1 |
ulm 12/01/04 20:05:23 |
2 |
|
3 |
Added: 01_all_gentoo.patch 02_all_login_name_max.patch |
4 |
03_all_fPIC.patch 04_all_bind-now.patch |
5 |
05_all_otp.patch 06_all_binary-search.patch |
6 |
07_all_skeyprune-dir.patch |
7 |
08_all_skeyprune-regex.patch |
8 |
09_all_man_default-md5.patch |
9 |
10_all_man_libpath.patch |
10 |
Log: |
11 |
Patchset for skey-1.1.5 |
12 |
|
13 |
Revision Changes Path |
14 |
1.1 src/patchsets/skey/1.1.5/01_all_gentoo.patch |
15 |
|
16 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/01_all_gentoo.patch?rev=1.1&view=markup |
17 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/01_all_gentoo.patch?rev=1.1&content-type=text/plain |
18 |
|
19 |
Index: 01_all_gentoo.patch |
20 |
=================================================================== |
21 |
porting some updates to this skey implementation from the |
22 |
NetBSD project, some other updates and fixes, and the addition |
23 |
of some new features like shadow password and cracklib support. |
24 |
(05 Nov 2003) -taviso@g.o |
25 |
|
26 |
--- skey-1.1.5.orig/CHANGES 2001-05-10 17:10:49.000000000 +0100 |
27 |
+++ skey-1.1.5/CHANGES 2003-11-06 17:46:45.000000000 +0000 |
28 |
@@ -1,6 +1,19 @@ |
29 |
*** Changes in version 1.1.5 |
30 |
|
31 |
- Bug fixes for errx/warnx |
32 |
+(05/11/2003) taviso@g.o |
33 |
+ - ported some updates from the NetBSD project to Linux. |
34 |
+ - removed a load of cast to voids. |
35 |
+ - syntax changes. |
36 |
+ - killing skeyaudit, using a shell script modified from NetBSD. |
37 |
+ - cleanups to stop warnings with gcc. |
38 |
+ - building a library for dynamic linking. |
39 |
+ - swapping some str{cat,cpy} for strn{cat,cpy} |
40 |
+ - killing rmd160 support. |
41 |
+ - removing strlcpy function, not useful. |
42 |
+ - quick hack for shadow support. |
43 |
+ - quick hack for cracklib support. |
44 |
+ - various other stuff. |
45 |
|
46 |
*** Changes in version 1.1.4 |
47 |
|
48 |
--- skey-1.1.5.orig/config.h.in 2001-05-10 17:10:49.000000000 +0100 |
49 |
+++ skey-1.1.5/config.h.in 2003-11-06 17:46:45.000000000 +0000 |
50 |
@@ -109,6 +109,9 @@ |
51 |
/* Define if you have the strtol function. */ |
52 |
#undef HAVE_STRTOL |
53 |
|
54 |
+/* Define if you have the <crack.h> header file. */ |
55 |
+#undef HAVE_CRACK_H |
56 |
+ |
57 |
/* Define if you have the <crypt.h> header file. */ |
58 |
#undef HAVE_CRYPT_H |
59 |
|
60 |
@@ -130,12 +133,12 @@ |
61 |
/* Define if you have the <md5global.h> header file. */ |
62 |
#undef HAVE_MD5GLOBAL_H |
63 |
|
64 |
-/* Define if you have the <rmd160.h> header file. */ |
65 |
-#undef HAVE_RMD160_H |
66 |
- |
67 |
/* Define if you have the <sha1.h> header file. */ |
68 |
#undef HAVE_SHA1_H |
69 |
|
70 |
+/* Define if you have the <shadow.h> header file. */ |
71 |
+#undef HAVE_SHADOW_H |
72 |
+ |
73 |
/* Define if you have the <sys/cdefs.h> header file. */ |
74 |
#undef HAVE_SYS_CDEFS_H |
75 |
|
76 |
--- skey-1.1.5.orig/configure 2001-05-10 17:10:49.000000000 +0100 |
77 |
+++ skey-1.1.5/configure 2003-11-06 17:47:49.000000000 +0000 |
78 |
@@ -960,47 +960,11 @@ |
79 |
echo "$ac_t""no" 1>&6 |
80 |
fi |
81 |
|
82 |
-# Extract the first word of "sendmail", so it can be a program name with args. |
83 |
-set dummy sendmail; ac_word=$2 |
84 |
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 |
85 |
-echo "configure:967: checking for $ac_word" >&5 |
86 |
-if eval "test \"`echo '$''{'ac_cv_path_SENDMAIL'+set}'`\" = set"; then |
87 |
- echo $ac_n "(cached) $ac_c" 1>&6 |
88 |
-else |
89 |
- case "$SENDMAIL" in |
90 |
- /*) |
91 |
- ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a path. |
92 |
- ;; |
93 |
- ?:/*) |
94 |
- ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a dos path. |
95 |
- ;; |
96 |
- *) |
97 |
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" |
98 |
- ac_dummy="$PATH:/usr/sbin:/usr/lib:/usr/bin" |
99 |
- for ac_dir in $ac_dummy; do |
100 |
- test -z "$ac_dir" && ac_dir=. |
101 |
- if test -f $ac_dir/$ac_word; then |
102 |
- ac_cv_path_SENDMAIL="$ac_dir/$ac_word" |
103 |
- break |
104 |
- fi |
105 |
- done |
106 |
- IFS="$ac_save_ifs" |
107 |
- test -z "$ac_cv_path_SENDMAIL" && ac_cv_path_SENDMAIL="/usr/lib/sendmail" |
108 |
- ;; |
109 |
-esac |
110 |
-fi |
111 |
-SENDMAIL="$ac_cv_path_SENDMAIL" |
112 |
-if test -n "$SENDMAIL"; then |
113 |
- echo "$ac_t""$SENDMAIL" 1>&6 |
114 |
-else |
115 |
- echo "$ac_t""no" 1>&6 |
116 |
-fi |
117 |
- |
118 |
|
119 |
|
120 |
|
121 |
echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 |
122 |
-echo "configure:1004: checking for crypt in -lcrypt" >&5 |
123 |
+echo "configure:968: checking for crypt in -lcrypt" >&5 |
124 |
ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` |
125 |
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then |
126 |
echo $ac_n "(cached) $ac_c" 1>&6 |
127 |
@@ -1008,7 +972,7 @@ |
128 |
ac_save_LIBS="$LIBS" |
129 |
LIBS="-lcrypt $LIBS" |
130 |
cat > conftest.$ac_ext <<EOF |
131 |
-#line 1012 "configure" |
132 |
+#line 976 "configure" |
133 |
#include "confdefs.h" |
134 |
/* Override any gcc2 internal prototype to avoid an error. */ |
135 |
/* We use char because int might match the return type of a gcc2 |
136 |
@@ -1019,7 +983,7 @@ |
137 |
crypt() |
138 |
; return 0; } |
139 |
EOF |
140 |
-if { (eval echo configure:1023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
141 |
+if { (eval echo configure:987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
142 |
rm -rf conftest* |
143 |
eval "ac_cv_lib_$ac_lib_var=yes" |
144 |
else |
145 |
@@ -1040,7 +1004,7 @@ |
146 |
fi |
147 |
|
148 |
echo $ac_n "checking for flock in -lucb""... $ac_c" 1>&6 |
149 |
-echo "configure:1044: checking for flock in -lucb" >&5 |
150 |
+echo "configure:1008: checking for flock in -lucb" >&5 |
151 |
ac_lib_var=`echo ucb'_'flock | sed 'y%./+-%__p_%'` |
152 |
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then |
153 |
echo $ac_n "(cached) $ac_c" 1>&6 |
154 |
@@ -1048,7 +1012,7 @@ |
155 |
ac_save_LIBS="$LIBS" |
156 |
LIBS="-lucb $LIBS" |
157 |
cat > conftest.$ac_ext <<EOF |
158 |
-#line 1052 "configure" |
159 |
+#line 1016 "configure" |
160 |
#include "confdefs.h" |
161 |
/* Override any gcc2 internal prototype to avoid an error. */ |
162 |
/* We use char because int might match the return type of a gcc2 |
163 |
@@ -1059,7 +1023,7 @@ |
164 |
flock() |
165 |
; return 0; } |
166 |
EOF |
167 |
-if { (eval echo configure:1063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
168 |
+if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
169 |
rm -rf conftest* |
170 |
eval "ac_cv_lib_$ac_lib_var=yes" |
171 |
else |
172 |
@@ -1079,10 +1043,50 @@ |
173 |
echo "$ac_t""no" 1>&6 |
174 |
fi |
175 |
|
176 |
+echo $ac_n "checking for FascistCheck in -lcrack""... $ac_c" 1>&6 |
177 |
+echo "configure:1048: checking for FascistCheck in -lcrack" >&5 |
178 |
+ac_lib_var=`echo crack'_'FascistCheck | sed 'y%./+-%__p_%'` |
179 |
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then |
180 |
+ echo $ac_n "(cached) $ac_c" 1>&6 |
181 |
+else |
182 |
+ ac_save_LIBS="$LIBS" |
183 |
+LIBS="-lcrack $LIBS" |
184 |
+cat > conftest.$ac_ext <<EOF |
185 |
+#line 1056 "configure" |
186 |
+#include "confdefs.h" |
187 |
+/* Override any gcc2 internal prototype to avoid an error. */ |
188 |
+/* We use char because int might match the return type of a gcc2 |
189 |
+ builtin and then its argument prototype would still apply. */ |
190 |
+char FascistCheck(); |
191 |
+ |
192 |
+int main() { |
193 |
+FascistCheck() |
194 |
+; return 0; } |
195 |
+EOF |
196 |
+if { (eval echo configure:1067: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
197 |
+ rm -rf conftest* |
198 |
+ eval "ac_cv_lib_$ac_lib_var=yes" |
199 |
+else |
200 |
+ echo "configure: failed program was:" >&5 |
201 |
+ cat conftest.$ac_ext >&5 |
202 |
+ rm -rf conftest* |
203 |
+ eval "ac_cv_lib_$ac_lib_var=no" |
204 |
+fi |
205 |
+rm -f conftest* |
206 |
+LIBS="$ac_save_LIBS" |
207 |
+ |
208 |
+fi |
209 |
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then |
210 |
+ echo "$ac_t""yes" 1>&6 |
211 |
+ LIBS="$LIBS -lcrack" |
212 |
+else |
213 |
+ echo "$ac_t""no" 1>&6 |
214 |
+fi |
215 |
+ |
216 |
|
217 |
|
218 |
echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 |
219 |
-echo "configure:1086: checking how to run the C preprocessor" >&5 |
220 |
+echo "configure:1090: checking how to run the C preprocessor" >&5 |
221 |
# On Suns, sometimes $CPP names a directory. |
222 |
if test -n "$CPP" && test -d "$CPP"; then |
223 |
CPP= |
224 |
@@ -1097,13 +1101,13 @@ |
225 |
# On the NeXT, cc -E runs the code through the compiler's parser, |
226 |
# not just through cpp. |
227 |
cat > conftest.$ac_ext <<EOF |
228 |
-#line 1101 "configure" |
229 |
+#line 1105 "configure" |
230 |
#include "confdefs.h" |
231 |
#include <assert.h> |
232 |
Syntax Error |
233 |
EOF |
234 |
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" |
235 |
-{ (eval echo configure:1107: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } |
236 |
+{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } |
237 |
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` |
238 |
if test -z "$ac_err"; then |
239 |
: |
240 |
@@ -1114,13 +1118,13 @@ |
241 |
rm -rf conftest* |
242 |
CPP="${CC-cc} -E -traditional-cpp" |
243 |
cat > conftest.$ac_ext <<EOF |
244 |
-#line 1118 "configure" |
245 |
+#line 1122 "configure" |
246 |
#include "confdefs.h" |
247 |
#include <assert.h> |
248 |
Syntax Error |
249 |
EOF |
250 |
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" |
251 |
-{ (eval echo configure:1124: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } |
252 |
+{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } |
253 |
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` |
254 |
if test -z "$ac_err"; then |
255 |
: |
256 |
@@ -1131,13 +1135,13 @@ |
257 |
rm -rf conftest* |
258 |
CPP="${CC-cc} -nologo -E" |
259 |
cat > conftest.$ac_ext <<EOF |
260 |
-#line 1135 "configure" |
261 |
+#line 1139 "configure" |
262 |
#include "confdefs.h" |
263 |
#include <assert.h> |
264 |
Syntax Error |
265 |
EOF |
266 |
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" |
267 |
-{ (eval echo configure:1141: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } |
268 |
+{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } |
269 |
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` |
270 |
if test -z "$ac_err"; then |
271 |
: |
272 |
@@ -1162,12 +1166,12 @@ |
273 |
echo "$ac_t""$CPP" 1>&6 |
274 |
|
275 |
echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 |
276 |
-echo "configure:1166: checking for ANSI C header files" >&5 |
277 |
+echo "configure:1170: checking for ANSI C header files" >&5 |
278 |
if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then |
279 |
echo $ac_n "(cached) $ac_c" 1>&6 |
280 |
else |
281 |
cat > conftest.$ac_ext <<EOF |
282 |
-#line 1171 "configure" |
283 |
+#line 1175 "configure" |
284 |
#include "confdefs.h" |
285 |
#include <stdlib.h> |
286 |
#include <stdarg.h> |
287 |
@@ -1175,7 +1179,7 @@ |
288 |
#include <float.h> |
289 |
EOF |
290 |
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" |
291 |
-{ (eval echo configure:1179: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } |
292 |
+{ (eval echo configure:1183: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } |
293 |
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` |
294 |
if test -z "$ac_err"; then |
295 |
rm -rf conftest* |
296 |
@@ -1192,7 +1196,7 @@ |
297 |
if test $ac_cv_header_stdc = yes; then |
298 |
# SunOS 4.x string.h does not declare mem*, contrary to ANSI. |
299 |
cat > conftest.$ac_ext <<EOF |
300 |
-#line 1196 "configure" |
301 |
+#line 1200 "configure" |
302 |
#include "confdefs.h" |
303 |
#include <string.h> |
304 |
EOF |
305 |
@@ -1210,7 +1214,7 @@ |
306 |
if test $ac_cv_header_stdc = yes; then |
307 |
# ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. |
308 |
cat > conftest.$ac_ext <<EOF |
309 |
-#line 1214 "configure" |
310 |
+#line 1218 "configure" |
311 |
#include "confdefs.h" |
312 |
#include <stdlib.h> |
313 |
EOF |
314 |
@@ -1231,7 +1235,7 @@ |
315 |
: |
316 |
else |
317 |
cat > conftest.$ac_ext <<EOF |
318 |
-#line 1235 "configure" |
319 |
+#line 1239 "configure" |
320 |
#include "confdefs.h" |
321 |
#include <ctype.h> |
322 |
#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') |
323 |
@@ -1242,7 +1246,7 @@ |
324 |
exit (0); } |
325 |
|
326 |
EOF |
327 |
-if { (eval echo configure:1246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
328 |
+if { (eval echo configure:1250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
329 |
then |
330 |
: |
331 |
else |
332 |
@@ -1266,12 +1270,12 @@ |
333 |
fi |
334 |
|
335 |
echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 |
336 |
-echo "configure:1270: checking for sys/wait.h that is POSIX.1 compatible" >&5 |
337 |
+echo "configure:1274: checking for sys/wait.h that is POSIX.1 compatible" >&5 |
338 |
if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then |
339 |
echo $ac_n "(cached) $ac_c" 1>&6 |
340 |
else |
341 |
cat > conftest.$ac_ext <<EOF |
342 |
-#line 1275 "configure" |
343 |
+#line 1279 "configure" |
344 |
#include "confdefs.h" |
345 |
#include <sys/types.h> |
346 |
#include <sys/wait.h> |
347 |
@@ -1287,7 +1291,7 @@ |
348 |
s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; |
349 |
; return 0; } |
350 |
EOF |
351 |
-if { (eval echo configure:1291: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
352 |
+if { (eval echo configure:1295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
353 |
rm -rf conftest* |
354 |
ac_cv_header_sys_wait_h=yes |
355 |
else |
356 |
@@ -1307,21 +1311,21 @@ |
357 |
|
358 |
fi |
359 |
|
360 |
-for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h |
361 |
+for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h |
362 |
do |
363 |
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` |
364 |
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 |
365 |
-echo "configure:1315: checking for $ac_hdr" >&5 |
366 |
+echo "configure:1319: checking for $ac_hdr" >&5 |
367 |
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then |
368 |
echo $ac_n "(cached) $ac_c" 1>&6 |
369 |
else |
370 |
cat > conftest.$ac_ext <<EOF |
371 |
-#line 1320 "configure" |
372 |
+#line 1324 "configure" |
373 |
#include "confdefs.h" |
374 |
#include <$ac_hdr> |
375 |
EOF |
376 |
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" |
377 |
-{ (eval echo configure:1325: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } |
378 |
+{ (eval echo configure:1329: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } |
379 |
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` |
380 |
if test -z "$ac_err"; then |
381 |
rm -rf conftest* |
382 |
@@ -1349,12 +1353,12 @@ |
383 |
|
384 |
|
385 |
echo $ac_n "checking for working const""... $ac_c" 1>&6 |
386 |
-echo "configure:1353: checking for working const" >&5 |
387 |
+echo "configure:1357: checking for working const" >&5 |
388 |
if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then |
389 |
echo $ac_n "(cached) $ac_c" 1>&6 |
390 |
else |
391 |
cat > conftest.$ac_ext <<EOF |
392 |
-#line 1358 "configure" |
393 |
+#line 1362 "configure" |
394 |
#include "confdefs.h" |
395 |
|
396 |
int main() { |
397 |
@@ -1403,7 +1407,7 @@ |
398 |
|
399 |
; return 0; } |
400 |
EOF |
401 |
-if { (eval echo configure:1407: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
402 |
+if { (eval echo configure:1411: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
403 |
rm -rf conftest* |
404 |
ac_cv_c_const=yes |
405 |
else |
406 |
@@ -1424,14 +1428,14 @@ |
407 |
fi |
408 |
|
409 |
echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 |
410 |
-echo "configure:1428: checking whether byte ordering is bigendian" >&5 |
411 |
+echo "configure:1432: checking whether byte ordering is bigendian" >&5 |
412 |
if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then |
413 |
echo $ac_n "(cached) $ac_c" 1>&6 |
414 |
else |
415 |
ac_cv_c_bigendian=unknown |
416 |
# See if sys/param.h defines the BYTE_ORDER macro. |
417 |
cat > conftest.$ac_ext <<EOF |
418 |
-#line 1435 "configure" |
419 |
+#line 1439 "configure" |
420 |
#include "confdefs.h" |
421 |
#include <sys/types.h> |
422 |
#include <sys/param.h> |
423 |
@@ -1442,11 +1446,11 @@ |
424 |
#endif |
425 |
; return 0; } |
426 |
EOF |
427 |
-if { (eval echo configure:1446: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
428 |
+if { (eval echo configure:1450: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
429 |
rm -rf conftest* |
430 |
# It does; now see whether it defined to BIG_ENDIAN or not. |
431 |
cat > conftest.$ac_ext <<EOF |
432 |
-#line 1450 "configure" |
433 |
+#line 1454 "configure" |
434 |
#include "confdefs.h" |
435 |
#include <sys/types.h> |
436 |
#include <sys/param.h> |
437 |
@@ -1457,7 +1461,7 @@ |
438 |
#endif |
439 |
; return 0; } |
440 |
EOF |
441 |
-if { (eval echo configure:1461: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
442 |
+if { (eval echo configure:1465: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
443 |
rm -rf conftest* |
444 |
ac_cv_c_bigendian=yes |
445 |
else |
446 |
@@ -1477,7 +1481,7 @@ |
447 |
{ echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } |
448 |
else |
449 |
cat > conftest.$ac_ext <<EOF |
450 |
-#line 1481 "configure" |
451 |
+#line 1485 "configure" |
452 |
#include "confdefs.h" |
453 |
main () { |
454 |
/* Are we little or big endian? From Harbison&Steele. */ |
455 |
@@ -1490,7 +1494,7 @@ |
456 |
exit (u.c[sizeof (long) - 1] == 1); |
457 |
} |
458 |
EOF |
459 |
-if { (eval echo configure:1494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
460 |
+if { (eval echo configure:1498: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
461 |
then |
462 |
ac_cv_c_bigendian=no |
463 |
else |
464 |
@@ -1514,12 +1518,12 @@ |
465 |
fi |
466 |
|
467 |
echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 |
468 |
-echo "configure:1518: checking for uid_t in sys/types.h" >&5 |
469 |
+echo "configure:1522: checking for uid_t in sys/types.h" >&5 |
470 |
if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then |
471 |
echo $ac_n "(cached) $ac_c" 1>&6 |
472 |
else |
473 |
cat > conftest.$ac_ext <<EOF |
474 |
-#line 1523 "configure" |
475 |
+#line 1527 "configure" |
476 |
#include "confdefs.h" |
477 |
#include <sys/types.h> |
478 |
EOF |
479 |
@@ -1548,12 +1552,12 @@ |
480 |
fi |
481 |
|
482 |
echo $ac_n "checking for off_t""... $ac_c" 1>&6 |
483 |
-echo "configure:1552: checking for off_t" >&5 |
484 |
+echo "configure:1556: checking for off_t" >&5 |
485 |
if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then |
486 |
echo $ac_n "(cached) $ac_c" 1>&6 |
487 |
else |
488 |
cat > conftest.$ac_ext <<EOF |
489 |
-#line 1557 "configure" |
490 |
+#line 1561 "configure" |
491 |
#include "confdefs.h" |
492 |
#include <sys/types.h> |
493 |
#if STDC_HEADERS |
494 |
@@ -1581,12 +1585,12 @@ |
495 |
fi |
496 |
|
497 |
echo $ac_n "checking for size_t""... $ac_c" 1>&6 |
498 |
-echo "configure:1585: checking for size_t" >&5 |
499 |
+echo "configure:1589: checking for size_t" >&5 |
500 |
if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then |
501 |
echo $ac_n "(cached) $ac_c" 1>&6 |
502 |
else |
503 |
cat > conftest.$ac_ext <<EOF |
504 |
-#line 1590 "configure" |
505 |
+#line 1594 "configure" |
506 |
#include "confdefs.h" |
507 |
#include <sys/types.h> |
508 |
#if STDC_HEADERS |
509 |
@@ -1614,12 +1618,12 @@ |
510 |
fi |
511 |
|
512 |
echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6 |
513 |
-echo "configure:1618: checking whether struct tm is in sys/time.h or time.h" >&5 |
514 |
+echo "configure:1622: checking whether struct tm is in sys/time.h or time.h" >&5 |
515 |
if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then |
516 |
echo $ac_n "(cached) $ac_c" 1>&6 |
517 |
else |
518 |
cat > conftest.$ac_ext <<EOF |
519 |
-#line 1623 "configure" |
520 |
+#line 1627 "configure" |
521 |
#include "confdefs.h" |
522 |
#include <sys/types.h> |
523 |
#include <time.h> |
524 |
@@ -1627,7 +1631,7 @@ |
525 |
struct tm *tp; tp->tm_sec; |
526 |
; return 0; } |
527 |
EOF |
528 |
-if { (eval echo configure:1631: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
529 |
+if { (eval echo configure:1635: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
530 |
rm -rf conftest* |
531 |
ac_cv_struct_tm=time.h |
532 |
else |
533 |
@@ -1649,7 +1653,7 @@ |
534 |
|
535 |
|
536 |
echo $ac_n "checking size of char""... $ac_c" 1>&6 |
537 |
-echo "configure:1653: checking size of char" >&5 |
538 |
+echo "configure:1657: checking size of char" >&5 |
539 |
if eval "test \"`echo '$''{'ac_cv_sizeof_char'+set}'`\" = set"; then |
540 |
echo $ac_n "(cached) $ac_c" 1>&6 |
541 |
else |
542 |
@@ -1657,7 +1661,7 @@ |
543 |
ac_cv_sizeof_char=1 |
544 |
else |
545 |
cat > conftest.$ac_ext <<EOF |
546 |
-#line 1661 "configure" |
547 |
+#line 1665 "configure" |
548 |
#include "confdefs.h" |
549 |
#include <stdio.h> |
550 |
main() |
551 |
@@ -1668,7 +1672,7 @@ |
552 |
exit(0); |
553 |
} |
554 |
EOF |
555 |
-if { (eval echo configure:1672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
556 |
+if { (eval echo configure:1676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
557 |
then |
558 |
ac_cv_sizeof_char=`cat conftestval` |
559 |
else |
560 |
@@ -1688,7 +1692,7 @@ |
561 |
|
562 |
|
563 |
echo $ac_n "checking size of short int""... $ac_c" 1>&6 |
564 |
-echo "configure:1692: checking size of short int" >&5 |
565 |
+echo "configure:1696: checking size of short int" >&5 |
566 |
if eval "test \"`echo '$''{'ac_cv_sizeof_short_int'+set}'`\" = set"; then |
567 |
echo $ac_n "(cached) $ac_c" 1>&6 |
568 |
else |
569 |
@@ -1696,7 +1700,7 @@ |
570 |
ac_cv_sizeof_short_int=2 |
571 |
else |
572 |
cat > conftest.$ac_ext <<EOF |
573 |
-#line 1700 "configure" |
574 |
+#line 1704 "configure" |
575 |
#include "confdefs.h" |
576 |
#include <stdio.h> |
577 |
main() |
578 |
@@ -1707,7 +1711,7 @@ |
579 |
exit(0); |
580 |
} |
581 |
EOF |
582 |
-if { (eval echo configure:1711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
583 |
+if { (eval echo configure:1715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
584 |
then |
585 |
ac_cv_sizeof_short_int=`cat conftestval` |
586 |
else |
587 |
@@ -1727,7 +1731,7 @@ |
588 |
|
589 |
|
590 |
echo $ac_n "checking size of int""... $ac_c" 1>&6 |
591 |
-echo "configure:1731: checking size of int" >&5 |
592 |
+echo "configure:1735: checking size of int" >&5 |
593 |
if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then |
594 |
echo $ac_n "(cached) $ac_c" 1>&6 |
595 |
else |
596 |
@@ -1735,7 +1739,7 @@ |
597 |
ac_cv_sizeof_int=4 |
598 |
else |
599 |
cat > conftest.$ac_ext <<EOF |
600 |
-#line 1739 "configure" |
601 |
+#line 1743 "configure" |
602 |
#include "confdefs.h" |
603 |
#include <stdio.h> |
604 |
main() |
605 |
@@ -1746,7 +1750,7 @@ |
606 |
exit(0); |
607 |
} |
608 |
EOF |
609 |
-if { (eval echo configure:1750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
610 |
+if { (eval echo configure:1754: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
611 |
then |
612 |
ac_cv_sizeof_int=`cat conftestval` |
613 |
else |
614 |
@@ -1766,7 +1770,7 @@ |
615 |
|
616 |
|
617 |
echo $ac_n "checking size of long int""... $ac_c" 1>&6 |
618 |
-echo "configure:1770: checking size of long int" >&5 |
619 |
+echo "configure:1774: checking size of long int" >&5 |
620 |
if eval "test \"`echo '$''{'ac_cv_sizeof_long_int'+set}'`\" = set"; then |
621 |
echo $ac_n "(cached) $ac_c" 1>&6 |
622 |
else |
623 |
@@ -1774,7 +1778,7 @@ |
624 |
ac_cv_sizeof_long_int=4 |
625 |
else |
626 |
cat > conftest.$ac_ext <<EOF |
627 |
-#line 1778 "configure" |
628 |
+#line 1782 "configure" |
629 |
#include "confdefs.h" |
630 |
#include <stdio.h> |
631 |
main() |
632 |
@@ -1785,7 +1789,7 @@ |
633 |
exit(0); |
634 |
} |
635 |
EOF |
636 |
-if { (eval echo configure:1789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
637 |
+if { (eval echo configure:1793: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
638 |
then |
639 |
ac_cv_sizeof_long_int=`cat conftestval` |
640 |
else |
641 |
@@ -1805,7 +1809,7 @@ |
642 |
|
643 |
|
644 |
echo $ac_n "checking size of long long int""... $ac_c" 1>&6 |
645 |
-echo "configure:1809: checking size of long long int" >&5 |
646 |
+echo "configure:1813: checking size of long long int" >&5 |
647 |
if eval "test \"`echo '$''{'ac_cv_sizeof_long_long_int'+set}'`\" = set"; then |
648 |
echo $ac_n "(cached) $ac_c" 1>&6 |
649 |
else |
650 |
@@ -1813,7 +1817,7 @@ |
651 |
ac_cv_sizeof_long_long_int=8 |
652 |
else |
653 |
cat > conftest.$ac_ext <<EOF |
654 |
-#line 1817 "configure" |
655 |
+#line 1821 "configure" |
656 |
#include "confdefs.h" |
657 |
#include <stdio.h> |
658 |
main() |
659 |
@@ -1824,7 +1828,7 @@ |
660 |
exit(0); |
661 |
} |
662 |
EOF |
663 |
-if { (eval echo configure:1828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
664 |
+if { (eval echo configure:1832: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
665 |
then |
666 |
ac_cv_sizeof_long_long_int=`cat conftestval` |
667 |
else |
668 |
@@ -1854,7 +1858,7 @@ |
669 |
fi |
670 |
CFLAGS="$CFLAGS -D_HPUX_SOURCE" |
671 |
echo $ac_n "checking for HPUX trusted system password database""... $ac_c" 1>&6 |
672 |
-echo "configure:1858: checking for HPUX trusted system password database" >&5 |
673 |
+echo "configure:1862: checking for HPUX trusted system password database" >&5 |
