diff -ruN skey-1.1.5.orig/CHANGES skey-1.1.5/CHANGES --- skey-1.1.5.orig/CHANGES 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/CHANGES 2003-11-06 17:46:45.000000000 +0000 @@ -1,6 +1,19 @@ *** Changes in version 1.1.5 - Bug fixes for errx/warnx +(05/11/2003) taviso@gentoo.org + - ported some updates from the NetBSD project to Linux. + - removed a load of cast to voids. + - syntax changes. + - killing skeyaudit, using a shell script modified from NetBSD. + - cleanups to stop warnings with gcc. + - building a library for dynamic linking. + - swapping some str{cat,cpy} for strn{cat,cpy} + - killing rmd160 support. + - removing strlcpy function, not useful. + - quick hack for shadow support. + - quick hack for cracklib support. + - various other stuff. *** Changes in version 1.1.4 diff -ruN skey-1.1.5.orig/config.h.in skey-1.1.5/config.h.in --- skey-1.1.5.orig/config.h.in 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/config.h.in 2003-11-06 17:46:45.000000000 +0000 @@ -109,6 +109,9 @@ /* Define if you have the strtol function. */ #undef HAVE_STRTOL +/* Define if you have the <crack.h> header file. */ +#undef HAVE_CRACK_H + /* Define if you have the <crypt.h> header file. */ #undef HAVE_CRYPT_H @@ -130,12 +133,12 @@ /* Define if you have the <md5global.h> header file. */ #undef HAVE_MD5GLOBAL_H -/* Define if you have the <rmd160.h> header file. */ -#undef HAVE_RMD160_H - /* Define if you have the <sha1.h> header file. */ #undef HAVE_SHA1_H +/* Define if you have the <shadow.h> header file. */ +#undef HAVE_SHADOW_H + /* Define if you have the <sys/cdefs.h> header file. */ #undef HAVE_SYS_CDEFS_H diff -ruN skey-1.1.5.orig/configure skey-1.1.5/configure --- skey-1.1.5.orig/configure 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/configure 2003-11-06 17:47:49.000000000 +0000 @@ -960,47 +960,11 @@ echo "$ac_t""no" 1>&6 fi -# Extract the first word of "sendmail", so it can be a program name with args. -set dummy sendmail; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:967: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_path_SENDMAIL'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - case "$SENDMAIL" in - /*) - ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a path. - ;; - ?:/*) - ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a dos path. - ;; - *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH:/usr/sbin:/usr/lib:/usr/bin" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_SENDMAIL="$ac_dir/$ac_word" - break - fi - done - IFS="$ac_save_ifs" - test -z "$ac_cv_path_SENDMAIL" && ac_cv_path_SENDMAIL="/usr/lib/sendmail" - ;; -esac -fi -SENDMAIL="$ac_cv_path_SENDMAIL" -if test -n "$SENDMAIL"; then - echo "$ac_t""$SENDMAIL" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:1004: checking for crypt in -lcrypt" >&5 +echo "configure:968: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1008,7 +972,7 @@ ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <<EOF -#line 1012 "configure" +#line 976 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 @@ -1019,7 +983,7 @@ crypt() ; return 0; } EOF -if { (eval echo configure:1023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1040,7 +1004,7 @@ fi echo $ac_n "checking for flock in -lucb""... $ac_c" 1>&6 -echo "configure:1044: checking for flock in -lucb" >&5 +echo "configure:1008: checking for flock in -lucb" >&5 ac_lib_var=`echo ucb'_'flock | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1048,7 +1012,7 @@ ac_save_LIBS="$LIBS" LIBS="-lucb $LIBS" cat > conftest.$ac_ext <<EOF -#line 1052 "configure" +#line 1016 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 @@ -1059,7 +1023,7 @@ flock() ; return 0; } EOF -if { (eval echo configure:1063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1079,10 +1043,50 @@ echo "$ac_t""no" 1>&6 fi +echo $ac_n "checking for FascistCheck in -lcrack""... $ac_c" 1>&6 +echo "configure:1048: checking for FascistCheck in -lcrack" >&5 +ac_lib_var=`echo crack'_'FascistCheck | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lcrack $LIBS" +cat > conftest.$ac_ext <<EOF +#line 1056 "configure" +#include "confdefs.h" +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char FascistCheck(); + +int main() { +FascistCheck() +; return 0; } +EOF +if { (eval echo configure:1067: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lcrack" +else + echo "$ac_t""no" 1>&6 +fi + echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:1086: checking how to run the C preprocessor" >&5 +echo "configure:1090: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -1097,13 +1101,13 @@ # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext <<EOF -#line 1101 "configure" +#line 1105 "configure" #include "confdefs.h" #include <assert.h> Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1107: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1114,13 +1118,13 @@ rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext <<EOF -#line 1118 "configure" +#line 1122 "configure" #include "confdefs.h" #include <assert.h> Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1124: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1131,13 +1135,13 @@ rm -rf conftest* CPP="${CC-cc} -nologo -E" cat > conftest.$ac_ext <<EOF -#line 1135 "configure" +#line 1139 "configure" #include "confdefs.h" #include <assert.h> Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1141: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1162,12 +1166,12 @@ echo "$ac_t""$CPP" 1>&6 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:1166: checking for ANSI C header files" >&5 +echo "configure:1170: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1171 "configure" +#line 1175 "configure" #include "confdefs.h" #include <stdlib.h> #include <stdarg.h> @@ -1175,7 +1179,7 @@ #include <float.h> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1179: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1183: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1192,7 +1196,7 @@ if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext <<EOF -#line 1196 "configure" +#line 1200 "configure" #include "confdefs.h" #include <string.h> EOF @@ -1210,7 +1214,7 @@ if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext <<EOF -#line 1214 "configure" +#line 1218 "configure" #include "confdefs.h" #include <stdlib.h> EOF @@ -1231,7 +1235,7 @@ : else cat > conftest.$ac_ext <<EOF -#line 1235 "configure" +#line 1239 "configure" #include "confdefs.h" #include <ctype.h> #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -1242,7 +1246,7 @@ exit (0); } EOF -if { (eval echo configure:1246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else @@ -1266,12 +1270,12 @@ fi echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 -echo "configure:1270: checking for sys/wait.h that is POSIX.1 compatible" >&5 +echo "configure:1274: checking for sys/wait.h that is POSIX.1 compatible" >&5 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1275 "configure" +#line 1279 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/wait.h> @@ -1287,7 +1291,7 @@ s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } EOF -if { (eval echo configure:1291: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_header_sys_wait_h=yes else @@ -1307,21 +1311,21 @@ fi -for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h +for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:1315: checking for $ac_hdr" >&5 +echo "configure:1319: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1320 "configure" +#line 1324 "configure" #include "confdefs.h" #include <$ac_hdr> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1325: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1329: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1349,12 +1353,12 @@ echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:1353: checking for working const" >&5 +echo "configure:1357: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1358 "configure" +#line 1362 "configure" #include "confdefs.h" int main() { @@ -1403,7 +1407,7 @@ ; return 0; } EOF -if { (eval echo configure:1407: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1411: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -1424,14 +1428,14 @@ fi echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 -echo "configure:1428: checking whether byte ordering is bigendian" >&5 +echo "configure:1432: checking whether byte ordering is bigendian" >&5 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_c_bigendian=unknown # See if sys/param.h defines the BYTE_ORDER macro. cat > conftest.$ac_ext <<EOF -#line 1435 "configure" +#line 1439 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/param.h> @@ -1442,11 +1446,11 @@ #endif ; return 0; } EOF -if { (eval echo configure:1446: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1450: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* # It does; now see whether it defined to BIG_ENDIAN or not. cat > conftest.$ac_ext <<EOF -#line 1450 "configure" +#line 1454 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/param.h> @@ -1457,7 +1461,7 @@ #endif ; return 0; } EOF -if { (eval echo configure:1461: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1465: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_bigendian=yes else @@ -1477,7 +1481,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 1481 "configure" +#line 1485 "configure" #include "confdefs.h" main () { /* Are we little or big endian? From Harbison&Steele. */ @@ -1490,7 +1494,7 @@ exit (u.c[sizeof (long) - 1] == 1); } EOF -if { (eval echo configure:1494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1498: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_bigendian=no else @@ -1514,12 +1518,12 @@ fi echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:1518: checking for uid_t in sys/types.h" >&5 +echo "configure:1522: checking for uid_t in sys/types.h" >&5 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1523 "configure" +#line 1527 "configure" #include "confdefs.h" #include <sys/types.h> EOF @@ -1548,12 +1552,12 @@ fi echo $ac_n "checking for off_t""... $ac_c" 1>&6 -echo "configure:1552: checking for off_t" >&5 +echo "configure:1556: checking for off_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1557 "configure" +#line 1561 "configure" #include "confdefs.h" #include <sys/types.h> #if STDC_HEADERS @@ -1581,12 +1585,12 @@ fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:1585: checking for size_t" >&5 +echo "configure:1589: checking for size_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1590 "configure" +#line 1594 "configure" #include "confdefs.h" #include <sys/types.h> #if STDC_HEADERS @@ -1614,12 +1618,12 @@ fi echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6 -echo "configure:1618: checking whether struct tm is in sys/time.h or time.h" >&5 +echo "configure:1622: checking whether struct tm is in sys/time.h or time.h" >&5 if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1623 "configure" +#line 1627 "configure" #include "confdefs.h" #include <sys/types.h> #include <time.h> @@ -1627,7 +1631,7 @@ struct tm *tp; tp->tm_sec; ; return 0; } EOF -if { (eval echo configure:1631: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1635: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_struct_tm=time.h else @@ -1649,7 +1653,7 @@ echo $ac_n "checking size of char""... $ac_c" 1>&6 -echo "configure:1653: checking size of char" >&5 +echo "configure:1657: checking size of char" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_char'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1657,7 +1661,7 @@ ac_cv_sizeof_char=1 else cat > conftest.$ac_ext <<EOF -#line 1661 "configure" +#line 1665 "configure" #include "confdefs.h" #include <stdio.h> main() @@ -1668,7 +1672,7 @@ exit(0); } EOF -if { (eval echo configure:1672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_char=`cat conftestval` else @@ -1688,7 +1692,7 @@ echo $ac_n "checking size of short int""... $ac_c" 1>&6 -echo "configure:1692: checking size of short int" >&5 +echo "configure:1696: checking size of short int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_short_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1696,7 +1700,7 @@ ac_cv_sizeof_short_int=2 else cat > conftest.$ac_ext <<EOF -#line 1700 "configure" +#line 1704 "configure" #include "confdefs.h" #include <stdio.h> main() @@ -1707,7 +1711,7 @@ exit(0); } EOF -if { (eval echo configure:1711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_short_int=`cat conftestval` else @@ -1727,7 +1731,7 @@ echo $ac_n "checking size of int""... $ac_c" 1>&6 -echo "configure:1731: checking size of int" >&5 +echo "configure:1735: checking size of int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1735,7 +1739,7 @@ ac_cv_sizeof_int=4 else cat > conftest.$ac_ext <<EOF -#line 1739 "configure" +#line 1743 "configure" #include "confdefs.h" #include <stdio.h> main() @@ -1746,7 +1750,7 @@ exit(0); } EOF -if { (eval echo configure:1750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1754: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int=`cat conftestval` else @@ -1766,7 +1770,7 @@ echo $ac_n "checking size of long int""... $ac_c" 1>&6 -echo "configure:1770: checking size of long int" >&5 +echo "configure:1774: checking size of long int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_long_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1774,7 +1778,7 @@ ac_cv_sizeof_long_int=4 else cat > conftest.$ac_ext <<EOF -#line 1778 "configure" +#line 1782 "configure" #include "confdefs.h" #include <stdio.h> main() @@ -1785,7 +1789,7 @@ exit(0); } EOF -if { (eval echo configure:1789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1793: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_long_int=`cat conftestval` else @@ -1805,7 +1809,7 @@ echo $ac_n "checking size of long long int""... $ac_c" 1>&6 -echo "configure:1809: checking size of long long int" >&5 +echo "configure:1813: checking size of long long int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_long_long_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1813,7 +1817,7 @@ ac_cv_sizeof_long_long_int=8 else cat > conftest.$ac_ext <<EOF -#line 1817 "configure" +#line 1821 "configure" #include "confdefs.h" #include <stdio.h> main() @@ -1824,7 +1828,7 @@ exit(0); } EOF -if { (eval echo configure:1828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1832: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_long_long_int=`cat conftestval` else @@ -1854,7 +1858,7 @@ fi CFLAGS="$CFLAGS -D_HPUX_SOURCE" echo $ac_n "checking for HPUX trusted system password database""... $ac_c" 1>&6 -echo "configure:1858: checking for HPUX trusted system password database" >&5 +echo "configure:1862: checking for HPUX trusted system password database" >&5 if test -f /tcb/files/auth/system/default; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF @@ -1903,16 +1907,16 @@ echo $ac_n "checking for intXX_t types""... $ac_c" 1>&6 -echo "configure:1907: checking for intXX_t types" >&5 +echo "configure:1911: checking for intXX_t types" >&5 cat > conftest.$ac_ext <<EOF -#line 1909 "configure" +#line 1913 "configure" #include "confdefs.h" #include <sys/types.h> int main() { int16_t a; int32_t b; a = 1235; b = 1235; ; return 0; } EOF -if { (eval echo configure:1916: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1920: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF @@ -1932,16 +1936,16 @@ rm -f conftest* echo $ac_n "checking for u_intXX_t types""... $ac_c" 1>&6 -echo "configure:1936: checking for u_intXX_t types" >&5 +echo "configure:1940: checking for u_intXX_t types" >&5 cat > conftest.$ac_ext <<EOF -#line 1938 "configure" +#line 1942 "configure" #include "confdefs.h" #include <sys/types.h> int main() { u_int16_t c; u_int32_t d; c = 1235; d = 1235; ; return 0; } EOF -if { (eval echo configure:1945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF @@ -1964,9 +1968,9 @@ "x$ac_cv_header_sys_bitypes_h" = "xyes" then echo $ac_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h""... $ac_c" 1>&6 -echo "configure:1968: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 +echo "configure:1972: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 cat > conftest.$ac_ext <<EOF -#line 1970 "configure" +#line 1974 "configure" #include "confdefs.h" #include <sys/bitypes.h> int main() { @@ -1978,7 +1982,7 @@ ; return 0; } EOF -if { (eval echo configure:1982: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1986: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF @@ -2002,16 +2006,16 @@ fi echo $ac_n "checking for uintXX_t types""... $ac_c" 1>&6 -echo "configure:2006: checking for uintXX_t types" >&5 +echo "configure:2010: checking for uintXX_t types" >&5 cat > conftest.