Annotation of src/usr.bin/skeyinit/skeyinit.c, Revision 1.15
1.15 ! millert 1: /* $OpenBSD: skeyinit.c,v 1.14 1996/10/08 16:31:45 millert Exp $ */
1.1 deraadt 2: /* $NetBSD: skeyinit.c,v 1.6 1995/06/05 19:50:48 pk Exp $ */
3:
4: /* S/KEY v1.1b (skeyinit.c)
5: *
6: * Authors:
7: * Neil M. Haller <nmh@thumper.bellcore.com>
8: * Philip R. Karn <karn@chicago.qualcomm.com>
9: * John S. Walden <jsw@thumper.bellcore.com>
10: * Scott Chasin <chasin@crimelab.com>
11: *
12: * S/KEY initialization and seed update
13: */
14:
15: #include <sys/param.h>
16: #include <sys/time.h>
17: #include <sys/resource.h>
18:
19: #include <stdio.h>
20: #include <stdlib.h>
21: #include <string.h>
22: #include <err.h>
23: #include <pwd.h>
24: #include <unistd.h>
25: #include <time.h>
1.6 millert 26: #include <utmp.h>
1.1 deraadt 27: #include <ctype.h>
1.4 millert 28: #include <skey.h>
1.1 deraadt 29:
1.4 millert 30: #ifndef SKEY_MAXSEQ
31: #define SKEY_MAXSEQ 10000
32: #endif
33: #ifndef SKEY_NAMELEN
34: #define SKEY_NAMELEN 4
35: #endif
36: #ifndef SKEY_MIN_PW_LEN
1.9 millert 37: #define SKEY_MIN_PW_LEN 10
1.4 millert 38: #endif
1.1 deraadt 39:
1.8 millert 40: void usage __P((char *));
41:
1.1 deraadt 42: int
43: main(argc, argv)
44: int argc;
45: char *argv[];
46: {
1.8 millert 47: int rval, n, nn, i, l, defaultsetup=1, zerokey=0, hexmode=0;
1.1 deraadt 48: time_t now;
49: char hostname[MAXHOSTNAMELEN];
50: char seed[18], tmp[80], key[8], defaultseed[17];
51: char passwd[256], passwd2[256], tbuf[27], buf[60];
1.8 millert 52: char lastc, me[UT_NAMESIZE+1], *salt, *p, *pw, *ht=NULL;
1.1 deraadt 53: struct skey skey;
54: struct passwd *pp;
55: struct tm *tm;
56:
1.4 millert 57: if (geteuid() != 0)
58: errx(1, "must be setuid root.");
59:
60: (void)time(&now);
1.5 millert 61: (void)sprintf(tbuf, "%05ld", (long) (now % 100000));
1.1 deraadt 62:
63: if (gethostname(hostname, sizeof(hostname)) < 0)
64: err(1, "gethostname");
1.4 millert 65: (void)strncpy(defaultseed, hostname, sizeof(defaultseed) - 1);
66: defaultseed[SKEY_NAMELEN] = '\0';
67: (void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
1.1 deraadt 68:
69: if ((pp = getpwuid(getuid())) == NULL)
70: err(1, "no user with uid %d", getuid());
1.4 millert 71: (void)strcpy(me, pp->pw_name);
1.1 deraadt 72:
73: if ((pp = getpwnam(me)) == NULL)
74: err(1, "Who are you?");
75:
1.8 millert 76: for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
77: if (argv[i][2] == '\0') {
78: /* Single character switch */
79: switch (argv[i][1]) {
1.4 millert 80: case 's':
81: defaultsetup = 0;
82: break;
83: case 'x':
84: hexmode = 1;
85: break;
86: case 'z':
87: zerokey = 1;
88: break;
1.8 millert 89: default:
90: usage(argv[0]);
91: }
92: } else {
93: /* Multi character switches are hash types */
94: if ((ht = skey_set_algorithm(&argv[i][1])) == NULL) {
95: warnx("Unknown hash algorithm %s", &argv[i][1]);
96: usage(argv[0]);
97: }
1.7 millert 98: }
1.8 millert 99: i++;
1.7 millert 100: }
101:
102: /* check for optional user string */
1.8 millert 103: if (argc - i > 1) {
104: usage(argv[0]);
105: } else if (argv[i]) {
106: if ((pp = getpwnam(argv[i])) == NULL)
1.4 millert 107: err(1, "User unknown");
108:
109: if (strcmp(pp->pw_name, me) != 0) {
110: if (getuid() != 0) {
111: /* Only root can change other's passwds */
112: errx(1, "Permission denied.");
113: }
1.1 deraadt 114: }
115: }
