From: Peter Avalos Date: Fri, 2 Jan 2009 20:40:49 +0000 (-0500) Subject: Remove S/Key key-handling apps which are replaced by OPIE's. X-Git-Tag: v2.3.0~129 X-Git-Url: https://gitweb.dragonflybsd.org/~nant/dragonfly.git/commitdiff_plain/40834819c136fc0ed9e733ac274fe60e76290b9b Remove S/Key key-handling apps which are replaced by OPIE's. --- diff --git a/Makefile_upgrade.inc b/Makefile_upgrade.inc index 5e46fbbcae..643d43a765 100644 --- a/Makefile_upgrade.inc +++ b/Makefile_upgrade.inc @@ -1016,3 +1016,12 @@ TO_REMOVE+=/usr/share/man/man9/KTR_LOG_PTR.9.gz TO_REMOVE+=/usr/libexec/rexecd TO_REMOVE+=/usr/share/man/man8/rexecd.8.gz TO_REMOVE+=/usr/share/man/cat8/rexecd.8.gz +TO_REMOVE+=/usr/bin/key +TO_REMOVE+=/usr/share/man/man1/key.1.gz +TO_REMOVE+=/usr/share/man/cat1/key.1.gz +TO_REMOVE+=/usr/bin/keyinfo +TO_REMOVE+=/usr/share/man/man1/keyinfo.1.gz +TO_REMOVE+=/usr/share/man/cat1/keyinfo.1.gz +TO_REMOVE+=/usr/bin/keyinit +TO_REMOVE+=/usr/share/man/man1/keyinit.1.gz +TO_REMOVE+=/usr/share/man/cat1/keyinit.1.gz diff --git a/usr.bin/Makefile b/usr.bin/Makefile index 86a074fa2a..c19ca50920 100644 --- a/usr.bin/Makefile +++ b/usr.bin/Makefile @@ -80,9 +80,6 @@ SUBDIR= alias \ jot \ kdump \ kenv \ - key \ - keyinfo \ - keyinit \ keylogin \ keylogout \ killall \ diff --git a/usr.bin/key/Makefile b/usr.bin/key/Makefile deleted file mode 100644 index 514cd938f2..0000000000 --- a/usr.bin/key/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -# @(#)Makefile 5.6 (Berkeley) 3/5/91 -# $FreeBSD: src/usr.bin/key/Makefile,v 1.4.6.1 2001/04/25 11:29:23 ru Exp $ -# $DragonFly: src/usr.bin/key/Makefile,v 1.4 2007/08/27 16:50:54 pavalos Exp $ - -PROG= key -SRCS= skey.c - -CFLAGS+= -D_SKEY_INTERNAL - -DPADD= ${LIBSKEY} ${LIBCRYPT} ${LIBMD} -LDADD= -lskey -lcrypt -lmd - -.include diff --git a/usr.bin/key/key.1 b/usr.bin/key/key.1 deleted file mode 100644 index e565c9b3cc..0000000000 --- a/usr.bin/key/key.1 +++ /dev/null @@ -1,51 +0,0 @@ -.\" from: @(#)key.1 1.0 (Bellcore) 12/2/91 -.\" $FreeBSD: src/usr.bin/key/key.1,v 1.5.2.2 2001/03/06 12:52:43 ru Exp $ -.\" $DragonFly: src/usr.bin/key/key.1,v 1.3 2005/08/01 01:49:17 swildner Exp $ -.\" -.Dd December 2, 1991 -.Dt KEY 1 -.Os -.Sh NAME -.Nm key -.Nd stand-alone program for computing responses to S/Key challenges -.Sh SYNOPSIS -.Nm -.Op Fl n Ar count -.Ar sequence -.Ar key -.Sh DESCRIPTION -.Nm Key -takes the optional count of the number of one time access -passwords to print -along with a (maximum) sequence number and key as command line arguments, -it prompts for the user's secret password, and produces both word -and hex format responses. -.Pp -The following option is available: -.Bl -tag -width Fl -.It Fl n Ar count -The number of one time access passwords to print. -The default is 1. -.El -.Sh EXAMPLES -Usage example: -.Bd -literal -offset indent -compact ->key -n 5 99 th91334 -Enter password: -OMEN US HORN OMIT BACK AHOY -\&.... 4 more passwords. -> -.Ed -.Sh SEE ALSO -.Xr keyinfo 1 , -.Xr keyinit 1 , -.Xr skey 1 -.