$ac_ext <<EOF -#line 2008 "configure" +#line 2012 "configure" #include "confdefs.h" #include <sys/types.h> int main() { uint16_t c; uint32_t d; c = 1235; d = 1235; ; return 0; } EOF -if { (eval echo configure:2015: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2019: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF @@ -2054,7 +2058,7 @@ echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6 -echo "configure:2058: checking for 8-bit clean memcmp" >&5 +echo "configure:2062: checking for 8-bit clean memcmp" >&5 if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2062,7 +2066,7 @@ ac_cv_func_memcmp_clean=no else cat > conftest.$ac_ext <<EOF -#line 2066 "configure" +#line 2070 "configure" #include "confdefs.h" main() @@ -2072,7 +2076,7 @@ } EOF -if { (eval echo configure:2076: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func_memcmp_clean=yes else @@ -2090,12 +2094,12 @@ test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}" echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:2094: checking return type of signal handlers" >&5 +echo "configure:2098: checking return type of signal handlers" >&5 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2099 "configure" +#line 2103 "configure" #include "confdefs.h" #include <sys/types.h> #include <signal.h> @@ -2112,7 +2116,7 @@ int i; ; return 0; } EOF -if { (eval echo configure:2116: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2120: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_type_signal=void else @@ -2131,12 +2135,12 @@ echo $ac_n "checking for strftime""... $ac_c" 1>&6 -echo "configure:2135: checking for strftime" >&5 +echo "configure:2139: checking for strftime" >&5 if eval "test \"`echo '$''{'ac_cv_func_strftime'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2140 "configure" +#line 2144 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char strftime(); below. */ @@ -2159,7 +2163,7 @@ ; return 0; } EOF -if { (eval echo configure:2163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2167: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_strftime=yes" else @@ -2181,7 +2185,7 @@ echo "$ac_t""no" 1>&6 # strftime is in -lintl on SCO UNIX. echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6 -echo "configure:2185: checking for strftime in -lintl" >&5 +echo "configure:2189: checking for strftime in -lintl" >&5 ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -2189,7 +2193,7 @@ ac_save_LIBS="$LIBS" LIBS="-lintl $LIBS" cat > conftest.$ac_ext <<EOF -#line 2193 "configure" +#line 2197 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 @@ -2200,7 +2204,7 @@ strftime() ; return 0; } EOF -if { (eval echo configure:2204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2227,12 +2231,12 @@ fi echo $ac_n "checking for vprintf""... $ac_c" 1>&6 -echo "configure:2231: checking for vprintf" >&5 +echo "configure:2235: checking for vprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2236 "configure" +#line 2240 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char vprintf(); below. */ @@ -2255,7 +2259,7 @@ ; return 0; } EOF -if { (eval echo configure:2259: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2263: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_vprintf=yes" else @@ -2279,12 +2283,12 @@ if test "$ac_cv_func_vprintf" != yes; then echo $ac_n "checking for _doprnt""... $ac_c" 1>&6 -echo "configure:2283: checking for _doprnt" >&5 +echo "configure:2287: checking for _doprnt" >&5 if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2288 "configure" +#line 2292 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char _doprnt(); below. */ @@ -2307,7 +2311,7 @@ ; return 0; } EOF -if { (eval echo configure:2311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2315: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func__doprnt=yes" else @@ -2334,12 +2338,12 @@ for ac_func in gethostname strcspn strdup strerror strspn strtol flock fcntl lockf strlcpy setusercontext do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2338: checking for $ac_func" >&5 +echo "configure:2342: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2343 "configure" +#line 2347 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -2362,7 +2366,7 @@ ; return 0; } EOF -if { (eval echo configure:2366: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2370: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else diff -ruN skey-1.1.5.orig/configure.in skey-1.1.5/configure.in --- skey-1.1.5.orig/configure.in 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/configure.in 2003-11-06 17:47:14.000000000 +0000 @@ -9,19 +9,19 @@ AC_CHECK_PROG(AR, ar, ar) AC_PATH_PROG(PERL, perl) AC_PATH_PROG(TOUCH, touch) -AC_PATH_PROG(SENDMAIL, sendmail, /usr/lib/sendmail, $PATH:/usr/sbin:/usr/lib:/usr/bin) AC_SUBST(PERL) AC_SUBST(SENDMAIL) dnl Checks for libraries. AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") AC_CHECK_LIB(ucb, flock, LIBS="$LIBS -lucb" LDFLAGS="$LDFLAGS -L/usr/ucblib") +AC_CHECK_LIB(crack, FascistCheck, LIBS="$LIBS -lcrack") dnl Checks for header files. AC_HEADER_STDC AC_HEADER_SYS_WAIT -AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h) +AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST diff -ruN skey-1.1.5.orig/login_cap.c skey-1.1.5/login_cap.c --- skey-1.1.5.orig/login_cap.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/login_cap.c 2003-11-06 17:46:45.000000000 +0000 @@ -37,6 +37,7 @@ #include <errno.h> #include <unistd.h> #include <pwd.h> +#include <grp.h> #include <syslog.h> /* diff -ruN skey-1.1.5.orig/Makefile.in skey-1.1.5/Makefile.in --- skey-1.1.5.orig/Makefile.in 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/Makefile.in 2003-11-06 17:47:42.000000000 +0000 @@ -27,12 +27,11 @@ TOUCH=@TOUCH@ LDFLAGS=-L. @LDFLAGS@ -TARGETS=skey skeyinit skeyinfo skeyaudit -LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o rmd160.o rmd160hl.o sha1.o sha1hl.o flock.o strlcpy.o login_cap.o +TARGETS=skey skeyinit skeyinfo libskey.a +LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o sha1.o sha1hl.o flock.o login_cap.o SKEYOBJS=skey.o SKEYINITOBJS=skeyinit.o SKEYINFOOBJS=skeyinfo.o -SKEYAUDITOBJS=skeyaudit.o SCRIPTS=skeyprune.pl @@ -41,11 +40,11 @@ CATMAN = skey.0 skeyinit.0 skeyinfo.0 skeyaudit.0 skeyprune.0 MANPAGES = @MANTYPE@ -PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} -D/usr/lib/sendmail=${SENDMAIL} +PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) -HDRS= skey.h sha1.h rmd160.h +HDRS= skey.h sha1.h all: ${TARGETS} ${MANPAGES} @@ -55,24 +54,27 @@ ${AR} rv $@ ${LIBOBJS} ${RANLIB} $@ -skey: libskey.a ${SKEYOBJS} +libskey.so: ${LIBOBJS} + ${CC} ${LDFLAGS} -shared -Wl,-soname,libskey.so.1 -o libskey.so.1.1.5 ${LIBOBJS} + ln -fs libskey.so.1.1.5 libskey.so + ln -fs libskey.so.1.1.5 libskey.so.1 + ln -fs libskey.so.1.1.5 libskey.so.1.1 + +skey: libskey.so ${SKEYOBJS} ${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS} -skeyinit: libskey.a ${SKEYINITOBJS} +skeyinit: libskey.so ${SKEYINITOBJS} ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} -skeyinfo: libskey.a ${SKEYINFOOBJS} +skeyinfo: libskey.so ${SKEYINFOOBJS} ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS} -skeyaudit: libskey.a ${SKEYAUDITOBJS} - ${CC} -o $@ ${SKEYAUDITOBJS} ${LDFLAGS} -lskey ${LIBS} - ${MANPAGES} ${SCRIPTS}:: ${FIXPATHSCMD} ${srcdir}/$@ clean: rm -f *.o *.a ${TARGETS} config.status config.cache config.log - rm -f *.out core + rm -f *.out core *.so *.so.* distclean: clean rm -f Makefile config.h core *~ @@ -97,6 +99,10 @@ $(INSTALL) -d $(DESTDIR)$(includedir) $(INSTALL) -d $(DESTDIR)$(sysconfdir) ${INSTALL_DATA} libskey.a $(DESTDIR)$(libdir) + ${INSTALL_DATA} libskey.so.1.1.5 $(DESTDIR)$(libdir) + ${INSTALL_DATA} libskey.so.1.1 $(DESTDIR)$(libdir) + ${INSTALL_DATA} libskey.so.1 $(DESTDIR)$(libdir) + ${INSTALL_DATA} libskey.so $(DESTDIR)$(libdir) ${INSTALL_DATA} ${HDRS} $(DESTDIR)$(includedir) @for target in ${TARGETS}; do \ ${INSTALL_PROGRAM} $$target $(DESTDIR)$(bindir); \ @@ -119,9 +125,9 @@ -rm -f $(DESTDIR)$(bindir)/skeyaudit -rm -f $(DESTDIR)$(bindir)/skeyprune -rm -f $(DESTDIR)$(libdir)/libskey.a + -rm -f $(DESTDIR)$(libdir)/libskey.so* -rm -f $(DESTDIR)$(includedir)/skey.h -rm -f $(DESTDIR)$(includedir)/sha1.h - -rm -f $(DESTDIR)$(includedir)/rmd160.h -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skey.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinfo.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinit.1 diff -ruN skey-1.1.5.orig/put.c skey-1.1.5/put.c --- skey-1.1.5.orig/put.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/put.c 2003-11-06 17:46:45.000000000 +0000 @@ -14,7 +14,7 @@ #include <stdio.h> #include <string.h> #include <assert.h> -/*#include <ctype.h>*/ +#include <ctype.h> #include "config.h" #include "skey.h" @@ -22,10 +22,10 @@ static unsigned int extract __P ((char *s, int start, int length)); static void standard __P ((char *word)); static void insert __P ((char *s, int x, int start, int length)); -static int wsrch __P ((char *w, int low, int high)); +static int wsrch __P ((const char *w, int low, int high)); /* Dictionary for integer-word translations */ -static char Wp[2048][4] = { +char Wp[2048][4] = { "A", "ABE", "ACE", @@ -2079,19 +2079,13 @@ /* Encode 8 bytes in 'c' as a string of English words. * Returns a pointer to a static buffer */ -char * -btoe(engout, c) - char *c; - char *engout; +char *btoe(char *engout, const char *c) { - char cp[10]; /* add in room for the parity 2 bits + extract() slop */ + char cp[9]; /* add in room for the parity 2 bits */ int p, i; engout[0] = '\0'; - - /* workaround for extract() reads beyond end of data */ - (void)memset(cp, 0, sizeof(cp)); - (void)memcpy(cp, c, 8); + memcpy(cp, c, 8); /* compute parity */ for (p = 0, i = 0; i < 64; i += 2) @@ -2099,20 +2093,20 @@ cp[8] = (char)p << 6; - (void)strncat(engout, &Wp[extract (cp, 0, 11)][0], 4); - (void)strcat(engout, " "); - (void)strncat(engout, &Wp[extract (cp, 11, 11)][0], 4); - (void)strcat(engout, " "); - (void)strncat(engout, &Wp[extract (cp, 22, 11)][0], 4); - (void)strcat(engout, " "); - (void)strncat(engout, &Wp[extract (cp, 33, 11)][0], 4); - (void)strcat(engout, " "); - (void)strncat(engout, &Wp[extract (cp, 44, 11)][0], 4); - (void)strcat(engout, " "); - (void)strncat(engout, &Wp[extract (cp, 55, 11)][0], 4); + strncat(engout, &Wp[extract (cp, 0, 11)][0], 4); + strcat(engout, " "); + strncat(engout, &Wp[extract (cp, 11, 11)][0], 4); + strcat(engout, " "); + strncat(engout, &Wp[extract (cp, 22, 11)][0], 4); + strcat(engout, " "); + strncat(engout, &Wp[extract (cp, 33, 11)][0], 4); + strcat(engout, " "); + strncat(engout, &Wp[extract (cp, 44, 11)][0], 4); + strcat(engout, " "); + strncat(engout, &Wp[extract (cp, 55, 11)][0], 4); #ifdef notdef - (void)fprintf(stderr, "engout is %s\n\r", engout); + printf ("engout is %s\n\r", engout); #endif return(engout); } @@ -2123,41 +2117,42 @@ * -1 badly formed in put ie > 4 char word * -2 words OK but parity is wrong */ -int -etob(out, e) - char *out; - char *e; +int etob(char *out, const char *e) { char *word; int i, p, v, l, low, high; - char b[SKEY_BINKEY_SIZE+1]; + char b[9]; char input[36]; + char *last; if (e == NULL) - return(-1); + return -1; - (void)strncpy(input, e, sizeof(input) - 1); - input[sizeof(input) - 1] = '\0'; - (void)memset(b, 0, sizeof(b)); - (void)memset(out, 0, SKEY_BINKEY_SIZE); - for (i = 0, p = 0; i < 6; i++, p += 11) { - if ((word = strtok(i == 0 ? input : NULL, " ")) == NULL) - return(-1); - - l = strlen(word); - if (l > 4 || l < 1) { - return(-1); - } else if (l < 4) { + strncpy (input, e, sizeof(input)); + memset(b, 0, sizeof(b)); + memset(out, 0, 8); + for (i = 0, p = 0; i < 6; i++, p += 11) + { + if ((word = strtok_r(i == 0 ? input : NULL, " ", &last)) == NULL) + return -1; + + l = strlen (word); + if (l > 4 || l < 1) + return -1; + else if (l < 4) + { low = 0; high = 570; - } else { + } + else + { low = 571; high = 2047; } standard(word); if ((v = wsrch(word, low, high)) < 0) - return(0); + return 0; insert(b, v, p, 11); } @@ -2167,55 +2162,47 @@ p += extract (b, i, 2); if ((p & 3) != extract (b, 64, 2)) - return(-2); + return -2; - (void)memcpy(out, b, SKEY_BINKEY_SIZE); + memcpy(out, b, 8); - return(1); + return 1; } /* Display 8 bytes as a series of 16-bit hex digits */ -char * -put8(out, s) - char *out; - char *s; +char *put8(char *out, const char *s) { - (void)sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X", + sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X", s[0] & 0xff, s[1] & 0xff, s[2] & 0xff, s[3] & 0xff, s[4] & 0xff, s[5] & 0xff, s[6] & 0xff, s[7] & 0xff); - return(out); + return out; } #ifdef notdef /* Encode 8 bytes in 'cp' as stream of ascii letters. * Provided as a possible alternative to btoe() */ -char * -btoc(cp) - char *cp; +char *btoc(char *cp) { int i; static char out[31]; /* code out put by characters 6 bits each added to 0x21 (!) */ - for (i = 0; i <= 10; i++) { + for (i = 0; i <= 10; i++) + { /* last one is only 4 bits not 6 */ out[i] = '!' + extract (cp, 6 * i, i >= 10 ? 4 : 6); } out[i] = '\0'; - return(out); + return out; } #endif /* Internal subroutines for word encoding/decoding */ /* Dictionary binary search */ -static int -wsrch(w, low, high) - char *w; - int low; - int high; +static int wsrch(const char *w, int low, int high) { int i, j; @@ -2223,18 +2210,18 @@ i = (low + high) / 2; if ((j = strncmp(w, Wp[i], 4)) == 0) - return(i); /* Found it */ - - if (high == low + 1) { + return i; /* Found it */ + if (high == low + 1) + { /* Avoid effects of integer truncation in /2 */ if (strncmp(w, Wp[high], 4) == 0) - return(high); + return high; else - return(-1); + return -1; } if (low >= high) - return(-1); /* I don't *think* this can happen... */ + return -1; /* I don't *think* this can happen... */ if (j < 0) high = i; /* Search lower half */ else @@ -2242,12 +2229,7 @@ } } -static void -insert(s, x, start, length) - char *s; - int x; - int start; - int length; +static void insert(char *s, int x, int start, int length) { unsigned char cl; unsigned char cc; @@ -2261,25 +2243,28 @@ assert(start + length <= 66); shift = ((8 - ((start + length) % 8)) % 8); - y = x << shift; + y = (int) x << shift; cl = (y >> 16) & 0xff; cc = (y >> 8) & 0xff; cr = y & 0xff; - if (shift + length > 16) { + if (shift + length > 16) + { s[start / 8] |= cl; s[start / 8 + 1] |= cc; s[start / 8 + 2] |= cr; - } else if (shift + length > 8) { + } + else if (shift + length > 8) + { s[start / 8] |= cc; s[start / 8 + 1] |= cr; - } else { + } + else + { s[start / 8] |= cr; } } -static void -standard(word) - register char *word; +static void standard(char *word) { while (*word) { if (!isascii(*word)) @@ -2297,11 +2282,7 @@ } /* Extract 'length' bits from the char array 's' starting with bit 'start' */ -static unsigned int -extract(s, start, length) - char *s; - int start; - int length; +static unsigned int extract(char *s, int start, int length) { unsigned char cl; unsigned char cc; @@ -2320,5 +2301,5 @@ x = x >> (24 - (length + (start % 8))); x = (x & (0xffff >> (16 - length))); - return(x); + return x; } diff -ruN skey-1.1.5.orig/rmd160.c skey-1.1.5/rmd160.c --- skey-1.1.5.orig/rmd160.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/rmd160.