From f7af1085deb6d0912133129e632f7b34ce76d83d Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <millert@cvs.openbsd.org>
Date: Sun, 17 Jun 2001 22:44:52 +0000
Subject: Use BSD authentication to retrieve the challenge so we no longer
 require suid root.

---
 usr.bin/skeyinfo/skeyinfo.c | 53 ++++++++++++++++++++++++---------------------
 1 file changed, 28 insertions(+), 25 deletions(-)

(limited to 'usr.bin/skeyinfo/skeyinfo.c')

diff --git a/usr.bin/skeyinfo/skeyinfo.c b/usr.bin/skeyinfo/skeyinfo.c
index 38b3046fc9d..fbf150aaac6 100644
--- a/usr.bin/skeyinfo/skeyinfo.c
+++ b/usr.bin/skeyinfo/skeyinfo.c
@@ -1,7 +1,7 @@
-/*	$OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $	*/
+/*	$OpenBSD: skeyinfo.c,v 1.7 2001/06/17 22:44:51 millert Exp $	*/
 
 /*
- * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1997, 2001 Todd C. Miller <Todd.Miller@courtesan.com>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28,14 +28,13 @@
  */
 
 #include <err.h>
-#include <limits.h>
-#include <paths.h>
 #include <pwd.h>
 #include <stdio.h>
-#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <skey.h>
+#include <login_cap.h>
+#include <bsd_auth.h>
 
 extern char *__progname;
 
@@ -47,12 +46,9 @@ main(argc, argv)
 	char **argv;
 {
 	struct passwd *pw;
-	struct skey key;
-	char *name = NULL;
-	int error, ch, verbose = 0;
-
-	if (geteuid() != 0)
-		errx(1, "must be setuid root");
+	char *challenge, *cp, *name = NULL;
+	int ch, verbose = 0;
+	auth_session_t *as;
 
 	while ((ch = getopt(argc, argv, "v")) != -1)
 		switch(ch) {
@@ -84,22 +80,29 @@ main(argc, argv)
 	if ((name = strdup(pw->pw_name)) == NULL)
 		err(1, "cannot allocate memory");
 
-	error = skeylookup(&key, name);
-	switch (error) {
-		case 0:		/* Success! */
-			if (verbose)
-				(void)printf("otp-%s ", skey_get_algorithm());
-			(void)printf("%d %s\n", key.n - 1, key.seed);
-			break;
-		case -1:	/* File error */
-			warn("cannot open %s", _PATH_SKEYKEYS);
-			break;
-		case 1:		/* Unknown user */
-			warnx("%s is not listed in %s", name, _PATH_SKEYKEYS);
+	as = auth_userchallenge(name, "skey", NULL, &challenge);
+	if (as == NULL || challenge == NULL) {
+		auth_close(as);
+		errx(1, "unable to retrieve S/Key challenge for %s", name);
 	}
-	(void)fclose(key.keyfile);
 
-	exit(error ? 1 : 0);
+	/*
+	 * We only want the first line of the challenge so stop after a newline.
+	 * If the user wants the full challenge including the hash type
+	 * or if the challenge didn't start with 'otp-', print it verbatim.
+	 * Otherwise, strip off the first word.
+	 */
+	if ((cp = strchr(challenge, '\n')))
+		*cp = '\0';
+	cp = strchr(challenge, ' ');
+	if (verbose || *challenge != 'o' || !cp)
+		cp = challenge;
+	else
+		cp++;
+	puts(cp);
+
+	auth_close(as);
+	exit(0);
 }
 
 void
-- 
cgit v1.2.3