116: salt = pp->pw_passwd;
117:
118: if (getuid() != 0) {
1.11 millert 119: pw = getpass("Password (or `s/key'):");
1.10 millert 120: if (strcasecmp(pw, "s/key") == 0) {
121: if (skey_haskey(me))
122: exit(1);
123: if (skey_authenticate(me))
124: errx(1, "Password incorrect.");
125: } else {
126: p = crypt(pw, salt);
127: if (strcmp(p, pp->pw_passwd))
128: errx(1, "Password incorrect.");
129: }
130: }
1.1 deraadt 131:
1.10 millert 132: (void)setpriority(PRIO_PROCESS, 0, -4);
1.4 millert 133:
1.1 deraadt 134: rval = skeylookup(&skey, pp->pw_name);
135: switch (rval) {
1.4 millert 136: case -1:
137: err(1, "cannot open database");
138: case 0:
139: /* comment out user if asked to */
140: if (zerokey)
141: exit(skeyzero(&skey, pp->pw_name));
142:
143: (void)printf("[Updating %s]\n", pp->pw_name);
1.12 millert 144: (void)printf("Old key: [%s] %s\n", skey_get_algorithm(),
145: skey.seed);
1.4 millert 146:
147: /*
148: * Lets be nice if they have a skey.seed that
149: * ends in 0-8 just add one
150: */
151: l = strlen(skey.seed);
152: if (l > 0) {
153: lastc = skey.seed[l - 1];
154: if (isdigit(lastc) && lastc != '9') {
155: (void)strcpy(defaultseed, skey.seed);
156: defaultseed[l - 1] = lastc + 1;
157: }
158: if (isdigit(lastc) && lastc == '9' && l < 16) {
159: (void)strcpy(defaultseed, skey.seed);
160: defaultseed[l - 1] = '0';
161: defaultseed[l] = '0';
162: defaultseed[l + 1] = '\0';
163: }
1.1 deraadt 164: }
1.4 millert 165: break;
166: case 1:
167: if (zerokey)
168: errx(1, "You have no entry to zero.");
169: (void)printf("[Adding %s]\n", pp->pw_name);
170: break;
1.1 deraadt 171: }
172: n = 99;
173:
1.8 millert 174: /* Set hash type if asked to */
1.13 millert 175: if (ht) {
176: /* Need to zero out old key when changing algorithm */
177: if (strcmp(ht, skey_get_algorithm()) && skey_set_algorithm(ht))
178: zerokey = 1;
179: }
1.4 millert 180:
1.1 deraadt 181: if (!defaultsetup) {
1.4 millert 182: (void)printf("You need the 6 english words generated from the \"skey\" command.\n");
1.1 deraadt 183: for (i = 0;; i++) {
184: if (i >= 2)
185: exit(1);
1.10 millert 186:
1.4 millert 187: (void)printf("Enter sequence count from 1 to %d: ",
188: SKEY_MAXSEQ);
189: (void)fgets(tmp, sizeof(tmp), stdin);
1.1 deraadt 190: n = atoi(tmp);
1.4 millert 191: if (n > 0 && n < SKEY_MAXSEQ)
1.1 deraadt 192: break; /* Valid range */
1.10 millert 193: (void)printf("Error: Count must be > 0 and < %d\n",
1.4 millert 194: SKEY_MAXSEQ);
1.1 deraadt 195: }
1.4 millert 196:
1.10 millert 197: for (i = 0;; i++) {
198: if (i >= 2)
199: exit(1);
200:
201: (void)printf("Enter new key [default %s]: ",
202: defaultseed);
203: (void)fgets(seed, sizeof(seed), stdin);
204: rip(seed);
205: for (p = seed; *p; p++) {
206: if (isalpha(*p)) {
207: if (isupper(*p))
208: *p = tolower(*p);
209: } else if (!isdigit(*p)) {
210: (void)puts("Error: seed may only contain alpha numeric characters");
211: break;
212: }
213: }
214: if (*p == '\0')
215: break; /* Valid seed */
216: }
1.1 deraadt 217: if (strlen(seed) > 16) {
1.4 millert 218: (void)puts("Notice: Seed truncated to 16 characters.");
1.1 deraadt 219: seed[16] = '\0';
220: }
221: if (seed[0] == '\0')
1.4 millert 222: (void)strcpy(seed, defaultseed);
1.1 deraadt 223:
224: for (i = 0;; i++) {
225: if (i >= 2)
226: exit(1);
227:
1.10 millert 228: (void)printf("otp-%s %d %s\nS/Key access password: ",
