Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Ulrich Mueller (ulm)" <ulm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in src/patchsets/skey/1.1.5: 01_all_gentoo.patch 02_all_login_name_max.patch 03_all_fPIC.patch 04_all_bind-now.patch 05_all_otp.patch 06_all_binary-search.patch 07_all_skeyprune-dir.patch 08_all_skeyprune-regex.patch 09_all_man_default-md5.patch 10_all_man_libpath.patch
Date: Wed, 04 Jan 2012 20:05:37
Message-Id: 20120104200523.8D40B2004B@flycatcher.gentoo.org
1 ulm 12/01/04 20:05:23
2
3 Added: 01_all_gentoo.patch 02_all_login_name_max.patch
4 03_all_fPIC.patch 04_all_bind-now.patch
5 05_all_otp.patch 06_all_binary-search.patch
6 07_all_skeyprune-dir.patch
7 08_all_skeyprune-regex.patch
8 09_all_man_default-md5.patch
9 10_all_man_libpath.patch
10 Log:
11 Patchset for skey-1.1.5
12
13 Revision Changes Path
14 1.1 src/patchsets/skey/1.1.5/01_all_gentoo.patch
15
16 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/01_all_gentoo.patch?rev=1.1&view=markup
17 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/01_all_gentoo.patch?rev=1.1&content-type=text/plain
18
19 Index: 01_all_gentoo.patch
20 ===================================================================
21 porting some updates to this skey implementation from the
22 NetBSD project, some other updates and fixes, and the addition
23 of some new features like shadow password and cracklib support.
24 (05 Nov 2003) -taviso@g.o
25
26 --- skey-1.1.5.orig/CHANGES 2001-05-10 17:10:49.000000000 +0100
27 +++ skey-1.1.5/CHANGES 2003-11-06 17:46:45.000000000 +0000
28 @@ -1,6 +1,19 @@
29 *** Changes in version 1.1.5
30
31 - Bug fixes for errx/warnx
32 +(05/11/2003) taviso@g.o
33 + - ported some updates from the NetBSD project to Linux.
34 + - removed a load of cast to voids.
35 + - syntax changes.
36 + - killing skeyaudit, using a shell script modified from NetBSD.
37 + - cleanups to stop warnings with gcc.
38 + - building a library for dynamic linking.
39 + - swapping some str{cat,cpy} for strn{cat,cpy}
40 + - killing rmd160 support.
41 + - removing strlcpy function, not useful.
42 + - quick hack for shadow support.
43 + - quick hack for cracklib support.
44 + - various other stuff.
45
46 *** Changes in version 1.1.4
47
48 --- skey-1.1.5.orig/config.h.in 2001-05-10 17:10:49.000000000 +0100
49 +++ skey-1.1.5/config.h.in 2003-11-06 17:46:45.000000000 +0000
50 @@ -109,6 +109,9 @@
51 /* Define if you have the strtol function. */
52 #undef HAVE_STRTOL
53
54 +/* Define if you have the <crack.h> header file. */
55 +#undef HAVE_CRACK_H
56 +
57 /* Define if you have the <crypt.h> header file. */
58 #undef HAVE_CRYPT_H
59
60 @@ -130,12 +133,12 @@
61 /* Define if you have the <md5global.h> header file. */
62 #undef HAVE_MD5GLOBAL_H
63
64 -/* Define if you have the <rmd160.h> header file. */
65 -#undef HAVE_RMD160_H
66 -
67 /* Define if you have the <sha1.h> header file. */
68 #undef HAVE_SHA1_H
69
70 +/* Define if you have the <shadow.h> header file. */
71 +#undef HAVE_SHADOW_H
72 +
73 /* Define if you have the <sys/cdefs.h> header file. */
74 #undef HAVE_SYS_CDEFS_H
75
76 --- skey-1.1.5.orig/configure 2001-05-10 17:10:49.000000000 +0100
77 +++ skey-1.1.5/configure 2003-11-06 17:47:49.000000000 +0000
78 @@ -960,47 +960,11 @@
79 echo "$ac_t""no" 1>&6
80 fi
81
82 -# Extract the first word of "sendmail", so it can be a program name with args.
83 -set dummy sendmail; ac_word=$2
84 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
85 -echo "configure:967: checking for $ac_word" >&5
86 -if eval "test \"`echo '$''{'ac_cv_path_SENDMAIL'+set}'`\" = set"; then
87 - echo $ac_n "(cached) $ac_c" 1>&6
88 -else
89 - case "$SENDMAIL" in
90 - /*)
91 - ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a path.
92 - ;;
93 - ?:/*)
94 - ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a dos path.
95 - ;;
96 - *)
97 - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
98 - ac_dummy="$PATH:/usr/sbin:/usr/lib:/usr/bin"
99 - for ac_dir in $ac_dummy; do
100 - test -z "$ac_dir" && ac_dir=.
101 - if test -f $ac_dir/$ac_word; then
102 - ac_cv_path_SENDMAIL="$ac_dir/$ac_word"
103 - break
104 - fi
105 - done
106 - IFS="$ac_save_ifs"
107 - test -z "$ac_cv_path_SENDMAIL" && ac_cv_path_SENDMAIL="/usr/lib/sendmail"
108 - ;;
109 -esac
110 -fi
111 -SENDMAIL="$ac_cv_path_SENDMAIL"
112 -if test -n "$SENDMAIL"; then
113 - echo "$ac_t""$SENDMAIL" 1>&6
114 -else
115 - echo "$ac_t""no" 1>&6
116 -fi
117 -
118
119
120
121 echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
122 -echo "configure:1004: checking for crypt in -lcrypt" >&5
123 +echo "configure:968: checking for crypt in -lcrypt" >&5
124 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
125 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
126 echo $ac_n "(cached) $ac_c" 1>&6
127 @@ -1008,7 +972,7 @@
128 ac_save_LIBS="$LIBS"
129 LIBS="-lcrypt $LIBS"
130 cat > conftest.$ac_ext <<EOF
131 -#line 1012 "configure"
132 +#line 976 "configure"
133 #include "confdefs.h"
134 /* Override any gcc2 internal prototype to avoid an error. */
135 /* We use char because int might match the return type of a gcc2
136 @@ -1019,7 +983,7 @@
137 crypt()
138 ; return 0; }
139 EOF
140 -if { (eval echo configure:1023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
141 +if { (eval echo configure:987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
142 rm -rf conftest*
143 eval "ac_cv_lib_$ac_lib_var=yes"
144 else
145 @@ -1040,7 +1004,7 @@
146 fi
147
148 echo $ac_n "checking for flock in -lucb""... $ac_c" 1>&6
149 -echo "configure:1044: checking for flock in -lucb" >&5
150 +echo "configure:1008: checking for flock in -lucb" >&5
151 ac_lib_var=`echo ucb'_'flock | sed 'y%./+-%__p_%'`
152 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
153 echo $ac_n "(cached) $ac_c" 1>&6
154 @@ -1048,7 +1012,7 @@
155 ac_save_LIBS="$LIBS"
156 LIBS="-lucb $LIBS"
157 cat > conftest.$ac_ext <<EOF
158 -#line 1052 "configure"
159 +#line 1016 "configure"
160 #include "confdefs.h"
161 /* Override any gcc2 internal prototype to avoid an error. */
162 /* We use char because int might match the return type of a gcc2
163 @@ -1059,7 +1023,7 @@
164 flock()
165 ; return 0; }
166 EOF
167 -if { (eval echo configure:1063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
168 +if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
169 rm -rf conftest*
170 eval "ac_cv_lib_$ac_lib_var=yes"
171 else
172 @@ -1079,10 +1043,50 @@
173 echo "$ac_t""no" 1>&6
174 fi
175
176 +echo $ac_n "checking for FascistCheck in -lcrack""... $ac_c" 1>&6
177 +echo "configure:1048: checking for FascistCheck in -lcrack" >&5
178 +ac_lib_var=`echo crack'_'FascistCheck | sed 'y%./+-%__p_%'`
179 +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
180 + echo $ac_n "(cached) $ac_c" 1>&6
181 +else
182 + ac_save_LIBS="$LIBS"
183 +LIBS="-lcrack $LIBS"
184 +cat > conftest.$ac_ext <<EOF
185 +#line 1056 "configure"
186 +#include "confdefs.h"
187 +/* Override any gcc2 internal prototype to avoid an error. */
188 +/* We use char because int might match the return type of a gcc2
189 + builtin and then its argument prototype would still apply. */
190 +char FascistCheck();
191 +
192 +int main() {
193 +FascistCheck()
194 +; return 0; }
195 +EOF
196 +if { (eval echo configure:1067: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
197 + rm -rf conftest*
198 + eval "ac_cv_lib_$ac_lib_var=yes"
199 +else
200 + echo "configure: failed program was:" >&5
201 + cat conftest.$ac_ext >&5
202 + rm -rf conftest*
203 + eval "ac_cv_lib_$ac_lib_var=no"
204 +fi
205 +rm -f conftest*
206 +LIBS="$ac_save_LIBS"
207 +
208 +fi
209 +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
210 + echo "$ac_t""yes" 1>&6
211 + LIBS="$LIBS -lcrack"
212 +else
213 + echo "$ac_t""no" 1>&6
214 +fi
215 +
216
217
218 echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
219 -echo "configure:1086: checking how to run the C preprocessor" >&5
220 +echo "configure:1090: checking how to run the C preprocessor" >&5
221 # On Suns, sometimes $CPP names a directory.
222 if test -n "$CPP" && test -d "$CPP"; then
223 CPP=
224 @@ -1097,13 +1101,13 @@
225 # On the NeXT, cc -E runs the code through the compiler's parser,
226 # not just through cpp.
227 cat > conftest.$ac_ext <<EOF
228 -#line 1101 "configure"
229 +#line 1105 "configure"
230 #include "confdefs.h"
231 #include <assert.h>
232 Syntax Error
233 EOF
234 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
235 -{ (eval echo configure:1107: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
236 +{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
237 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
238 if test -z "$ac_err"; then
239 :
240 @@ -1114,13 +1118,13 @@
241 rm -rf conftest*
242 CPP="${CC-cc} -E -traditional-cpp"
243 cat > conftest.$ac_ext <<EOF
244 -#line 1118 "configure"
245 +#line 1122 "configure"
246 #include "confdefs.h"
247 #include <assert.h>
248 Syntax Error
249 EOF
250 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
251 -{ (eval echo configure:1124: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
252 +{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
253 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
254 if test -z "$ac_err"; then
255 :
256 @@ -1131,13 +1135,13 @@
257 rm -rf conftest*
258 CPP="${CC-cc} -nologo -E"
259 cat > conftest.$ac_ext <<EOF
260 -#line 1135 "configure"
261 +#line 1139 "configure"
262 #include "confdefs.h"
263 #include <assert.h>
264 Syntax Error
265 EOF
266 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
267 -{ (eval echo configure:1141: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
268 +{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
269 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
270 if test -z "$ac_err"; then
271 :
272 @@ -1162,12 +1166,12 @@
273 echo "$ac_t""$CPP" 1>&6
274
275 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
276 -echo "configure:1166: checking for ANSI C header files" >&5
277 +echo "configure:1170: checking for ANSI C header files" >&5
278 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
279 echo $ac_n "(cached) $ac_c" 1>&6
280 else
281 cat > conftest.$ac_ext <<EOF
282 -#line 1171 "configure"
283 +#line 1175 "configure"
284 #include "confdefs.h"
285 #include <stdlib.h>
286 #include <stdarg.h>
287 @@ -1175,7 +1179,7 @@
288 #include <float.h>
289 EOF
290 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
291 -{ (eval echo configure:1179: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
292 +{ (eval echo configure:1183: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
293 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
294 if test -z "$ac_err"; then
295 rm -rf conftest*
296 @@ -1192,7 +1196,7 @@
297 if test $ac_cv_header_stdc = yes; then
298 # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
299 cat > conftest.$ac_ext <<EOF
300 -#line 1196 "configure"
301 +#line 1200 "configure"
302 #include "confdefs.h"
303 #include <string.h>
304 EOF
305 @@ -1210,7 +1214,7 @@
306 if test $ac_cv_header_stdc = yes; then
307 # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
308 cat > conftest.$ac_ext <<EOF
309 -#line 1214 "configure"
310 +#line 1218 "configure"
311 #include "confdefs.h"
312 #include <stdlib.h>
313 EOF
314 @@ -1231,7 +1235,7 @@
315 :
316 else
317 cat > conftest.$ac_ext <<EOF
318 -#line 1235 "configure"
319 +#line 1239 "configure"
320 #include "confdefs.h"
321 #include <ctype.h>
322 #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
323 @@ -1242,7 +1246,7 @@
324 exit (0); }
325
326 EOF
327 -if { (eval echo configure:1246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
328 +if { (eval echo configure:1250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
329 then
330 :
331 else
332 @@ -1266,12 +1270,12 @@
333 fi
334
335 echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6
336 -echo "configure:1270: checking for sys/wait.h that is POSIX.1 compatible" >&5
337 +echo "configure:1274: checking for sys/wait.h that is POSIX.1 compatible" >&5
338 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then
339 echo $ac_n "(cached) $ac_c" 1>&6
340 else
341 cat > conftest.$ac_ext <<EOF
342 -#line 1275 "configure"
343 +#line 1279 "configure"
344 #include "confdefs.h"
345 #include <sys/types.h>
346 #include <sys/wait.h>
347 @@ -1287,7 +1291,7 @@
348 s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
349 ; return 0; }
350 EOF
351 -if { (eval echo configure:1291: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
352 +if { (eval echo configure:1295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
353 rm -rf conftest*
354 ac_cv_header_sys_wait_h=yes
355 else
356 @@ -1307,21 +1311,21 @@
357
358 fi
359
360 -for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h
361 +for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h
362 do
363 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
364 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
365 -echo "configure:1315: checking for $ac_hdr" >&5
366 +echo "configure:1319: checking for $ac_hdr" >&5
367 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
368 echo $ac_n "(cached) $ac_c" 1>&6
369 else
370 cat > conftest.$ac_ext <<EOF
371 -#line 1320 "configure"
372 +#line 1324 "configure"
373 #include "confdefs.h"
374 #include <$ac_hdr>
375 EOF
376 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
377 -{ (eval echo configure:1325: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
378 +{ (eval echo configure:1329: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
379 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
380 if test -z "$ac_err"; then
381 rm -rf conftest*
382 @@ -1349,12 +1353,12 @@
383
384
385 echo $ac_n "checking for working const""... $ac_c" 1>&6
386 -echo "configure:1353: checking for working const" >&5
387 +echo "configure:1357: checking for working const" >&5
388 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
389 echo $ac_n "(cached) $ac_c" 1>&6
390 else
391 cat > conftest.$ac_ext <<EOF
392 -#line 1358 "configure"
393 +#line 1362 "configure"
394 #include "confdefs.h"
395
396 int main() {
397 @@ -1403,7 +1407,7 @@
398
399 ; return 0; }
400 EOF
401 -if { (eval echo configure:1407: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
402 +if { (eval echo configure:1411: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
403 rm -rf conftest*
404 ac_cv_c_const=yes
405 else
406 @@ -1424,14 +1428,14 @@
407 fi
408
409 echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
410 -echo "configure:1428: checking whether byte ordering is bigendian" >&5
411 +echo "configure:1432: checking whether byte ordering is bigendian" >&5
412 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
413 echo $ac_n "(cached) $ac_c" 1>&6
414 else
415 ac_cv_c_bigendian=unknown
416 # See if sys/param.h defines the BYTE_ORDER macro.
417 cat > conftest.$ac_ext <<EOF
418 -#line 1435 "configure"
419 +#line 1439 "configure"
420 #include "confdefs.h"
421 #include <sys/types.h>
422 #include <sys/param.h>
423 @@ -1442,11 +1446,11 @@
424 #endif
425 ; return 0; }
426 EOF
427 -if { (eval echo configure:1446: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
428 +if { (eval echo configure:1450: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
429 rm -rf conftest*
430 # It does; now see whether it defined to BIG_ENDIAN or not.
431 cat > conftest.$ac_ext <<EOF
432 -#line 1450 "configure"
433 +#line 1454 "configure"
434 #include "confdefs.h"
435 #include <sys/types.h>
436 #include <sys/param.h>
437 @@ -1457,7 +1461,7 @@
438 #endif
439 ; return 0; }
440 EOF
441 -if { (eval echo configure:1461: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
442 +if { (eval echo configure:1465: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
443 rm -rf conftest*
444 ac_cv_c_bigendian=yes
445 else
446 @@ -1477,7 +1481,7 @@
447 { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
448 else
449 cat > conftest.$ac_ext <<EOF
450 -#line 1481 "configure"
451 +#line 1485 "configure"
452 #include "confdefs.h"
453 main () {
454 /* Are we little or big endian? From Harbison&Steele. */
455 @@ -1490,7 +1494,7 @@
456 exit (u.c[sizeof (long) - 1] == 1);
457 }
458 EOF
459 -if { (eval echo configure:1494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
460 +if { (eval echo configure:1498: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
461 then
462 ac_cv_c_bigendian=no
463 else
464 @@ -1514,12 +1518,12 @@
465 fi
466
467 echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
468 -echo "configure:1518: checking for uid_t in sys/types.h" >&5
469 +echo "configure:1522: checking for uid_t in sys/types.h" >&5
470 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
471 echo $ac_n "(cached) $ac_c" 1>&6
472 else
473 cat > conftest.$ac_ext <<EOF
474 -#line 1523 "configure"
475 +#line 1527 "configure"
476 #include "confdefs.h"
477 #include <sys/types.h>
478 EOF
479 @@ -1548,12 +1552,12 @@
480 fi
481
482 echo $ac_n "checking for off_t""... $ac_c" 1>&6
483 -echo "configure:1552: checking for off_t" >&5
484 +echo "configure:1556: checking for off_t" >&5
485 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
486 echo $ac_n "(cached) $ac_c" 1>&6
487 else
488 cat > conftest.$ac_ext <<EOF
489 -#line 1557 "configure"
490 +#line 1561 "configure"
491 #include "confdefs.h"
492 #include <sys/types.h>
493 #if STDC_HEADERS
494 @@ -1581,12 +1585,12 @@
495 fi
496
497 echo $ac_n "checking for size_t""... $ac_c" 1>&6
498 -echo "configure:1585: checking for size_t" >&5
499 +echo "configure:1589: checking for size_t" >&5
500 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
501 echo $ac_n "(cached) $ac_c" 1>&6
502 else
503 cat > conftest.$ac_ext <<EOF
504 -#line 1590 "configure"
505 +#line 1594 "configure"
506 #include "confdefs.h"
507 #include <sys/types.h>
508 #if STDC_HEADERS
509 @@ -1614,12 +1618,12 @@
510 fi
511
512 echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6
513 -echo "configure:1618: checking whether struct tm is in sys/time.h or time.h" >&5
514 +echo "configure:1622: checking whether struct tm is in sys/time.h or time.h" >&5
515 if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then
516 echo $ac_n "(cached) $ac_c" 1>&6
517 else
518 cat > conftest.$ac_ext <<EOF
519 -#line 1623 "configure"
520 +#line 1627 "configure"
521 #include "confdefs.h"
522 #include <sys/types.h>
523 #include <time.h>
524 @@ -1627,7 +1631,7 @@
525 struct tm *tp; tp->tm_sec;
526 ; return 0; }
527 EOF
528 -if { (eval echo configure:1631: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
529 +if { (eval echo configure:1635: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
530 rm -rf conftest*
531 ac_cv_struct_tm=time.h
532 else
533 @@ -1649,7 +1653,7 @@
534
535
536 echo $ac_n "checking size of char""... $ac_c" 1>&6
537 -echo "configure:1653: checking size of char" >&5
538 +echo "configure:1657: checking size of char" >&5
539 if eval "test \"`echo '$''{'ac_cv_sizeof_char'+set}'`\" = set"; then
540 echo $ac_n "(cached) $ac_c" 1>&6
541 else
542 @@ -1657,7 +1661,7 @@
543 ac_cv_sizeof_char=1
544 else
545 cat > conftest.$ac_ext <<EOF
546 -#line 1661 "configure"
547 +#line 1665 "configure"
548 #include "confdefs.h"
549 #include <stdio.h>
550 main()
551 @@ -1668,7 +1672,7 @@
552 exit(0);
553 }
554 EOF
555 -if { (eval echo configure:1672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
556 +if { (eval echo configure:1676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
557 then
558 ac_cv_sizeof_char=`cat conftestval`
559 else
560 @@ -1688,7 +1692,7 @@
561
562
563 echo $ac_n "checking size of short int""... $ac_c" 1>&6
564 -echo "configure:1692: checking size of short int" >&5
565 +echo "configure:1696: checking size of short int" >&5
566 if eval "test \"`echo '$''{'ac_cv_sizeof_short_int'+set}'`\" = set"; then
567 echo $ac_n "(cached) $ac_c" 1>&6
568 else
569 @@ -1696,7 +1700,7 @@
570 ac_cv_sizeof_short_int=2
571 else
572 cat > conftest.$ac_ext <<EOF
573 -#line 1700 "configure"
574 +#line 1704 "configure"
575 #include "confdefs.h"
576 #include <stdio.h>
577 main()
578 @@ -1707,7 +1711,7 @@
579 exit(0);
580 }
581 EOF
582 -if { (eval echo configure:1711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
583 +if { (eval echo configure:1715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
584 then
585 ac_cv_sizeof_short_int=`cat conftestval`
586 else
587 @@ -1727,7 +1731,7 @@
588
589
590 echo $ac_n "checking size of int""... $ac_c" 1>&6
591 -echo "configure:1731: checking size of int" >&5
592 +echo "configure:1735: checking size of int" >&5
593 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then
594 echo $ac_n "(cached) $ac_c" 1>&6
595 else
596 @@ -1735,7 +1739,7 @@
597 ac_cv_sizeof_int=4
598 else
599 cat > conftest.$ac_ext <<EOF
600 -#line 1739 "configure"
601 +#line 1743 "configure"
602 #include "confdefs.h"
603 #include <stdio.h>
604 main()
605 @@ -1746,7 +1750,7 @@
606 exit(0);
607 }
608 EOF
609 -if { (eval echo configure:1750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
610 +if { (eval echo configure:1754: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
611 then
612 ac_cv_sizeof_int=`cat conftestval`
613 else
614 @@ -1766,7 +1770,7 @@
615
616
617 echo $ac_n "checking size of long int""... $ac_c" 1>&6
618 -echo "configure:1770: checking size of long int" >&5
619 +echo "configure:1774: checking size of long int" >&5
620 if eval "test \"`echo '$''{'ac_cv_sizeof_long_int'+set}'`\" = set"; then
621 echo $ac_n "(cached) $ac_c" 1>&6
622 else
623 @@ -1774,7 +1778,7 @@
624 ac_cv_sizeof_long_int=4
625 else
626 cat > conftest.$ac_ext <<EOF
627 -#line 1778 "configure"
628 +#line 1782 "configure"
629 #include "confdefs.h"
630 #include <stdio.h>
631 main()
632 @@ -1785,7 +1789,7 @@
633 exit(0);
634 }
635 EOF
636 -if { (eval echo configure:1789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
637 +if { (eval echo configure:1793: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
638 then
639 ac_cv_sizeof_long_int=`cat conftestval`
640 else
641 @@ -1805,7 +1809,7 @@
642
643
644 echo $ac_n "checking size of long long int""... $ac_c" 1>&6
645 -echo "configure:1809: checking size of long long int" >&5
646 +echo "configure:1813: checking size of long long int" >&5
647 if eval "test \"`echo '$''{'ac_cv_sizeof_long_long_int'+set}'`\" = set"; then
648 echo $ac_n "(cached) $ac_c" 1>&6
649 else
650 @@ -1813,7 +1817,7 @@
651 ac_cv_sizeof_long_long_int=8
652 else
653 cat > conftest.$ac_ext <<EOF
654 -#line 1817 "configure"
655 +#line 1821 "configure"
656 #include "confdefs.h"
657 #include <stdio.h>
658 main()
659 @@ -1824,7 +1828,7 @@
660 exit(0);
661 }
662 EOF
663 -if { (eval echo configure:1828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
664 +if { (eval echo configure:1832: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
665 then
666 ac_cv_sizeof_long_long_int=`cat conftestval`
667 else
668 @@ -1854,7 +1858,7 @@
669 fi
670 CFLAGS="$CFLAGS -D_HPUX_SOURCE"
671 echo $ac_n "checking for HPUX trusted system password database""... $ac_c" 1>&6
672 -echo "configure:1858: checking for HPUX trusted system password database" >&5
673 +echo "configure:1862: checking for HPUX trusted system password database" >&5
674 if test -f /tcb/files/auth/system/default; then
675 echo "$ac_t""yes" 1>&6
676 cat >> confdefs.h <<\EOF
677 @@ -1903,16 +1907,16 @@
678
679
680 echo $ac_n "checking for intXX_t types""... $ac_c" 1>&6
681 -echo "configure:1907: checking for intXX_t types" >&5
682 +echo "configure:1911: checking for intXX_t types" >&5
683 cat > conftest.$ac_ext <<EOF
684 -#line 1909 "configure"
685 +#line 1913 "configure"
686 #include "confdefs.h"
687 #include <sys/types.h>
688 int main() {
689 int16_t a; int32_t b; a = 1235; b = 1235;
690 ; return 0; }
691 EOF
692 -if { (eval echo configure:1916: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
693 +if { (eval echo configure:1920: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
694 rm -rf conftest*
695
696 cat >> confdefs.h <<\EOF
697 @@ -1932,16 +1936,16 @@
698 rm -f conftest*
699
700 echo $ac_n "checking for u_intXX_t types""... $ac_c" 1>&6
701 -echo "configure:1936: checking for u_intXX_t types" >&5
702 +echo "configure:1940: checking for u_intXX_t types" >&5
703 cat > conftest.$ac_ext <<EOF
704 -#line 1938 "configure"
705 +#line 1942 "configure"
706 #include "confdefs.h"
707 #include <sys/types.h>
708 int main() {
709 u_int16_t c; u_int32_t d; c = 1235; d = 1235;
710 ; return 0; }
711 EOF
712 -if { (eval echo configure:1945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
713 +if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
714 rm -rf conftest*
715
716 cat >> confdefs.h <<\EOF
717 @@ -1964,9 +1968,9 @@
718 "x$ac_cv_header_sys_bitypes_h" = "xyes"
719 then
720 echo $ac_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h""... $ac_c" 1>&6
721 -echo "configure:1968: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
722 +echo "configure:1972: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
723 cat > conftest.$ac_ext <<EOF
724 -#line 1970 "configure"
725 +#line 1974 "configure"
726 #include "confdefs.h"
727 #include <sys/bitypes.h>
728 int main() {
729 @@ -1978,7 +1982,7 @@
730
731 ; return 0; }
732 EOF
733 -if { (eval echo configure:1982: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
734 +if { (eval echo configure:1986: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
735 rm -rf conftest*
736
737 cat >> confdefs.h <<\EOF
738 @@ -2002,16 +2006,16 @@
739 fi
740
741 echo $ac_n "checking for uintXX_t types""... $ac_c" 1>&6
742 -echo "configure:2006: checking for uintXX_t types" >&5
743 +echo "configure:2010: checking for uintXX_t types" >&5
744 cat > conftest.$ac_ext <<EOF
745 -#line 2008 "configure"
746 +#line 2012 "configure"
747 #include "confdefs.h"
748 #include <sys/types.h>
749 int main() {
750 uint16_t c; uint32_t d; c = 1235; d = 1235;
751 ; return 0; }
752 EOF
753 -if { (eval echo configure:2015: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
754 +if { (eval echo configure:2019: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
755 rm -rf conftest*
756
757 cat >> confdefs.h <<\EOF
758 @@ -2054,7 +2058,7 @@
759
760
761 echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6
762 -echo "configure:2058: checking for 8-bit clean memcmp" >&5
763 +echo "configure:2062: checking for 8-bit clean memcmp" >&5
764 if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then
765 echo $ac_n "(cached) $ac_c" 1>&6
766 else
767 @@ -2062,7 +2066,7 @@
768 ac_cv_func_memcmp_clean=no
769 else
770 cat > conftest.$ac_ext <<EOF
771 -#line 2066 "configure"
772 +#line 2070 "configure"
773 #include "confdefs.h"
774
775 main()
776 @@ -2072,7 +2076,7 @@
777 }
778
779 EOF
780 -if { (eval echo configure:2076: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
781 +if { (eval echo configure:2080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
782 then
783 ac_cv_func_memcmp_clean=yes
784 else
785 @@ -2090,12 +2094,12 @@
786 test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}"
787
788 echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
789 -echo "configure:2094: checking return type of signal handlers" >&5
790 +echo "configure:2098: checking return type of signal handlers" >&5
791 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
792 echo $ac_n "(cached) $ac_c" 1>&6
793 else
794 cat > conftest.$ac_ext <<EOF
795 -#line 2099 "configure"
796 +#line 2103 "configure"
797 #include "confdefs.h"
798 #include <sys/types.h>
799 #include <signal.h>
800 @@ -2112,7 +2116,7 @@
801 int i;
802 ; return 0; }
803 EOF
804 -if { (eval echo configure:2116: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
805 +if { (eval echo configure:2120: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
806 rm -rf conftest*
807 ac_cv_type_signal=void
808 else
809 @@ -2131,12 +2135,12 @@
810
811
812 echo $ac_n "checking for strftime""... $ac_c" 1>&6
813 -echo "configure:2135: checking for strftime" >&5
814 +echo "configure:2139: checking for strftime" >&5
815 if eval "test \"`echo '$''{'ac_cv_func_strftime'+set}'`\" = set"; then
816 echo $ac_n "(cached) $ac_c" 1>&6
817 else
818 cat > conftest.$ac_ext <<EOF
819 -#line 2140 "configure"
820 +#line 2144 "configure"
821 #include "confdefs.h"
822 /* System header to define __stub macros and hopefully few prototypes,
823 which can conflict with char strftime(); below. */
824 @@ -2159,7 +2163,7 @@
825
826 ; return 0; }
827 EOF
828 -if { (eval echo configure:2163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
829 +if { (eval echo configure:2167: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
830 rm -rf conftest*
831 eval "ac_cv_func_strftime=yes"
832 else
833 @@ -2181,7 +2185,7 @@
834 echo "$ac_t""no" 1>&6
835 # strftime is in -lintl on SCO UNIX.
