diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 1996-09-27 15:41:38 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 1996-09-27 15:41:38 +0000 |
| commit | 0c666f9f5fa37375bb5e779f351ddb12947fd258 (patch) | |
| tree | 39f8d56781966a8d9d4a1c6510ad682703ccb9fd /usr.bin/skey | |
| parent | d5dd91cdf59d18f9cfff6072a73247438e00ea4e (diff) | |
Now can both MD4 and MD5 skey's.
Diffstat (limited to 'usr.bin/skey')
| -rw-r--r-- | usr.bin/skey/Makefile | 3 | ||||
| -rw-r--r-- | usr.bin/skey/skey.1 | 25 | ||||
| -rw-r--r-- | usr.bin/skey/skey.c | 61 | ||||
| -rw-r--r-- | usr.bin/skey/skeyaudit.sh | 6 | ||||
| -rw-r--r-- | usr.bin/skey/skeyinfo.sh | 14 |
5 files changed, 60 insertions, 49 deletions
diff --git a/usr.bin/skey/Makefile b/usr.bin/skey/Makefile index b7c527d1fe5..70c0226e1f7 100644 --- a/usr.bin/skey/Makefile +++ b/usr.bin/skey/Makefile @@ -1,7 +1,6 @@ -# $OpenBSD: Makefile,v 1.2 1996/06/26 05:39:19 deraadt Exp $ +# $OpenBSD: Makefile,v 1.3 1996/09/27 15:41:35 millert Exp $ PROG= skey -CFLAGS+= -I${.CURDIR}/../../lib/libskey MAN= skey.1 skeyinfo.1 skeyaudit.1 DPADD= ${LIBSKEY} LDADD= -lskey diff --git a/usr.bin/skey/skey.1 b/usr.bin/skey/skey.1 index db35d1682ec..ca71e8db4e1 100644 --- a/usr.bin/skey/skey.1 +++ b/usr.bin/skey/skey.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: skey.1,v 1.2 1996/06/26 05:39:19 deraadt Exp $ +.\" $OpenBSD: skey.1,v 1.3 1996/09/27 15:41:36 millert Exp $ .\" @(#)skey.1 1.1 10/28/93 .\" .Dd 28 October 1993 @@ -11,8 +11,8 @@ .Nm S/key is a procedure for using one time passwords to authenticate access to computer systems. It uses 64 bits of information transformed by the -MD4 algorithm. The user supplies the 64 bits in the form of 6 English -words that are generated by a secure computer. +MD4 and MD5 algorithms. The user supplies the 64 bits in the form of 6 +English words that are generated by a secure computer. Example use of the S/key program .Xr skey 1 : .sp @@ -25,6 +25,25 @@ Example use of the S/key program .sp 0 % .Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl x +causes output to be in hexidecimal instead of ASCII. +.It Fl 4 +Selects MD4 as the hash algorithm. +.It Fl 5 +Selects MD5 as the hash algorithm. +.It Fl n Ar count +Prints out +.Ar count +one time passwords. The default is to print one. +.It Fl p Ar password +Uses +.Ar password +as the secret password. Use of this option is discouraged as +your secret password could be visible in a process listing. +.El +.Pp The programs that are part of the S/Key system are: .Bl -tag -width skeyinit... .It Xr skeyinit 1 diff --git a/usr.bin/skey/skey.c b/usr.bin/skey/skey.c index cd2975b73ec..4baa7c39a32 100644 --- a/usr.bin/skey/skey.c +++ b/usr.bin/skey/skey.c @@ -1,4 +1,4 @@ -/* * $OpenBSD: skey.c,v 1.2 1996/06/26 05:39:20 deraadt Exp $*/ +/* * $OpenBSD: skey.c,v 1.3 1996/09/27 15:41:36 millert Exp $*/ /* * S/KEY v1.1b (skey.c) * @@ -21,14 +21,12 @@ * */ -#include <sys/cdefs.h> #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <fcntl.h> -#include <sgtty.h> -#include "md4.h" -#include "skey.h" +#include <err.h> +#include <unistd.h> +#include <skey.h> void usage __P((char *)); @@ -37,14 +35,10 @@ main(argc, argv) int argc; char *argv[]; { - int n, cnt, i, pass = 0; + int n, i, cnt = 1, pass = 0, hexmode = 0; char passwd[256], key[8], buf[33], *seed, *slash; - extern int optind; - extern char *optarg; - cnt = 1; - - while ((i = getopt(argc, argv, "n:p:")) != EOF) { + while ((i = getopt(argc, argv, "n:p:x45")) != EOF) { switch (i) { case 'n': cnt = atoi(optarg); @@ -53,6 +47,15 @@ main(argc, argv) strcpy(passwd, optarg); pass = 1; break; + case 