skeyinit.c revision 1.7
1 /* $NetBSD: skeyinit.c,v 1.7 1997/02/11 09:25:24 mrg Exp $ */ 2 3 /* S/KEY v1.1b (skeyinit.c) 4 * 5 * Authors: 6 * Neil M. Haller <nmh (at) thumper.bellcore.com> 7 * Philip R. Karn <karn (at) chicago.qualcomm.com> 8 * John S. Walden <jsw (at) thumper.bellcore.com> 9 * Scott Chasin <chasin (at) crimelab.com> 10 * 11 * S/KEY initialization and seed update 12 */ 13 14 #include <sys/param.h> 15 #include <sys/time.h> 16 #include <sys/resource.h> 17 18 #include <stdio.h> 19 #include <stdlib.h> 20 #include <string.h> 21 #include <err.h> 22 #include <pwd.h> 23 #include <unistd.h> 24 #include <time.h> 25 #include <ctype.h> 26 27 #include "skey.h" 28 29 #define NAMELEN 2 30 31 int skeylookup __ARGS((struct skey * mp, char *name)); 32 33 int 34 main(argc, argv) 35 int argc; 36 char *argv[]; 37 { 38 int rval, n, nn, i, defaultsetup, l; 39 time_t now; 40 char hostname[MAXHOSTNAMELEN]; 41 char seed[18], tmp[80], key[8], defaultseed[17]; 42 char passwd[256], passwd2[256], tbuf[27], buf[60]; 43 char lastc, me[80], user[8], *salt, *p, *pw; 44 struct skey skey; 45 struct passwd *pp; 46 struct tm *tm; 47 48 time(&now); 49 tm = localtime(&now); 50 strftime(tbuf, sizeof(tbuf), "%M%j", tm); 51 52 if (gethostname(hostname, sizeof(hostname)) < 0) 53 err(1, "gethostname"); 54 strncpy(defaultseed, hostname, sizeof(defaultseed)- 1); 55 defaultseed[4] = '\0'; 56 strncat(defaultseed, tbuf, sizeof(defaultseed) - 5); 57 58 if ((pp = getpwuid(getuid())) == NULL) 59 err(1, "no user with uid %d", getuid()); 60 (void)strncpy(me, pp->pw_name, sizeof(me) - 1); 61 62 if ((pp = getpwnam(me)) == NULL) 63 err(1, "Who are you?"); 64 65 defaultsetup = 1; 66 if (argc > 1) { 67 if (strcmp("-s", argv[1]) == 0) 68 defaultsetup = 0; 69 else 70 pp = getpwnam(argv[1]); 71 72 if (argc > 2) 73 pp = getpwnam(argv[2]); 74 } 75 if (pp == NULL) { 76 err(1, "User unknown"); 77 } 78 if (strcmp(pp->pw_name, me) != 0) { 79 if (getuid() != 0) { 80 /* Only root can change other's passwds */ 81 printf("Permission denied.\n"); 82 exit(1); 83 } 84 } 85 salt = pp->pw_passwd; 86 87 setpriority(PRIO_PROCESS, 0, -4); 88 89 if (getuid() != 0) { 90 setpriority(PRIO_PROCESS, 0, -4); 91 92 pw = getpass("Password:"); 93 p = crypt(pw, salt); 94 95 setpriority(PRIO_PROCESS, 0, 0); 96 97 if (pp && strcmp(p, pp->pw_passwd)) { 98 printf("Password incorrect.\n"); 99 exit(1); 100 } 101 } 102 rval = skeylookup(&skey, pp->pw_name); 103 switch (rval) { 104 case -1: 105 err(1, "cannot open database"); 106 case 0: 107 printf("[Updating %s]\n", pp->pw_name); 108 printf("Old key: %s\n", skey.seed); 109 110 /* 111 * lets be nice if they have a skey.seed that 112 * ends in 0-8 just add one 113 */ 114 l = strlen(skey.seed); 115 if (l > 0) { 116 lastc = skey.seed[l - 1]; 117 if (isdigit(lastc) && lastc != '9') { 118 (void)strncpy(defaultseed, skey.seed, 119 sizeof(defaultseed) - 1); 120 defaultseed[l - 1] = lastc + 1; 121 } 122 if (isdigit(lastc) && lastc == '9' && l < 16) { 123 (void)strncpy(defaultseed, skey.seed, 124 sizeof(defaultseed) - 1); 125 defaultseed[l - 1] = '0'; 126 defaultseed[l] = '0'; 127 defaultseed[l + 1] = '\0'; 128 } 129 } 130 break; 131 case 1: 132 printf("[Adding %s]\n", pp->pw_name); 133 break; 134 } 135 n = 99; 136 137 if (!defaultsetup) { 138 printf("You need the 6 english words generated from the \"key\" command.