diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1995-10-18 08:53:40 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1995-10-18 08:53:40 +0000 |
| commit | d6583bb2a13f329cf0332ef2570eb8bb8fc0e39c (patch) | |
| tree | ece253b876159b39c620e62b6c9b1174642e070e /usr.bin/skey | |
initial import of NetBSD tree
Diffstat (limited to 'usr.bin/skey')
| -rw-r--r-- | usr.bin/skey/Makefile | 13 | ||||
| -rw-r--r-- | usr.bin/skey/skey.1 | 60 | ||||
| -rw-r--r-- | usr.bin/skey/skey.c | 126 | ||||
| -rw-r--r-- | usr.bin/skey/skeyaudit.1 | 29 | ||||
| -rw-r--r-- | usr.bin/skey/skeyaudit.sh | 50 | ||||
| -rw-r--r-- | usr.bin/skey/skeyinfo.1 | 19 | ||||
| -rw-r--r-- | usr.bin/skey/skeyinfo.sh | 18 |
7 files changed, 315 insertions, 0 deletions
diff --git a/usr.bin/skey/Makefile b/usr.bin/skey/Makefile new file mode 100644 index 00000000000..f3953ad5f7a --- /dev/null +++ b/usr.bin/skey/Makefile @@ -0,0 +1,13 @@ +# $Id: Makefile,v 1.1 1995/10/18 08:46:07 deraadt Exp $ + +PROG= skey +CFLAGS+= -I${.CURDIR}/../../lib/libskey +MAN= skey.1 skeyinfo.1 skeyaudit.1 +DPADD= ${LIBSKEY} +LDADD= -lskey + +beforeinstall: + install -c -m 755 ${.CURDIR}/skeyaudit.sh ${DESTDIR}${BINDIR}/skeyaudit + install -c -m 755 ${.CURDIR}/skeyinfo.sh ${DESTDIR}${BINDIR}/skeyinfo + +.include <bsd.prog.mk> diff --git a/usr.bin/skey/skey.1 b/usr.bin/skey/skey.1 new file mode 100644 index 00000000000..c3383a28f73 --- /dev/null +++ b/usr.bin/skey/skey.1 @@ -0,0 +1,60 @@ +.\" @(#)skey.1 1.1 10/28/93 +.\" $Id: skey.1,v 1.1 1995/10/18 08:46:07 deraadt Exp $ +.\" +.Dd 28 October 1993 +.Dt SKEY 1 +.Os NetBSD 4 +.Sh NAME +.Nm S/key +.Nd a one time password system +.Sh DESCRIPTION +.Nm S/key +is a procedure for using one time passwords to authenticate access to +computer systems. It uses 64 bits of information transformed by the +MD4 algorithm. The user supplies the 64 bits in the form of 6 English +words that are generated by a secure computer. +Example use of the S/key program +.Xr skey 1 : +.sp +.sp 0 + % skey 99 th91334 +.sp 0 + Enter password: <your secret password is entered here> +.sp 0 + OMEN US HORN OMIT BACK AHOY +.sp 0 + % +.Pp +The programs that are part of the S/Key system are: +.Bl -tag -width skeyinit... +.It Xr skeyinit 1 +used to setup your S/Key. +.It Xr skey 1 +used to get the one time password each time. +.It Xr skeyinfo 1 +used to extract information from the S/Key database. +It tells you what your next challenge will be. +.El +.Pp +When you run +.Xr skeyinit 1 +you inform the system of your +secret password. Running +.Xr skey 1 +then generates the +one-time passwords, and also requires your secret +password. If however, you misspell your password +while running +.Xr skey 1 , +you will get a list of passwords +that will not work, and no indication about the problem. +.Pp +Password sequence numbers count backward from 99. +You can enter the passwords using small letters, even though +.Xr skey 1 +prints them capitalized. +.Sh SEE ALSO +.Xr skeyinit 1 , +.Xr skeyinfo 1 +.Sh AUTHORS +Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin diff --git a/usr.bin/skey/skey.c b/usr.bin/skey/skey.c new file mode 100644 index 00000000000..a3cbf078d36 --- /dev/null +++ b/usr.bin/skey/skey.c @@ -0,0 +1,126 @@ +/* + * S/KEY v1.1b (skey.c) + * + * Authors: + * Neil M. Haller <nmh@thumper.bellcore.com> + * Philip R. Karn <karn@chicago.qualcomm.com> + * John S. Walden <jsw@thumper.bellcore.com> + * Scott Chasin <chasin@crimelab.com> + * + * + * Stand-alone program for computing responses to S/Key challenges. + * Takes the iteration count and seed as command line args, prompts + * for the user's key, and produces both word and hex format responses. + * + * Usage example: + * >skey 88 ka9q2 + * Enter password: + * OMEN US HORN OMIT BACK AHOY + * > + * + * $Id: skey.c,v 1.1 1995/10/18 08:46:07 deraadt Exp $ + */ + +#include <sys/cdefs.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <fcntl.h> +#include <sgtty.h> +#include "md4.h" +#include "skey.h" + +void usage __P((char *)); + +int +main(argc, argv) + int argc; + char *argv[]; +{ + int n, cnt, i, pass = 0; + char passwd[256], key[8], buf[33], *seed, *slash; + extern int optind; + extern char *optarg; + + cnt = 1; + + while ((i = getopt(argc, argv, "n:p:")) != EOF) { + switch (i) { + case 'n': + cnt = atoi(optarg); + break; + case 'p': + strcpy(passwd, optarg); + pass = 1; + break; + } + } + + /* could be in the form <number>/<seed> */ + + if (argc <= optind + 1) { + /* look for / in it */ + if (argc <= optind) + usage(argv[0]); + slash = strchr(argv[optind], '/'); + if (slash == NULL) + usage(argv[0]); + *slash++ = '\0'; + seed = slash; + + if ((n = atoi(argv[optind])) < 0) { + fprintf(stderr, "%s not positive\n", argv[optind]); + usage(argv[0]); + } + } else { + + if ((n = atoi(argv[optind])) < 0) { + fprintf(stderr, "%s not positive\n", argv[optind]); + usage(argv[0]); + } + seed = argv[++optind]; + } + + /* Get user's secret password */ + if (!pass) { + fprintf(stderr, "Enter secret password: "); + readpass(passwd, sizeof(passwd)); + } + rip(passwd); + + /* Crunch seed and password into starting key */ + if (keycrunch(key, seed, passwd) != 0) { + fprintf(stderr, "%s: key crunch failed\n", argv[0]); + exit(1); + } + if (cnt == 1) { + while (n-- != 0) + f(key); + printf("%s\n", btoe(buf, key)); +#ifdef HEXIN + printf("%s\n", put8(buf, key)); +#endif + } else { + for (i = 0; i <= n - cnt; i++) + f(key); + for (; i <= n; i++) { +#ifdef HEXIN + printf("%d: %-29s %s\n", i, btoe(buf, key), put8(buf, key)); +#else + printf("%d: %-29s\n", i, btoe(buf, key)); +#endif + f(key); + } + } + exit(0); +} + +void +usage(s) + char *s; +{ + + fprintf(stderr, + "Usage: %s [-n count] [-p password ] sequence# [/] key\n", s); + exit(1); +} diff --git a/usr.bin/skey/skeyaudit.1 b/usr.bin/skey/skeyaudit.1 new file mode 100644 index 00000000000..ab8e5e6acc0 --- /dev/null +++ b/usr.bin/skey/skeyaudit.1 @@ -0,0 +1,29 @@ +.\" +.\" $Id: skeyaudit.1,v 1.1 1995/10/18 08:46:08 deraadt Exp $ +.