skeyinit.c revision 1.4
1 /* S/KEY v1.1b (skeyinit.c) 2 * 3 * Authors: 4 * Neil M. Haller <nmh (at) thumper.bellcore.com> 5 * Philip R. Karn <karn (at) chicago.qualcomm.com> 6 * John S. Walden <jsw (at) thumper.bellcore.com> 7 * Scott Chasin <chasin (at) crimelab.com> 8 * 9 * S/KEY initialization and seed update 10 * 11 * $Id: skeyinit.c,v 1.4 1994/05/30 04:52:26 deraadt Exp $ 12 */ 13 14 #include <sys/param.h> 15 #include <sys/time.h> 16 #include <sys/resource.h> 17 18 #include <stdio.h> 19 #include <string.h> 20 #include <pwd.h> 21 #include <unistd.h> 22 #include <time.h> 23 24 #include "skey.h" 25 26 #define NAMELEN 2 27 28 int skeylookup __ARGS((struct skey * mp, char *name)); 29 30 main(argc, argv) 31 int argc; 32 char *argv[]; 33 { 34 int rval, n, nn, i, defaultsetup, l; 35 time_t now; 36 char hostname[MAXHOSTNAMELEN]; 37 char seed[18], tmp[80], key[8], defaultseed[17]; 38 char passwd[256], passwd2[256], tbuf[27], buf[60]; 39 char lastc, me[80], user[8], *salt, *p, *pw; 40 struct skey skey; 41 struct passwd *pp; 42 struct tm *tm; 43 extern int optind; 44 extern char *optarg; 45 46 time(&now); 47 tm = localtime(&now); 48 strftime(tbuf, sizeof(tbuf), "%M%j", tm); 49 50 if (gethostname(hostname, sizeof(hostname)) < 0) 51 err(1, "gethostname"); 52 strncpy(defaultseed, hostname, sizeof(defaultseed)- 1); 53 defaultseed[4] = '\0'; 54 strncat(defaultseed, tbuf, sizeof(defaultseed) - 5); 55 56 if ((pp = getpwuid(getuid())) == NULL) 57 err(1, "no user with uid %d", getuid()); 58 strcpy(me, pp->pw_name); 59 60 if ((pp = getpwnam(me)) == NULL) 61 err(1, "Who are you?"); 62 63 defaultsetup = 1; 64 if (argc > 1) { 65 if (strcmp("-s", argv[1]) == 0) 66 defaultsetup = 0; 67 else 68 pp = getpwnam(argv[1]); 69 70 if (argc > 2) 71 pp = getpwnam(argv[2]); 72 } 73 if (pp == NULL) { 74 err(1, "User unknown"); 75 } 76 if (strcmp(pp->pw_name, me) != 0) { 77 if (getuid() != 0) { 78 /* Only root can change other's passwds */ 79 printf("Permission denied.\n"); 80 exit(1); 81 } 82 } 83 salt = pp->pw_passwd; 84 85 setpriority(PRIO_PROCESS, 0, -4); 86 87 if (getuid() != 0) { 88 setpriority(PRIO_PROCESS, 0, -4); 89 90 pw = getpass("Password:"); 91 p = crypt(pw, salt); 92 93 setpriority(PRIO_PROCESS, 0, 0); 94 95 if (pp && strcmp(p, pp->pw_passwd)) { 96 printf("Password incorrect.\n"); 97 exit(1); 98 } 99 } 100 rval = skeylookup(&skey, pp->pw_name); 101 switch (rval) { 102 case -1: 103 err(1, "cannot open database"); 104 case 0: 105 printf("[Updating %s]\n", pp->pw_name); 106 printf("Old key: %s\n", skey.seed); 107 108 /* 109 * lets be nice if they have a skey.seed that 110 * ends in 0-8 just add one 111 */ 112 l = strlen(skey.seed); 113 if (l > 0) { 114 lastc = skey.seed[l - 1]; 115 if (isdigit(lastc) && lastc != '9') { 116 strcpy(defaultseed, skey.seed); 117 defaultseed[l - 1] = lastc + 1; 118 } 119 if (isdigit(lastc) && lastc == '9' && l < 16) { 120 strcpy(defaultseed, skey.seed); 121 defaultseed[l - 1] = '0'; 122 defaultseed[l] = '0'; 123 defaultseed[l + 1] = '\0'; 124 } 125 } 126 break; 127 case 1: 128 printf("[Adding %s]\n", pp->pw_name); 129 break; 130 } 131 n = 99; 132 133 if (!defaultsetup) { 134 printf("You need the 6 english words generated from the \"key\" command.