| version 1.37, 2002/06/06 20:56:02 |
version 1.38, 2002/06/07 21:35:26 |
|
|
| #endif |
#endif |
| |
|
| void usage(void); |
void usage(void); |
| void secure_mode(int *, char *, char *, char *, char *, size_t); |
void secure_mode(int *, char *, char *, char *, size_t); |
| void normal_mode(char *, int, char *, char *, char *); |
void normal_mode(char *, int, char *, char *); |
| void timedout(int); |
void timedout(int); |
| void convert_db(void); |
void convert_db(void); |
| void enable_db(int); |
void enable_db(int); |
|
|
| { |
{ |
| int rval, i, l, n, defaultsetup, rmkey, hexmode, enable, convert; |
int rval, i, l, n, defaultsetup, rmkey, hexmode, enable, convert; |
| char hostname[MAXHOSTNAMELEN]; |
char hostname[MAXHOSTNAMELEN]; |
| char seed[SKEY_MAX_SEED_LEN + 2], defaultseed[SKEY_MAX_SEED_LEN + 1]; |
char seed[SKEY_MAX_SEED_LEN + 1]; |
| char buf[256], key[SKEY_BINKEY_SIZE], filename[PATH_MAX], *ht; |
char buf[256], key[SKEY_BINKEY_SIZE], filename[PATH_MAX], *ht; |
| char lastc, me[UT_NAMESIZE + 1], *p, *auth_type; |
char lastc, me[UT_NAMESIZE + 1], *p, *auth_type; |
| struct skey skey; |
struct skey skey; |
|
|
| /* Build up a default seed based on the hostname and time */ |
/* Build up a default seed based on the hostname and time */ |
| if (gethostname(hostname, sizeof(hostname)) < 0) |
if (gethostname(hostname, sizeof(hostname)) < 0) |
| err(1, "gethostname"); |
err(1, "gethostname"); |
| for (i = 0, p = defaultseed; hostname[i] && i < SKEY_NAMELEN; i++) { |
for (i = 0, p = seed; hostname[i] && i < SKEY_NAMELEN; i++) { |
| if (isalpha(hostname[i])) { |
if (isalpha(hostname[i])) { |
| if (isupper(hostname[i])) |
if (isupper(hostname[i])) |
| hostname[i] = tolower(hostname[i]); |
hostname[i] = tolower(hostname[i]); |
|
|
| if (l > 0) { |
if (l > 0) { |
| lastc = skey.seed[l - 1]; |
lastc = skey.seed[l - 1]; |
| if (isdigit(lastc) && lastc != '9') { |
if (isdigit(lastc) && lastc != '9') { |
| (void)strcpy(defaultseed, skey.seed); |
(void)strcpy(seed, skey.seed); |
| defaultseed[l - 1] = lastc + 1; |
seed[l - 1] = lastc + 1; |
| } |
} |
| if (isdigit(lastc) && lastc == '9' && l < 16) { |
if (isdigit(lastc) && lastc == '9' && l < 16) { |
| (void)strcpy(defaultseed, skey.seed); |
(void)strcpy(seed, skey.seed); |
| defaultseed[l - 1] = '0'; |
seed[l - 1] = '0'; |
| defaultseed[l] = '0'; |
seed[l] = '0'; |
| defaultseed[l + 1] = '\0'; |
seed[l + 1] = '\0'; |
| } |
} |
| } |
} |
| break; |
break; |
|
|
| |
|
| alarm(180); |
alarm(180); |
| if (!defaultsetup) |
if (!defaultsetup) |
| secure_mode(&n, key, seed, defaultseed, buf, sizeof(buf)); |
secure_mode(&n, key, seed, buf, sizeof(buf)); |
| else |
else |
| normal_mode(pp->pw_name, n, key, seed, defaultseed); |
normal_mode(pp->pw_name, n, key, seed); |
| alarm(0); |
alarm(0); |
| |
|
| /* XXX - why use malloc here? */ |
/* XXX - why use malloc here? */ |
|
|
| (void)fclose(skey.keyfile); |
(void)fclose(skey.keyfile); |
| |
|
| (void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name, |
(void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name, |
| skey_get_algorithm(), n, seed); |
skey_get_algorithm(), n, seed); |
| (void)printf("Next login password: %s\n\n", |
(void)printf("Next login password: %s\n\n", |
| hexmode ? put8(buf, key) : btoe(buf, key)); |
hexmode ? put8(buf, key) : btoe(buf, key)); |
| exit(0); |
exit(0); |
| } |
} |
| |
|
| void |
void |
| secure_mode(int *count, char *key, char *seed, char *defaultseed, char *buf, |
secure_mode(int *count, char *key, char *seed, char *buf, size_t bufsiz) |
| size_t bufsiz) |
|
| { |
{ |
| |
char *p, newseed[SKEY_MAX_SEED_LEN + 2]; |
| int i, n; |
int i, n; |
| char *p; |
|
| |
|
| (void)puts("You need the 6 words generated from the \"skey\" command."); |