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,428 +0,0 @@ -/********************************************************************\ - * - * FILE: rmd160.c - * - * CONTENTS: A sample C-implementation of the RIPEMD-160 - * hash-function. - * TARGET: any computer with an ANSI C compiler - * - * AUTHOR: Antoon Bosselaers, ESAT-COSIC - * (Arranged for libc by Todd C. Miller) - * DATE: 1 March 1996 - * VERSION: 1.0 - * - * Copyright (c) Katholieke Universiteit Leuven - * 1996, All Rights Reserved - * -\********************************************************************/ -#ifndef HAVE_RMD160_H - -/* header files */ -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/types.h> -#include "config.h" -#include "rmd160.h" - -/********************************************************************/ - -/* macro definitions */ - -/* collect four bytes into one word: */ -#define BYTES_TO_DWORD(strptr) \ - (((u_int32_t) *((strptr)+3) << 24) | \ - ((u_int32_t) *((strptr)+2) << 16) | \ - ((u_int32_t) *((strptr)+1) << 8) | \ - ((u_int32_t) *(strptr))) - -/* ROL(x, n) cyclically rotates x over n bits to the left */ -/* x must be of an unsigned 32 bits type and 0 <= n < 32. */ -#define ROL(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* the three basic functions F(), G() and H() */ -#define F(x, y, z) ((x) ^ (y) ^ (z)) -#define G(x, y, z) (((x) & (y)) | (~(x) & (z))) -#define H(x, y, z) (((x) | ~(y)) ^ (z)) -#define I(x, y, z) (((x) & (z)) | ((y) & ~(z))) -#define J(x, y, z) ((x) ^ ((y) | ~(z))) - -/* the eight basic operations FF() through III() */ -#define FF(a, b, c, d, e, x, s) { \ - (a) += F((b), (c), (d)) + (x); \ - (a) = ROL((a), (s)) + (e); \ - (c) = ROL((c), 10); \ -} -#define GG(a, b, c, d, e, x, s) { \ - (a) += G((b), (c), (d)) + (x) + 0x5a827999U; \ - (a) = ROL((a), (s)) + (e); \ - (c) = ROL((c), 10); \ -} -#define HH(a, b, c, d, e, x, s) { \ - (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1U; \ - (a) = ROL((a), (s)) + (e); \ - (c) = ROL((c), 10); \ -} -#define II(a, b, c, d, e, x, s) { \ - (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcU; \ - (a) = ROL((a), (s)) + (e); \ - (c) = ROL((c), 10); \ -} -#define JJ(a, b, c, d, e, x, s) { \ - (a) += J((b), (c), (d)) + (x) + 0xa953fd4eU; \ - (a) = ROL((a), (s)) + (e); \ - (c) = ROL((c), 10); \ -} -#define FFF(a, b, c, d, e, x, s) { \ - (a) += F((b), (c), (d)) + (x); \ - (a) = ROL((a), (s)) + (e); \ - (c) = ROL((c), 10); \ -} -#define GGG(a, b, c, d, e, x, s) { \ - (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9U; \ - (a) = ROL((a), (s)) + (e); \ - (c) = ROL((c), 10); \ -} -#define HHH(a, b, c, d, e, x, s) { \ - (a) += H((b), (c), (d)) + (x) + 0x6d703ef3U; \ - (a) = ROL((a), (s)) + (e); \ - (c) = ROL((c), 10); \ -} -#define III(a, b, c, d, e, x, s) { \ - (a) += I((b), (c), (d)) + (x) + 0x5c4dd124U; \ - (a) = ROL((a), (s)) + (e); \ - (c) = ROL((c), 10); \ -} -#define JJJ(a, b, c, d, e, x, s) { \ - (a) += J((b), (c), (d)) + (x) + 0x50a28be6U; \ - (a) = ROL((a), (s)) + (e); \ - (c) = ROL((c), 10); \ -} - -/********************************************************************/ - -void -RMD160Init(context) - RMD160_CTX *context; -{ - - /* ripemd-160 initialization constants */ - context->state[0] = 0x67452301U; - context->state[1] = 0xefcdab89U; - context->state[2] = 0x98badcfeU; - context->state[3] = 0x10325476U; - context->state[4] = 0xc3d2e1f0U; - context->length[0] = context->length[1] = 0; - context->buflen = 0; -} - -/********************************************************************/ - -void -RMD160Transform(state, block) - u_int32_t state[5]; - const u_int32_t block[16]; -{ - u_int32_t aa = state[0], bb = state[1], cc = state[2], - dd = state[3], ee = state[4]; - u_int32_t aaa = state[0], bbb = state[1], ccc = state[2], - ddd = state[3], eee = state[4]; - - /* round 1 */ - FF(aa, bb, cc, dd, ee, block[ 0], 11); - FF(ee, aa, bb, cc, dd, block[ 1], 14); - FF(dd, ee, aa, bb, cc, block[ 2], 15); - FF(cc, dd, ee, aa, bb, block[ 3], 12); - FF(bb, cc, dd, ee, aa, block[ 4], 5); - FF(aa, bb, cc, dd, ee, block[ 5], 8); - FF(ee, aa, bb, cc, dd, block[ 6], 7); - FF(dd, ee, aa, bb, cc, block[ 7], 9); - FF(cc, dd, ee, aa, bb, block[ 8], 11); - FF(bb, cc, dd, ee, aa, block[ 9], 13); - FF(aa, bb, cc, dd, ee, block[10], 14); - FF(ee, aa, bb, cc, dd, block[11], 15); - FF(dd, ee, aa, bb, cc, block[12], 6); - FF(cc, dd, ee, aa, bb, block[13], 7); - FF(bb, cc, dd, ee, aa, block[14], 9); - FF(aa, bb, cc, dd, ee, block[15], 8); - - /* round 2 */ - GG(ee, aa, bb, cc, dd, block[ 7], 7); - GG(dd, ee, aa, bb, cc, block[ 4], 6); - GG(cc, dd, ee, aa, bb, block[13], 8); - GG(bb, cc, dd, ee, aa, block[ 1], 13); - GG(aa, bb, cc, dd, ee, block[10], 11); - GG(ee, aa, bb, cc, dd, block[ 6], 9); - GG(dd, ee, aa, bb, cc, block[15], 7); - GG(cc, dd, ee, aa, bb, block[ 3], 15); - GG(bb, cc, dd, ee, aa, block[12], 7); - GG(aa, bb, cc, dd, ee, block[ 0], 12); - GG(ee, aa, bb, cc, dd, block[ 9], 15); - GG(dd, ee, aa, bb, cc, block[ 5], 9); - GG(cc, dd, ee, aa, bb, block[ 2], 11); - GG(bb, cc, dd, ee, aa, block[14], 7); - GG(aa, bb, cc, dd, ee, block[11], 13); - GG(ee, aa, bb, cc, dd, block[ 8], 12); - - /* round 3 */ - HH(dd, ee, aa, bb, cc, block[ 3], 11); - HH(cc, dd, ee, aa, bb, block[10], 13); - HH(bb, cc, dd, ee, aa, block[14], 6); - HH(aa, bb, cc, dd, ee, block[ 4], 7); - HH(ee, aa, bb, cc, dd, block[ 9], 14); - HH(dd, ee, aa, bb, cc, block[15], 9); - HH(cc, dd, ee, aa, bb, block[ 8], 13); - HH(bb, cc, dd, ee, aa, block[ 1], 15); - HH(aa, bb, cc, dd, ee, block[ 2], 14); - HH(ee, aa, bb, cc, dd, block[ 7], 8); - HH(dd, ee, aa, bb, cc, block[ 0], 13); - HH(cc, dd, ee, aa, bb, block[ 6], 6); - HH(bb, cc, dd, ee, aa, block[13], 5); - HH(aa, bb, cc, dd, ee, block[11], 12); - HH(ee, aa, bb, cc, dd, block[ 5], 7); - HH(dd, ee, aa, bb, cc, block[12], 5); - - /* round 4 */ - II(cc, dd, ee, aa, bb, block[ 1], 11); - II(bb, cc, dd, ee, aa, block[ 9], 12); - II(aa, bb, cc, dd, ee, block[11], 14); - II(ee, aa, bb, cc, dd, block[10], 15); - II(dd, ee, aa, bb, cc, block[ 0], 14); - II(cc, dd, ee, aa, bb, block[ 8], 15); - II(bb, cc, dd, ee, aa, block[12], 9); - II(aa, bb, cc, dd, ee, block[ 4], 8); - II(ee, aa, bb, cc, dd, block[13], 9); - II(dd, ee, aa, bb, cc, block[ 3], 14); - II(cc, dd, ee, aa, bb, block[ 7], 5); - II(bb, cc, dd, ee, aa, block[15], 6); - II(aa, bb, cc, dd, ee, block[14], 8); - II(ee, aa, bb, cc, dd, block[ 5], 6); - II(dd, ee, aa, bb, cc, block[ 6], 5); - II(cc, dd, ee, aa, bb, block[ 2], 12); - - /* round 5 */ - JJ(bb, cc, dd, ee, aa, block[ 4], 9); - JJ(aa, bb, cc, dd, ee, block[ 0], 15); - JJ(ee, aa, bb, cc, dd, block[ 5], 5); - JJ(dd, ee, aa, bb, cc, block[ 9], 11); - JJ(cc, dd, ee, aa, bb, block[ 7], 6); - JJ(bb, cc, dd, ee, aa, block[12], 8); - JJ(aa, bb, cc, dd, ee, block[ 2], 13); - JJ(ee, aa, bb, cc, dd, block[10], 12); - JJ(dd, ee, aa, bb, cc, block[14], 5); - JJ(cc, dd, ee, aa, bb, block[ 1], 12); - JJ(bb, cc, dd, ee, aa, block[ 3], 13); - JJ(aa, bb, cc, dd, ee, block[ 8], 14); - JJ(ee, aa, bb, cc, dd, block[11], 11); - JJ(dd, ee, aa, bb, cc, block[ 6], 8); - JJ(cc, dd, ee, aa, bb, block[15], 5); - JJ(bb, cc, dd, ee, aa, block[13], 6); - - /* parallel round 1 */ - JJJ(aaa, bbb, ccc, ddd, eee, block[ 5], 8); - JJJ(eee, aaa, bbb, ccc, ddd, block[14], 9); - JJJ(ddd, eee, aaa, bbb, ccc, block[ 7], 9); - JJJ(ccc, ddd, eee, aaa, bbb, block[ 0], 11); - JJJ(bbb, ccc, ddd, eee, aaa, block[ 9], 13); - JJJ(aaa, bbb, ccc, ddd, eee, block[ 2], 15); - JJJ(eee, aaa, bbb, ccc, ddd, block[11], 15); - JJJ(ddd, eee, aaa, bbb, ccc, block[ 4], 5); - JJJ(ccc, ddd, eee, aaa, bbb, block[13], 7); - JJJ(bbb, ccc, ddd, eee, aaa, block[ 6], 7); - JJJ(aaa, bbb, ccc, ddd, eee, block[15], 8); - JJJ(eee, aaa, bbb, ccc, ddd, block[ 8], 11); - JJJ(ddd, eee, aaa, bbb, ccc, block[ 1], 14); - JJJ(ccc, ddd, eee, aaa, bbb, block[10], 14); - JJJ(bbb, ccc, ddd, eee, aaa, block[ 3], 12); - JJJ(aaa, bbb, ccc, ddd, eee, block[12], 6); - - /* parallel round 2 */ - III(eee, aaa, bbb, ccc, ddd, block[ 6], 9); - III(ddd, eee, aaa, bbb, ccc, block[11], 13); - III(ccc, ddd, eee, aaa, bbb, block[ 3], 15); - III(bbb, ccc, ddd, eee, aaa, block[ 7], 7); - III(aaa, bbb, ccc, ddd, eee, block[ 0], 12); - III(eee, aaa, bbb, ccc, ddd, block[13], 8); - III(ddd, eee, aaa, bbb, ccc, block[ 5], 9); - III(ccc, ddd, eee, aaa, bbb, block[10], 11); - III(bbb, ccc, ddd, eee, aaa, block[14], 7); - III(aaa, bbb, ccc, ddd, eee, block[15], 7); - III(eee, aaa, bbb, ccc, ddd, block[ 8], 12); - III(ddd, eee, aaa, bbb, ccc, block[12], 7); - III(ccc, ddd, eee, aaa, bbb, block[ 4], 6); - III(bbb, ccc, ddd, eee, aaa, block[ 9], 15); - III(aaa, bbb, ccc, ddd, eee, block[ 1], 13); - III(eee, aaa, bbb, ccc, ddd, block[ 2], 11); - - /* parallel round 3 */ - HHH(ddd, eee, aaa, bbb, ccc, block[15], 9); - HHH(ccc, ddd, eee, aaa, bbb, block[ 5], 7); - HHH(bbb, ccc, ddd, eee, aaa, block[ 1], 15); - HHH(aaa, bbb, ccc, ddd, eee, block[ 3], 11); - HHH(eee, aaa, bbb, ccc, ddd, block[ 7], 8); - HHH(ddd, eee, aaa, bbb, ccc, block[14], 6); - HHH(ccc, ddd, eee, aaa, bbb, block[ 6], 6); - HHH(bbb, ccc, ddd, eee, aaa, block[ 9], 14); - HHH(aaa, bbb, ccc, ddd, eee, block[11], 12); - HHH(eee, aaa, bbb, ccc, ddd, block[ 8], 13); - HHH(ddd, eee, aaa, bbb, ccc, block[12], 5); - HHH(ccc, ddd, eee, aaa, bbb, block[ 2], 14); - HHH(bbb, ccc, ddd, eee, aaa, block[10], 13); - HHH(aaa, bbb, ccc, ddd, eee, block[ 0], 13); - HHH(eee, aaa, bbb, ccc, ddd, block[ 4], 7); - HHH(ddd, eee, aaa, bbb, ccc, block[13], 5); - - /* parallel round 4 */ - GGG(ccc, ddd, eee, aaa, bbb, block[ 8], 15); - GGG(bbb, ccc, ddd, eee, aaa, block[ 6], 5); - GGG(aaa, bbb, ccc, ddd, eee, block[ 4], 8); - GGG(eee, aaa, bbb, ccc, ddd, block[ 1], 11); - GGG(ddd, eee, aaa, bbb, ccc, block[ 3], 14); - GGG(ccc, ddd, eee, aaa, bbb, block[11], 14); - GGG(bbb, ccc, ddd, eee, aaa, block[15], 6); - GGG(aaa, bbb, ccc, ddd, eee, block[ 0], 14); - GGG(eee, aaa, bbb, ccc, ddd, block[ 5], 6); - GGG(ddd, eee, aaa, bbb, ccc, block[12], 9); - GGG(ccc, ddd, eee, aaa, bbb, block[ 2], 12); - GGG(bbb, ccc, ddd, eee, aaa, block[13], 9); - GGG(aaa, bbb, ccc, ddd, eee, block[ 9], 12); - GGG(eee, aaa, bbb, ccc, ddd, block[ 7], 5); - GGG(ddd, eee, aaa, bbb, ccc, block[10], 15); - GGG(ccc, ddd, eee, aaa, bbb, block[14], 8); - - /* parallel round 5 */ - FFF(bbb, ccc, ddd, eee, aaa, block[12] , 8); - FFF(aaa, bbb, ccc, ddd, eee, block[15] , 5); - FFF(eee, aaa, bbb, ccc, ddd, block[10] , 12); - FFF(ddd, eee, aaa, bbb, ccc, block[ 4] , 9); - FFF(ccc, ddd, eee, aaa, bbb, block[ 1] , 12); - FFF(bbb, ccc, ddd, eee, aaa, block[ 5] , 5); - FFF(aaa, bbb, ccc, ddd, eee, block[ 8] , 14); - FFF(eee, aaa, bbb, ccc, ddd, block[ 7] , 6); - FFF(ddd, eee, aaa, bbb, ccc, block[ 6] , 8); - FFF(ccc, ddd, eee, aaa, bbb, block[ 2] , 13); - FFF(bbb, ccc, ddd, eee, aaa, block[13] , 6); - FFF(aaa, bbb, ccc, ddd, eee, block[14] , 5); - FFF(eee, aaa, bbb, ccc, ddd, block[ 0] , 15); - FFF(ddd, eee, aaa, bbb, ccc, block[ 3] , 13); - FFF(ccc, ddd, eee, aaa, bbb, block[ 9] , 11); - FFF(bbb, ccc, ddd, eee, aaa, block[11] , 11); - - /* combine results */ - ddd += cc + state[1]; /* final result for state[0] */ - state[1] = state[2] + dd + eee; - state[2] = state[3] + ee + aaa; - state[3] = state[4] + aa + bbb; - state[4] = state[0] + bb + ccc; - state[0] = ddd; -} - -/********************************************************************/ - -void -RMD160Update(context, data, nbytes) - RMD160_CTX *context; - const u_char *data; - u_int32_t nbytes; -{ - u_int32_t X[16]; - u_int32_t ofs = 0; - u_int32_t i; -#ifdef WORDS_BIGENDIAN - u_int32_t j; -#endif - - /* update length[] */ - if (context->length[0] + nbytes < context->length[0]) - context->length[1]++; /* overflow to msb of length */ - context->length[0] += nbytes; - - (void)memset(X, 0, sizeof(X)); - - if ( context->buflen + nbytes < 64 ) - { - (void)memcpy(context->bbuffer + context->buflen, data, nbytes); - context->buflen += nbytes; - } - else - { - /* process first block */ - ofs = 64 - context->buflen; - (void)memcpy(context->bbuffer + context->buflen, data, ofs); -#ifndef WORDS_BIGENDIAN - (void)memcpy(X, context->bbuffer, sizeof(X)); -#else - for (j=0; j < 16; j++) - X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j)); -#endif - RMD160Transform(context->state, X); - nbytes -= ofs; - - /* process remaining complete blocks */ - for (i = 0; i < (nbytes >> 6); i++) { -#ifndef WORDS_BIGENDIAN - (void)memcpy(X, data + (64 * i) + ofs, sizeof(X)); -#else - for (j=0; j < 16; j++) - X[j] = BYTES_TO_DWORD(data + (64 * i) + (4 * j) + ofs); -#endif - RMD160Transform(context->state, X); - } - - /* - * Put last bytes from data into context's buffer - */ - context->buflen = nbytes & 63; - memcpy(context->bbuffer, data + (64 * i) + ofs, context->buflen); - } -} - -/********************************************************************/ - -void -RMD160Final(digest, context) - u_char digest[20]; - RMD160_CTX *context; -{ - u_int32_t i; - u_int32_t X[16]; -#ifdef WORDS_BIGENDIAN - u_int32_t j; -#endif - - /* append the bit m_n == 1 */ - context->bbuffer[context->buflen] = '\200'; - - (void)memset(context->bbuffer + context->buflen + 1, 0, - 63 - context->buflen); -#ifndef WORDS_BIGENDIAN - (void)memcpy(X, context->bbuffer, sizeof(X)); -#else - for (j=0; j < 16; j++) - X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j)); -#endif - if ((context->buflen) > 55) { - /* length goes to next block */ - RMD160Transform(context->state, X); - (void)memset(X, 0, sizeof(X)); - } - - /* append length in bits */ - X[14] = context->length[0] << 3; - X[15] = (context->length[0] >> 29) | - (context->length[1] << 3); - RMD160Transform(context->state, X); - - if (digest != NULL) { - for (i = 0; i < 20; i += 4) { - /* extracts the 8 least significant bits. */ - digest[i] = context->state[i>>2]; - digest[i + 1] = (context->state[i>>2] >> 8); - digest[i + 2] = (context->state[i>>2] >> 16); - digest[i + 3] = (context->state[i>>2] >> 24); - } - } -} - -/************************ end of file rmd160.c **********************/ -#endif diff -ruN skey-1.1.5.orig/rmd160.h skey-1.1.5/rmd160.h --- skey-1.1.5.orig/rmd160.h 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/rmd160.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,48 +0,0 @@ -/* $OpenBSD: rmd160.h,v 1.4 1999/08/16 09:59:04 millert Exp $ */ - -/********************************************************************\ - * - * FILE: rmd160.h - * - * CONTENTS: Header file for a sample C-implementation of the - * RIPEMD-160 hash-function. - * TARGET: any computer with an ANSI C compiler - * - * AUTHOR: Antoon Bosselaers, ESAT-COSIC - * DATE: 1 March 1996 - * VERSION: 1.0 - * - * Copyright (c) Katholieke Universiteit Leuven - * 1996, All Rights Reserved - * -\********************************************************************/ - -#ifndef _RMD160_H /* make sure this file is read only once */ -#define _RMD160_H - -/********************************************************************/ - -/* structure definitions */ - -typedef struct { - u_int32_t state[5]; /* state (ABCDE) */ - u_int32_t length[2]; /* number of bits */ - u_char bbuffer[64]; /* overflow buffer */ - u_int32_t buflen; /* number of chars in bbuffer */ -} RMD160_CTX; - -/********************************************************************/ - -/* function prototypes */ - -void RMD160Init __P((RMD160_CTX *context)); -void RMD160Transform __P((u_int32_t state[5], const u_int32_t block[16])); -void RMD160Update __P((RMD160_CTX *context, const u_char *data, u_int32_t nbytes)); -void RMD160Final __P((u_char digest[20], RMD160_CTX *context)); -char *RMD160End __P((RMD160_CTX *, char *)); -char *RMD160File __P((char *, char *)); -char *RMD160Data __P((const u_char *, size_t, char *)); - -#endif /* _RMD160_H */ - -/*********************** end of file rmd160.h ***********************/ diff -ruN skey-1.1.5.orig/rmd160hl.c skey-1.1.5/rmd160hl.c --- skey-1.1.5.orig/rmd160hl.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/rmd160hl.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,85 +0,0 @@ -/* rmd160hl.c - * ---------------------------------------------------------------------------- - * "THE BEER-WARE LICENSE" (Revision 42): - * <phk@login.dkuug.dk> wrote this file. As long as you retain this notice you - * can do whatever you want with this stuff. If we meet some day, and you think - * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp - * ---------------------------------------------------------------------------- - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: rmd160hl.c,v 1.2 1999/08/17 09:13:12 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include <stdlib.h> -#include <stdio.h> -#include <errno.h> -#include <fcntl.h> -#include <sys/types.h> -#include <sys/uio.h> -#include <unistd.h> -#include "config.h" -#ifdef HAVE_RMD160_H -#include <rmd160.h> -#else -#include "rmd160.h" -#endif - -/* ARGSUSED */ -char * -RMD160End(ctx, buf) - RMD160_CTX *ctx; - char *buf; -{ - int i; - char *p = buf; - u_char digest[20]; - static const char hex[]="0123456789abcdef"; - - if (p == NULL && (p = malloc(41)) == NULL) - return 0; - - RMD160Final(digest,ctx); - for (i = 0; i < 20; i++) { - p[i + i] = hex[digest[i] >> 4]; - p[i + i + 1] = hex[digest[i] & 0x0f]; - } - p[i + i] = '\0'; - return(p); -} - -char * -RMD160File (filename, buf) - char *filename; - char *buf; -{ - u_char buffer[BUFSIZ]; - RMD160_CTX ctx; - int fd, num, oerrno; - - RMD160Init(&ctx); - - if ((fd = open(filename, O_RDONLY)) < 0) - return(0); - - while ((num = read(fd, buffer, sizeof(buffer))) > 0) - RMD160Update(&ctx, buffer, num); - - oerrno = errno; - close(fd); - errno = oerrno; - return(num < 0 ? 0 : RMD160End(&ctx, buf)); -} - -char * -RMD160Data (data, len, buf) - const u_char *data; - size_t len; - char *buf; -{ - RMD160_CTX ctx; - - RMD160Init(&ctx); - RMD160Update(&ctx, data, len); - return(RMD160End(&ctx, buf)); -} diff -ruN skey-1.1.5.orig/skey.1 skey-1.1.5/skey.1 --- skey-1.1.5.orig/skey.1 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skey.1 2003-11-06 17:46:45.000000000 +0000 @@ -1,95 +1,165 @@ -.