summaryrefslogtreecommitdiff
path: root/usr.bin/skeyinfo
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2001-06-17 22:44:52 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2001-06-17 22:44:52 +0000
commitf7af1085deb6d0912133129e632f7b34ce76d83d (patch)
treed762d4ae839a9d4995aae7eb657e5e883875758f /usr.bin/skeyinfo
parent165f6244b7a8471135032e0ef7338c634c3e858c (diff)
Use BSD authentication to retrieve the challenge so we no longer require
suid root.
Diffstat (limited to 'usr.bin/skeyinfo')
-rw-r--r--usr.bin/skeyinfo/Makefile8
-rw-r--r--usr.bin/skeyinfo/skeyinfo.17
-rw-r--r--usr.bin/skeyinfo/skeyinfo.c53
3 files changed, 37 insertions, 31 deletions
diff --git a/usr.bin/skeyinfo/Makefile b/usr.bin/skeyinfo/Makefile
index 1ca0f5836ec..72c534bb4f4 100644
--- a/usr.bin/skeyinfo/Makefile
+++ b/usr.bin/skeyinfo/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.2 1997/09/21 11:50:53 deraadt Exp $
+# $OpenBSD: Makefile,v 1.3 2001/06/17 22:44:50 millert Exp $
PROG= skeyinfo
+
BINOWN= root
-BINMODE=4555
-DPADD= ${LIBSKEY}
-LDADD= -lskey
+BINGRP= auth
+BINMODE=2555
.include <bsd.prog.mk>
diff --git a/usr.bin/skeyinfo/skeyinfo.1 b/usr.bin/skeyinfo/skeyinfo.1
index 7e1d4f29528..248c87b736c 100644
--- a/usr.bin/skeyinfo/skeyinfo.1
+++ b/usr.bin/skeyinfo/skeyinfo.1
@@ -1,6 +1,6 @@
-.\" $OpenBSD: skeyinfo.1,v 1.3 2000/03/11 21:40:02 aaron Exp $
+.\" $OpenBSD: skeyinfo.1,v 1.4 2001/06/17 22:44:51 millert Exp $
.\"
-.Dd 22 July 1997
+.Dd 17 June 2001
.Dt SKEYINFO 1
.Os
.Sh NAME
@@ -28,3 +28,6 @@ an untrusted network (perhaps for use at a conference).
.Sh SEE ALSO
.Xr skey 1 ,
.Xr skeyinit 1
+.Sh CAVEATS
+If the user does not have an entry in the S/Key database a fake
+challenge will be printed.
diff --git a/usr.bin/skeyinfo/skeyinfo.c b/usr.bin/skeyinfo/skeyinfo.c
index 38b3046fc9d..fbf150aaac6 100644
--- a/usr.bin/skeyinfo/skeyinfo.c
+++ b/usr.bin/skeyinfo/skeyinfo.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $ */
+/* $OpenBSD: skeyinfo.c,v 1.7 2001/06/17 22:44:51 millert Exp $ */
/*
- * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1997, 2001 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -28,14 +28,13 @@
*/
#include <err.h>
-#include <limits.h>
-#include <paths.h>
#include <pwd.h>
#include <stdio.h>
-#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <skey.h>
+#include <login_cap.h>
+#include <bsd_auth.h>
extern char *__progname;
@@ -47,12 +46,9 @@ main(argc, argv)
char **argv;
{
struct passwd *pw;
- struct skey key;
- char *name = NULL;
- int error, ch, verbose = 0;
-
- if (geteuid() != 0)
- errx(1, "must be setuid root");
+ char *challenge, *cp, *name = NULL;
+ int ch, verbose = 0;
+ auth_session_t *as;
while ((ch = getopt(argc, argv, "v")) != -1)
switch(ch) {
@@ -84,22 +80,29 @@ main(argc, argv)
if ((name = strdup(pw->pw_name)) == NULL)
err(1, "cannot allocate memory");
- error = skeylookup(&key, name);
- switch (error) {
- case 0: /* Success! */
- if (verbose)
- (void)printf("otp-%s ", skey_get_algorithm());
- (void)printf("%d %s\n", key.n - 1, key.seed);
- break;
- case -1: /* File error */
- warn("cannot open %s", _PATH_SKEYKEYS);
- break;
- case 1: /* Unknown user */
- warnx("%s is not listed in %s", name, _PATH_SKEYKEYS);
+ as = auth_userchallenge(name, "skey", NULL, &challenge);
+ if (as == NULL || challenge == NULL) {
+ auth_close(as);
+ errx(1, "unable to retrieve S/Key challenge for %s", name);
}
- (void)fclose(key.keyfile);
- exit(error ? 1 : 0);
+ /*
+ * We only want the first line of the challenge so stop after a newline.
+ * If the user wants the full challenge including the hash type
+ * or if the challenge didn't start with 'otp-', print it verbatim.
+ * Otherwise, strip off the first word.
+ */
+ if ((cp = strchr(challenge, '\n')))
+ *cp = '\0';
+ cp = strchr(challenge, ' ');
+ if (verbose || *challenge != 'o' || !cp)
+ cp = challenge;
+ else
+ cp++;
+ puts(cp);
+
+ auth_close(as);
+ exit(0);
}
void