diff -ruN skey-1.1.5.orig/CHANGES skey-1.1.5/CHANGES
--- skey-1.1.5.orig/CHANGES 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/CHANGES 2003-11-06 17:46:45.000000000 +0000
@@ -1,6 +1,19 @@
*** Changes in version 1.1.5
- Bug fixes for errx/warnx
+(05/11/2003) taviso@gentoo.org
+ - ported some updates from the NetBSD project to Linux.
+ - removed a load of cast to voids.
+ - syntax changes.
+ - killing skeyaudit, using a shell script modified from NetBSD.
+ - cleanups to stop warnings with gcc.
+ - building a library for dynamic linking.
+ - swapping some str{cat,cpy} for strn{cat,cpy}
+ - killing rmd160 support.
+ - removing strlcpy function, not useful.
+ - quick hack for shadow support.
+ - quick hack for cracklib support.
+ - various other stuff.
*** Changes in version 1.1.4
diff -ruN skey-1.1.5.orig/config.h.in skey-1.1.5/config.h.in
--- skey-1.1.5.orig/config.h.in 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/config.h.in 2003-11-06 17:46:45.000000000 +0000
@@ -109,6 +109,9 @@
/* Define if you have the strtol function. */
#undef HAVE_STRTOL
+/* Define if you have the <crack.h> header file. */
+#undef HAVE_CRACK_H
+
/* Define if you have the <crypt.h> header file. */
#undef HAVE_CRYPT_H
@@ -130,12 +133,12 @@
/* Define if you have the <md5global.h> header file. */
#undef HAVE_MD5GLOBAL_H
-/* Define if you have the <rmd160.h> header file. */
-#undef HAVE_RMD160_H
-
/* Define if you have the <sha1.h> header file. */
#undef HAVE_SHA1_H
+/* Define if you have the <shadow.h> header file. */
+#undef HAVE_SHADOW_H
+
/* Define if you have the <sys/cdefs.h> header file. */
#undef HAVE_SYS_CDEFS_H
diff -ruN skey-1.1.5.orig/configure skey-1.1.5/configure
--- skey-1.1.5.orig/configure 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/configure 2003-11-06 17:47:49.000000000 +0000
@@ -960,47 +960,11 @@
echo "$ac_t""no" 1>&6
fi
-# Extract the first word of "sendmail", so it can be a program name with args.
-set dummy sendmail; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:967: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_path_SENDMAIL'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- case "$SENDMAIL" in
- /*)
- ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a path.
- ;;
- ?:/*)
- ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a dos path.
- ;;
- *)
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_dummy="$PATH:/usr/sbin:/usr/lib:/usr/bin"
- for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_path_SENDMAIL="$ac_dir/$ac_word"
- break
- fi
- done
- IFS="$ac_save_ifs"
- test -z "$ac_cv_path_SENDMAIL" && ac_cv_path_SENDMAIL="/usr/lib/sendmail"
- ;;
-esac
-fi
-SENDMAIL="$ac_cv_path_SENDMAIL"
-if test -n "$SENDMAIL"; then
- echo "$ac_t""$SENDMAIL" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
-
echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
-echo "configure:1004: checking for crypt in -lcrypt" >&5
+echo "configure:968: checking for crypt in -lcrypt" >&5
ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1008,7 +972,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lcrypt $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1012 "configure"
+#line 976 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1019,7 +983,7 @@
crypt()
; return 0; }
EOF
-if { (eval echo configure:1023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1040,7 +1004,7 @@
fi
echo $ac_n "checking for flock in -lucb""... $ac_c" 1>&6
-echo "configure:1044: checking for flock in -lucb" >&5
+echo "configure:1008: checking for flock in -lucb" >&5
ac_lib_var=`echo ucb'_'flock | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1048,7 +1012,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lucb $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1052 "configure"
+#line 1016 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1059,7 +1023,7 @@
flock()
; return 0; }
EOF
-if { (eval echo configure:1063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1079,10 +1043,50 @@
echo "$ac_t""no" 1>&6
fi
+echo $ac_n "checking for FascistCheck in -lcrack""... $ac_c" 1>&6
+echo "configure:1048: checking for FascistCheck in -lcrack" >&5
+ac_lib_var=`echo crack'_'FascistCheck | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lcrack $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 1056 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char FascistCheck();
+
+int main() {
+FascistCheck()
+; return 0; }
+EOF
+if { (eval echo configure:1067: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ LIBS="$LIBS -lcrack"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:1086: checking how to run the C preprocessor" >&5
+echo "configure:1090: checking how to run the C preprocessor" >&5
# On Suns, sometimes $CPP names a directory.
if test -n "$CPP" && test -d "$CPP"; then
CPP=
@@ -1097,13 +1101,13 @@
# On the NeXT, cc -E runs the code through the compiler's parser,
# not just through cpp.
cat > conftest.$ac_ext <<EOF
-#line 1101 "configure"
+#line 1105 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1107: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -1114,13 +1118,13 @@
rm -rf conftest*
CPP="${CC-cc} -E -traditional-cpp"
cat > conftest.$ac_ext <<EOF
-#line 1118 "configure"
+#line 1122 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1124: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -1131,13 +1135,13 @@
rm -rf conftest*
CPP="${CC-cc} -nologo -E"
cat > conftest.$ac_ext <<EOF
-#line 1135 "configure"
+#line 1139 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1141: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -1162,12 +1166,12 @@
echo "$ac_t""$CPP" 1>&6
echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:1166: checking for ANSI C header files" >&5
+echo "configure:1170: checking for ANSI C header files" >&5
if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1171 "configure"
+#line 1175 "configure"
#include "confdefs.h"
#include <stdlib.h>
#include <stdarg.h>
@@ -1175,7 +1179,7 @@
#include <float.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1179: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1183: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1192,7 +1196,7 @@
if test $ac_cv_header_stdc = yes; then
# SunOS 4.x string.h does not declare mem*, contrary to ANSI.
cat > conftest.$ac_ext <<EOF
-#line 1196 "configure"
+#line 1200 "configure"
#include "confdefs.h"
#include <string.h>
EOF
@@ -1210,7 +1214,7 @@
if test $ac_cv_header_stdc = yes; then
# ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
cat > conftest.$ac_ext <<EOF
-#line 1214 "configure"
+#line 1218 "configure"
#include "confdefs.h"
#include <stdlib.h>
EOF
@@ -1231,7 +1235,7 @@
:
else
cat > conftest.$ac_ext <<EOF
-#line 1235 "configure"
+#line 1239 "configure"
#include "confdefs.h"
#include <ctype.h>
#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -1242,7 +1246,7 @@
exit (0); }
EOF
-if { (eval echo configure:1246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
:
else
@@ -1266,12 +1270,12 @@
fi
echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6
-echo "configure:1270: checking for sys/wait.h that is POSIX.1 compatible" >&5
+echo "configure:1274: checking for sys/wait.h that is POSIX.1 compatible" >&5
if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1275 "configure"
+#line 1279 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <sys/wait.h>
@@ -1287,7 +1291,7 @@
s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
; return 0; }
EOF
-if { (eval echo configure:1291: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_header_sys_wait_h=yes
else
@@ -1307,21 +1311,21 @@
fi
-for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h
+for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h
do
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:1315: checking for $ac_hdr" >&5
+echo "configure:1319: checking for $ac_hdr" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1320 "configure"
+#line 1324 "configure"
#include "confdefs.h"
#include <$ac_hdr>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1325: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1329: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1349,12 +1353,12 @@
echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:1353: checking for working const" >&5
+echo "configure:1357: checking for working const" >&5
if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1358 "configure"
+#line 1362 "configure"
#include "confdefs.h"
int main() {
@@ -1403,7 +1407,7 @@
; return 0; }
EOF
-if { (eval echo configure:1407: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1411: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_c_const=yes
else
@@ -1424,14 +1428,14 @@
fi
echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
-echo "configure:1428: checking whether byte ordering is bigendian" >&5
+echo "configure:1432: checking whether byte ordering is bigendian" >&5
if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
ac_cv_c_bigendian=unknown
# See if sys/param.h defines the BYTE_ORDER macro.
cat > conftest.$ac_ext <<EOF
-#line 1435 "configure"
+#line 1439 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <sys/param.h>
@@ -1442,11 +1446,11 @@
#endif
; return 0; }
EOF
-if { (eval echo configure:1446: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1450: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
# It does; now see whether it defined to BIG_ENDIAN or not.
cat > conftest.$ac_ext <<EOF
-#line 1450 "configure"
+#line 1454 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <sys/param.h>
@@ -1457,7 +1461,7 @@
#endif
; return 0; }
EOF
-if { (eval echo configure:1461: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1465: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_c_bigendian=yes
else
@@ -1477,7 +1481,7 @@
{ echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
else
cat > conftest.$ac_ext <<EOF
-#line 1481 "configure"
+#line 1485 "configure"
#include "confdefs.h"
main () {
/* Are we little or big endian? From Harbison&Steele. */
@@ -1490,7 +1494,7 @@
exit (u.c[sizeof (long) - 1] == 1);
}
EOF
-if { (eval echo configure:1494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1498: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
ac_cv_c_bigendian=no
else
@@ -1514,12 +1518,12 @@
fi
echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
-echo "configure:1518: checking for uid_t in sys/types.h" >&5
+echo "configure:1522: checking for uid_t in sys/types.h" >&5
if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1523 "configure"
+#line 1527 "configure"
#include "confdefs.h"
#include <sys/types.h>
EOF
@@ -1548,12 +1552,12 @@
fi
echo $ac_n "checking for off_t""... $ac_c" 1>&6
-echo "configure:1552: checking for off_t" >&5
+echo "configure:1556: checking for off_t" >&5
if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1557 "configure"
+#line 1561 "configure"
#include "confdefs.h"
#include <sys/types.h>
#if STDC_HEADERS
@@ -1581,12 +1585,12 @@
fi
echo $ac_n "checking for size_t""... $ac_c" 1>&6
-echo "configure:1585: checking for size_t" >&5
+echo "configure:1589: checking for size_t" >&5
if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1590 "configure"
+#line 1594 "configure"
#include "confdefs.h"
#include <sys/types.h>
#if STDC_HEADERS
@@ -1614,12 +1618,12 @@
fi
echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6
-echo "configure:1618: checking whether struct tm is in sys/time.h or time.h" >&5
+echo "configure:1622: checking whether struct tm is in sys/time.h or time.h" >&5
if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1623 "configure"
+#line 1627 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <time.h>
@@ -1627,7 +1631,7 @@
struct tm *tp; tp->tm_sec;
; return 0; }
EOF
-if { (eval echo configure:1631: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1635: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_struct_tm=time.h
else
@@ -1649,7 +1653,7 @@
echo $ac_n "checking size of char""... $ac_c" 1>&6
-echo "configure:1653: checking size of char" >&5
+echo "configure:1657: checking size of char" >&5
if eval "test \"`echo '$''{'ac_cv_sizeof_char'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1657,7 +1661,7 @@
ac_cv_sizeof_char=1
else
cat > conftest.$ac_ext <<EOF
-#line 1661 "configure"
+#line 1665 "configure"
#include "confdefs.h"
#include <stdio.h>
main()
@@ -1668,7 +1672,7 @@
exit(0);
}
EOF
-if { (eval echo configure:1672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
ac_cv_sizeof_char=`cat conftestval`
else
@@ -1688,7 +1692,7 @@
echo $ac_n "checking size of short int""... $ac_c" 1>&6
-echo "configure:1692: checking size of short int" >&5
+echo "configure:1696: checking size of short int" >&5
if eval "test \"`echo '$''{'ac_cv_sizeof_short_int'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1696,7 +1700,7 @@
ac_cv_sizeof_short_int=2
else
cat > conftest.$ac_ext <<EOF
-#line 1700 "configure"
+#line 1704 "configure"
#include "confdefs.h"
#include <stdio.h>
main()
@@ -1707,7 +1711,7 @@
exit(0);
}
EOF
-if { (eval echo configure:1711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
ac_cv_sizeof_short_int=`cat conftestval`
else
@@ -1727,7 +1731,7 @@
echo $ac_n "checking size of int""... $ac_c" 1>&6
-echo "configure:1731: checking size of int" >&5
+echo "configure:1735: checking size of int" >&5
if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1735,7 +1739,7 @@
ac_cv_sizeof_int=4
else
cat > conftest.$ac_ext <<EOF
-#line 1739 "configure"
+#line 1743 "configure"
#include "confdefs.h"
#include <stdio.h>
main()
@@ -1746,7 +1750,7 @@
exit(0);
}
EOF
-if { (eval echo configure:1750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1754: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
ac_cv_sizeof_int=`cat conftestval`
else
@@ -1766,7 +1770,7 @@
echo $ac_n "checking size of long int""... $ac_c" 1>&6
-echo "configure:1770: checking size of long int" >&5
+echo "configure:1774: checking size of long int" >&5
if eval "test \"`echo '$''{'ac_cv_sizeof_long_int'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1774,7 +1778,7 @@
ac_cv_sizeof_long_int=4
else
cat > conftest.$ac_ext <<EOF
-#line 1778 "configure"
+#line 1782 "configure"
#include "confdefs.h"
#include <stdio.h>
main()
@@ -1785,7 +1789,7 @@
exit(0);
}
EOF
-if { (eval echo configure:1789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1793: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
ac_cv_sizeof_long_int=`cat conftestval`
else
@@ -1805,7 +1809,7 @@
echo $ac_n "checking size of long long int""... $ac_c" 1>&6
-echo "configure:1809: checking size of long long int" >&5
+echo "configure:1813: checking size of long long int" >&5
if eval "test \"`echo '$''{'ac_cv_sizeof_long_long_int'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1813,7 +1817,7 @@
ac_cv_sizeof_long_long_int=8
else
cat > conftest.$ac_ext <<EOF
-#line 1817 "configure"
+#line 1821 "configure"
#include "confdefs.h"
#include <stdio.h>
main()
@@ -1824,7 +1828,7 @@
exit(0);
}
EOF
-if { (eval echo configure:1828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1832: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
ac_cv_sizeof_long_long_int=`cat conftestval`
else
@@ -1854,7 +1858,7 @@
fi
CFLAGS="$CFLAGS -D_HPUX_SOURCE"
echo $ac_n "checking for HPUX trusted system password database""... $ac_c" 1>&6
-echo "configure:1858: checking for HPUX trusted system password database" >&5
+echo "configure:1862: checking for HPUX trusted system password database" >&5
if test -f /tcb/files/auth/system/default; then
echo "$ac_t""yes" 1>&6
cat >> confdefs.h <<\EOF
@@ -1903,16 +1907,16 @@
echo $ac_n "checking for intXX_t types""... $ac_c" 1>&6
-echo "configure:1907: checking for intXX_t types" >&5
+echo "configure:1911: checking for intXX_t types" >&5
cat > conftest.$ac_ext <<EOF
-#line 1909 "configure"
+#line 1913 "configure"
#include "confdefs.h"
#include <sys/types.h>
int main() {
int16_t a; int32_t b; a = 1235; b = 1235;
; return 0; }
EOF
-if { (eval echo configure:1916: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1920: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
cat >> confdefs.h <<\EOF
@@ -1932,16 +1936,16 @@
rm -f conftest*
echo $ac_n "checking for u_intXX_t types""... $ac_c" 1>&6
-echo "configure:1936: checking for u_intXX_t types" >&5
+echo "configure:1940: checking for u_intXX_t types" >&5
cat > conftest.$ac_ext <<EOF
-#line 1938 "configure"
+#line 1942 "configure"
#include "confdefs.h"
#include <sys/types.h>
int main() {
u_int16_t c; u_int32_t d; c = 1235; d = 1235;
; return 0; }
EOF
-if { (eval echo configure:1945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
cat >> confdefs.h <<\EOF
@@ -1964,9 +1968,9 @@
"x$ac_cv_header_sys_bitypes_h" = "xyes"
then
echo $ac_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h""... $ac_c" 1>&6
-echo "configure:1968: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
+echo "configure:1972: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
cat > conftest.$ac_ext <<EOF
-#line 1970 "configure"
+#line 1974 "configure"
#include "confdefs.h"
#include <sys/bitypes.h>
int main() {
@@ -1978,7 +1982,7 @@
; return 0; }
EOF
-if { (eval echo configure:1982: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1986: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
cat >> confdefs.h <<\EOF
@@ -2002,16 +2006,16 @@
fi
echo $ac_n "checking for uintXX_t types""... $ac_c" 1>&6
-echo "configure:2006: checking for uintXX_t types" >&5
+echo "configure:2010: checking for uintXX_t types" >&5
cat > conftest.$ac_ext <<EOF
-#line 2008 "configure"
+#line 2012 "configure"
#include "confdefs.h"
#include <sys/types.h>
int main() {
uint16_t c; uint32_t d; c = 1235; d = 1235;
; return 0; }
EOF
-if { (eval echo configure:2015: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2019: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
cat >> confdefs.h <<\EOF
@@ -2054,7 +2058,7 @@
echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6
-echo "configure:2058: checking for 8-bit clean memcmp" >&5
+echo "configure:2062: checking for 8-bit clean memcmp" >&5
if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -2062,7 +2066,7 @@
ac_cv_func_memcmp_clean=no
else
cat > conftest.$ac_ext <<EOF
-#line 2066 "configure"
+#line 2070 "configure"
#include "confdefs.h"
main()
@@ -2072,7 +2076,7 @@
}
EOF
-if { (eval echo configure:2076: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:2080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
ac_cv_func_memcmp_clean=yes
else
@@ -2090,12 +2094,12 @@
test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}"
echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
-echo "configure:2094: checking return type of signal handlers" >&5
+echo "configure:2098: checking return type of signal handlers" >&5
if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 2099 "configure"
+#line 2103 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <signal.h>
@@ -2112,7 +2116,7 @@
int i;
; return 0; }
EOF
-if { (eval echo configure:2116: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2120: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_type_signal=void
else
@@ -2131,12 +2135,12 @@
echo $ac_n "checking for strftime""... $ac_c" 1>&6
-echo "configure:2135: checking for strftime" >&5
+echo "configure:2139: checking for strftime" >&5
if eval "test \"`echo '$''{'ac_cv_func_strftime'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 2140 "configure"
+#line 2144 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char strftime(); below. */
@@ -2159,7 +2163,7 @@
; return 0; }
EOF
-if { (eval echo configure:2163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2167: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_strftime=yes"
else
@@ -2181,7 +2185,7 @@
echo "$ac_t""no" 1>&6
# strftime is in -lintl on SCO UNIX.
echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6
-echo "configure:2185: checking for strftime in -lintl" >&5
+echo "configure:2189: checking for strftime in -lintl" >&5
ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -2189,7 +2193,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lintl $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 2193 "configure"
+#line 2197 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -2200,7 +2204,7 @@
strftime()
; return 0; }
EOF
-if { (eval echo configure:2204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -2227,12 +2231,12 @@
fi
echo $ac_n "checking for vprintf""... $ac_c" 1>&6
-echo "configure:2231: checking for vprintf" >&5
+echo "configure:2235: checking for vprintf" >&5
if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 2236 "configure"
+#line 2240 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char vprintf(); below. */
@@ -2255,7 +2259,7 @@
; return 0; }
EOF
-if { (eval echo configure:2259: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2263: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_vprintf=yes"
else
@@ -2279,12 +2283,12 @@
if test "$ac_cv_func_vprintf" != yes; then
echo $ac_n "checking for _doprnt""... $ac_c" 1>&6
-echo "configure:2283: checking for _doprnt" >&5
+echo "configure:2287: checking for _doprnt" >&5
if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 2288 "configure"
+#line 2292 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char _doprnt(); below. */
@@ -2307,7 +2311,7 @@
; return 0; }
EOF
-if { (eval echo configure:2311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2315: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func__doprnt=yes"
else
@@ -2334,12 +2338,12 @@
for ac_func in gethostname strcspn strdup strerror strspn strtol flock fcntl lockf strlcpy setusercontext
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2338: checking for $ac_func" >&5
+echo "configure:2342: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 2343 "configure"
+#line 2347 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -2362,7 +2366,7 @@
; return 0; }
EOF
-if { (eval echo configure:2366: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2370: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
diff -ruN skey-1.1.5.orig/configure.in skey-1.1.5/configure.in
--- skey-1.1.5.orig/configure.in 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/configure.in 2003-11-06 17:47:14.000000000 +0000
@@ -9,19 +9,19 @@
AC_CHECK_PROG(AR, ar, ar)
AC_PATH_PROG(PERL, perl)
AC_PATH_PROG(TOUCH, touch)
-AC_PATH_PROG(SENDMAIL, sendmail, /usr/lib/sendmail, $PATH:/usr/sbin:/usr/lib:/usr/bin)
AC_SUBST(PERL)
AC_SUBST(SENDMAIL)
dnl Checks for libraries.