836 echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6
837 -echo "configure:2185: checking for strftime in -lintl" >&5
838 +echo "configure:2189: checking for strftime in -lintl" >&5
839 ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'`
840 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
841 echo $ac_n "(cached) $ac_c" 1>&6
842 @@ -2189,7 +2193,7 @@
843 ac_save_LIBS="$LIBS"
844 LIBS="-lintl $LIBS"
845 cat > conftest.$ac_ext <<EOF
846 -#line 2193 "configure"
847 +#line 2197 "configure"
848 #include "confdefs.h"
849 /* Override any gcc2 internal prototype to avoid an error. */
850 /* We use char because int might match the return type of a gcc2
851 @@ -2200,7 +2204,7 @@
852 strftime()
853 ; return 0; }
854 EOF
855 -if { (eval echo configure:2204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
856 +if { (eval echo configure:2208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
857 rm -rf conftest*
858 eval "ac_cv_lib_$ac_lib_var=yes"
859 else
860 @@ -2227,12 +2231,12 @@
861 fi
862
863 echo $ac_n "checking for vprintf""... $ac_c" 1>&6
864 -echo "configure:2231: checking for vprintf" >&5
865 +echo "configure:2235: checking for vprintf" >&5
866 if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then
867 echo $ac_n "(cached) $ac_c" 1>&6
868 else
869 cat > conftest.$ac_ext <<EOF
870 -#line 2236 "configure"
871 +#line 2240 "configure"
872 #include "confdefs.h"
873 /* System header to define __stub macros and hopefully few prototypes,
874 which can conflict with char vprintf(); below. */
875 @@ -2255,7 +2259,7 @@
876
877 ; return 0; }
878 EOF
879 -if { (eval echo configure:2259: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
880 +if { (eval echo configure:2263: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
881 rm -rf conftest*
882 eval "ac_cv_func_vprintf=yes"
883 else
884 @@ -2279,12 +2283,12 @@
885
886 if test "$ac_cv_func_vprintf" != yes; then
887 echo $ac_n "checking for _doprnt""... $ac_c" 1>&6
888 -echo "configure:2283: checking for _doprnt" >&5
889 +echo "configure:2287: checking for _doprnt" >&5
890 if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then
891 echo $ac_n "(cached) $ac_c" 1>&6
892 else
893 cat > conftest.$ac_ext <<EOF
894 -#line 2288 "configure"
895 +#line 2292 "configure"
896 #include "confdefs.h"
897 /* System header to define __stub macros and hopefully few prototypes,
898 which can conflict with char _doprnt(); below. */
899 @@ -2307,7 +2311,7 @@
900
901 ; return 0; }
902 EOF
903 -if { (eval echo configure:2311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
904 +if { (eval echo configure:2315: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
905 rm -rf conftest*
906 eval "ac_cv_func__doprnt=yes"
907 else
908 @@ -2334,12 +2338,12 @@
909 for ac_func in gethostname strcspn strdup strerror strspn strtol flock fcntl lockf strlcpy setusercontext
910 do
911 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
912 -echo "configure:2338: checking for $ac_func" >&5
913 +echo "configure:2342: checking for $ac_func" >&5
914 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
915 echo $ac_n "(cached) $ac_c" 1>&6
916 else
917 cat > conftest.$ac_ext <<EOF
918 -#line 2343 "configure"
919 +#line 2347 "configure"
920 #include "confdefs.h"
921 /* System header to define __stub macros and hopefully few prototypes,
922 which can conflict with char $ac_func(); below. */
923 @@ -2362,7 +2366,7 @@
924
925 ; return 0; }
926 EOF
927 -if { (eval echo configure:2366: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
928 +if { (eval echo configure:2370: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
929 rm -rf conftest*
930 eval "ac_cv_func_$ac_func=yes"
931 else
932 --- skey-1.1.5.orig/configure.in 2001-05-10 17:10:49.000000000 +0100
933 +++ skey-1.1.5/configure.in 2003-11-06 17:47:14.000000000 +0000
934 @@ -9,19 +9,19 @@
935 AC_CHECK_PROG(AR, ar, ar)
936 AC_PATH_PROG(PERL, perl)
937 AC_PATH_PROG(TOUCH, touch)
938 -AC_PATH_PROG(SENDMAIL, sendmail, /usr/lib/sendmail, $PATH:/usr/sbin:/usr/lib:/usr/bin)
939 AC_SUBST(PERL)
940 AC_SUBST(SENDMAIL)
941
942 dnl Checks for libraries.
943 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
944 AC_CHECK_LIB(ucb, flock, LIBS="$LIBS -lucb" LDFLAGS="$LDFLAGS -L/usr/ucblib")
945 +AC_CHECK_LIB(crack, FascistCheck, LIBS="$LIBS -lcrack")
946
947
948 dnl Checks for header files.
949 AC_HEADER_STDC
950 AC_HEADER_SYS_WAIT
951 -AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h)
952 +AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h)
953
954 dnl Checks for typedefs, structures, and compiler characteristics.
955 AC_C_CONST
956 --- skey-1.1.5.orig/login_cap.c 2001-05-10 17:10:49.000000000 +0100
957 +++ skey-1.1.5/login_cap.c 2003-11-06 17:46:45.000000000 +0000
958 @@ -37,6 +37,7 @@
959 #include <errno.h>
960 #include <unistd.h>
961 #include <pwd.h>
962 +#include <grp.h>
963 #include <syslog.h>
964
965 /*
966 --- skey-1.1.5.orig/Makefile.in 2001-05-10 17:10:49.000000000 +0100
967 +++ skey-1.1.5/Makefile.in 2003-11-06 17:47:42.000000000 +0000
968 @@ -27,12 +27,11 @@
969 TOUCH=@TOUCH@
970 LDFLAGS=-L. @LDFLAGS@
971
972 -TARGETS=skey skeyinit skeyinfo skeyaudit
973 -LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o rmd160.o rmd160hl.o sha1.o sha1hl.o flock.o strlcpy.o login_cap.o
974 +TARGETS=skey skeyinit skeyinfo libskey.a
975 +LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o sha1.o sha1hl.o flock.o login_cap.o
976 SKEYOBJS=skey.o
977 SKEYINITOBJS=skeyinit.o
978 SKEYINFOOBJS=skeyinfo.o
979 -SKEYAUDITOBJS=skeyaudit.o
980
981
982 SCRIPTS=skeyprune.pl
983 @@ -41,11 +40,11 @@
984 CATMAN = skey.0 skeyinit.0 skeyinfo.0 skeyaudit.0 skeyprune.0
985 MANPAGES = @MANTYPE@
986
987 -PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} -D/usr/lib/sendmail=${SENDMAIL}
988 +PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL}
989
990 FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
991
992 -HDRS= skey.h sha1.h rmd160.h
993 +HDRS= skey.h sha1.h
994
995 all: ${TARGETS} ${MANPAGES}
996
997 @@ -55,24 +54,27 @@
998 ${AR} rv $@ ${LIBOBJS}
999 ${RANLIB} $@
1000
1001 -skey: libskey.a ${SKEYOBJS}
1002 +libskey.so: ${LIBOBJS}
1003 + ${CC} ${LDFLAGS} -shared -Wl,-soname,libskey.so.1 -o libskey.so.1.1.5 ${LIBOBJS}
1004 + ln -fs libskey.so.1.1.5 libskey.so
1005 + ln -fs libskey.so.1.1.5 libskey.so.1
1006 + ln -fs libskey.so.1.1.5 libskey.so.1.1
1007 +
1008 +skey: libskey.so ${SKEYOBJS}
1009 ${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS}
1010
1011 -skeyinit: libskey.a ${SKEYINITOBJS}
1012 +skeyinit: libskey.so ${SKEYINITOBJS}
1013 ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS}
1014
1015 -skeyinfo: libskey.a ${SKEYINFOOBJS}
1016 +skeyinfo: libskey.so ${SKEYINFOOBJS}
1017 ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS}
1018
1019 -skeyaudit: libskey.a ${SKEYAUDITOBJS}
1020 - ${CC} -o $@ ${SKEYAUDITOBJS} ${LDFLAGS} -lskey ${LIBS}
1021 -
1022 ${MANPAGES} ${SCRIPTS}::
1023 ${FIXPATHSCMD} ${srcdir}/$@
1024
1025 clean:
1026 rm -f *.o *.a ${TARGETS} config.status config.cache config.log
1027 - rm -f *.out core
1028 + rm -f *.out core *.so *.so.*
1029
1030 distclean: clean
1031 rm -f Makefile config.h core *~
1032 @@ -97,6 +99,10 @@
1033 $(INSTALL) -d $(DESTDIR)$(includedir)
1034 $(INSTALL) -d $(DESTDIR)$(sysconfdir)
1035 ${INSTALL_DATA} libskey.a $(DESTDIR)$(libdir)
1036 + ${INSTALL_DATA} libskey.so.1.1.5 $(DESTDIR)$(libdir)
1037 + ${INSTALL_DATA} libskey.so.1.1 $(DESTDIR)$(libdir)
1038 + ${INSTALL_DATA} libskey.so.1 $(DESTDIR)$(libdir)
1039 + ${INSTALL_DATA} libskey.so $(DESTDIR)$(libdir)
1040 ${INSTALL_DATA} ${HDRS} $(DESTDIR)$(includedir)
1041 @for target in ${TARGETS}; do \
1042 ${INSTALL_PROGRAM} $$target $(DESTDIR)$(bindir); \
1043 @@ -119,9 +125,9 @@
1044 -rm -f $(DESTDIR)$(bindir)/skeyaudit
1045 -rm -f $(DESTDIR)$(bindir)/skeyprune
1046 -rm -f $(DESTDIR)$(libdir)/libskey.a
1047 + -rm -f $(DESTDIR)$(libdir)/libskey.so*
1048 -rm -f $(DESTDIR)$(includedir)/skey.h
1049 -rm -f $(DESTDIR)$(includedir)/sha1.h
1050 - -rm -f $(DESTDIR)$(includedir)/rmd160.h
1051 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skey.1
1052 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinfo.1
1053 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinit.1
1054 --- skey-1.1.5.orig/put.c 2001-05-10 17:10:49.000000000 +0100
1055 +++ skey-1.1.5/put.c 2003-11-06 17:46:45.000000000 +0000
1056 @@ -14,7 +14,7 @@
1057 #include <stdio.h>
1058 #include <string.h>
1059 #include <assert.h>
1060 -/*#include <ctype.h>*/
1061 +#include <ctype.h>
1062 #include "config.h"
1063
1064 #include "skey.h"
1065 @@ -22,10 +22,10 @@
1066 static unsigned int extract __P ((char *s, int start, int length));
1067 static void standard __P ((char *word));
1068 static void insert __P ((char *s, int x, int start, int length));
1069 -static int wsrch __P ((char *w, int low, int high));
1070 +static int wsrch __P ((const char *w, int low, int high));
1071
1072 /* Dictionary for integer-word translations */
1073 -static char Wp[2048][4] = {
1074 +char Wp[2048][4] = {
1075 "A",
1076 "ABE",
1077 "ACE",
1078 @@ -2079,19 +2079,13 @@
1079 /* Encode 8 bytes in 'c' as a string of English words.
1080 * Returns a pointer to a static buffer
1081 */
1082 -char *
1083 -btoe(engout, c)
1084 - char *c;
1085 - char *engout;
1086 +char *btoe(char *engout, const char *c)
1087 {
1088 - char cp[10]; /* add in room for the parity 2 bits + extract() slop */
1089 + char cp[9]; /* add in room for the parity 2 bits */
1090 int p, i;
1091
1092 engout[0] = '\0';
1093 -
1094 - /* workaround for extract() reads beyond end of data */
1095 - (void)memset(cp, 0, sizeof(cp));
1096 - (void)memcpy(cp, c, 8);
1097 + memcpy(cp, c, 8);
1098
1099 /* compute parity */
1100 for (p = 0, i = 0; i < 64; i += 2)
1101 @@ -2099,20 +2093,20 @@
1102
1103 cp[8] = (char)p << 6;
1104
1105 - (void)strncat(engout, &Wp[extract (cp, 0, 11)][0], 4);
1106 - (void)strcat(engout, " ");
1107 - (void)strncat(engout, &Wp[extract (cp, 11, 11)][0], 4);
1108 - (void)strcat(engout, " ");
1109 - (void)strncat(engout, &Wp[extract (cp, 22, 11)][0], 4);
1110 - (void)strcat(engout, " ");
1111 - (void)strncat(engout, &Wp[extract (cp, 33, 11)][0], 4);
1112 - (void)strcat(engout, " ");
1113 - (void)strncat(engout, &Wp[extract (cp, 44, 11)][0], 4);
1114 - (void)strcat(engout, " ");
1115 - (void)strncat(engout, &Wp[extract (cp, 55, 11)][0], 4);
1116 + strncat(engout, &Wp[extract (cp, 0, 11)][0], 4);
1117 + strcat(engout, " ");
1118 + strncat(engout, &Wp[extract (cp, 11, 11)][0], 4);
1119 + strcat(engout, " ");
1120 + strncat(engout, &Wp[extract (cp, 22, 11)][0], 4);
1121 + strcat(engout, " ");
1122 + strncat(engout, &Wp[extract (cp, 33, 11)][0], 4);
1123 + strcat(engout, " ");
1124 + strncat(engout, &Wp[extract (cp, 44, 11)][0], 4);
1125 + strcat(engout, " ");
1126 + strncat(engout, &Wp[extract (cp, 55, 11)][0], 4);
1127
1128 #ifdef notdef
1129 - (void)fprintf(stderr, "engout is %s\n\r", engout);
1130 + printf ("engout is %s\n\r", engout);
1131 #endif
1132 return(engout);
1133 }
1134 @@ -2123,41 +2117,42 @@
1135 * -1 badly formed in put ie > 4 char word
1136 * -2 words OK but parity is wrong
1137 */
1138 -int
1139 -etob(out, e)
1140 - char *out;
1141 - char *e;
1142 +int etob(char *out, const char *e)
1143 {
1144 char *word;
1145 int i, p, v, l, low, high;
1146 - char b[SKEY_BINKEY_SIZE+1];
1147 + char b[9];
1148 char input[36];
1149 + char *last;
1150
1151 if (e == NULL)
1152 - return(-1);
1153 + return -1;
1154
1155 - (void)strncpy(input, e, sizeof(input) - 1);
1156 - input[sizeof(input) - 1] = '\0';
1157 - (void)memset(b, 0, sizeof(b));
1158 - (void)memset(out, 0, SKEY_BINKEY_SIZE);
1159 - for (i = 0, p = 0; i < 6; i++, p += 11) {
1160 - if ((word = strtok(i == 0 ? input : NULL, " ")) == NULL)
1161 - return(-1);
1162 -
1163 - l = strlen(word);
1164 - if (l > 4 || l < 1) {
1165 - return(-1);
1166 - } else if (l < 4) {
1167 + strncpy (input, e, sizeof(input));
1168 + memset(b, 0, sizeof(b));
1169 + memset(out, 0, 8);
1170 + for (i = 0, p = 0; i < 6; i++, p += 11)
1171 + {
1172 + if ((word = strtok_r(i == 0 ? input : NULL, " ", &last)) == NULL)
1173 + return -1;
1174 +
1175 + l = strlen (word);
1176 + if (l > 4 || l < 1)
1177 + return -1;
1178 + else if (l < 4)
1179 + {
1180 low = 0;
1181 high = 570;
1182 - } else {
1183 + }
1184 + else
1185 + {
1186 low = 571;
1187 high = 2047;
1188 }
1189 standard(word);
1190
1191 if ((v = wsrch(word, low, high)) < 0)
1192 - return(0);
1193 + return 0;
1194
1195 insert(b, v, p, 11);
1196 }
1197 @@ -2167,55 +2162,47 @@
1198 p += extract (b, i, 2);
1199
1200 if ((p & 3) != extract (b, 64, 2))
1201 - return(-2);
1202 + return -2;
1203
1204 - (void)memcpy(out, b, SKEY_BINKEY_SIZE);
1205 + memcpy(out, b, 8);
1206
1207 - return(1);
1208 + return 1;
1209 }
1210
1211 /* Display 8 bytes as a series of 16-bit hex digits */
1212 -char *
1213 -put8(out, s)
1214 - char *out;
1215 - char *s;
1216 +char *put8(char *out, const char *s)
1217 {
1218 - (void)sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X",
1219 + sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X",
1220 s[0] & 0xff, s[1] & 0xff, s[2] & 0xff,
1221 s[3] & 0xff, s[4] & 0xff, s[5] & 0xff,
1222 s[6] & 0xff, s[7] & 0xff);
1223 - return(out);
1224 + return out;
1225 }
1226
1227 #ifdef notdef
1228 /* Encode 8 bytes in 'cp' as stream of ascii letters.
1229 * Provided as a possible alternative to btoe()
1230 */
1231 -char *
1232 -btoc(cp)
1233 - char *cp;
1234 +char *btoc(char *cp)
1235 {
1236 int i;
1237 static char out[31];
1238
1239 /* code out put by characters 6 bits each added to 0x21 (!) */
1240 - for (i = 0; i <= 10; i++) {
1241 + for (i = 0; i <= 10; i++)
1242 + {
1243 /* last one is only 4 bits not 6 */
1244 out[i] = '!' + extract (cp, 6 * i, i >= 10 ? 4 : 6);
1245 }
1246 out[i] = '\0';
1247 - return(out);
1248 + return out;
1249 }
1250 #endif
1251
1252 /* Internal subroutines for word encoding/decoding */
1253
1254 /* Dictionary binary search */
1255 -static int
1256 -wsrch(w, low, high)
1257 - char *w;
1258 - int low;
1259 - int high;
1260 +static int wsrch(const char *w, int low, int high)
1261 {
1262 int i, j;
1263
1264 @@ -2223,18 +2210,18 @@
1265 i = (low + high) / 2;
1266
1267 if ((j = strncmp(w, Wp[i], 4)) == 0)
1268 - return(i); /* Found it */
1269 -
1270 - if (high == low + 1) {
1271 + return i; /* Found it */
1272 + if (high == low + 1)
1273 + {
1274 /* Avoid effects of integer truncation in /2 */
1275 if (strncmp(w, Wp[high], 4) == 0)
1276 - return(high);
1277 + return high;
1278 else
1279 - return(-1);
1280 + return -1;
1281 }
1282
1283 if (low >= high)
1284 - return(-1); /* I don't *think* this can happen... */
1285 + return -1; /* I don't *think* this can happen... */
1286 if (j < 0)
1287 high = i; /* Search lower half */
1288 else
1289 @@ -2242,12 +2229,7 @@
1290 }
1291 }
1292
1293 -static void
1294 -insert(s, x, start, length)
1295 - char *s;
1296 - int x;
1297 - int start;
1298 - int length;
1299 +static void insert(char *s, int x, int start, int length)
1300 {
1301 unsigned char cl;
1302 unsigned char cc;
1303 @@ -2261,25 +2243,28 @@
1304 assert(start + length <= 66);
1305
1306 shift = ((8 - ((start + length) % 8)) % 8);
1307 - y = x << shift;
1308 + y = (int) x << shift;
1309 cl = (y >> 16) & 0xff;
1310 cc = (y >> 8) & 0xff;
1311 cr = y & 0xff;
1312 - if (shift + length > 16) {
1313 + if (shift + length > 16)
1314 + {
1315 s[start / 8] |= cl;
1316 s[start / 8 + 1] |= cc;
1317 s[start / 8 + 2] |= cr;
1318 - } else if (shift + length > 8) {
1319 + }
1320 + else if (shift + length > 8)
1321 + {
1322 s[start / 8] |= cc;
1323 s[start / 8 + 1] |= cr;
1324 - } else {
1325 + }
1326 + else
1327 + {
1328 s[start / 8] |= cr;
1329 }
1330 }
1331
1332 -static void
1333 -standard(word)
1334 - register char *word;
1335 +static void standard(char *word)
1336 {
1337 while (*word) {
1338 if (!isascii(*word))
1339 @@ -2297,11 +2282,7 @@
1340 }
1341
1342 /* Extract 'length' bits from the char array 's' starting with bit 'start' */
1343 -static unsigned int
1344 -extract(s, start, length)
1345 - char *s;
1346 - int start;
1347 - int length;
1348 +static unsigned int extract(char *s, int start, int length)
1349 {
1350 unsigned char cl;
1351 unsigned char cc;
1352 @@ -2320,5 +2301,5 @@
1353 x = x >> (24 - (length + (start % 8)));
1354 x = (x & (0xffff >> (16 - length)));
1355
1356 - return(x);
1357 + return x;
1358 }
1359 --- skey-1.1.5.orig/rmd160.c 2001-05-10 17:10:49.000000000 +0100
1360 +++ skey-1.1.5/rmd160.c 1970-01-01 01:00:00.000000000 +0100
1361 @@ -1,428 +0,0 @@
1362 -/********************************************************************\
1363 - *
1364 - * FILE: rmd160.c
1365 - *
1366 - * CONTENTS: A sample C-implementation of the RIPEMD-160
1367 - * hash-function.
