Remove libskey(3). libopie replaces it.
authorPeter Avalos <pavalos@theshell.com>
Sat, 3 Jan 2009 01:07:04 +0000 (20:07 -0500)
committerPeter Avalos <pavalos@theshell.com>
Sat, 3 Jan 2009 16:47:22 +0000 (11:47 -0500)
21 files changed:
Makefile.inc1
Makefile_upgrade.inc
etc/pam.d/login
lib/Makefile
lib/libskey/Makefile [deleted file]
lib/libskey/mdx.h [deleted file]
lib/libskey/pathnames.h [deleted file]
lib/libskey/put.c [deleted file]
lib/libskey/skey.1 [deleted file]
lib/libskey/skey.3 [deleted file]
lib/libskey/skey.access.5 [deleted file]
lib/libskey/skey.h [deleted file]
lib/libskey/skey_crypt.c [deleted file]
lib/libskey/skey_getpass.c [deleted file]
lib/libskey/skeyaccess.c [deleted file]
lib/libskey/skeylogin.c [deleted file]
lib/libskey/skeysubr.c [deleted file]
lib/pam_module/Makefile
lib/pam_module/pam_cleartext_pass_ok/Makefile [deleted file]
lib/pam_module/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c [deleted file]
share/mk/bsd.libnames.mk

index 3291955..5db563a 100644 (file)
@@ -890,11 +890,10 @@ _generic_libs+=   kerberos5/lib
 
 _prebuild_libs+= lib/libcom_err lib/libcrypt lib/libmd \
                lib/libncurses/libncurses lib/libopie lib/libradius \
-               lib/libsbuf lib/libskey lib/libtacplus lib/libm \
+               lib/libsbuf lib/libtacplus lib/libm \
                lib/libpam lib/libypclnt lib/lib${THREAD_LIB}
 
 lib/libopie__L lib/libradius__L lib/libtacplus__L: lib/libmd__L
-lib/libskey__L: lib/libcrypt__L lib/libmd__L
 
 _generic_libs+=        lib
 
index 643d43a..ef659fd 100644 (file)
@@ -1025,3 +1025,24 @@ TO_REMOVE+=/usr/share/man/cat1/keyinfo.1.gz
 TO_REMOVE+=/usr/bin/keyinit
 TO_REMOVE+=/usr/share/man/man1/keyinit.1.gz
 TO_REMOVE+=/usr/share/man/cat1/keyinit.1.gz
+TO_REMOVE+=/usr/lib/libskey.a
+TO_REMOVE+=/usr/lib/profile/libskey.a
+TO_REMOVE+=/usr/include/skey.h
+TO_REMOVE+=/usr/share/man/man3/skey.3.gz
+TO_REMOVE+=/usr/share/man/cat3/skey.3.gz
+TO_REMOVE+=/usr/share/man/man3/skeylookup.3.gz
+TO_REMOVE+=/usr/share/man/cat3/skeylookup.3.gz
+TO_REMOVE+=/usr/share/man/man3/skeyverify.3.gz
+TO_REMOVE+=/usr/share/man/cat3/skeyverify.3.gz
+TO_REMOVE+=/usr/share/man/man3/skeychallenge.3.gz
+TO_REMOVE+=/usr/share/man/cat3/skeychallenge.3.gz
+TO_REMOVE+=/usr/share/man/man3/skeyinfo.3.gz
+TO_REMOVE+=/usr/share/man/cat3/skeyinfo.3.gz
+TO_REMOVE+=/usr/share/man/man3/skeyaccess.3.gz
+TO_REMOVE+=/usr/share/man/cat3/skeyaccess.3.gz
+TO_REMOVE+=/usr/share/man/man3/skey_getpass.3.gz
+TO_REMOVE+=/usr/share/man/cat3/skey_getpass.3.gz
+TO_REMOVE+=/usr/share/man/man3/skey_crypt.3.gz
+TO_REMOVE+=/usr/share/man/cat3/skey_crypt.3.gz
+TO_REMOVE+=/usr/share/man/man5/skey.access.5.gz
+TO_REMOVE+=/usr/share/man/cat5/skey.access.5.gz
index 42b69ee..b307450 100644 (file)
@@ -9,6 +9,5 @@ session         required        pam_permit.so
 password       required        pam_permit.so
 auth           sufficient      pam_opie.so                     no_fake_prompts
 #auth          requisite       pam_opieaccess.so
-auth           requisite       pam_cleartext_pass_ok.so
 #auth          sufficient      pam_krb5.so                     try_first_pass
 auth           required        pam_unix.so                     try_first_pass
index 08d66bf..7a65be9 100644 (file)
@@ -6,12 +6,10 @@
 # built are visible:
 #
 # libcom_err must be built before libkrb and libpam.
-# libcrypt must be built before libkrb, libpam and libskey.
-# libmd must be built before libatm, libopie, libradius, libskey, and
-# libtacplus.
+# libcrypt must be built before libkrb and libpam.
+# libmd must be built before libatm, libopie, libradius, and libtacplus.
 # libncurses must be built before libdialog, libedit and libreadline.
 # libradius must be built before libpam.
-# libskey must be built before libpam.
 # libtacplus must be built before libpam.
 # libutil must be built before libpam.
 # libsbuf must be built before libcam.
@@ -21,7 +19,7 @@
 # Otherwise, the SUBDIR list should be in alphabetical order.
 
 SUBDIR=        libarchive libbluetooth libcom_err libcrypt libm libmd \
-       libncurses libradius libskey libtacplus libutil libsbuf \
+       libncurses libradius libtacplus libutil libsbuf \
        libalias libatm ${_libbind} ${_libbind9} libbz2 libc ${_libc_r} \
        libcalendar libcam libcompat libdevinfo libdevstat libedit libevent libfetch \
        libftpio libipsec libipx libisc libkcore libkinfo libkvm libmagic \
diff --git a/lib/libskey/Makefile b/lib/libskey/Makefile
deleted file mode 100644 (file)
index 626b455..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-#      @(#)Makefile    5.4 (Berkeley) 5/7/91
-#      $FreeBSD: src/lib/libskey/Makefile,v 1.15.2.1 2001/04/25 10:04:40 ru Exp $
-#      $DragonFly: src/lib/libskey/Makefile,v 1.5 2008/10/28 16:54:09 swildner Exp $
-
-LIB=   skey
-SRCS=  skeyaccess.c put.c skey_crypt.c skey_getpass.c skeylogin.c skeysubr.c
-INCS=  skey.h
-MAN=   skey.1
-MAN+=  skey.3
-MLINKS=        skey.3 skeylookup.3 skey.3 skeyverify.3 skey.3 skeychallenge.3 \
-       skey.3 skeyinfo.3 skey.3 skeyaccess.3 skey.3 skey_getpass.3 \
-       skey.3 skey_crypt.3
-MAN+=  skey.access.5
-
-CFLAGS+=-DPERMIT_CONSOLE -D_SKEY_INTERNAL -I${.CURDIR}
-CFLAGS+=-D_CTYPE_H_DISABLE_MACROS_
-
-DPADD+= ${LIBCRYPT} ${LIBMD}
-LDADD+=        -lcrypt -lmd
-
-WARNS?=        6
-
-.include <bsd.lib.mk>
diff --git a/lib/libskey/mdx.h b/lib/libskey/mdx.h
deleted file mode 100644 (file)
index 567d541..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
-#ifdef MD5
-/* S/Key can use MD5 now, if defined... */
-#include <md5.h>
-
-#define        MDXFinal        MD5Final
-#define        MDXInit         MD5Init
-#define        MDXUpdate       MD5Update
-#define        MDX_CTX         MD5_CTX
-#else
-
-/* By default, use MD4 for compatibility */
-#include <md4.h>
-
-#define        MDXFinal        MD4Final
-#define        MDXInit         MD4Init
-#define        MDXUpdate       MD4Update
-#define        MDX_CTX         MD4_CTX
-
-#endif
diff --git a/lib/libskey/pathnames.h b/lib/libskey/pathnames.h
deleted file mode 100644 (file)
index 7745c46..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
-/* $FreeBSD: src/lib/libskey/pathnames.h,v 1.5 1999/08/28 00:05:26 peter Exp $ (FreeBSD) */
-/* $DragonFly: src/lib/libskey/pathnames.h,v 1.2 2003/06/17 04:26:51 dillon Exp $ (FreeBSD) */
-
-#include <paths.h>
-
-#define _PATH_SKEYACCESS        "/etc/skey.access"
-#define        _PATH_SKEYFILE          "/etc/skeykeys"
diff --git a/lib/libskey/put.c b/lib/libskey/put.c
deleted file mode 100644 (file)
index 933a6c4..0000000
+++ /dev/null
@@ -1,2283 +0,0 @@
-/*
- * $DragonFly: src/lib/libskey/put.c,v 1.5 2008/09/30 16:57:05 swildner Exp $
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <assert.h>
-#include <ctype.h>
-#include "skey.h"
-
-static unsigned long extract (char *s,int start,int length);
-static void standard (char *word);
-static void insert (char *s, int x, int start, int length);
-static int wsrch (char *w,int low,int high);
-
-/* Dictionary for integer-word translations */
-static char Wp[2048][4] = {
-"A",
-"ABE",
-"ACE",
-"ACT",
-"AD",
-"ADA",
-"ADD",
-"AGO",
-"AID",
-"AIM",
-"AIR",
-"ALL",
-"ALP",
-"AM",
-"AMY",
-"AN",
-"ANA",
-"AND",
-"ANN",
-"ANT",
-"ANY",
-"APE",
-"APS",
-"APT",
-"ARC",
-"ARE",
-"ARK",
-"ARM",
-"ART",
-"AS",
-"ASH",
-"ASK",
-"AT",
-"ATE",
-"AUG",
-"AUK",
-"AVE",
-"AWE",
-"AWK",
-"AWL",
-"AWN",
-"AX",
-"AYE",
-"BAD",
-"BAG",
-"BAH",
-"BAM",
-"BAN",
-"BAR",
-"BAT",
-"BAY",
-"BE",
-"BED",
-"BEE",
-"BEG",
-"BEN",
-"BET",
-"BEY",
-"BIB",
-"BID",
-"BIG",
-"BIN",
-"BIT",
-"BOB",
-"BOG",
-"BON",
-"BOO",
-"BOP",
-"BOW",
-"BOY",
-"BUB",
-"BUD",
-"BUG",
-"BUM",
-"BUN",
-"BUS",
-"BUT",
-"BUY",
-"BY",
-"BYE",
-"CAB",
-"CAL",
-"CAM",
-"CAN",
-"CAP",
-"CAR",
-"CAT",
-"CAW",
-"COD",
-"COG",
-"COL",
-"CON",
-"COO",
-"COP",
-"COT",
-"COW",
-"COY",
-"CRY",
-"CUB",
-"CUE",
-"CUP",
-"CUR",
-"CUT",
-"DAB",
-"DAD",
-"DAM",
-"DAN",
-"DAR",
-"DAY",
-"DEE",
-"DEL",
-"DEN",
-"DES",
-"DEW",
-"DID",
-"DIE",
-"DIG",
-"DIN",
-"DIP",
-"DO",
-"DOE",
-"DOG",
-"DON",
-"DOT",
-"DOW",
-"DRY",
-"DUB",
-"DUD",
-"DUE",
-"DUG",
-"DUN",
-"EAR",
-"EAT",
-"ED",
-"EEL",
-"EGG",
-"EGO",
-"ELI",
-"ELK",
-"ELM",
-"ELY",
-"EM",
-"END",
-"EST",
-"ETC",