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
AC_CHECK_LIB(ucb, flock, LIBS="$LIBS -lucb" LDFLAGS="$LDFLAGS -L/usr/ucblib")
+AC_CHECK_LIB(crack, FascistCheck, LIBS="$LIBS -lcrack")
dnl Checks for header files.
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h)
+AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
diff -ruN skey-1.1.5.orig/login_cap.c skey-1.1.5/login_cap.c
--- skey-1.1.5.orig/login_cap.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/login_cap.c 2003-11-06 17:46:45.000000000 +0000
@@ -37,6 +37,7 @@
#include <errno.h>
#include <unistd.h>
#include <pwd.h>
+#include <grp.h>
#include <syslog.h>
/*
diff -ruN skey-1.1.5.orig/Makefile.in skey-1.1.5/Makefile.in
--- skey-1.1.5.orig/Makefile.in 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/Makefile.in 2003-11-06 17:47:42.000000000 +0000
@@ -27,12 +27,11 @@
TOUCH=@TOUCH@
LDFLAGS=-L. @LDFLAGS@
-TARGETS=skey skeyinit skeyinfo skeyaudit
-LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o rmd160.o rmd160hl.o sha1.o sha1hl.o flock.o strlcpy.o login_cap.o
+TARGETS=skey skeyinit skeyinfo libskey.a
+LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o sha1.o sha1hl.o flock.o login_cap.o
SKEYOBJS=skey.o
SKEYINITOBJS=skeyinit.o
SKEYINFOOBJS=skeyinfo.o
-SKEYAUDITOBJS=skeyaudit.o
SCRIPTS=skeyprune.pl
@@ -41,11 +40,11 @@
CATMAN = skey.0 skeyinit.0 skeyinfo.0 skeyaudit.0 skeyprune.0
MANPAGES = @MANTYPE@
-PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} -D/usr/lib/sendmail=${SENDMAIL}
+PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL}
FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
-HDRS= skey.h sha1.h rmd160.h
+HDRS= skey.h sha1.h
all: ${TARGETS} ${MANPAGES}
@@ -55,24 +54,27 @@
${AR} rv $@ ${LIBOBJS}
${RANLIB} $@
-skey: libskey.a ${SKEYOBJS}
+libskey.so: ${LIBOBJS}
+ ${CC} ${LDFLAGS} -shared -Wl,-soname,libskey.so.1 -o libskey.so.1.1.5 ${LIBOBJS}
+ ln -fs libskey.so.1.1.5 libskey.so
+ ln -fs libskey.so.1.1.5 libskey.so.1
+ ln -fs libskey.so.1.1.5 libskey.so.1.1
+
+skey: libskey.so ${SKEYOBJS}
${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS}
-skeyinit: libskey.a ${SKEYINITOBJS}
+skeyinit: libskey.so ${SKEYINITOBJS}
${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS}
-skeyinfo: libskey.a ${SKEYINFOOBJS}
+skeyinfo: libskey.so ${SKEYINFOOBJS}
${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS}
-skeyaudit: libskey.a ${SKEYAUDITOBJS}
- ${CC} -o $@ ${SKEYAUDITOBJS} ${LDFLAGS} -lskey ${LIBS}
-
${MANPAGES} ${SCRIPTS}::
${FIXPATHSCMD} ${srcdir}/$@
clean:
rm -f *.o *.a ${TARGETS} config.status config.cache config.log
- rm -f *.out core
+ rm -f *.out core *.so *.so.*
distclean: clean
rm -f Makefile config.h core *~
@@ -97,6 +99,10 @@
$(INSTALL) -d $(DESTDIR)$(includedir)
$(INSTALL) -d $(DESTDIR)$(sysconfdir)
${INSTALL_DATA} libskey.a $(DESTDIR)$(libdir)
+ ${INSTALL_DATA} libskey.so.1.1.5 $(DESTDIR)$(libdir)
+ ${INSTALL_DATA} libskey.so.1.1 $(DESTDIR)$(libdir)
+ ${INSTALL_DATA} libskey.so.1 $(DESTDIR)$(libdir)
+ ${INSTALL_DATA} libskey.so $(DESTDIR)$(libdir)
${INSTALL_DATA} ${HDRS} $(DESTDIR)$(includedir)
@for target in ${TARGETS}; do \
${INSTALL_PROGRAM} $$target $(DESTDIR)$(bindir); \
@@ -119,9 +125,9 @@
-rm -f $(DESTDIR)$(bindir)/skeyaudit
-rm -f $(DESTDIR)$(bindir)/skeyprune
-rm -f $(DESTDIR)$(libdir)/libskey.a
+ -rm -f $(DESTDIR)$(libdir)/libskey.so*
-rm -f $(DESTDIR)$(includedir)/skey.h
-rm -f $(DESTDIR)$(includedir)/sha1.h
- -rm -f $(DESTDIR)$(includedir)/rmd160.h
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skey.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinfo.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinit.1
diff -ruN skey-1.1.5.orig/put.c skey-1.1.5/put.c
--- skey-1.1.5.orig/put.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/put.c 2003-11-06 17:46:45.000000000 +0000
@@ -14,7 +14,7 @@
#include <stdio.h>
#include <string.h>
#include <assert.h>
-/*#include <ctype.h>*/
+#include <ctype.h>
#include "config.h"
#include "skey.h"
@@ -22,10 +22,10 @@
static unsigned int extract __P ((char *s, int start, int length));
static void standard __P ((char *word));
static void insert __P ((char *s, int x, int start, int length));
-static int wsrch __P ((char *w, int low, int high));
+static int wsrch __P ((const char *w, int low, int high));
/* Dictionary for integer-word translations */
-static char Wp[2048][4] = {
+char Wp[2048][4] = {
"A",
"ABE",
"ACE",
@@ -2079,19 +2079,13 @@
/* Encode 8 bytes in 'c' as a string of English words.
* Returns a pointer to a static buffer
*/
-char *
-btoe(engout, c)
- char *c;
- char *engout;
+char *btoe(char *engout, const char *c)
{
- char cp[10]; /* add in room for the parity 2 bits + extract() slop */
+ char cp[9]; /* add in room for the parity 2 bits */
int p, i;
engout[0] = '\0';
-
- /* workaround for extract() reads beyond end of data */
- (void)memset(cp, 0, sizeof(cp));
- (void)memcpy(cp, c, 8);
+ memcpy(cp, c, 8);
/* compute parity */
for (p = 0, i = 0; i < 64; i += 2)
@@ -2099,20 +2093,20 @@
cp[8] = (char)p << 6;
- (void)strncat(engout, &Wp[extract (cp, 0, 11)][0], 4);
- (void)strcat(engout, " ");
- (void)strncat(engout, &Wp[extract (cp, 11, 11)][0], 4);
- (void)strcat(engout, " ");
- (void)strncat(engout, &Wp[extract (cp, 22, 11)][0], 4);
- (void)strcat(engout, " ");
- (void)strncat(engout, &Wp[extract (cp, 33, 11)][0], 4);
- (void)strcat(engout, " ");
- (void)strncat(engout, &Wp[extract (cp, 44, 11)][0], 4);
- (void)strcat(engout, " ");
- (void)strncat(engout, &Wp[extract (cp, 55, 11)][0], 4);
+ strncat(engout, &Wp[extract (cp, 0, 11)][0], 4);
+ strcat(engout, " ");
+ strncat(engout, &Wp[extract (cp, 11, 11)][0], 4);
+ strcat(engout, " ");
+ strncat(engout, &Wp[extract (cp, 22, 11)][0], 4);
+ strcat(engout, " ");
+ strncat(engout, &Wp[extract (cp, 33, 11)][0], 4);
+ strcat(engout, " ");
+ strncat(engout, &Wp[extract (cp, 44, 11)][0], 4);
+ strcat(engout, " ");
+ strncat(engout, &Wp[extract (cp, 55, 11)][0], 4);
#ifdef notdef
- (void)fprintf(stderr, "engout is %s\n\r", engout);
+ printf ("engout is %s\n\r", engout);
#endif
return(engout);
}
@@ -2123,41 +2117,42 @@
* -1 badly formed in put ie > 4 char word
* -2 words OK but parity is wrong
*/
-int
-etob(out, e)
- char *out;
- char *e;
+int etob(char *out, const char *e)
{
char *word;
int i, p, v, l, low, high;
- char b[SKEY_BINKEY_SIZE+1];
+ char b[9];
char input[36];
+ char *last;
if (e == NULL)
- return(-1);
+ return -1;
- (void)strncpy(input, e, sizeof(input) - 1);
- input[sizeof(input) - 1] = '\0';
- (void)memset(b, 0, sizeof(b));
- (void)memset(out, 0, SKEY_BINKEY_SIZE);
- for (i = 0, p = 0; i < 6; i++, p += 11) {
- if ((word = strtok(i == 0 ? input : NULL, " ")) == NULL)
- return(-1);
-
- l = strlen(word);
- if (l > 4 || l < 1) {
- return(-1);
- } else if (l < 4) {
+ strncpy (input, e, sizeof(input));
+ memset(b, 0, sizeof(b));
+ memset(out, 0, 8);
+ for (i = 0, p = 0; i < 6; i++, p += 11)
+ {
+ if ((word = strtok_r(i == 0 ? input : NULL, " ", &last)) == NULL)
+ return -1;
+
+ l = strlen (word);
+ if (l > 4 || l < 1)
+ return -1;
+ else if (l < 4)
+ {
low = 0;
high = 570;
- } else {
+ }
+ else
+ {
low = 571;
high = 2047;
}
standard(word);
if ((v = wsrch(word, low, high)) < 0)
- return(0);
+ return 0;
insert(b, v, p, 11);
}
@@ -2167,55 +2162,47 @@
p += extract (b, i, 2);
if ((p & 3) != extract (b, 64, 2))
- return(-2);
+ return -2;
- (void)memcpy(out, b, SKEY_BINKEY_SIZE);
+ memcpy(out, b, 8);
- return(1);
+ return 1;
}
/* Display 8 bytes as a series of 16-bit hex digits */
-char *
-put8(out, s)
- char *out;
- char *s;
+char *put8(char *out, const char *s)
{
- (void)sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X",
+ sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X",
s[0] & 0xff, s[1] & 0xff, s[2] & 0xff,
s[3] & 0xff, s[4] & 0xff, s[5] & 0xff,
s[6] & 0xff, s[7] & 0xff);
- return(out);
+ return out;
}
#ifdef notdef
/* Encode 8 bytes in 'cp' as stream of ascii letters.
* Provided as a possible alternative to btoe()
*/
-char *
-btoc(cp)
- char *cp;
+char *btoc(char *cp)
{
int i;
static char out[31];
/* code out put by characters 6 bits each added to 0x21 (!) */
- for (i = 0; i <= 10; i++) {
+ for (i = 0; i <= 10; i++)
+ {
/* last one is only 4 bits not 6 */
out[i] = '!' + extract (cp, 6 * i, i >= 10 ? 4 : 6);
}
out[i] = '\0';
- return(out);
+ return out;
}
#endif
/* Internal subroutines for word encoding/decoding */
/* Dictionary binary search */
-static int
-wsrch(w, low, high)
- char *w;
- int low;
- int high;
+static int wsrch(const char *w, int low, int high)
{
int i, j;
@@ -2223,18 +2210,18 @@
i = (low + high) / 2;
if ((j = strncmp(w, Wp[i], 4)) == 0)
- return(i); /* Found it */
-
- if (high == low + 1) {
+ return i; /* Found it */
+ if (high == low + 1)
+ {
/* Avoid effects of integer truncation in /2 */
if (strncmp(w, Wp[high], 4) == 0)
- return(high);
+ return high;
else
- return(-1);
+ return -1;
}
if (low >= high)
- return(-1); /* I don't *think* this can happen... */
+ return -1; /* I don't *think* this can happen... */
if (j < 0)
high = i; /* Search lower half */
else
@@ -2242,12 +2229,7 @@
}
}
-static void
-insert(s, x, start, length)
- char *s;
- int x;
- int start;
- int length;
+static void insert(char *s, int x, int start, int length)
{
unsigned char cl;
unsigned char cc;
@@ -2261,25 +2243,28 @@
assert(start + length <= 66);
shift = ((8 - ((start + length) % 8)) % 8);
- y = x << shift;
+ y = (int) x << shift;
cl = (y >> 16) & 0xff;
cc = (y >> 8) & 0xff;
cr = y & 0xff;
- if (shift + length > 16) {
+ if (shift + length > 16)
+ {
s[start / 8] |= cl;
s[start / 8 + 1] |= cc;
s[start / 8 + 2] |= cr;
- } else if (shift + length > 8) {
+ }
+ else if (shift + length > 8)
+ {
s[start / 8] |= cc;
s[start / 8 + 1] |= cr;
- } else {
+ }
+ else
+ {
s[start / 8] |= cr;
}
}
-static void
-standard(word)
- register char *word;
+static void standard(char *word)
{
while (*word) {
if (!isascii(*word))
@@ -2297,11 +2282,7 @@
}
/* Extract 'length' bits from the char array 's' starting with bit 'start' */
-static unsigned int
-extract(s, start, length)
- char *s;
- int start;
- int length;
+static unsigned int extract(char *s, int start, int length)
{
unsigned char cl;
unsigned char cc;
@@ -2320,5 +2301,5 @@
x = x >> (24 - (length + (start % 8)));
x = (x & (0xffff >> (16 - length)));
- return(x);
+ return x;
}
diff -ruN skey-1.1.5.orig/rmd160.c skey-1.1.5/rmd160.c
--- skey-1.1.5.orig/rmd160.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/rmd160.c 1970-01-01 01:00:00.000000000 +0100
@@ -1,428 +0,0 @@
-/********************************************************************\
- *
- * FILE: rmd160.c
- *
- * CONTENTS: A sample C-implementation of the RIPEMD-160
- * hash-function.