\" .BR keysu(1), -.Sh AUTHORS -.An -nosplit -Command by -.An Phil Karn , -.An Neil M. Haller , -.An John S. Walden -.Sh CONTACT -.Aq staff@thumper.bellcore.com diff --git a/usr.bin/key/skey.c b/usr.bin/key/skey.c deleted file mode 100644 index a3a7c00662..0000000000 --- a/usr.bin/key/skey.c +++ /dev/null @@ -1,121 +0,0 @@ -/* Stand-alone program for computing responses to S/Key challenges. - * Takes the iteration count and seed as command line args, prompts - * for the user's key, and produces both word and hex format responses. - * - * Usage example: - * >skey 88 ka9q2 - * Enter password: - * OMEN US HORN OMIT BACK AHOY - * C848 666B 6435 0A93 - * > - * - * $FreeBSD: src/usr.bin/key/skey.c,v 1.6.6.1 2001/03/04 08:35:48 kris Exp $ - * $DragonFly: src/usr.bin/key/skey.c,v 1.3 2003/10/04 20:36:46 hmp Exp $ - */ - -#include -#include -#include -#include -#include - -#ifdef __MSDOS__ -#include -#else /* Assume BSD Unix */ -#include -#endif - -#include - -static void usage(void); - -int -main(int argc, char **argv) -{ - int n,cnt,i; - char passwd[256] /* ,passwd2[256] */; - char key[8]; - char *seed; - char buf[33]; - char *slash; - - cnt = 1; - while((i = getopt(argc,argv,"n:")) != -1){ - switch(i){ - case 'n': - cnt = atoi(optarg); - break; - } - } - /* could be in the form / */ - if(argc <= optind + 1){ - /*look for / in it */ - if(argc <= optind) - usage(); - - slash = strchr(argv[optind], '/'); - if(slash == NULL) - usage(); - *slash++ = '\0'; - seed = slash; - - if((n = atoi(argv[optind])) < 0){ - warnx("%s not positive",argv[optind]); - usage(); - } - } - else { - - if((n = atoi(argv[optind])) < 0){ - warnx("%s not positive",argv[optind]); - usage(); - } - seed = argv[++optind]; - } - fprintf(stderr,"Reminder - Do not use this program while logged in via telnet or rlogin.\n"); - - /* Get user's secret password */ - for(;;){ - fprintf(stderr,"Enter secret password: "); - readpass(passwd,sizeof(passwd)); - break; - /************ - fprintf(stderr,"Again secret password: "); - readpass(passwd2,sizeof(passwd)); - if(strcmp(passwd,passwd2) == 0) break; - fprintf(stderr, "Sorry no match\n"); - **************/ - - } - - /* Crunch seed and password into starting key */ - if(keycrunch(key,seed,passwd) != 0) - errx(1, "key crunch failed"); - if(cnt == 1){ - while(n-- != 0) - f(key); - printf("%s\n",btoe(buf,key)); -#ifdef HEXIN - printf("%s\n",put8(buf,key)); -#endif - } else { - for(i=0;i<=n-cnt;i++) - f(key); - for(;i<=n;i++){ -#ifdef HEXIN - printf("%d: %-29s %s\n",i,btoe(buf,key),put8(buf,key)); -#else - printf("%d: %-29s\n",i,btoe(buf,key)); -#endif - f(key); - } - } - return 0; -} - -static void -usage(void) -{ - fprintf(stderr,"usage: key [-n count] [/] \n"); - exit(1); -} diff --git a/usr.bin/keyinfo/Makefile b/usr.bin/keyinfo/Makefile deleted file mode 100644 index 9bacf871ce..0000000000 --- a/usr.bin/keyinfo/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# @(#)Makefile 5.5 (Berkeley) 7/1/90 -# $FreeBSD: src/usr.bin/keyinfo/Makefile,v 1.4.6.2 2001/11/06 03:36:33 imp Exp $ -# $DragonFly: src/usr.bin/keyinfo/Makefile,v 1.4 2007/08/27 16:50:54 pavalos Exp $ - -PROG= keyinfo -DPADD= ${LIBSKEY} ${LIBCRYPT} ${LIBMD} -LDADD= -lskey -lcrypt -lmd -BINMODE=4555 - -.include diff --git a/usr.bin/keyinfo/keyinfo.1 b/usr.bin/keyinfo/keyinfo.1 deleted file mode 100644 index 048b70eecb..0000000000 --- a/usr.bin/keyinfo/keyinfo.1 +++ /dev/null @@ -1,65 +0,0 @@ -.\" from: @(#)keyinfo.1 1.1 (Bellcore) 7/20/93 -.\" $FreeBSD: src/usr.bin/keyinfo/keyinfo.1,v 1.7.2.2 2001/12/21 10:07:20 ru Exp $ -.\" $DragonFly: src/usr.bin/keyinfo/keyinfo.1,v 1.2 2003/06/17 04:29:27 dillon Exp $ -.