\" $OpenBSD: skey.1,v 1.21 2000/11/09 17:52:38 aaron Exp $ -.\" @(#)skey.1 1.1 10/28/93 +.\" $NetBSD: skey.1,v 1.21 2003/09/07 16:22:24 wiz Exp $ .\" -.Dd October 28, 1993 +.\" from: @(#)skey.1 1.1 10/28/93 +.\" +.Dd July 25, 2001 .Dt SKEY 1 .Os .Sh NAME -.Nm skey, otp-md4, otp-md5, otp-sha1, otp-rmd160 +.Nm skey .Nd respond to an OTP challenge .Sh SYNOPSIS -.Nm skey -.Op Fl x -.Oo -.Fl md4 | Fl md5 | Fl sha1 | -.Fl rmd160 -.Oc +.Nm .Op Fl n Ar count -.Op Fl p Ar passwd -<sequence#>[/] key +.Op Fl p Ar password +.Op Fl t Ar hash +.Op Fl x +.Ar sequence# +.Op / +.Ar key .Sh DESCRIPTION -.Nm S/key -is a procedure for using one-time passwords to authenticate access to -computer systems. -It uses 64 bits of information transformed by the -MD4, MD5, SHA1, or RIPEMD-160 algorithms. -The user supplies the 64 bits -in the form of 6 English words that are generated by a secure computer. -This implementation of -.Nm s/key -is RFC 1938 compliant. +.Em S/Key +is a One Time Password (OTP) authentication system. +It is intended to be used when the communication channel between +a user and host is not secure (e.g. not encrypted or hardwired). +Since each password is used only once, even if it is "seen" by a +hostile third party, it cannot be used again to gain access to the host. .Pp -When -.Nm skey -is invoked as -.Nm otp-method , -.Nm skey -will use -.Ar method -as the hash function where -.Ar method -is currently one of md4, md5, sha1, or rmd160. +.Em S/Key +uses 64 bits of information, transformed by the +.Tn MD4 +algorithm into 6 English words. +The user supplies the words to authenticate himself to programs like +.Xr login 1 +or +.Xr ftpd 8 . +.Pp +Example use of the +.Em S/Key +program +.Nm : +.Bd -literal -offset indent +% skey 99 th91334 +Enter password: \*[Lt]your secret password is entered here\*[Gt] +OMEN US HORN OMIT BACK AHOY +% +.Ed +.Pp +The string that is given back by +.Nm +can then be used to log into a system. +.Pp +The programs that are part of the +.Em S/Key +system are: +.Bl -tag -width skeyauditxxx +.It Xr skeyinit 1 +used to set up your +.Em S/Key . +.It Nm +used to get the one time password(s). +.It Xr skeyinfo 1 +used to initialize the +.Em S/Key +database for the specified user. +It also tells the user what the next challenge will be. +.It Xr skeyaudit 1 +used to inform users that they will soon have to rerun +.Xr skeyinit 1 . +.El .Pp -If you misspell your password while running -.Nm skey , +When you run +.Xr skeyinit 1 +you inform the system of your +secret password. +Running +.Nm +then generates the +one-time password(s), after requiring your secret password. +If however, you misspell your secret password that you have given to +.Xr skeyinit 1 +while running +.Xr skey 1 you will get a list of passwords -that will not work, and no indication of the problem. +that will not work, and no indication about the problem. .Pp -Password sequence numbers count backwards. +Password sequence numbers count backward from 99. You can enter the passwords using small letters, even though -.Nm skey +.Xr skey 1 prints them capitalized. .Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl n Ar count -Prints out +The +.Fl n Ar count +argument asks for .Ar count -one-time passwords. -The default is to print one. -.It Fl p Ar password -Uses -.Ar password -as the secret password. -Use of this option is discouraged as -your secret password could be visible in a process listing. -.It Fl x -Causes output to be in hexadecimal instead of ASCII. -.It Fl md4 -Selects MD4 as the hash algorithm. -.It Fl md5 -Selects MD5 as the hash algorithm. -.It Fl sha1 -Selects SHA-1 (NIST Secure Hash Algorithm Revision 1) as the hash algorithm. -.It Fl rmd160 -Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm. -.El +password sequences to be printed out ending with the requested +sequence number. +.Pp +The hash algorithm is selected using the +.Fl t Ar hash +option, possible choices here are md4, md5 or sha1. +.Pp +The +.Fl p Ar password +allows the user to specify the +.Em S/Key +password on the command line. +.Pp +To output the S/Key list in hexadecimal instead of words, +use the +.Fl x +option. .Sh EXAMPLES -.sp 0 - % skey 99 th91334 -.sp 0 - Enter secret password: <your secret password is entered here> -.sp 0 - OMEN US HORN OMIT BACK AHOY -.sp 0 - % +Initialize generation of one time passwords: +.Bd -literal -offset indent +host% skeyinit +Password: \*[Lt]normal login password\*[Gt] +[Adding username] +Enter secret password: \*[Lt]new secret password\*[Gt] +Again secret password: \*[Lt]new secret password again\*[Gt] +ID username s/key is 99 host12345 +Next login password: SOME SIX WORDS THAT WERE COMPUTED +.Ed +.Pp +Produce a list of one time passwords to take with to a conference: +.Bd -literal -offset indent +host% skey -n 3 99 host12345 +Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt] +97: NOSE FOOT RUSH FEAR GREY JUST +98: YAWN LEO DEED BIND WACK BRAE +99: SOME SIX WORDS THAT WERE COMPUTED +.Ed +.Pp +Logging in to a host where +.Nm +is installed: +.Bd -literal -offset indent +host% telnet host + +login: \*[Lt]username\*[Gt] +Password [s/key 97 host12345]: +.Ed +.Pp +Note that the user can use either his/her +.Em S/Key +password at the prompt but also the normal one unless the +.Fl s +flag is given to +.Xr login 1 . .Sh SEE ALSO .Xr login 1 , +.Xr skeyaudit 1 , .Xr skeyinfo 1 , -.Xr skeyinit 1 +.Xr skeyinit 1 , +.Xr ftpd 8 .Pp -.Em RFC1938 +.Em RFC 2289 .Sh TRADEMARKS AND PATENTS -S/Key is a Trademark of Bellcore. +.Em S/Key +is a trademark of +.Tn Bellcore . .Sh AUTHORS -Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin +Phil Karn, +Neil M. Haller, +John S. Walden, +Scott Chasin diff -ruN skey-1.1.5.orig/skey.3 skey-1.1.5/skey.3 --- skey-1.1.5.orig/skey.3 1970-01-01 01:00:00.000000000 +0100 +++ skey-1.1.5/skey.3 2003-11-06 17:46:45.000000000 +0000 @@ -0,0 +1,264 @@ +.\" $NetBSD: skey.3,v 1.8 2003/06/06 13:42:50 wiz Exp $ +.\" +.\" Copyright (c) 2001 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Gregory McGarry. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the NetBSD +.\" Foundation, Inc. and its contributors. +.\" 4. Neither the name of The NetBSD Foundation nor the names of its +.\" contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd November 10, 2001 +.Dt SKEY 3 +.Os +.Sh NAME +.Nm skey , +.Nm skeychallenge , +.Nm skeylookup , +.Nm skeygetnext , +.Nm skeyverify , +.Nm skeyzero , +.Nm getskeyprompt , +.Nm skey_set_algorithm , +.Nm skey_get_algorithm , +.Nm skey_haskey , +.Nm skey_keyinfo , +.Nm skey_passcheck , +.Nm skey_authenticate +.Nd one-time password (OTP) library +.Sh LIBRARY +S/key One-Time Password Library (libskey, -lskey) +.Sh SYNOPSIS +.In skey.h +.Ft int +.Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \ +"size_t sslen" +.Ft int +.Fn skeylookup "struct skey *mp" "const char *name" +.Ft int +.Fn skeygetnext "struct skey *mp" +.Ft int +.Fn skeyverify "struct skey *mp" "char *response" +.Ft int +.Fn skeyzero "struct skey *mp" "char *response" +.Ft int +.Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt" +.Ft const char * +.Fn skey_set_algorithm "const char *new" +.Ft const char * +.Fn skey_get_algorithm "void" +.Ft int +.Fn skey_haskey "const char *username" +.Ft const char * +.Fn skey_keyinfo "const char *username" +.Ft int +.Fn skey_passcheck "const char *username" "char *passwd" +.Ft int +.Fn skey_authenticate "const char *username" +.Ft void +.Fn f "char *x" +.Ft int +.Fn keycrunch "char *result" "const char *seed" "const char *passwd" +.Ft void +.Fn rip "char *buf" +.Ft char * +.Fn readpass "char *buf " "int n" +.Ft char * +.Fn readskey "char *buf" "int n" +.Ft int +.Fn atob8 "char *out" "const char *in" +.Ft int +.Fn btoa8 "char *out" "const char *in" +.Ft int +.Fn htoi "int c" +.Ft const char * +.Fn skipspace "const char *cp" +.Ft void +.Fn backspace "char *buf" +.Ft void +.Fn sevenbit "char *buf" +.Ft char * +.Fn btoe "char *engout" "const char *c" +.Ft int +.Fn etob "char *out" "const char *e" +.Ft char * +.Fn put8 "char *out" "const char *s" +.Sh DESCRIPTION +The +.Nm +library provides routines for accessing +.Nx Ns 's +one-time password (OTP) authentication system. +.Pp +Most S/Key operations take a pointer to a +.Em struct skey , +which should be considered as an opaque identifier. +.Sh FUNCTIONS +The following high-level functions are available: +.Bl -tag -width compact +.It Fn skeychallenge "mp" "name" "ss" "sslen" +Return a S/Key challenge for user +.Fa name . +If successful, the caller's skey structure +.Fa mp +is filled and 0 is returned. +If unsuccessful (e.g. if name is unknown), +\-1 is returned. +.It Fn skeylookup "mp" "name" +Find an entry for user +.Fa name +in the one-time password database. +Returns 0 if the entry is found and 1 if the entry is not found. +If an error occurs accessing the database, \-1 is returned. +.It Fn skeygetnext "mp" +Get the next entry in the one-time password database. +Returns 0 on success and the entry is stored in +.Ar mp +and 1 if no more entries are available. +If an error occurs accessing the database, \-1 is returned. +.It Fn skeyverify "mp" "response" +Verify response +.Fa response +to a S/Key challenge. +Returns 0 if the verification is successful and 1 if the verification failed. +If an error occurs accessing the database, \-1 is returned. +.It Fn skeyzero "mp" "response" +Comment out user's entry in the S/Key database. +Returns 0 on success and the database is updated, +otherwise \-1 is returned and the database remains unchanged. +.It Fn getskeyprompt "mp" "name" "prompt" +Issue a S/Key challenge for user +.Ar name . +If successful, fill in the caller's skey structure +.Fa mp +and return 0. +If unsuccessful (e.g. if name is unknown) \-1 is returned. +.El +.Pp +The following lower-level functions are available: +.Bl -tag -width compact +.It Fn skey_set_algorithm "new" +Set hash algorithm type. +Valid values for +.Fa new +are "md4", "md5" and "sha1". +.It Fn skey_get_algorithm "void" +Get current hash type. +.It Fn skey_haskey "username" +Returns 0 if the user +.Fa username +exists and 1 if the user doesn't exist. +Returns \-1 on file error. +.It Fn skey_keyinfo "username" +Returns the current sequence number and seed for user +.Ar username . +.It Fn skey_passcheck "username" "passwd" +Checks to see if answer is the correct one to the current challenge. +.It Fn skey_authenticate "username" +Used when calling program will allow input of the user's response to +the challenge. +Returns zero on success or \-1 on failure. +.El +.Pp +The following miscellaneous functions are available: +.Bl -tag -width compact +.It Fn f "x" +One-way function to take 8 bytes pointed to by +.Fa x +and return 8 bytes in place. +.It Fn keycrunch "char *result" "const char *seed" "const char *passwd" +Crunch a key. +.It Fn rip "buf" +Strip trailing CR/LF characters from a line of text +.Fa buf . +.It Fn readpass "buf" "n" +Read in secret passwd (turns off echo). +.It Fn readskey "buf" "n" +Read in an s/key OTP (does not turn off echo). +.It Fn atob8 "out" "in" +Convert 8-byte hex-ascii string +.Fa in +to binary array +.Fa out . +Returns 0 on success, \-1 on error. +.It Fn btoa8 "out" "in" +Convert 8-byte binary array +.Fa in +to hex-ascii string +.Fa out . +Returns 0 on success, \-1 on error. +.It Fn htoi "int c" +Convert hex digit to binary integer. +.It Fn skipspace "cp" +Skip leading spaces from the string +.Fa cp . +.It Fn backspace "buf" +Remove backspaced over characters from the string +.Fa buf . +.It Fn sevenbit "buf" +Ensure line +.Fa buf +is all seven bits. +.It Fn btoe "engout" "c" +Encode 8 bytes in +.Ar c +as a string of English words. +Returns a pointer to a static buffer in +.Fa engout . +.It Fn etob "out" "e" +Convert English to binary. +Returns 0 if the word is not in the database, 1 if all good words and +parity is valid, \-1 if badly formed input (i.e. \*[Gt] 4 char word) +and -2 if words are valid but parity is wrong. +.It Fn put8 "out" "s" +Display 8 bytes +.Fa s +as a series of 16-bit hex digits. +.El +.Sh FILES +.Bl -tag -width /usr/lib/libskey_p.a -compact +.It Pa /usr/lib/libskey.a +static skey library +.It Pa /usr/lib/libskey.so +dynamic skey library +.It Pa /usr/lib/libskey_p.a +static skey library compiled for profiling +.El +.Sh SEE ALSO +.Xr skey 1 , +.Xr skeyaudit 1 , +.Xr skeyinfo 1 +.Sh BUGS +The +.Nm +library functions are not re-entrant or thread-safe. +.Pp +The +.Nm +library defines many poorly named functions which pollute the name space. diff -ruN skey-1.1.5.orig/skeyaudit.1 skey-1.1.5/skeyaudit.1 --- skey-1.1.5.orig/skeyaudit.1 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skeyaudit.1 2003-11-06 17:46:45.000000000 +0000 @@ -1,46 +1,29 @@ -.\" $OpenBSD: skeyaudit.1,v 1.8 2000/11/09 17:52:38 aaron Exp $ +.\" $NetBSD: skeyaudit.1,v 1.6 2001/04/09 12:34:14 wiz Exp $ .\" -.Dd 22 July 1997 +.Dd June 9, 1994 .Dt SKEYAUDIT 1 .Os .Sh NAME .Nm skeyaudit .Nd warn users if their S/Key will soon expire .Sh SYNOPSIS -.Nm skeyaudit -.Op Fl a -.Op Fl i -.Op Fl l Ar limit +.Nm +.Op Ar limit .Sh DESCRIPTION .Nm searches through the file -.Pa /etc/skeykeys +.Dq Pa /etc/skey/skeykeys for users whose S/Key sequence number is less than .Ar limit , -and mails them a reminder to run +and sends them a reminder to run .Xr skeyinit 1 -soon. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl a -Check all keys in -.Pa /etc/skeykeys . -This option is only available to the superuser and -is useful to run regularly via -.Xr cron 8 . -.It Fl i -Interactive mode. -Don't send mail, just print to the standard output. -.It Fl l Ar limit -The limit used to determine whether or not a user should be notified. -The default is to notify if there are fewer than 12 keys left. -.El +soon. If no limit is specified a default of 12 is used. .Sh FILES -.Bl -tag -width /etc/skeykeys -compact -.It Pa /etc/skeykeys -S/Key key information database +.Bl -tag -width /etc/skey/skeykeys -compact +.It Pa /etc/skey/skeykeys +The S/Key key information database .El .Sh SEE ALSO .Xr skey 1 , +.Xr skeyinfo 1 , .Xr skeyinit 1 diff -ruN skey-1.1.5.orig/skeyaudit.c skey-1.1.5/skeyaudit.c --- skey-1.1.5.orig/skeyaudit.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skeyaudit.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,236 +0,0 @@ -/* $OpenBSD: skeyaudit.c,v 1.10 2000/09/20 21:53:49 pjanzen Exp $ */ - -/* - * Copyright (c) 1997, 2000 Todd C. Miller <Todd.Miller@courtesan.com> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <errno.h> -/*#include <limits.h>*/ -#include <pwd.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <netdb.h> -#include "config.h" -#ifdef HAVE_ERR_H -#include <err.h> -#else -#include "err.h" -#endif -#include "skey.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/wait.h> - -#ifdef HAVE_LOGIN_CAP_H -# include <login_cap.h> -#else -# include "login_cap.h" -#endif - -char *__progname; - -void notify __P((struct passwd *, int, int)); -FILE *runsendmail __P((struct passwd *, int *)); -void usage __P((void)); - -int -main(argc, argv) - int argc; - char **argv; -{ - struct passwd *pw; - struct skey key; - int ch, errs = 0, left = 0, aflag = 0, iflag = 0, limit = 12; - char *name; - - __progname = argv[0]; - - if (geteuid() != 0) - errx(1, "must be setuid root"); - - while ((ch = getopt(argc, argv, "ail:")) != -1) - switch(ch) { - case 'a': - aflag = 1; - if (getuid() != 0) - errx(1, "only root may use the -a flag"); - break; - case 'i': - iflag = 1; - break; - case 'l': - errno = 0; - if ((limit = (int)strtol(optarg, NULL, 10)) == 0) - errno = ERANGE; - if (errno) { - warn("key limit"); - usage(); - } - break; - default: - usage(); - } - - if (argc - optind > 0) - usage(); - - /* Need key.keyfile zero'd at the very least */ - (void)memset(&key, 0, sizeof(key)); - - if (aflag) { - while ((ch = skeygetnext(&key)) == 0) { - left = key.n - 1; - if ((pw = getpwnam(key.logname)) == NULL) - continue; - if (left >= limit) - continue; - notify(pw, left, iflag); - } - if (ch == -1) - errx(-1, "cannot open %s", SKEYKEYS); - else - (void)fclose(key.keyfile); - } else { - if ((pw = getpwuid(getuid())) == NULL) - errx(1, "no passwd entry for uid %u", getuid()); - if ((name = strdup(pw->pw_name)) == NULL) - err(1, "cannot allocate memory"); - sevenbit(name); - - errs = skeylookup(&key, name); - switch (errs) { - case 0: /* Success! */ - left = key.n - 1; - break; - case -1: /* File error */ - errx(errs, "cannot open %s", SKEYKEYS); - break; - case 1: /* Unknown user */ - warnx("%s is not listed in %s", name, - SKEYKEYS); - } - (void)fclose(key.keyfile); - - if (!errs && left < limit) - notify(pw, left, iflag); - } - - exit(errs); -} - -void -notify(pw, seq, interactive) - struct passwd *pw; - int seq; - int interactive; -{ - static char hostname[MAXHOSTNAMELEN]; - int pid; - FILE *out; - - /* Only set this once */ - if (hostname[0] == '\0' && gethostname(hostname, sizeof(hostname)) == -1) - strcpy(hostname, "unknown"); - - if (interactive) - out = stdout; - else - out = runsendmail(pw, &pid); - - if (!interactive) - (void)fprintf(out, - "To: %s\nSubject: IMPORTANT action required\n", pw->pw_name); - - if (seq) - (void)fprintf(out, -"\nYou are nearing the end of your current S/Key sequence for account\n\ -%s on system %s.