- * TARGET: any computer with an ANSI C compiler
- *
- * AUTHOR: Antoon Bosselaers, ESAT-COSIC
- * (Arranged for libc by Todd C. Miller)
- * DATE: 1 March 1996
- * VERSION: 1.0
- *
- * Copyright (c) Katholieke Universiteit Leuven
- * 1996, All Rights Reserved
- *
-\********************************************************************/
-#ifndef HAVE_RMD160_H
-
-/* header files */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include "config.h"
-#include "rmd160.h"
-
-/********************************************************************/
-
-/* macro definitions */
-
-/* collect four bytes into one word: */
-#define BYTES_TO_DWORD(strptr) \
- (((u_int32_t) *((strptr)+3) << 24) | \
- ((u_int32_t) *((strptr)+2) << 16) | \
- ((u_int32_t) *((strptr)+1) << 8) | \
- ((u_int32_t) *(strptr)))
-
-/* ROL(x, n) cyclically rotates x over n bits to the left */
-/* x must be of an unsigned 32 bits type and 0 <= n < 32. */
-#define ROL(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-/* the three basic functions F(), G() and H() */
-#define F(x, y, z) ((x) ^ (y) ^ (z))
-#define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
-#define H(x, y, z) (((x) | ~(y)) ^ (z))
-#define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
-#define J(x, y, z) ((x) ^ ((y) | ~(z)))
-
-/* the eight basic operations FF() through III() */
-#define FF(a, b, c, d, e, x, s) { \
- (a) += F((b), (c), (d)) + (x); \
- (a) = ROL((a), (s)) + (e); \
- (c) = ROL((c), 10); \
-}
-#define GG(a, b, c, d, e, x, s) { \
- (a) += G((b), (c), (d)) + (x) + 0x5a827999U; \
- (a) = ROL((a), (s)) + (e); \
- (c) = ROL((c), 10); \
-}
-#define HH(a, b, c, d, e, x, s) { \
- (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1U; \
- (a) = ROL((a), (s)) + (e); \
- (c) = ROL((c), 10); \
-}
-#define II(a, b, c, d, e, x, s) { \
- (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcU; \
- (a) = ROL((a), (s)) + (e); \
- (c) = ROL((c), 10); \
-}
-#define JJ(a, b, c, d, e, x, s) { \
- (a) += J((b), (c), (d)) + (x) + 0xa953fd4eU; \
- (a) = ROL((a), (s)) + (e); \
- (c) = ROL((c), 10); \
-}
-#define FFF(a, b, c, d, e, x, s) { \
- (a) += F((b), (c), (d)) + (x); \
- (a) = ROL((a), (s)) + (e); \
- (c) = ROL((c), 10); \
-}
-#define GGG(a, b, c, d, e, x, s) { \
- (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9U; \
- (a) = ROL((a), (s)) + (e); \
- (c) = ROL((c), 10); \
-}
-#define HHH(a, b, c, d, e, x, s) { \
- (a) += H((b), (c), (d)) + (x) + 0x6d703ef3U; \
- (a) = ROL((a), (s)) + (e); \
- (c) = ROL((c), 10); \
-}
-#define III(a, b, c, d, e, x, s) { \
- (a) += I((b), (c), (d)) + (x) + 0x5c4dd124U; \
- (a) = ROL((a), (s)) + (e); \
- (c) = ROL((c), 10); \
-}
-#define JJJ(a, b, c, d, e, x, s) { \
- (a) += J((b), (c), (d)) + (x) + 0x50a28be6U; \
- (a) = ROL((a), (s)) + (e); \
- (c) = ROL((c), 10); \
-}
-
-/********************************************************************/
-
-void
-RMD160Init(context)
- RMD160_CTX *context;
-{
-
- /* ripemd-160 initialization constants */
- context->state[0] = 0x67452301U;
- context->state[1] = 0xefcdab89U;
- context->state[2] = 0x98badcfeU;
- context->state[3] = 0x10325476U;
- context->state[4] = 0xc3d2e1f0U;
- context->length[0] = context->length[1] = 0;
- context->buflen = 0;
-}
-
-/********************************************************************/
-
-void
-RMD160Transform(state, block)
- u_int32_t state[5];
- const u_int32_t block[16];
-{
- u_int32_t aa = state[0], bb = state[1], cc = state[2],
- dd = state[3], ee = state[4];
- u_int32_t aaa = state[0], bbb = state[1], ccc = state[2],
- ddd = state[3], eee = state[4];
-
- /* round 1 */
- FF(aa, bb, cc, dd, ee, block[ 0], 11);
- FF(ee, aa, bb, cc, dd, block[ 1], 14);
- FF(dd, ee, aa, bb, cc, block[ 2], 15);
- FF(cc, dd, ee, aa, bb, block[ 3], 12);
- FF(bb, cc, dd, ee, aa, block[ 4], 5);
- FF(aa, bb, cc, dd, ee, block[ 5], 8);
- FF(ee, aa, bb, cc, dd, block[ 6], 7);
- FF(dd, ee, aa, bb, cc, block[ 7], 9);
- FF(cc, dd, ee, aa, bb, block[ 8], 11);
- FF(bb, cc, dd, ee, aa, block[ 9], 13);
- FF(aa, bb, cc, dd, ee, block[10], 14);
- FF(ee, aa, bb, cc, dd, block[11], 15);
- FF(dd, ee, aa, bb, cc, block[12], 6);
- FF(cc, dd, ee, aa, bb, block[13], 7);
- FF(bb, cc, dd, ee, aa, block[14], 9);
- FF(aa, bb, cc, dd, ee, block[15], 8);
-
- /* round 2 */
- GG(ee, aa, bb, cc, dd, block[ 7], 7);
- GG(dd, ee, aa, bb, cc, block[ 4], 6);
- GG(cc, dd, ee, aa, bb, block[13], 8);
- GG(bb, cc, dd, ee, aa, block[ 1], 13);
- GG(aa, bb, cc, dd, ee, block[10], 11);
- GG(ee, aa, bb, cc, dd, block[ 6], 9);
- GG(dd, ee, aa, bb, cc, block[15], 7);
- GG(cc, dd, ee, aa, bb, block[ 3], 15);
- GG(bb, cc, dd, ee, aa, block[12], 7);
- GG(aa, bb, cc, dd, ee, block[ 0], 12);
- GG(ee, aa, bb, cc, dd, block[ 9], 15);
- GG(dd, ee, aa, bb, cc, block[ 5], 9);
- GG(cc, dd, ee, aa, bb, block[ 2], 11);
- GG(bb, cc, dd, ee, aa, block[14], 7);
- GG(aa, bb, cc, dd, ee, block[11], 13);
- GG(ee, aa, bb, cc, dd, block[ 8], 12);
-
- /* round 3 */
- HH(dd, ee, aa, bb, cc, block[ 3], 11);
- HH(cc, dd, ee, aa, bb, block[10], 13);
- HH(bb, cc, dd, ee, aa, block[14], 6);
- HH(aa, bb, cc, dd, ee, block[ 4], 7);
- HH(ee, aa, bb, cc, dd, block[ 9], 14);
- HH(dd, ee, aa, bb, cc, block[15], 9);
- HH(cc, dd, ee, aa, bb, block[ 8], 13);
- HH(bb, cc, dd, ee, aa, block[ 1], 15);
- HH(aa, bb, cc, dd, ee, block[ 2], 14);
- HH(ee, aa, bb, cc, dd, block[ 7], 8);
- HH(dd, ee, aa, bb, cc, block[ 0], 13);
- HH(cc, dd, ee, aa, bb, block[ 6], 6);
- HH(bb, cc, dd, ee, aa, block[13], 5);
- HH(aa, bb, cc, dd, ee, block[11], 12);
- HH(ee, aa, bb, cc, dd, block[ 5], 7);
- HH(dd, ee, aa, bb, cc, block[12], 5);
-
- /* round 4 */
- II(cc, dd, ee, aa, bb, block[ 1], 11);
- II(bb, cc, dd, ee, aa, block[ 9], 12);
- II(aa, bb, cc, dd, ee, block[11], 14);
- II(ee, aa, bb, cc, dd, block[10], 15);
- II(dd, ee, aa, bb, cc, block[ 0], 14);
- II(cc, dd, ee, aa, bb, block[ 8], 15);
- II(bb, cc, dd, ee, aa, block[12], 9);
- II(aa, bb, cc, dd, ee, block[ 4], 8);
- II(ee, aa, bb, cc, dd, block[13], 9);
- II(dd, ee, aa, bb, cc, block[ 3], 14);
- II(cc, dd, ee, aa, bb, block[ 7], 5);
- II(bb, cc, dd, ee, aa, block[15], 6);
- II(aa, bb, cc, dd, ee, block[14], 8);
- II(ee, aa, bb, cc, dd, block[ 5], 6);
- II(dd, ee, aa, bb, cc, block[ 6], 5);
- II(cc, dd, ee, aa, bb, block[ 2], 12);
-
- /* round 5 */
- JJ(bb, cc, dd, ee, aa, block[ 4], 9);
- JJ(aa, bb, cc, dd, ee, block[ 0], 15);
- JJ(ee, aa, bb, cc, dd, block[ 5], 5);
- JJ(dd, ee, aa, bb, cc, block[ 9], 11);
- JJ(cc, dd, ee, aa, bb, block[ 7], 6);
- JJ(bb, cc, dd, ee, aa, block[12], 8);
- JJ(aa, bb, cc, dd, ee, block[ 2], 13);
- JJ(ee, aa, bb, cc, dd, block[10], 12);
- JJ(dd, ee, aa, bb, cc, block[14], 5);
- JJ(cc, dd, ee, aa, bb, block[ 1], 12);
- JJ(bb, cc, dd, ee, aa, block[ 3], 13);
- JJ(aa, bb, cc, dd, ee, block[ 8], 14);
- JJ(ee, aa, bb, cc, dd, block[11], 11);
- JJ(dd, ee, aa, bb, cc, block[ 6], 8);
- JJ(cc, dd, ee, aa, bb, block[15], 5);
- JJ(bb, cc, dd, ee, aa, block[13], 6);
-
- /* parallel round 1 */
- JJJ(aaa, bbb, ccc, ddd, eee, block[ 5], 8);
- JJJ(eee, aaa, bbb, ccc, ddd, block[14], 9);
- JJJ(ddd, eee, aaa, bbb, ccc, block[ 7], 9);
- JJJ(ccc, ddd, eee, aaa, bbb, block[ 0], 11);
- JJJ(bbb, ccc, ddd, eee, aaa, block[ 9], 13);
- JJJ(aaa, bbb, ccc, ddd, eee, block[ 2], 15);
- JJJ(eee, aaa, bbb, ccc, ddd, block[11], 15);
- JJJ(ddd, eee, aaa, bbb, ccc, block[ 4], 5);
- JJJ(ccc, ddd, eee, aaa, bbb, block[13], 7);
- JJJ(bbb, ccc, ddd, eee, aaa, block[ 6], 7);
- JJJ(aaa, bbb, ccc, ddd, eee, block[15], 8);
- JJJ(eee, aaa, bbb, ccc, ddd, block[ 8], 11);
- JJJ(ddd, eee, aaa, bbb, ccc, block[ 1], 14);
- JJJ(ccc, ddd, eee, aaa, bbb, block[10], 14);
- JJJ(bbb, ccc, ddd, eee, aaa, block[ 3], 12);
- JJJ(aaa, bbb, ccc, ddd, eee, block[12], 6);
-
- /* parallel round 2 */
- III(eee, aaa, bbb, ccc, ddd, block[ 6], 9);
- III(ddd, eee, aaa, bbb, ccc, block[11], 13);
- III(ccc, ddd, eee, aaa, bbb, block[ 3], 15);
- III(bbb, ccc, ddd, eee, aaa, block[ 7], 7);
- III(aaa, bbb, ccc, ddd, eee, block[ 0], 12);
- III(eee, aaa, bbb, ccc, ddd, block[13], 8);
- III(ddd, eee, aaa, bbb, ccc, block[ 5], 9);
- III(ccc, ddd, eee, aaa, bbb, block[10], 11);
- III(bbb, ccc, ddd, eee, aaa, block[14], 7);
- III(aaa, bbb, ccc, ddd, eee, block[15], 7);
- III(eee, aaa, bbb, ccc, ddd, block[ 8], 12);
- III(ddd, eee, aaa, bbb, ccc, block[12], 7);
- III(ccc, ddd, eee, aaa, bbb, block[ 4], 6);
- III(bbb, ccc, ddd, eee, aaa, block[ 9], 15);
- III(aaa, bbb, ccc, ddd, eee, block[ 1], 13);
- III(eee, aaa, bbb, ccc, ddd, block[ 2], 11);
-
- /* parallel round 3 */
- HHH(ddd, eee, aaa, bbb, ccc, block[15], 9);
- HHH(ccc, ddd, eee, aaa, bbb, block[ 5], 7);
- HHH(bbb, ccc, ddd, eee, aaa, block[ 1], 15);
- HHH(aaa, bbb, ccc, ddd, eee, block[ 3], 11);
- HHH(eee, aaa, bbb, ccc, ddd, block[ 7], 8);
- HHH(ddd, eee, aaa, bbb, ccc, block[14], 6);
- HHH(ccc, ddd, eee, aaa, bbb, block[ 6], 6);
- HHH(bbb, ccc, ddd, eee, aaa, block[ 9], 14);
- HHH(aaa, bbb, ccc, ddd, eee, block[11], 12);
- HHH(eee, aaa, bbb, ccc, ddd, block[ 8], 13);
- HHH(ddd, eee, aaa, bbb, ccc, block[12], 5);
- HHH(ccc, ddd, eee, aaa, bbb, block[ 2], 14);
- HHH(bbb, ccc, ddd, eee, aaa, block[10], 13);
- HHH(aaa, bbb, ccc, ddd, eee, block[ 0], 13);
- HHH(eee, aaa, bbb, ccc, ddd, block[ 4], 7);
- HHH(ddd, eee, aaa, bbb, ccc, block[13], 5);
-
- /* parallel round 4 */
- GGG(ccc, ddd, eee, aaa, bbb, block[ 8], 15);
- GGG(bbb, ccc, ddd, eee, aaa, block[ 6], 5);
- GGG(aaa, bbb, ccc, ddd, eee, block[ 4], 8);
- GGG(eee, aaa, bbb, ccc, ddd, block[ 1], 11);
- GGG(ddd, eee, aaa, bbb, ccc, block[ 3], 14);
- GGG(ccc, ddd, eee, aaa, bbb, block[11], 14);
- GGG(bbb, ccc, ddd, eee, aaa, block[15], 6);
- GGG(aaa, bbb, ccc, ddd, eee, block[ 0], 14);
- GGG(eee, aaa, bbb, ccc, ddd, block[ 5], 6);
- GGG(ddd, eee, aaa, bbb, ccc, block[12], 9);
- GGG(ccc, ddd, eee, aaa, bbb, block[ 2], 12);
- GGG(bbb, ccc, ddd, eee, aaa, block[13], 9);
- GGG(aaa, bbb, ccc, ddd, eee, block[ 9], 12);
- GGG(eee, aaa, bbb, ccc, ddd, block[ 7], 5);
- GGG(ddd, eee, aaa, bbb, ccc, block[10], 15);
- GGG(ccc, ddd, eee, aaa, bbb, block[14], 8);
-
- /* parallel round 5 */
- FFF(bbb, ccc, ddd, eee, aaa, block[12] , 8);
- FFF(aaa, bbb, ccc, ddd, eee, block[15] , 5);
- FFF(eee, aaa, bbb, ccc, ddd, block[10] , 12);
- FFF(ddd, eee, aaa, bbb, ccc, block[ 4] , 9);
- FFF(ccc, ddd, eee, aaa, bbb, block[ 1] , 12);
- FFF(bbb, ccc, ddd, eee, aaa, block[ 5] , 5);
- FFF(aaa, bbb, ccc, ddd, eee, block[ 8] , 14);
- FFF(eee, aaa, bbb, ccc, ddd, block[ 7] , 6);
- FFF(ddd, eee, aaa, bbb, ccc, block[ 6] , 8);
- FFF(ccc, ddd, eee, aaa, bbb, block[ 2] , 13);
- FFF(bbb, ccc, ddd, eee, aaa, block[13] , 6);
- FFF(aaa, bbb, ccc, ddd, eee, block[14] , 5);
- FFF(eee, aaa, bbb, ccc, ddd, block[ 0] , 15);
- FFF(ddd, eee, aaa, bbb, ccc, block[ 3] , 13);
- FFF(ccc, ddd, eee, aaa, bbb, block[ 9] , 11);
- FFF(bbb, ccc, ddd, eee, aaa, block[11] , 11);
-
- /* combine results */
- ddd += cc + state[1]; /* final result for state[0] */
- state[1] = state[2] + dd + eee;
- state[2] = state[3] + ee + aaa;
- state[3] = state[4] + aa + bbb;
- state[4] = state[0] + bb + ccc;
- state[0] = ddd;
-}
-
-/********************************************************************/
-
-void
-RMD160Update(context, data, nbytes)
- RMD160_CTX *context;
- const u_char *data;
- u_int32_t nbytes;
-{
- u_int32_t X[16];
- u_int32_t ofs = 0;
- u_int32_t i;
-#ifdef WORDS_BIGENDIAN
- u_int32_t j;
-#endif
-
- /* update length[] */
- if (context->length[0] + nbytes < context->length[0])
- context->length[1]++; /* overflow to msb of length */
- context->length[0] += nbytes;
-
- (void)memset(X, 0, sizeof(X));
-
- if ( context->buflen + nbytes < 64 )
- {
- (void)memcpy(context->bbuffer + context->buflen, data, nbytes);
- context->buflen += nbytes;
- }
- else
- {
- /* process first block */
- ofs = 64 - context->buflen;
- (void)memcpy(context->bbuffer + context->buflen, data, ofs);
-#ifndef WORDS_BIGENDIAN
- (void)memcpy(X, context->bbuffer, sizeof(X));
-#else
- for (j=0; j < 16; j++)
- X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j));
-#endif
- RMD160Transform(context->state, X);
- nbytes -= ofs;
-
- /* process remaining complete blocks */
- for (i = 0; i < (nbytes >> 6); i++) {
-#ifndef WORDS_BIGENDIAN
- (void)memcpy(X, data + (64 * i) + ofs, sizeof(X));
-#else
- for (j=0; j < 16; j++)
- X[j] = BYTES_TO_DWORD(data + (64 * i) + (4 * j) + ofs);
-#endif
- RMD160Transform(context->state, X);
- }
-
- /*
- * Put last bytes from data into context's buffer
- */
- context->buflen = nbytes & 63;
- memcpy(context->bbuffer, data + (64 * i) + ofs, context->buflen);
- }
-}
-
-/********************************************************************/
-
-void
-RMD160Final(digest, context)
- u_char digest[20];
- RMD160_CTX *context;
-{
- u_int32_t i;
- u_int32_t X[16];
-#ifdef WORDS_BIGENDIAN
- u_int32_t j;
-#endif
-
- /* append the bit m_n == 1 */
- context->bbuffer[context->buflen] = '\200';
-
- (void)memset(context->bbuffer + context->buflen + 1, 0,
- 63 - context->buflen);
-#ifndef WORDS_BIGENDIAN
- (void)memcpy(X, context->bbuffer, sizeof(X));
-#else
- for (j=0; j < 16; j++)
- X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j));
-#endif
- if ((context->buflen) > 55) {
- /* length goes to next block */
- RMD160Transform(context->state, X);
- (void)memset(X, 0, sizeof(X));
- }
-
- /* append length in bits */
- X[14] = context->length[0] << 3;
- X[15] = (context->length[0] >> 29) |
- (context->length[1] << 3);
- RMD160Transform(context->state, X);
-
- if (digest != NULL) {
- for (i = 0; i < 20; i += 4) {
- /* extracts the 8 least significant bits. */
- digest[i] = context->state[i>>2];
- digest[i + 1] = (context->state[i>>2] >> 8);
- digest[i + 2] = (context->state[i>>2] >> 16);
- digest[i + 3] = (context->state[i>>2] >> 24);
- }
- }
-}
-
-/************************ end of file rmd160.c **********************/
-#endif
diff -ruN skey-1.1.5.orig/rmd160.h skey-1.1.5/rmd160.h
--- skey-1.1.5.orig/rmd160.h 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/rmd160.h 1970-01-01 01:00:00.000000000 +0100
@@ -1,48 +0,0 @@
-/* $OpenBSD: rmd160.h,v 1.4 1999/08/16 09:59:04 millert Exp $ */
-
-/********************************************************************\
- *
- * FILE: rmd160.h
- *
- * CONTENTS: Header file for a sample C-implementation of the
- * RIPEMD-160 hash-function.
- * TARGET: any computer with an ANSI C compiler
- *
- * AUTHOR: Antoon Bosselaers, ESAT-COSIC
- * DATE: 1 March 1996
- * VERSION: 1.0
- *
- * Copyright (c) Katholieke Universiteit Leuven
- * 1996, All Rights Reserved
- *
-\********************************************************************/
-
-#ifndef _RMD160_H /* make sure this file is read only once */
-#define _RMD160_H
-
-/********************************************************************/
-
-/* structure definitions */
-
-typedef struct {
- u_int32_t state[5]; /* state (ABCDE) */
- u_int32_t length[2]; /* number of bits */
- u_char bbuffer[64]; /* overflow buffer */
- u_int32_t buflen; /* number of chars in bbuffer */
-} RMD160_CTX;
-
-/********************************************************************/
-
-/* function prototypes */
-
-void RMD160Init __P((RMD160_CTX *context));
-void RMD160Transform __P((u_int32_t state[5], const u_int32_t block[16]));
-void RMD160Update __P((RMD160_CTX *context, const u_char *data, u_int32_t nbytes));
-void RMD160Final __P((u_char digest[20], RMD160_CTX *context));
-char *RMD160End __P((RMD160_CTX *, char *));
-char *RMD160File __P((char *, char *));
-char *RMD160Data __P((const u_char *, size_t, char *));
-
-#endif /* _RMD160_H */
-
-/*********************** end of file rmd160.h ***********************/
diff -ruN skey-1.1.5.orig/rmd160hl.c skey-1.1.5/rmd160hl.c
--- skey-1.1.5.orig/rmd160hl.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/rmd160hl.c 1970-01-01 01:00:00.000000000 +0100
@@ -1,85 +0,0 @@
-/* rmd160hl.c
- * ----------------------------------------------------------------------------
- * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dkuug.dk> wrote this file. As long as you retain this notice you
- * can do whatever you want with this stuff. If we meet some day, and you think
- * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
- * ----------------------------------------------------------------------------
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: rmd160hl.c,v 1.2 1999/08/17 09:13:12 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/uio.h>
-#include <unistd.h>
-#include "config.h"
-#ifdef HAVE_RMD160_H
-#include <rmd160.h>
-#else
-#include "rmd160.h"
-#endif
-
-/* ARGSUSED */
-char *
-RMD160End(ctx, buf)
- RMD160_CTX *ctx;
- char *buf;
-{
- int i;
- char *p = buf;
- u_char digest[20];
- static const char hex[]="0123456789abcdef";
-
- if (p == NULL && (p = malloc(41)) == NULL)
- return 0;
-
- RMD160Final(digest,ctx);
- for (i = 0; i < 20; i++) {
- p[i + i] = hex[digest[i] >> 4];
- p[i + i + 1] = hex[digest[i] & 0x0f];
- }
- p[i + i] = '\0';
- return(p);
-}
-
-char *
-RMD160File (filename, buf)
- char *filename;
- char *buf;
-{
- u_char buffer[BUFSIZ];
- RMD160_CTX ctx;
- int fd, num, oerrno;
-
- RMD160Init(&ctx);
-
- if ((fd = open(filename, O_RDONLY)) < 0)
- return(0);
-
- while ((num = read(fd, buffer, sizeof(buffer))) > 0)
- RMD160Update(&ctx, buffer, num);
-
- oerrno = errno;
- close(fd);
- errno = oerrno;
- return(num < 0 ? 0 : RMD160End(&ctx, buf));
-}
-
-char *
-RMD160Data (data, len, buf)
- const u_char *data;
- size_t len;
- char *buf;
-{
- RMD160_CTX ctx;
-
- RMD160Init(&ctx);
- RMD160Update(&ctx, data, len);
- return(RMD160End(&ctx, buf));
-}
diff -ruN skey-1.1.5.orig/skey.1 skey-1.1.5/skey.1
--- skey-1.1.5.orig/skey.1 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skey.1 2003-11-06 17:46:45.000000000 +0000
@@ -1,95 +1,165 @@
-.\" $OpenBSD: skey.1,v 1.21 2000/11/09 17:52:38 aaron Exp $
-.\" @(#)skey.1 1.1 10/28/93
+.\" $NetBSD: skey.1,v 1.21 2003/09/07 16:22:24 wiz Exp $
.\"
-.Dd October 28, 1993
+.\" from: @(#)skey.1 1.1 10/28/93
+.\"
+.Dd July 25, 2001
.Dt SKEY 1
.Os
.Sh NAME
-.Nm skey, otp-md4, otp-md5, otp-sha1, otp-rmd160
+.Nm skey
.Nd respond to an OTP challenge
.Sh SYNOPSIS
-.Nm skey
-.Op Fl x
-.Oo
-.Fl md4 | Fl md5 | Fl sha1 |
-.Fl rmd160
-.Oc
+.Nm
.Op Fl n Ar count
-.Op Fl p Ar passwd
-<sequence#>[/] key
+.Op Fl p Ar password
+.Op Fl t Ar hash
+.Op Fl x
+.Ar sequence#
+.Op /
+.Ar key
.Sh DESCRIPTION
-.Nm S/key
-is a procedure for using one-time passwords to authenticate access to
-computer systems.
