diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 1996-09-27 15:49:05 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 1996-09-27 15:49:05 +0000 |
commit | 8edcd4fa25be7179e62fbd36ec2f4f8e94eb02a3 (patch) | |
tree | 4663699ba088e5a3703c1499033f91ab3ac854cd /usr.bin/skeyinit | |
parent | b674dda6b7a4813826adae380fdbb5f213fa9a59 (diff) |
Now can deal with both MD4 and MD5 s/key's.
Diffstat (limited to 'usr.bin/skeyinit')
-rw-r--r-- | usr.bin/skeyinit/Makefile | 3 | ||||
-rw-r--r-- | usr.bin/skeyinit/skeyinit.1 | 8 | ||||
-rw-r--r-- | usr.bin/skeyinit/skeyinit.c | 250 |
3 files changed, 146 insertions, 115 deletions
diff --git a/usr.bin/skeyinit/Makefile b/usr.bin/skeyinit/Makefile index 48ae357529b..18d8ae82f41 100644 --- a/usr.bin/skeyinit/Makefile +++ b/usr.bin/skeyinit/Makefile @@ -1,9 +1,8 @@ -# $OpenBSD: Makefile,v 1.3 1996/06/26 05:39:23 deraadt Exp $ +# $OpenBSD: Makefile,v 1.4 1996/09/27 15:49:03 millert Exp $ PROG= skeyinit BINOWN=root BINMODE=4555 -CFLAGS+= -I${.CURDIR}/../../lib/libskey #DPADD= ${LIBCRYPT} ${LIBSKEY} DPADD= ${LIBSKEY} #LDADD= -lcrypt -lskey diff --git a/usr.bin/skeyinit/skeyinit.1 b/usr.bin/skeyinit/skeyinit.1 index 8a66b88d463..7192b797506 100644 --- a/usr.bin/skeyinit/skeyinit.1 +++ b/usr.bin/skeyinit/skeyinit.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: skeyinit.1,v 1.3 1996/06/26 05:39:23 deraadt Exp $ +.\" $OpenBSD: skeyinit.1,v 1.4 1996/09/27 15:49:03 millert Exp $ .\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $ .\" @(#)skeyinit.1 1.1 10/28/93 .\" @@ -21,6 +21,8 @@ You should use a secure login connection to generate your first one time password. .Sh OPTIONS .Bl -tag -width Ds +.It Fl x +displays pass phrase in hexidecimal instead of ASCII. .It Fl s allows the user to set the seed and count for complete control of the parameters. @@ -35,6 +37,10 @@ allows the user to zero their S/Key entry. .It Ar user the username to be changed/added. By default the current user is operated on. +.It Fl 4 +Selects MD4 as the hash algorithm. +.It Fl 5 +Selects MD5 as the hash algorithm. .Sh FILES .Bl -tag -width /etc/skeykeys .It Pa /etc/skeykeys diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c index 193ca0d8f1d..98f4e935ea2 100644 --- a/usr.bin/skeyinit/skeyinit.c +++ b/usr.bin/skeyinit/skeyinit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeyinit.c,v 1.3 1996/06/26 05:39:24 deraadt Exp $ */ +/* $OpenBSD: skeyinit.c,v 1.4 1996/09/27 15:49:04 millert Exp $ */ /* $NetBSD: skeyinit.c,v 1.6 1995/06/05 19:50:48 pk Exp $ */ /* S/KEY v1.1b (skeyinit.c) @@ -24,218 +24,244 @@ #include <unistd.h> #include <time.h> #include <ctype.h> +#include <skey.h> -#include "skey.h" - -#define NAMELEN 2 - -int skeylookup __ARGS((struct skey * mp, char *name)); -int skeyzero __ARGS((struct skey * mp, char *name)); +#ifndef SKEY_MAXSEQ +#define SKEY_MAXSEQ 10000 +#endif +#ifndef SKEY_NAMELEN +#define SKEY_NAMELEN 4 +#endif +#ifndef SKEY_MIN_PW_LEN +#define SKEY_MIN_PW_LEN 4 +#endif int main(argc, argv) int argc; char *argv[]; { - int rval, n, nn, i, defaultsetup, l, zerokey = 0; + int rval, n, nn, i, l, md=0, defaultsetup=1, zerokey=0, hexmode=0; time_t now; char hostname[MAXHOSTNAMELEN]; char seed[18], tmp[80], key[8], defaultseed[17]; char passwd[256], passwd2[256], tbuf[27], buf[60]; - char lastc, me[80], user[8], *salt, *p, *pw; + char lastc, me[80], *salt, *p, *pw; struct skey skey; struct passwd *pp; struct tm *tm; - time(&now); + if (geteuid() != 0) + errx(1, "must be setuid root."); + + (void)time(&now); tm = localtime(&now); - strftime(tbuf, sizeof(tbuf), "%M%j", tm); + (void)strftime(tbuf, sizeof(tbuf), "%M%j", tm); if (gethostname(hostname, sizeof(hostname)) < 0) err(1, "gethostname"); - strncpy(defaultseed, hostname, sizeof(defaultseed)- 1); - defaultseed[4] = '\0'; - strncat(defaultseed, tbuf, sizeof(defaultseed) - 