\n"); 135 for (i = 0;; i++) { 136 if (i >= 2) 137 exit(1); 138 printf("Enter sequence count from 1 to 10000: "); 139 fgets(tmp, sizeof(tmp), stdin); 140 n = atoi(tmp); 141 if (n > 0 && n < 10000) 142 break; /* Valid range */ 143 printf("\n Error: Count must be > 0 and < 10000\n"); 144 } 145 } 146 if (!defaultsetup) { 147 printf("Enter new key [default %s]: ", defaultseed); 148 fflush(stdout); 149 fgets(seed, sizeof(seed), stdin); 150 rip(seed); 151 if (strlen(seed) > 16) { 152 printf("Notice: Seed truncated to 16 characters.\n"); 153 seed[16] = '\0'; 154 } 155 if (seed[0] == '\0') 156 strcpy(seed, defaultseed); 157 158 for (i = 0;; i++) { 159 if (i >= 2) 160 exit(1); 161 162 printf("s/key %d %s\ns/key access password: ", n, seed); 163 fgets(tmp, sizeof(tmp), stdin); 164 rip(tmp); 165 backspace(tmp); 166 167 if (tmp[0] == '?') { 168 printf("Enter 6 English words from secure S/Key calculation.\n"); 169 continue; 170 } 171 if (tmp[0] == '\0') { 172 exit(1); 173 } 174 if (etob(key, tmp) == 1 || atob8(key, tmp) == 0) 175 break; /* Valid format */ 176 printf("Invalid format - try again with 6 English words.\n"); 177 } 178 } else { 179 /* Get user's secret password */ 180 for (i = 0;; i++) { 181 if (i >= 2) 182 exit(1); 183 184 printf("Enter secret password: "); 185 readpass(passwd, sizeof(passwd)); 186 if (passwd[0] == '\0') 187 exit(1); 188 189 printf("Again secret password: "); 190 readpass(passwd2, sizeof(passwd)); 191 if (passwd2[0] == '\0') 192 exit(1); 193 194 if (strlen(passwd) < 4 && strlen(passwd2) < 4) 195 err(1, "Your password must be longer"); 196 if (strcmp(passwd, passwd2) == 0) 197 break; 198 199 printf("Passwords do not match.\n"); 200 } 201 strcpy(seed, defaultseed); 202 203 /* Crunch seed and password into starting key */ 204 if (keycrunch(key, seed, passwd) != 0) 205 err(2, "key crunch failed"); 206 nn = n; 207 while (nn-- != 0) 208 f(key); 209 } 210 time(&now); 211 tm = localtime(&now); 212 strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); 213 214 skey.val = (char *)malloc(16 + 1); 215 216 btoa8(skey.val, key); 217 218 fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n, 219 seed, skey.val, tbuf); 220 fclose(skey.keyfile); 221 printf("ID %s s/key is %d %s\n", pp->pw_name, n, seed); 222 printf("Next login password: %s\n", btoe(buf, key)); 223 #ifdef HEXIN 224 printf("%s\n", put8(buf, key)); 225 #endif 226 227 exit(1); 228 } 229
Indexes created Thu Sep 25 16:09:42 GMT 2025