-It uses 64 bits of information transformed by the
-MD4, MD5, SHA1, or RIPEMD-160 algorithms.
-The user supplies the 64 bits
-in the form of 6 English words that are generated by a secure computer.
-This implementation of
-.Nm s/key
-is RFC 1938 compliant.
+.Em S/Key
+is a One Time Password (OTP) authentication system.
+It is intended to be used when the communication channel between
+a user and host is not secure (e.g. not encrypted or hardwired).
+Since each password is used only once, even if it is "seen" by a
+hostile third party, it cannot be used again to gain access to the host.
.Pp
-When
-.Nm skey
-is invoked as
-.Nm otp-method ,
-.Nm skey
-will use
-.Ar method
-as the hash function where
-.Ar method
-is currently one of md4, md5, sha1, or rmd160.
+.Em S/Key
+uses 64 bits of information, transformed by the
+.Tn MD4
+algorithm into 6 English words.
+The user supplies the words to authenticate himself to programs like
+.Xr login 1
+or
+.Xr ftpd 8 .
+.Pp
+Example use of the
+.Em S/Key
+program
+.Nm :
+.Bd -literal -offset indent
+% skey 99 th91334
+Enter password: \*[Lt]your secret password is entered here\*[Gt]
+OMEN US HORN OMIT BACK AHOY
+%
+.Ed
+.Pp
+The string that is given back by
+.Nm
+can then be used to log into a system.
+.Pp
+The programs that are part of the
+.Em S/Key
+system are:
+.Bl -tag -width skeyauditxxx
+.It Xr skeyinit 1
+used to set up your
+.Em S/Key .
+.It Nm
+used to get the one time password(s).
+.It Xr skeyinfo 1
+used to initialize the
+.Em S/Key
+database for the specified user.
+It also tells the user what the next challenge will be.
+.It Xr skeyaudit 1
+used to inform users that they will soon have to rerun
+.Xr skeyinit 1 .
+.El
.Pp
-If you misspell your password while running
-.Nm skey ,
+When you run
+.Xr skeyinit 1
+you inform the system of your
+secret password.
+Running
+.Nm
+then generates the
+one-time password(s), after requiring your secret password.
+If however, you misspell your secret password that you have given to
+.Xr skeyinit 1
+while running
+.Xr skey 1
you will get a list of passwords
-that will not work, and no indication of the problem.
+that will not work, and no indication about the problem.
.Pp
-Password sequence numbers count backwards.
+Password sequence numbers count backward from 99.
You can enter the passwords using small letters, even though
-.Nm skey
+.Xr skey 1
prints them capitalized.
.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl n Ar count
-Prints out
+The
+.Fl n Ar count
+argument asks for
.Ar count
-one-time passwords.
-The default is to print one.
-.It Fl p Ar password
-Uses
-.Ar password
-as the secret password.
-Use of this option is discouraged as
-your secret password could be visible in a process listing.
-.It Fl x
-Causes output to be in hexadecimal instead of ASCII.
-.It Fl md4
-Selects MD4 as the hash algorithm.
-.It Fl md5
-Selects MD5 as the hash algorithm.
-.It Fl sha1
-Selects SHA-1 (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
-.It Fl rmd160
-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
-.El
+password sequences to be printed out ending with the requested
+sequence number.
+.Pp
+The hash algorithm is selected using the
+.Fl t Ar hash
+option, possible choices here are md4, md5 or sha1.
+.Pp
+The
+.Fl p Ar password
+allows the user to specify the
+.Em S/Key
+password on the command line.
+.Pp
+To output the S/Key list in hexadecimal instead of words,
+use the
+.Fl x
+option.
.Sh EXAMPLES
-.sp 0
- % skey 99 th91334
-.sp 0
- Enter secret password: <your secret password is entered here>
-.sp 0
- OMEN US HORN OMIT BACK AHOY
-.sp 0
- %
+Initialize generation of one time passwords:
+.Bd -literal -offset indent
+host% skeyinit
+Password: \*[Lt]normal login password\*[Gt]
+[Adding username]
+Enter secret password: \*[Lt]new secret password\*[Gt]
+Again secret password: \*[Lt]new secret password again\*[Gt]
+ID username s/key is 99 host12345
+Next login password: SOME SIX WORDS THAT WERE COMPUTED
+.Ed
+.Pp
+Produce a list of one time passwords to take with to a conference:
+.Bd -literal -offset indent
+host% skey -n 3 99 host12345
+Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt]
+97: NOSE FOOT RUSH FEAR GREY JUST
+98: YAWN LEO DEED BIND WACK BRAE
+99: SOME SIX WORDS THAT WERE COMPUTED
+.Ed
+.Pp
+Logging in to a host where
+.Nm
+is installed:
+.Bd -literal -offset indent
+host% telnet host
+
+login: \*[Lt]username\*[Gt]
+Password [s/key 97 host12345]:
+.Ed
+.Pp
+Note that the user can use either his/her
+.Em S/Key
+password at the prompt but also the normal one unless the
+.Fl s
+flag is given to
+.Xr login 1 .
.Sh SEE ALSO
.Xr login 1 ,
+.Xr skeyaudit 1 ,
.Xr skeyinfo 1 ,
-.Xr skeyinit 1
+.Xr skeyinit 1 ,
+.Xr ftpd 8
.Pp
-.Em RFC1938
+.Em RFC 2289
.Sh TRADEMARKS AND PATENTS
-S/Key is a Trademark of Bellcore.
+.Em S/Key
+is a trademark of
+.Tn Bellcore .
.Sh AUTHORS
-Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
+Phil Karn,
+Neil M. Haller,
+John S. Walden,
+Scott Chasin
diff -ruN skey-1.1.5.orig/skey.3 skey-1.1.5/skey.3
--- skey-1.1.5.orig/skey.3 1970-01-01 01:00:00.000000000 +0100
+++ skey-1.1.5/skey.3 2003-11-06 17:46:45.000000000 +0000
@@ -0,0 +1,264 @@
+.\" $NetBSD: skey.3,v 1.8 2003/06/06 13:42:50 wiz Exp $
+.\"
+.\" Copyright (c) 2001 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Gregory McGarry.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by the NetBSD
+.\" Foundation, Inc. and its contributors.
+.\" 4. Neither the name of The NetBSD Foundation nor the names of its
+.\" contributors may be used to endorse or promote products derived
+.\" from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd November 10, 2001
+.Dt SKEY 3
+.Os
+.Sh NAME
+.Nm skey ,
+.Nm skeychallenge ,
+.Nm skeylookup ,
+.Nm skeygetnext ,
+.Nm skeyverify ,
+.Nm skeyzero ,
+.Nm getskeyprompt ,
+.Nm skey_set_algorithm ,
+.Nm skey_get_algorithm ,
+.Nm skey_haskey ,
+.Nm skey_keyinfo ,
+.Nm skey_passcheck ,
+.Nm skey_authenticate
+.Nd one-time password (OTP) library
+.Sh LIBRARY
+S/key One-Time Password Library (libskey, -lskey)
+.Sh SYNOPSIS
+.In skey.h
+.Ft int
+.Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \
+"size_t sslen"
+.Ft int
+.Fn skeylookup "struct skey *mp" "const char *name"
+.Ft int
+.Fn skeygetnext "struct skey *mp"
+.Ft int
+.Fn skeyverify "struct skey *mp" "char *response"
+.Ft int
+.Fn skeyzero "struct skey *mp" "char *response"
+.Ft int
+.Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt"
+.Ft const char *
+.Fn skey_set_algorithm "const char *new"
+.Ft const char *
+.Fn skey_get_algorithm "void"
+.Ft int
+.Fn skey_haskey "const char *username"
+.Ft const char *
+.Fn skey_keyinfo "const char *username"
+.Ft int
+.Fn skey_passcheck "const char *username" "char *passwd"
+.Ft int
+.Fn skey_authenticate "const char *username"
+.Ft void
+.Fn f "char *x"
+.Ft int
+.Fn keycrunch "char *result" "const char *seed" "const char *passwd"
+.Ft void
+.Fn rip "char *buf"
+.Ft char *
+.Fn readpass "char *buf " "int n"
+.Ft char *
+.Fn readskey "char *buf" "int n"
+.Ft int
+.Fn atob8 "char *out" "const char *in"
+.Ft int
+.Fn btoa8 "char *out" "const char *in"
+.Ft int
+.Fn htoi "int c"
+.Ft const char *
+.Fn skipspace "const char *cp"
+.Ft void
+.Fn backspace "char *buf"
+.Ft void
+.Fn sevenbit "char *buf"
+.Ft char *
+.Fn btoe "char *engout" "const char *c"
+.Ft int
+.Fn etob "char *out" "const char *e"
+.Ft char *
+.Fn put8 "char *out" "const char *s"
+.Sh DESCRIPTION
+The
+.Nm
+library provides routines for accessing
+.Nx Ns 's
+one-time password (OTP) authentication system.
+.Pp
+Most S/Key operations take a pointer to a
+.Em struct skey ,
+which should be considered as an opaque identifier.
+.Sh FUNCTIONS
+The following high-level functions are available:
+.Bl -tag -width compact
+.It Fn skeychallenge "mp" "name" "ss" "sslen"
+Return a S/Key challenge for user
+.Fa name .
+If successful, the caller's skey structure
+.Fa mp
+is filled and 0 is returned.
+If unsuccessful (e.g. if name is unknown),
+\-1 is returned.
+.It Fn skeylookup "mp" "name"
+Find an entry for user
+.Fa name
+in the one-time password database.
+Returns 0 if the entry is found and 1 if the entry is not found.
+If an error occurs accessing the database, \-1 is returned.
+.It Fn skeygetnext "mp"
+Get the next entry in the one-time password database.
+Returns 0 on success and the entry is stored in
+.Ar mp
+and 1 if no more entries are available.
+If an error occurs accessing the database, \-1 is returned.
+.It Fn skeyverify "mp" "response"
+Verify response
+.Fa response
+to a S/Key challenge.
+Returns 0 if the verification is successful and 1 if the verification failed.
+If an error occurs accessing the database, \-1 is returned.
+.It Fn skeyzero "mp" "response"
+Comment out user's entry in the S/Key database.
+Returns 0 on success and the database is updated,
+otherwise \-1 is returned and the database remains unchanged.
+.It Fn getskeyprompt "mp" "name" "prompt"
+Issue a S/Key challenge for user
+.Ar name .
+If successful, fill in the caller's skey structure
+.Fa mp
+and return 0.
+If unsuccessful (e.g. if name is unknown) \-1 is returned.
+.El
+.Pp
+The following lower-level functions are available:
+.Bl -tag -width compact
+.It Fn skey_set_algorithm "new"
+Set hash algorithm type.
+Valid values for
+.Fa new
+are "md4", "md5" and "sha1".
+.It Fn skey_get_algorithm "void"
+Get current hash type.
+.It Fn skey_haskey "username"
+Returns 0 if the user
+.Fa username
+exists and 1 if the user doesn't exist.
+Returns \-1 on file error.
+.It Fn skey_keyinfo "username"
+Returns the current sequence number and seed for user
+.Ar username .
+.It Fn skey_passcheck "username" "passwd"
+Checks to see if answer is the correct one to the current challenge.
+.It Fn skey_authenticate "username"
+Used when calling program will allow input of the user's response to
+the challenge.
+Returns zero on success or \-1 on failure.
+.El
+.Pp
+The following miscellaneous functions are available:
+.Bl -tag -width compact
+.It Fn f "x"
+One-way function to take 8 bytes pointed to by
+.Fa x
+and return 8 bytes in place.
+.It Fn keycrunch "char *result" "const char *seed" "const char *passwd"
+Crunch a key.
+.It Fn rip "buf"
+Strip trailing CR/LF characters from a line of text
+.Fa buf .
+.It Fn readpass "buf" "n"
+Read in secret passwd (turns off echo).
+.It Fn readskey "buf" "n"
+Read in an s/key OTP (does not turn off echo).
+.It Fn atob8 "out" "in"
+Convert 8-byte hex-ascii string
+.Fa in
+to binary array
+.Fa out .
+Returns 0 on success, \-1 on error.
+.It Fn btoa8 "out" "in"
+Convert 8-byte binary array
+.Fa in
+to hex-ascii string
+.Fa out .
+Returns 0 on success, \-1 on error.
+.It Fn htoi "int c"
+Convert hex digit to binary integer.
+.It Fn skipspace "cp"
+Skip leading spaces from the string
+.Fa cp .
+.It Fn backspace "buf"
+Remove backspaced over characters from the string
+.Fa buf .
+.It Fn sevenbit "buf"
+Ensure line
+.Fa buf
+is all seven bits.
+.It Fn btoe "engout" "c"
+Encode 8 bytes in
+.Ar c
+as a string of English words.
+Returns a pointer to a static buffer in
+.Fa engout .
+.It Fn etob "out" "e"
+Convert English to binary.
+Returns 0 if the word is not in the database, 1 if all good words and
+parity is valid, \-1 if badly formed input (i.e. \*[Gt] 4 char word)
+and -2 if words are valid but parity is wrong.
+.It Fn put8 "out" "s"
+Display 8 bytes
+.Fa s
+as a series of 16-bit hex digits.
+.El
+.Sh FILES
+.Bl -tag -width /usr/lib/libskey_p.a -compact
+.It Pa /usr/lib/libskey.a
+static skey library
+.It Pa /usr/lib/libskey.so
+dynamic skey library
+.It Pa /usr/lib/libskey_p.a
+static skey library compiled for profiling
+.El
+.Sh SEE ALSO
+.Xr skey 1 ,
+.Xr skeyaudit 1 ,
+.Xr skeyinfo 1
+.Sh BUGS
+The
+.Nm
+library functions are not re-entrant or thread-safe.
+.Pp
+The
+.Nm
+library defines many poorly named functions which pollute the name space.
diff -ruN skey-1.1.5.orig/skeyaudit.1 skey-1.1.5/skeyaudit.1
--- skey-1.1.5.orig/skeyaudit.1 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyaudit.1 2003-11-06 17:46:45.000000000 +0000
@@ -1,46 +1,29 @@
-.\" $OpenBSD: skeyaudit.1,v 1.8 2000/11/09 17:52:38 aaron Exp $
+.\" $NetBSD: skeyaudit.1,v 1.6 2001/04/09 12:34:14 wiz Exp $
.\"
-.Dd 22 July 1997
+.Dd June 9, 1994
.Dt SKEYAUDIT 1
.Os
.Sh NAME
.Nm skeyaudit
.Nd warn users if their S/Key will soon expire
.Sh SYNOPSIS
-.Nm skeyaudit
-.Op Fl a
-.Op Fl i
-.Op Fl l Ar limit
+.Nm
+.Op Ar limit
.Sh DESCRIPTION
.Nm
searches through the file
-.Pa /etc/skeykeys
+.Dq Pa /etc/skey/skeykeys
for users whose S/Key sequence number is less than
.Ar limit ,
-and mails them a reminder to run
+and sends them a reminder to run
.Xr skeyinit 1
-soon.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl a
-Check all keys in
-.Pa /etc/skeykeys .
-This option is only available to the superuser and
-is useful to run regularly via
-.Xr cron 8 .
-.It Fl i
-Interactive mode.
-Don't send mail, just print to the standard output.
-.It Fl l Ar limit
-The limit used to determine whether or not a user should be notified.
-The default is to notify if there are fewer than 12 keys left.
-.El
+soon. If no limit is specified a default of 12 is used.
