diff options
| author |   Ulrich Müller <ulm@gentoo.org> | 2012-01-04 21:16:06 +0000 |
|---|---|---|
| committer | Ulrich Müller <ulm@gentoo.org> | 2013-02-15 11:58:08 +0100 |
| commit | 2946ef3ecc0b56c19d9e6edec8be94eb3b669137 (patch) | |
| tree | eebd19911ecd1a530b5c1a1f1c6be3da2ae2f77d | |
| parent | Fix buffer overflow in libmrm, bug 340249. (diff) | |
| download | ulm-2946ef3ecc0b56c19d9e6edec8be94eb3b669137.tar.gz ulm-2946ef3ecc0b56c19d9e6edec8be94eb3b669137.tar.bz2 ulm-2946ef3ecc0b56c19d9e6edec8be94eb3b669137.zip | |
Patchset for skey-1.1.5skey-1.1.5-patches-1
| -rw-r--r-- | patchsets/skey/1.1.5/01_all_gentoo.patch | 5358 | ||||
| -rw-r--r-- | patchsets/skey/1.1.5/02_all_login_name_max.patch | 18 | ||||
| -rw-r--r-- | patchsets/skey/1.1.5/03_all_fPIC.patch | 12 | ||||
| -rw-r--r-- | patchsets/skey/1.1.5/04_all_bind-now.patch | 15 | ||||
| -rw-r--r-- | patchsets/skey/1.1.5/05_all_otp.patch | 53 | ||||
| -rw-r--r-- | patchsets/skey/1.1.5/06_all_binary-search.patch | 36 | ||||
| -rw-r--r-- | patchsets/skey/1.1.5/07_all_skeyprune-dir.patch | 13 | ||||
| -rw-r--r-- | patchsets/skey/1.1.5/08_all_skeyprune-regex.patch | 13 | ||||
| -rw-r--r-- | patchsets/skey/1.1.5/09_all_man_default-md5.patch | 26 | ||||
| -rw-r--r-- | patchsets/skey/1.1.5/10_all_man_libpath.patch | 16 | ||||
| -rw-r--r-- | patchsets/skey/1.1.5/11_all_strncat-warning.patch | 11 |
11 files changed, 5571 insertions, 0 deletions
diff --git a/patchsets/skey/1.1.5/01_all_gentoo.patch b/patchsets/skey/1.1.5/01_all_gentoo.patch new file mode 100644 index 0000000..270fe6b --- /dev/null +++ b/patchsets/skey/1.1.5/01_all_gentoo.patch @@ -0,0 +1,5358 @@ +porting some updates to this skey implementation from the +NetBSD project, some other updates and fixes, and the addition +of some new features like shadow password and cracklib support. + (05 Nov 2003) -taviso@gentoo.org + +--- skey-1.1.5.orig/CHANGES 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/CHANGES 2003-11-06 17:46:45.000000000 +0000 +@@ -1,6 +1,19 @@ + *** Changes in version 1.1.5 + + - Bug fixes for errx/warnx ++(05/11/2003) taviso@gentoo.org ++ - ported some updates from the NetBSD project to Linux. ++ - removed a load of cast to voids. ++ - syntax changes. ++ - killing skeyaudit, using a shell script modified from NetBSD. ++ - cleanups to stop warnings with gcc. ++ - building a library for dynamic linking. ++ - swapping some str{cat,cpy} for strn{cat,cpy} ++ - killing rmd160 support. ++ - removing strlcpy function, not useful. ++ - quick hack for shadow support. ++ - quick hack for cracklib support. ++ - various other stuff. + + *** Changes in version 1.1.4 + +--- skey-1.1.5.orig/config.h.in 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/config.h.in 2003-11-06 17:46:45.000000000 +0000 +@@ -109,6 +109,9 @@ + /* Define if you have the strtol function. */ + #undef HAVE_STRTOL + ++/* Define if you have the <crack.h> header file. */ ++#undef HAVE_CRACK_H ++ + /* Define if you have the <crypt.h> header file. */ + #undef HAVE_CRYPT_H + +@@ -130,12 +133,12 @@ + /* Define if you have the <md5global.h> header file. */ + #undef HAVE_MD5GLOBAL_H + +-/* Define if you have the <rmd160.h> header file. */ +-#undef HAVE_RMD160_H +- + /* Define if you have the <sha1.h> header file. */ + #undef HAVE_SHA1_H + ++/* Define if you have the <shadow.h> header file. */ ++#undef HAVE_SHADOW_H ++ + /* Define if you have the <sys/cdefs.h> header file. */ + #undef HAVE_SYS_CDEFS_H + +--- skey-1.1.5.orig/configure 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/configure 2003-11-06 17:47:49.000000000 +0000 +@@ -960,47 +960,11 @@ + echo "$ac_t""no" 1>&6 + fi + +-# Extract the first word of "sendmail", so it can be a program name with args. +-set dummy sendmail; ac_word=$2 +-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:967: checking for $ac_word" >&5 +-if eval "test \"`echo '$''{'ac_cv_path_SENDMAIL'+set}'`\" = set"; then +- echo $ac_n "(cached) $ac_c" 1>&6 +-else +- case "$SENDMAIL" in +- /*) +- ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a path. +- ;; +- ?:/*) +- ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a dos path. +- ;; +- *) +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" +- ac_dummy="$PATH:/usr/sbin:/usr/lib:/usr/bin" +- for ac_dir in $ac_dummy; do +- test -z "$ac_dir" && ac_dir=. +- if test -f $ac_dir/$ac_word; then +- ac_cv_path_SENDMAIL="$ac_dir/$ac_word" +- break +- fi +- done +- IFS="$ac_save_ifs" +- test -z "$ac_cv_path_SENDMAIL" && ac_cv_path_SENDMAIL="/usr/lib/sendmail" +- ;; +-esac +-fi +-SENDMAIL="$ac_cv_path_SENDMAIL" +-if test -n "$SENDMAIL"; then +- echo "$ac_t""$SENDMAIL" 1>&6 +-else +- echo "$ac_t""no" 1>&6 +-fi +- + + + + echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 +-echo "configure:1004: checking for crypt in -lcrypt" >&5 ++echo "configure:968: checking for crypt in -lcrypt" >&5 + ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1008,7 +972,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lcrypt $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1012 "configure" ++#line 976 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1019,7 +983,7 @@ + crypt() + ; return 0; } + EOF +-if { (eval echo configure:1023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1040,7 +1004,7 @@ + fi + + echo $ac_n "checking for flock in -lucb""... $ac_c" 1>&6 +-echo "configure:1044: checking for flock in -lucb" >&5 ++echo "configure:1008: checking for flock in -lucb" >&5 + ac_lib_var=`echo ucb'_'flock | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1048,7 +1012,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lucb $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1052 "configure" ++#line 1016 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1059,7 +1023,7 @@ + flock() + ; return 0; } + EOF +-if { (eval echo configure:1063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1079,10 +1043,50 @@ + echo "$ac_t""no" 1>&6 + fi + ++echo $ac_n "checking for FascistCheck in -lcrack""... $ac_c" 1>&6 ++echo "configure:1048: checking for FascistCheck in -lcrack" >&5 ++ac_lib_var=`echo crack'_'FascistCheck | sed 'y%./+-%__p_%'` ++if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ ac_save_LIBS="$LIBS" ++LIBS="-lcrack $LIBS" ++cat > conftest.$ac_ext <<EOF ++#line 1056 "configure" ++#include "confdefs.h" ++/* Override any gcc2 internal prototype to avoid an error. */ ++/* We use char because int might match the return type of a gcc2 ++ builtin and then its argument prototype would still apply. */ ++char FascistCheck(); ++ ++int main() { ++FascistCheck() ++; return 0; } ++EOF ++if { (eval echo configure:1067: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++ rm -rf conftest* ++ eval "ac_cv_lib_$ac_lib_var=yes" ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ eval "ac_cv_lib_$ac_lib_var=no" ++fi ++rm -f conftest* ++LIBS="$ac_save_LIBS" ++ ++fi ++if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then ++ echo "$ac_t""yes" 1>&6 ++ LIBS="$LIBS -lcrack" ++else ++ echo "$ac_t""no" 1>&6 ++fi ++ + + + echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +-echo "configure:1086: checking how to run the C preprocessor" >&5 ++echo "configure:1090: checking how to run the C preprocessor" >&5 + # On Suns, sometimes $CPP names a directory. + if test -n "$CPP" && test -d "$CPP"; then + CPP= +@@ -1097,13 +1101,13 @@ + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext <<EOF +-#line 1101 "configure" ++#line 1105 "configure" + #include "confdefs.h" + #include <assert.h> + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1107: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1114,13 +1118,13 @@ + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext <<EOF +-#line 1118 "configure" ++#line 1122 "configure" + #include "confdefs.h" + #include <assert.h> + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1124: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1131,13 +1135,13 @@ + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext <<EOF +-#line 1135 "configure" ++#line 1139 "configure" + #include "confdefs.h" + #include <assert.h> + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1141: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1162,12 +1166,12 @@ + echo "$ac_t""$CPP" 1>&6 + + echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +-echo "configure:1166: checking for ANSI C header files" >&5 ++echo "configure:1170: checking for ANSI C header files" >&5 + if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1171 "configure" ++#line 1175 "configure" + #include "confdefs.h" + #include <stdlib.h> + #include <stdarg.h> +@@ -1175,7 +1179,7 @@ + #include <float.h> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1179: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1183: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -1192,7 +1196,7 @@ + if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat > conftest.$ac_ext <<EOF +-#line 1196 "configure" ++#line 1200 "configure" + #include "confdefs.h" + #include <string.h> + EOF +@@ -1210,7 +1214,7 @@ + if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat > conftest.$ac_ext <<EOF +-#line 1214 "configure" ++#line 1218 "configure" + #include "confdefs.h" + #include <stdlib.h> + EOF +@@ -1231,7 +1235,7 @@ + : + else + cat > conftest.$ac_ext <<EOF +-#line 1235 "configure" ++#line 1239 "configure" + #include "confdefs.h" + #include <ctype.h> + #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +@@ -1242,7 +1246,7 @@ + exit (0); } + + EOF +-if { (eval echo configure:1246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:1250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + : + else +@@ -1266,12 +1270,12 @@ + fi + + echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 +-echo "configure:1270: checking for sys/wait.h that is POSIX.1 compatible" >&5 ++echo "configure:1274: checking for sys/wait.h that is POSIX.1 compatible" >&5 + if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1275 "configure" ++#line 1279 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/wait.h> +@@ -1287,7 +1291,7 @@ + s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; + ; return 0; } + EOF +-if { (eval echo configure:1291: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_sys_wait_h=yes + else +@@ -1307,21 +1311,21 @@ + + fi + +-for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h ++for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:1315: checking for $ac_hdr" >&5 ++echo "configure:1319: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1320 "configure" ++#line 1324 "configure" + #include "confdefs.h" + #include <$ac_hdr> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1325: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1329: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -1349,12 +1353,12 @@ + + + echo $ac_n "checking for working const""... $ac_c" 1>&6 +-echo "configure:1353: checking for working const" >&5 ++echo "configure:1357: checking for working const" >&5 + if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1358 "configure" ++#line 1362 "configure" + #include "confdefs.h" + + int main() { +@@ -1403,7 +1407,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:1407: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1411: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_const=yes + else +@@ -1424,14 +1428,14 @@ + fi + + echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 +-echo "configure:1428: checking whether byte ordering is bigendian" >&5 ++echo "configure:1432: checking whether byte ordering is bigendian" >&5 + if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_cv_c_bigendian=unknown + # See if sys/param.h defines the BYTE_ORDER macro. + cat > conftest.$ac_ext <<EOF +-#line 1435 "configure" ++#line 1439 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/param.h> +@@ -1442,11 +1446,11 @@ + #endif + ; return 0; } + EOF +-if { (eval echo configure:1446: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1450: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + # It does; now see whether it defined to BIG_ENDIAN or not. + cat > conftest.$ac_ext <<EOF +-#line 1450 "configure" ++#line 1454 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/param.h> +@@ -1457,7 +1461,7 @@ + #endif + ; return 0; } + EOF +-if { (eval echo configure:1461: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1465: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_bigendian=yes + else +@@ -1477,7 +1481,7 @@ + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } + else + cat > conftest.$ac_ext <<EOF +-#line 1481 "configure" ++#line 1485 "configure" + #include "confdefs.h" + main () { + /* Are we little or big endian? From Harbison&Steele. */ +@@ -1490,7 +1494,7 @@ + exit (u.c[sizeof (long) - 1] == 1); + } + EOF +-if { (eval echo configure:1494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:1498: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_c_bigendian=no + else +@@ -1514,12 +1518,12 @@ + fi + + echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 +-echo "configure:1518: checking for uid_t in sys/types.h" >&5 ++echo "configure:1522: checking for uid_t in sys/types.h" >&5 + if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1523 "configure" ++#line 1527 "configure" + #include "confdefs.h" + #include <sys/types.h> + EOF +@@ -1548,12 +1552,12 @@ + fi + + echo $ac_n "checking for off_t""... $ac_c" 1>&6 +-echo "configure:1552: checking for off_t" >&5 ++echo "configure:1556: checking for off_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1557 "configure" ++#line 1561 "configure" + #include "confdefs.h" + #include <sys/types.h> + #if STDC_HEADERS +@@ -1581,12 +1585,12 @@ + fi + + echo $ac_n "checking for size_t""... $ac_c" 1>&6 +-echo "configure:1585: checking for size_t" >&5 ++echo "configure:1589: checking for size_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1590 "configure" ++#line 1594 "configure" + #include "confdefs.h" + #include <sys/types.h> + #if STDC_HEADERS +@@ -1614,12 +1618,12 @@ + fi + + echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6 +-echo "configure:1618: checking whether struct tm is in sys/time.h or time.h" >&5 ++echo "configure:1622: checking whether struct tm is in sys/time.h or time.h" >&5 + if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1623 "configure" ++#line 1627 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <time.h> +@@ -1627,7 +1631,7 @@ + struct tm *tp; tp->tm_sec; + ; return 0; } + EOF +-if { (eval echo configure:1631: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1635: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_struct_tm=time.h + else +@@ -1649,7 +1653,7 @@ + + + echo $ac_n "checking size of char""... $ac_c" 1>&6 +-echo "configure:1653: checking size of char" >&5 ++echo "configure:1657: checking size of char" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_char'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1657,7 +1661,7 @@ + ac_cv_sizeof_char=1 + else + cat > conftest.$ac_ext <<EOF +-#line 1661 "configure" ++#line 1665 "configure" + #include "confdefs.h" + #include <stdio.h> + main() +@@ -1668,7 +1672,7 @@ + exit(0); + } + EOF +-if { (eval echo configure:1672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:1676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_char=`cat conftestval` + else +@@ -1688,7 +1692,7 @@ + + + echo $ac_n "checking size of short int""... $ac_c" 1>&6 +-echo "configure:1692: checking size of short int" >&5 ++echo "configure:1696: checking size of short int" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_short_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1696,7 +1700,7 @@ + ac_cv_sizeof_short_int=2 + else + cat > conftest.$ac_ext <<EOF +-#line 1700 "configure" ++#line 1704 "configure" + #include "confdefs.h" + #include <stdio.h> + main() +@@ -1707,7 +1711,7 @@ + exit(0); + } + EOF +-if { (eval echo configure:1711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:1715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_short_int=`cat conftestval` + else +@@ -1727,7 +1731,7 @@ + + + echo $ac_n "checking size of int""... $ac_c" 1>&6 +-echo "configure:1731: checking size of int" >&5 ++echo "configure:1735: checking size of int" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1735,7 +1739,7 @@ + ac_cv_sizeof_int=4 + else + cat > conftest.$ac_ext <<EOF +-#line 1739 "configure" ++#line 1743 "configure" + #include "confdefs.h" + #include <stdio.h> + main() +@@ -1746,7 +1750,7 @@ + exit(0); + } + EOF +-if { (eval echo configure:1750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:1754: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_int=`cat conftestval` + else +@@ -1766,7 +1770,7 @@ + + + echo $ac_n "checking size of long int""... $ac_c" 1>&6 +-echo "configure:1770: checking size of long int" >&5 ++echo "configure:1774: checking size of long int" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_long_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1774,7 +1778,7 @@ + ac_cv_sizeof_long_int=4 + else + cat > conftest.$ac_ext <<EOF +-#line 1778 "configure" ++#line 1782 "configure" + #include "confdefs.h" + #include <stdio.h> + main() +@@ -1785,7 +1789,7 @@ + exit(0); + } + EOF +-if { (eval echo configure:1789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:1793: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_long_int=`cat conftestval` + else +@@ -1805,7 +1809,7 @@ + + + echo $ac_n "checking size of long long int""... $ac_c" 1>&6 +-echo "configure:1809: checking size of long long int" >&5 ++echo "configure:1813: checking size of long long int" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_long_long_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1813,7 +1817,7 @@ + ac_cv_sizeof_long_long_int=8 + else + cat > conftest.$ac_ext <<EOF +-#line 1817 "configure" ++#line 1821 "configure" + #include "confdefs.h" + #include <stdio.h> + main() +@@ -1824,7 +1828,7 @@ + exit(0); + } + EOF +-if { (eval echo configure:1828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:1832: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_long_long_int=`cat conftestval` + else +@@ -1854,7 +1858,7 @@ + fi + CFLAGS="$CFLAGS -D_HPUX_SOURCE" + echo $ac_n "checking for HPUX trusted system password database""... $ac_c" 1>&6 +-echo "configure:1858: checking for HPUX trusted system password database" >&5 ++echo "configure:1862: checking for HPUX trusted system password database" >&5 + if test -f /tcb/files/auth/system/default; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +@@ -1903,16 +1907,16 @@ + + + echo $ac_n "checking for intXX_t types""... $ac_c" 1>&6 +-echo "configure:1907: checking for intXX_t types" >&5 ++echo "configure:1911: checking for intXX_t types" >&5 + cat > conftest.