summaryrefslogtreecommitdiff
path: root/usr.bin/skeyinit
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>1996-09-27 15:49:05 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>1996-09-27 15:49:05 +0000
commit8edcd4fa25be7179e62fbd36ec2f4f8e94eb02a3 (patch)
tree4663699ba088e5a3703c1499033f91ab3ac854cd /usr.bin/skeyinit
parentb674dda6b7a4813826adae380fdbb5f213fa9a59 (diff)
Now can deal with both MD4 and MD5 s/key's.
Diffstat (limited to 'usr.bin/skeyinit')
-rw-r--r--usr.bin/skeyinit/Makefile3
-rw-r--r--usr.bin/skeyinit/skeyinit.18
-rw-r--r--usr.bin/skeyinit/skeyinit.c250
3 files changed, 146 insertions, 115 deletions
diff --git a/usr.bin/skeyinit/Makefile b/usr.bin/skeyinit/Makefile
index 48ae357529b..18d8ae82f41 100644
--- a/usr.bin/skeyinit/Makefile
+++ b/usr.bin/skeyinit/Makefile
@@ -1,9 +1,8 @@
-# $OpenBSD: Makefile,v 1.3 1996/06/26 05:39:23 deraadt Exp $
+# $OpenBSD: Makefile,v 1.4 1996/09/27 15:49:03 millert Exp $
PROG= skeyinit
BINOWN=root
BINMODE=4555
-CFLAGS+= -I${.CURDIR}/../../lib/libskey
#DPADD= ${LIBCRYPT} ${LIBSKEY}
DPADD= ${LIBSKEY}
#LDADD= -lcrypt -lskey
diff --git a/usr.bin/skeyinit/skeyinit.1 b/usr.bin/skeyinit/skeyinit.1
index 8a66b88d463..7192b797506 100644
--- a/usr.bin/skeyinit/skeyinit.1
+++ b/usr.bin/skeyinit/skeyinit.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: skeyinit.1,v 1.3 1996/06/26 05:39:23 deraadt Exp $
+.\" $OpenBSD: skeyinit.1,v 1.4 1996/09/27 15:49:03 millert Exp $
.\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
.\" @(#)skeyinit.1 1.1 10/28/93
.\"
@@ -21,6 +21,8 @@ You should use a secure login connection to generate
your first one time password.
.Sh OPTIONS
.Bl -tag -width Ds
+.It Fl x
+displays pass phrase in hexidecimal instead of ASCII.
.It Fl s
allows the user to set the seed and count for complete control
of the parameters.
@@ -35,6 +37,10 @@ allows the user to zero their S/Key entry.
.It Ar user
the username to be changed/added. By default the current user is
operated on.
+.It Fl 4
+Selects MD4 as the hash algorithm.
+.It Fl 5
+Selects MD5 as the hash algorithm.
