1 /* $NetBSD: skeyinit.c,v 1.8 1997/10/19 23:24:45 lukem Exp $ */ 2 3 /* S/KEY v1.1b (skeyinit.c) 4 * 5 * Authors: 6 * Neil M. Haller <nmh@thumper.bellcore.com> 7 * Philip R. Karn <karn@chicago.qualcomm.com> 8 * John S. Walden <jsw@thumper.bellcore.com> 9 * Scott Chasin <chasin@crimelab.com> 10 * 11 * S/KEY initialization and seed update 12 */ 13 14 #include <sys/param.h> 15 #include <sys/time.h> 16 #include <sys/resource.h> 17 18 #include <stdio.h> 19 #include <stdlib.h> 20 #include <string.h> 21 #include <err.h> 22 #include <pwd.h> 23 #include <unistd.h> 24 #include <time.h> 25 #include <ctype.h> 26 27 #include "skey.h" 28 29 #define NAMELEN 2 30 31 int main __P((int, char **)); 32 int skeylookup __ARGS((struct skey * mp, char *name)); 33 34 int 35 main(argc, argv) 36 int argc; 37 char *argv[]; 38 { 39 int rval, n, nn, i, defaultsetup, l; 40 time_t now; 41 char hostname[MAXHOSTNAMELEN]; 42 char seed[18], tmp[80], key[8], defaultseed[17]; 43 char passwd[256], passwd2[256], tbuf[27], buf[60]; 44 char lastc, me[80], *salt, *p, *pw; 45 struct skey skey; 46 struct passwd *pp; 47 struct tm *tm; 48 49 time(&now); 50 tm = localtime(&now); 51 strftime(tbuf, sizeof(tbuf), "%M%j", tm); 52 53 if (gethostname(hostname, sizeof(hostname)) < 0) 54 err(1, "gethostname"); 55 strncpy(defaultseed, hostname, sizeof(defaultseed)- 1); 56 defaultseed[4] = '\0'; 57 strncat(defaultseed, tbuf, sizeof(defaultseed) - 5); 58 59 if ((pp = getpwuid(getuid())) == NULL) 60 err(1, "no user with uid %d", getuid()); 61 (void)strncpy(me, pp->pw_name, sizeof(me) - 1); 62 63 if ((pp = getpwnam(me)) == NULL) 64 err(1, "Who are you?"); 65 66 defaultsetup = 1; 67 if (argc > 1) { 68 if (strcmp("-s", argv[1]) == 0) 69 defaultsetup = 0; 70 else 71 pp = getpwnam(argv[1]); 72 73 if (argc > 2) 74 pp = getpwnam(argv[2]); 75 } 76 if (pp == NULL) { 77 err(1, "User unknown"); 78 } 79 if (strcmp(pp->pw_name, me) != 0) { 80 if (getuid() != 0) { 81 /* Only root can change other's passwds */ 82 printf("Permission denied.\n"); 83 exit(1); 84 } 85 } 86 salt = pp->pw_passwd; 87 88 setpriority(PRIO_PROCESS, 0, -4); 89 90 if (getuid() != 0) { 91 setpriority(PRIO_PROCESS, 0, -4); 92 93 pw = getpass("Password:"); 94 p = crypt(pw, salt); 95 96 setpriority(PRIO_PROCESS, 0, 0); 97 98 if (pp && strcmp(p, pp->pw_passwd)) { 99 printf("Password incorrect.\n"); 100 exit(1); 101 } 102 } 103 rval = skeylookup(&skey, pp->pw_name); 104 switch (rval) { 105 case -1: 106 err(1, "cannot open database"); 107 case 0: 108 printf("[Updating %s]\n", pp->pw_name); 109 printf("Old key: %s\n", skey.seed); 110 111 /* 112 * lets be nice if they have a skey.seed that 113 * ends in 0-8 just add one 114 */ 115 l = strlen(skey.seed); 116 if (l > 0) { 117 lastc = skey.seed[l - 1]; 118 if (isdigit(lastc) && lastc != '9') { 119 (void)strncpy(defaultseed, skey.seed, 120 sizeof(defaultseed) - 1); 121 defaultseed[l - 1] = lastc + 1; 122 } 123 if (isdigit(lastc) && lastc == '9' && l < 16) { 124 (void)strncpy(defaultseed, skey.seed, 125 sizeof(defaultseed) - 1); 126 defaultseed[l - 1] = '0'; 127 defaultseed[l] = '0'; 128 defaultseed[l + 1] = '\0'; 129 } 130 } 131 break; 132 case 1: 133 printf("[Adding %s]\n", pp->pw_name); 134 break; 135 } 136 n = 99; 137 138 if (!defaultsetup) { 139 printf("You need the 6 english words generated from the \"key\" command.\n"); 140 for (i = 0;; i++) { 141 if (i >= 2) 142 exit(1); 143 printf("Enter sequence count from 1 to 10000: "); 144 fgets(tmp, sizeof(tmp), stdin); 145 n = atoi(tmp); 146 if (n > 0 && n < 10000) 147 break; /* Valid range */ 148 printf("\n Error: Count must be > 0 and < 10000\n"); 149 } 150 } 151 if (!defaultsetup) { 152 printf("Enter new key [default %s]: ", defaultseed); 153 fflush(stdout); 154 fgets(seed, sizeof(seed), stdin); 155 rip(seed); 156 if (strlen(seed) > 16) { 157 printf("Notice: Seed truncated to 16 characters.\n"); 158 seed[16] = '\0'; 159 } 160 if (seed[0] == '\0') 161 (void)strncpy(seed, defaultseed, sizeof(seed) - 1); 162 163 for (i = 0;; i++) { 164 if (i >= 2) 165 exit(1); 166 167 printf("s/key %d %s\ns/key access password: ", n, seed); 168 fgets(tmp, sizeof(tmp), stdin); 169 rip(tmp); 170 backspace(tmp); 171 172 if (tmp[0] == '?') { 173 printf("Enter 6 English words from secure S/Key calculation.\n"); 174 continue; 175 } 176 if (tmp[0] == '\0') { 177 exit(1); 178 } 179 if (etob(key, tmp) == 1 || atob8(key, tmp) == 0) 180 break; /* Valid format */ 181 printf("Invalid format - try again with 6 English words.\n"); 182 } 183 } else { 184 /* Get user's secret password */ 185 for (i = 0;; i++) { 186 if (i >= 2) 187 exit(1); 188 189 printf("Enter secret password: "); 190 readpass(passwd, sizeof(passwd)); 191 if (passwd[0] == '\0') 192 exit(1); 193 194 printf("Again secret password: "); 195 readpass(passwd2, sizeof(passwd)); 196 if (passwd2[0] == '\0') 197 exit(1); 198 199 if (strlen(passwd) < 4 && strlen(passwd2) < 4) 200 err(1, "Your password must be longer"); 201 if (strcmp(passwd, passwd2) == 0) 202 break; 203 204 printf("Passwords do not match.\n"); 205 } 206 (void)strncpy(seed, defaultseed, sizeof(seed) - 1); 207 208 /* Crunch seed and password into starting key */ 209 if (keycrunch(key, seed, passwd) != 0) 210 err(2, "key crunch failed"); 211 nn = n; 212 while (nn-- != 0) 213 f(key); 214 } 215 time(&now); 216 tm = localtime(&now); 217 strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); 218 219 skey.val = (char *)malloc(16 + 1); 220 221 btoa8(skey.val, key); 222 223 fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n, 224 seed, skey.val, tbuf); 225 fclose(skey.keyfile); 226 printf("ID %s s/key is %d %s\n", pp->pw_name, n, seed); 227 printf("Next login password: %s\n", btoe(buf, key)); 228 #ifdef HEXIN 229 printf("%s\n", put8(buf, key)); 230 #endif 231 232 exit(1); 233 } 234