1 /* $NetBSD: skeyinit.c,v 1.12 1998/12/19 22:18:00 christos Exp $ */ 2 3 /* S/KEY v1.1b (skeyinit.c) 4 * 5 * Authors: 6 * Neil M. Haller <nmh@thumper.bellcore.com> 7 * Philip R. Karn <karn@chicago.qualcomm.com> 8 * John S. Walden <jsw@thumper.bellcore.com> 9 * Scott Chasin <chasin@crimelab.com> 10 * 11 * S/KEY initialization and seed update 12 */ 13 14 #include <sys/param.h> 15 #include <sys/time.h> 16 #include <sys/resource.h> 17 18 #include <stdio.h> 19 #include <stdlib.h> 20 #include <string.h> 21 #include <err.h> 22 #include <pwd.h> 23 #include <unistd.h> 24 #include <time.h> 25 #include <ctype.h> 26 27 #include "skey.h" 28 29 #define NAMELEN 2 30 31 int main __P((int, char **)); 32 33 int 34 main(argc, argv) 35 int argc; 36 char *argv[]; 37 { 38 int rval, n, nn, i, defaultsetup, l; 39 time_t now; 40 char hostname[MAXHOSTNAMELEN + 1]; 41 char seed[18], tmp[80], key[8], defaultseed[17]; 42 char passwd[256], passwd2[256], tbuf[27], buf[60]; 43 char lastc, me[80], *p, *pw; 44 const char *salt; 45 struct skey skey; 46 struct passwd *pp; 47 struct tm *tm; 48 49 time(&now); 50 tm = localtime(&now); 51 strftime(tbuf, sizeof(tbuf), "%M%j", tm); 52 tbuf[sizeof(tbuf) - 1] = '\0'; 53 54 if (gethostname(hostname, sizeof(hostname)) < 0) 55 err(1, "gethostname"); 56 hostname[sizeof(hostname) - 1] = '\0'; 57 strncpy(defaultseed, hostname, sizeof(defaultseed)- 1); 58 defaultseed[4] = '\0'; 59 strncat(defaultseed, tbuf, sizeof(defaultseed) - 5); 60 61 if ((pp = getpwuid(getuid())) == NULL) 62 err(1, "no user with uid %ld", (u_long)getuid()); 63 (void)strncpy(me, pp->pw_name, sizeof(me) - 1); 64 65 if ((pp = getpwnam(me)) == NULL) 66 err(1, "Who are you?"); 67 68 defaultsetup = 1; 69 if (argc > 1) { 70 if (strcmp("-s", argv[1]) == 0) 71 defaultsetup = 0; 72 else 73 pp = getpwnam(argv[1]); 74 75 if (argc > 2) 76 pp = getpwnam(argv[2]); 77 } 78 if (pp == NULL) { 79 err(1, "User unknown"); 80 } 81 if (strcmp(pp->pw_name, me) != 0) { 82 if (getuid() != 0) { 83 /* Only root can change other's passwds */ 84 printf("Permission denied.\n"); 85 exit(1); 86 } 87 } 88 salt = pp->pw_passwd; 89 90 setpriority(PRIO_PROCESS, 0, -4); 91 92 if (getuid() != 0) { 93 94 pw = getpass("Password:"); 95 p = crypt(pw, salt); 96 97 setpriority(PRIO_PROCESS, 0, 0); 98 99 if (pp && strcmp(p, pp->pw_passwd)) { 100 printf("Password incorrect.\n"); 101 exit(1); 102 } 103 } 104 rval = skeylookup(&skey, pp->pw_name); 105 switch (rval) { 106 case -1: 107 err(1, "cannot open database"); 108 case 0: 109 printf("[Updating %s]\n", pp->pw_name); 110 printf("Old key: %s\n", skey.seed); 111 112 /* 113 * lets be nice if they have a skey.seed that 114 * ends in 0-8 just add one 115 */ 116 l = strlen(skey.seed); 117 if (l > 0) { 118 lastc = skey.seed[l - 1]; 119 if (isdigit((unsigned char)lastc) && lastc != '9') { 120 (void)strncpy(defaultseed, skey.seed, 121 sizeof(defaultseed) - 1); 122 defaultseed[l - 