.Sh FILES
-.Bl -tag -width /etc/skeykeys -compact
-.It Pa /etc/skeykeys
-S/Key key information database
+.Bl -tag -width /etc/skey/skeykeys -compact
+.It Pa /etc/skey/skeykeys
+The S/Key key information database
.El
.Sh SEE ALSO
.Xr skey 1 ,
+.Xr skeyinfo 1 ,
.Xr skeyinit 1
diff -ruN skey-1.1.5.orig/skeyaudit.c skey-1.1.5/skeyaudit.c
--- skey-1.1.5.orig/skeyaudit.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyaudit.c 1970-01-01 01:00:00.000000000 +0100
@@ -1,236 +0,0 @@
-/* $OpenBSD: skeyaudit.c,v 1.10 2000/09/20 21:53:49 pjanzen Exp $ */
-
-/*
- * Copyright (c) 1997, 2000 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <errno.h>
-/*#include <limits.h>*/
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <netdb.h>
-#include "config.h"
-#ifdef HAVE_ERR_H
-#include <err.h>
-#else
-#include "err.h"
-#endif
-#include "skey.h"
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/wait.h>
-
-#ifdef HAVE_LOGIN_CAP_H
-# include <login_cap.h>
-#else
-# include "login_cap.h"
-#endif
-
-char *__progname;
-
-void notify __P((struct passwd *, int, int));
-FILE *runsendmail __P((struct passwd *, int *));
-void usage __P((void));
-
-int
-main(argc, argv)
- int argc;
- char **argv;
-{
- struct passwd *pw;
- struct skey key;
- int ch, errs = 0, left = 0, aflag = 0, iflag = 0, limit = 12;
- char *name;
-
- __progname = argv[0];
-
- if (geteuid() != 0)
- errx(1, "must be setuid root");
-
- while ((ch = getopt(argc, argv, "ail:")) != -1)
- switch(ch) {
- case 'a':
- aflag = 1;
- if (getuid() != 0)
- errx(1, "only root may use the -a flag");
- break;
- case 'i':
- iflag = 1;
- break;
- case 'l':
- errno = 0;
- if ((limit = (int)strtol(optarg, NULL, 10)) == 0)
- errno = ERANGE;
- if (errno) {
- warn("key limit");
- usage();
- }
- break;
- default:
- usage();
- }
-
- if (argc - optind > 0)
- usage();
-
- /* Need key.keyfile zero'd at the very least */
- (void)memset(&key, 0, sizeof(key));
-
- if (aflag) {
- while ((ch = skeygetnext(&key)) == 0) {
- left = key.n - 1;
- if ((pw = getpwnam(key.logname)) == NULL)
- continue;
- if (left >= limit)
- continue;
- notify(pw, left, iflag);
- }
- if (ch == -1)
- errx(-1, "cannot open %s", SKEYKEYS);
- else
- (void)fclose(key.keyfile);
- } else {
- if ((pw = getpwuid(getuid())) == NULL)
- errx(1, "no passwd entry for uid %u", getuid());
- if ((name = strdup(pw->pw_name)) == NULL)
- err(1, "cannot allocate memory");
- sevenbit(name);
-
- errs = skeylookup(&key, name);
- switch (errs) {
- case 0: /* Success! */
- left = key.n - 1;
- break;
- case -1: /* File error */
- errx(errs, "cannot open %s", SKEYKEYS);
- break;
- case 1: /* Unknown user */
- warnx("%s is not listed in %s", name,
- SKEYKEYS);
- }
- (void)fclose(key.keyfile);
-
- if (!errs && left < limit)
- notify(pw, left, iflag);
- }
-
- exit(errs);
-}
-
-void
-notify(pw, seq, interactive)
- struct passwd *pw;
- int seq;
- int interactive;
-{
- static char hostname[MAXHOSTNAMELEN];
- int pid;
- FILE *out;
-
- /* Only set this once */
- if (hostname[0] == '\0' && gethostname(hostname, sizeof(hostname)) == -1)
- strcpy(hostname, "unknown");
-
- if (interactive)
- out = stdout;
- else
- out = runsendmail(pw, &pid);
-
- if (!interactive)
- (void)fprintf(out,
- "To: %s\nSubject: IMPORTANT action required\n", pw->pw_name);
-
- if (seq)
- (void)fprintf(out,
-"\nYou are nearing the end of your current S/Key sequence for account\n\
-%s on system %s.\n\n\
-Your S/Key sequence number is now %d. When it reaches zero\n\
-you will no longer be able to use S/Key to log into the system.\n\n",
-pw->pw_name, hostname, seq);
- else
- (void)fprintf(out,
-"\nYou are at the end of your current S/Key sequence for account\n\
-%s on system %s.\n\n\
-At this point you can no longer use S/Key to log into the system.\n\n",
-pw->pw_name, hostname);
- (void)fprintf(out,
-"Type \"skeyinit -s\" to reinitialize your sequence number.\n\n");
-
- (void)fclose(out);
- if (!interactive)
- (void)waitpid(pid, NULL, 0);
-}
-
-FILE *
-runsendmail(pw, pidp)
- struct passwd *pw;
- int *pidp;
-{
- FILE *fp;
- int pfd[2], pid;
-
- if (pipe(pfd) < 0)
- return(NULL);
-
- switch (pid = fork()) {
- case -1: /* fork(2) failed */
- (void)close(pfd[0]);
- (void)close(pfd[1]);
- return(NULL);
- case 0: /* In child */
- (void)close(pfd[1]);
- (void)dup2(pfd[0], STDIN_FILENO);
- (void)close(pfd[0]);
-
- /* Run sendmail as target user not root */
- if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) {
- warn("cannot set user context");
- _exit(127);
- }
-
- execl(SENDMAIL, "sendmail", "-t", NULL);
- warn("cannot run \"%s -t\"", SENDMAIL);
- _exit(127);
- }
-
- /* In parent */
- *pidp = pid;
- fp = fdopen(pfd[1], "w");
- (void)close(pfd[0]);
-
- return(fp);
-}
-void
-usage()
-{
- (void)fprintf(stderr, "Usage: %s [-i] [-l limit]\n",
- __progname);
- exit(1);
-}
diff -ruN skey-1.1.5.orig/skeyaudit.sh skey-1.1.5/skeyaudit.sh
--- skey-1.1.5.orig/skeyaudit.sh 1970-01-01 01:00:00.000000000 +0100
+++ skey-1.1.5/skeyaudit.sh 2003-11-06 17:46:45.000000000 +0000
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# $NetBSD: skeyaudit.sh,v 1.2.12.2 2000/07/28 12:42:59 mjl Exp $
+#
+# This script will look thru the skeykeys file for
+# people with sequence numbers less than LOWLIMIT=12
+# and send them an e-mail reminder to use skeyinit soon
+#
+
+KEYDB=/etc/skey/skeykeys
+LOWLIMIT=12
+ADMIN=root
+SUBJECT="Reminder: Run skeyinit"
+HOST=`/bin/hostname`
+
+
+if [ "$1" != "" ]
+then
+ LOWLIMIT=$1
+fi
+
+if [ ! -s "${KEYDB}" ]; then
+ exit 0
+fi
+
+# an skeykeys entry looks like
+# jsw 0076 la13079 ba20a75528de9d3a
+# #oot md5 0005 aspa26398 9432d570ff4421f0 Jul 07,2000 01:36:43
+# mjl sha1 0099 alpha2 459a5dac23d20a90 Jul 07,2000 02:14:17
+# the sequence number is the second (or third) entry
+#
+
+SKEYS=`awk '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB`
+
+set -- ${SKEYS}
+
+while [ "X$1" != "X" ]; do
+ USER=$1
+ SEQ=$2
+ KEY=$3
+ shift 3
+ # echo "$USER -- $SEQ -- $KEY"
+ if [ $SEQ -lt $LOWLIMIT ]; then
+ if [ $SEQ -lt 3 ]; then
+ SUBJECT="IMPORTANT action required"
+ fi
+ (
+ echo "You are nearing the end of your current S/Key sequence for account $i"
+ echo "on system $HOST."
+ echo ""
+ echo "Your S/key sequence number is now $SEQ. When it reaches zero you"
+ echo "will no longer be able to use S/Key to login into the system. "
+ echo " "
+ echo "Use \"skeyinit -s\" to reinitialize your sequence number."
+ echo ""
+ ) | mail -s "$SUBJECT" $USER $ADMIN
+ fi
+done
diff -ruN skey-1.1.5.orig/skey.c skey-1.1.5/skey.c
--- skey-1.1.5.orig/skey.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skey.c 2003-11-06 17:46:45.000000000 +0000
@@ -25,6 +25,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <ctype.h>
#include "config.h"
#ifdef HAVE_ERR_H
@@ -35,102 +36,93 @@
#include "skey.h"
-void usage __P((char *));
+int main(int, char **);
+void usage(char *);
int
-main(argc, argv)
- int argc;
- char *argv[];
+main(int argc, char **argv)
{
- int n, i, cnt = 1, pass = 0, hexmode = 0;
- char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
- char buf[33], *seed, *slash;
-
- /* If we were called as otp-METHOD, set algorithm based on that */
- if ((slash = strrchr(argv[0], '/')))
- slash++;
- else
- slash = argv[0];
- if (strncmp(slash, "otp-", 4) == 0) {
- slash += 4;
- if (skey_set_algorithm(slash) == NULL)
- errx(1, "Unknown hash algorithm %s", slash);
- }
-
- for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
- if (argv[i][2] == '\0') {
- /* Single character switch */
- switch (argv[i][1]) {
+ int n, cnt = 1, i, pass = 0, hexmode = 0;
+ char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
+ char buf[33], *seed, *slash, *t;
+
+ while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) {
+ switch(i) {
+ case 'f':
+ break; /* unused */
case 'n':
- if (i + 1 == argc)
- usage(argv[0]);
- cnt = atoi(argv[++i]);
+ cnt = atoi(optarg);
break;
case 'p':
- if (i + 1 == argc)
- usage(argv[0]);
- if (strlcpy(passwd, argv[++i], sizeof(passwd)) >=
- sizeof(passwd))
- errx(1, "Password too long");
+ if (strncpy(passwd, optarg, sizeof(passwd)) == NULL)
+ errx(1, "Password too long");
pass = 1;
break;
+ case 't':
+ if (skey_set_algorithm(optarg) == NULL)
+ errx(1, "Unknown hash algorithm %s", optarg);
+ break;
case 'x':
hexmode = 1;
break;
default:
usage(argv[0]);
- }
- } else {
- /* Multi character switches are hash types */
- if (skey_set_algorithm(&argv[i][1]) == NULL) {
- warnx("Unknown hash algorithm %s", &argv[i][1]);
- usage(argv[0]);
- }
+ break;
}
- i++;
}
- if (argc > i + 2)
- usage(argv[0]);
-
- /* Could be in the form <number>/<seed> */
- if (argc <= i + 1) {
+ /* could be in the form <number>/<seed> */
+ if (argc <= optind + 1) {
/* look for / in it */
- if (argc <= i)
+ if (argc <= optind)
usage(argv[0]);
- slash = strchr(argv[i], '/');
+ slash = strchr(argv[optind], '/');
if (slash == NULL)
usage(argv[0]);
*slash++ = '\0';
seed = slash;
- if ((n = atoi(argv[i])) < 0) {
- warnx("%d not positive", n);
+ if ((n = atoi(argv[optind])) < 0) {
+ fprintf(stderr, "%s is not positive\n", argv[optind]);
usage(argv[0]);
} else if (n > SKEY_MAX_SEQ) {
warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
usage(argv[0]);
}
} else {
- if ((n = atoi(argv[i])) < 0) {
- warnx("%d not positive", n);
+ if ((n = atoi(argv[optind])) < 0) {
+ fprintf(stderr, "%s not positive\n", argv[optind]);
usage(argv[0]);
} else if (n > SKEY_MAX_SEQ) {
warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
usage(argv[0]);
}
- seed = argv[++i];
+ seed = argv[++optind];
+ }
+
+ for (t = seed; *t; t++) {
+ if (!isalnum(*t))
+ errx(1, "seed must be alphanumeric");
}
+ if (!*seed || strlen(seed) > SKEY_MAX_SEED_LEN)
+ errx(1, "seed must be between 1 and %d long", SKEY_MAX_SEED_LEN);
+
/* Get user's secret password */
if (!pass) {
- (void)fputs("Reminder - Do not use this program while logged in via telnet or rlogin.\n", stderr);
- (void)fputs("Enter secret password: ", stderr);
+ fputs("Reminder - Do not use this program while "
+ "logged in via telnet or rlogin.\n", stderr);
+ fprintf(stderr, "Enter secret password: ");
readpass(passwd, sizeof(passwd));
if (passwd[0] == '\0')
exit(1);
}
+ if (strlen(passwd) < SKEY_MIN_PW_LEN)
+ warnx(
+ "RFC2289 states that password should be at least %d characters long",
+ SKEY_MIN_PW_LEN);
+
/* Crunch seed and password into starting key */
if (keycrunch(key, seed, passwd) != 0)
errx(1, "key crunch failed");
@@ -138,16 +130,15 @@
if (cnt == 1) {
while (n-- != 0)
f(key);
- (void)puts(hexmode ? put8(buf, key) : btoe(buf, key));
+ puts(hexmode ? put8(buf, key) : btoe(buf, key));
} else {
for (i = 0; i <= n - cnt; i++)
f(key);
for (; i <= n; i++) {
+ printf("%3d: %-29s", i, btoe(buf, key));
if (hexmode)
- (void)printf("%d: %-29s %s\n", i,
- btoe(buf, key), put8(buf, key));
- else
- (void)printf("%d: %-29s\n", i, btoe(buf, key));
+ printf("\t%s", put8(buf, key));
+ puts("");
f(key);
}
}
@@ -155,9 +146,10 @@
}
void
-usage(s)
- char *s;
+usage(char *s)
{
- (void)fprintf(stderr, "Usage: %s [-x] [-md4|-md5|-sha1|-rmd160] [-n count] [-p password] <sequence#>[/] key\n", s);
+ fprintf(stderr,
+"Usage: %s [-n count] [-p password] [-t hash] [-x] sequence# [/] key\n",
+ s);
exit(1);
}
diff -ruN skey-1.1.5.orig/skey.h skey-1.1.5/skey.h
--- skey-1.1.5.orig/skey.h 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skey.h 2003-11-06 17:46:45.000000000 +0000
@@ -1,3 +1,5 @@
+/* $NetBSD: skey.h,v 1.8 2000/07/28 16:35:11 thorpej Exp $ */
+
/*
* S/KEY v1.1b (skey.h)
*
@@ -11,86 +13,86 @@
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Main client header
- *
- * $OpenBSD: skey.h,v 1.13 1999/07/15 14:33:48 provos Exp $
*/
/* Server-side data structure for reading keys file during login */
-struct skey {
- FILE *keyfile;
- char buf[256];
- char *logname;
- int n;
- char *seed;
- char *val;
- long recstart; /* needed so reread of buffer is efficient */
+struct skey
+{
+ FILE *keyfile;
+ char buf[256];
+ char *logname;
+ int n;
+ char *seed;
+ char *val;
+ long recstart; /* needed so reread of buffer is efficient */
};
/* Client-side structure for scanning data stream for challenge */
-struct mc {
- char buf[256];
- int skip;
- int cnt;
+struct mc
+{
+ char buf[256];
+ int skip;
+ int cnt;
};
/* Maximum sequence number we allow */
#ifndef SKEY_MAX_SEQ
-#define SKEY_MAX_SEQ 10000
+#define SKEY_MAX_SEQ 10000
#endif
-/* Minimum secret password length (rfc1938) */
+/* Minimum secret password length (rfc2289) */
#ifndef SKEY_MIN_PW_LEN
-#define SKEY_MIN_PW_LEN 10
+#define SKEY_MIN_PW_LEN 10
#endif
-/* Max secret password length (rfc1938 says 63 but allows more) */
+/* Max secret password length (rfc2289 says 63 but allows more) */
#ifndef SKEY_MAX_PW_LEN
-#define SKEY_MAX_PW_LEN 255
+#define SKEY_MAX_PW_LEN 255
#endif
-/* Max length of an S/Key seed (rfc1938) */
+/* Max length of an S/Key seed (rfc2289) */
#ifndef SKEY_MAX_SEED_LEN
-#define SKEY_MAX_SEED_LEN 16
+#define SKEY_MAX_SEED_LEN 16
#endif
/* Max length of S/Key challenge (otp-???? 9999 seed) */
#ifndef SKEY_MAX_CHALLENGE
-#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN)
+#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN)
#endif
/* Max length of hash algorithm name (md4/md5/sha1/rmd160) */
-#define SKEY_MAX_HASHNAME_LEN 6
+#define SKEY_MAX_HASHNAME_LEN 6
/* Size of a binary key (not NULL-terminated) */
-#define SKEY_BINKEY_SIZE 8
+#define SKEY_BINKEY_SIZE 8
/* Location of random file for bogus challenges */
-#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random"
+#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random"
/* Prototypes */
-void f(char *x);
-int keycrunch(char *result, char *seed, char *passwd);
-char *btoe(char *engout, char *c);
-char *put8(char *out, char *s);
-int etob(char *out, char *e);
-void rip(char *buf);
-int skeychallenge(struct skey * mp, char *name, char *ss);
-int skeylookup (struct skey * mp, char *name);
-int skeyverify (struct skey * mp, char *response);
-int skeyzero (struct skey * mp, char *response);
-void sevenbit (char *s);
-void backspace (char *s);
-char *skipspace (char *s);
-char *readpass (char *buf, int n);
-char *readskey (char *buf, int n);
-int skey_authenticate (char *username);
-int skey_passcheck (char *username, char *passwd);
-char *skey_keyinfo (char *username);
-int skey_haskey (char *username);
-int getskeyprompt (struct skey *mp, char *name, char *prompt);
-int atob8 (char *out, char *in);
-int btoa8 (char *out, char *in);
-int htoi (int c);
-const char *skey_get_algorithm (void);
-char *skey_set_algorithm (char *new);
-int skeygetnext (struct skey *mp);
+void f __P ((char *));
+int keycrunch __P ((char *, const char *, const char *));
+char *btoe __P ((char *, const char *));
+char *put8 __P ((char *, const char *));
+int etob __P ((char *, const char *));
+void rip __P ((char *));
+int skeychallenge __P ((struct skey *, const char *, char *, size_t));
+int skeylookup __P ((struct skey *, const char *));
+int skeyverify __P ((struct skey *, char *));
+void sevenbit __P ((char *));
+void backspace __P ((char *));
+const char *skipspace __P ((const char *));
+char *readpass __P ((char *, int));
+char *readskey __P ((char *, int));
+int skey_authenticate __P ((const char *));
+int skey_passcheck __P ((const char *, char *));
+const char *skey_keyinfo __P ((const char *));
+int skey_haskey __P ((const char *));
+int getskeyprompt __P ((struct skey *, char *, char *));
+int atob8 __P((char *, const char *));
+int btoa8 __P((char *, const char *));
+int htoi __P((int));
+const char *skey_get_algorithm __P((void));
+const char *skey_set_algorithm __P((const char *));
+int skeygetnext __P((struct skey *));
+int skeyzero __P((struct skey *, char *));
diff -ruN skey-1.1.5.orig/skeyinfo.1 skey-1.1.5/skeyinfo.1
--- skey-1.1.5.orig/skeyinfo.1 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinfo.1 2003-11-06 17:46:45.000000000 +0000
@@ -1,30 +1,19 @@
-.\" $OpenBSD: skeyinfo.1,v 1.3 2000/03/11 21:40:02 aaron Exp $
+.\" $NetBSD: skeyinfo.1,v 1.5 2001/04/09 12:34:44 wiz Exp $
.\"
-.Dd 22 July 1997
+.Dd June 9, 1994
.Dt SKEYINFO 1
.Os
.Sh NAME
.Nm skeyinfo
.Nd obtain the next S/Key challenge for a user
.Sh SYNOPSIS
-.Nm skeyinfo
-.Op Fl v
+.Nm
.Op Ar user
.Sh DESCRIPTION
.Nm
prints out the next S/Key challenge for the specified user or for the
current user if no user is specified.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl v
-Print the hash algorithm as well.
-.El
-.Sh EXAMPLES
-% skey -n <number of passwords to print> `skeyinfo` | lpr
-.Pp
-This would print out a list of S/Key passwords for use over
-an untrusted network (perhaps for use at a conference).
.Sh SEE ALSO
.Xr skey 1 ,
+.Xr skeyaudit 1 ,
.Xr skeyinit 1
diff -ruN skey-1.1.5.orig/skeyinfo.c skey-1.1.5/skeyinfo.c
--- skey-1.1.5.orig/skeyinfo.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinfo.c 2003-11-06 17:46:45.000000000 +0000
@@ -1,9 +1,12 @@
-/* $OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $ */
+/* $NetBSD: skeyinfo.c,v 1.4 2003/07/23 04:11:50 itojun Exp $ */
-/*
- * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+/*-
+ * Copyright (c) 1997 The NetBSD Foundation, Inc.
* All rights reserved.
*
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Andrew Brown.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -12,104 +15,79 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the NetBSD
+ * Foundation, Inc. and its contributors.
