From c928a15892bc2a8df7d4c1575d8229cccf52880d Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 23 Jul 1997 04:10:54 +0000 Subject: Replace skeyinfo.sh with a setuid binary (necessary for mode 0600 /etc/skeykeys) --- usr.bin/skey/Makefile | 6 +-- usr.bin/skey/skeyinfo.1 | 24 --------- usr.bin/skey/skeyinfo.sh | 15 ------ usr.bin/skeyinfo/Makefile | 9 ++++ usr.bin/skeyinfo/skeyinfo.1 | 26 ++++++++++ usr.bin/skeyinfo/skeyinfo.c | 116 ++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 153 insertions(+), 43 deletions(-) delete mode 100644 usr.bin/skey/skeyinfo.1 delete mode 100644 usr.bin/skey/skeyinfo.sh create mode 100644 usr.bin/skeyinfo/Makefile create mode 100644 usr.bin/skeyinfo/skeyinfo.1 create mode 100644 usr.bin/skeyinfo/skeyinfo.c (limited to 'usr.bin') diff --git a/usr.bin/skey/Makefile b/usr.bin/skey/Makefile index f112db4c8de..2563fa06ba9 100644 --- a/usr.bin/skey/Makefile +++ b/usr.bin/skey/Makefile @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.10 1997/07/17 05:48:39 millert Exp $ +# $OpenBSD: Makefile,v 1.11 1997/07/23 04:10:50 millert Exp $ PROG= skey -MAN= skey.1 skeyinfo.1 skeyaudit.1 skeyprune.8 +MAN= skey.1 skeyaudit.1 skeyprune.8 LINKS= ${BINDIR}/skey ${BINDIR}/otp-md4 \ ${BINDIR}/skey ${BINDIR}/otp-md5 \ ${BINDIR}/skey ${BINDIR}/otp-sha1 \ @@ -16,8 +16,6 @@ LDADD= -lskey beforeinstall: ${INSTALL} ${INSTALL_COPY} -m 755 ${.CURDIR}/skeyaudit.sh \ ${DESTDIR}${BINDIR}/skeyaudit - ${INSTALL} ${INSTALL_COPY} -m 755 ${.CURDIR}/skeyinfo.sh \ - ${DESTDIR}${BINDIR}/skeyinfo ${INSTALL} ${INSTALL_COPY} -m 755 ${.CURDIR}/skeyprune.pl \ ${DESTDIR}${BINDIR}/skeyprune diff --git a/usr.bin/skey/skeyinfo.1 b/usr.bin/skey/skeyinfo.1 deleted file mode 100644 index 8cc6630c2c5..00000000000 --- a/usr.bin/skey/skeyinfo.1 +++ /dev/null @@ -1,24 +0,0 @@ -.\" $OpenBSD: skeyinfo.1,v 1.4 1996/10/08 01:20:56 michaels Exp $ -.\" -.\" -.Dd 9 June 1994 -.Dt SKEYINFO 1 -.Os -.Sh NAME -.Nm skeyinfo -.Nd obtain the next S/Key challenge for a user -.Sh SYNOPSIS -.Nm skeyinfo -.Op Ar user -.Sh DESCRIPTION -.Nm skeyinfo -prints out the next S/Key challenge for the specified user or for the -current user if no user is specified. -.Sh EXAMPLE -% skey -n `skeyinfo` | lpr -.sp -This would print out a list of S/Key passwords for use over -an untrusted network (perhaps for use at a conference). -.Sh SEE ALSO -.Xr skeyinit 1 , -.Xr skey 1 diff --git a/usr.bin/skey/skeyinfo.sh b/usr.bin/skey/skeyinfo.sh deleted file mode 100644 index 33b0b00673b..00000000000 --- a/usr.bin/skey/skeyinfo.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# $OpenBSD: skeyinfo.sh,v 1.4 1996/09/29 04:46:17 millert Exp $ -# search /etc/skeykeys for the skey string for -# this user OR user specified in 1st parameter - -KEYDB=/etc/skeykeys -if [ -z "$1" ]; then - WHO=`/usr/bin/whoami` -else - WHO=$1 -fi - -if [ -f $KEYDB ]; then - /usr/bin/awk '/^'$WHO'[ ]/ { if ($2 ~ /^[A-z]/) { print $3-1, $4} else { print $2-1, $3 } }' < $KEYDB -fi diff --git a/usr.bin/skeyinfo/Makefile b/usr.bin/skeyinfo/Makefile