$ac_ext <<EOF +-#line 1909 "configure" ++#line 1913 "configure" + #include "confdefs.h" + #include <sys/types.h> + int main() { + int16_t a; int32_t b; a = 1235; b = 1235; + ; return 0; } + EOF +-if { (eval echo configure:1916: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1920: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + + cat >> confdefs.h <<\EOF +@@ -1932,16 +1936,16 @@ + rm -f conftest* + + echo $ac_n "checking for u_intXX_t types""... $ac_c" 1>&6 +-echo "configure:1936: checking for u_intXX_t types" >&5 ++echo "configure:1940: checking for u_intXX_t types" >&5 + cat > conftest.$ac_ext <<EOF +-#line 1938 "configure" ++#line 1942 "configure" + #include "confdefs.h" + #include <sys/types.h> + int main() { + u_int16_t c; u_int32_t d; c = 1235; d = 1235; + ; return 0; } + EOF +-if { (eval echo configure:1945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + + cat >> confdefs.h <<\EOF +@@ -1964,9 +1968,9 @@ + "x$ac_cv_header_sys_bitypes_h" = "xyes" + then + echo $ac_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h""... $ac_c" 1>&6 +-echo "configure:1968: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 ++echo "configure:1972: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 + cat > conftest.$ac_ext <<EOF +-#line 1970 "configure" ++#line 1974 "configure" + #include "confdefs.h" + #include <sys/bitypes.h> + int main() { +@@ -1978,7 +1982,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:1982: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1986: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + + cat >> confdefs.h <<\EOF +@@ -2002,16 +2006,16 @@ + fi + + echo $ac_n "checking for uintXX_t types""... $ac_c" 1>&6 +-echo "configure:2006: checking for uintXX_t types" >&5 ++echo "configure:2010: checking for uintXX_t types" >&5 + cat > conftest.$ac_ext <<EOF +-#line 2008 "configure" ++#line 2012 "configure" + #include "confdefs.h" + #include <sys/types.h> + int main() { + uint16_t c; uint32_t d; c = 1235; d = 1235; + ; return 0; } + EOF +-if { (eval echo configure:2015: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2019: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + + cat >> confdefs.h <<\EOF +@@ -2054,7 +2058,7 @@ + + + echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6 +-echo "configure:2058: checking for 8-bit clean memcmp" >&5 ++echo "configure:2062: checking for 8-bit clean memcmp" >&5 + if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -2062,7 +2066,7 @@ + ac_cv_func_memcmp_clean=no + else + cat > conftest.$ac_ext <<EOF +-#line 2066 "configure" ++#line 2070 "configure" + #include "confdefs.h" + + main() +@@ -2072,7 +2076,7 @@ + } + + EOF +-if { (eval echo configure:2076: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_func_memcmp_clean=yes + else +@@ -2090,12 +2094,12 @@ + test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}" + + echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 +-echo "configure:2094: checking return type of signal handlers" >&5 ++echo "configure:2098: checking return type of signal handlers" >&5 + if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2099 "configure" ++#line 2103 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <signal.h> +@@ -2112,7 +2116,7 @@ + int i; + ; return 0; } + EOF +-if { (eval echo configure:2116: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2120: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_signal=void + else +@@ -2131,12 +2135,12 @@ + + + echo $ac_n "checking for strftime""... $ac_c" 1>&6 +-echo "configure:2135: checking for strftime" >&5 ++echo "configure:2139: checking for strftime" >&5 + if eval "test \"`echo '$''{'ac_cv_func_strftime'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2140 "configure" ++#line 2144 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char strftime(); below. */ +@@ -2159,7 +2163,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:2163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2167: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_strftime=yes" + else +@@ -2181,7 +2185,7 @@ + echo "$ac_t""no" 1>&6 + # strftime is in -lintl on SCO UNIX. + echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6 +-echo "configure:2185: checking for strftime in -lintl" >&5 ++echo "configure:2189: checking for strftime in -lintl" >&5 + ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2189,7 +2193,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lintl $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 2193 "configure" ++#line 2197 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -2200,7 +2204,7 @@ + strftime() + ; return 0; } + EOF +-if { (eval echo configure:2204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2227,12 +2231,12 @@ + fi + + echo $ac_n "checking for vprintf""... $ac_c" 1>&6 +-echo "configure:2231: checking for vprintf" >&5 ++echo "configure:2235: checking for vprintf" >&5 + if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2236 "configure" ++#line 2240 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char vprintf(); below. */ +@@ -2255,7 +2259,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:2259: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2263: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_vprintf=yes" + else +@@ -2279,12 +2283,12 @@ + + if test "$ac_cv_func_vprintf" != yes; then + echo $ac_n "checking for _doprnt""... $ac_c" 1>&6 +-echo "configure:2283: checking for _doprnt" >&5 ++echo "configure:2287: checking for _doprnt" >&5 + if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2288 "configure" ++#line 2292 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char _doprnt(); below. */ +@@ -2307,7 +2311,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:2311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2315: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func__doprnt=yes" + else +@@ -2334,12 +2338,12 @@ + for ac_func in gethostname strcspn strdup strerror strspn strtol flock fcntl lockf strlcpy setusercontext + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:2338: checking for $ac_func" >&5 ++echo "configure:2342: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2343 "configure" ++#line 2347 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -2362,7 +2366,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:2366: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2370: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +--- skey-1.1.5.orig/configure.in 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/configure.in 2003-11-06 17:47:14.000000000 +0000 +@@ -9,19 +9,19 @@ + AC_CHECK_PROG(AR, ar, ar) + AC_PATH_PROG(PERL, perl) + AC_PATH_PROG(TOUCH, touch) +-AC_PATH_PROG(SENDMAIL, sendmail, /usr/lib/sendmail, $PATH:/usr/sbin:/usr/lib:/usr/bin) + AC_SUBST(PERL) + AC_SUBST(SENDMAIL) + + dnl Checks for libraries. + AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") + AC_CHECK_LIB(ucb, flock, LIBS="$LIBS -lucb" LDFLAGS="$LDFLAGS -L/usr/ucblib") ++AC_CHECK_LIB(crack, FascistCheck, LIBS="$LIBS -lcrack") + + + dnl Checks for header files. + AC_HEADER_STDC + AC_HEADER_SYS_WAIT +-AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h) ++AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h) + + dnl Checks for typedefs, structures, and compiler characteristics. + AC_C_CONST +--- skey-1.1.5.orig/login_cap.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/login_cap.c 2003-11-06 17:46:45.000000000 +0000 +@@ -37,6 +37,7 @@ + #include <errno.h> + #include <unistd.h> + #include <pwd.h> ++#include <grp.h> + #include <syslog.h> + + /* +--- skey-1.1.5.orig/Makefile.in 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/Makefile.in 2003-11-06 17:47:42.000000000 +0000 +@@ -27,12 +27,11 @@ + TOUCH=@TOUCH@ + LDFLAGS=-L. @LDFLAGS@ + +-TARGETS=skey skeyinit skeyinfo skeyaudit +-LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o rmd160.o rmd160hl.o sha1.o sha1hl.o flock.o strlcpy.o login_cap.o ++TARGETS=skey skeyinit skeyinfo libskey.a ++LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o sha1.o sha1hl.o flock.o login_cap.o + SKEYOBJS=skey.o + SKEYINITOBJS=skeyinit.o + SKEYINFOOBJS=skeyinfo.o +-SKEYAUDITOBJS=skeyaudit.o + + + SCRIPTS=skeyprune.pl +@@ -41,11 +40,11 @@ + CATMAN = skey.0 skeyinit.0 skeyinfo.0 skeyaudit.0 skeyprune.0 + MANPAGES = @MANTYPE@ + +-PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} -D/usr/lib/sendmail=${SENDMAIL} ++PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} + + FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) + +-HDRS= skey.h sha1.h rmd160.h ++HDRS= skey.h sha1.h + + all: ${TARGETS} ${MANPAGES} + +@@ -55,24 +54,27 @@ + ${AR} rv $@ ${LIBOBJS} + ${RANLIB} $@ + +-skey: libskey.a ${SKEYOBJS} ++libskey.so: ${LIBOBJS} ++ ${CC} ${LDFLAGS} -shared -Wl,-soname,libskey.so.1 -o libskey.so.1.1.5 ${LIBOBJS} ++ ln -fs libskey.so.1.1.5 libskey.so ++ ln -fs libskey.so.1.1.5 libskey.so.1 ++ ln -fs libskey.so.1.1.5 libskey.so.1.1 ++ ++skey: libskey.so ${SKEYOBJS} + ${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS} + +-skeyinit: libskey.a ${SKEYINITOBJS} ++skeyinit: libskey.so ${SKEYINITOBJS} + ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} + +-skeyinfo: libskey.a ${SKEYINFOOBJS} ++skeyinfo: libskey.so ${SKEYINFOOBJS} + ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS} + +-skeyaudit: libskey.a ${SKEYAUDITOBJS} +- ${CC} -o $@ ${SKEYAUDITOBJS} ${LDFLAGS} -lskey ${LIBS} +- + ${MANPAGES} ${SCRIPTS}:: + ${FIXPATHSCMD} ${srcdir}/$@ + + clean: + rm -f *.o *.a ${TARGETS} config.status config.cache config.log +- rm -f *.out core ++ rm -f *.out core *.so *.so.* + + distclean: clean + rm -f Makefile config.h core *~ +@@ -97,6 +99,10 @@ + $(INSTALL) -d $(DESTDIR)$(includedir) + $(INSTALL) -d $(DESTDIR)$(sysconfdir) + ${INSTALL_DATA} libskey.a $(DESTDIR)$(libdir) ++ ${INSTALL_DATA} libskey.so.1.1.5 $(DESTDIR)$(libdir) ++ ${INSTALL_DATA} libskey.so.1.1 $(DESTDIR)$(libdir) ++ ${INSTALL_DATA} libskey.so.1 $(DESTDIR)$(libdir) ++ ${INSTALL_DATA} libskey.so $(DESTDIR)$(libdir) + ${INSTALL_DATA} ${HDRS} $(DESTDIR)$(includedir) + @for target in ${TARGETS}; do \ + ${INSTALL_PROGRAM} $$target $(DESTDIR)$(bindir); \ +@@ -119,9 +125,9 @@ + -rm -f $(DESTDIR)$(bindir)/skeyaudit + -rm -f $(DESTDIR)$(bindir)/skeyprune + -rm -f $(DESTDIR)$(libdir)/libskey.a ++ -rm -f $(DESTDIR)$(libdir)/libskey.so* + -rm -f $(DESTDIR)$(includedir)/skey.h + -rm -f $(DESTDIR)$(includedir)/sha1.h +- -rm -f $(DESTDIR)$(includedir)/rmd160.h + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skey.1 + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinfo.1 + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinit.1 +--- skey-1.1.5.orig/put.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/put.c 2003-11-06 17:46:45.000000000 +0000 +@@ -14,7 +14,7 @@ + #include <stdio.h> + #include <string.h> + #include <assert.h> +-/*#include <ctype.h>*/ ++#include <ctype.h> + #include "config.h" + + #include "skey.h" +@@ -22,10 +22,10 @@ + static unsigned int extract __P ((char *s, int start, int length)); + static void standard __P ((char *word)); + static void insert __P ((char *s, int x, int start, int length)); +-static int wsrch __P ((char *w, int low, int high)); ++static int wsrch __P ((const char *w, int low, int high)); + + /* Dictionary for integer-word translations */ +-static char Wp[2048][4] = { ++char Wp[2048][4] = { + "A", + "ABE", + "ACE", +@@ -2079,19 +2079,13 @@ + /* Encode 8 bytes in 'c' as a string of English words. + * Returns a pointer to a static buffer + */ +-char * +-btoe(engout, c) +- char *c; +- char *engout; ++char *btoe(char *engout, const char *c) + { +- char cp[10]; /* add in room for the parity 2 bits + extract() slop */ ++ char cp[9]; /* add in room for the parity 2 bits */ + int p, i; + + engout[0] = '\0'; +- +- /* workaround for extract() reads beyond end of data */ +- (void)memset(cp, 0, sizeof(cp)); +- (void)memcpy(cp, c, 8); ++ memcpy(cp, c, 8); + + /* compute parity */ + for (p = 0, i = 0; i < 64; i += 2) +@@ -2099,20 +2093,20 @@ + + cp[8] = (char)p << 6; + +- (void)strncat(engout, &Wp[extract (cp, 0, 11)][0], 4); +- (void)strcat(engout, " "); +- (void)strncat(engout, &Wp[extract (cp, 11, 11)][0], 4); +- (void)strcat(engout, " "); +- (void)strncat(engout, &Wp[extract (cp, 22, 11)][0], 4); +- (void)strcat(engout, " "); +- (void)strncat(engout, &Wp[extract (cp, 33, 11)][0], 4); +- (void)strcat(engout, " "); +- (void)strncat(engout, &Wp[extract (cp, 44, 11)][0], 4); +- (void)strcat(engout, " "); +- (void)strncat(engout, &Wp[extract (cp, 55, 11)][0], 4); ++ strncat(engout, &Wp[extract (cp, 0, 11)][0], 4); ++ strcat(engout, " "); ++ strncat(engout, &Wp[extract (cp, 11, 11)][0], 4); ++ strcat(engout, " "); ++ strncat(engout, &Wp[extract (cp, 22, 11)][0], 4); ++ strcat(engout, " "); ++ strncat(engout, &Wp[extract (cp, 33, 11)][0], 4); ++ strcat(engout, " "); ++ strncat(engout, &Wp[extract (cp, 44, 11)][0], 4); ++ strcat(engout, " "); ++ strncat(engout, &Wp[extract (cp, 55, 11)][0], 4); + + #ifdef notdef +- (void)fprintf(stderr, "engout is %s\n\r", engout); ++ printf ("engout is %s\n\r", engout); + #endif + return(engout); + } +@@ -2123,41 +2117,42 @@ + * -1 badly formed in put ie > 4 char word + * -2 words OK but parity is wrong + */ +-int +-etob(out, e) +- char *out; +- char *e; ++int etob(char *out, const char *e) + { + char *word; + int i, p, v, l, low, high; +- char b[SKEY_BINKEY_SIZE+1]; ++ char b[9]; + char input[36]; ++ char *last; + + if (e == NULL) +- return(-1); ++ return -1; + +- (void)strncpy(input, e, sizeof(input) - 1); +- input[sizeof(input) - 1] = '\0'; +- (void)memset(b, 0, sizeof(b)); +- (void)memset(out, 0, SKEY_BINKEY_SIZE); +- for (i = 0, p = 0; i < 6; i++, p += 11) { +- if ((word = strtok(i == 0 ? input : NULL, " ")) == NULL) +- return(-1); +- +- l = strlen(word); +- if (l > 4 || l < 1) { +- return(-1); +- } else if (l < 4) { ++ strncpy (input, e, sizeof(input)); ++ memset(b, 0, sizeof(b)); ++ memset(out, 0, 8); ++ for (i = 0, p = 0; i < 6; i++, p += 11) ++ { ++ if ((word = strtok_r(i == 0 ? input : NULL, " ", &last)) == NULL) ++ return -1; ++ ++ l = strlen (word); ++ if (l > 4 || l < 1) ++ return -1; ++ else if (l < 4) ++ { + low = 0; + high = 570; +- } else { ++ } ++ else ++ { + low = 571; + high = 2047; + } + standard(word); + + if ((v = wsrch(word, low, high)) < 0) +- return(0); ++ return 0; + + insert(b, v, p, 11); + } +@@ -2167,55 +2162,47 @@ + p += extract (b, i, 2); + + if ((p & 3) != extract (b, 64, 2)) +- return(-2); ++ return -2; + +- (void)memcpy(out, b, SKEY_BINKEY_SIZE); ++ memcpy(out, b, 8); + +- return(1); ++ return 1; + } + + /* Display 8 bytes as a series of 16-bit hex digits */ +-char * +-put8(out, s) +- char *out; +- char *s; ++char *put8(char *out, const char *s) + { +- (void)sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X", ++ sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X", + s[0] & 0xff, s[1] & 0xff, s[2] & 0xff, + s[3] & 0xff, s[4] & 0xff, s[5] & 0xff, + s[6] & 0xff, s[7] & 0xff); +- return(out); ++ return out; + } + + #ifdef notdef + /* Encode 8 bytes in 'cp' as stream of ascii letters. + * Provided as a possible alternative to btoe() + */ +-char * +-btoc(cp) +- char *cp; ++char *btoc(char *cp) + { + int i; + static char out[31]; + + /* code out put by characters 6 bits each added to 0x21 (!) */ +- for (i = 0; i <= 10; i++) { ++ for (i = 0; i <= 10; i++) ++ { + /* last one is only 4 bits not 6 */ + out[i] = '!' + extract (cp, 6 * i, i >= 10 ? 4 : 6); + } + out[i] = '\0'; +- return(out); ++ return out; + } + #endif + + /* Internal subroutines for word encoding/decoding */ + + /* Dictionary binary search */ +-static int +-wsrch(w, low, high) +- char *w; +- int low; +- int high; ++static int wsrch(const char *w, int low, int high) + { + int i, j; + +@@ -2223,18 +2210,18 @@ + i = (low + high) / 2; + + if ((j = strncmp(w, Wp[i], 4)) == 0) +- return(i); /* Found it */ +- +- if (high == low + 1) { ++ return i; /* Found it */ ++ if (high == low + 1) ++ { + /* Avoid effects of integer truncation in /2 */ + if (strncmp(w, Wp[high], 4) == 0) +- return(high); ++ return high; + else +- return(-1); ++ return -1; + } + + if (low >= high) +- return(-1); /* I don't *think* this can happen... */ ++ return -1; /* I don't *think* this can happen... */ + if (j < 0) + high = i; /* Search lower half */ + else +@@ -2242,12 +2229,7 @@ + } + } + +-static void +-insert(s, x, start, length) +- char *s; +- int x; +- int start; +- int length; ++static void insert(char *s, int x, int start, int length) + { + unsigned char cl; + unsigned char cc; +@@ -2261,25 +2243,28 @@ + assert(start + length <= 66); + + shift = ((8 - ((start + length) % 8)) % 8); +- y = x << shift; ++ y = (int) x << shift; + cl = (y >> 16) & 0xff; + cc = (y >> 8) & 0xff; + cr = y & 0xff; +- if (shift + length > 16) { ++ if (shift + length > 16) ++ { + s[start / 8] |= cl; + s[start / 8 + 1] |= cc; + s[start / 8 + 2] |= cr; +- } else if (shift + length > 8) { ++ } ++ else if (shift + length > 8) ++ { + s[start / 8] |= cc; + s[start / 8 + 1] |= cr; +- } else { ++ } ++ else ++ { + s[start / 8] |= cr; + } + } + +-static void +-standard(word) +- register char *word; ++static void standard(char *word) + { + while (*word) { + if (!isascii(*word)) +@@ -2297,11 +2282,7 @@ + } + + /* Extract 'length' bits from the char array 's' starting with bit 'start' */ +-static unsigned int +-extract(s, start, length) +- char *s; +- int start; +- int length; ++static unsigned int extract(char *s, int start, int length) + { + unsigned char cl; + unsigned char cc; +@@ -2320,5 +2301,5 @@ + x = x >> (24 - (length + (start % 8))); + x = (x & (0xffff >> (16 - length))); + +- return(x); ++ return x; + } +--- skey-1.1.5.orig/rmd160.