1*3a7efd93Smestre /* $OpenBSD: tokeninit.c,v 1.13 2017/05/03 09:51:39 mestre Exp $ */
2851d2d47Smillert
3851d2d47Smillert /*-
4851d2d47Smillert * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
5851d2d47Smillert *
6851d2d47Smillert * Redistribution and use in source and binary forms, with or without
7851d2d47Smillert * modification, are permitted provided that the following conditions
8851d2d47Smillert * are met:
9851d2d47Smillert * 1. Redistributions of source code must retain the above copyright
10851d2d47Smillert * notice, this list of conditions and the following disclaimer.
11851d2d47Smillert * 2. Redistributions in binary form must reproduce the above copyright
12851d2d47Smillert * notice, this list of conditions and the following disclaimer in the
13851d2d47Smillert * documentation and/or other materials provided with the distribution.
14851d2d47Smillert * 3. All advertising materials mentioning features or use of this software
15851d2d47Smillert * must display the following acknowledgement:
16851d2d47Smillert * This product includes software developed by Berkeley Software Design,
17851d2d47Smillert * Inc.
18851d2d47Smillert * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
19851d2d47Smillert * or promote products derived from this software without specific prior
20851d2d47Smillert * written permission.
21851d2d47Smillert *
22851d2d47Smillert * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
23851d2d47Smillert * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24851d2d47Smillert * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25851d2d47Smillert * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
26851d2d47Smillert * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27851d2d47Smillert * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28851d2d47Smillert * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29851d2d47Smillert * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30851d2d47Smillert * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31851d2d47Smillert * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32851d2d47Smillert * SUCH DAMAGE.
33851d2d47Smillert *
34851d2d47Smillert * BSDI $From: tokeninit.c,v 1.1 1996/08/26 20:27:28 prb Exp
35851d2d47Smillert */
36851d2d47Smillert
37b9fc9a72Sderaadt #include <sys/signal.h>
38851d2d47Smillert #include <sys/resource.h>
39851d2d47Smillert #include <sys/time.h>
40851d2d47Smillert
41851d2d47Smillert #include <err.h>
42851d2d47Smillert #include <stdio.h>
43851d2d47Smillert #include <syslog.h>
44851d2d47Smillert #include <stdlib.h>
45851d2d47Smillert #include <unistd.h>
46b9fc9a72Sderaadt #include <limits.h>
47851d2d47Smillert #include <string.h>
48b4975d76Smarkus #include <readpassphrase.h>
49851d2d47Smillert
50851d2d47Smillert #include "token.h"
51851d2d47Smillert #include "tokendb.h"
52851d2d47Smillert
53b4975d76Smarkus static char *prompt_for_secret(int, char*);
54851d2d47Smillert static int parse_secret(int, char *, unsigned char *);
55851d2d47Smillert
56851d2d47Smillert int
main(int argc,char ** argv)57851d2d47Smillert main(int argc, char **argv)
58851d2d47Smillert {
592df81937Sderaadt unsigned int cmd = TOKEN_INITUSER;
60851d2d47Smillert int c;
61851d2d47Smillert int errors = 0;
62851d2d47Smillert int verbose = 0;
63851d2d47Smillert int hexformat = 0;
64851d2d47Smillert int modes = 0;
65851d2d47Smillert char seed[80];
66851d2d47Smillert unsigned char secret[9];
67851d2d47Smillert char *optstr;
68031569f0Smmcc char *p = NULL;
69851d2d47Smillert
70851d2d47Smillert struct rlimit cds;
71851d2d47Smillert
72851d2d47Smillert (void)signal(SIGQUIT, SIG_IGN);
73851d2d47Smillert (void)signal(SIGINT, SIG_IGN);
74851d2d47Smillert (void)setpriority(PRIO_PROCESS, 0, 0);
75851d2d47Smillert
76851d2d47Smillert openlog(NULL, LOG_ODELAY, LOG_AUTH);
77851d2d47Smillert
78fe266b8dSbluhm /*
79fe266b8dSbluhm * Make sure we never dump core as we might have a
80fe266b8dSbluhm * valid user shared-secret in memory.