+ * 4. Neither the name of The NetBSD Foundation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
-/*#include <limits.h>*/
-#include <pwd.h>
#include <stdio.h>
-#include <stdlib.h>
+#include <pwd.h>
+#include <err.h>
#include <string.h>
#include <unistd.h>
-#include "config.h"
-#include "skey.h"
-/*#include "defines.h"*/
-char *__progname;
+#include "skey.h"
-void usage(void);
+int main __P((int, char *[]));
-int
-main(argc, argv)
- int argc;
- char **argv;
+int main(int argc, char **argv)
{
- struct passwd *pw;
- struct skey key;
- char *name = NULL;
- int error, ch, verbose = 0;
-
- __progname=argv[0];
-
- if (geteuid() != 0)
- errx(1, "must be setuid root");
-
- while ((ch = getopt(argc, argv, "v")) != -1)
- switch(ch) {
- case 'v':
- verbose = 1;
- break;
- default:
- usage();
+ struct skey skey;
+ char name[100], prompt[1024];
+ int uid;
+ struct passwd *pw = NULL;
+
+ argc--;
+ argv++;
+
+ if (geteuid())
+ errx(1, "must be root to read %s", SKEYKEYS);
+
+ uid = getuid();
+
+ if (!argc)
+ pw = getpwuid(uid);
+ else if (!uid)
+ pw = getpwnam(argv[0]);
+ else
+ errx(1, "permission denied to look other users skeys");
+
+ if (!pw) {
+ if (argc)
+ errx(1, "%s: no such user", argv[0]);
+ else
+ errx(1, "who are you?");
}
- argc -= optind;
- argv += optind;
- if (argc == 1)
- name = argv[0];
- else if (argc > 1)
- usage();
-
- if (name && getuid() != 0)
- errx(1, "only root may specify an alternate user");
-
- if (name) {
- if (strlen(name) > PASS_MAX)
- errx(1, "username too long (%d chars max)", PASS_MAX);
- if ((pw = getpwnam(name)) == NULL)
- errx(1, "no passwd entry for %s", name);
- } else {
- if ((pw = getpwuid(getuid())) == NULL)
- errx(1, "no passwd entry for uid %u", getuid());
- }
+ strncpy(name, pw->pw_name, sizeof(name));
- if ((name = strdup(pw->pw_name)) == NULL)
- err(1, "cannot allocate memory");
- sevenbit(name);
-
- error = skeylookup(&key, name);
- switch (error) {
- case 0: /* Success! */
- if (verbose)
- (void)printf("otp-%s ", skey_get_algorithm());
- (void)printf("%d %s\n", key.n - 1, key.seed);
- break;
- case -1: /* File error */
- warnx("cannot open %s", SKEYKEYS);
- break;
- case 1: /* Unknown user */
- warnx("%s is not listed in %s", name, SKEYKEYS);
+ if (getskeyprompt(&skey, name, prompt) == -1) {
+ printf("%s %s no s/key\n",
+ argc ? name : "You",
+ argc ? "has" : "have");
}
- (void)fclose(key.keyfile);
-
- exit(error);
-}
-
-void
-usage()
-{
- (void)fprintf(stderr, "Usage: %s [-v] [user]\n", __progname);
- exit(1);
+ else {
+ if (argc)
+ printf("%s's ", pw->pw_name);
+ else
+ printf("Your ");
+ printf("next %s", prompt);
+ }
+ return 0;
}
diff -ruN skey-1.1.5.orig/skeyinit.1 skey-1.1.5/skeyinit.1
--- skey-1.1.5.orig/skeyinit.1 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinit.1 2003-11-06 17:46:45.000000000 +0000
@@ -1,22 +1,18 @@
-.\" $OpenBSD: skeyinit.1,v 1.19 2000/11/09 17:52:39 aaron Exp $
-.\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
+.\" $NetBSD: skeyinit.1,v 1.11 2001/04/09 12:35:00 wiz Exp $
.\" @(#)skeyinit.1 1.1 10/28/93
.\"
-.Dd February 24, 1998
+.Dd June 7, 2000
.Dt SKEYINIT 1
.Os
.Sh NAME
.Nm skeyinit
.Nd change password or add user to S/Key authentication system
.Sh SYNOPSIS
-.Nm skeyinit
+.Nm
+.Op Fl n Ar count
.Op Fl s
+.Op Fl t Ar hash
.Op Fl z
-.Op Fl n Ar count
-.Oo
-.Fl md4 | Fl md5 | Fl sha1 |
-.Fl rmd160
-.Oc
.Op Ar user
.Sh DESCRIPTION
.Nm
@@ -30,52 +26,17 @@
.Nm
requires you to type a secret password, so it should be used
only on a secure terminal.
-For example, on the console of a
-workstation or over an encrypted network session.
-If you are using
-.Nm
-while logged in over an untrusted network, follow the instructions
-given below with the
-.Fl s
-option.
-.Pp
-Before initializing an S/Key entry, the user must authenticate
-using either a standard password or an S/Key challenge.
-When used over an untrusted network, a password of
-.Sq s/key
-should be used.
-The user will then be presented with the standard
-S/Key challenge and allowed to proceed if it is correct.
-.Pp
-The options are as follows:
+.Sh OPTIONS
.Bl -tag -width Ds
-.It Fl x
-Displays pass phrase in hexadecimal instead of ASCII.
.It Fl s
-Set secure mode where the user is expected to have used a secure
-machine to generate the first one-time password.
-Without the
-.Fl s
-option the system will assume you are directly connected over secure
-communications and prompt you for your secret password.
-The
-.Fl s
-option also allows one to set the seed and count for complete
-control of the parameters.
-You can use
-.Ic skeyinit -s
-in combination with the
-.Nm skey
-command to set the seed and count if you do not like the defaults.
-To do this run
-.Nm
-in one window and put in your count and seed, then run
-.Nm skey
-in another window to generate the correct 6 English words for that
-count and seed.
-You can then "cut-and-paste" or type the words into the
-.Nm
-window.
+allows the user to set the seed and count for complete control
+of the parameters.
+To do this run skeyinit in one window and put in your count and seed;
+then run
+.Xr skey 1
+in another window to generate the correct 6 english words
+for that count and seed.
+You can then "cut-and-paste" or type the words into the skeyinit window.
.It Fl z
Allows the user to zero their S/Key entry.
.It Fl n Ar count
@@ -84,30 +45,22 @@
sequence at
.Ar count
(default is 100).
-.It Fl md4
-Selects MD4 as the hash algorithm.
-.It Fl md5
-Selects MD5 as the hash algorithm.
-.It Fl sha1
-Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
-.It Fl rmd160
-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
+.It Fl t Ar hash
+Selects the hash algorithm to use.
+Available choices are md4 (the default), md5 or sha1.
.It Ar user
The username to be changed/added.
-By default the current user is operated on.
+By default the current user is operated on, only root may
+change other user's entries.
.El
-.Sh ERRORS
-.Bl -tag -width "skey disabled"
-.It skey disabled
-.Pa /etc/skeykeys
-does not exist.
-It must be created by the superuser in order to use
-.Nm skeyinit .
.Sh FILES
-.Bl -tag -width /etc/skeykeys
-.It Pa /etc/skeykeys
-database of information for S/Key system
+.Bl -tag -width /etc/skey/skeykeys
+.It Pa /etc/skey/skeykeys
+data base of information for S/Key system.
+.El
.Sh SEE ALSO
-.Xr skey 1
+.Xr skey 1 ,
+.Xr skeyaudit 1 ,
+.Xr skeyinfo 1
.Sh AUTHORS
Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
diff -ruN skey-1.1.5.orig/skeyinit.c skey-1.1.5/skeyinit.c
--- skey-1.1.5.orig/skeyinit.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyinit.c 2003-11-06 17:46:45.000000000 +0000
@@ -43,6 +43,18 @@
#include <netdb.h>
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+#ifdef HAVE_CRACK_H
+#include <crack.h>
+#ifndef CRACKLIB_DICTPATH
+#define CRACKLIB_DICTPATH "/usr/lib/cracklib_dict"
+#endif
+#endif
+
+#include "err.h"
#include "skey.h"
@@ -50,62 +62,80 @@
#define SKEY_NAMELEN 4
#endif
-void usage __P((char *));
+int main __P((int, char **));
-int
-main(argc, argv)
- int argc;
- char *argv[];
+int main(int argc, char **argv)
{
- int rval, nn, i, l, n=0, defaultsetup=1, zerokey=0, hexmode=0;
+ int rval, nn, i, l, n=0, defaultsetup=1, c, zerokey=0, hexmode=0;
time_t now;
- struct utmp old_ut;
-
-#ifndef UT_LINESIZE
-# define UT_LINESIZE (sizeof(old_ut.ut_line))
-# define UT_NAMESIZE (sizeof(old_ut.ut_name))
-# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
-# endif
-
- char hostname[MAXHOSTNAMELEN];
+ char hostname[MAXHOSTNAMELEN+1];
+ char seed[SKEY_MAX_PW_LEN+2], key[SKEY_BINKEY_SIZE];
+ char defaultseed[SKEY_MAX_SEED_LEN+1];
char passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2];
- char seed[SKEY_MAX_SEED_LEN+2], defaultseed[SKEY_MAX_SEED_LEN+1];
- char tbuf[27], buf[80], key[SKEY_BINKEY_SIZE];
- char lastc, me[UT_NAMESIZE+1], *salt, *p, *pw, *ht=NULL;
- struct skey skey;
- struct passwd *pp;
- struct tm *tm;
+ char tbuf[27], buf[80];
+ char lastc, me[LOGIN_NAME_MAX+1], *p, *pw, *ht=NULL, *msg;
+ const char *salt;
+ struct skey skey;
+ struct passwd *pp;
+ struct tm *tm;
+#ifdef HAVE_SHADOW_H
+ struct spwd *sp;
+#endif
+
+ i = open(_PATH_DEVNULL, O_RDWR);
+ while (i >= 0 && i < 2)
+ i = dup(i);
+ if (i > 2)
+ close(i);
if (geteuid() != 0)
errx(1, "must be setuid root.");
if (gethostname(hostname, sizeof(hostname)) < 0)
- err(1, "gethostname");
- for (i = 0, p = defaultseed; hostname[i] && i < SKEY_NAMELEN; i++) {
- if (isalpha(hostname[i])) {
- if (isupper(hostname[i]))
- hostname[i] = tolower(hostname[i]);
- *p++ = hostname[i];
- } else if (isdigit(hostname[i]))
- *p++ = hostname[i];
+ err(1, "gethostname() error");
+
+ for (i = 0, l = 0; l < sizeof(defaultseed); i++) {
+ if (hostname[i] == '\0') {
+ defaultseed[l] = hostname[i];
+ break;
+ }
+ if (isalnum(hostname[i]))
+ defaultseed[l++] = hostname[i];
}
- *p = '\0';
- (void)time(&now);
- (void)sprintf(tbuf, "%05ld", (long) (now % 100000));
- (void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
+
+ defaultseed[SKEY_NAMELEN] = '\0';
+ time(&now);
+ snprintf(tbuf, sizeof(tbuf), "%05ld", (long) (now % 100000));
+ strncat(defaultseed, tbuf, sizeof(defaultseed));
if ((pp = getpwuid(getuid())) == NULL)
- err(1, "no user with uid %d", getuid());
- (void)strcpy(me, pp->pw_name);
+ err(1, "no user with uid %ld", (u_long)getuid());
+ strncpy(me, pp->pw_name, sizeof(me));
if ((pp = getpwnam(me)) == NULL)
- err(1, "Who are you?");
+ err(1, "getpwnam() returned NULL, Who are you?");
+#ifdef HAVE_SHADOW_H
+ /* hacking in shadow support... */
+ else if (strcmp(pp->pw_passwd, "x") == 0) {
+ if ((sp = getspnam(me)) == NULL)
+ err(1, "Unable to verify Password");
+ pp->pw_passwd = sp->sp_pwdp;
+ }
+#endif
salt = pp->pw_passwd;
- for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
- if (argv[i][2] == '\0') {
- /* Single character switch */
- switch (argv[i][1]) {
+ while((c = getopt(argc, argv, "n:t:sxz")) != -1) {
+ switch(c) {
+ case 'n':
+ n = atoi(optarg);
+ if (n < 1 || n > SKEY_MAX_SEQ)
+ errx(1, "count must be between 1 and %d", SKEY_MAX_SEQ);
+ break;
+ case 't':
+ if(skey_set_algorithm(optarg) == NULL)
+ errx(1, "Unknown hash algorithm %s", optarg);
+ ht = optarg;
+ break;
case 's':
defaultsetup = 0;
break;
@@ -115,105 +145,51 @@
case 'z':
zerokey = 1;
break;
- case 'n':
- if (argv[++i] == NULL || argv[i][0] == '\0')
- usage(argv[0]);
- if ((n = atoi(argv[i])) < 1 || n >= SKEY_MAX_SEQ)
- errx(1, "count must be > 0 and < %d",
- SKEY_MAX_SEQ);
- break;
default:
- usage(argv[0]);
- }
- } else {
- /* Multi character switches are hash types */
- if ((ht = skey_set_algorithm(&argv[i][1])) == NULL) {
- warnx("Unknown hash algorithm %s", &argv[i][1]);
- usage(argv[0]);
+ errx(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [user]", argv[0]);
}
}
- i++;
- }
+
+ if (argc > optind) {
+ pp = getpwnam(argv[optind]);
+ if (pp == NULL)
+ errx(1, "User %s unknown", argv[optind]);
+ }
- /* check for optional user string */
- if (argc - i > 1) {
- usage(argv[0]);
- } else if (argv[i]) {
- if ((pp = getpwnam(argv[i])) == NULL) {
- if (getuid() == 0) {
- static struct passwd _pp;
-
- _pp.pw_name = argv[i];
- pp = &_pp;
- warnx("Warning, user unknown: %s", argv[i]);
- } else {
- errx(1, "User unknown: %s", argv[i]);
- }
- } else if (strcmp(pp->pw_name, me) != 0) {
+ if (strcmp(pp->pw_name, me) != 0) {
if (getuid() != 0) {
/* Only root can change other's passwds */
errx(1, "Permission denied.");
}
}
- }
if (getuid() != 0) {
- pw = getpass("Password (or `s/key'):");
- if (strcasecmp(pw, "s/key") == 0) {
- if (skey_haskey(me))
- exit(1);
- if (skey_authenticate(me))
- errx(1, "Password incorrect.");
- } else {
- p = crypt(pw, salt);
- if (strcmp(p, pp->pw_passwd))
- errx(1, "Password incorrect.");
- }
+ pw = getpass("Password: ");
+ p = crypt(pw, salt);
+ if (strcmp(p, pp->pw_passwd))
+ errx(1, "Password incorrect.");
}
rval = skeylookup(&skey, pp->pw_name);
switch (rval) {
case -1:
- if (errno == ENOENT)
- errx(1, "S/Key disabled");
- else
- err(1, "cannot open database");
- break;
+ err(1, "cannot open database");
case 0:
- /* comment out user if asked to */
if (zerokey)
- exit(skeyzero(&skey, pp->pw_name));
+ exit (skeyzero(&skey, pp->pw_name));
+ printf("[Updating %s]\n", pp->pw_name);
+ printf("Old key: [%s] %s\n", skey_get_algorithm(), skey.seed);
- (void)printf("[Updating %s]\n", pp->pw_name);
- (void)printf("Old key: [%s] %s\n", skey_get_algorithm(),
- skey.seed);
-
- /*
- * Sanity check old seed.
- */
l = strlen(skey.seed);
- for (p = skey.seed; *p; p++) {
- if (isalpha(*p)) {
- if (isupper(*p))
- *p = tolower(*p);
- } else if (!isdigit(*p)) {
- memmove(p, p + 1, l - (p - skey.seed));
- l--;
- }
- }
-
- /*
- * Let's be nice if they have an skey.seed that
- * ends in 0-8 just add one
- */
if (l > 0) {
lastc = skey.seed[l - 1];
- if (isdigit(lastc) && lastc != '9') {
- (void)strcpy(defaultseed, skey.seed);
+ if (isdigit((unsigned char)lastc) && lastc != '9') {
+ strncpy(defaultseed, skey.seed, sizeof(defaultseed));
defaultseed[l - 1] = lastc + 1;
}
- if (isdigit(lastc) && lastc == '9' && l < 16) {
- (void)strcpy(defaultseed, skey.seed);
+ if (isdigit((unsigned char)lastc) && lastc == '9' &&
+ l < 16) {
+ strncpy(defaultseed, skey.seed, sizeof(defaultseed));
defaultseed[l - 1] = '0';
defaultseed[l] = '0';
defaultseed[l + 1] = '\0';
@@ -223,7 +199,7 @@
case 1:
if (zerokey)
errx(1, "You have no entry to zero.");
- (void)printf("[Adding %s]\n", pp->pw_name);
+ printf("[Adding %s]\n", pp->pw_name);
break;
}
if (n == 0)
@@ -237,37 +213,33 @@
}
if (!defaultsetup) {
- (void)printf("You need the 6 english words generated from the \"skey\" command.\n");
+ printf("You need the 6 english words generated from the \"skey\" command.\n");
for (i = 0; ; i++) {
if (i >= 2)
exit(1);
- (void)printf("Enter sequence count from 1 to %d: ",
- SKEY_MAX_SEQ);
- (void)fgets(buf, sizeof(buf), stdin);
+ printf("Enter sequence count from 1 to %d: ", SKEY_MAX_SEQ);
+ fgets(buf, sizeof(buf), stdin);
n = atoi(buf);
if (n > 0 && n < SKEY_MAX_SEQ)
break; /* Valid range */
- (void)printf("Error: Count must be > 0 and < %d\n",
- SKEY_MAX_SEQ);
+ printf("\nError: Count must be between 0 and %d\n", SKEY_MAX_SEQ);
}
for (i = 0;; i++) {
if (i >= 2)
exit(1);
- (void)printf("Enter new key [default %s]: ",
- defaultseed);
- (void)fgets(seed, sizeof(seed), stdin);
+ printf("Enter new seed [default %s]: ", defaultseed);
+ fflush(stdout);
+ fgets(seed, sizeof(seed), stdin);
rip(seed);
- if (seed[0] == '\0')
- (void)strcpy(seed, defaultseed);
for (p = seed; *p; p++) {
if (isalpha(*p)) {
if (isupper(*p))
*p = tolower(*p);
} else if (!isdigit(*p)) {
- (void)puts("Error: seed may only contain alpha numeric characters");
+ puts("Error: seed may only contain alpha numeric characters");
break;
}
}
@@ -275,66 +247,75 @@
break; /* Valid seed */
}
if (strlen(seed) > SKEY_MAX_SEED_LEN) {
- (void)printf("Notice: Seed truncated to %d characters.\n",
- SKEY_MAX_SEED_LEN);
+ printf("Notice: Seed truncated to %d characters.\n", SKEY_MAX_SEED_LEN);
seed[SKEY_MAX_SEED_LEN] = '\0';
}
+ if (seed[0] == '\0')
+ strncpy(seed, defaultseed, sizeof(seed));
for (i = 0;; i++) {
if (i >= 2)
exit(1);
- (void)printf("otp-%s %d %s\nS/Key access password: ",
+ printf("otp-%s %d %s\ns/key access password: ",
skey_get_algorithm(), n, seed);
- (void)fgets(buf, sizeof(buf), stdin);
+ fgets(buf, sizeof(buf), stdin);
rip(buf);
backspace(buf);
if (buf[0] == '?') {
- (void)puts("Enter 6 English words from secure S/Key calculation.");
+ puts("Enter 6 English words from secure s/key calculation.");
continue;
} else if (buf[0] == '\0')
exit(1);
if (etob(key, buf) == 1 || atob8(key, buf) == 0)
break; /* Valid format */
- (void)puts("Invalid format - try again with 6 English words.");
+ puts("Invalid format - try again with 6 English words.");
}
} else {
/* Get user's secret password */
- fputs("Reminder - Only use this method if you are directly connected\n or have an encrypted channel. If you are using telnet\n or rlogin, exit with no password and use skeyinit -s.\n", stderr);
+ puts("Reminder - Only use this method if you are directly connected\n"
+ "or have an encrypted channel. If you are using telnet\n"
+ "or rlogin, exit with no password and use skeyinit -s.\n");
for (i = 0;; i++) {
- if (i > 2)
+ if (i >= 3)
exit(1);
- (void)fputs("Enter secret password: ", stderr);
+ printf("Enter secret password: ");
readpass(passwd, sizeof(passwd));
if (passwd[0] == '\0')
exit(1);
if (strlen(passwd) < SKEY_MIN_PW_LEN) {
- (void)fprintf(stderr,
- "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN);
+ fprintf(stderr,
+ "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN);
continue;
} else if (strcmp(passwd, pp->pw_name) == 0) {
- (void)fputs("Your password may not be the same as your user name.\n", stderr);
- continue;
- } else if (strspn(passwd, "abcdefghijklmnopqrstuvwxyz") == strlen(passwd)) {
- (void)fputs("Your password must contain more than just lower case letters.\nWhitespace, numbers, and puctuation are suggested.\n", stderr);
+ fputs("Your password may not be the same as your user name.\n", stderr);
continue;
+ }
+#ifdef HAVE_CRACK_H
+ if (msg = (char *) FascistCheck(passwd, CRACKLIB_DICTPATH)) {
+ warnx("Warning: %s", msg);
+ /* if (!i) */ /* reject passwords cracklib doesnt like the first time its entered... */
+ /* continue; */
}
+#endif
- (void)fputs("Again secret password: ", stderr);
+ printf("Again secret password: ");
readpass(passwd2, sizeof(passwd));
+ if (passwd2[0] == '\0')
+ exit(1);
if (strcmp(passwd, passwd2) == 0)
break;
- (void)fputs("Passwords do not match.\n", stderr);
+ puts("Passwords do not match.");
}
/* Crunch seed and password into starting key */
- (void)strcpy(seed, defaultseed);
+ strncpy(seed, defaultseed, sizeof(seed));
if (keycrunch(key, seed, passwd) != 0)
err(2, "key crunch failed");
@@ -342,16 +323,16 @@
while (nn-- != 0)
f(key);
}
- (void)time(&now);
+ time(&now);
tm = localtime(&now);
- (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
+ strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
if ((skey.val = (char *)malloc(16 + 1)) == NULL)
err(1, "Can't allocate memory");
- /* Zero out old key if necesary (entry would change size) */
+ /* Zero out old key if necessary (entry would change size) */
if (zerokey) {
- (void)skeyzero(&skey, pp->pw_name);
+ skeyzero(&skey, pp->pw_name);
/* Re-open keys file and seek to the end */
if (skeylookup(&skey, pp->pw_name) == -1)
err(1, "cannot open database");
@@ -376,26 +357,17 @@
/* Don't save algorithm type for md4 (keep record length same) */
if (strcmp(skey_get_algorithm(), "md4") == 0)
- (void)fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
+ fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
pp->pw_name, n, seed, skey.val, tbuf);
else
- (void)fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
+ fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
pp->pw_name, skey_get_algorithm(), n, seed, skey.val, tbuf);
- (void)fclose(skey.keyfile);
+ fclose(skey.keyfile);
- (void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
+ printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
skey_get_algorithm(), n, seed);
- (void)printf("Next login password: %s\n\n",
+ printf("Next login password: %s\n\n",
hexmode ? put8(buf, key) : btoe(buf, key));
- exit(0);
-}
-
-void
-usage(s)
- char *s;
-{
- (void)fprintf(stderr,
- "Usage: %s [-s] [-x] [-z] [-n count] [-md4|-md5|-sha1|-rmd160] [user]\n", s);
- exit(1);
+ return 0;
}
diff -ruN skey-1.1.5.orig/skeylogin.c skey-1.1.5/skeylogin.c
--- skey-1.1.5.orig/skeylogin.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeylogin.c 2003-11-06 17:46:45.000000000 +0000
@@ -20,6 +20,7 @@
#include <sys/quota.h>
#endif
#include <sys/stat.h>
+#include <sys/file.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/types.h>
@@ -32,6 +33,7 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
+#include <grp.h>
#include "config.h"
@@ -45,73 +47,85 @@
#include "sha1.h"
#endif
+#include "err.h"
#include "skey.h"
-char *skipspace __P((char *));
-int skeylookup __P((struct skey *, char *));
+#define OTP_FMT "otp-%.*s %d %.*s"
/* Issue a skey challenge for user 'name'. If successful,
- * fill in the caller's skey structure and return(0). If unsuccessful
- * (e.g., if name is unknown) return(-1).