1368 - * TARGET: any computer with an ANSI C compiler
1369 - *
1370 - * AUTHOR: Antoon Bosselaers, ESAT-COSIC
1371 - * (Arranged for libc by Todd C. Miller)
1372 - * DATE: 1 March 1996
1373 - * VERSION: 1.0
1374 - *
1375 - * Copyright (c) Katholieke Universiteit Leuven
1376 - * 1996, All Rights Reserved
1377 - *
1378 -\********************************************************************/
1379 -#ifndef HAVE_RMD160_H
1380 -
1381 -/* header files */
1382 -#include <stdio.h>
1383 -#include <stdlib.h>
1384 -#include <string.h>
1385 -#include <sys/types.h>
1386 -#include "config.h"
1387 -#include "rmd160.h"
1388 -
1389 -/********************************************************************/
1390 -
1391 -/* macro definitions */
1392 -
1393 -/* collect four bytes into one word: */
1394 -#define BYTES_TO_DWORD(strptr) \
1395 - (((u_int32_t) *((strptr)+3) << 24) | \
1396 - ((u_int32_t) *((strptr)+2) << 16) | \
1397 - ((u_int32_t) *((strptr)+1) << 8) | \
1398 - ((u_int32_t) *(strptr)))
1399 -
1400 -/* ROL(x, n) cyclically rotates x over n bits to the left */
1401 -/* x must be of an unsigned 32 bits type and 0 <= n < 32. */
1402 -#define ROL(x, n) (((x) << (n)) | ((x) >> (32-(n))))
1403 -
1404 -/* the three basic functions F(), G() and H() */
1405 -#define F(x, y, z) ((x) ^ (y) ^ (z))
1406 -#define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
1407 -#define H(x, y, z) (((x) | ~(y)) ^ (z))
1408 -#define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
1409 -#define J(x, y, z) ((x) ^ ((y) | ~(z)))
1410 -
1411 -/* the eight basic operations FF() through III() */
1412 -#define FF(a, b, c, d, e, x, s) { \
1413 - (a) += F((b), (c), (d)) + (x); \
1414 - (a) = ROL((a), (s)) + (e); \
1415 - (c) = ROL((c), 10); \
1416 -}
1417 -#define GG(a, b, c, d, e, x, s) { \
1418 - (a) += G((b), (c), (d)) + (x) + 0x5a827999U; \
1419 - (a) = ROL((a), (s)) + (e); \
1420 - (c) = ROL((c), 10); \
1421 -}
1422 -#define HH(a, b, c, d, e, x, s) { \
1423 - (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1U; \
1424 - (a) = ROL((a), (s)) + (e); \
1425 - (c) = ROL((c), 10); \
1426 -}
1427 -#define II(a, b, c, d, e, x, s) { \
1428 - (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcU; \
1429 - (a) = ROL((a), (s)) + (e); \
1430 - (c) = ROL((c), 10); \
1431 -}
1432 -#define JJ(a, b, c, d, e, x, s) { \
1433 - (a) += J((b), (c), (d)) + (x) + 0xa953fd4eU; \
1434 - (a) = ROL((a), (s)) + (e); \
1435 - (c) = ROL((c), 10); \
1436 -}
1437 -#define FFF(a, b, c, d, e, x, s) { \
1438 - (a) += F((b), (c), (d)) + (x); \
1439 - (a) = ROL((a), (s)) + (e); \
1440 - (c) = ROL((c), 10); \
1441 -}
1442 -#define GGG(a, b, c, d, e, x, s) { \
1443 - (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9U; \
1444 - (a) = ROL((a), (s)) + (e); \
1445 - (c) = ROL((c), 10); \
1446 -}
1447 -#define HHH(a, b, c, d, e, x, s) { \
1448 - (a) += H((b), (c), (d)) + (x) + 0x6d703ef3U; \
1449 - (a) = ROL((a), (s)) + (e); \
1450 - (c) = ROL((c), 10); \
1451 -}
1452 -#define III(a, b, c, d, e, x, s) { \
1453 - (a) += I((b), (c), (d)) + (x) + 0x5c4dd124U; \
1454 - (a) = ROL((a), (s)) + (e); \
1455 - (c) = ROL((c), 10); \
1456 -}
1457 -#define JJJ(a, b, c, d, e, x, s) { \
1458 - (a) += J((b), (c), (d)) + (x) + 0x50a28be6U; \
1459 - (a) = ROL((a), (s)) + (e); \
1460 - (c) = ROL((c), 10); \
1461 -}
1462 -
1463 -/********************************************************************/
1464 -
1465 -void
1466 -RMD160Init(context)
1467 - RMD160_CTX *context;
1468 -{
1469 -
1470 - /* ripemd-160 initialization constants */
1471 - context->state[0] = 0x67452301U;
1472 - context->state[1] = 0xefcdab89U;
1473 - context->state[2] = 0x98badcfeU;
1474 - context->state[3] = 0x10325476U;
1475 - context->state[4] = 0xc3d2e1f0U;
1476 - context->length[0] = context->length[1] = 0;
1477 - context->buflen = 0;
1478 -}
1479 -
1480 -/********************************************************************/
1481 -
1482 -void
1483 -RMD160Transform(state, block)
1484 - u_int32_t state[5];
1485 - const u_int32_t block[16];
1486 -{
1487 - u_int32_t aa = state[0], bb = state[1], cc = state[2],
1488 - dd = state[3], ee = state[4];
1489 - u_int32_t aaa = state[0], bbb = state[1], ccc = state[2],
1490 - ddd = state[3], eee = state[4];
1491 -
1492 - /* round 1 */
1493 - FF(aa, bb, cc, dd, ee, block[ 0], 11);
1494 - FF(ee, aa, bb, cc, dd, block[ 1], 14);
1495 - FF(dd, ee, aa, bb, cc, block[ 2], 15);
1496 - FF(cc, dd, ee, aa, bb, block[ 3], 12);
1497 - FF(bb, cc, dd, ee, aa, block[ 4], 5);
1498 - FF(aa, bb, cc, dd, ee, block[ 5], 8);
1499 - FF(ee, aa, bb, cc, dd, block[ 6], 7);
1500 - FF(dd, ee, aa, bb, cc, block[ 7], 9);
1501 - FF(cc, dd, ee, aa, bb, block[ 8], 11);
1502 - FF(bb, cc, dd, ee, aa, block[ 9], 13);
1503 - FF(aa, bb, cc, dd, ee, block[10], 14);
1504 - FF(ee, aa, bb, cc, dd, block[11], 15);
1505 - FF(dd, ee, aa, bb, cc, block[12], 6);
1506 - FF(cc, dd, ee, aa, bb, block[13], 7);
1507 - FF(bb, cc, dd, ee, aa, block[14], 9);
1508 - FF(aa, bb, cc, dd, ee, block[15], 8);
1509 -
1510 - /* round 2 */
1511 - GG(ee, aa, bb, cc, dd, block[ 7], 7);
1512 - GG(dd, ee, aa, bb, cc, block[ 4], 6);
1513 - GG(cc, dd, ee, aa, bb, block[13], 8);
1514 - GG(bb, cc, dd, ee, aa, block[ 1], 13);
1515 - GG(aa, bb, cc, dd, ee, block[10], 11);
1516 - GG(ee, aa, bb, cc, dd, block[ 6], 9);
1517 - GG(dd, ee, aa, bb, cc, block[15], 7);
1518 - GG(cc, dd, ee, aa, bb, block[ 3], 15);
1519 - GG(bb, cc, dd, ee, aa, block[12], 7);
1520 - GG(aa, bb, cc, dd, ee, block[ 0], 12);
1521 - GG(ee, aa, bb, cc, dd, block[ 9], 15);
1522 - GG(dd, ee, aa, bb, cc, block[ 5], 9);
1523 - GG(cc, dd, ee, aa, bb, block[ 2], 11);
1524 - GG(bb, cc, dd, ee, aa, block[14], 7);
1525 - GG(aa, bb, cc, dd, ee, block[11], 13);
1526 - GG(ee, aa, bb, cc, dd, block[ 8], 12);
1527 -
1528 - /* round 3 */
1529 - HH(dd, ee, aa, bb, cc, block[ 3], 11);
1530 - HH(cc, dd, ee, aa, bb, block[10], 13);
1531 - HH(bb, cc, dd, ee, aa, block[14], 6);
1532 - HH(aa, bb, cc, dd, ee, block[ 4], 7);
1533 - HH(ee, aa, bb, cc, dd, block[ 9], 14);
1534 - HH(dd, ee, aa, bb, cc, block[15], 9);
1535 - HH(cc, dd, ee, aa, bb, block[ 8], 13);
1536 - HH(bb, cc, dd, ee, aa, block[ 1], 15);
1537 - HH(aa, bb, cc, dd, ee, block[ 2], 14);
1538 - HH(ee, aa, bb, cc, dd, block[ 7], 8);
1539 - HH(dd, ee, aa, bb, cc, block[ 0], 13);
1540 - HH(cc, dd, ee, aa, bb, block[ 6], 6);
1541 - HH(bb, cc, dd, ee, aa, block[13], 5);
1542 - HH(aa, bb, cc, dd, ee, block[11], 12);
1543 - HH(ee, aa, bb, cc, dd, block[ 5], 7);
1544 - HH(dd, ee, aa, bb, cc, block[12], 5);
1545 -
1546 - /* round 4 */
1547 - II(cc, dd, ee, aa, bb, block[ 1], 11);
1548 - II(bb, cc, dd, ee, aa, block[ 9], 12);
1549 - II(aa, bb, cc, dd, ee, block[11], 14);
1550 - II(ee, aa, bb, cc, dd, block[10], 15);
1551 - II(dd, ee, aa, bb, cc, block[ 0], 14);
1552 - II(cc, dd, ee, aa, bb, block[ 8], 15);
1553 - II(bb, cc, dd, ee, aa, block[12], 9);
1554 - II(aa, bb, cc, dd, ee, block[ 4], 8);
1555 - II(ee, aa, bb, cc, dd, block[13], 9);
1556 - II(dd, ee, aa, bb, cc, block[ 3], 14);
1557 - II(cc, dd, ee, aa, bb, block[ 7], 5);
1558 - II(bb, cc, dd, ee, aa, block[15], 6);
1559 - II(aa, bb, cc, dd, ee, block[14], 8);
1560 - II(ee, aa, bb, cc, dd, block[ 5], 6);
1561 - II(dd, ee, aa, bb, cc, block[ 6], 5);
1562 - II(cc, dd, ee, aa, bb, block[ 2], 12);
1563 -
1564 - /* round 5 */
1565 - JJ(bb, cc, dd, ee, aa, block[ 4], 9);
1566 - JJ(aa, bb, cc, dd, ee, block[ 0], 15);
1567 - JJ(ee, aa, bb, cc, dd, block[ 5], 5);
1568 - JJ(dd, ee, aa, bb, cc, block[ 9], 11);
1569 - JJ(cc, dd, ee, aa, bb, block[ 7], 6);
1570 - JJ(bb, cc, dd, ee, aa, block[12], 8);
1571 - JJ(aa, bb, cc, dd, ee, block[ 2], 13);
1572 - JJ(ee, aa, bb, cc, dd, block[10], 12);
1573 - JJ(dd, ee, aa, bb, cc, block[14], 5);
1574 - JJ(cc, dd, ee, aa, bb, block[ 1], 12);
1575 - JJ(bb, cc, dd, ee, aa, block[ 3], 13);
1576 - JJ(aa, bb, cc, dd, ee, block[ 8], 14);
1577 - JJ(ee, aa, bb, cc, dd, block[11], 11);
1578 - JJ(dd, ee, aa, bb, cc, block[ 6], 8);
1579 - JJ(cc, dd, ee, aa, bb, block[15], 5);
1580 - JJ(bb, cc, dd, ee, aa, block[13], 6);
1581 -
1582 - /* parallel round 1 */
1583 - JJJ(aaa, bbb, ccc, ddd, eee, block[ 5], 8);
1584 - JJJ(eee, aaa, bbb, ccc, ddd, block[14], 9);
1585 - JJJ(ddd, eee, aaa, bbb, ccc, block[ 7], 9);
1586 - JJJ(ccc, ddd, eee, aaa, bbb, block[ 0], 11);
1587 - JJJ(bbb, ccc, ddd, eee, aaa, block[ 9], 13);
1588 - JJJ(aaa, bbb, ccc, ddd, eee, block[ 2], 15);
1589 - JJJ(eee, aaa, bbb, ccc, ddd, block[11], 15);
1590 - JJJ(ddd, eee, aaa, bbb, ccc, block[ 4], 5);
1591 - JJJ(ccc, ddd, eee, aaa, bbb, block[13], 7);
1592 - JJJ(bbb, ccc, ddd, eee, aaa, block[ 6], 7);
1593 - JJJ(aaa, bbb, ccc, ddd, eee, block[15], 8);
1594 - JJJ(eee, aaa, bbb, ccc, ddd, block[ 8], 11);
1595 - JJJ(ddd, eee, aaa, bbb, ccc, block[ 1], 14);
1596 - JJJ(ccc, ddd, eee, aaa, bbb, block[10], 14);
1597 - JJJ(bbb, ccc, ddd, eee, aaa, block[ 3], 12);
1598 - JJJ(aaa, bbb, ccc, ddd, eee, block[12], 6);
1599 -
1600 - /* parallel round 2 */
1601 - III(eee, aaa, bbb, ccc, ddd, block[ 6], 9);
1602 - III(ddd, eee, aaa, bbb, ccc, block[11], 13);
1603 - III(ccc, ddd, eee, aaa, bbb, block[ 3], 15);
1604 - III(bbb, ccc, ddd, eee, aaa, block[ 7], 7);
1605 - III(aaa, bbb, ccc, ddd, eee, block[ 0], 12);
1606 - III(eee, aaa, bbb, ccc, ddd, block[13], 8);
1607 - III(ddd, eee, aaa, bbb, ccc, block[ 5], 9);
1608 - III(ccc, ddd, eee, aaa, bbb, block[10], 11);
1609 - III(bbb, ccc, ddd, eee, aaa, block[14], 7);
1610 - III(aaa, bbb, ccc, ddd, eee, block[15], 7);
1611 - III(eee, aaa, bbb, ccc, ddd, block[ 8], 12);
1612 - III(ddd, eee, aaa, bbb, ccc, block[12], 7);
1613 - III(ccc, ddd, eee, aaa, bbb, block[ 4], 6);
1614 - III(bbb, ccc, ddd, eee, aaa, block[ 9], 15);
1615 - III(aaa, bbb, ccc, ddd, eee, block[ 1], 13);
1616 - III(eee, aaa, bbb, ccc, ddd, block[ 2], 11);
1617 -
1618 - /* parallel round 3 */
1619 - HHH(ddd, eee, aaa, bbb, ccc, block[15], 9);
1620 - HHH(ccc, ddd, eee, aaa, bbb, block[ 5], 7);
1621 - HHH(bbb, ccc, ddd, eee, aaa, block[ 1], 15);
1622 - HHH(aaa, bbb, ccc, ddd, eee, block[ 3], 11);
1623 - HHH(eee, aaa, bbb, ccc, ddd, block[ 7], 8);
1624 - HHH(ddd, eee, aaa, bbb, ccc, block[14], 6);
1625 - HHH(ccc, ddd, eee, aaa, bbb, block[ 6], 6);
1626 - HHH(bbb, ccc, ddd, eee, aaa, block[ 9], 14);
1627 - HHH(aaa, bbb, ccc, ddd, eee, block[11], 12);
1628 - HHH(eee, aaa, bbb, ccc, ddd, block[ 8], 13);
1629 - HHH(ddd, eee, aaa, bbb, ccc, block[12], 5);
1630 - HHH(ccc, ddd, eee, aaa, bbb, block[ 2], 14);
1631 - HHH(bbb, ccc, ddd, eee, aaa, block[10], 13);
1632 - HHH(aaa, bbb, ccc, ddd, eee, block[ 0], 13);
1633 - HHH(eee, aaa, bbb, ccc, ddd, block[ 4], 7);
1634 - HHH(ddd, eee, aaa, bbb, ccc, block[13], 5);
1635 -
1636 - /* parallel round 4 */
1637 - GGG(ccc, ddd, eee, aaa, bbb, block[ 8], 15);
1638 - GGG(bbb, ccc, ddd, eee, aaa, block[ 6], 5);
1639 - GGG(aaa, bbb, ccc, ddd, eee, block[ 4], 8);
1640 - GGG(eee, aaa, bbb, ccc, ddd, block[ 1], 11);
1641 - GGG(ddd, eee, aaa, bbb, ccc, block[ 3], 14);
1642 - GGG(ccc, ddd, eee, aaa, bbb, block[11], 14);
1643 - GGG(bbb, ccc, ddd, eee, aaa, block[15], 6);
1644 - GGG(aaa, bbb, ccc, ddd, eee, block[ 0], 14);
1645 - GGG(eee, aaa, bbb, ccc, ddd, block[ 5], 6);
1646 - GGG(ddd, eee, aaa, bbb, ccc, block[12], 9);
1647 - GGG(ccc, ddd, eee, aaa, bbb, block[ 2], 12);
1648 - GGG(bbb, ccc, ddd, eee, aaa, block[13], 9);
1649 - GGG(aaa, bbb, ccc, ddd, eee, block[ 9], 12);
1650 - GGG(eee, aaa, bbb, ccc, ddd, block[ 7], 5);
1651 - GGG(ddd, eee, aaa, bbb, ccc, block[10], 15);
1652 - GGG(ccc, ddd, eee, aaa, bbb, block[14], 8);
1653 -
1654 - /* parallel round 5 */
1655 - FFF(bbb, ccc, ddd, eee, aaa, block[12] , 8);
1656 - FFF(aaa, bbb, ccc, ddd, eee, block[15] , 5);
1657 - FFF(eee, aaa, bbb, ccc, ddd, block[10] , 12);
1658 - FFF(ddd, eee, aaa, bbb, ccc, block[ 4] , 9);
1659 - FFF(ccc, ddd, eee, aaa, bbb, block[ 1] , 12);
1660 - FFF(bbb, ccc, ddd, eee, aaa, block[ 5] , 5);
1661 - FFF(aaa, bbb, ccc, ddd, eee, block[ 8] , 14);
1662 - FFF(eee, aaa, bbb, ccc, ddd, block[ 7] , 6);
1663 - FFF(ddd, eee, aaa, bbb, ccc, block[ 6] , 8);
1664 - FFF(ccc, ddd, eee, aaa, bbb, block[ 2] , 13);
1665 - FFF(bbb, ccc, ddd, eee, aaa, block[13] , 6);
1666 - FFF(aaa, bbb, ccc, ddd, eee, block[14] , 5);
1667 - FFF(eee, aaa, bbb, ccc, ddd, block[ 0] , 15);
1668 - FFF(ddd, eee, aaa, bbb, ccc, block[ 3] , 13);
1669 - FFF(ccc, ddd, eee, aaa, bbb, block[ 9] , 11);
1670 - FFF(bbb, ccc, ddd, eee, aaa, block[11] , 11);
1671 -
1672 - /* combine results */
1673 - ddd += cc + state[1]; /* final result for state[0] */
1674 - state[1] = state[2] + dd + eee;
1675 - state[2] = state[3] + ee + aaa;
1676 - state[3] = state[4] + aa + bbb;
1677 - state[4] = state[0] + bb + ccc;
1678 - state[0] = ddd;
1679 -}
1680 -
1681 -/********************************************************************/
1682 -
1683 -void
1684 -RMD160Update(context, data, nbytes)
1685 - RMD160_CTX *context;
1686 - const u_char *data;
1687 - u_int32_t nbytes;
1688 -{
1689 - u_int32_t X[16];
1690 - u_int32_t ofs = 0;
1691 - u_int32_t i;
1692 -#ifdef WORDS_BIGENDIAN
1693 - u_int32_t j;
1694 -#endif
1695 -
1696 - /* update length[] */
1697 - if (context->length[0] + nbytes < context->length[0])
1698 - context->length[1]++; /* overflow to msb of length */
1699 - context->length[0] += nbytes;
1700 -
1701 - (void)memset(X, 0, sizeof(X));
1702 -
1703 - if ( context->buflen + nbytes < 64 )
1704 - {
1705 - (void)memcpy(context->bbuffer + context->buflen, data, nbytes);
1706 - context->buflen += nbytes;
1707 - }
1708 - else
1709 - {
1710 - /* process first block */
1711 - ofs = 64 - context->buflen;
1712 - (void)memcpy(context->bbuffer + context->buflen, data, ofs);
1713 -#ifndef WORDS_BIGENDIAN
1714 - (void)memcpy(X, context->bbuffer, sizeof(X));
1715 -#else
1716 - for (j=0; j < 16; j++)
1717 - X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j));
1718 -#endif
1719 - RMD160Transform(context->state, X);
1720 - nbytes -= ofs;
1721 -
1722 - /* process remaining complete blocks */
1723 - for (i = 0; i < (nbytes >> 6); i++) {
1724 -#ifndef WORDS_BIGENDIAN
1725 - (void)memcpy(X, data + (64 * i) + ofs, sizeof(X));
1726 -#else
1727 - for (j=0; j < 16; j++)
1728 - X[j] = BYTES_TO_DWORD(data + (64 * i) + (4 * j) + ofs);
1729 -#endif
1730 - RMD160Transform(context->state, X);
1731 - }
1732 -
1733 - /*
1734 - * Put last bytes from data into context's buffer
1735 - */
1736 - context->buflen = nbytes & 63;
1737 - memcpy(context->bbuffer, data + (64 * i) + ofs, context->buflen);
1738 - }
1739 -}
1740 -
1741 -/********************************************************************/
1742 -
1743 -void
1744 -RMD160Final(digest, context)
1745 - u_char digest[20];
1746 - RMD160_CTX *context;
1747 -{
1748 - u_int32_t i;
1749 - u_int32_t X[16];
1750 -#ifdef WORDS_BIGENDIAN
1751 - u_int32_t j;
1752 -#endif
1753 -
1754 - /* append the bit m_n == 1 */
1755 - context->bbuffer[context->buflen] = '\200';
1756 -
1757 - (void)memset(context->bbuffer + context->buflen + 1, 0,
1758 - 63 - context->buflen);
1759 -#ifndef WORDS_BIGENDIAN
1760 - (void)memcpy(X, context->bbuffer, sizeof(X));
1761 -#else
1762 - for (j=0; j < 16; j++)
1763 - X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j));
1764 -#endif
1765 - if ((context->buflen) > 55) {
1766 - /* length goes to next block */
1767 - RMD160Transform(context->state, X);
1768 - (void)memset(X, 0, sizeof(X));
1769 - }
1770 -
1771 - /* append length in bits */
1772 - X[14] = context->length[0] << 3;
1773 - X[15] = (context->length[0] >> 29) |
1774 - (context->length[1] << 3);
1775 - RMD160Transform(context->state, X);
1776 -
1777 - if (digest != NULL) {
1778 - for (i = 0; i < 20; i += 4) {
1779 - /* extracts the 8 least significant bits. */
1780 - digest[i] = context->state[i>>2];
1781 - digest[i + 1] = (context->state[i>>2] >> 8);
1782 - digest[i + 2] = (context->state[i>>2] >> 16);
1783 - digest[i + 3] = (context->state[i>>2] >> 24);
1784 - }
1785 - }
1786 -}
1787 -
1788 -/************************ end of file rmd160.c **********************/
1789 -#endif
1790 --- skey-1.1.5.orig/rmd160.h 2001-05-10 17:10:49.000000000 +0100
1791 +++ skey-1.1.5/rmd160.h 1970-01-01 01:00:00.000000000 +0100
1792 @@ -1,48 +0,0 @@
1793 -/* $OpenBSD: rmd160.h,v 1.4 1999/08/16 09:59:04 millert Exp $ */
1794 -
1795 -/********************************************************************\
1796 - *
1797 - * FILE: rmd160.h
1798 - *
1799 - * CONTENTS: Header file for a sample C-implementation of the
1800 - * RIPEMD-160 hash-function.
1801 - * TARGET: any computer with an ANSI C compiler
1802 - *
1803 - * AUTHOR: Antoon Bosselaers, ESAT-COSIC
1804 - * DATE: 1 March 1996
1805 - * VERSION: 1.0
1806 - *
1807 - * Copyright (c) Katholieke Universiteit Leuven
1808 - * 1996, All Rights Reserved
1809 - *
1810 -\********************************************************************/
1811 -
1812 -#ifndef _RMD160_H /* make sure this file is read only once */
1813 -#define _RMD160_H
1814 -
1815 -/********************************************************************/
1816 -
1817 -/* structure definitions */
1818 -
1819 -typedef struct {
1820 - u_int32_t state[5]; /* state (ABCDE) */
1821 - u_int32_t length[2]; /* number of bits */
1822 - u_char bbuffer[64]; /* overflow buffer */
1823 - u_int32_t buflen; /* number of chars in bbuffer */
1824 -} RMD160_CTX;
1825 -
1826 -/********************************************************************/
1827 -
1828 -/* function prototypes */
1829 -
1830 -void RMD160Init __P((RMD160_CTX *context));
1831 -void RMD160Transform __P((u_int32_t state[5], const u_int32_t block[16]));
1832 -void RMD160Update __P((RMD160_CTX *context, const u_char *data, u_int32_t nbytes));
1833 -void RMD160Final __P((u_char digest[20], RMD160_CTX *context));
1834 -char *RMD160End __P((RMD160_CTX *, char *));
1835 -char *RMD160File __P((char *, char *));
1836 -char *RMD160Data __P((const u_char *, size_t, char *));
1837 -
1838 -#endif /* _RMD160_H */
1839 -
1840 -/*********************** end of file rmd160.h ***********************/
1841 --- skey-1.1.5.orig/rmd160hl.c 2001-05-10 17:10:49.000000000 +0100
1842 +++ skey-1.1.5/rmd160hl.c 1970-01-01 01:00:00.000000000 +0100
1843 @@ -1,85 +0,0 @@
1844 -/* rmd160hl.c
1845 - * ----------------------------------------------------------------------------
1846 - * "THE BEER-WARE LICENSE" (Revision 42):
1847 - * <phk@×××××××××××.dk> wrote this file. As long as you retain this notice you
1848 - * can do whatever you want with this stuff. If we meet some day, and you think
1849 - * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
1850 - * ----------------------------------------------------------------------------
1851 - */
1852 -
1853 -#if defined(LIBC_SCCS) && !defined(lint)
1854 -static char rcsid[] = "$OpenBSD: rmd160hl.c,v 1.2 1999/08/17 09:13:12 millert Exp $";
1855 -#endif /* LIBC_SCCS and not lint */
1856 -
1857 -#include <stdlib.h>
1858 -#include <stdio.h>
1859 -#include <errno.h>
1860 -#include <fcntl.h>
1861 -#include <sys/types.h>
1862 -#include <sys/uio.h>
1863 -#include <unistd.h>
1864 -#include "config.h"
1865 -#ifdef HAVE_RMD160_H
1866 -#include <rmd160.h>
1867 -#else
1868 -#include "rmd160.h"
1869 -#endif
1870 -
1871 -/* ARGSUSED */
1872 -char *
1873 -RMD160End(ctx, buf)
1874 - RMD160_CTX *ctx;
1875 - char *buf;
1876 -{
1877 - int i;
1878 - char *p = buf;
1879 - u_char digest[20];
1880 - static const char hex[]="0123456789abcdef";
1881 -
1882 - if (p == NULL && (p = malloc(41)) == NULL)
1883 - return 0;
1884 -
1885 - RMD160Final(digest,ctx);
1886 - for (i = 0; i < 20; i++) {
1887 - p[i + i] = hex[digest[i] >> 4];
1888 - p[i + i + 1] = hex[digest[i] & 0x0f];
1889 - }
1890 - p[i + i] = '\0';
1891 - return(p);
1892 -}
1893 -
1894 -char *
1895 -RMD160File (filename, buf)
1896 - char *filename;
1897 - char *buf;
1898 -{
1899 - u_char buffer[BUFSIZ];
1900 - RMD160_CTX ctx;
1901 - int fd, num, oerrno;
1902 -
1903 - RMD160Init(&ctx);
1904 -
1905 - if ((fd = open(filename, O_RDONLY)) < 0)
1906 - return(0);
1907 -
1908 - while ((num = read(fd, buffer, sizeof(buffer))) > 0)
1909 - RMD160Update(&ctx, buffer, num);
1910 -
1911 - oerrno = errno;
1912 - close(fd);
1913 - errno = oerrno;
1914 - return(num < 0 ? 0 : RMD160End(&ctx, buf));
1915 -}
1916 -
1917 -char *
1918 -RMD160Data (data, len, buf)
1919 - const u_char *data;
1920 - size_t len;
1921 - char *buf;
1922 -{
1923 - RMD160_CTX ctx;
1924 -
1925 - RMD160Init(&ctx);
1926 - RMD160Update(&ctx, data, len);
1927 - return(RMD160End(&ctx, buf));
1928 -}
1929 --- skey-1.1.5.orig/skey.1 2001-05-10 17:10:49.000000000 +0100
1930 +++ skey-1.1.5/skey.1 2003-11-06 17:46:45.000000000 +0000
1931 @@ -1,95 +1,165 @@
1932 -.\" $OpenBSD: skey.1,v 1.21 2000/11/09 17:52:38 aaron Exp $
1933 -.\" @(#)skey.1 1.1 10/28/93
1934 +.\" $NetBSD: skey.1,v 1.21 2003/09/07 16:22:24 wiz Exp $
1935 .\"
1936 -.Dd October 28, 1993
1937 +.\" from: @(#)skey.1 1.1 10/28/93
1938 +.\"
1939 +.Dd July 25, 2001
1940 .Dt SKEY 1
1941 .Os
1942 .Sh NAME
1943 -.Nm skey, otp-md4, otp-md5, otp-sha1, otp-rmd160
1944 +.Nm skey
1945 .Nd respond to an OTP challenge
1946 .Sh SYNOPSIS
1947 -.Nm skey
1948 -.Op Fl x
1949 -.Oo
1950 -.Fl md4 | Fl md5 | Fl sha1 |
1951 -.Fl rmd160
1952 -.Oc
1953 +.Nm
1954 .Op Fl n Ar count
1955 -.Op Fl p Ar passwd
1956 -<sequence#>[/] key
1957 +.Op Fl p Ar password
1958 +.Op Fl t Ar hash
1959 +.Op Fl x
1960 +.Ar sequence#
1961 +.Op /
1962 +.Ar key
1963 .Sh DESCRIPTION
1964 -.Nm S/key
1965 -is a procedure for using one-time passwords to authenticate access to
1966 -computer systems.