674 |
if test -f /tcb/files/auth/system/default; then |
675 |
echo "$ac_t""yes" 1>&6 |
676 |
cat >> confdefs.h <<\EOF |
677 |
@@ -1903,16 +1907,16 @@ |
678 |
|
679 |
|
680 |
echo $ac_n "checking for intXX_t types""... $ac_c" 1>&6 |
681 |
-echo "configure:1907: checking for intXX_t types" >&5 |
682 |
+echo "configure:1911: checking for intXX_t types" >&5 |
683 |
cat > conftest.$ac_ext <<EOF |
684 |
-#line 1909 "configure" |
685 |
+#line 1913 "configure" |
686 |
#include "confdefs.h" |
687 |
#include <sys/types.h> |
688 |
int main() { |
689 |
int16_t a; int32_t b; a = 1235; b = 1235; |
690 |
; return 0; } |
691 |
EOF |
692 |
-if { (eval echo configure:1916: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
693 |
+if { (eval echo configure:1920: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
694 |
rm -rf conftest* |
695 |
|
696 |
cat >> confdefs.h <<\EOF |
697 |
@@ -1932,16 +1936,16 @@ |
698 |
rm -f conftest* |
699 |
|
700 |
echo $ac_n "checking for u_intXX_t types""... $ac_c" 1>&6 |
701 |
-echo "configure:1936: checking for u_intXX_t types" >&5 |
702 |
+echo "configure:1940: checking for u_intXX_t types" >&5 |
703 |
cat > conftest.$ac_ext <<EOF |
704 |
-#line 1938 "configure" |
705 |
+#line 1942 "configure" |
706 |
#include "confdefs.h" |
707 |
#include <sys/types.h> |
708 |
int main() { |
709 |
u_int16_t c; u_int32_t d; c = 1235; d = 1235; |
710 |
; return 0; } |
711 |
EOF |
712 |
-if { (eval echo configure:1945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
713 |
+if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
714 |
rm -rf conftest* |
715 |
|
716 |
cat >> confdefs.h <<\EOF |
717 |
@@ -1964,9 +1968,9 @@ |
718 |
"x$ac_cv_header_sys_bitypes_h" = "xyes" |
719 |
then |
720 |
echo $ac_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h""... $ac_c" 1>&6 |
721 |
-echo "configure:1968: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 |
722 |
+echo "configure:1972: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 |
723 |
cat > conftest.$ac_ext <<EOF |
724 |
-#line 1970 "configure" |
725 |
+#line 1974 "configure" |
726 |
#include "confdefs.h" |
727 |
#include <sys/bitypes.h> |
728 |
int main() { |
729 |
@@ -1978,7 +1982,7 @@ |
730 |
|
731 |
; return 0; } |
732 |
EOF |
733 |
-if { (eval echo configure:1982: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
734 |
+if { (eval echo configure:1986: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
735 |
rm -rf conftest* |
736 |
|
737 |
cat >> confdefs.h <<\EOF |
738 |
@@ -2002,16 +2006,16 @@ |
739 |
fi |
740 |
|
741 |
echo $ac_n "checking for uintXX_t types""... $ac_c" 1>&6 |
742 |
-echo "configure:2006: checking for uintXX_t types" >&5 |
743 |
+echo "configure:2010: checking for uintXX_t types" >&5 |
744 |
cat > conftest.$ac_ext <<EOF |
745 |
-#line 2008 "configure" |
746 |
+#line 2012 "configure" |
747 |
#include "confdefs.h" |
748 |
#include <sys/types.h> |
749 |
int main() { |
750 |
uint16_t c; uint32_t d; c = 1235; d = 1235; |
751 |
; return 0; } |
752 |
EOF |
753 |
-if { (eval echo configure:2015: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
754 |
+if { (eval echo configure:2019: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
755 |
rm -rf conftest* |
756 |
|
757 |
cat >> confdefs.h <<\EOF |
758 |
@@ -2054,7 +2058,7 @@ |
759 |
|
760 |
|
761 |
echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6 |
762 |
-echo "configure:2058: checking for 8-bit clean memcmp" >&5 |
763 |
+echo "configure:2062: checking for 8-bit clean memcmp" >&5 |
764 |
if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then |
765 |
echo $ac_n "(cached) $ac_c" 1>&6 |
766 |
else |
767 |
@@ -2062,7 +2066,7 @@ |
768 |
ac_cv_func_memcmp_clean=no |
769 |
else |
770 |
cat > conftest.$ac_ext <<EOF |
771 |
-#line 2066 "configure" |
772 |
+#line 2070 "configure" |
773 |
#include "confdefs.h" |
774 |
|
775 |
main() |
776 |
@@ -2072,7 +2076,7 @@ |
777 |
} |
778 |
|
779 |
EOF |
780 |
-if { (eval echo configure:2076: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
781 |
+if { (eval echo configure:2080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null |
782 |
then |
783 |
ac_cv_func_memcmp_clean=yes |
784 |
else |
785 |
@@ -2090,12 +2094,12 @@ |
786 |
test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}" |
787 |
|
788 |
echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 |
789 |
-echo "configure:2094: checking return type of signal handlers" >&5 |
790 |
+echo "configure:2098: checking return type of signal handlers" >&5 |
791 |
if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then |
792 |
echo $ac_n "(cached) $ac_c" 1>&6 |
793 |
else |
794 |
cat > conftest.$ac_ext <<EOF |
795 |
-#line 2099 "configure" |
796 |
+#line 2103 "configure" |
797 |
#include "confdefs.h" |
798 |
#include <sys/types.h> |
799 |
#include <signal.h> |
800 |
@@ -2112,7 +2116,7 @@ |
801 |
int i; |
802 |
; return 0; } |
803 |
EOF |
804 |
-if { (eval echo configure:2116: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
805 |
+if { (eval echo configure:2120: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then |
806 |
rm -rf conftest* |
807 |
ac_cv_type_signal=void |
808 |
else |
809 |
@@ -2131,12 +2135,12 @@ |
810 |
|
811 |
|
812 |
echo $ac_n "checking for strftime""... $ac_c" 1>&6 |
813 |
-echo "configure:2135: checking for strftime" >&5 |
814 |
+echo "configure:2139: checking for strftime" >&5 |
815 |
if eval "test \"`echo '$''{'ac_cv_func_strftime'+set}'`\" = set"; then |
816 |
echo $ac_n "(cached) $ac_c" 1>&6 |
817 |
else |
818 |
cat > conftest.$ac_ext <<EOF |
819 |
-#line 2140 "configure" |
820 |
+#line 2144 "configure" |
821 |
#include "confdefs.h" |
822 |
/* System header to define __stub macros and hopefully few prototypes, |
823 |
which can conflict with char strftime(); below. */ |
824 |
@@ -2159,7 +2163,7 @@ |
825 |
|
826 |
; return 0; } |
827 |
EOF |
828 |
-if { (eval echo configure:2163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
829 |
+if { (eval echo configure:2167: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
830 |
rm -rf conftest* |
831 |
eval "ac_cv_func_strftime=yes" |
832 |
else |
833 |
@@ -2181,7 +2185,7 @@ |
834 |
echo "$ac_t""no" 1>&6 |
835 |
# strftime is in -lintl on SCO UNIX. |
836 |
echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6 |
837 |
-echo "configure:2185: checking for strftime in -lintl" >&5 |
838 |
+echo "configure:2189: checking for strftime in -lintl" >&5 |
839 |
ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'` |
840 |
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then |
841 |
echo $ac_n "(cached) $ac_c" 1>&6 |
842 |
@@ -2189,7 +2193,7 @@ |
843 |
ac_save_LIBS="$LIBS" |
844 |
LIBS="-lintl $LIBS" |
845 |
cat > conftest.$ac_ext <<EOF |
846 |
-#line 2193 "configure" |
847 |
+#line 2197 "configure" |
848 |
#include "confdefs.h" |
849 |
/* Override any gcc2 internal prototype to avoid an error. */ |
850 |
/* We use char because int might match the return type of a gcc2 |
851 |
@@ -2200,7 +2204,7 @@ |
852 |
strftime() |
853 |
; return 0; } |
854 |
EOF |
855 |
-if { (eval echo configure:2204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
856 |
+if { (eval echo configure:2208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
857 |
rm -rf conftest* |
858 |
eval "ac_cv_lib_$ac_lib_var=yes" |
859 |
else |
860 |
@@ -2227,12 +2231,12 @@ |
861 |
fi |
862 |
|
863 |
echo $ac_n "checking for vprintf""... $ac_c" 1>&6 |
864 |
-echo "configure:2231: checking for vprintf" >&5 |
865 |
+echo "configure:2235: checking for vprintf" >&5 |
866 |
if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then |
867 |
echo $ac_n "(cached) $ac_c" 1>&6 |
868 |
else |
869 |
cat > conftest.$ac_ext <<EOF |
870 |
-#line 2236 "configure" |
871 |
+#line 2240 "configure" |
872 |
#include "confdefs.h" |
873 |
/* System header to define __stub macros and hopefully few prototypes, |
874 |
which can conflict with char vprintf(); below. */ |
875 |
@@ -2255,7 +2259,7 @@ |
876 |
|
877 |
; return 0; } |
878 |
EOF |
879 |
-if { (eval echo configure:2259: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
880 |
+if { (eval echo configure:2263: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
881 |
rm -rf conftest* |
882 |
eval "ac_cv_func_vprintf=yes" |
883 |
else |
884 |
@@ -2279,12 +2283,12 @@ |
885 |
|
886 |
if test "$ac_cv_func_vprintf" != yes; then |
887 |
echo $ac_n "checking for _doprnt""... $ac_c" 1>&6 |
888 |
-echo "configure:2283: checking for _doprnt" >&5 |
889 |
+echo "configure:2287: checking for _doprnt" >&5 |
890 |
if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then |
891 |
echo $ac_n "(cached) $ac_c" 1>&6 |
892 |
else |
893 |
cat > conftest.$ac_ext <<EOF |
894 |
-#line 2288 "configure" |
895 |
+#line 2292 "configure" |
896 |
#include "confdefs.h" |
897 |
/* System header to define __stub macros and hopefully few prototypes, |
898 |
which can conflict with char _doprnt(); below. */ |
899 |
@@ -2307,7 +2311,7 @@ |
900 |
|
901 |
; return 0; } |
902 |
EOF |
903 |
-if { (eval echo configure:2311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
904 |
+if { (eval echo configure:2315: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
905 |
rm -rf conftest* |
906 |
eval "ac_cv_func__doprnt=yes" |
907 |
else |
908 |
@@ -2334,12 +2338,12 @@ |
909 |
for ac_func in gethostname strcspn strdup strerror strspn strtol flock fcntl lockf strlcpy setusercontext |
910 |
do |
911 |
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 |
912 |
-echo "configure:2338: checking for $ac_func" >&5 |
913 |
+echo "configure:2342: checking for $ac_func" >&5 |
914 |
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then |
915 |
echo $ac_n "(cached) $ac_c" 1>&6 |
916 |
else |
917 |
cat > conftest.$ac_ext <<EOF |
918 |
-#line 2343 "configure" |
919 |
+#line 2347 "configure" |
920 |
#include "confdefs.h" |
921 |
/* System header to define __stub macros and hopefully few prototypes, |
922 |
which can conflict with char $ac_func(); below. */ |
923 |
@@ -2362,7 +2366,7 @@ |
924 |
|
925 |
; return 0; } |
926 |
EOF |
927 |
-if { (eval echo configure:2366: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
928 |
+if { (eval echo configure:2370: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then |
929 |
rm -rf conftest* |
930 |
eval "ac_cv_func_$ac_func=yes" |
931 |
else |
932 |
--- skey-1.1.5.orig/configure.in 2001-05-10 17:10:49.000000000 +0100 |
933 |
+++ skey-1.1.5/configure.in 2003-11-06 17:47:14.000000000 +0000 |
934 |
@@ -9,19 +9,19 @@ |
935 |
AC_CHECK_PROG(AR, ar, ar) |
936 |
AC_PATH_PROG(PERL, perl) |
937 |
AC_PATH_PROG(TOUCH, touch) |
938 |
-AC_PATH_PROG(SENDMAIL, sendmail, /usr/lib/sendmail, $PATH:/usr/sbin:/usr/lib:/usr/bin) |
939 |
AC_SUBST(PERL) |
940 |
AC_SUBST(SENDMAIL) |
941 |
|
942 |
dnl Checks for libraries. |
943 |
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") |
944 |
AC_CHECK_LIB(ucb, flock, LIBS="$LIBS -lucb" LDFLAGS="$LDFLAGS -L/usr/ucblib") |
945 |
+AC_CHECK_LIB(crack, FascistCheck, LIBS="$LIBS -lcrack") |
946 |
|
947 |
|
948 |
dnl Checks for header files. |
949 |
AC_HEADER_STDC |
950 |
AC_HEADER_SYS_WAIT |
951 |
-AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h) |
952 |
+AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h) |
953 |
|
954 |
dnl Checks for typedefs, structures, and compiler characteristics. |
955 |
AC_C_CONST |
956 |
--- skey-1.1.5.orig/login_cap.c 2001-05-10 17:10:49.000000000 +0100 |
957 |
+++ skey-1.1.5/login_cap.c 2003-11-06 17:46:45.000000000 +0000 |
958 |
@@ -37,6 +37,7 @@ |
959 |
#include <errno.h> |
960 |
#include <unistd.h> |
961 |
#include <pwd.h> |
962 |
+#include <grp.h> |
963 |
#include <syslog.h> |
964 |
|
965 |
/* |
966 |
--- skey-1.1.5.orig/Makefile.in 2001-05-10 17:10:49.000000000 +0100 |
967 |
+++ skey-1.1.5/Makefile.in 2003-11-06 17:47:42.000000000 +0000 |
968 |
@@ -27,12 +27,11 @@ |
969 |
TOUCH=@TOUCH@ |
970 |
LDFLAGS=-L. @LDFLAGS@ |
971 |
|
972 |
-TARGETS=skey skeyinit skeyinfo skeyaudit |
973 |
-LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o rmd160.o rmd160hl.o sha1.o sha1hl.o flock.o strlcpy.o login_cap.o |
974 |
+TARGETS=skey skeyinit skeyinfo libskey.a |
975 |
+LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o sha1.o sha1hl.o flock.o login_cap.o |
976 |
SKEYOBJS=skey.o |
977 |
SKEYINITOBJS=skeyinit.o |
978 |
SKEYINFOOBJS=skeyinfo.o |
979 |
-SKEYAUDITOBJS=skeyaudit.o |
980 |
|
981 |
|
982 |
SCRIPTS=skeyprune.pl |
983 |
@@ -41,11 +40,11 @@ |
984 |
CATMAN = skey.0 skeyinit.0 skeyinfo.0 skeyaudit.0 skeyprune.0 |
985 |
MANPAGES = @MANTYPE@ |
986 |
|
987 |
-PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} -D/usr/lib/sendmail=${SENDMAIL} |
988 |
+PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} |
989 |
|
990 |
FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) |
991 |
|
992 |
-HDRS= skey.h sha1.h rmd160.h |
993 |
+HDRS= skey.h sha1.h |
994 |
|
995 |
all: ${TARGETS} ${MANPAGES} |
996 |
|
997 |
@@ -55,24 +54,27 @@ |
998 |
${AR} rv $@ ${LIBOBJS} |
999 |
${RANLIB} $@ |
1000 |
|
1001 |
-skey: libskey.a ${SKEYOBJS} |
1002 |
+libskey.so: ${LIBOBJS} |
1003 |
+ ${CC} ${LDFLAGS} -shared -Wl,-soname,libskey.so.1 -o libskey.so.1.1.5 ${LIBOBJS} |
1004 |
+ ln -fs libskey.so.1.1.5 libskey.so |
1005 |
+ ln -fs libskey.so.1.1.5 libskey.so.1 |
1006 |
+ ln -fs libskey.so.1.1.5 libskey.so.1.1 |
1007 |
+ |
1008 |
+skey: libskey.so ${SKEYOBJS} |
1009 |
${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS} |
1010 |
|
1011 |
-skeyinit: libskey.a ${SKEYINITOBJS} |
1012 |
+skeyinit: libskey.so ${SKEYINITOBJS} |
1013 |
${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} |
1014 |
|
1015 |
-skeyinfo: libskey.a ${SKEYINFOOBJS} |
1016 |
+skeyinfo: libskey.so ${SKEYINFOOBJS} |
1017 |
${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS} |
1018 |
|
1019 |
-skeyaudit: libskey.a ${SKEYAUDITOBJS} |
1020 |
- ${CC} -o $@ ${SKEYAUDITOBJS} ${LDFLAGS} -lskey ${LIBS} |
1021 |
- |
1022 |
${MANPAGES} ${SCRIPTS}:: |
1023 |
${FIXPATHSCMD} ${srcdir}/$@ |
1024 |
|
1025 |
clean: |
1026 |
rm -f *.o *.a ${TARGETS} config.status config.cache config.log |
1027 |
- rm -f *.out core |
1028 |
+ rm -f *.out core *.so *.so.* |
1029 |
|
1030 |
distclean: clean |
1031 |
rm -f Makefile config.h core *~ |
1032 |
@@ -97,6 +99,10 @@ |
1033 |
$(INSTALL) -d $(DESTDIR)$(includedir) |
1034 |
$(INSTALL) -d $(DESTDIR)$(sysconfdir) |
1035 |
${INSTALL_DATA} libskey.a $(DESTDIR)$(libdir) |
1036 |
+ ${INSTALL_DATA} libskey.so.1.1.5 $(DESTDIR)$(libdir) |
1037 |
+ ${INSTALL_DATA} libskey.so.1.1 $(DESTDIR)$(libdir) |
1038 |
+ ${INSTALL_DATA} libskey.so.1 $(DESTDIR)$(libdir) |
1039 |
+ ${INSTALL_DATA} libskey.so $(DESTDIR)$(libdir) |
1040 |
${INSTALL_DATA} ${HDRS} $(DESTDIR)$(includedir) |
1041 |
@for target in ${TARGETS}; do \ |
1042 |
${INSTALL_PROGRAM} $$target $(DESTDIR)$(bindir); \ |
1043 |
@@ -119,9 +125,9 @@ |
1044 |
-rm -f $(DESTDIR)$(bindir)/skeyaudit |
1045 |
-rm -f $(DESTDIR)$(bindir)/skeyprune |
1046 |
-rm -f $(DESTDIR)$(libdir)/libskey.a |
1047 |
+ -rm -f $(DESTDIR)$(libdir)/libskey.so* |
1048 |
-rm -f $(DESTDIR)$(includedir)/skey.h |
1049 |
-rm -f $(DESTDIR)$(includedir)/sha1.h |
1050 |
- -rm -f $(DESTDIR)$(includedir)/rmd160.h |
1051 |
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skey.1 |
1052 |
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinfo.1 |
1053 |
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinit.1 |
1054 |
--- skey-1.1.5.orig/put.c 2001-05-10 17:10:49.000000000 +0100 |
1055 |
+++ skey-1.1.5/put.c 2003-11-06 17:46:45.000000000 +0000 |
1056 |
@@ -14,7 +14,7 @@ |
1057 |
#include <stdio.h> |
1058 |
#include <string.h> |
1059 |
#include <assert.h> |
1060 |
-/*#include <ctype.h>*/ |
1061 |
+#include <ctype.h> |
1062 |
#include "config.h" |
1063 |
|
1064 |
#include "skey.h" |
1065 |
@@ -22,10 +22,10 @@ |
1066 |
static unsigned int extract __P ((char *s, int start, int length)); |
1067 |
static void standard __P ((char *word)); |
1068 |
static void insert __P ((char *s, int x, int start, int length)); |
1069 |
-static int wsrch __P ((char *w, int low, int high)); |
1070 |
+static int wsrch __P ((const char *w, int low, int high)); |
1071 |
|
1072 |
/* Dictionary for integer-word translations */ |
1073 |
-static char Wp[2048][4] = { |
1074 |
+char Wp[2048][4] = { |
1075 |
"A", |
1076 |
"ABE", |
1077 |
"ACE", |
1078 |
@@ -2079,19 +2079,13 @@ |
1079 |
/* Encode 8 bytes in 'c' as a string of English words. |
1080 |
* Returns a pointer to a static buffer |
1081 |
*/ |
1082 |
-char * |
1083 |
-btoe(engout, c) |
1084 |
- char *c; |
1085 |
- char *engout; |
1086 |
+char *btoe(char *engout, const char *c) |
1087 |
{ |
1088 |
- char cp[10]; /* add in room for the parity 2 bits + extract() slop */ |
1089 |
+ char cp[9]; /* add in room for the parity 2 bits */ |
1090 |
int p, i; |
1091 |
|
1092 |
engout[0] = '\0'; |
1093 |
- |
1094 |
- /* workaround for extract() reads beyond end of data */ |
1095 |
- (void)memset(cp, 0, sizeof(cp)); |
1096 |
- (void)memcpy(cp, c, 8); |
1097 |
+ memcpy(cp, c, 8); |
1098 |
|
1099 |
/* compute parity */ |
1100 |
for (p = 0, i = 0; i < 64; i += 2) |
1101 |
@@ -2099,20 +2093,20 @@ |
1102 |
|
1103 |
cp[8] = (char)p << 6; |
1104 |
|
1105 |
- (void)strncat(engout, &Wp[extract (cp, 0, 11)][0], 4); |
1106 |
- (void)strcat(engout, " "); |
1107 |
- (void)strncat(engout, &Wp[extract (cp, 11, 11)][0], 4); |
1108 |
- (void)strcat(engout, " "); |
1109 |
- (void)strncat(engout, &Wp[extract (cp, 22, 11)][0], 4); |
1110 |
- (void)strcat(engout, " "); |
1111 |
- (void)strncat(engout, &Wp[extract (cp, 33, 11)][0], 4); |
1112 |
- (void)strcat(engout, " "); |
1113 |
- (void)strncat(engout, &Wp[extract (cp, 44, 11)][0], 4); |
1114 |
- (void)strcat(engout, " "); |
1115 |
- (void)strncat(engout, &Wp[extract (cp, 55, 11)][0], 4); |
1116 |
+ strncat(engout, &Wp[extract (cp, 0, 11)][0], 4); |
1117 |
+ strcat(engout, " "); |
1118 |
+ strncat(engout, &Wp[extract (cp, 11, 11)][0], 4); |
1119 |
+ strcat(engout, " "); |
1120 |
+ strncat(engout, &Wp[extract (cp, 22, 11)][0], 4); |
1121 |
+ strcat(engout, " "); |
1122 |
+ strncat(engout, &Wp[extract (cp, 33, 11)][0], 4); |
1123 |
+ strcat(engout, " "); |
1124 |
+ strncat(engout, &Wp[extract (cp, 44, 11)][0], 4); |
1125 |
+ strcat(engout, " "); |
1126 |
+ strncat(engout, &Wp[extract (cp, 55, 11)][0], 4); |
1127 |
|
1128 |
#ifdef notdef |
1129 |
- (void)fprintf(stderr, "engout is %s\n\r", engout); |
1130 |
+ printf ("engout is %s\n\r", engout); |
1131 |
#endif |
1132 |
return(engout); |
1133 |
} |
1134 |
@@ -2123,41 +2117,42 @@ |
1135 |
* -1 badly formed in put ie > 4 char word |
1136 |
* -2 words OK but parity is wrong |
1137 |
*/ |
1138 |
-int |
1139 |
-etob(out, e) |
1140 |
- char *out; |
1141 |
- char *e; |
1142 |
+int etob(char *out, const char *e) |
1143 |
{ |
1144 |
char *word; |
1145 |
int i, p, v, l, low, high; |
1146 |
- char b[SKEY_BINKEY_SIZE+1]; |
1147 |
+ char b[9]; |
1148 |
char input[36]; |
1149 |
+ char *last; |
1150 |
|
1151 |
if (e == NULL) |
1152 |
- return(-1); |
1153 |
+ return -1; |
1154 |
|
1155 |
- (void)strncpy(input, e, sizeof(input) - 1); |
1156 |
- input[sizeof(input) - 1] = '\0'; |
1157 |
- (void)memset(b, 0, sizeof(b)); |
1158 |
- (void)memset(out, 0, SKEY_BINKEY_SIZE); |
1159 |
- for (i = 0, p = 0; i < 6; i++, p += 11) { |
1160 |
- if ((word = strtok(i == 0 ? input : NULL, " ")) == NULL) |
1161 |
- return(-1); |
1162 |
- |
1163 |
- l = strlen(word); |
1164 |
- if (l > 4 || l < 1) { |
1165 |
- return(-1); |
1166 |
- } else if (l < 4) { |
1167 |
+ strncpy (input, e, sizeof(input)); |
1168 |
+ memset(b, 0, sizeof(b)); |
1169 |
+ memset(out, 0, 8); |
1170 |
+ for (i = 0, p = 0; i < 6; i++, p += 11) |
1171 |
+ { |
1172 |
+ if ((word = strtok_r(i == 0 ? input : NULL, " ", &last)) == NULL) |
1173 |
+ return -1; |
1174 |
+ |
1175 |
+ l = strlen (word); |
1176 |
+ if (l > 4 || l < 1) |
1177 |
+ return -1; |
1178 |
+ else if (l < 4) |
1179 |
+ { |
1180 |
low = 0; |
1181 |
high = 570; |
1182 |
- } else { |
1183 |
+ } |
1184 |
+ else |
1185 |
+ { |
1186 |
low = 571; |
1187 |
high = 2047; |
1188 |
} |
1189 |
standard(word); |
1190 |
|
1191 |
if ((v = wsrch(word, low, high)) < 0) |
1192 |
- return(0); |
1193 |
+ return 0; |
1194 |
|
1195 |
insert(b, v, p, 11); |
1196 |
} |
1197 |
@@ -2167,55 +2162,47 @@ |
1198 |
p += extract (b, i, 2); |
1199 |
|
1200 |
if ((p & 3) != extract (b, 64, 2)) |
1201 |
- return(-2); |
1202 |
+ return -2; |
1203 |
|
1204 |
- (void)memcpy(out, b, SKEY_BINKEY_SIZE); |
1205 |
+ memcpy(out, b, 8); |
1206 |
|
1207 |
- return(1); |
1208 |
+ return 1; |
1209 |
} |
1210 |
|
1211 |
/* Display 8 bytes as a series of 16-bit hex digits */ |
1212 |
-char * |
1213 |
-put8(out, s) |
1214 |
- char *out; |
1215 |
- char *s; |
1216 |
+char *put8(char *out, const char *s) |
1217 |
{ |
1218 |
- (void)sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X", |
1219 |
+ sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X", |
1220 |
s[0] & 0xff, s[1] & 0xff, s[2] & 0xff, |
1221 |
s[3] & 0xff, s[4] & 0xff, s[5] & 0xff, |
1222 |
s[6] & 0xff, s[7] & 0xff); |
1223 |
- return(out); |
1224 |
+ return out; |
1225 |
} |
1226 |
|
1227 |
#ifdef notdef |
1228 |
/* Encode 8 bytes in 'cp' as stream of ascii letters. |
1229 |
* Provided as a possible alternative to btoe() |
1230 |
*/ |
1231 |
-char * |
1232 |
-btoc(cp) |
1233 |
- char *cp; |
1234 |
+char *btoc(char *cp) |
1235 |
{ |
1236 |
int i; |
1237 |
static char out[31]; |
1238 |
|
1239 |
/* code out put by characters 6 bits each added to 0x21 (!) */ |
1240 |
- for (i = 0; i <= 10; i++) { |
1241 |
+ for (i = 0; i <= 10; i++) |
1242 |
+ { |
1243 |
/* last one is only 4 bits not 6 */ |
1244 |
out[i] = '!' + extract (cp, 6 * i, i >= 10 ? 4 : 6); |
1245 |
} |
1246 |
out[i] = '\0'; |
1247 |
- return(out); |
1248 |
+ return out; |
1249 |
} |
1250 |
#endif |
1251 |
|
1252 |
/* Internal subroutines for word encoding/decoding */ |
1253 |
|
1254 |
/* Dictionary binary search */ |
1255 |
-static int |
1256 |
-wsrch(w, low, high) |
1257 |
- char *w; |
1258 |
- int low; |
1259 |
- int high; |
1260 |
+static int wsrch(const char *w, int low, int high) |
1261 |
{ |
1262 |
int i, j; |
1263 |
|
1264 |
@@ -2223,18 +2210,18 @@ |
1265 |
i = (low + high) / 2; |
1266 |
|
1267 |
if ((j = strncmp(w, Wp[i], 4)) == 0) |
1268 |
- return(i); /* Found it */ |
1269 |
- |
1270 |
- if (high == low + 1) { |
1271 |
+ return i; /* Found it */ |
1272 |
+ if (high == low + 1) |
1273 |
+ { |
1274 |
/* Avoid effects of integer truncation in /2 */ |
1275 |
if (strncmp(w, Wp[high], 4) == 0) |
1276 |
- return(high); |
1277 |
+ return high; |
1278 |
else |
1279 |
- return(-1); |
1280 |
+ return -1; |
1281 |
} |
1282 |
|
1283 |
if (low >= high) |
1284 |
- return(-1); /* I don't *think* this can happen... */ |
1285 |
+ return -1; /* I don't *think* this can happen... */ |
1286 |
if (j < 0) |
1287 |
high = i; /* Search lower half */ |
1288 |
else |
1289 |
@@ -2242,12 +2229,7 @@ |
1290 |
} |
1291 |
} |
1292 |
|
1293 |
-static void |
1294 |
-insert(s, x, start, length) |
1295 |
- char *s; |
1296 |
- int x; |
1297 |
- int start; |
1298 |
- int length; |
1299 |
+static void insert(char *s, int x, int start, int length) |
1300 |
{ |
1301 |
unsigned char cl; |
1302 |
unsigned char cc; |
1303 |
@@ -2261,25 +2243,28 @@ |
1304 |
assert(start + length <= 66); |
1305 |
|
1306 |
shift = ((8 - ((start + length) % 8)) % 8); |
1307 |
- y = x << shift; |
1308 |
+ y = (int) x << shift; |
1309 |
cl = (y >> 16) & 0xff; |
1310 |
cc = (y >> 8) & 0xff; |
1311 |
cr = y & 0xff; |
1312 |
- if (shift + length > 16) { |
1313 |
+ if (shift + length > 16) |
1314 |
+ { |
1315 |
s[start / 8] |= cl; |
1316 |
s[start / 8 + 1] |= cc; |
1317 |
s[start / 8 + 2] |= cr; |
1318 |
- } else if (shift + length > 8) { |
1319 |
+ } |
1320 |
+ else if (shift + length > 8) |
1321 |
+ { |
1322 |
s[start / 8] |= cc; |
1323 |
s[start / 8 + 1] |= cr; |
1324 |
- } else { |
1325 |
+ } |
1326 |
+ else |
1327 |
+ { |
1328 |
s[start / 8] |= cr; |
1329 |
} |
1330 |
} |
1331 |
|
1332 |
-static void |
1333 |
-standard(word) |
1334 |
- register char *word; |
1335 |
+static void standard(char *word) |
1336 |
{ |
1337 |
while (*word) { |
1338 |
if (!isascii(*word)) |
1339 |
@@ -2297,11 +2282,7 @@ |
1340 |
} |
1341 |
|
1342 |
/* Extract 'length' bits from the char array 's' starting with bit 'start' */ |
1343 |
-static unsigned int |
1344 |
-extract(s, start, length) |
1345 |
- char *s; |
1346 |
- int start; |
1347 |
- int length; |
1348 |
+static unsigned int extract(char *s, int start, int length) |
1349 |
{ |
1350 |
unsigned char cl; |
1351 |
unsigned char cc; |
1352 |
@@ -2320,5 +2301,5 @@ |
1353 |
x = x >> (24 - (length + (start % 8))); |
1354 |
x = (x & (0xffff >> (16 - length))); |
1355 |
|
1356 |
- return(x); |
1357 |
+ return x; |
1358 |
} |
1359 |
--- skey-1.1.5.orig/rmd160.c 2001-05-10 17:10:49.000000000 +0100 |
1360 |
+++ skey-1.1.5/rmd160.c 1970-01-01 01:00:00.000000000 +0100 |
1361 |
@@ -1,428 +0,0 @@ |
1362 |
-/********************************************************************\ |
1363 |
- * |
1364 |
- * FILE: rmd160.c |
1365 |
- * |
1366 |
- * CONTENTS: A sample C-implementation of the RIPEMD-160 |
1367 |
- * hash-function. |
1368 |
- * TARGET: any computer with an ANSI C compiler |
1369 |
- * |
1370 |
- * AUTHOR: Antoon Bosselaers, ESAT-COSIC |
1371 |
- * (Arranged for libc by Todd C. Miller) |
1372 |
- * DATE: 1 March 1996 |
1373 |
- * VERSION: 1.0 |
1374 |
- * |
1375 |