\n\n\ -Your S/Key sequence number is now %d. When it reaches zero\n\ -you will no longer be able to use S/Key to log into the system.\n\n", -pw->pw_name, hostname, seq); - else - (void)fprintf(out, -"\nYou are at the end of your current S/Key sequence for account\n\ -%s on system %s.\n\n\ -At this point you can no longer use S/Key to log into the system.\n\n", -pw->pw_name, hostname); - (void)fprintf(out, -"Type \"skeyinit -s\" to reinitialize your sequence number.\n\n"); - - (void)fclose(out); - if (!interactive) - (void)waitpid(pid, NULL, 0); -} - -FILE * -runsendmail(pw, pidp) - struct passwd *pw; - int *pidp; -{ - FILE *fp; - int pfd[2], pid; - - if (pipe(pfd) < 0) - return(NULL); - - switch (pid = fork()) { - case -1: /* fork(2) failed */ - (void)close(pfd[0]); - (void)close(pfd[1]); - return(NULL); - case 0: /* In child */ - (void)close(pfd[1]); - (void)dup2(pfd[0], STDIN_FILENO); - (void)close(pfd[0]); - - /* Run sendmail as target user not root */ - if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) { - warn("cannot set user context"); - _exit(127); - } - - execl(SENDMAIL, "sendmail", "-t", NULL); - warn("cannot run \"%s -t\"", SENDMAIL); - _exit(127); - } - - /* In parent */ - *pidp = pid; - fp = fdopen(pfd[1], "w"); - (void)close(pfd[0]); - - return(fp); -} -void -usage() -{ - (void)fprintf(stderr, "Usage: %s [-i] [-l limit]\n", - __progname); - exit(1); -} diff -ruN skey-1.1.5.orig/skeyaudit.sh skey-1.1.5/skeyaudit.sh --- skey-1.1.5.orig/skeyaudit.sh 1970-01-01 01:00:00.000000000 +0100 +++ skey-1.1.5/skeyaudit.sh 2003-11-06 17:46:45.000000000 +0000 @@ -0,0 +1,58 @@ +#!/bin/sh +# +# $NetBSD: skeyaudit.sh,v 1.2.12.2 2000/07/28 12:42:59 mjl Exp $ +# +# This script will look thru the skeykeys file for +# people with sequence numbers less than LOWLIMIT=12 +# and send them an e-mail reminder to use skeyinit soon +# + +KEYDB=/etc/skey/skeykeys +LOWLIMIT=12 +ADMIN=root +SUBJECT="Reminder: Run skeyinit" +HOST=`/bin/hostname` + + +if [ "$1" != "" ] +then + LOWLIMIT=$1 +fi + +if [ ! -s "${KEYDB}" ]; then + exit 0 +fi + +# an skeykeys entry looks like +# jsw 0076 la13079 ba20a75528de9d3a +# #oot md5 0005 aspa26398 9432d570ff4421f0 Jul 07,2000 01:36:43 +# mjl sha1 0099 alpha2 459a5dac23d20a90 Jul 07,2000 02:14:17 +# the sequence number is the second (or third) entry +# + +SKEYS=`awk '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB` + +set -- ${SKEYS} + +while [ "X$1" != "X" ]; do + USER=$1 + SEQ=$2 + KEY=$3 + shift 3 + # echo "$USER -- $SEQ -- $KEY" + if [ $SEQ -lt $LOWLIMIT ]; then + if [ $SEQ -lt 3 ]; then + SUBJECT="IMPORTANT action required" + fi + ( + echo "You are nearing the end of your current S/Key sequence for account $i" + echo "on system $HOST." + echo "" + echo "Your S/key sequence number is now $SEQ. When it reaches zero you" + echo "will no longer be able to use S/Key to login into the system. " + echo " " + echo "Use \"skeyinit -s\" to reinitialize your sequence number." + echo "" + ) | mail -s "$SUBJECT" $USER $ADMIN + fi +done diff -ruN skey-1.1.5.orig/skey.c skey-1.1.5/skey.c --- skey-1.1.5.orig/skey.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skey.c 2003-11-06 17:46:45.000000000 +0000 @@ -25,6 +25,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <ctype.h> #include "config.h" #ifdef HAVE_ERR_H @@ -35,102 +36,93 @@ #include "skey.h" -void usage __P((char *)); +int main(int, char **); +void usage(char *); int -main(argc, argv) - int argc; - char *argv[]; +main(int argc, char **argv) { - int n, i, cnt = 1, pass = 0, hexmode = 0; - char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE]; - char buf[33], *seed, *slash; - - /* If we were called as otp-METHOD, set algorithm based on that */ - if ((slash = strrchr(argv[0], '/'))) - slash++; - else - slash = argv[0]; - if (strncmp(slash, "otp-", 4) == 0) { - slash += 4; - if (skey_set_algorithm(slash) == NULL) - errx(1, "Unknown hash algorithm %s", slash); - } - - for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) { - if (argv[i][2] == '\0') { - /* Single character switch */ - switch (argv[i][1]) { + int n, cnt = 1, i, pass = 0, hexmode = 0; + char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE]; + char buf[33], *seed, *slash, *t; + + while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) { + switch(i) { + case 'f': + break; /* unused */ case 'n': - if (i + 1 == argc) - usage(argv[0]); - cnt = atoi(argv[++i]); + cnt = atoi(optarg); break; case 'p': - if (i + 1 == argc) - usage(argv[0]); - if (strlcpy(passwd, argv[++i], sizeof(passwd)) >= - sizeof(passwd)) - errx(1, "Password too long"); + if (strncpy(passwd, optarg, sizeof(passwd)) == NULL) + errx(1, "Password too long"); pass = 1; break; + case 't': + if (skey_set_algorithm(optarg) == NULL) + errx(1, "Unknown hash algorithm %s", optarg); + break; case 'x': hexmode = 1; break; default: usage(argv[0]); - } - } else { - /* Multi character switches are hash types */ - if (skey_set_algorithm(&argv[i][1]) == NULL) { - warnx("Unknown hash algorithm %s", &argv[i][1]); - usage(argv[0]); - } + break; } - i++; } - if (argc > i + 2) - usage(argv[0]); - - /* Could be in the form <number>/<seed> */ - if (argc <= i + 1) { + /* could be in the form <number>/<seed> */ + if (argc <= optind + 1) { /* look for / in it */ - if (argc <= i) + if (argc <= optind) usage(argv[0]); - slash = strchr(argv[i], '/'); + slash = strchr(argv[optind], '/'); if (slash == NULL) usage(argv[0]); *slash++ = '\0'; seed = slash; - if ((n = atoi(argv[i])) < 0) { - warnx("%d not positive", n); + if ((n = atoi(argv[optind])) < 0) { + fprintf(stderr, "%s is not positive\n", argv[optind]); usage(argv[0]); } else if (n > SKEY_MAX_SEQ) { warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ); usage(argv[0]); } } else { - if ((n = atoi(argv[i])) < 0) { - warnx("%d not positive", n); + if ((n = atoi(argv[optind])) < 0) { + fprintf(stderr, "%s not positive\n", argv[optind]); usage(argv[0]); } else if (n > SKEY_MAX_SEQ) { warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ); usage(argv[0]); } - seed = argv[++i]; + seed = argv[++optind]; + } + + for (t = seed; *t; t++) { + if (!isalnum(*t)) + errx(1, "seed must be alphanumeric"); } + if (!*seed || strlen(seed) > SKEY_MAX_SEED_LEN) + errx(1, "seed must be between 1 and %d long", SKEY_MAX_SEED_LEN); + /* Get user's secret password */ if (!pass) { - (void)fputs("Reminder - Do not use this program while logged in via telnet or rlogin.\n", stderr); - (void)fputs("Enter secret password: ", stderr); + fputs("Reminder - Do not use this program while " + "logged in via telnet or rlogin.\n", stderr); + fprintf(stderr, "Enter secret password: "); readpass(passwd, sizeof(passwd)); if (passwd[0] == '\0') exit(1); } + if (strlen(passwd) < SKEY_MIN_PW_LEN) + warnx( + "RFC2289 states that password should be at least %d characters long", + SKEY_MIN_PW_LEN); + /* Crunch seed and password into starting key */ if (keycrunch(key, seed, passwd) != 0) errx(1, "key crunch failed"); @@ -138,16 +130,15 @@ if (cnt == 1) { while (n-- != 0) f(key); - (void)puts(hexmode ? put8(buf, key) : btoe(buf, key)); + puts(hexmode ? put8(buf, key) : btoe(buf, key)); } else { for (i = 0; i <= n - cnt; i++) f(key); for (; i <= n; i++) { + printf("%3d: %-29s", i, btoe(buf, key)); if (hexmode) - (void)printf("%d: %-29s %s\n", i, - btoe(buf, key), put8(buf, key)); - else - (void)printf("%d: %-29s\n", i, btoe(buf, key)); + printf("\t%s", put8(buf, key)); + puts(""); f(key); } } @@ -155,9 +146,10 @@ } void -usage(s) - char *s; +usage(char *s) { - (void)fprintf(stderr, "Usage: %s [-x] [-md4|-md5|-sha1|-rmd160] [-n count] [-p password] <sequence#>[/] key\n", s); + fprintf(stderr, +"Usage: %s [-n count] [-p password] [-t hash] [-x] sequence# [/] key\n", + s); exit(1); } diff -ruN skey-1.1.5.orig/skey.h skey-1.1.5/skey.h --- skey-1.1.5.orig/skey.h 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skey.h 2003-11-06 17:46:45.000000000 +0000 @@ -1,3 +1,5 @@ +/* $NetBSD: skey.h,v 1.8 2000/07/28 16:35:11 thorpej Exp $ */ + /* * S/KEY v1.1b (skey.h) * @@ -11,86 +13,86 @@ * Todd C. Miller <Todd.Miller@courtesan.com> * * Main client header - * - * $OpenBSD: skey.h,v 1.13 1999/07/15 14:33:48 provos Exp $ */ /* Server-side data structure for reading keys file during login */ -struct skey { - FILE *keyfile; - char buf[256]; - char *logname; - int n; - char *seed; - char *val; - long recstart; /* needed so reread of buffer is efficient */ +struct skey +{ + FILE *keyfile; + char buf[256]; + char *logname; + int n; + char *seed; + char *val; + long recstart; /* needed so reread of buffer is efficient */ }; /* Client-side structure for scanning data stream for challenge */ -struct mc { - char buf[256]; - int skip; - int cnt; +struct mc +{ + char buf[256]; + int skip; + int cnt; }; /* Maximum sequence number we allow */ #ifndef SKEY_MAX_SEQ -#define SKEY_MAX_SEQ 10000 +#define SKEY_MAX_SEQ 10000 #endif -/* Minimum secret password length (rfc1938) */ +/* Minimum secret password length (rfc2289) */ #ifndef SKEY_MIN_PW_LEN -#define SKEY_MIN_PW_LEN 10 +#define SKEY_MIN_PW_LEN 10 #endif -/* Max secret password length (rfc1938 says 63 but allows more) */ +/* Max secret password length (rfc2289 says 63 but allows more) */ #ifndef SKEY_MAX_PW_LEN -#define SKEY_MAX_PW_LEN 255 +#define SKEY_MAX_PW_LEN 255 #endif -/* Max length of an S/Key seed (rfc1938) */ +/* Max length of an S/Key seed (rfc2289) */ #ifndef SKEY_MAX_SEED_LEN -#define SKEY_MAX_SEED_LEN 16 +#define SKEY_MAX_SEED_LEN 16 #endif /* Max length of S/Key challenge (otp-???? 9999 seed) */ #ifndef SKEY_MAX_CHALLENGE -#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN) +#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN) #endif /* Max length of hash algorithm name (md4/md5/sha1/rmd160) */ -#define SKEY_MAX_HASHNAME_LEN 6 +#define SKEY_MAX_HASHNAME_LEN 6 /* Size of a binary key (not NULL-terminated) */ -#define SKEY_BINKEY_SIZE 8 +#define SKEY_BINKEY_SIZE 8 /* Location of random file for bogus challenges */ -#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random" +#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random" /* Prototypes */ -void f(char *x); -int keycrunch(char *result, char *seed, char *passwd); -char *btoe(char *engout, char *c); -char *put8(char *out, char *s); -int etob(char *out, char *e); -void rip(char *buf); -int skeychallenge(struct skey * mp, char *name, char *ss); -int skeylookup (struct skey * mp, char *name); -int skeyverify (struct skey * mp, char *response); -int skeyzero (struct skey * mp, char *response); -void sevenbit (char *s); -void backspace (char *s); -char *skipspace (char *s); -char *readpass (char *buf, int n); -char *readskey (char *buf, int n); -int skey_authenticate (char *username); -int skey_passcheck (char *username, char *passwd); -char *skey_keyinfo (char *username); -int skey_haskey (char *username); -int getskeyprompt (struct skey *mp, char *name, char *prompt); -int atob8 (char *out, char *in); -int btoa8 (char *out, char *in); -int htoi (int c); -const char *skey_get_algorithm (void); -char *skey_set_algorithm (char *new); -int skeygetnext (struct skey *mp); +void f __P ((char *)); +int keycrunch __P ((char *, const char *, const char *)); +char *btoe __P ((char *, const char *)); +char *put8 __P ((char *, const char *)); +int etob __P ((char *, const char *)); +void rip __P ((char *)); +int skeychallenge __P ((struct skey *, const char *, char *, size_t)); +int skeylookup __P ((struct skey *, const char *)); +int skeyverify __P ((struct skey *, char *)); +void sevenbit __P ((char *)); +void backspace __P ((char *)); +const char *skipspace __P ((const char *)); +char *readpass __P ((char *, int)); +char *readskey __P ((char *, int)); +int skey_authenticate __P ((const char *)); +int skey_passcheck __P ((const char *, char *)); +const char *skey_keyinfo __P ((const char *)); +int skey_haskey __P ((const char *)); +int getskeyprompt __P ((struct skey *, char *, char *)); +int atob8 __P((char *, const char *)); +int btoa8 __P((char *, const char *)); +int htoi __P((int)); +const char *skey_get_algorithm __P((void)); +const char *skey_set_algorithm __P((const char *)); +int skeygetnext __P((struct skey *)); +int skeyzero __P((struct skey *, char *)); diff -ruN skey-1.1.5.orig/skeyinfo.1 skey-1.1.5/skeyinfo.1 --- skey-1.1.5.orig/skeyinfo.1 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skeyinfo.1 2003-11-06 17:46:45.000000000 +0000 @@ -1,30 +1,19 @@ -.\" $OpenBSD: skeyinfo.1,v 1.3 2000/03/11 21:40:02 aaron Exp $ +.\" $NetBSD: skeyinfo.1,v 1.5 2001/04/09 12:34:44 wiz Exp $ .\" -.Dd 22 July 1997 +.Dd June 9, 1994 .Dt SKEYINFO 1 .Os .Sh NAME .Nm skeyinfo .Nd obtain the next S/Key challenge for a user .Sh SYNOPSIS -.Nm skeyinfo -.Op Fl v +.Nm .Op Ar user .Sh DESCRIPTION .Nm prints out the next S/Key challenge for the specified user or for the current user if no user is specified. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl v -Print the hash algorithm as well. -.El -.Sh EXAMPLES -% skey -n <number of passwords to print> `skeyinfo` | lpr -.Pp -This would print out a list of S/Key passwords for use over -an untrusted network (perhaps for use at a conference). .Sh SEE ALSO .Xr skey 1 , +.Xr skeyaudit 1 , .Xr skeyinit 1 diff -ruN skey-1.1.5.orig/skeyinfo.c skey-1.1.5/skeyinfo.c --- skey-1.1.5.orig/skeyinfo.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skeyinfo.c 2003-11-06 17:46:45.000000000 +0000 @@ -1,9 +1,12 @@ -/* $OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $ */ +/* $NetBSD: skeyinfo.c,v 1.4 2003/07/23 04:11:50 itojun Exp $ */ -/* - * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com> +/*- + * Copyright (c) 1997 The NetBSD Foundation, Inc. * All rights reserved. * + * This code is derived from software contributed to The NetBSD Foundation + * by Andrew Brown. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -12,104 +15,79 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the NetBSD + * Foundation, Inc. and its contributors. + * 4. Neither the name of The NetBSD Foundation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ -/*#include <limits.h>*/ -#include <pwd.h> #include <stdio.h> -#include <stdlib.h> +#include <pwd.h> +#include <err.h> #include <string.h> #include <unistd.h> -#include "config.h" -#include "skey.h" -/*#include "defines.h"*/ -char *__progname; +#include "skey.h" -void usage(void); +int main __P((int, char *[])); -int -main(argc, argv) - int argc; - char **argv; +int main(int argc, char **argv) { - struct passwd *pw; - struct skey key; - char *name = NULL; - int error, ch, verbose = 0; - - __progname=argv[0]; - - if (geteuid() != 0) - errx(1, "must be setuid root"); - - while ((ch = getopt(argc, argv, "v")) != -1) - switch(ch) { - case 'v': - verbose = 1; - break; - default: - usage(); + struct skey skey; + char name[100], prompt[1024]; + int uid; + struct passwd *pw = NULL; + + argc--; + argv++; + + if (geteuid()) + errx(1, "must be root to read %s", SKEYKEYS); + + uid = getuid(); + + if (!argc) + pw = getpwuid(uid); + else if (!uid) + pw = getpwnam(argv[0]); + else + errx(1, "permission denied to look other users skeys"); + + if (!pw) { + if (argc) + errx(1, "%s: no such user", argv[0]); + else + errx(1, "who are you?"); } - argc -= optind; - argv += optind; - if (argc == 1) - name = argv[0]; - else if (argc > 1) - usage(); - - if (name && getuid() != 0) - errx(1, "only root may specify an alternate user"); - - if (name) { - if (strlen(name) > PASS_MAX) - errx(1, "username too long (%d chars max)", PASS_MAX); - if ((pw = getpwnam(name)) == NULL) - errx(1, "no passwd entry for %s", name); - } else { - if ((pw = getpwuid(getuid())) == NULL) - errx(1, "no passwd entry for uid %u", getuid()); - } + strncpy(name, pw->pw_name, sizeof(name)); - if ((name = strdup(pw->pw_name)) == NULL) - err(1, "cannot allocate memory"); - sevenbit(name); - - error = skeylookup(&key, name); - switch (error) { - case 0: /* Success! */ - if (verbose) - (void)printf("otp-%s ", skey_get_algorithm()); - (void)printf("%d %s\n", key.n - 1, key.seed); - break; - case -1: /* File error */ - warnx("cannot open %s", SKEYKEYS); - break; - case 1: /* Unknown user */ - warnx("%s is not listed in %s", name, SKEYKEYS); + if (getskeyprompt(&skey, name, prompt) == -1) { + printf("%s %s no s/key\n", + argc ? name : "You", + argc ? "has" : "have"); } - (void)fclose(key.keyfile); - - exit(error); -} - -void -usage() -{ - (void)fprintf(stderr, "Usage: %s [-v] [user]\n", __progname); - exit(1); + else { + if (argc) + printf("%s's ", pw->pw_name); + else + printf("Your "); + printf("next %s", prompt); + } + return 0; } diff -ruN skey-1.1.5.orig/skeyinit.1 skey-1.1.5/skeyinit.1 --- skey-1.1.5.orig/skeyinit.1 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skeyinit.1 2003-11-06 17:46:45.000000000 +0000 @@ -1,22 +1,18 @@ -.