Add a bunch of length/size macros and use them.

4 files changed, 77 insertions, 40 deletions

diff --git a/lib/libskey/put.c b/lib/libskey/put.c
index 6b2636225b5..5ed70ce64a1 100644
--- a/lib/libskey/put.c
+++ b/lib/libskey/put.c
@@ -8,7 +8,7 @@
  *
  * Dictionary lookup and extraction.
  *
- * $Id: put.c,v 1.4 1996/10/02 03:49:37 millert Exp $
+ * $Id: put.c,v 1.5 1996/11/03 18:57:28 millert Exp $
  */
 
 #include <stdio.h>
@@ -2127,7 +2127,7 @@ etob (out, e)
 {
 	char *word;
 	int i, p, v, l, low, high;
-	char b[9];
+	char b[SKEY_BINKEY_SIZE+1];
 	char input[36];
 
 	if (e == NULL)
@@ -2135,7 +2135,7 @@ etob (out, e)
 
 	(void) strncpy (input, e, sizeof (input));
 	(void) memset (b, 0, sizeof (b));
-	(void) memset (out, 0, 8);
+	(void) memset (out, 0, SKEY_BINKEY_SIZE);
 	for (i = 0, p = 0; i < 6; i++, p += 11) {
 		if ((word = strtok (i == 0 ? input : NULL, " ")) == NULL) 
 			return -1;
@@ -2165,7 +2165,7 @@ etob (out, e)
 	if ((p & 3) != extract (b, 64, 2)) 
 		return -2;
 
-	(void) memcpy (out, b, 8);
+	(void) memcpy (out, b, SKEY_BINKEY_SIZE);
 
 	return 1;
 }
diff --git a/lib/libskey/skey.h b/lib/libskey/skey.h
index fbe648da499..d651fb43523 100644
--- a/lib/libskey/skey.h
+++ b/lib/libskey/skey.h
@@ -11,7 +11,7 @@
  *
  * Main client header
  *
- * $Id: skey.h,v 1.6 1996/10/14 03:09:12 millert Exp $
+ * $Id: skey.h,v 1.7 1996/11/03 18:57:29 millert Exp $
  */
 
 /* Server-side data structure for reading keys file during login */
@@ -34,6 +34,38 @@ struct mc
 	int cnt;
 };
 
+/* Maximum sequence number we allow */
+#ifndef SKEY_MAX_SEQ
+#define SKEY_MAX_SEQ		10000
+#endif
+
+/* Minimum secret password length (rfc1938) */
+#ifndef SKEY_MIN_PW_LEN
+#define SKEY_MIN_PW_LEN		10
+#endif
+
+/* Max secret password length (rfc1938 says 63 but allows more) */
+#ifndef SKEY_MAX_PW_LEN
+#define SKEY_MAX_PW_LEN		255
+#endif
+
+/* Max length of an S/Key seed (rfc1938) */
+#ifndef SKEY_MAX_SEED_LEN
+#define SKEY_MAX_SEED_LEN	16
+#endif
+
+/* Max length of S/Key challenge (otp-???? 9999 seed) */
+#ifndef SKEY_MAX_CHALLENGE
+#define SKEY_MAX_CHALLENGE	(11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN)
+#endif
+
+/* Max length of hash algorithm name (md4/md5/sha1) */
+#define SKEY_MAX_HASHNAME_LEN	4
+
+/* Size of a binary key (not NULL-terminated) */
+#define SKEY_BINKEY_SIZE	8
+
+/* Prototypes */
 void f __P((char *x));
 int keycrunch __P((char *result, char *seed, char *passwd));
 char *btoe __P((char *engout, char *c));
diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c
index 666c5a9a532..4ada3b6099a 100644
--- a/lib/libskey/skeylogin.c
+++ b/lib/libskey/skeylogin.c
@@ -8,7 +8,7 @@
  *
  * S/KEY verification check, lookups, and authentication.
  * 
- * $Id: skeylogin.c,v 1.10 1996/10/22 01:41:25 millert Exp $
+ * $Id: skeylogin.c,v 1.11 1996/11/03 18:57:29 millert Exp $
  */
 