\" +.Dd 9 June 1994 +.Dt SKEYAUDIT 1 +.Os NetBSD 4 +.Sh NAME +.Nm skeyaudit +.Nd warn users if their S/Key will soon expire +.Sh SYNOPSIS +.Nm skeyaudit +.Op Ar limit +.Sh DESCRIPTION +.Nm skeyaudit +searches through the file +.Dq Pa /etc/skeykeys +for users whose S/Key sequence number is less than +.Ar limit , +and sends them a reminder to run +.Xr skeyinit 1 +soon. If no limit is specified a default of 12 is used. +.Sh FILES +.Bl -tag -width /etc/skeykeys -compact +.It Pa /etc/skeykeys +The S/Key key information database +.El +.Sh SEE ALSO +.Xr skeyinit 1 , +.Xr skey 1 diff --git a/usr.bin/skey/skeyaudit.sh b/usr.bin/skey/skeyaudit.sh new file mode 100644 index 00000000000..eb1109bff51 --- /dev/null +++ b/usr.bin/skey/skeyaudit.sh @@ -0,0 +1,50 @@ +#!/bin/sh +# $Id: skeyaudit.sh,v 1.1 1995/10/18 08:46:08 deraadt Exp $ +# This script will look thru the skeykeys file for +# people with sequence numbers less then LOWLIMIT=12 +# and send them an e-mail reminder to use skeyinit soon +# + +AWK=/usr/bin/awk +GREP=/usr/bin/grep +ECHO=/bin/echo +KEYDB=/etc/skeykeys +LOWLIMIT=12 +ADMIN=root +SUBJECT="Reminder: Run skeyinit" +HOST=`/bin/hostname` + + +if [ "$1" != "" ] +then + LOWLIMIT=$1 +fi + + +# an skeykeys entry looks like +# jsw 0076 la13079 ba20a75528de9d3a +# the sequence number is the second entry +# + +for i in `$AWK '{print $1}' $KEYDB` +do +SEQ=`$GREP "^$i[ ]" $KEYDB | $AWK '{print $2}'` +if [ $SEQ -lt $LOWLIMIT ] +then + KEY=`$GREP "^$i[ ]" $KEYDB | $AWK '{print $3}'` + if [ $SEQ -lt 3 ] + then + SUBJECT="IMPORTANT action required" + fi + ( + $ECHO "You are nearing the end of your current S/Key sequence for account $i" + $ECHO "on system $HOST." + $ECHO "" + $ECHO "Your S/key sequence number is now $SEQ. When it reaches zero you" + $ECHO "will no longer be able to use S/Key to login into the system. " + $ECHO " " + $ECHO "Type \"skeyinit -s\" to reinitialize your sequence number." + $ECHO "" + ) | /usr/bin/Mail -s "$SUBJECT" $i $ADMIN +fi +done diff --git a/usr.bin/skey/skeyinfo.1 b/usr.bin/skey/skeyinfo.1 new file mode 100644 index 00000000000..e013e77b4ef --- /dev/null +++ b/usr.bin/skey/skeyinfo.1 @@ -0,0 +1,19 @@ +.\" +.\" $Id: skeyinfo.1,v 1.1 1995/10/18 08:46:08 deraadt Exp $ +.\" +.Dd 9 June 1994 +.Dt SKEYINFO 1 +.Os NetBSD 4 +.Sh NAME +.Nm skeyinfo +.Nd obtain the next S/Key challenge for a user +.Sh SYNOPSIS +.Nm skeyinfo +.Op Ar user +.Sh DESCRIPTION +.Nm skeyinfo +prints out the next S/Key challenge for the specified user or for the +current user if no user is specified. +.Sh SEE ALSO +.Xr skeyinit 1 , +.Xr skey 1 diff --git a/usr.bin/skey/skeyinfo.sh b/usr.bin/skey/skeyinfo.sh new file mode 100644 index 00000000000..bca1e319dc5 --- /dev/null +++ b/usr.bin/skey/skeyinfo.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# $Id: skeyinfo.sh,v 1.1 1995/10/18 08:46:08 deraadt Exp $ +# search /etc/skeykeys for the skey string for +# this user OR user specified in 1st parameter + +if [ -z "$1" ] +then + WHO=`/usr/bin/whoami` +else + WHO=$1 +fi +if [ -f /etc/skeykeys ] +then + SKEYINFO=`/usr/bin/grep "^$WHO[ ]" /etc/skeykeys` +else + SKEYINFO=`cat /etc/skeykeys|/usr/bin/grep "^$WHO[ ]"` +fi +echo $SKEYINFO|/usr/bin/awk '{print $2-1,$3}' |