version 1.37, 2002/06/06 20:56:02 |
version 1.38, 2002/06/07 21:35:26 |
|
|
#endif |
#endif |
|
|
void usage(void); |
void usage(void); |
void secure_mode(int *, char *, char *, char *, char *, size_t); |
void secure_mode(int *, char *, char *, char *, size_t); |
void normal_mode(char *, int, char *, char *, char *); |
void normal_mode(char *, int, char *, char *); |
void timedout(int); |
void timedout(int); |
void convert_db(void); |
void convert_db(void); |
void enable_db(int); |
void enable_db(int); |
|
|
{ |
{ |
int rval, i, l, n, defaultsetup, rmkey, hexmode, enable, convert; |
int rval, i, l, n, defaultsetup, rmkey, hexmode, enable, convert; |
char hostname[MAXHOSTNAMELEN]; |
char hostname[MAXHOSTNAMELEN]; |
char seed[SKEY_MAX_SEED_LEN + 2], defaultseed[SKEY_MAX_SEED_LEN + 1]; |
char seed[SKEY_MAX_SEED_LEN + 1]; |
char buf[256], key[SKEY_BINKEY_SIZE], filename[PATH_MAX], *ht; |
char buf[256], key[SKEY_BINKEY_SIZE], filename[PATH_MAX], *ht; |
char lastc, me[UT_NAMESIZE + 1], *p, *auth_type; |
char lastc, me[UT_NAMESIZE + 1], *p, *auth_type; |
struct skey skey; |
struct skey skey; |
|
|
/* Build up a default seed based on the hostname and time */ |
/* Build up a default seed based on the hostname and time */ |
if (gethostname(hostname, sizeof(hostname)) < 0) |
if (gethostname(hostname, sizeof(hostname)) < 0) |
err(1, "gethostname"); |
err(1, "gethostname"); |
for (i = 0, p = defaultseed; hostname[i] && i < SKEY_NAMELEN; i++) { |
for (i = 0, p = seed; hostname[i] && i < SKEY_NAMELEN; i++) { |
if (isalpha(hostname[i])) { |
if (isalpha(hostname[i])) { |
if (isupper(hostname[i])) |
if (isupper(hostname[i])) |
hostname[i] = tolower(hostname[i]); |
hostname[i] = tolower(hostname[i]); |
|
|
if (l > 0) { |
if (l > 0) { |
lastc = skey.seed[l - 1]; |
lastc = skey.seed[l - 1]; |
if (isdigit(lastc) && lastc != '9') { |
if (isdigit(lastc) && lastc != '9') { |
(void)strcpy(defaultseed, skey.seed); |
(void)strcpy(seed, skey.seed); |
defaultseed[l - 1] = lastc + 1; |
seed[l - 1] = lastc + 1; |
} |
} |
if (isdigit(lastc) && lastc == '9' && l < 16) { |
if (isdigit(lastc) && lastc == '9' && l < 16) { |
(void)strcpy(defaultseed, skey.seed); |
(void)strcpy(seed, skey.seed); |
defaultseed[l - 1] = '0'; |
seed[l - 1] = '0'; |
defaultseed[l] = '0'; |
seed[l] = '0'; |
defaultseed[l + 1] = '\0'; |
seed[l + 1] = '\0'; |
} |
} |
} |
} |
break; |
break; |
|
|
|
|
alarm(180); |
alarm(180); |
if (!defaultsetup) |
if (!defaultsetup) |
secure_mode(&n, key, seed, defaultseed, buf, sizeof(buf)); |
secure_mode(&n, key, seed, buf, sizeof(buf)); |
else |
else |
normal_mode(pp->pw_name, n, key, seed, defaultseed); |
normal_mode(pp->pw_name, n, key, seed); |
alarm(0); |
alarm(0); |
|
|
/* XXX - why use malloc here? */ |
/* XXX - why use malloc here? */ |
|
|
(void)fclose(skey.keyfile); |
(void)fclose(skey.keyfile); |
|
|
(void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name, |
(void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name, |
skey_get_algorithm(), n, seed); |
skey_get_algorithm(), n, seed); |
(void)printf("Next login password: %s\n\n", |
(void)printf("Next login password: %s\n\n", |
hexmode ? put8(buf, key) : btoe(buf, key)); |
hexmode ? put8(buf, key) : btoe(buf, key)); |
exit(0); |
exit(0); |
} |
} |
|
|
void |
void |
secure_mode(int *count, char *key, char *seed, char *defaultseed, char *buf, |
secure_mode(int *count, char *key, char *seed, char *buf, size_t bufsiz) |
size_t bufsiz) |
|
{ |
{ |
|
char *p, newseed[SKEY_MAX_SEED_LEN + 2]; |
