230 lines
5.1 KiB
C
230 lines
5.1 KiB
C
/* $NetBSD: skeyinit.c,v 1.5 1994/12/24 17:42:05 cgd Exp $ */
|
|
|
|
/* S/KEY v1.1b (skeyinit.c)
|
|
*
|
|
* Authors:
|
|
* Neil M. Haller <nmh@thumper.bellcore.com>
|
|
* Philip R. Karn <karn@chicago.qualcomm.com>
|
|
* John S. Walden <jsw@thumper.bellcore.com>
|
|
* Scott Chasin <chasin@crimelab.com>
|
|
*
|
|
* S/KEY initialization and seed update
|
|
*/
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/time.h>
|
|
#include <sys/resource.h>
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <pwd.h>
|
|
#include <unistd.h>
|
|
#include <time.h>
|
|
|
|
#include "skey.h"
|
|
|
|
#define NAMELEN 2
|
|
|
|
int skeylookup __ARGS((struct skey * mp, char *name));
|
|
|
|
main(argc, argv)
|
|
int argc;
|
|
char *argv[];
|
|
{
|
|
int rval, n, nn, i, defaultsetup, l;
|
|
time_t now;
|
|
char hostname[MAXHOSTNAMELEN];
|
|
char seed[18], tmp[80], key[8], defaultseed[17];
|
|
char passwd[256], passwd2[256], tbuf[27], buf[60];
|
|
char lastc, me[80], user[8], *salt, *p, *pw;
|
|
struct skey skey;
|
|
struct passwd *pp;
|
|
struct tm *tm;
|
|
extern int optind;
|
|
extern char *optarg;
|
|
|
|
time(&now);
|
|
tm = localtime(&now);
|
|
strftime(tbuf, sizeof(tbuf), "%M%j", tm);
|
|
|
|
if (gethostname(hostname, sizeof(hostname)) < 0)
|
|
err(1, "gethostname");
|
|
strncpy(defaultseed, hostname, sizeof(defaultseed)- 1);
|
|
defaultseed[4] = '\0';
|
|
strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
|
|
|
|
if ((pp = getpwuid(getuid())) == NULL)
|
|
err(1, "no user with uid %d", getuid());
|
|
strcpy(me, pp->pw_name);
|
|
|
|
if ((pp = getpwnam(me)) == NULL)
|
|
err(1, "Who are you?");
|
|
|
|
defaultsetup = 1;
|
|
if (argc > 1) {
|
|
if (strcmp("-s", argv[1]) == 0)
|
|
defaultsetup = 0;
|
|
else
|
|
pp = getpwnam(argv[1]);
|
|
|
|
if (argc > 2)
|
|
pp = getpwnam(argv[2]);
|
|
}
|
|
if (pp == NULL) {
|
|
err(1, "User unknown");
|
|
}
|
|
if (strcmp(pp->pw_name, me) != 0) {
|
|
if (getuid() != 0) {
|
|
/* Only root can change other's passwds */
|
|
printf("Permission denied.\n");
|
|
exit(1);
|
|
}
|
|
}
|
|
salt = pp->pw_passwd;
|
|
|
|
setpriority(PRIO_PROCESS, 0, -4);
|
|
|
|
if (getuid() != 0) {
|
|
setpriority(PRIO_PROCESS, 0, -4);
|
|
|
|
pw = getpass("Password:");
|
|
p = crypt(pw, salt);
|
|
|
|
setpriority(PRIO_PROCESS, 0, 0);
|
|
|
|
if (pp && strcmp(p, pp->pw_passwd)) {
|
|
printf("Password incorrect.\n");
|
|
exit(1);
|
|
}
|
|
}
|
|
rval = skeylookup(&skey, pp->pw_name);
|
|
switch (rval) {
|
|
case -1:
|
|
err(1, "cannot open database");
|
|
case 0:
|
|
printf("[Updating %s]\n", pp->pw_name);
|
|
printf("Old key: %s\n", skey.seed);
|
|
|
|
/*
|
|
* lets be nice if they have a skey.seed that
|
|
* ends in 0-8 just add one
|
|
*/
|
|
l = strlen(skey.seed);
|
|
if (l > 0) {
|
|
lastc = skey.seed[l - 1];
|
|
if (isdigit(lastc) && lastc != '9') {
|
|