(void)puts("You need the 6 words generated from the \"skey\" command."); |
| for (i = 0; ; i++) { |
for (i = 0; ; i++) { |
|
|
| if (i >= 2) |
if (i >= 2) |
| exit(1); |
exit(1); |
| |
|
| (void)printf("Enter new seed [default %s]: ", |
(void)printf("Enter new seed [default %s]: ", seed); |
| defaultseed); |
(void)fgets(newseed, sizeof(newseed), stdin); /* XXX */ |
| (void)fgets(seed, SKEY_MAX_SEED_LEN+2, stdin); /* XXX */ |
|
| clearerr(stdin); |
clearerr(stdin); |
| rip(seed); |
rip(newseed); |
| if (strlen(seed) > SKEY_MAX_SEED_LEN) { |
if (strlen(newseed) > SKEY_MAX_SEED_LEN) { |
| (void)fprintf(stderr, "ERROR: Seed must be between 1 " |
(void)fprintf(stderr, "ERROR: Seed must be between 1 " |
| "and %d characters in length\n", SKEY_MAX_SEED_LEN); |
"and %d characters in length\n", SKEY_MAX_SEED_LEN); |
| continue; |
continue; |
| } |
} |
| if (seed[0] == '\0') |
for (p = newseed; *p; p++) { |
| (void)strcpy(seed, defaultseed); |
|
| for (p = seed; *p; p++) { |
|
| if (isspace(*p)) { |
if (isspace(*p)) { |
| (void)fputs("ERROR: Seed must not contain " |
(void)fputs("ERROR: Seed must not contain " |
| "any spaces\n", stderr); |
"any spaces\n", stderr); |
|
|
| if (*p == '\0') |
if (*p == '\0') |
| break; /* Valid seed */ |
break; /* Valid seed */ |
| } |
} |
| |
if (newseed[0] != '\0') |
| |
(void)strcpy(seed, newseed); |
| |
|
| for (i = 0; ; i++) { |
for (i = 0; ; i++) { |
| if (i >= 2) |
if (i >= 2) |
|
|
| } |
} |
| |
|
| void |
void |
| normal_mode(char *username, int n, char *key, char *seed, char *defaultseed) |
normal_mode(char *username, int n, char *key, char *seed) |
| { |
{ |
| int i, nn; |
int i, nn; |
| char passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2]; |
char passwd[SKEY_MAX_PW_LEN+2], key2[SKEY_BINKEY_SIZE]; |
| |
|
| /* Get user's secret passphrase */ |
/* Get user's secret passphrase */ |
| for (i = 0; ; i++) { |
for (i = 0; ; i++) { |
| memset(passwd, 0, sizeof(passwd)); |
|
| memset(passwd2, 0, sizeof(passwd2)); |
|
| |
|
| if (i > 2) |
if (i > 2) |
| exit(1); |
errx(1, "S/Key entry not updated"); |
| |
|
| if (readpassphrase("Enter secret passphrase: ", passwd, |
if (readpassphrase("Enter secret passphrase: ", passwd, |
| sizeof(passwd), 0) == NULL || passwd[0] == '\0') |
sizeof(passwd), 0) == NULL || passwd[0] == '\0') |
|
|
| } |
} |
| /* XXX - should check for passphrase that is really too long */ |
/* XXX - should check for passphrase that is really too long */ |
| |
|
| if (readpassphrase("Again secret passphrase: ", passwd2, |
/* Crunch seed and passphrase into starting key */ |
| sizeof(passwd2), 0) && strcmp(passwd, passwd2) == 0) |
nn = keycrunch(key, seed, passwd); |
| |
memset(passwd, 0, sizeof(passwd)); |
| |
if (nn != 0) |
| |
err(2, "key crunch failed"); |
| |
|
| |
if (readpassphrase("Again secret passphrase: ", passwd, |
| |
sizeof(passwd), 0) == NULL || passwd[0] == '\0') |
| |
exit(1); |
| |
|
| |
/* Crunch seed and passphrase into starting key */ |
| |
nn = keycrunch(key2, seed, passwd); |
| |
memset(passwd, 0, sizeof(passwd)); |
| |
if (nn != 0) |
| |
err(2, "key crunch failed"); |
| |
|
| |
if (memcmp(key, key2, sizeof(key2)) == 0) |
| break; |
break; |
| |
|
| (void)fputs("Passphrases do not match.\n", stderr); |
(void)fputs("Passphrases do not match.\n", stderr); |
| } |
} |
| |
|
| /* Crunch seed and passphrase into starting key */ |
|
| (void)strcpy(seed, defaultseed); |
|
| if (keycrunch(key, seed, passwd) != 0) |
|
| err(2, "key crunch failed"); |
|
| |
|
| nn = n; |
nn = n; |
| while (nn-- != 0) |
while (nn-- != 0) |
![[BACK]](/icons/back.gif){kind=icon}
Return to skeyinit.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / skeyinit