81fe266b8dSbluhm */
82fe266b8dSbluhm
83851d2d47Smillert cds.rlim_cur = 0;
84851d2d47Smillert cds.rlim_max = 0;
85851d2d47Smillert if (setrlimit(RLIMIT_CORE, &cds) < 0)
86851d2d47Smillert syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
87851d2d47Smillert
88fe266b8dSbluhm if (pledge("stdio rpath wpath cpath fattr flock getpw tty", NULL) == -1)
89fe266b8dSbluhm err(1, "pledge");
90fe266b8dSbluhm
91851d2d47Smillert if (token_init(argv[0]) < 0) {
92851d2d47Smillert syslog(LOG_ERR, "unknown token type");
93851d2d47Smillert errx(1, "unknown token type");
94851d2d47Smillert }
95851d2d47Smillert
96851d2d47Smillert if (tt->options & TOKEN_HEXINIT)
97851d2d47Smillert optstr = "fhm:sv";
98851d2d47Smillert else
99851d2d47Smillert optstr = "fm:sv";
100851d2d47Smillert
101d52e83b8Smpech while ((c = getopt(argc, argv, optstr)) != -1)
102851d2d47Smillert switch (c) {
103851d2d47Smillert case 'f': /* force initialize existing user account */
104851d2d47Smillert cmd |= TOKEN_FORCEINIT;
105851d2d47Smillert break;
106851d2d47Smillert
107851d2d47Smillert case 'h':
10828056f30Sderaadt hexformat = 1;
109851d2d47Smillert break;
110851d2d47Smillert
111851d2d47Smillert case 'm':
112851d2d47Smillert if ((c = token_mode(optarg)))
113851d2d47Smillert modes |= c;
114851d2d47Smillert else
115851d2d47Smillert errx(1, "unknown mode");
116851d2d47Smillert break;
117851d2d47Smillert
118851d2d47Smillert case 's': /* generate seed during initialization */
119851d2d47Smillert cmd |= TOKEN_GENSECRET;
120851d2d47Smillert break;
121851d2d47Smillert
122851d2d47Smillert case 'v': /* verbose */
12328056f30Sderaadt verbose = 1;
124851d2d47Smillert break;
125851d2d47Smillert default:
126851d2d47Smillert fprintf(stderr,
127572c5e09Ssobrado "usage: %sinit [-f%ssv] [-m mode] user ...\n",
128851d2d47Smillert tt->name, (tt->options & TOKEN_HEXINIT) ? "h" : "");
129851d2d47Smillert exit(1);
130851d2d47Smillert }
131851d2d47Smillert
132851d2d47Smillert if ((modes & ~TOKEN_RIM) == 0)
133851d2d47Smillert modes |= tt->defmode;
134851d2d47Smillert
135851d2d47Smillert argc -= optind;
136851d2d47Smillert argv = &argv[optind];
137851d2d47Smillert
138851d2d47Smillert while (argc--) {
139851d2d47Smillert if (verbose) {
140851d2d47Smillert printf("Adding %s to %s database\n", *argv, tt->proper);
141851d2d47Smillert fflush(stdout);
142851d2d47Smillert }
143851d2d47Smillert if (!(cmd & TOKEN_GENSECRET)) {
144b4975d76Smarkus p = prompt_for_secret(hexformat, *argv);
145b4975d76Smarkus if (!readpassphrase(p, seed, sizeof(seed), RPP_ECHO_ON) ||
146b4975d76Smarkus seed[0] == '\0') {
147851d2d47Smillert fprintf(stderr,
148851d2d47Smillert "%sinit: No seed supplied for token.\n",
149851d2d47Smillert tt->name);
150851d2d47Smillert exit(1);
151851d2d47Smillert }
152*3a7efd93Smestre explicit_bzero(secret, sizeof(secret));
153851d2d47Smillert if (parse_secret(hexformat, seed, secret)) {
154851d2d47Smillert fprintf(stderr,
155851d2d47Smillert "%sinit: Invalid secret entered.\n",
156851d2d47Smillert tt->name);
157851d2d47Smillert exit(1);
