3 files changed, 146 insertions, 115 deletions

diff --git a/usr.bin/skeyinit/Makefile b/usr.bin/skeyinit/Makefile
index 48ae357529b..18d8ae82f41 100644
--- a/usr.bin/skeyinit/Makefile
+++ b/usr.bin/skeyinit/Makefile
@@ -1,9 +1,8 @@
-# $OpenBSD: Makefile,v 1.3 1996/06/26 05:39:23 deraadt Exp $
+# $OpenBSD: Makefile,v 1.4 1996/09/27 15:49:03 millert Exp $
 
 PROG= skeyinit
 BINOWN=root
 BINMODE=4555
-CFLAGS+= -I${.CURDIR}/../../lib/libskey
 #DPADD=	${LIBCRYPT} ${LIBSKEY}
 DPADD=	${LIBSKEY}
 #LDADD=	-lcrypt -lskey
diff --git a/usr.bin/skeyinit/skeyinit.1 b/usr.bin/skeyinit/skeyinit.1
index 8a66b88d463..7192b797506 100644
--- a/usr.bin/skeyinit/skeyinit.1
+++ b/usr.bin/skeyinit/skeyinit.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: skeyinit.1,v 1.3 1996/06/26 05:39:23 deraadt Exp $
+.\"	$OpenBSD: skeyinit.1,v 1.4 1996/09/27 15:49:03 millert Exp $
 .\"	$NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
 .\"	@(#)skeyinit.1	1.1 	10/28/93
 .\"
@@ -21,6 +21,8 @@ You should use a secure login connection to generate
 your first one time password.
 .Sh OPTIONS
 .Bl -tag -width Ds
+.It Fl x
+displays pass phrase in hexidecimal instead of ASCII.
 .It Fl s
 allows the user to set the seed and count for complete control
 of the parameters.
@@ -35,6 +37,10 @@ allows the user to zero their S/Key entry.
 .It Ar user
 the username to be changed/added. By default the current user is
 operated on.
+.It Fl 4 
+Selects MD4 as the hash algorithm.
+.It Fl 5 
+Selects MD5 as the hash algorithm.
 .Sh FILES
 .Bl -tag -width /etc/skeykeys
 .It Pa /etc/skeykeys
diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c
index 193ca0d8f1d..98f4e935ea2 100644
--- a/usr.bin/skeyinit/skeyinit.c
+++ b/usr.bin/skeyinit/skeyinit.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: skeyinit.c,v 1.3 1996/06/26 05:39:24 deraadt Exp $	*/
+/*	$OpenBSD: skeyinit.c,v 1.4 1996/09/27 15:49:04 millert Exp $	*/
 /*	$NetBSD: skeyinit.c,v 1.6 1995/06/05 19:50:48 pk Exp $	*/
 
 /* S/KEY v1.1b (skeyinit.c)
@@ -24,218 +24,244 @@
 #include <unistd.h>
 #include <time.h>
 #include <ctype.h>
+#include <skey.h>
 
-#include "skey.h"
-
-#define NAMELEN 2
-
-int skeylookup __ARGS((struct skey * mp, char *name));
-int skeyzero __ARGS((struct skey * mp, char *name));
+#ifndef SKEY_MAXSEQ
+#define SKEY_MAXSEQ	10000
+#endif
+#ifndef SKEY_NAMELEN
+#define SKEY_NAMELEN	4
+#endif
+#ifndef SKEY_MIN_PW_LEN
+#define SKEY_MIN_PW_LEN	4
+#endif
 
 int
 main(argc, argv)
 	int     argc;
 	char   *argv[];
 {
-	int     rval, n, nn, i, defaultsetup, l, zerokey = 0;
+	int     rval, n, nn, i, l, md=0, defaultsetup=1, zerokey=0, hexmode=0;
 	time_t  now;
 	char	hostname[MAXHOSTNAMELEN];
 	char    seed[18], tmp[80], key[8], defaultseed[17];
 	char    passwd[256], passwd2[256], tbuf[27], buf[60];
-	char    lastc, me[80], user[8], *salt, *p, *pw;
+	char    lastc, me[80], *salt, *p, *pw;
 	struct skey skey;
 	struct passwd *pp;
 	struct tm *tm;
 
