=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/lock/lock.c,v retrieving revision 1.6 retrieving revision 1.7 diff -c -r1.6 -r1.7 *** src/usr.bin/lock/lock.c 1996/09/06 01:57:15 1.6 --- src/usr.bin/lock/lock.c 1996/10/16 00:09:20 1.7 *************** *** 1,4 **** ! /* $OpenBSD: lock.c,v 1.6 1996/09/06 01:57:15 downsj Exp $ */ /* $NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $ */ /* --- 1,4 ---- ! /* $OpenBSD: lock.c,v 1.7 1996/10/16 00:09:20 millert Exp $ */ /* $NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $ */ /* *************** *** 47,53 **** #if 0 static char sccsid[] = "@(#)lock.c 8.1 (Berkeley) 6/6/93"; #endif ! static char rcsid[] = "$OpenBSD: lock.c,v 1.6 1996/09/06 01:57:15 downsj Exp $"; #endif /* not lint */ /* --- 47,53 ---- #if 0 static char sccsid[] = "@(#)lock.c 8.1 (Berkeley) 6/6/93"; #endif ! static char rcsid[] = "$OpenBSD: lock.c,v 1.7 1996/10/16 00:09:20 millert Exp $"; #endif /* not lint */ /* *************** *** 72,77 **** --- 72,81 ---- #include #include + #ifdef SKEY + #include + #endif + #define TIMEOUT 15 void quit(), bye(), hi(); *************** *** 87,93 **** int argc; char **argv; { - extern char *optarg; struct passwd *pw; struct timeval timval; struct itimerval ntimer, otimer; --- 91,96 ---- *************** *** 96,102 **** int ch, sectimeout, usemine; char *ap, *mypw, *ttynam, *tzn; char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ]; - char *crypt(); sectimeout = TIMEOUT; mypw = NULL; --- 99,104 ---- *************** *** 126,132 **** } timeout.tv_sec = sectimeout * 60; ! setuid(getuid()); /* discard privs */ if (tcgetattr(0, &tty) < 0) /* get information for header */ exit(1); --- 128,134 ---- } timeout.tv_sec = sectimeout * 60; ! seteuid(getuid()); /* discard what privs we can */ if (tcgetattr(0, &tty) < 0) /* get information for header */ exit(1); *************** *** 159,165 **** (void)fgets(s1, sizeof(s1), stdin); (void)putchar('\n'); if (strcmp(s1, s)) { ! (void)printf("\alock: passwords didn't match.\n"); (void)tcsetattr(0, TCSADRAIN, &tty); exit(1); } --- 161,167 ---- (void)fgets(s1, sizeof(s1), stdin); (void)putchar('\n'); if (strcmp(s1, s)) { ! (void)puts("\alock: passwords didn't match."); (void)tcsetattr(0, TCSADRAIN, &tty); exit(1); } *************** *** 198,204 **** s[strlen(s) - 1] = '\0'; #ifdef SKEY if (strcasecmp(s, "s/key") == 0) { ! if (skey_auth(pw->pw_name)) break; } #endif --- 200,210 ---- s[strlen(s) - 1] = '\0'; #ifdef SKEY if (strcasecmp(s, "s/key") == 0) { ! /* S/Key lookup needs to be done as root */ ! seteuid(0); ! ch = skey_auth(pw->pw_name); ! seteuid(getuid()); ! if (ch) break; } #endif *************** *** 224,234 **** skey_auth(user) char *user; { ! char s[128], *ask, *skey_keyinfo __P((char *name)); int ret = 0; if (!skey_haskey(user) && (ask = skey_keyinfo(user))) { ! printf("\n[%s]\nResponse: ", ask); if (!fgets(s, sizeof(s), stdin) || *s == '\n') clearerr(stdin); else { --- 230,240 ---- skey_auth(user) char *user; { ! char s[256], *ask; int ret = 0; if (!skey_haskey(user) && (ask = skey_keyinfo(user))) { ! printf("\n%s\nResponse: ", ask); if (!fgets(s, sizeof(s), stdin) || *s == '\n') clearerr(stdin); else {