158851d2d47Smillert }
159851d2d47Smillert }
160851d2d47Smillert switch (tokenuserinit(cmd, *argv, secret, modes)) {
161851d2d47Smillert case 0:
162851d2d47Smillert syslog(LOG_INFO, "User %s initialized in %s database",
163851d2d47Smillert *argv, tt->proper);
164851d2d47Smillert break;
165851d2d47Smillert case 1:
16646347781Smpech warnx("%s already exists in %s database!",
167851d2d47Smillert *argv, tt->proper);
168851d2d47Smillert syslog(LOG_INFO, "%s already exists in %s database",
169851d2d47Smillert *argv, tt->proper);
170851d2d47Smillert errors++;
171851d2d47Smillert break;
172851d2d47Smillert case -1:
17346347781Smpech warnx("Error initializing user %s in %s database.",
174851d2d47Smillert *argv, tt->proper);
175851d2d47Smillert syslog(LOG_INFO,
176851d2d47Smillert "Error initializing user %s in %s database: %m",
177851d2d47Smillert *argv, tt->proper);
178851d2d47Smillert errors++;
179851d2d47Smillert }
180851d2d47Smillert argv++;
181851d2d47Smillert }
182851d2d47Smillert exit(errors);
183851d2d47Smillert }
184851d2d47Smillert
185851d2d47Smillert /*
186851d2d47Smillert * Parse the 8 octal numbers or a 16 digit hex string into a token secret
187851d2d47Smillert */
188851d2d47Smillert
189851d2d47Smillert static int
parse_secret(int hexformat,char * seed,unsigned char * secret)190851d2d47Smillert parse_secret(int hexformat, char *seed, unsigned char *secret)
191851d2d47Smillert {
192851d2d47Smillert int i;
1932df81937Sderaadt unsigned int tmp[8];
194851d2d47Smillert
195851d2d47Smillert if (hexformat) {
196851d2d47Smillert if ((i = sscanf(seed, "%02x %02x %02x %02x %02x %02x %02x %02x",
197851d2d47Smillert &tmp[0], &tmp[1], &tmp[2], &tmp[3],
198851d2d47Smillert &tmp[4], &tmp[5], &tmp[6], &tmp[7])) != 8)
199851d2d47Smillert return (-1);
200851d2d47Smillert } else {
201851d2d47Smillert if ((i = sscanf(seed, "%o %o %o %o %o %o %o %o",
202851d2d47Smillert &tmp[0], &tmp[1], &tmp[2], &tmp[3],
203851d2d47Smillert &tmp[4], &tmp[5], &tmp[6], &tmp[7])) != 8)
204851d2d47Smillert return (-1);
205851d2d47Smillert }
206851d2d47Smillert for (i=0; i < 8; i++)
207851d2d47Smillert secret[i] = tmp[i] & 0xff;
208851d2d47Smillert
209851d2d47Smillert return (0);
210851d2d47Smillert }
211851d2d47Smillert
212851d2d47Smillert /*
213851d2d47Smillert * Prompt user for seed for token
214851d2d47Smillert */
215851d2d47Smillert
216b4975d76Smarkus static char *
prompt_for_secret(int hexformat,char * username)217851d2d47Smillert prompt_for_secret(int hexformat, char* username)
218851d2d47Smillert {
219b4975d76Smarkus static char prompt[1024];
220851d2d47Smillert if (hexformat)
221b4975d76Smarkus snprintf(prompt, sizeof prompt,
222af3189ecSmmcc "Enter a 16 digit hexadecimal number "
223851d2d47Smillert "as a seed for %s\'s token:\n", username);
224851d2d47Smillert else
225b4975d76Smarkus snprintf(prompt, sizeof prompt,
226b4975d76Smarkus "Enter a series of 8 3-digit octal numbers "
227851d2d47Smillert "as a seed for %s\'s token:\n", username);
228b4975d76Smarkus return prompt;
229851d2d47Smillert }
230