 #include <sys/param.h>
@@ -60,8 +60,9 @@ getskeyprompt(mp, name, prompt)
 	case -1:	/* File error */
 		return -1;
 	case 0:		/* Lookup succeeded, return challenge */
-		(void)sprintf(prompt, "otp-%s %d %s\n", skey_get_algorithm(),
-			      mp->n - 1, mp->seed);
+		(void)sprintf(prompt, "otp-%.*s %d %.*s\n",
+			      SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
+			      mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed);
 		return 0;
 	case 1:		/* User not found */
 		(void)fclose(mp->keyfile);
@@ -90,8 +91,9 @@ skeychallenge(mp, name, ss)
 	case -1:	/* File error */
 		return -1;
 	case 0:		/* Lookup succeeded, issue challenge */
-		(void)sprintf(ss, "otp-%s %d %s", skey_get_algorithm(),
-			      mp->n - 1, mp->seed);
+		(void)sprintf(ss, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN,
+			      skey_get_algorithm(), mp->n - 1,
+			      SKEY_MAX_SEED_LEN, mp->seed);
 		return 0;
 	case 1:		/* User not found */
 		(void)fclose(mp->keyfile);
@@ -186,9 +188,9 @@ skeyverify(mp, response)
 	struct skey *mp;
 	char *response;
 {
-	char key[8];
-	char fkey[8];
-	char filekey[8];
+	char key[SKEY_BINKEY_SIZE];
+	char fkey[SKEY_BINKEY_SIZE];
+	char filekey[SKEY_BINKEY_SIZE];
 	time_t now;
 	struct tm *tm;
 	char tbuf[27];
@@ -242,7 +244,7 @@ skeyverify(mp, response)
 	atob8(filekey, mp->val);
 
 	/* Do actual comparison */
-	if (memcmp(filekey, fkey, 8) != 0){
+	if (memcmp(filekey, fkey, SKEY_BINKEY_SIZE) != 0){
 		/* Wrong response */
 		(void)setpriority(PRIO_PROCESS, 0, 0);
 		(void)fclose(mp->keyfile);
@@ -299,7 +301,7 @@ skey_keyinfo(username)
 	char *username;
 {
 	int i;
-	static char str[50];
+	static char str[SKEY_MAX_CHALLENGE];
 	struct skey skey;
 
 	i = skeychallenge(&skey, username, str);
@@ -349,7 +351,7 @@ skey_authenticate(username)
 	char *username;
 {
 	int i;
-	char pbuf[256], skeyprompt[50];
+	char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
 	struct skey skey;
 
 	/* Attempt an S/Key challenge */
@@ -380,8 +382,9 @@ skey_authenticate(username)
 		} while (--i != 0);
 		pbuf[12] = '\0';
 
-		(void)snprintf(skeyprompt, sizeof(skeyprompt), "otp-%s %d %s",
-		    skey_get_algorithm(), 99, pbuf);
+		(void)sprintf(skeyprompt, "otp-%.*s %d %.*s",
+			      SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
+			      99, SKEY_MAX_SEED_LEN, pbuf);
 	}
 
 	(void)fprintf(stderr, "%s\n", skeyprompt);
@@ -389,7 +392,6 @@ skey_authenticate(username)
 
 	(void)fputs("Response: ", stderr);
 	readskey(pbuf, sizeof(pbuf));
-	rip(pbuf);
 
 	/* Is it a valid response? */
 	if (i == 0 && skeyverify(&skey, pbuf) == 0) {
diff --git a/lib/libskey/skeysubr.c b/lib/libskey/skeysubr.c
index 618a37601b3..06a83aa4f7c 100644
--- a/lib/libskey/skeysubr.c
+++ b/lib/libskey/skeysubr.c
@@ -10,7 +10,7 @@
  *
  * S/KEY misc routines.
  *
- * $Id: skeysubr.c,v 1.11 1996/10/22 01:37:54 millert Exp $
+ * $Id: skeysubr.c,v 1.12 1996/11/03 18:57:30 millert Exp $
  */
 
 #include <stdio.h>
@@ -47,7 +47,7 @@ static int skey_hash_type = SKEY_HASH_DEFAULT;
  * Hash types we support.
  * Each has an associated keycrunch() and f() function.
  */
-#define SKEY_ALGORITH_MAX	3
+#define SKEY_ALGORITH_LAST	3
 struct skey_algorithm_table {
 	const char *name;
 	int (*keycrunch) __P((char *, char *, char *));
@@ -67,7 +67,7 @@ static struct skey_algorithm_table skey_algorithm_table[] = {
  */
 int
 keycrunch(result, seed, passwd)
-	char *result;	/* 8-byte result */
+	char *result;	/* SKEY_BINKEY_SIZE result */
 	char *seed;	/* Seed, any length */
 	char *passwd;	/* Password, any length */
 {
@@ -76,7 +76,7 @@ keycrunch(result, seed, passwd)
 
 static int
 keycrunch_md4(result, seed, passwd)
-	char *result;	/* 8-byte result */
+	char *result;	/* SKEY_BINKEY_SIZE result */
 	char *seed;	/* Seed, any length */
 	char *passwd;	/* Password, any length */
 {
@@ -103,14 +103,14 @@ keycrunch_md4(result, seed, passwd)
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)result, (void *)results, 8);
+	(void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
 