-	time(&now);
+	if (geteuid() != 0)
+		errx(1, "must be setuid root.");
+
+	(void)time(&now);
 	tm = localtime(&now);
-	strftime(tbuf, sizeof(tbuf), "%M%j", tm);
+	(void)strftime(tbuf, sizeof(tbuf), "%M%j", tm);
 
 	if (gethostname(hostname, sizeof(hostname)) < 0)
 		err(1, "gethostname");
-	strncpy(defaultseed, hostname, sizeof(defaultseed)- 1);
-	defaultseed[4] = '\0';
-	strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
+	(void)strncpy(defaultseed, hostname, sizeof(defaultseed) - 1);
+	defaultseed[SKEY_NAMELEN] = '\0';
+	(void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
 
 	if ((pp = getpwuid(getuid())) == NULL)
 		err(1, "no user with uid %d", getuid());
-	strcpy(me, pp->pw_name);
+	(void)strcpy(me, pp->pw_name);
 
 	if ((pp = getpwnam(me)) == NULL)
 		err(1, "Who are you?");
 
-	defaultsetup = 1;
-	for (i=1; i < argc; i++) {
-		if (strcmp("-s", argv[i]) == 0)
-			defaultsetup = 0;
-		else if (strcmp("-z", argv[i]) == 0)
-			zerokey = 1;
-		else {
-			pp = getpwnam(argv[i]);
-			break;
+	while ((i = getopt(argc, argv, "sxz45")) != EOF) {
+		switch (i) {
+			case 's':
+				defaultsetup = 0;
+				break;
+			case 'x':
+				hexmode = 1;
+				break;
+			case 'z':
+				zerokey = 1;
+				break;
+			case '4':
+				md = 4;
+				break;
+			case '5':
+				md = 5;
+				break;
 		}
 	}
-	if (pp == NULL) {
-		err(1, "User unknown");
-	}
-	if (strcmp(pp->pw_name, me) != 0) {
-		if (getuid() != 0) {
-			/* Only root can change other's passwds */
-			printf("Permission denied.\n");
-			exit(1);
+	if (argc - optind  > 1) {
+		(void)fprintf(stderr,
+			"Usage: %s [-s] [-x] [-z] [-4|-5] [user]\n", argv[0]);
+		exit(1);
+	} else if (argv[optind]) {
+		if ((pp = getpwnam(argv[optind])) == NULL)
+			err(1, "User unknown");
+
+		if (strcmp(pp->pw_name, me) != 0) {
+			if (getuid() != 0) {
+				/* Only root can change other's passwds */
+				errx(1, "Permission denied.");
+			}
 		}
 	}
 	salt = pp->pw_passwd;
 
-	setpriority(PRIO_PROCESS, 0, -4);
+	(void)setpriority(PRIO_PROCESS, 0, -4);
 
 	if (getuid() != 0) {
-		setpriority(PRIO_PROCESS, 0, -4);
+		(void)setpriority(PRIO_PROCESS, 0, -4);
 
 		pw = getpass("Password:");
 		p = crypt(pw, salt);
 
-		setpriority(PRIO_PROCESS, 0, 0);
+		(void)setpriority(PRIO_PROCESS, 0, 0);
 