-"EVA",
-"EVE",
-"EWE",
-"EYE",
-"FAD",
-"FAN",
-"FAR",
-"FAT",
-"FAY",
-"FED",
-"FEE",
-"FEW",
-"FIB",
-"FIG",
-"FIN",
-"FIR",
-"FIT",
-"FLO",
-"FLY",
-"FOE",
-"FOG",
-"FOR",
-"FRY",
-"FUM",
-"FUN",
-"FUR",
-"GAB",
-"GAD",
-"GAG",
-"GAL",
-"GAM",
-"GAP",
-"GAS",
-"GAY",
-"GEE",
-"GEL",
-"GEM",
-"GET",
-"GIG",
-"GIL",
-"GIN",
-"GO",
-"GOT",
-"GUM",
-"GUN",
-"GUS",
-"GUT",
-"GUY",
-"GYM",
-"GYP",
-"HA",
-"HAD",
-"HAL",
-"HAM",
-"HAN",
-"HAP",
-"HAS",
-"HAT",
-"HAW",
-"HAY",
-"HE",
-"HEM",
-"HEN",
-"HER",
-"HEW",
-"HEY",
-"HI",
-"HID",
-"HIM",
-"HIP",
-"HIS",
-"HIT",
-"HO",
-"HOB",
-"HOC",
-"HOE",
-"HOG",
-"HOP",
-"HOT",
-"HOW",
-"HUB",
-"HUE",
-"HUG",
-"HUH",
-"HUM",
-"HUT",
-"I",
-"ICY",
-"IDA",
-"IF",
-"IKE",
-"ILL",
-"INK",
-"INN",
-"IO",
-"ION",
-"IQ",
-"IRA",
-"IRE",
-"IRK",
-"IS",
-"IT",
-"ITS",
-"IVY",
-"JAB",
-"JAG",
-"JAM",
-"JAN",
-"JAR",
-"JAW",
-"JAY",
-"JET",
-"JIG",
-"JIM",
-"JO",
-"JOB",
-"JOE",
-"JOG",
-"JOT",
-"JOY",
-"JUG",
-"JUT",
-"KAY",
-"KEG",
-"KEN",
-"KEY",
-"KID",
-"KIM",
-"KIN",
-"KIT",
-"LA",
-"LAB",
-"LAC",
-"LAD",
-"LAG",
-"LAM",
-"LAP",
-"LAW",
-"LAY",
-"LEA",
-"LED",
-"LEE",
-"LEG",
-"LEN",
-"LEO",
-"LET",
-"LEW",
-"LID",
-"LIE",
-"LIN",
-"LIP",
-"LIT",
-"LO",
-"LOB",
-"LOG",
-"LOP",
-"LOS",
-"LOT",
-"LOU",
-"LOW",
-"LOY",
-"LUG",
-"LYE",
-"MA",
-"MAC",
-"MAD",
-"MAE",
-"MAN",
-"MAO",
-"MAP",
-"MAT",
-"MAW",
-"MAY",
-"ME",
-"MEG",
-"MEL",
-"MEN",
-"MET",
-"MEW",
-"MID",
-"MIN",
-"MIT",
-"MOB",
-"MOD",
-"MOE",
-"MOO",
-"MOP",
-"MOS",
-"MOT",
-"MOW",
-"MUD",
-"MUG",
-"MUM",
-"MY",
-"NAB",
-"NAG",
-"NAN",
-"NAP",
-"NAT",
-"NAY",
-"NE",
-"NED",
-"NEE",
-"NET",
-"NEW",
-"NIB",
-"NIL",
-"NIP",
-"NIT",
-"NO",
-"NOB",
-"NOD",
-"NON",
-"NOR",
-"NOT",
-"NOV",
-"NOW",
-"NU",
-"NUN",
-"NUT",
-"O",
-"OAF",
-"OAK",
-"OAR",
-"OAT",
-"ODD",
-"ODE",
-"OF",
-"OFF",
-"OFT",
-"OH",
-"OIL",
-"OK",
-"OLD",
-"ON",
-"ONE",
-"OR",
-"ORB",
-"ORE",
-"ORR",
-"OS",
-"OTT",
-"OUR",
-"OUT",
-"OVA",
-"OW",
-"OWE",
-"OWL",
-"OWN",
-"OX",
-"PA",
-"PAD",
-"PAL",
-"PAM",
-"PAN",
-"PAP",
-"PAR",
-"PAT",
-"PAW",
-"PAY",
-"PEA",
-"PEG",
-"PEN",
-"PEP",
-"PER",
-"PET",
-"PEW",
-"PHI",
-"PI",
-"PIE",
-"PIN",
-"PIT",
-"PLY",
-"PO",
-"POD",
-"POE",
-"POP",
-"POT",
-"POW",
-"PRO",
-"PRY",
-"PUB",
-"PUG",
-"PUN",
-"PUP",
-"PUT",
-"QUO",
-"RAG",
-"RAM",
-"RAN",
-"RAP",
-"RAT",
-"RAW",
-"RAY",
-"REB",
-"RED",
-"REP",
-"RET",
-"RIB",
-"RID",
-"RIG",
-"RIM",
-"RIO",
-"RIP",
-"ROB",
-"ROD",
-"ROE",
-"RON",
-"ROT",
-"ROW",
-"ROY",
-"RUB",
-"RUE",
-"RUG",
-"RUM",
-"RUN",
-"RYE",
-"SAC",
-"SAD",
-"SAG",
-"SAL",
-"SAM",
-"SAN",
-"SAP",
-"SAT",
-"SAW",
-"SAY",
-"SEA",
-"SEC",
-"SEE",
-"SEN",
-"SET",
-"SEW",
-"SHE",
-"SHY",
-"SIN",
-"SIP",
-"SIR",
-"SIS",
-"SIT",
-"SKI",
-"SKY",
-"SLY",
-"SO",
-"SOB",
-"SOD",
-"SON",
-"SOP",
-"SOW",
-"SOY",
-"SPA",
-"SPY",
-"SUB",
-"SUD",
-"SUE",
-"SUM",
-"SUN",
-"SUP",
-"TAB",
-"TAD",
-"TAG",
-"TAN",
-"TAP",
-"TAR",
-"TEA",
-"TED",
-"TEE",
-"TEN",
-"THE",
-"THY",
-"TIC",
-"TIE",
-"TIM",
-"TIN",
-"TIP",
-"TO",
-"TOE",
-"TOG",
-"TOM",
-"TON",
-"TOO",
-"TOP",
-"TOW",
-"TOY",
-"TRY",
-"TUB",
-"TUG",
-"TUM",
-"TUN",
-"TWO",
-"UN",
-"UP",
-"US",
-"USE",
-"VAN",
-"VAT",
-"VET",
-"VIE",
-"WAD",
-"WAG",
-"WAR",
-"WAS",
-"WAY",
-"WE",
-"WEB",
-"WED",
-"WEE",
-"WET",
-"WHO",
-"WHY",
-"WIN",
-"WIT",
-"WOK",
-"WON",
-"WOO",
-"WOW",
-"WRY",
-"WU",
-"YAM",
-"YAP",
-"YAW",
-"YE",
-"YEA",
-"YES",
-"YET",
-"YOU",
-"ABED",
-"ABEL",
-"ABET",
-"ABLE",
-"ABUT",
-"ACHE",
-"ACID",
-"ACME",
-"ACRE",
-"ACTA",
-"ACTS",
-"ADAM",
-"ADDS",
-"ADEN",
-"AFAR",
-"AFRO",
-"AGEE",
-"AHEM",
-"AHOY",
-"AIDA",
-"AIDE",
-"AIDS",
-"AIRY",
-"AJAR",
-"AKIN",
-"ALAN",
-"ALEC",
-"ALGA",
-"ALIA",
-"ALLY",
-"ALMA",
-"ALOE",
-"ALSO",
-"ALTO",
-"ALUM",
-"ALVA",
-"AMEN",
-"AMES",
-"AMID",
-"AMMO",
-"AMOK",
-"AMOS",
-"AMRA",
-"ANDY",
-"ANEW",
-"ANNA",
-"ANNE",
-"ANTE",
-"ANTI",
-"AQUA",
-"ARAB",
-"ARCH",
-"AREA",
-"ARGO",
-"ARID",
-"ARMY",
-"ARTS",
-"ARTY",
-"ASIA",
-"ASKS",
-"ATOM",
-"AUNT",
-"AURA",
-"AUTO",
-"AVER",
-"AVID",
-"AVIS",
-"AVON",
-"AVOW",
-"AWAY",
-"AWRY",
-"BABE",
-"BABY",
-"BACH",
-"BACK",
-"BADE",
-"BAIL",
-"BAIT",
-"BAKE",
-"BALD",
-"BALE",
-"BALI",
-"BALK",
-"BALL",
-"BALM",
-"BAND",
-"BANE",
-"BANG",
-"BANK",
-"BARB",
-"BARD",
-"BARE",
-"BARK",
-"BARN",
-"BARR",
-"BASE",
-"BASH",
-"BASK",
-"BASS",
-"BATE",
-"BATH",
-"BAWD",
-"BAWL",
-"BEAD",
-"BEAK",
-"BEAM",
-"BEAN",
-"BEAR",
-"BEAT",
-"BEAU",
-"BECK",
-"BEEF",
-"BEEN",
-"BEER",
-"BEET",
-"BELA",
-"BELL",
-"BELT",
-"BEND",
-"BENT",
-"BERG",
-"BERN",
-"BERT",
-"BESS",
-"BEST",
-"BETA",
-"BETH",
-"BHOY",
-"BIAS",
-"BIDE",
-"BIEN",
-"BILE",
-"BILK",
-"BILL",
-"BIND",
-"BING",
-"BIRD",
-"BITE",
-"BITS",
-"BLAB",
-"BLAT",
-"BLED",
-"BLEW",
-"BLOB",
-"BLOC",
-"BLOT",
-"BLOW",
-"BLUE",
-"BLUM",
-"BLUR",
-"BOAR",
-"BOAT",
-"BOCA",
-"BOCK",
-"BODE",
-"BODY",
-"BOGY",
-"BOHR",
-"BOIL",
-"BOLD",
-"BOLO",
-"BOLT",
-"BOMB",
-"BONA",
-"BOND",
-"BONE",
-"BONG",
-"BONN",
-"BONY",
-"BOOK",
-"BOOM",
-"BOON",
-"BOOT",
-"BORE",
-"BORG",
-"BORN",
-"BOSE",
-"BOSS",
-"BOTH",
-"BOUT",
-"BOWL",
-"BOYD",
-"BRAD",
-"BRAE",
-"BRAG",
-"BRAN",
-"BRAY",
-"BRED",
-"BREW",
-"BRIG",
-"BRIM",
-"BROW",
-"BUCK",
-"BUDD",
-"BUFF",
-"BULB",
-"BULK",
-"BULL",
-"BUNK",
-"BUNT",
-"BUOY",
-"BURG",
-"BURL",
-"BURN",
-"BURR",
-"BURT",
-"BURY",
-"BUSH",
-"BUSS",
-"BUST",
-"BUSY",
-"BYTE",
-"CADY",
-"CAFE",
-"CAGE",
-"CAIN",
-"CAKE",
-"CALF",
-"CALL",
-"CALM",
-"CAME",
-"CANE",
-"CANT",
-"CARD",
-"CARE",
-"CARL",
-"CARR",
-"CART",
-"CASE",
-"CASH",
-"CASK",
-"CAST",
-"CAVE",
-"CEIL",
-"CELL",
-"CENT",
-"CERN",
-"CHAD",
-"CHAR",
-"CHAT",
-"CHAW",
-"CHEF",
-"CHEN",
-"CHEW",
-"CHIC",
-"CHIN",
-"CHOU",
-"CHOW",
-"CHUB",
-"CHUG",
-"CHUM",
-"CITE",
-"CITY",
-"CLAD",
-"CLAM",
-"CLAN",
-"CLAW",
-"CLAY",
-"CLOD",
-"CLOG",
-"CLOT",
-"CLUB",
-"CLUE",
-"COAL",
-"COAT",
-"COCA",
-"COCK",
-"COCO",
-"CODA",
-"CODE",
-"CODY",
-"COED",
-"COIL",
-"COIN",
-"COKE",
-"COLA",
-"COLD",
-"COLT",
-"COMA",
-"COMB",
-"COME",
-"COOK",
-"COOL",
-"COON",
-"COOT",
-"CORD",
-"CORE",
-"CORK",
-"CORN",
-"COST",
-"COVE",
-"COWL",
-"CRAB",
-"CRAG",
-"CRAM",
-"CRAY",
-"CREW",
-"CRIB",
-"CROW",
-"CRUD",
-"CUBA",
-"CUBE",
-"CUFF",
-"CULL",
-"CULT",
-"CUNY",
-"CURB",
-"CURD",
-"CURE",
-"CURL",
-"CURT",
-"CUTS",
-"DADE",
-"DALE",
-"DAME",
-"DANA",
-"DANE",
-"DANG",
-"DANK",
-"DARE",
-"DARK",
-"DARN",
-"DART",
-"DASH",
-"DATA",
-"DATE",
-"DAVE",
-"DAVY",
-"DAWN",
-"DAYS",
-"DEAD",
-"DEAF",
-"DEAL",
-"DEAN",
-"DEAR",
-"DEBT",
-"DECK",
-"DEED",
-"DEEM",
-"DEER",
-"DEFT",
-"DEFY",
-"DELL",
-"DENT",
-"DENY",
-"DESK",
-"DIAL",
-"DICE",
-"DIED",
-"DIET",
-"DIME",
-"DINE",
-"DING",
-"DINT",
-"DIRE",
-"DIRT",
-"DISC",
-"DISH",
-"DISK",
-"DIVE",
-"DOCK",
-"DOES",
-"DOLE",
-"DOLL",
-"DOLT",
-"DOME",
-"DONE",
-"DOOM",
-"DOOR",
-"DORA",
-"DOSE",
-"DOTE",
-"DOUG",
-"DOUR",
-"DOVE",
-"DOWN",
-"DRAB",
-"DRAG",
-"DRAM",
-"DRAW",
-"DREW",
-"DRUB",
-"DRUG",
-"DRUM",
-"DUAL",
-"DUCK",
-"DUCT",
-"DUEL",
-"DUET",
-"DUKE",
-"DULL",
-"DUMB",
-"DUNE",
-"DUNK",
-"DUSK",
-"DUST",
-"DUTY",
-"EACH",
-"EARL",
-"EARN",
-"EASE",
-"EAST",
-"EASY",
-"EBEN",
-"ECHO",
-"EDDY",
-"EDEN",
-"EDGE",
-"EDGY",
-"EDIT",
-"EDNA",
-"EGAN",
-"ELAN",
-"ELBA",
-"ELLA",
-"ELSE",
-"EMIL",
-"EMIT",
-"EMMA",
-"ENDS",
-"ERIC",
-"EROS",
-"EVEN",
-"EVER",
-"EVIL",
-"EYED",
-"FACE",
-"FACT",
-"FADE",
-"FAIL",
-"FAIN",
-"FAIR",
-"FAKE",
-"FALL",
-"FAME",
-"FANG",
-"FARM",
-"FAST",
-"FATE",
-"FAWN",
-"FEAR",
-"FEAT",
-"FEED",
-"FEEL",
-"FEET",
-"FELL",
-"FELT",
-"FEND",
-"FERN",
-"FEST",
-"FEUD",
-"FIEF",
-"FIGS",
-"FILE",
-"FILL",
-"FILM",
-"FIND",
-"FINE",
-"FINK",
-"FIRE",
-"FIRM",
-"FISH",
-"FISK",
-"FIST",
-"FITS",
-"FIVE",
-"FLAG",
-"FLAK",
-"FLAM",
-"FLAT",
-"FLAW",
-"FLEA",
-"FLED",
-"FLEW",
-"FLIT",
-"FLOC",
-"FLOG",
-"FLOW",
-"FLUB",
-"FLUE",
-"FOAL",
-"FOAM",
-"FOGY",
-"FOIL",
-"FOLD",
-"FOLK",
-"FOND",
-"FONT",
-"FOOD",
-"FOOL",
-"FOOT",
-"FORD",
-"FORE",
-"FORK",
-"FORM",
-"FORT",
-"FOSS",
-"FOUL",
-"FOUR",
-"FOWL",
-"FRAU",
-"FRAY",
-"FRED",
-"FREE",
-"FRET",
-"FREY",
-"FROG",
-"FROM",
-"FUEL",
-"FULL",
-"FUME",
-"FUND",
-"FUNK",
-"FURY",
-"FUSE",
-"FUSS",
-"GAFF",
-"GAGE",
-"GAIL",
-"GAIN",
-"GAIT",
-"GALA",
-"GALE",
-"GALL",
-"GALT",
-"GAME",
-"GANG",
-"GARB",
-"GARY",
-"GASH",
-"GATE",
-"GAUL",
-"GAUR",
-"GAVE",
-"GAWK",
-"GEAR",