- * Copyright (c) Katholieke Universiteit Leuven |
1376 |
- * 1996, All Rights Reserved |
1377 |
- * |
1378 |
-\********************************************************************/ |
1379 |
-#ifndef HAVE_RMD160_H |
1380 |
- |
1381 |
-/* header files */ |
1382 |
-#include <stdio.h> |
1383 |
-#include <stdlib.h> |
1384 |
-#include <string.h> |
1385 |
-#include <sys/types.h> |
1386 |
-#include "config.h" |
1387 |
-#include "rmd160.h" |
1388 |
- |
1389 |
-/********************************************************************/ |
1390 |
- |
1391 |
-/* macro definitions */ |
1392 |
- |
1393 |
-/* collect four bytes into one word: */ |
1394 |
-#define BYTES_TO_DWORD(strptr) \ |
1395 |
- (((u_int32_t) *((strptr)+3) << 24) | \ |
1396 |
- ((u_int32_t) *((strptr)+2) << 16) | \ |
1397 |
- ((u_int32_t) *((strptr)+1) << 8) | \ |
1398 |
- ((u_int32_t) *(strptr))) |
1399 |
- |
1400 |
-/* ROL(x, n) cyclically rotates x over n bits to the left */ |
1401 |
-/* x must be of an unsigned 32 bits type and 0 <= n < 32. */ |
1402 |
-#define ROL(x, n) (((x) << (n)) | ((x) >> (32-(n)))) |
1403 |
- |
1404 |
-/* the three basic functions F(), G() and H() */ |
1405 |
-#define F(x, y, z) ((x) ^ (y) ^ (z)) |
1406 |
-#define G(x, y, z) (((x) & (y)) | (~(x) & (z))) |
1407 |
-#define H(x, y, z) (((x) | ~(y)) ^ (z)) |
1408 |
-#define I(x, y, z) (((x) & (z)) | ((y) & ~(z))) |
1409 |
-#define J(x, y, z) ((x) ^ ((y) | ~(z))) |
1410 |
- |
1411 |
-/* the eight basic operations FF() through III() */ |
1412 |
-#define FF(a, b, c, d, e, x, s) { \ |
1413 |
- (a) += F((b), (c), (d)) + (x); \ |
1414 |
- (a) = ROL((a), (s)) + (e); \ |
1415 |
- (c) = ROL((c), 10); \ |
1416 |
-} |
1417 |
-#define GG(a, b, c, d, e, x, s) { \ |
1418 |
- (a) += G((b), (c), (d)) + (x) + 0x5a827999U; \ |
1419 |
- (a) = ROL((a), (s)) + (e); \ |
1420 |
- (c) = ROL((c), 10); \ |
1421 |
-} |
1422 |
-#define HH(a, b, c, d, e, x, s) { \ |
1423 |
- (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1U; \ |
1424 |
- (a) = ROL((a), (s)) + (e); \ |
1425 |
- (c) = ROL((c), 10); \ |
1426 |
-} |
1427 |
-#define II(a, b, c, d, e, x, s) { \ |
1428 |
- (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcU; \ |
1429 |
- (a) = ROL((a), (s)) + (e); \ |
1430 |
- (c) = ROL((c), 10); \ |
1431 |
-} |
1432 |
-#define JJ(a, b, c, d, e, x, s) { \ |
1433 |
- (a) += J((b), (c), (d)) + (x) + 0xa953fd4eU; \ |
1434 |
- (a) = ROL((a), (s)) + (e); \ |
1435 |
- (c) = ROL((c), 10); \ |
1436 |
-} |
1437 |
-#define FFF(a, b, c, d, e, x, s) { \ |
1438 |
- (a) += F((b), (c), (d)) + (x); \ |
1439 |
- (a) = ROL((a), (s)) + (e); \ |
1440 |
- (c) = ROL((c), 10); \ |
1441 |
-} |
1442 |
-#define GGG(a, b, c, d, e, x, s) { \ |
1443 |
- (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9U; \ |
1444 |
- (a) = ROL((a), (s)) + (e); \ |
1445 |
- (c) = ROL((c), 10); \ |
1446 |
-} |
1447 |
-#define HHH(a, b, c, d, e, x, s) { \ |
1448 |
- (a) += H((b), (c), (d)) + (x) + 0x6d703ef3U; \ |
1449 |
- (a) = ROL((a), (s)) + (e); \ |
1450 |
- (c) = ROL((c), 10); \ |
1451 |
-} |
1452 |
-#define III(a, b, c, d, e, x, s) { \ |
1453 |
- (a) += I((b), (c), (d)) + (x) + 0x5c4dd124U; \ |
1454 |
- (a) = ROL((a), (s)) + (e); \ |
1455 |
- (c) = ROL((c), 10); \ |
1456 |
-} |
1457 |
-#define JJJ(a, b, c, d, e, x, s) { \ |
1458 |
- (a) += J((b), (c), (d)) + (x) + 0x50a28be6U; \ |
1459 |
- (a) = ROL((a), (s)) + (e); \ |
1460 |
- (c) = ROL((c), 10); \ |
1461 |
-} |
1462 |
- |
1463 |
-/********************************************************************/ |
1464 |
- |
1465 |
-void |
1466 |
-RMD160Init(context) |
1467 |
- RMD160_CTX *context; |
1468 |
-{ |
1469 |
- |
1470 |
- /* ripemd-160 initialization constants */ |
1471 |
- context->state[0] = 0x67452301U; |
1472 |
- context->state[1] = 0xefcdab89U; |
1473 |
- context->state[2] = 0x98badcfeU; |
1474 |
- context->state[3] = 0x10325476U; |
1475 |
- context->state[4] = 0xc3d2e1f0U; |
1476 |
- context->length[0] = context->length[1] = 0; |
1477 |
- context->buflen = 0; |
1478 |
-} |
1479 |
- |
1480 |
-/********************************************************************/ |
1481 |
- |
1482 |
-void |
1483 |
-RMD160Transform(state, block) |
1484 |
- u_int32_t state[5]; |
1485 |
- const u_int32_t block[16]; |
1486 |
-{ |
1487 |
- u_int32_t aa = state[0], bb = state[1], cc = state[2], |
1488 |
- dd = state[3], ee = state[4]; |
1489 |
- u_int32_t aaa = state[0], bbb = state[1], ccc = state[2], |
1490 |
- ddd = state[3], eee = state[4]; |
1491 |
- |
1492 |
- /* round 1 */ |
1493 |
- FF(aa, bb, cc, dd, ee, block[ 0], 11); |
1494 |
- FF(ee, aa, bb, cc, dd, block[ 1], 14); |
1495 |
- FF(dd, ee, aa, bb, cc, block[ 2], 15); |
1496 |
- FF(cc, dd, ee, aa, bb, block[ 3], 12); |
1497 |
- FF(bb, cc, dd, ee, aa, block[ 4], 5); |
1498 |
- FF(aa, bb, cc, dd, ee, block[ 5], 8); |
1499 |
- FF(ee, aa, bb, cc, dd, block[ 6], 7); |
1500 |
- FF(dd, ee, aa, bb, cc, block[ 7], 9); |
1501 |
- FF(cc, dd, ee, aa, bb, block[ 8], 11); |
1502 |
- FF(bb, cc, dd, ee, aa, block[ 9], 13); |
1503 |
- FF(aa, bb, cc, dd, ee, block[10], 14); |
1504 |
- FF(ee, aa, bb, cc, dd, block[11], 15); |
1505 |
- FF(dd, ee, aa, bb, cc, block[12], 6); |
1506 |
- FF(cc, dd, ee, aa, bb, block[13], 7); |
1507 |
- FF(bb, cc, dd, ee, aa, block[14], 9); |
1508 |
- FF(aa, bb, cc, dd, ee, block[15], 8); |
1509 |
- |
1510 |
- /* round 2 */ |
1511 |
- GG(ee, aa, bb, cc, dd, block[ 7], 7); |
1512 |
- GG(dd, ee, aa, bb, cc, block[ 4], 6); |
1513 |
- GG(cc, dd, ee, aa, bb, block[13], 8); |
1514 |
- GG(bb, cc, dd, ee, aa, block[ 1], 13); |
1515 |
- GG(aa, bb, cc, dd, ee, block[10], 11); |
1516 |
- GG(ee, aa, bb, cc, dd, block[ 6], 9); |
1517 |
- GG(dd, ee, aa, bb, cc, block[15], 7); |
1518 |
- GG(cc, dd, ee, aa, bb, block[ 3], 15); |
1519 |
- GG(bb, cc, dd, ee, aa, block[12], 7); |
1520 |
- GG(aa, bb, cc, dd, ee, block[ 0], 12); |
1521 |
- GG(ee, aa, bb, cc, dd, block[ 9], 15); |
1522 |
- GG(dd, ee, aa, bb, cc, block[ 5], 9); |
1523 |
- GG(cc, dd, ee, aa, bb, block[ 2], 11); |
1524 |
- GG(bb, cc, dd, ee, aa, block[14], 7); |
1525 |
- GG(aa, bb, cc, dd, ee, block[11], 13); |
1526 |
- GG(ee, aa, bb, cc, dd, block[ 8], 12); |
1527 |
- |
1528 |
- /* round 3 */ |
1529 |
- HH(dd, ee, aa, bb, cc, block[ 3], 11); |
1530 |
- HH(cc, dd, ee, aa, bb, block[10], 13); |
1531 |
- HH(bb, cc, dd, ee, aa, block[14], 6); |
1532 |
- HH(aa, bb, cc, dd, ee, block[ 4], 7); |
1533 |
- HH(ee, aa, bb, cc, dd, block[ 9], 14); |
1534 |
- HH(dd, ee, aa, bb, cc, block[15], 9); |
1535 |
- HH(cc, dd, ee, aa, bb, block[ 8], 13); |
1536 |
- HH(bb, cc, dd, ee, aa, block[ 1], 15); |
1537 |
- HH(aa, bb, cc, dd, ee, block[ 2], 14); |
1538 |
- HH(ee, aa, bb, cc, dd, block[ 7], 8); |
1539 |
- HH(dd, ee, aa, bb, cc, block[ 0], 13); |
1540 |
- HH(cc, dd, ee, aa, bb, block[ 6], 6); |
1541 |
- HH(bb, cc, dd, ee, aa, block[13], 5); |
1542 |
- HH(aa, bb, cc, dd, ee, block[11], 12); |
1543 |
- HH(ee, aa, bb, cc, dd, block[ 5], 7); |
1544 |
- HH(dd, ee, aa, bb, cc, block[12], 5); |
1545 |
- |
1546 |
- /* round 4 */ |
1547 |
- II(cc, dd, ee, aa, bb, block[ 1], 11); |
1548 |
- II(bb, cc, dd, ee, aa, block[ 9], 12); |
1549 |
- II(aa, bb, cc, dd, ee, block[11], 14); |
1550 |
- II(ee, aa, bb, cc, dd, block[10], 15); |
1551 |
- II(dd, ee, aa, bb, cc, block[ 0], 14); |
1552 |
- II(cc, dd, ee, aa, bb, block[ 8], 15); |
1553 |
- II(bb, cc, dd, ee, aa, block[12], 9); |
1554 |
- II(aa, bb, cc, dd, ee, block[ 4], 8); |
1555 |
- II(ee, aa, bb, cc, dd, block[13], 9); |
1556 |
- II(dd, ee, aa, bb, cc, block[ 3], 14); |
1557 |
- II(cc, dd, ee, aa, bb, block[ 7], 5); |
1558 |
- II(bb, cc, dd, ee, aa, block[15], 6); |
1559 |
- II(aa, bb, cc, dd, ee, block[14], 8); |
1560 |
- II(ee, aa, bb, cc, dd, block[ 5], 6); |
1561 |
- II(dd, ee, aa, bb, cc, block[ 6], 5); |
1562 |
- II(cc, dd, ee, aa, bb, block[ 2], 12); |
1563 |
- |
1564 |
- /* round 5 */ |
1565 |
- JJ(bb, cc, dd, ee, aa, block[ 4], 9); |
1566 |
- JJ(aa, bb, cc, dd, ee, block[ 0], 15); |
1567 |
- JJ(ee, aa, bb, cc, dd, block[ 5], 5); |
1568 |
- JJ(dd, ee, aa, bb, cc, block[ 9], 11); |
1569 |
- JJ(cc, dd, ee, aa, bb, block[ 7], 6); |
1570 |
- JJ(bb, cc, dd, ee, aa, block[12], 8); |
1571 |
- JJ(aa, bb, cc, dd, ee, block[ 2], 13); |
1572 |
- JJ(ee, aa, bb, cc, dd, block[10], 12); |
1573 |
- JJ(dd, ee, aa, bb, cc, block[14], 5); |
1574 |
- JJ(cc, dd, ee, aa, bb, block[ 1], 12); |
1575 |
- JJ(bb, cc, dd, ee, aa, block[ 3], 13); |
1576 |
- JJ(aa, bb, cc, dd, ee, block[ 8], 14); |
1577 |
- JJ(ee, aa, bb, cc, dd, block[11], 11); |
1578 |
- JJ(dd, ee, aa, bb, cc, block[ 6], 8); |
1579 |
- JJ(cc, dd, ee, aa, bb, block[15], 5); |
1580 |
- JJ(bb, cc, dd, ee, aa, block[13], 6); |
1581 |
- |
1582 |
- /* parallel round 1 */ |
1583 |
- JJJ(aaa, bbb, ccc, ddd, eee, block[ 5], 8); |
1584 |
- JJJ(eee, aaa, bbb, ccc, ddd, block[14], 9); |
1585 |
- JJJ(ddd, eee, aaa, bbb, ccc, block[ 7], 9); |
1586 |
- JJJ(ccc, ddd, eee, aaa, bbb, block[ 0], 11); |
1587 |
- JJJ(bbb, ccc, ddd, eee, aaa, block[ 9], 13); |
1588 |
- JJJ(aaa, bbb, ccc, ddd, eee, block[ 2], 15); |
1589 |
- JJJ(eee, aaa, bbb, ccc, ddd, block[11], 15); |
1590 |
- JJJ(ddd, eee, aaa, bbb, ccc, block[ 4], 5); |
1591 |
- JJJ(ccc, ddd, eee, aaa, bbb, block[13], 7); |
1592 |
- JJJ(bbb, ccc, ddd, eee, aaa, block[ 6], 7); |
1593 |
- JJJ(aaa, bbb, ccc, ddd, eee, block[15], 8); |
1594 |
- JJJ(eee, aaa, bbb, ccc, ddd, block[ 8], 11); |
1595 |
- JJJ(ddd, eee, aaa, bbb, ccc, block[ 1], 14); |
1596 |
- JJJ(ccc, ddd, eee, aaa, bbb, block[10], 14); |
1597 |
- JJJ(bbb, ccc, ddd, eee, aaa, block[ 3], 12); |
1598 |
- JJJ(aaa, bbb, ccc, ddd, eee, block[12], 6); |
1599 |
- |
1600 |
- /* parallel round 2 */ |
1601 |
- III(eee, aaa, bbb, ccc, ddd, block[ 6], 9); |
1602 |
- III(ddd, eee, aaa, bbb, ccc, block[11], 13); |
1603 |
- III(ccc, ddd, eee, aaa, bbb, block[ 3], 15); |
1604 |
- III(bbb, ccc, ddd, eee, aaa, block[ 7], 7); |
1605 |
- III(aaa, bbb, ccc, ddd, eee, block[ 0], 12); |
1606 |
- III(eee, aaa, bbb, ccc, ddd, block[13], 8); |
1607 |
- III(ddd, eee, aaa, bbb, ccc, block[ 5], 9); |
1608 |
- III(ccc, ddd, eee, aaa, bbb, block[10], 11); |
1609 |
- III(bbb, ccc, ddd, eee, aaa, block[14], 7); |
1610 |
- III(aaa, bbb, ccc, ddd, eee, block[15], 7); |
1611 |
- III(eee, aaa, bbb, ccc, ddd, block[ 8], 12); |
1612 |
- III(ddd, eee, aaa, bbb, ccc, block[12], 7); |
1613 |
- III(ccc, ddd, eee, aaa, bbb, block[ 4], 6); |
1614 |
- III(bbb, ccc, ddd, eee, aaa, block[ 9], 15); |
1615 |
- III(aaa, bbb, ccc, ddd, eee, block[ 1], 13); |
1616 |
- III(eee, aaa, bbb, ccc, ddd, block[ 2], 11); |
1617 |
- |
1618 |
- /* parallel round 3 */ |
1619 |
- HHH(ddd, eee, aaa, bbb, ccc, block[15], 9); |
1620 |
- HHH(ccc, ddd, eee, aaa, bbb, block[ 5], 7); |
1621 |
- HHH(bbb, ccc, ddd, eee, aaa, block[ 1], 15); |
1622 |
- HHH(aaa, bbb, ccc, ddd, eee, block[ 3], 11); |
1623 |
- HHH(eee, aaa, bbb, ccc, ddd, block[ 7], 8); |
1624 |
- HHH(ddd, eee, aaa, bbb, ccc, block[14], 6); |
1625 |
- HHH(ccc, ddd, eee, aaa, bbb, block[ 6], 6); |
1626 |
- HHH(bbb, ccc, ddd, eee, aaa, block[ 9], 14); |
1627 |
- HHH(aaa, bbb, ccc, ddd, eee, block[11], 12); |
1628 |
- HHH(eee, aaa, bbb, ccc, ddd, block[ 8], 13); |
1629 |
- HHH(ddd, eee, aaa, bbb, ccc, block[12], 5); |
1630 |
- HHH(ccc, ddd, eee, aaa, bbb, block[ 2], 14); |
1631 |
- HHH(bbb, ccc, ddd, eee, aaa, block[10], 13); |
1632 |
- HHH(aaa, bbb, ccc, ddd, eee, block[ 0], 13); |
1633 |
- HHH(eee, aaa, bbb, ccc, ddd, block[ 4], 7); |
1634 |
- HHH(ddd, eee, aaa, bbb, ccc, block[13], 5); |
1635 |
- |
1636 |
- /* parallel round 4 */ |
1637 |
- GGG(ccc, ddd, eee, aaa, bbb, block[ 8], 15); |
1638 |
- GGG(bbb, ccc, ddd, eee, aaa, block[ 6], 5); |
1639 |
- GGG(aaa, bbb, ccc, ddd, eee, block[ 4], 8); |
1640 |
- GGG(eee, aaa, bbb, ccc, ddd, block[ 1], 11); |
1641 |
- GGG(ddd, eee, aaa, bbb, ccc, block[ 3], 14); |
1642 |
- GGG(ccc, ddd, eee, aaa, bbb, block[11], 14); |
1643 |
- GGG(bbb, ccc, ddd, eee, aaa, block[15], 6); |
1644 |
- GGG(aaa, bbb, ccc, ddd, eee, block[ 0], 14); |
1645 |
- GGG(eee, aaa, bbb, ccc, ddd, block[ 5], 6); |
1646 |
- GGG(ddd, eee, aaa, bbb, ccc, block[12], 9); |
1647 |
- GGG(ccc, ddd, eee, aaa, bbb, block[ 2], 12); |
1648 |
- GGG(bbb, ccc, ddd, eee, aaa, block[13], 9); |
1649 |
- GGG(aaa, bbb, ccc, ddd, eee, block[ 9], 12); |
1650 |
- GGG(eee, aaa, bbb, ccc, ddd, block[ 7], 5); |
1651 |
- GGG(ddd, eee, aaa, bbb, ccc, block[10], 15); |
1652 |
- GGG(ccc, ddd, eee, aaa, bbb, block[14], 8); |
1653 |
- |
1654 |
- /* parallel round 5 */ |
1655 |
- FFF(bbb, ccc, ddd, eee, aaa, block[12] , 8); |
1656 |
- FFF(aaa, bbb, ccc, ddd, eee, block[15] , 5); |
1657 |
- FFF(eee, aaa, bbb, ccc, ddd, block[10] , 12); |
1658 |
- FFF(ddd, eee, aaa, bbb, ccc, block[ 4] , 9); |
1659 |
- FFF(ccc, ddd, eee, aaa, bbb, block[ 1] , 12); |
1660 |
- FFF(bbb, ccc, ddd, eee, aaa, block[ 5] , 5); |
1661 |
- FFF(aaa, bbb, ccc, ddd, eee, block[ 8] , 14); |
1662 |
- FFF(eee, aaa, bbb, ccc, ddd, block[ 7] , 6); |
1663 |
- FFF(ddd, eee, aaa, bbb, ccc, block[ 6] , 8); |
1664 |
- FFF(ccc, ddd, eee, aaa, bbb, block[ 2] , 13); |
1665 |
- FFF(bbb, ccc, ddd, eee, aaa, block[13] , 6); |
1666 |
- FFF(aaa, bbb, ccc, ddd, eee, block[14] , 5); |
1667 |
- FFF(eee, aaa, bbb, ccc, ddd, block[ 0] , 15); |
1668 |
- FFF(ddd, eee, aaa, bbb, ccc, block[ 3] , 13); |
1669 |
- FFF(ccc, ddd, eee, aaa, bbb, block[ 9] , 11); |
1670 |
- FFF(bbb, ccc, ddd, eee, aaa, block[11] , 11); |
1671 |
- |
1672 |
- /* combine results */ |
1673 |
- ddd += cc + state[1]; /* final result for state[0] */ |
1674 |
- state[1] = state[2] + dd + eee; |
1675 |
- state[2] = state[3] + ee + aaa; |
1676 |
- state[3] = state[4] + aa + bbb; |
1677 |
- state[4] = state[0] + bb + ccc; |
1678 |
- state[0] = ddd; |
1679 |
-} |
1680 |
- |
1681 |
-/********************************************************************/ |
1682 |
- |
1683 |
-void |
1684 |
-RMD160Update(context, data, nbytes) |
1685 |
- RMD160_CTX *context; |
1686 |
- const u_char *data; |
1687 |
- u_int32_t nbytes; |
1688 |
-{ |
1689 |
- u_int32_t X[16]; |
1690 |
- u_int32_t ofs = 0; |
1691 |
- u_int32_t i; |
1692 |
-#ifdef WORDS_BIGENDIAN |
1693 |
- u_int32_t j; |
1694 |
-#endif |
1695 |
- |
1696 |
- /* update length[] */ |
1697 |
- if (context->length[0] + nbytes < context->length[0]) |
1698 |
- context->length[1]++; /* overflow to msb of length */ |
1699 |
- context->length[0] += nbytes; |
1700 |
- |
1701 |
- (void)memset(X, 0, sizeof(X)); |
1702 |
- |
1703 |
- if ( context->buflen + nbytes < 64 ) |
1704 |
- { |
1705 |
- (void)memcpy(context->bbuffer + context->buflen, data, nbytes); |
1706 |
- context->buflen += nbytes; |
1707 |
- } |
1708 |
- else |
1709 |
- { |
1710 |
- /* process first block */ |
1711 |
- ofs = 64 - context->buflen; |
1712 |
- (void)memcpy(context->bbuffer + context->buflen, data, ofs); |
1713 |
-#ifndef WORDS_BIGENDIAN |
1714 |
- (void)memcpy(X, context->bbuffer, sizeof(X)); |
1715 |
-#else |
1716 |
- for (j=0; j < 16; j++) |
1717 |
- X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j)); |
1718 |
-#endif |
1719 |
- RMD160Transform(context->state, X); |
1720 |
- nbytes -= ofs; |
1721 |
- |
1722 |
- /* process remaining complete blocks */ |
1723 |
- for (i = 0; i < (nbytes >> 6); i++) { |
1724 |
-#ifndef WORDS_BIGENDIAN |
1725 |
- (void)memcpy(X, data + (64 * i) + ofs, sizeof(X)); |
1726 |
-#else |
1727 |
- for (j=0; j < 16; j++) |
1728 |
- X[j] = BYTES_TO_DWORD(data + (64 * i) + (4 * j) + ofs); |
1729 |
-#endif |
1730 |
- RMD160Transform(context->state, X); |
1731 |
- } |
1732 |
- |
1733 |
- /* |
1734 |
- * Put last bytes from data into context's buffer |
1735 |
- */ |
1736 |
- context->buflen = nbytes & 63; |
1737 |
- memcpy(context->bbuffer, data + (64 * i) + ofs, context->buflen); |
1738 |
- } |
1739 |
-} |
1740 |
- |
1741 |
-/********************************************************************/ |
1742 |
- |
1743 |
-void |
1744 |
-RMD160Final(digest, context) |
1745 |
- u_char digest[20]; |
1746 |
- RMD160_CTX *context; |
1747 |
-{ |
1748 |
- u_int32_t i; |
1749 |
- u_int32_t X[16]; |
1750 |
-#ifdef WORDS_BIGENDIAN |
1751 |
- u_int32_t j; |
1752 |
-#endif |
1753 |
- |
1754 |
- /* append the bit m_n == 1 */ |
1755 |
- context->bbuffer[context->buflen] = '\200'; |
1756 |
- |
1757 |
- (void)memset(context->bbuffer + context->buflen + 1, 0, |
1758 |
- 63 - context->buflen); |
1759 |
-#ifndef WORDS_BIGENDIAN |
1760 |
- (void)memcpy(X, context->bbuffer, sizeof(X)); |
1761 |
-#else |
1762 |
- for (j=0; j < 16; j++) |
1763 |
- X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j)); |
1764 |
-#endif |
1765 |
- if ((context->buflen) > 55) { |
1766 |
- /* length goes to next block */ |
1767 |
- RMD160Transform(context->state, X); |
1768 |
- (void)memset(X, 0, sizeof(X)); |
1769 |
- } |
1770 |
- |
1771 |
- /* append length in bits */ |
1772 |
- X[14] = context->length[0] << 3; |
1773 |
- X[15] = (context->length[0] >> 29) | |
1774 |
- (context->length[1] << 3); |
1775 |
- RMD160Transform(context->state, X); |
1776 |
- |
1777 |
- if (digest != NULL) { |
1778 |
- for (i = 0; i < 20; i += 4) { |
1779 |
- /* extracts the 8 least significant bits. */ |
1780 |
- digest[i] = context->state[i>>2]; |
1781 |
- digest[i + 1] = (context->state[i>>2] >> 8); |
1782 |
- digest[i + 2] = (context->state[i>>2] >> 16); |
1783 |
- digest[i + 3] = (context->state[i>>2] >> 24); |
1784 |
- } |
1785 |
- } |
1786 |
-} |
1787 |
- |
1788 |
-/************************ end of file rmd160.c **********************/ |
1789 |
-#endif |
1790 |
--- skey-1.1.5.orig/rmd160.h 2001-05-10 17:10:49.000000000 +0100 |
1791 |
+++ skey-1.1.5/rmd160.h 1970-01-01 01:00:00.000000000 +0100 |
1792 |
@@ -1,48 +0,0 @@ |
1793 |
-/* $OpenBSD: rmd160.h,v 1.4 1999/08/16 09:59:04 millert Exp $ */ |
1794 |
- |
1795 |
-/********************************************************************\ |
1796 |
- * |
1797 |
- * FILE: rmd160.h |
1798 |
- * |
1799 |
- * CONTENTS: Header file for a sample C-implementation of the |
1800 |
- * RIPEMD-160 hash-function. |
1801 |
- * TARGET: any computer with an ANSI C compiler |
1802 |
- * |
1803 |
- * AUTHOR: Antoon Bosselaers, ESAT-COSIC |
1804 |
- * DATE: 1 March 1996 |
1805 |
- * VERSION: 1.0 |
1806 |
- * |
1807 |
- * Copyright (c) Katholieke Universiteit Leuven |
1808 |
- * 1996, All Rights Reserved |
1809 |
- * |
1810 |
-\********************************************************************/ |
1811 |
- |
1812 |
-#ifndef _RMD160_H /* make sure this file is read only once */ |
1813 |
-#define _RMD160_H |
1814 |
- |
1815 |
-/********************************************************************/ |
1816 |
- |
1817 |
-/* structure definitions */ |
1818 |
- |
1819 |
-typedef struct { |
1820 |
- u_int32_t state[5]; /* state (ABCDE) */ |
1821 |
- u_int32_t length[2]; /* number of bits */ |
1822 |
- u_char bbuffer[64]; /* overflow buffer */ |
1823 |
- u_int32_t buflen; /* number of chars in bbuffer */ |
1824 |
-} RMD160_CTX; |
1825 |
- |
1826 |
-/********************************************************************/ |
1827 |
- |
1828 |
-/* function prototypes */ |
1829 |
- |
1830 |
-void RMD160Init __P((RMD160_CTX *context)); |
1831 |
-void RMD160Transform __P((u_int32_t state[5], const u_int32_t block[16])); |
1832 |
-void RMD160Update __P((RMD160_CTX *context, const u_char *data, u_int32_t nbytes)); |
1833 |
-void RMD160Final __P((u_char digest[20], RMD160_CTX *context)); |
1834 |
-char *RMD160End __P((RMD160_CTX *, char *)); |
1835 |
-char *RMD160File __P((char *, char *)); |
1836 |
-char *RMD160Data __P((const u_char *, size_t, char *)); |
1837 |
- |
1838 |
-#endif /* _RMD160_H */ |
1839 |
- |
1840 |
-/*********************** end of file rmd160.h ***********************/ |
1841 |
--- skey-1.1.5.orig/rmd160hl.c 2001-05-10 17:10:49.000000000 +0100 |
1842 |
+++ skey-1.1.5/rmd160hl.c 1970-01-01 01:00:00.000000000 +0100 |
1843 |
@@ -1,85 +0,0 @@ |
1844 |
-/* rmd160hl.c |
1845 |
- * ---------------------------------------------------------------------------- |
1846 |
- * "THE BEER-WARE LICENSE" (Revision 42): |
1847 |
- * <phk@×××××××××××.dk> wrote this file. As long as you retain this notice you |
1848 |
- * can do whatever you want with this stuff. If we meet some day, and you think |
1849 |
- * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp |
1850 |
- * ---------------------------------------------------------------------------- |
1851 |
- */ |
1852 |
- |
1853 |
-#if defined(LIBC_SCCS) && !defined(lint) |
1854 |
-static char rcsid[] = "$OpenBSD: rmd160hl.c,v 1.2 1999/08/17 09:13:12 millert Exp $"; |
1855 |
-#endif /* LIBC_SCCS and not lint */ |
1856 |
- |
1857 |
-#include <stdlib.h> |
1858 |
-#include <stdio.h> |
1859 |
-#include <errno.h> |
1860 |
-#include <fcntl.h> |
1861 |
-#include <sys/types.h> |
1862 |
-#include <sys/uio.h> |
1863 |
-#include <unistd.h> |
1864 |
-#include "config.h" |
1865 |
-#ifdef HAVE_RMD160_H |
1866 |
-#include <rmd160.h> |
1867 |
-#else |
1868 |
-#include "rmd160.h" |
1869 |
-#endif |
1870 |
- |
1871 |
-/* ARGSUSED */ |
1872 |
-char * |
1873 |
-RMD160End(ctx, buf) |
1874 |
- RMD160_CTX *ctx; |
1875 |
- char *buf; |
1876 |
-{ |
1877 |
- int i; |
1878 |
- char *p = buf; |
1879 |
- u_char digest[20]; |
1880 |
- static const char hex[]="0123456789abcdef"; |
1881 |
- |
1882 |
- if (p == NULL && (p = malloc(41)) == NULL) |
1883 |
- return 0; |
1884 |
- |
1885 |
- RMD160Final(digest,ctx); |
1886 |
- for (i = 0; i < 20; i++) { |
1887 |
- p[i + i] = hex[digest[i] >> 4]; |
1888 |
- p[i + i + 1] = hex[digest[i] & 0x0f]; |
1889 |
- } |
1890 |
- p[i + i] = '\0'; |
1891 |
- return(p); |
1892 |
-} |
1893 |
- |
1894 |
-char * |
1895 |
-RMD160File (filename, buf) |
1896 |
- char *filename; |
1897 |
- char *buf; |
1898 |
-{ |
1899 |
- u_char buffer[BUFSIZ]; |
1900 |
- RMD160_CTX ctx; |
1901 |
- int fd, num, oerrno; |
1902 |
- |
1903 |
- RMD160Init(&ctx); |
1904 |
- |
1905 |
- if ((fd = open(filename, O_RDONLY)) < 0) |
1906 |
- return(0); |
1907 |
- |
1908 |
- while ((num = read(fd, buffer, sizeof(buffer))) > 0) |
1909 |
- RMD160Update(&ctx, buffer, num); |
1910 |
- |
1911 |
- oerrno = errno; |
1912 |
- close(fd); |
1913 |
- errno = oerrno; |
1914 |
- return(num < 0 ? 0 : RMD160End(&ctx, buf)); |
1915 |
-} |
1916 |
- |
1917 |
-char * |
1918 |
-RMD160Data (data, len, buf) |
1919 |
- const u_char *data; |
1920 |
- size_t len; |
1921 |
- char *buf; |
1922 |
-{ |
1923 |
- RMD160_CTX ctx; |
1924 |
- |
1925 |
- RMD160Init(&ctx); |
1926 |
- RMD160Update(&ctx, data, len); |
1927 |
- return(RMD160End(&ctx, buf)); |
1928 |
-} |
1929 |
--- skey-1.1.5.orig/skey.1 2001-05-10 17:10:49.000000000 +0100 |
1930 |
+++ skey-1.1.5/skey.1 2003-11-06 17:46:45.000000000 +0000 |
1931 |
@@ -1,95 +1,165 @@ |
1932 |
-.\" $OpenBSD: skey.1,v 1.21 2000/11/09 17:52:38 aaron Exp $ |
1933 |
-.\" @(#)skey.1 1.1 10/28/93 |
1934 |
+.\" $NetBSD: skey.1,v 1.21 2003/09/07 16:22:24 wiz Exp $ |
1935 |
.\" |
1936 |
-.Dd October 28, 1993 |
1937 |
+.\" from: @(#)skey.1 1.1 10/28/93 |
1938 |
+.\" |
1939 |
+.Dd July 25, 2001 |
1940 |
.Dt SKEY 1 |
1941 |
.Os |
1942 |
.Sh NAME |
1943 |
-.Nm skey, otp-md4, otp-md5, otp-sha1, otp-rmd160 |
1944 |
+.Nm skey |
1945 |
.Nd respond to an OTP challenge |
1946 |
.Sh SYNOPSIS |
1947 |
-.Nm skey |
1948 |
-.Op Fl x |
1949 |
-.Oo |
1950 |
-.Fl md4 | Fl md5 | Fl sha1 | |
1951 |
-.Fl rmd160 |
1952 |
-.Oc |
1953 |
+.Nm |
1954 |
.Op Fl n Ar count |
1955 |
-.Op Fl p Ar passwd |
1956 |
-<sequence#>[/] key |
1957 |
+.Op Fl p Ar password |
1958 |
+.Op Fl t Ar hash |
1959 |
+.Op Fl x |
1960 |
+.Ar sequence# |
1961 |
+.Op / |
1962 |
+.Ar key |
1963 |
.Sh DESCRIPTION |
1964 |
-.Nm S/key |
1965 |
-is a procedure for using one-time passwords to authenticate access to |
1966 |
-computer systems. |
1967 |
-It uses 64 bits of information transformed by the |
1968 |
-MD4, MD5, SHA1, or RIPEMD-160 algorithms. |
1969 |
-The user supplies the 64 bits |
1970 |
-in the form of 6 English words that are generated by a secure computer. |
1971 |
-This implementation of |
1972 |
-.Nm s/key |
1973 |
-is RFC 1938 compliant. |
1974 |
+.Em S/Key |
1975 |
+is a One Time Password (OTP) authentication system. |
1976 |
+It is intended to be used when the communication channel between |
1977 |
+a user and host is not secure (e.g. not encrypted or hardwired). |
1978 |
+Since each password is used only once, even if it is "seen" by a |
1979 |
+hostile third party, it cannot be used again to gain access to the host. |
1980 |
.Pp |
1981 |
-When |
1982 |
-.Nm skey |
1983 |
-is invoked as |
1984 |
-.Nm otp-method , |
1985 |
-.Nm skey |
1986 |
-will use |
1987 |
-.Ar method |
1988 |
-as the hash function where |
1989 |
-.Ar method |
1990 |
-is currently one of md4, md5, sha1, or rmd160. |
1991 |
+.Em S/Key |
1992 |
+uses 64 bits of information, transformed by the |
1993 |
+.Tn MD4 |
1994 |
+algorithm into 6 English words. |
1995 |
+The user supplies the words to authenticate himself to programs like |
1996 |
+.Xr login 1 |
1997 |
+or |
1998 |
+.Xr ftpd 8 . |
1999 |
+.Pp |
2000 |
+Example use of the |
2001 |
+.Em S/Key |
2002 |
+program |
2003 |
+.Nm : |
2004 |
+.Bd -literal -offset indent |
2005 |
+% skey 99 th91334 |
2006 |
+Enter password: \*[Lt]your secret password is entered here\*[Gt] |
2007 |
+OMEN US HORN OMIT BACK AHOY |
2008 |
+% |
2009 |
+.Ed |
2010 |
+.Pp |
2011 |
+The string that is given back by |
2012 |
+.Nm |
2013 |
+can then be used to log into a system. |
2014 |
+.Pp |
2015 |
+The programs that are part of the |
2016 |
+.Em S/Key |
2017 |
+system are: |
2018 |
+.Bl -tag -width skeyauditxxx |
2019 |