.Sh FILES
.Bl -tag -width /etc/skeykeys
.It Pa /etc/skeykeys
diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c
index 193ca0d8f1d..98f4e935ea2 100644
--- a/usr.bin/skeyinit/skeyinit.c
+++ b/usr.bin/skeyinit/skeyinit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: skeyinit.c,v 1.3 1996/06/26 05:39:24 deraadt Exp $ */
+/* $OpenBSD: skeyinit.c,v 1.4 1996/09/27 15:49:04 millert Exp $ */
/* $NetBSD: skeyinit.c,v 1.6 1995/06/05 19:50:48 pk Exp $ */
/* S/KEY v1.1b (skeyinit.c)
@@ -24,218 +24,244 @@
#include <unistd.h>
#include <time.h>
#include <ctype.h>
+#include <skey.h>
-#include "skey.h"
-
-#define NAMELEN 2
-
-int skeylookup __ARGS((struct skey * mp, char *name));
-int skeyzero __ARGS((struct skey * mp, char *name));
+#ifndef SKEY_MAXSEQ
+#define SKEY_MAXSEQ 10000
+#endif
+#ifndef SKEY_NAMELEN
+#define SKEY_NAMELEN 4
+#endif
+#ifndef SKEY_MIN_PW_LEN
+#define SKEY_MIN_PW_LEN 4
+#endif
int
main(argc, argv)
int argc;
char *argv[];
{
- int rval, n, nn, i, defaultsetup, l, zerokey = 0;
+ int rval, n, nn, i, l, md=0, defaultsetup=1, zerokey=0, hexmode=0;
time_t now;
char hostname[MAXHOSTNAMELEN];
char seed[18], tmp[80], key[8], defaultseed[17];
char passwd[256], passwd2[256], tbuf[27], buf[60];
- char lastc, me[80], user[8], *salt, *p, *pw;
+ char lastc, me[80], *salt, *p, *pw;
struct skey skey;
struct passwd *pp;
struct tm *tm;
- time(&now);
+ if (geteuid() != 0)
+ errx(1, "must be setuid root.");
+
+ (void)time(&now);
tm = localtime(&now);
- strftime(tbuf, sizeof(tbuf), "%M%j", tm);
+ (void)strftime(tbuf, sizeof(tbuf), "%M%j", tm);
if (gethostname(hostname, sizeof(hostname)) < 0)
err(1, "gethostname");
- strncpy(defaultseed, hostname, sizeof(defaultseed)- 1);
- defaultseed[4] = '\0';
- strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
+ (void)strncpy(defaultseed, hostname, sizeof(defaultseed) - 1);
+ defaultseed[SKEY_NAMELEN] = '\0';
+ (void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
if ((pp = getpwuid(getuid())) == NULL)
err(1, "no user with uid %d", getuid());
- strcpy(me, pp->pw_name);
+ (void)strcpy(me, pp->pw_name);
if ((pp = getpwnam(me)) == NULL)
err(1, "Who are you?");
- defaultsetup = 1;
- for (i=1; i < argc; i++) {
- if (strcmp("-s", argv[i]) == 0)
- defaultsetup = 0;
- else if (strcmp("-z", argv[i]) == 0)
- zerokey = 1;
- else {
- pp = getpwnam(argv[i]);
- break;
+ while ((i = getopt(argc, argv, "sxz45")) != EOF) {
+ switch (i) {
+ case 's':
+ defaultsetup = 0;
+ break;
+ case 'x':
+ hexmode = 1;
+ break;
+ case 'z':
+ zerokey = 1;
+ break;
+ case '4':
+ md = 4;
+ break;
+ case '5':
+ md = 5;
+ break;
}
}
- if (pp == NULL) {
- err(1, "User unknown");
- }
- if (strcmp(pp->pw_name, me) != 0) {
- if (getuid() != 0) {
- /* Only root can change other's passwds */
- printf("Permission denied.\n");
- exit(1);
+ if (argc - optind > 1) {
+ (void)fprintf(stderr,
+ "Usage: %s [-s] [-x] [-z] [-4|-5] [user]\n", argv[0]);
+ exit(1);
+ } else if (argv[optind]) {
+ if ((pp = getpwnam(argv[optind])) == NULL)
+ err(1, "User unknown");
+
+ if (strcmp(pp->pw_name, me) != 0) {
+ if (getuid() != 0) {
+ /* Only root can change other's passwds */
+ errx(1, "Permission denied.");