\" $OpenBSD: skeyinit.1,v 1.19 2000/11/09 17:52:39 aaron Exp $ -.\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $ +.\" $NetBSD: skeyinit.1,v 1.11 2001/04/09 12:35:00 wiz Exp $ .\" @(#)skeyinit.1 1.1 10/28/93 .\" -.Dd February 24, 1998 +.Dd June 7, 2000 .Dt SKEYINIT 1 .Os .Sh NAME .Nm skeyinit .Nd change password or add user to S/Key authentication system .Sh SYNOPSIS -.Nm skeyinit +.Nm +.Op Fl n Ar count .Op Fl s +.Op Fl t Ar hash .Op Fl z -.Op Fl n Ar count -.Oo -.Fl md4 | Fl md5 | Fl sha1 | -.Fl rmd160 -.Oc .Op Ar user .Sh DESCRIPTION .Nm @@ -30,52 +26,17 @@ .Nm requires you to type a secret password, so it should be used only on a secure terminal. -For example, on the console of a -workstation or over an encrypted network session. -If you are using -.Nm -while logged in over an untrusted network, follow the instructions -given below with the -.Fl s -option. -.Pp -Before initializing an S/Key entry, the user must authenticate -using either a standard password or an S/Key challenge. -When used over an untrusted network, a password of -.Sq s/key -should be used. -The user will then be presented with the standard -S/Key challenge and allowed to proceed if it is correct. -.Pp -The options are as follows: +.Sh OPTIONS .Bl -tag -width Ds -.It Fl x -Displays pass phrase in hexadecimal instead of ASCII. .It Fl s -Set secure mode where the user is expected to have used a secure -machine to generate the first one-time password. -Without the -.Fl s -option the system will assume you are directly connected over secure -communications and prompt you for your secret password. -The -.Fl s -option also allows one to set the seed and count for complete -control of the parameters. -You can use -.Ic skeyinit -s -in combination with the -.Nm skey -command to set the seed and count if you do not like the defaults. -To do this run -.Nm -in one window and put in your count and seed, then run -.Nm skey -in another window to generate the correct 6 English words for that -count and seed. -You can then "cut-and-paste" or type the words into the -.Nm -window. +allows the user to set the seed and count for complete control +of the parameters. +To do this run skeyinit in one window and put in your count and seed; +then run +.Xr skey 1 +in another window to generate the correct 6 english words +for that count and seed. +You can then "cut-and-paste" or type the words into the skeyinit window. .It Fl z Allows the user to zero their S/Key entry. .It Fl n Ar count @@ -84,30 +45,22 @@ sequence at .Ar count (default is 100). -.It Fl md4 -Selects MD4 as the hash algorithm. -.It Fl md5 -Selects MD5 as the hash algorithm. -.It Fl sha1 -Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm. -.It Fl rmd160 -Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm. +.It Fl t Ar hash +Selects the hash algorithm to use. +Available choices are md4 (the default), md5 or sha1. .It Ar user The username to be changed/added. -By default the current user is operated on. +By default the current user is operated on, only root may +change other user's entries. .El -.Sh ERRORS -.Bl -tag -width "skey disabled" -.It skey disabled -.Pa /etc/skeykeys -does not exist. -It must be created by the superuser in order to use -.Nm skeyinit . .Sh FILES -.Bl -tag -width /etc/skeykeys -.It Pa /etc/skeykeys -database of information for S/Key system +.Bl -tag -width /etc/skey/skeykeys +.It Pa /etc/skey/skeykeys +data base of information for S/Key system. +.El .Sh SEE ALSO -.Xr skey 1 +.Xr skey 1 , +.Xr skeyaudit 1 , +.Xr skeyinfo 1 .Sh AUTHORS Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin diff -ruN skey-1.1.5.orig/skeyinit.c skey-1.1.5/skeyinit.c --- skey-1.1.5.orig/skeyinit.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skeyinit.c 2003-11-06 17:46:45.000000000 +0000 @@ -43,6 +43,18 @@ #include <netdb.h> +#ifdef HAVE_SHADOW_H +#include <shadow.h> +#endif + +#ifdef HAVE_CRACK_H +#include <crack.h> +#ifndef CRACKLIB_DICTPATH +#define CRACKLIB_DICTPATH "/usr/lib/cracklib_dict" +#endif +#endif + +#include "err.h" #include "skey.h" @@ -50,62 +62,80 @@ #define SKEY_NAMELEN 4 #endif -void usage __P((char *)); +int main __P((int, char **)); -int -main(argc, argv) - int argc; - char *argv[]; +int main(int argc, char **argv) { - int rval, nn, i, l, n=0, defaultsetup=1, zerokey=0, hexmode=0; + int rval, nn, i, l, n=0, defaultsetup=1, c, zerokey=0, hexmode=0; time_t now; - struct utmp old_ut; - -#ifndef UT_LINESIZE -# define UT_LINESIZE (sizeof(old_ut.ut_line)) -# define UT_NAMESIZE (sizeof(old_ut.ut_name)) -# define UT_HOSTSIZE (sizeof(old_ut.ut_host)) -# endif - - char hostname[MAXHOSTNAMELEN]; + char hostname[MAXHOSTNAMELEN+1]; + char seed[SKEY_MAX_PW_LEN+2], key[SKEY_BINKEY_SIZE]; + char defaultseed[SKEY_MAX_SEED_LEN+1]; char passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2]; - char seed[SKEY_MAX_SEED_LEN+2], defaultseed[SKEY_MAX_SEED_LEN+1]; - char tbuf[27], buf[80], key[SKEY_BINKEY_SIZE]; - char lastc, me[UT_NAMESIZE+1], *salt, *p, *pw, *ht=NULL; - struct skey skey; - struct passwd *pp; - struct tm *tm; + char tbuf[27], buf[80]; + char lastc, me[LOGIN_NAME_MAX+1], *p, *pw, *ht=NULL, *msg; + const char *salt; + struct skey skey; + struct passwd *pp; + struct tm *tm; +#ifdef HAVE_SHADOW_H + struct spwd *sp; +#endif + + i = open(_PATH_DEVNULL, O_RDWR); + while (i >= 0 && i < 2) + i = dup(i); + if (i > 2) + close(i); if (geteuid() != 0) errx(1, "must be setuid root."); if (gethostname(hostname, sizeof(hostname)) < 0) - err(1, "gethostname"); - for (i = 0, p = defaultseed; hostname[i] && i < SKEY_NAMELEN; i++) { - if (isalpha(hostname[i])) { - if (isupper(hostname[i])) - hostname[i] = tolower(hostname[i]); - *p++ = hostname[i]; - } else if (isdigit(hostname[i])) - *p++ = hostname[i]; + err(1, "gethostname() error"); + + for (i = 0, l = 0; l < sizeof(defaultseed); i++) { + if (hostname[i] == '\0') { + defaultseed[l] = hostname[i]; + break; + } + if (isalnum(hostname[i])) + defaultseed[l++] = hostname[i]; } - *p = '\0'; - (void)time(&now); - (void)sprintf(tbuf, "%05ld", (long) (now % 100000)); - (void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5); + + defaultseed[SKEY_NAMELEN] = '\0'; + time(&now); + snprintf(tbuf, sizeof(tbuf), "%05ld", (long) (now % 100000)); + strncat(defaultseed, tbuf, sizeof(defaultseed)); if ((pp = getpwuid(getuid())) == NULL) - err(1, "no user with uid %d", getuid()); - (void)strcpy(me, pp->pw_name); + err(1, "no user with uid %ld", (u_long)getuid()); + strncpy(me, pp->pw_name, sizeof(me)); if ((pp = getpwnam(me)) == NULL) - err(1, "Who are you?"); + err(1, "getpwnam() returned NULL, Who are you?"); +#ifdef HAVE_SHADOW_H + /* hacking in shadow support... */ + else if (strcmp(pp->pw_passwd, "x") == 0) { + if ((sp = getspnam(me)) == NULL) + err(1, "Unable to verify Password"); + pp->pw_passwd = sp->sp_pwdp; + } +#endif salt = pp->pw_passwd; - for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) { - if (argv[i][2] == '\0') { - /* Single character switch */ - switch (argv[i][1]) { + while((c = getopt(argc, argv, "n:t:sxz")) != -1) { + switch(c) { + case 'n': + n = atoi(optarg); + if (n < 1 || n > SKEY_MAX_SEQ) + errx(1, "count must be between 1 and %d", SKEY_MAX_SEQ); + break; + case 't': + if(skey_set_algorithm(optarg) == NULL) + errx(1, "Unknown hash algorithm %s", optarg); + ht = optarg; + break; case 's': defaultsetup = 0; break; @@ -115,105 +145,51 @@ case 'z': zerokey = 1; break; - case 'n': - if (argv[++i] == NULL || argv[i][0] == '\0') - usage(argv[0]); - if ((n = atoi(argv[i])) < 1 || n >= SKEY_MAX_SEQ) - errx(1, "count must be > 0 and < %d", - SKEY_MAX_SEQ); - break; default: - usage(argv[0]); - } - } else { - /* Multi character switches are hash types */ - if ((ht = skey_set_algorithm(&argv[i][1])) == NULL) { - warnx("Unknown hash algorithm %s", &argv[i][1]); - usage(argv[0]); + errx(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [user]", argv[0]); } } - i++; - } + + if (argc > optind) { + pp = getpwnam(argv[optind]); + if (pp == NULL) + errx(1, "User %s unknown", argv[optind]); + } - /* check for optional user string */ - if (argc - i > 1) { - usage(argv[0]); - } else if (argv[i]) { - if ((pp = getpwnam(argv[i])) == NULL) { - if (getuid() == 0) { - static struct passwd _pp; - - _pp.pw_name = argv[i]; - pp = &_pp; - warnx("Warning, user unknown: %s", argv[i]); - } else { - errx(1, "User unknown: %s", argv[i]); - } - } else if (strcmp(pp->pw_name, me) != 0) { + if (strcmp(pp->pw_name, me) != 0) { if (getuid() != 0) { /* Only root can change other's passwds */ errx(1, "Permission denied."); } } - } if (getuid() != 0) { - pw = getpass("Password (or `s/key'):"); - if (strcasecmp(pw, "s/key") == 0) { - if (skey_haskey(me)) - exit(1); - if (skey_authenticate(me)) - errx(1, "Password incorrect."); - } else { - p = crypt(pw, salt); - if (strcmp(p, pp->pw_passwd)) - errx(1, "Password incorrect."); - } + pw = getpass("Password: "); + p = crypt(pw, salt); + if (strcmp(p, pp->pw_passwd)) + errx(1, "Password incorrect."); } rval = skeylookup(&skey, pp->pw_name); switch (rval) { case -1: - if (errno == ENOENT) - errx(1, "S/Key disabled"); - else - err(1, "cannot open database"); - break; + err(1, "cannot open database"); case 0: - /* comment out user if asked to */ if (zerokey) - exit(skeyzero(&skey, pp->pw_name)); + exit (skeyzero(&skey, pp->pw_name)); + printf("[Updating %s]\n", pp->pw_name); + printf("Old key: [%s] %s\n", skey_get_algorithm(), skey.seed); - (void)printf("[Updating %s]\n", pp->pw_name); - (void)printf("Old key: [%s] %s\n", skey_get_algorithm(), - skey.seed); - - /* - * Sanity check old seed. - */ l = strlen(skey.seed); - for (p = skey.seed; *p; p++) { - if (isalpha(*p)) { - if (isupper(*p)) - *p = tolower(*p); - } else if (!isdigit(*p)) { - memmove(p, p + 1, l - (p - skey.seed)); - l--; - } - } - - /* - * Let's be nice if they have an skey.seed that - * ends in 0-8 just add one - */ if (l > 0) { lastc = skey.seed[l - 1]; - if (isdigit(lastc) && lastc != '9') { - (void)strcpy(defaultseed, skey.seed); + if (isdigit((unsigned char)lastc) && lastc != '9') { + strncpy(defaultseed, skey.seed, sizeof(defaultseed)); defaultseed[l - 1] = lastc + 1; } - if (isdigit(lastc) && lastc == '9' && l < 16) { - (void)strcpy(defaultseed, skey.seed); + if (isdigit((unsigned char)lastc) && lastc == '9' && + l < 16) { + strncpy(defaultseed, skey.seed, sizeof(defaultseed)); defaultseed[l - 1] = '0'; defaultseed[l] = '0'; defaultseed[l + 1] = '\0'; @@ -223,7 +199,7 @@ case 1: if (zerokey) errx(1, "You have no entry to zero."); - (void)printf("[Adding %s]\n", pp->pw_name); + printf("[Adding %s]\n", pp->pw_name); break; } if (n == 0) @@ -237,37 +213,33 @@ } if (!defaultsetup) { - (void)printf("You need the 6 english words generated from the \"skey\" command.\n"); + printf("You need the 6 english words generated from the \"skey\" command.\n"); for (i = 0; ; i++) { if (i >= 2) exit(1); - (void)printf("Enter sequence count from 1 to %d: ", - SKEY_MAX_SEQ); - (void)fgets(buf, sizeof(buf), stdin); + printf("Enter sequence count from 1 to %d: ", SKEY_MAX_SEQ); + fgets(buf, sizeof(buf), stdin); n = atoi(buf); if (n > 0 && n < SKEY_MAX_SEQ) break; /* Valid range */ - (void)printf("Error: Count must be > 0 and < %d\n", - SKEY_MAX_SEQ); + printf("\nError: Count must be between 0 and %d\n", SKEY_MAX_SEQ); } for (i = 0;; i++) { if (i >= 2) exit(1); - (void)printf("Enter new key [default %s]: ", - defaultseed); - (void)fgets(seed, sizeof(seed), stdin); + printf("Enter new seed [default %s]: ", defaultseed); + fflush(stdout); + fgets(seed, sizeof(seed), stdin); rip(seed); - if (seed[0] == '\0') - (void)strcpy(seed, defaultseed); for (p = seed; *p; p++) { if (isalpha(*p)) { if (isupper(*p)) *p = tolower(*p); } else if (!isdigit(*p)) { - (void)puts("Error: seed may only contain alpha numeric characters"); + puts("Error: seed may only contain alpha numeric characters"); break; } } @@ -275,66 +247,75 @@ break; /* Valid seed */ } if (strlen(seed) > SKEY_MAX_SEED_LEN) { - (void)printf("Notice: Seed truncated to %d characters.\n", - SKEY_MAX_SEED_LEN); + printf("Notice: Seed truncated to %d characters.\n", SKEY_MAX_SEED_LEN); seed[SKEY_MAX_SEED_LEN] = '\0'; } + if (seed[0] == '\0') + strncpy(seed, defaultseed, sizeof(seed)); for (i = 0;; i++) { if (i >= 2) exit(1); - (void)printf("otp-%s %d %s\nS/Key access password: ", + printf("otp-%s %d %s\ns/key access password: ", skey_get_algorithm(), n, seed); - (void)fgets(buf, sizeof(buf), stdin); + fgets(buf, sizeof(buf), stdin); rip(buf); backspace(buf); if (buf[0] == '?') { - (void)puts("Enter 6 English words from secure S/Key calculation."); + puts("Enter 6 English words from secure s/key calculation."); continue; } else if (buf[0] == '\0') exit(1); if (etob(key, buf) == 1 || atob8(key, buf) == 0) break; /* Valid format */ - (void)puts("Invalid format - try again with 6 English words."); + puts("Invalid format - try again with 6 English words."); } } else { /* Get user's secret password */ - fputs("Reminder - Only use this method if you are directly connected\n or have an encrypted channel. If you are using telnet\n or rlogin, exit with no password and use skeyinit -s.\n", stderr); + puts("Reminder - Only use this method if you are directly connected\n" + "or have an encrypted channel. If you are using telnet\n" + "or rlogin, exit with no password and use skeyinit -s.\n"); for (i = 0;; i++) { - if (i > 2) + if (i >= 3) exit(1); - (void)fputs("Enter secret password: ", stderr); + printf("Enter secret password: "); readpass(passwd, sizeof(passwd)); if (passwd[0] == '\0') exit(1); if (strlen(passwd) < SKEY_MIN_PW_LEN) { - (void)fprintf(stderr, - "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN); + fprintf(stderr, + "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN); continue; } else if (strcmp(passwd, pp->pw_name) == 0) { - (void)fputs("Your password may not be the same as your user name.\n", stderr); - continue; - } else if (strspn(passwd, "abcdefghijklmnopqrstuvwxyz") == strlen(passwd)) { - (void)fputs("Your password must contain more than just lower case letters.\nWhitespace, numbers, and puctuation are suggested.\n", stderr); + fputs("Your password may not be the same as your user name.\n", stderr); continue; + } +#ifdef HAVE_CRACK_H + if (msg = (char *) FascistCheck(passwd, CRACKLIB_DICTPATH)) { + warnx("Warning: %s", msg); + /* if (!i) */ /* reject passwords cracklib doesnt like the first time its entered... */ + /* continue; */ } +#endif - (void)fputs("Again secret password: ", stderr); + printf("Again secret password: "); readpass(passwd2, sizeof(passwd)); + if (passwd2[0] == '\0') + exit(1); if (strcmp(passwd, passwd2) == 0) break; - (void)fputs("Passwords do not match.