int i, n; |
int i, n; |
char *p; |
|
|
|
(void)puts("You need the 6 words generated from the \"skey\" command."); |
(void)puts("You need the 6 words generated from the \"skey\" command."); |
for (i = 0; ; i++) { |
for (i = 0; ; i++) { |
|
|
if (i >= 2) |
if (i >= 2) |
exit(1); |
exit(1); |
|
|
(void)printf("Enter new seed [default %s]: ", |
(void)printf("Enter new seed [default %s]: ", seed); |
defaultseed); |
(void)fgets(newseed, sizeof(newseed), stdin); /* XXX */ |
(void)fgets(seed, SKEY_MAX_SEED_LEN+2, stdin); /* XXX */ |
|
clearerr(stdin); |
clearerr(stdin); |
rip(seed); |
rip(newseed); |
if (strlen(seed) > SKEY_MAX_SEED_LEN) { |
if (strlen(newseed) > SKEY_MAX_SEED_LEN) { |
(void)fprintf(stderr, "ERROR: Seed must be between 1 " |
(void)fprintf(stderr, "ERROR: Seed must be between 1 " |
"and %d characters in length\n", SKEY_MAX_SEED_LEN); |
"and %d characters in length\n", SKEY_MAX_SEED_LEN); |
continue; |
continue; |
} |
} |
if (seed[0] == '\0') |
for (p = newseed; *p; p++) { |
(void)strcpy(seed, defaultseed); |
|
for (p = seed; *p; p++) { |
|
if (isspace(*p)) { |
if (isspace(*p)) { |
(void)fputs("ERROR: Seed must not contain " |
(void)fputs("ERROR: Seed must not contain " |
"any spaces\n", stderr); |
"any spaces\n", stderr); |
|
|
if (*p == '\0') |
if (*p == '\0') |
break; /* Valid seed */ |
break; /* Valid seed */ |
} |
} |
|
if (newseed[0] != '\0') |
|
(void)strcpy(seed, newseed); |
|
|
for (i = 0; ; i++) { |
for (i = 0; ; i++) { |
if (i >= 2) |
if (i >= 2) |
|
|
} |
} |
|
|
void |
void |
normal_mode(char *username, int n, char *key, char *seed, char *defaultseed) |
normal_mode(char *username, int n, char *key, char *seed) |
{ |
{ |
int i, nn; |
int i, nn; |
char passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2]; |
char passwd[SKEY_MAX_PW_LEN+2], key2[SKEY_BINKEY_SIZE]; |
|
|
/* Get user's secret passphrase */ |
/* Get user's secret passphrase */ |
for (i = 0; ; i++) { |
for (i = 0; ; i++) { |
memset(passwd, 0, sizeof(passwd)); |
|
memset(passwd2, 0, sizeof(passwd2)); |
|
|
|
if (i > 2) |
if (i > 2) |
exit(1); |
errx(1, "S/Key entry not updated"); |
|
|
if (readpassphrase("Enter secret passphrase: ", passwd, |
if (readpassphrase("Enter secret passphrase: ", passwd, |
sizeof(passwd), 0) == NULL || passwd[0] == '\0') |
sizeof(passwd), 0) == NULL || passwd[0] == '\0') |
|
|
} |
} |
/* XXX - should check for passphrase that is really too long */ |
/* XXX - should check for passphrase that is really too long */ |
|
|
if (readpassphrase("Again secret passphrase: ", passwd2, |
/* Crunch seed and passphrase into starting key */ |
sizeof(passwd2), 0) && strcmp(passwd, passwd2) == 0) |
nn = keycrunch(key, seed, passwd); |
|
memset(passwd, 0, sizeof(passwd)); |
|
if (nn != 0) |
|
err(2, "key crunch failed"); |
|
|
|
if (readpassphrase("Again secret passphrase: ", passwd, |
|
sizeof(passwd), 0) == NULL || passwd[0] == '\0') |
|
exit(1); |
|
|
|
/* Crunch seed and passphrase into starting key */ |
|
nn = keycrunch(key2, seed, passwd); |
|
memset(passwd, 0, sizeof(passwd)); |
|
if (nn != 0) |
|
err(2, "key crunch failed"); |
|
|
|
if (memcmp(key, key2, sizeof(key2)) == 0) |
break; |
break; |
|
|
(void)fputs("Passphrases do not match.\n", stderr); |
(void)fputs("Passphrases do not match.\n", stderr); |
} |
} |
|
|
/* Crunch seed and passphrase into starting key */ |
|
(void)strcpy(seed, defaultseed); |
|
if (keycrunch(key, seed, passwd) != 0) |
|
err(2, "key crunch failed"); |
|
|
|
nn = n; |
nn = n; |
while (nn-- != 0) |
while (nn-- != 0) |