+.It Xr skeyinit 1 |
2020 |
+used to set up your |
2021 |
+.Em S/Key . |
2022 |
+.It Nm |
2023 |
+used to get the one time password(s). |
2024 |
+.It Xr skeyinfo 1 |
2025 |
+used to initialize the |
2026 |
+.Em S/Key |
2027 |
+database for the specified user. |
2028 |
+It also tells the user what the next challenge will be. |
2029 |
+.It Xr skeyaudit 1 |
2030 |
+used to inform users that they will soon have to rerun |
2031 |
+.Xr skeyinit 1 . |
2032 |
+.El |
2033 |
.Pp |
2034 |
-If you misspell your password while running |
2035 |
-.Nm skey , |
2036 |
+When you run |
2037 |
+.Xr skeyinit 1 |
2038 |
+you inform the system of your |
2039 |
+secret password. |
2040 |
+Running |
2041 |
+.Nm |
2042 |
+then generates the |
2043 |
+one-time password(s), after requiring your secret password. |
2044 |
+If however, you misspell your secret password that you have given to |
2045 |
+.Xr skeyinit 1 |
2046 |
+while running |
2047 |
+.Xr skey 1 |
2048 |
you will get a list of passwords |
2049 |
-that will not work, and no indication of the problem. |
2050 |
+that will not work, and no indication about the problem. |
2051 |
.Pp |
2052 |
-Password sequence numbers count backwards. |
2053 |
+Password sequence numbers count backward from 99. |
2054 |
You can enter the passwords using small letters, even though |
2055 |
-.Nm skey |
2056 |
+.Xr skey 1 |
2057 |
prints them capitalized. |
2058 |
.Pp |
2059 |
-The options are as follows: |
2060 |
-.Bl -tag -width Ds |
2061 |
-.It Fl n Ar count |
2062 |
-Prints out |
2063 |
+The |
2064 |
+.Fl n Ar count |
2065 |
+argument asks for |
2066 |
.Ar count |
2067 |
-one-time passwords. |
2068 |
-The default is to print one. |
2069 |
-.It Fl p Ar password |
2070 |
-Uses |
2071 |
-.Ar password |
2072 |
-as the secret password. |
2073 |
-Use of this option is discouraged as |
2074 |
-your secret password could be visible in a process listing. |
2075 |
-.It Fl x |
2076 |
-Causes output to be in hexadecimal instead of ASCII. |
2077 |
-.It Fl md4 |
2078 |
-Selects MD4 as the hash algorithm. |
2079 |
-.It Fl md5 |
2080 |
-Selects MD5 as the hash algorithm. |
2081 |
-.It Fl sha1 |
2082 |
-Selects SHA-1 (NIST Secure Hash Algorithm Revision 1) as the hash algorithm. |
2083 |
-.It Fl rmd160 |
2084 |
-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm. |
2085 |
-.El |
2086 |
+password sequences to be printed out ending with the requested |
2087 |
+sequence number. |
2088 |
+.Pp |
2089 |
+The hash algorithm is selected using the |
2090 |
+.Fl t Ar hash |
2091 |
+option, possible choices here are md4, md5 or sha1. |
2092 |
+.Pp |
2093 |
+The |
2094 |
+.Fl p Ar password |
2095 |
+allows the user to specify the |
2096 |
+.Em S/Key |
2097 |
+password on the command line. |
2098 |
+.Pp |
2099 |
+To output the S/Key list in hexadecimal instead of words, |
2100 |
+use the |
2101 |
+.Fl x |
2102 |
+option. |
2103 |
.Sh EXAMPLES |
2104 |
-.sp 0 |
2105 |
- % skey 99 th91334 |
2106 |
-.sp 0 |
2107 |
- Enter secret password: <your secret password is entered here> |
2108 |
-.sp 0 |
2109 |
- OMEN US HORN OMIT BACK AHOY |
2110 |
-.sp 0 |
2111 |
- % |
2112 |
+Initialize generation of one time passwords: |
2113 |
+.Bd -literal -offset indent |
2114 |
+host% skeyinit |
2115 |
+Password: \*[Lt]normal login password\*[Gt] |
2116 |
+[Adding username] |
2117 |
+Enter secret password: \*[Lt]new secret password\*[Gt] |
2118 |
+Again secret password: \*[Lt]new secret password again\*[Gt] |
2119 |
+ID username s/key is 99 host12345 |
2120 |
+Next login password: SOME SIX WORDS THAT WERE COMPUTED |
2121 |
+.Ed |
2122 |
+.Pp |
2123 |
+Produce a list of one time passwords to take with to a conference: |
2124 |
+.Bd -literal -offset indent |
2125 |
+host% skey -n 3 99 host12345 |
2126 |
+Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt] |
2127 |
+97: NOSE FOOT RUSH FEAR GREY JUST |
2128 |
+98: YAWN LEO DEED BIND WACK BRAE |
2129 |
+99: SOME SIX WORDS THAT WERE COMPUTED |
2130 |
+.Ed |
2131 |
+.Pp |
2132 |
+Logging in to a host where |
2133 |
+.Nm |
2134 |
+is installed: |
2135 |
+.Bd -literal -offset indent |
2136 |
+host% telnet host |
2137 |
+ |
2138 |
+login: \*[Lt]username\*[Gt] |
2139 |
+Password [s/key 97 host12345]: |
2140 |
+.Ed |
2141 |
+.Pp |
2142 |
+Note that the user can use either his/her |
2143 |
+.Em S/Key |
2144 |
+password at the prompt but also the normal one unless the |
2145 |
+.Fl s |
2146 |
+flag is given to |
2147 |
+.Xr login 1 . |
2148 |
.Sh SEE ALSO |
2149 |
.Xr login 1 , |
2150 |
+.Xr skeyaudit 1 , |
2151 |
.Xr skeyinfo 1 , |
2152 |
-.Xr skeyinit 1 |
2153 |
+.Xr skeyinit 1 , |
2154 |
+.Xr ftpd 8 |
2155 |
.Pp |
2156 |
-.Em RFC1938 |
2157 |
+.Em RFC 2289 |
2158 |
.Sh TRADEMARKS AND PATENTS |
2159 |
-S/Key is a Trademark of Bellcore. |
2160 |
+.Em S/Key |
2161 |
+is a trademark of |
2162 |
+.Tn Bellcore . |
2163 |
.Sh AUTHORS |
2164 |
-Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin |
2165 |
+Phil Karn, |
2166 |
+Neil M. Haller, |
2167 |
+John S. Walden, |
2168 |
+Scott Chasin |
2169 |
--- skey-1.1.5.orig/skey.3 1970-01-01 01:00:00.000000000 +0100 |
2170 |
+++ skey-1.1.5/skey.3 2003-11-06 17:46:45.000000000 +0000 |
2171 |
@@ -0,0 +1,264 @@ |
2172 |
+.\" $NetBSD: skey.3,v 1.8 2003/06/06 13:42:50 wiz Exp $ |
2173 |
+.\" |
2174 |
+.\" Copyright (c) 2001 The NetBSD Foundation, Inc. |
2175 |
+.\" All rights reserved. |
2176 |
+.\" |
2177 |
+.\" This code is derived from software contributed to The NetBSD Foundation |
2178 |
+.\" by Gregory McGarry. |
2179 |
+.\" |
2180 |
+.\" Redistribution and use in source and binary forms, with or without |
2181 |
+.\" modification, are permitted provided that the following conditions |
2182 |
+.\" are met: |
2183 |
+.\" 1. Redistributions of source code must retain the above copyright |
2184 |
+.\" notice, this list of conditions and the following disclaimer. |
2185 |
+.\" 2. Redistributions in binary form must reproduce the above copyright |
2186 |
+.\" notice, this list of conditions and the following disclaimer in the |
2187 |
+.\" documentation and/or other materials provided with the distribution. |
2188 |
+.\" 3. All advertising materials mentioning features or use of this software |
2189 |
+.\" must display the following acknowledgement: |
2190 |
+.\" This product includes software developed by the NetBSD |
2191 |
+.\" Foundation, Inc. and its contributors. |
2192 |
+.\" 4. Neither the name of The NetBSD Foundation nor the names of its |
2193 |
+.\" contributors may be used to endorse or promote products derived |
2194 |
+.\" from this software without specific prior written permission. |
2195 |
+.\" |
2196 |
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
2197 |
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
2198 |
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
2199 |
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
2200 |
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
2201 |
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
2202 |
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
2203 |
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
2204 |
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
2205 |
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
2206 |
+.\" POSSIBILITY OF SUCH DAMAGE. |
2207 |
+.\" |
2208 |
+.Dd November 10, 2001 |
2209 |
+.Dt SKEY 3 |
2210 |
+.Os |
2211 |
+.Sh NAME |
2212 |
+.Nm skey , |
2213 |
+.Nm skeychallenge , |
2214 |
+.Nm skeylookup , |
2215 |
+.Nm skeygetnext , |
2216 |
+.Nm skeyverify , |
2217 |
+.Nm skeyzero , |
2218 |
+.Nm getskeyprompt , |
2219 |
+.Nm skey_set_algorithm , |
2220 |
+.Nm skey_get_algorithm , |
2221 |
+.Nm skey_haskey , |
2222 |
+.Nm skey_keyinfo , |
2223 |
+.Nm skey_passcheck , |
2224 |
+.Nm skey_authenticate |
2225 |
+.Nd one-time password (OTP) library |
2226 |
+.Sh LIBRARY |
2227 |
+S/key One-Time Password Library (libskey, -lskey) |
2228 |
+.Sh SYNOPSIS |
2229 |
+.In skey.h |
2230 |
+.Ft int |
2231 |
+.Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \ |
2232 |
+"size_t sslen" |
2233 |
+.Ft int |
2234 |
+.Fn skeylookup "struct skey *mp" "const char *name" |
2235 |
+.Ft int |
2236 |
+.Fn skeygetnext "struct skey *mp" |
2237 |
+.Ft int |
2238 |
+.Fn skeyverify "struct skey *mp" "char *response" |
2239 |
+.Ft int |
2240 |
+.Fn skeyzero "struct skey *mp" "char *response" |
2241 |
+.Ft int |
2242 |
+.Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt" |
2243 |
+.Ft const char * |
2244 |
+.Fn skey_set_algorithm "const char *new" |
2245 |
+.Ft const char * |
2246 |
+.Fn skey_get_algorithm "void" |
2247 |
+.Ft int |
2248 |
+.Fn skey_haskey "const char *username" |
2249 |
+.Ft const char * |
2250 |
+.Fn skey_keyinfo "const char *username" |
2251 |
+.Ft int |
2252 |
+.Fn skey_passcheck "const char *username" "char *passwd" |
2253 |
+.Ft int |
2254 |
+.Fn skey_authenticate "const char *username" |
2255 |
+.Ft void |
2256 |
+.Fn f "char *x" |
2257 |
+.Ft int |
2258 |
+.Fn keycrunch "char *result" "const char *seed" "const char *passwd" |
2259 |
+.Ft void |
2260 |
+.Fn rip "char *buf" |
2261 |
+.Ft char * |
2262 |
+.Fn readpass "char *buf " "int n" |
2263 |
+.Ft char * |
2264 |
+.Fn readskey "char *buf" "int n" |
2265 |
+.Ft int |
2266 |
+.Fn atob8 "char *out" "const char *in" |
2267 |
+.Ft int |
2268 |
+.Fn btoa8 "char *out" "const char *in" |
2269 |
+.Ft int |
2270 |
+.Fn htoi "int c" |
2271 |
+.Ft const char * |
2272 |
+.Fn skipspace "const char *cp" |
2273 |
+.Ft void |
2274 |
+.Fn backspace "char *buf" |
2275 |
+.Ft void |
2276 |
+.Fn sevenbit "char *buf" |
2277 |
+.Ft char * |
2278 |
+.Fn btoe "char *engout" "const char *c" |
2279 |
+.Ft int |
2280 |
+.Fn etob "char *out" "const char *e" |
2281 |
+.Ft char * |
2282 |
+.Fn put8 "char *out" "const char *s" |
2283 |
+.Sh DESCRIPTION |
2284 |
+The |
2285 |
+.Nm |
2286 |
+library provides routines for accessing |
2287 |
+.Nx Ns 's |
2288 |
+one-time password (OTP) authentication system. |
2289 |
+.Pp |
2290 |
+Most S/Key operations take a pointer to a |
2291 |
+.Em struct skey , |
2292 |
+which should be considered as an opaque identifier. |
2293 |
+.Sh FUNCTIONS |
2294 |
+The following high-level functions are available: |
2295 |
+.Bl -tag -width compact |
2296 |
+.It Fn skeychallenge "mp" "name" "ss" "sslen" |
2297 |
+Return a S/Key challenge for user |
2298 |
+.Fa name . |
2299 |
+If successful, the caller's skey structure |
2300 |
+.Fa mp |
2301 |
+is filled and 0 is returned. |
2302 |
+If unsuccessful (e.g. if name is unknown), |
2303 |
+\-1 is returned. |
2304 |
+.It Fn skeylookup "mp" "name" |
2305 |
+Find an entry for user |
2306 |
+.Fa name |
2307 |
+in the one-time password database. |
2308 |
+Returns 0 if the entry is found and 1 if the entry is not found. |
2309 |
+If an error occurs accessing the database, \-1 is returned. |
2310 |
+.It Fn skeygetnext "mp" |
2311 |
+Get the next entry in the one-time password database. |
2312 |
+Returns 0 on success and the entry is stored in |
2313 |
+.Ar mp |
2314 |
+and 1 if no more entries are available. |
2315 |
+If an error occurs accessing the database, \-1 is returned. |
2316 |
+.It Fn skeyverify "mp" "response" |
2317 |
+Verify response |
2318 |
+.Fa response |
2319 |
+to a S/Key challenge. |
2320 |
+Returns 0 if the verification is successful and 1 if the verification failed. |
2321 |
+If an error occurs accessing the database, \-1 is returned. |
2322 |
+.It Fn skeyzero "mp" "response" |
2323 |
+Comment out user's entry in the S/Key database. |
2324 |
+Returns 0 on success and the database is updated, |
2325 |
+otherwise \-1 is returned and the database remains unchanged. |
2326 |
+.It Fn getskeyprompt "mp" "name" "prompt" |
2327 |
+Issue a S/Key challenge for user |
2328 |
+.Ar name . |
2329 |
+If successful, fill in the caller's skey structure |
2330 |
+.Fa mp |
2331 |
+and return 0. |
2332 |
+If unsuccessful (e.g. if name is unknown) \-1 is returned. |
2333 |
+.El |
2334 |
+.Pp |
2335 |
+The following lower-level functions are available: |
2336 |
+.Bl -tag -width compact |
2337 |
+.It Fn skey_set_algorithm "new" |
2338 |
+Set hash algorithm type. |
2339 |
+Valid values for |
2340 |
+.Fa new |
2341 |
+are "md4", "md5" and "sha1". |
2342 |
+.It Fn skey_get_algorithm "void" |
2343 |
+Get current hash type. |
2344 |
+.It Fn skey_haskey "username" |
2345 |
+Returns 0 if the user |
2346 |
+.Fa username |
2347 |
+exists and 1 if the user doesn't exist. |
2348 |
+Returns \-1 on file error. |
2349 |
+.It Fn skey_keyinfo "username" |
2350 |
+Returns the current sequence number and seed for user |
2351 |
+.Ar username . |
2352 |
+.It Fn skey_passcheck "username" "passwd" |
2353 |
+Checks to see if answer is the correct one to the current challenge. |
2354 |
+.It Fn skey_authenticate "username" |
2355 |
+Used when calling program will allow input of the user's response to |
2356 |
+the challenge. |
2357 |
+Returns zero on success or \-1 on failure. |
2358 |
+.El |
2359 |
+.Pp |
2360 |
+The following miscellaneous functions are available: |
2361 |
+.Bl -tag -width compact |
2362 |
+.It Fn f "x" |
2363 |
+One-way function to take 8 bytes pointed to by |
2364 |
+.Fa x |
2365 |
+and return 8 bytes in place. |
2366 |
+.It Fn keycrunch "char *result" "const char *seed" "const char *passwd" |
2367 |
+Crunch a key. |
2368 |
+.It Fn rip "buf" |
2369 |
+Strip trailing CR/LF characters from a line of text |
2370 |
+.Fa buf . |
2371 |
+.It Fn readpass "buf" "n" |
2372 |
+Read in secret passwd (turns off echo). |
2373 |
+.It Fn readskey "buf" "n" |
2374 |
+Read in an s/key OTP (does not turn off echo). |
2375 |
+.It Fn atob8 "out" "in" |
2376 |
+Convert 8-byte hex-ascii string |
2377 |
+.Fa in |
2378 |
+to binary array |
2379 |
+.Fa out . |
2380 |
+Returns 0 on success, \-1 on error. |
2381 |
+.It Fn btoa8 "out" "in" |
2382 |
+Convert 8-byte binary array |
2383 |
+.Fa in |
2384 |
+to hex-ascii string |
2385 |
+.Fa out . |
2386 |
+Returns 0 on success, \-1 on error. |
2387 |
+.It Fn htoi "int c" |
2388 |
+Convert hex digit to binary integer. |
2389 |
+.It Fn skipspace "cp" |
2390 |
+Skip leading spaces from the string |
2391 |
+.Fa cp . |
2392 |
+.It Fn backspace "buf" |
2393 |
+Remove backspaced over characters from the string |
2394 |
+.Fa buf . |
2395 |
+.It Fn sevenbit "buf" |
2396 |
+Ensure line |
2397 |
+.Fa buf |
2398 |
+is all seven bits. |
2399 |
+.It Fn btoe "engout" "c" |
2400 |
+Encode 8 bytes in |
2401 |
+.Ar c |
2402 |
+as a string of English words. |
2403 |
+Returns a pointer to a static buffer in |
2404 |
+.Fa engout . |
2405 |
+.It Fn etob "out" "e" |
2406 |
+Convert English to binary. |
2407 |
+Returns 0 if the word is not in the database, 1 if all good words and |
2408 |
+parity is valid, \-1 if badly formed input (i.e. \*[Gt] 4 char word) |
2409 |
+and -2 if words are valid but parity is wrong. |
2410 |
+.It Fn put8 "out" "s" |
2411 |
+Display 8 bytes |
2412 |
+.Fa s |
2413 |
+as a series of 16-bit hex digits. |
2414 |
+.El |
2415 |
+.Sh FILES |
2416 |
+.Bl -tag -width /usr/lib/libskey_p.a -compact |
2417 |
+.It Pa /usr/lib/libskey.a |
2418 |
+static skey library |
2419 |
+.It Pa /usr/lib/libskey.so |
2420 |
+dynamic skey library |
2421 |
+.It Pa /usr/lib/libskey_p.a |
2422 |
+static skey library compiled for profiling |
2423 |
+.El |
2424 |
+.Sh SEE ALSO |
2425 |
+.Xr skey 1 , |
2426 |
+.Xr skeyaudit 1 , |
2427 |
+.Xr skeyinfo 1 |
2428 |
+.Sh BUGS |
2429 |
+The |
2430 |
+.Nm |
2431 |
+library functions are not re-entrant or thread-safe. |
2432 |
+.Pp |
2433 |
+The |
2434 |
+.Nm |
2435 |
+library defines many poorly named functions which pollute the name space. |
2436 |
--- skey-1.1.5.orig/skeyaudit.1 2001-05-10 17:10:49.000000000 +0100 |
2437 |
+++ skey-1.1.5/skeyaudit.1 2003-11-06 17:46:45.000000000 +0000 |
2438 |
@@ -1,46 +1,29 @@ |
2439 |
-.\" $OpenBSD: skeyaudit.1,v 1.8 2000/11/09 17:52:38 aaron Exp $ |
2440 |
+.\" $NetBSD: skeyaudit.1,v 1.6 2001/04/09 12:34:14 wiz Exp $ |
2441 |
.\" |
2442 |
-.Dd 22 July 1997 |
2443 |
+.Dd June 9, 1994 |
2444 |
.Dt SKEYAUDIT 1 |
2445 |
.Os |
2446 |
.Sh NAME |
2447 |
.Nm skeyaudit |
2448 |
.Nd warn users if their S/Key will soon expire |
2449 |
.Sh SYNOPSIS |
2450 |
-.Nm skeyaudit |
2451 |
-.Op Fl a |
2452 |
-.Op Fl i |
2453 |
-.Op Fl l Ar limit |
2454 |
+.Nm |
2455 |
+.Op Ar limit |
2456 |
.Sh DESCRIPTION |
2457 |
.Nm |
2458 |
searches through the file |
2459 |
-.Pa /etc/skeykeys |
2460 |
+.Dq Pa /etc/skey/skeykeys |
2461 |
for users whose S/Key sequence number is less than |
2462 |
.Ar limit , |
2463 |
-and mails them a reminder to run |
2464 |
+and sends them a reminder to run |
2465 |
.Xr skeyinit 1 |
2466 |
-soon. |
2467 |
-.Pp |
2468 |
-The options are as follows: |
2469 |
-.Bl -tag -width Ds |
2470 |
-.It Fl a |
2471 |
-Check all keys in |
2472 |
-.Pa /etc/skeykeys . |
2473 |
-This option is only available to the superuser and |
2474 |
-is useful to run regularly via |
2475 |
-.Xr cron 8 . |
2476 |
-.It Fl i |
2477 |
-Interactive mode. |
2478 |
-Don't send mail, just print to the standard output. |
2479 |
-.It Fl l Ar limit |
2480 |
-The limit used to determine whether or not a user should be notified. |
2481 |
-The default is to notify if there are fewer than 12 keys left. |
2482 |
-.El |
2483 |
+soon. If no limit is specified a default of 12 is used. |
2484 |
.Sh FILES |
2485 |
-.Bl -tag -width /etc/skeykeys -compact |
2486 |
-.It Pa /etc/skeykeys |
2487 |
-S/Key key information database |
2488 |
+.Bl -tag -width /etc/skey/skeykeys -compact |
2489 |
+.It Pa /etc/skey/skeykeys |
2490 |
+The S/Key key information database |
2491 |
.El |
2492 |
.Sh SEE ALSO |
2493 |
.Xr skey 1 , |
2494 |
+.Xr skeyinfo 1 , |
2495 |
.Xr skeyinit 1 |
2496 |
--- skey-1.1.5.orig/skeyaudit.c 2001-05-10 17:10:49.000000000 +0100 |
2497 |
+++ skey-1.1.5/skeyaudit.c 1970-01-01 01:00:00.000000000 +0100 |
2498 |
@@ -1,236 +0,0 @@ |
2499 |
-/* $OpenBSD: skeyaudit.c,v 1.10 2000/09/20 21:53:49 pjanzen Exp $ */ |
2500 |
- |
2501 |
-/* |
2502 |
- * Copyright (c) 1997, 2000 Todd C. Miller <Todd.Miller@×××××××××.com> |
2503 |
- * All rights reserved. |
2504 |
- * |
2505 |
- * Redistribution and use in source and binary forms, with or without |
2506 |
- * modification, are permitted provided that the following conditions |
2507 |
- * are met: |
2508 |
- * 1. Redistributions of source code must retain the above copyright |
2509 |
- * notice, this list of conditions and the following disclaimer. |
2510 |
- * 2. Redistributions in binary form must reproduce the above copyright |
2511 |
- * notice, this list of conditions and the following disclaimer in the |
2512 |
- * documentation and/or other materials provided with the distribution. |
2513 |
- * 3. The name of the author may not be used to endorse or promote products |
2514 |
- * derived from this software without specific prior written permission. |
2515 |
- * |
2516 |
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, |
2517 |
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY |
2518 |
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL |
2519 |
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
2520 |
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
2521 |
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
2522 |
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
2523 |
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
2524 |
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
2525 |
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
2526 |
- */ |
2527 |
- |
2528 |
-#include <errno.h> |
2529 |
-/*#include <limits.h>*/ |
2530 |
-#include <pwd.h> |
2531 |
-#include <stdio.h> |
2532 |
-#include <stdlib.h> |
2533 |
-#include <string.h> |
2534 |
-#include <unistd.h> |
2535 |
-#include <netdb.h> |
2536 |
-#include "config.h" |
2537 |
-#ifdef HAVE_ERR_H |
2538 |
-#include <err.h> |
2539 |
-#else |
2540 |
-#include "err.h" |
2541 |
-#endif |
2542 |
-#include "skey.h" |
2543 |
- |
2544 |
-#include <sys/types.h> |
2545 |
-#include <sys/param.h> |
2546 |
-#include <sys/wait.h> |
2547 |
- |
2548 |
-#ifdef HAVE_LOGIN_CAP_H |
2549 |
-# include <login_cap.h> |
2550 |
-#else |
2551 |
-# include "login_cap.h" |
2552 |
-#endif |
2553 |
- |
2554 |
-char *__progname; |
2555 |
- |
2556 |
-void notify __P((struct passwd *, int, int)); |
2557 |
-FILE *runsendmail __P((struct passwd *, int *)); |
2558 |
-void usage __P((void)); |
2559 |
- |
2560 |
-int |
2561 |
-main(argc, argv) |
2562 |
- int argc; |
2563 |
- char **argv; |
2564 |
-{ |
2565 |
- struct passwd *pw; |
2566 |
- struct skey key; |
2567 |
- int ch, errs = 0, left = 0, aflag = 0, iflag = 0, limit = 12; |
2568 |
- char *name; |
2569 |
- |
2570 |
- __progname = argv[0]; |
2571 |
- |
2572 |
- if (geteuid() != 0) |
2573 |
- errx(1, "must be setuid root"); |
2574 |
- |
2575 |
- while ((ch = getopt(argc, argv, "ail:")) != -1) |
2576 |
- switch(ch) { |
2577 |
- case 'a': |
2578 |
- aflag = 1; |
2579 |
- if (getuid() != 0) |
2580 |
- errx(1, "only root may use the -a flag"); |
2581 |
- break; |
2582 |
- case 'i': |
2583 |
- iflag = 1; |
2584 |
- break; |
2585 |
- case 'l': |
2586 |
- errno = 0; |
2587 |
- if ((limit = (int)strtol(optarg, NULL, 10)) == 0) |
2588 |
- errno = ERANGE; |
2589 |
- if (errno) { |
2590 |
- warn("key limit"); |
2591 |
- usage(); |
2592 |
- } |
2593 |
- break; |
2594 |
- default: |
2595 |
- usage(); |
2596 |
- } |
2597 |
- |
2598 |
- if (argc - optind > 0) |
2599 |
- usage(); |
2600 |
- |
2601 |
- /* Need key.keyfile zero'd at the very least */ |
2602 |
- (void)memset(&key, 0, sizeof(key)); |
2603 |
- |
2604 |
- if (aflag) { |
2605 |
- while ((ch = skeygetnext(&key)) == 0) { |
2606 |
- left = key.n - 1; |
2607 |
- if ((pw = getpwnam(key.logname)) == NULL) |
2608 |
- continue; |
2609 |
- if (left >= limit) |
2610 |
- continue; |
2611 |
- notify(pw, left, iflag); |
2612 |
- } |
2613 |
- if (ch == -1) |
2614 |
- errx(-1, "cannot open %s", SKEYKEYS); |
2615 |
- else |
2616 |
- (void)fclose(key.keyfile); |
2617 |
- } else { |
2618 |
- if ((pw = getpwuid(getuid())) == NULL) |
2619 |
- errx(1, "no passwd entry for uid %u", getuid()); |
2620 |
- if ((name = strdup(pw->pw_name)) == NULL) |
2621 |
- err(1, "cannot allocate memory"); |
2622 |
- sevenbit(name); |
2623 |
- |
2624 |
- errs = skeylookup(&key, name); |
2625 |
- switch (errs) { |
2626 |
- case 0: /* Success! */ |
2627 |
- left = key.n - 1; |
2628 |
- break; |
2629 |
- case -1: /* File error */ |
2630 |
- errx(errs, "cannot open %s", SKEYKEYS); |
2631 |
- break; |
2632 |
- case 1: /* Unknown user */ |
2633 |
- warnx("%s is not listed in %s", name, |
2634 |
- SKEYKEYS); |
2635 |
- } |
2636 |
- (void)fclose(key.keyfile); |
2637 |
- |
2638 |
- if (!errs && left < limit) |
2639 |
- notify(pw, left, iflag); |
2640 |
- } |
2641 |
- |
2642 |
- exit(errs); |
2643 |
-} |
2644 |
- |
2645 |
-void |
2646 |
-notify(pw, seq, interactive) |
2647 |
- struct passwd *pw; |
2648 |
- int seq; |
2649 |
- int interactive; |
2650 |
-{ |
2651 |
- static char hostname[MAXHOSTNAMELEN]; |
2652 |
- int pid; |
2653 |
- FILE *out; |
2654 |
- |
2655 |
- /* Only set this once */ |
2656 |
- if (hostname[0] == '\0' && gethostname(hostname, sizeof(hostname)) == -1) |
2657 |
- strcpy(hostname, "unknown"); |
2658 |
- |
2659 |
- if (interactive) |
2660 |
- out = stdout; |
2661 |
- else |
2662 |
- out = runsendmail(pw, &pid); |
2663 |
- |
2664 |
- if (!interactive) |
2665 |
- (void)fprintf(out, |
2666 |
- "To: %s\nSubject: IMPORTANT action required\n", pw->pw_name); |
2667 |
- |
2668 |
- if (seq) |
2669 |
- (void)fprintf(out, |
2670 |
-"\nYou are nearing the end of your current S/Key sequence for account\n\ |
2671 |
-%s on system %s.\n\n\ |
2672 |
-Your S/Key sequence number is now %d. When it reaches zero\n\ |
2673 |
-you will no longer be able to use S/Key to log into the system.\n\n", |
2674 |
-pw->pw_name, hostname, seq); |
2675 |
- else |
2676 |
- (void)fprintf(out, |
2677 |
-"\nYou are at the end of your current S/Key sequence for account\n\ |
2678 |
-%s on system %s.\n\n\ |
2679 |
-At this point you can no longer use S/Key to log into the system.\n\n", |
2680 |
-pw->pw_name, hostname); |
2681 |
- (void)fprintf(out, |
2682 |
-"Type \"skeyinit -s\" to reinitialize your sequence number.\n\n"); |
2683 |
- |
2684 |
- (void)fclose(out); |
2685 |
- if (!interactive) |
2686 |
- (void)waitpid(pid, NULL, 0); |
2687 |
-} |
2688 |
- |
2689 |
-FILE * |
2690 |
-runsendmail(pw, pidp) |
2691 |
- struct passwd *pw; |
2692 |
- int *pidp; |
2693 |
-{ |
2694 |
- FILE *fp; |
2695 |
- int pfd[2], pid; |
2696 |
- |
2697 |
- if (pipe(pfd) < 0) |
2698 |
- return(NULL); |
2699 |
- |
2700 |
- switch (pid = fork()) { |
2701 |
- case -1: /* fork(2) failed */ |
2702 |
- (void)close(pfd[0]); |
2703 |
- (void)close(pfd[1]); |
2704 |
- return(NULL); |
2705 |
- case 0: /* In child */ |
2706 |
- (void)close(pfd[1]); |
2707 |
- (void)dup2(pfd[0], STDIN_FILENO); |
2708 |
- (void)close(pfd[0]); |
2709 |
- |
2710 |
- /* Run sendmail as target user not root */ |
2711 |
- if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) { |
2712 |
- warn("cannot set user context"); |
2713 |
- _exit(127); |
2714 |
- } |
2715 |
- |
2716 |
- execl(SENDMAIL, "sendmail", "-t", NULL); |
2717 |
- warn("cannot run \"%s -t\"", SENDMAIL); |
2718 |
- _exit(127); |
2719 |
- } |
2720 |
- |
2721 |
- /* In parent */ |
2722 |
- *pidp = pid; |
2723 |
- fp = fdopen(pfd[1], "w"); |
2724 |
- (void)close(pfd[0]); |
2725 |
- |
2726 |