1] = lastc + 1; 123 } 124 if (isdigit((unsigned char)lastc) && lastc == '9' && 125 l < 16) { 126 (void)strncpy(defaultseed, skey.seed, 127 sizeof(defaultseed) - 1); 128 defaultseed[l - 1] = '0'; 129 defaultseed[l] = '0'; 130 defaultseed[l + 1] = '\0'; 131 } 132 } 133 break; 134 case 1: 135 printf("[Adding %s]\n", pp->pw_name); 136 break; 137 } 138 n = 99; 139 140 if (!defaultsetup) { 141 printf("You need the 6 english words generated from the \"key\" command.\n"); 142 for (i = 0;; i++) { 143 if (i >= 2) 144 exit(1); 145 printf("Enter sequence count from 1 to 10000: "); 146 fgets(tmp, sizeof(tmp), stdin); 147 n = atoi(tmp); 148 if (n > 0 && n < 10000) 149 break; /* Valid range */ 150 printf("\n Error: Count must be > 0 and < 10000\n"); 151 } 152 } 153 if (!defaultsetup) { 154 printf("Enter new key [default %s]: ", defaultseed); 155 fflush(stdout); 156 fgets(seed, sizeof(seed), stdin); 157 rip(seed); 158 if (strlen(seed) > 16) { 159 printf("Notice: Seed truncated to 16 characters.\n"); 160 seed[16] = '\0'; 161 } 162 if (seed[0] == '\0') 163 (void)strncpy(seed, defaultseed, sizeof(seed) - 1); 164 165 for (i = 0;; i++) { 166 if (i >= 2) 167 exit(1); 168 169 printf("s/key %d %s\ns/key access password: ", n, seed); 170 fgets(tmp, sizeof(tmp), stdin); 171 rip(tmp); 172 backspace(tmp); 173 174 if (tmp[0] == '?') { 175 printf("Enter 6 English words from secure S/Key calculation.\n"); 176 continue; 177 } 178 if (tmp[0] == '\0') { 179 exit(1); 180 } 181 if (etob(key, tmp) == 1 || atob8(key, tmp) == 0) 182 break; /* Valid format */ 183 printf("Invalid format - try again with 6 English words.\n"); 184 } 185 } else { 186 /* Get user's secret password */ 187 for (i = 0;; i++) { 188 if (i >= 2) 189 exit(1); 190 191 printf("Enter secret password: "); 192 readpass(passwd, sizeof(passwd)); 193 if (passwd[0] == '\0') 194 exit(1); 195 196 printf("Again secret password: "); 197 readpass(passwd2, sizeof(passwd)); 198 if (passwd2[0] == '\0') 199 exit(1); 200 201 if (strlen(passwd) < 4 && strlen(passwd2) < 4) 202 err(1, "Your password must be longer"); 203 if (strcmp(passwd, passwd2) == 0) 204 break; 205 206 printf("Passwords do not match.\n"); 207 } 208 (void)strncpy(seed, defaultseed, sizeof(seed) - 1); 209 210 /* Crunch seed and password into starting key */ 211 if (keycrunch(key, seed, passwd) != 0) 212 err(2, "key crunch failed"); 213 nn = n; 214 while (nn-- != 0) 215 f(key); 216 } 217 time(&now); 218 tm = localtime(&now); 219 strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); 220 221 skey.val = (char *)malloc(16 + 1); 222 223 btoa8(skey.val, key); 224 225 fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n, 226 seed, skey.val, tbuf); 227 fclose(skey.keyfile); 228 printf("ID %s s/key is %d %s\n", pp->pw_name, n, seed); 229 printf("Next login password: %s\n", btoe(buf, key)); 230 #ifdef HEXIN 231 printf("%s\n", put8(buf, key)); 232 #endif 233 234 exit(1); 235 } 236