1967 -It uses 64 bits of information transformed by the
1968 -MD4, MD5, SHA1, or RIPEMD-160 algorithms.
1969 -The user supplies the 64 bits
1970 -in the form of 6 English words that are generated by a secure computer.
1971 -This implementation of
1972 -.Nm s/key
1973 -is RFC 1938 compliant.
1974 +.Em S/Key
1975 +is a One Time Password (OTP) authentication system.
1976 +It is intended to be used when the communication channel between
1977 +a user and host is not secure (e.g. not encrypted or hardwired).
1978 +Since each password is used only once, even if it is "seen" by a
1979 +hostile third party, it cannot be used again to gain access to the host.
1980 .Pp
1981 -When
1982 -.Nm skey
1983 -is invoked as
1984 -.Nm otp-method ,
1985 -.Nm skey
1986 -will use
1987 -.Ar method
1988 -as the hash function where
1989 -.Ar method
1990 -is currently one of md4, md5, sha1, or rmd160.
1991 +.Em S/Key
1992 +uses 64 bits of information, transformed by the
1993 +.Tn MD4
1994 +algorithm into 6 English words.
1995 +The user supplies the words to authenticate himself to programs like
1996 +.Xr login 1
1997 +or
1998 +.Xr ftpd 8 .
1999 +.Pp
2000 +Example use of the
2001 +.Em S/Key
2002 +program
2003 +.Nm :
2004 +.Bd -literal -offset indent
2005 +% skey 99 th91334
2006 +Enter password: \*[Lt]your secret password is entered here\*[Gt]
2007 +OMEN US HORN OMIT BACK AHOY
2008 +%
2009 +.Ed
2010 +.Pp
2011 +The string that is given back by
2012 +.Nm
2013 +can then be used to log into a system.
2014 +.Pp
2015 +The programs that are part of the
2016 +.Em S/Key
2017 +system are:
2018 +.Bl -tag -width skeyauditxxx
2019 +.It Xr skeyinit 1
2020 +used to set up your
2021 +.Em S/Key .
2022 +.It Nm
2023 +used to get the one time password(s).
2024 +.It Xr skeyinfo 1
2025 +used to initialize the
2026 +.Em S/Key
2027 +database for the specified user.
2028 +It also tells the user what the next challenge will be.
2029 +.It Xr skeyaudit 1
2030 +used to inform users that they will soon have to rerun
2031 +.Xr skeyinit 1 .
2032 +.El
2033 .Pp
2034 -If you misspell your password while running
2035 -.Nm skey ,
2036 +When you run
2037 +.Xr skeyinit 1
2038 +you inform the system of your
2039 +secret password.
2040 +Running
2041 +.Nm
2042 +then generates the
2043 +one-time password(s), after requiring your secret password.
2044 +If however, you misspell your secret password that you have given to
2045 +.Xr skeyinit 1
2046 +while running
2047 +.Xr skey 1
2048 you will get a list of passwords
2049 -that will not work, and no indication of the problem.
2050 +that will not work, and no indication about the problem.
2051 .Pp
2052 -Password sequence numbers count backwards.
2053 +Password sequence numbers count backward from 99.
2054 You can enter the passwords using small letters, even though
2055 -.Nm skey
2056 +.Xr skey 1
2057 prints them capitalized.
2058 .Pp
2059 -The options are as follows:
2060 -.Bl -tag -width Ds
2061 -.It Fl n Ar count
2062 -Prints out
2063 +The
2064 +.Fl n Ar count
2065 +argument asks for
2066 .Ar count
2067 -one-time passwords.
2068 -The default is to print one.
2069 -.It Fl p Ar password
2070 -Uses
2071 -.Ar password
2072 -as the secret password.
2073 -Use of this option is discouraged as
2074 -your secret password could be visible in a process listing.
2075 -.It Fl x
2076 -Causes output to be in hexadecimal instead of ASCII.
2077 -.It Fl md4
2078 -Selects MD4 as the hash algorithm.
2079 -.It Fl md5
2080 -Selects MD5 as the hash algorithm.
2081 -.It Fl sha1
2082 -Selects SHA-1 (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
2083 -.It Fl rmd160
2084 -Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
2085 -.El
2086 +password sequences to be printed out ending with the requested
2087 +sequence number.
2088 +.Pp
2089 +The hash algorithm is selected using the
2090 +.Fl t Ar hash
2091 +option, possible choices here are md4, md5 or sha1.
2092 +.Pp
2093 +The
2094 +.Fl p Ar password
2095 +allows the user to specify the
2096 +.Em S/Key
2097 +password on the command line.
2098 +.Pp
2099 +To output the S/Key list in hexadecimal instead of words,
2100 +use the
2101 +.Fl x
2102 +option.
2103 .Sh EXAMPLES
2104 -.sp 0
2105 - % skey 99 th91334
2106 -.sp 0
2107 - Enter secret password: <your secret password is entered here>
2108 -.sp 0
2109 - OMEN US HORN OMIT BACK AHOY
2110 -.sp 0
2111 - %
2112 +Initialize generation of one time passwords:
2113 +.Bd -literal -offset indent
2114 +host% skeyinit
2115 +Password: \*[Lt]normal login password\*[Gt]
2116 +[Adding username]
2117 +Enter secret password: \*[Lt]new secret password\*[Gt]
2118 +Again secret password: \*[Lt]new secret password again\*[Gt]
2119 +ID username s/key is 99 host12345
2120 +Next login password: SOME SIX WORDS THAT WERE COMPUTED
2121 +.Ed
2122 +.Pp
2123 +Produce a list of one time passwords to take with to a conference:
2124 +.Bd -literal -offset indent
2125 +host% skey -n 3 99 host12345
2126 +Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt]
2127 +97: NOSE FOOT RUSH FEAR GREY JUST
2128 +98: YAWN LEO DEED BIND WACK BRAE
2129 +99: SOME SIX WORDS THAT WERE COMPUTED
2130 +.Ed
2131 +.Pp
2132 +Logging in to a host where
2133 +.Nm
2134 +is installed:
2135 +.Bd -literal -offset indent
2136 +host% telnet host
2137 +
2138 +login: \*[Lt]username\*[Gt]
2139 +Password [s/key 97 host12345]:
2140 +.Ed
2141 +.Pp
2142 +Note that the user can use either his/her
2143 +.Em S/Key
2144 +password at the prompt but also the normal one unless the
2145 +.Fl s
2146 +flag is given to
2147 +.Xr login 1 .
2148 .Sh SEE ALSO
2149 .Xr login 1 ,
2150 +.Xr skeyaudit 1 ,
2151 .Xr skeyinfo 1 ,
2152 -.Xr skeyinit 1
2153 +.Xr skeyinit 1 ,
2154 +.Xr ftpd 8
2155 .Pp
2156 -.Em RFC1938
2157 +.Em RFC 2289
2158 .Sh TRADEMARKS AND PATENTS
2159 -S/Key is a Trademark of Bellcore.
2160 +.Em S/Key
2161 +is a trademark of
2162 +.Tn Bellcore .
2163 .Sh AUTHORS
2164 -Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
2165 +Phil Karn,
2166 +Neil M. Haller,
2167 +John S. Walden,
2168 +Scott Chasin
2169 --- skey-1.1.5.orig/skey.3 1970-01-01 01:00:00.000000000 +0100
2170 +++ skey-1.1.5/skey.3 2003-11-06 17:46:45.000000000 +0000
2171 @@ -0,0 +1,264 @@
2172 +.\" $NetBSD: skey.3,v 1.8 2003/06/06 13:42:50 wiz Exp $
2173 +.\"
2174 +.\" Copyright (c) 2001 The NetBSD Foundation, Inc.
2175 +.\" All rights reserved.
2176 +.\"
2177 +.\" This code is derived from software contributed to The NetBSD Foundation
2178 +.\" by Gregory McGarry.
2179 +.\"
2180 +.\" Redistribution and use in source and binary forms, with or without
2181 +.\" modification, are permitted provided that the following conditions
2182 +.\" are met:
2183 +.\" 1. Redistributions of source code must retain the above copyright
2184 +.\" notice, this list of conditions and the following disclaimer.
2185 +.\" 2. Redistributions in binary form must reproduce the above copyright
2186 +.\" notice, this list of conditions and the following disclaimer in the
2187 +.\" documentation and/or other materials provided with the distribution.
2188 +.\" 3. All advertising materials mentioning features or use of this software
2189 +.\" must display the following acknowledgement:
2190 +.\" This product includes software developed by the NetBSD
2191 +.\" Foundation, Inc. and its contributors.
2192 +.\" 4. Neither the name of The NetBSD Foundation nor the names of its
2193 +.\" contributors may be used to endorse or promote products derived
2194 +.\" from this software without specific prior written permission.
2195 +.\"
2196 +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
2197 +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
2198 +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
2199 +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
2200 +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2201 +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2202 +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
2203 +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
2204 +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
2205 +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
2206 +.\" POSSIBILITY OF SUCH DAMAGE.
2207 +.\"
2208 +.Dd November 10, 2001
2209 +.Dt SKEY 3
2210 +.Os
2211 +.Sh NAME
2212 +.Nm skey ,
2213 +.Nm skeychallenge ,
2214 +.Nm skeylookup ,
2215 +.Nm skeygetnext ,
2216 +.Nm skeyverify ,
2217 +.Nm skeyzero ,
2218 +.Nm getskeyprompt ,
2219 +.Nm skey_set_algorithm ,
2220 +.Nm skey_get_algorithm ,
2221 +.Nm skey_haskey ,
2222 +.Nm skey_keyinfo ,
2223 +.Nm skey_passcheck ,
2224 +.Nm skey_authenticate
2225 +.Nd one-time password (OTP) library
2226 +.Sh LIBRARY
2227 +S/key One-Time Password Library (libskey, -lskey)
2228 +.Sh SYNOPSIS
2229 +.In skey.h
2230 +.Ft int
2231 +.Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \
2232 +"size_t sslen"
2233 +.Ft int
2234 +.Fn skeylookup "struct skey *mp" "const char *name"
2235 +.Ft int
2236 +.Fn skeygetnext "struct skey *mp"
2237 +.Ft int
2238 +.Fn skeyverify "struct skey *mp" "char *response"
2239 +.Ft int
2240 +.Fn skeyzero "struct skey *mp" "char *response"
2241 +.Ft int
2242 +.Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt"
2243 +.Ft const char *
2244 +.Fn skey_set_algorithm "const char *new"
2245 +.Ft const char *
2246 +.Fn skey_get_algorithm "void"
2247 +.Ft int
2248 +.Fn skey_haskey "const char *username"
2249 +.Ft const char *
2250 +.Fn skey_keyinfo "const char *username"
2251 +.Ft int
2252 +.Fn skey_passcheck "const char *username" "char *passwd"
2253 +.Ft int
2254 +.Fn skey_authenticate "const char *username"
2255 +.Ft void
2256 +.Fn f "char *x"
2257 +.Ft int
2258 +.Fn keycrunch "char *result" "const char *seed" "const char *passwd"
2259 +.Ft void
2260 +.Fn rip "char *buf"
2261 +.Ft char *
2262 +.Fn readpass "char *buf " "int n"
2263 +.Ft char *
2264 +.Fn readskey "char *buf" "int n"
2265 +.Ft int
2266 +.Fn atob8 "char *out" "const char *in"
2267 +.Ft int
2268 +.Fn btoa8 "char *out" "const char *in"
2269 +.Ft int
2270 +.Fn htoi "int c"
2271 +.Ft const char *
2272 +.Fn skipspace "const char *cp"
2273 +.Ft void
2274 +.Fn backspace "char *buf"
2275 +.Ft void
2276 +.Fn sevenbit "char *buf"
2277 +.Ft char *
2278 +.Fn btoe "char *engout" "const char *c"
2279 +.Ft int
2280 +.Fn etob "char *out" "const char *e"
2281 +.Ft char *
2282 +.Fn put8 "char *out" "const char *s"
2283 +.Sh DESCRIPTION
2284 +The
2285 +.Nm
2286 +library provides routines for accessing
2287 +.Nx Ns 's
2288 +one-time password (OTP) authentication system.
2289 +.Pp
2290 +Most S/Key operations take a pointer to a
2291 +.Em struct skey ,
2292 +which should be considered as an opaque identifier.
2293 +.Sh FUNCTIONS
2294 +The following high-level functions are available:
2295 +.Bl -tag -width compact
2296 +.It Fn skeychallenge "mp" "name" "ss" "sslen"
2297 +Return a S/Key challenge for user
2298 +.Fa name .
2299 +If successful, the caller's skey structure
2300 +.Fa mp
2301 +is filled and 0 is returned.
2302 +If unsuccessful (e.g. if name is unknown),
2303 +\-1 is returned.
2304 +.It Fn skeylookup "mp" "name"
2305 +Find an entry for user
2306 +.Fa name
2307 +in the one-time password database.
2308 +Returns 0 if the entry is found and 1 if the entry is not found.
2309 +If an error occurs accessing the database, \-1 is returned.
2310 +.It Fn skeygetnext "mp"
2311 +Get the next entry in the one-time password database.
2312 +Returns 0 on success and the entry is stored in
2313 +.Ar mp
2314 +and 1 if no more entries are available.
2315 +If an error occurs accessing the database, \-1 is returned.
2316 +.It Fn skeyverify "mp" "response"
2317 +Verify response
2318 +.Fa response
2319 +to a S/Key challenge.
2320 +Returns 0 if the verification is successful and 1 if the verification failed.
2321 +If an error occurs accessing the database, \-1 is returned.
2322 +.It Fn skeyzero "mp" "response"
2323 +Comment out user's entry in the S/Key database.
2324 +Returns 0 on success and the database is updated,
2325 +otherwise \-1 is returned and the database remains unchanged.
2326 +.It Fn getskeyprompt "mp" "name" "prompt"
2327 +Issue a S/Key challenge for user
2328 +.Ar name .
2329 +If successful, fill in the caller's skey structure
2330 +.Fa mp
2331 +and return 0.
2332 +If unsuccessful (e.g. if name is unknown) \-1 is returned.
2333 +.El
2334 +.Pp
2335 +The following lower-level functions are available:
2336 +.Bl -tag -width compact
2337 +.It Fn skey_set_algorithm "new"
2338 +Set hash algorithm type.
2339 +Valid values for
2340 +.Fa new
2341 +are "md4", "md5" and "sha1".
2342 +.It Fn skey_get_algorithm "void"
2343 +Get current hash type.
2344 +.It Fn skey_haskey "username"
2345 +Returns 0 if the user
2346 +.Fa username
2347 +exists and 1 if the user doesn't exist.
2348 +Returns \-1 on file error.
2349 +.It Fn skey_keyinfo "username"
2350 +Returns the current sequence number and seed for user
2351 +.Ar username .
2352 +.It Fn skey_passcheck "username" "passwd"
2353 +Checks to see if answer is the correct one to the current challenge.
2354 +.It Fn skey_authenticate "username"
2355 +Used when calling program will allow input of the user's response to
2356 +the challenge.
2357 +Returns zero on success or \-1 on failure.
2358 +.El
2359 +.Pp
2360 +The following miscellaneous functions are available:
2361 +.Bl -tag -width compact
2362 +.It Fn f "x"
2363 +One-way function to take 8 bytes pointed to by
2364 +.Fa x
2365 +and return 8 bytes in place.
2366 +.It Fn keycrunch "char *result" "const char *seed" "const char *passwd"
2367 +Crunch a key.
2368 +.It Fn rip "buf"
2369 +Strip trailing CR/LF characters from a line of text
2370 +.Fa buf .
2371 +.It Fn readpass "buf" "n"
2372 +Read in secret passwd (turns off echo).
2373 +.It Fn readskey "buf" "n"
2374 +Read in an s/key OTP (does not turn off echo).
2375 +.It Fn atob8 "out" "in"
2376 +Convert 8-byte hex-ascii string
2377 +.Fa in
2378 +to binary array
2379 +.Fa out .
2380 +Returns 0 on success, \-1 on error.
2381 +.It Fn btoa8 "out" "in"
2382 +Convert 8-byte binary array
2383 +.Fa in
2384 +to hex-ascii string
2385 +.Fa out .
2386 +Returns 0 on success, \-1 on error.
2387 +.It Fn htoi "int c"
2388 +Convert hex digit to binary integer.
2389 +.It Fn skipspace "cp"
2390 +Skip leading spaces from the string
2391 +.Fa cp .
2392 +.It Fn backspace "buf"
2393 +Remove backspaced over characters from the string
2394 +.Fa buf .
2395 +.It Fn sevenbit "buf"
2396 +Ensure line
2397 +.Fa buf
2398 +is all seven bits.
2399 +.It Fn btoe "engout" "c"
2400 +Encode 8 bytes in
2401 +.Ar c
2402 +as a string of English words.
2403 +Returns a pointer to a static buffer in
2404 +.Fa engout .
2405 +.It Fn etob "out" "e"
2406 +Convert English to binary.
2407 +Returns 0 if the word is not in the database, 1 if all good words and
2408 +parity is valid, \-1 if badly formed input (i.e. \*[Gt] 4 char word)
2409 +and -2 if words are valid but parity is wrong.
2410 +.It Fn put8 "out" "s"
2411 +Display 8 bytes
2412 +.Fa s
2413 +as a series of 16-bit hex digits.
2414 +.El
2415 +.Sh FILES
2416 +.Bl -tag -width /usr/lib/libskey_p.a -compact
2417 +.It Pa /usr/lib/libskey.a
2418 +static skey library
2419 +.It Pa /usr/lib/libskey.so
2420 +dynamic skey library
2421 +.It Pa /usr/lib/libskey_p.a
2422 +static skey library compiled for profiling
2423 +.El
2424 +.Sh SEE ALSO
2425 +.Xr skey 1 ,
2426 +.Xr skeyaudit 1 ,
2427 +.Xr skeyinfo 1
2428 +.Sh BUGS
2429 +The
2430 +.Nm
2431 +library functions are not re-entrant or thread-safe.
2432 +.Pp
2433 +The
2434 +.Nm
2435 +library defines many poorly named functions which pollute the name space.
2436 --- skey-1.1.5.orig/skeyaudit.1 2001-05-10 17:10:49.000000000 +0100
2437 +++ skey-1.1.5/skeyaudit.1 2003-11-06 17:46:45.000000000 +0000
2438 @@ -1,46 +1,29 @@
2439 -.\" $OpenBSD: skeyaudit.1,v 1.8 2000/11/09 17:52:38 aaron Exp $
2440 +.\" $NetBSD: skeyaudit.1,v 1.6 2001/04/09 12:34:14 wiz Exp $
2441 .\"
2442 -.Dd 22 July 1997
2443 +.Dd June 9, 1994
2444 .Dt SKEYAUDIT 1
2445 .Os
2446 .Sh NAME
2447 .Nm skeyaudit
2448 .Nd warn users if their S/Key will soon expire
2449 .Sh SYNOPSIS
2450 -.Nm skeyaudit
2451 -.Op Fl a
2452 -.Op Fl i
2453 -.Op Fl l Ar limit
2454 +.Nm
2455 +.Op Ar limit
2456 .Sh DESCRIPTION
2457 .Nm
2458 searches through the file
2459 -.Pa /etc/skeykeys
2460 +.Dq Pa /etc/skey/skeykeys
2461 for users whose S/Key sequence number is less than
2462 .Ar limit ,
2463 -and mails them a reminder to run
2464 +and sends them a reminder to run
2465 .Xr skeyinit 1
2466 -soon.
2467 -.Pp
2468 -The options are as follows:
2469 -.Bl -tag -width Ds
2470 -.It Fl a
2471 -Check all keys in
2472 -.Pa /etc/skeykeys .
2473 -This option is only available to the superuser and
2474 -is useful to run regularly via
2475 -.Xr cron 8 .
2476 -.It Fl i
2477 -Interactive mode.
2478 -Don't send mail, just print to the standard output.
2479 -.It Fl l Ar limit
2480 -The limit used to determine whether or not a user should be notified.
2481 -The default is to notify if there are fewer than 12 keys left.
2482 -.El
2483 +soon. If no limit is specified a default of 12 is used.
2484 .Sh FILES
2485 -.Bl -tag -width /etc/skeykeys -compact
2486 -.It Pa /etc/skeykeys
2487 -S/Key key information database
2488 +.Bl -tag -width /etc/skey/skeykeys -compact
2489 +.It Pa /etc/skey/skeykeys
2490 +The S/Key key information database
2491 .El
2492 .Sh SEE ALSO
2493 .Xr skey 1 ,
2494 +.Xr skeyinfo 1 ,
2495 .Xr skeyinit 1
2496 --- skey-1.1.5.orig/skeyaudit.c 2001-05-10 17:10:49.000000000 +0100
2497 +++ skey-1.1.5/skeyaudit.c 1970-01-01 01:00:00.000000000 +0100
2498 @@ -1,236 +0,0 @@
2499 -/* $OpenBSD: skeyaudit.c,v 1.10 2000/09/20 21:53:49 pjanzen Exp $ */
2500 -
2501 -/*
2502 - * Copyright (c) 1997, 2000 Todd C. Miller <Todd.Miller@×××××××××.com>
2503 - * All rights reserved.
2504 - *
2505 - * Redistribution and use in source and binary forms, with or without
2506 - * modification, are permitted provided that the following conditions
2507 - * are met:
2508 - * 1. Redistributions of source code must retain the above copyright
2509 - * notice, this list of conditions and the following disclaimer.
2510 - * 2. Redistributions in binary form must reproduce the above copyright
2511 - * notice, this list of conditions and the following disclaimer in the
2512 - * documentation and/or other materials provided with the distribution.
2513 - * 3. The name of the author may not be used to endorse or promote products
2514 - * derived from this software without specific prior written permission.
2515 - *
2516 - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
2517 - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
2518 - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
2519 - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
2520 - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
2521 - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
2522 - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
2523 - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
2524 - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
2525 - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2526 - */
2527 -
2528 -#include <errno.h>
2529 -/*#include <limits.h>*/
2530 -#include <pwd.h>
2531 -#include <stdio.h>
2532 -#include <stdlib.h>
2533 -#include <string.h>
2534 -#include <unistd.h>
2535 -#include <netdb.h>
2536 -#include "config.h"
2537 -#ifdef HAVE_ERR_H
2538 -#include <err.h>
2539 -#else
2540 -#include "err.h"
2541 -#endif
2542 -#include "skey.h"
2543 -
2544 -#include <sys/types.h>
2545 -#include <sys/param.h>
2546 -#include <sys/wait.h>
2547 -
2548 -#ifdef HAVE_LOGIN_CAP_H
2549 -# include <login_cap.h>
2550 -#else
2551 -# include "login_cap.h"
2552 -#endif
2553 -
2554 -char *__progname;
2555 -
2556 -void notify __P((struct passwd *, int, int));
2557 -FILE *runsendmail __P((struct passwd *, int *));
2558 -void usage __P((void));
2559 -
2560 -int
2561 -main(argc, argv)
2562 - int argc;
2563 - char **argv;
2564 -{
2565 - struct passwd *pw;
2566 - struct skey key;
2567 - int ch, errs = 0, left = 0, aflag = 0, iflag = 0, limit = 12;
2568 - char *name;
2569 -
2570 - __progname = argv[0];
2571 -
2572 - if (geteuid() != 0)
2573 - errx(1, "must be setuid root");
2574 -
2575 - while ((ch = getopt(argc, argv, "ail:")) != -1)
2576 - switch(ch) {
2577 - case 'a':
2578 - aflag = 1;
2579 - if (getuid() != 0)
2580 - errx(1, "only root may use the -a flag");
2581 - break;
2582 - case 'i':
2583 - iflag = 1;
2584 - break;
2585 - case 'l':
2586 - errno = 0;
2587 - if ((limit = (int)strtol(optarg, NULL, 10)) == 0)
2588 - errno = ERANGE;
2589 - if (errno) {
2590 - warn("key limit");
2591 - usage();
2592 - }
2593 - break;
2594 - default:
2595 - usage();
2596 - }
2597 -
2598 - if (argc - optind > 0)
2599 - usage();
2600 -
2601 - /* Need key.keyfile zero'd at the very least */
2602 - (void)memset(&key, 0, sizeof(key));
2603 -
2604 - if (aflag) {
2605 - while ((ch = skeygetnext(&key)) == 0) {
2606 - left = key.n - 1;
2607 - if ((pw = getpwnam(key.logname)) == NULL)
2608 - continue;
2609 - if (left >= limit)
2610 - continue;
2611 - notify(pw, left, iflag);
2612 - }
2613 - if (ch == -1)
2614 - errx(-1, "cannot open %s", SKEYKEYS);
2615 - else
2616 - (void)fclose(key.keyfile);
2617 - } else {
2618 - if ((pw = getpwuid(getuid())) == NULL)
2619 - errx(1, "no passwd entry for uid %u", getuid());
2620 - if ((name = strdup(pw->pw_name)) == NULL)
2621 - err(1, "cannot allocate memory");
2622 - sevenbit(name);
2623 -
2624 - errs = skeylookup(&key, name);
2625 - switch (errs) {
2626 - case 0: /* Success! */
2627 - left = key.n - 1;
2628 - break;
2629 - case -1: /* File error */
2630 - errx(errs, "cannot open %s", SKEYKEYS);
2631 - break;
2632 - case 1: /* Unknown user */
2633 - warnx("%s is not listed in %s", name,
2634 - SKEYKEYS);
2635 - }
2636 - (void)fclose(key.keyfile);
2637 -
2638 - if (!errs && left < limit)
2639 - notify(pw, left, iflag);
2640 - }
2641 -
2642 - exit(errs);
2643 -}
2644 -
2645 -void
2646 -notify(pw, seq, interactive)
2647 - struct passwd *pw;
2648 - int seq;
2649 - int interactive;
2650 -{
2651 - static char hostname[MAXHOSTNAMELEN];
2652 - int pid;
2653 - FILE *out;
2654 -
2655 - /* Only set this once */
2656 - if (hostname[0] == '\0' && gethostname(hostname, sizeof(hostname)) == -1)
2657 - strcpy(hostname, "unknown");
2658 -
2659 - if (interactive)
2660 - out = stdout;
2661 - else
2662 - out = runsendmail(pw, &pid);
2663 -
2664 - if (!interactive)
2665 - (void)fprintf(out,
2666 - "To: %s\nSubject: IMPORTANT action required\n", pw->pw_name);
2667 -
2668 - if (seq)
2669 - (void)fprintf(out,
2670 -"\nYou are nearing the end of your current S/Key sequence for account\n\
2671 -%s on system %s.\n\n\
2672 -Your S/Key sequence number is now %d. When it reaches zero\n\
2673 -you will no longer be able to use S/Key to log into the system.\n\n",
2674 -pw->pw_name, hostname, seq);
2675 - else
2676 - (void)fprintf(out,
2677 -"\nYou are at the end of your current S/Key sequence for account\n\
2678 -%s on system %s.\n\n\
2679 -At this point you can no longer use S/Key to log into the system.\n\n",
2680 -pw->pw_name, hostname);
2681 - (void)fprintf(out,
2682 -"Type \"skeyinit -s\" to reinitialize your sequence number.\n\n");
2683 -
2684 - (void)fclose(out);
2685 - if (!interactive)
2686 - (void)waitpid(pid, NULL, 0);
2687 -}
2688 -
2689 -FILE *
2690 -runsendmail(pw, pidp)
2691 - struct passwd *pw;
2692 - int *pidp;
2693 -{
2694 - FILE *fp;
2695 - int pfd[2], pid;
2696 -
2697 - if (pipe(pfd) < 0)
2698 - return(NULL);
2699 -
2700 - switch (pid = fork()) {
2701 - case -1: /* fork(2) failed */
2702 - (void)close(pfd[0]);
2703 - (void)close(pfd[1]);
2704 - return(NULL);
2705 - case 0: /* In child */
2706 - (void)close(pfd[1]);
2707 - (void)dup2(pfd[0], STDIN_FILENO);
2708 - (void)close(pfd[0]);
2709 -
2710 - /* Run sendmail as target user not root */
2711 - if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) {
2712 - warn("cannot set user context");
2713 - _exit(127);
2714 - }
2715 -
2716 - execl(SENDMAIL, "sendmail", "-t", NULL);
2717 - warn("cannot run \"%s -t\"", SENDMAIL);
2718 - _exit(127);
2719 - }
2720 -
2721 - /* In parent */
2722 - *pidp = pid;
2723 - fp = fdopen(pfd[1], "w");
2724 - (void)close(pfd[0]);
2725 -
2726 - return(fp);
2727 -}
2728 -void
2729 -usage()
2730 -{
2731 - (void)fprintf(stderr, "Usage: %s [-i] [-l limit]\n",
2732 - __progname);
2733 - exit(1);
2734 -}
2735 --- skey-1.1.5.orig/skeyaudit.sh 1970-01-01 01:00:00.000000000 +0100
2736 +++ skey-1.1.5/skeyaudit.sh 2003-11-06 17:46:45.000000000 +0000
2737 @@ -0,0 +1,58 @@
2738 +#!/bin/sh
2739 +#
2740 +# $NetBSD: skeyaudit.sh,v 1.2.12.2 2000/07/28 12:42:59 mjl Exp $
2741 +#
2742 +# This script will look thru the skeykeys file for
2743 +# people with sequence numbers less than LOWLIMIT=12
2744 +# and send them an e-mail reminder to use skeyinit soon
2745 +#
2746 +
2747 +KEYDB=/etc/skey/skeykeys
2748 +LOWLIMIT=12
2749 +ADMIN=root
2750 +SUBJECT="Reminder: Run skeyinit"
2751 +HOST=`/bin/hostname`
2752 +
2753 +
2754 +if [ "$1" != "" ]
2755 +then
2756 + LOWLIMIT=$1
2757 +fi
2758 +
2759 +if [ ! -s "${KEYDB}" ]; then
2760 + exit 0
2761 +fi
2762 +
2763 +# an skeykeys entry looks like
2764 +# jsw 0076 la13079 ba20a75528de9d3a
2765 +# #oot md5 0005 aspa26398 9432d570ff4421f0 Jul 07,2000 01:36:43
2766 +# mjl sha1 0099 alpha2 459a5dac23d20a90 Jul 07,2000 02:14:17
2767 +# the sequence number is the second (or third) entry
2768 +#
2769 +
2770 +SKEYS=`awk '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB`
2771 +
2772 +set -- ${SKEYS}
2773 +
2774 +while [ "X$1" != "X" ]; do
2775 + USER=$1
2776 + SEQ=$2
2777 + KEY=$3
2778 + shift 3
2779 + # echo "$USER -- $SEQ -- $KEY"
2780 + if [ $SEQ -lt $LOWLIMIT ]; then
2781 + if [ $SEQ -lt 3 ]; then
2782 + SUBJECT="IMPORTANT action required"
2783 + fi
2784 + (
2785 + echo "You are nearing the end of your current S/Key sequence for account $i"
2786 + echo "on system $HOST."