-"GELD",
-"GENE",
-"GENT",
-"GERM",
-"GETS",
-"GIBE",
-"GIFT",
-"GILD",
-"GILL",
-"GILT",
-"GINA",
-"GIRD",
-"GIRL",
-"GIST",
-"GIVE",
-"GLAD",
-"GLEE",
-"GLEN",
-"GLIB",
-"GLOB",
-"GLOM",
-"GLOW",
-"GLUE",
-"GLUM",
-"GLUT",
-"GOAD",
-"GOAL",
-"GOAT",
-"GOER",
-"GOES",
-"GOLD",
-"GOLF",
-"GONE",
-"GONG",
-"GOOD",
-"GOOF",
-"GORE",
-"GORY",
-"GOSH",
-"GOUT",
-"GOWN",
-"GRAB",
-"GRAD",
-"GRAY",
-"GREG",
-"GREW",
-"GREY",
-"GRID",
-"GRIM",
-"GRIN",
-"GRIT",
-"GROW",
-"GRUB",
-"GULF",
-"GULL",
-"GUNK",
-"GURU",
-"GUSH",
-"GUST",
-"GWEN",
-"GWYN",
-"HAAG",
-"HAAS",
-"HACK",
-"HAIL",
-"HAIR",
-"HALE",
-"HALF",
-"HALL",
-"HALO",
-"HALT",
-"HAND",
-"HANG",
-"HANK",
-"HANS",
-"HARD",
-"HARK",
-"HARM",
-"HART",
-"HASH",
-"HAST",
-"HATE",
-"HATH",
-"HAUL",
-"HAVE",
-"HAWK",
-"HAYS",
-"HEAD",
-"HEAL",
-"HEAR",
-"HEAT",
-"HEBE",
-"HECK",
-"HEED",
-"HEEL",
-"HEFT",
-"HELD",
-"HELL",
-"HELM",
-"HERB",
-"HERD",
-"HERE",
-"HERO",
-"HERS",
-"HESS",
-"HEWN",
-"HICK",
-"HIDE",
-"HIGH",
-"HIKE",
-"HILL",
-"HILT",
-"HIND",
-"HINT",
-"HIRE",
-"HISS",
-"HIVE",
-"HOBO",
-"HOCK",
-"HOFF",
-"HOLD",
-"HOLE",
-"HOLM",
-"HOLT",
-"HOME",
-"HONE",
-"HONK",
-"HOOD",
-"HOOF",
-"HOOK",
-"HOOT",
-"HORN",
-"HOSE",
-"HOST",
-"HOUR",
-"HOVE",
-"HOWE",
-"HOWL",
-"HOYT",
-"HUCK",
-"HUED",
-"HUFF",
-"HUGE",
-"HUGH",
-"HUGO",
-"HULK",
-"HULL",
-"HUNK",
-"HUNT",
-"HURD",
-"HURL",
-"HURT",
-"HUSH",
-"HYDE",
-"HYMN",
-"IBIS",
-"ICON",
-"IDEA",
-"IDLE",
-"IFFY",
-"INCA",
-"INCH",
-"INTO",
-"IONS",
-"IOTA",
-"IOWA",
-"IRIS",
-"IRMA",
-"IRON",
-"ISLE",
-"ITCH",
-"ITEM",
-"IVAN",
-"JACK",
-"JADE",
-"JAIL",
-"JAKE",
-"JANE",
-"JAVA",
-"JEAN",
-"JEFF",
-"JERK",
-"JESS",
-"JEST",
-"JIBE",
-"JILL",
-"JILT",
-"JIVE",
-"JOAN",
-"JOBS",
-"JOCK",
-"JOEL",
-"JOEY",
-"JOHN",
-"JOIN",
-"JOKE",
-"JOLT",
-"JOVE",
-"JUDD",
-"JUDE",
-"JUDO",
-"JUDY",
-"JUJU",
-"JUKE",
-"JULY",
-"JUNE",
-"JUNK",
-"JUNO",
-"JURY",
-"JUST",
-"JUTE",
-"KAHN",
-"KALE",
-"KANE",
-"KANT",
-"KARL",
-"KATE",
-"KEEL",
-"KEEN",
-"KENO",
-"KENT",
-"KERN",
-"KERR",
-"KEYS",
-"KICK",
-"KILL",
-"KIND",
-"KING",
-"KIRK",
-"KISS",
-"KITE",
-"KLAN",
-"KNEE",
-"KNEW",
-"KNIT",
-"KNOB",
-"KNOT",
-"KNOW",
-"KOCH",
-"KONG",
-"KUDO",
-"KURD",
-"KURT",
-"KYLE",
-"LACE",
-"LACK",
-"LACY",
-"LADY",
-"LAID",
-"LAIN",
-"LAIR",
-"LAKE",
-"LAMB",
-"LAME",
-"LAND",
-"LANE",
-"LANG",
-"LARD",
-"LARK",
-"LASS",
-"LAST",
-"LATE",
-"LAUD",
-"LAVA",
-"LAWN",
-"LAWS",
-"LAYS",
-"LEAD",
-"LEAF",
-"LEAK",
-"LEAN",
-"LEAR",
-"LEEK",
-"LEER",
-"LEFT",
-"LEND",
-"LENS",
-"LENT",
-"LEON",
-"LESK",
-"LESS",
-"LEST",
-"LETS",
-"LIAR",
-"LICE",
-"LICK",
-"LIED",
-"LIEN",
-"LIES",
-"LIEU",
-"LIFE",
-"LIFT",
-"LIKE",
-"LILA",
-"LILT",
-"LILY",
-"LIMA",
-"LIMB",
-"LIME",
-"LIND",
-"LINE",
-"LINK",
-"LINT",
-"LION",
-"LISA",
-"LIST",
-"LIVE",
-"LOAD",
-"LOAF",
-"LOAM",
-"LOAN",
-"LOCK",
-"LOFT",
-"LOGE",
-"LOIS",
-"LOLA",
-"LONE",
-"LONG",
-"LOOK",
-"LOON",
-"LOOT",
-"LORD",
-"LORE",
-"LOSE",
-"LOSS",
-"LOST",
-"LOUD",
-"LOVE",
-"LOWE",
-"LUCK",
-"LUCY",
-"LUGE",
-"LUKE",
-"LULU",
-"LUND",
-"LUNG",
-"LURA",
-"LURE",
-"LURK",
-"LUSH",
-"LUST",
-"LYLE",
-"LYNN",
-"LYON",
-"LYRA",
-"MACE",
-"MADE",
-"MAGI",
-"MAID",
-"MAIL",
-"MAIN",
-"MAKE",
-"MALE",
-"MALI",
-"MALL",
-"MALT",
-"MANA",
-"MANN",
-"MANY",
-"MARC",
-"MARE",
-"MARK",
-"MARS",
-"MART",
-"MARY",
-"MASH",
-"MASK",
-"MASS",
-"MAST",
-"MATE",
-"MATH",
-"MAUL",
-"MAYO",
-"MEAD",
-"MEAL",
-"MEAN",
-"MEAT",
-"MEEK",
-"MEET",
-"MELD",
-"MELT",
-"MEMO",
-"MEND",
-"MENU",
-"MERT",
-"MESH",
-"MESS",
-"MICE",
-"MIKE",
-"MILD",
-"MILE",
-"MILK",
-"MILL",
-"MILT",
-"MIMI",
-"MIND",
-"MINE",
-"MINI",
-"MINK",
-"MINT",
-"MIRE",
-"MISS",
-"MIST",
-"MITE",
-"MITT",
-"MOAN",
-"MOAT",
-"MOCK",
-"MODE",
-"MOLD",
-"MOLE",
-"MOLL",
-"MOLT",
-"MONA",
-"MONK",
-"MONT",
-"MOOD",
-"MOON",
-"MOOR",
-"MOOT",
-"MORE",
-"MORN",
-"MORT",
-"MOSS",
-"MOST",
-"MOTH",
-"MOVE",
-"MUCH",
-"MUCK",
-"MUDD",
-"MUFF",
-"MULE",
-"MULL",
-"MURK",
-"MUSH",
-"MUST",
-"MUTE",
-"MUTT",
-"MYRA",
-"MYTH",
-"NAGY",
-"NAIL",
-"NAIR",
-"NAME",
-"NARY",
-"NASH",
-"NAVE",
-"NAVY",
-"NEAL",
-"NEAR",
-"NEAT",
-"NECK",
-"NEED",
-"NEIL",
-"NELL",
-"NEON",
-"NERO",
-"NESS",
-"NEST",
-"NEWS",
-"NEWT",
-"NIBS",
-"NICE",
-"NICK",
-"NILE",
-"NINA",
-"NINE",
-"NOAH",
-"NODE",
-"NOEL",
-"NOLL",
-"NONE",
-"NOOK",
-"NOON",
-"NORM",
-"NOSE",
-"NOTE",
-"NOUN",
-"NOVA",
-"NUDE",
-"NULL",
-"NUMB",
-"OATH",
-"OBEY",
-"OBOE",
-"ODIN",
-"OHIO",
-"OILY",
-"OINT",
-"OKAY",
-"OLAF",
-"OLDY",
-"OLGA",
-"OLIN",
-"OMAN",
-"OMEN",
-"OMIT",
-"ONCE",
-"ONES",
-"ONLY",
-"ONTO",
-"ONUS",
-"ORAL",
-"ORGY",
-"OSLO",
-"OTIS",
-"OTTO",
-"OUCH",
-"OUST",
-"OUTS",
-"OVAL",
-"OVEN",
-"OVER",
-"OWLY",
-"OWNS",
-"QUAD",
-"QUIT",
-"QUOD",
-"RACE",
-"RACK",
-"RACY",
-"RAFT",
-"RAGE",
-"RAID",
-"RAIL",
-"RAIN",
-"RAKE",
-"RANK",
-"RANT",
-"RARE",
-"RASH",
-"RATE",
-"RAVE",
-"RAYS",
-"READ",
-"REAL",
-"REAM",
-"REAR",
-"RECK",
-"REED",
-"REEF",
-"REEK",
-"REEL",
-"REID",
-"REIN",
-"RENA",
-"REND",
-"RENT",
-"REST",
-"RICE",
-"RICH",
-"RICK",
-"RIDE",
-"RIFT",
-"RILL",
-"RIME",
-"RING",
-"RINK",
-"RISE",
-"RISK",
-"RITE",
-"ROAD",
-"ROAM",
-"ROAR",
-"ROBE",
-"ROCK",
-"RODE",
-"ROIL",
-"ROLL",
-"ROME",
-"ROOD",
-"ROOF",
-"ROOK",
-"ROOM",
-"ROOT",
-"ROSA",
-"ROSE",
-"ROSS",
-"ROSY",
-"ROTH",
-"ROUT",
-"ROVE",
-"ROWE",
-"ROWS",
-"RUBE",
-"RUBY",
-"RUDE",
-"RUDY",
-"RUIN",
-"RULE",
-"RUNG",
-"RUNS",
-"RUNT",
-"RUSE",
-"RUSH",
-"RUSK",
-"RUSS",
-"RUST",
-"RUTH",
-"SACK",
-"SAFE",
-"SAGE",
-"SAID",
-"SAIL",
-"SALE",
-"SALK",
-"SALT",
-"SAME",
-"SAND",
-"SANE",
-"SANG",
-"SANK",
-"SARA",
-"SAUL",
-"SAVE",
-"SAYS",
-"SCAN",
-"SCAR",
-"SCAT",
-"SCOT",
-"SEAL",
-"SEAM",
-"SEAR",
-"SEAT",
-"SEED",
-"SEEK",
-"SEEM",
-"SEEN",
-"SEES",
-"SELF",
-"SELL",
-"SEND",
-"SENT",
-"SETS",
-"SEWN",
-"SHAG",
-"SHAM",
-"SHAW",
-"SHAY",
-"SHED",
-"SHIM",
-"SHIN",
-"SHOD",
-"SHOE",
-"SHOT",
-"SHOW",
-"SHUN",
-"SHUT",
-"SICK",
-"SIDE",
-"SIFT",
-"SIGH",
-"SIGN",
-"SILK",
-"SILL",
-"SILO",
-"SILT",
-"SINE",
-"SING",
-"SINK",
-"SIRE",
-"SITE",
-"SITS",
-"SITU",
-"SKAT",
-"SKEW",
-"SKID",
-"SKIM",
-"SKIN",
-"SKIT",
-"SLAB",
-"SLAM",
-"SLAT",
-"SLAY",
-"SLED",
-"SLEW",
-"SLID",
-"SLIM",
-"SLIT",
-"SLOB",
-"SLOG",
-"SLOT",
-"SLOW",
-"SLUG",
-"SLUM",
-"SLUR",
-"SMOG",
-"SMUG",
-"SNAG",
-"SNOB",
-"SNOW",
-"SNUB",
-"SNUG",
-"SOAK",
-"SOAR",
-"SOCK",
-"SODA",
-"SOFA",
-"SOFT",
-"SOIL",
-"SOLD",
-"SOME",
-"SONG",
-"SOON",
-"SOOT",
-"SORE",
-"SORT",
-"SOUL",
-"SOUR",
-"SOWN",
-"STAB",
-"STAG",
-"STAN",
-"STAR",
-"STAY",
-"STEM",
-"STEW",
-"STIR",
-"STOW",
-"STUB",
-"STUN",
-"SUCH",
-"SUDS",
-"SUIT",
-"SULK",
-"SUMS",
-"SUNG",
-"SUNK",
-"SURE",
-"SURF",
-"SWAB",
-"SWAG",
-"SWAM",
-"SWAN",
-"SWAT",
-"SWAY",
-"SWIM",
-"SWUM",
-"TACK",
-"TACT",
-"TAIL",
-"TAKE",
-"TALE",
-"TALK",
-"TALL",
-"TANK",
-"TASK",
-"TATE",
-"TAUT",
-"TEAL",
-"TEAM",
-"TEAR",
-"TECH",
-"TEEM",
-"TEEN",
-"TEET",
-"TELL",
-"TEND",
-"TENT",
-"TERM",
-"TERN",
-"TESS",
-"TEST",
-"THAN",
-"THAT",
-"THEE",
-"THEM",
-"THEN",
-"THEY",
-"THIN",
-"THIS",
-"THUD",
-"THUG",
-"TICK",
-"TIDE",
-"TIDY",
-"TIED",
-"TIER",
-"TILE",
-"TILL",
-"TILT",
-"TIME",
-"TINA",
-"TINE",
-"TINT",
-"TINY",
-"TIRE",
-"TOAD",
-"TOGO",
-"TOIL",
-"TOLD",
-"TOLL",
-"TONE",
-"TONG",
-"TONY",
-"TOOK",
-"TOOL",
-"TOOT",
-"TORE",
-"TORN",
-"TOTE",
-"TOUR",
-"TOUT",
-"TOWN",
-"TRAG",
-"TRAM",
-"TRAY",
-"TREE",
-"TREK",
-"TRIG",
-"TRIM",
-"TRIO",
-"TROD",
-"TROT",
-"TROY",
-"TRUE",
-"TUBA",
-"TUBE",
-"TUCK",
-"TUFT",
-"TUNA",
-"TUNE",
-"TUNG",
-"TURF",
-"TURN",
-"TUSK",
-"TWIG",
-"TWIN",
-"TWIT",
-"ULAN",
-"UNIT",
-"URGE",
-"USED",
-"USER",
-"USES",
-"UTAH",
-"VAIL",
-"VAIN",
-"VALE",
-"VARY",
-"VASE",
-"VAST",
-"VEAL",
-"VEDA",
-"VEIL",
-"VEIN",
-"VEND",
-"VENT",
-"VERB",
-"VERY",
-"VETO",
-"VICE",
-"VIEW",
-"VINE",
-"VISE",
-"VOID",
-"VOLT",
-"VOTE",
-"WACK",
-"WADE",
-"WAGE",
-"WAIL",
-"WAIT",
-"WAKE",
-"WALE",
-"WALK",
-"WALL",
-"WALT",
-"WAND",
-"WANE",
-"WANG",
-"WANT",
-"WARD",
-"WARM",
-"WARN",
-"WART",
-"WASH",
-"WAST",
-"WATS",
-"WATT",
-"WAVE",
-"WAVY",
-"WAYS",
-"WEAK",
-"WEAL",
-"WEAN",
-"WEAR",
-"WEED",
-"WEEK",
-"WEIR",
-"WELD",
-"WELL",
-"WELT",
-"WENT",
-"WERE",
-"WERT",
-"WEST",
-"WHAM",
-"WHAT",
-"WHEE",
-"WHEN",
-"WHET",
-"WHOA",
-"WHOM",
-"WICK",
-"WIFE",
-"WILD",
-"WILL",
-"WIND",
-"WINE",