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/rmd160.c 1970-01-01 01:00:00.000000000 +0100 +@@ -1,428 +0,0 @@ +-/********************************************************************\ +- * +- * FILE: rmd160.c +- * +- * CONTENTS: A sample C-implementation of the RIPEMD-160 +- * hash-function. +- * TARGET: any computer with an ANSI C compiler +- * +- * AUTHOR: Antoon Bosselaers, ESAT-COSIC +- * (Arranged for libc by Todd C. Miller) +- * DATE: 1 March 1996 +- * VERSION: 1.0 +- * +- * Copyright (c) Katholieke Universiteit Leuven +- * 1996, All Rights Reserved +- * +-\********************************************************************/ +-#ifndef HAVE_RMD160_H +- +-/* header files */ +-#include <stdio.h> +-#include <stdlib.h> +-#include <string.h> +-#include <sys/types.h> +-#include "config.h" +-#include "rmd160.h" +- +-/********************************************************************/ +- +-/* macro definitions */ +- +-/* collect four bytes into one word: */ +-#define BYTES_TO_DWORD(strptr) \ +- (((u_int32_t) *((strptr)+3) << 24) | \ +- ((u_int32_t) *((strptr)+2) << 16) | \ +- ((u_int32_t) *((strptr)+1) << 8) | \ +- ((u_int32_t) *(strptr))) +- +-/* ROL(x, n) cyclically rotates x over n bits to the left */ +-/* x must be of an unsigned 32 bits type and 0 <= n < 32. */ +-#define ROL(x, n) (((x) << (n)) | ((x) >> (32-(n)))) +- +-/* the three basic functions F(), G() and H() */ +-#define F(x, y, z) ((x) ^ (y) ^ (z)) +-#define G(x, y, z) (((x) & (y)) | (~(x) & (z))) +-#define H(x, y, z) (((x) | ~(y)) ^ (z)) +-#define I(x, y, z) (((x) & (z)) | ((y) & ~(z))) +-#define J(x, y, z) ((x) ^ ((y) | ~(z))) +- +-/* the eight basic operations FF() through III() */ +-#define FF(a, b, c, d, e, x, s) { \ +- (a) += F((b), (c), (d)) + (x); \ +- (a) = ROL((a), (s)) + (e); \ +- (c) = ROL((c), 10); \ +-} +-#define GG(a, b, c, d, e, x, s) { \ +- (a) += G((b), (c), (d)) + (x) + 0x5a827999U; \ +- (a) = ROL((a), (s)) + (e); \ +- (c) = ROL((c), 10); \ +-} +-#define HH(a, b, c, d, e, x, s) { \ +- (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1U; \ +- (a) = ROL((a), (s)) + (e); \ +- (c) = ROL((c), 10); \ +-} +-#define II(a, b, c, d, e, x, s) { \ +- (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcU; \ +- (a) = ROL((a), (s)) + (e); \ +- (c) = ROL((c), 10); \ +-} +-#define JJ(a, b, c, d, e, x, s) { \ +- (a) += J((b), (c), (d)) + (x) + 0xa953fd4eU; \ +- (a) = ROL((a), (s)) + (e); \ +- (c) = ROL((c), 10); \ +-} +-#define FFF(a, b, c, d, e, x, s) { \ +- (a) += F((b), (c), (d)) + (x); \ +- (a) = ROL((a), (s)) + (e); \ +- (c) = ROL((c), 10); \ +-} +-#define GGG(a, b, c, d, e, x, s) { \ +- (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9U; \ +- (a) = ROL((a), (s)) + (e); \ +- (c) = ROL((c), 10); \ +-} +-#define HHH(a, b, c, d, e, x, s) { \ +- (a) += H((b), (c), (d)) + (x) + 0x6d703ef3U; \ +- (a) = ROL((a), (s)) + (e); \ +- (c) = ROL((c), 10); \ +-} +-#define III(a, b, c, d, e, x, s) { \ +- (a) += I((b), (c), (d)) + (x) + 0x5c4dd124U; \ +- (a) = ROL((a), (s)) + (e); \ +- (c) = ROL((c), 10); \ +-} +-#define JJJ(a, b, c, d, e, x, s) { \ +- (a) += J((b), (c), (d)) + (x) + 0x50a28be6U; \ +- (a) = ROL((a), (s)) + (e); \ +- (c) = ROL((c), 10); \ +-} +- +-/********************************************************************/ +- +-void +-RMD160Init(context) +- RMD160_CTX *context; +-{ +- +- /* ripemd-160 initialization constants */ +- context->state[0] = 0x67452301U; +- context->state[1] = 0xefcdab89U; +- context->state[2] = 0x98badcfeU; +- context->state[3] = 0x10325476U; +- context->state[4] = 0xc3d2e1f0U; +- context->length[0] = context->length[1] = 0; +- context->buflen = 0; +-} +- +-/********************************************************************/ +- +-void +-RMD160Transform(state, block) +- u_int32_t state[5]; +- const u_int32_t block[16]; +-{ +- u_int32_t aa = state[0], bb = state[1], cc = state[2], +- dd = state[3], ee = state[4]; +- u_int32_t aaa = state[0], bbb = state[1], ccc = state[2], +- ddd = state[3], eee = state[4]; +- +- /* round 1 */ +- FF(aa, bb, cc, dd, ee, block[ 0], 11); +- FF(ee, aa, bb, cc, dd, block[ 1], 14); +- FF(dd, ee, aa, bb, cc, block[ 2], 15); +- FF(cc, dd, ee, aa, bb, block[ 3], 12); +- FF(bb, cc, dd, ee, aa, block[ 4], 5); +- FF(aa, bb, cc, dd, ee, block[ 5], 8); +- FF(ee, aa, bb, cc, dd, block[ 6], 7); +- FF(dd, ee, aa, bb, cc, block[ 7], 9); +- FF(cc, dd, ee, aa, bb, block[ 8], 11); +- FF(bb, cc, dd, ee, aa, block[ 9], 13); +- FF(aa, bb, cc, dd, ee, block[10], 14); +- FF(ee, aa, bb, cc, dd, block[11], 15); +- FF(dd, ee, aa, bb, cc, block[12], 6); +- FF(cc, dd, ee, aa, bb, block[13], 7); +- FF(bb, cc, dd, ee, aa, block[14], 9); +- FF(aa, bb, cc, dd, ee, block[15], 8); +- +- /* round 2 */ +- GG(ee, aa, bb, cc, dd, block[ 7], 7); +- GG(dd, ee, aa, bb, cc, block[ 4], 6); +- GG(cc, dd, ee, aa, bb, block[13], 8); +- GG(bb, cc, dd, ee, aa, block[ 1], 13); +- GG(aa, bb, cc, dd, ee, block[10], 11); +- GG(ee, aa, bb, cc, dd, block[ 6], 9); +- GG(dd, ee, aa, bb, cc, block[15], 7); +- GG(cc, dd, ee, aa, bb, block[ 3], 15); +- GG(bb, cc, dd, ee, aa, block[12], 7); +- GG(aa, bb, cc, dd, ee, block[ 0], 12); +- GG(ee, aa, bb, cc, dd, block[ 9], 15); +- GG(dd, ee, aa, bb, cc, block[ 5], 9); +- GG(cc, dd, ee, aa, bb, block[ 2], 11); +- GG(bb, cc, dd, ee, aa, block[14], 7); +- GG(aa, bb, cc, dd, ee, block[11], 13); +- GG(ee, aa, bb, cc, dd, block[ 8], 12); +- +- /* round 3 */ +- HH(dd, ee, aa, bb, cc, block[ 3], 11); +- HH(cc, dd, ee, aa, bb, block[10], 13); +- HH(bb, cc, dd, ee, aa, block[14], 6); +- HH(aa, bb, cc, dd, ee, block[ 4], 7); +- HH(ee, aa, bb, cc, dd, block[ 9], 14); +- HH(dd, ee, aa, bb, cc, block[15], 9); +- HH(cc, dd, ee, aa, bb, block[ 8], 13); +- HH(bb, cc, dd, ee, aa, block[ 1], 15); +- HH(aa, bb, cc, dd, ee, block[ 2], 14); +- HH(ee, aa, bb, cc, dd, block[ 7], 8); +- HH(dd, ee, aa, bb, cc, block[ 0], 13); +- HH(cc, dd, ee, aa, bb, block[ 6], 6); +- HH(bb, cc, dd, ee, aa, block[13], 5); +- HH(aa, bb, cc, dd, ee, block[11], 12); +- HH(ee, aa, bb, cc, dd, block[ 5], 7); +- HH(dd, ee, aa, bb, cc, block[12], 5); +- +- /* round 4 */ +- II(cc, dd, ee, aa, bb, block[ 1], 11); +- II(bb, cc, dd, ee, aa, block[ 9], 12); +- II(aa, bb, cc, dd, ee, block[11], 14); +- II(ee, aa, bb, cc, dd, block[10], 15); +- II(dd, ee, aa, bb, cc, block[ 0], 14); +- II(cc, dd, ee, aa, bb, block[ 8], 15); +- II(bb, cc, dd, ee, aa, block[12], 9); +- II(aa, bb, cc, dd, ee, block[ 4], 8); +- II(ee, aa, bb, cc, dd, block[13], 9); +- II(dd, ee, aa, bb, cc, block[ 3], 14); +- II(cc, dd, ee, aa, bb, block[ 7], 5); +- II(bb, cc, dd, ee, aa, block[15], 6); +- II(aa, bb, cc, dd, ee, block[14], 8); +- II(ee, aa, bb, cc, dd, block[ 5], 6); +- II(dd, ee, aa, bb, cc, block[ 6], 5); +- II(cc, dd, ee, aa, bb, block[ 2], 12); +- +- /* round 5 */ +- JJ(bb, cc, dd, ee, aa, block[ 4], 9); +- JJ(aa, bb, cc, dd, ee, block[ 0], 15); +- JJ(ee, aa, bb, cc, dd, block[ 5], 5); +- JJ(dd, ee, aa, bb, cc, block[ 9], 11); +- JJ(cc, dd, ee, aa, bb, block[ 7], 6); +- JJ(bb, cc, dd, ee, aa, block[12], 8); +- JJ(aa, bb, cc, dd, ee, block[ 2], 13); +- JJ(ee, aa, bb, cc, dd, block[10], 12); +- JJ(dd, ee, aa, bb, cc, block[14], 5); +- JJ(cc, dd, ee, aa, bb, block[ 1], 12); +- JJ(bb, cc, dd, ee, aa, block[ 3], 13); +- JJ(aa, bb, cc, dd, ee, block[ 8], 14); +- JJ(ee, aa, bb, cc, dd, block[11], 11); +- JJ(dd, ee, aa, bb, cc, block[ 6], 8); +- JJ(cc, dd, ee, aa, bb, block[15], 5); +- JJ(bb, cc, dd, ee, aa, block[13], 6); +- +- /* parallel round 1 */ +- JJJ(aaa, bbb, ccc, ddd, eee, block[ 5], 8); +- JJJ(eee, aaa, bbb, ccc, ddd, block[14], 9); +- JJJ(ddd, eee, aaa, bbb, ccc, block[ 7], 9); +- JJJ(ccc, ddd, eee, aaa, bbb, block[ 0], 11); +- JJJ(bbb, ccc, ddd, eee, aaa, block[ 9], 13); +- JJJ(aaa, bbb, ccc, ddd, eee, block[ 2], 15); +- JJJ(eee, aaa, bbb, ccc, ddd, block[11], 15); +- JJJ(ddd, eee, aaa, bbb, ccc, block[ 4], 5); +- JJJ(ccc, ddd, eee, aaa, bbb, block[13], 7); +- JJJ(bbb, ccc, ddd, eee, aaa, block[ 6], 7); +- JJJ(aaa, bbb, ccc, ddd, eee, block[15], 8); +- JJJ(eee, aaa, bbb, ccc, ddd, block[ 8], 11); +- JJJ(ddd, eee, aaa, bbb, ccc, block[ 1], 14); +- JJJ(ccc, ddd, eee, aaa, bbb, block[10], 14); +- JJJ(bbb, ccc, ddd, eee, aaa, block[ 3], 12); +- JJJ(aaa, bbb, ccc, ddd, eee, block[12], 6); +- +- /* parallel round 2 */ +- III(eee, aaa, bbb, ccc, ddd, block[ 6], 9); +- III(ddd, eee, aaa, bbb, ccc, block[11], 13); +- III(ccc, ddd, eee, aaa, bbb, block[ 3], 15); +- III(bbb, ccc, ddd, eee, aaa, block[ 7], 7); +- III(aaa, bbb, ccc, ddd, eee, block[ 0], 12); +- III(eee, aaa, bbb, ccc, ddd, block[13], 8); +- III(ddd, eee, aaa, bbb, ccc, block[ 5], 9); +- III(ccc, ddd, eee, aaa, bbb, block[10], 11); +- III(bbb, ccc, ddd, eee, aaa, block[14], 7); +- III(aaa, bbb, ccc, ddd, eee, block[15], 7); +- III(eee, aaa, bbb, ccc, ddd, block[ 8], 12); +- III(ddd, eee, aaa, bbb, ccc, block[12], 7); +- III(ccc, ddd, eee, aaa, bbb, block[ 4], 6); +- III(bbb, ccc, ddd, eee, aaa, block[ 9], 15); +- III(aaa, bbb, ccc, ddd, eee, block[ 1], 13); +- III(eee, aaa, bbb, ccc, ddd, block[ 2], 11); +- +- /* parallel round 3 */ +- HHH(ddd, eee, aaa, bbb, ccc, block[15], 9); +- HHH(ccc, ddd, eee, aaa, bbb, block[ 5], 7); +- HHH(bbb, ccc, ddd, eee, aaa, block[ 1], 15); +- HHH(aaa, bbb, ccc, ddd, eee, block[ 3], 11); +- HHH(eee, aaa, bbb, ccc, ddd, block[ 7], 8); +- HHH(ddd, eee, aaa, bbb, ccc, block[14], 6); +- HHH(ccc, ddd, eee, aaa, bbb, block[ 6], 6); +- HHH(bbb, ccc, ddd, eee, aaa, block[ 9], 14); +- HHH(aaa, bbb, ccc, ddd, eee, block[11], 12); +- HHH(eee, aaa, bbb, ccc, ddd, block[ 8], 13); +- HHH(ddd, eee, aaa, bbb, ccc, block[12], 5); +- HHH(ccc, ddd, eee, aaa, bbb, block[ 2], 14); +- HHH(bbb, ccc, ddd, eee, aaa, block[10], 13); +- HHH(aaa, bbb, ccc, ddd, eee, block[ 0], 13); +- HHH(eee, aaa, bbb, ccc, ddd, block[ 4], 7); +- HHH(ddd, eee, aaa, bbb, ccc, block[13], 5); +- +- /* parallel round 4 */ +- GGG(ccc, ddd, eee, aaa, bbb, block[ 8], 15); +- GGG(bbb, ccc, ddd, eee, aaa, block[ 6], 5); +- GGG(aaa, bbb, ccc, ddd, eee, block[ 4], 8); +- GGG(eee, aaa, bbb, ccc, ddd, block[ 1], 11); +- GGG(ddd, eee, aaa, bbb, ccc, block[ 3], 14); +- GGG(ccc, ddd, eee, aaa, bbb, block[11], 14); +- GGG(bbb, ccc, ddd, eee, aaa, block[15], 6); +- GGG(aaa, bbb, ccc, ddd, eee, block[ 0], 14); +- GGG(eee, aaa, bbb, ccc, ddd, block[ 5], 6); +- GGG(ddd, eee, aaa, bbb, ccc, block[12], 9); +- GGG(ccc, ddd, eee, aaa, bbb, block[ 2], 12); +- GGG(bbb, ccc, ddd, eee, aaa, block[13], 9); +- GGG(aaa, bbb, ccc, ddd, eee, block[ 9], 12); +- GGG(eee, aaa, bbb, ccc, ddd, block[ 7], 5); +- GGG(ddd, eee, aaa, bbb, ccc, block[10], 15); +- GGG(ccc, ddd, eee, aaa, bbb, block[14], 8); +- +- /* parallel round 5 */ +- FFF(bbb, ccc, ddd, eee, aaa, block[12] , 8); +- FFF(aaa, bbb, ccc, ddd, eee, block[15] , 5); +- FFF(eee, aaa, bbb, ccc, ddd, block[10] , 12); +- FFF(ddd, eee, aaa, bbb, ccc, block[ 4] , 9); +- FFF(ccc, ddd, eee, aaa, bbb, block[ 1] , 12); +- FFF(bbb, ccc, ddd, eee, aaa, block[ 5] , 5); +- FFF(aaa, bbb, ccc, ddd, eee, block[ 8] , 14); +- FFF(eee, aaa, bbb, ccc, ddd, block[ 7] , 6); +- FFF(ddd, eee, aaa, bbb, ccc, block[ 6] , 8); +- FFF(ccc, ddd, eee, aaa, bbb, block[ 2] , 13); +- FFF(bbb, ccc, ddd, eee, aaa, block[13] , 6); +- FFF(aaa, bbb, ccc, ddd, eee, block[14] , 5); +- FFF(eee, aaa, bbb, ccc, ddd, block[ 0] , 15); +- FFF(ddd, eee, aaa, bbb, ccc, block[ 3] , 13); +- FFF(ccc, ddd, eee, aaa, bbb, block[ 9] , 11); +- FFF(bbb, ccc, ddd, eee, aaa, block[11] , 11); +- +- /* combine results */ +- ddd += cc + state[1]; /* final result for state[0] */ +- state[1] = state[2] + dd + eee; +- state[2] = state[3] + ee + aaa; +- state[3] = state[4] + aa + bbb; +- state[4] = state[0] + bb + ccc; +- state[0] = ddd; +-} +- +-/********************************************************************/ +- +-void +-RMD160Update(context, data, nbytes) +- RMD160_CTX *context; +- const u_char *data; +- u_int32_t nbytes; +-{ +- u_int32_t X[16]; +- u_int32_t ofs = 0; +- u_int32_t i; +-#ifdef WORDS_BIGENDIAN +- u_int32_t j; +-#endif +- +- /* update length[] */ +- if (context->length[0] + nbytes < context->length[0]) +- context->length[1]++; /* overflow to msb of length */ +- context->length[0] += nbytes; +- +- (void)memset(X, 0, sizeof(X)); +- +- if ( context->buflen + nbytes < 64 ) +- { +- (void)memcpy(context->bbuffer + context->buflen, data, nbytes); +- context->buflen += nbytes; +- } +- else +- { +- /* process first block */ +- ofs = 64 - context->buflen; +- (void)memcpy(context->bbuffer + context->buflen, data, ofs); +-#ifndef WORDS_BIGENDIAN +- (void)memcpy(X, context->bbuffer, sizeof(X)); +-#else +- for (j=0; j < 16; j++) +- X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j)); +-#endif +- RMD160Transform(context->state, X); +- nbytes -= ofs; +- +- /* process remaining complete blocks */ +- for (i = 0; i < (nbytes >> 6); i++) { +-#ifndef WORDS_BIGENDIAN +- (void)memcpy(X, data + (64 * i) + ofs, sizeof(X)); +-#else +- for (j=0; j < 16; j++) +- X[j] = BYTES_TO_DWORD(data + (64 * i) + (4 * j) + ofs); +-#endif +- RMD160Transform(context->state, X); +- } +- +- /* +- * Put last bytes from data into context's buffer +- */ +- context->buflen = nbytes & 63; +- memcpy(context->bbuffer, data + (64 * i) + ofs, context->buflen); +- } +-} +- +-/********************************************************************/ +- +-void +-RMD160Final(digest, context) +- u_char digest[20]; +- RMD160_CTX *context; +-{ +- u_int32_t i; +- u_int32_t X[16]; +-#ifdef WORDS_BIGENDIAN +- u_int32_t j; +-#endif +- +- /* append the bit m_n == 1 */ +- context->bbuffer[context->buflen] = '\200'; +- +- (void)memset(context->bbuffer + context->buflen + 1, 0, +- 63 - context->buflen); +-#ifndef WORDS_BIGENDIAN +- (void)memcpy(X, context->bbuffer, sizeof(X)); +-#else +- for (j=0; j < 16; j++) +- X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j)); +-#endif +- if ((context->buflen) > 55) { +- /* length goes to next block */ +- RMD160Transform(context->state, X); +- (void)memset(X, 0, sizeof(X)); +- } +- +- /* append length in bits */ +- X[14] = context->length[0] << 3; +- X[15] = (context->length[0] >> 29) | +- (context->length[1] << 3); +- RMD160Transform(context->state, X); +- +- if (digest != NULL) { +- for (i = 0; i < 20; i += 4) { +- /* extracts the 8 least significant bits. */ +- digest[i] = context->state[i>>2]; +- digest[i + 1] = (context->state[i>>2] >> 8); +- digest[i + 2] = (context->state[i>>2] >> 16); +- digest[i + 3] = (context->state[i>>2] >> 24); +- } +- } +-} +- +-/************************ end of file rmd160.c **********************/ +-#endif +--- skey-1.1.5.orig/rmd160.h 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/rmd160.h 1970-01-01 01:00:00.000000000 +0100 +@@ -1,48 +0,0 @@ +-/* $OpenBSD: rmd160.h,v 1.4 1999/08/16 09:59:04 millert Exp $ */ +- +-/********************************************************************\ +- * +- * FILE: rmd160.h +- * +- * CONTENTS: Header file for a sample C-implementation of the +- * RIPEMD-160 hash-function. +- * TARGET: any computer with an ANSI C compiler +- * +- * AUTHOR: Antoon Bosselaers, ESAT-COSIC +- * DATE: 1 March 1996 +- * VERSION: 1.0 +- * +- * Copyright (c) Katholieke Universiteit Leuven +- * 1996, All Rights Reserved +- * +-\********************************************************************/ +- +-#ifndef _RMD160_H /* make sure this file is read only once */ +-#define _RMD160_H +- +-/********************************************************************/ +- +-/* structure definitions */ +- +-typedef struct { +- u_int32_t state[5]; /* state (ABCDE) */ +- u_int32_t length[2]; /* number of bits */ +- u_char bbuffer[64]; /* overflow buffer */ +- u_int32_t buflen; /* number of chars in bbuffer */ +-} RMD160_CTX; +- +-/********************************************************************/ +- +-/* function prototypes */ +- +-void RMD160Init __P((RMD160_CTX *context)); +-void RMD160Transform __P((u_int32_t state[5], const u_int32_t block[16])); +-void RMD160Update __P((RMD160_CTX *context, const u_char *data, u_int32_t nbytes)); +-void RMD160Final __P((u_char digest[20], RMD160_CTX *context)); +-char *RMD160End __P((RMD160_CTX *, char *)); +-char *RMD160File __P((char *, char *)); +-char *RMD160Data __P((const u_char *, size_t, char *)); +- +-#endif /* _RMD160_H */ +- +-/*********************** end of file rmd160.h ***********************/ +--- skey-1.1.5.orig/rmd160hl.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/rmd160hl.c 1970-01-01 01:00:00.000000000 +0100 +@@ -1,85 +0,0 @@ +-/* rmd160hl.c +- * ---------------------------------------------------------------------------- +- * "THE BEER-WARE LICENSE" (Revision 42): +- * <phk@login.dkuug.dk> wrote this file. As long as you retain this notice you +- * can do whatever you want with this stuff. If we meet some day, and you think +- * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp +- * ---------------------------------------------------------------------------- +- */ +- +-#if defined(LIBC_SCCS) && !defined(lint) +-static char rcsid[] = "$OpenBSD: rmd160hl.c,v 1.2 1999/08/17 09:13:12 millert Exp $"; +-#endif /* LIBC_SCCS and not lint */ +- +-#include <stdlib.h> +-#include <stdio.h> +-#include <errno.h> +-#include <fcntl.h> +-#include <sys/types.h> +-#include <sys/uio.h> +-#include <unistd.h> +-#include "config.h" +-#ifdef HAVE_RMD160_H +-#include <rmd160.h> +-#else +-#include "rmd160.h" +-#endif +- +-/* ARGSUSED */ +-char * +-RMD160End(ctx, buf) +- RMD160_CTX *ctx; +- char *buf; +-{ +- int i; +- char *p = buf; +- u_char digest[20]; +- static const char hex[]="0123456789abcdef"; +- +- if (p == NULL && (p = malloc(41)) == NULL) +- return 0; +- +- RMD160Final(digest,ctx); +- for (i = 0; i < 20; i++) { +- p[i + i] = hex[digest[i] >> 4]; +- p[i + i + 1] = hex[digest[i] & 0x0f]; +- } +- p[i + i] = '\0'; +- return(p); +-} +- +-char * +-RMD160File (filename, buf) +- char *filename; +- char *buf; +-{ +- u_char buffer[BUFSIZ]; +- RMD160_CTX ctx; +- int fd, num, oerrno; +- +- RMD160Init(&ctx); +- +- if ((fd = open(filename, O_RDONLY)) < 0) +- return(0); +- +- while ((num = read(fd, buffer, sizeof(buffer))) > 0) +- RMD160Update(&ctx, buffer, num); +- +- oerrno = errno; +- close(fd); +- errno = oerrno; +- return(num < 0 ? 0 : RMD160End(&ctx, buf)); +-} +- +-char * +-RMD160Data (data, len, buf) +- const u_char *data; +- size_t len; +- char *buf; +-{ +- RMD160_CTX ctx; +- +- RMD160Init(&ctx); +- RMD160Update(&ctx, data, len); +- return(RMD160End(&ctx, buf)); +-} +--- skey-1.1.5.orig/skey.1 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skey.1 2003-11-06 17:46:45.000000000 +0000 +@@ -1,95 +1,165 @@ +-.\" $OpenBSD: skey.1,v 1.21 2000/11/09 17:52:38 aaron Exp $ +-.\" @(#)skey.1 1.1 10/28/93 ++.\" $NetBSD: skey.1,v 1.21 2003/09/07 16:22:24 wiz Exp $ + .