- return(fp); |
2727 |
-} |
2728 |
-void |
2729 |
-usage() |
2730 |
-{ |
2731 |
- (void)fprintf(stderr, "Usage: %s [-i] [-l limit]\n", |
2732 |
- __progname); |
2733 |
- exit(1); |
2734 |
-} |
2735 |
--- skey-1.1.5.orig/skeyaudit.sh 1970-01-01 01:00:00.000000000 +0100 |
2736 |
+++ skey-1.1.5/skeyaudit.sh 2003-11-06 17:46:45.000000000 +0000 |
2737 |
@@ -0,0 +1,58 @@ |
2738 |
+#!/bin/sh |
2739 |
+# |
2740 |
+# $NetBSD: skeyaudit.sh,v 1.2.12.2 2000/07/28 12:42:59 mjl Exp $ |
2741 |
+# |
2742 |
+# This script will look thru the skeykeys file for |
2743 |
+# people with sequence numbers less than LOWLIMIT=12 |
2744 |
+# and send them an e-mail reminder to use skeyinit soon |
2745 |
+# |
2746 |
+ |
2747 |
+KEYDB=/etc/skey/skeykeys |
2748 |
+LOWLIMIT=12 |
2749 |
+ADMIN=root |
2750 |
+SUBJECT="Reminder: Run skeyinit" |
2751 |
+HOST=`/bin/hostname` |
2752 |
+ |
2753 |
+ |
2754 |
+if [ "$1" != "" ] |
2755 |
+then |
2756 |
+ LOWLIMIT=$1 |
2757 |
+fi |
2758 |
+ |
2759 |
+if [ ! -s "${KEYDB}" ]; then |
2760 |
+ exit 0 |
2761 |
+fi |
2762 |
+ |
2763 |
+# an skeykeys entry looks like |
2764 |
+# jsw 0076 la13079 ba20a75528de9d3a |
2765 |
+# #oot md5 0005 aspa26398 9432d570ff4421f0 Jul 07,2000 01:36:43 |
2766 |
+# mjl sha1 0099 alpha2 459a5dac23d20a90 Jul 07,2000 02:14:17 |
2767 |
+# the sequence number is the second (or third) entry |
2768 |
+# |
2769 |
+ |
2770 |
+SKEYS=`awk '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB` |
2771 |
+ |
2772 |
+set -- ${SKEYS} |
2773 |
+ |
2774 |
+while [ "X$1" != "X" ]; do |
2775 |
+ USER=$1 |
2776 |
+ SEQ=$2 |
2777 |
+ KEY=$3 |
2778 |
+ shift 3 |
2779 |
+ # echo "$USER -- $SEQ -- $KEY" |
2780 |
+ if [ $SEQ -lt $LOWLIMIT ]; then |
2781 |
+ if [ $SEQ -lt 3 ]; then |
2782 |
+ SUBJECT="IMPORTANT action required" |
2783 |
+ fi |
2784 |
+ ( |
2785 |
+ echo "You are nearing the end of your current S/Key sequence for account $i" |
2786 |
+ echo "on system $HOST." |
2787 |
+ echo "" |
2788 |
+ echo "Your S/key sequence number is now $SEQ. When it reaches zero you" |
2789 |
+ echo "will no longer be able to use S/Key to login into the system. " |
2790 |
+ echo " " |
2791 |
+ echo "Use \"skeyinit -s\" to reinitialize your sequence number." |
2792 |
+ echo "" |
2793 |
+ ) | mail -s "$SUBJECT" $USER $ADMIN |
2794 |
+ fi |
2795 |
+done |
2796 |
--- skey-1.1.5.orig/skey.c 2001-05-10 17:10:49.000000000 +0100 |
2797 |
+++ skey-1.1.5/skey.c 2003-11-06 17:46:45.000000000 +0000 |
2798 |
@@ -25,6 +25,7 @@ |
2799 |
#include <stdlib.h> |
2800 |
#include <string.h> |
2801 |
#include <unistd.h> |
2802 |
+#include <ctype.h> |
2803 |
#include "config.h" |
2804 |
|
2805 |
#ifdef HAVE_ERR_H |
2806 |
@@ -35,102 +36,93 @@ |
2807 |
|
2808 |
#include "skey.h" |
2809 |
|
2810 |
-void usage __P((char *)); |
2811 |
+int main(int, char **); |
2812 |
+void usage(char *); |
2813 |
|
2814 |
int |
2815 |
-main(argc, argv) |
2816 |
- int argc; |
2817 |
- char *argv[]; |
2818 |
+main(int argc, char **argv) |
2819 |
{ |
2820 |
- int n, i, cnt = 1, pass = 0, hexmode = 0; |
2821 |
- char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE]; |
2822 |
- char buf[33], *seed, *slash; |
2823 |
- |
2824 |
- /* If we were called as otp-METHOD, set algorithm based on that */ |
2825 |
- if ((slash = strrchr(argv[0], '/'))) |
2826 |
- slash++; |
2827 |
- else |
2828 |
- slash = argv[0]; |
2829 |
- if (strncmp(slash, "otp-", 4) == 0) { |
2830 |
- slash += 4; |
2831 |
- if (skey_set_algorithm(slash) == NULL) |
2832 |
- errx(1, "Unknown hash algorithm %s", slash); |
2833 |
- } |
2834 |
- |
2835 |
- for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) { |
2836 |
- if (argv[i][2] == '\0') { |
2837 |
- /* Single character switch */ |
2838 |
- switch (argv[i][1]) { |
2839 |
+ int n, cnt = 1, i, pass = 0, hexmode = 0; |
2840 |
+ char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE]; |
2841 |
+ char buf[33], *seed, *slash, *t; |
2842 |
+ |
2843 |
+ while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) { |
2844 |
+ switch(i) { |
2845 |
+ case 'f': |
2846 |
+ break; /* unused */ |
2847 |
case 'n': |
2848 |
- if (i + 1 == argc) |
2849 |
- usage(argv[0]); |
2850 |
- cnt = atoi(argv[++i]); |
2851 |
+ cnt = atoi(optarg); |
2852 |
break; |
2853 |
case 'p': |
2854 |
- if (i + 1 == argc) |
2855 |
- usage(argv[0]); |
2856 |
- if (strlcpy(passwd, argv[++i], sizeof(passwd)) >= |
2857 |
- sizeof(passwd)) |
2858 |
- errx(1, "Password too long"); |
2859 |
+ if (strncpy(passwd, optarg, sizeof(passwd)) == NULL) |
2860 |
+ errx(1, "Password too long"); |
2861 |
pass = 1; |
2862 |
break; |
2863 |
+ case 't': |
2864 |
+ if (skey_set_algorithm(optarg) == NULL) |
2865 |
+ errx(1, "Unknown hash algorithm %s", optarg); |
2866 |
+ break; |
2867 |
case 'x': |
2868 |
hexmode = 1; |
2869 |
break; |
2870 |
default: |
2871 |
usage(argv[0]); |
2872 |
- } |
2873 |
- } else { |
2874 |
- /* Multi character switches are hash types */ |
2875 |
- if (skey_set_algorithm(&argv[i][1]) == NULL) { |
2876 |
- warnx("Unknown hash algorithm %s", &argv[i][1]); |
2877 |
- usage(argv[0]); |
2878 |
- } |
2879 |
+ break; |
2880 |
} |
2881 |
- i++; |
2882 |
} |
2883 |
|
2884 |
- if (argc > i + 2) |
2885 |
- usage(argv[0]); |
2886 |
- |
2887 |
- /* Could be in the form <number>/<seed> */ |
2888 |
- if (argc <= i + 1) { |
2889 |
+ /* could be in the form <number>/<seed> */ |
2890 |
+ if (argc <= optind + 1) { |
2891 |
/* look for / in it */ |
2892 |
- if (argc <= i) |
2893 |
+ if (argc <= optind) |
2894 |
usage(argv[0]); |
2895 |
- slash = strchr(argv[i], '/'); |
2896 |
+ slash = strchr(argv[optind], '/'); |
2897 |
if (slash == NULL) |
2898 |
usage(argv[0]); |
2899 |
*slash++ = '\0'; |
2900 |
seed = slash; |
2901 |
|
2902 |
- if ((n = atoi(argv[i])) < 0) { |
2903 |
- warnx("%d not positive", n); |
2904 |
+ if ((n = atoi(argv[optind])) < 0) { |
2905 |
+ fprintf(stderr, "%s is not positive\n", argv[optind]); |
2906 |
usage(argv[0]); |
2907 |
} else if (n > SKEY_MAX_SEQ) { |
2908 |
warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ); |
2909 |
usage(argv[0]); |
2910 |
} |
2911 |
} else { |
2912 |
- if ((n = atoi(argv[i])) < 0) { |
2913 |
- warnx("%d not positive", n); |
2914 |
+ if ((n = atoi(argv[optind])) < 0) { |
2915 |
+ fprintf(stderr, "%s not positive\n", argv[optind]); |
2916 |
usage(argv[0]); |
2917 |
} else if (n > SKEY_MAX_SEQ) { |
2918 |
warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ); |
2919 |
usage(argv[0]); |
2920 |
} |
2921 |
- seed = argv[++i]; |
2922 |
+ seed = argv[++optind]; |
2923 |
+ } |
2924 |
+ |
2925 |
+ for (t = seed; *t; t++) { |
2926 |
+ if (!isalnum(*t)) |
2927 |
+ errx(1, "seed must be alphanumeric"); |
2928 |
} |
2929 |
|
2930 |
+ if (!*seed || strlen(seed) > SKEY_MAX_SEED_LEN) |
2931 |
+ errx(1, "seed must be between 1 and %d long", SKEY_MAX_SEED_LEN); |
2932 |
+ |
2933 |
/* Get user's secret password */ |
2934 |
if (!pass) { |
2935 |
- (void)fputs("Reminder - Do not use this program while logged in via telnet or rlogin.\n", stderr); |
2936 |
- (void)fputs("Enter secret password: ", stderr); |
2937 |
+ fputs("Reminder - Do not use this program while " |
2938 |
+ "logged in via telnet or rlogin.\n", stderr); |
2939 |
+ fprintf(stderr, "Enter secret password: "); |
2940 |
readpass(passwd, sizeof(passwd)); |
2941 |
if (passwd[0] == '\0') |
2942 |
exit(1); |
2943 |
} |
2944 |
|
2945 |
+ if (strlen(passwd) < SKEY_MIN_PW_LEN) |
2946 |
+ warnx( |
2947 |
+ "RFC2289 states that password should be at least %d characters long", |
2948 |
+ SKEY_MIN_PW_LEN); |
2949 |
+ |
2950 |
/* Crunch seed and password into starting key */ |
2951 |
if (keycrunch(key, seed, passwd) != 0) |
2952 |
errx(1, "key crunch failed"); |
2953 |
@@ -138,16 +130,15 @@ |
2954 |
if (cnt == 1) { |
2955 |
while (n-- != 0) |
2956 |
f(key); |
2957 |
- (void)puts(hexmode ? put8(buf, key) : btoe(buf, key)); |
2958 |
+ puts(hexmode ? put8(buf, key) : btoe(buf, key)); |
2959 |
} else { |
2960 |
for (i = 0; i <= n - cnt; i++) |
2961 |
f(key); |
2962 |
for (; i <= n; i++) { |
2963 |
+ printf("%3d: %-29s", i, btoe(buf, key)); |
2964 |
if (hexmode) |
2965 |
- (void)printf("%d: %-29s %s\n", i, |
2966 |
- btoe(buf, key), put8(buf, key)); |
2967 |
- else |
2968 |
- (void)printf("%d: %-29s\n", i, btoe(buf, key)); |
2969 |
+ printf("\t%s", put8(buf, key)); |
2970 |
+ puts(""); |
2971 |
f(key); |
2972 |
} |
2973 |
} |
2974 |
@@ -155,9 +146,10 @@ |
2975 |
} |
2976 |
|
2977 |
void |
2978 |
-usage(s) |
2979 |
- char *s; |
2980 |
+usage(char *s) |
2981 |
{ |
2982 |
- (void)fprintf(stderr, "Usage: %s [-x] [-md4|-md5|-sha1|-rmd160] [-n count] [-p password] <sequence#>[/] key\n", s); |
2983 |
+ fprintf(stderr, |
2984 |
+"Usage: %s [-n count] [-p password] [-t hash] [-x] sequence# [/] key\n", |
2985 |
+ s); |
2986 |
exit(1); |
2987 |
} |
2988 |
--- skey-1.1.5.orig/skey.h 2001-05-10 17:10:49.000000000 +0100 |
2989 |
+++ skey-1.1.5/skey.h 2003-11-06 17:46:45.000000000 +0000 |
2990 |
@@ -1,3 +1,5 @@ |
2991 |
+/* $NetBSD: skey.h,v 1.8 2000/07/28 16:35:11 thorpej Exp $ */ |
2992 |
+ |
2993 |
/* |
2994 |
* S/KEY v1.1b (skey.h) |
2995 |
* |
2996 |
@@ -11,86 +13,86 @@ |
2997 |
* Todd C. Miller <Todd.Miller@×××××××××.com> |
2998 |
* |
2999 |
* Main client header |
3000 |
- * |
3001 |
- * $OpenBSD: skey.h,v 1.13 1999/07/15 14:33:48 provos Exp $ |
3002 |
*/ |
3003 |
|
3004 |
/* Server-side data structure for reading keys file during login */ |
3005 |
-struct skey { |
3006 |
- FILE *keyfile; |
3007 |
- char buf[256]; |
3008 |
- char *logname; |
3009 |
- int n; |
3010 |
- char *seed; |
3011 |
- char *val; |
3012 |
- long recstart; /* needed so reread of buffer is efficient */ |
3013 |
+struct skey |
3014 |
+{ |
3015 |
+ FILE *keyfile; |
3016 |
+ char buf[256]; |
3017 |
+ char *logname; |
3018 |
+ int n; |
3019 |
+ char *seed; |
3020 |
+ char *val; |
3021 |
+ long recstart; /* needed so reread of buffer is efficient */ |
3022 |
}; |
3023 |
|
3024 |
/* Client-side structure for scanning data stream for challenge */ |
3025 |
-struct mc { |
3026 |
- char buf[256]; |
3027 |
- int skip; |
3028 |
- int cnt; |
3029 |
+struct mc |
3030 |
+{ |
3031 |
+ char buf[256]; |
3032 |
+ int skip; |
3033 |
+ int cnt; |
3034 |
}; |
3035 |
|
3036 |
/* Maximum sequence number we allow */ |
3037 |
#ifndef SKEY_MAX_SEQ |
3038 |
-#define SKEY_MAX_SEQ 10000 |
3039 |
+#define SKEY_MAX_SEQ 10000 |
3040 |
#endif |
3041 |
|
3042 |
-/* Minimum secret password length (rfc1938) */ |
3043 |
+/* Minimum secret password length (rfc2289) */ |
3044 |
#ifndef SKEY_MIN_PW_LEN |
3045 |
-#define SKEY_MIN_PW_LEN 10 |
3046 |
+#define SKEY_MIN_PW_LEN 10 |
3047 |
#endif |
3048 |
|
3049 |
-/* Max secret password length (rfc1938 says 63 but allows more) */ |
3050 |
+/* Max secret password length (rfc2289 says 63 but allows more) */ |
3051 |
#ifndef SKEY_MAX_PW_LEN |
3052 |
-#define SKEY_MAX_PW_LEN 255 |
3053 |
+#define SKEY_MAX_PW_LEN 255 |
3054 |
#endif |
3055 |
|
3056 |
-/* Max length of an S/Key seed (rfc1938) */ |
3057 |
+/* Max length of an S/Key seed (rfc2289) */ |
3058 |
#ifndef SKEY_MAX_SEED_LEN |
3059 |
-#define SKEY_MAX_SEED_LEN 16 |
3060 |
+#define SKEY_MAX_SEED_LEN 16 |
3061 |
#endif |
3062 |
|
3063 |
/* Max length of S/Key challenge (otp-???? 9999 seed) */ |
3064 |
#ifndef SKEY_MAX_CHALLENGE |
3065 |
-#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN) |
3066 |
+#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN) |
3067 |
#endif |
3068 |
|
3069 |
/* Max length of hash algorithm name (md4/md5/sha1/rmd160) */ |
3070 |
-#define SKEY_MAX_HASHNAME_LEN 6 |
3071 |
+#define SKEY_MAX_HASHNAME_LEN 6 |
3072 |
|
3073 |
/* Size of a binary key (not NULL-terminated) */ |
3074 |
-#define SKEY_BINKEY_SIZE 8 |
3075 |
+#define SKEY_BINKEY_SIZE 8 |
3076 |
|
3077 |
/* Location of random file for bogus challenges */ |
3078 |
-#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random" |
3079 |
+#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random" |
3080 |
|
3081 |
/* Prototypes */ |
3082 |
-void f(char *x); |
3083 |
-int keycrunch(char *result, char *seed, char *passwd); |
3084 |
-char *btoe(char *engout, char *c); |
3085 |
-char *put8(char *out, char *s); |
3086 |
-int etob(char *out, char *e); |
3087 |
-void rip(char *buf); |
3088 |
-int skeychallenge(struct skey * mp, char *name, char *ss); |
3089 |
-int skeylookup (struct skey * mp, char *name); |
3090 |
-int skeyverify (struct skey * mp, char *response); |
3091 |
-int skeyzero (struct skey * mp, char *response); |
3092 |
-void sevenbit (char *s); |
3093 |
-void backspace (char *s); |
3094 |
-char *skipspace (char *s); |
3095 |
-char *readpass (char *buf, int n); |
3096 |
-char *readskey (char *buf, int n); |
3097 |
-int skey_authenticate (char *username); |
3098 |
-int skey_passcheck (char *username, char *passwd); |
3099 |
-char *skey_keyinfo (char *username); |
3100 |
-int skey_haskey (char *username); |
3101 |
-int getskeyprompt (struct skey *mp, char *name, char *prompt); |
3102 |
-int atob8 (char *out, char *in); |
3103 |
-int btoa8 (char *out, char *in); |
3104 |
-int htoi (int c); |
3105 |
-const char *skey_get_algorithm (void); |
3106 |
-char *skey_set_algorithm (char *new); |
3107 |
-int skeygetnext (struct skey *mp); |
3108 |
+void f __P ((char *)); |
3109 |
+int keycrunch __P ((char *, const char *, const char *)); |
3110 |
+char *btoe __P ((char *, const char *)); |
3111 |
+char *put8 __P ((char *, const char *)); |
3112 |
+int etob __P ((char *, const char *)); |
3113 |
+void rip __P ((char *)); |
3114 |
+int skeychallenge __P ((struct skey *, const char *, char *, size_t)); |
3115 |
+int skeylookup __P ((struct skey *, const char *)); |
3116 |
+int skeyverify __P ((struct skey *, char *)); |
3117 |
+void sevenbit __P ((char *)); |
3118 |
+void backspace __P ((char *)); |
3119 |
+const char *skipspace __P ((const char *)); |
3120 |
+char *readpass __P ((char *, int)); |
3121 |
+char *readskey __P ((char *, int)); |
3122 |
+int skey_authenticate __P ((const char *)); |
3123 |
+int skey_passcheck __P ((const char *, char *)); |
3124 |
+const char *skey_keyinfo __P ((const char *)); |
3125 |
+int skey_haskey __P ((const char *)); |
3126 |
+int getskeyprompt __P ((struct skey *, char *, char *)); |
3127 |
+int atob8 __P((char *, const char *)); |
3128 |
+int btoa8 __P((char *, const char *)); |
3129 |
+int htoi __P((int)); |
3130 |
+const char *skey_get_algorithm __P((void)); |
3131 |
+const char *skey_set_algorithm __P((const char *)); |
3132 |
+int skeygetnext __P((struct skey *)); |
3133 |
+int skeyzero __P((struct skey *, char *)); |
3134 |
--- skey-1.1.5.orig/skeyinfo.1 2001-05-10 17:10:49.000000000 +0100 |
3135 |
+++ skey-1.1.5/skeyinfo.1 2003-11-06 17:46:45.000000000 +0000 |
3136 |
@@ -1,30 +1,19 @@ |
3137 |
-.\" $OpenBSD: skeyinfo.1,v 1.3 2000/03/11 21:40:02 aaron Exp $ |
3138 |
+.\" $NetBSD: skeyinfo.1,v 1.5 2001/04/09 12:34:44 wiz Exp $ |
3139 |
.\" |
3140 |
-.Dd 22 July 1997 |
3141 |
+.Dd June 9, 1994 |
3142 |
.Dt SKEYINFO 1 |
3143 |
.Os |
3144 |
.Sh NAME |
3145 |
.Nm skeyinfo |
3146 |
.Nd obtain the next S/Key challenge for a user |
3147 |
.Sh SYNOPSIS |
3148 |
-.Nm skeyinfo |
3149 |
-.Op Fl v |
3150 |
+.Nm |
3151 |
.Op Ar user |
3152 |
.Sh DESCRIPTION |
3153 |
.Nm |
3154 |
prints out the next S/Key challenge for the specified user or for the |
3155 |
current user if no user is specified. |
3156 |
-.Pp |
3157 |
-The options are as follows: |
3158 |
-.Bl -tag -width Ds |
3159 |
-.It Fl v |
3160 |
-Print the hash algorithm as well. |
3161 |
-.El |
3162 |
-.Sh EXAMPLES |
3163 |
-% skey -n <number of passwords to print> `skeyinfo` | lpr |
3164 |
-.Pp |
3165 |
-This would print out a list of S/Key passwords for use over |
3166 |
-an untrusted network (perhaps for use at a conference). |
3167 |
.Sh SEE ALSO |
3168 |
.Xr skey 1 , |
3169 |
+.Xr skeyaudit 1 , |
3170 |
.Xr skeyinit 1 |
3171 |
--- skey-1.1.5.orig/skeyinfo.c 2001-05-10 17:10:49.000000000 +0100 |
3172 |
+++ skey-1.1.5/skeyinfo.c 2003-11-06 17:46:45.000000000 +0000 |
3173 |
@@ -1,9 +1,12 @@ |
3174 |
-/* $OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $ */ |
3175 |
+/* $NetBSD: skeyinfo.c,v 1.4 2003/07/23 04:11:50 itojun Exp $ */ |
3176 |
|
3177 |
-/* |
3178 |
- * Copyright (c) 1997 Todd C. Miller <Todd.Miller@×××××××××.com> |
3179 |
+/*- |
3180 |
+ * Copyright (c) 1997 The NetBSD Foundation, Inc. |
3181 |
* All rights reserved. |
3182 |
* |
3183 |
+ * This code is derived from software contributed to The NetBSD Foundation |
3184 |
+ * by Andrew Brown. |
3185 |
+ * |
3186 |
* Redistribution and use in source and binary forms, with or without |
3187 |
* modification, are permitted provided that the following conditions |
3188 |
* are met: |
3189 |
@@ -12,104 +15,79 @@ |
3190 |
* 2. Redistributions in binary form must reproduce the above copyright |
3191 |
* notice, this list of conditions and the following disclaimer in the |
3192 |
* documentation and/or other materials provided with the distribution. |
3193 |
- * 3. The name of the author may not be used to endorse or promote products |
3194 |
- * derived from this software without specific prior written permission. |
3195 |
+ * 3. All advertising materials mentioning features or use of this software |
3196 |
+ * must display the following acknowledgement: |
3197 |
+ * This product includes software developed by the NetBSD |
3198 |
+ * Foundation, Inc. and its contributors. |
3199 |
+ * 4. Neither the name of The NetBSD Foundation nor the names of its |
3200 |
+ * contributors may be used to endorse or promote products derived |
3201 |
+ * from this software without specific prior written permission. |
3202 |
* |
3203 |
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, |
3204 |
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY |
3205 |
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL |
3206 |
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
3207 |
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
3208 |
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
3209 |
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
3210 |
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
3211 |
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
3212 |
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
3213 |
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
3214 |
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
3215 |
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
3216 |
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
3217 |
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
3218 |
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
3219 |
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
3220 |
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
3221 |
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
3222 |
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
3223 |
+ * POSSIBILITY OF SUCH DAMAGE. |
3224 |
*/ |
3225 |
|
3226 |
-/*#include <limits.h>*/ |
3227 |
-#include <pwd.h> |
3228 |
#include <stdio.h> |
3229 |
-#include <stdlib.h> |
3230 |
+#include <pwd.h> |
3231 |
+#include <err.h> |
3232 |
#include <string.h> |
3233 |
#include <unistd.h> |
3234 |
-#include "config.h" |
3235 |
-#include "skey.h" |
3236 |
-/*#include "defines.h"*/ |
3237 |
|
3238 |
-char *__progname; |
3239 |
+#include "skey.h" |
3240 |
|
3241 |
-void usage(void); |
3242 |
+int main __P((int, char *[])); |
3243 |
|
3244 |
-int |
3245 |
-main(argc, argv) |
3246 |
- int argc; |
3247 |
- char **argv; |
3248 |
+int main(int argc, char **argv) |
3249 |
{ |
3250 |
- struct passwd *pw; |
3251 |
- struct skey key; |
3252 |
- char *name = NULL; |
3253 |
- int error, ch, verbose = 0; |
3254 |
- |
3255 |
- __progname=argv[0]; |
3256 |
- |
3257 |
- if (geteuid() != 0) |
3258 |
- errx(1, "must be setuid root"); |
3259 |
- |
3260 |
- while ((ch = getopt(argc, argv, "v")) != -1) |
3261 |
- switch(ch) { |
3262 |
- case 'v': |
3263 |
- verbose = 1; |
3264 |
- break; |
3265 |
- default: |
3266 |
- usage(); |
3267 |
+ struct skey skey; |
3268 |
+ char name[100], prompt[1024]; |
3269 |
+ int uid; |
3270 |
+ struct passwd *pw = NULL; |
3271 |
+ |
3272 |
+ argc--; |
3273 |
+ argv++; |
3274 |
+ |
3275 |
+ if (geteuid()) |
3276 |
+ errx(1, "must be root to read %s", SKEYKEYS); |
3277 |
+ |
3278 |
+ uid = getuid(); |
3279 |
+ |
3280 |
+ if (!argc) |
3281 |
+ pw = getpwuid(uid); |
3282 |
+ else if (!uid) |
3283 |
+ pw = getpwnam(argv[0]); |
3284 |
+ else |
3285 |
+ errx(1, "permission denied to look other users skeys"); |
3286 |
+ |
3287 |
+ if (!pw) { |
3288 |
+ if (argc) |
3289 |
+ errx(1, "%s: no such user", argv[0]); |
3290 |
+ else |
3291 |
+ errx(1, "who are you?"); |
3292 |
} |
3293 |
- argc -= optind; |
3294 |
- argv += optind; |
3295 |
|
3296 |
- if (argc == 1) |
3297 |
- name = argv[0]; |
3298 |
- else if (argc > 1) |
3299 |
- usage(); |
3300 |
- |
3301 |
- if (name && getuid() != 0) |
3302 |
- errx(1, "only root may specify an alternate user"); |
3303 |
- |
3304 |
- if (name) { |
3305 |
- if (strlen(name) > PASS_MAX) |
3306 |
- errx(1, "username too long (%d chars max)", PASS_MAX); |
3307 |
- if ((pw = getpwnam(name)) == NULL) |
3308 |
- errx(1, "no passwd entry for %s", name); |
3309 |
- } else { |
3310 |
- if ((pw = getpwuid(getuid())) == NULL) |
3311 |
- errx(1, "no passwd entry for uid %u", getuid()); |
3312 |
- } |
3313 |
+ strncpy(name, pw->pw_name, sizeof(name)); |
3314 |
|
3315 |
- if ((name = strdup(pw->pw_name)) == NULL) |
3316 |
- err(1, "cannot allocate memory"); |
3317 |
- sevenbit(name); |
3318 |
- |
3319 |
- error = skeylookup(&key, name); |
3320 |
- switch (error) { |
3321 |
- case 0: /* Success! */ |
3322 |
- if (verbose) |
3323 |
- (void)printf("otp-%s ", skey_get_algorithm()); |
3324 |
- (void)printf("%d %s\n", key.n - 1, key.seed); |
3325 |
- break; |
3326 |
- case -1: /* File error */ |
3327 |
- warnx("cannot open %s", SKEYKEYS); |
3328 |
- break; |
3329 |
- case 1: /* Unknown user */ |
3330 |
- warnx("%s is not listed in %s", name, SKEYKEYS); |
3331 |
+ if (getskeyprompt(&skey, name, prompt) == -1) { |
3332 |
+ printf("%s %s no s/key\n", |
3333 |
+ argc ? name : "You", |
3334 |
+ argc ? "has" : "have"); |
3335 |
} |
3336 |
- (void)fclose(key.keyfile); |
3337 |
- |
3338 |
- exit(error); |
3339 |
-} |
3340 |
- |
3341 |
-void |
3342 |
-usage() |
3343 |
-{ |
3344 |
- (void)fprintf(stderr, "Usage: %s [-v] [user]\n", __progname); |
3345 |
- exit(1); |
3346 |
+ else { |
3347 |
+ if (argc) |
3348 |
+ printf("%s's ", pw->pw_name); |
3349 |
+ else |
3350 |
+ printf("Your "); |
3351 |
+ printf("next %s", prompt); |
3352 |
+ } |
3353 |
+ return 0; |
3354 |
} |
3355 |
--- skey-1.1.5.orig/skeyinit.1 2001-05-10 17:10:49.000000000 +0100 |
3356 |
+++ skey-1.1.5/skeyinit.1 2003-11-06 17:46:45.000000000 +0000 |
3357 |
@@ -1,22 +1,18 @@ |
3358 |
-.\" $OpenBSD: skeyinit.1,v 1.19 2000/11/09 17:52:39 aaron Exp $ |
3359 |
-.\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $ |
3360 |
+.\" $NetBSD: skeyinit.1,v 1.11 2001/04/09 12:35:00 wiz Exp $ |
3361 |
.\" @(#)skeyinit.1 1.1 10/28/93 |
3362 |
.\" |
3363 |
-.Dd February 24, 1998 |
3364 |
+.Dd June 7, 2000 |
3365 |
.Dt SKEYINIT 1 |
3366 |
.Os |
3367 |
.Sh NAME |
3368 |
.Nm skeyinit |
3369 |
.Nd change password or add user to S/Key authentication system |
3370 |
.Sh SYNOPSIS |
3371 |
-.Nm skeyinit |
3372 |
+.Nm |
3373 |
+.Op Fl n Ar count |
3374 |
.Op Fl s |
3375 |
+.Op Fl t Ar hash |
3376 |
.Op Fl z |
3377 |
-.Op Fl n Ar count |
3378 |
-.Oo |
3379 |
-.Fl md4 | Fl md5 | Fl sha1 | |
3380 |
-.Fl rmd160 |
3381 |
-.Oc |
3382 |
.Op Ar user |
3383 |
.Sh DESCRIPTION |
3384 |
.Nm |
3385 |
@@ -30,52 +26,17 @@ |
3386 |
.Nm |
3387 |
requires you to type a secret password, so it should be used |
3388 |
only on a secure terminal. |
3389 |
-For example, on the console of a |
3390 |
-workstation or over an encrypted network session. |
3391 |
-If you are using |
3392 |
-.Nm |
3393 |
-while logged in over an untrusted network, follow the instructions |
3394 |
-given below with the |
3395 |
-.Fl s |
3396 |
-option. |
3397 |
-.Pp |
3398 |
-Before initializing an S/Key entry, the user must authenticate |
3399 |
-using either a standard password or an S/Key challenge. |
3400 |
-When used over an untrusted network, a password of |
3401 |
-.Sq s/key |
3402 |
-should be used. |
3403 |
-The user will then be presented with the standard |
3404 |
-S/Key challenge and allowed to proceed if it is correct. |
3405 |
-.Pp |
3406 |
-The options are as follows: |
3407 |
+.Sh OPTIONS |
3408 |
.Bl -tag -width Ds |
3409 |
-.It Fl x |
3410 |
-Displays pass phrase in hexadecimal instead of ASCII. |
3411 |
.It Fl s |
3412 |
-Set secure mode where the user is expected to have used a secure |
3413 |
-machine to generate the first one-time password. |
3414 |
-Without the |
3415 |
-.Fl s |
3416 |
-option the system will assume you are directly connected over secure |
3417 |
-communications and prompt you for your secret password. |
3418 |
-The |
3419 |
-.Fl s |
3420 |
-option also allows one to set the seed and count for complete |
3421 |
-control of the parameters. |
3422 |
-You can use |
3423 |
-.Ic skeyinit -s |
3424 |
-in combination with the |
3425 |
-.Nm skey |
3426 |
-command to set the seed and count if you do not like the defaults. |
3427 |
-To do this run |
3428 |
-.Nm |
3429 |
-in one window and put in your count and seed, then run |
3430 |
-.Nm skey |
3431 |
-in another window to generate the correct 6 English words for that |
