From 32f69fdac5c4ae6f95e53e9ad3a63f646960c8b7 Mon Sep 17 00:00:00 2001
From: mjl <mjl@NetBSD.org>
Date: Thu, 14 Sep 2000 19:18:24 +0000
Subject: [PATCH] Add a -f option to turn off the strict length checking for
 passphrases. Also discourage its use in the manpage (and fix a couple of
 formatting nits).

---
 usr.bin/skey/skey.1 | 12 ++++++++++--
 usr.bin/skey/skey.c | 20 ++++++++++++--------
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/usr.bin/skey/skey.1 b/usr.bin/skey/skey.1
index 4be13d697b6e..bfe1fb5a0ea5 100644
--- a/usr.bin/skey/skey.1
+++ b/usr.bin/skey/skey.1
@@ -1,4 +1,4 @@
-.\"	$NetBSD: skey.1,v 1.13 2000/07/07 15:18:14 mjl Exp $
+.\"	$NetBSD: skey.1,v 1.14 2000/09/14 19:18:24 mjl Exp $
 .\"
 .\"	from: @(#)skey.1	1.1 	10/28/93
 .\"
@@ -10,6 +10,7 @@
 .Nd respond to an OTP challenge
 .Sh SYNOPSIS
 .Nm
+.Op Fl f
 .Op Fl n Ar count
 .Op Fl p Ar password
 .Op Fl t Ar hash
@@ -104,10 +105,17 @@ The
 allows the user to specify the
 .Em S/Key
 password on the command line.
-To output the S/Key list in hexadecimal in addition to words,
+.Pp
+To output the S/Key list in hexadecimal instead of words,
 use the
 .Fl x
 option.
+.Pp
+The
+.Fl f
+option can be used to override the
+strict length checking for passwords. Do not use this option until you have
+very good reason to do so, as shorter passwords violate RFC2289.
 .Sh EXAMPLE
 Initialize generation of one time passwords:
 .Bd -literal -offset indent
diff --git a/usr.bin/skey/skey.c b/usr.bin/skey/skey.c
index b699ed30d94f..7aaef733b029 100644
--- a/usr.bin/skey/skey.c
+++ b/usr.bin/skey/skey.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: skey.c,v 1.12 2000/09/14 15:26:42 mjl Exp $	*/
+/*	$NetBSD: skey.c,v 1.13 2000/09/14 19:18:24 mjl Exp $	*/
 
 /*
  * S/KEY v1.1b (skey.c)
@@ -23,7 +23,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: skey.c,v 1.12 2000/09/14 15:26:42 mjl Exp $");
+__RCSID("$NetBSD: skey.c,v 1.13 2000/09/14 19:18:24 mjl Exp $");
 #endif
 
 #include <ctype.h>
@@ -35,20 +35,24 @@ __RCSID("$NetBSD: skey.c,v 1.12 2000/09/14 15:26:42 mjl Exp $");
 #include <string.h>
 #include <unistd.h>
 
-int	main __P((int, char **));
-void    usage __P((char *));
+int	main(int, char **);
+void    usage(char *);
 
 int
 main(int	argc, char **argv)
 {
-	int     n, cnt, i, pass = 0, hexmode = 0;
+	int     n, cnt, i, pass = 0, hexmode = 0, force = 0;
 	char    passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
 	char	buf[33], *seed, *slash, *t;
 
 	cnt = 1;
 
-	while ((i = getopt(argc, argv, "n:p:t:x")) != -1) {
+	while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) {
 		switch (i) {
+		case 'f':
+			force = 1;
+			break;
+
 		case 'n':
 			cnt = atoi(optarg);
 			break;
@@ -120,7 +124,7 @@ main(int	argc, char **argv)
 			exit(1);
 	}
 
-	if(strlen(passwd) < SKEY_MIN_PW_LEN)
+	if(strlen(passwd) < SKEY_MIN_PW_LEN && !force)
 		errx(1, "password must be at least %d long", SKEY_MIN_PW_LEN);
 
 	/* Crunch seed and password into starting key */
@@ -150,7 +154,7 @@ usage(char *s)
 {
 
 	fprintf(stderr,
-	    "Usage: %s [-n count] [-p password ] [-t hash] [-x] sequence#"
+	    "Usage: %s [-f] [-n count] [-p password ] [-t hash] [-x] sequence#"
 	    	"[/] key\n", s);
 	exit(1);
 }