\" +-.Dd October 28, 1993 ++.\" from: @(#)skey.1 1.1 10/28/93 ++.\" ++.Dd July 25, 2001 + .Dt SKEY 1 + .Os + .Sh NAME +-.Nm skey, otp-md4, otp-md5, otp-sha1, otp-rmd160 ++.Nm skey + .Nd respond to an OTP challenge + .Sh SYNOPSIS +-.Nm skey +-.Op Fl x +-.Oo +-.Fl md4 | Fl md5 | Fl sha1 | +-.Fl rmd160 +-.Oc ++.Nm + .Op Fl n Ar count +-.Op Fl p Ar passwd +-<sequence#>[/] key ++.Op Fl p Ar password ++.Op Fl t Ar hash ++.Op Fl x ++.Ar sequence# ++.Op / ++.Ar key + .Sh DESCRIPTION +-.Nm S/key +-is a procedure for using one-time passwords to authenticate access to +-computer systems. +-It uses 64 bits of information transformed by the +-MD4, MD5, SHA1, or RIPEMD-160 algorithms. +-The user supplies the 64 bits +-in the form of 6 English words that are generated by a secure computer. +-This implementation of +-.Nm s/key +-is RFC 1938 compliant. ++.Em S/Key ++is a One Time Password (OTP) authentication system. ++It is intended to be used when the communication channel between ++a user and host is not secure (e.g. not encrypted or hardwired). ++Since each password is used only once, even if it is "seen" by a ++hostile third party, it cannot be used again to gain access to the host. + .Pp +-When +-.Nm skey +-is invoked as +-.Nm otp-method , +-.Nm skey +-will use +-.Ar method +-as the hash function where +-.Ar method +-is currently one of md4, md5, sha1, or rmd160. ++.Em S/Key ++uses 64 bits of information, transformed by the ++.Tn MD4 ++algorithm into 6 English words. ++The user supplies the words to authenticate himself to programs like ++.Xr login 1 ++or ++.Xr ftpd 8 . ++.Pp ++Example use of the ++.Em S/Key ++program ++.Nm : ++.Bd -literal -offset indent ++% skey 99 th91334 ++Enter password: \*[Lt]your secret password is entered here\*[Gt] ++OMEN US HORN OMIT BACK AHOY ++% ++.Ed ++.Pp ++The string that is given back by ++.Nm ++can then be used to log into a system. ++.Pp ++The programs that are part of the ++.Em S/Key ++system are: ++.Bl -tag -width skeyauditxxx ++.It Xr skeyinit 1 ++used to set up your ++.Em S/Key . ++.It Nm ++used to get the one time password(s). ++.It Xr skeyinfo 1 ++used to initialize the ++.Em S/Key ++database for the specified user. ++It also tells the user what the next challenge will be. ++.It Xr skeyaudit 1 ++used to inform users that they will soon have to rerun ++.Xr skeyinit 1 . ++.El + .Pp +-If you misspell your password while running +-.Nm skey , ++When you run ++.Xr skeyinit 1 ++you inform the system of your ++secret password. ++Running ++.Nm ++then generates the ++one-time password(s), after requiring your secret password. ++If however, you misspell your secret password that you have given to ++.Xr skeyinit 1 ++while running ++.Xr skey 1 + you will get a list of passwords +-that will not work, and no indication of the problem. ++that will not work, and no indication about the problem. + .Pp +-Password sequence numbers count backwards. ++Password sequence numbers count backward from 99. + You can enter the passwords using small letters, even though +-.Nm skey ++.Xr skey 1 + prints them capitalized. + .Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl n Ar count +-Prints out ++The ++.Fl n Ar count ++argument asks for + .Ar count +-one-time passwords. +-The default is to print one. +-.It Fl p Ar password +-Uses +-.Ar password +-as the secret password. +-Use of this option is discouraged as +-your secret password could be visible in a process listing. +-.It Fl x +-Causes output to be in hexadecimal instead of ASCII. +-.It Fl md4 +-Selects MD4 as the hash algorithm. +-.It Fl md5 +-Selects MD5 as the hash algorithm. +-.It Fl sha1 +-Selects SHA-1 (NIST Secure Hash Algorithm Revision 1) as the hash algorithm. +-.It Fl rmd160 +-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm. +-.El ++password sequences to be printed out ending with the requested ++sequence number. ++.Pp ++The hash algorithm is selected using the ++.Fl t Ar hash ++option, possible choices here are md4, md5 or sha1. ++.Pp ++The ++.Fl p Ar password ++allows the user to specify the ++.Em S/Key ++password on the command line. ++.Pp ++To output the S/Key list in hexadecimal instead of words, ++use the ++.Fl x ++option. + .Sh EXAMPLES +-.sp 0 +- % skey 99 th91334 +-.sp 0 +- Enter secret password: <your secret password is entered here> +-.sp 0 +- OMEN US HORN OMIT BACK AHOY +-.sp 0 +- % ++Initialize generation of one time passwords: ++.Bd -literal -offset indent ++host% skeyinit ++Password: \*[Lt]normal login password\*[Gt] ++[Adding username] ++Enter secret password: \*[Lt]new secret password\*[Gt] ++Again secret password: \*[Lt]new secret password again\*[Gt] ++ID username s/key is 99 host12345 ++Next login password: SOME SIX WORDS THAT WERE COMPUTED ++.Ed ++.Pp ++Produce a list of one time passwords to take with to a conference: ++.Bd -literal -offset indent ++host% skey -n 3 99 host12345 ++Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt] ++97: NOSE FOOT RUSH FEAR GREY JUST ++98: YAWN LEO DEED BIND WACK BRAE ++99: SOME SIX WORDS THAT WERE COMPUTED ++.Ed ++.Pp ++Logging in to a host where ++.Nm ++is installed: ++.Bd -literal -offset indent ++host% telnet host ++ ++login: \*[Lt]username\*[Gt] ++Password [s/key 97 host12345]: ++.Ed ++.Pp ++Note that the user can use either his/her ++.Em S/Key ++password at the prompt but also the normal one unless the ++.Fl s ++flag is given to ++.Xr login 1 . + .Sh SEE ALSO + .Xr login 1 , ++.Xr skeyaudit 1 , + .Xr skeyinfo 1 , +-.Xr skeyinit 1 ++.Xr skeyinit 1 , ++.Xr ftpd 8 + .Pp +-.Em RFC1938 ++.Em RFC 2289 + .Sh TRADEMARKS AND PATENTS +-S/Key is a Trademark of Bellcore. ++.Em S/Key ++is a trademark of ++.Tn Bellcore . + .Sh AUTHORS +-Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin ++Phil Karn, ++Neil M. Haller, ++John S. Walden, ++Scott Chasin +--- skey-1.1.5.orig/skey.3 1970-01-01 01:00:00.000000000 +0100 ++++ skey-1.1.5/skey.3 2003-11-06 17:46:45.000000000 +0000 +@@ -0,0 +1,264 @@ ++.\" $NetBSD: skey.3,v 1.8 2003/06/06 13:42:50 wiz Exp $ ++.\" ++.\" Copyright (c) 2001 The NetBSD Foundation, Inc. ++.\" All rights reserved. ++.\" ++.\" This code is derived from software contributed to The NetBSD Foundation ++.\" by Gregory McGarry. ++.\" ++.\" Redistribution and use in source and binary forms, with or without ++.\" modification, are permitted provided that the following conditions ++.\" are met: ++.\" 1. Redistributions of source code must retain the above copyright ++.\" notice, this list of conditions and the following disclaimer. ++.\" 2. Redistributions in binary form must reproduce the above copyright ++.\" notice, this list of conditions and the following disclaimer in the ++.\" documentation and/or other materials provided with the distribution. ++.\" 3. All advertising materials mentioning features or use of this software ++.\" must display the following acknowledgement: ++.\" This product includes software developed by the NetBSD ++.\" Foundation, Inc. and its contributors. ++.\" 4. Neither the name of The NetBSD Foundation nor the names of its ++.\" contributors may be used to endorse or promote products derived ++.\" from this software without specific prior written permission. ++.\" ++.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS ++.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ++.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS ++.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ++.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ++.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ++.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ++.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ++.\" POSSIBILITY OF SUCH DAMAGE. ++.\" ++.Dd November 10, 2001 ++.Dt SKEY 3 ++.Os ++.Sh NAME ++.Nm skey , ++.Nm skeychallenge , ++.Nm skeylookup , ++.Nm skeygetnext , ++.Nm skeyverify , ++.Nm skeyzero , ++.Nm getskeyprompt , ++.Nm skey_set_algorithm , ++.Nm skey_get_algorithm , ++.Nm skey_haskey , ++.Nm skey_keyinfo , ++.Nm skey_passcheck , ++.Nm skey_authenticate ++.Nd one-time password (OTP) library ++.Sh LIBRARY ++S/key One-Time Password Library (libskey, -lskey) ++.Sh SYNOPSIS ++.In skey.h ++.Ft int ++.Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \ ++"size_t sslen" ++.Ft int ++.Fn skeylookup "struct skey *mp" "const char *name" ++.Ft int ++.Fn skeygetnext "struct skey *mp" ++.Ft int ++.Fn skeyverify "struct skey *mp" "char *response" ++.Ft int ++.Fn skeyzero "struct skey *mp" "char *response" ++.Ft int ++.Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt" ++.Ft const char * ++.Fn skey_set_algorithm "const char *new" ++.Ft const char * ++.Fn skey_get_algorithm "void" ++.Ft int ++.Fn skey_haskey "const char *username" ++.Ft const char * ++.Fn skey_keyinfo "const char *username" ++.Ft int ++.Fn skey_passcheck "const char *username" "char *passwd" ++.Ft int ++.Fn skey_authenticate "const char *username" ++.Ft void ++.Fn f "char *x" ++.Ft int ++.Fn keycrunch "char *result" "const char *seed" "const char *passwd" ++.Ft void ++.Fn rip "char *buf" ++.Ft char * ++.Fn readpass "char *buf " "int n" ++.Ft char * ++.Fn readskey "char *buf" "int n" ++.Ft int ++.Fn atob8 "char *out" "const char *in" ++.Ft int ++.Fn btoa8 "char *out" "const char *in" ++.Ft int ++.Fn htoi "int c" ++.Ft const char * ++.Fn skipspace "const char *cp" ++.Ft void ++.Fn backspace "char *buf" ++.Ft void ++.Fn sevenbit "char *buf" ++.Ft char * ++.Fn btoe "char *engout" "const char *c" ++.Ft int ++.Fn etob "char *out" "const char *e" ++.Ft char * ++.Fn put8 "char *out" "const char *s" ++.Sh DESCRIPTION ++The ++.Nm ++library provides routines for accessing ++.Nx Ns 's ++one-time password (OTP) authentication system. ++.Pp ++Most S/Key operations take a pointer to a ++.Em struct skey , ++which should be considered as an opaque identifier. ++.Sh FUNCTIONS ++The following high-level functions are available: ++.Bl -tag -width compact ++.It Fn skeychallenge "mp" "name" "ss" "sslen" ++Return a S/Key challenge for user ++.Fa name . ++If successful, the caller's skey structure ++.Fa mp ++is filled and 0 is returned. ++If unsuccessful (e.g. if name is unknown), ++\-1 is returned. ++.It Fn skeylookup "mp" "name" ++Find an entry for user ++.Fa name ++in the one-time password database. ++Returns 0 if the entry is found and 1 if the entry is not found. ++If an error occurs accessing the database, \-1 is returned. ++.It Fn skeygetnext "mp" ++Get the next entry in the one-time password database. ++Returns 0 on success and the entry is stored in ++.Ar mp ++and 1 if no more entries are available. ++If an error occurs accessing the database, \-1 is returned. ++.It Fn skeyverify "mp" "response" ++Verify response ++.Fa response ++to a S/Key challenge. ++Returns 0 if the verification is successful and 1 if the verification failed. ++If an error occurs accessing the database, \-1 is returned. ++.It Fn skeyzero "mp" "response" ++Comment out user's entry in the S/Key database. ++Returns 0 on success and the database is updated, ++otherwise \-1 is returned and the database remains unchanged. ++.It Fn getskeyprompt "mp" "name" "prompt" ++Issue a S/Key challenge for user ++.Ar name . ++If successful, fill in the caller's skey structure ++.Fa mp ++and return 0. ++If unsuccessful (e.g. if name is unknown) \-1 is returned. ++.El ++.Pp ++The following lower-level functions are available: ++.Bl -tag -width compact ++.It Fn skey_set_algorithm "new" ++Set hash algorithm type. ++Valid values for ++.Fa new ++are "md4", "md5" and "sha1". ++.It Fn skey_get_algorithm "void" ++Get current hash type. ++.It Fn skey_haskey "username" ++Returns 0 if the user ++.Fa username ++exists and 1 if the user doesn't exist. ++Returns \-1 on file error. ++.It Fn skey_keyinfo "username" ++Returns the current sequence number and seed for user ++.Ar username . ++.It Fn skey_passcheck "username" "passwd" ++Checks to see if answer is the correct one to the current challenge. ++.It Fn skey_authenticate "username" ++Used when calling program will allow input of the user's response to ++the challenge. ++Returns zero on success or \-1 on failure. ++.El ++.Pp ++The following miscellaneous functions are available: ++.Bl -tag -width compact ++.It Fn f "x" ++One-way function to take 8 bytes pointed to by ++.Fa x ++and return 8 bytes in place. ++.It Fn keycrunch "char *result" "const char *seed" "const char *passwd" ++Crunch a key. ++.It Fn rip "buf" ++Strip trailing CR/LF characters from a line of text ++.Fa buf . ++.It Fn readpass "buf" "n" ++Read in secret passwd (turns off echo). ++.It Fn readskey "buf" "n" ++Read in an s/key OTP (does not turn off echo). ++.It Fn atob8 "out" "in" ++Convert 8-byte hex-ascii string ++.Fa in ++to binary array ++.Fa out . ++Returns 0 on success, \-1 on error. ++.It Fn btoa8 "out" "in" ++Convert 8-byte binary array ++.Fa in ++to hex-ascii string ++.Fa out . ++Returns 0 on success, \-1 on error. ++.It Fn htoi "int c" ++Convert hex digit to binary integer. ++.It Fn skipspace "cp" ++Skip leading spaces from the string ++.Fa cp . ++.It Fn backspace "buf" ++Remove backspaced over characters from the string ++.Fa buf . ++.It Fn sevenbit "buf" ++Ensure line ++.Fa buf ++is all seven bits. ++.It Fn btoe "engout" "c" ++Encode 8 bytes in ++.Ar c ++as a string of English words. ++Returns a pointer to a static buffer in ++.Fa engout . ++.It Fn etob "out" "e" ++Convert English to binary. ++Returns 0 if the word is not in the database, 1 if all good words and ++parity is valid, \-1 if badly formed input (i.e. \*[Gt] 4 char word) ++and -2 if words are valid but parity is wrong. ++.It Fn put8 "out" "s" ++Display 8 bytes ++.Fa s ++as a series of 16-bit hex digits. ++.El ++.Sh FILES ++.Bl -tag -width /usr/lib/libskey_p.a -compact ++.It Pa /usr/lib/libskey.a ++static skey library ++.It Pa /usr/lib/libskey.so ++dynamic skey library ++.It Pa /usr/lib/libskey_p.a ++static skey library compiled for profiling ++.El ++.Sh SEE ALSO ++.Xr skey 1 , ++.Xr skeyaudit 1 , ++.Xr skeyinfo 1 ++.Sh BUGS ++The ++.Nm ++library functions are not re-entrant or thread-safe. ++.Pp ++The ++.Nm ++library defines many poorly named functions which pollute the name space. +--- skey-1.1.5.orig/skeyaudit.1 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skeyaudit.1 2003-11-06 17:46:45.000000000 +0000 +@@ -1,46 +1,29 @@ +-.\" $OpenBSD: skeyaudit.1,v 1.8 2000/11/09 17:52:38 aaron Exp $ ++.\" $NetBSD: skeyaudit.1,v 1.6 2001/04/09 12:34:14 wiz Exp $ + .\" +-.Dd 22 July 1997 ++.Dd June 9, 1994 + .Dt SKEYAUDIT 1 + .Os + .Sh NAME + .Nm skeyaudit + .Nd warn users if their S/Key will soon expire + .Sh SYNOPSIS +-.Nm skeyaudit +-.Op Fl a +-.Op Fl i +-.Op Fl l Ar limit ++.Nm ++.Op Ar limit + .Sh DESCRIPTION + .Nm + searches through the file +-.Pa /etc/skeykeys ++.Dq Pa /etc/skey/skeykeys + for users whose S/Key sequence number is less than + .Ar limit , +-and mails them a reminder to run ++and sends them a reminder to run + .Xr skeyinit 1 +-soon. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl a +-Check all keys in +-.Pa /etc/skeykeys . +-This option is only available to the superuser and +-is useful to run regularly via +-.Xr cron 8 . +-.It Fl i +-Interactive mode. +-Don't send mail, just print to the standard output. +-.It Fl l Ar limit +-The limit used to determine whether or not a user should be notified. +-The default is to notify if there are fewer than 12 keys left. +-.El ++soon. If no limit is specified a default of 12 is used. + .Sh FILES +-.Bl -tag -width /etc/skeykeys -compact +-.It Pa /etc/skeykeys +-S/Key key information database ++.Bl -tag -width /etc/skey/skeykeys -compact ++.It Pa /etc/skey/skeykeys ++The S/Key key information database + .El + .Sh SEE ALSO + .Xr skey 1 , ++.Xr skeyinfo 1 , + .Xr skeyinit 1 +--- skey-1.1.5.orig/skeyaudit.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skeyaudit.c 1970-01-01 01:00:00.000000000 +0100 +@@ -1,236 +0,0 @@ +-/* $OpenBSD: skeyaudit.c,v 1.10 2000/09/20 21:53:49 pjanzen Exp $ */ +- +-/* +- * Copyright (c) 1997, 2000 Todd C. Miller <Todd.Miller@courtesan.com> +- * All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. The name of the author may not be used to endorse or promote products +- * derived from this software without specific prior written permission. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +- +-#include <errno.h> +-/*#include <limits.h>*/ +-#include <pwd.h> +-#include <stdio.h> +-#include <stdlib.h> +-#include <string.h> +-#include <unistd.h> +-#include <netdb.h> +-#include "config.h" +-#ifdef HAVE_ERR_H +-#include <err.h> +-#else +-#include "err.h" +-#endif +-#include "skey.h" +- +-#include <sys/types.h> +-#include <sys/param.h> +-#include <sys/wait.h> +- +-#ifdef HAVE_LOGIN_CAP_H +-# include <login_cap.h> +-#else +-# include "login_cap.h" +-#endif +- +-char *__progname; +- +-void notify __P((struct passwd *, int, int)); +-FILE *runsendmail __P((struct passwd *, int *)); +-void usage __P((void)); +- +-int +-main(argc, argv) +- int argc; +- char **argv; +-{ +- struct passwd *pw; +- struct skey key; +- int ch, errs = 0, left = 0, aflag = 0, iflag = 0, limit = 12; +- char *name; +- +- __progname = argv[0]; +- +- if (geteuid() != 0) +- errx(1, "must be setuid root"); +- +- while ((ch = getopt(argc, argv, "ail:")) != -1) +- switch(ch) { +- case 'a': +- aflag = 1; +- if (getuid() != 0) +- errx(1, "only root may use the -a flag"); +- break; +- case 'i': +- iflag = 1; +- break; +- case 'l': +- errno = 0; +- if ((limit = (int)strtol(optarg, NULL, 10)) == 0) +- errno = ERANGE; +- if (errno) { +- warn("key limit"); +- usage(); +- } +- break; +- default: +- usage(); +- } +- +- if (argc - optind > 0) +- usage(); +- +- /* Need key.keyfile zero'd at the very least */ +- (void)memset(&key, 0, sizeof(key)); +- +- if (aflag) { +- while ((ch = skeygetnext(&key)) == 0) { +- left = key.n - 1; +- if ((pw = getpwnam(key.logname)) == NULL) +- continue; +- if (left >= limit) +- continue; +- notify(pw, left, iflag); +- } +- if (ch == -1) +- errx(-1, "cannot open %s", SKEYKEYS); +- else +- (void)fclose(key.keyfile); +- } else { +- if ((pw = getpwuid(getuid())) == NULL) +- errx(1, "no passwd entry for uid %u", getuid()); +- if ((name = strdup(pw->pw_name)) == NULL) +- err(1, "cannot allocate memory"); +- sevenbit(name); +- +- errs = skeylookup(&key, name); +- switch (errs) { +- case 0: /* Success! */ +- left = key.n - 1; +- break; +- case -1: /* File error */ +- errx(errs, "cannot open %s", SKEYKEYS); +- break; +- case 1: /* Unknown user */ +- warnx("%s is not listed in %s", name, +- SKEYKEYS); +- } +- (void)fclose(key.keyfile); +- +- if (!errs && left < limit) +- notify(pw, left, iflag); +- } +- +- exit(errs); +-} +- +-void +-notify(pw, seq, interactive) +- struct passwd *pw; +- int seq; +- int interactive; +-{ +- static char hostname[MAXHOSTNAMELEN]; +- int pid; +- FILE *out; +- +- /* Only set this once */ +- if (hostname[0] == '\0' && gethostname(hostname, sizeof(hostname)) == -1) +- strcpy(hostname, "unknown"); +- +- if (interactive) +- out = stdout; +- else +- out = runsendmail(pw, &pid); +- +- if (!interactive) +- (void)fprintf(out, +- "To: %s\nSubject: IMPORTANT action required\n", pw->pw_name); +- +- if (seq) +- (void)fprintf(out, +-"\nYou are nearing the end of your current S/Key sequence for account\n\ +-%s on system %s.