-"WING",
-"WINK",
-"WINO",
-"WIRE",
-"WISE",
-"WISH",
-"WITH",
-"WOLF",
-"WONT",
-"WOOD",
-"WOOL",
-"WORD",
-"WORE",
-"WORK",
-"WORM",
-"WORN",
-"WOVE",
-"WRIT",
-"WYNN",
-"YALE",
-"YANG",
-"YANK",
-"YARD",
-"YARN",
-"YAWL",
-"YAWN",
-"YEAH",
-"YEAR",
-"YELL",
-"YOGA",
-"YOKE"
-};
-
-/* Encode 8 bytes in 'c' as a string of English words.
- * Returns a pointer to a static buffer
- */
-char *
-btoe(char *engout, char *c)
-{
-       char cp[9];     /* add in room for the parity 2 bits*/
-       int p,i ;
-
-       engout[0] = '\0';
-       memcpy(cp, c,8);
-       /* compute parity */
-       for(p = 0,i = 0; i < 64;i += 2)
-               p += extract(cp,i,2);
-
-       cp[8] = (char)p << 6;
-       strncat(engout,&Wp[extract(cp, 0,11)][0],4);
-       strcat(engout," ");
-       strncat(engout,&Wp[extract(cp,11,11)][0],4);
-       strcat(engout," ");
-       strncat(engout,&Wp[extract(cp,22,11)][0],4);
-       strcat(engout," ");
-       strncat(engout,&Wp[extract(cp,33,11)][0],4);
-       strcat(engout," ");
-       strncat(engout,&Wp[extract(cp,44,11)][0],4);
-       strcat(engout," ");
-       strncat(engout,&Wp[extract(cp,55,11)][0],4);
-#ifdef notdef
-       printf("engout is %s\n\r",engout);
-#endif
-       return(engout);
-}
-
-/* convert English to binary
- * returns 1 OK - all good words and parity is OK
- *         0 word not in data base
- *        -1 badly formed in put ie > 4 char word
- *        -2 words OK but parity is wrong
- */
-int
-etob(char *out, char *e)
-{
-       char *word, *cp;
-       int i, v,l, low,high;
-       unsigned int p;
-       char b[9];
-       char input[36];
-
-       if(e == NULL)
-               return -1;
-
-       strncpy(input,e,sizeof(input));
-       cp = input;
-       memset(b, 0, sizeof(b));
-       memset(out, 0, 8);
-       for(i=0,p=0;i<6;i++,p+=11){
-               while ((word = strsep(&cp, " ")) != NULL && *word == '\0')
-                       ;
-               if (word == NULL)
-                       return -1;
-               l = strlen(word);
-               if(l > 4 || l < 1){
-                       return -1;
-               } else if(l < 4){
-                       low = 0;
-                       high = 570;
-               } else {
-                       low = 571;
-                       high = 2047;
-               }
-               standard(word);
-               if( (v = wsrch(word,low,high)) < 0 )
-                       return 0;
-               insert(b,v,(int)p,11);
-       }
-
-       /* now check the parity of what we got */
-       for(p = 0, i = 0; i < 64; i +=2)
-               p += extract(b, i, 2);
-
-       if( (p & 3) != extract(b, 64,2) )
-               return -2;
-
-       memcpy(out,b,8);
-
-       return 1;
-}
-/* Display 8 bytes as a series of 16-bit hex digits */
-char *
-put8(char *out, char *s)
-{
-       sprintf(out,"%02X%02X %02X%02X %02X%02X %02X%02X",
-               s[0] & 0xff,s[1] & 0xff,s[2] & 0xff,
-               s[3] & 0xff,s[4] & 0xff,s[5] & 0xff,
-               s[6] & 0xff,s[7] & 0xff);
-       return out;
-}
-#ifdef notdef
-/* Encode 8 bytes in 'cp' as stream of ascii letters.
- * Provided as a possible alternative to btoe()
- */
-char *
-btoc(char *cp)
-{
-       int i;
-       static char out[31];
-
-       /* code out put by characters 6 bits each added to 0x21 (!)*/
-       for(i=0;i <= 10;i++){
-               /* last one is only 4 bits not 6*/
-               out[i] = '!'+ extract(cp,6*i,i >= 10 ? 4:6);
-       }
-       out[i] = '\0';
-       return(out);
-}
-#endif
-
-/* Internal subroutines for word encoding/decoding */
-
-/* Dictionary binary search */
-static int
-wsrch(char *w, int low, int high)
-{
-       int i,j;
-
-       for(;;){
-               i = (low + high)/2;
-               if((j = strncmp(w,Wp[i],4)) == 0)
-                       return i;       /* Found it */
-               if(high == low+1){
-                       /* Avoid effects of integer truncation in /2 */
-                       if(strncmp(w,Wp[high],4) == 0)
-                               return high;
-                       else
-                               return -1;
-               }
-               if(low >= high)
-                       return -1;      /* I don't *think* this can happen...*/
-               if(j < 0)
-                       high = i;       /* Search lower half */
-               else
-                       low = i;        /* Search upper half */
-       }
-}
-static void
-insert(char *s, int x, int start, int length)
-{
-       unsigned char cl;
-       unsigned char cc;
-       unsigned char cr;
-       unsigned long y;
-       int shift;
-
-       assert(length <= 11);
-       assert(start >= 0);
-       assert(length >= 0);
-       assert(start +length <= 66);
-
-       shift = ((8  -(( start + length) % 8))%8);
-       y = (long) x << shift;
-       cl = (y >> 16) & 0xff;
-       cc = (y >> 8) & 0xff;
-       cr = y & 0xff;
-       if(shift + length > 16){
-               s[start /8] |= cl;
-               s[start/8 +1] |= cc;
-               s[start/8 +2] |= cr;
-       } else if(shift +length > 8){
-               s[start/8] |= cc;
-               s[start/8 + 1] |= cr;
-       } else {
-               s[start/8] |= cr;
-       }
-}
-
-static void
-standard(char *word)
-{
-       while(*word){
-               if(!isascii(*word))
-                       break;
-               if(islower(*word))
-                       *word = toupper(*word);
-               if(*word == '1')
-                       *word = 'L';
-               if(*word == '0')
-                       *word = 'O';
-               if(*word == '5')
-                       *word = 'S';
-               word++;
-       }
-}
-
-/* Extract 'length' bits from the char array 's' starting with bit 'start' */
-static unsigned long
-extract(char *s, int start, int length)
-{
-       unsigned char cl;
-       unsigned char cc;
-       unsigned char cr;
-       unsigned long x;
-
-       assert(length <= 11);
-       assert(start >= 0);
-       assert(length >= 0);
-       assert(start +length <= 66);
-
-       cl = s[start/8];
-       cc = s[start/8 +1];
-       cr = s[start/8 +2];
-       x = ((long)(cl<<8 | cc) <<8  | cr) ;
-       x = x >> (24 - (length + (start %8)));
-       x =( x & (0xffff >> (16-length) )   );
-       return(x);
-}
-
diff --git a/lib/libskey/skey.1 b/lib/libskey/skey.1
deleted file mode 100644 (file)
index c0b4f23..0000000
+++ /dev/null
@@ -1,92 +0,0 @@
-.\"    @(#)skey.1      1.1     10/28/93
-.\" $FreeBSD: src/lib/libskey/skey.1,v 1.4.2.2 2001/12/21 10:07:09 ru Exp $
-.\" $DragonFly: src/lib/libskey/skey.1,v 1.3 2004/03/11 12:28:52 hmp Exp $
-.\"
-.Dd October 28, 1993
-.Dt KEY 1
-.Os
-.Sh NAME
-.Nm S/key
-.Nd "a procedure to use one time passwords for accessing computer systems"
-.Sh DESCRIPTION
-.Nm
-is a procedure for using one time password to authenticate access to
-computer systems.
-It uses 64 bits of information transformed by the
-MD4 algorithm.
-The user supplies the 64 bits in the form of 6 English
-words that are generated by a secure computer.
-Example use of the
-.Nm
-program
-.Nm key :
-.Bd -literal -offset indent
->key 99 th91334
-Enter password: <your secret password is entered here>
-OMEN US HORN OMIT BACK AHOY
->
-.Ed
-.Pp
-The programs that are part of the
-.Nm
-system are
-.Nm keyinit , key ,
-and
-.Nm keyinfo .
-.Nm Keyinit
-is used to get your ID set up,
-.Nm key
-is
-used to get the one time password each time,
-.Nm keyinfo
-is used to extract information from the
-.Nm
-database.
-.Pp
-When you run
-.Nm keyinit
-you inform the system of your
-secret password.
-Running
-.Nm key
-then generates the
-one-time passwords, and also requires your secret
-password.
-If however, you misspell your password
-while running
-.Nm key ,
-you will get a list of passwords
-that will not work, and no indication about the problem.
-.Pp
-Password sequence numbers count backward from 99.
-If you don't know this, the syntax for
-.Nm key
-will be confusing.
-.Pp
-You can enter the passwords using small letters, even
-though the
-.Nm key
-program gives them in caps.
-.Pp
-.Tn Macintosh
-and a general purpose
-.Tn PC
-use are available.