+ * fill in the caller's skey structure and return 0. If unsuccessful
+ * (e.g., if name is unknown) return -1.
*
* The file read/write pointer is left at the start of the
* record.
*/
-int
-getskeyprompt(mp, name, prompt)
- struct skey *mp;
- char *name;
- char *prompt;
+int getskeyprompt(struct skey *mp, char *name, char *prompt)
{
int rval;
sevenbit(name);
rval = skeylookup(mp, name);
- (void)strcpy(prompt, "otp-md0 55 latour1\n");
+
+ *prompt = '\0';
switch (rval) {
- case -1: /* File error */
- return(-1);
- case 0: /* Lookup succeeded, return challenge */
- (void)sprintf(prompt, "otp-%.*s %d %.*s\n",
- SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
+ case -1: /* File error */
+ return -1;
+ case 0: /* Lookup succeeded, return challenge */
+ sprintf(prompt, OTP_FMT "\n",
+ SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed);
- return(0);
- case 1: /* User not found */
- (void)fclose(mp->keyfile);
- return(-1);
+ return 0;
+ case 1: /* User not found */
+ fclose(mp->keyfile);
+ mp->keyfile = NULL;
+ return -1;
}
- return(-1); /* Can't happen */
+ return -1; /* Can't happen, never ever ever. ever. I'm serious. */
}
/* Return a skey challenge string for user 'name'. If successful,
- * fill in the caller's skey structure and return(0). If unsuccessful
- * (e.g., if name is unknown) return(-1).
+ * fill in the caller's skey structure and return 0. If unsuccessful
+ * (e.g., if name is unknown) return -1.
*
* The file read/write pointer is left at the start of the
* record.
*/
-int
-skeychallenge(mp, name, ss)
- struct skey *mp;
- char *name;
- char *ss;
+int skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen)
{
int rval;
rval = skeylookup(mp,name);
+ *ss = '\0';
switch(rval){
- case -1: /* File error */
- return(-1);
- case 0: /* Lookup succeeded, issue challenge */
- (void)sprintf(ss, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN,
+ case -1: /* File error */
+ return -1;
+ case 0: /* Lookup succeeded, issue challenge */
+ snprintf(ss, sslen, OTP_FMT, SKEY_MAX_HASHNAME_LEN,
skey_get_algorithm(), mp->n - 1,
SKEY_MAX_SEED_LEN, mp->seed);
- return(0);
- case 1: /* User not found */
- (void)fclose(mp->keyfile);
- return(-1);
+ return 0;
+ case 1: /* User not found */
+ fclose(mp->keyfile);
+ mp->keyfile = NULL;
+ return -1;
+ }
+ return -1; /* Can't happen - or your money back */
+}
+
+static FILE *openskey(void)
+{
+ struct stat statbuf;
+ FILE *keyfile = NULL;
+
+ if (stat(SKEYKEYS, &statbuf) == 0 &&
+ (keyfile = fopen(SKEYKEYS, "r+"))) {
+ if ((statbuf.st_mode & 0007777) != 0600)
+ fchmod(fileno(keyfile), 0600);
+ } else {
+ keyfile = NULL;
}
- return(-1); /* Can't happen */
+
+ return keyfile;
}
/* Find an entry in the One-time Password database.
@@ -120,27 +134,19 @@
* 0: entry found, file R/W pointer positioned at beginning of record
* 1: entry not found, file R/W pointer positioned at EOF
*/
-int
-skeylookup(mp, name)
- struct skey *mp;
- char *name;
+int skeylookup(struct skey *mp, const char *name)
{
int found = 0;
long recstart = 0;
- char *cp, *ht = NULL;
- struct stat statbuf;
-
- /* Open SKEYKEYS if it exists, else return an error */
- if (stat(SKEYKEYS, &statbuf) == 0 &&
- (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) {
- if ((statbuf.st_mode & 0007777) != 0600)
- fchmod(fileno(mp->keyfile), 0600);
- } else {
- return(-1);
- }
+ const char *ht = NULL;
+ char *last;
+ if(!(mp->keyfile = openskey()))
+ return -1;
+
/* Look up user name in database */
while (!feof(mp->keyfile)) {
+ char *cp;
recstart = ftell(mp->keyfile);
mp->recstart = recstart;
if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
@@ -148,22 +154,22 @@
rip(mp->buf);
if (mp->buf[0] == '#')
continue; /* Comment */
- if ((mp->logname = strtok(mp->buf, " \t")) == NULL)
+ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
continue;
- if ((cp = strtok(NULL, " \t")) == NULL)
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
continue;
/* Save hash type if specified, else use md4 */
- if (isalpha(*cp)) {
+ if (isalpha((u_char) *cp)) {
ht = cp;
- if ((cp = strtok(NULL, " \t")) == NULL)
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
continue;
} else {
ht = "md4";
}
mp->n = atoi(cp);
- if ((mp->seed = strtok(NULL, " \t")) == NULL)
+ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
continue;
- if ((mp->val = strtok(NULL, " \t")) == NULL)
+ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
continue;
if (strcmp(mp->logname, name) == 0) {
found = 1;
@@ -171,7 +177,7 @@
}
}
if (found) {
- (void)fseek(mp->keyfile, recstart, SEEK_SET);
+ fseek(mp->keyfile, recstart, SEEK_SET);
/* Set hash type */
if (ht && skey_set_algorithm(ht) == NULL) {
warnx("Unknown hash algorithm %s, using %s", ht,
@@ -189,27 +195,21 @@
* 0: next entry found and stored in mp
* 1: no more entries, file R/W pointer positioned at EOF
*/
-int
-skeygetnext(mp)
- struct skey *mp;
+int skeygetnext(struct skey *mp)
{
long recstart = 0;
- char *cp;
- struct stat statbuf;
+ char *last;
/* Open SKEYKEYS if it exists, else return an error */
if (mp->keyfile == NULL) {
- if (stat(SKEYKEYS, &statbuf) == 0 &&
- (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) {
- if ((statbuf.st_mode & 0007777) != 0600)
- fchmod(fileno(mp->keyfile), 0600);
- } else {
- return(-1);
- }
+ if(!(mp->keyfile = openskey()))
+ return -1;
}
/* Look up next user in database */
while (!feof(mp->keyfile)) {
+ char *cp;
+
recstart = ftell(mp->keyfile);
mp->recstart = recstart;
if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
@@ -217,19 +217,19 @@
rip(mp->buf);
if (mp->buf[0] == '#')
continue; /* Comment */
- if ((mp->logname = strtok(mp->buf, " \t")) == NULL)
+ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
continue;
- if ((cp = strtok(NULL, " \t")) == NULL)
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
continue;
/* Save hash type if specified, else use md4 */
- if (isalpha(*cp)) {
- if ((cp = strtok(NULL, " \t")) == NULL)
+ if (isalpha((u_char) *cp)) {
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
continue;
}
mp->n = atoi(cp);
- if ((mp->seed = strtok(NULL, " \t")) == NULL)
+ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
continue;
- if ((mp->val = strtok(NULL, " \t")) == NULL)
+ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
continue;
/* Got a real entry */
break;
@@ -246,10 +246,7 @@
*
* The database file is always closed by this call.
*/
-int
-skeyverify(mp, response)
- struct skey *mp;
- char *response;
+int skeyverify(struct skey *mp, char *response)
{
char key[SKEY_BINKEY_SIZE];
char fkey[SKEY_BINKEY_SIZE];
@@ -257,29 +254,31 @@
time_t now;
struct tm *tm;
char tbuf[27];
- char *cp;
+ char *cp, *last;
int i, rval;
time(&now);
tm = localtime(&now);
- (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
+ strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
if (response == NULL) {
- (void)fclose(mp->keyfile);
- return(-1);
+ fclose(mp->keyfile);
+ mp->keyfile = NULL;
+ return -1;
}
rip(response);
/* Convert response to binary */
if (etob(key, response) != 1 && atob8(key, response) != 0) {
/* Neither english words or ascii hex */
- (void)fclose(mp->keyfile);
- return(-1);
+ fclose(mp->keyfile);
+ mp->keyfile = NULL;
+ return -1;
}
/* Compute fkey = f(key) */
- (void)memcpy(fkey, key, sizeof(key));
- (void)fflush(stdout);
+ memcpy(fkey, key, sizeof(key));
+ fflush(stdout);
f(fkey);
/*
@@ -298,26 +297,33 @@
}
/* Reread the file record NOW */
- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
+ fseek(mp->keyfile, mp->recstart, SEEK_SET);
if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) {
- (void)fclose(mp->keyfile);
- return(-1);
+ fclose(mp->keyfile);
+ mp->keyfile = NULL;
+ return -1;
}
rip(mp->buf);
- mp->logname = strtok(mp->buf, " \t");
- cp = strtok(NULL, " \t") ;
- if (isalpha(*cp))
- cp = strtok(NULL, " \t") ;
- mp->seed = strtok(NULL, " \t");
- mp->val = strtok(NULL, " \t");
+ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
+ goto verify_failure;
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
+ goto verify_failure;
+ if (isalpha((u_char) *cp))
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
+ goto verify_failure;
+ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
+ goto verify_failure;
+ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
+ goto verify_failure;
/* And convert file value to hex for comparison */
atob8(filekey, mp->val);
/* Do actual comparison */
if (memcmp(filekey, fkey, SKEY_BINKEY_SIZE) != 0){
/* Wrong response */
- (void)fclose(mp->keyfile);
- return(1);
+ fclose(mp->keyfile);
+ mp->keyfile = NULL;
+ return 1;
}
/*
@@ -327,19 +333,24 @@
*/
btoa8(mp->val,key);
mp->n--;
- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
+ fseek(mp->keyfile, mp->recstart, SEEK_SET);
/* Don't save algorithm type for md4 (keep record length same) */
if (strcmp(skey_get_algorithm(), "md4") == 0)
- (void)fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
+ fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
mp->logname, mp->n, mp->seed, mp->val, tbuf);
else
- (void)fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
+ fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
mp->logname, skey_get_algorithm(), mp->n,
mp->seed, mp->val, tbuf);
- (void)fclose(mp->keyfile);
-
- return(0);
+ fclose(mp->keyfile);
+ mp->keyfile = NULL;
+ return 0;
+
+ verify_failure:
+ fclose(mp->keyfile);
+ mp->keyfile = NULL;
+ return -1;
}
/*
@@ -348,13 +359,18 @@
* Returns: 1 user doesnt exist, -1 fle error, 0 user exists.
*
*/
-int
-skey_haskey(username)
- char *username;
+int skey_haskey(const char *username)
{
struct skey skey;
+ int i;
+
+ i = skeylookup(&skey, username);
- return(skeylookup(&skey, username));
+ if (skey.keyfile != NULL) {
+ fclose(skey.keyfile);
+ skey.keyfile = NULL;
+ }
+ return i;
}
/*
@@ -364,19 +380,21 @@
* seed for the passed user.
*
*/
-char *
-skey_keyinfo(username)
- char *username;
+const char *skey_keyinfo(const char *username)
{
int i;
static char str[SKEY_MAX_CHALLENGE];
struct skey skey;
- i = skeychallenge(&skey, username, str);
+ i = skeychallenge(&skey, username, str, sizeof str);
if (i == -1)
- return(0);
+ return 0;
- return(str);
+ if (skey.keyfile != NULL) {
+ fclose(skey.keyfile);
+ skey.keyfile = NULL;
+ }
+ return str;
}
/*
@@ -388,40 +406,38 @@
* Returns: 0 success, -1 failure
*
*/
-int
-skey_passcheck(username, passwd)
- char *username, *passwd;
+int skey_passcheck(const char *username, char *passwd)
{
int i;
struct skey skey;
i = skeylookup(&skey, username);
if (i == -1 || i == 1)
- return(-1);
+ return -1;
if (skeyverify(&skey, passwd) == 0)
- return(skey.n);
+ return skey.n;
- return(-1);
+ return -1;
}
+#if DO_FAKE_CHALLENGE
#define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
((x)[3]))
/*
* hash_collapse()
*/
-static u_int32_t
-hash_collapse(s)
- u_char *s;
+static u_int32_t hash_collapse(u_char *s)
{
- int len, target;
+ int len, target, slen;
u_int32_t i;
-
- if ((strlen(s) % sizeof(u_int32_t)) == 0)
- target = strlen(s); /* Multiple of 4 */
+
+ slen = strlen((char *)s);
+ if ((slen % sizeof(u_int32_t)) == 0)
+ target = slen; /* Multiple of 4 */
else
- target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
+ target = slen - slen % sizeof(u_int32_t);
for (i = 0, len = 0; len < target; len += 4)
i ^= ROUND(s + len);
@@ -429,6 +445,8 @@
return i;
}
+#endif
+
/*
* skey_authenticate()
*
@@ -438,22 +456,22 @@
* Returns: 0 success, -1 failure
*
*/
-int
-skey_authenticate(username)
- char *username;
+int skey_authenticate(const char *username)
{
int i;
+ char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
+ struct skey skey;
+#if DO_FAKE_CHALLENGE
u_int ptr;
u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
- char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
- char *secret;
size_t secretlen;
- struct skey skey;
SHA1_CTX ctx;
-
+#endif
+
/* Attempt an S/Key challenge */
- i = skeychallenge(&skey, username, skeyprompt);
+ i = skeychallenge(&skey, username, skeyprompt, sizeof skeyprompt);
+#if DO_FAKE_CHALLENGE
/* Cons up a fake prompt if no entry in keys file */
if (i != 0) {
char *p, *u;
@@ -465,11 +483,11 @@
if (gethostname(pbuf, sizeof(pbuf)) == -1)
*(p = pbuf) = '.';
else
- for (p = pbuf; *p && isalnum(*p); p++)
- if (isalpha(*p) && isupper(*p))
- *p = tolower(*p);
+ for (p = pbuf; *p && isalnum((u_char)*p); p++)
+ if (isalpha((u_char)*p) && isupper((u_char)*p))
+ *p = tolower((u_char)*p);
if (*p && pbuf - p < 4)
- (void)strncpy(p, "asjd", 4 - (pbuf - p));
+ strncpy(p, "asjd", 4 - (pbuf - p));
pbuf[4] = '\0';
/* Hash the username if possible */
@@ -490,6 +508,7 @@
SEEK_SET) != -1 && read(fd, hseed,
SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
close(fd);
+ fd = -1;
secret = hseed;
secretlen = SKEY_MAX_SEED_LEN;
flg = 0;
@@ -499,6 +518,8 @@
secretlen = strlen(secret);
flg = 0;
}
+ if (fd != -1)
+ close(fd);
}
/* Put that in your pipe and smoke it */
@@ -531,7 +552,7 @@
memset(up, 0, 20); /* SHA1 specific */
free(up);
- (void)sprintf(skeyprompt,
+ sprintf(skeyprompt,
"otp-%.*s %d %.*s",
SKEY_MAX_HASHNAME_LEN,
skey_get_algorithm(),
@@ -554,29 +575,30 @@
} while (--i != 0);
pbuf[12] = '\0';
- (void)sprintf(skeyprompt, "otp-%.*s %d %.*s",
+ sprintf(skeyprompt, "otp-%.*s %d %.*s",
SKEY_MAX_HASHNAME_LEN,
skey_get_algorithm(),
99, SKEY_MAX_SEED_LEN, pbuf);
}
}
+#endif
- (void)fprintf(stderr, "%s\n", skeyprompt);
- (void)fflush(stderr);
+ fprintf(stderr, "[%s]\n", skeyprompt);
+ fflush(stderr);
- (void)fputs("Response: ", stderr);
+ fputs("Response: ", stderr);
readskey(pbuf, sizeof(pbuf));
/* Is it a valid response? */
if (i == 0 && skeyverify(&skey, pbuf) == 0) {
if (skey.n < 5) {
- (void)fprintf(stderr,
+ fprintf(stderr,
"\nWarning! Key initialization needed soon. (%d logins left)\n",
skey.n);
}
- return(0);
+ return 0;
}
- return(-1);
+ return -1;
}
/* Comment out user's entry in the s/key database
@@ -587,22 +609,21 @@
*
* The database file is always closed by this call.
*/
-int
-skeyzero(mp, response)
- struct skey *mp;
- char *response;
+int skeyzero(struct skey *mp, char *response)
{
/*
* Seek to the right place and write comment character
* which effectively zero's out the entry.