strcpy(defaultseed, skey.seed);
|
|
defaultseed[l - 1] = lastc + 1;
|
|
}
|
|
if (isdigit(lastc) && lastc == '9' && l < 16) {
|
|
strcpy(defaultseed, skey.seed);
|
|
defaultseed[l - 1] = '0';
|
|
defaultseed[l] = '0';
|
|
defaultseed[l + 1] = '\0';
|
|
}
|
|
}
|
|
break;
|
|
case 1:
|
|
printf("[Adding %s]\n", pp->pw_name);
|
|
break;
|
|
}
|
|
n = 99;
|
|
|
|
if (!defaultsetup) {
|
|
printf("You need the 6 english words generated from the \"key\" command.\n");
|
|
for (i = 0;; i++) {
|
|
if (i >= 2)
|
|
exit(1);
|
|
printf("Enter sequence count from 1 to 10000: ");
|
|
fgets(tmp, sizeof(tmp), stdin);
|
|
n = atoi(tmp);
|
|
if (n > 0 && n < 10000)
|
|
break; /* Valid range */
|
|
printf("\n Error: Count must be > 0 and < 10000\n");
|
|
}
|
|
}
|
|
if (!defaultsetup) {
|
|
printf("Enter new key [default %s]: ", defaultseed);
|
|
fflush(stdout);
|
|
fgets(seed, sizeof(seed), stdin);
|
|
rip(seed);
|
|
if (strlen(seed) > 16) {
|
|
printf("Notice: Seed truncated to 16 characters.\n");
|
|
seed[16] = '\0';
|
|
}
|
|
if (seed[0] == '\0')
|
|
strcpy(seed, defaultseed);
|
|
|
|
for (i = 0;; i++) {
|
|
if (i >= 2)
|
|
exit(1);
|
|
|
|
printf("s/key %d %s\ns/key access password: ", n, seed);
|
|
fgets(tmp, sizeof(tmp), stdin);
|
|
rip(tmp);
|
|
backspace(tmp);
|
|
|
|
if (tmp[0] == '?') {
|
|
printf("Enter 6 English words from secure S/Key calculation.\n");
|
|
continue;
|
|
}
|
|
if (tmp[0] == '\0') {
|
|
exit(1);
|
|
}
|
|
if (etob(key, tmp) == 1 || atob8(key, tmp) == 0)
|
|
break; /* Valid format */
|
|
printf("Invalid format - try again with 6 English words.\n");
|
|
}
|
|
} else {
|
|
/* Get user's secret password */
|
|
for (i = 0;; i++) {
|
|
if (i >= 2)
|
|
exit(1);
|
|
|
|
printf("Enter secret password: ");
|
|
readpass(passwd, sizeof(passwd));
|
|
if (passwd[0] == '\0')
|
|
exit(1);
|
|
|
|
printf("Again secret password: ");
|
|
readpass(passwd2, sizeof(passwd));
|
|
if (passwd2[0] == '\0')
|
|
exit(1);
|
|
|
|
if (strlen(passwd) < 4 && strlen(passwd2) < 4)
|
|
err(1, "Your password must be longer");
|
|
if (strcmp(passwd, passwd2) == 0)
|
|
break;
|
|
|
|
printf("Passwords do not match.\n");
|
|
}
|
|
strcpy(seed, defaultseed);
|
|
|
|
/* Crunch seed and password into starting key */
|
|
if (keycrunch(key, seed, passwd) != 0)
|
|
err(2, "key crunch failed");
|
|
nn = n;
|
|
while (nn-- != 0)
|
|
f(key);
|
|
}
|
|
time(&now);
|
|
tm = localtime(&now);
|
|
strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
|
|
|
|
skey.val = (char *)malloc(16 + 1);
|
|
|
|
btoa8(skey.val, key);
|
|
|
|
fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n,
|
|
seed, skey.val, tbuf);
|
|
fclose(skey.keyfile);
|
|
printf("ID %s s/key is %d %s\n", pp->pw_name, n, seed);
|
|
printf("Next login password: %s\n", btoe(buf, key));
|
|
#ifdef HEXIN
|
|
printf("%s\n", put8(buf, key));
|
|
#endif
|
|
|
|
exit(1);
|
|
}
|