_BINKEY_SIZE], defaultseed[SKEY_MAX_SEED_LEN+1];
+ char passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2], tbuf[27], buf[80];
+ char lastc, me[UT_NAMESIZE+1], *p, *pw, *ht = NULL;
const char *salt;
struct skey skey;
struct passwd *pp;
struct tm *tm;
+ int c;
- time(&now);
- tm = localtime(&now);
- strftime(tbuf, sizeof(tbuf), "%M%j", tm);
- tbuf[sizeof(tbuf) - 1] = '\0';
+ if (geteuid() != 0)
+ errx(1, "must be setuid root.");
if (gethostname(hostname, sizeof(hostname)) < 0)
err(1, "gethostname");
- hostname[sizeof(hostname) - 1] = '\0';
- strncpy(defaultseed, hostname, sizeof(defaultseed)- 1);
- defaultseed[4] = '\0';
- strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
+ (void)strncpy(defaultseed, hostname, sizeof(defaultseed)- 1);
+ defaultseed[SKEY_NAMELEN] = '\0';
+ (void)time(&now);
+ (void)sprintf(tbuf, "%05ld", (long) (now % 100000));
+ (void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
if ((pp = getpwuid(getuid())) == NULL)
err(1, "no user with uid %ld", (u_long)getuid());
@@ -64,50 +70,67 @@
if ((pp = getpwnam(me)) == NULL)
err(1, "Who are you?");
+ salt = pp->pw_passwd;
- defaultsetup = 1;
- if (argc > 1) {
- if (strcmp("-s", argv[1]) == 0)
- defaultsetup = 0;
- else
- pp = getpwnam(argv[1]);
+ while((c = getopt(argc, argv, "n:t:sxz")) != -1) {
+ switch(c) {
+ case 'n':
+ n = atoi(optarg);
+ if(n < 1 || n > SKEY_MAX_SEQ)
+ errx(1, "count must be between 1 and %d", SKEY_MAX_SEQ);
+ break;
+ case 't':
+ if(skey_set_algorithm(optarg) == NULL)
+ errx(1, "Unknown hash algorithm %s", optarg);
+ ht = optarg;
+ break;
+ case 's':
+ defaultsetup = 0;
+ break;
+ case 'x':
+ hexmode = 1;
+ break;
+ case 'z':
+ zerokey = 1;
+ break;
+ default:
+ err(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [user]\n", argv[0]);
+ }
+ }
- if (argc > 2)
- pp = getpwnam(argv[2]);
- }
- if (pp == NULL) {
- err(1, "User unknown");
- }
+ if(argc > optind) {
+ pp = getpwnam(argv[optind]);
+ if (pp == NULL)
+ errx(1, "User %s unknown", argv[optind]);
+ }
+
if (strcmp(pp->pw_name, me) != 0) {
if (getuid() != 0) {
/* Only root can change other's passwds */
- printf("Permission denied.\n");
- exit(1);
+ errx(1, "Permission denied.");
}
}
- salt = pp->pw_passwd;
-
- setpriority(PRIO_PROCESS, 0, -4);
if (getuid() != 0) {
-
pw = getpass("Password:");
p = crypt(pw, salt);
- setpriority(PRIO_PROCESS, 0, 0);
-
- if (pp && strcmp(p, pp->pw_passwd)) {
- printf("Password incorrect.\n");
- exit(1);
+ if (strcmp(p, pp->pw_passwd)) {
+ errx(1, "Password incorrect.");
}
}
+
rval = skeylookup(&skey, pp->pw_name);
switch (rval) {
case -1:
err(1, "cannot open database");
case 0:
+ /* comment out user if asked to */
+ if (zerokey)
+ exit(skeyzero(&skey, pp->pw_name));
+
printf("[Updating %s]\n", pp->pw_name);
- printf("Old key: %s\n", skey.seed);
+ printf("Old key: [%s] %s\n", skey_get_algorithm(), skey.seed);
/*
* lets be nice if they have a skey.seed that
@@ -132,59 +155,89 @@
}
break;
case 1:
+ if (zerokey)
+ errx(1, "You have no entry to zero.");
