Replace skeyinfo.sh with a setuid binary (necessary for mode 0600 /etc/skeykeys)

5 files changed, 133 insertions, 23 deletions

diff --git a/usr.bin/skey/Makefile b/usr.bin/skey/Makefile
index f112db4c8de..2563fa06ba9 100644
--- a/usr.bin/skey/Makefile
+++ b/usr.bin/skey/Makefile
@@ -1,7 +1,7 @@
-# $OpenBSD: Makefile,v 1.10 1997/07/17 05:48:39 millert Exp $
+# $OpenBSD: Makefile,v 1.11 1997/07/23 04:10:50 millert Exp $
 
 PROG=	skey
-MAN=	skey.1 skeyinfo.1 skeyaudit.1 skeyprune.8
+MAN=	skey.1 skeyaudit.1 skeyprune.8
 LINKS=	${BINDIR}/skey ${BINDIR}/otp-md4 \
 	${BINDIR}/skey ${BINDIR}/otp-md5 \
 	${BINDIR}/skey ${BINDIR}/otp-sha1 \
@@ -16,8 +16,6 @@ LDADD=	-lskey
 beforeinstall:
 	${INSTALL} ${INSTALL_COPY} -m 755 ${.CURDIR}/skeyaudit.sh \
 		${DESTDIR}${BINDIR}/skeyaudit
-	${INSTALL} ${INSTALL_COPY} -m 755 ${.CURDIR}/skeyinfo.sh \
-		${DESTDIR}${BINDIR}/skeyinfo
 	${INSTALL} ${INSTALL_COPY} -m 755 ${.CURDIR}/skeyprune.pl \
 		${DESTDIR}${BINDIR}/skeyprune
 
diff --git a/usr.bin/skey/skeyinfo.sh b/usr.bin/skey/skeyinfo.sh
deleted file mode 100644
index 33b0b00673b..00000000000
--- a/usr.bin/skey/skeyinfo.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-# $OpenBSD: skeyinfo.sh,v 1.4 1996/09/29 04:46:17 millert Exp $
-# search /etc/skeykeys for the skey string for
-# this user OR user specified in 1st parameter
-
-KEYDB=/etc/skeykeys
-if [ -z "$1" ]; then
-	WHO=`/usr/bin/whoami`
-else
-	WHO=$1
-fi
-
-if [ -f $KEYDB ]; then
-	/usr/bin/awk '/^'$WHO'[ 	]/ { if ($2 ~ /^[A-z]/) { print $3-1, $4} else { print $2-1, $3 } }' < $KEYDB
-fi
diff --git a/usr.bin/skeyinfo/Makefile b/usr.bin/skeyinfo/Makefile
new file mode 100644
index 00000000000..8c59930c648
--- /dev/null
+++ b/usr.bin/skeyinfo/Makefile
@@ -0,0 +1,9 @@
+# $OpenBSD: Makefile,v 1.1 1997/07/23 04:10:52 millert Exp $
+
+PROG=	skeyinfo
+BINOWN=	root
+BINMODE=4555
+DPADD=	${LIBSKEY}
+LDADD=	-lskey
+
+.include <bsd.prog.mk>
diff --git a/usr.bin/skey/skeyinfo.1 b/usr.bin/skeyinfo/skeyinfo.1
index 8cc6630c2c5..ebb516f8d64 100644
--- a/usr.bin/skey/skeyinfo.1
+++ b/usr.bin/skeyinfo/skeyinfo.1
@@ -1,7 +1,6 @@
-.\" $OpenBSD: skeyinfo.1,v 1.4 1996/10/08 01:20:56 michaels Exp $
+.\" $OpenBSD: skeyinfo.1,v 1.1 1997/07/23 04:10:53 millert Exp $
 .\"
-.\"
-.Dd 9 June 1994
+.Dd 22 July 1997
 .Dt SKEYINFO 1
 .Os
 .Sh NAME
@@ -9,11 +8,14 @@
 .Nd obtain the next S/Key challenge for a user
 .Sh SYNOPSIS
 .Nm skeyinfo
+.Op Fl v
 .Op Ar user
 .Sh DESCRIPTION
 .Nm skeyinfo
 prints out the next S/Key challenge for the specified user or for the
-current user if no user is specified.
+current user if no user is specified.  If the
+.Fl v
+flag is given, the hash algorithm is printed as well.
 .Sh EXAMPLE
 % skey -n <number of passwords to print> `skeyinfo` | lpr
 .sp
diff --git a/usr.bin/skeyinfo/skeyinfo.c b/usr.bin/skeyinfo/skeyinfo.c
new file mode 100644
index 00000000000..0f3a94b9ec9
--- /dev/null
+++ b/usr.bin/skeyinfo/skeyinfo.c
@@ -0,0 +1,116 @@
+/*	$OpenBSD: skeyinfo.c,v 1.1 1997/07/23 04:10:53 millert Exp $	*/
+
+/*
+ * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by Todd C. Miller.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <err.h>
+#include <limits.h>
+#include <paths.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <skey.h>
+
+extern char *__progname;
+
+void usage __P((void));
+
+int
+main(argc, argv)
+	int argc;
+	char **argv;
+{
+	struct passwd *pw;
+	struct skey key;
+	char *name = NULL;
+	int errs, ch, verbose = 0;
+
+	if (geteuid() != 0)
+		errx(1, "must be setuid root");
+
+	while ((ch = getopt(argc, argv, "v")) != -1)
+		switch(ch) {
+		case 'v':
+			verbose = 1;
+			break;
+		default:
+			usage();
+	}
+	argc -= optind;
+	argv += optind;
+
+	if (argc == 1)
+		name = argv[0];
+	else if (argc > 1)
+		usage();
+
+	if (name && getuid() != 0)
+		errx(1, "only root may specify an alternate user");
+
+	if (name) {
+		if (strlen(name) > PASS_MAX)
+			errx(1, "username too long (%d chars max)", PASS_MAX);
+		if ((pw = getpwnam(name)) == NULL)
+			errx(1, "no passwd entry for %s", name);
+	} else {
+		if ((pw = getpwuid(getuid())) == NULL)
+			errx(1, "no passwd entry for uid %u", getuid());
+	}
+
+	if ((name = strdup(pw->pw_name)) == NULL)
+		err(1, "cannot allocate memory");
+	sevenbit(name);
+
+	errs = skeylookup(&key, name);
+	switch (errs) {
+		case 0:		/* Success! */
+			if (verbose)
+				(void)printf("otp-%s ", skey_get_algorithm());
+			(void)printf("%d %s\n", key.n - 1, key.seed);
+			break;
+		case -1:	/* File error */
+			/* XXX - _PATH_SKEYFILE should be in paths.h? */
+			warnx("cannot open /etc/skeykeys");
+			break;
+		case 1:		/* Unknown user */
+			warnx("%s is not listed in /etc/skeykeys", name);
+	}
+
+	return(errs);
+}
+
+void
+usage()
+{
+	(void)fprintf(stderr, "Usage: %s [-v] [user]\n", __progname);
+	exit(1);
+}