5); + (void)strncpy(defaultseed, hostname, sizeof(defaultseed) - 1); + defaultseed[SKEY_NAMELEN] = '\0'; + (void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5); if ((pp = getpwuid(getuid())) == NULL) err(1, "no user with uid %d", getuid()); - strcpy(me, pp->pw_name); + (void)strcpy(me, pp->pw_name); if ((pp = getpwnam(me)) == NULL) err(1, "Who are you?"); - defaultsetup = 1; - for (i=1; i < argc; i++) { - if (strcmp("-s", argv[i]) == 0) - defaultsetup = 0; - else if (strcmp("-z", argv[i]) == 0) - zerokey = 1; - else { - pp = getpwnam(argv[i]); - break; + while ((i = getopt(argc, argv, "sxz45")) != EOF) { + switch (i) { + case 's': + defaultsetup = 0; + break; + case 'x': + hexmode = 1; + break; + case 'z': + zerokey = 1; + break; + case '4': + md = 4; + break; + case '5': + md = 5; + break; } } - if (pp == NULL) { - err(1, "User unknown"); - } - if (strcmp(pp->pw_name, me) != 0) { - if (getuid() != 0) { - /* Only root can change other's passwds */ - printf("Permission denied.\n"); - exit(1); + if (argc - optind > 1) { + (void)fprintf(stderr, + "Usage: %s [-s] [-x] [-z] [-4|-5] [user]\n", argv[0]); + exit(1); + } else if (argv[optind]) { + if ((pp = getpwnam(argv[optind])) == NULL) + err(1, "User unknown"); + + if (strcmp(pp->pw_name, me) != 0) { + if (getuid() != 0) { + /* Only root can change other's passwds */ + errx(1, "Permission denied."); + } } } salt = pp->pw_passwd; - setpriority(PRIO_PROCESS, 0, -4); + (void)setpriority(PRIO_PROCESS, 0, -4); if (getuid() != 0) { - setpriority(PRIO_PROCESS, 0, -4); + (void)setpriority(PRIO_PROCESS, 0, -4); pw = getpass("Password:"); p = crypt(pw, salt); - setpriority(PRIO_PROCESS, 0, 0); + (void)setpriority(PRIO_PROCESS, 0, 0); - if (pp && strcmp(p, pp->pw_passwd)) { - printf("Password incorrect.\n"); - exit(1); - } + if (pp && strcmp(p, pp->pw_passwd)) + errx(1, "Password incorrect."); } + rval = skeylookup(&skey, pp->pw_name); switch (rval) { - case -1: - err(1, "cannot open database"); - case 0: - /* comment out user if asked to */ - if (zerokey) - exit(skeyzero(&skey, pp->pw_name)); - - printf("[Updating %s]\n", pp->pw_name); - printf("Old key: %s\n", skey.seed); - - /* - * lets be nice if they have a skey.seed that - * ends in 0-8 just add one - */ - l = strlen(skey.seed); - if (l > 0) { - lastc = skey.seed[l - 1]; - if (isdigit(lastc) && lastc != '9') { - strcpy(defaultseed, skey.seed); - defaultseed[l - 1] = lastc + 1; - } - if (isdigit(lastc) && lastc == '9' && l < 16) { - strcpy(defaultseed, skey.seed); - defaultseed[l - 1] = '0'; - defaultseed[l] = '0'; - defaultseed[l + 1] = '\0'; + case -1: + err(1, "cannot open database"); + case 0: + /* comment out user if asked to */ + if (zerokey) + exit(skeyzero(&skey, pp->pw_name)); + + (void)printf("[Updating %s]\n", pp->pw_name); + (void)printf("Old key: %s\n", skey.seed); + + /* + * Lets be nice if they have a skey.seed that + * ends in 0-8 just add one + */ + l = strlen(skey.seed); + if (l > 0) { + lastc = skey.seed[l - 1]; + if (isdigit(lastc) && lastc != '9') { + (void)strcpy(defaultseed, skey.seed); + defaultseed[l - 1] = lastc + 1; + } + if (isdigit(lastc) && lastc == '9' && l < 16) { + (void)strcpy(defaultseed, skey.seed); + defaultseed[l - 1] = '0'; + defaultseed[l] = '0'; + defaultseed[l + 1] = '\0'; + } } - } - break; - case 1: - if (zerokey) { - printf("You have no entry to zero.\n"); - exit(1); - } - printf("[Adding %s]\n", pp->pw_name); - break; + break; + case 1: + if (zerokey) + errx(1, "You have no entry to zero."); + (void)printf("[Adding %s]\n", pp->pw_name); + break; } n = 99; + /* Set MDX (currently 4 or 5) if given the option */ + if (md) + skey_set_MDX(md); + if (!defaultsetup) { - printf("You need the 6 english words generated from the \"key\" command.\n"); + (void)printf("You need the 6 english words generated from the \"skey\" command.