\n", stderr); + puts("Passwords do not match."); } /* Crunch seed and password into starting key */ - (void)strcpy(seed, defaultseed); + strncpy(seed, defaultseed, sizeof(seed)); if (keycrunch(key, seed, passwd) != 0) err(2, "key crunch failed"); @@ -342,16 +323,16 @@ while (nn-- != 0) f(key); } - (void)time(&now); + time(&now); tm = localtime(&now); - (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); + strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); if ((skey.val = (char *)malloc(16 + 1)) == NULL) err(1, "Can't allocate memory"); - /* Zero out old key if necesary (entry would change size) */ + /* Zero out old key if necessary (entry would change size) */ if (zerokey) { - (void)skeyzero(&skey, pp->pw_name); + skeyzero(&skey, pp->pw_name); /* Re-open keys file and seek to the end */ if (skeylookup(&skey, pp->pw_name) == -1) err(1, "cannot open database"); @@ -376,26 +357,17 @@ /* Don't save algorithm type for md4 (keep record length same) */ if (strcmp(skey_get_algorithm(), "md4") == 0) - (void)fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", + fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n, seed, skey.val, tbuf); else - (void)fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n", + fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n", pp->pw_name, skey_get_algorithm(), n, seed, skey.val, tbuf); - (void)fclose(skey.keyfile); + fclose(skey.keyfile); - (void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name, + printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name, skey_get_algorithm(), n, seed); - (void)printf("Next login password: %s\n\n", + printf("Next login password: %s\n\n", hexmode ? put8(buf, key) : btoe(buf, key)); - exit(0); -} - -void -usage(s) - char *s; -{ - (void)fprintf(stderr, - "Usage: %s [-s] [-x] [-z] [-n count] [-md4|-md5|-sha1|-rmd160] [user]\n", s); - exit(1); + return 0; } diff -ruN skey-1.1.5.orig/skeylogin.c skey-1.1.5/skeylogin.c --- skey-1.1.5.orig/skeylogin.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skeylogin.c 2003-11-06 17:46:45.000000000 +0000 @@ -20,6 +20,7 @@ #include <sys/quota.h> #endif #include <sys/stat.h> +#include <sys/file.h> #include <sys/time.h> #include <sys/resource.h> #include <sys/types.h> @@ -32,6 +33,7 @@ #include <string.h> #include <time.h> #include <unistd.h> +#include <grp.h> #include "config.h" @@ -45,73 +47,85 @@ #include "sha1.h" #endif +#include "err.h" #include "skey.h" -char *skipspace __P((char *)); -int skeylookup __P((struct skey *, char *)); +#define OTP_FMT "otp-%.*s %d %.*s" /* Issue a skey challenge for user 'name'. If successful, - * fill in the caller's skey structure and return(0). If unsuccessful - * (e.g., if name is unknown) return(-1). + * fill in the caller's skey structure and return 0. If unsuccessful + * (e.g., if name is unknown) return -1. * * The file read/write pointer is left at the start of the * record. */ -int -getskeyprompt(mp, name, prompt) - struct skey *mp; - char *name; - char *prompt; +int getskeyprompt(struct skey *mp, char *name, char *prompt) { int rval; sevenbit(name); rval = skeylookup(mp, name); - (void)strcpy(prompt, "otp-md0 55 latour1\n"); + + *prompt = '\0'; switch (rval) { - case -1: /* File error */ - return(-1); - case 0: /* Lookup succeeded, return challenge */ - (void)sprintf(prompt, "otp-%.*s %d %.*s\n", - SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(), + case -1: /* File error */ + return -1; + case 0: /* Lookup succeeded, return challenge */ + sprintf(prompt, OTP_FMT "\n", + SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(), mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed); - return(0); - case 1: /* User not found */ - (void)fclose(mp->keyfile); - return(-1); + return 0; + case 1: /* User not found */ + fclose(mp->keyfile); + mp->keyfile = NULL; + return -1; } - return(-1); /* Can't happen */ + return -1; /* Can't happen, never ever ever. ever. I'm serious. */ } /* Return a skey challenge string for user 'name'. If successful, - * fill in the caller's skey structure and return(0). If unsuccessful - * (e.g., if name is unknown) return(-1). + * fill in the caller's skey structure and return 0. If unsuccessful + * (e.g., if name is unknown) return -1. * * The file read/write pointer is left at the start of the * record. */ -int -skeychallenge(mp, name, ss) - struct skey *mp; - char *name; - char *ss; +int skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen) { int rval; rval = skeylookup(mp,name); + *ss = '\0'; switch(rval){ - case -1: /* File error */ - return(-1); - case 0: /* Lookup succeeded, issue challenge */ - (void)sprintf(ss, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN, + case -1: /* File error */ + return -1; + case 0: /* Lookup succeeded, issue challenge */ + snprintf(ss, sslen, OTP_FMT, SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(), mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed); - return(0); - case 1: /* User not found */ - (void)fclose(mp->keyfile); - return(-1); + return 0; + case 1: /* User not found */ + fclose(mp->keyfile); + mp->keyfile = NULL; + return -1; + } + return -1; /* Can't happen - or your money back */ +} + +static FILE *openskey(void) +{ + struct stat statbuf; + FILE *keyfile = NULL; + + if (stat(SKEYKEYS, &statbuf) == 0 && + (keyfile = fopen(SKEYKEYS, "r+"))) { + if ((statbuf.st_mode & 0007777) != 0600) + fchmod(fileno(keyfile), 0600); + } else { + keyfile = NULL; } - return(-1); /* Can't happen */ + + return keyfile; } /* Find an entry in the One-time Password database. @@ -120,27 +134,19 @@ * 0: entry found, file R/W pointer positioned at beginning of record * 1: entry not found, file R/W pointer positioned at EOF */ -int -skeylookup(mp, name) - struct skey *mp; - char *name; +int skeylookup(struct skey *mp, const char *name) { int found = 0; long recstart = 0; - char *cp, *ht = NULL; - struct stat statbuf; - - /* Open SKEYKEYS if it exists, else return an error */ - if (stat(SKEYKEYS, &statbuf) == 0 && - (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) { - if ((statbuf.st_mode & 0007777) != 0600) - fchmod(fileno(mp->keyfile), 0600); - } else { - return(-1); - } + const char *ht = NULL; + char *last; + if(!(mp->keyfile = openskey())) + return -1; + /* Look up user name in database */ while (!feof(mp->keyfile)) { + char *cp; recstart = ftell(mp->keyfile); mp->recstart = recstart; if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) @@ -148,22 +154,22 @@ rip(mp->buf); if (mp->buf[0] == '#') continue; /* Comment */ - if ((mp->logname = strtok(mp->buf, " \t")) == NULL) + if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL) continue; - if ((cp = strtok(NULL, " \t")) == NULL) + if ((cp = strtok_r(NULL, " \t", &last)) == NULL) continue; /* Save hash type if specified, else use md4 */ - if (isalpha(*cp)) { + if (isalpha((u_char) *cp)) { ht = cp; - if ((cp = strtok(NULL, " \t")) == NULL) + if ((cp = strtok_r(NULL, " \t", &last)) == NULL) continue; } else { ht = "md4"; } mp->n = atoi(cp); - if ((mp->seed = strtok(NULL, " \t")) == NULL) + if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL) continue; - if ((mp->val = strtok(NULL, " \t")) == NULL) + if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL) continue; if (strcmp(mp->logname, name) == 0) { found = 1; @@ -171,7 +177,7 @@ } } if (found) { - (void)fseek(mp->keyfile, recstart, SEEK_SET); + fseek(mp->keyfile, recstart, SEEK_SET); /* Set hash type */ if (ht && skey_set_algorithm(ht) == NULL) { warnx("Unknown hash algorithm %s, using %s", ht, @@ -189,27 +195,21 @@ * 0: next entry found and stored in mp * 1: no more entries, file R/W pointer positioned at EOF */ -int -skeygetnext(mp) - struct skey *mp; +int skeygetnext(struct skey *mp) { long recstart = 0; - char *cp; - struct stat statbuf; + char *last; /* Open SKEYKEYS if it exists, else return an error */ if (mp->keyfile == NULL) { - if (stat(SKEYKEYS, &statbuf) == 0 && - (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) { - if ((statbuf.st_mode & 0007777) != 0600) - fchmod(fileno(mp->keyfile), 0600); - } else { - return(-1); - } + if(!(mp->keyfile = openskey())) + return -1; } /* Look up next user in database */ while (!feof(mp->keyfile)) { + char *cp; + recstart = ftell(mp->keyfile); mp->recstart = recstart; if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) @@ -217,19 +217,19 @@ rip(mp->buf); if (mp->buf[0] == '#') continue; /* Comment */ - if ((mp->logname = strtok(mp->buf, " \t")) == NULL) + if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL) continue; - if ((cp = strtok(NULL, " \t")) == NULL) + if ((cp = strtok_r(NULL, " \t", &last)) == NULL) continue; /* Save hash type if specified, else use md4 */ - if (isalpha(*cp)) { - if ((cp = strtok(NULL, " \t")) == NULL) + if (isalpha((u_char) *cp)) { + if ((cp = strtok_r(NULL, " \t", &last)) == NULL) continue; } mp->n = atoi(cp); - if ((mp->seed = strtok(NULL, " \t")) == NULL) + if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL) continue; - if ((mp->val = strtok(NULL, " \t")) == NULL) + if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL) continue; /* Got a real entry */ break; @@ -246,10 +246,7 @@ * * The database file is always closed by this call. */ -int -skeyverify(mp, response) - struct skey *mp; - char *response; +int skeyverify(struct skey *mp, char *response) { char key[SKEY_BINKEY_SIZE]; char fkey[SKEY_BINKEY_SIZE]; @@ -257,29 +254,31 @@ time_t now; struct tm *tm; char tbuf[27]; - char *cp; + char *cp, *last; int i, rval; time(&now); tm = localtime(&now); - (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); + strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); if (response == NULL) { - (void)fclose(mp->keyfile); - return(-1); + fclose(mp->keyfile); + mp->keyfile = NULL; + return -1; } rip(response); /* Convert response to binary */ if (etob(key, response) != 1 && atob8(key, response) != 0) { /* Neither english words or ascii hex */ - (void)fclose(mp->keyfile); - return(-1); + fclose(mp->keyfile); + mp->keyfile = NULL; + return -1; } /* Compute fkey = f(key) */ - (void)memcpy(fkey, key, sizeof(key)); - (void)fflush(stdout); + memcpy(fkey, key, sizeof(key)); + fflush(stdout); f(fkey); /* @@ -298,26 +297,33 @@ } /* Reread the file record NOW */ - (void)fseek(mp->keyfile, mp->recstart, SEEK_SET); + fseek(mp->keyfile, mp->recstart, SEEK_SET); if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) { - (void)fclose(mp->keyfile); - return(-1); + fclose(mp->keyfile); + mp->keyfile = NULL; + return -1; } rip(mp->buf); - mp->logname = strtok(mp->buf, " \t"); - cp = strtok(NULL, " \t") ; - if (isalpha(*cp)) - cp = strtok(NULL, " \t") ; - mp->seed = strtok(NULL, " \t"); - mp->val = strtok(NULL, " \t"); + if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL) + goto verify_failure; + if ((cp = strtok_r(NULL, " \t", &last)) == NULL) + goto verify_failure; + if (isalpha((u_char) *cp)) + if ((cp = strtok_r(NULL, " \t", &last)) == NULL) + goto verify_failure; + if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL) + goto verify_failure; + if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL) + goto verify_failure; /* And convert file value to hex for comparison */ atob8(filekey, mp->val); /* Do actual comparison */ if (memcmp(filekey, fkey, SKEY_BINKEY_SIZE) != 0){ /* Wrong response */ - (void)fclose(mp->keyfile); - return(1); + fclose(mp->keyfile); + mp->keyfile = NULL; + return 1; } /* @@ -327,19 +333,24 @@ */ btoa8(mp->val,key); mp->n--; - (void)fseek(mp->keyfile, mp->recstart, SEEK_SET); + fseek(mp->keyfile, mp->recstart, SEEK_SET); /* Don't save algorithm type for md4 (keep record length same) */ if (strcmp(skey_get_algorithm(), "md4") == 0) - (void)fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n", + fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n", mp->logname, mp->n, mp->seed, mp->val, tbuf); else - (void)fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n", + fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n", mp->logname, skey_get_algorithm(), mp->n, mp->seed, mp->val, tbuf); - (void)fclose(mp->keyfile); - - return(0); + fclose(mp->keyfile); + mp->keyfile = NULL; + return 0; + + verify_failure: + fclose(mp->keyfile); + mp->keyfile = NULL; + return -1; } /* @@ -348,13 +359,18 @@ * Returns: 1 user doesnt exist, -1 fle error, 0 user exists. * */ -int -skey_haskey(username) - char *username; +int skey_haskey(const char *username) { struct skey skey; + int i; + + i = skeylookup(&skey, username); - return(skeylookup(&skey, username)); + if (skey.keyfile != NULL) { + fclose(skey.keyfile); + skey.keyfile = NULL; + } + return i; } /* @@ -364,19 +380,21 @@ * seed for the passed user. * */ -char * -skey_keyinfo(username) - char *username; +const char *skey_keyinfo(const char *username) { int i; static char str[SKEY_MAX_CHALLENGE]; struct skey skey; - i = skeychallenge(&skey, username, str); + i = skeychallenge(&skey, username, str, sizeof str); if (i == -1) - return(0); + return 0; - return(str); + if (skey.keyfile != NULL) { + fclose(skey.keyfile); + skey.keyfile = NULL; + } + return str; } /* @@ -388,40 +406,38 @@ * Returns: 0 success, -1 failure * */ -int -skey_passcheck(username, passwd) - char *username, *passwd; +int skey_passcheck(const char *username, char *passwd) { int i; struct skey skey; i = skeylookup(&skey, username); if (i == -1 || i == 1) - return(-1); + return -1; if (skeyverify(&skey, passwd) == 0) - return(skey.n); + return skey.n; - return(-1); + return -1; } +#if DO_FAKE_CHALLENGE #define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \ ((x)[3])) /* * hash_collapse() */ -static u_int32_t -hash_collapse(s) - u_char *s; +static u_int32_t hash_collapse(u_char *s) { - int len, target; + int len, target, slen; u_int32_t i; - - if ((strlen(s) % sizeof(u_int32_t)) == 0) - target = strlen(s); /* Multiple of 4 */ + + slen = strlen((char *)s); + if ((slen % sizeof(u_int32_t)) == 0) + target = slen; /* Multiple of 4 */ else - target = strlen(s) - (strlen(s) % sizeof(u_int32_t)); + target = slen - slen % sizeof(u_int32_t); for (i = 0, len = 0; len < target; len += 4) i ^= ROUND(s + len); @@ -429,6 +445,8 @@ return i; } +#endif + /* * skey_authenticate() * @@ -438,22 +456,22 @@ * Returns: 0 success, -1 failure * */ -int -skey_authenticate(username) - char *username; +int skey_authenticate(const char *username) { int i; + char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1]; + struct skey skey; +#if DO_FAKE_CHALLENGE u_int ptr; u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up; - char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1]; - char *secret; size_t secretlen; - struct skey skey; SHA1_CTX ctx; - +#endif + /* Attempt an S/Key challenge */ - i = skeychallenge(&skey, username, skeyprompt); + i = skeychallenge(&skey, username, skeyprompt, sizeof skeyprompt); +#if DO_FAKE_CHALLENGE /* Cons up a fake prompt if no entry in keys file */ if (i != 0) { char *p, *u; @@ -465,11 +483,11 @@ if (gethostname(pbuf, sizeof(pbuf)) == -1) *(p = pbuf) = '.'; else - for (p = pbuf; *p && isalnum(*p); p++) - if (isalpha(*p) && isupper(*p)) - *p = tolower(*p); + for (p = pbuf; *p && isalnum((u_char)*p); p++) + if (isalpha((u_char)*p) && isupper((u_char)*p)) + *p = tolower((u_char)*p); if (*p && pbuf - p < 4) - (void)strncpy(p, "asjd", 4 - (pbuf - p)); + strncpy(p, "asjd", 4 - (pbuf - p)); pbuf[4] = '\0'; /* Hash the username if possible */ @@ -490,6 +508,7 @@ SEEK_SET) != -1 && read(fd, hseed, SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) { close(fd); + fd = -1; secret = hseed; secretlen = SKEY_MAX_SEED_LEN; flg = 0; @@ -499,6 +518,8 @@ secretlen = strlen(secret); flg = 0; } + if (fd != -1) + close(fd); } /* Put that in your pipe and smoke it */ @@ -531,7 +552,7 @@ memset(up, 0, 20); /* SHA1 specific */ free(up); - (void)sprintf(skeyprompt, + sprintf(skeyprompt, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(), @@ -554,29 +575,30 @@ } while (--i != 0); pbuf[12] = '\0'; - (void)sprintf(skeyprompt, "otp-%.*s %d %.*s", + sprintf(skeyprompt, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(), 99, SKEY_MAX_SEED_LEN, pbuf); } } +#endif - (void)fprintf(stderr, "%s\n", skeyprompt); - (void)fflush(stderr); + fprintf(stderr, "[%s]\n", skeyprompt); + fflush(stderr); - (void)fputs("Response: ", stderr); + fputs("Response: ", stderr); readskey(pbuf, sizeof(pbuf)); /* Is it a valid response? */ if (i == 0 && skeyverify(&skey, pbuf) == 0) { if (skey.n < 5) { - (void)fprintf(stderr, + fprintf(stderr, "\nWarning! Key initialization needed soon. (%d logins left)\n", skey.n); } - return(0); + return 0; } - return(-1); + return -1; } /* Comment out user's entry in the s/key database @@ -587,22 +609,21 @@ * * The database file is always closed by this call. */ -int -skeyzero(mp, response) - struct skey *mp; - char *response; +int skeyzero(struct skey *mp, char *response) { /* * Seek to the right place and write comment character * which effectively zero's out the entry. */ - (void)fseek(mp->keyfile, mp->recstart, SEEK_SET); + fseek(mp->keyfile, mp->recstart, SEEK_SET); if (fputc('#', mp->keyfile) == EOF) { fclose(mp->keyfile); - return(-1); + mp->keyfile = NULL; + return -1; } - (void)fclose(mp->keyfile); + fclose(mp->keyfile); + mp->keyfile = NULL; - return(0); + return 0; } diff -ruN skey-1.1.5.orig/skeyprune.8 skey-1.1.5/skeyprune.8 --- skey-1.1.5.orig/skeyprune.8 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skeyprune.8 2003-11-06 17:46:45.000000000 +0000 @@ -13,7 +13,7 @@ .Sh DESCRIPTION .Nm skeyprune searches through the file -.Dq Pa /etc/skeykeys +.Dq Pa /etc/skey/skeykeys and prunes out users who have zeroed their entries via .Xr skeyinit 1 as well as entries that have not been modified in @@ -22,8 +22,8 @@ .Ar days is not specified only commented out entries are pruned. .Sh FILES -.Bl -tag -width /etc/skeykeys -compact -.It Pa /etc/skeykeys +.Bl -tag -width /etc/skey/skeykeys -compact +.It Pa /etc/skey/skeykeys S/Key key information database .El .Sh SEE ALSO @@ -33,7 +33,7 @@ Since .Nm skeyprune rewrites -.Dq Pa /etc/skeykeys , +.Dq Pa /etc/skey/skeykeys , there is a window where S/Key changes could get lost. It is therefore suggested that .Nm skeyprune diff -ruN skey-1.1.5.orig/skeysubr.c skey-1.1.5/skeysubr.c --- skey-1.1.5.orig/skeysubr.