3432 |
-count and seed. |
3433 |
-You can then "cut-and-paste" or type the words into the |
3434 |
-.Nm |
3435 |
-window. |
3436 |
+allows the user to set the seed and count for complete control |
3437 |
+of the parameters. |
3438 |
+To do this run skeyinit in one window and put in your count and seed; |
3439 |
+then run |
3440 |
+.Xr skey 1 |
3441 |
+in another window to generate the correct 6 english words |
3442 |
+for that count and seed. |
3443 |
+You can then "cut-and-paste" or type the words into the skeyinit window. |
3444 |
.It Fl z |
3445 |
Allows the user to zero their S/Key entry. |
3446 |
.It Fl n Ar count |
3447 |
@@ -84,30 +45,22 @@ |
3448 |
sequence at |
3449 |
.Ar count |
3450 |
(default is 100). |
3451 |
-.It Fl md4 |
3452 |
-Selects MD4 as the hash algorithm. |
3453 |
-.It Fl md5 |
3454 |
-Selects MD5 as the hash algorithm. |
3455 |
-.It Fl sha1 |
3456 |
-Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm. |
3457 |
-.It Fl rmd160 |
3458 |
-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm. |
3459 |
+.It Fl t Ar hash |
3460 |
+Selects the hash algorithm to use. |
3461 |
+Available choices are md4 (the default), md5 or sha1. |
3462 |
.It Ar user |
3463 |
The username to be changed/added. |
3464 |
-By default the current user is operated on. |
3465 |
+By default the current user is operated on, only root may |
3466 |
+change other user's entries. |
3467 |
.El |
3468 |
-.Sh ERRORS |
3469 |
-.Bl -tag -width "skey disabled" |
3470 |
-.It skey disabled |
3471 |
-.Pa /etc/skeykeys |
3472 |
-does not exist. |
3473 |
-It must be created by the superuser in order to use |
3474 |
-.Nm skeyinit . |
3475 |
.Sh FILES |
3476 |
-.Bl -tag -width /etc/skeykeys |
3477 |
-.It Pa /etc/skeykeys |
3478 |
-database of information for S/Key system |
3479 |
+.Bl -tag -width /etc/skey/skeykeys |
3480 |
+.It Pa /etc/skey/skeykeys |
3481 |
+data base of information for S/Key system. |
3482 |
+.El |
3483 |
.Sh SEE ALSO |
3484 |
-.Xr skey 1 |
3485 |
+.Xr skey 1 , |
3486 |
+.Xr skeyaudit 1 , |
3487 |
+.Xr skeyinfo 1 |
3488 |
.Sh AUTHORS |
3489 |
Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin |
3490 |
--- skey-1.1.5.orig/skeyinit.c 2001-05-10 17:10:49.000000000 +0100 |
3491 |
+++ skey-1.1.5/skeyinit.c 2003-11-06 17:46:45.000000000 +0000 |
3492 |
@@ -43,6 +43,18 @@ |
3493 |
|
3494 |
#include <netdb.h> |
3495 |
|
3496 |
+#ifdef HAVE_SHADOW_H |
3497 |
+#include <shadow.h> |
3498 |
+#endif |
3499 |
+ |
3500 |
+#ifdef HAVE_CRACK_H |
3501 |
+#include <crack.h> |
3502 |
+#ifndef CRACKLIB_DICTPATH |
3503 |
+#define CRACKLIB_DICTPATH "/usr/lib/cracklib_dict" |
3504 |
+#endif |
3505 |
+#endif |
3506 |
+ |
3507 |
+#include "err.h" |
3508 |
#include "skey.h" |
3509 |
|
3510 |
|
3511 |
@@ -50,62 +62,80 @@ |
3512 |
#define SKEY_NAMELEN 4 |
3513 |
#endif |
3514 |
|
3515 |
-void usage __P((char *)); |
3516 |
+int main __P((int, char **)); |
3517 |
|
3518 |
-int |
3519 |
-main(argc, argv) |
3520 |
- int argc; |
3521 |
- char *argv[]; |
3522 |
+int main(int argc, char **argv) |
3523 |
{ |
3524 |
- int rval, nn, i, l, n=0, defaultsetup=1, zerokey=0, hexmode=0; |
3525 |
+ int rval, nn, i, l, n=0, defaultsetup=1, c, zerokey=0, hexmode=0; |
3526 |
time_t now; |
3527 |
- struct utmp old_ut; |
3528 |
- |
3529 |
-#ifndef UT_LINESIZE |
3530 |
-# define UT_LINESIZE (sizeof(old_ut.ut_line)) |
3531 |
-# define UT_NAMESIZE (sizeof(old_ut.ut_name)) |
3532 |
-# define UT_HOSTSIZE (sizeof(old_ut.ut_host)) |
3533 |
-# endif |
3534 |
- |
3535 |
- char hostname[MAXHOSTNAMELEN]; |
3536 |
+ char hostname[MAXHOSTNAMELEN+1]; |
3537 |
+ char seed[SKEY_MAX_PW_LEN+2], key[SKEY_BINKEY_SIZE]; |
3538 |
+ char defaultseed[SKEY_MAX_SEED_LEN+1]; |
3539 |
char passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2]; |
3540 |
- char seed[SKEY_MAX_SEED_LEN+2], defaultseed[SKEY_MAX_SEED_LEN+1]; |
3541 |
- char tbuf[27], buf[80], key[SKEY_BINKEY_SIZE]; |
3542 |
- char lastc, me[UT_NAMESIZE+1], *salt, *p, *pw, *ht=NULL; |
3543 |
- struct skey skey; |
3544 |
- struct passwd *pp; |
3545 |
- struct tm *tm; |
3546 |
+ char tbuf[27], buf[80]; |
3547 |
+ char lastc, me[LOGIN_NAME_MAX+1], *p, *pw, *ht=NULL, *msg; |
3548 |
+ const char *salt; |
3549 |
+ struct skey skey; |
3550 |
+ struct passwd *pp; |
3551 |
+ struct tm *tm; |
3552 |
+#ifdef HAVE_SHADOW_H |
3553 |
+ struct spwd *sp; |
3554 |
+#endif |
3555 |
+ |
3556 |
+ i = open(_PATH_DEVNULL, O_RDWR); |
3557 |
+ while (i >= 0 && i < 2) |
3558 |
+ i = dup(i); |
3559 |
+ if (i > 2) |
3560 |
+ close(i); |
3561 |
|
3562 |
if (geteuid() != 0) |
3563 |
errx(1, "must be setuid root."); |
3564 |
|
3565 |
if (gethostname(hostname, sizeof(hostname)) < 0) |
3566 |
- err(1, "gethostname"); |
3567 |
- for (i = 0, p = defaultseed; hostname[i] && i < SKEY_NAMELEN; i++) { |
3568 |
- if (isalpha(hostname[i])) { |
3569 |
- if (isupper(hostname[i])) |
3570 |
- hostname[i] = tolower(hostname[i]); |
3571 |
- *p++ = hostname[i]; |
3572 |
- } else if (isdigit(hostname[i])) |
3573 |
- *p++ = hostname[i]; |
3574 |
+ err(1, "gethostname() error"); |
3575 |
+ |
3576 |
+ for (i = 0, l = 0; l < sizeof(defaultseed); i++) { |
3577 |
+ if (hostname[i] == '\0') { |
3578 |
+ defaultseed[l] = hostname[i]; |
3579 |
+ break; |
3580 |
+ } |
3581 |
+ if (isalnum(hostname[i])) |
3582 |
+ defaultseed[l++] = hostname[i]; |
3583 |
} |
3584 |
- *p = '\0'; |
3585 |
- (void)time(&now); |
3586 |
- (void)sprintf(tbuf, "%05ld", (long) (now % 100000)); |
3587 |
- (void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5); |
3588 |
+ |
3589 |
+ defaultseed[SKEY_NAMELEN] = '\0'; |
3590 |
+ time(&now); |
3591 |
+ snprintf(tbuf, sizeof(tbuf), "%05ld", (long) (now % 100000)); |
3592 |
+ strncat(defaultseed, tbuf, sizeof(defaultseed)); |
3593 |
|
3594 |
if ((pp = getpwuid(getuid())) == NULL) |
3595 |
- err(1, "no user with uid %d", getuid()); |
3596 |
- (void)strcpy(me, pp->pw_name); |
3597 |
+ err(1, "no user with uid %ld", (u_long)getuid()); |
3598 |
+ strncpy(me, pp->pw_name, sizeof(me)); |
3599 |
|
3600 |
if ((pp = getpwnam(me)) == NULL) |
3601 |
- err(1, "Who are you?"); |
3602 |
+ err(1, "getpwnam() returned NULL, Who are you?"); |
3603 |
+#ifdef HAVE_SHADOW_H |
3604 |
+ /* hacking in shadow support... */ |
3605 |
+ else if (strcmp(pp->pw_passwd, "x") == 0) { |
3606 |
+ if ((sp = getspnam(me)) == NULL) |
3607 |
+ err(1, "Unable to verify Password"); |
3608 |
+ pp->pw_passwd = sp->sp_pwdp; |
3609 |
+ } |
3610 |
+#endif |
3611 |
salt = pp->pw_passwd; |
3612 |
|
3613 |
- for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) { |
3614 |
- if (argv[i][2] == '\0') { |
3615 |
- /* Single character switch */ |
3616 |
- switch (argv[i][1]) { |
3617 |
+ while((c = getopt(argc, argv, "n:t:sxz")) != -1) { |
3618 |
+ switch(c) { |
3619 |
+ case 'n': |
3620 |
+ n = atoi(optarg); |
3621 |
+ if (n < 1 || n > SKEY_MAX_SEQ) |
3622 |
+ errx(1, "count must be between 1 and %d", SKEY_MAX_SEQ); |
3623 |
+ break; |
3624 |
+ case 't': |
3625 |
+ if(skey_set_algorithm(optarg) == NULL) |
3626 |
+ errx(1, "Unknown hash algorithm %s", optarg); |
3627 |
+ ht = optarg; |
3628 |
+ break; |
3629 |
case 's': |
3630 |
defaultsetup = 0; |
3631 |
break; |
3632 |
@@ -115,105 +145,51 @@ |
3633 |
case 'z': |
3634 |
zerokey = 1; |
3635 |
break; |
3636 |
- case 'n': |
3637 |
- if (argv[++i] == NULL || argv[i][0] == '\0') |
3638 |
- usage(argv[0]); |
3639 |
- if ((n = atoi(argv[i])) < 1 || n >= SKEY_MAX_SEQ) |
3640 |
- errx(1, "count must be > 0 and < %d", |
3641 |
- SKEY_MAX_SEQ); |
3642 |
- break; |
3643 |
default: |
3644 |
- usage(argv[0]); |
3645 |
- } |
3646 |
- } else { |
3647 |
- /* Multi character switches are hash types */ |
3648 |
- if ((ht = skey_set_algorithm(&argv[i][1])) == NULL) { |
3649 |
- warnx("Unknown hash algorithm %s", &argv[i][1]); |
3650 |
- usage(argv[0]); |
3651 |
+ errx(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [user]", argv[0]); |
3652 |
} |
3653 |
} |
3654 |
- i++; |
3655 |
- } |
3656 |
+ |
3657 |
+ if (argc > optind) { |
3658 |
+ pp = getpwnam(argv[optind]); |
3659 |
+ if (pp == NULL) |
3660 |
+ errx(1, "User %s unknown", argv[optind]); |
3661 |
+ } |
3662 |
|
3663 |
- /* check for optional user string */ |
3664 |
- if (argc - i > 1) { |
3665 |
- usage(argv[0]); |
3666 |
- } else if (argv[i]) { |
3667 |
- if ((pp = getpwnam(argv[i])) == NULL) { |
3668 |
- if (getuid() == 0) { |
3669 |
- static struct passwd _pp; |
3670 |
- |
3671 |
- _pp.pw_name = argv[i]; |
3672 |
- pp = &_pp; |
3673 |
- warnx("Warning, user unknown: %s", argv[i]); |
3674 |
- } else { |
3675 |
- errx(1, "User unknown: %s", argv[i]); |
3676 |
- } |
3677 |
- } else if (strcmp(pp->pw_name, me) != 0) { |
3678 |
+ if (strcmp(pp->pw_name, me) != 0) { |
3679 |
if (getuid() != 0) { |
3680 |
/* Only root can change other's passwds */ |
3681 |
errx(1, "Permission denied."); |
3682 |
} |
3683 |
} |
3684 |
- } |
3685 |
|
3686 |
if (getuid() != 0) { |
3687 |
- pw = getpass("Password (or `s/key'):"); |
3688 |
- if (strcasecmp(pw, "s/key") == 0) { |
3689 |
- if (skey_haskey(me)) |
3690 |
- exit(1); |
3691 |
- if (skey_authenticate(me)) |
3692 |
- errx(1, "Password incorrect."); |
3693 |
- } else { |
3694 |
- p = crypt(pw, salt); |
3695 |
- if (strcmp(p, pp->pw_passwd)) |
3696 |
- errx(1, "Password incorrect."); |
3697 |
- } |
3698 |
+ pw = getpass("Password: "); |
3699 |
+ p = crypt(pw, salt); |
3700 |
+ if (strcmp(p, pp->pw_passwd)) |
3701 |
+ errx(1, "Password incorrect."); |
3702 |
} |
3703 |
|
3704 |
rval = skeylookup(&skey, pp->pw_name); |
3705 |
switch (rval) { |
3706 |
case -1: |
3707 |
- if (errno == ENOENT) |
3708 |
- errx(1, "S/Key disabled"); |
3709 |
- else |
3710 |
- err(1, "cannot open database"); |
3711 |
- break; |
3712 |
+ err(1, "cannot open database"); |
3713 |
case 0: |
3714 |
- /* comment out user if asked to */ |
3715 |
if (zerokey) |
3716 |
- exit(skeyzero(&skey, pp->pw_name)); |
3717 |
+ exit (skeyzero(&skey, pp->pw_name)); |
3718 |
+ printf("[Updating %s]\n", pp->pw_name); |
3719 |
+ printf("Old key: [%s] %s\n", skey_get_algorithm(), skey.seed); |
3720 |
|
3721 |
- (void)printf("[Updating %s]\n", pp->pw_name); |
3722 |
- (void)printf("Old key: [%s] %s\n", skey_get_algorithm(), |
3723 |
- skey.seed); |
3724 |
- |
3725 |
- /* |
3726 |
- * Sanity check old seed. |
3727 |
- */ |
3728 |
l = strlen(skey.seed); |
3729 |
- for (p = skey.seed; *p; p++) { |
3730 |
- if (isalpha(*p)) { |
3731 |
- if (isupper(*p)) |
3732 |
- *p = tolower(*p); |
3733 |
- } else if (!isdigit(*p)) { |
3734 |
- memmove(p, p + 1, l - (p - skey.seed)); |
3735 |
- l--; |
3736 |
- } |
3737 |
- } |
3738 |
- |
3739 |
- /* |
3740 |
- * Let's be nice if they have an skey.seed that |
3741 |
- * ends in 0-8 just add one |
3742 |
- */ |
3743 |
if (l > 0) { |
3744 |
lastc = skey.seed[l - 1]; |
3745 |
- if (isdigit(lastc) && lastc != '9') { |
3746 |
- (void)strcpy(defaultseed, skey.seed); |
3747 |
+ if (isdigit((unsigned char)lastc) && lastc != '9') { |
3748 |
+ strncpy(defaultseed, skey.seed, sizeof(defaultseed)); |
3749 |
defaultseed[l - 1] = lastc + 1; |
3750 |
} |
3751 |
- if (isdigit(lastc) && lastc == '9' && l < 16) { |
3752 |
- (void)strcpy(defaultseed, skey.seed); |
3753 |
+ if (isdigit((unsigned char)lastc) && lastc == '9' && |
3754 |
+ l < 16) { |
3755 |
+ strncpy(defaultseed, skey.seed, sizeof(defaultseed)); |
3756 |
defaultseed[l - 1] = '0'; |
3757 |
defaultseed[l] = '0'; |
3758 |
defaultseed[l + 1] = '\0'; |
3759 |
@@ -223,7 +199,7 @@ |
3760 |
case 1: |
3761 |
if (zerokey) |
3762 |
errx(1, "You have no entry to zero."); |
3763 |
- (void)printf("[Adding %s]\n", pp->pw_name); |
3764 |
+ printf("[Adding %s]\n", pp->pw_name); |
3765 |
break; |
3766 |
} |
3767 |
if (n == 0) |
3768 |
@@ -237,37 +213,33 @@ |
3769 |
} |
3770 |
|
3771 |
if (!defaultsetup) { |
3772 |
- (void)printf("You need the 6 english words generated from the \"skey\" command.\n"); |
3773 |
+ printf("You need the 6 english words generated from the \"skey\" command.\n"); |
3774 |
for (i = 0; ; i++) { |
3775 |
if (i >= 2) |
3776 |
exit(1); |
3777 |
|
3778 |
- (void)printf("Enter sequence count from 1 to %d: ", |
3779 |
- SKEY_MAX_SEQ); |
3780 |
- (void)fgets(buf, sizeof(buf), stdin); |
3781 |
+ printf("Enter sequence count from 1 to %d: ", SKEY_MAX_SEQ); |
3782 |
+ fgets(buf, sizeof(buf), stdin); |
3783 |
n = atoi(buf); |
3784 |
if (n > 0 && n < SKEY_MAX_SEQ) |
3785 |
break; /* Valid range */ |
3786 |
- (void)printf("Error: Count must be > 0 and < %d\n", |
3787 |
- SKEY_MAX_SEQ); |
3788 |
+ printf("\nError: Count must be between 0 and %d\n", SKEY_MAX_SEQ); |
3789 |
} |
3790 |
|
3791 |
for (i = 0;; i++) { |
3792 |
if (i >= 2) |
3793 |
exit(1); |
3794 |
|
3795 |
- (void)printf("Enter new key [default %s]: ", |
3796 |
- defaultseed); |
3797 |
- (void)fgets(seed, sizeof(seed), stdin); |
3798 |
+ printf("Enter new seed [default %s]: ", defaultseed); |
3799 |
+ fflush(stdout); |
3800 |
+ fgets(seed, sizeof(seed), stdin); |
3801 |
rip(seed); |
3802 |
- if (seed[0] == '\0') |
3803 |
- (void)strcpy(seed, defaultseed); |
3804 |
for (p = seed; *p; p++) { |
3805 |
if (isalpha(*p)) { |
3806 |
if (isupper(*p)) |
3807 |
*p = tolower(*p); |
3808 |
} else if (!isdigit(*p)) { |
3809 |
- (void)puts("Error: seed may only contain alpha numeric characters"); |
3810 |
+ puts("Error: seed may only contain alpha numeric characters"); |
3811 |
break; |
3812 |
} |
3813 |
} |
3814 |
@@ -275,66 +247,75 @@ |
3815 |
break; /* Valid seed */ |
3816 |
} |
3817 |
if (strlen(seed) > SKEY_MAX_SEED_LEN) { |
3818 |
- (void)printf("Notice: Seed truncated to %d characters.\n", |
3819 |
- SKEY_MAX_SEED_LEN); |
3820 |
+ printf("Notice: Seed truncated to %d characters.\n", SKEY_MAX_SEED_LEN); |
3821 |
seed[SKEY_MAX_SEED_LEN] = '\0'; |
3822 |
} |
3823 |
+ if (seed[0] == '\0') |
3824 |
+ strncpy(seed, defaultseed, sizeof(seed)); |
3825 |
|
3826 |
for (i = 0;; i++) { |
3827 |
if (i >= 2) |
3828 |
exit(1); |
3829 |
|
3830 |
- (void)printf("otp-%s %d %s\nS/Key access password: ", |
3831 |
+ printf("otp-%s %d %s\ns/key access password: ", |
3832 |
skey_get_algorithm(), n, seed); |
3833 |
- (void)fgets(buf, sizeof(buf), stdin); |
3834 |
+ fgets(buf, sizeof(buf), stdin); |
3835 |
rip(buf); |
3836 |
backspace(buf); |
3837 |
|
3838 |
if (buf[0] == '?') { |
3839 |
- (void)puts("Enter 6 English words from secure S/Key calculation."); |
3840 |
+ puts("Enter 6 English words from secure s/key calculation."); |
3841 |
continue; |
3842 |
} else if (buf[0] == '\0') |
3843 |
exit(1); |
3844 |
if (etob(key, buf) == 1 || atob8(key, buf) == 0) |
3845 |
break; /* Valid format */ |
3846 |
- (void)puts("Invalid format - try again with 6 English words."); |
3847 |
+ puts("Invalid format - try again with 6 English words."); |
3848 |
} |
3849 |
} else { |
3850 |
/* Get user's secret password */ |
3851 |
- fputs("Reminder - Only use this method if you are directly connected\n or have an encrypted channel. If you are using telnet\n or rlogin, exit with no password and use skeyinit -s.\n", stderr); |
3852 |
+ puts("Reminder - Only use this method if you are directly connected\n" |
3853 |
+ "or have an encrypted channel. If you are using telnet\n" |
3854 |
+ "or rlogin, exit with no password and use skeyinit -s.\n"); |
3855 |
|
3856 |
for (i = 0;; i++) { |
3857 |
- if (i > 2) |
3858 |
+ if (i >= 3) |
3859 |
exit(1); |
3860 |
|
3861 |
- (void)fputs("Enter secret password: ", stderr); |
3862 |
+ printf("Enter secret password: "); |
3863 |
readpass(passwd, sizeof(passwd)); |
3864 |
if (passwd[0] == '\0') |
3865 |
exit(1); |
3866 |
|
3867 |
if (strlen(passwd) < SKEY_MIN_PW_LEN) { |
3868 |
- (void)fprintf(stderr, |
3869 |
- "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN); |
3870 |
+ fprintf(stderr, |
3871 |
+ "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN); |
3872 |
continue; |
3873 |
} else if (strcmp(passwd, pp->pw_name) == 0) { |
3874 |
- (void)fputs("Your password may not be the same as your user name.\n", stderr); |
3875 |
- continue; |
3876 |
- } else if (strspn(passwd, "abcdefghijklmnopqrstuvwxyz") == strlen(passwd)) { |
3877 |
- (void)fputs("Your password must contain more than just lower case letters.\nWhitespace, numbers, and puctuation are suggested.\n", stderr); |
3878 |
+ fputs("Your password may not be the same as your user name.\n", stderr); |
3879 |
continue; |
3880 |
+ } |
3881 |
+#ifdef HAVE_CRACK_H |
3882 |
+ if (msg = (char *) FascistCheck(passwd, CRACKLIB_DICTPATH)) { |
3883 |
+ warnx("Warning: %s", msg); |
3884 |
+ /* if (!i) */ /* reject passwords cracklib doesnt like the first time its entered... */ |
3885 |
+ /* continue; */ |
3886 |
} |
3887 |
+#endif |
3888 |
|
3889 |
- (void)fputs("Again secret password: ", stderr); |
3890 |
+ printf("Again secret password: "); |
3891 |
readpass(passwd2, sizeof(passwd)); |
3892 |
+ if (passwd2[0] == '\0') |
3893 |
+ exit(1); |
3894 |
|
3895 |
if (strcmp(passwd, passwd2) == 0) |
3896 |
break; |
3897 |
|
3898 |
- (void)fputs("Passwords do not match.\n", stderr); |
3899 |
+ puts("Passwords do not match."); |
3900 |
} |
3901 |
|
3902 |
/* Crunch seed and password into starting key */ |
3903 |
- (void)strcpy(seed, defaultseed); |
3904 |
+ strncpy(seed, defaultseed, sizeof(seed)); |
3905 |
if (keycrunch(key, seed, passwd) != 0) |
3906 |
err(2, "key crunch failed"); |
3907 |
|
3908 |
@@ -342,16 +323,16 @@ |
3909 |
while (nn-- != 0) |
3910 |
f(key); |
3911 |
} |
3912 |
- (void)time(&now); |
3913 |
+ time(&now); |
3914 |
tm = localtime(&now); |
3915 |
- (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); |
3916 |
+ strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); |
3917 |
|
3918 |
if ((skey.val = (char *)malloc(16 + 1)) == NULL) |
3919 |
err(1, "Can't allocate memory"); |
3920 |
|
3921 |
- /* Zero out old key if necesary (entry would change size) */ |
3922 |
+ /* Zero out old key if necessary (entry would change size) */ |
3923 |
if (zerokey) { |
3924 |
- (void)skeyzero(&skey, pp->pw_name); |
3925 |
+ skeyzero(&skey, pp->pw_name); |
3926 |
/* Re-open keys file and seek to the end */ |
3927 |
if (skeylookup(&skey, pp->pw_name) == -1) |
3928 |
err(1, "cannot open database"); |
3929 |
@@ -376,26 +357,17 @@ |
3930 |
|
3931 |
/* Don't save algorithm type for md4 (keep record length same) */ |
3932 |
if (strcmp(skey_get_algorithm(), "md4") == 0) |
3933 |
- (void)fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", |
3934 |
+ fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", |
3935 |
pp->pw_name, n, seed, skey.val, tbuf); |
3936 |
else |
3937 |
- (void)fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n", |
3938 |
+ fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n", |
3939 |
pp->pw_name, skey_get_algorithm(), n, seed, skey.val, tbuf); |
3940 |
|
3941 |
- (void)fclose(skey.keyfile); |
3942 |
+ fclose(skey.keyfile); |
3943 |
|
3944 |
- (void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name, |
3945 |
+ printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name, |
3946 |
skey_get_algorithm(), n, seed); |
3947 |
- (void)printf("Next login password: %s\n\n", |
3948 |
+ printf("Next login password: %s\n\n", |
3949 |
hexmode ? put8(buf, key) : btoe(buf, key)); |
3950 |
- exit(0); |
3951 |
-} |
3952 |
- |
3953 |
-void |
3954 |
-usage(s) |
3955 |
- char *s; |
3956 |
-{ |
3957 |
- (void)fprintf(stderr, |
3958 |
- "Usage: %s [-s] [-x] [-z] [-n count] [-md4|-md5|-sha1|-rmd160] [user]\n", s); |
3959 |
- exit(1); |
3960 |
+ return 0; |
3961 |
} |
3962 |
--- skey-1.1.5.orig/skeylogin.c 2001-05-10 17:10:49.000000000 +0100 |
3963 |
+++ skey-1.1.5/skeylogin.c 2003-11-06 17:46:45.000000000 +0000 |
3964 |
@@ -20,6 +20,7 @@ |
3965 |
#include <sys/quota.h> |
3966 |
#endif |
3967 |
#include <sys/stat.h> |
3968 |
+#include <sys/file.h> |
3969 |
#include <sys/time.h> |
3970 |
#include <sys/resource.h> |
3971 |
#include <sys/types.h> |
3972 |
@@ -32,6 +33,7 @@ |
3973 |
#include <string.h> |
3974 |
#include <time.h> |
3975 |
#include <unistd.h> |
3976 |
+#include <grp.h> |
3977 |
|
3978 |
#include "config.h" |
3979 |
|
3980 |
@@ -45,73 +47,85 @@ |
3981 |
#include "sha1.h" |
3982 |
#endif |
3983 |
|
3984 |
+#include "err.h" |
3985 |
#include "skey.h" |
3986 |
|
3987 |
-char *skipspace __P((char *)); |
3988 |
-int skeylookup __P((struct skey *, char *)); |
3989 |
+#define OTP_FMT "otp-%.*s %d %.*s" |
3990 |
|
3991 |
/* Issue a skey challenge for user 'name'. If successful, |
3992 |
- * fill in the caller's skey structure and return(0). If unsuccessful |
3993 |
- * (e.g., if name is unknown) return(-1). |
3994 |
+ * fill in the caller's skey structure and return 0. If unsuccessful |
3995 |
+ * (e.g., if name is unknown) return -1. |
3996 |
* |
3997 |
* The file read/write pointer is left at the start of the |
3998 |
* record. |
3999 |
*/ |
4000 |
-int |
4001 |
-getskeyprompt(mp, name, prompt) |
4002 |
- struct skey *mp; |
4003 |
- char *name; |
4004 |
- char *prompt; |
4005 |
+int getskeyprompt(struct skey *mp, char *name, char *prompt) |
4006 |
{ |
4007 |
int rval; |
4008 |
|
4009 |
sevenbit(name); |
4010 |
rval = skeylookup(mp, name); |
4011 |
- (void)strcpy(prompt, "otp-md0 55 latour1\n"); |
4012 |
+ |
4013 |
+ *prompt = '\0'; |
4014 |
switch (rval) { |
4015 |
- case -1: /* File error */ |
4016 |
- return(-1); |
4017 |
- case 0: /* Lookup succeeded, return challenge */ |
4018 |
- (void)sprintf(prompt, "otp-%.*s %d %.*s\n", |
4019 |
- SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(), |
4020 |
+ case -1: /* File error */ |
4021 |
+ return -1; |
4022 |
+ case 0: /* Lookup succeeded, return challenge */ |
4023 |
+ sprintf(prompt, OTP_FMT "\n", |
4024 |
+ SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(), |
4025 |
mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed); |
4026 |
- return(0); |
4027 |
- case 1: /* User not found */ |
4028 |
- (void)fclose(mp->keyfile); |
4029 |
- return(-1); |
4030 |
+ return 0; |
4031 |
+ case 1: /* User not found */ |
4032 |
+ fclose(mp->keyfile); |
4033 |
+ mp->keyfile = NULL; |
4034 |
+ return -1; |
4035 |
} |
4036 |
- return(-1); /* Can't happen */ |
4037 |
+ return -1; /* Can't happen, never ever ever. ever. I'm serious. */ |
4038 |
} |
4039 |
|
4040 |
/* Return a skey challenge string for user 'name'. If successful, |
4041 |
- * fill in the caller's skey structure and return(0). If unsuccessful |
4042 |
- * (e.g., if name is unknown) return(-1). |
4043 |
+ * fill in the caller's skey structure and return 0. If unsuccessful |
4044 |
+ * (e.g., if name is unknown) return -1. |
4045 |
* |
4046 |
* The file read/write pointer is left at the start of the |
4047 |
* record. |
4048 |
*/ |
4049 |
-int |
4050 |
-skeychallenge(mp, name, ss) |
4051 |
- struct skey *mp; |
4052 |
- char *name; |
4053 |
- char *ss; |
4054 |
+int skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen) |
4055 |
{ |
4056 |
int rval; |
4057 |
|
4058 |
rval = skeylookup(mp,name); |
4059 |
+ *ss = '\0'; |
4060 |
switch(rval){ |
4061 |
- case -1: /* File error */ |
4062 |
- return(-1); |
4063 |
- case 0: /* Lookup succeeded, issue challenge */ |
4064 |
- (void)sprintf(ss, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN, |
4065 |
+ case -1: /* File error */ |
4066 |
+ return -1; |
4067 |
+ case 0: /* Lookup succeeded, issue challenge */ |
4068 |
+ snprintf(ss, sslen, OTP_FMT, SKEY_MAX_HASHNAME_LEN, |
4069 |
skey_get_algorithm(), mp->n - 1, |
4070 |
SKEY_MAX_SEED_LEN, mp->seed); |
4071 |
- return(0); |
4072 |
- case 1: /* User not found */ |
4073 |
- (void)fclose(mp->keyfile); |
4074 |
- return(-1); |
4075 |
+ return 0; |
4076 |
+ case 1: /* User not found */ |
4077 |
+ fclose(mp->keyfile); |
4078 |
+ mp->keyfile = NULL; |
4079 |
+ return -1; |
4080 |
+ } |
4081 |
+ return -1; /* Can't happen - or your money back */ |
4082 |
+} |
4083 |
+ |
4084 |
+static FILE *openskey(void) |
4085 |
+{ |
4086 |
+ struct stat statbuf; |
4087 |
+ FILE *keyfile = NULL; |
4088 |
+ |
4089 |
+ if (stat(SKEYKEYS, &statbuf) == 0 && |
4090 |
+ (keyfile = fopen(SKEYKEYS, "r+"))) { |
4091 |
+ if ((statbuf.st_mode & 0007777) != 0600) |
4092 |
+ fchmod(fileno(keyfile), 0600); |
4093 |
+ } else { |
4094 |
+ keyfile = NULL; |
4095 |
} |
4096 |
- return(-1); /* Can't happen */ |
4097 |
+ |
4098 |
+ return keyfile; |
4099 |
} |
4100 |
|
4101 |
/* Find an entry in the One-time Password database. |
4102 |
@@ -120,27 +134,19 @@ |
4103 |
* 0: entry found, file R/W pointer positioned at beginning of record |
4104 |
* 1: entry not found, file R/W pointer positioned at EOF |
4105 |
*/ |
4106 |
-int |
4107 |
-skeylookup(mp, name) |
4108 |
- struct skey *mp; |
4109 |
- char *name; |
4110 |
+int skeylookup(struct skey *mp, const char *name) |
4111 |
{ |
4112 |
int found = 0; |
4113 |
long recstart = 0; |
4114 |
- char *cp, *ht = NULL; |
4115 |
- struct stat statbuf; |
4116 |
- |
4117 |
- /* Open SKEYKEYS if it exists, else return an error */ |
4118 |
- if (stat(SKEYKEYS, &statbuf) == 0 && |
4119 |
- (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) { |
4120 |
- if ((statbuf.st_mode & 0007777) != 0600) |
4121 |
- fchmod(fileno(mp->keyfile), 0600); |
4122 |
- } else { |
4123 |
- return(-1); |
4124 |
- } |
4125 |
+ const char *ht = NULL; |
4126 |
+ char *last; |
4127 |
|
4128 |
+ if(!(mp->keyfile = openskey())) |
4129 |
+ return -1; |
4130 |
+ |
4131 |
/* Look up user name in database */ |
4132 |
while (!feof(mp->keyfile)) { |
4133 |
+ char *cp; |
4134 |
recstart = ftell(mp->keyfile); |
4135 |
mp->recstart = recstart; |
4136 |