\n"); for (i = 0;; i++) { if (i >= 2) exit(1); - printf("Enter sequence count from 1 to 10000: "); - fgets(tmp, sizeof(tmp), stdin); + (void)printf("Enter sequence count from 1 to %d: ", + SKEY_MAXSEQ); + (void)fgets(tmp, sizeof(tmp), stdin); n = atoi(tmp); - if (n > 0 && n < 10000) + if (n > 0 && n < SKEY_MAXSEQ) break; /* Valid range */ - printf("\n Error: Count must be > 0 and < 10000\n"); + (void)printf("\n Error: Count must be > 0 and < %d\n", + SKEY_MAXSEQ); } - } - if (!defaultsetup) { - printf("Enter new key [default %s]: ", defaultseed); - fflush(stdout); - fgets(seed, sizeof(seed), stdin); + + (void)printf("Enter new key [default %s]: ", defaultseed); + (void)fflush(stdout); + (void)fgets(seed, sizeof(seed), stdin); rip(seed); if (strlen(seed) > 16) { - printf("Notice: Seed truncated to 16 characters.\n"); + (void)puts("Notice: Seed truncated to 16 characters."); seed[16] = '\0'; } if (seed[0] == '\0') - strcpy(seed, defaultseed); + (void)strcpy(seed, defaultseed); for (i = 0;; i++) { if (i >= 2) exit(1); - printf("s/key %d %s\ns/key access password: ", n, seed); - fgets(tmp, sizeof(tmp), stdin); + (void)printf("s/key %d %s\ns/key access password: ", + n, seed); + (void)fgets(tmp, sizeof(tmp), stdin); rip(tmp); backspace(tmp); if (tmp[0] == '?') { - printf("Enter 6 English words from secure S/Key calculation.\n"); + (void)puts("Enter 6 English words from secure S/Key calculation."); continue; - } - if (tmp[0] == '\0') { + } else if (tmp[0] == '\0') exit(1); - } if (etob(key, tmp) == 1 || atob8(key, tmp) == 0) break; /* Valid format */ - printf("Invalid format - try again with 6 English words.\n"); + (void)puts("Invalid format - try again with 6 English words."); } } else { /* Get user's secret password */ + fputs("Reminder - Only use this method if you are directly connected\n or have an encrypted channel. If you are using telnet\n or rlogin, exit with no password and use keyinit -s.\n", stderr); + for (i = 0;; i++) { - if (i >= 2) + if (i > 2) exit(1); - printf("Enter secret password: "); + (void)fputs("Enter secret password: ", stderr); readpass(passwd, sizeof(passwd)); if (passwd[0] == '\0') exit(1); - printf("Again secret password: "); + if (strlen(passwd) < SKEY_MIN_PW_LEN) { + (void)fputs("Your password must be longer.\n", + stderr); + continue; + } + + (void)fputs("Again secret password: ", stderr); readpass(passwd2, sizeof(passwd)); if (passwd2[0] == '\0') exit(1); - if (strlen(passwd) < 4 && strlen(passwd2) < 4) - err(1, "Your password must be longer"); if (strcmp(passwd, passwd2) == 0) break; - printf("Passwords do not match.\n"); + (void)fputs("Passwords do not match.\n", stderr); } - strcpy(seed, defaultseed); /* Crunch seed and password into starting key */ + (void)strcpy(seed, defaultseed); if (keycrunch(key, seed, passwd) != 0) err(2, "key crunch failed"); + nn = n; while (nn-- != 0) f(key); } - time(&now); + (void)time(&now); tm = localtime(&now); - strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); + (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); - skey.val = (char *)malloc(16 + 1); + if ((skey.val = (char *)malloc(16 + 1)) == NULL) + err(1, "Can't allocate memory"); btoa8(skey.val, key); - fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n, - seed, skey.val, tbuf); - fclose(skey.keyfile); - printf("ID %s s/key is %d %s\n", pp->pw_name, n, seed); - printf("Next login password: %s\n", btoe(buf, key)); -#ifdef HEXIN - printf("%s\n", put8(buf, key)); -#endif + (void)fprintf(skey.keyfile, "%s MD%d %04d %-16s %s %-21s\n", + pp->pw_name, skey_get_MDX(), n, seed, skey.val, tbuf); + (void)fclose(skey.keyfile); + (void)printf("\nID %s s/key is %d %s\n", pp->pw_name, n, seed); + (void)printf("Next login password: %s\n", hexmode ? put8(buf, key) : btoe(buf, key)); - exit(1); + exit(0); } |