diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2001-06-17 22:44:52 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2001-06-17 22:44:52 +0000 |
| commit | f7af1085deb6d0912133129e632f7b34ce76d83d (patch) | |
| tree | d762d4ae839a9d4995aae7eb657e5e883875758f | |
| parent | 165f6244b7a8471135032e0ef7338c634c3e858c (diff) | |
Use BSD authentication to retrieve the challenge so we no longer require
suid root.
| -rw-r--r-- | usr.bin/skeyinfo/Makefile | 8 | ||||
| -rw-r--r-- | usr.bin/skeyinfo/skeyinfo.1 | 7 | ||||
| -rw-r--r-- | usr.bin/skeyinfo/skeyinfo.c | 53 |
3 files changed, 37 insertions, 31 deletions
diff --git a/usr.bin/skeyinfo/Makefile b/usr.bin/skeyinfo/Makefile index 1ca0f5836ec..72c534bb4f4 100644 --- a/usr.bin/skeyinfo/Makefile +++ b/usr.bin/skeyinfo/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.2 1997/09/21 11:50:53 deraadt Exp $ +# $OpenBSD: Makefile,v 1.3 2001/06/17 22:44:50 millert Exp $ PROG= skeyinfo + BINOWN= root -BINMODE=4555 -DPADD= ${LIBSKEY} -LDADD= -lskey +BINGRP= auth +BINMODE=2555 .include <bsd.prog.mk> diff --git a/usr.bin/skeyinfo/skeyinfo.1 b/usr.bin/skeyinfo/skeyinfo.1 index 7e1d4f29528..248c87b736c 100644 --- a/usr.bin/skeyinfo/skeyinfo.1 +++ b/usr.bin/skeyinfo/skeyinfo.1 @@ -1,6 +1,6 @@ -.\" $OpenBSD: skeyinfo.1,v 1.3 2000/03/11 21:40:02 aaron Exp $ +.\" $OpenBSD: skeyinfo.1,v 1.4 2001/06/17 22:44:51 millert Exp $ .\" -.Dd 22 July 1997 +.Dd 17 June 2001 .Dt SKEYINFO 1 .Os .Sh NAME @@ -28,3 +28,6 @@ an untrusted network (perhaps for use at a conference). .Sh SEE ALSO .Xr skey 1 , .Xr skeyinit 1 +.Sh CAVEATS +If the user does not have an entry in the S/Key database a fake +challenge will be printed. diff --git a/usr.bin/skeyinfo/skeyinfo.c b/usr.bin/skeyinfo/skeyinfo.c index 38b3046fc9d..fbf150aaac6 100644 --- a/usr.bin/skeyinfo/skeyinfo.c +++ b/usr.bin/skeyinfo/skeyinfo.c @@ -1,7 +1,7 @@ -/* $OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $ */ +/* $OpenBSD: skeyinfo.c,v 1.7 2001/06/17 22:44:51 millert Exp $ */ /* - * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1997, 2001 Todd C. Miller <Todd.Miller@courtesan.com> * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -28,14 +28,13 @@ */ #include <err.h> -#include <limits.h> -#include <paths.h> #include <pwd.h> #include <stdio.h> -#include <stdlib.h> #include <string.h> #include <unistd.h> #include <skey.h> +#include <login_cap.h> +#include <bsd_auth.h> extern char *__progname; @@ -47,12 +46,9 @@ main(argc, argv) char **argv; { struct passwd *pw; - struct skey key; - char *name = NULL; - int error, ch, verbose = 0; - - if (geteuid() != 0) - errx(1, "must be setuid root"); + char *challenge, *cp, *name = NULL; + int ch, verbose = 0; + auth_session_t *as; while ((ch = getopt(argc, argv, "v")) != -1) switch(ch) { @@ -84,22 +80,29 @@ main(argc, argv) if ((name = strdup(pw->pw_name)) == NULL) err(1, "cannot allocate memory"); - error = skeylookup(&key, name); - switch (error) { - case 0: /* Success! */ - if (verbose) - (void)printf("otp-%s ", skey_get_algorithm()); - (void)printf("%d %s\n", key.n - 1, key.seed); - break; - case -1: /* File error */ - warn("cannot open %s", _PATH_SKEYKEYS); - break; - case 1: /* Unknown user */ - warnx("%s is not listed in %s", name, _PATH_SKEYKEYS); + as = auth_userchallenge(name, "skey", NULL, &challenge); + if (as == NULL || challenge == NULL) { + auth_close(as); + errx(1, "unable to retrieve S/Key challenge for %s", name); } - (void)fclose(key.keyfile); - exit(error ? 1 : 0); + /* + * We only want the first line of the challenge so stop after a newline. + * If the user wants the full challenge including the hash type + * or if the challenge didn't start with 'otp-', print it verbatim. + * Otherwise, strip off the first word. + */ + if ((cp = strchr(challenge, '\n'))) + *cp = '\0'; + cp = strchr(challenge, ' '); + if (verbose || *challenge != 'o' || !cp) + cp = challenge; + else + cp++; + puts(cp); + + auth_close(as); + exit(0); } void |