-.Pp
-Under
-.Dx ,
-you can control, with
-.Pa /etc/skey.access ,
-from which hosts and/or networks the use of
-.Nm
-passwords is obligated.
-.Sh SEE ALSO
-.Xr key 1 ,
-.Xr keyinfo 1 ,
-.Xr keyinit 1 ,
-.Xr skey.access 5
-.Sh AUTHORS
-.An Phil Karn
-.An Neil M. Haller
-.An John S. Walden
-.An Scott Chasin
diff --git a/lib/libskey/skey.3 b/lib/libskey/skey.3
deleted file mode 100644 (file)
index 12f8207..0000000
+++ /dev/null
@@ -1,175 +0,0 @@
-.\" Copyright (c) 1996
-.\" David L. Nugent. All Rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD: src/lib/libskey/skey.3,v 1.10.2.1 2000/04/22 16:36:00 phantom Exp $
-.\" $DragonFly: src/lib/libskey/skey.3,v 1.6 2007/07/30 22:11:33 swildner Exp $
-.\"
-.Dd December 22, 1996
-.Dt SKEY 3
-.Os
-.Sh NAME
-.Nm skeylookup ,
-.Nm skeyverify ,
-.Nm skeychallenge ,
-.Nm skeyinfo ,
-.Nm skeyaccess ,
-.Nm skey_getpass ,
-.Nm skey_crypt
-.Nd library routines for S/Key password control table access
-.Sh LIBRARY
-.Lb libskey
-.Sh SYNOPSIS
-.In stdio.h
-.In skey.h
-.Ft int
-.Fn skeylookup "struct skey *mp" "const char *name"
-.Ft int
-.Fn skeyverify "struct skey *mp" "char *response"
-.Ft int
-.Fn skeychallenge "struct skey *mp" "const char *name" "char *challenge"
-.Ft int
-.Fn skeyinfo "struct skey *mp" "const char *name" "char *ss"
-.Ft int
-.Fn skeyaccess "char *user" "const char *port" "const char *host" "const char *addr"
-.Ft char *
-.Fn skey_getpass "const char *prompt" "struct passwd *pwd" "int pwok"
-.Ft const char *
-.Fn skey_crypt "char *pp" "char *salt" "struct passwd *pwd" "int pwok"
-.Sh DESCRIPTION
-These routes support the S/Key one time password system used for
-accessing computer systems.
-See
-.Xr skey 1
-for more information about the S/Key system itself.
-.Pp
-.Pp
-.Fn skeylookup
-finds an entry in the one-time password database.
-On success (an entry is found corresponding to the given name),
-they skey structure passed by the caller is filled and 0 is
-returned, with the file read/write pointer positioned at the
-beginning of the record found.
-If no entry is found corresponding to the given name, the file
-read/write pointer is positioned at end of file and the routine
-returns 1.
-If the database cannot be opened or an access error occurs,
-.Fn skeylookup
-returns -1.
-.Pp
-The
-.Fn skeyinfo
-function looks up skey info for user 'name'.
-If successful, the caller's skey structure is filled and
-.Fn skeyinfo
-returns 0.
-If an optional challenge string buffer is given, it is updated.
-If unsuccessful (e.g. if the name is unknown, or the database
-cannot be accessed) -1 is returned.
-.Pp
-.Fn skeychallenge
-returns an skey challenge string for 'name'.
-If successful, the caller's skey structure is filled, and
-the function returns 0, with the file read/write pointer
-left at the start of the record.
-If unsuccessful (ie. the name was not found), the function
-returns -1 and the database is closed.
-.Pp
-.Fn skeyverify
-verifies a response to an s/key challenge.
-If this function returns 0, the verify was successful and
-the database was updated.
-If 1 is returned, the verify failed and the database remains
-unchanged.
-If -1 is returned, some sort of error occurred with the database,
-and the database is left unchanged.
-The s/key database is always closed by this call.
-.Pp
-The
-.Fn skey_getpass
-function may be used to read regular or s/key passwords.
-The prompt to use is passed to the function, along with the
-full (secure) struct passwd for the user to be verified.
-.Fn skey_getpass
-uses the standard library getpass on the first attempt at
-retrieving the user's password, and if that is blank, turns
-echo back on and retrieves the S/Key password.
-In either case, the entered string is returned back to the
-caller.
-.Pp
-The
-.Fn skey_crypt
-is a wrapper function for the standard library
-.Xr crypt 3 ,
-which returns the encrypted
-.Ux
-password if either the given
-s/key or regular passwords are ok.
-.Fn skey_crypt
-first attempts verification of the given password via the skey
-method, and will return the encrypted password from the
-passwd structure if it can be verified, as though the user had
-actually entered the correct
-.Ux
-password.
-If s/key password verification does not work, then the password
-is encrypted in the usual way and the result passed back to the
-caller.
-If the passwd structure pointer is NULL,
-.Fn skey_crypt
-returns a non-NULL string which could not possibly be a valid
-.Ux
-password (namely, a string containing ":").
-.Pp
-The
-.Fn skeyaccess
-function determines whether traditional
-.Ux
-(non-S/Key) passwords
-are permitted for any combination of user name, group member,
-terminal port, host name, and network.  If
-.Ux
-passwords are allowed,
-.Fn skeyaccess
-returns a non-zero value.  If
-.Ux
-passwords are not allowed, it
-returns 0.  See
-.Xr skey.access 5
-for more information on the layout and structure of the
-skey.access configuration file which this function uses.
-.Sh RETURN VALUES
-See above.
-.Sh SEE ALSO
-.Xr skey 1 ,
-.Xr skey.access 5
-.Sh AUTHORS
-.An Phil Karn ,
-.An Neil M. Haller ,
-.An John S. Walden ,
-.An Scott Chasin
-.Sh BUGS
-No advisory locking is done on the s/key database to guard against
-simultaneous access from multiple processes.
-This is not normally a problem when keys are added to or updated
-in the file, but may be problematic when keys are removed.
diff --git a/lib/libskey/skey.access.5 b/lib/libskey/skey.access.5
deleted file mode 100644 (file)
index 7c8c397..0000000
+++ /dev/null
@@ -1,225 +0,0 @@
-.\" $FreeBSD: src/lib/libskey/skey.access.5,v 1.5.2.1 2001/01/12 18:06:50 ru Exp $
-.\" $DragonFly: src/lib/libskey/skey.access.5,v 1.3 2006/02/17 19:35:07 swildner Exp $
-.\"
-.Dd January 12, 2001
-.Dt SKEY.ACCESS 5
-.Os
-.Sh NAME
-.Nm skey.access
-.Nd "S/Key password control table"
-.Sh DESCRIPTION
-The S/Key password control table
-.Pq Pa /etc/skey.access
-is used by
-.Nm login Ns \-like
-programs to determine when
-.Ux
-passwords may be used
-to access the system.
-.Bl -bullet
-.It
-When the table does not exist, there are no password restrictions.
-The user may enter the
-.Ux
-password or the S/Key one.
-.It
-When the table does exist,
-.Ux
-passwords are permitted only when
-explicitly specified.
-.It
-For the sake of sanity,
-.Ux
-passwords are always permitted on the
-systems console.
-.El
-.Sh TABLE FORMAT
-The format of the table is one rule per line.
-Rules are matched in order.
-The search terminates when the first matching rule is found, or
-when the end of the table is reached.
-.Pp
-Rules have the form:
-.Pp
-.Bl -item -offset indent -compact
-.It
-.Ic permit
-.Ar condition condition ...
-.It
-.Ic deny
-.Ar condition condition ...
-.El
-.Pp
-where
-.Ic permit
-and
-.Ic deny
-may be followed by zero or more
-.Ar conditions .
-Comments begin with a
-.Ql #
-character, and extend through the end of the line.
-Empty lines or
-lines with only comments are ignored.
-.Pp
-A rule is matched when all conditions are satisfied.
-A rule without
-conditions is always satisfied.
-For example, the last entry could
-be a line with just the word
-.Ic deny
-on it.
-.Sh CONDITIONS
-.Bl -tag -width indent
-.It Ic hostname Ar wzv.win.tue.nl
-True when the login comes from host
-.Ar wzv.win.tue.nl .
-See the
-.Sx WARNINGS
-section below.
-.It Ic internet Ar 131.155.210.0 255.255.255.0
-True when the remote host has an internet address in network
-.Ar 131.155.210 .
-The general form of a net/mask rule is:
-.Pp
-.D1 Ic internet Ar net mask
-.Pp
-The expression is true when the host has an internet address for which
-the bitwise and of
-.Ar address
-and
-.Ar mask
-equals
-.Ar net .
-See the
-.Sx WARNINGS
-section below.
-.It Ic port Ar ttya
-True when the login terminal is equal to
-.Pa /dev/ttya .
-Remember that
-.Ux
-passwords are always permitted with logins on the
-system console.
-.It Ic user Ar uucp
-True when the user attempts to log in as
-.Ar uucp .
-.It Ic group Ar wheel
-True when the user attempts to log in as a member of the
-.Ar wheel
-group.
-.El
-.Sh FILES
-.Bl -tag -width /etc/skey.access
-.It Pa /etc/skey.access
-password control table
-.El
-.Sh DIAGNOSTICS
-Syntax errors are reported to the
-.Xr syslogd 8 .
-When an error is found
-the rule is skipped.
-.Sh COMPATIBILITY
-For the sake of backwards compatibility, the
-.Ic internet
-keyword may be omitted from net/mask patterns.
-.Sh WARNINGS
-When the S/Key control table
-.Pq Pa /etc/skey.access
-exists, users without S/Key passwords will be able to login only
-where its rules allow the use of
-.Ux
-passwords.
-In particular, this
-means that an invocation of
-.Xr login 1
-in a pseudo-tty (e.g. from
-within
-.Xr xterm 1
-or
-.Xr screen 1
-will be treated as a login
-that is neither from the console nor from the network, mandating the use
-of an S/Key password.
-Such an invocation of
-.Xr login 1
-will necessarily
-fail for those users who do not have an S/Key password.
-.Pp
-Several rule types depend on host name or address information obtained
-through the network.
-What follows is a list of conceivable attacks to force the system to permit
-.Ux
-passwords.
-.Ss "Host address spoofing (source routing)"
-An intruder configures a local interface to an address in a trusted
-network and connects to the victim using that source address.
-Given
-the wrong client address, the victim draws the wrong conclusion from
-rules based on host addresses or from rules based on host names derived
-from addresses.
-.Pp
-Remedies:
-.Bl -enum
-.It
-do not permit
-.Ux
-passwords with network logins;
-.It
-use network software that discards source routing information (e.g.\&
-a tcp wrapper).
-.El
-.Pp
-Almost every network server must look up the client host name using the
-client network address.
-The next obvious attack therefore is:
-.Ss "Host name spoofing (bad PTR record)"
-An intruder manipulates the name server system so that the client
-network address resolves to the name of a trusted host.
-Given the
-wrong host name, the victim draws the wrong conclusion from rules based
-on host names, or from rules based on addresses derived from host
-names.
-.Pp
-Remedies:
-.Bl -enum
-.It
-do not permit
-.Ux
-passwords with network logins;
-.It
-use
-network software that verifies that the hostname resolves to the client
-network address (e.g. a tcp wrapper).
-.El
-.Pp
-Some applications, such as the
-.Ux
-.Xr login 1
-program, must look up the
-client network address using the client host name.
-In addition to the
-previous two attacks, this opens up yet another possibility:
-.Ss "Host address spoofing (extra A record)"
-An intruder manipulates the name server system so that the client host
-name (also) resolves to a trusted address.
-.Pp
-Remedies:
-.Bl -enum
-.It
-do not permit
-.Ux
-passwords with network logins;
-.It
-the
-.Fn skeyaccess
-routines ignore network addresses that appear to
-belong to someone else.
