1 /* S/KEY v1.1b (skeyinit.c) 2 * 3 * Authors: 4 * Neil M. Haller <nmh@thumper.bellcore.com> 5 * Philip R. Karn <karn@chicago.qualcomm.com> 6 * John S. Walden <jsw@thumper.bellcore.com> 7 * Scott Chasin <chasin@crimelab.com> 8 * 9 * S/KEY initialization and seed update 10 * 11 * $Id: skeyinit.c,v 1.1 1994/05/24 06:48:14 deraadt Exp $ 12 */ 13 14 #include <stdio.h> 15 #include <string.h> 16 #include <pwd.h> 17 #include <unistd.h> 18 #include <time.h> 19 #include <sys/time.h> 20 #include <sys/resource.h> 21 #include "skey.h" 22 23 #define NAMELEN 2 24 25 int skeylookup __ARGS((struct skey * mp, char *name)); 26 27 main(argc, argv) 28 int argc; 29 char *argv[]; 30 { 31 int rval, n, nn, i, defaultsetup, l; 32 time_t now; 33 char seed[18], tmp[80], key[8], defaultseed[17]; 34 char passwd[256], passwd2[256], tbuf[27], buf[60]; 35 char lastc, me[80], user[8], *salt, *p, *pw; 36 struct skey skey; 37 struct passwd *pp; 38 struct tm *tm; 39 extern int optind; 40 extern char *optarg; 41 42 time(&now); 43 tm = localtime(&now); 44 strftime(tbuf, sizeof(tbuf), "%M%j", tm); 45 46 if (gethostname(defaultseed, sizeof(defaultseed)) < 0) 47 exit(-1); 48 49 strcpy(&defaultseed[NAMELEN], tbuf); 50 51 if ((pp = getpwuid(getuid())) == NULL) 52 err(1, "no user with uid %d", getuid()); 53 strcpy(me, pp->pw_name); 54 55 if ((pp = getpwnam(me)) == NULL) 56 err(1, "Who are you?"); 57 58 defaultsetup = 1; 59 if (argc > 1) { 60 if (strcmp("-s", argv[1]) == 0) 61 defaultsetup = 0; 62 else 63 pp = getpwnam(argv[1]); 64 65 if (argc > 2) 66 pp = getpwnam(argv[2]); 67 } 68 if (pp == NULL) { 69 err(1, "User unknown"); 70 } 71 if (strcmp(pp->pw_name, me) != 0) { 72 if (getuid() != 0) { 73 /* Only root can change other's passwds */ 74 printf("Permission denied.\n"); 75 exit(1); 76 } 77 } 78 salt = pp->pw_passwd; 79 80 setpriority(PRIO_PROCESS, 0, -4); 81 82 if (getuid() != 0) { 83 setpriority(PRIO_PROCESS, 0, -4); 84 85 pw = getpass("Password:"); 86 p = crypt(pw, salt); 87 88 setpriority(PRIO_PROCESS, 0, 0); 89 90 if (pp && strcmp(p, pp->pw_passwd)) { 91 printf("Password incorrect.\n"); 92 exit(1); 93 } 94 } 95 rval = skeylookup(&skey, pp->pw_name); 96 switch (rval) { 97 case -1: 98 err(1, "cannot open database"); 99 case 0: 100 printf("[Updating %s]\n", pp->pw_name); 101 printf("Old key: %s\n", skey.seed); 102 103 /* 104 * lets be nice if they have a skey.seed that 105 * ends in 0-8 just add one 106 */ 107 l = strlen(skey.seed); 108 if (l > 0) { 109 lastc = skey.seed[l - 1]; 110 if (isdigit(lastc) && lastc != '9') { 111 strcpy(defaultseed, skey.seed); 112 defaultseed[l - 1] = lastc + 1; 113 } 114 if (isdigit(lastc) && lastc == '9' && l < 16) { 115 strcpy(defaultseed, skey.seed); 116 defaultseed[l - 1] = '0'; 117 defaultseed[l] = '0'; 118 defaultseed[l + 1] = '\0'; 119 } 120 } 121 break; 122 case 1: 123 printf("[Adding %s]\n", pp->pw_name); 124 break; 125 } 126 n = 99; 127 128 if (!defaultsetup) { 129 printf("You need the 6 english words generated from the \"key\" command.\n"); 130 for (i = 0;; i++) { 131 if (i >= 2) 132 exit(1); 133 printf("Enter sequence count from 1 to 10000: "); 134 fgets(tmp, sizeof(tmp), stdin); 135 n = atoi(tmp); 136 if (n > 0 && n < 10000) 137 break; /* Valid range */ 138 printf("\n Error: Count must be > 0 and < 10000\n"); 139 } 140 } 141 if (!defaultsetup) { 142 printf("Enter new key [default %s]: ", defaultseed); 143 fflush(stdout); 144 fgets(seed, sizeof(seed), stdin); 145 rip(seed); 146 if (strlen(seed) > 16) { 147 printf("Notice: Seed truncated to 16 characters.\n"); 148 seed[16] = '\0'; 149 } 150 if (seed[0] == '\0') 151 strcpy(seed, defaultseed); 152 153 for (i = 0;; i++) { 154 if (i >= 2) 155 exit(1); 156 157 printf("s/key %d %s\ns/key access password: ", n, seed); 158 fgets(tmp, sizeof(tmp), stdin); 159 rip(tmp); 160 backspace(tmp); 161 162 if (tmp[0] == '?') { 163 printf("Enter 6 English words from secure S/Key calculation.\n"); 164 continue; 165 } 166 if (tmp[0] == '\0') { 167 exit(1); 168 } 169 if (etob(key, tmp) == 1 || atob8(key, tmp) == 0) 170 break; /* Valid format */ 171 printf("Invalid format - try again with 6 English words.\n"); 172 } 173 } else { 174 /* Get user's secret password */ 175 for (i = 0;; i++) { 176 if (i >= 2) 177 exit(1); 178 179 printf("Enter secret password: "); 180 readpass(passwd, sizeof(passwd)); 181 if (passwd[0] == '\0') 182 exit(1); 183 184 printf("Again secret password: "); 185 readpass(passwd2, sizeof(passwd)); 186 if (passwd2[0] == '\0') 187 exit(1); 188 189 if (strlen(passwd) < 4 && strlen(passwd2) < 4) 190 err(1, "Your password must be longer"); 191 if (strcmp(passwd, passwd2) == 0) 192 break; 193 194 printf("Passwords do not match.\n"); 195 } 196 strcpy(seed, defaultseed); 197 198 /* Crunch seed and password into starting key */ 199 if (keycrunch(key, seed, passwd) != 0) 200 err(2, "key crunch failed"); 201 nn = n; 202 while (nn-- != 0) 203 f(key); 204 } 205 time(&now); 206 tm = localtime(&now); 207 strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); 208 209 skey.val = (char *)malloc(16 + 1); 210 211 btoa8(skey.val, key); 212 213 fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n, 214 seed, skey.val, tbuf); 215 fclose(skey.keyfile); 216 printf("ID %s s/key is %d %s\n", pp->pw_name, n, seed); 217 printf("Next login password: %s\n", btoe(buf, key)); 218 #ifdef HEXIN 219 printf("%s\n", put8(buf, key)); 220 #endif 221 222 exit(1); 223 } 224