1 /* change password or add user to S/KEY authentication system.
2 * S/KEY is a tradmark of Bellcore */
23 int rval,n,nn,i,defaultsetup;
24 char seed[18],tmp[80],key[8];
25 struct passwd *ppuser,*pp;
26 char defaultseed[17], passwd[256],passwd2[256] ;
31 char tbuf[27],buf[60];
36 #if 0 /* Choose a more random seed */
38 strftime(tbuf, sizeof(tbuf), "%M%j", tm);
40 sprintf(tbuf, "%05ld", (long) (now % 100000));
42 gethostname(defaultseed,NAMELEN);
43 strcpy(&defaultseed[NAMELEN],tbuf);
45 pp = ppuser = getpwuid(getuid());
46 strcpy(me,pp->pw_name);
49 if(strcmp("-s", argv[1]) == 0)
52 pp = getpwnam(argv[1]);
54 pp = getpwnam(argv[2]);
58 printf("User unknown\n");
61 if(strcmp( pp->pw_name,me) != 0){
63 /* Only root can change other's passwds */
64 printf("Permission denied.\n");
71 rval = skeylookup(&skey,pp->pw_name);
74 perror("error in opening database");
77 printf("Updating %s:\n",pp->pw_name);
78 printf("Old key: %s\n",skey.seed);
79 /* lets be nice if they have a skey.seed that ends in 0-8 just add one*/
80 l = strlen(skey.seed);
82 lastc = skey.seed[l-1];
83 if( isdigit(lastc) && lastc != '9' ){
84 strcpy(defaultseed, skey.seed);
85 defaultseed[l-1] = lastc + 1;
87 if( isdigit(lastc) && lastc == '9' && l < 16){
88 strcpy(defaultseed, skey.seed);
89 defaultseed[l-1] = '0';
91 defaultseed[l+1] = '\0';
96 skey.val = 0; /* XXX */
97 printf("Adding %s:\n",pp->pw_name);
102 printf("Reminder you need the 6 english words from the key command.\n");
105 printf("Enter sequence count from 1 to 9999: ");
106 fgets(tmp,sizeof(tmp),stdin);
108 if(n > 0 && n < 10000)
109 break; /* Valid range */
110 printf("Count must be > 0 and < 10000\n");
114 printf("Enter new key [default %s]: ", defaultseed);
116 fgets(seed,sizeof(seed),stdin);
118 if(strlen(seed) > 16){
119 printf("Seed truncated to 16 chars\n");
122 if( seed[0] == '\0') strcpy(seed,defaultseed);
125 printf("s/key %d %s\ns/key access password: ",n,seed);
126 fgets(tmp,sizeof(tmp),stdin);
129 printf("Enter 6 English words from secure S/Key calculation.\n");
135 if(etob(key,tmp) == 1 || atob8(key,tmp) == 0)
136 break; /* Valid format */
137 printf("Invalid format, try again with 6 English words.\n");
140 /* Get user's secret password */
141 fprintf(stderr,"Reminder - Only use this method if you are directly connected.\n");
142 fprintf(stderr,"If you are using telnet or rlogin exit with no password and use keyinit -s.\n");
145 fprintf(stderr,"Enter secret password: ");
146 readpass(passwd,sizeof(passwd));
147 if(passwd[0] == '\0'){
150 fprintf(stderr,"Again secret password: ");
151 readpass(passwd2,sizeof(passwd));
152 if(passwd2[0] == '\0'){
155 if(strlen(passwd) < 4 && strlen(passwd2) < 4) {
156 fprintf(stderr, "Sorry your password must be longer\n\r");
159 if(strcmp(passwd,passwd2) == 0) break;
160 fprintf(stderr, "Sorry no match\n");
164 strcpy(seed,defaultseed);
166 /* Crunch seed and password into starting key */
167 if(keycrunch(key,seed,passwd) != 0)
168 errx(1, "key crunch failed");
174 tm = localtime(&now);
175 strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
176 if (skey.val == NULL)
177 skey.val = (char *) malloc(16+1);
181 fprintf(skey.keyfile,"%s %04d %-16s %s %-21s\n",pp->pw_name,n,
182 seed,skey.val, tbuf);
183 fclose(skey.keyfile);
184 printf("\nID %s s/key is %d %s\n",pp->pw_name,n,seed);
185 printf("%s\n",btoe(buf,key));
187 printf("%s\n",put8(buf,key));