if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) |
4137 |
@@ -148,22 +154,22 @@ |
4138 |
rip(mp->buf); |
4139 |
if (mp->buf[0] == '#') |
4140 |
continue; /* Comment */ |
4141 |
- if ((mp->logname = strtok(mp->buf, " \t")) == NULL) |
4142 |
+ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL) |
4143 |
continue; |
4144 |
- if ((cp = strtok(NULL, " \t")) == NULL) |
4145 |
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) |
4146 |
continue; |
4147 |
/* Save hash type if specified, else use md4 */ |
4148 |
- if (isalpha(*cp)) { |
4149 |
+ if (isalpha((u_char) *cp)) { |
4150 |
ht = cp; |
4151 |
- if ((cp = strtok(NULL, " \t")) == NULL) |
4152 |
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) |
4153 |
continue; |
4154 |
} else { |
4155 |
ht = "md4"; |
4156 |
} |
4157 |
mp->n = atoi(cp); |
4158 |
- if ((mp->seed = strtok(NULL, " \t")) == NULL) |
4159 |
+ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL) |
4160 |
continue; |
4161 |
- if ((mp->val = strtok(NULL, " \t")) == NULL) |
4162 |
+ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL) |
4163 |
continue; |
4164 |
if (strcmp(mp->logname, name) == 0) { |
4165 |
found = 1; |
4166 |
@@ -171,7 +177,7 @@ |
4167 |
} |
4168 |
} |
4169 |
if (found) { |
4170 |
- (void)fseek(mp->keyfile, recstart, SEEK_SET); |
4171 |
+ fseek(mp->keyfile, recstart, SEEK_SET); |
4172 |
/* Set hash type */ |
4173 |
if (ht && skey_set_algorithm(ht) == NULL) { |
4174 |
warnx("Unknown hash algorithm %s, using %s", ht, |
4175 |
@@ -189,27 +195,21 @@ |
4176 |
* 0: next entry found and stored in mp |
4177 |
* 1: no more entries, file R/W pointer positioned at EOF |
4178 |
*/ |
4179 |
-int |
4180 |
-skeygetnext(mp) |
4181 |
- struct skey *mp; |
4182 |
+int skeygetnext(struct skey *mp) |
4183 |
{ |
4184 |
long recstart = 0; |
4185 |
- char *cp; |
4186 |
- struct stat statbuf; |
4187 |
+ char *last; |
4188 |
|
4189 |
/* Open SKEYKEYS if it exists, else return an error */ |
4190 |
if (mp->keyfile == NULL) { |
4191 |
- if (stat(SKEYKEYS, &statbuf) == 0 && |
4192 |
- (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) { |
4193 |
- if ((statbuf.st_mode & 0007777) != 0600) |
4194 |
- fchmod(fileno(mp->keyfile), 0600); |
4195 |
- } else { |
4196 |
- return(-1); |
4197 |
- } |
4198 |
+ if(!(mp->keyfile = openskey())) |
4199 |
+ return -1; |
4200 |
} |
4201 |
|
4202 |
/* Look up next user in database */ |
4203 |
while (!feof(mp->keyfile)) { |
4204 |
+ char *cp; |
4205 |
+ |
4206 |
recstart = ftell(mp->keyfile); |
4207 |
mp->recstart = recstart; |
4208 |
if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) |
4209 |
@@ -217,19 +217,19 @@ |
4210 |
rip(mp->buf); |
4211 |
if (mp->buf[0] == '#') |
4212 |
continue; /* Comment */ |
4213 |
- if ((mp->logname = strtok(mp->buf, " \t")) == NULL) |
4214 |
+ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL) |
4215 |
continue; |
4216 |
- if ((cp = strtok(NULL, " \t")) == NULL) |
4217 |
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) |
4218 |
continue; |
4219 |
/* Save hash type if specified, else use md4 */ |
4220 |
- if (isalpha(*cp)) { |
4221 |
- if ((cp = strtok(NULL, " \t")) == NULL) |
4222 |
+ if (isalpha((u_char) *cp)) { |
4223 |
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) |
4224 |
continue; |
4225 |
} |
4226 |
mp->n = atoi(cp); |
4227 |
- if ((mp->seed = strtok(NULL, " \t")) == NULL) |
4228 |
+ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL) |
4229 |
continue; |
4230 |
- if ((mp->val = strtok(NULL, " \t")) == NULL) |
4231 |
+ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL) |
4232 |
continue; |
4233 |
/* Got a real entry */ |
4234 |
break; |
4235 |
@@ -246,10 +246,7 @@ |
4236 |
* |
4237 |
* The database file is always closed by this call. |
4238 |
*/ |
4239 |
-int |
4240 |
-skeyverify(mp, response) |
4241 |
- struct skey *mp; |
4242 |
- char *response; |
4243 |
+int skeyverify(struct skey *mp, char *response) |
4244 |
{ |
4245 |
char key[SKEY_BINKEY_SIZE]; |
4246 |
char fkey[SKEY_BINKEY_SIZE]; |
4247 |
@@ -257,29 +254,31 @@ |
4248 |
time_t now; |
4249 |
struct tm *tm; |
4250 |
char tbuf[27]; |
4251 |
- char *cp; |
4252 |
+ char *cp, *last; |
4253 |
int i, rval; |
4254 |
|
4255 |
time(&now); |
4256 |
tm = localtime(&now); |
4257 |
- (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); |
4258 |
+ strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); |
4259 |
|
4260 |
if (response == NULL) { |
4261 |
- (void)fclose(mp->keyfile); |
4262 |
- return(-1); |
4263 |
+ fclose(mp->keyfile); |
4264 |
+ mp->keyfile = NULL; |
4265 |
+ return -1; |
4266 |
} |
4267 |
rip(response); |
4268 |
|
4269 |
/* Convert response to binary */ |
4270 |
if (etob(key, response) != 1 && atob8(key, response) != 0) { |
4271 |
/* Neither english words or ascii hex */ |
4272 |
- (void)fclose(mp->keyfile); |
4273 |
- return(-1); |
4274 |
+ fclose(mp->keyfile); |
4275 |
+ mp->keyfile = NULL; |
4276 |
+ return -1; |
4277 |
} |
4278 |
|
4279 |
/* Compute fkey = f(key) */ |
4280 |
- (void)memcpy(fkey, key, sizeof(key)); |
4281 |
- (void)fflush(stdout); |
4282 |
+ memcpy(fkey, key, sizeof(key)); |
4283 |
+ fflush(stdout); |
4284 |
f(fkey); |
4285 |
|
4286 |
/* |
4287 |
@@ -298,26 +297,33 @@ |
4288 |
} |
4289 |
|
4290 |
/* Reread the file record NOW */ |
4291 |
- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET); |
4292 |
+ fseek(mp->keyfile, mp->recstart, SEEK_SET); |
4293 |
if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) { |
4294 |
- (void)fclose(mp->keyfile); |
4295 |
- return(-1); |
4296 |
+ fclose(mp->keyfile); |
4297 |
+ mp->keyfile = NULL; |
4298 |
+ return -1; |
4299 |
} |
4300 |
rip(mp->buf); |
4301 |
- mp->logname = strtok(mp->buf, " \t"); |
4302 |
- cp = strtok(NULL, " \t") ; |
4303 |
- if (isalpha(*cp)) |
4304 |
- cp = strtok(NULL, " \t") ; |
4305 |
- mp->seed = strtok(NULL, " \t"); |
4306 |
- mp->val = strtok(NULL, " \t"); |
4307 |
+ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL) |
4308 |
+ goto verify_failure; |
4309 |
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) |
4310 |
+ goto verify_failure; |
4311 |
+ if (isalpha((u_char) *cp)) |
4312 |
+ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) |
4313 |
+ goto verify_failure; |
4314 |
+ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL) |
4315 |
+ goto verify_failure; |
4316 |
+ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL) |
4317 |
+ goto verify_failure; |
4318 |
/* And convert file value to hex for comparison */ |
4319 |
atob8(filekey, mp->val); |
4320 |
|
4321 |
/* Do actual comparison */ |
4322 |
if (memcmp(filekey, fkey, SKEY_BINKEY_SIZE) != 0){ |
4323 |
/* Wrong response */ |
4324 |
- (void)fclose(mp->keyfile); |
4325 |
- return(1); |
4326 |
+ fclose(mp->keyfile); |
4327 |
+ mp->keyfile = NULL; |
4328 |
+ return 1; |
4329 |
} |
4330 |
|
4331 |
/* |
4332 |
@@ -327,19 +333,24 @@ |
4333 |
*/ |
4334 |
btoa8(mp->val,key); |
4335 |
mp->n--; |
4336 |
- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET); |
4337 |
+ fseek(mp->keyfile, mp->recstart, SEEK_SET); |
4338 |
/* Don't save algorithm type for md4 (keep record length same) */ |
4339 |
if (strcmp(skey_get_algorithm(), "md4") == 0) |
4340 |
- (void)fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n", |
4341 |
+ fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n", |
4342 |
mp->logname, mp->n, mp->seed, mp->val, tbuf); |
4343 |
else |
4344 |
- (void)fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n", |
4345 |
+ fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n", |
4346 |
mp->logname, skey_get_algorithm(), mp->n, |
4347 |
mp->seed, mp->val, tbuf); |
4348 |
|
4349 |
- (void)fclose(mp->keyfile); |
4350 |
- |
4351 |
- return(0); |
4352 |
+ fclose(mp->keyfile); |
4353 |
+ mp->keyfile = NULL; |
4354 |
+ return 0; |
4355 |
+ |
4356 |
+ verify_failure: |
4357 |
+ fclose(mp->keyfile); |
4358 |
+ mp->keyfile = NULL; |
4359 |
+ return -1; |
4360 |
} |
4361 |
|
4362 |
/* |
4363 |
@@ -348,13 +359,18 @@ |
4364 |
* Returns: 1 user doesnt exist, -1 fle error, 0 user exists. |
4365 |
* |
4366 |
*/ |
4367 |
-int |
4368 |
-skey_haskey(username) |
4369 |
- char *username; |
4370 |
+int skey_haskey(const char *username) |
4371 |
{ |
4372 |
struct skey skey; |
4373 |
+ int i; |
4374 |
+ |
4375 |
+ i = skeylookup(&skey, username); |
4376 |
|
4377 |
- return(skeylookup(&skey, username)); |
4378 |
+ if (skey.keyfile != NULL) { |
4379 |
+ fclose(skey.keyfile); |
4380 |
+ skey.keyfile = NULL; |
4381 |
+ } |
4382 |
+ return i; |
4383 |
} |
4384 |
|
4385 |
/* |
4386 |
@@ -364,19 +380,21 @@ |
4387 |
* seed for the passed user. |
4388 |
* |
4389 |
*/ |
4390 |
-char * |
4391 |
-skey_keyinfo(username) |
4392 |
- char *username; |
4393 |
+const char *skey_keyinfo(const char *username) |
4394 |
{ |
4395 |
int i; |
4396 |
static char str[SKEY_MAX_CHALLENGE]; |
4397 |
struct skey skey; |
4398 |
|
4399 |
- i = skeychallenge(&skey, username, str); |
4400 |
+ i = skeychallenge(&skey, username, str, sizeof str); |
4401 |
if (i == -1) |
4402 |
- return(0); |
4403 |
+ return 0; |
4404 |
|
4405 |
- return(str); |
4406 |
+ if (skey.keyfile != NULL) { |
4407 |
+ fclose(skey.keyfile); |
4408 |
+ skey.keyfile = NULL; |
4409 |
+ } |
4410 |
+ return str; |
4411 |
} |
4412 |
|
4413 |
/* |
4414 |
@@ -388,40 +406,38 @@ |
4415 |
* Returns: 0 success, -1 failure |
4416 |
* |
4417 |
*/ |
4418 |
-int |
4419 |
-skey_passcheck(username, passwd) |
4420 |
- char *username, *passwd; |
4421 |
+int skey_passcheck(const char *username, char *passwd) |
4422 |
{ |
4423 |
int i; |
4424 |
struct skey skey; |
4425 |
|
4426 |
i = skeylookup(&skey, username); |
4427 |
if (i == -1 || i == 1) |
4428 |
- return(-1); |
4429 |
+ return -1; |
4430 |
|
4431 |
if (skeyverify(&skey, passwd) == 0) |
4432 |
- return(skey.n); |
4433 |
+ return skey.n; |
4434 |
|
4435 |
- return(-1); |
4436 |
+ return -1; |
4437 |
} |
4438 |
|
4439 |
+#if DO_FAKE_CHALLENGE |
4440 |
#define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \ |
4441 |
((x)[3])) |
4442 |
|
4443 |
/* |
4444 |
* hash_collapse() |
4445 |
*/ |
4446 |
-static u_int32_t |
4447 |
-hash_collapse(s) |
4448 |
- u_char *s; |
4449 |
+static u_int32_t hash_collapse(u_char *s) |
4450 |
{ |
4451 |
- int len, target; |
4452 |
+ int len, target, slen; |
4453 |
u_int32_t i; |
4454 |
- |
4455 |
- if ((strlen(s) % sizeof(u_int32_t)) == 0) |
4456 |
- target = strlen(s); /* Multiple of 4 */ |
4457 |
+ |
4458 |
+ slen = strlen((char *)s); |
4459 |
+ if ((slen % sizeof(u_int32_t)) == 0) |
4460 |
+ target = slen; /* Multiple of 4 */ |
4461 |
else |
4462 |
- target = strlen(s) - (strlen(s) % sizeof(u_int32_t)); |
4463 |
+ target = slen - slen % sizeof(u_int32_t); |
4464 |
|
4465 |
for (i = 0, len = 0; len < target; len += 4) |
4466 |
i ^= ROUND(s + len); |
4467 |
@@ -429,6 +445,8 @@ |
4468 |
return i; |
4469 |
} |
4470 |
|
4471 |
+#endif |
4472 |
+ |
4473 |
/* |
4474 |
* skey_authenticate() |
4475 |
* |
4476 |
@@ -438,22 +456,22 @@ |
4477 |
* Returns: 0 success, -1 failure |
4478 |
* |
4479 |
*/ |
4480 |
-int |
4481 |
-skey_authenticate(username) |
4482 |
- char *username; |
4483 |
+int skey_authenticate(const char *username) |
4484 |
{ |
4485 |
int i; |
4486 |
+ char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1]; |
4487 |
+ struct skey skey; |
4488 |
+#if DO_FAKE_CHALLENGE |
4489 |
u_int ptr; |
4490 |
u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up; |
4491 |
- char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1]; |
4492 |
- char *secret; |
4493 |
size_t secretlen; |
4494 |
- struct skey skey; |
4495 |
SHA1_CTX ctx; |
4496 |
- |
4497 |
+#endif |
4498 |
+ |
4499 |
/* Attempt an S/Key challenge */ |
4500 |
- i = skeychallenge(&skey, username, skeyprompt); |
4501 |
+ i = skeychallenge(&skey, username, skeyprompt, sizeof skeyprompt); |
4502 |
|
4503 |
+#if DO_FAKE_CHALLENGE |
4504 |
/* Cons up a fake prompt if no entry in keys file */ |
4505 |
if (i != 0) { |
4506 |
char *p, *u; |
4507 |
@@ -465,11 +483,11 @@ |
4508 |
if (gethostname(pbuf, sizeof(pbuf)) == -1) |
4509 |
*(p = pbuf) = '.'; |
4510 |
else |
4511 |
- for (p = pbuf; *p && isalnum(*p); p++) |
4512 |
- if (isalpha(*p) && isupper(*p)) |
4513 |
- *p = tolower(*p); |
4514 |
+ for (p = pbuf; *p && isalnum((u_char)*p); p++) |
4515 |
+ if (isalpha((u_char)*p) && isupper((u_char)*p)) |
4516 |
+ *p = tolower((u_char)*p); |
4517 |
if (*p && pbuf - p < 4) |
4518 |
- (void)strncpy(p, "asjd", 4 - (pbuf - p)); |
4519 |
+ strncpy(p, "asjd", 4 - (pbuf - p)); |
4520 |
pbuf[4] = '\0'; |
4521 |
|
4522 |
/* Hash the username if possible */ |
4523 |
@@ -490,6 +508,7 @@ |
4524 |
SEEK_SET) != -1 && read(fd, hseed, |
4525 |
SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) { |
4526 |
close(fd); |
4527 |
+ fd = -1; |
4528 |
secret = hseed; |
4529 |
secretlen = SKEY_MAX_SEED_LEN; |
4530 |
flg = 0; |
4531 |
@@ -499,6 +518,8 @@ |
4532 |
secretlen = strlen(secret); |
4533 |
flg = 0; |
4534 |
} |
4535 |
+ if (fd != -1) |
4536 |
+ close(fd); |
4537 |
} |
4538 |
|
4539 |
/* Put that in your pipe and smoke it */ |
4540 |
@@ -531,7 +552,7 @@ |
4541 |
memset(up, 0, 20); /* SHA1 specific */ |
4542 |
free(up); |
4543 |
|
4544 |
- (void)sprintf(skeyprompt, |
4545 |
+ sprintf(skeyprompt, |
4546 |
"otp-%.*s %d %.*s", |
4547 |
SKEY_MAX_HASHNAME_LEN, |
4548 |
skey_get_algorithm(), |
4549 |
@@ -554,29 +575,30 @@ |
4550 |
} while (--i != 0); |
4551 |
pbuf[12] = '\0'; |
4552 |
|
4553 |
- (void)sprintf(skeyprompt, "otp-%.*s %d %.*s", |
4554 |
+ sprintf(skeyprompt, "otp-%.*s %d %.*s", |
4555 |
SKEY_MAX_HASHNAME_LEN, |
4556 |
skey_get_algorithm(), |
4557 |
99, SKEY_MAX_SEED_LEN, pbuf); |
4558 |
} |
4559 |
} |
4560 |
+#endif |
4561 |
|
4562 |
- (void)fprintf(stderr, "%s\n", skeyprompt); |
4563 |
- (void)fflush(stderr); |
4564 |
+ fprintf(stderr, "[%s]\n", skeyprompt); |
4565 |
+ fflush(stderr); |
4566 |
|
4567 |
- (void)fputs("Response: ", stderr); |
4568 |
+ fputs("Response: ", stderr); |
4569 |
readskey(pbuf, sizeof(pbuf)); |
4570 |
|
4571 |
/* Is it a valid response? */ |
4572 |
if (i == 0 && skeyverify(&skey, pbuf) == 0) { |
4573 |
if (skey.n < 5) { |
4574 |
- (void)fprintf(stderr, |
4575 |
+ fprintf(stderr, |
4576 |
"\nWarning! Key initialization needed soon. (%d logins left)\n", |
4577 |
skey.n); |
4578 |
} |
4579 |
- return(0); |
4580 |
+ return 0; |
4581 |
} |
4582 |
- return(-1); |
4583 |
+ return -1; |
4584 |
} |
4585 |
|
4586 |
/* Comment out user's entry in the s/key database |
4587 |
@@ -587,22 +609,21 @@ |
4588 |
* |
4589 |
* The database file is always closed by this call. |
4590 |
*/ |
4591 |
-int |
4592 |
-skeyzero(mp, response) |
4593 |
- struct skey *mp; |
4594 |
- char *response; |
4595 |
+int skeyzero(struct skey *mp, char *response) |
4596 |
{ |
4597 |
/* |
4598 |
* Seek to the right place and write comment character |
4599 |
* which effectively zero's out the entry. |
4600 |
*/ |
4601 |
- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET); |
4602 |
+ fseek(mp->keyfile, mp->recstart, SEEK_SET); |
4603 |
if (fputc('#', mp->keyfile) == EOF) { |
4604 |
fclose(mp->keyfile); |
4605 |
- return(-1); |
4606 |
+ mp->keyfile = NULL; |
4607 |
+ return -1; |
4608 |
} |
4609 |
|
4610 |
- (void)fclose(mp->keyfile); |
4611 |
+ fclose(mp->keyfile); |
4612 |
+ mp->keyfile = NULL; |
4613 |
|
4614 |
- return(0); |
4615 |
+ return 0; |
4616 |
} |
4617 |
--- skey-1.1.5.orig/skeyprune.8 2001-05-10 17:10:49.000000000 +0100 |
4618 |
+++ skey-1.1.5/skeyprune.8 2003-11-06 17:46:45.000000000 +0000 |
4619 |
@@ -13,7 +13,7 @@ |
4620 |
.Sh DESCRIPTION |
4621 |
.Nm skeyprune |
4622 |
searches through the file |
4623 |
-.Dq Pa /etc/skeykeys |
4624 |
+.Dq Pa /etc/skey/skeykeys |
4625 |
and prunes out users who have zeroed their entries via |
4626 |
.Xr skeyinit 1 |
4627 |
as well as entries that have not been modified in |
4628 |
@@ -22,8 +22,8 @@ |
4629 |
.Ar days |
4630 |
is not specified only commented out entries are pruned. |
4631 |
.Sh FILES |
4632 |
-.Bl -tag -width /etc/skeykeys -compact |
4633 |
-.It Pa /etc/skeykeys |
4634 |
+.Bl -tag -width /etc/skey/skeykeys -compact |
4635 |
+.It Pa /etc/skey/skeykeys |
4636 |
S/Key key information database |
4637 |
.El |
4638 |
.Sh SEE ALSO |
4639 |
@@ -33,7 +33,7 @@ |
4640 |
Since |
4641 |
.Nm skeyprune |
4642 |
rewrites |
4643 |
-.Dq Pa /etc/skeykeys , |
4644 |
+.Dq Pa /etc/skey/skeykeys , |
4645 |
there is a window where S/Key changes could get lost. |
4646 |
It is therefore suggested that |
4647 |
.Nm skeyprune |
4648 |
--- skey-1.1.5.orig/skeysubr.c 2001-05-10 17:10:49.000000000 +0100 |
4649 |
+++ skey-1.1.5/skeysubr.c 2003-11-06 17:46:45.000000000 +0000 |
4650 |
@@ -40,30 +40,26 @@ |
4651 |
#else |
4652 |
#include "sha1.h" |
4653 |
#endif |
4654 |
-#ifdef HAVE_RMD160_H |
4655 |
-#include <rmd160.h> |
4656 |
-#else |
4657 |
-#include "rmd160.h" |
4658 |
-#endif |
4659 |
|
4660 |
#include "skey.h" |
4661 |
|
4662 |
/* Default hash function to use (index into skey_hash_types array) */ |
4663 |
#ifndef SKEY_HASH_DEFAULT |
4664 |
-#define SKEY_HASH_DEFAULT 1 |
4665 |
+#define SKEY_HASH_DEFAULT 0 /*MD4*/ |
4666 |
#endif |
4667 |
|
4668 |
-static void f_md4 __P((char *x)); |
4669 |
-static void f_md5 __P((char *x)); |
4670 |
-static void f_sha1 __P((char *x)); |
4671 |
-static void f_rmd160 __P((char *x)); |
4672 |
-static int keycrunch_md4 __P((char *result, char *seed, char *passwd)); |
4673 |
-static int keycrunch_md5 __P((char *result, char *seed, char *passwd)); |
4674 |
-static int keycrunch_sha1 __P((char *result, char *seed, char *passwd)); |
4675 |
-static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); |
4676 |
-static void lowcase __P((char *s)); |
4677 |
-static void skey_echo __P((int action)); |
4678 |
-static void trapped __P((int sig)); |
4679 |
+static void f_md4 __P((char *)); |
4680 |
+static void f_md5 __P((char *)); |
4681 |
+static void f_sha1 __P((char *)); |
4682 |
+/* static void f_rmd160 __P((char *x)); */ |
4683 |
+static int keycrunch_md4 __P((char *, const char *, const char *)); |
4684 |
+static int keycrunch_md5 __P((char *, const char *, const char *)); |
4685 |
+static int keycrunch_sha1 __P((char *, const char *, const char *)); |
4686 |
+/* static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); */ |
4687 |
+static void lowcase __P((char *)); |
4688 |
+static void skey_echo __P((int)); |
4689 |
+static void trapped __P((int)); |
4690 |
+static char *mkseedpassword(const char *, const char *, size_t *); |
4691 |
|
4692 |
/* Current hash type (index into skey_hash_types array) */ |
4693 |
static int skey_hash_type = SKEY_HASH_DEFAULT; |
4694 |
@@ -72,17 +68,16 @@ |
4695 |
* Hash types we support. |
4696 |
* Each has an associated keycrunch() and f() function. |
4697 |
*/ |
4698 |
-#define SKEY_ALGORITH_LAST 4 |
4699 |
struct skey_algorithm_table { |
4700 |
const char *name; |
4701 |
- int (*keycrunch) (char *, char *, char *); |
4702 |
- void (*f) (char *); |
4703 |
+ int (*keycrunch) __P((char *, const char *, const char *)); |
4704 |
+ void (*f) __P((char *)); |
4705 |
}; |
4706 |
static struct skey_algorithm_table skey_algorithm_table[] = { |
4707 |
{ "md4", keycrunch_md4, f_md4 }, |
4708 |
{ "md5", keycrunch_md5, f_md5 }, |
4709 |
{ "sha1", keycrunch_sha1, f_sha1 }, |
4710 |
- { "rmd160", keycrunch_rmd160, f_rmd160 } |
4711 |
+ { NULL } |
4712 |
}; |
4713 |
|
4714 |
|
4715 |
@@ -91,242 +86,172 @@ |
4716 |
* concatenate the seed and the password, run through MD4/5 and |
4717 |
* collapse to 64 bits. This is defined as the user's starting key. |
4718 |
*/ |
4719 |
-int |
4720 |
-keycrunch(result, seed, passwd) |
4721 |
- char *result; /* SKEY_BINKEY_SIZE result */ |
4722 |
- char *seed; /* Seed, any length */ |
4723 |
- char *passwd; /* Password, any length */ |
4724 |
+int keycrunch(char *result, const char *seed, const char *passwd) |
4725 |
{ |
4726 |
return(skey_algorithm_table[skey_hash_type].keycrunch(result, seed, passwd)); |
4727 |
} |
4728 |
|
4729 |
-static int |
4730 |
-keycrunch_md4(result, seed, passwd) |
4731 |
- char *result; /* SKEY_BINKEY_SIZE result */ |
4732 |
- char *seed; /* Seed, any length */ |
4733 |
- char *passwd; /* Password, any length */ |
4734 |
+static char *mkseedpassword(const char *seed, const char *passwd, size_t *buflen) |
4735 |
{ |
4736 |
char *buf; |
4737 |
- MD4_CTX md; |
4738 |
- u_int32_t results[4]; |
4739 |
- unsigned int buflen; |
4740 |
|
4741 |
- buflen = strlen(seed) + strlen(passwd); |
4742 |
- if ((buf = (char *)malloc(buflen+1)) == NULL) |
4743 |
- return(-1); |
4744 |
- (void)strcpy(buf, seed); |
4745 |
+ *buflen = strlen(seed) + strlen(passwd); |
4746 |
+ if ((buf = (char *) malloc(*buflen + 1)) == NULL) |
4747 |
+ return NULL; |
4748 |
+ strcpy(buf, seed); |
4749 |
lowcase(buf); |
4750 |
- (void)strcat(buf, passwd); |
4751 |
+ strcat(buf, passwd); |
4752 |
+ sevenbit(buf); |
4753 |
+ |
4754 |
+ return buf; |
4755 |
+} |
4756 |
|
4757 |
+static int keycrunch_md4(char *result, const char *seed, const char *passwd) |
4758 |
+{ |
4759 |
+ char *buf; |
4760 |
+ MD4_CTX md; |
4761 |
+ size_t buflen; |
4762 |
+ u_int32_t results[4]; |
4763 |
+ |
4764 |
+ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL) |
4765 |
+ return -1; |
4766 |
+ |
4767 |
/* Crunch the key through MD4 */ |
4768 |
- sevenbit(buf); |
4769 |
MD4Init(&md); |
4770 |
MD4Update(&md, (unsigned char *)buf, buflen); |
4771 |
- MD4Final((unsigned char *)results, &md); |
4772 |
- (void)free(buf); |
4773 |
+ MD4Final((unsigned char *) (void *) results, &md); |
4774 |
+ free(buf); |
4775 |
|
4776 |
/* Fold result from 128 to 64 bits */ |
4777 |
results[0] ^= results[2]; |
4778 |
results[1] ^= results[3]; |
4779 |
|
4780 |
- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); |
4781 |
+ memcpy(result, results, SKEY_BINKEY_SIZE); |
4782 |
|
4783 |
- return(0); |
4784 |
+ return 0; |
4785 |
} |
4786 |
|
4787 |
-static int |
4788 |
-keycrunch_md5(result, seed, passwd) |
4789 |
- char *result; /* SKEY_BINKEY_SIZE result */ |
4790 |
- char *seed; /* Seed, any length */ |
4791 |
- char *passwd; /* Password, any length */ |
4792 |
+static int keycrunch_md5(char *result, const char *seed, const char *passwd) |
4793 |
{ |
4794 |
char *buf; |
4795 |
MD5_CTX md; |
4796 |
u_int32_t results[4]; |
4797 |
- unsigned int buflen; |
4798 |
+ size_t buflen; |
4799 |
|
4800 |
- buflen = strlen(seed) + strlen(passwd); |
4801 |
- if ((buf = (char *)malloc(buflen+1)) == NULL) |
4802 |
- return(-1); |
4803 |
- (void)strcpy(buf, seed); |
4804 |
- lowcase(buf); |
4805 |
- (void)strcat(buf, passwd); |
4806 |
+ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL) |
4807 |
+ return -1; |
4808 |
|
4809 |
/* Crunch the key through MD5 */ |
4810 |
- sevenbit(buf); |
4811 |
MD5Init(&md); |
4812 |
MD5Update(&md, (unsigned char *)buf, buflen); |
4813 |
- MD5Final((unsigned char *)results, &md); |
4814 |
- (void)free(buf); |
4815 |
+ MD5Final((unsigned char *) (void *)results, &md); |
4816 |
+ free(buf); |
4817 |
|
4818 |
/* Fold result from 128 to 64 bits */ |
4819 |
results[0] ^= results[2]; |
4820 |
results[1] ^= results[3]; |
4821 |
|
4822 |
- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); |
4823 |
+ memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); |
4824 |
|
4825 |
return(0); |
4826 |
} |
4827 |
|
4828 |
-static int |
4829 |
-keycrunch_sha1(result, seed, passwd) |
4830 |
- char *result; /* SKEY_BINKEY_SIZE result */ |
4831 |
- char *seed; /* Seed, any length */ |
4832 |
- char *passwd; /* Password, any length */ |
4833 |
+static int keycrunch_sha1(char *result, const char *seed, const char *passwd) |
4834 |
{ |
4835 |
char *buf; |
4836 |
SHA1_CTX sha; |
4837 |
- u_int32_t results[5]; |
4838 |
- unsigned int buflen; |
4839 |
- |
4840 |
- buflen = strlen(seed) + strlen(passwd); |
4841 |
- if ((buf = (char *)malloc(buflen+1)) == NULL) |
4842 |
- return(-1); |
4843 |
- (void)strcpy(buf, seed); |
4844 |
- lowcase(buf); |
4845 |
- (void)strcat(buf, passwd); |
4846 |
+ size_t buflen; |
4847 |
+ int i, j; |
4848 |
|
4849 |
+ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL) |
4850 |
+ return -1; |
4851 |
+ |
4852 |
/* Crunch the key through SHA1 */ |
4853 |
- sevenbit(buf); |
4854 |
SHA1Init(&sha); |
4855 |
SHA1Update(&sha, (unsigned char *)buf, buflen); |
4856 |
- SHA1Final((unsigned char *)results, &sha); |
4857 |
- (void)free(buf); |
4858 |
+ SHA1Final(NULL, &sha); |
4859 |
+ free(buf); |
4860 |
|
4861 |
/* Fold 160 to 64 bits */ |
4862 |
- results[0] ^= results[2]; |
4863 |
- results[1] ^= results[3]; |
4864 |
- results[0] ^= results[4]; |
4865 |
- |
4866 |
- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); |
4867 |
- |
4868 |
- return(0); |
4869 |
-} |
4870 |
- |
4871 |
-static int |
4872 |
-keycrunch_rmd160(result, seed, passwd) |
4873 |
- char *result; /* SKEY_BINKEY_SIZE result */ |
4874 |
- char *seed; /* Seed, any length */ |
4875 |
- char *passwd; /* Password, any length */ |
4876 |
-{ |
4877 |
- char *buf; |
4878 |
- RMD160_CTX rmd; |
4879 |
- u_int32_t results[5]; |
4880 |
- unsigned int buflen; |
4881 |
- |
4882 |
- buflen = strlen(seed) + strlen(passwd); |
4883 |
- if ((buf = (char *)malloc(buflen+1)) == NULL) |
4884 |
- return(-1); |
4885 |
- (void)strcpy(buf, seed); |
4886 |
- lowcase(buf); |
4887 |
- (void)strcat(buf, passwd); |
4888 |
- |
4889 |
- /* Crunch the key through RMD-160 */ |
4890 |
- sevenbit(buf); |
4891 |
- RMD160Init(&rmd); |
4892 |
- RMD160Update(&rmd, (unsigned char *)buf, buflen); |
4893 |
- RMD160Final((unsigned char *)results, &rmd); |