printf("[Adding %s]\n", pp->pw_name);
break;
}
- n = 99;
+
+ if(n==0)
+ n = 99;
+
+ /* Set hash type if asked to */
+ if (ht) {
+ /* Need to zero out old key when changing algorithm */
+ if (strcmp(ht, skey_get_algorithm()) && skey_set_algorithm(ht))
+ zerokey = 1;
+ }
if (!defaultsetup) {
- printf("You need the 6 english words generated from the \"key\" command.\n");
+ printf("You need the 6 english words generated from the \"skey\" command.\n");
for (i = 0;; i++) {
if (i >= 2)
exit(1);
- printf("Enter sequence count from 1 to 10000: ");
- fgets(tmp, sizeof(tmp), stdin);
- n = atoi(tmp);
- if (n > 0 && n < 10000)
+ printf("Enter sequence count from 1 to %d: ", SKEY_MAX_SEQ);
+ fgets(buf, sizeof(buf), stdin);
+ n = atoi(buf);
+ if (n > 0 && n < SKEY_MAX_SEQ)
break; /* Valid range */
- printf("\n Error: Count must be > 0 and < 10000\n");
+ printf("\nError: Count must be between 0 and %d\n", SKEY_MAX_SEQ);
}
- }
- if (!defaultsetup) {
- printf("Enter new key [default %s]: ", defaultseed);
- fflush(stdout);
- fgets(seed, sizeof(seed), stdin);
- rip(seed);
- if (strlen(seed) > 16) {
- printf("Notice: Seed truncated to 16 characters.\n");
- seed[16] = '\0';
+
+ for (i = 0;; i++) {
+ if (i >= 2)
+ exit(1);
+
+ printf("Enter new seed [default %s]: ", defaultseed);
+ fflush(stdout);
+ fgets(seed, sizeof(seed), stdin);
+ rip(seed);
+ for (p = seed; *p; p++) {
+ if (isalpha(*p)) {
+ if (isupper(*p))
+ *p = tolower(*p);
+ } else if (!isdigit(*p)) {
+ (void)puts("Error: seed may only contain alphanumeric characters");
+ break;
+ }
+ }
+ if (*p == '\0')
+ break; /* Valid seed */
+ }
+ if (strlen(seed) > SKEY_MAX_SEED_LEN) {
+ printf("Notice: Seed truncated to %d characters.\n", SKEY_MAX_SEED_LEN);
+ seed[SKEY_MAX_SEED_LEN] = '\0';
}
if (seed[0] == '\0')
- (void)strncpy(seed, defaultseed, sizeof(seed) - 1);
+ (void)strcpy(seed, defaultseed);
for (i = 0;; i++) {
if (i >= 2)
exit(1);
- printf("s/key %d %s\ns/key access password: ", n, seed);
- fgets(tmp, sizeof(tmp), stdin);
- rip(tmp);
- backspace(tmp);
+ printf("otp-%s %d %s\ns/key access password: ",
+ skey_get_algorithm(), n, seed);
+ fgets(buf, sizeof(buf), stdin);
+ rip(buf);
+ backspace(buf);
- if (tmp[0] == '?') {
- printf("Enter 6 English words from secure S/Key calculation.\n");
+ if (buf[0] == '?') {
+ puts("Enter 6 English words from secure S/Key calculation.");
continue;
- }
- if (tmp[0] == '\0') {
+ } else if (buf[0] == '\0') {
exit(1);
}
- if (etob(key, tmp) == 1 || atob8(key, tmp) == 0)
+ if (etob(key, buf) == 1 || atob8(key, buf) == 0)
break; /* Valid format */
- printf("Invalid format - try again with 6 English words.\n");
+ (void)puts("Invalid format - try again with 6 English words.");
}
} else {
- /* Get user's secret password */
- for (i = 0;; i++) {
+ /* Get user's secret password */
+ puts("Reminder - Only use this method if you are directly connected\n"
+ " or have an encrypted channel. If you are using telnet\n"
+ " or rlogin, exit with no password and use skeyinit -s.\n");
Home |
Main Index |
Thread Index |
Old Index