-.El
-.Sh SEE ALSO
-.Xr login 1 ,
-.Xr syslogd 8
-.Sh AUTHORS
-.An Wietse Venema ,
-Eindhoven University of Technology,
-The Netherlands.
diff --git a/lib/libskey/skey.h b/lib/libskey/skey.h
deleted file mode 100644 (file)
index e67d6f2..0000000
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * $DragonFly: src/lib/libskey/skey.h,v 1.3 2003/11/12 20:21:31 eirikn Exp $
- */
-
-#ifndef _SKEY_H_
-#define _SKEY_H_
-
-#include <sys/cdefs.h>
-
-/* Server-side data structure for reading keys file during login */
-struct skey {
-       FILE *keyfile;
-       char buf[256];
-       char *logname;
-       int n;
-       char *seed;
-       char *val;
-       long    recstart; /*needed so reread of buffer is efficient*/
-};
-
-#ifdef _SKEY_INTERNAL
-/* Client-side structure for scanning data stream for challenge */
-struct mc {
-       char buf[256];
-       int skip;
-       int cnt;
-};
-
-#define atob8           _sk_atob8
-#define btoa8           _sk_btoa8
-#define btoe            _sk_btoe
-#define etob            _sk_etob
-#define f               _sk_f
-#define htoi            _sk_htoi
-#define keycrunch       _sk_keycrunch
-#define put8            _sk_put8
-#define readpass        _sk_readpass
-#define rip             _sk_rip
-#define sevenbit        _sk_sevenbit
-
-void f (char *x);
-int keycrunch (char *result,const char *seed,const char *passwd);
-char *btoe (char *engout,char *c);
-char *put8 (char *out,char *s);
-int atob8 (char *out, char *in);
-int btoa8 (char *out, char *in);
-int htoi (char c);
-int etob (char *out,char *e);
-void sevenbit (char *s);
-char *readpass (char *buf, int n);
-void rip (char *buf);
-#endif  /* _SKEY_INTERNAL */
-
-/* Simplified application programming interface. */
-#include <pwd.h>
-int skeylookup (struct skey *mp, const char *name);
-int skeyverify (struct skey *mp, char *response);
-int skeychallenge (struct skey *mp, const char *name, char *challenge);
-int skeyinfo (struct skey *mp, const char* name, char *ss);
-int skeyaccess (char *user, const char *port, const char *host, const char *addr);
-char *skey_getpass (const char *prompt, struct passwd * pwd, int pwok);
-const char *skey_crypt (char *pp, char *salt, struct passwd *pwd, int pwok);
-
-#endif /* _SKEY_H_ */
diff --git a/lib/libskey/skey_crypt.c b/lib/libskey/skey_crypt.c
deleted file mode 100644 (file)
index e85f9ce..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-/* Author: Wietse Venema, Eindhoven University of Technology. */
-/* $DragonFly: src/lib/libskey/skey_crypt.c,v 1.2 2008/09/30 16:57:05 swildner Exp $ */
-
-#include <string.h>
-#include <stdio.h>
-#include <pwd.h>
-#include <unistd.h>
-
-#include "skey.h"
-
-/* skey_crypt - return encrypted UNIX passwd if s/key or regular password ok */
-
-const char *
-skey_crypt(char *pp, char *salt, struct passwd *pwd, int pwok)
-{
-    struct skey skey;
-    char   *p;
-
-    /* Try s/key authentication even when the UNIX password is permitted. */
-
-    if (pwd != 0 && skeyinfo(&skey, pwd->pw_name, (char *) 0) == 0
-       && skeyverify(&skey, pp) == 0) {
-       /* s/key authentication succeeded */
-       return (pwd->pw_passwd);
-    }
-
-    /* When s/key authentication does not work, always invoke crypt(). */
-
-    p = crypt(pp, salt);
-    if (pwok && pwd != 0 && strcmp(p, pwd->pw_passwd) == 0)
-       return (pwd->pw_passwd);
-
-    /* The user does not exist or entered bad input. */
-
-    return (":");
-}
diff --git a/lib/libskey/skey_getpass.c b/lib/libskey/skey_getpass.c
deleted file mode 100644 (file)
index e788a8a..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-/* $DragonFly: src/lib/libskey/skey_getpass.c,v 1.2 2008/09/30 16:57:05 swildner Exp $ */
-
-#include <unistd.h>
-#include <stdio.h>
-#include <skey.h>
-
-/* skey_getpass - read regular or s/key password */
-
-char *
-skey_getpass(const char *prompt, struct passwd *pwd, int pwok)
-{
-    static char buf[128];
-    struct skey skey;
-    char   *pass;
-    int     sflag;
-
-    /* Attempt an s/key challenge. */
-    sflag = (pwd == NULL || skeyinfo(&skey, pwd->pw_name, buf));
-    if (!sflag) {
-       printf("%s\n", buf);
-       if (!pwok)
-           printf("(s/key required)\n");
-    }
-
-    pass = getpass(prompt);
-
-    /* Give S/Key users a chance to do it with echo on. */
-    if (!sflag && !feof(stdin) && *pass == '\0') {
-       fputs(" (turning echo on)\n", stdout);
-       fputs(prompt, stdout);
-       fflush(stdout);
-       fgets(buf, sizeof(buf), stdin);
-       rip(buf);
-       return (buf);
-    } else
-       return (pass);
-}
diff --git a/lib/libskey/skeyaccess.c b/lib/libskey/skeyaccess.c
deleted file mode 100644 (file)
index 90e5f97..0000000
+++ /dev/null
@@ -1,590 +0,0 @@
- /*
-  * Figure out if UNIX passwords are permitted for any combination of user
-  * name, group member, terminal port, host_name or network:
-  *
-  * Programmatic interface: skeyaccess(user, port, host, addr)
-  *
-  * All arguments are null-terminated strings. Specify a null character pointer
-  * where information is not available.
-  *
-  * When no address information is given this code performs the host (internet)
-  * address lookup itself. It rejects addresses that appear to belong to
-  * someone else.
-  *
-  * When compiled with -DPERMIT_CONSOLE always permits UNIX passwords with
-  * console logins, no matter what the configuration file says.
-  *
-  * To build a stand-alone test version, compile with -DTEST and run it off an
-  * skey.access file in the current directory:
-  *
-  * Command-line interface: ./skeyaccess user port [host_or_ip_addr]
-  *
-  * Errors are reported via syslogd.
-  *
-  * Author: Wietse Venema, Eindhoven University of Technology.
-  *
-  * $FreeBSD: src/lib/libskey/skeyaccess.c,v 1.9.6.2 2002/08/12 19:42:24 iedowse Exp $
-  * $DragonFly: src/lib/libskey/skeyaccess.c,v 1.5 2008/09/30 16:57:05 swildner Exp $
-  */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <string.h>
-#include <netdb.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-#include <grp.h>
-#include <pwd.h>
-#include <ctype.h>
-#include <syslog.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/param.h>
-
-#include "pathnames.h"
-
- /*
-  * Token input with one-deep pushback.
-  */
-static char *prev_token = 0;           /* push-back buffer */
-static char *line_pointer = NULL;
-static char *first_token (char *, int, FILE *);
-static int line_number;
-static void unget_token (char *);
-static char *get_token (void);
-static char *need_token (void);
-static char *need_internet_addr (void);
-
- /*
-  * Various forms of token matching.
-  */
-#define match_host_name(l)     match_token((l)->host_name)
-#define match_port(l)          match_token((l)->port)
-#define match_user(l)          match_token((l)->user)
-struct login_info;
-static int match_internet_addr (struct login_info *);
-static int match_group (struct login_info *);
-static int match_token (char *);
-static int is_internet_addr (char *);
-static struct addrinfo *convert_internet_addr (char *);
-static struct addrinfo *lookup_internet_addr (char *);
-
-#define MAX_ADDR       32
-#define PERMIT         1
-#define DENY           0
-
-#ifndef CONSOLE
-#define CONSOLE                "console"
-#endif
-#ifndef VTY_PREFIX
-#define VTY_PREFIX      "ttyv"
-#endif
-
-struct login_info {
-    char   *host_name;                 /* host name */
-    struct addrinfo *internet_addr;    /* addrinfo chain */
-    char   *user;                      /* user name */
-    char   *port;                      /* login port */
-};
-
-static int _skeyaccess (FILE *, struct login_info *);
-int skeyaccess (char *, char *, char *, char *);
-
-/* skeyaccess - find out if UNIX passwords are permitted */
-
-int
-skeyaccess(char *user, char *port, char *host, char *addr)
-{
-    FILE   *fp;
-    struct login_info login_info;
-    int     result;
-
-    /*
-     * Assume no restriction on the use of UNIX passwords when the s/key
-     * acces table does not exist.
-     */
-    if ((fp = fopen(_PATH_SKEYACCESS, "r")) == 0) {
-#ifdef TEST
-       fprintf(stderr, "No file %s, thus no access control\n", _PATH_SKEYACCESS);
-#endif
-       return (PERMIT);
-    }
-
-    /*
-     * Bundle up the arguments in a structure so we won't have to drag around
-     * boring long argument lists.
-     *
-     * Look up the host address when only the name is given. We try to reject
-     * addresses that belong to someone else.
-     */
-    login_info.user = user;
-    login_info.port = port;
-
-    if (host != NULL && !is_internet_addr(host)) {
-       login_info.host_name = host;
-    } else {
-       login_info.host_name = NULL;
-    }
-
-    if (addr != NULL && is_internet_addr(addr)) {
-       login_info.internet_addr = convert_internet_addr(addr);
-    } else if (host != NULL) {
-       if (is_internet_addr(host)) {
-           login_info.internet_addr = convert_internet_addr(host);
-       } else {
-           login_info.internet_addr = lookup_internet_addr(host);
-       }
-    } else {
-       login_info.internet_addr = NULL;
-    }
-
-    /*
-     * Print what we think the user wants us to do.
-     */
-#ifdef TEST
-    printf("port: %s\n", login_info.port);
-    printf("user: %s\n", login_info.user);
-    printf("host: %s\n", login_info.host_name ? login_info.host_name : "none");
-    printf("addr: ");
-    if (login_info.internet_addr == NULL) {
-       printf("none\n");
-    } else {
-       struct addrinfo *res;
-       char haddr[NI_MAXHOST];
-
-       for (res = login_info.internet_addr; res; res = res->ai_next) {
-           getnameinfo(res->ai_addr, res->ai_addrlen, haddr, sizeof(haddr),
-                       NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID);
-           printf("%s%s", haddr, res->ai_next ? " " : "\n");
-       }
-    }
-#endif
-    result = _skeyaccess(fp, &login_info);
-    fclose(fp);
-    if (login_info.internet_addr)
-       freeaddrinfo(login_info.internet_addr);
-    return (result);
-}
-
-/* _skeyaccess - find out if UNIX passwords are permitted */
-
-static int
-_skeyaccess(FILE *fp, struct login_info *login_info)
-{
-    char    buf[BUFSIZ];
-    char   *tok;
-    int     match;
-    int     permission=DENY;
-
-#ifdef PERMIT_CONSOLE
-    if (login_info->port != 0 &&
-       (strcmp(login_info->port, CONSOLE) == 0 ||
-        strncmp(login_info->port, VTY_PREFIX, sizeof(VTY_PREFIX) - 1) == 0
-       )
-       )
-       return (1);
-#endif
-
-    /*
-     * Scan the s/key access table until we find an entry that matches. If no
-     * match is found, assume that UNIX passwords are disallowed.
-     */
-    match = 0;
-    while (match == 0 && (tok = first_token(buf, sizeof(buf), fp))) {
-       if (strncasecmp(tok, "permit", 4) == 0) {
-           permission = PERMIT;
-       } else if (strncasecmp(tok, "deny", 4) == 0) {
-           permission = DENY;
-       } else {
-           syslog(LOG_ERR, "%s: line %d: bad permission: %s",
-                  _PATH_SKEYACCESS, line_number, tok);
-           continue;                           /* error */
-       }
-
-       /*
-        * Process all conditions in this entry until we find one that fails.
-        */
-       match = 1;
-       while (match != 0 && (tok = get_token())) {
-           if (strcasecmp(tok, "hostname") == 0) {
-               match = match_host_name(login_info);
-           } else if (strcasecmp(tok, "port") == 0) {
-               match = match_port(login_info);
-           } else if (strcasecmp(tok, "user") == 0) {
-               match = match_user(login_info);
-           } else if (strcasecmp(tok, "group") == 0) {
-               match = match_group(login_info);
-           } else if (strcasecmp(tok, "internet") == 0) {
-               match = match_internet_addr(login_info);
-           } else if (is_internet_addr(tok)) {
-               unget_token(tok);
-               match = match_internet_addr(login_info);
-           } else {
-               syslog(LOG_ERR, "%s: line %d: bad condition: %s",
-                      _PATH_SKEYACCESS, line_number, tok);
-               match = 0;
-           }
-       }
-    }
-    return (match ? permission : DENY);
-}
-
-/* translate IPv4 mapped IPv6 address to IPv4 address */
-
-static void
-ai_unmapped(struct addrinfo *ai)
-{
-    struct sockaddr_in6 *sin6;
-    struct sockaddr_in *sin4;
-    u_int32_t addr;
-    int port;
-
-    if (ai->ai_family != AF_INET6)
-       return;
-    sin6 = (struct sockaddr_in6 *)ai->ai_addr;
-    if (!IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
-       return;
-    sin4 = (struct sockaddr_in *)ai->ai_addr;
-    addr = *(u_int32_t *)&sin6->sin6_addr.s6_addr[12];
-    port = sin6->sin6_port;
-    memset(sin4, 0, sizeof(struct sockaddr_in));
-    sin4->sin_addr.s_addr = addr;
-    sin4->sin_port = port;
-    sin4->sin_family = AF_INET;
-    sin4->sin_len = sizeof(struct sockaddr_in);
-    ai->ai_family = AF_INET;
-    ai->ai_addrlen = sizeof(struct sockaddr_in);
-}
-
-/* match_internet_addr - match internet network address */
-
-static int
-match_internet_addr(struct login_info *login_info)
-{
-    char *tok;
-    struct addrinfo *res;
-    struct sockaddr_storage pattern, mask;
-    struct sockaddr_in *addr4, *pattern4, *mask4;
-    struct sockaddr_in6 *addr6, *pattern6, *mask6;
-    int i, match;
-
-    if (login_info->internet_addr == NULL)
-       return (0);
-    if ((tok = need_internet_addr()) == 0)
-       return (0);
-    if ((res = convert_internet_addr(tok)) == NULL)
-       return (0);
-    memcpy(&pattern, res->ai_addr, res->ai_addrlen);
-    freeaddrinfo(res);
-    if ((tok = need_internet_addr()) == 0)
-       return (0);
-    if ((res = convert_internet_addr(tok)) == NULL)
-       return (0);
-    memcpy(&mask, res->ai_addr, res->ai_addrlen);
-    freeaddrinfo(res);
-    if (pattern.ss_family != mask.ss_family)
-       return (0);
-    mask4 = (struct sockaddr_in *)&mask;
-    pattern4 = (struct sockaddr_in *)&pattern;
-    mask6 = (struct sockaddr_in6 *)&mask;
-    pattern6 = (struct sockaddr_in6 *)&pattern;
-
-    /*
-     * See if any of the addresses matches a pattern in the control file. We
-     * have already tried to drop addresses that belong to someone else.