2787 + echo ""
2788 + echo "Your S/key sequence number is now $SEQ. When it reaches zero you"
2789 + echo "will no longer be able to use S/Key to login into the system. "
2790 + echo " "
2791 + echo "Use \"skeyinit -s\" to reinitialize your sequence number."
2792 + echo ""
2793 + ) | mail -s "$SUBJECT" $USER $ADMIN
2794 + fi
2795 +done
2796 --- skey-1.1.5.orig/skey.c 2001-05-10 17:10:49.000000000 +0100
2797 +++ skey-1.1.5/skey.c 2003-11-06 17:46:45.000000000 +0000
2798 @@ -25,6 +25,7 @@
2799 #include <stdlib.h>
2800 #include <string.h>
2801 #include <unistd.h>
2802 +#include <ctype.h>
2803 #include "config.h"
2804
2805 #ifdef HAVE_ERR_H
2806 @@ -35,102 +36,93 @@
2807
2808 #include "skey.h"
2809
2810 -void usage __P((char *));
2811 +int main(int, char **);
2812 +void usage(char *);
2813
2814 int
2815 -main(argc, argv)
2816 - int argc;
2817 - char *argv[];
2818 +main(int argc, char **argv)
2819 {
2820 - int n, i, cnt = 1, pass = 0, hexmode = 0;
2821 - char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
2822 - char buf[33], *seed, *slash;
2823 -
2824 - /* If we were called as otp-METHOD, set algorithm based on that */
2825 - if ((slash = strrchr(argv[0], '/')))
2826 - slash++;
2827 - else
2828 - slash = argv[0];
2829 - if (strncmp(slash, "otp-", 4) == 0) {
2830 - slash += 4;
2831 - if (skey_set_algorithm(slash) == NULL)
2832 - errx(1, "Unknown hash algorithm %s", slash);
2833 - }
2834 -
2835 - for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
2836 - if (argv[i][2] == '\0') {
2837 - /* Single character switch */
2838 - switch (argv[i][1]) {
2839 + int n, cnt = 1, i, pass = 0, hexmode = 0;
2840 + char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
2841 + char buf[33], *seed, *slash, *t;
2842 +
2843 + while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) {
2844 + switch(i) {
2845 + case 'f':
2846 + break; /* unused */
2847 case 'n':
2848 - if (i + 1 == argc)
2849 - usage(argv[0]);
2850 - cnt = atoi(argv[++i]);
2851 + cnt = atoi(optarg);
2852 break;
2853 case 'p':
2854 - if (i + 1 == argc)
2855 - usage(argv[0]);
2856 - if (strlcpy(passwd, argv[++i], sizeof(passwd)) >=
2857 - sizeof(passwd))
2858 - errx(1, "Password too long");
2859 + if (strncpy(passwd, optarg, sizeof(passwd)) == NULL)
2860 + errx(1, "Password too long");
2861 pass = 1;
2862 break;
2863 + case 't':
2864 + if (skey_set_algorithm(optarg) == NULL)
2865 + errx(1, "Unknown hash algorithm %s", optarg);
2866 + break;
2867 case 'x':
2868 hexmode = 1;
2869 break;
2870 default:
2871 usage(argv[0]);
2872 - }
2873 - } else {
2874 - /* Multi character switches are hash types */
2875 - if (skey_set_algorithm(&argv[i][1]) == NULL) {
2876 - warnx("Unknown hash algorithm %s", &argv[i][1]);
2877 - usage(argv[0]);
2878 - }
2879 + break;
2880 }
2881 - i++;
2882 }
2883
2884 - if (argc > i + 2)
2885 - usage(argv[0]);
2886 -
2887 - /* Could be in the form <number>/<seed> */
2888 - if (argc <= i + 1) {
2889 + /* could be in the form <number>/<seed> */
2890 + if (argc <= optind + 1) {
2891 /* look for / in it */
2892 - if (argc <= i)
2893 + if (argc <= optind)
2894 usage(argv[0]);
2895 - slash = strchr(argv[i], '/');
2896 + slash = strchr(argv[optind], '/');
2897 if (slash == NULL)
2898 usage(argv[0]);
2899 *slash++ = '\0';
2900 seed = slash;
2901
2902 - if ((n = atoi(argv[i])) < 0) {
2903 - warnx("%d not positive", n);
2904 + if ((n = atoi(argv[optind])) < 0) {
2905 + fprintf(stderr, "%s is not positive\n", argv[optind]);
2906 usage(argv[0]);
2907 } else if (n > SKEY_MAX_SEQ) {
2908 warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
2909 usage(argv[0]);
2910 }
2911 } else {
2912 - if ((n = atoi(argv[i])) < 0) {
2913 - warnx("%d not positive", n);
2914 + if ((n = atoi(argv[optind])) < 0) {
2915 + fprintf(stderr, "%s not positive\n", argv[optind]);
2916 usage(argv[0]);
2917 } else if (n > SKEY_MAX_SEQ) {
2918 warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
2919 usage(argv[0]);
2920 }
2921 - seed = argv[++i];
2922 + seed = argv[++optind];
2923 + }
2924 +
2925 + for (t = seed; *t; t++) {
2926 + if (!isalnum(*t))
2927 + errx(1, "seed must be alphanumeric");
2928 }
2929
2930 + if (!*seed || strlen(seed) > SKEY_MAX_SEED_LEN)
2931 + errx(1, "seed must be between 1 and %d long", SKEY_MAX_SEED_LEN);
2932 +
2933 /* Get user's secret password */
2934 if (!pass) {
2935 - (void)fputs("Reminder - Do not use this program while logged in via telnet or rlogin.\n", stderr);
2936 - (void)fputs("Enter secret password: ", stderr);
2937 + fputs("Reminder - Do not use this program while "
2938 + "logged in via telnet or rlogin.\n", stderr);
2939 + fprintf(stderr, "Enter secret password: ");
2940 readpass(passwd, sizeof(passwd));
2941 if (passwd[0] == '\0')
2942 exit(1);
2943 }
2944
2945 + if (strlen(passwd) < SKEY_MIN_PW_LEN)
2946 + warnx(
2947 + "RFC2289 states that password should be at least %d characters long",
2948 + SKEY_MIN_PW_LEN);
2949 +
2950 /* Crunch seed and password into starting key */
2951 if (keycrunch(key, seed, passwd) != 0)
2952 errx(1, "key crunch failed");
2953 @@ -138,16 +130,15 @@
2954 if (cnt == 1) {
2955 while (n-- != 0)
2956 f(key);
2957 - (void)puts(hexmode ? put8(buf, key) : btoe(buf, key));
2958 + puts(hexmode ? put8(buf, key) : btoe(buf, key));
2959 } else {
2960 for (i = 0; i <= n - cnt; i++)
2961 f(key);
2962 for (; i <= n; i++) {
2963 + printf("%3d: %-29s", i, btoe(buf, key));
2964 if (hexmode)
2965 - (void)printf("%d: %-29s %s\n", i,
2966 - btoe(buf, key), put8(buf, key));
2967 - else
2968 - (void)printf("%d: %-29s\n", i, btoe(buf, key));
2969 + printf("\t%s", put8(buf, key));
2970 + puts("");
2971 f(key);
2972 }
2973 }
2974 @@ -155,9 +146,10 @@
2975 }
2976
2977 void
2978 -usage(s)
2979 - char *s;
2980 +usage(char *s)
2981 {
2982 - (void)fprintf(stderr, "Usage: %s [-x] [-md4|-md5|-sha1|-rmd160] [-n count] [-p password] <sequence#>[/] key\n", s);
2983 + fprintf(stderr,
2984 +"Usage: %s [-n count] [-p password] [-t hash] [-x] sequence# [/] key\n",
2985 + s);
2986 exit(1);
2987 }
2988 --- skey-1.1.5.orig/skey.h 2001-05-10 17:10:49.000000000 +0100
2989 +++ skey-1.1.5/skey.h 2003-11-06 17:46:45.000000000 +0000
2990 @@ -1,3 +1,5 @@
2991 +/* $NetBSD: skey.h,v 1.8 2000/07/28 16:35:11 thorpej Exp $ */
2992 +
2993 /*
2994 * S/KEY v1.1b (skey.h)
2995 *
2996 @@ -11,86 +13,86 @@
2997 * Todd C. Miller <Todd.Miller@×××××××××.com>
2998 *
2999 * Main client header
3000 - *
3001 - * $OpenBSD: skey.h,v 1.13 1999/07/15 14:33:48 provos Exp $
3002 */
3003
3004 /* Server-side data structure for reading keys file during login */
3005 -struct skey {
3006 - FILE *keyfile;
3007 - char buf[256];
3008 - char *logname;
3009 - int n;
3010 - char *seed;
3011 - char *val;
3012 - long recstart; /* needed so reread of buffer is efficient */
3013 +struct skey
3014 +{
3015 + FILE *keyfile;
3016 + char buf[256];
3017 + char *logname;
3018 + int n;
3019 + char *seed;
3020 + char *val;
3021 + long recstart; /* needed so reread of buffer is efficient */
3022 };
3023
3024 /* Client-side structure for scanning data stream for challenge */
3025 -struct mc {
3026 - char buf[256];
3027 - int skip;
3028 - int cnt;
3029 +struct mc
3030 +{
3031 + char buf[256];
3032 + int skip;
3033 + int cnt;
3034 };
3035
3036 /* Maximum sequence number we allow */
3037 #ifndef SKEY_MAX_SEQ
3038 -#define SKEY_MAX_SEQ 10000
3039 +#define SKEY_MAX_SEQ 10000
3040 #endif
3041
3042 -/* Minimum secret password length (rfc1938) */
3043 +/* Minimum secret password length (rfc2289) */
3044 #ifndef SKEY_MIN_PW_LEN
3045 -#define SKEY_MIN_PW_LEN 10
3046 +#define SKEY_MIN_PW_LEN 10
3047 #endif
3048
3049 -/* Max secret password length (rfc1938 says 63 but allows more) */
3050 +/* Max secret password length (rfc2289 says 63 but allows more) */
3051 #ifndef SKEY_MAX_PW_LEN
3052 -#define SKEY_MAX_PW_LEN 255
3053 +#define SKEY_MAX_PW_LEN 255
3054 #endif
3055
3056 -/* Max length of an S/Key seed (rfc1938) */
3057 +/* Max length of an S/Key seed (rfc2289) */
3058 #ifndef SKEY_MAX_SEED_LEN
3059 -#define SKEY_MAX_SEED_LEN 16
3060 +#define SKEY_MAX_SEED_LEN 16
3061 #endif
3062
3063 /* Max length of S/Key challenge (otp-???? 9999 seed) */
3064 #ifndef SKEY_MAX_CHALLENGE
3065 -#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN)
3066 +#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN)
3067 #endif
3068
3069 /* Max length of hash algorithm name (md4/md5/sha1/rmd160) */
3070 -#define SKEY_MAX_HASHNAME_LEN 6
3071 +#define SKEY_MAX_HASHNAME_LEN 6
3072
3073 /* Size of a binary key (not NULL-terminated) */
3074 -#define SKEY_BINKEY_SIZE 8
3075 +#define SKEY_BINKEY_SIZE 8
3076
3077 /* Location of random file for bogus challenges */
3078 -#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random"
3079 +#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random"
3080
3081 /* Prototypes */
3082 -void f(char *x);
3083 -int keycrunch(char *result, char *seed, char *passwd);
3084 -char *btoe(char *engout, char *c);
3085 -char *put8(char *out, char *s);
3086 -int etob(char *out, char *e);
3087 -void rip(char *buf);
3088 -int skeychallenge(struct skey * mp, char *name, char *ss);
3089 -int skeylookup (struct skey * mp, char *name);
3090 -int skeyverify (struct skey * mp, char *response);
3091 -int skeyzero (struct skey * mp, char *response);
3092 -void sevenbit (char *s);
3093 -void backspace (char *s);
3094 -char *skipspace (char *s);
3095 -char *readpass (char *buf, int n);
3096 -char *readskey (char *buf, int n);
3097 -int skey_authenticate (char *username);
3098 -int skey_passcheck (char *username, char *passwd);
3099 -char *skey_keyinfo (char *username);
3100 -int skey_haskey (char *username);
3101 -int getskeyprompt (struct skey *mp, char *name, char *prompt);
3102 -int atob8 (char *out, char *in);
3103 -int btoa8 (char *out, char *in);
3104 -int htoi (int c);
3105 -const char *skey_get_algorithm (void);
3106 -char *skey_set_algorithm (char *new);
3107 -int skeygetnext (struct skey *mp);
3108 +void f __P ((char *));
3109 +int keycrunch __P ((char *, const char *, const char *));
3110 +char *btoe __P ((char *, const char *));
3111 +char *put8 __P ((char *, const char *));
3112 +int etob __P ((char *, const char *));
3113 +void rip __P ((char *));
3114 +int skeychallenge __P ((struct skey *, const char *, char *, size_t));
3115 +int skeylookup __P ((struct skey *, const char *));
3116 +int skeyverify __P ((struct skey *, char *));
3117 +void sevenbit __P ((char *));
3118 +void backspace __P ((char *));
3119 +const char *skipspace __P ((const char *));
3120 +char *readpass __P ((char *, int));
3121 +char *readskey __P ((char *, int));
3122 +int skey_authenticate __P ((const char *));
3123 +int skey_passcheck __P ((const char *, char *));
3124 +const char *skey_keyinfo __P ((const char *));
3125 +int skey_haskey __P ((const char *));
3126 +int getskeyprompt __P ((struct skey *, char *, char *));
3127 +int atob8 __P((char *, const char *));
3128 +int btoa8 __P((char *, const char *));
3129 +int htoi __P((int));
3130 +const char *skey_get_algorithm __P((void));
3131 +const char *skey_set_algorithm __P((const char *));
3132 +int skeygetnext __P((struct skey *));
3133 +int skeyzero __P((struct skey *, char *));
3134 --- skey-1.1.5.orig/skeyinfo.1 2001-05-10 17:10:49.000000000 +0100
3135 +++ skey-1.1.5/skeyinfo.1 2003-11-06 17:46:45.000000000 +0000
3136 @@ -1,30 +1,19 @@
3137 -.\" $OpenBSD: skeyinfo.1,v 1.3 2000/03/11 21:40:02 aaron Exp $
3138 +.\" $NetBSD: skeyinfo.1,v 1.5 2001/04/09 12:34:44 wiz Exp $
3139 .\"
3140 -.Dd 22 July 1997
3141 +.Dd June 9, 1994
3142 .Dt SKEYINFO 1
3143 .Os
3144 .Sh NAME
3145 .Nm skeyinfo
3146 .Nd obtain the next S/Key challenge for a user
3147 .Sh SYNOPSIS
3148 -.Nm skeyinfo
3149 -.Op Fl v
3150 +.Nm
3151 .Op Ar user
3152 .Sh DESCRIPTION
3153 .Nm
3154 prints out the next S/Key challenge for the specified user or for the
3155 current user if no user is specified.
3156 -.Pp
3157 -The options are as follows:
3158 -.Bl -tag -width Ds
3159 -.It Fl v
3160 -Print the hash algorithm as well.
3161 -.El
3162 -.Sh EXAMPLES
3163 -% skey -n <number of passwords to print> `skeyinfo` | lpr
3164 -.Pp
3165 -This would print out a list of S/Key passwords for use over
3166 -an untrusted network (perhaps for use at a conference).
3167 .Sh SEE ALSO
3168 .Xr skey 1 ,
3169 +.Xr skeyaudit 1 ,
3170 .Xr skeyinit 1
3171 --- skey-1.1.5.orig/skeyinfo.c 2001-05-10 17:10:49.000000000 +0100
3172 +++ skey-1.1.5/skeyinfo.c 2003-11-06 17:46:45.000000000 +0000
3173 @@ -1,9 +1,12 @@
3174 -/* $OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $ */
3175 +/* $NetBSD: skeyinfo.c,v 1.4 2003/07/23 04:11:50 itojun Exp $ */
3176
3177 -/*
3178 - * Copyright (c) 1997 Todd C. Miller <Todd.Miller@×××××××××.com>
3179 +/*-
3180 + * Copyright (c) 1997 The NetBSD Foundation, Inc.
3181 * All rights reserved.
3182 *
3183 + * This code is derived from software contributed to The NetBSD Foundation
3184 + * by Andrew Brown.
3185 + *
3186 * Redistribution and use in source and binary forms, with or without
3187 * modification, are permitted provided that the following conditions
3188 * are met:
3189 @@ -12,104 +15,79 @@
3190 * 2. Redistributions in binary form must reproduce the above copyright
3191 * notice, this list of conditions and the following disclaimer in the
3192 * documentation and/or other materials provided with the distribution.
3193 - * 3. The name of the author may not be used to endorse or promote products
3194 - * derived from this software without specific prior written permission.
3195 + * 3. All advertising materials mentioning features or use of this software
3196 + * must display the following acknowledgement:
3197 + * This product includes software developed by the NetBSD
3198 + * Foundation, Inc. and its contributors.
3199 + * 4. Neither the name of The NetBSD Foundation nor the names of its
3200 + * contributors may be used to endorse or promote products derived
3201 + * from this software without specific prior written permission.
3202 *
3203 - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
3204 - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
3205 - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
3206 - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
3207 - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
3208 - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
3209 - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
3210 - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
3211 - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
3212 - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3213 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
3214 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
3215 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3216 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
3217 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
3218 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
3219 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
3220 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
3221 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3222 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
3223 + * POSSIBILITY OF SUCH DAMAGE.
3224 */
3225
3226 -/*#include <limits.h>*/
3227 -#include <pwd.h>
3228 #include <stdio.h>
3229 -#include <stdlib.h>
3230 +#include <pwd.h>
3231 +#include <err.h>
3232 #include <string.h>
3233 #include <unistd.h>
3234 -#include "config.h"
3235 -#include "skey.h"
3236 -/*#include "defines.h"*/
3237
3238 -char *__progname;
3239 +#include "skey.h"
3240
3241 -void usage(void);
3242 +int main __P((int, char *[]));
3243
3244 -int
3245 -main(argc, argv)
3246 - int argc;
3247 - char **argv;
3248 +int main(int argc, char **argv)
3249 {
3250 - struct passwd *pw;
3251 - struct skey key;
3252 - char *name = NULL;
3253 - int error, ch, verbose = 0;
3254 -
3255 - __progname=argv[0];
3256 -
3257 - if (geteuid() != 0)
3258 - errx(1, "must be setuid root");
3259 -
3260 - while ((ch = getopt(argc, argv, "v")) != -1)
3261 - switch(ch) {
3262 - case 'v':
3263 - verbose = 1;
3264 - break;
3265 - default:
3266 - usage();
3267 + struct skey skey;
3268 + char name[100], prompt[1024];
3269 + int uid;
3270 + struct passwd *pw = NULL;
3271 +
3272 + argc--;
3273 + argv++;
3274 +
3275 + if (geteuid())
3276 + errx(1, "must be root to read %s", SKEYKEYS);
3277 +
3278 + uid = getuid();
3279 +
3280 + if (!argc)
3281 + pw = getpwuid(uid);
3282 + else if (!uid)
3283 + pw = getpwnam(argv[0]);
3284 + else
3285 + errx(1, "permission denied to look other users skeys");
3286 +
3287 + if (!pw) {
3288 + if (argc)
3289 + errx(1, "%s: no such user", argv[0]);
3290 + else
3291 + errx(1, "who are you?");
3292 }
3293 - argc -= optind;
3294 - argv += optind;
3295
3296 - if (argc == 1)
3297 - name = argv[0];
3298 - else if (argc > 1)
3299 - usage();
3300 -
3301 - if (name && getuid() != 0)
3302 - errx(1, "only root may specify an alternate user");
3303 -
3304 - if (name) {
3305 - if (strlen(name) > PASS_MAX)
3306 - errx(1, "username too long (%d chars max)", PASS_MAX);
3307 - if ((pw = getpwnam(name)) == NULL)
3308 - errx(1, "no passwd entry for %s", name);
3309 - } else {
3310 - if ((pw = getpwuid(getuid())) == NULL)
3311 - errx(1, "no passwd entry for uid %u", getuid());
3312 - }
3313 + strncpy(name, pw->pw_name, sizeof(name));
3314
3315 - if ((name = strdup(pw->pw_name)) == NULL)
3316 - err(1, "cannot allocate memory");
3317 - sevenbit(name);
3318 -
3319 - error = skeylookup(&key, name);
3320 - switch (error) {
3321 - case 0: /* Success! */
3322 - if (verbose)
3323 - (void)printf("otp-%s ", skey_get_algorithm());
3324 - (void)printf("%d %s\n", key.n - 1, key.seed);
3325 - break;
3326 - case -1: /* File error */
3327 - warnx("cannot open %s", SKEYKEYS);
3328 - break;
3329 - case 1: /* Unknown user */
3330 - warnx("%s is not listed in %s", name, SKEYKEYS);
3331 + if (getskeyprompt(&skey, name, prompt) == -1) {
3332 + printf("%s %s no s/key\n",
3333 + argc ? name : "You",
3334 + argc ? "has" : "have");
3335 }
3336 - (void)fclose(key.keyfile);
3337 -
3338 - exit(error);
3339 -}
3340 -
3341 -void
3342 -usage()
3343 -{
3344 - (void)fprintf(stderr, "Usage: %s [-v] [user]\n", __progname);
3345 - exit(1);
3346 + else {
3347 + if (argc)
3348 + printf("%s's ", pw->pw_name);
3349 + else
3350 + printf("Your ");
3351 + printf("next %s", prompt);
3352 + }
3353 + return 0;
3354 }
3355 --- skey-1.1.5.orig/skeyinit.1 2001-05-10 17:10:49.000000000 +0100
3356 +++ skey-1.1.5/skeyinit.1 2003-11-06 17:46:45.000000000 +0000
3357 @@ -1,22 +1,18 @@
3358 -.\" $OpenBSD: skeyinit.1,v 1.19 2000/11/09 17:52:39 aaron Exp $
3359 -.\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
3360 +.\" $NetBSD: skeyinit.1,v 1.11 2001/04/09 12:35:00 wiz Exp $
3361 .\" @(#)skeyinit.1 1.1 10/28/93
3362 .\"
3363 -.Dd February 24, 1998
3364 +.Dd June 7, 2000
3365 .Dt SKEYINIT 1
3366 .Os
3367 .Sh NAME
3368 .Nm skeyinit
3369 .Nd change password or add user to S/Key authentication system
3370 .Sh SYNOPSIS
3371 -.Nm skeyinit
3372 +.Nm
3373 +.Op Fl n Ar count
3374 .Op Fl s
3375 +.Op Fl t Ar hash
3376 .Op Fl z
3377 -.Op Fl n Ar count
3378 -.Oo
3379 -.Fl md4 | Fl md5 | Fl sha1 |
3380 -.Fl rmd160
3381 -.Oc
3382 .Op Ar user
3383 .Sh DESCRIPTION
3384 .Nm
3385 @@ -30,52 +26,17 @@
3386 .Nm
3387 requires you to type a secret password, so it should be used
3388 only on a secure terminal.