 	return 0;
 }
 
 static int
 keycrunch_md5(result, seed, passwd)
-	char *result;	/* 8-byte result */
+	char *result;	/* SKEY_BINKEY_SIZE result */
 	char *seed;	/* Seed, any length */
 	char *passwd;	/* Password, any length */
 {
@@ -137,14 +137,14 @@ keycrunch_md5(result, seed, passwd)
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)result, (void *)results, 8);
+	(void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
 
 	return 0;
 }
 
 static int
 keycrunch_sha1(result, seed, passwd)
-	char *result;	/* 8-byte result */
+	char *result;	/* SKEY_BINKEY_SIZE result */
 	char *seed;	/* Seed, any length */
 	char *passwd;	/* Password, any length */
 {
@@ -171,15 +171,18 @@ keycrunch_sha1(result, seed, passwd)
 	sha.digest[1] ^= sha.digest[3];
 	sha.digest[0] ^= sha.digest[4];
 
-	(void)memcpy((void *)result, (void *)sha.digest, 8);
+	(void)memcpy((void *)result, (void *)sha.digest, SKEY_BINKEY_SIZE);
 #if BYTE_ORDER == LITTLE_ENDIAN
-	sha1ByteReverse((u_int32_t *)result, 8);
+	sha1ByteReverse((u_int32_t *)result, SKEY_BINKEY_SIZE);
 #endif /* LITTLE_ENDIAN */
 
 	return 0;
 }
 
-/* The one-way function f(). Takes 8 bytes and returns 8 bytes in place */
+/*
+ * The one-way function f().
+ * Takes SKEY_BINKEY_SIZE bytes and returns SKEY_BINKEY_SIZE bytes in place.
+ */
 void
 f(x)
 	char *x;
@@ -195,14 +198,14 @@ f_md4(x)
 	u_int32_t results[4];
 
 	MD4Init(&md);
-	MD4Update(&md, (unsigned char *)x, 8);
+	MD4Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
 	MD4Final((unsigned char *)results, &md);
 
 	/* Fold 128 to 64 bits */
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)x, (void *)results, 8);
+	(void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
 }
 
 static void
@@ -213,14 +216,14 @@ f_md5(x)
 	u_int32_t results[4];
 
 	MD5Init(&md);
-	MD5Update(&md, (unsigned char *)x, 8);
+	MD5Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
 	MD5Final((unsigned char *)results, &md);
 
 	/* Fold 128 to 64 bits */
 	results[0] ^= results[2];
 	results[1] ^= results[3];
 
-	(void)memcpy((void *)x, (void *)results, 8);
+	(void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
 }
 
 static void
@@ -230,7 +233,7 @@ f_sha1(x)
 	SHA1_INFO sha;
 
 	sha1Init(&sha);
-	sha1Update(&sha, (unsigned char *)x, 8);
+	sha1Update(&sha, (unsigned char *)x, SKEY_BINKEY_SIZE);
 	sha1Final(&sha);
 
 	/* Fold 160 to 64 bits */
@@ -238,9 +241,9 @@ f_sha1(x)
 	sha.digest[1] ^= sha.digest[3];
 	sha.digest[0] ^= sha.digest[4];
 
-	(void)memcpy((void *)x, (void *)sha.digest, 8);
+	(void)memcpy((void *)x, (void *)sha.digest, SKEY_BINKEY_SIZE);
 #if BYTE_ORDER == LITTLE_ENDIAN
-	sha1ByteReverse((u_int32_t *)x, 8);
+	sha1ByteReverse((u_int32_t *)x, SKEY_BINKEY_SIZE);
 #endif /* LITTLE_ENDIAN */
 }
 
@@ -327,7 +330,7 @@ atob8(out, in)
 	if (in == NULL || out == NULL)
 		return -1;
 
-	for (i=0; i<8; i++) {
+	for (i=0; i < 8; i++) {
 		if ((in = skipspace(in)) == NULL)
 			return -1;
 		if ((val = htoi(*in++)) == -1)
@@ -423,14 +426,14 @@ sevenbit(s)
 		*s++ &= 0x7f;
 }
 
-/* Set hash type type */
+/* Set hash algorithm type */
 char *
 skey_set_algorithm(new)
 	char *new;
 {
 	int i;
 
-	for (i = 0; i < SKEY_ALGORITH_MAX; i++) {
+	for (i = 0; i < SKEY_ALGORITH_LAST; i++) {
 		if (strcmp(new, skey_algorithm_table[i].name) == 0) {
 			skey_hash_type = i;
 			return new;