\" -.Dd April 26, 1996 -.Dt KEYINFO 1 -.Os -.Sh NAME -.Nm keyinfo -.Nd display current S/Key sequence number and seed -.Sh SYNOPSIS -.Nm -.Op Ar username -.Sh DESCRIPTION -.Nm -takes an optional user name and displays the user\'s current sequence -number and seed found in the S/Key database -.Pa /etc/skeykeys . -.Pp -The command can be useful when generating a list of passwords for use -on a field trip, by combining with the command -.Xr key 1 -in the form: -.Bd -literal -offset indent -key -n `keyinfo` | lpr -.Ed -.Pp -The optional -.Ar username -argument specifies the S/Key user for whom to display the information. -The default is to display S/Key information -on the user who invokes the command. -Only the superuser can ask for another user's key information. -.Sh EXAMPLES -Usage example: -.Bd -literal -offset indent -$ keyinfo -.Ed -.Pp -This would produce the following output: -.Bd -literal -offset indent -98 ws91340 -.Ed -.Sh DIAGNOSTICS -The -.Nm -utility -exits with status 0 if a key for the requested user has been found, -else with status 1. -.Sh SEE ALSO -.Xr key 1 , -.Xr keyinit 1 -.Sh AUTHORS -.An -nosplit -Original command by -.An Phil Karn , -.An Neil M. Haller -and -.An John S. Walden . -Rewritten in Perl by -.An J\(:org Wunsch -so that it could be made setuid, with the S/Key keys file read-protected -from the users. -Rewritten in C by -.An Warner Losh . diff --git a/usr.bin/keyinfo/keyinfo.c b/usr.bin/keyinfo/keyinfo.c deleted file mode 100644 index b39dd61985..0000000000 --- a/usr.bin/keyinfo/keyinfo.c +++ /dev/null @@ -1,59 +0,0 @@ -/*- - * Copyright (c) 2000 Warner Losh. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD: src/usr.bin/keyinfo/keyinfo.c,v 1.3.4.1 2001/11/06 03:36:33 imp Exp $ - * $DragonFly: src/usr.bin/keyinfo/keyinfo.c,v 1.2 2003/06/17 04:29:27 dillon Exp $ - */ - -#include -#include -#include -#include -#include -#include - -int -main(int argc, char *argv[]) -{ - struct skey skey; - char *login; - char *name; - int serr; - - login = getlogin(); - if (login == NULL) - errx(1, "Cannot find login name"); - if (getuid() != 0 && argc > 1 && strcmp(login, argv[1]) != 0) - errx(1, "Only superuser may get another user's keys"); - name = argc > 1 ? argv[1] : login; - serr = skeylookup(&skey, name); - if (serr == -1) - err(1, "skeylookup os failure"); - fclose(skey.keyfile); - if (serr != 0) - errx(1, "skeylookup: user %s not found", name); - printf("%d %s\n", skey.n - 1, skey.seed); - return (0); -} diff --git a/usr.bin/keyinit/Makefile b/usr.bin/keyinit/Makefile deleted file mode 100644 index 17c5e1b12a..0000000000 --- a/usr.bin/keyinit/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# @(#)Makefile 5.6 (Berkeley) 3/5/91 -# $FreeBSD: src/usr.bin/keyinit/Makefile,v 1.6.6.1 2001/04/25 11:29:24 ru Exp $ -# $DragonFly: src/usr.bin/keyinit/Makefile,v 1.4 2007/08/27 16:50:55 pavalos Exp $ - -PROG= keyinit -SRCS= skeyinit.c - -CFLAGS+= -D_SKEY_INTERNAL - -BINMODE=4555 - -DPADD= ${LIBSKEY} ${LIBCRYPT} ${LIBMD} -LDADD= -lskey -lcrypt -lmd - -.include diff --git a/usr.bin/keyinit/keyinit.1 b/usr.bin/keyinit/keyinit.1 deleted file mode 100644 index dfa4e7c1fa..0000000000 --- a/usr.bin/keyinit/keyinit.1 +++ /dev/null @@ -1,92 +0,0 @@ -.\" @(#)keyinit.1 1.0 (Bellcore) 7/20/93 -.\" $FreeBSD: src/usr.bin/keyinit/keyinit.1,v 1.8 2000/03/01 12:19:47 sheldonh Exp $ -.\" $DragonFly: src/usr.bin/keyinit/keyinit.1,v 1.4 2007/07/30 22:11:33 swildner Exp $ -.