new file mode 100644 index 00000000000..8c59930c648 --- /dev/null +++ b/usr.bin/skeyinfo/Makefile @@ -0,0 +1,9 @@ +# $OpenBSD: Makefile,v 1.1 1997/07/23 04:10:52 millert Exp $ + +PROG= skeyinfo +BINOWN= root +BINMODE=4555 +DPADD= ${LIBSKEY} +LDADD= -lskey + +.include diff --git a/usr.bin/skeyinfo/skeyinfo.1 b/usr.bin/skeyinfo/skeyinfo.1 new file mode 100644 index 00000000000..ebb516f8d64 --- /dev/null +++ b/usr.bin/skeyinfo/skeyinfo.1 @@ -0,0 +1,26 @@ +.\" $OpenBSD: skeyinfo.1,v 1.1 1997/07/23 04:10:53 millert Exp $ +.\" +.Dd 22 July 1997 +.Dt SKEYINFO 1 +.Os +.Sh NAME +.Nm skeyinfo +.Nd obtain the next S/Key challenge for a user +.Sh SYNOPSIS +.Nm skeyinfo +.Op Fl v +.Op Ar user +.Sh DESCRIPTION +.Nm skeyinfo +prints out the next S/Key challenge for the specified user or for the +current user if no user is specified. If the +.Fl v +flag is given, the hash algorithm is printed as well. +.Sh EXAMPLE +% skey -n `skeyinfo` | lpr +.sp +This would print out a list of S/Key passwords for use over +an untrusted network (perhaps for use at a conference). +.Sh SEE ALSO +.Xr skeyinit 1 , +.Xr skey 1 diff --git a/usr.bin/skeyinfo/skeyinfo.c b/usr.bin/skeyinfo/skeyinfo.c new file mode 100644 index 00000000000..0f3a94b9ec9 --- /dev/null +++ b/usr.bin/skeyinfo/skeyinfo.c @@ -0,0 +1,116 @@ +/* $OpenBSD: skeyinfo.c,v 1.1 1997/07/23 04:10:53 millert Exp $ */ + +/* + * Copyright (c) 1997 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Todd C. Miller. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +extern char *__progname; + +void usage __P((void)); + +int +main(argc, argv) + int argc; + char **argv; +{ + struct passwd *pw; + struct skey key; + char *name = NULL; + int errs, ch, verbose = 0; + + if (geteuid() != 0) + errx(1, "must be setuid root"); + + while ((ch = getopt(argc, argv, "v")) != -1) + switch(ch) { + case 'v': + verbose = 1; + break; + default: + usage(); + } + argc -= optind; + argv += optind; + + if (argc == 1) + name = argv[0]; + else if (argc > 1) + usage(); + + if (name && getuid() != 0) + errx(1, "only root may specify an alternate user"); + + if (name) { + if (strlen(name) > PASS_MAX) + errx(1, "username too long (%d chars max)", PASS_MAX); + if ((pw = getpwnam(name)) == NULL) + errx(1, "no passwd entry for %s", name); + } else { + if ((pw = getpwuid(getuid())) == NULL) + errx(1, "no passwd entry for uid %u", getuid()); + } + + if ((name = strdup(pw->pw_name)) == NULL) + err(1, "cannot allocate memory"); + sevenbit(name); + + errs = skeylookup(&key, name); + switch (errs) { + case 0: /* Success! */ + if (verbose) + (void)printf("otp-%s ", skey_get_algorithm()); + (void)printf("%d %s\n", key.n - 1, key.seed); + break; + case -1: /* File error */ + /* XXX - _PATH_SKEYFILE should be in paths.h? */ + warnx("cannot open /etc/skeykeys"); + break; + case 1: /* Unknown user */ + warnx("%s is not listed in /etc/skeykeys", name); + } + + return(errs); +} + +void +usage() +{ + (void)fprintf(stderr, "Usage: %s [-v] [user]\n", __progname); + exit(1); +} -- cgit v1.2.3