Adapt to RFC2289 S/Keys by pulling in changes from OpenBSD. Also

ANSIfied and fixed a bug in hex dump mode.
2000-07-07 15:18:14 +00:00 · 2000-07-07 15:18:14 +00:00 · cd5004ad3d
commit cd5004ad3d
parent bbef2fbaac
2 changed files with 58 additions and 31 deletions
--- a/usr.bin/skey/skey.1
+++ b/usr.bin/skey/skey.1
@ -1,17 +1,19 @@
-.\"	$NetBSD: skey.1,v 1.12 1999/03/22 18:16:43 garbled Exp $
+.\"	$NetBSD: skey.1,v 1.13 2000/07/07 15:18:14 mjl Exp $
 .\"
 .\"	from: @(#)skey.1	1.1 	10/28/93
 .\"
-.Dd 28 October 1993
+.Dd 7 June 2000
 .Dt SKEY 1
 .Os
 .Sh NAME
 .Nm skey
-.Nd interface to the S/Key one time password system
+.Nd respond to an OTP challenge
 .Sh SYNOPSIS
 .Nm
 .Op Fl n Ar count
 .Op Fl p Ar password
+.Op Fl t Ar hash
+.Op Fl x
 .Ar sequence#
 .Op /
 .Ar key
@ -93,11 +95,19 @@ argument asks for
 password sequences to be printed out ending with the requested
 sequence number.
 .Pp
+The hash algorithm is selected using the
+.Fl t Ar hash
+option, possible choices here are md4, md5 or sha1.
+.Pp
 The
 .Fl p Ar password
 allows the user to specify the
 .Em S/Key
 password on the command line.
+To output the S/Key list in hexadecimal in addition to words,
+use the
+.Fl x
+option.
 .Sh EXAMPLE
 Initialize generation of one time passwords:
 .Bd -literal -offset indent
@ -141,6 +151,8 @@ flag is given to
 .Xr skeyinit 1 ,
 .Xr login 1 ,
 .Xr ftpd 8
+.Pp
+.Em RFC2289
 .Sh TRADEMARKS AND PATENTS
 .Em S/Key
 is a trademark of
--- a/usr.bin/skey/skey.c
+++ b/usr.bin/skey/skey.c
@ -1,4 +1,4 @@
-/*	$NetBSD: skey.c,v 1.9 2000/04/14 06:11:10 simonb Exp $	*/
+/*	$NetBSD: skey.c,v 1.10 2000/07/07 15:18:14 mjl Exp $	*/

 /*
 * S/KEY v1.1b (skey.c)
@ -23,10 +23,10 @@

 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: skey.c,v 1.9 2000/04/14 06:11:10 simonb Exp $");
+__RCSID("$NetBSD: skey.c,v 1.10 2000/07/07 15:18:14 mjl Exp $");
 #endif

-#include <sys/cdefs.h>
+#include <err.h>
 #include <fcntl.h>
 #include <stdio.h>
 #include <skey.h>
@ -38,29 +38,40 @@ int	main __P((int, char **));
 void    usage __P((char *));

 int
-main(argc, argv)
-	int	argc;
-	char	*argv[];
+main(int	argc, char **argv)
 {
-	int     n, cnt, i, pass = 0;
-	char    passwd[256], key[8], buf[33], *seed, *slash;
+	int     n, cnt, i, pass = 0, hexmode = 0;
+	char    passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
+	char	buf[33], *seed, *slash;

 	cnt = 1;

-	while ((i = getopt(argc, argv, "n:p:")) != -1) {
+	while ((i = getopt(argc, argv, "n:p:t:x")) != -1) {
 		switch (i) {
 		case 'n':
 			cnt = atoi(optarg);
 			break;
 		case 'p':
-			strcpy(passwd, optarg);
+			if (strlcpy(passwd, argv[++i], sizeof(passwd)) >=
+							sizeof(passwd))
+				errx(1, "Password too long");
 			pass = 1;
 			break;
+		case 't':
+			if (skey_set_algorithm(optarg) == NULL) {
+				errx(1, "Unknown hash algorithm %s", optarg);
+                        }
+			break;
+		case 'x':
+			hexmode = 1;
+			break;
+		default:
+			usage(argv[0]);
+			break;		
 		}
 	}

 	/* could be in the form <number>/<seed> */
-
 	if (argc <= optind + 1) {
 		/* look for / in it */
 		if (argc <= optind)
@ -74,44 +85,48 @@ main(argc, argv)
 		if ((n = atoi(argv[optind])) < 0) {
 			fprintf(stderr, "%s not positive\n", argv[optind]);
 			usage(argv[0]);
+                } else if (n > SKEY_MAX_SEQ) {
+			warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
+			usage(argv[0]);
 		}
 	} else {

 		if ((n = atoi(argv[optind])) < 0) {
 			fprintf(stderr, "%s not positive\n", argv[optind]);
 			usage(argv[0]);
+		} else if (n > SKEY_MAX_SEQ) {
+			warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
+			usage(argv[0]);
 		}
 		seed = argv[++optind];
 	}

 	/* Get user's secret password */
 	if (!pass) {
+		(void)fputs("Reminder - Do not use this program while "
+			    "logged in via telnet or rlogin.\n", stderr);
 		fprintf(stderr, "Enter secret password: ");
 		readpass(passwd, sizeof(passwd));
+		if (passwd[0] == '\0') 
+			exit(1);
 	}
-	rip(passwd);

 	/* Crunch seed and password into starting key */
-	if (keycrunch(key, seed, passwd) != 0) {
-		fprintf(stderr, "%s: key crunch failed\n", argv[0]);
-		exit(1);
-	}
+	if (keycrunch(key, seed, passwd) != 0)
+		errx(1, "key crunch failed");
+
 	if (cnt == 1) {
 		while (n-- != 0)
 			f(key);
-		printf("%s\n", btoe(buf, key));
-#ifdef	HEXIN
-		printf("%s\n", put8(buf, key));
-#endif
+		(void)puts(hexmode ? put8(buf, key) : btoe(buf, key));
 	} else {
 		for (i = 0; i <= n - cnt; i++)
 			f(key);
 		for (; i <= n; i++) {
-#ifdef	HEXIN
-			printf("%d: %-29s  %s\n", i, btoe(buf, key), put8(buf, key));
-#else
-			printf("%d: %-29s\n", i, btoe(buf, key));
-#endif
+			(void)printf("%3d: %-29s", i, btoe(buf, key));
+			if (hexmode)
+				(void)printf("\t%s", put8(buf, key));
+			puts("");
 			f(key);
 		}
 	}
@ -119,11 +134,11 @@ main(argc, argv)
 }

 void
-usage(s)
-	char   *s;
+usage(char *s)
 {

 	fprintf(stderr,
-	    "Usage: %s [-n count] [-p password ] sequence# [/] key\n", s);
+	    "Usage: %s [-n count] [-p password ] [-t hash] [-x] sequence#"
+	    	"[/] key\n", s);
 	exit(1);
 }