\" -.Dd July 20, 1993 -.Dt KEYINIT 1 -.Os -.Sh NAME -.Nm keyinit -.Nd change password or add user to S/Key authentication system -.Sh SYNOPSIS -.Nm -.Op Fl s -.Op Ar userID -.Sh DESCRIPTION -.Nm Keyinit -initializes the system so you can use S/Key one-time passwords to -login. The program will ask you to enter a secret pass phrase; enter a -phrase of several words in response. -After the S/Key database has been -updated you can login using either your regular -.Ux -password or using S/Key one-time passwords. -.Pp -When logging in from another machine you can avoid typing a real -password over the network, by typing your S/Key pass phrase to the -.Nm key -command on the local machine: the program will respond with -the one-time password that you should use to log into the remote -machine. This is most conveniently done with cut-and-paste operations -using a mouse. Alternatively, you can pre-compute one-time passwords -using the -.Nm key -command and carry them with you on a piece of paper. -.Pp -.Nm Keyinit -requires you to type your secret password, so it should -be used only on a secure terminal. -For example, on the console of a -workstation. -If you are using -.Nm -while logged in over an -untrusted network, follow the instructions given below with the -.Fl s -option. -.Sh OPTIONS -.Bl -tag -width indent -.It Fl s -Set secure mode where the user is expected to have used a secure -machine to generate the first one time password. Without the -.Fl s -the -system will assume you are direct connected over secure communications -and prompt you for your secret password. -The -.Fl s -option also allows one to set the seed and count for complete -control of the parameters. You can use -.Nm -.Fl s -in combination with -the -.Nm key -command to set the seed and count if you do not like the defaults. -To do this run -.Nm -in one window and put in your count and seed -then run -.Nm key -in another window to generate the correct 6 English words -for that count and seed. -You can then -"cut" and "paste" them or copy them into the -.Nm -window. -.It Ar userID -The ID for the user to be changed/added -.El -.Sh FILES -.Pa /etc/skeykeys -data base of information for S/Key system. -.Sh SEE ALSO -.Xr key 1 , -.Xr keyinfo 1 , -.Xr skey 1 , -.Xr su 1 -.Sh AUTHORS -Command by -.An Phil Karn , -.An Neil M. Haller , -.An John S. Walden diff --git a/usr.bin/keyinit/skeyinit.c b/usr.bin/keyinit/skeyinit.c deleted file mode 100644 index 7453c34b03..0000000000 --- a/usr.bin/keyinit/skeyinit.c +++ /dev/null @@ -1,191 +0,0 @@ -/* change password or add user to S/KEY authentication system. - * S/KEY is a tradmark of Bellcore. - * - * $DragonFly: src/usr.bin/keyinit/skeyinit.c,v 1.2 2003/10/04 20:36:46 hmp Exp $ - */ - -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#define NAMELEN 2 - -int -main(int argc, char **argv) -{ - struct skey skey; - int rval,n,nn,i,defaultsetup; - char seed[18],tmp[80],key[8]; - struct passwd *ppuser,*pp; - char defaultseed[17], passwd[256],passwd2[256] ; - - - time_t now; - struct tm *tm; - char tbuf[27],buf[60]; - char lastc, me[80]; - int l; - - time(&now); -#if 0 /* Choose a more random seed */ - tm = localtime(&now); - strftime(tbuf, sizeof(tbuf), "%M%j", tm); -#else - sprintf(tbuf, "%05ld", (long) (now % 100000)); -#endif - gethostname(defaultseed,NAMELEN); - strcpy(&defaultseed[NAMELEN],tbuf); - - pp = ppuser = getpwuid(getuid()); - strcpy(me,pp->pw_name); - defaultsetup = 1; - if( argc > 1){ - if(strcmp("-s", argv[1]) == 0) - defaultsetup = 0; - else - pp = getpwnam(argv[1]); - if(argc > 2) - pp = getpwnam(argv[2]); - - } - if(pp == NULL){ - printf("User unknown\n"); - return 1; - } - if(strcmp( pp->pw_name,me) != 0){ - if(getuid() != 0){ - /* Only root can change other's passwds */ - printf("Permission denied.