229: skey_get_algorithm(), n, seed);
1.4 millert 230: (void)fgets(tmp, sizeof(tmp), stdin);
1.1 deraadt 231: rip(tmp);
232: backspace(tmp);
233:
234: if (tmp[0] == '?') {
1.4 millert 235: (void)puts("Enter 6 English words from secure S/Key calculation.");
1.1 deraadt 236: continue;
1.4 millert 237: } else if (tmp[0] == '\0')
1.1 deraadt 238: exit(1);
239: if (etob(key, tmp) == 1 || atob8(key, tmp) == 0)
240: break; /* Valid format */
1.4 millert 241: (void)puts("Invalid format - try again with 6 English words.");
1.1 deraadt 242: }
243: } else {
244: /* Get user's secret password */
1.4 millert 245: fputs("Reminder - Only use this method if you are directly connected\n or have an encrypted channel. If you are using telnet\n or rlogin, exit with no password and use keyinit -s.\n", stderr);
246:
1.1 deraadt 247: for (i = 0;; i++) {
1.4 millert 248: if (i > 2)
1.1 deraadt 249: exit(1);
250:
1.4 millert 251: (void)fputs("Enter secret password: ", stderr);
1.1 deraadt 252: readpass(passwd, sizeof(passwd));
253: if (passwd[0] == '\0')
254: exit(1);
255:
1.4 millert 256: if (strlen(passwd) < SKEY_MIN_PW_LEN) {
257: (void)fputs("Your password must be longer.\n",
258: stderr);
259: continue;
260: }
261:
262: (void)fputs("Again secret password: ", stderr);
1.1 deraadt 263: readpass(passwd2, sizeof(passwd));
264: if (passwd2[0] == '\0')
265: exit(1);
266:
267: if (strcmp(passwd, passwd2) == 0)
268: break;
269:
1.4 millert 270: (void)fputs("Passwords do not match.\n", stderr);
1.1 deraadt 271: }
272:
273: /* Crunch seed and password into starting key */
1.4 millert 274: (void)strcpy(seed, defaultseed);
1.1 deraadt 275: if (keycrunch(key, seed, passwd) != 0)
276: err(2, "key crunch failed");
1.4 millert 277:
1.1 deraadt 278: nn = n;
279: while (nn-- != 0)
280: f(key);
281: }
1.4 millert 282: (void)time(&now);
1.1 deraadt 283: tm = localtime(&now);
1.4 millert 284: (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
1.1 deraadt 285:
1.4 millert 286: if ((skey.val = (char *)malloc(16 + 1)) == NULL)
287: err(1, "Can't allocate memory");
1.1 deraadt 288:
1.13 millert 289: /* Zero out old key if necesary (entry would change size) */
290: if (zerokey) {
291: (void)skeyzero(&skey, pp->pw_name);
292: /* Re-open keys file and seek to the end */
293: if (skeylookup(&skey, pp->pw_name) == -1)
294: err(1, "cannot open database");
295: }
296:
1.1 deraadt 297: btoa8(skey.val, key);
298:
1.12 millert 299: /* Don't save algorithm type for md4 (keep record length same) */
300: if (strcmp(skey_get_algorithm(), "md4") == 0)
1.13 millert 301: (void)fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
1.12 millert 302: pp->pw_name, n, seed, skey.val, tbuf);
303: else
304: (void)fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
305: pp->pw_name, skey_get_algorithm(), n, seed, skey.val, tbuf);
1.4 millert 306: (void)fclose(skey.keyfile);
1.10 millert 307:
308: (void)setpriority(PRIO_PROCESS, 0, 0);
309:
1.12 millert 310: (void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
311: skey_get_algorithm(), n, seed);
1.10 millert 312: (void)printf("Next login password: %s\n\n",
313: hexmode ? put8(buf, key) : btoe(buf, key));
1.4 millert 314: exit(0);
1.8 millert 315: }
316:
317: void
318: usage(s)
319: char *s;
320: {
321: (void)fprintf(stderr,
322: "Usage: %s [-s] [-x] [-z] [-md4|-md5|-sha1] [user]\n", s);
323: exit(1);
1.1 deraadt 324: }