3389 -For example, on the console of a
3390 -workstation or over an encrypted network session.
3391 -If you are using
3392 -.Nm
3393 -while logged in over an untrusted network, follow the instructions
3394 -given below with the
3395 -.Fl s
3396 -option.
3397 -.Pp
3398 -Before initializing an S/Key entry, the user must authenticate
3399 -using either a standard password or an S/Key challenge.
3400 -When used over an untrusted network, a password of
3401 -.Sq s/key
3402 -should be used.
3403 -The user will then be presented with the standard
3404 -S/Key challenge and allowed to proceed if it is correct.
3405 -.Pp
3406 -The options are as follows:
3407 +.Sh OPTIONS
3408 .Bl -tag -width Ds
3409 -.It Fl x
3410 -Displays pass phrase in hexadecimal instead of ASCII.
3411 .It Fl s
3412 -Set secure mode where the user is expected to have used a secure
3413 -machine to generate the first one-time password.
3414 -Without the
3415 -.Fl s
3416 -option the system will assume you are directly connected over secure
3417 -communications and prompt you for your secret password.
3418 -The
3419 -.Fl s
3420 -option also allows one to set the seed and count for complete
3421 -control of the parameters.
3422 -You can use
3423 -.Ic skeyinit -s
3424 -in combination with the
3425 -.Nm skey
3426 -command to set the seed and count if you do not like the defaults.
3427 -To do this run
3428 -.Nm
3429 -in one window and put in your count and seed, then run
3430 -.Nm skey
3431 -in another window to generate the correct 6 English words for that
3432 -count and seed.
3433 -You can then "cut-and-paste" or type the words into the
3434 -.Nm
3435 -window.
3436 +allows the user to set the seed and count for complete control
3437 +of the parameters.
3438 +To do this run skeyinit in one window and put in your count and seed;
3439 +then run
3440 +.Xr skey 1
3441 +in another window to generate the correct 6 english words
3442 +for that count and seed.
3443 +You can then "cut-and-paste" or type the words into the skeyinit window.
3444 .It Fl z
3445 Allows the user to zero their S/Key entry.
3446 .It Fl n Ar count
3447 @@ -84,30 +45,22 @@
3448 sequence at
3449 .Ar count
3450 (default is 100).
3451 -.It Fl md4
3452 -Selects MD4 as the hash algorithm.
3453 -.It Fl md5
3454 -Selects MD5 as the hash algorithm.
3455 -.It Fl sha1
3456 -Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
3457 -.It Fl rmd160
3458 -Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
3459 +.It Fl t Ar hash
3460 +Selects the hash algorithm to use.
3461 +Available choices are md4 (the default), md5 or sha1.
3462 .It Ar user
3463 The username to be changed/added.
3464 -By default the current user is operated on.
3465 +By default the current user is operated on, only root may
3466 +change other user's entries.
3467 .El
3468 -.Sh ERRORS
3469 -.Bl -tag -width "skey disabled"
3470 -.It skey disabled
3471 -.Pa /etc/skeykeys
3472 -does not exist.
3473 -It must be created by the superuser in order to use
3474 -.Nm skeyinit .
3475 .Sh FILES
3476 -.Bl -tag -width /etc/skeykeys
3477 -.It Pa /etc/skeykeys
3478 -database of information for S/Key system
3479 +.Bl -tag -width /etc/skey/skeykeys
3480 +.It Pa /etc/skey/skeykeys
3481 +data base of information for S/Key system.
3482 +.El
3483 .Sh SEE ALSO
3484 -.Xr skey 1
3485 +.Xr skey 1 ,
3486 +.Xr skeyaudit 1 ,
3487 +.Xr skeyinfo 1
3488 .Sh AUTHORS
3489 Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
3490 --- skey-1.1.5.orig/skeyinit.c 2001-05-10 17:10:49.000000000 +0100
3491 +++ skey-1.1.5/skeyinit.c 2003-11-06 17:46:45.000000000 +0000
3492 @@ -43,6 +43,18 @@
3493
3494 #include <netdb.h>
3495
3496 +#ifdef HAVE_SHADOW_H
3497 +#include <shadow.h>
3498 +#endif
3499 +
3500 +#ifdef HAVE_CRACK_H
3501 +#include <crack.h>
3502 +#ifndef CRACKLIB_DICTPATH
3503 +#define CRACKLIB_DICTPATH "/usr/lib/cracklib_dict"
3504 +#endif
3505 +#endif
3506 +
3507 +#include "err.h"
3508 #include "skey.h"
3509
3510
3511 @@ -50,62 +62,80 @@
3512 #define SKEY_NAMELEN 4
3513 #endif
3514
3515 -void usage __P((char *));
3516 +int main __P((int, char **));
3517
3518 -int
3519 -main(argc, argv)
3520 - int argc;
3521 - char *argv[];
3522 +int main(int argc, char **argv)
3523 {
3524 - int rval, nn, i, l, n=0, defaultsetup=1, zerokey=0, hexmode=0;
3525 + int rval, nn, i, l, n=0, defaultsetup=1, c, zerokey=0, hexmode=0;
3526 time_t now;
3527 - struct utmp old_ut;
3528 -
3529 -#ifndef UT_LINESIZE
3530 -# define UT_LINESIZE (sizeof(old_ut.ut_line))
3531 -# define UT_NAMESIZE (sizeof(old_ut.ut_name))
3532 -# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
3533 -# endif
3534 -
3535 - char hostname[MAXHOSTNAMELEN];
3536 + char hostname[MAXHOSTNAMELEN+1];
3537 + char seed[SKEY_MAX_PW_LEN+2], key[SKEY_BINKEY_SIZE];
3538 + char defaultseed[SKEY_MAX_SEED_LEN+1];
3539 char passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2];
3540 - char seed[SKEY_MAX_SEED_LEN+2], defaultseed[SKEY_MAX_SEED_LEN+1];
3541 - char tbuf[27], buf[80], key[SKEY_BINKEY_SIZE];
3542 - char lastc, me[UT_NAMESIZE+1], *salt, *p, *pw, *ht=NULL;
3543 - struct skey skey;
3544 - struct passwd *pp;
3545 - struct tm *tm;
3546 + char tbuf[27], buf[80];
3547 + char lastc, me[LOGIN_NAME_MAX+1], *p, *pw, *ht=NULL, *msg;
3548 + const char *salt;
3549 + struct skey skey;
3550 + struct passwd *pp;
3551 + struct tm *tm;
3552 +#ifdef HAVE_SHADOW_H
3553 + struct spwd *sp;
3554 +#endif
3555 +
3556 + i = open(_PATH_DEVNULL, O_RDWR);
3557 + while (i >= 0 && i < 2)
3558 + i = dup(i);
3559 + if (i > 2)
3560 + close(i);
3561
3562 if (geteuid() != 0)
3563 errx(1, "must be setuid root.");
3564
3565 if (gethostname(hostname, sizeof(hostname)) < 0)
3566 - err(1, "gethostname");
3567 - for (i = 0, p = defaultseed; hostname[i] && i < SKEY_NAMELEN; i++) {
3568 - if (isalpha(hostname[i])) {
3569 - if (isupper(hostname[i]))
3570 - hostname[i] = tolower(hostname[i]);
3571 - *p++ = hostname[i];
3572 - } else if (isdigit(hostname[i]))
3573 - *p++ = hostname[i];
3574 + err(1, "gethostname() error");
3575 +
3576 + for (i = 0, l = 0; l < sizeof(defaultseed); i++) {
3577 + if (hostname[i] == '\0') {
3578 + defaultseed[l] = hostname[i];
3579 + break;
3580 + }
3581 + if (isalnum(hostname[i]))
3582 + defaultseed[l++] = hostname[i];
3583 }
3584 - *p = '\0';
3585 - (void)time(&now);
3586 - (void)sprintf(tbuf, "%05ld", (long) (now % 100000));
3587 - (void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
3588 +
3589 + defaultseed[SKEY_NAMELEN] = '\0';
3590 + time(&now);
3591 + snprintf(tbuf, sizeof(tbuf), "%05ld", (long) (now % 100000));
3592 + strncat(defaultseed, tbuf, sizeof(defaultseed));
3593
3594 if ((pp = getpwuid(getuid())) == NULL)
3595 - err(1, "no user with uid %d", getuid());
3596 - (void)strcpy(me, pp->pw_name);
3597 + err(1, "no user with uid %ld", (u_long)getuid());
3598 + strncpy(me, pp->pw_name, sizeof(me));
3599
3600 if ((pp = getpwnam(me)) == NULL)
3601 - err(1, "Who are you?");
3602 + err(1, "getpwnam() returned NULL, Who are you?");
3603 +#ifdef HAVE_SHADOW_H
3604 + /* hacking in shadow support... */
3605 + else if (strcmp(pp->pw_passwd, "x") == 0) {
3606 + if ((sp = getspnam(me)) == NULL)
3607 + err(1, "Unable to verify Password");
3608 + pp->pw_passwd = sp->sp_pwdp;
3609 + }
3610 +#endif
3611 salt = pp->pw_passwd;
3612
3613 - for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
3614 - if (argv[i][2] == '\0') {
3615 - /* Single character switch */
3616 - switch (argv[i][1]) {
3617 + while((c = getopt(argc, argv, "n:t:sxz")) != -1) {
3618 + switch(c) {
3619 + case 'n':
3620 + n = atoi(optarg);
3621 + if (n < 1 || n > SKEY_MAX_SEQ)
3622 + errx(1, "count must be between 1 and %d", SKEY_MAX_SEQ);
3623 + break;
3624 + case 't':
3625 + if(skey_set_algorithm(optarg) == NULL)
3626 + errx(1, "Unknown hash algorithm %s", optarg);
3627 + ht = optarg;
3628 + break;
3629 case 's':
3630 defaultsetup = 0;
3631 break;
3632 @@ -115,105 +145,51 @@
3633 case 'z':
3634 zerokey = 1;
3635 break;
3636 - case 'n':
3637 - if (argv[++i] == NULL || argv[i][0] == '\0')
3638 - usage(argv[0]);
3639 - if ((n = atoi(argv[i])) < 1 || n >= SKEY_MAX_SEQ)
3640 - errx(1, "count must be > 0 and < %d",
3641 - SKEY_MAX_SEQ);
3642 - break;
3643 default:
3644 - usage(argv[0]);
3645 - }
3646 - } else {
3647 - /* Multi character switches are hash types */
3648 - if ((ht = skey_set_algorithm(&argv[i][1])) == NULL) {
3649 - warnx("Unknown hash algorithm %s", &argv[i][1]);
3650 - usage(argv[0]);
3651 + errx(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [user]", argv[0]);
3652 }
3653 }
3654 - i++;
3655 - }
3656 +
3657 + if (argc > optind) {
3658 + pp = getpwnam(argv[optind]);
3659 + if (pp == NULL)
3660 + errx(1, "User %s unknown", argv[optind]);
3661 + }
3662
3663 - /* check for optional user string */
3664 - if (argc - i > 1) {
3665 - usage(argv[0]);
3666 - } else if (argv[i]) {
3667 - if ((pp = getpwnam(argv[i])) == NULL) {
3668 - if (getuid() == 0) {
3669 - static struct passwd _pp;
3670 -
3671 - _pp.pw_name = argv[i];
3672 - pp = &_pp;
3673 - warnx("Warning, user unknown: %s", argv[i]);
3674 - } else {
3675 - errx(1, "User unknown: %s", argv[i]);
3676 - }
3677 - } else if (strcmp(pp->pw_name, me) != 0) {
3678 + if (strcmp(pp->pw_name, me) != 0) {
3679 if (getuid() != 0) {
3680 /* Only root can change other's passwds */
3681 errx(1, "Permission denied.");
3682 }
3683 }
3684 - }
3685
3686 if (getuid() != 0) {
3687 - pw = getpass("Password (or `s/key'):");
3688 - if (strcasecmp(pw, "s/key") == 0) {
3689 - if (skey_haskey(me))
3690 - exit(1);
3691 - if (skey_authenticate(me))
3692 - errx(1, "Password incorrect.");
3693 - } else {
3694 - p = crypt(pw, salt);
3695 - if (strcmp(p, pp->pw_passwd))
3696 - errx(1, "Password incorrect.");
3697 - }
3698 + pw = getpass("Password: ");
3699 + p = crypt(pw, salt);
3700 + if (strcmp(p, pp->pw_passwd))
3701 + errx(1, "Password incorrect.");
3702 }
3703
3704 rval = skeylookup(&skey, pp->pw_name);
3705 switch (rval) {
3706 case -1:
3707 - if (errno == ENOENT)
3708 - errx(1, "S/Key disabled");
3709 - else
3710 - err(1, "cannot open database");
3711 - break;
3712 + err(1, "cannot open database");
3713 case 0:
3714 - /* comment out user if asked to */
3715 if (zerokey)
3716 - exit(skeyzero(&skey, pp->pw_name));
3717 + exit (skeyzero(&skey, pp->pw_name));
3718 + printf("[Updating %s]\n", pp->pw_name);
3719 + printf("Old key: [%s] %s\n", skey_get_algorithm(), skey.seed);
3720
3721 - (void)printf("[Updating %s]\n", pp->pw_name);
3722 - (void)printf("Old key: [%s] %s\n", skey_get_algorithm(),
3723 - skey.seed);
3724 -
3725 - /*
3726 - * Sanity check old seed.
3727 - */
3728 l = strlen(skey.seed);
3729 - for (p = skey.seed; *p; p++) {
3730 - if (isalpha(*p)) {
3731 - if (isupper(*p))
3732 - *p = tolower(*p);
3733 - } else if (!isdigit(*p)) {
3734 - memmove(p, p + 1, l - (p - skey.seed));
3735 - l--;
3736 - }
3737 - }
3738 -
3739 - /*
3740 - * Let's be nice if they have an skey.seed that
3741 - * ends in 0-8 just add one
3742 - */
3743 if (l > 0) {
3744 lastc = skey.seed[l - 1];
3745 - if (isdigit(lastc) && lastc != '9') {
3746 - (void)strcpy(defaultseed, skey.seed);
3747 + if (isdigit((unsigned char)lastc) && lastc != '9') {
3748 + strncpy(defaultseed, skey.seed, sizeof(defaultseed));
3749 defaultseed[l - 1] = lastc + 1;
3750 }
3751 - if (isdigit(lastc) && lastc == '9' && l < 16) {
3752 - (void)strcpy(defaultseed, skey.seed);
3753 + if (isdigit((unsigned char)lastc) && lastc == '9' &&
3754 + l < 16) {
3755 + strncpy(defaultseed, skey.seed, sizeof(defaultseed));
3756 defaultseed[l - 1] = '0';
3757 defaultseed[l] = '0';
3758 defaultseed[l + 1] = '\0';
3759 @@ -223,7 +199,7 @@
3760 case 1:
3761 if (zerokey)
3762 errx(1, "You have no entry to zero.");
3763 - (void)printf("[Adding %s]\n", pp->pw_name);
3764 + printf("[Adding %s]\n", pp->pw_name);
3765 break;
3766 }
3767 if (n == 0)
3768 @@ -237,37 +213,33 @@
3769 }
3770
3771 if (!defaultsetup) {
3772 - (void)printf("You need the 6 english words generated from the \"skey\" command.\n");
3773 + printf("You need the 6 english words generated from the \"skey\" command.\n");
3774 for (i = 0; ; i++) {
3775 if (i >= 2)
3776 exit(1);
3777
3778 - (void)printf("Enter sequence count from 1 to %d: ",
3779 - SKEY_MAX_SEQ);
3780 - (void)fgets(buf, sizeof(buf), stdin);
3781 + printf("Enter sequence count from 1 to %d: ", SKEY_MAX_SEQ);
3782 + fgets(buf, sizeof(buf), stdin);
3783 n = atoi(buf);
3784 if (n > 0 && n < SKEY_MAX_SEQ)
3785 break; /* Valid range */
3786 - (void)printf("Error: Count must be > 0 and < %d\n",
3787 - SKEY_MAX_SEQ);
3788 + printf("\nError: Count must be between 0 and %d\n", SKEY_MAX_SEQ);
3789 }
3790
3791 for (i = 0;; i++) {
3792 if (i >= 2)
3793 exit(1);
3794
3795 - (void)printf("Enter new key [default %s]: ",
3796 - defaultseed);
3797 - (void)fgets(seed, sizeof(seed), stdin);
3798 + printf("Enter new seed [default %s]: ", defaultseed);
3799 + fflush(stdout);
3800 + fgets(seed, sizeof(seed), stdin);
3801 rip(seed);
3802 - if (seed[0] == '\0')
3803 - (void)strcpy(seed, defaultseed);
3804 for (p = seed; *p; p++) {
3805 if (isalpha(*p)) {
3806 if (isupper(*p))
3807 *p = tolower(*p);
3808 } else if (!isdigit(*p)) {
3809 - (void)puts("Error: seed may only contain alpha numeric characters");
3810 + puts("Error: seed may only contain alpha numeric characters");
3811 break;
3812 }
3813 }
3814 @@ -275,66 +247,75 @@
3815 break; /* Valid seed */
3816 }
3817 if (strlen(seed) > SKEY_MAX_SEED_LEN) {
3818 - (void)printf("Notice: Seed truncated to %d characters.\n",
3819 - SKEY_MAX_SEED_LEN);
3820 + printf("Notice: Seed truncated to %d characters.\n", SKEY_MAX_SEED_LEN);
3821 seed[SKEY_MAX_SEED_LEN] = '\0';
3822 }
3823 + if (seed[0] == '\0')
3824 + strncpy(seed, defaultseed, sizeof(seed));
3825
3826 for (i = 0;; i++) {
3827 if (i >= 2)
3828 exit(1);
3829
3830 - (void)printf("otp-%s %d %s\nS/Key access password: ",
3831 + printf("otp-%s %d %s\ns/key access password: ",
3832 skey_get_algorithm(), n, seed);
3833 - (void)fgets(buf, sizeof(buf), stdin);
3834 + fgets(buf, sizeof(buf), stdin);
3835 rip(buf);
3836 backspace(buf);
3837
3838 if (buf[0] == '?') {
3839 - (void)puts("Enter 6 English words from secure S/Key calculation.");
3840 + puts("Enter 6 English words from secure s/key calculation.");
3841 continue;
3842 } else if (buf[0] == '\0')
3843 exit(1);
3844 if (etob(key, buf) == 1 || atob8(key, buf) == 0)
3845 break; /* Valid format */
3846 - (void)puts("Invalid format - try again with 6 English words.");
3847 + puts("Invalid format - try again with 6 English words.");
3848 }
3849 } else {
3850 /* Get user's secret password */
3851 - fputs("Reminder - Only use this method if you are directly connected\n or have an encrypted channel. If you are using telnet\n or rlogin, exit with no password and use skeyinit -s.\n", stderr);
3852 + puts("Reminder - Only use this method if you are directly connected\n"
3853 + "or have an encrypted channel. If you are using telnet\n"
3854 + "or rlogin, exit with no password and use skeyinit -s.\n");
3855
3856 for (i = 0;; i++) {
3857 - if (i > 2)
3858 + if (i >= 3)
3859 exit(1);
3860
3861 - (void)fputs("Enter secret password: ", stderr);
3862 + printf("Enter secret password: ");
3863 readpass(passwd, sizeof(passwd));
3864 if (passwd[0] == '\0')
3865 exit(1);
3866
3867 if (strlen(passwd) < SKEY_MIN_PW_LEN) {
3868 - (void)fprintf(stderr,
3869 - "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN);
3870 + fprintf(stderr,
3871 + "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN);
3872 continue;
3873 } else if (strcmp(passwd, pp->pw_name) == 0) {
3874 - (void)fputs("Your password may not be the same as your user name.\n", stderr);
3875 - continue;
3876 - } else if (strspn(passwd, "abcdefghijklmnopqrstuvwxyz") == strlen(passwd)) {
3877 - (void)fputs("Your password must contain more than just lower case letters.\nWhitespace, numbers, and puctuation are suggested.\n", stderr);
3878 + fputs("Your password may not be the same as your user name.\n", stderr);
3879 continue;
3880 + }
3881 +#ifdef HAVE_CRACK_H
3882 + if (msg = (char *) FascistCheck(passwd, CRACKLIB_DICTPATH)) {
3883 + warnx("Warning: %s", msg);
3884 + /* if (!i) */ /* reject passwords cracklib doesnt like the first time its entered... */
3885 + /* continue; */
3886 }
3887 +#endif
3888
3889 - (void)fputs("Again secret password: ", stderr);
3890 + printf("Again secret password: ");
3891 readpass(passwd2, sizeof(passwd));
3892 + if (passwd2[0] == '\0')
3893 + exit(1);
3894
3895 if (strcmp(passwd, passwd2) == 0)
3896 break;
3897
3898 - (void)fputs("Passwords do not match.\n", stderr);
3899 + puts("Passwords do not match.");
3900 }
3901
3902 /* Crunch seed and password into starting key */
3903 - (void)strcpy(seed, defaultseed);
3904 + strncpy(seed, defaultseed, sizeof(seed));
3905 if (keycrunch(key, seed, passwd) != 0)
3906 err(2, "key crunch failed");
3907
3908 @@ -342,16 +323,16 @@
3909 while (nn-- != 0)
3910 f(key);
3911 }
3912 - (void)time(&now);
3913 + time(&now);
3914 tm = localtime(&now);
3915 - (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
3916 + strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
3917
3918 if ((skey.val = (char *)malloc(16 + 1)) == NULL)
3919 err(1, "Can't allocate memory");
3920
3921 - /* Zero out old key if necesary (entry would change size) */
3922 + /* Zero out old key if necessary (entry would change size) */
3923 if (zerokey) {
3924 - (void)skeyzero(&skey, pp->pw_name);
3925 + skeyzero(&skey, pp->pw_name);
3926 /* Re-open keys file and seek to the end */
3927 if (skeylookup(&skey, pp->pw_name) == -1)
3928 err(1, "cannot open database");
3929 @@ -376,26 +357,17 @@
3930
3931 /* Don't save algorithm type for md4 (keep record length same) */
3932 if (strcmp(skey_get_algorithm(), "md4") == 0)
3933 - (void)fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
3934 + fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
3935 pp->pw_name, n, seed, skey.val, tbuf);
3936 else
3937 - (void)fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
3938 + fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
3939 pp->pw_name, skey_get_algorithm(), n, seed, skey.val, tbuf);
3940
3941 - (void)fclose(skey.keyfile);
3942 + fclose(skey.keyfile);
3943
3944 - (void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
3945 + printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
3946 skey_get_algorithm(), n, seed);
3947 - (void)printf("Next login password: %s\n\n",
3948 + printf("Next login password: %s\n\n",
3949 hexmode ? put8(buf, key) : btoe(buf, key));
3950 - exit(0);
3951 -}
3952 -
3953 -void
3954 -usage(s)
3955 - char *s;
3956 -{
3957 - (void)fprintf(stderr,
3958 - "Usage: %s [-s] [-x] [-z] [-n count] [-md4|-md5|-sha1|-rmd160] [user]\n", s);
3959 - exit(1);
3960 + return 0;
3961 }
3962 --- skey-1.1.5.orig/skeylogin.c 2001-05-10 17:10:49.000000000 +0100
3963 +++ skey-1.1.5/skeylogin.c 2003-11-06 17:46:45.000000000 +0000
3964 @@ -20,6 +20,7 @@
3965 #include <sys/quota.h>
3966 #endif
3967 #include <sys/stat.h>
3968 +#include <sys/file.h>
3969 #include <sys/time.h>
3970 #include <sys/resource.h>
3971 #include <sys/types.h>
3972 @@ -32,6 +33,7 @@
3973 #include <string.h>
3974 #include <time.h>
3975 #include <unistd.h>
3976 +#include <grp.h>
3977
3978 #include "config.h"
3979
3980 @@ -45,73 +47,85 @@
3981 #include "sha1.h"
3982 #endif
3983
3984 +#include "err.h"
3985 #include "skey.h"
3986
3987 -char *skipspace __P((char *));
3988 -int skeylookup __P((struct skey *, char *));
3989 +#define OTP_FMT "otp-%.*s %d %.*s"
3990
3991 /* Issue a skey challenge for user 'name'. If successful,
3992 - * fill in the caller's skey structure and return(0). If unsuccessful
3993 - * (e.g., if name is unknown) return(-1).
3994 + * fill in the caller's skey structure and return 0. If unsuccessful
3995 + * (e.g., if name is unknown) return -1.
3996 *
3997 * The file read/write pointer is left at the start of the
3998 * record.
3999 */
4000 -int
4001 -getskeyprompt(mp, name, prompt)
4002 - struct skey *mp;
4003 - char *name;
4004 - char *prompt;
4005 +int getskeyprompt(struct skey *mp, char *name, char *prompt)
4006 {
4007 int rval;
4008
4009 sevenbit(name);
4010 rval = skeylookup(mp, name);
4011 - (void)strcpy(prompt, "otp-md0 55 latour1\n");
4012 +
4013 + *prompt = '\0';
4014 switch (rval) {
4015 - case -1: /* File error */
4016 - return(-1);
4017 - case 0: /* Lookup succeeded, return challenge */
4018 - (void)sprintf(prompt, "otp-%.*s %d %.*s\n",
4019 - SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
4020 + case -1: /* File error */
4021 + return -1;
4022 + case 0: /* Lookup succeeded, return challenge */
4023 + sprintf(prompt, OTP_FMT "\n",
4024 + SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
4025 mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed);
4026 - return(0);
4027 - case 1: /* User not found */
4028 - (void)fclose(mp->keyfile);
4029 - return(-1);
4030 + return 0;
4031 + case 1: /* User not found */
4032 + fclose(mp->keyfile);
4033 + mp->keyfile = NULL;
4034 + return -1;
4035 }
4036 - return(-1); /* Can't happen */
4037 + return -1; /* Can't happen, never ever ever. ever. I'm serious. */
4038 }
4039
4040 /* Return a skey challenge string for user 'name'. If successful,
4041 - * fill in the caller's skey structure and return(0). If unsuccessful
4042 - * (e.g., if name is unknown) return(-1).
4043 + * fill in the caller's skey structure and return 0. If unsuccessful
4044 + * (e.g., if name is unknown) return -1.
4045 *
4046 * The file read/write pointer is left at the start of the
4047 * record.