+ }
}
}
salt = pp->pw_passwd;
- setpriority(PRIO_PROCESS, 0, -4);
+ (void)setpriority(PRIO_PROCESS, 0, -4);
if (getuid() != 0) {
- setpriority(PRIO_PROCESS, 0, -4);
+ (void)setpriority(PRIO_PROCESS, 0, -4);
pw = getpass("Password:");
p = crypt(pw, salt);
- setpriority(PRIO_PROCESS, 0, 0);
+ (void)setpriority(PRIO_PROCESS, 0, 0);
- if (pp && strcmp(p, pp->pw_passwd)) {
- printf("Password incorrect.\n");
- exit(1);
- }
+ if (pp && strcmp(p, pp->pw_passwd))
+ errx(1, "Password incorrect.");
}
+
rval = skeylookup(&skey, pp->pw_name);
switch (rval) {
- case -1:
- err(1, "cannot open database");
- case 0:
- /* comment out user if asked to */
- if (zerokey)
- exit(skeyzero(&skey, pp->pw_name));
-
- printf("[Updating %s]\n", pp->pw_name);
- printf("Old key: %s\n", skey.seed);
-
- /*
- * lets be nice if they have a skey.seed that
- * ends in 0-8 just add one
- */
- l = strlen(skey.seed);
- if (l > 0) {
- lastc = skey.seed[l - 1];
- if (isdigit(lastc) && lastc != '9') {
- strcpy(defaultseed, skey.seed);
- defaultseed[l - 1] = lastc + 1;
- }
- if (isdigit(lastc) && lastc == '9' && l < 16) {
- strcpy(defaultseed, skey.seed);
- defaultseed[l - 1] = '0';
- defaultseed[l] = '0';
- defaultseed[l + 1] = '\0';
+ case -1:
+ err(1, "cannot open database");
+ case 0:
+ /* comment out user if asked to */
+ if (zerokey)
+ exit(skeyzero(&skey, pp->pw_name));
+
+ (void)printf("[Updating %s]\n", pp->pw_name);
+ (void)printf("Old key: %s\n", skey.seed);
+
+ /*
+ * Lets be nice if they have a skey.seed that
+ * ends in 0-8 just add one
+ */
+ l = strlen(skey.seed);
+ if (l > 0) {
+ lastc = skey.seed[l - 1];
+ if (isdigit(lastc) && lastc != '9') {
+ (void)strcpy(defaultseed, skey.seed);
+ defaultseed[l - 1] = lastc + 1;
+ }
+ if (isdigit(lastc) && lastc == '9' && l < 16) {
+ (void)strcpy(defaultseed, skey.seed);
+ defaultseed[l - 1] = '0';
+ defaultseed[l] = '0';
+ defaultseed[l + 1] = '\0';
+ }
}
- }
- break;
- case 1:
- if (zerokey) {
- printf("You have no entry to zero.\n");
- exit(1);
- }
- printf("[Adding %s]\n", pp->pw_name);
- break;
+ break;
+ case 1:
+ if (zerokey)
+ errx(1, "You have no entry to zero.");
+ (void)printf("[Adding %s]\n", pp->pw_name);
+ break;
}
n = 99;
+ /* Set MDX (currently 4 or 5) if given the option */
+ if (md)
+ skey_set_MDX(md);
+
if (!defaultsetup) {
- printf("You need the 6 english words generated from the \"key\" command.\n");
+ (void)printf("You need the 6 english words generated from the \"skey\" command.\n");
for (i = 0;; i++) {
if (i >= 2)
exit(1);
- printf("Enter sequence count from 1 to 10000: ");
- fgets(tmp, sizeof(tmp), stdin);
+ (void)printf("Enter sequence count from 1 to %d: ",
+ SKEY_MAXSEQ);
+ (void)fgets(tmp, sizeof(tmp), stdin);
n = atoi(tmp);
- if (n > 0 && n < 10000)
+ if (n > 0 && n < SKEY_MAXSEQ)
break; /* Valid range */
- printf("\n Error: Count must be > 0 and < 10000\n");
+ (void)printf("\n Error: Count must be > 0 and < %d\n",
+ SKEY_MAXSEQ);
}
- }
- if (!defaultsetup) {
- printf("Enter new key [default %s]: ", defaultseed);
- fflush(stdout);
- fgets(seed, sizeof(seed), stdin);
+
+ (void)printf("Enter new key [default %s]: ", defaultseed);