-		if (pp && strcmp(p, pp->pw_passwd)) {
-			printf("Password incorrect.\n");
-			exit(1);
-		}
+		if (pp && strcmp(p, pp->pw_passwd))
+			errx(1, "Password incorrect.");
 	}
+
 	rval = skeylookup(&skey, pp->pw_name);
 	switch (rval) {
-	case -1:
-		err(1, "cannot open database");
-	case 0:
-		/* comment out user if asked to */
-		if (zerokey)
-			exit(skeyzero(&skey, pp->pw_name));
-
-		printf("[Updating %s]\n", pp->pw_name);
-		printf("Old key: %s\n", skey.seed);
-
-		/*
-		 * lets be nice if they have a skey.seed that
-		 * ends in 0-8 just add one
-		 */
-		l = strlen(skey.seed);
-		if (l > 0) {
-			lastc = skey.seed[l - 1];
-			if (isdigit(lastc) && lastc != '9') {
-				strcpy(defaultseed, skey.seed);
-				defaultseed[l - 1] = lastc + 1;
-			}
-			if (isdigit(lastc) && lastc == '9' && l < 16) {
-				strcpy(defaultseed, skey.seed);
-				defaultseed[l - 1] = '0';
-				defaultseed[l] = '0';
-				defaultseed[l + 1] = '\0';
+		case -1:
+			err(1, "cannot open database");
+		case 0:
+			/* comment out user if asked to */
+			if (zerokey)
+				exit(skeyzero(&skey, pp->pw_name));
+
+			(void)printf("[Updating %s]\n", pp->pw_name);
+			(void)printf("Old key: %s\n", skey.seed);
+
+			/*
+			 * Lets be nice if they have a skey.seed that
+			 * ends in 0-8 just add one
+			 */
+			l = strlen(skey.seed);
+			if (l > 0) {
+				lastc = skey.seed[l - 1];
+				if (isdigit(lastc) && lastc != '9') {
+					(void)strcpy(defaultseed, skey.seed);
+					defaultseed[l - 1] = lastc + 1;
+				}
+				if (isdigit(lastc) && lastc == '9' && l < 16) {
+					(void)strcpy(defaultseed, skey.seed);
+					defaultseed[l - 1] = '0';
+					defaultseed[l] = '0';
+					defaultseed[l + 1] = '\0';
+				}
 			}
-		}
-		break;
-	case 1:
-		if (zerokey) {
-			printf("You have no entry to zero.\n");
-			exit(1);
-		}
-		printf("[Adding %s]\n", pp->pw_name);
-		break;
+			break;
+		case 1:
+			if (zerokey)
+				errx(1, "You have no entry to zero.");
+			(void)printf("[Adding %s]\n", pp->pw_name);
+			break;
 	}
 	n = 99;
 
+	/* Set MDX (currently 4 or 5) if given the option */
+	if (md)
+		skey_set_MDX(md);
+
 	if (!defaultsetup) {
-		printf("You need the 6 english words generated from the \"key\" command.\n");
+		(void)printf("You need the 6 english words generated from the \"skey\" command.\n");
 		for (i = 0;; i++) {
 			if (i >= 2)
 				exit(1);
-			printf("Enter sequence count from 1 to 10000: ");
-			fgets(tmp, sizeof(tmp), stdin);
+			(void)printf("Enter sequence count from 1 to %d: ",
+				     SKEY_MAXSEQ);
+			(void)fgets(tmp, sizeof(tmp), stdin);
 			n = atoi(tmp);
-			if (n > 0 && n < 10000)
+			if (n > 0 && n < SKEY_MAXSEQ)
 				break;	/* Valid range */
-			printf("\n Error: Count must be > 0 and < 10000\n");
+			(void)printf("\n Error: Count must be > 0 and < %d\n",
+				     SKEY_MAXSEQ);
 		}
-	}
-	if (!defaultsetup) {
-		printf("Enter new key [default %s]: ", defaultseed);
-		fflush(stdout);
-		fgets(seed, sizeof(seed), stdin);
+
+		(void)printf("Enter new key [default %s]: ", defaultseed);
+		(void)fflush(stdout);
+		(void)fgets(seed, sizeof(seed), stdin);
 		rip(seed);
 		if (strlen(seed) > 16) {
-			printf("Notice: Seed truncated to 16 characters.\n");
+			(void)puts("Notice: Seed truncated to 16 characters.");
 			seed[16] = '\0';
 		}
 		if (seed[0] == '\0')
-			strcpy(seed, defaultseed);
+			(void)strcpy(seed, defaultseed);
 
 		for (i = 0;; i++) {
 			if (i >= 2)
 				exit(1);
 
