Allow superuser to disable skey by unlnking /etc/skeykeys.

3 files changed, 22 insertions, 26 deletions

diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c
index d4c90681f83..efaebd692bf 100644
--- a/lib/libskey/skeylogin.c
+++ b/lib/libskey/skeylogin.c
@@ -11,7 +11,7 @@
  *
  * S/KEY verification check, lookups, and authentication.
  * 
- * $OpenBSD: skeylogin.c,v 1.22 1997/09/12 20:47:39 millert Exp $
+ * $OpenBSD: skeylogin.c,v 1.23 1998/02/24 20:52:48 millert Exp $
  */
 
 #include <sys/param.h>
@@ -120,19 +120,14 @@ skeylookup(mp, name)
 	char *cp, *ht = NULL;
 	struct stat statbuf;
 
-	/* See if _PATH_SKEYKEYS exists, and create it if not */
-	if (stat(_PATH_SKEYKEYS, &statbuf) == -1 && errno == ENOENT) {
-		mp->keyfile = fopen(_PATH_SKEYKEYS, "w+");
-		if (mp->keyfile)
+	/* Open _PATH_SKEYKEYS if it exists, else return an error */
+	if (stat(_PATH_SKEYKEYS, &statbuf) == 0 &&
+	    (mp->keyfile = fopen(_PATH_SKEYKEYS, "r+")) != NULL) {
+		if ((statbuf.st_mode & 0007777) != 0600)
 			fchmod(fileno(mp->keyfile), 0600);
 	} else {
-		/* Otherwise open normally for update */
-		mp->keyfile = fopen(_PATH_SKEYKEYS, "r+");
-		if (mp->keyfile && (statbuf.st_mode & 0007777) != 0600)
-			fchmod(fileno(mp->keyfile), 0600);
-	}
-	if (mp->keyfile == NULL)
 		return(-1);
+	}
 
 	/* Look up user name in database */
 	while (!feof(mp->keyfile)) {
@@ -192,20 +187,15 @@ skeygetnext(mp)
 	char *cp;
 	struct stat statbuf;
 
-	/* See if _PATH_SKEYKEYS exists, and create it if not */
+	/* Open _PATH_SKEYKEYS if it exists, else return an error */
 	if (mp->keyfile == NULL) {
-		if (stat(_PATH_SKEYKEYS, &statbuf) == -1 && errno == ENOENT) {
-			mp->keyfile = fopen(_PATH_SKEYKEYS, "w+");
-			if (mp->keyfile)
+		if (stat(_PATH_SKEYKEYS, &statbuf) == 0 &&
+		    (mp->keyfile = fopen(_PATH_SKEYKEYS, "r+")) != NULL) {
+			if ((statbuf.st_mode & 0007777) != 0600)
 				fchmod(fileno(mp->keyfile), 0600);
 		} else {
-			/* Otherwise open normally for update */
-			mp->keyfile = fopen(_PATH_SKEYKEYS, "r+");
-			if (mp->keyfile && (statbuf.st_mode & 0007777) != 0600)
-				fchmod(fileno(mp->keyfile), 0600);
-		}
-		if (mp->keyfile == NULL)
 			return(-1);
+		}
 	}
 
 	/* Look up next user in database */
diff --git a/usr.bin/skey/skey.1 b/usr.bin/skey/skey.1
index 019f27c3cd2..d20d412aa87 100644
--- a/usr.bin/skey/skey.1
+++ b/usr.bin/skey/skey.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: skey.1,v 1.9 1997/07/17 05:48:39 millert Exp $
+.\" $OpenBSD: skey.1,v 1.10 1998/02/24 20:52:44 millert Exp $
 .\"	@(#)skey.1	1.1 	10/28/93
 .\"
 .Dd 28 October 1993
@@ -45,7 +45,7 @@ You can enter the passwords using small letters, even though
 .Nm skey
 prints them capitalized.
 .Sh OPTIONS
-.Bl -tag -width Ds
+.Bl -tag -width XXXXXXX
 .It Fl n Ar count
 Prints out
 .Ar count
diff --git a/usr.bin/skeyinit/skeyinit.1 b/usr.bin/skeyinit/skeyinit.1
index 09d7105ca5d..97f88bd2ed6 100644
--- a/usr.bin/skeyinit/skeyinit.1
+++ b/usr.bin/skeyinit/skeyinit.1
@@ -1,8 +1,8 @@
-.\"	$OpenBSD: skeyinit.1,v 1.10 1997/07/17 05:48:40 millert Exp $
+.\"	$OpenBSD: skeyinit.1,v 1.11 1998/02/24 20:52:46 millert Exp $
 .\"	$NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
 .\"	@(#)skeyinit.1	1.1 	10/28/93
 .\"
-.Dd 28 October 1993
+.Dd February 24, 1998
 .Dt SKEYINIT 1
 .Os
 .Sh NAME
@@ -40,7 +40,7 @@ over an untrusted network, a password of
 should be used.  The user will then be presented with the standard
 S/Key challenge and allowed to proceed if it is correct.
 .Sh OPTIONS
-.Bl -tag -width Ds
+.Bl -tag -width XXXXXXX
 .It Fl x
 Displays pass phrase in hexidecimal instead of ASCII.
 .It Fl s
@@ -83,6 +83,12 @@ Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
 .It Ar user
 The username to be changed/added. By default the current user is
 operated on.
+.Sh ERRORS
+.Bl -tag -width "skey disabled"
+.It skey disabled
+.Pa /etc/skeykeys
+does not exist.  It must be created by the superuser in order to use
+.Nm skeyinit .
 .Sh FILES
 .Bl -tag -width /etc/skeykeys
 .It Pa /etc/skeykeys