From 00c1ae9c3963b23f1fe010fee051ffb1be1eb7ae Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Wed, 20 Dec 1995 09:48:25 +0000 Subject: add ability to zero out entry; from millert@cs.colorado.edu; netbsd pr#1851 also add a prototype for skeyzero() --- lib/libskey/skey.h | 3 ++- lib/libskey/skeylogin.c | 30 +++++++++++++++++++++++++++++- usr.bin/skeyinit/skeyinit.1 | 3 +++ usr.bin/skeyinit/skeyinit.c | 26 ++++++++++++++++++-------- 4 files changed, 52 insertions(+), 10 deletions(-) diff --git a/lib/libskey/skey.h b/lib/libskey/skey.h index 1cc7c4a4b1c..1d7f596a9ea 100644 --- a/lib/libskey/skey.h +++ b/lib/libskey/skey.h @@ -11,7 +11,7 @@ * * Main client header * - * $Id: skey.h,v 1.1 1995/10/18 08:43:11 deraadt Exp $ + * $Id: skey.h,v 1.2 1995/12/20 09:48:23 deraadt Exp $ */ #if defined(__TURBOC__) || defined(__STDC__) || defined(LATTICE) @@ -61,6 +61,7 @@ void rip __ARGS ((char *buf)); int skeychallenge __ARGS ((struct skey * mp, char *name, char *ss)); int skeylookup __ARGS ((struct skey * mp, char *name)); int skeyverify __ARGS ((struct skey * mp, char *response)); +int skeyzero __ARGS ((struct skey * mp, char *response)); void sevenbit __ARGS ((char *s)); void backspace __ARGS ((char *s)); char *skipspace __ARGS ((char *s)); diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c index 0c7a7feaa6a..000a61b6200 100644 --- a/lib/libskey/skeylogin.c +++ b/lib/libskey/skeylogin.c @@ -8,7 +8,7 @@ * * S/KEY verification check, lookups, and authentication. * - * $Id: skeylogin.c,v 1.1 1995/10/18 08:43:11 deraadt Exp $ + * $Id: skeylogin.c,v 1.2 1995/12/20 09:48:24 deraadt Exp $ */ #include @@ -364,3 +364,31 @@ skey_authenticate (username) } return -1; } + +/* Comment out user's entry in the s/key database + * + * Return codes: + * -1: Write error; database unchanged + * 0: Database updated + * + * The database file is always closed by this call. + */ +int +skeyzero(mp, response) + struct skey *mp; + char *response; +{ + /* + * Seek to the right place and write comment character + * which effectively zero's out the entry. + */ + fseek(mp->keyfile, mp->recstart, 0); + if (fputc('#', mp->keyfile) == EOF) { + fclose(mp->keyfile); + return -1; + } + + fclose(mp->keyfile); + + return 0; +} diff --git a/usr.bin/skeyinit/skeyinit.1 b/usr.bin/skeyinit/skeyinit.1 index 249a886cc00..725dc5340e0 100644 --- a/usr.bin/skeyinit/skeyinit.1 +++ b/usr.bin/skeyinit/skeyinit.1 @@ -10,6 +10,7 @@ .Sh SYNOPSIS .Nm skeyinit .Op Fl s +.Op Fl z .Op Ar user .Sh DESCRIPTION .Nm skeyinit @@ -28,6 +29,8 @@ then run in another window to generate the correct 6 english words for that count and seed. You can then "cut-and-paste" or type the words into the skeyinit window. +.It Fl z +allows the user to zero their S/Key entry. .It Ar user the username to be changed/added. By default the current user is operated on. diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c index 684af16d9b8..b94327239f5 100644 --- a/usr.bin/skeyinit/skeyinit.c +++ b/usr.bin/skeyinit/skeyinit.c @@ -29,13 +29,14 @@ #define NAMELEN 2 int skeylookup __ARGS((struct skey * mp, char *name)); +int skeyzero __ARGS((struct skey * mp, char *name)); int main(argc, argv) int argc; char *argv[]; { - int rval, n, nn, i, defaultsetup, l; + int rval, n, nn, i, defaultsetup, l, zerokey = 0; time_t now; char hostname[MAXHOSTNAMELEN]; char seed[18], tmp[80], key[8], defaultseed[17]; @@ -63,14 +64,15 @@ main(argc, argv) err(1, "Who are you?"); defaultsetup = 1; - if (argc > 1) { - if (strcmp("-s", argv[1]) == 0) + for (i=1; i < argc; i++) { + if (strcmp("-s", argv[i]) == 0) defaultsetup = 0; - else - pp = getpwnam(argv[1]); - - if (argc > 2) - pp = getpwnam(argv[2]); + else if (strcmp("-z", argv[i]) == 0) + zerokey = 1; + else { + pp = getpwnam(argv[i]); + break; + } } if (pp == NULL) { err(1, "User unknown"); @@ -104,6 +106,10 @@ main(argc, argv) case -1: err(1, "cannot open database"); case 0: + /* comment out user if asked to */ + if (zerokey) + exit(skeyzero(&skey, pp->pw_name)); + printf("[Updating %s]\n", pp->pw_name); printf("Old key: %s\n", skey.seed); @@ -127,6 +133,10 @@ main(argc, argv) } break; case 1: + if (zerokey) { + printf("You have no entry to zero.\n"); + exit(1); + } printf("[Adding %s]\n", pp->pw_name); break; } -- cgit v1.2.3