\n\n\ +-Your S/Key sequence number is now %d. When it reaches zero\n\ +-you will no longer be able to use S/Key to log into the system.\n\n", +-pw->pw_name, hostname, seq); +- else +- (void)fprintf(out, +-"\nYou are at the end of your current S/Key sequence for account\n\ +-%s on system %s.\n\n\ +-At this point you can no longer use S/Key to log into the system.\n\n", +-pw->pw_name, hostname); +- (void)fprintf(out, +-"Type \"skeyinit -s\" to reinitialize your sequence number.\n\n"); +- +- (void)fclose(out); +- if (!interactive) +- (void)waitpid(pid, NULL, 0); +-} +- +-FILE * +-runsendmail(pw, pidp) +- struct passwd *pw; +- int *pidp; +-{ +- FILE *fp; +- int pfd[2], pid; +- +- if (pipe(pfd) < 0) +- return(NULL); +- +- switch (pid = fork()) { +- case -1: /* fork(2) failed */ +- (void)close(pfd[0]); +- (void)close(pfd[1]); +- return(NULL); +- case 0: /* In child */ +- (void)close(pfd[1]); +- (void)dup2(pfd[0], STDIN_FILENO); +- (void)close(pfd[0]); +- +- /* Run sendmail as target user not root */ +- if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) { +- warn("cannot set user context"); +- _exit(127); +- } +- +- execl(SENDMAIL, "sendmail", "-t", NULL); +- warn("cannot run \"%s -t\"", SENDMAIL); +- _exit(127); +- } +- +- /* In parent */ +- *pidp = pid; +- fp = fdopen(pfd[1], "w"); +- (void)close(pfd[0]); +- +- return(fp); +-} +-void +-usage() +-{ +- (void)fprintf(stderr, "Usage: %s [-i] [-l limit]\n", +- __progname); +- exit(1); +-} +--- skey-1.1.5.orig/skeyaudit.sh 1970-01-01 01:00:00.000000000 +0100 ++++ skey-1.1.5/skeyaudit.sh 2003-11-06 17:46:45.000000000 +0000 +@@ -0,0 +1,58 @@ ++#!/bin/sh ++# ++# $NetBSD: skeyaudit.sh,v 1.2.12.2 2000/07/28 12:42:59 mjl Exp $ ++# ++# This script will look thru the skeykeys file for ++# people with sequence numbers less than LOWLIMIT=12 ++# and send them an e-mail reminder to use skeyinit soon ++# ++ ++KEYDB=/etc/skey/skeykeys ++LOWLIMIT=12 ++ADMIN=root ++SUBJECT="Reminder: Run skeyinit" ++HOST=`/bin/hostname` ++ ++ ++if [ "$1" != "" ] ++then ++ LOWLIMIT=$1 ++fi ++ ++if [ ! -s "${KEYDB}" ]; then ++ exit 0 ++fi ++ ++# an skeykeys entry looks like ++# jsw 0076 la13079 ba20a75528de9d3a ++# #oot md5 0005 aspa26398 9432d570ff4421f0 Jul 07,2000 01:36:43 ++# mjl sha1 0099 alpha2 459a5dac23d20a90 Jul 07,2000 02:14:17 ++# the sequence number is the second (or third) entry ++# ++ ++SKEYS=`awk '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB` ++ ++set -- ${SKEYS} ++ ++while [ "X$1" != "X" ]; do ++ USER=$1 ++ SEQ=$2 ++ KEY=$3 ++ shift 3 ++ # echo "$USER -- $SEQ -- $KEY" ++ if [ $SEQ -lt $LOWLIMIT ]; then ++ if [ $SEQ -lt 3 ]; then ++ SUBJECT="IMPORTANT action required" ++ fi ++ ( ++ echo "You are nearing the end of your current S/Key sequence for account $i" ++ echo "on system $HOST." ++ echo "" ++ echo "Your S/key sequence number is now $SEQ. When it reaches zero you" ++ echo "will no longer be able to use S/Key to login into the system. " ++ echo " " ++ echo "Use \"skeyinit -s\" to reinitialize your sequence number." ++ echo "" ++ ) | mail -s "$SUBJECT" $USER $ADMIN ++ fi ++done +--- skey-1.1.5.orig/skey.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skey.c 2003-11-06 17:46:45.000000000 +0000 +@@ -25,6 +25,7 @@ + #include <stdlib.h> + #include <string.h> + #include <unistd.h> ++#include <ctype.h> + #include "config.h" + + #ifdef HAVE_ERR_H +@@ -35,102 +36,93 @@ + + #include "skey.h" + +-void usage __P((char *)); ++int main(int, char **); ++void usage(char *); + + int +-main(argc, argv) +- int argc; +- char *argv[]; ++main(int argc, char **argv) + { +- int n, i, cnt = 1, pass = 0, hexmode = 0; +- char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE]; +- char buf[33], *seed, *slash; +- +- /* If we were called as otp-METHOD, set algorithm based on that */ +- if ((slash = strrchr(argv[0], '/'))) +- slash++; +- else +- slash = argv[0]; +- if (strncmp(slash, "otp-", 4) == 0) { +- slash += 4; +- if (skey_set_algorithm(slash) == NULL) +- errx(1, "Unknown hash algorithm %s", slash); +- } +- +- for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) { +- if (argv[i][2] == '\0') { +- /* Single character switch */ +- switch (argv[i][1]) { ++ int n, cnt = 1, i, pass = 0, hexmode = 0; ++ char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE]; ++ char buf[33], *seed, *slash, *t; ++ ++ while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) { ++ switch(i) { ++ case 'f': ++ break; /* unused */ + case 'n': +- if (i + 1 == argc) +- usage(argv[0]); +- cnt = atoi(argv[++i]); ++ cnt = atoi(optarg); + break; + case 'p': +- if (i + 1 == argc) +- usage(argv[0]); +- if (strlcpy(passwd, argv[++i], sizeof(passwd)) >= +- sizeof(passwd)) +- errx(1, "Password too long"); ++ if (strncpy(passwd, optarg, sizeof(passwd)) == NULL) ++ errx(1, "Password too long"); + pass = 1; + break; ++ case 't': ++ if (skey_set_algorithm(optarg) == NULL) ++ errx(1, "Unknown hash algorithm %s", optarg); ++ break; + case 'x': + hexmode = 1; + break; + default: + usage(argv[0]); +- } +- } else { +- /* Multi character switches are hash types */ +- if (skey_set_algorithm(&argv[i][1]) == NULL) { +- warnx("Unknown hash algorithm %s", &argv[i][1]); +- usage(argv[0]); +- } ++ break; + } +- i++; + } + +- if (argc > i + 2) +- usage(argv[0]); +- +- /* Could be in the form <number>/<seed> */ +- if (argc <= i + 1) { ++ /* could be in the form <number>/<seed> */ ++ if (argc <= optind + 1) { + /* look for / in it */ +- if (argc <= i) ++ if (argc <= optind) + usage(argv[0]); +- slash = strchr(argv[i], '/'); ++ slash = strchr(argv[optind], '/'); + if (slash == NULL) + usage(argv[0]); + *slash++ = '\0'; + seed = slash; + +- if ((n = atoi(argv[i])) < 0) { +- warnx("%d not positive", n); ++ if ((n = atoi(argv[optind])) < 0) { ++ fprintf(stderr, "%s is not positive\n", argv[optind]); + usage(argv[0]); + } else if (n > SKEY_MAX_SEQ) { + warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ); + usage(argv[0]); + } + } else { +- if ((n = atoi(argv[i])) < 0) { +- warnx("%d not positive", n); ++ if ((n = atoi(argv[optind])) < 0) { ++ fprintf(stderr, "%s not positive\n", argv[optind]); + usage(argv[0]); + } else if (n > SKEY_MAX_SEQ) { + warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ); + usage(argv[0]); + } +- seed = argv[++i]; ++ seed = argv[++optind]; ++ } ++ ++ for (t = seed; *t; t++) { ++ if (!isalnum(*t)) ++ errx(1, "seed must be alphanumeric"); + } + ++ if (!*seed || strlen(seed) > SKEY_MAX_SEED_LEN) ++ errx(1, "seed must be between 1 and %d long", SKEY_MAX_SEED_LEN); ++ + /* Get user's secret password */ + if (!pass) { +- (void)fputs("Reminder - Do not use this program while logged in via telnet or rlogin.\n", stderr); +- (void)fputs("Enter secret password: ", stderr); ++ fputs("Reminder - Do not use this program while " ++ "logged in via telnet or rlogin.\n", stderr); ++ fprintf(stderr, "Enter secret password: "); + readpass(passwd, sizeof(passwd)); + if (passwd[0] == '\0') + exit(1); + } + ++ if (strlen(passwd) < SKEY_MIN_PW_LEN) ++ warnx( ++ "RFC2289 states that password should be at least %d characters long", ++ SKEY_MIN_PW_LEN); ++ + /* Crunch seed and password into starting key */ + if (keycrunch(key, seed, passwd) != 0) + errx(1, "key crunch failed"); +@@ -138,16 +130,15 @@ + if (cnt == 1) { + while (n-- != 0) + f(key); +- (void)puts(hexmode ? put8(buf, key) : btoe(buf, key)); ++ puts(hexmode ? put8(buf, key) : btoe(buf, key)); + } else { + for (i = 0; i <= n - cnt; i++) + f(key); + for (; i <= n; i++) { ++ printf("%3d: %-29s", i, btoe(buf, key)); + if (hexmode) +- (void)printf("%d: %-29s %s\n", i, +- btoe(buf, key), put8(buf, key)); +- else +- (void)printf("%d: %-29s\n", i, btoe(buf, key)); ++ printf("\t%s", put8(buf, key)); ++ puts(""); + f(key); + } + } +@@ -155,9 +146,10 @@ + } + + void +-usage(s) +- char *s; ++usage(char *s) + { +- (void)fprintf(stderr, "Usage: %s [-x] [-md4|-md5|-sha1|-rmd160] [-n count] [-p password] <sequence#>[/] key\n", s); ++ fprintf(stderr, ++"Usage: %s [-n count] [-p password] [-t hash] [-x] sequence# [/] key\n", ++ s); + exit(1); + } +--- skey-1.1.5.orig/skey.h 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skey.h 2003-11-06 17:46:45.000000000 +0000 +@@ -1,3 +1,5 @@ ++/* $NetBSD: skey.h,v 1.8 2000/07/28 16:35:11 thorpej Exp $ */ ++ + /* + * S/KEY v1.1b (skey.h) + * +@@ -11,86 +13,86 @@ + * Todd C. Miller <Todd.Miller@courtesan.com> + * + * Main client header +- * +- * $OpenBSD: skey.h,v 1.13 1999/07/15 14:33:48 provos Exp $ + */ + + /* Server-side data structure for reading keys file during login */ +-struct skey { +- FILE *keyfile; +- char buf[256]; +- char *logname; +- int n; +- char *seed; +- char *val; +- long recstart; /* needed so reread of buffer is efficient */ ++struct skey ++{ ++ FILE *keyfile; ++ char buf[256]; ++ char *logname; ++ int n; ++ char *seed; ++ char *val; ++ long recstart; /* needed so reread of buffer is efficient */ + }; + + /* Client-side structure for scanning data stream for challenge */ +-struct mc { +- char buf[256]; +- int skip; +- int cnt; ++struct mc ++{ ++ char buf[256]; ++ int skip; ++ int cnt; + }; + + /* Maximum sequence number we allow */ + #ifndef SKEY_MAX_SEQ +-#define SKEY_MAX_SEQ 10000 ++#define SKEY_MAX_SEQ 10000 + #endif + +-/* Minimum secret password length (rfc1938) */ ++/* Minimum secret password length (rfc2289) */ + #ifndef SKEY_MIN_PW_LEN +-#define SKEY_MIN_PW_LEN 10 ++#define SKEY_MIN_PW_LEN 10 + #endif + +-/* Max secret password length (rfc1938 says 63 but allows more) */ ++/* Max secret password length (rfc2289 says 63 but allows more) */ + #ifndef SKEY_MAX_PW_LEN +-#define SKEY_MAX_PW_LEN 255 ++#define SKEY_MAX_PW_LEN 255 + #endif + +-/* Max length of an S/Key seed (rfc1938) */ ++/* Max length of an S/Key seed (rfc2289) */ + #ifndef SKEY_MAX_SEED_LEN +-#define SKEY_MAX_SEED_LEN 16 ++#define SKEY_MAX_SEED_LEN 16 + #endif + + /* Max length of S/Key challenge (otp-???? 9999 seed) */ + #ifndef SKEY_MAX_CHALLENGE +-#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN) ++#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN) + #endif + + /* Max length of hash algorithm name (md4/md5/sha1/rmd160) */ +-#define SKEY_MAX_HASHNAME_LEN 6 ++#define SKEY_MAX_HASHNAME_LEN 6 + + /* Size of a binary key (not NULL-terminated) */ +-#define SKEY_BINKEY_SIZE 8 ++#define SKEY_BINKEY_SIZE 8 + + /* Location of random file for bogus challenges */ +-#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random" ++#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random" + + /* Prototypes */ +-void f(char *x); +-int keycrunch(char *result, char *seed, char *passwd); +-char *btoe(char *engout, char *c); +-char *put8(char *out, char *s); +-int etob(char *out, char *e); +-void rip(char *buf); +-int skeychallenge(struct skey * mp, char *name, char *ss); +-int skeylookup (struct skey * mp, char *name); +-int skeyverify (struct skey * mp, char *response); +-int skeyzero (struct skey * mp, char *response); +-void sevenbit (char *s); +-void backspace (char *s); +-char *skipspace (char *s); +-char *readpass (char *buf, int n); +-char *readskey (char *buf, int n); +-int skey_authenticate (char *username); +-int skey_passcheck (char *username, char *passwd); +-char *skey_keyinfo (char *username); +-int skey_haskey (char *username); +-int getskeyprompt (struct skey *mp, char *name, char *prompt); +-int atob8 (char *out, char *in); +-int btoa8 (char *out, char *in); +-int htoi (int c); +-const char *skey_get_algorithm (void); +-char *skey_set_algorithm (char *new); +-int skeygetnext (struct skey *mp); ++void f __P ((char *)); ++int keycrunch __P ((char *, const char *, const char *)); ++char *btoe __P ((char *, const char *)); ++char *put8 __P ((char *, const char *)); ++int etob __P ((char *, const char *)); ++void rip __P ((char *)); ++int skeychallenge __P ((struct skey *, const char *, char *, size_t)); ++int skeylookup __P ((struct skey *, const char *)); ++int skeyverify __P ((struct skey *, char *)); ++void sevenbit __P ((char *)); ++void backspace __P ((char *)); ++const char *skipspace __P ((const char *)); ++char *readpass __P ((char *, int)); ++char *readskey __P ((char *, int)); ++int skey_authenticate __P ((const char *)); ++int skey_passcheck __P ((const char *, char *)); ++const char *skey_keyinfo __P ((const char *)); ++int skey_haskey __P ((const char *)); ++int getskeyprompt __P ((struct skey *, char *, char *)); ++int atob8 __P((char *, const char *)); ++int btoa8 __P((char *, const char *)); ++int htoi __P((int)); ++const char *skey_get_algorithm __P((void)); ++const char *skey_set_algorithm __P((const char *)); ++int skeygetnext __P((struct skey *)); ++int skeyzero __P((struct skey *, char *)); +--- skey-1.1.5.orig/skeyinfo.1 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skeyinfo.1 2003-11-06 17:46:45.000000000 +0000 +@@ -1,30 +1,19 @@ +-.\" $OpenBSD: skeyinfo.1,v 1.3 2000/03/11 21:40:02 aaron Exp $ ++.\" $NetBSD: skeyinfo.1,v 1.5 2001/04/09 12:34:44 wiz Exp $ + .\" +-.Dd 22 July 1997 ++.Dd June 9, 1994 + .Dt SKEYINFO 1 + .Os + .Sh NAME + .Nm skeyinfo + .Nd obtain the next S/Key challenge for a user + .Sh SYNOPSIS +-.Nm skeyinfo +-.Op Fl v ++.Nm + .Op Ar user + .Sh DESCRIPTION + .Nm + prints out the next S/Key challenge for the specified user or for the + current user if no user is specified. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl v +-Print the hash algorithm as well. +-.El +-.Sh EXAMPLES +-% skey -n <number of passwords to print> `skeyinfo` | lpr +-.Pp +-This would print out a list of S/Key passwords for use over +-an untrusted network (perhaps for use at a conference). + .Sh SEE ALSO + .Xr skey 1 , ++.Xr skeyaudit 1 , + .Xr skeyinit 1 +--- skey-1.1.5.orig/skeyinfo.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skeyinfo.c 2003-11-06 17:46:45.000000000 +0000 +@@ -1,9 +1,12 @@ +-/* $OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $ */ ++/* $NetBSD: skeyinfo.c,v 1.4 2003/07/23 04:11:50 itojun Exp $ */ + +-/* +- * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com> ++/*- ++ * Copyright (c) 1997 The NetBSD Foundation, Inc. + * All rights reserved. + * ++ * This code is derived from software contributed to The NetBSD Foundation ++ * by Andrew Brown. ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -12,104 +15,79 @@ + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. +- * 3. The name of the author may not be used to endorse or promote products +- * derived from this software without specific prior written permission. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * This product includes software developed by the NetBSD ++ * Foundation, Inc. and its contributors. ++ * 4. Neither the name of The NetBSD Foundation nor the names of its ++ * contributors may be used to endorse or promote products derived ++ * from this software without specific prior written permission. + * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS ++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ++ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS ++ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ++ * POSSIBILITY OF SUCH DAMAGE. + */ + +-/*#include <limits.h>*/ +-#include <pwd.h> + #include <stdio.h> +-#include <stdlib.h> ++#include <pwd.h> ++#include <err.h> + #include <string.h> + #include <unistd.h> +-#include "config.h" +-#include "skey.h" +-/*#include "defines.h"*/ + +-char *__progname; ++#include "skey.h" + +-void usage(void); ++int main __P((int, char *[])); + +-int +-main(argc, argv) +- int argc; +- char **argv; ++int main(int argc, char **argv) + { +- struct passwd *pw; +- struct skey key; +- char *name = NULL; +- int error, ch, verbose = 0; +- +- __progname=argv[0]; +- +- if (geteuid() != 0) +- errx(1, "must be setuid root"); +- +- while ((ch = getopt(argc, argv, "v")) != -1) +- switch(ch) { +- case 'v': +- verbose = 1; +- break; +- default: +- usage(); ++ struct skey skey; ++ char name[100], prompt[1024]; ++ int uid; ++ struct passwd *pw = NULL; ++ ++ argc--; ++ argv++; ++ ++ if (geteuid()) ++ errx(1, "must be root to read %s", SKEYKEYS); ++ ++ uid = getuid(); ++ ++ if (!argc) ++ pw = getpwuid(uid); ++ else if (!uid) ++ pw = getpwnam(argv[0]); ++ else ++ errx(1, "permission denied to look other users skeys"); ++ ++ if (!pw) { ++ if (argc) ++ errx(1, "%s: no such user", argv[0]); ++ else ++ errx(1, "who are you?"); + } +- argc -= optind; +- argv += optind; + +- if (argc == 1) +- name = argv[0]; +- else if (argc > 1) +- usage(); +- +- if (name && getuid() != 0) +- errx(1, "only root may specify an alternate user"); +- +- if (name) { +- if (strlen(name) > PASS_MAX) +- errx(1, "username too long (%d chars max)", PASS_MAX); +- if ((pw = getpwnam(name)) == NULL) +- errx(1, "no passwd entry for %s", name); +- } else { +- if ((pw = getpwuid(getuid())) == NULL) +- errx(1, "no passwd entry for uid %u", getuid()); +- } ++ strncpy(name, pw->pw_name, sizeof(name)); + +- if ((name = strdup(pw->pw_name)) == NULL) +- err(1, "cannot allocate memory"); +- sevenbit(name); +- +- error = skeylookup(&key, name); +- switch (error) { +- case 0: /* Success! */ +- if (verbose) +- (void)printf("otp-%s ", skey_get_algorithm()); +- (void)printf("%d %s\n", key.n - 1, key.seed); +- break; +- case -1: /* File error */ +- warnx("cannot open %s", SKEYKEYS); +- break; +- case 1: /* Unknown user */ +- warnx("%s is not listed in %s", name, SKEYKEYS); ++ if (getskeyprompt(&skey, name, prompt) == -1) { ++ printf("%s %s no s/key\n", ++ argc ? name : "You", ++ argc ? "has" : "have"); + } +- (void)fclose(key.keyfile); +- +- exit(error); +-} +- +-void +-usage() +-{ +- (void)fprintf(stderr, "Usage: %s [-v] [user]\n", __progname); +- exit(1); ++ else { ++ if (argc) ++ printf("%s's ", pw->pw_name); ++ else ++ printf("Your "); ++ printf("next %s", prompt); ++ } ++ return 0; + } +--- skey-1.1.5.orig/skeyinit.1 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skeyinit.1 2003-11-06 17:46:45.000000000 +0000 +@@ -1,22 +1,18 @@ +-.