\n"); - return(1); - } - } - - - - rval = skeylookup(&skey,pp->pw_name); - switch(rval){ - case -1: - perror("error in opening database"); - return 1; - case 0: - printf("Updating %s:\n",pp->pw_name); - printf("Old key: %s\n",skey.seed); - /* lets be nice if they have a skey.seed that ends in 0-8 just add one*/ - l = strlen(skey.seed); - if( l > 0){ - lastc = skey.seed[l-1]; - if( isdigit(lastc) && lastc != '9' ){ - strcpy(defaultseed, skey.seed); - defaultseed[l-1] = lastc + 1; - } - if( isdigit(lastc) && lastc == '9' && l < 16){ - strcpy(defaultseed, skey.seed); - defaultseed[l-1] = '0'; - defaultseed[l] = '0'; - defaultseed[l+1] = '\0'; - } - } - break; - case 1: - skey.val = 0; /* XXX */ - printf("Adding %s:\n",pp->pw_name); - break; - } - n = 99; - if( ! defaultsetup){ - printf("Reminder you need the 6 english words from the key command.\n"); - for(i=0;;i++){ - if(i >= 2) exit(1); - printf("Enter sequence count from 1 to 9999: "); - fgets(tmp,sizeof(tmp),stdin); - n = atoi(tmp); - if(n > 0 && n < 10000) - break; /* Valid range */ - printf("Count must be > 0 and < 10000\n"); - } - } - if( !defaultsetup){ - printf("Enter new key [default %s]: ", defaultseed); - fflush(stdout); - fgets(seed,sizeof(seed),stdin); - rip(seed); - if(strlen(seed) > 16){ - printf("Seed truncated to 16 chars\n"); - seed[16] = '\0'; - } - if( seed[0] == '\0') strcpy(seed,defaultseed); - for(i=0;;i++){ - if(i >= 2) exit(1); - printf("s/key %d %s\ns/key access password: ",n,seed); - fgets(tmp,sizeof(tmp),stdin); - rip(tmp); - if(tmp[0] == '?'){ - printf("Enter 6 English words from secure S/Key calculation.\n"); - continue; - } - if(tmp[0] == '\0'){ - exit(1); - } - if(etob(key,tmp) == 1 || atob8(key,tmp) == 0) - break; /* Valid format */ - printf("Invalid format, try again with 6 English words.\n"); - } - } else { - /* Get user's secret password */ - fprintf(stderr,"Reminder - Only use this method if you are directly connected.\n"); - fprintf(stderr,"If you are using telnet or rlogin exit with no password and use keyinit -s.\n"); - for(i=0;;i++){ - if(i >= 2) exit(1); - fprintf(stderr,"Enter secret password: "); - readpass(passwd,sizeof(passwd)); - if(passwd[0] == '\0'){ - exit(1); - } - fprintf(stderr,"Again secret password: "); - readpass(passwd2,sizeof(passwd)); - if(passwd2[0] == '\0'){ - exit(1); - } - if(strlen(passwd) < 4 && strlen(passwd2) < 4) { - fprintf(stderr, "Sorry your password must be longer\n\r"); - exit(1); - } - if(strcmp(passwd,passwd2) == 0) break; - fprintf(stderr, "Sorry no match\n"); - - - } - strcpy(seed,defaultseed); - - /* Crunch seed and password into starting key */ - if(keycrunch(key,seed,passwd) != 0) - errx(1, "key crunch failed"); - nn = n; - while(nn-- != 0) - f(key); - } - time(&now); - tm = localtime(&now); - strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); - if (skey.val == NULL) - skey.val = (char *) malloc(16+1); - - - btoa8(skey.val,key); - fprintf(skey.keyfile,"%s %04d %-16s %s %-21s\n",pp->pw_name,n, - seed,skey.val, tbuf); - fclose(skey.keyfile); - printf("\nID %s s/key is %d %s\n",pp->pw_name,n,seed); - printf("%s\n",btoe(buf,key)); -#ifdef HEXIN - printf("%s\n",put8(buf,key)); -#endif - return 0; -}