4894 |
- (void)free(buf); |
4895 |
- |
4896 |
- /* Fold 160 to 64 bits */ |
4897 |
- results[0] ^= results[2]; |
4898 |
- results[1] ^= results[3]; |
4899 |
- results[0] ^= results[4]; |
4900 |
- |
4901 |
- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); |
4902 |
+ sha.state[0] ^= sha.state[2]; |
4903 |
+ sha.state[1] ^= sha.state[3]; |
4904 |
+ sha.state[0] ^= sha.state[4]; |
4905 |
+ |
4906 |
+ for (i=j=0; j<8; i++, j+=4) { |
4907 |
+ result[j] = (unsigned char)(sha.state[i] & 0xff); |
4908 |
+ result[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff); |
4909 |
+ result[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff); |
4910 |
+ result[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff); |
4911 |
+ } |
4912 |
|
4913 |
- return(0); |
4914 |
+ return 0; |
4915 |
} |
4916 |
|
4917 |
/* |
4918 |
* The one-way function f(). |
4919 |
* Takes SKEY_BINKEY_SIZE bytes and returns SKEY_BINKEY_SIZE bytes in place. |
4920 |
*/ |
4921 |
-void |
4922 |
-f(x) |
4923 |
- char *x; |
4924 |
+void f(char *x) |
4925 |
{ |
4926 |
skey_algorithm_table[skey_hash_type].f(x); |
4927 |
} |
4928 |
|
4929 |
-static void |
4930 |
-f_md4(x) |
4931 |
- char *x; |
4932 |
+static void f_md4(char *x) |
4933 |
{ |
4934 |
MD4_CTX md; |
4935 |
u_int32_t results[4]; |
4936 |
|
4937 |
MD4Init(&md); |
4938 |
MD4Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE); |
4939 |
- MD4Final((unsigned char *)results, &md); |
4940 |
+ MD4Final((unsigned char *) (void *) results, &md); |
4941 |
|
4942 |
/* Fold 128 to 64 bits */ |
4943 |
results[0] ^= results[2]; |
4944 |
results[1] ^= results[3]; |
4945 |
|
4946 |
- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); |
4947 |
+ memcpy(x, results, SKEY_BINKEY_SIZE); |
4948 |
} |
4949 |
|
4950 |
-static void |
4951 |
-f_md5(x) |
4952 |
- char *x; |
4953 |
+static void f_md5(char *x) |
4954 |
{ |
4955 |
MD5_CTX md; |
4956 |
u_int32_t results[4]; |
4957 |
|
4958 |
MD5Init(&md); |
4959 |
MD5Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE); |
4960 |
- MD5Final((unsigned char *)results, &md); |
4961 |
+ MD5Final((unsigned char *) (void *) results, &md); |
4962 |
|
4963 |
/* Fold 128 to 64 bits */ |
4964 |
results[0] ^= results[2]; |
4965 |
results[1] ^= results[3]; |
4966 |
|
4967 |
- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); |
4968 |
+ memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); |
4969 |
} |
4970 |
|
4971 |
-static void |
4972 |
-f_sha1(x) |
4973 |
- char *x; |
4974 |
+static void f_sha1(char *x) |
4975 |
{ |
4976 |
SHA1_CTX sha; |
4977 |
- u_int32_t results[5]; |
4978 |
+ int i, j; |
4979 |
|
4980 |
SHA1Init(&sha); |
4981 |
SHA1Update(&sha, (unsigned char *)x, SKEY_BINKEY_SIZE); |
4982 |
- SHA1Final((unsigned char *)results, &sha); |
4983 |
+ SHA1Final(NULL, &sha); |
4984 |
|
4985 |
/* Fold 160 to 64 bits */ |
4986 |
- results[0] ^= results[2]; |
4987 |
- results[1] ^= results[3]; |
4988 |
- results[0] ^= results[4]; |
4989 |
- |
4990 |
- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); |
4991 |
-} |
4992 |
- |
4993 |
-static void |
4994 |
-f_rmd160(x) |
4995 |
- char *x; |
4996 |
-{ |
4997 |
- RMD160_CTX rmd; |
4998 |
- u_int32_t results[5]; |
4999 |
- |
5000 |
- RMD160Init(&rmd); |
5001 |
- RMD160Update(&rmd, (unsigned char *)x, SKEY_BINKEY_SIZE); |
5002 |
- RMD160Final((unsigned char *)results, &rmd); |
5003 |
- |
5004 |
- /* Fold 160 to 64 bits */ |
5005 |
- results[0] ^= results[2]; |
5006 |
- results[1] ^= results[3]; |
5007 |
- results[0] ^= results[4]; |
5008 |
- |
5009 |
- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); |
5010 |
+ sha.state[0] ^= sha.state[2]; |
5011 |
+ sha.state[1] ^= sha.state[3]; |
5012 |
+ sha.state[0] ^= sha.state[4]; |
5013 |
+ |
5014 |
+ for (i=j=0; j<8; i++, j+=4) { |
5015 |
+ x[j] = (unsigned char)(sha.state[i] & 0xff); |
5016 |
+ x[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff); |
5017 |
+ x[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff); |
5018 |
+ x[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff); |
5019 |
+ } |
5020 |
} |
5021 |
|
5022 |
/* Strip trailing cr/lf from a line of text */ |
5023 |
-void |
5024 |
-rip(buf) |
5025 |
- char *buf; |
5026 |
+void rip(char *buf) |
5027 |
{ |
5028 |
buf += strcspn(buf, "\r\n"); |
5029 |
|
5030 |
@@ -335,12 +260,9 @@ |
5031 |
} |
5032 |
|
5033 |
/* Read in secret password (turns off echo) */ |
5034 |
-char * |
5035 |
-readpass(buf, n) |
5036 |
- char *buf; |
5037 |
- int n; |
5038 |
+char *readpass(char *buf, int n) |
5039 |
{ |
5040 |
- void (*old_handler) (); |
5041 |
+ void *old_handler; |
5042 |
|
5043 |
/* Turn off echoing */ |
5044 |
skey_echo(0); |
5045 |
@@ -348,131 +270,114 @@ |
5046 |
/* Catch SIGINT and save old signal handler */ |
5047 |
old_handler = signal(SIGINT, trapped); |
5048 |
|
5049 |
- (void)fgets(buf, n, stdin); |
5050 |
+ fgets(buf, n, stdin); |
5051 |
rip(buf); |
5052 |
|
5053 |
- (void)putc('\n', stderr); |
5054 |
- (void)fflush(stderr); |
5055 |
+ putc('\n', stderr); |
5056 |
+ fflush(stderr); |
5057 |
|
5058 |
/* Restore signal handler and turn echo back on */ |
5059 |
if (old_handler != SIG_ERR) |
5060 |
- (void)signal(SIGINT, old_handler); |
5061 |
+ signal(SIGINT, old_handler); |
5062 |
skey_echo(1); |
5063 |
|
5064 |
sevenbit(buf); |
5065 |
|
5066 |
- return(buf); |
5067 |
+ return buf; |
5068 |
} |
5069 |
|
5070 |
/* Read in an s/key OTP (does not turn off echo) */ |
5071 |
-char * |
5072 |
-readskey(buf, n) |
5073 |
- char *buf; |
5074 |
- int n; |
5075 |
+char *readskey(char *buf, int n) |
5076 |
{ |
5077 |
- (void)fgets(buf, n, stdin); |
5078 |
+ fgets(buf, n, stdin); |
5079 |
rip(buf); |
5080 |
|
5081 |
sevenbit(buf); |
5082 |
|
5083 |
- return(buf); |
5084 |
+ return buf; |
5085 |
} |
5086 |
|
5087 |
/* Signal handler for trapping ^C */ |
5088 |
-static void |
5089 |
-trapped(sig) |
5090 |
- int sig; |
5091 |
+static void trapped(int sig) |
5092 |
{ |
5093 |
- (void)fputs("^C\n", stderr); |
5094 |
- (void)fflush(stderr); |
5095 |
+ fputs("^C\n", stderr); |
5096 |
+ fflush(stderr); |
5097 |
|
5098 |
- /* Turn on echo if necesary */ |
5099 |
+ /* Turn on echo if necemassary */ |
5100 |
skey_echo(1); |
5101 |
|
5102 |
- exit(-1); |
5103 |
+ exit(1); |
5104 |
} |
5105 |
|
5106 |
/* |
5107 |
* Convert 8-byte hex-ascii string to binary array |
5108 |
* Returns 0 on success, -1 on error |
5109 |
*/ |
5110 |
-int |
5111 |
-atob8(out, in) |
5112 |
- register char *out; |
5113 |
- register char *in; |
5114 |
+int atob8(char *out, const char *in) |
5115 |
{ |
5116 |
- register int i; |
5117 |
- register int val; |
5118 |
+ int i; |
5119 |
+ int val; |
5120 |
|
5121 |
if (in == NULL || out == NULL) |
5122 |
- return(-1); |
5123 |
+ return -1; |
5124 |
|
5125 |
for (i=0; i < 8; i++) { |
5126 |
if ((in = skipspace(in)) == NULL) |
5127 |
- return(-1); |
5128 |
+ return -1; |
5129 |
if ((val = htoi(*in++)) == -1) |
5130 |
- return(-1); |
5131 |
+ return -1; |
5132 |
*out = val << 4; |
5133 |
|
5134 |
if ((in = skipspace(in)) == NULL) |
5135 |
- return(-1); |
5136 |
+ return -1; |
5137 |
if ((val = htoi(*in++)) == -1) |
5138 |
- return(-1); |
5139 |
+ return -1; |
5140 |
*out++ |= val; |
5141 |
} |
5142 |
- return(0); |
5143 |
+ return 0; |
5144 |
} |
5145 |
|
5146 |
/* Convert 8-byte binary array to hex-ascii string */ |
5147 |
-int |
5148 |
-btoa8(out, in) |
5149 |
- register char *out; |
5150 |
- register char *in; |
5151 |
+int btoa8(char *out, const char *in) |
5152 |
{ |
5153 |
- register int i; |
5154 |
+ int i; |
5155 |
|
5156 |
if (in == NULL || out == NULL) |
5157 |
- return(-1); |
5158 |
+ return -1; |
5159 |
|
5160 |
for (i=0; i < 8; i++) { |
5161 |
- (void)sprintf(out, "%02x", *in++ & 0xff); |
5162 |
+ sprintf(out, "%02x", *in++ & 0xff); |
5163 |
out += 2; |
5164 |
} |
5165 |
- return(0); |
5166 |
+ return 0; |
5167 |
} |
5168 |
|
5169 |
/* Convert hex digit to binary integer */ |
5170 |
-int |
5171 |
-htoi(c) |
5172 |
- register int c; |
5173 |
+int htoi(int c) |
5174 |
{ |
5175 |
if ('0' <= c && c <= '9') |
5176 |
- return(c - '0'); |
5177 |
+ return c - '0'; |
5178 |
if ('a' <= c && c <= 'f') |
5179 |
- return(10 + c - 'a'); |
5180 |
+ return 10 + c - 'a'; |
5181 |
if ('A' <= c && c <= 'F') |
5182 |
- return(10 + c - 'A'); |
5183 |
- return(-1); |
5184 |
+ return 10 + c - 'A'; |
5185 |
+ return -1; |
5186 |
} |
5187 |
|
5188 |
/* Skip leading spaces from the string */ |
5189 |
-char * |
5190 |
-skipspace(cp) |
5191 |
- register char *cp; |
5192 |
+const char *skipspace(const char *cp) |
5193 |
{ |
5194 |
while (*cp == ' ' || *cp == '\t') |
5195 |
cp++; |
5196 |
|
5197 |
if (*cp == '\0') |
5198 |
- return(NULL); |
5199 |
+ return NULL; |
5200 |
else |
5201 |
- return(cp); |
5202 |
+ return cp; |
5203 |
} |
5204 |
|
5205 |
/* Remove backspaced over characters from the string */ |
5206 |
-void |
5207 |
-backspace(buf) |
5208 |
- char *buf; |
5209 |
+void backspace(char *buf) |
5210 |
{ |
5211 |
char bs = 0x8; |
5212 |
char *cp = buf; |
5213 |
@@ -496,77 +401,68 @@ |
5214 |
} |
5215 |
|
5216 |
/* Make sure line is all seven bits */ |
5217 |
-void |
5218 |
-sevenbit(s) |
5219 |
- char *s; |
5220 |
+void sevenbit(char *s) |
5221 |
{ |
5222 |
while (*s) |
5223 |
*s++ &= 0x7f; |
5224 |
} |
5225 |
|
5226 |
/* Set hash algorithm type */ |
5227 |
-char * |
5228 |
-skey_set_algorithm(new) |
5229 |
- char *new; |
5230 |
+const char *skey_set_algorithm(const char *new) |
5231 |
{ |
5232 |
int i; |
5233 |
|
5234 |
- for (i = 0; i < SKEY_ALGORITH_LAST; i++) { |
5235 |
+ for (i = 0; skey_algorithm_table[i].name; i++) { |
5236 |
if (strcmp(new, skey_algorithm_table[i].name) == 0) { |
5237 |
skey_hash_type = i; |
5238 |
- return(new); |
5239 |
+ return new; |
5240 |
} |
5241 |
} |
5242 |
|
5243 |
- return(NULL); |
5244 |
+ return NULL; |
5245 |
} |
5246 |
|
5247 |
/* Get current hash type */ |
5248 |
-const char * |
5249 |
-skey_get_algorithm() |
5250 |
+const char *skey_get_algorithm() |
5251 |
{ |
5252 |
return(skey_algorithm_table[skey_hash_type].name); |
5253 |
} |
5254 |
|
5255 |
/* Turn echo on/off */ |
5256 |
-static void |
5257 |
-skey_echo(action) |
5258 |
- int action; |
5259 |
+static void skey_echo(int action) |
5260 |
{ |
5261 |
static struct termios term; |
5262 |
static int echo = 0; |
5263 |
|
5264 |
if (action == 0) { |
5265 |
/* Turn echo off */ |
5266 |
- (void) tcgetattr(fileno(stdin), &term); |
5267 |
+ tcgetattr(fileno(stdin), &term); |
5268 |
if ((echo = (term.c_lflag & ECHO))) { |
5269 |
term.c_lflag &= ~ECHO; |
5270 |
#ifdef TCSASOFT |
5271 |
- (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); |
5272 |
+ tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); |
5273 |
#else |
5274 |
- (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term); |
5275 |
+ tcsetattr(fileno(stdin), TCSAFLUSH, &term); |
5276 |
#endif |
5277 |
} |
5278 |
} else if (action && echo) { |
5279 |
/* Turn echo on */ |
5280 |
term.c_lflag |= ECHO; |
5281 |
#ifdef TCSASOFT |
5282 |
- (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); |
5283 |
+ tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); |
5284 |
#else |
5285 |
- (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term); |
5286 |
+ tcsetattr(fileno(stdin), TCSAFLUSH, &term); |
5287 |
#endif |
5288 |
echo = 0; |
5289 |
} |
5290 |
} |
5291 |
|
5292 |
/* Convert string to lower case */ |
5293 |
-static void |
5294 |
-lowcase(s) |
5295 |
- char *s; |
5296 |
+static void lowcase(char *s) |
5297 |
{ |
5298 |
- char *p; |
5299 |
+ u_char *p; |
5300 |
|
5301 |
- for (p = s; *p; p++) |
5302 |
+ for (p = (u_char *) s; *p; p++) |
5303 |
if (isupper(*p)) |
5304 |
*p = tolower(*p); |
5305 |
} |
5306 |
--- skey-1.1.5.orig/strlcpy.c 2001-05-10 17:10:49.000000000 +0100 |
5307 |
+++ skey-1.1.5/strlcpy.c 1970-01-01 01:00:00.000000000 +0100 |
5308 |
@@ -1,72 +0,0 @@ |
5309 |
-/* $OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $ */ |
5310 |
- |
5311 |
-/* |
5312 |
- * Copyright (c) 1998 Todd C. Miller <Todd.Miller@×××××××××.com> |
5313 |
- * All rights reserved. |
5314 |
- * |
5315 |
- * Redistribution and use in source and binary forms, with or without |
5316 |
- * modification, are permitted provided that the following conditions |
5317 |
- * are met: |
5318 |
- * 1. Redistributions of source code must retain the above copyright |
5319 |
- * notice, this list of conditions and the following disclaimer. |
5320 |
- * 2. Redistributions in binary form must reproduce the above copyright |
5321 |
- * notice, this list of conditions and the following disclaimer in the |
5322 |
- * documentation and/or other materials provided with the distribution. |
5323 |
- * 3. The name of the author may not be used to endorse or promote products |
5324 |
- * derived from this software without specific prior written permission. |
5325 |
- * |
5326 |
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, |
5327 |
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY |
5328 |
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL |
5329 |
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
5330 |
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
5331 |
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
5332 |
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
5333 |
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
5334 |
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
5335 |
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
5336 |
- */ |
5337 |
-#include "config.h" |
5338 |
-#ifndef HAVE_STRLCPY |
5339 |
- |
5340 |
-#if defined(LIBC_SCCS) && !defined(lint) |
5341 |
-static char *rcsid = "$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $"; |
5342 |
-#endif /* LIBC_SCCS and not lint */ |
5343 |
- |
5344 |
-#include <sys/types.h> |
5345 |
-#include <string.h> |
5346 |
- |
5347 |
-/* |
5348 |
- * Copy src to string dst of size siz. At most siz-1 characters |
5349 |
- * will be copied. Always NUL terminates (unless siz == 0). |
5350 |
- * Returns strlen(src); if retval >= siz, truncation occurred. |
5351 |
- */ |
5352 |
-size_t strlcpy(dst, src, siz) |
5353 |
- char *dst; |
5354 |
- const char *src; |
5355 |
- size_t siz; |
5356 |
-{ |
5357 |
- register char *d = dst; |
5358 |
- register const char *s = src; |
5359 |
- register size_t n = siz; |
5360 |
- |
5361 |
- /* Copy as many bytes as will fit */ |
5362 |
- if (n != 0 && --n != 0) { |
5363 |
- do { |
5364 |
- if ((*d++ = *s++) == 0) |
5365 |
- break; |
5366 |
- } while (--n != 0); |
5367 |
- } |
5368 |
- |
5369 |
- /* Not enough room in dst, add NUL and traverse rest of src */ |
5370 |
- if (n == 0) { |
5371 |
- if (siz != 0) |
5372 |
- *d = '\0'; /* NUL-terminate dst */ |
5373 |
- while (*s++) |
5374 |
- ; |
5375 |
- } |
5376 |
- |
5377 |
- return(s - src - 1); /* count does not include NUL */ |
5378 |
-} |
5379 |
- |
5380 |
-#endif |
5381 |
|
5382 |
|
5383 |
|
5384 |
1.1 src/patchsets/skey/1.1.5/02_all_login_name_max.patch |
5385 |
|
5386 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/02_all_login_name_max.patch?rev=1.1&view=markup |
5387 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/02_all_login_name_max.patch?rev=1.1&content-type=text/plain |
5388 |
|
5389 |
Index: 02_all_login_name_max.patch |
5390 |
=================================================================== |
5391 |
https://bugs.gentoo.org/33315 |
5392 |
glibc 2.2.x does not define LOGIN_NAME_MAX |
5393 |
(12 Nov 2003) -taviso@g.o |
5394 |
|
5395 |
--- skey-1.1.5.orig/skeyinit.c |
5396 |
+++ skey-1.1.5/skeyinit.c |
5397 |
@@ -62,6 +62,11 @@ |
5398 |
#define SKEY_NAMELEN 4 |
5399 |
#endif |
5400 |
|
5401 |
+/* #33315 */ |
5402 |
+#ifndef LOGIN_NAME_MAX |
5403 |
+#define LOGIN_NAME_MAX 256 |
5404 |
+#endif |
5405 |
+ |
5406 |
int main __P((int, char **)); |
5407 |
|
5408 |
int main(int argc, char **argv) |
5409 |
|
5410 |
|
5411 |
|
5412 |
1.1 src/patchsets/skey/1.1.5/03_all_fPIC.patch |
5413 |
|
5414 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/03_all_fPIC.patch?rev=1.1&view=markup |
5415 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/03_all_fPIC.patch?rev=1.1&content-type=text/plain |
5416 |
|
5417 |
Index: 03_all_fPIC.patch |
5418 |
=================================================================== |
5419 |
--- skey-1.1.5-orig/Makefile.in |
5420 |
+++ skey-1.1.5/Makefile.in |
5421 |
@@ -50,6 +50,9 @@ |
5422 |
|
5423 |
${LIBOBJS}: config.h |
5424 |
|
5425 |
+${LIBOBJS}: %.o: %.c |
5426 |
+ ${CC} ${CFLAGS} -fPIC -c $< -o $@ |
5427 |
+ |
5428 |
libskey.a: ${LIBOBJS} |
5429 |
${AR} rv $@ ${LIBOBJS} |
5430 |
${RANLIB} $@ |
5431 |
|
5432 |
|
5433 |
|
5434 |
1.1 src/patchsets/skey/1.1.5/04_all_bind-now.patch |
5435 |
|
5436 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/04_all_bind-now.patch?rev=1.1&view=markup |
5437 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/04_all_bind-now.patch?rev=1.1&content-type=text/plain |
5438 |
|
5439 |
Index: 04_all_bind-now.patch |
5440 |
=================================================================== |
5441 |
--- skey-1.1.5-orig/Makefile.in |
5442 |
+++ skey-1.1.5/Makefile.in |
5443 |
@@ -67,10 +67,10 @@ |
5444 |
${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS} |
5445 |
|
5446 |
skeyinit: libskey.so ${SKEYINITOBJS} |
5447 |
- ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} |
5448 |
+ ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} -Wl,-z,now |
5449 |
|
5450 |
skeyinfo: libskey.so ${SKEYINFOOBJS} |
5451 |
- ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS} |
5452 |
+ ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS} -Wl,-z,now |
5453 |
|
5454 |
${MANPAGES} ${SCRIPTS}:: |
5455 |
${FIXPATHSCMD} ${srcdir}/$@ |
5456 |
|
5457 |
|
5458 |
|
5459 |
1.1 src/patchsets/skey/1.1.5/05_all_otp.patch |
5460 |
|
5461 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/05_all_otp.patch?rev=1.1&view=markup |
5462 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/05_all_otp.patch?rev=1.1&content-type=text/plain |
5463 |
|
5464 |
Index: 05_all_otp.patch |
5465 |
=================================================================== |
5466 |
https://bugs.gentoo.org/71015 |
5467 |
allow invokation as otp-foo. |
5468 |
(03 Mar 2005) -taviso. |
5469 |
|
5470 |
--- skey-1.1.5.orig/skey.c |
5471 |
+++ skey-1.1.5/skey.c |
5472 |
@@ -46,6 +46,17 @@ |
5473 |
char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE]; |
5474 |
char buf[33], *seed, *slash, *t; |
5475 |
|
5476 |
+ /* If we were called as otp-METHOD, set algorithm based on that */ |
5477 |
+ if ((slash = strrchr(argv[0], '/'))) |
5478 |
+ slash++; |
5479 |
+ else |
5480 |
+ slash = argv[0]; |
5481 |
+ if (strncmp(slash, "otp-", 4) == 0) { |
5482 |
+ slash += 4; |
5483 |
+ if (skey_set_algorithm(slash) == NULL) |
5484 |
+ errx(1, "Unknown hash algorithm %s", slash); |
5485 |
+ } |
5486 |
+ |
5487 |
while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) { |
5488 |
switch(i) { |
5489 |
case 'f': |
5490 |
--- skey-1.1.5.orig/skey.1 |
5491 |
+++ skey-1.1.5/skey.1 |
5492 |
@@ -6,7 +6,7 @@ |
5493 |
.Dt SKEY 1 |
5494 |
.Os |
5495 |
.Sh NAME |
5496 |
-.Nm skey |
5497 |
+.Nm skey, otp-md4, otp-md5, otp-sha1 |
5498 |
.Nd respond to an OTP challenge |
5499 |
.Sh SYNOPSIS |
5500 |
.Nm |
5501 |
@@ -34,6 +34,17 @@ |
5502 |
or |
5503 |
.Xr ftpd 8 . |
5504 |
.Pp |
5505 |
+When |
5506 |
+.Nm skey |
5507 |
+is invoked as |
5508 |
+.Nm otp-method , |
5509 |
+.Nm skey |
5510 |
+will use |
5511 |
+.Ar method |
5512 |
+as the hash function where |
5513 |
+.Ar method |
5514 |
+is currently one of md4, md5, or sha1. |
5515 |
+.Pp |
5516 |
Example use of the |
5517 |
.Em S/Key |
5518 |
program |
5519 |
|
5520 |
|
5521 |
|
5522 |
1.1 src/patchsets/skey/1.1.5/06_all_binary-search.patch |
5523 |
|
5524 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/06_all_binary-search.patch?rev=1.1&view=markup |
5525 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/06_all_binary-search.patch?rev=1.1&content-type=text/plain |
5526 |
|
5527 |
Index: 06_all_binary-search.patch |
5528 |
=================================================================== |
5529 |
Fix binary search. |
5530 |
|
5531 |
--- skey-1.1.5-orig/put.c |
5532 |
+++ skey-1.1.5/put.c |
5533 |
@@ -2206,27 +2206,17 @@ |
5534 |
{ |
5535 |
int i, j; |
5536 |
|
5537 |
- for (;;) { |
5538 |
+ while (low <= high) { |
5539 |
i = (low + high) / 2; |
5540 |
|
5541 |
if ((j = strncmp(w, Wp[i], 4)) == 0) |
5542 |
return i; /* Found it */ |
5543 |
- if (high == low + 1) |
5544 |
- { |
5545 |
- /* Avoid effects of integer truncation in /2 */ |
5546 |
- if (strncmp(w, Wp[high], 4) == 0) |
5547 |
- return high; |
5548 |
- else |
5549 |
- return -1; |
5550 |
- } |
5551 |
- |
5552 |
- if (low >= high) |
5553 |
- return -1; /* I don't *think* this can happen... */ |
5554 |
if (j < 0) |
5555 |
- high = i; /* Search lower half */ |
5556 |
+ high = i - 1; /* Search lower half */ |
5557 |
else |
5558 |
- low = i; /* Search upper half */ |
5559 |
+ low = i + 1; /* Search upper half */ |
5560 |
} |
5561 |
+ return -1; |
5562 |
} |
5563 |
|
5564 |
static void insert(char *s, int x, int start, int length) |
5565 |
|
5566 |
|
5567 |
|
5568 |
1.1 src/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch |
5569 |
|
5570 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch?rev=1.1&view=markup |
5571 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch?rev=1.1&content-type=text/plain |
5572 |
|
5573 |
Index: 07_all_skeyprune-dir.patch |
5574 |
=================================================================== |
5575 |
skeyprune won't honour @sysconfdir@ |
5576 |
|
5577 |
--- skey-1.1.5-orig/skeyprune.pl |
5578 |
+++ skey-1.1.5/skeyprune.pl |
5579 |
@@ -14,7 +14,7 @@ |
5580 |
die "Usage: $0 [days]\n" if $#ARGC > 0; |
5581 |
|
5582 |
# Pathnames |
5583 |
-$keyfile = '/etc/skeykeys'; |
5584 |
+$keyfile = '/etc/skey/skeykeys'; |
5585 |
$temp = "$keyfile.tmp$$"; |
5586 |
|
5587 |
# Quick mapping of month name -> number |
5588 |
|
5589 |
|
5590 |
|
5591 |
1.1 src/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch |
5592 |
|
5593 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch?rev=1.1&view=markup |
5594 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch?rev=1.1&content-type=text/plain |
5595 |
|
5596 |
Index: 08_all_skeyprune-regex.patch |
5597 |
=================================================================== |
5598 |
skeyprune uses a case sensitive regex to check for zeroed entries |
5599 |
|
5600 |
--- skey-1.1.5-orig/skeyprune.pl |
5601 |
+++ skey-1.1.5/skeyprune.pl |
5602 |
@@ -37,7 +37,7 @@ |
5603 |
|
5604 |
while (<OLD>) { |
5605 |
# Ignore commented out entries |
5606 |
- if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/ ) { |
5607 |
+ if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/i ) { |
5608 |
/((Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+)$/; |
5609 |
|
5610 |
# Prune out old entries if asked to |
5611 |
|
5612 |
|
5613 |
|
5614 |
1.1 src/patchsets/skey/1.1.5/09_all_man_default-md5.patch |
5615 |
|
5616 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/09_all_man_default-md5.patch?rev=1.1&view=markup |
5617 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/09_all_man_default-md5.patch?rev=1.1&content-type=text/plain |
5618 |
|
5619 |
Index: 09_all_man_default-md5.patch |
5620 |
=================================================================== |
5621 |
https://bugs.gentoo.org/64971 |
5622 |
skey(1) and skeyinit(1) describe md4 as the default hash algorithm, |
5623 |
which is no longer the case. |
5624 |
|
5625 |
--- skey-1.1.5-orig/skey.1 |
5626 |
+++ skey-1.1.5/skey.1 |
5627 |
@@ -27,7 +27,7 @@ |
5628 |
.Pp |
5629 |
.Em S/Key |
5630 |
uses 64 bits of information, transformed by the |
5631 |
-.Tn MD4 |
5632 |
+.Tn MD5 |
5633 |
algorithm into 6 English words. |
5634 |
The user supplies the words to authenticate himself to programs like |
5635 |
.Xr login 1 |
5636 |
--- skey-1.1.5-orig/skeyinit.1 2012-01-04 20:24:22.000000000 +0100 |
5637 |
+++ skey-1.1.5/skeyinit.1 2012-01-04 20:31:13.000000000 +0100 |
5638 |
@@ -47,7 +47,7 @@ |
5639 |
(default is 100). |
5640 |
.It Fl t Ar hash |
5641 |
Selects the hash algorithm to use. |
5642 |
-Available choices are md4 (the default), md5 or sha1. |
5643 |
+Available choices are md4, md5 (the default) or sha1. |
5644 |
.It Ar user |
5645 |
The username to be changed/added. |
5646 |
By default the current user is operated on, only root may |
5647 |
|
5648 |
|
5649 |
|
5650 |
1.1 src/patchsets/skey/1.1.5/10_all_man_libpath.patch |
5651 |
|
5652 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/10_all_man_libpath.patch?rev=1.1&view=markup |
5653 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/10_all_man_libpath.patch?rev=1.1&content-type=text/plain |
5654 |
|
5655 |
Index: 10_all_man_libpath.patch |
5656 |
=================================================================== |
5657 |
skey(3): shared library is in /lib; we don't install a profiling library |
5658 |
|
5659 |
--- skey-1.1.5-orig/skey.3 |
5660 |
+++ skey-1.1.5/skey.3 |
5661 |
@@ -245,10 +245,8 @@ |
5662 |
.Bl -tag -width /usr/lib/libskey_p.a -compact |
5663 |
.It Pa /usr/lib/libskey.a |
5664 |
static skey library |
5665 |
-.It Pa /usr/lib/libskey.so |
5666 |
+.It Pa /lib/libskey.so |
5667 |
dynamic skey library |
5668 |
-.It Pa /usr/lib/libskey_p.a |
5669 |
-static skey library compiled for profiling |
5670 |
.El |
5671 |
.Sh SEE ALSO |
5672 |
.Xr skey 1 , |