\" $OpenBSD: skeyinit.1,v 1.19 2000/11/09 17:52:39 aaron Exp $ +-.\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $ ++.\" $NetBSD: skeyinit.1,v 1.11 2001/04/09 12:35:00 wiz Exp $ + .\" @(#)skeyinit.1 1.1 10/28/93 + .\" +-.Dd February 24, 1998 ++.Dd June 7, 2000 + .Dt SKEYINIT 1 + .Os + .Sh NAME + .Nm skeyinit + .Nd change password or add user to S/Key authentication system + .Sh SYNOPSIS +-.Nm skeyinit ++.Nm ++.Op Fl n Ar count + .Op Fl s ++.Op Fl t Ar hash + .Op Fl z +-.Op Fl n Ar count +-.Oo +-.Fl md4 | Fl md5 | Fl sha1 | +-.Fl rmd160 +-.Oc + .Op Ar user + .Sh DESCRIPTION + .Nm +@@ -30,52 +26,17 @@ + .Nm + requires you to type a secret password, so it should be used + only on a secure terminal. +-For example, on the console of a +-workstation or over an encrypted network session. +-If you are using +-.Nm +-while logged in over an untrusted network, follow the instructions +-given below with the +-.Fl s +-option. +-.Pp +-Before initializing an S/Key entry, the user must authenticate +-using either a standard password or an S/Key challenge. +-When used over an untrusted network, a password of +-.Sq s/key +-should be used. +-The user will then be presented with the standard +-S/Key challenge and allowed to proceed if it is correct. +-.Pp +-The options are as follows: ++.Sh OPTIONS + .Bl -tag -width Ds +-.It Fl x +-Displays pass phrase in hexadecimal instead of ASCII. + .It Fl s +-Set secure mode where the user is expected to have used a secure +-machine to generate the first one-time password. +-Without the +-.Fl s +-option the system will assume you are directly connected over secure +-communications and prompt you for your secret password. +-The +-.Fl s +-option also allows one to set the seed and count for complete +-control of the parameters. +-You can use +-.Ic skeyinit -s +-in combination with the +-.Nm skey +-command to set the seed and count if you do not like the defaults. +-To do this run +-.Nm +-in one window and put in your count and seed, then run +-.Nm skey +-in another window to generate the correct 6 English words for that +-count and seed. +-You can then "cut-and-paste" or type the words into the +-.Nm +-window. ++allows the user to set the seed and count for complete control ++of the parameters. ++To do this run skeyinit in one window and put in your count and seed; ++then run ++.Xr skey 1 ++in another window to generate the correct 6 english words ++for that count and seed. ++You can then "cut-and-paste" or type the words into the skeyinit window. + .It Fl z + Allows the user to zero their S/Key entry. + .It Fl n Ar count +@@ -84,30 +45,22 @@ + sequence at + .Ar count + (default is 100). +-.It Fl md4 +-Selects MD4 as the hash algorithm. +-.It Fl md5 +-Selects MD5 as the hash algorithm. +-.It Fl sha1 +-Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm. +-.It Fl rmd160 +-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm. ++.It Fl t Ar hash ++Selects the hash algorithm to use. ++Available choices are md4 (the default), md5 or sha1. + .It Ar user + The username to be changed/added. +-By default the current user is operated on. ++By default the current user is operated on, only root may ++change other user's entries. + .El +-.Sh ERRORS +-.Bl -tag -width "skey disabled" +-.It skey disabled +-.Pa /etc/skeykeys +-does not exist. +-It must be created by the superuser in order to use +-.Nm skeyinit . + .Sh FILES +-.Bl -tag -width /etc/skeykeys +-.It Pa /etc/skeykeys +-database of information for S/Key system ++.Bl -tag -width /etc/skey/skeykeys ++.It Pa /etc/skey/skeykeys ++data base of information for S/Key system. ++.El + .Sh SEE ALSO +-.Xr skey 1 ++.Xr skey 1 , ++.Xr skeyaudit 1 , ++.Xr skeyinfo 1 + .Sh AUTHORS + Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin +--- skey-1.1.5.orig/skeyinit.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skeyinit.c 2003-11-06 17:46:45.000000000 +0000 +@@ -43,6 +43,18 @@ + + #include <netdb.h> + ++#ifdef HAVE_SHADOW_H ++#include <shadow.h> ++#endif ++ ++#ifdef HAVE_CRACK_H ++#include <crack.h> ++#ifndef CRACKLIB_DICTPATH ++#define CRACKLIB_DICTPATH "/usr/lib/cracklib_dict" ++#endif ++#endif ++ ++#include "err.h" + #include "skey.h" + + +@@ -50,62 +62,80 @@ + #define SKEY_NAMELEN 4 + #endif + +-void usage __P((char *)); ++int main __P((int, char **)); + +-int +-main(argc, argv) +- int argc; +- char *argv[]; ++int main(int argc, char **argv) + { +- int rval, nn, i, l, n=0, defaultsetup=1, zerokey=0, hexmode=0; ++ int rval, nn, i, l, n=0, defaultsetup=1, c, zerokey=0, hexmode=0; + time_t now; +- struct utmp old_ut; +- +-#ifndef UT_LINESIZE +-# define UT_LINESIZE (sizeof(old_ut.ut_line)) +-# define UT_NAMESIZE (sizeof(old_ut.ut_name)) +-# define UT_HOSTSIZE (sizeof(old_ut.ut_host)) +-# endif +- +- char hostname[MAXHOSTNAMELEN]; ++ char hostname[MAXHOSTNAMELEN+1]; ++ char seed[SKEY_MAX_PW_LEN+2], key[SKEY_BINKEY_SIZE]; ++ char defaultseed[SKEY_MAX_SEED_LEN+1]; + char passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2]; +- char seed[SKEY_MAX_SEED_LEN+2], defaultseed[SKEY_MAX_SEED_LEN+1]; +- char tbuf[27], buf[80], key[SKEY_BINKEY_SIZE]; +- char lastc, me[UT_NAMESIZE+1], *salt, *p, *pw, *ht=NULL; +- struct skey skey; +- struct passwd *pp; +- struct tm *tm; ++ char tbuf[27], buf[80]; ++ char lastc, me[LOGIN_NAME_MAX+1], *p, *pw, *ht=NULL, *msg; ++ const char *salt; ++ struct skey skey; ++ struct passwd *pp; ++ struct tm *tm; ++#ifdef HAVE_SHADOW_H ++ struct spwd *sp; ++#endif ++ ++ i = open(_PATH_DEVNULL, O_RDWR); ++ while (i >= 0 && i < 2) ++ i = dup(i); ++ if (i > 2) ++ close(i); + + if (geteuid() != 0) + errx(1, "must be setuid root."); + + if (gethostname(hostname, sizeof(hostname)) < 0) +- err(1, "gethostname"); +- for (i = 0, p = defaultseed; hostname[i] && i < SKEY_NAMELEN; i++) { +- if (isalpha(hostname[i])) { +- if (isupper(hostname[i])) +- hostname[i] = tolower(hostname[i]); +- *p++ = hostname[i]; +- } else if (isdigit(hostname[i])) +- *p++ = hostname[i]; ++ err(1, "gethostname() error"); ++ ++ for (i = 0, l = 0; l < sizeof(defaultseed); i++) { ++ if (hostname[i] == '\0') { ++ defaultseed[l] = hostname[i]; ++ break; ++ } ++ if (isalnum(hostname[i])) ++ defaultseed[l++] = hostname[i]; + } +- *p = '\0'; +- (void)time(&now); +- (void)sprintf(tbuf, "%05ld", (long) (now % 100000)); +- (void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5); ++ ++ defaultseed[SKEY_NAMELEN] = '\0'; ++ time(&now); ++ snprintf(tbuf, sizeof(tbuf), "%05ld", (long) (now % 100000)); ++ strncat(defaultseed, tbuf, sizeof(defaultseed)); + + if ((pp = getpwuid(getuid())) == NULL) +- err(1, "no user with uid %d", getuid()); +- (void)strcpy(me, pp->pw_name); ++ err(1, "no user with uid %ld", (u_long)getuid()); ++ strncpy(me, pp->pw_name, sizeof(me)); + + if ((pp = getpwnam(me)) == NULL) +- err(1, "Who are you?"); ++ err(1, "getpwnam() returned NULL, Who are you?"); ++#ifdef HAVE_SHADOW_H ++ /* hacking in shadow support... */ ++ else if (strcmp(pp->pw_passwd, "x") == 0) { ++ if ((sp = getspnam(me)) == NULL) ++ err(1, "Unable to verify Password"); ++ pp->pw_passwd = sp->sp_pwdp; ++ } ++#endif + salt = pp->pw_passwd; + +- for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) { +- if (argv[i][2] == '\0') { +- /* Single character switch */ +- switch (argv[i][1]) { ++ while((c = getopt(argc, argv, "n:t:sxz")) != -1) { ++ switch(c) { ++ case 'n': ++ n = atoi(optarg); ++ if (n < 1 || n > SKEY_MAX_SEQ) ++ errx(1, "count must be between 1 and %d", SKEY_MAX_SEQ); ++ break; ++ case 't': ++ if(skey_set_algorithm(optarg) == NULL) ++ errx(1, "Unknown hash algorithm %s", optarg); ++ ht = optarg; ++ break; + case 's': + defaultsetup = 0; + break; +@@ -115,105 +145,51 @@ + case 'z': + zerokey = 1; + break; +- case 'n': +- if (argv[++i] == NULL || argv[i][0] == '\0') +- usage(argv[0]); +- if ((n = atoi(argv[i])) < 1 || n >= SKEY_MAX_SEQ) +- errx(1, "count must be > 0 and < %d", +- SKEY_MAX_SEQ); +- break; + default: +- usage(argv[0]); +- } +- } else { +- /* Multi character switches are hash types */ +- if ((ht = skey_set_algorithm(&argv[i][1])) == NULL) { +- warnx("Unknown hash algorithm %s", &argv[i][1]); +- usage(argv[0]); ++ errx(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [user]", argv[0]); + } + } +- i++; +- } ++ ++ if (argc > optind) { ++ pp = getpwnam(argv[optind]); ++ if (pp == NULL) ++ errx(1, "User %s unknown", argv[optind]); ++ } + +- /* check for optional user string */ +- if (argc - i > 1) { +- usage(argv[0]); +- } else if (argv[i]) { +- if ((pp = getpwnam(argv[i])) == NULL) { +- if (getuid() == 0) { +- static struct passwd _pp; +- +- _pp.pw_name = argv[i]; +- pp = &_pp; +- warnx("Warning, user unknown: %s", argv[i]); +- } else { +- errx(1, "User unknown: %s", argv[i]); +- } +- } else if (strcmp(pp->pw_name, me) != 0) { ++ if (strcmp(pp->pw_name, me) != 0) { + if (getuid() != 0) { + /* Only root can change other's passwds */ + errx(1, "Permission denied."); + } + } +- } + + if (getuid() != 0) { +- pw = getpass("Password (or `s/key'):"); +- if (strcasecmp(pw, "s/key") == 0) { +- if (skey_haskey(me)) +- exit(1); +- if (skey_authenticate(me)) +- errx(1, "Password incorrect."); +- } else { +- p = crypt(pw, salt); +- if (strcmp(p, pp->pw_passwd)) +- errx(1, "Password incorrect."); +- } ++ pw = getpass("Password: "); ++ p = crypt(pw, salt); ++ if (strcmp(p, pp->pw_passwd)) ++ errx(1, "Password incorrect."); + } + + rval = skeylookup(&skey, pp->pw_name); + switch (rval) { + case -1: +- if (errno == ENOENT) +- errx(1, "S/Key disabled"); +- else +- err(1, "cannot open database"); +- break; ++ err(1, "cannot open database"); + case 0: +- /* comment out user if asked to */ + if (zerokey) +- exit(skeyzero(&skey, pp->pw_name)); ++ exit (skeyzero(&skey, pp->pw_name)); ++ printf("[Updating %s]\n", pp->pw_name); ++ printf("Old key: [%s] %s\n", skey_get_algorithm(), skey.seed); + +- (void)printf("[Updating %s]\n", pp->pw_name); +- (void)printf("Old key: [%s] %s\n", skey_get_algorithm(), +- skey.seed); +- +- /* +- * Sanity check old seed. +- */ + l = strlen(skey.seed); +- for (p = skey.seed; *p; p++) { +- if (isalpha(*p)) { +- if (isupper(*p)) +- *p = tolower(*p); +- } else if (!isdigit(*p)) { +- memmove(p, p + 1, l - (p - skey.seed)); +- l--; +- } +- } +- +- /* +- * Let's be nice if they have an skey.seed that +- * ends in 0-8 just add one +- */ + if (l > 0) { + lastc = skey.seed[l - 1]; +- if (isdigit(lastc) && lastc != '9') { +- (void)strcpy(defaultseed, skey.seed); ++ if (isdigit((unsigned char)lastc) && lastc != '9') { ++ strncpy(defaultseed, skey.seed, sizeof(defaultseed)); + defaultseed[l - 1] = lastc + 1; + } +- if (isdigit(lastc) && lastc == '9' && l < 16) { +- (void)strcpy(defaultseed, skey.seed); ++ if (isdigit((unsigned char)lastc) && lastc == '9' && ++ l < 16) { ++ strncpy(defaultseed, skey.seed, sizeof(defaultseed)); + defaultseed[l - 1] = '0'; + defaultseed[l] = '0'; + defaultseed[l + 1] = '\0'; +@@ -223,7 +199,7 @@ + case 1: + if (zerokey) + errx(1, "You have no entry to zero."); +- (void)printf("[Adding %s]\n", pp->pw_name); ++ printf("[Adding %s]\n", pp->pw_name); + break; + } + if (n == 0) +@@ -237,37 +213,33 @@ + } + + if (!defaultsetup) { +- (void)printf("You need the 6 english words generated from the \"skey\" command.\n"); ++ printf("You need the 6 english words generated from the \"skey\" command.\n"); + for (i = 0; ; i++) { + if (i >= 2) + exit(1); + +- (void)printf("Enter sequence count from 1 to %d: ", +- SKEY_MAX_SEQ); +- (void)fgets(buf, sizeof(buf), stdin); ++ printf("Enter sequence count from 1 to %d: ", SKEY_MAX_SEQ); ++ fgets(buf, sizeof(buf), stdin); + n = atoi(buf); + if (n > 0 && n < SKEY_MAX_SEQ) + break; /* Valid range */ +- (void)printf("Error: Count must be > 0 and < %d\n", +- SKEY_MAX_SEQ); ++ printf("\nError: Count must be between 0 and %d\n", SKEY_MAX_SEQ); + } + + for (i = 0;; i++) { + if (i >= 2) + exit(1); + +- (void)printf("Enter new key [default %s]: ", +- defaultseed); +- (void)fgets(seed, sizeof(seed), stdin); ++ printf("Enter new seed [default %s]: ", defaultseed); ++ fflush(stdout); ++ fgets(seed, sizeof(seed), stdin); + rip(seed); +- if (seed[0] == '\0') +- (void)strcpy(seed, defaultseed); + for (p = seed; *p; p++) { + if (isalpha(*p)) { + if (isupper(*p)) + *p = tolower(*p); + } else if (!isdigit(*p)) { +- (void)puts("Error: seed may only contain alpha numeric characters"); ++ puts("Error: seed may only contain alpha numeric characters"); + break; + } + } +@@ -275,66 +247,75 @@ + break; /* Valid seed */ + } + if (strlen(seed) > SKEY_MAX_SEED_LEN) { +- (void)printf("Notice: Seed truncated to %d characters.\n", +- SKEY_MAX_SEED_LEN); ++ printf("Notice: Seed truncated to %d characters.\n", SKEY_MAX_SEED_LEN); + seed[SKEY_MAX_SEED_LEN] = '\0'; + } ++ if (seed[0] == '\0') ++ strncpy(seed, defaultseed, sizeof(seed)); + + for (i = 0;; i++) { + if (i >= 2) + exit(1); + +- (void)printf("otp-%s %d %s\nS/Key access password: ", ++ printf("otp-%s %d %s\ns/key access password: ", + skey_get_algorithm(), n, seed); +- (void)fgets(buf, sizeof(buf), stdin); ++ fgets(buf, sizeof(buf), stdin); + rip(buf); + backspace(buf); + + if (buf[0] == '?') { +- (void)puts("Enter 6 English words from secure S/Key calculation."); ++ puts("Enter 6 English words from secure s/key calculation."); + continue; + } else if (buf[0] == '\0') + exit(1); + if (etob(key, buf) == 1 || atob8(key, buf) == 0) + break; /* Valid format */ +- (void)puts("Invalid format - try again with 6 English words."); ++ puts("Invalid format - try again with 6 English words."); + } + } else { + /* Get user's secret password */ +- fputs("Reminder - Only use this method if you are directly connected\n or have an encrypted channel. If you are using telnet\n or rlogin, exit with no password and use skeyinit -s.\n", stderr); ++ puts("Reminder - Only use this method if you are directly connected\n" ++ "or have an encrypted channel. If you are using telnet\n" ++ "or rlogin, exit with no password and use skeyinit -s.\n"); + + for (i = 0;; i++) { +- if (i > 2) ++ if (i >= 3) + exit(1); + +- (void)fputs("Enter secret password: ", stderr); ++ printf("Enter secret password: "); + readpass(passwd, sizeof(passwd)); + if (passwd[0] == '\0') + exit(1); + + if (strlen(passwd) < SKEY_MIN_PW_LEN) { +- (void)fprintf(stderr, +- "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN); ++ fprintf(stderr, ++ "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN); + continue; + } else if (strcmp(passwd, pp->pw_name) == 0) { +- (void)fputs("Your password may not be the same as your user name.\n", stderr); +- continue; +- } else if (strspn(passwd, "abcdefghijklmnopqrstuvwxyz") == strlen(passwd)) { +- (void)fputs("Your password must contain more than just lower case letters.\nWhitespace, numbers, and puctuation are suggested.\n", stderr); ++ fputs("Your password may not be the same as your user name.\n", stderr); + continue; ++ } ++#ifdef HAVE_CRACK_H ++ if (msg = (char *) FascistCheck(passwd, CRACKLIB_DICTPATH)) { ++ warnx("Warning: %s", msg); ++ /* if (!i) */ /* reject passwords cracklib doesnt like the first time its entered... */ ++ /* continue; */ + } ++#endif + +- (void)fputs("Again secret password: ", stderr); ++ printf("Again secret password: "); + readpass(passwd2, sizeof(passwd)); ++ if (passwd2[0] == '\0') ++ exit(1); + + if (strcmp(passwd, passwd2) == 0) + break; + +- (void)fputs("Passwords do not match.\n", stderr); ++ puts("Passwords do not match."); + } + + /* Crunch seed and password into starting key */ +- (void)strcpy(seed, defaultseed); ++ strncpy(seed, defaultseed, sizeof(seed)); + if (keycrunch(key, seed, passwd) != 0) + err(2, "key crunch failed"); + +@@ -342,16 +323,16 @@ + while (nn-- != 0) + f(key); + } +- (void)time(&now); ++ time(&now); + tm = localtime(&now); +- (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); ++ strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); + + if ((skey.val = (char *)malloc(16 + 1)) == NULL) + err(1, "Can't allocate memory"); + +- /* Zero out old key if necesary (entry would change size) */ ++ /* Zero out old key if necessary (entry would change size) */ + if (zerokey) { +- (void)skeyzero(&skey, pp->pw_name); ++ skeyzero(&skey, pp->pw_name); + /* Re-open keys file and seek to the end */ + if (skeylookup(&skey, pp->pw_name) == -1) + err(1, "cannot open database"); +@@ -376,26 +357,17 @@ + + /* Don't save algorithm type for md4 (keep record length same) */ + if (strcmp(skey_get_algorithm(), "md4") == 0) +- (void)fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", ++ fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n", + pp->pw_name, n, seed, skey.val, tbuf); + else +- (void)fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n", ++ fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n", + pp->pw_name, skey_get_algorithm(), n, seed, skey.val, tbuf); + +- (void)fclose(skey.keyfile); ++ fclose(skey.keyfile); + +- (void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name, ++ printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name, + skey_get_algorithm(), n, seed); +- (void)printf("Next login password: %s\n\n", ++ printf("Next login password: %s\n\n", + hexmode ? put8(buf, key) : btoe(buf, key)); +- exit(0); +-} +- +-void +-usage(s) +- char *s; +-{ +- (void)fprintf(stderr, +- "Usage: %s [-s] [-x] [-z] [-n count] [-md4|-md5|-sha1|-rmd160] [user]\n", s); +- exit(1); ++ return 0; + } +--- skey-1.1.5.orig/skeylogin.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skeylogin.c 2003-11-06 17:46:45.000000000 +0000 +@@ -20,6 +20,7 @@ + #include <sys/quota.h> + #endif + #include <sys/stat.h> ++#include <sys/file.h> + #include <sys/time.h> + #include <sys/resource.h> + #include <sys/types.h> +@@ -32,6 +33,7 @@ + #include <string.h> + #include <time.h> + #include <unistd.h> ++#include <grp.h> + + #include "config.h" + +@@ -45,73 +47,85 @@ + #include "sha1.h" + #endif + ++#include "err.h" + #include "skey.h" + +-char *skipspace __P((char *)); +-int skeylookup __P((struct skey *, char *)); ++#define OTP_FMT "otp-%.