*/
- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
+ fseek(mp->keyfile, mp->recstart, SEEK_SET);
if (fputc('#', mp->keyfile) == EOF) {
fclose(mp->keyfile);
- return(-1);
+ mp->keyfile = NULL;
+ return -1;
}
- (void)fclose(mp->keyfile);
+ fclose(mp->keyfile);
+ mp->keyfile = NULL;
- return(0);
+ return 0;
}
diff -ruN skey-1.1.5.orig/skeyprune.8 skey-1.1.5/skeyprune.8
--- skey-1.1.5.orig/skeyprune.8 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeyprune.8 2003-11-06 17:46:45.000000000 +0000
@@ -13,7 +13,7 @@
.Sh DESCRIPTION
.Nm skeyprune
searches through the file
-.Dq Pa /etc/skeykeys
+.Dq Pa /etc/skey/skeykeys
and prunes out users who have zeroed their entries via
.Xr skeyinit 1
as well as entries that have not been modified in
@@ -22,8 +22,8 @@
.Ar days
is not specified only commented out entries are pruned.
.Sh FILES
-.Bl -tag -width /etc/skeykeys -compact
-.It Pa /etc/skeykeys
+.Bl -tag -width /etc/skey/skeykeys -compact
+.It Pa /etc/skey/skeykeys
S/Key key information database
.El
.Sh SEE ALSO
@@ -33,7 +33,7 @@
Since
.Nm skeyprune
rewrites
-.Dq Pa /etc/skeykeys ,
+.Dq Pa /etc/skey/skeykeys ,
there is a window where S/Key changes could get lost.
It is therefore suggested that
.Nm skeyprune
diff -ruN skey-1.1.5.orig/skeysubr.c skey-1.1.5/skeysubr.c
--- skey-1.1.5.orig/skeysubr.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/skeysubr.c 2003-11-06 17:46:45.000000000 +0000
@@ -40,30 +40,26 @@
#else
#include "sha1.h"
#endif
-#ifdef HAVE_RMD160_H
-#include <rmd160.h>
-#else
-#include "rmd160.h"
-#endif
#include "skey.h"
/* Default hash function to use (index into skey_hash_types array) */
#ifndef SKEY_HASH_DEFAULT
-#define SKEY_HASH_DEFAULT 1
+#define SKEY_HASH_DEFAULT 0 /*MD4*/
#endif
-static void f_md4 __P((char *x));
-static void f_md5 __P((char *x));
-static void f_sha1 __P((char *x));
-static void f_rmd160 __P((char *x));
-static int keycrunch_md4 __P((char *result, char *seed, char *passwd));
-static int keycrunch_md5 __P((char *result, char *seed, char *passwd));
-static int keycrunch_sha1 __P((char *result, char *seed, char *passwd));
-static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd));
-static void lowcase __P((char *s));
-static void skey_echo __P((int action));
-static void trapped __P((int sig));
+static void f_md4 __P((char *));
+static void f_md5 __P((char *));
+static void f_sha1 __P((char *));
+/* static void f_rmd160 __P((char *x)); */
+static int keycrunch_md4 __P((char *, const char *, const char *));
+static int keycrunch_md5 __P((char *, const char *, const char *));
+static int keycrunch_sha1 __P((char *, const char *, const char *));
+/* static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); */
+static void lowcase __P((char *));
+static void skey_echo __P((int));
+static void trapped __P((int));
+static char *mkseedpassword(const char *, const char *, size_t *);
/* Current hash type (index into skey_hash_types array) */
static int skey_hash_type = SKEY_HASH_DEFAULT;
@@ -72,17 +68,16 @@
* Hash types we support.
* Each has an associated keycrunch() and f() function.
*/
-#define SKEY_ALGORITH_LAST 4
struct skey_algorithm_table {
const char *name;
- int (*keycrunch) (char *, char *, char *);
- void (*f) (char *);
+ int (*keycrunch) __P((char *, const char *, const char *));
+ void (*f) __P((char *));
};
static struct skey_algorithm_table skey_algorithm_table[] = {
{ "md4", keycrunch_md4, f_md4 },
{ "md5", keycrunch_md5, f_md5 },
{ "sha1", keycrunch_sha1, f_sha1 },
- { "rmd160", keycrunch_rmd160, f_rmd160 }
+ { NULL }
};
@@ -91,242 +86,172 @@
* concatenate the seed and the password, run through MD4/5 and
* collapse to 64 bits. This is defined as the user's starting key.
*/
-int
-keycrunch(result, seed, passwd)
- char *result; /* SKEY_BINKEY_SIZE result */
- char *seed; /* Seed, any length */
- char *passwd; /* Password, any length */
+int keycrunch(char *result, const char *seed, const char *passwd)
{
return(skey_algorithm_table[skey_hash_type].keycrunch(result, seed, passwd));
}
-static int
-keycrunch_md4(result, seed, passwd)
- char *result; /* SKEY_BINKEY_SIZE result */
- char *seed; /* Seed, any length */
- char *passwd; /* Password, any length */
+static char *mkseedpassword(const char *seed, const char *passwd, size_t *buflen)
{
char *buf;
- MD4_CTX md;
- u_int32_t results[4];
- unsigned int buflen;
- buflen = strlen(seed) + strlen(passwd);
- if ((buf = (char *)malloc(buflen+1)) == NULL)
- return(-1);
- (void)strcpy(buf, seed);
+ *buflen = strlen(seed) + strlen(passwd);
+ if ((buf = (char *) malloc(*buflen + 1)) == NULL)
+ return NULL;
+ strcpy(buf, seed);
lowcase(buf);
- (void)strcat(buf, passwd);
+ strcat(buf, passwd);
+ sevenbit(buf);
+
+ return buf;
+}
+static int keycrunch_md4(char *result, const char *seed, const char *passwd)
+{
+ char *buf;
+ MD4_CTX md;
+ size_t buflen;
+ u_int32_t results[4];
+
+ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
+ return -1;
+
/* Crunch the key through MD4 */
- sevenbit(buf);
MD4Init(&md);
MD4Update(&md, (unsigned char *)buf, buflen);
- MD4Final((unsigned char *)results, &md);
- (void)free(buf);
+ MD4Final((unsigned char *) (void *) results, &md);
+ free(buf);
/* Fold result from 128 to 64 bits */
results[0] ^= results[2];
results[1] ^= results[3];
- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+ memcpy(result, results, SKEY_BINKEY_SIZE);
- return(0);
+ return 0;
}
-static int
-keycrunch_md5(result, seed, passwd)
- char *result; /* SKEY_BINKEY_SIZE result */
- char *seed; /* Seed, any length */
- char *passwd; /* Password, any length */
+static int keycrunch_md5(char *result, const char *seed, const char *passwd)
{
char *buf;
MD5_CTX md;
u_int32_t results[4];
- unsigned int buflen;
+ size_t buflen;
- buflen = strlen(seed) + strlen(passwd);
- if ((buf = (char *)malloc(buflen+1)) == NULL)
- return(-1);
- (void)strcpy(buf, seed);
- lowcase(buf);
- (void)strcat(buf, passwd);
+ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
+ return -1;
/* Crunch the key through MD5 */
- sevenbit(buf);
MD5Init(&md);
MD5Update(&md, (unsigned char *)buf, buflen);
- MD5Final((unsigned char *)results, &md);
- (void)free(buf);
+ MD5Final((unsigned char *) (void *)results, &md);
+ free(buf);
/* Fold result from 128 to 64 bits */
results[0] ^= results[2];
results[1] ^= results[3];
- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+ memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
return(0);
}
-static int
-keycrunch_sha1(result, seed, passwd)
- char *result; /* SKEY_BINKEY_SIZE result */
- char *seed; /* Seed, any length */
- char *passwd; /* Password, any length */
+static int keycrunch_sha1(char *result, const char *seed, const char *passwd)
{
char *buf;
SHA1_CTX sha;
- u_int32_t results[5];
- unsigned int buflen;
-
- buflen = strlen(seed) + strlen(passwd);
- if ((buf = (char *)malloc(buflen+1)) == NULL)
- return(-1);
- (void)strcpy(buf, seed);
- lowcase(buf);
- (void)strcat(buf, passwd);
+ size_t buflen;
+ int i, j;
+ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
+ return -1;
+
/* Crunch the key through SHA1 */
- sevenbit(buf);
SHA1Init(&sha);
SHA1Update(&sha, (unsigned char *)buf, buflen);
- SHA1Final((unsigned char *)results, &sha);
- (void)free(buf);
+ SHA1Final(NULL, &sha);
+ free(buf);
/* Fold 160 to 64 bits */
- results[0] ^= results[2];
- results[1] ^= results[3];
- results[0] ^= results[4];
-
- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
-
- return(0);
-}
-
-static int
-keycrunch_rmd160(result, seed, passwd)
- char *result; /* SKEY_BINKEY_SIZE result */
- char *seed; /* Seed, any length */
- char *passwd; /* Password, any length */
-{
- char *buf;
- RMD160_CTX rmd;
- u_int32_t results[5];
- unsigned int buflen;
-
- buflen = strlen(seed) + strlen(passwd);
- if ((buf = (char *)malloc(buflen+1)) == NULL)
- return(-1);
- (void)strcpy(buf, seed);
- lowcase(buf);
- (void)strcat(buf, passwd);
-
- /* Crunch the key through RMD-160 */
- sevenbit(buf);
- RMD160Init(&rmd);
- RMD160Update(&rmd, (unsigned char *)buf, buflen);
- RMD160Final((unsigned char *)results, &rmd);
- (void)free(buf);
-
- /* Fold 160 to 64 bits */
- results[0] ^= results[2];
- results[1] ^= results[3];
- results[0] ^= results[4];
-
- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+ sha.state[0] ^= sha.state[2];
+ sha.state[1] ^= sha.state[3];
+ sha.state[0] ^= sha.state[4];
+
+ for (i=j=0; j<8; i++, j+=4) {
+ result[j] = (unsigned char)(sha.state[i] & 0xff);
+ result[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff);
+ result[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff);
+ result[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff);
+ }
- return(0);
+ return 0;
}
/*
* The one-way function f().
* Takes SKEY_BINKEY_SIZE bytes and returns SKEY_BINKEY_SIZE bytes in place.
*/
-void
-f(x)
- char *x;
+void f(char *x)
{
skey_algorithm_table[skey_hash_type].f(x);
}
-static void
-f_md4(x)
- char *x;
+static void f_md4(char *x)
{
MD4_CTX md;
u_int32_t results[4];
MD4Init(&md);
MD4Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
- MD4Final((unsigned char *)results, &md);
+ MD4Final((unsigned char *) (void *) results, &md);
/* Fold 128 to 64 bits */
results[0] ^= results[2];
results[1] ^= results[3];
- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+ memcpy(x, results, SKEY_BINKEY_SIZE);
}
-static void
-f_md5(x)
- char *x;
+static void f_md5(char *x)
{
MD5_CTX md;
u_int32_t results[4];
MD5Init(&md);
MD5Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
- MD5Final((unsigned char *)results, &md);
+ MD5Final((unsigned char *) (void *) results, &md);
/* Fold 128 to 64 bits */
results[0] ^= results[2];
results[1] ^= results[3];
- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+ memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
}
-static void
-f_sha1(x)
- char *x;
+static void f_sha1(char *x)
{
SHA1_CTX sha;
- u_int32_t results[5];
+ int i, j;
SHA1Init(&sha);
SHA1Update(&sha, (unsigned char *)x, SKEY_BINKEY_SIZE);
- SHA1Final((unsigned char *)results, &sha);
+ SHA1Final(NULL, &sha);
/* Fold 160 to 64 bits */
- results[0] ^= results[2];
- results[1] ^= results[3];
- results[0] ^= results[4];
-
- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
-}
-
-static void
-f_rmd160(x)
- char *x;
-{
- RMD160_CTX rmd;
- u_int32_t results[5];
-
- RMD160Init(&rmd);
- RMD160Update(&rmd, (unsigned char *)x, SKEY_BINKEY_SIZE);
- RMD160Final((unsigned char *)results, &rmd);
-
- /* Fold 160 to 64 bits */
- results[0] ^= results[2];
- results[1] ^= results[3];
- results[0] ^= results[4];
-
- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+ sha.state[0] ^= sha.state[2];
+ sha.state[1] ^= sha.state[3];
+ sha.state[0] ^= sha.state[4];
+
+ for (i=j=0; j<8; i++, j+=4) {
+ x[j] = (unsigned char)(sha.state[i] & 0xff);
+ x[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff);
+ x[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff);
+ x[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff);
+ }
}
/* Strip trailing cr/lf from a line of text */
-void
-rip(buf)
- char *buf;
+void rip(char *buf)
{
buf += strcspn(buf, "\r\n");
@@ -335,12 +260,9 @@
}
/* Read in secret password (turns off echo) */
-char *
-readpass(buf, n)
- char *buf;
- int n;
+char *readpass(char *buf, int n)
{
- void (*old_handler) ();
+ void *old_handler;
/* Turn off echoing */
skey_echo(0);
@@ -348,131 +270,114 @@
/* Catch SIGINT and save old signal handler */
old_handler = signal(SIGINT, trapped);
- (void)fgets(buf, n, stdin);
+ fgets(buf, n, stdin);
rip(buf);
- (void)putc('\n', stderr);
- (void)fflush(stderr);
+ putc('\n', stderr);
+ fflush(stderr);
/* Restore signal handler and turn echo back on */
if (old_handler != SIG_ERR)
- (void)signal(SIGINT, old_handler);
+ signal(SIGINT, old_handler);
skey_echo(1);
sevenbit(buf);
- return(buf);
+ return buf;
}
/* Read in an s/key OTP (does not turn off echo) */
-char *
-readskey(buf, n)
- char *buf;
- int n;
+char *readskey(char *buf, int n)
{
- (void)fgets(buf, n, stdin);
+ fgets(buf, n, stdin);
rip(buf);
sevenbit(buf);
- return(buf);
+ return buf;
}
/* Signal handler for trapping ^C */
-static void
-trapped(sig)
- int sig;
+static void trapped(int sig)
{
- (void)fputs("^C\n", stderr);
- (void)fflush(stderr);
+ fputs("^C\n", stderr);
+ fflush(stderr);
- /* Turn on echo if necesary */
+ /* Turn on echo if necemassary */
skey_echo(1);
- exit(-1);
+ exit(1);
}
/*
* Convert 8-byte hex-ascii string to binary array
* Returns 0 on success, -1 on error
*/
-int
-atob8(out, in)
- register char *out;
- register char *in;
+int atob8(char *out, const char *in)
{
- register int i;
- register int val;
+ int i;
+ int val;
if (in == NULL || out == NULL)
- return(-1);
+ return -1;
for (i=0; i < 8; i++) {
if ((in = skipspace(in)) == NULL)
- return(-1);
+ return -1;
if ((val = htoi(*in++)) == -1)
- return(-1);
+ return -1;
*out = val << 4;
if ((in = skipspace(in)) == NULL)
- return(-1);
+ return -1;
if ((val = htoi(*in++)) == -1)
- return(-1);
+ return -1;
*out++ |= val;
}
- return(0);
+ return 0;
}
/* Convert 8-byte binary array to hex-ascii string */
-int
-btoa8(out, in)
- register char *out;
- register char *in;
+int btoa8(char *out, const char *in)
{
- register int i;
+ int i;
if (in == NULL || out == NULL)
- return(-1);
+ return -1;
for (i=0; i < 8; i++) {
- (void)sprintf(out, "%02x", *in++ & 0xff);
+ sprintf(out, "%02x", *in++ & 0xff);
out += 2;
}
- return(0);
+ return 0;
}
/* Convert hex digit to binary integer */
-int
-htoi(c)
- register int c;
+int htoi(int c)
{
if ('0' <= c && c <= '9')
- return(c - '0');
+ return c - '0';
if ('a' <= c && c <= 'f')
- return(10 + c - 'a');
+ return 10 + c - 'a';
if ('A' <= c && c <= 'F')
- return(10 + c - 'A');
- return(-1);
+ return 10 + c - 'A';
+ return -1;
}
/* Skip leading spaces from the string */
-char *
-skipspace(cp)
- register char *cp;
+const char *skipspace(const char *cp)
{
while (*cp == ' ' || *cp == '\t')
cp++;
if (*cp == '\0')
- return(NULL);
+ return NULL;
else
- return(cp);
+ return cp;
}
/* Remove backspaced over characters from the string */
-void
-backspace(buf)
- char *buf;
+void backspace(char *buf)
{
char bs = 0x8;
char *cp = buf;
@@ -496,77 +401,68 @@
}
/* Make sure line is all seven bits */
-void
-sevenbit(s)
- char *s;
+void sevenbit(char *s)
{
while (*s)
*s++ &= 0x7f;
}
/* Set hash algorithm type */
-char *
-skey_set_algorithm(new)
- char *new;
+const char *skey_set_algorithm(const char *new)
{
int i;
- for (i = 0; i < SKEY_ALGORITH_LAST; i++) {
+ for (i = 0; skey_algorithm_table[i].name; i++) {
if (strcmp(new, skey_algorithm_table[i].name) == 0) {
skey_hash_type = i;
- return(new);
+ return new;
}
}
- return(NULL);
+ return NULL;
}
/* Get current hash type */
-const char *
-skey_get_algorithm()
+const char *skey_get_algorithm()
{
return(skey_algorithm_table[skey_hash_type].name);
}
/* Turn echo on/off */
-static void
-skey_echo(action)
- int action;
+static void skey_echo(int action)
{
static struct termios term;
static int echo = 0;
if (action == 0) {
/* Turn echo off */
- (void) tcgetattr(fileno(stdin), &term);
+ tcgetattr(fileno(stdin), &term);
if ((echo = (term.c_lflag & ECHO))) {
term.c_lflag &= ~ECHO;
#ifdef TCSASOFT
- (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
+ tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
#else
- (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term);
+ tcsetattr(fileno(stdin), TCSAFLUSH, &term);
#endif
}
} else if (action && echo) {
/* Turn echo on */
term.c_lflag |= ECHO;
#ifdef TCSASOFT
- (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
+ tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
#else
- (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term);
+ tcsetattr(fileno(stdin), TCSAFLUSH, &term);
#endif
echo = 0;
}
}
/* Convert string to lower case */
-static void
-lowcase(s)
- char *s;
+static void lowcase(char *s)
{
- char *p;
+ u_char *p;
- for (p = s; *p; p++)
+ for (p = (u_char *) s; *p; p++)
if (isupper(*p))
*p = tolower(*p);
}
diff -ruN skey-1.1.5.orig/strlcpy.c skey-1.1.5/strlcpy.c
--- skey-1.1.5.orig/strlcpy.c 2001-05-10 17:10:49.000000000 +0100
+++ skey-1.1.5/strlcpy.c 1970-01-01 01:00:00.000000000 +0100
@@ -1,72 +0,0 @@
-/* $OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $ */
-
-/*
- * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#include "config.h"
-#ifndef HAVE_STRLCPY
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-#include <sys/types.h>
-#include <string.h>
-
-/*
- * Copy src to string dst of size siz. At most siz-1 characters
- * will be copied. Always NUL terminates (unless siz == 0).
- * Returns strlen(src); if retval >= siz, truncation occurred.
- */
-size_t strlcpy(dst, src, siz)
- char *dst;
- const char *src;
- size_t siz;
-{
- register char *d = dst;
- register const char *s = src;
- register size_t n = siz;
-
- /* Copy as many bytes as will fit */
- if (n != 0 && --n != 0) {
- do {
- if ((*d++ = *s++) == 0)
- break;
- } while (--n != 0);
- }
-
- /* Not enough room in dst, add NUL and traverse rest of src */
- if (n == 0) {
- if (siz != 0)
- *d = '\0'; /* NUL-terminate dst */
- while (*s++)
- ;
- }
-
- return(s - src - 1); /* count does not include NUL */
-}
-
-#endif
distrib
>
Mandriva
>
current
>
i586
>
media
>
contrib-release-src
>
by-pkgid
>
3526b44d0e4803494feee31594012ef2
>
files
>
3