-     */
-
-    for (res = login_info->internet_addr; res; res = res->ai_next) {
-       ai_unmapped(res);
-       if (res->ai_family != pattern.ss_family)
-           continue;
-       switch (res->ai_family) {
-       case AF_INET:
-           addr4 = (struct sockaddr_in *)res->ai_addr;
-           if (addr4->sin_addr.s_addr != INADDR_NONE &&
-               (addr4->sin_addr.s_addr & mask4->sin_addr.s_addr) == pattern4->sin_addr.s_addr)
-               return (1);
-           break;
-       case AF_INET6:
-           addr6 = (struct sockaddr_in6 *)res->ai_addr;
-           if (pattern6->sin6_scope_id != 0 &&
-               addr6->sin6_scope_id != pattern6->sin6_scope_id)
-               break;
-           match = 1;
-           for (i = 0; i < 16; ++i) {
-               if ((addr6->sin6_addr.s6_addr[i] & mask6->sin6_addr.s6_addr[i]) != pattern6->sin6_addr.s6_addr[i]) {
-                   match = 0;
-                   break;
-               }
-           }
-           if (match)
-               return (1);
-           break;
-       }
-    }
-    return (0);
-}
-
-/* match_group - match username against group */
-
-static int
-match_group(struct login_info *login_info)
-{
-    struct passwd *passwd;
-    struct group *group;
-    char   *tok;
-    char  **memp;
-
-    if ((tok = need_token()) &&
-       (passwd = getpwnam(login_info->user)) && (group = getgrnam(tok))) {
-       if (passwd->pw_gid == (gid_t)group->gr_gid)
-           return (1);
-       for (memp = group->gr_mem; *memp; memp++)
-           if (strcmp(login_info->user, *memp) == 0)
-               return (1);
-    }
-    return (0);                                        /* XXX endgrent() */
-}
-
-/* match_token - get and match token */
-
-static int
-match_token(char *str)
-{
-    char   *tok;
-
-    return (str && (tok = need_token()) && strcasecmp(str, tok) == 0);
-}
-
-/* first_token - read line and return first token */
-
-static char *
-first_token(char *buf, int len, FILE *fp)
-{
-    char   *cp;
-
-    prev_token = 0;
-    for (;;) {
-       if (fgets(buf, len, fp) == 0)
-           return (0);
-       line_number++;
-       buf[strcspn(buf, "\r\n#")] = 0;
-#ifdef TEST
-       if (buf[0])
-           printf("rule: %s\n", buf);
-#endif
-       line_pointer = buf;
-       while ((cp = strsep(&line_pointer, " \t")) != NULL && *cp == '\0')
-               ;
-       if (cp != NULL)
-           return (cp);
-    }
-}
-
-/* unget_token - push back last token */
-
-static void
-unget_token(char *cp)
-{
-    prev_token = cp;
-}
-
-/* get_token - retrieve next token from buffer */
-
-static char *
-get_token(void)
-{
-    char   *cp;
-
-    if ( (cp = prev_token) ) {
-       prev_token = 0;
-    } else {
-       while ((cp = strsep(&line_pointer, " \t")) != NULL && *cp == '\0')
-               ;
-    }
-    return (cp);
-}
-
-/* need_token - complain if next token is not available */
-
-static char *
-need_token(void)
-{
-    char   *cp;
-
-    if ((cp = get_token()) == 0)
-       syslog(LOG_ERR, "%s: line %d: premature end of rule",
-              _PATH_SKEYACCESS, line_number);
-    return (cp);
-}
-
-/* need_internet_addr - complain if next token is not an internet address */
-
-static char *
-need_internet_addr(void)
-{
-    char   *cp;
-
-    if ((cp = get_token()) == 0) {
-       syslog(LOG_ERR, "%s: line %d: internet address expected",
-              _PATH_SKEYACCESS, line_number);
-       return (0);
-    } else if (!is_internet_addr(cp)) {
-       syslog(LOG_ERR, "%s: line %d: bad internet address: %s",
-              _PATH_SKEYACCESS, line_number, cp);
-       return (0);
-    } else {
-       return (cp);
-    }
-}
-
-/* is_internet_addr - determine if string is a dotted quad decimal address */
-
-static int
-is_internet_addr(char *str)
-{
-    struct addrinfo *res;
-
-    if ((res = convert_internet_addr(str)) != NULL)
-       freeaddrinfo(res);
-    return (res != NULL);
-}
-
-/*
- * Nuke addrinfo entry from list.
- * XXX: Depending on the implementation of KAME's getaddrinfo(3).
- */
-static void
-nuke_ai(struct addrinfo **aip)
-{
-    struct addrinfo *ai;
-
-    ai = *aip;
-    *aip = ai->ai_next;
-    if (ai->ai_canonname) {
-       if (ai->ai_next && !ai->ai_next->ai_canonname)
-           ai->ai_next->ai_canonname = ai->ai_canonname;
-       else
-           free(ai->ai_canonname);
-    }
-    free(ai);
-}
-
-/* lookup_internet_addr - look up internet addresses with extreme prejudice */
-
-static struct addrinfo *
-lookup_internet_addr(char *host)
-{
-    struct addrinfo hints, *res0, *res, **resp;
-    char hname[NI_MAXHOST], haddr[NI_MAXHOST];
-    int error;
-
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_flags = AI_PASSIVE | AI_CANONNAME;
-    if (getaddrinfo(host, NULL, &hints, &res0) != 0)
-       return (NULL);
-    if (res0->ai_canonname == NULL) {
-       freeaddrinfo(res0);
-       return (NULL);
-    }
-
-    /*
-     * Wipe addresses that appear to belong to someone else. We will get
-     * false alarms when when the hostname comes from DNS, while its
-     * addresses are listed under different names in local databases.
-     */
-#define NEQ(x,y)       (strcasecmp((x),(y)) != 0)
-#define NEQ3(x,y,n)    (strncasecmp((x),(y), (n)) != 0)
-
-    resp = &res0;
-    while ((res = *resp) != NULL) {
-       if (res->ai_family != AF_INET && res->ai_family != AF_INET6) {
-           nuke_ai(resp);
-           continue;
-       }
-       error = getnameinfo(res->ai_addr, res->ai_addrlen,
-                           hname, sizeof(hname),
-                           NULL, 0, NI_NAMEREQD | NI_WITHSCOPEID);
-       if (error) {
-           getnameinfo(res->ai_addr, res->ai_addrlen, haddr, sizeof(haddr),
-                       NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID);
-           syslog(LOG_ERR, "address %s not registered for host %s",
-                  haddr, res0->ai_canonname);
-           nuke_ai(resp);
-           continue;
-       }
-       if (NEQ(res0->ai_canonname, hname) &&
-           NEQ3(res0->ai_canonname, "localhost.", 10)) {
-           getnameinfo(res->ai_addr, res->ai_addrlen, haddr, sizeof(haddr),
-                       NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID);
-           syslog(LOG_ERR, "address %s registered for host %s and %s",
-                  haddr, hname, res0->ai_canonname);
-           nuke_ai(resp);
-           continue;
-       }
-       resp = &res->ai_next;
-    }
-    return (res0);
-}
-
-/* convert_internet_addr - convert string to internet address */
-
-static struct addrinfo *
-convert_internet_addr(char *string)
-{
-    struct addrinfo hints, *res;
-
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
-    if (getaddrinfo(string, NULL, &hints, &res) != 0)
-       return (NULL);
-    return (res);
-}
-
-#ifdef TEST
-
-int
-main(int argc, char **argv)
-{
-    struct addrinfo hints, *res;
-    char    host[MAXHOSTNAMELEN + 1];
-    int     verdict;
-    char   *user;
-    char   *port;
-
-    if (argc != 3 && argc != 4) {
-       fprintf(stderr, "usage: %s user port [host_or_ip_address]\n", argv[0]);
-       exit(0);
-    }
-    if (_PATH_SKEYACCESS[0] != '/')
-       printf("Warning: this program uses control file: %s\n", _PATH_SKEYACCESS);
-    openlog("login", LOG_PID, LOG_AUTH);
-
-    user = argv[1];
-    port = argv[2];
-    if (argv[3]) {
-       memset(&hints, 0, sizeof(hints));
-       hints.ai_family = PF_UNSPEC;
-       hints.ai_socktype = SOCK_STREAM;
-       hints.ai_flags = AI_PASSIVE | AI_CANONNAME;
-       if (getaddrinfo(argv[3], NULL, &hints, &res) == 0) {
-           if (res->ai_canonname == NULL)
-               strncpy(host, argv[3], MAXHOSTNAMELEN);
-           else
-               strncpy(host, res->ai_canonname, MAXHOSTNAMELEN);
-           freeaddrinfo(res);
-       } else
-           strncpy(host, argv[3], MAXHOSTNAMELEN);
-       host[MAXHOSTNAMELEN] = 0;
-    }
-    verdict = skeyaccess(user, port, argv[3] ? host : (char *) 0, (char *) 0);
-    printf("UNIX passwords %spermitted\n", verdict ? "" : "NOT ");
-    return (0);
-}
-
-#endif
diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c
deleted file mode 100644 (file)
index ab2c198..0000000
+++ /dev/null
@@ -1,330 +0,0 @@
-/*   Login code for S/KEY Authentication.  S/KEY is a trademark
- *   of Bellcore.
- *
- *   Mink is the former name of the S/KEY authentication system.
- *   Many references for mink  may still be found in this program.
- *
- * $FreeBSD: src/lib/libskey/skeylogin.c,v 1.14.6.1 2000/07/18 11:38:24 sheldonh Exp $
- * $DragonFly: src/lib/libskey/skeylogin.c,v 1.5 2008/09/30 16:57:06 swildner Exp $
- */
-
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <utmp.h>
-
-#include "skey.h"
-#include "pathnames.h"
-
-static char *skipspace (char *);
-
-#define setpriority(x,y,z)     /* nothing */
-
-static const char *month[12] = {
-       "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-       "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
-};
-
-/* Look up skey info for user 'name'. If successful, fill in the caller's
- * skey structure and return 0. If unsuccessful (e.g., if name is unknown)
- * return -1. If an optional challenge string buffer is given, update it.
- *
- * The file read/write pointer is left at the start of the
- * record.
- */
-int
-skeyinfo(struct skey *mp, const char *name, char *ss)
-{
-       int rval;
-
-       rval = skeylookup(mp,name);
-       switch(rval){
-       case -1:        /* File error */
-               return -1;
-       case 0:         /* Lookup succeeded */
-               if (ss != 0) {
-                       sprintf(ss, "s/key %d %s",mp->n - 1,mp->seed);
-                       fclose(mp->keyfile);
-               }
-               return 0;
-       case 1:         /* User not found */
-               fclose(mp->keyfile);
-               return -1;
-       }
-       return -1;      /* Can't happen */
-}
-
-/* Return  a skey challenge string for user 'name'. If successful,
- * fill in the caller's skey structure and return 0. If unsuccessful
- * (e.g., if name is unknown) return -1.
- *
- * The file read/write pointer is left at the start of the
- * record.
- */
-int
-skeychallenge(struct skey *mp, const char *name, char *ss)
-{
-       int rval;
-
-       rval = skeylookup(mp,name);
-       switch(rval){
-       case -1:        /* File error */
-               return -1;
-       case 0:         /* Lookup succeeded, issue challenge */
-                sprintf(ss, "s/key %d %s",mp->n - 1,mp->seed);
-               return 0;
-       case 1:         /* User not found */
-               fclose(mp->keyfile);
-               return -1;
-       }
-       return -1;      /* Can't happen */
-}
-
-/* Find an entry in the One-time Password database.
- * Return codes:
- * -1: error in opening database
- *  0: entry found, file R/W pointer positioned at beginning of record
- *  1: entry not found, file R/W pointer positioned at EOF
- */
-int
-skeylookup(struct skey *mp, const char *name)
-{
-       int found;
-       size_t len;
-       long recstart = 0;
-       char *cp, *p;
-       struct stat statbuf;
-       mode_t oldmask;
-
-       /* See if the _PATH_SKEYFILE exists, and create it if not */
-       if(stat(_PATH_SKEYFILE,&statbuf) == -1 && errno == ENOENT){
-               oldmask = umask(S_IRWXG|S_IRWXO);
-               mp->keyfile = fopen(_PATH_SKEYFILE,"w+");
-               (void)umask(oldmask);
-       } else {
-               /* Otherwise open normally for update */
-               mp->keyfile = fopen(_PATH_SKEYFILE,"r+");
-       }
-       if(mp->keyfile == NULL)
-               return -1;
-
-       /* Look up user name in database */
-       len = strlen(name);
-       if(len > UT_NAMESIZE)
-               len = UT_NAMESIZE;
-       found = 0;
-       while(!feof(mp->keyfile)){
-               recstart = ftell(mp->keyfile);
-               mp->recstart = recstart;
-               if(fgets(mp->buf,sizeof(mp->buf),mp->keyfile) != mp->buf){
-                       break;
-               }
-               rip(mp->buf);
-               if(mp->buf[0] == '#')
-                       continue;       /* Comment */
-               p = mp->buf;
-               while ((cp = strsep(&p, " \t")) != NULL && *cp == '\0')
-                       ;
-               if((mp->logname = cp) == NULL)
-                       continue;
-               while ((cp = strsep(&p, " \t")) != NULL && *cp == '\0')
-                       ;
-               if(cp == NULL)
-                       continue;
-               mp->n = atoi(cp);
-               while ((cp = strsep(&p, " \t")) != NULL && *cp == '\0')
-                       ;
-               if((mp->seed = cp) == NULL)
-                       continue;
-               while ((cp = strsep(&p, " \t")) != NULL && *cp == '\0')
-                       ;
-               if((mp->val = cp) == NULL)
-                       continue;
-               if(strlen(mp->logname) == len
-                && strncmp(mp->logname,name,len) == 0){
-                       found = 1;
-                       break;
-               }
-       }
-       if(found){
-               fseek(mp->keyfile,recstart,0);
-               return 0;
-       } else
-               return 1;
-}
-/* Verify response to a s/key challenge.