*s %d %.*s" + + /* Issue a skey challenge for user 'name'. If successful, +- * fill in the caller's skey structure and return(0). If unsuccessful +- * (e.g., if name is unknown) return(-1). ++ * fill in the caller's skey structure and return 0. If unsuccessful ++ * (e.g., if name is unknown) return -1. + * + * The file read/write pointer is left at the start of the + * record. + */ +-int +-getskeyprompt(mp, name, prompt) +- struct skey *mp; +- char *name; +- char *prompt; ++int getskeyprompt(struct skey *mp, char *name, char *prompt) + { + int rval; + + sevenbit(name); + rval = skeylookup(mp, name); +- (void)strcpy(prompt, "otp-md0 55 latour1\n"); ++ ++ *prompt = '\0'; + switch (rval) { +- case -1: /* File error */ +- return(-1); +- case 0: /* Lookup succeeded, return challenge */ +- (void)sprintf(prompt, "otp-%.*s %d %.*s\n", +- SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(), ++ case -1: /* File error */ ++ return -1; ++ case 0: /* Lookup succeeded, return challenge */ ++ sprintf(prompt, OTP_FMT "\n", ++ SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(), + mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed); +- return(0); +- case 1: /* User not found */ +- (void)fclose(mp->keyfile); +- return(-1); ++ return 0; ++ case 1: /* User not found */ ++ fclose(mp->keyfile); ++ mp->keyfile = NULL; ++ return -1; + } +- return(-1); /* Can't happen */ ++ return -1; /* Can't happen, never ever ever. ever. I'm serious. */ + } + + /* Return a skey challenge string for user 'name'. If successful, +- * fill in the caller's skey structure and return(0). If unsuccessful +- * (e.g., if name is unknown) return(-1). ++ * fill in the caller's skey structure and return 0. If unsuccessful ++ * (e.g., if name is unknown) return -1. + * + * The file read/write pointer is left at the start of the + * record. + */ +-int +-skeychallenge(mp, name, ss) +- struct skey *mp; +- char *name; +- char *ss; ++int skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen) + { + int rval; + + rval = skeylookup(mp,name); ++ *ss = '\0'; + switch(rval){ +- case -1: /* File error */ +- return(-1); +- case 0: /* Lookup succeeded, issue challenge */ +- (void)sprintf(ss, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN, ++ case -1: /* File error */ ++ return -1; ++ case 0: /* Lookup succeeded, issue challenge */ ++ snprintf(ss, sslen, OTP_FMT, SKEY_MAX_HASHNAME_LEN, + skey_get_algorithm(), mp->n - 1, + SKEY_MAX_SEED_LEN, mp->seed); +- return(0); +- case 1: /* User not found */ +- (void)fclose(mp->keyfile); +- return(-1); ++ return 0; ++ case 1: /* User not found */ ++ fclose(mp->keyfile); ++ mp->keyfile = NULL; ++ return -1; ++ } ++ return -1; /* Can't happen - or your money back */ ++} ++ ++static FILE *openskey(void) ++{ ++ struct stat statbuf; ++ FILE *keyfile = NULL; ++ ++ if (stat(SKEYKEYS, &statbuf) == 0 && ++ (keyfile = fopen(SKEYKEYS, "r+"))) { ++ if ((statbuf.st_mode & 0007777) != 0600) ++ fchmod(fileno(keyfile), 0600); ++ } else { ++ keyfile = NULL; + } +- return(-1); /* Can't happen */ ++ ++ return keyfile; + } + + /* Find an entry in the One-time Password database. +@@ -120,27 +134,19 @@ + * 0: entry found, file R/W pointer positioned at beginning of record + * 1: entry not found, file R/W pointer positioned at EOF + */ +-int +-skeylookup(mp, name) +- struct skey *mp; +- char *name; ++int skeylookup(struct skey *mp, const char *name) + { + int found = 0; + long recstart = 0; +- char *cp, *ht = NULL; +- struct stat statbuf; +- +- /* Open SKEYKEYS if it exists, else return an error */ +- if (stat(SKEYKEYS, &statbuf) == 0 && +- (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) { +- if ((statbuf.st_mode & 0007777) != 0600) +- fchmod(fileno(mp->keyfile), 0600); +- } else { +- return(-1); +- } ++ const char *ht = NULL; ++ char *last; + ++ if(!(mp->keyfile = openskey())) ++ return -1; ++ + /* Look up user name in database */ + while (!feof(mp->keyfile)) { ++ char *cp; + recstart = ftell(mp->keyfile); + mp->recstart = recstart; + if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) +@@ -148,22 +154,22 @@ + rip(mp->buf); + if (mp->buf[0] == '#') + continue; /* Comment */ +- if ((mp->logname = strtok(mp->buf, " \t")) == NULL) ++ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL) + continue; +- if ((cp = strtok(NULL, " \t")) == NULL) ++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) + continue; + /* Save hash type if specified, else use md4 */ +- if (isalpha(*cp)) { ++ if (isalpha((u_char) *cp)) { + ht = cp; +- if ((cp = strtok(NULL, " \t")) == NULL) ++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) + continue; + } else { + ht = "md4"; + } + mp->n = atoi(cp); +- if ((mp->seed = strtok(NULL, " \t")) == NULL) ++ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL) + continue; +- if ((mp->val = strtok(NULL, " \t")) == NULL) ++ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL) + continue; + if (strcmp(mp->logname, name) == 0) { + found = 1; +@@ -171,7 +177,7 @@ + } + } + if (found) { +- (void)fseek(mp->keyfile, recstart, SEEK_SET); ++ fseek(mp->keyfile, recstart, SEEK_SET); + /* Set hash type */ + if (ht && skey_set_algorithm(ht) == NULL) { + warnx("Unknown hash algorithm %s, using %s", ht, +@@ -189,27 +195,21 @@ + * 0: next entry found and stored in mp + * 1: no more entries, file R/W pointer positioned at EOF + */ +-int +-skeygetnext(mp) +- struct skey *mp; ++int skeygetnext(struct skey *mp) + { + long recstart = 0; +- char *cp; +- struct stat statbuf; ++ char *last; + + /* Open SKEYKEYS if it exists, else return an error */ + if (mp->keyfile == NULL) { +- if (stat(SKEYKEYS, &statbuf) == 0 && +- (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) { +- if ((statbuf.st_mode & 0007777) != 0600) +- fchmod(fileno(mp->keyfile), 0600); +- } else { +- return(-1); +- } ++ if(!(mp->keyfile = openskey())) ++ return -1; + } + + /* Look up next user in database */ + while (!feof(mp->keyfile)) { ++ char *cp; ++ + recstart = ftell(mp->keyfile); + mp->recstart = recstart; + if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) +@@ -217,19 +217,19 @@ + rip(mp->buf); + if (mp->buf[0] == '#') + continue; /* Comment */ +- if ((mp->logname = strtok(mp->buf, " \t")) == NULL) ++ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL) + continue; +- if ((cp = strtok(NULL, " \t")) == NULL) ++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) + continue; + /* Save hash type if specified, else use md4 */ +- if (isalpha(*cp)) { +- if ((cp = strtok(NULL, " \t")) == NULL) ++ if (isalpha((u_char) *cp)) { ++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) + continue; + } + mp->n = atoi(cp); +- if ((mp->seed = strtok(NULL, " \t")) == NULL) ++ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL) + continue; +- if ((mp->val = strtok(NULL, " \t")) == NULL) ++ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL) + continue; + /* Got a real entry */ + break; +@@ -246,10 +246,7 @@ + * + * The database file is always closed by this call. + */ +-int +-skeyverify(mp, response) +- struct skey *mp; +- char *response; ++int skeyverify(struct skey *mp, char *response) + { + char key[SKEY_BINKEY_SIZE]; + char fkey[SKEY_BINKEY_SIZE]; +@@ -257,29 +254,31 @@ + time_t now; + struct tm *tm; + char tbuf[27]; +- char *cp; ++ char *cp, *last; + int i, rval; + + time(&now); + tm = localtime(&now); +- (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); ++ strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); + + if (response == NULL) { +- (void)fclose(mp->keyfile); +- return(-1); ++ fclose(mp->keyfile); ++ mp->keyfile = NULL; ++ return -1; + } + rip(response); + + /* Convert response to binary */ + if (etob(key, response) != 1 && atob8(key, response) != 0) { + /* Neither english words or ascii hex */ +- (void)fclose(mp->keyfile); +- return(-1); ++ fclose(mp->keyfile); ++ mp->keyfile = NULL; ++ return -1; + } + + /* Compute fkey = f(key) */ +- (void)memcpy(fkey, key, sizeof(key)); +- (void)fflush(stdout); ++ memcpy(fkey, key, sizeof(key)); ++ fflush(stdout); + f(fkey); + + /* +@@ -298,26 +297,33 @@ + } + + /* Reread the file record NOW */ +- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET); ++ fseek(mp->keyfile, mp->recstart, SEEK_SET); + if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) { +- (void)fclose(mp->keyfile); +- return(-1); ++ fclose(mp->keyfile); ++ mp->keyfile = NULL; ++ return -1; + } + rip(mp->buf); +- mp->logname = strtok(mp->buf, " \t"); +- cp = strtok(NULL, " \t") ; +- if (isalpha(*cp)) +- cp = strtok(NULL, " \t") ; +- mp->seed = strtok(NULL, " \t"); +- mp->val = strtok(NULL, " \t"); ++ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL) ++ goto verify_failure; ++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) ++ goto verify_failure; ++ if (isalpha((u_char) *cp)) ++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL) ++ goto verify_failure; ++ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL) ++ goto verify_failure; ++ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL) ++ goto verify_failure; + /* And convert file value to hex for comparison */ + atob8(filekey, mp->val); + + /* Do actual comparison */ + if (memcmp(filekey, fkey, SKEY_BINKEY_SIZE) != 0){ + /* Wrong response */ +- (void)fclose(mp->keyfile); +- return(1); ++ fclose(mp->keyfile); ++ mp->keyfile = NULL; ++ return 1; + } + + /* +@@ -327,19 +333,24 @@ + */ + btoa8(mp->val,key); + mp->n--; +- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET); ++ fseek(mp->keyfile, mp->recstart, SEEK_SET); + /* Don't save algorithm type for md4 (keep record length same) */ + if (strcmp(skey_get_algorithm(), "md4") == 0) +- (void)fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n", ++ fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n", + mp->logname, mp->n, mp->seed, mp->val, tbuf); + else +- (void)fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n", ++ fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n", + mp->logname, skey_get_algorithm(), mp->n, + mp->seed, mp->val, tbuf); + +- (void)fclose(mp->keyfile); +- +- return(0); ++ fclose(mp->keyfile); ++ mp->keyfile = NULL; ++ return 0; ++ ++ verify_failure: ++ fclose(mp->keyfile); ++ mp->keyfile = NULL; ++ return -1; + } + + /* +@@ -348,13 +359,18 @@ + * Returns: 1 user doesnt exist, -1 fle error, 0 user exists. + * + */ +-int +-skey_haskey(username) +- char *username; ++int skey_haskey(const char *username) + { + struct skey skey; ++ int i; ++ ++ i = skeylookup(&skey, username); + +- return(skeylookup(&skey, username)); ++ if (skey.keyfile != NULL) { ++ fclose(skey.keyfile); ++ skey.keyfile = NULL; ++ } ++ return i; + } + + /* +@@ -364,19 +380,21 @@ + * seed for the passed user. + * + */ +-char * +-skey_keyinfo(username) +- char *username; ++const char *skey_keyinfo(const char *username) + { + int i; + static char str[SKEY_MAX_CHALLENGE]; + struct skey skey; + +- i = skeychallenge(&skey, username, str); ++ i = skeychallenge(&skey, username, str, sizeof str); + if (i == -1) +- return(0); ++ return 0; + +- return(str); ++ if (skey.keyfile != NULL) { ++ fclose(skey.keyfile); ++ skey.keyfile = NULL; ++ } ++ return str; + } + + /* +@@ -388,40 +406,38 @@ + * Returns: 0 success, -1 failure + * + */ +-int +-skey_passcheck(username, passwd) +- char *username, *passwd; ++int skey_passcheck(const char *username, char *passwd) + { + int i; + struct skey skey; + + i = skeylookup(&skey, username); + if (i == -1 || i == 1) +- return(-1); ++ return -1; + + if (skeyverify(&skey, passwd) == 0) +- return(skey.n); ++ return skey.n; + +- return(-1); ++ return -1; + } + ++#if DO_FAKE_CHALLENGE + #define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \ + ((x)[3])) + + /* + * hash_collapse() + */ +-static u_int32_t +-hash_collapse(s) +- u_char *s; ++static u_int32_t hash_collapse(u_char *s) + { +- int len, target; ++ int len, target, slen; + u_int32_t i; +- +- if ((strlen(s) % sizeof(u_int32_t)) == 0) +- target = strlen(s); /* Multiple of 4 */ ++ ++ slen = strlen((char *)s); ++ if ((slen % sizeof(u_int32_t)) == 0) ++ target = slen; /* Multiple of 4 */ + else +- target = strlen(s) - (strlen(s) % sizeof(u_int32_t)); ++ target = slen - slen % sizeof(u_int32_t); + + for (i = 0, len = 0; len < target; len += 4) + i ^= ROUND(s + len); +@@ -429,6 +445,8 @@ + return i; + } + ++#endif ++ + /* + * skey_authenticate() + * +@@ -438,22 +456,22 @@ + * Returns: 0 success, -1 failure + * + */ +-int +-skey_authenticate(username) +- char *username; ++int skey_authenticate(const char *username) + { + int i; ++ char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1]; ++ struct skey skey; ++#if DO_FAKE_CHALLENGE + u_int ptr; + u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up; +- char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1]; +- char *secret; + size_t secretlen; +- struct skey skey; + SHA1_CTX ctx; +- ++#endif ++ + /* Attempt an S/Key challenge */ +- i = skeychallenge(&skey, username, skeyprompt); ++ i = skeychallenge(&skey, username, skeyprompt, sizeof skeyprompt); + ++#if DO_FAKE_CHALLENGE + /* Cons up a fake prompt if no entry in keys file */ + if (i != 0) { + char *p, *u; +@@ -465,11 +483,11 @@ + if (gethostname(pbuf, sizeof(pbuf)) == -1) + *(p = pbuf) = '.'; + else +- for (p = pbuf; *p && isalnum(*p); p++) +- if (isalpha(*p) && isupper(*p)) +- *p = tolower(*p); ++ for (p = pbuf; *p && isalnum((u_char)*p); p++) ++ if (isalpha((u_char)*p) && isupper((u_char)*p)) ++ *p = tolower((u_char)*p); + if (*p && pbuf - p < 4) +- (void)strncpy(p, "asjd", 4 - (pbuf - p)); ++ strncpy(p, "asjd", 4 - (pbuf - p)); + pbuf[4] = '\0'; + + /* Hash the username if possible */ +@@ -490,6 +508,7 @@ + SEEK_SET) != -1 && read(fd, hseed, + SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) { + close(fd); ++ fd = -1; + secret = hseed; + secretlen = SKEY_MAX_SEED_LEN; + flg = 0; +@@ -499,6 +518,8 @@ + secretlen = strlen(secret); + flg = 0; + } ++ if (fd != -1) ++ close(fd); + } + + /* Put that in your pipe and smoke it */ +@@ -531,7 +552,7 @@ + memset(up, 0, 20); /* SHA1 specific */ + free(up); + +- (void)sprintf(skeyprompt, ++ sprintf(skeyprompt, + "otp-%.*s %d %.*s", + SKEY_MAX_HASHNAME_LEN, + skey_get_algorithm(), +@@ -554,29 +575,30 @@ + } while (--i != 0); + pbuf[12] = '\0'; + +- (void)sprintf(skeyprompt, "otp-%.*s %d %.*s", ++ sprintf(skeyprompt, "otp-%.*s %d %.*s", + SKEY_MAX_HASHNAME_LEN, + skey_get_algorithm(), + 99, SKEY_MAX_SEED_LEN, pbuf); + } + } ++#endif + +- (void)fprintf(stderr, "%s\n", skeyprompt); +- (void)fflush(stderr); ++ fprintf(stderr, "[%s]\n", skeyprompt); ++ fflush(stderr); + +- (void)fputs("Response: ", stderr); ++ fputs("Response: ", stderr); + readskey(pbuf, sizeof(pbuf)); + + /* Is it a valid response? */ + if (i == 0 && skeyverify(&skey, pbuf) == 0) { + if (skey.n < 5) { +- (void)fprintf(stderr, ++ fprintf(stderr, + "\nWarning! Key initialization needed soon. (%d logins left)\n", + skey.n); + } +- return(0); ++ return 0; + } +- return(-1); ++ return -1; + } + + /* Comment out user's entry in the s/key database +@@ -587,22 +609,21 @@ + * + * The database file is always closed by this call. + */ +-int +-skeyzero(mp, response) +- struct skey *mp; +- char *response; ++int skeyzero(struct skey *mp, char *response) + { + /* + * Seek to the right place and write comment character + * which effectively zero's out the entry. + */ +- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET); ++ fseek(mp->keyfile, mp->recstart, SEEK_SET); + if (fputc('#', mp->keyfile) == EOF) { + fclose(mp->keyfile); +- return(-1); ++ mp->keyfile = NULL; ++ return -1; + } + +- (void)fclose(mp->keyfile); ++ fclose(mp->keyfile); ++ mp->keyfile = NULL; + +- return(0); ++ return 0; + } +--- skey-1.1.5.orig/skeyprune.8 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skeyprune.8 2003-11-06 17:46:45.000000000 +0000 +@@ -13,7 +13,7 @@ + .Sh DESCRIPTION + .Nm skeyprune + searches through the file +-.Dq Pa /etc/skeykeys ++.Dq Pa /etc/skey/skeykeys + and prunes out users who have zeroed their entries via + .Xr skeyinit 1 + as well as entries that have not been modified in +@@ -22,8 +22,8 @@ + .Ar days + is not specified only commented out entries are pruned. + .Sh FILES +-.Bl -tag -width /etc/skeykeys -compact +-.It Pa /etc/skeykeys ++.Bl -tag -width /etc/skey/skeykeys -compact ++.It Pa /etc/skey/skeykeys + S/Key key information database + .El + .Sh SEE ALSO +@@ -33,7 +33,7 @@ + Since + .Nm skeyprune + rewrites +-.Dq Pa /etc/skeykeys , ++.Dq Pa /etc/skey/skeykeys , + there is a window where S/Key changes could get lost. + It is therefore suggested that + .Nm skeyprune +--- skey-1.1.5.orig/skeysubr.