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/skeysubr.c 2003-11-06 17:46:45.000000000 +0000 @@ -40,30 +40,26 @@ #else #include "sha1.h" #endif -#ifdef HAVE_RMD160_H -#include <rmd160.h> -#else -#include "rmd160.h" -#endif #include "skey.h" /* Default hash function to use (index into skey_hash_types array) */ #ifndef SKEY_HASH_DEFAULT -#define SKEY_HASH_DEFAULT 1 +#define SKEY_HASH_DEFAULT 0 /*MD4*/ #endif -static void f_md4 __P((char *x)); -static void f_md5 __P((char *x)); -static void f_sha1 __P((char *x)); -static void f_rmd160 __P((char *x)); -static int keycrunch_md4 __P((char *result, char *seed, char *passwd)); -static int keycrunch_md5 __P((char *result, char *seed, char *passwd)); -static int keycrunch_sha1 __P((char *result, char *seed, char *passwd)); -static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); -static void lowcase __P((char *s)); -static void skey_echo __P((int action)); -static void trapped __P((int sig)); +static void f_md4 __P((char *)); +static void f_md5 __P((char *)); +static void f_sha1 __P((char *)); +/* static void f_rmd160 __P((char *x)); */ +static int keycrunch_md4 __P((char *, const char *, const char *)); +static int keycrunch_md5 __P((char *, const char *, const char *)); +static int keycrunch_sha1 __P((char *, const char *, const char *)); +/* static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); */ +static void lowcase __P((char *)); +static void skey_echo __P((int)); +static void trapped __P((int)); +static char *mkseedpassword(const char *, const char *, size_t *); /* Current hash type (index into skey_hash_types array) */ static int skey_hash_type = SKEY_HASH_DEFAULT; @@ -72,17 +68,16 @@ * Hash types we support. * Each has an associated keycrunch() and f() function. */ -#define SKEY_ALGORITH_LAST 4 struct skey_algorithm_table { const char *name; - int (*keycrunch) (char *, char *, char *); - void (*f) (char *); + int (*keycrunch) __P((char *, const char *, const char *)); + void (*f) __P((char *)); }; static struct skey_algorithm_table skey_algorithm_table[] = { { "md4", keycrunch_md4, f_md4 }, { "md5", keycrunch_md5, f_md5 }, { "sha1", keycrunch_sha1, f_sha1 }, - { "rmd160", keycrunch_rmd160, f_rmd160 } + { NULL } }; @@ -91,242 +86,172 @@ * concatenate the seed and the password, run through MD4/5 and * collapse to 64 bits. This is defined as the user's starting key. */ -int -keycrunch(result, seed, passwd) - char *result; /* SKEY_BINKEY_SIZE result */ - char *seed; /* Seed, any length */ - char *passwd; /* Password, any length */ +int keycrunch(char *result, const char *seed, const char *passwd) { return(skey_algorithm_table[skey_hash_type].keycrunch(result, seed, passwd)); } -static int -keycrunch_md4(result, seed, passwd) - char *result; /* SKEY_BINKEY_SIZE result */ - char *seed; /* Seed, any length */ - char *passwd; /* Password, any length */ +static char *mkseedpassword(const char *seed, const char *passwd, size_t *buflen) { char *buf; - MD4_CTX md; - u_int32_t results[4]; - unsigned int buflen; - buflen = strlen(seed) + strlen(passwd); - if ((buf = (char *)malloc(buflen+1)) == NULL) - return(-1); - (void)strcpy(buf, seed); + *buflen = strlen(seed) + strlen(passwd); + if ((buf = (char *) malloc(*buflen + 1)) == NULL) + return NULL; + strcpy(buf, seed); lowcase(buf); - (void)strcat(buf, passwd); + strcat(buf, passwd); + sevenbit(buf); + + return buf; +} +static int keycrunch_md4(char *result, const char *seed, const char *passwd) +{ + char *buf; + MD4_CTX md; + size_t buflen; + u_int32_t results[4]; + + if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL) + return -1; + /* Crunch the key through MD4 */ - sevenbit(buf); MD4Init(&md); MD4Update(&md, (unsigned char *)buf, buflen); - MD4Final((unsigned char *)results, &md); - (void)free(buf); + MD4Final((unsigned char *) (void *) results, &md); + free(buf); /* Fold result from 128 to 64 bits */ results[0] ^= results[2]; results[1] ^= results[3]; - (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); + memcpy(result, results, SKEY_BINKEY_SIZE); - return(0); + return 0; } -static int -keycrunch_md5(result, seed, passwd) - char *result; /* SKEY_BINKEY_SIZE result */ - char *seed; /* Seed, any length */ - char *passwd; /* Password, any length */ +static int keycrunch_md5(char *result, const char *seed, const char *passwd) { char *buf; MD5_CTX md; u_int32_t results[4]; - unsigned int buflen; + size_t buflen; - buflen = strlen(seed) + strlen(passwd); - if ((buf = (char *)malloc(buflen+1)) == NULL) - return(-1); - (void)strcpy(buf, seed); - lowcase(buf); - (void)strcat(buf, passwd); + if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL) + return -1; /* Crunch the key through MD5 */ - sevenbit(buf); MD5Init(&md); MD5Update(&md, (unsigned char *)buf, buflen); - MD5Final((unsigned char *)results, &md); - (void)free(buf); + MD5Final((unsigned char *) (void *)results, &md); + free(buf); /* Fold result from 128 to 64 bits */ results[0] ^= results[2]; results[1] ^= results[3]; - (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); + memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); return(0); } -static int -keycrunch_sha1(result, seed, passwd) - char *result; /* SKEY_BINKEY_SIZE result */ - char *seed; /* Seed, any length */ - char *passwd; /* Password, any length */ +static int keycrunch_sha1(char *result, const char *seed, const char *passwd) { char *buf; SHA1_CTX sha; - u_int32_t results[5]; - unsigned int buflen; - - buflen = strlen(seed) + strlen(passwd); - if ((buf = (char *)malloc(buflen+1)) == NULL) - return(-1); - (void)strcpy(buf, seed); - lowcase(buf); - (void)strcat(buf, passwd); + size_t buflen; + int i, j; + if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL) + return -1; + /* Crunch the key through SHA1 */ - sevenbit(buf); SHA1Init(&sha); SHA1Update(&sha, (unsigned char *)buf, buflen); - SHA1Final((unsigned char *)results, &sha); - (void)free(buf); + SHA1Final(NULL, &sha); + free(buf); /* Fold 160 to 64 bits */ - results[0] ^= results[2]; - results[1] ^= results[3]; - results[0] ^= results[4]; - - (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); - - return(0); -} - -static int -keycrunch_rmd160(result, seed, passwd) - char *result; /* SKEY_BINKEY_SIZE result */ - char *seed; /* Seed, any length */ - char *passwd; /* Password, any length */ -{ - char *buf; - RMD160_CTX rmd; - u_int32_t results[5]; - unsigned int buflen; - - buflen = strlen(seed) + strlen(passwd); - if ((buf = (char *)malloc(buflen+1)) == NULL) - return(-1); - (void)strcpy(buf, seed); - lowcase(buf); - (void)strcat(buf, passwd); - - /* Crunch the key through RMD-160 */ - sevenbit(buf); - RMD160Init(&rmd); - RMD160Update(&rmd, (unsigned char *)buf, buflen); - RMD160Final((unsigned char *)results, &rmd); - (void)free(buf); - - /* Fold 160 to 64 bits */ - results[0] ^= results[2]; - results[1] ^= results[3]; - results[0] ^= results[4]; - - (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); + sha.state[0] ^= sha.state[2]; + sha.state[1] ^= sha.state[3]; + sha.state[0] ^= sha.state[4]; + + for (i=j=0; j<8; i++, j+=4) { + result[j] = (unsigned char)(sha.state[i] & 0xff); + result[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff); + result[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff); + result[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff); + } - return(0); + return 0; } /* * The one-way function f(). * Takes SKEY_BINKEY_SIZE bytes and returns SKEY_BINKEY_SIZE bytes in place. */ -void -f(x) - char *x; +void f(char *x) { skey_algorithm_table[skey_hash_type].f(x); } -static void -f_md4(x) - char *x; +static void f_md4(char *x) { MD4_CTX md; u_int32_t results[4]; MD4Init(&md); MD4Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE); - MD4Final((unsigned char *)results, &md); + MD4Final((unsigned char *) (void *) results, &md); /* Fold 128 to 64 bits */ results[0] ^= results[2]; results[1] ^= results[3]; - (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); + memcpy(x, results, SKEY_BINKEY_SIZE); } -static void -f_md5(x) - char *x; +static void f_md5(char *x) { MD5_CTX md; u_int32_t results[4]; MD5Init(&md); MD5Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE); - MD5Final((unsigned char *)results, &md); + MD5Final((unsigned char *) (void *) results, &md); /* Fold 128 to 64 bits */ results[0] ^= results[2]; results[1] ^= results[3]; - (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); + memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); } -static void -f_sha1(x) - char *x; +static void f_sha1(char *x) { SHA1_CTX sha; - u_int32_t results[5]; + int i, j; SHA1Init(&sha); SHA1Update(&sha, (unsigned char *)x, SKEY_BINKEY_SIZE); - SHA1Final((unsigned char *)results, &sha); + SHA1Final(NULL, &sha); /* Fold 160 to 64 bits */ - results[0] ^= results[2]; - results[1] ^= results[3]; - results[0] ^= results[4]; - - (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); -} - -static void -f_rmd160(x) - char *x; -{ - RMD160_CTX rmd; - u_int32_t results[5]; - - RMD160Init(&rmd); - RMD160Update(&rmd, (unsigned char *)x, SKEY_BINKEY_SIZE); - RMD160Final((unsigned char *)results, &rmd); - - /* Fold 160 to 64 bits */ - results[0] ^= results[2]; - results[1] ^= results[3]; - results[0] ^= results[4]; - - (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); + sha.state[0] ^= sha.state[2]; + sha.state[1] ^= sha.state[3]; + sha.state[0] ^= sha.state[4]; + + for (i=j=0; j<8; i++, j+=4) { + x[j] = (unsigned char)(sha.state[i] & 0xff); + x[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff); + x[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff); + x[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff); + } } /* Strip trailing cr/lf from a line of text */ -void -rip(buf) - char *buf; +void rip(char *buf) { buf += strcspn(buf, "\r\n"); @@ -335,12 +260,9 @@ } /* Read in secret password (turns off echo) */ -char * -readpass(buf, n) - char *buf; - int n; +char *readpass(char *buf, int n) { - void (*old_handler) (); + void *old_handler; /* Turn off echoing */ skey_echo(0); @@ -348,131 +270,114 @@ /* Catch SIGINT and save old signal handler */ old_handler = signal(SIGINT, trapped); - (void)fgets(buf, n, stdin); + fgets(buf, n, stdin); rip(buf); - (void)putc('\n', stderr); - (void)fflush(stderr); + putc('\n', stderr); + fflush(stderr); /* Restore signal handler and turn echo back on */ if (old_handler != SIG_ERR) - (void)signal(SIGINT, old_handler); + signal(SIGINT, old_handler); skey_echo(1); sevenbit(buf); - return(buf); + return buf; } /* Read in an s/key OTP (does not turn off echo) */ -char * -readskey(buf, n) - char *buf; - int n; +char *readskey(char *buf, int n) { - (void)fgets(buf, n, stdin); + fgets(buf, n, stdin); rip(buf); sevenbit(buf); - return(buf); + return buf; } /* Signal handler for trapping ^C */ -static void -trapped(sig) - int sig; +static void trapped(int sig) { - (void)fputs("^C\n", stderr); - (void)fflush(stderr); + fputs("^C\n", stderr); + fflush(stderr); - /* Turn on echo if necesary */ + /* Turn on echo if necemassary */ skey_echo(1); - exit(-1); + exit(1); } /* * Convert 8-byte hex-ascii string to binary array * Returns 0 on success, -1 on error */ -int -atob8(out, in) - register char *out; - register char *in; +int atob8(char *out, const char *in) { - register int i; - register int val; + int i; + int val; if (in == NULL || out == NULL) - return(-1); + return -1; for (i=0; i < 8; i++) { if ((in = skipspace(in)) == NULL) - return(-1); + return -1; if ((val = htoi(*in++)) == -1) - return(-1); + return -1; *out = val << 4; if ((in = skipspace(in)) == NULL) - return(-1); + return -1; if ((val = htoi(*in++)) == -1) - return(-1); + return -1; *out++ |= val; } - return(0); + return 0; } /* Convert 8-byte binary array to hex-ascii string */ -int -btoa8(out, in) - register char *out; - register char *in; +int btoa8(char *out, const char *in) { - register int i; + int i; if (in == NULL || out == NULL) - return(-1); + return -1; for (i=0; i < 8; i++) { - (void)sprintf(out, "%02x", *in++ & 0xff); + sprintf(out, "%02x", *in++ & 0xff); out += 2; } - return(0); + return 0; } /* Convert hex digit to binary integer */ -int -htoi(c) - register int c; +int htoi(int c) { if ('0' <= c && c <= '9') - return(c - '0'); + return c - '0'; if ('a' <= c && c <= 'f') - return(10 + c - 'a'); + return 10 + c - 'a'; if ('A' <= c && c <= 'F') - return(10 + c - 'A'); - return(-1); + return 10 + c - 'A'; + return -1; } /* Skip leading spaces from the string */ -char * -skipspace(cp) - register char *cp; +const char *skipspace(const char *cp) { while (*cp == ' ' || *cp == '\t') cp++; if (*cp == '\0') - return(NULL); + return NULL; else - return(cp); + return cp; } /* Remove backspaced over characters from the string */ -void -backspace(buf) - char *buf; +void backspace(char *buf) { char bs = 0x8; char *cp = buf; @@ -496,77 +401,68 @@ } /* Make sure line is all seven bits */ -void -sevenbit(s) - char *s; +void sevenbit(char *s) { while (*s) *s++ &= 0x7f; } /* Set hash algorithm type */ -char * -skey_set_algorithm(new) - char *new; +const char *skey_set_algorithm(const char *new) { int i; - for (i = 0; i < SKEY_ALGORITH_LAST; i++) { + for (i = 0; skey_algorithm_table[i].name; i++) { if (strcmp(new, skey_algorithm_table[i].name) == 0) { skey_hash_type = i; - return(new); + return new; } } - return(NULL); + return NULL; } /* Get current hash type */ -const char * -skey_get_algorithm() +const char *skey_get_algorithm() { return(skey_algorithm_table[skey_hash_type].name); } /* Turn echo on/off */ -static void -skey_echo(action) - int action; +static void skey_echo(int action) { static struct termios term; static int echo = 0; if (action == 0) { /* Turn echo off */ - (void) tcgetattr(fileno(stdin), &term); + tcgetattr(fileno(stdin), &term); if ((echo = (term.c_lflag & ECHO))) { term.c_lflag &= ~ECHO; #ifdef TCSASOFT - (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); + tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); #else - (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term); + tcsetattr(fileno(stdin), TCSAFLUSH, &term); #endif } } else if (action && echo) { /* Turn echo on */ term.c_lflag |= ECHO; #ifdef TCSASOFT - (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); + tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); #else - (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term); + tcsetattr(fileno(stdin), TCSAFLUSH, &term); #endif echo = 0; } } /* Convert string to lower case */ -static void -lowcase(s) - char *s; +static void lowcase(char *s) { - char *p; + u_char *p; - for (p = s; *p; p++) + for (p = (u_char *) s; *p; p++) if (isupper(*p)) *p = tolower(*p); } diff -ruN skey-1.1.5.orig/strlcpy.c skey-1.1.5/strlcpy.c --- skey-1.1.5.orig/strlcpy.c 2001-05-10 17:10:49.000000000 +0100 +++ skey-1.1.5/strlcpy.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,72 +0,0 @@ -/* $OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $ */ - -/* - * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "config.h" -#ifndef HAVE_STRLCPY - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include <sys/types.h> -#include <string.h> - -/* - * Copy src to string dst of size siz. At most siz-1 characters - * will be copied. Always NUL terminates (unless siz == 0). - * Returns strlen(src); if retval >= siz, truncation occurred. - */ -size_t strlcpy(dst, src, siz) - char *dst; - const char *src; - size_t siz; -{ - register char *d = dst; - register const char *s = src; - register size_t n = siz; - - /* Copy as many bytes as will fit */ - if (n != 0 && --n != 0) { - do { - if ((*d++ = *s++) == 0) - break; - } while (--n != 0); - } - - /* Not enough room in dst, add NUL and traverse rest of src */ - if (n == 0) { - if (siz != 0) - *d = '\0'; /* NUL-terminate dst */ - while (*s++) - ; - } - - return(s - src - 1); /* count does not include NUL */ -} - -#endif