-			printf("s/key %d %s\ns/key access password: ", n, seed);
-			fgets(tmp, sizeof(tmp), stdin);
+			(void)printf("s/key %d %s\ns/key access password: ",
+			    n, seed);
+			(void)fgets(tmp, sizeof(tmp), stdin);
 			rip(tmp);
 			backspace(tmp);
 
 			if (tmp[0] == '?') {
-				printf("Enter 6 English words from secure S/Key calculation.\n");
+				(void)puts("Enter 6 English words from secure S/Key calculation.");
 				continue;
-			}
-			if (tmp[0] == '\0') {
+			} else if (tmp[0] == '\0')
 				exit(1);
-			}
 			if (etob(key, tmp) == 1 || atob8(key, tmp) == 0)
 				break;	/* Valid format */
-			printf("Invalid format - try again with 6 English words.\n");
+			(void)puts("Invalid format - try again with 6 English words.");
 		}
 	} else {
 		/* Get user's secret password */
+		fputs("Reminder - Only use this method if you are directly connected\n           or have an encrypted channel.  If you are using telnet\n           or rlogin, exit with no password and use keyinit -s.\n", stderr);
+
 		for (i = 0;; i++) {
-			if (i >= 2)
+			if (i > 2)
 				exit(1);
 
-			printf("Enter secret password: ");
+			(void)fputs("Enter secret password: ", stderr);
 			readpass(passwd, sizeof(passwd));
 			if (passwd[0] == '\0')
 				exit(1);
 
-			printf("Again secret password: ");
+			if (strlen(passwd) < SKEY_MIN_PW_LEN) {
+				(void)fputs("Your password must be longer.\n",
+					    stderr);
+				continue;
+			}
+
+			(void)fputs("Again secret password: ", stderr);
 			readpass(passwd2, sizeof(passwd));
 			if (passwd2[0] == '\0')
 				exit(1);
 
-			if (strlen(passwd) < 4 && strlen(passwd2) < 4)
-				err(1, "Your password must be longer");
 			if (strcmp(passwd, passwd2) == 0)
 				break;
 
-			printf("Passwords do not match.\n");
+			(void)fputs("Passwords do not match.\n", stderr);
 		}
-		strcpy(seed, defaultseed);
 
 		/* Crunch seed and password into starting key */
+		(void)strcpy(seed, defaultseed);
 		if (keycrunch(key, seed, passwd) != 0)
 			err(2, "key crunch failed");
+
 		nn = n;
 		while (nn-- != 0)
 			f(key);
 	}
-	time(&now);
+	(void)time(&now);
 	tm = localtime(&now);
-	strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
+	(void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
 
-	skey.val = (char *)malloc(16 + 1);
+	if ((skey.val = (char *)malloc(16 + 1)) == NULL)
+		err(1, "Can't allocate memory");
 
 	btoa8(skey.val, key);
 
-	fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n,
-	    seed, skey.val, tbuf);
-	fclose(skey.keyfile);
-	printf("ID %s s/key is %d %s\n", pp->pw_name, n, seed);
-	printf("Next login password: %s\n", btoe(buf, key));
-#ifdef HEXIN
-	printf("%s\n", put8(buf, key));
-#endif
+	(void)fprintf(skey.keyfile, "%s MD%d %04d %-16s %s %-21s\n",
+	    pp->pw_name, skey_get_MDX(), n, seed, skey.val, tbuf);
+	(void)fclose(skey.keyfile);
+	(void)printf("\nID %s s/key is %d %s\n", pp->pw_name, n, seed);
+	(void)printf("Next login password: %s\n", hexmode ? put8(buf, key) : btoe(buf, key));
 
-	exit(1);
+	exit(0);
 }