4048 */
4049 -int
4050 -skeychallenge(mp, name, ss)
4051 - struct skey *mp;
4052 - char *name;
4053 - char *ss;
4054 +int skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen)
4055 {
4056 int rval;
4057
4058 rval = skeylookup(mp,name);
4059 + *ss = '\0';
4060 switch(rval){
4061 - case -1: /* File error */
4062 - return(-1);
4063 - case 0: /* Lookup succeeded, issue challenge */
4064 - (void)sprintf(ss, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN,
4065 + case -1: /* File error */
4066 + return -1;
4067 + case 0: /* Lookup succeeded, issue challenge */
4068 + snprintf(ss, sslen, OTP_FMT, SKEY_MAX_HASHNAME_LEN,
4069 skey_get_algorithm(), mp->n - 1,
4070 SKEY_MAX_SEED_LEN, mp->seed);
4071 - return(0);
4072 - case 1: /* User not found */
4073 - (void)fclose(mp->keyfile);
4074 - return(-1);
4075 + return 0;
4076 + case 1: /* User not found */
4077 + fclose(mp->keyfile);
4078 + mp->keyfile = NULL;
4079 + return -1;
4080 + }
4081 + return -1; /* Can't happen - or your money back */
4082 +}
4083 +
4084 +static FILE *openskey(void)
4085 +{
4086 + struct stat statbuf;
4087 + FILE *keyfile = NULL;
4088 +
4089 + if (stat(SKEYKEYS, &statbuf) == 0 &&
4090 + (keyfile = fopen(SKEYKEYS, "r+"))) {
4091 + if ((statbuf.st_mode & 0007777) != 0600)
4092 + fchmod(fileno(keyfile), 0600);
4093 + } else {
4094 + keyfile = NULL;
4095 }
4096 - return(-1); /* Can't happen */
4097 +
4098 + return keyfile;
4099 }
4100
4101 /* Find an entry in the One-time Password database.
4102 @@ -120,27 +134,19 @@
4103 * 0: entry found, file R/W pointer positioned at beginning of record
4104 * 1: entry not found, file R/W pointer positioned at EOF
4105 */
4106 -int
4107 -skeylookup(mp, name)
4108 - struct skey *mp;
4109 - char *name;
4110 +int skeylookup(struct skey *mp, const char *name)
4111 {
4112 int found = 0;
4113 long recstart = 0;
4114 - char *cp, *ht = NULL;
4115 - struct stat statbuf;
4116 -
4117 - /* Open SKEYKEYS if it exists, else return an error */
4118 - if (stat(SKEYKEYS, &statbuf) == 0 &&
4119 - (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) {
4120 - if ((statbuf.st_mode & 0007777) != 0600)
4121 - fchmod(fileno(mp->keyfile), 0600);
4122 - } else {
4123 - return(-1);
4124 - }
4125 + const char *ht = NULL;
4126 + char *last;
4127
4128 + if(!(mp->keyfile = openskey()))
4129 + return -1;
4130 +
4131 /* Look up user name in database */
4132 while (!feof(mp->keyfile)) {
4133 + char *cp;
4134 recstart = ftell(mp->keyfile);
4135 mp->recstart = recstart;
4136 if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
4137 @@ -148,22 +154,22 @@
4138 rip(mp->buf);
4139 if (mp->buf[0] == '#')
4140 continue; /* Comment */
4141 - if ((mp->logname = strtok(mp->buf, " \t")) == NULL)
4142 + if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
4143 continue;
4144 - if ((cp = strtok(NULL, " \t")) == NULL)
4145 + if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
4146 continue;
4147 /* Save hash type if specified, else use md4 */
4148 - if (isalpha(*cp)) {
4149 + if (isalpha((u_char) *cp)) {
4150 ht = cp;
4151 - if ((cp = strtok(NULL, " \t")) == NULL)
4152 + if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
4153 continue;
4154 } else {
4155 ht = "md4";
4156 }
4157 mp->n = atoi(cp);
4158 - if ((mp->seed = strtok(NULL, " \t")) == NULL)
4159 + if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
4160 continue;
4161 - if ((mp->val = strtok(NULL, " \t")) == NULL)
4162 + if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
4163 continue;
4164 if (strcmp(mp->logname, name) == 0) {
4165 found = 1;
4166 @@ -171,7 +177,7 @@
4167 }
4168 }
4169 if (found) {
4170 - (void)fseek(mp->keyfile, recstart, SEEK_SET);
4171 + fseek(mp->keyfile, recstart, SEEK_SET);
4172 /* Set hash type */
4173 if (ht && skey_set_algorithm(ht) == NULL) {
4174 warnx("Unknown hash algorithm %s, using %s", ht,
4175 @@ -189,27 +195,21 @@
4176 * 0: next entry found and stored in mp
4177 * 1: no more entries, file R/W pointer positioned at EOF
4178 */
4179 -int
4180 -skeygetnext(mp)
4181 - struct skey *mp;
4182 +int skeygetnext(struct skey *mp)
4183 {
4184 long recstart = 0;
4185 - char *cp;
4186 - struct stat statbuf;
4187 + char *last;
4188
4189 /* Open SKEYKEYS if it exists, else return an error */
4190 if (mp->keyfile == NULL) {
4191 - if (stat(SKEYKEYS, &statbuf) == 0 &&
4192 - (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) {
4193 - if ((statbuf.st_mode & 0007777) != 0600)
4194 - fchmod(fileno(mp->keyfile), 0600);
4195 - } else {
4196 - return(-1);
4197 - }
4198 + if(!(mp->keyfile = openskey()))
4199 + return -1;
4200 }
4201
4202 /* Look up next user in database */
4203 while (!feof(mp->keyfile)) {
4204 + char *cp;
4205 +
4206 recstart = ftell(mp->keyfile);
4207 mp->recstart = recstart;
4208 if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
4209 @@ -217,19 +217,19 @@
4210 rip(mp->buf);
4211 if (mp->buf[0] == '#')
4212 continue; /* Comment */
4213 - if ((mp->logname = strtok(mp->buf, " \t")) == NULL)
4214 + if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
4215 continue;
4216 - if ((cp = strtok(NULL, " \t")) == NULL)
4217 + if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
4218 continue;
4219 /* Save hash type if specified, else use md4 */
4220 - if (isalpha(*cp)) {
4221 - if ((cp = strtok(NULL, " \t")) == NULL)
4222 + if (isalpha((u_char) *cp)) {
4223 + if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
4224 continue;
4225 }
4226 mp->n = atoi(cp);
4227 - if ((mp->seed = strtok(NULL, " \t")) == NULL)
4228 + if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
4229 continue;
4230 - if ((mp->val = strtok(NULL, " \t")) == NULL)
4231 + if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
4232 continue;
4233 /* Got a real entry */
4234 break;
4235 @@ -246,10 +246,7 @@
4236 *
4237 * The database file is always closed by this call.
4238 */
4239 -int
4240 -skeyverify(mp, response)
4241 - struct skey *mp;
4242 - char *response;
4243 +int skeyverify(struct skey *mp, char *response)
4244 {
4245 char key[SKEY_BINKEY_SIZE];
4246 char fkey[SKEY_BINKEY_SIZE];
4247 @@ -257,29 +254,31 @@
4248 time_t now;
4249 struct tm *tm;
4250 char tbuf[27];
4251 - char *cp;
4252 + char *cp, *last;
4253 int i, rval;
4254
4255 time(&now);
4256 tm = localtime(&now);
4257 - (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
4258 + strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
4259
4260 if (response == NULL) {
4261 - (void)fclose(mp->keyfile);
4262 - return(-1);
4263 + fclose(mp->keyfile);
4264 + mp->keyfile = NULL;
4265 + return -1;
4266 }
4267 rip(response);
4268
4269 /* Convert response to binary */
4270 if (etob(key, response) != 1 && atob8(key, response) != 0) {
4271 /* Neither english words or ascii hex */
4272 - (void)fclose(mp->keyfile);
4273 - return(-1);
4274 + fclose(mp->keyfile);
4275 + mp->keyfile = NULL;
4276 + return -1;
4277 }
4278
4279 /* Compute fkey = f(key) */
4280 - (void)memcpy(fkey, key, sizeof(key));
4281 - (void)fflush(stdout);
4282 + memcpy(fkey, key, sizeof(key));
4283 + fflush(stdout);
4284 f(fkey);
4285
4286 /*
4287 @@ -298,26 +297,33 @@
4288 }
4289
4290 /* Reread the file record NOW */
4291 - (void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
4292 + fseek(mp->keyfile, mp->recstart, SEEK_SET);
4293 if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) {
4294 - (void)fclose(mp->keyfile);
4295 - return(-1);
4296 + fclose(mp->keyfile);
4297 + mp->keyfile = NULL;
4298 + return -1;
4299 }
4300 rip(mp->buf);
4301 - mp->logname = strtok(mp->buf, " \t");
4302 - cp = strtok(NULL, " \t") ;
4303 - if (isalpha(*cp))
4304 - cp = strtok(NULL, " \t") ;
4305 - mp->seed = strtok(NULL, " \t");
4306 - mp->val = strtok(NULL, " \t");
4307 + if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
4308 + goto verify_failure;
4309 + if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
4310 + goto verify_failure;
4311 + if (isalpha((u_char) *cp))
4312 + if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
4313 + goto verify_failure;
4314 + if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
4315 + goto verify_failure;
4316 + if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
4317 + goto verify_failure;
4318 /* And convert file value to hex for comparison */
4319 atob8(filekey, mp->val);
4320
4321 /* Do actual comparison */
4322 if (memcmp(filekey, fkey, SKEY_BINKEY_SIZE) != 0){
4323 /* Wrong response */
4324 - (void)fclose(mp->keyfile);
4325 - return(1);
4326 + fclose(mp->keyfile);
4327 + mp->keyfile = NULL;
4328 + return 1;
4329 }
4330
4331 /*
4332 @@ -327,19 +333,24 @@
4333 */
4334 btoa8(mp->val,key);
4335 mp->n--;
4336 - (void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
4337 + fseek(mp->keyfile, mp->recstart, SEEK_SET);
4338 /* Don't save algorithm type for md4 (keep record length same) */
4339 if (strcmp(skey_get_algorithm(), "md4") == 0)
4340 - (void)fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
4341 + fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
4342 mp->logname, mp->n, mp->seed, mp->val, tbuf);
4343 else
4344 - (void)fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
4345 + fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
4346 mp->logname, skey_get_algorithm(), mp->n,
4347 mp->seed, mp->val, tbuf);
4348
4349 - (void)fclose(mp->keyfile);
4350 -
4351 - return(0);
4352 + fclose(mp->keyfile);
4353 + mp->keyfile = NULL;
4354 + return 0;
4355 +
4356 + verify_failure:
4357 + fclose(mp->keyfile);
4358 + mp->keyfile = NULL;
4359 + return -1;
4360 }
4361
4362 /*
4363 @@ -348,13 +359,18 @@
4364 * Returns: 1 user doesnt exist, -1 fle error, 0 user exists.
4365 *
4366 */
4367 -int
4368 -skey_haskey(username)
4369 - char *username;
4370 +int skey_haskey(const char *username)
4371 {
4372 struct skey skey;
4373 + int i;
4374 +
4375 + i = skeylookup(&skey, username);
4376
4377 - return(skeylookup(&skey, username));
4378 + if (skey.keyfile != NULL) {
4379 + fclose(skey.keyfile);
4380 + skey.keyfile = NULL;
4381 + }
4382 + return i;
4383 }
4384
4385 /*
4386 @@ -364,19 +380,21 @@
4387 * seed for the passed user.
4388 *
4389 */
4390 -char *
4391 -skey_keyinfo(username)
4392 - char *username;
4393 +const char *skey_keyinfo(const char *username)
4394 {
4395 int i;
4396 static char str[SKEY_MAX_CHALLENGE];
4397 struct skey skey;
4398
4399 - i = skeychallenge(&skey, username, str);
4400 + i = skeychallenge(&skey, username, str, sizeof str);
4401 if (i == -1)
4402 - return(0);
4403 + return 0;
4404
4405 - return(str);
4406 + if (skey.keyfile != NULL) {
4407 + fclose(skey.keyfile);
4408 + skey.keyfile = NULL;
4409 + }
4410 + return str;
4411 }
4412
4413 /*
4414 @@ -388,40 +406,38 @@
4415 * Returns: 0 success, -1 failure
4416 *
4417 */
4418 -int
4419 -skey_passcheck(username, passwd)
4420 - char *username, *passwd;
4421 +int skey_passcheck(const char *username, char *passwd)
4422 {
4423 int i;
4424 struct skey skey;
4425
4426 i = skeylookup(&skey, username);
4427 if (i == -1 || i == 1)
4428 - return(-1);
4429 + return -1;
4430
4431 if (skeyverify(&skey, passwd) == 0)
4432 - return(skey.n);
4433 + return skey.n;
4434
4435 - return(-1);
4436 + return -1;
4437 }
4438
4439 +#if DO_FAKE_CHALLENGE
4440 #define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
4441 ((x)[3]))
4442
4443 /*
4444 * hash_collapse()
4445 */
4446 -static u_int32_t
4447 -hash_collapse(s)
4448 - u_char *s;
4449 +static u_int32_t hash_collapse(u_char *s)
4450 {
4451 - int len, target;
4452 + int len, target, slen;
4453 u_int32_t i;
4454 -
4455 - if ((strlen(s) % sizeof(u_int32_t)) == 0)
4456 - target = strlen(s); /* Multiple of 4 */
4457 +
4458 + slen = strlen((char *)s);
4459 + if ((slen % sizeof(u_int32_t)) == 0)
4460 + target = slen; /* Multiple of 4 */
4461 else
4462 - target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
4463 + target = slen - slen % sizeof(u_int32_t);
4464
4465 for (i = 0, len = 0; len < target; len += 4)
4466 i ^= ROUND(s + len);
4467 @@ -429,6 +445,8 @@
4468 return i;
4469 }
4470
4471 +#endif
4472 +
4473 /*
4474 * skey_authenticate()
4475 *
4476 @@ -438,22 +456,22 @@
4477 * Returns: 0 success, -1 failure
4478 *
4479 */
4480 -int
4481 -skey_authenticate(username)
4482 - char *username;
4483 +int skey_authenticate(const char *username)
4484 {
4485 int i;
4486 + char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
4487 + struct skey skey;
4488 +#if DO_FAKE_CHALLENGE
4489 u_int ptr;
4490 u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
4491 - char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
4492 - char *secret;
4493 size_t secretlen;
4494 - struct skey skey;
4495 SHA1_CTX ctx;
4496 -
4497 +#endif
4498 +
4499 /* Attempt an S/Key challenge */
4500 - i = skeychallenge(&skey, username, skeyprompt);
4501 + i = skeychallenge(&skey, username, skeyprompt, sizeof skeyprompt);
4502
4503 +#if DO_FAKE_CHALLENGE
4504 /* Cons up a fake prompt if no entry in keys file */
4505 if (i != 0) {
4506 char *p, *u;
4507 @@ -465,11 +483,11 @@
4508 if (gethostname(pbuf, sizeof(pbuf)) == -1)
4509 *(p = pbuf) = '.';
4510 else
4511 - for (p = pbuf; *p && isalnum(*p); p++)
4512 - if (isalpha(*p) && isupper(*p))
4513 - *p = tolower(*p);
4514 + for (p = pbuf; *p && isalnum((u_char)*p); p++)
4515 + if (isalpha((u_char)*p) && isupper((u_char)*p))
4516 + *p = tolower((u_char)*p);
4517 if (*p && pbuf - p < 4)
4518 - (void)strncpy(p, "asjd", 4 - (pbuf - p));
4519 + strncpy(p, "asjd", 4 - (pbuf - p));
4520 pbuf[4] = '\0';
4521
4522 /* Hash the username if possible */
4523 @@ -490,6 +508,7 @@
4524 SEEK_SET) != -1 && read(fd, hseed,
4525 SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
4526 close(fd);
4527 + fd = -1;
4528 secret = hseed;
4529 secretlen = SKEY_MAX_SEED_LEN;
4530 flg = 0;
4531 @@ -499,6 +518,8 @@
4532 secretlen = strlen(secret);
4533 flg = 0;
4534 }
4535 + if (fd != -1)
4536 + close(fd);
4537 }
4538
4539 /* Put that in your pipe and smoke it */
4540 @@ -531,7 +552,7 @@
4541 memset(up, 0, 20); /* SHA1 specific */
4542 free(up);
4543
4544 - (void)sprintf(skeyprompt,
4545 + sprintf(skeyprompt,
4546 "otp-%.*s %d %.*s",
4547 SKEY_MAX_HASHNAME_LEN,
4548 skey_get_algorithm(),
4549 @@ -554,29 +575,30 @@
4550 } while (--i != 0);
4551 pbuf[12] = '\0';
4552
4553 - (void)sprintf(skeyprompt, "otp-%.*s %d %.*s",
4554 + sprintf(skeyprompt, "otp-%.*s %d %.*s",
4555 SKEY_MAX_HASHNAME_LEN,
4556 skey_get_algorithm(),
4557 99, SKEY_MAX_SEED_LEN, pbuf);
4558 }
4559 }
4560 +#endif
4561
4562 - (void)fprintf(stderr, "%s\n", skeyprompt);
4563 - (void)fflush(stderr);
4564 + fprintf(stderr, "[%s]\n", skeyprompt);
4565 + fflush(stderr);
4566
4567 - (void)fputs("Response: ", stderr);
4568 + fputs("Response: ", stderr);
4569 readskey(pbuf, sizeof(pbuf));
4570
4571 /* Is it a valid response? */
4572 if (i == 0 && skeyverify(&skey, pbuf) == 0) {
4573 if (skey.n < 5) {
4574 - (void)fprintf(stderr,
4575 + fprintf(stderr,
4576 "\nWarning! Key initialization needed soon. (%d logins left)\n",
4577 skey.n);
4578 }
4579 - return(0);
4580 + return 0;
4581 }
4582 - return(-1);
4583 + return -1;
4584 }
4585
4586 /* Comment out user's entry in the s/key database
4587 @@ -587,22 +609,21 @@
4588 *
4589 * The database file is always closed by this call.
4590 */
4591 -int
4592 -skeyzero(mp, response)
4593 - struct skey *mp;
4594 - char *response;
4595 +int skeyzero(struct skey *mp, char *response)
4596 {
4597 /*
4598 * Seek to the right place and write comment character
4599 * which effectively zero's out the entry.
4600 */
4601 - (void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
4602 + fseek(mp->keyfile, mp->recstart, SEEK_SET);
4603 if (fputc('#', mp->keyfile) == EOF) {
4604 fclose(mp->keyfile);
4605 - return(-1);
4606 + mp->keyfile = NULL;
4607 + return -1;
4608 }
4609
4610 - (void)fclose(mp->keyfile);
4611 + fclose(mp->keyfile);
4612 + mp->keyfile = NULL;
4613
4614 - return(0);
4615 + return 0;
4616 }
4617 --- skey-1.1.5.orig/skeyprune.8 2001-05-10 17:10:49.000000000 +0100
4618 +++ skey-1.1.5/skeyprune.8 2003-11-06 17:46:45.000000000 +0000
4619 @@ -13,7 +13,7 @@
4620 .Sh DESCRIPTION
4621 .Nm skeyprune
4622 searches through the file
4623 -.Dq Pa /etc/skeykeys
4624 +.Dq Pa /etc/skey/skeykeys
4625 and prunes out users who have zeroed their entries via
4626 .Xr skeyinit 1
4627 as well as entries that have not been modified in
4628 @@ -22,8 +22,8 @@
4629 .Ar days
4630 is not specified only commented out entries are pruned.
4631 .Sh FILES
4632 -.Bl -tag -width /etc/skeykeys -compact
4633 -.It Pa /etc/skeykeys
4634 +.Bl -tag -width /etc/skey/skeykeys -compact
4635 +.It Pa /etc/skey/skeykeys
4636 S/Key key information database
4637 .El
4638 .Sh SEE ALSO
4639 @@ -33,7 +33,7 @@
4640 Since
4641 .Nm skeyprune
4642 rewrites
4643 -.Dq Pa /etc/skeykeys ,
4644 +.Dq Pa /etc/skey/skeykeys ,
4645 there is a window where S/Key changes could get lost.
4646 It is therefore suggested that
4647 .Nm skeyprune
4648 --- skey-1.1.5.orig/skeysubr.c 2001-05-10 17:10:49.000000000 +0100
4649 +++ skey-1.1.5/skeysubr.c 2003-11-06 17:46:45.000000000 +0000
4650 @@ -40,30 +40,26 @@
4651 #else
4652 #include "sha1.h"
4653 #endif
4654 -#ifdef HAVE_RMD160_H
4655 -#include <rmd160.h>
4656 -#else
4657 -#include "rmd160.h"
4658 -#endif
4659
4660 #include "skey.h"
4661
4662 /* Default hash function to use (index into skey_hash_types array) */
4663 #ifndef SKEY_HASH_DEFAULT
4664 -#define SKEY_HASH_DEFAULT 1
4665 +#define SKEY_HASH_DEFAULT 0 /*MD4*/
4666 #endif
4667
4668 -static void f_md4 __P((char *x));
4669 -static void f_md5 __P((char *x));
4670 -static void f_sha1 __P((char *x));
4671 -static void f_rmd160 __P((char *x));
4672 -static int keycrunch_md4 __P((char *result, char *seed, char *passwd));
4673 -static int keycrunch_md5 __P((char *result, char *seed, char *passwd));
4674 -static int keycrunch_sha1 __P((char *result, char *seed, char *passwd));
4675 -static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd));
4676 -static void lowcase __P((char *s));
4677 -static void skey_echo __P((int action));
4678 -static void trapped __P((int sig));
4679 +static void f_md4 __P((char *));
4680 +static void f_md5 __P((char *));
4681 +static void f_sha1 __P((char *));
4682 +/* static void f_rmd160 __P((char *x)); */
4683 +static int keycrunch_md4 __P((char *, const char *, const char *));
4684 +static int keycrunch_md5 __P((char *, const char *, const char *));
4685 +static int keycrunch_sha1 __P((char *, const char *, const char *));
4686 +/* static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); */
4687 +static void lowcase __P((char *));
4688 +static void skey_echo __P((int));
4689 +static void trapped __P((int));
4690 +static char *mkseedpassword(const char *, const char *, size_t *);
4691
4692 /* Current hash type (index into skey_hash_types array) */
4693 static int skey_hash_type = SKEY_HASH_DEFAULT;
4694 @@ -72,17 +68,16 @@
4695 * Hash types we support.
4696 * Each has an associated keycrunch() and f() function.
4697 */
4698 -#define SKEY_ALGORITH_LAST 4
4699 struct skey_algorithm_table {
4700 const char *name;
4701 - int (*keycrunch) (char *, char *, char *);
4702 - void (*f) (char *);
4703 + int (*keycrunch) __P((char *, const char *, const char *));
4704 + void (*f) __P((char *));
4705 };
4706 static struct skey_algorithm_table skey_algorithm_table[] = {
4707 { "md4", keycrunch_md4, f_md4 },
4708 { "md5", keycrunch_md5, f_md5 },
4709 { "sha1", keycrunch_sha1, f_sha1 },
4710 - { "rmd160", keycrunch_rmd160, f_rmd160 }
4711 + { NULL }
4712 };
4713
4714
4715 @@ -91,242 +86,172 @@
4716 * concatenate the seed and the password, run through MD4/5 and
4717 * collapse to 64 bits. This is defined as the user's starting key.
4718 */
4719 -int
4720 -keycrunch(result, seed, passwd)
4721 - char *result; /* SKEY_BINKEY_SIZE result */
4722 - char *seed; /* Seed, any length */
4723 - char *passwd; /* Password, any length */
4724 +int keycrunch(char *result, const char *seed, const char *passwd)
4725 {
4726 return(skey_algorithm_table[skey_hash_type].keycrunch(result, seed, passwd));
4727 }
4728
4729 -static int
4730 -keycrunch_md4(result, seed, passwd)
4731 - char *result; /* SKEY_BINKEY_SIZE result */
4732 - char *seed; /* Seed, any length */
4733 - char *passwd; /* Password, any length */
4734 +static char *mkseedpassword(const char *seed, const char *passwd, size_t *buflen)
4735 {
4736 char *buf;
4737 - MD4_CTX md;
4738 - u_int32_t results[4];
4739 - unsigned int buflen;
4740
4741 - buflen = strlen(seed) + strlen(passwd);
4742 - if ((buf = (char *)malloc(buflen+1)) == NULL)
4743 - return(-1);
4744 - (void)strcpy(buf, seed);
4745 + *buflen = strlen(seed) + strlen(passwd);
4746 + if ((buf = (char *) malloc(*buflen + 1)) == NULL)
4747 + return NULL;
4748 + strcpy(buf, seed);
4749 lowcase(buf);
4750 - (void)strcat(buf, passwd);
4751 + strcat(buf, passwd);
4752 + sevenbit(buf);
4753 +
4754 + return buf;
4755 +}
4756
4757 +static int keycrunch_md4(char *result, const char *seed, const char *passwd)
4758 +{
4759 + char *buf;
4760 + MD4_CTX md;
4761 + size_t buflen;
4762 + u_int32_t results[4];
4763 +
4764 + if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
4765 + return -1;
4766 +
4767 /* Crunch the key through MD4 */
4768 - sevenbit(buf);
4769 MD4Init(&md);
4770 MD4Update(&md, (unsigned char *)buf, buflen);
4771 - MD4Final((unsigned char *)results, &md);
4772 - (void)free(buf);
4773 + MD4Final((unsigned char *) (void *) results, &md);
4774 + free(buf);
4775
4776 /* Fold result from 128 to 64 bits */
4777 results[0] ^= results[2];
4778 results[1] ^= results[3];
4779
4780 - (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
4781 + memcpy(result, results, SKEY_BINKEY_SIZE);
4782
4783 - return(0);
4784 + return 0;
4785 }
4786
4787 -static int
4788 -keycrunch_md5(result, seed, passwd)
4789 - char *result; /* SKEY_BINKEY_SIZE result */
4790 - char *seed; /* Seed, any length */
4791 - char *passwd; /* Password, any length */
4792 +static int keycrunch_md5(char *result, const char *seed, const char *passwd)
4793 {
4794 char *buf;
4795 MD5_CTX md;
4796 u_int32_t results[4];
4797 - unsigned int buflen;
4798 + size_t buflen;
4799
4800 - buflen = strlen(seed) + strlen(passwd);
4801 - if ((buf = (char *)malloc(buflen+1)) == NULL)
4802 - return(-1);
4803 - (void)strcpy(buf, seed);
4804 - lowcase(buf);
4805 - (void)strcat(buf, passwd);
4806 + if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
4807 + return -1;
4808
4809 /* Crunch the key through MD5 */
4810 - sevenbit(buf);
4811 MD5Init(&md);
4812 MD5Update(&md, (unsigned char *)buf, buflen);
4813 - MD5Final((unsigned char *)results, &md);
4814 - (void)free(buf);
4815 + MD5Final((unsigned char *) (void *)results, &md);
4816 + free(buf);
4817
4818 /* Fold result from 128 to 64 bits */
4819 results[0] ^= results[2];
4820 results[1] ^= results[3];
4821
4822 - (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
4823 + memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
4824
4825 return(0);
4826 }
4827
4828 -static int
4829 -keycrunch_sha1(result, seed, passwd)
4830 - char *result; /* SKEY_BINKEY_SIZE result */
4831 - char *seed; /* Seed, any length */
4832 - char *passwd; /* Password, any length */
4833 +static int keycrunch_sha1(char *result, const char *seed, const char *passwd)
4834 {
4835 char *buf;
4836 SHA1_CTX sha;
4837 - u_int32_t results[5];
4838 - unsigned int buflen;
4839 -
4840 - buflen = strlen(seed) + strlen(passwd);
4841 - if ((buf = (char *)malloc(buflen+1)) == NULL)
4842 - return(-1);
4843 - (void)strcpy(buf, seed);
4844 - lowcase(buf);
4845 - (void)strcat(buf, passwd);
4846 + size_t buflen;
4847 + int i, j;
4848
4849 + if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
4850 + return -1;
4851 +
4852 /* Crunch the key through SHA1 */
4853 - sevenbit(buf);
4854 SHA1Init(&sha);
4855 SHA1Update(&sha, (unsigned char *)buf, buflen);
4856 - SHA1Final((unsigned char *)results, &sha);
4857 - (void)free(buf);
4858 + SHA1Final(NULL, &sha);
4859 + free(buf);
4860
4861 /* Fold 160 to 64 bits */
4862 - results[0] ^= results[2];
4863 - results[1] ^= results[3];
4864 - results[0] ^= results[4];
4865 -
4866 - (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
4867 -
4868 - return(0);
4869 -}
4870 -
4871 -static int
4872 -keycrunch_rmd160(result, seed, passwd)
4873 - char *result; /* SKEY_BINKEY_SIZE result */
4874 - char *seed; /* Seed, any length */
4875 - char *passwd; /* Password, any length */
4876 -{
4877 - char *buf;
4878 - RMD160_CTX rmd;
4879 - u_int32_t results[5];
4880 - unsigned int buflen;
4881 -
4882 - buflen = strlen(seed) + strlen(passwd);
4883 - if ((buf = (char *)malloc(buflen+1)) == NULL)
4884 - return(-1);
4885 - (void)strcpy(buf, seed);
4886 - lowcase(buf);
4887 - (void)strcat(buf, passwd);
4888 -
4889 - /* Crunch the key through RMD-160 */
4890 - sevenbit(buf);
4891 - RMD160Init(&rmd);
4892 - RMD160Update(&rmd, (unsigned char *)buf, buflen);
4893 - RMD160Final((unsigned char *)results, &rmd);
4894 - (void)free(buf);
4895 -
4896 - /* Fold 160 to 64 bits */
4897 - results[0] ^= results[2];
4898 - results[1] ^= results[3];
4899 - results[0] ^= results[4];
4900 -
4901 - (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
4902 + sha.state[0] ^= sha.state[2];
4903 + sha.state[1] ^= sha.state[3];
4904 + sha.state[0] ^= sha.state[4];
4905 +
4906 + for (i=j=0; j<8; i++, j+=4) {
4907 + result[j] = (unsigned char)(sha.state[i] & 0xff);
4908 + result[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff);
4909 + result[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff);
4910 + result[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff);
4911 + }
4912
4913 - return(0);
4914 + return 0;
4915 }
4916
4917 /*
4918 * The one-way function f().