'x': + hexmode = 1; + break; + case '4': + skey_set_MDX(4); + break; + case '5': + skey_set_MDX(5); + break; } } @@ -69,13 +72,12 @@ main(argc, argv) seed = slash; if ((n = atoi(argv[optind])) < 0) { - fprintf(stderr, "%s not positive\n", argv[optind]); + warnx("%s not positive", argv[optind]); usage(argv[0]); } } else { - if ((n = atoi(argv[optind])) < 0) { - fprintf(stderr, "%s not positive\n", argv[optind]); + warnx("%s not positive", argv[optind]); usage(argv[0]); } seed = argv[++optind]; @@ -83,32 +85,29 @@ main(argc, argv) /* Get user's secret password */ if (!pass) { - fprintf(stderr, "Enter secret password: "); + (void)fputs("Reminder - Do not use this program while logged in via telnet or rlogin.\n", stderr); + (void)fputs("Enter secret password: ", stderr); readpass(passwd, sizeof(passwd)); } rip(passwd); /* Crunch seed and password into starting key */ - if (keycrunch(key, seed, passwd) != 0) { - fprintf(stderr, "%s: key crunch failed\n", argv[0]); - exit(1); - } + if (keycrunch(key, seed, passwd) != 0) + errx(1, "key crunch failed"); + if (cnt == 1) { while (n-- != 0) f(key); - printf("%s\n", btoe(buf, key)); -#ifdef HEXIN - printf("%s\n", put8(buf, key)); -#endif + (void)puts(hexmode ? put8(buf, key) : btoe(buf, key)); } else { for (i = 0; i <= n - cnt; i++) f(key); for (; i <= n; i++) { -#ifdef HEXIN - printf("%d: %-29s %s\n", i, btoe(buf, key), put8(buf, key)); -#else - printf("%d: %-29s\n", i, btoe(buf, key)); -#endif + if (hexmode) + (void)printf("%d: %-29s %s\n", i, + btoe(buf, key), put8(buf, key)); + else + (void)printf("%d: %-29s\n", i, btoe(buf, key)); f(key); } } @@ -119,8 +118,6 @@ void usage(s) char *s; { - - fprintf(stderr, - "Usage: %s [-n count] [-p password ] sequence# [/] key\n", s); + (void)fprintf(stderr, "Usage: %s [-x] [-4|-5] [-n count] [-p password ] sequence# [/] key", s); exit(1); } diff --git a/usr.bin/skey/skeyaudit.sh b/usr.bin/skey/skeyaudit.sh index 7f617923f5a..51711b447ff 100644 --- a/usr.bin/skey/skeyaudit.sh +++ b/usr.bin/skey/skeyaudit.sh @@ -1,5 +1,5 @@ #!/bin/sh -# $OpenBSD: skeyaudit.sh,v 1.2 1996/06/26 05:39:21 deraadt Exp $ +# $OpenBSD: skeyaudit.sh,v 1.3 1996/09/27 15:41:36 millert Exp $ # This script will look thru the skeykeys file for # people with sequence numbers less then LOWLIMIT=12 # and send them an e-mail reminder to use skeyinit soon @@ -28,10 +28,10 @@ fi for i in `$AWK '{print $1}' $KEYDB` do -SEQ=`$GREP "^$i[ ]" $KEYDB | $AWK '{print $2}'` +SEQ=`$GREP "^$i[ ]" $KEYDB | $AWK '{if ($2 ~ /^MD[0-9]+/) {print $3} else {print $2}}'` if [ $SEQ -lt $LOWLIMIT ] then - KEY=`$GREP "^$i[ ]" $KEYDB | $AWK '{print $3}'` + KEY=`$GREP "^$i[ ]" $KEYDB | $AWK '{if ($2 ~ /^MD[0-9]+/) {print $4} else {print $3}}'` if [ $SEQ -lt 3 ] then SUBJECT="IMPORTANT action required" diff --git a/usr.bin/skey/skeyinfo.sh b/usr.bin/skey/skeyinfo.sh index 1367604b485..11d65a69735 100644 --- a/usr.bin/skey/skeyinfo.sh +++ b/usr.bin/skey/skeyinfo.sh @@ -1,18 +1,14 @@ #!/bin/sh -# $OpenBSD: skeyinfo.sh,v 1.2 1996/06/26 05:39:22 deraadt Exp $ +# $OpenBSD: skeyinfo.sh,v 1.3 1996/09/27 15:41:37 millert Exp $ # search /etc/skeykeys for the skey string for # this user OR user specified in 1st parameter -if [ -z "$1" ] -then +if [ -z "$1" ]; then WHO=`/usr/bin/whoami` else WHO=$1 fi -if [ -f /etc/skeykeys ] -then - SKEYINFO=`/usr/bin/grep "^$WHO[ ]" /etc/skeykeys` -else - SKEYINFO=`cat /etc/skeykeys|/usr/bin/grep "^$WHO[ ]"` + +if [ -f /etc/skeykeys ]; then + /usr/bin/awk "{ if (\$1 == \"$WHO\" && \$2 ~ /^MD[0-9]+/) {print \$3-1,\$4} else {print \$2-1,\$3} }" < /etc/skeykeys fi -echo $SKEYINFO|/usr/bin/awk '{print $2-1,$3}' |