+ (void)fflush(stdout);
+ (void)fgets(seed, sizeof(seed), stdin);
rip(seed);
if (strlen(seed) > 16) {
- printf("Notice: Seed truncated to 16 characters.\n");
+ (void)puts("Notice: Seed truncated to 16 characters.");
seed[16] = '\0';
}
if (seed[0] == '\0')
- strcpy(seed, defaultseed);
+ (void)strcpy(seed, defaultseed);
for (i = 0;; i++) {
if (i >= 2)
exit(1);
- printf("s/key %d %s\ns/key access password: ", n, seed);
- fgets(tmp, sizeof(tmp), stdin);
+ (void)printf("s/key %d %s\ns/key access password: ",
+ n, seed);
+ (void)fgets(tmp, sizeof(tmp), stdin);
rip(tmp);
backspace(tmp);
if (tmp[0] == '?') {
- printf("Enter 6 English words from secure S/Key calculation.\n");
+ (void)puts("Enter 6 English words from secure S/Key calculation.");
continue;
- }
- if (tmp[0] == '\0') {
+ } else if (tmp[0] == '\0')
exit(1);
- }
if (etob(key, tmp) == 1 || atob8(key, tmp) == 0)
break; /* Valid format */
- printf("Invalid format - try again with 6 English words.\n");
+ (void)puts("Invalid format - try again with 6 English words.");
}
} else {
/* Get user's secret password */
+ fputs("Reminder - Only use this method if you are directly connected\n or have an encrypted channel. If you are using telnet\n or rlogin, exit with no password and use keyinit -s.\n", stderr);
+
for (i = 0;; i++) {
- if (i >= 2)
+ if (i > 2)
exit(1);
- printf("Enter secret password: ");
+ (void)fputs("Enter secret password: ", stderr);
readpass(passwd, sizeof(passwd));
if (passwd[0] == '\0')
exit(1);
- printf("Again secret password: ");
+ if (strlen(passwd) < SKEY_MIN_PW_LEN) {
+ (void)fputs("Your password must be longer.\n",
+ stderr);
+ continue;
+ }
+
+ (void)fputs("Again secret password: ", stderr);
readpass(passwd2, sizeof(passwd));
if (passwd2[0] == '\0')
exit(1);
- if (strlen(passwd) < 4 && strlen(passwd2) < 4)
- err(1, "Your password must be longer");
if (strcmp(passwd, passwd2) == 0)
break;
- printf("Passwords do not match.\n");
+ (void)fputs("Passwords do not match.\n", stderr);
}
- strcpy(seed, defaultseed);
/* Crunch seed and password into starting key */
+ (void)strcpy(seed, defaultseed);
if (keycrunch(key, seed, passwd) != 0)
err(2, "key crunch failed");
+
nn = n;
while (nn-- != 0)
f(key);
}
- time(&now);
+ (void)time(&now);
tm = localtime(&now);
- strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
+ (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
- skey.val = (char *)malloc(16 + 1);
+ if ((skey.val = (char *)malloc(16 + 1)) == NULL)
+ err(1, "Can't allocate memory");
btoa8(skey.val, key);
- fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n,
- seed, skey.val, tbuf);
- fclose(skey.keyfile);
- printf("ID %s s/key is %d %s\n", pp->pw_name, n, seed);
- printf("Next login password: %s\n", btoe(buf, key));
-#ifdef HEXIN
- printf("%s\n", put8(buf, key));
-#endif
+ (void)fprintf(skey.keyfile, "%s MD%d %04d %-16s %s %-21s\n",
+ pp->pw_name, skey_get_MDX(), n, seed, skey.val, tbuf);
+ (void)fclose(skey.keyfile);
+ (void)printf("\nID %s s/key is %d %s\n", pp->pw_name, n, seed);
+ (void)printf("Next login password: %s\n", hexmode ? put8(buf, key) : btoe(buf, key));
- exit(1);
+ exit(0);
}