- *
- * Return codes:
- * -1: Error of some sort; database unchanged
- *  0:  Verify successful, database updated
- *  1:  Verify failed, database unchanged
- *
- * The database file is always closed by this call.
- */
-int
-skeyverify(struct skey *mp, char *response)
-{
-       char key[8];
-       char fkey[8];
-       char filekey[8];
-       time_t now;
-       struct tm *tm;
-       char tbuf[27], fbuf[20];
-       char *cp, *p;
-
-       time(&now);
-       tm = localtime(&now);
-/* can't use %b here, because it can be in national form */
-       strftime(fbuf, sizeof(fbuf), "%d,%Y %T", tm);
-       snprintf(tbuf, sizeof(tbuf), " %s %s", month[tm->tm_mon], fbuf);
-
-       if(response == NULL){
-               fclose(mp->keyfile);
-               return -1;
-       }
-       rip(response);
-
-       /* Convert response to binary */
-       if(etob(key,response) != 1 && atob8(key,response) != 0){
-               /* Neither english words or ascii hex */
-               fclose(mp->keyfile);
-               return -1;
-       }
-
-       /* Compute fkey = f(key) */
-       memcpy(fkey,key,sizeof(key));
-       f(fkey);
-       /* in order to make the window of update as short as possible
-           we must do the comparison here and if OK write it back
-           other wise the same password can be used twice to get in
-          to the system
-       */
-
-       setpriority(PRIO_PROCESS, 0, -4);
-
-       /* reread the file record NOW*/
-
-       fseek(mp->keyfile,mp->recstart,0);
-       if(fgets(mp->buf,sizeof(mp->buf),mp->keyfile) != mp->buf){
-               setpriority(PRIO_PROCESS, 0, 0);
-               fclose(mp->keyfile);
-               return -1;
-       }
-       rip(mp->buf);
-       p = mp->buf;
-       while ((cp = strsep(&p, " \t")) != NULL && *cp == '\0')
-               ;
-       mp->logname = cp;
-       while ((cp = strsep(&p, " \t")) != NULL && *cp == '\0')
-               ;
-       while ((cp = strsep(&p, " \t")) != NULL && *cp == '\0')
-               ;
-       mp->seed = cp;
-       while ((cp = strsep(&p, " \t")) != NULL && *cp == '\0')
-               ;
-       mp->val = cp;
-       /* And convert file value to hex for comparison */
-       atob8(filekey,mp->val);
-
-       /* Do actual comparison */
-       if(memcmp(filekey,fkey,8) != 0){
-               /* Wrong response */
-               setpriority(PRIO_PROCESS, 0, 0);
-               fclose(mp->keyfile);
-               return 1;
-       }
-
-       /* Update key in database by overwriting entire record. Note
-        * that we must write exactly the same number of bytes as in
-        * the original record (note fixed width field for N)
-        */
-       btoa8(mp->val,key);
-       mp->n--;
-       fseek(mp->keyfile,mp->recstart,0);
-       fprintf(mp->keyfile,"%s %04d %-16s %s %-21s\n",mp->logname,mp->n,mp->seed,
-        mp->val, tbuf);
-
-       fclose(mp->keyfile);
-
-       setpriority(PRIO_PROCESS, 0, 0);
-       return 0;
-}
-
-
-/* Convert 8-byte hex-ascii string to binary array
- * Returns 0 on success, -1 on error
- */
-int
-atob8(char *out, char *in)
-{
-       int i;
-       int val;
-
-       if(in == NULL || out == NULL)
-               return -1;
-
-       for(i=0;i<8;i++){
-               if((in = skipspace(in)) == NULL)
-                       return -1;
-               if((val = htoi(*in++)) == -1)
-                       return -1;
-               *out = val << 4;
-
-               if((in = skipspace(in)) == NULL)
-                       return -1;
-               if((val = htoi(*in++)) == -1)
-                       return -1;
-               *out++ |= val;
-       }
-       return 0;
-}
-
-static
-char *
-skipspace(char *cp)
-{
-       while(*cp == ' ' || *cp == '\t')
-               cp++;
-
-       if(*cp == '\0')
-               return NULL;
-       else
-               return cp;
-}
-
-/* Convert 8-byte binary array to hex-ascii string */
-int
-btoa8(char *out, char *in)
-{
-       int i;
-
-       if(in == NULL || out == NULL)
-               return -1;
-
-       for(i=0;i<8;i++){
-               sprintf(out,"%02x",*in++ & 0xff);
-               out += 2;
-       }
-       return 0;
-}
-
-
-/* Convert hex digit to binary integer */
-int
-htoi(char c)
-{
-       if('0' <= c && c <= '9')
-               return c - '0';
-       if('a' <= c && c <= 'f')
-               return 10 + c - 'a';
-       if('A' <= c && c <= 'F')
-               return 10 + c - 'A';
-       return -1;
-}
diff --git a/lib/libskey/skeysubr.c b/lib/libskey/skeysubr.c
deleted file mode 100644 (file)
index 55f586a..0000000
+++ /dev/null
@@ -1,132 +0,0 @@
-/* $FreeBSD: src/lib/libskey/skeysubr.c,v 1.9.6.1 2000/07/20 20:13:42 obrien Exp $ */
-/* $DragonFly: src/lib/libskey/skeysubr.c,v 1.4 2008/09/30 16:57:06 swildner Exp $ */
-
-#include <err.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <fcntl.h>
-#include <termios.h>
-#include <signal.h>
-
-#include "skey.h"
-#include "mdx.h"
-
-/* Crunch a key:
- * concatenate the seed and the password, run through MDX and
- * collapse to 64 bits. This is defined as the user's starting key.
- *
- * result  8-byte result
- * seed    Seed, any length
- * passwd  Password, any length
- */
-int
-keycrunch(char *result, const char *seed, const char *passwd)
-{
-       char *buf;
-       MDX_CTX md;
-       u_int32_t results[4];
-       unsigned int buflen;
-
-       buflen = strlen(seed) + strlen(passwd);
-       if((buf = malloc(buflen+1)) == NULL)
-               return -1;
-       strcpy(buf,seed);
-       strcat(buf,passwd);
-
-       /* Crunch the key through MD[45] */
-       sevenbit(buf);
-       MDXInit(&md);
-       MDXUpdate(&md,(unsigned char *)buf,buflen);
-       MDXFinal((unsigned char *)results,&md);
-       free(buf);
-
-       results[0] ^= results[2];
-       results[1] ^= results[3];
-
-       memcpy(result,(char *)results,8);
-
-       return 0;
-}
-
-/* The one-way function f(). Takes 8 bytes and returns 8 bytes in place */
-void
-f(char *x)
-{
-       MDX_CTX md;
-       u_int32_t results[4];
-
-       MDXInit(&md);
-       MDXUpdate(&md,(unsigned char *)x,8);
-       MDXFinal((unsigned char *)results,&md);
-       /* Fold 128 to 64 bits */
-       results[0] ^= results[2];
-       results[1] ^= results[3];
-
-       memcpy(x,(char *)results,8);
-}
-
-/* Strip trailing cr/lf from a line of text */
-void
-rip(char *buf)
-{
-       buf[strcspn(buf, "\r\n")] = 0;
-}
-
-static struct termios saved_ttymode;
-
-static void interrupt (int);
-
-static void
-interrupt(int sig)
-{
-       tcsetattr(0, TCSANOW, &saved_ttymode);
-       err(1, "interrupted by signal %s", sys_siglist[sig]);
-}
-
-char *
-readpass(char *buf, int n)
-{
-       struct termios noecho_ttymode;
-       void (*oldsig) (int);
-
-       /* Save normal line editing modes */
-       tcgetattr(0, &saved_ttymode);
-       if ((oldsig = signal(SIGINT, SIG_IGN)) != SIG_IGN)
-               signal(SIGINT, interrupt);
-
-       /* Turn off echoing */
-       tcgetattr(0, &noecho_ttymode);
-       noecho_ttymode.c_lflag &= ~ECHO;
-       tcsetattr(0, TCSANOW, &noecho_ttymode);
-       fgets(buf,n,stdin);
-       rip(buf);
-
-       /* Restore previous tty modes */
-       tcsetattr(0, TCSANOW, &saved_ttymode);
-       if (oldsig != SIG_IGN)
-               signal(SIGINT, oldsig);
-
-       /*
-       after the secret key is taken from the keyboard, the line feed is
-       written to standard error instead of standard output.  That means that
-       anyone using the program from a terminal won't notice, but capturing
-       standard output will get the key words without a newline in front of
-       them.
-       */
-        fprintf(stderr, "\n");
-        fflush(stderr);
-       sevenbit(buf);
-
-       return buf;
-}
-
-void
-sevenbit(char *s)
-{
-       /* make sure there are only 7 bit code in the line*/
-       while(*s){
-               *s &= 0x7f;
-               s++;
-       }
-}
index 2cf0269..5ed8880 100644 (file)
@@ -1,7 +1,6 @@
 # $DragonFly: src/lib/pam_module/Makefile,v 1.4 2008/01/02 17:41:30 matthias Exp $
 
 SUBDIR=        pam_chroot \
-       pam_cleartext_pass_ok \
        pam_deny \
        pam_echo \
        pam_exec \
diff --git a/lib/pam_module/pam_cleartext_pass_ok/Makefile b/lib/pam_module/pam_cleartext_pass_ok/Makefile
deleted file mode 100644 (file)
index bc0f946..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-# $DragonFly: src/lib/pam_module/pam_cleartext_pass_ok/Makefile,v 1.3 2005/07/28 19:25:40 joerg Exp $
-
-LIB=   pam_cleartext_pass_ok
-SRCS=  pam_cleartext_pass_ok.c
-NOMAN=
-
-DPADD= ${LIBSKEY}
-LDADD= -lskey
-
-.include <bsd.lib.mk>
diff --git a/lib/pam_module/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c b/lib/pam_module/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c
deleted file mode 100644 (file)
index fd4d4ce..0000000
+++ /dev/null
@@ -1,70 +0,0 @@
-/*-
- * Copyright 1998 Juniper Networks, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *     $FreeBSD: src/lib/libpam/modules/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c,v 1.2 1999/01/20 21:55:24 jdp Exp $
- *     $DragonFly: src/lib/pam_module/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c,v 1.2 2005/07/12 22:55:46 joerg Exp $
- */
-
-#include <stdio.h>
-#include <skey.h>
-
-#define PAM_SM_AUTH
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc __unused,
-    const char **argv __unused)
-{
-       int retval;
-       const void *item;
-       const char *user;
-       const char *tty;
-       const char *rhost;
-
-       if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
-               return retval;
-       if ((retval = pam_get_item(pamh, PAM_TTY, &item)) != PAM_SUCCESS)
-               return retval;
-       tty = (const char *)item;
-       if ((retval = pam_get_item(pamh, PAM_RHOST, &item)) != PAM_SUCCESS)
-               return retval;
-       rhost = (const char *)item;
-       /*
-        * The cast in the next statement is necessary only because the
-        * declaration of skeyaccess is wrong.
-        */
-       return skeyaccess(__DECONST(char *, user), tty, rhost, NULL) ?
-           PAM_SUCCESS : PAM_AUTH_ERR;
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
-    int argc __unused, const char **argv __unused)
-{
-       return PAM_SUCCESS;
-}
-
-PAM_MODULE_ENTRY("pam_cleartext_pass_ok");
index fd8c458..1b9785e 100644 (file)
@@ -76,9 +76,9 @@ LIBOPIE?=     ${DESTDIR}${LIBDIR}/libopie.a
 LIBPAM?=       ${DESTDIR}${LIBDIR}/libpam.a
 MINUSLPAM?=    -lpam
 .if defined(NOSHARED) && ${NOSHARED} != "no" && ${NOSHARED} != "NO"
-LIBPAM+=       ${LIBRADIUS} ${LIBTACPLUS} ${LIBSKEY} ${LIBCRYPT} ${LIBMD} \
+LIBPAM+=       ${LIBRADIUS} ${LIBTACPLUS} ${LIBOPIE} ${LIBCRYPT} ${LIBMD} \
                ${LIBUTIL}
-MINUSLPAM+=    -lradius -ltacplus -lskey -lcrypt -lmd -lutil
+MINUSLPAM+=    -lradius -ltacplus -lopie -lcrypt -lmd -lutil
 .endif
 
 LIBPANEL?=     ${DESTDIR}${LIBDIR}/libpanel.a
@@ -96,7 +96,6 @@ LIBSCRYPT?=   "don't use LIBSCRYPT, use LIBCRYPT"
 LIBSMB?=       ${DESTDIR}${LIBDIR}/libsmb.a
 LIBDESCRYPT?=  "don't use LIBDESCRYPT, use LIBCRYPT"
 LIBSCSI?=      ${DESTDIR}${LIBDIR}/libscsi.a
-LIBSKEY?=      ${DESTDIR}${LIBDIR}/libskey.a
 LIBSS?=                ${DESTDIR}${LIBDIR}/libss.a
 LIBSSH?=       ${DESTDIR}${LIBDIR}/libssh.a    # XXX in secure dist, not base
 LIBSSL?=       ${DESTDIR}${LIBDIR}/libssl.a    # XXX in secure dist, not base