4919 * Takes SKEY_BINKEY_SIZE bytes and returns SKEY_BINKEY_SIZE bytes in place.
4920 */
4921 -void
4922 -f(x)
4923 - char *x;
4924 +void f(char *x)
4925 {
4926 skey_algorithm_table[skey_hash_type].f(x);
4927 }
4928
4929 -static void
4930 -f_md4(x)
4931 - char *x;
4932 +static void f_md4(char *x)
4933 {
4934 MD4_CTX md;
4935 u_int32_t results[4];
4936
4937 MD4Init(&md);
4938 MD4Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
4939 - MD4Final((unsigned char *)results, &md);
4940 + MD4Final((unsigned char *) (void *) results, &md);
4941
4942 /* Fold 128 to 64 bits */
4943 results[0] ^= results[2];
4944 results[1] ^= results[3];
4945
4946 - (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
4947 + memcpy(x, results, SKEY_BINKEY_SIZE);
4948 }
4949
4950 -static void
4951 -f_md5(x)
4952 - char *x;
4953 +static void f_md5(char *x)
4954 {
4955 MD5_CTX md;
4956 u_int32_t results[4];
4957
4958 MD5Init(&md);
4959 MD5Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
4960 - MD5Final((unsigned char *)results, &md);
4961 + MD5Final((unsigned char *) (void *) results, &md);
4962
4963 /* Fold 128 to 64 bits */
4964 results[0] ^= results[2];
4965 results[1] ^= results[3];
4966
4967 - (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
4968 + memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
4969 }
4970
4971 -static void
4972 -f_sha1(x)
4973 - char *x;
4974 +static void f_sha1(char *x)
4975 {
4976 SHA1_CTX sha;
4977 - u_int32_t results[5];
4978 + int i, j;
4979
4980 SHA1Init(&sha);
4981 SHA1Update(&sha, (unsigned char *)x, SKEY_BINKEY_SIZE);
4982 - SHA1Final((unsigned char *)results, &sha);
4983 + SHA1Final(NULL, &sha);
4984
4985 /* Fold 160 to 64 bits */
4986 - results[0] ^= results[2];
4987 - results[1] ^= results[3];
4988 - results[0] ^= results[4];
4989 -
4990 - (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
4991 -}
4992 -
4993 -static void
4994 -f_rmd160(x)
4995 - char *x;
4996 -{
4997 - RMD160_CTX rmd;
4998 - u_int32_t results[5];
4999 -
5000 - RMD160Init(&rmd);
5001 - RMD160Update(&rmd, (unsigned char *)x, SKEY_BINKEY_SIZE);
5002 - RMD160Final((unsigned char *)results, &rmd);
5003 -
5004 - /* Fold 160 to 64 bits */
5005 - results[0] ^= results[2];
5006 - results[1] ^= results[3];
5007 - results[0] ^= results[4];
5008 -
5009 - (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
5010 + sha.state[0] ^= sha.state[2];
5011 + sha.state[1] ^= sha.state[3];
5012 + sha.state[0] ^= sha.state[4];
5013 +
5014 + for (i=j=0; j<8; i++, j+=4) {
5015 + x[j] = (unsigned char)(sha.state[i] & 0xff);
5016 + x[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff);
5017 + x[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff);
5018 + x[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff);
5019 + }
5020 }
5021
5022 /* Strip trailing cr/lf from a line of text */
5023 -void
5024 -rip(buf)
5025 - char *buf;
5026 +void rip(char *buf)
5027 {
5028 buf += strcspn(buf, "\r\n");
5029
5030 @@ -335,12 +260,9 @@
5031 }
5032
5033 /* Read in secret password (turns off echo) */
5034 -char *
5035 -readpass(buf, n)
5036 - char *buf;
5037 - int n;
5038 +char *readpass(char *buf, int n)
5039 {
5040 - void (*old_handler) ();
5041 + void *old_handler;
5042
5043 /* Turn off echoing */
5044 skey_echo(0);
5045 @@ -348,131 +270,114 @@
5046 /* Catch SIGINT and save old signal handler */
5047 old_handler = signal(SIGINT, trapped);
5048
5049 - (void)fgets(buf, n, stdin);
5050 + fgets(buf, n, stdin);
5051 rip(buf);
5052
5053 - (void)putc('\n', stderr);
5054 - (void)fflush(stderr);
5055 + putc('\n', stderr);
5056 + fflush(stderr);
5057
5058 /* Restore signal handler and turn echo back on */
5059 if (old_handler != SIG_ERR)
5060 - (void)signal(SIGINT, old_handler);
5061 + signal(SIGINT, old_handler);
5062 skey_echo(1);
5063
5064 sevenbit(buf);
5065
5066 - return(buf);
5067 + return buf;
5068 }
5069
5070 /* Read in an s/key OTP (does not turn off echo) */
5071 -char *
5072 -readskey(buf, n)
5073 - char *buf;
5074 - int n;
5075 +char *readskey(char *buf, int n)
5076 {
5077 - (void)fgets(buf, n, stdin);
5078 + fgets(buf, n, stdin);
5079 rip(buf);
5080
5081 sevenbit(buf);
5082
5083 - return(buf);
5084 + return buf;
5085 }
5086
5087 /* Signal handler for trapping ^C */
5088 -static void
5089 -trapped(sig)
5090 - int sig;
5091 +static void trapped(int sig)
5092 {
5093 - (void)fputs("^C\n", stderr);
5094 - (void)fflush(stderr);
5095 + fputs("^C\n", stderr);
5096 + fflush(stderr);
5097
5098 - /* Turn on echo if necesary */
5099 + /* Turn on echo if necemassary */
5100 skey_echo(1);
5101
5102 - exit(-1);
5103 + exit(1);
5104 }
5105
5106 /*
5107 * Convert 8-byte hex-ascii string to binary array
5108 * Returns 0 on success, -1 on error
5109 */
5110 -int
5111 -atob8(out, in)
5112 - register char *out;
5113 - register char *in;
5114 +int atob8(char *out, const char *in)
5115 {
5116 - register int i;
5117 - register int val;
5118 + int i;
5119 + int val;
5120
5121 if (in == NULL || out == NULL)
5122 - return(-1);
5123 + return -1;
5124
5125 for (i=0; i < 8; i++) {
5126 if ((in = skipspace(in)) == NULL)
5127 - return(-1);
5128 + return -1;
5129 if ((val = htoi(*in++)) == -1)
5130 - return(-1);
5131 + return -1;
5132 *out = val << 4;
5133
5134 if ((in = skipspace(in)) == NULL)
5135 - return(-1);
5136 + return -1;
5137 if ((val = htoi(*in++)) == -1)
5138 - return(-1);
5139 + return -1;
5140 *out++ |= val;
5141 }
5142 - return(0);
5143 + return 0;
5144 }
5145
5146 /* Convert 8-byte binary array to hex-ascii string */
5147 -int
5148 -btoa8(out, in)
5149 - register char *out;
5150 - register char *in;
5151 +int btoa8(char *out, const char *in)
5152 {
5153 - register int i;
5154 + int i;
5155
5156 if (in == NULL || out == NULL)
5157 - return(-1);
5158 + return -1;
5159
5160 for (i=0; i < 8; i++) {
5161 - (void)sprintf(out, "%02x", *in++ & 0xff);
5162 + sprintf(out, "%02x", *in++ & 0xff);
5163 out += 2;
5164 }
5165 - return(0);
5166 + return 0;
5167 }
5168
5169 /* Convert hex digit to binary integer */
5170 -int
5171 -htoi(c)
5172 - register int c;
5173 +int htoi(int c)
5174 {
5175 if ('0' <= c && c <= '9')
5176 - return(c - '0');
5177 + return c - '0';
5178 if ('a' <= c && c <= 'f')
5179 - return(10 + c - 'a');
5180 + return 10 + c - 'a';
5181 if ('A' <= c && c <= 'F')
5182 - return(10 + c - 'A');
5183 - return(-1);
5184 + return 10 + c - 'A';
5185 + return -1;
5186 }
5187
5188 /* Skip leading spaces from the string */
5189 -char *
5190 -skipspace(cp)
5191 - register char *cp;
5192 +const char *skipspace(const char *cp)
5193 {
5194 while (*cp == ' ' || *cp == '\t')
5195 cp++;
5196
5197 if (*cp == '\0')
5198 - return(NULL);
5199 + return NULL;
5200 else
5201 - return(cp);
5202 + return cp;
5203 }
5204
5205 /* Remove backspaced over characters from the string */
5206 -void
5207 -backspace(buf)
5208 - char *buf;
5209 +void backspace(char *buf)
5210 {
5211 char bs = 0x8;
5212 char *cp = buf;
5213 @@ -496,77 +401,68 @@
5214 }
5215
5216 /* Make sure line is all seven bits */
5217 -void
5218 -sevenbit(s)
5219 - char *s;
5220 +void sevenbit(char *s)
5221 {
5222 while (*s)
5223 *s++ &= 0x7f;
5224 }
5225
5226 /* Set hash algorithm type */
5227 -char *
5228 -skey_set_algorithm(new)
5229 - char *new;
5230 +const char *skey_set_algorithm(const char *new)
5231 {
5232 int i;
5233
5234 - for (i = 0; i < SKEY_ALGORITH_LAST; i++) {
5235 + for (i = 0; skey_algorithm_table[i].name; i++) {
5236 if (strcmp(new, skey_algorithm_table[i].name) == 0) {
5237 skey_hash_type = i;
5238 - return(new);
5239 + return new;
5240 }
5241 }
5242
5243 - return(NULL);
5244 + return NULL;
5245 }
5246
5247 /* Get current hash type */
5248 -const char *
5249 -skey_get_algorithm()
5250 +const char *skey_get_algorithm()
5251 {
5252 return(skey_algorithm_table[skey_hash_type].name);
5253 }
5254
5255 /* Turn echo on/off */
5256 -static void
5257 -skey_echo(action)
5258 - int action;
5259 +static void skey_echo(int action)
5260 {
5261 static struct termios term;
5262 static int echo = 0;
5263
5264 if (action == 0) {
5265 /* Turn echo off */
5266 - (void) tcgetattr(fileno(stdin), &term);
5267 + tcgetattr(fileno(stdin), &term);
5268 if ((echo = (term.c_lflag & ECHO))) {
5269 term.c_lflag &= ~ECHO;
5270 #ifdef TCSASOFT
5271 - (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
5272 + tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
5273 #else
5274 - (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term);
5275 + tcsetattr(fileno(stdin), TCSAFLUSH, &term);
5276 #endif
5277 }
5278 } else if (action && echo) {
5279 /* Turn echo on */
5280 term.c_lflag |= ECHO;
5281 #ifdef TCSASOFT
5282 - (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
5283 + tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
5284 #else
5285 - (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term);
5286 + tcsetattr(fileno(stdin), TCSAFLUSH, &term);
5287 #endif
5288 echo = 0;
5289 }
5290 }
5291
5292 /* Convert string to lower case */
5293 -static void
5294 -lowcase(s)
5295 - char *s;
5296 +static void lowcase(char *s)
5297 {
5298 - char *p;
5299 + u_char *p;
5300
5301 - for (p = s; *p; p++)
5302 + for (p = (u_char *) s; *p; p++)
5303 if (isupper(*p))
5304 *p = tolower(*p);
5305 }
5306 --- skey-1.1.5.orig/strlcpy.c 2001-05-10 17:10:49.000000000 +0100
5307 +++ skey-1.1.5/strlcpy.c 1970-01-01 01:00:00.000000000 +0100
5308 @@ -1,72 +0,0 @@
5309 -/* $OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $ */
5310 -
5311 -/*
5312 - * Copyright (c) 1998 Todd C. Miller <Todd.Miller@×××××××××.com>
5313 - * All rights reserved.
5314 - *
5315 - * Redistribution and use in source and binary forms, with or without
5316 - * modification, are permitted provided that the following conditions
5317 - * are met:
5318 - * 1. Redistributions of source code must retain the above copyright
5319 - * notice, this list of conditions and the following disclaimer.
5320 - * 2. Redistributions in binary form must reproduce the above copyright
5321 - * notice, this list of conditions and the following disclaimer in the
5322 - * documentation and/or other materials provided with the distribution.
5323 - * 3. The name of the author may not be used to endorse or promote products
5324 - * derived from this software without specific prior written permission.
5325 - *
5326 - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
5327 - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
5328 - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
5329 - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
5330 - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
5331 - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
5332 - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
5333 - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
5334 - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
5335 - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
5336 - */
5337 -#include "config.h"
5338 -#ifndef HAVE_STRLCPY
5339 -
5340 -#if defined(LIBC_SCCS) && !defined(lint)
5341 -static char *rcsid = "$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $";
5342 -#endif /* LIBC_SCCS and not lint */
5343 -
5344 -#include <sys/types.h>
5345 -#include <string.h>
5346 -
5347 -/*
5348 - * Copy src to string dst of size siz. At most siz-1 characters
5349 - * will be copied. Always NUL terminates (unless siz == 0).
5350 - * Returns strlen(src); if retval >= siz, truncation occurred.
5351 - */
5352 -size_t strlcpy(dst, src, siz)
5353 - char *dst;
5354 - const char *src;
5355 - size_t siz;
5356 -{
5357 - register char *d = dst;
5358 - register const char *s = src;
5359 - register size_t n = siz;
5360 -
5361 - /* Copy as many bytes as will fit */
5362 - if (n != 0 && --n != 0) {
5363 - do {
5364 - if ((*d++ = *s++) == 0)
5365 - break;
5366 - } while (--n != 0);
5367 - }
5368 -
5369 - /* Not enough room in dst, add NUL and traverse rest of src */
5370 - if (n == 0) {
5371 - if (siz != 0)
5372 - *d = '\0'; /* NUL-terminate dst */
5373 - while (*s++)
5374 - ;
5375 - }
5376 -
5377 - return(s - src - 1); /* count does not include NUL */
5378 -}
5379 -
5380 -#endif
5381
5382
5383
5384 1.1 src/patchsets/skey/1.1.5/02_all_login_name_max.patch
5385
5386 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/02_all_login_name_max.patch?rev=1.1&view=markup
5387 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/02_all_login_name_max.patch?rev=1.1&content-type=text/plain
5388
5389 Index: 02_all_login_name_max.patch
5390 ===================================================================
5391 https://bugs.gentoo.org/33315
5392 glibc 2.2.x does not define LOGIN_NAME_MAX
5393 (12 Nov 2003) -taviso@g.o
5394
5395 --- skey-1.1.5.orig/skeyinit.c
5396 +++ skey-1.1.5/skeyinit.c
5397 @@ -62,6 +62,11 @@
5398 #define SKEY_NAMELEN 4
5399 #endif
5400
5401 +/* #33315 */
5402 +#ifndef LOGIN_NAME_MAX
5403 +#define LOGIN_NAME_MAX 256
5404 +#endif
5405 +
5406 int main __P((int, char **));
5407
5408 int main(int argc, char **argv)
5409
5410
5411
5412 1.1 src/patchsets/skey/1.1.5/03_all_fPIC.patch
5413
5414 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/03_all_fPIC.patch?rev=1.1&view=markup
5415 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/03_all_fPIC.patch?rev=1.1&content-type=text/plain
5416
5417 Index: 03_all_fPIC.patch
5418 ===================================================================
5419 --- skey-1.1.5-orig/Makefile.in
5420 +++ skey-1.1.5/Makefile.in
5421 @@ -50,6 +50,9 @@
5422
5423 ${LIBOBJS}: config.h
5424
5425 +${LIBOBJS}: %.o: %.c
5426 + ${CC} ${CFLAGS} -fPIC -c $< -o $@
5427 +
5428 libskey.a: ${LIBOBJS}
5429 ${AR} rv $@ ${LIBOBJS}
5430 ${RANLIB} $@
5431
5432
5433
5434 1.1 src/patchsets/skey/1.1.5/04_all_bind-now.patch
5435
5436 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/04_all_bind-now.patch?rev=1.1&view=markup
5437 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/04_all_bind-now.patch?rev=1.1&content-type=text/plain
5438
5439 Index: 04_all_bind-now.patch
5440 ===================================================================
5441 --- skey-1.1.5-orig/Makefile.in
5442 +++ skey-1.1.5/Makefile.in
5443 @@ -67,10 +67,10 @@
5444 ${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS}
5445
5446 skeyinit: libskey.so ${SKEYINITOBJS}
5447 - ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS}
5448 + ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} -Wl,-z,now
5449
5450 skeyinfo: libskey.so ${SKEYINFOOBJS}
5451 - ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS}
5452 + ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS} -Wl,-z,now
5453
5454 ${MANPAGES} ${SCRIPTS}::
5455 ${FIXPATHSCMD} ${srcdir}/$@
5456
5457
5458
5459 1.1 src/patchsets/skey/1.1.5/05_all_otp.patch
5460
5461 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/05_all_otp.patch?rev=1.1&view=markup
5462 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/05_all_otp.patch?rev=1.1&content-type=text/plain
5463
5464 Index: 05_all_otp.patch
5465 ===================================================================
5466 https://bugs.gentoo.org/71015
5467 allow invokation as otp-foo.
5468 (03 Mar 2005) -taviso.
5469
5470 --- skey-1.1.5.orig/skey.c
5471 +++ skey-1.1.5/skey.c
5472 @@ -46,6 +46,17 @@
5473 char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
5474 char buf[33], *seed, *slash, *t;
5475
5476 + /* If we were called as otp-METHOD, set algorithm based on that */
5477 + if ((slash = strrchr(argv[0], '/')))
5478 + slash++;
5479 + else
5480 + slash = argv[0];
5481 + if (strncmp(slash, "otp-", 4) == 0) {
5482 + slash += 4;
5483 + if (skey_set_algorithm(slash) == NULL)
5484 + errx(1, "Unknown hash algorithm %s", slash);
5485 + }
5486 +
5487 while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) {
5488 switch(i) {
5489 case 'f':
5490 --- skey-1.1.5.orig/skey.1
5491 +++ skey-1.1.5/skey.1
5492 @@ -6,7 +6,7 @@
5493 .Dt SKEY 1
5494 .Os
5495 .Sh NAME
5496 -.Nm skey
5497 +.Nm skey, otp-md4, otp-md5, otp-sha1
5498 .Nd respond to an OTP challenge
5499 .Sh SYNOPSIS
5500 .Nm
5501 @@ -34,6 +34,17 @@
5502 or
5503 .Xr ftpd 8 .
5504 .Pp
5505 +When
5506 +.Nm skey
5507 +is invoked as
5508 +.Nm otp-method ,
5509 +.Nm skey
5510 +will use
5511 +.Ar method
5512 +as the hash function where
5513 +.Ar method
5514 +is currently one of md4, md5, or sha1.
5515 +.Pp
5516 Example use of the
5517 .Em S/Key
5518 program
5519
5520
5521
5522 1.1 src/patchsets/skey/1.1.5/06_all_binary-search.patch
5523
5524 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/06_all_binary-search.patch?rev=1.1&view=markup
5525 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/06_all_binary-search.patch?rev=1.1&content-type=text/plain
5526
5527 Index: 06_all_binary-search.patch
5528 ===================================================================
5529 Fix binary search.
5530
5531 --- skey-1.1.5-orig/put.c
5532 +++ skey-1.1.5/put.c
5533 @@ -2206,27 +2206,17 @@
5534 {
5535 int i, j;
5536
5537 - for (;;) {
5538 + while (low <= high) {
5539 i = (low + high) / 2;
5540
5541 if ((j = strncmp(w, Wp[i], 4)) == 0)
5542 return i; /* Found it */
5543 - if (high == low + 1)
5544 - {
5545 - /* Avoid effects of integer truncation in /2 */
5546 - if (strncmp(w, Wp[high], 4) == 0)
5547 - return high;
5548 - else
5549 - return -1;
5550 - }
5551 -
5552 - if (low >= high)
5553 - return -1; /* I don't *think* this can happen... */
5554 if (j < 0)
5555 - high = i; /* Search lower half */
5556 + high = i - 1; /* Search lower half */
5557 else
5558 - low = i; /* Search upper half */
5559 + low = i + 1; /* Search upper half */
5560 }
5561 + return -1;
5562 }
5563
5564 static void insert(char *s, int x, int start, int length)
5565
5566
5567
5568 1.1 src/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch
5569
5570 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch?rev=1.1&view=markup
5571 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch?rev=1.1&content-type=text/plain
5572
5573 Index: 07_all_skeyprune-dir.patch
5574 ===================================================================
5575 skeyprune won't honour @sysconfdir@
5576
5577 --- skey-1.1.5-orig/skeyprune.pl
5578 +++ skey-1.1.5/skeyprune.pl
5579 @@ -14,7 +14,7 @@
5580 die "Usage: $0 [days]\n" if $#ARGC > 0;
5581
5582 # Pathnames
5583 -$keyfile = '/etc/skeykeys';
5584 +$keyfile = '/etc/skey/skeykeys';
5585 $temp = "$keyfile.tmp$$";
5586
5587 # Quick mapping of month name -> number
5588
5589
5590
5591 1.1 src/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch
5592
5593 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch?rev=1.1&view=markup
5594 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch?rev=1.1&content-type=text/plain
5595
5596 Index: 08_all_skeyprune-regex.patch
5597 ===================================================================
5598 skeyprune uses a case sensitive regex to check for zeroed entries
5599
5600 --- skey-1.1.5-orig/skeyprune.pl
5601 +++ skey-1.1.5/skeyprune.pl
5602 @@ -37,7 +37,7 @@
5603
5604 while (<OLD>) {
5605 # Ignore commented out entries
5606 - if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/ ) {
5607 + if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/i ) {
5608 /((Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+)$/;
5609
5610 # Prune out old entries if asked to
5611
5612
5613
5614 1.1 src/patchsets/skey/1.1.5/09_all_man_default-md5.patch
5615
5616 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/09_all_man_default-md5.patch?rev=1.1&view=markup
5617 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/09_all_man_default-md5.patch?rev=1.1&content-type=text/plain
5618
5619 Index: 09_all_man_default-md5.patch
5620 ===================================================================
5621 https://bugs.gentoo.org/64971
5622 skey(1) and skeyinit(1) describe md4 as the default hash algorithm,
5623 which is no longer the case.
5624
5625 --- skey-1.1.5-orig/skey.1
5626 +++ skey-1.1.5/skey.1
5627 @@ -27,7 +27,7 @@
5628 .Pp
5629 .Em S/Key
5630 uses 64 bits of information, transformed by the
5631 -.Tn MD4
5632 +.Tn MD5
5633 algorithm into 6 English words.
5634 The user supplies the words to authenticate himself to programs like
5635 .Xr login 1
5636 --- skey-1.1.5-orig/skeyinit.1 2012-01-04 20:24:22.000000000 +0100
5637 +++ skey-1.1.5/skeyinit.1 2012-01-04 20:31:13.000000000 +0100
5638 @@ -47,7 +47,7 @@
5639 (default is 100).
5640 .It Fl t Ar hash
5641 Selects the hash algorithm to use.
5642 -Available choices are md4 (the default), md5 or sha1.
5643 +Available choices are md4, md5 (the default) or sha1.
5644 .It Ar user
5645 The username to be changed/added.
5646 By default the current user is operated on, only root may
5647
5648
5649
5650 1.1 src/patchsets/skey/1.1.5/10_all_man_libpath.patch
5651
5652 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/10_all_man_libpath.patch?rev=1.1&view=markup
5653 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/skey/1.1.5/10_all_man_libpath.patch?rev=1.1&content-type=text/plain
5654
5655 Index: 10_all_man_libpath.patch
5656 ===================================================================
5657 skey(3): shared library is in /lib; we don't install a profiling library
5658
5659 --- skey-1.1.5-orig/skey.3
5660 +++ skey-1.1.5/skey.3
5661 @@ -245,10 +245,8 @@
5662 .Bl -tag -width /usr/lib/libskey_p.a -compact
5663 .It Pa /usr/lib/libskey.a
5664 static skey library
5665 -.It Pa /usr/lib/libskey.so
5666 +.It Pa /lib/libskey.so
5667 dynamic skey library
5668 -.It Pa /usr/lib/libskey_p.a
5669 -static skey library compiled for profiling
5670 .El
5671 .Sh SEE ALSO
5672 .Xr skey 1 ,
Report Message
Find on MARC Find on Google Groups