\n"); 139 for (i = 0;; i++) { 140 if (i >= 2) 141 exit(1); 142 printf("Enter sequence count from 1 to 10000: "); 143 fgets(tmp, sizeof(tmp), stdin); 144 n = atoi(tmp); 145 if (n > 0 && n < 10000) 146 break; /* Valid range */ 147 printf("\n Error: Count must be > 0 and < 10000\n"); 148 } 149 } 150 if (!defaultsetup) { 151 printf("Enter new key [default %s]: ", defaultseed); 152 fflush(stdout); 153 fgets(seed, sizeof(seed), stdin); 154 rip(seed); 155 if (strlen(seed) > 16) { 156 printf("Notice: Seed truncated to 16 characters.\n"); 157 seed[16] = '\0'; 158 } 159 if (seed[0] == '\0') 160 (void)strncpy(seed, defaultseed, sizeof(seed) - 1); 161 162 for (i = 0;; i++) { 163 if (i >= 2) 164 exit(1); 165 166 printf("s/key %d %s\ns/key access password: ", n, seed); 167 fgets(tmp, sizeof(tmp), stdin); 168 rip(tmp); 169 backspace(tmp); 170 171 if (tmp[0] == '?') { 172 printf("Enter 6 English words from secure S/Key calculation.\n"); 173 continue; 174 } 175 if (tmp[0] == '\0') { 176 exit(1); 177 } 178 if (etob(key, tmp) == 1 || atob8(key, tmp) == 0) 179 break; /* Valid format */ 180 printf("Invalid format - try again with 6 English words.\n"); 181 } 182 } else { 183 /* Get user's secret password */ 184 for (i = 0;; i++) { 185 if (i >= 2) 186 exit(1); 187 188 printf("Enter secret password: "); 189 readpass(passwd, sizeof(passwd)); 190 if (passwd[0] == '\0') 191 exit(1); 192 193 printf("Again secret password: "); 194 readpass(passwd2, sizeof(passwd)); 195 if (passwd2[0] == '\0') 196 exit(1); 197 198 if (strlen(passwd) < 4 && strlen(passwd2) < 4) 199 err(1, "Your password must be longer"); 200 if (strcmp(passwd, passwd2) == 0) 201 break; 202 203 printf("Passwords do not match.\n"); 204 } 205 (void)strncpy(seed, defaultseed, sizeof(seed) - 1); 206 207 /* Crunch seed and password into starting key */ 208 if (keycrunch(key, seed, passwd) != 0) 209 err(2, "key crunch failed"); 210 nn = n; 211 while (nn-- != 0) 212 f(key); 213 } 214 time(&now); 215 tm = localtime(&now); 216 strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); 217 218 skey.val = (char *)malloc(16 + 1); 219 220 btoa8(skey.val, key); 221 222 fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n, 223 seed, skey.val, tbuf); 224 fclose(skey.keyfile); 225 printf("ID %s s/key is %d %s\n", pp->pw_name, n, seed); 226 printf("Next login password: %s\n", btoe(buf, key)); 227 #ifdef HEXIN 228 printf("%s\n", put8(buf, key)); 229 #endif 230 231 exit(1); 232 } 233
Indexes created Thu Sep 25 16:09:42 GMT 2025