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/skeysubr.c 2003-11-06 17:46:45.000000000 +0000 +@@ -40,11 +40,6 @@ + #else + #include "sha1.h" + #endif +-#ifdef HAVE_RMD160_H +-#include <rmd160.h> +-#else +-#include "rmd160.h" +-#endif + + #include "skey.h" + +@@ -53,17 +48,18 @@ + #define SKEY_HASH_DEFAULT 1 + #endif + +-static void f_md4 __P((char *x)); +-static void f_md5 __P((char *x)); +-static void f_sha1 __P((char *x)); +-static void f_rmd160 __P((char *x)); +-static int keycrunch_md4 __P((char *result, char *seed, char *passwd)); +-static int keycrunch_md5 __P((char *result, char *seed, char *passwd)); +-static int keycrunch_sha1 __P((char *result, char *seed, char *passwd)); +-static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); +-static void lowcase __P((char *s)); +-static void skey_echo __P((int action)); +-static void trapped __P((int sig)); ++static void f_md4 __P((char *)); ++static void f_md5 __P((char *)); ++static void f_sha1 __P((char *)); ++/* static void f_rmd160 __P((char *x)); */ ++static int keycrunch_md4 __P((char *, const char *, const char *)); ++static int keycrunch_md5 __P((char *, const char *, const char *)); ++static int keycrunch_sha1 __P((char *, const char *, const char *)); ++/* static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); */ ++static void lowcase __P((char *)); ++static void skey_echo __P((int)); ++static void trapped __P((int)); ++static char *mkseedpassword(const char *, const char *, size_t *); + + /* Current hash type (index into skey_hash_types array) */ + static int skey_hash_type = SKEY_HASH_DEFAULT; +@@ -72,17 +68,16 @@ + * Hash types we support. + * Each has an associated keycrunch() and f() function. + */ +-#define SKEY_ALGORITH_LAST 4 + struct skey_algorithm_table { + const char *name; +- int (*keycrunch) (char *, char *, char *); +- void (*f) (char *); ++ int (*keycrunch) __P((char *, const char *, const char *)); ++ void (*f) __P((char *)); + }; + static struct skey_algorithm_table skey_algorithm_table[] = { + { "md4", keycrunch_md4, f_md4 }, + { "md5", keycrunch_md5, f_md5 }, + { "sha1", keycrunch_sha1, f_sha1 }, +- { "rmd160", keycrunch_rmd160, f_rmd160 } ++ { NULL } + }; + + +@@ -91,242 +86,172 @@ + * concatenate the seed and the password, run through MD4/5 and + * collapse to 64 bits. This is defined as the user's starting key. + */ +-int +-keycrunch(result, seed, passwd) +- char *result; /* SKEY_BINKEY_SIZE result */ +- char *seed; /* Seed, any length */ +- char *passwd; /* Password, any length */ ++int keycrunch(char *result, const char *seed, const char *passwd) + { + return(skey_algorithm_table[skey_hash_type].keycrunch(result, seed, passwd)); + } + +-static int +-keycrunch_md4(result, seed, passwd) +- char *result; /* SKEY_BINKEY_SIZE result */ +- char *seed; /* Seed, any length */ +- char *passwd; /* Password, any length */ ++static char *mkseedpassword(const char *seed, const char *passwd, size_t *buflen) + { + char *buf; +- MD4_CTX md; +- u_int32_t results[4]; +- unsigned int buflen; + +- buflen = strlen(seed) + strlen(passwd); +- if ((buf = (char *)malloc(buflen+1)) == NULL) +- return(-1); +- (void)strcpy(buf, seed); ++ *buflen = strlen(seed) + strlen(passwd); ++ if ((buf = (char *) malloc(*buflen + 1)) == NULL) ++ return NULL; ++ strcpy(buf, seed); + lowcase(buf); +- (void)strcat(buf, passwd); ++ strcat(buf, passwd); ++ sevenbit(buf); ++ ++ return buf; ++} + ++static int keycrunch_md4(char *result, const char *seed, const char *passwd) ++{ ++ char *buf; ++ MD4_CTX md; ++ size_t buflen; ++ u_int32_t results[4]; ++ ++ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL) ++ return -1; ++ + /* Crunch the key through MD4 */ +- sevenbit(buf); + MD4Init(&md); + MD4Update(&md, (unsigned char *)buf, buflen); +- MD4Final((unsigned char *)results, &md); +- (void)free(buf); ++ MD4Final((unsigned char *) (void *) results, &md); ++ free(buf); + + /* Fold result from 128 to 64 bits */ + results[0] ^= results[2]; + results[1] ^= results[3]; + +- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); ++ memcpy(result, results, SKEY_BINKEY_SIZE); + +- return(0); ++ return 0; + } + +-static int +-keycrunch_md5(result, seed, passwd) +- char *result; /* SKEY_BINKEY_SIZE result */ +- char *seed; /* Seed, any length */ +- char *passwd; /* Password, any length */ ++static int keycrunch_md5(char *result, const char *seed, const char *passwd) + { + char *buf; + MD5_CTX md; + u_int32_t results[4]; +- unsigned int buflen; ++ size_t buflen; + +- buflen = strlen(seed) + strlen(passwd); +- if ((buf = (char *)malloc(buflen+1)) == NULL) +- return(-1); +- (void)strcpy(buf, seed); +- lowcase(buf); +- (void)strcat(buf, passwd); ++ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL) ++ return -1; + + /* Crunch the key through MD5 */ +- sevenbit(buf); + MD5Init(&md); + MD5Update(&md, (unsigned char *)buf, buflen); +- MD5Final((unsigned char *)results, &md); +- (void)free(buf); ++ MD5Final((unsigned char *) (void *)results, &md); ++ free(buf); + + /* Fold result from 128 to 64 bits */ + results[0] ^= results[2]; + results[1] ^= results[3]; + +- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); ++ memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); + + return(0); + } + +-static int +-keycrunch_sha1(result, seed, passwd) +- char *result; /* SKEY_BINKEY_SIZE result */ +- char *seed; /* Seed, any length */ +- char *passwd; /* Password, any length */ ++static int keycrunch_sha1(char *result, const char *seed, const char *passwd) + { + char *buf; + SHA1_CTX sha; +- u_int32_t results[5]; +- unsigned int buflen; +- +- buflen = strlen(seed) + strlen(passwd); +- if ((buf = (char *)malloc(buflen+1)) == NULL) +- return(-1); +- (void)strcpy(buf, seed); +- lowcase(buf); +- (void)strcat(buf, passwd); ++ size_t buflen; ++ int i, j; + ++ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL) ++ return -1; ++ + /* Crunch the key through SHA1 */ +- sevenbit(buf); + SHA1Init(&sha); + SHA1Update(&sha, (unsigned char *)buf, buflen); +- SHA1Final((unsigned char *)results, &sha); +- (void)free(buf); ++ SHA1Final(NULL, &sha); ++ free(buf); + + /* Fold 160 to 64 bits */ +- results[0] ^= results[2]; +- results[1] ^= results[3]; +- results[0] ^= results[4]; +- +- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); +- +- return(0); +-} +- +-static int +-keycrunch_rmd160(result, seed, passwd) +- char *result; /* SKEY_BINKEY_SIZE result */ +- char *seed; /* Seed, any length */ +- char *passwd; /* Password, any length */ +-{ +- char *buf; +- RMD160_CTX rmd; +- u_int32_t results[5]; +- unsigned int buflen; +- +- buflen = strlen(seed) + strlen(passwd); +- if ((buf = (char *)malloc(buflen+1)) == NULL) +- return(-1); +- (void)strcpy(buf, seed); +- lowcase(buf); +- (void)strcat(buf, passwd); +- +- /* Crunch the key through RMD-160 */ +- sevenbit(buf); +- RMD160Init(&rmd); +- RMD160Update(&rmd, (unsigned char *)buf, buflen); +- RMD160Final((unsigned char *)results, &rmd); +- (void)free(buf); +- +- /* Fold 160 to 64 bits */ +- results[0] ^= results[2]; +- results[1] ^= results[3]; +- results[0] ^= results[4]; +- +- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); ++ sha.state[0] ^= sha.state[2]; ++ sha.state[1] ^= sha.state[3]; ++ sha.state[0] ^= sha.state[4]; ++ ++ for (i=j=0; j<8; i++, j+=4) { ++ result[j] = (unsigned char)(sha.state[i] & 0xff); ++ result[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff); ++ result[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff); ++ result[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff); ++ } + +- return(0); ++ return 0; + } + + /* + * The one-way function f(). + * Takes SKEY_BINKEY_SIZE bytes and returns SKEY_BINKEY_SIZE bytes in place. + */ +-void +-f(x) +- char *x; ++void f(char *x) + { + skey_algorithm_table[skey_hash_type].f(x); + } + +-static void +-f_md4(x) +- char *x; ++static void f_md4(char *x) + { + MD4_CTX md; + u_int32_t results[4]; + + MD4Init(&md); + MD4Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE); +- MD4Final((unsigned char *)results, &md); ++ MD4Final((unsigned char *) (void *) results, &md); + + /* Fold 128 to 64 bits */ + results[0] ^= results[2]; + results[1] ^= results[3]; + +- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); ++ memcpy(x, results, SKEY_BINKEY_SIZE); + } + +-static void +-f_md5(x) +- char *x; ++static void f_md5(char *x) + { + MD5_CTX md; + u_int32_t results[4]; + + MD5Init(&md); + MD5Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE); +- MD5Final((unsigned char *)results, &md); ++ MD5Final((unsigned char *) (void *) results, &md); + + /* Fold 128 to 64 bits */ + results[0] ^= results[2]; + results[1] ^= results[3]; + +- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); ++ memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); + } + +-static void +-f_sha1(x) +- char *x; ++static void f_sha1(char *x) + { + SHA1_CTX sha; +- u_int32_t results[5]; ++ int i, j; + + SHA1Init(&sha); + SHA1Update(&sha, (unsigned char *)x, SKEY_BINKEY_SIZE); +- SHA1Final((unsigned char *)results, &sha); ++ SHA1Final(NULL, &sha); + + /* Fold 160 to 64 bits */ +- results[0] ^= results[2]; +- results[1] ^= results[3]; +- results[0] ^= results[4]; +- +- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); +-} +- +-static void +-f_rmd160(x) +- char *x; +-{ +- RMD160_CTX rmd; +- u_int32_t results[5]; +- +- RMD160Init(&rmd); +- RMD160Update(&rmd, (unsigned char *)x, SKEY_BINKEY_SIZE); +- RMD160Final((unsigned char *)results, &rmd); +- +- /* Fold 160 to 64 bits */ +- results[0] ^= results[2]; +- results[1] ^= results[3]; +- results[0] ^= results[4]; +- +- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE); ++ sha.state[0] ^= sha.state[2]; ++ sha.state[1] ^= sha.state[3]; ++ sha.state[0] ^= sha.state[4]; ++ ++ for (i=j=0; j<8; i++, j+=4) { ++ x[j] = (unsigned char)(sha.state[i] & 0xff); ++ x[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff); ++ x[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff); ++ x[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff); ++ } + } + + /* Strip trailing cr/lf from a line of text */ +-void +-rip(buf) +- char *buf; ++void rip(char *buf) + { + buf += strcspn(buf, "\r\n"); + +@@ -335,12 +260,9 @@ + } + + /* Read in secret password (turns off echo) */ +-char * +-readpass(buf, n) +- char *buf; +- int n; ++char *readpass(char *buf, int n) + { +- void (*old_handler) (); ++ void *old_handler; + + /* Turn off echoing */ + skey_echo(0); +@@ -348,131 +270,114 @@ + /* Catch SIGINT and save old signal handler */ + old_handler = signal(SIGINT, trapped); + +- (void)fgets(buf, n, stdin); ++ fgets(buf, n, stdin); + rip(buf); + +- (void)putc('\n', stderr); +- (void)fflush(stderr); ++ putc('\n', stderr); ++ fflush(stderr); + + /* Restore signal handler and turn echo back on */ + if (old_handler != SIG_ERR) +- (void)signal(SIGINT, old_handler); ++ signal(SIGINT, old_handler); + skey_echo(1); + + sevenbit(buf); + +- return(buf); ++ return buf; + } + + /* Read in an s/key OTP (does not turn off echo) */ +-char * +-readskey(buf, n) +- char *buf; +- int n; ++char *readskey(char *buf, int n) + { +- (void)fgets(buf, n, stdin); ++ fgets(buf, n, stdin); + rip(buf); + + sevenbit(buf); + +- return(buf); ++ return buf; + } + + /* Signal handler for trapping ^C */ +-static void +-trapped(sig) +- int sig; ++static void trapped(int sig) + { +- (void)fputs("^C\n", stderr); +- (void)fflush(stderr); ++ fputs("^C\n", stderr); ++ fflush(stderr); + +- /* Turn on echo if necesary */ ++ /* Turn on echo if necemassary */ + skey_echo(1); + +- exit(-1); ++ exit(1); + } + + /* + * Convert 8-byte hex-ascii string to binary array + * Returns 0 on success, -1 on error + */ +-int +-atob8(out, in) +- register char *out; +- register char *in; ++int atob8(char *out, const char *in) + { +- register int i; +- register int val; ++ int i; ++ int val; + + if (in == NULL || out == NULL) +- return(-1); ++ return -1; + + for (i=0; i < 8; i++) { + if ((in = skipspace(in)) == NULL) +- return(-1); ++ return -1; + if ((val = htoi(*in++)) == -1) +- return(-1); ++ return -1; + *out = val << 4; + + if ((in = skipspace(in)) == NULL) +- return(-1); ++ return -1; + if ((val = htoi(*in++)) == -1) +- return(-1); ++ return -1; + *out++ |= val; + } +- return(0); ++ return 0; + } + + /* Convert 8-byte binary array to hex-ascii string */ +-int +-btoa8(out, in) +- register char *out; +- register char *in; ++int btoa8(char *out, const char *in) + { +- register int i; ++ int i; + + if (in == NULL || out == NULL) +- return(-1); ++ return -1; + + for (i=0; i < 8; i++) { +- (void)sprintf(out, "%02x", *in++ & 0xff); ++ sprintf(out, "%02x", *in++ & 0xff); + out += 2; + } +- return(0); ++ return 0; + } + + /* Convert hex digit to binary integer */ +-int +-htoi(c) +- register int c; ++int htoi(int c) + { + if ('0' <= c && c <= '9') +- return(c - '0'); ++ return c - '0'; + if ('a' <= c && c <= 'f') +- return(10 + c - 'a'); ++ return 10 + c - 'a'; + if ('A' <= c && c <= 'F') +- return(10 + c - 'A'); +- return(-1); ++ return 10 + c - 'A'; ++ return -1; + } + + /* Skip leading spaces from the string */ +-char * +-skipspace(cp) +- register char *cp; ++const char *skipspace(const char *cp) + { + while (*cp == ' ' || *cp == '\t') + cp++; + + if (*cp == '\0') +- return(NULL); ++ return NULL; + else +- return(cp); ++ return cp; + } + + /* Remove backspaced over characters from the string */ +-void +-backspace(buf) +- char *buf; ++void backspace(char *buf) + { + char bs = 0x8; + char *cp = buf; +@@ -496,77 +401,68 @@ + } + + /* Make sure line is all seven bits */ +-void +-sevenbit(s) +- char *s; ++void sevenbit(char *s) + { + while (*s) + *s++ &= 0x7f; + } + + /* Set hash algorithm type */ +-char * +-skey_set_algorithm(new) +- char *new; ++const char *skey_set_algorithm(const char *new) + { + int i; + +- for (i = 0; i < SKEY_ALGORITH_LAST; i++) { ++ for (i = 0; skey_algorithm_table[i].name; i++) { + if (strcmp(new, skey_algorithm_table[i].name) == 0) { + skey_hash_type = i; +- return(new); ++ return new; + } + } + +- return(NULL); ++ return NULL; + } + + /* Get current hash type */ +-const char * +-skey_get_algorithm() ++const char *skey_get_algorithm() + { + return(skey_algorithm_table[skey_hash_type].name); + } + + /* Turn echo on/off */ +-static void +-skey_echo(action) +- int action; ++static void skey_echo(int action) + { + static struct termios term; + static int echo = 0; + + if (action == 0) { + /* Turn echo off */ +- (void) tcgetattr(fileno(stdin), &term); ++ tcgetattr(fileno(stdin), &term); + if ((echo = (term.c_lflag & ECHO))) { + term.c_lflag &= ~ECHO; + #ifdef TCSASOFT +- (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); ++ tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); + #else +- (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term); ++ tcsetattr(fileno(stdin), TCSAFLUSH, &term); + #endif + } + } else if (action && echo) { + /* Turn echo on */ + term.c_lflag |= ECHO; + #ifdef TCSASOFT +- (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); ++ tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); + #else +- (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term); ++ tcsetattr(fileno(stdin), TCSAFLUSH, &term); + #endif + echo = 0; + } + } + + /* Convert string to lower case */ +-static void +-lowcase(s) +- char *s; ++static void lowcase(char *s) + { +- char *p; ++ u_char *p; + +- for (p = s; *p; p++) ++ for (p = (u_char *) s; *p; p++) + if (isupper(*p)) + *p = tolower(*p); + } +--- skey-1.1.5.orig/strlcpy.c 2001-05-10 17:10:49.000000000 +0100 ++++ skey-1.1.5/strlcpy.c 1970-01-01 01:00:00.000000000 +0100 +@@ -1,72 +0,0 @@ +-/* $OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $ */ +- +-/* +- * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> +- * All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. The name of the author may not be used to endorse or promote products +- * derived from this software without specific prior written permission. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +-#include "config.h" +-#ifndef HAVE_STRLCPY +- +-#if defined(LIBC_SCCS) && !defined(lint) +-static char *rcsid = "$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $"; +-#endif /* LIBC_SCCS and not lint */ +- +-#include <sys/types.h> +-#include <string.h> +- +-/* +- * Copy src to string dst of size siz. At most siz-1 characters +- * will be copied. Always NUL terminates (unless siz == 0). +- * Returns strlen(src); if retval >= siz, truncation occurred. +- */ +-size_t strlcpy(dst, src, siz) +- char *dst; +- const char *src; +- size_t siz; +-{ +- register char *d = dst; +- register const char *s = src; +- register size_t n = siz; +- +- /* Copy as many bytes as will fit */ +- if (n != 0 && --n != 0) { +- do { +- if ((*d++ = *s++) == 0) +- break; +- } while (--n != 0); +- } +- +- /* Not enough room in dst, add NUL and traverse rest of src */ +- if (n == 0) { +- if (siz != 0) +- *d = '\0'; /* NUL-terminate dst */ +- while (*s++) +- ; +- } +- +- return(s - src - 1); /* count does not include NUL */ +-} +- +-#endif diff --git a/patchsets/skey/1.1.5/02_all_login_name_max.patch b/patchsets/skey/1.1.5/02_all_login_name_max.patch new file mode 100644 index 0000000..55bd36b --- /dev/null +++ b/patchsets/skey/1.1.5/02_all_login_name_max.patch @@ -0,0 +1,18 @@ +https://bugs.gentoo.org/33315 +glibc 2.2.x does not define LOGIN_NAME_MAX + (12 Nov 2003) -taviso@gentoo.org + +--- skey-1.1.5.orig/skeyinit.c ++++ skey-1.1.5/skeyinit.c +@@ -62,6 +62,11 @@ + #define SKEY_NAMELEN 4 + #endif + ++/* #33315 */ ++#ifndef LOGIN_NAME_MAX ++#define LOGIN_NAME_MAX 256 ++#endif ++ + int main __P((int, char **)); + + int main(int argc, char **argv) diff --git a/patchsets/skey/1.1.5/03_all_fPIC.patch b/patchsets/skey/1.1.5/03_all_fPIC.patch new file mode 100644 index 0000000..8a91192 --- /dev/null +++ b/patchsets/skey/1.1.5/03_all_fPIC.patch @@ -0,0 +1,12 @@ +--- skey-1.1.5-orig/Makefile.in ++++ skey-1.1.5/Makefile.in +@@ -50,6 +50,9 @@ + + ${LIBOBJS}: config.h + ++${LIBOBJS}: %.o: %.c ++ ${CC} ${CFLAGS} -fPIC -c $< -o $@ ++ + libskey.a: ${LIBOBJS} + ${AR} rv $@ ${LIBOBJS} + ${RANLIB} $@ diff --git a/patchsets/skey/1.1.5/04_all_bind-now.patch b/patchsets/skey/1.1.5/04_all_bind-now.patch new file mode 100644 index 0000000..3a1062d --- /dev/null +++ b/patchsets/skey/1.1.5/04_all_bind-now.patch @@ -0,0 +1,15 @@ +--- skey-1.1.5-orig/Makefile.in ++++ skey-1.1.5/Makefile.in +@@ -67,10 +67,10 @@ + ${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS} + + skeyinit: libskey.so ${SKEYINITOBJS} +- ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} ++ ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} -Wl,-z,now + + skeyinfo: libskey.so ${SKEYINFOOBJS} +- ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS} ++ ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS} -Wl,-z,now + + ${MANPAGES} ${SCRIPTS}:: + ${FIXPATHSCMD} ${srcdir}/$@ diff --git a/patchsets/skey/1.1.5/05_all_otp.patch b/patchsets/skey/1.1.5/05_all_otp.patch new file mode 100644 index 0000000..6f80f74 --- /dev/null +++ b/patchsets/skey/1.1.5/05_all_otp.patch @@ -0,0 +1,53 @@ +https://bugs.gentoo.org/71015 +allow invokation as otp-foo. + (03 Mar 2005) -taviso. + +--- skey-1.1.5.orig/skey.c ++++ skey-1.1.5/skey.c +@@ -46,6 +46,17 @@ + char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE]; + char buf[33], *seed, *slash, *t; + ++ /* If we were called as otp-METHOD, set algorithm based on that */ ++ if ((slash = strrchr(argv[0], '/'))) ++ slash++; ++ else ++ slash = argv[0]; ++ if (strncmp(slash, "otp-", 4) == 0) { ++ slash += 4; ++ if (skey_set_algorithm(slash) == NULL) ++ errx(1, "Unknown hash algorithm %s", slash); ++ } ++ + while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) { + switch(i) { + case 'f': +--- skey-1.1.5.orig/skey.1 ++++ skey-1.1.5/skey.1 +@@ -6,7 +6,7 @@ + .Dt SKEY 1 + .Os + .Sh NAME +-.Nm skey ++.Nm skey, otp-md4, otp-md5, otp-sha1 + .Nd respond to an OTP challenge + .Sh SYNOPSIS + .Nm +@@ -34,6 +34,17 @@ + or + .Xr ftpd 8 . + .Pp ++When ++.Nm skey ++is invoked as ++.Nm otp-method , ++.Nm skey ++will use ++.Ar method ++as the hash function where ++.Ar method ++is currently one of md4, md5, or sha1. ++.Pp + Example use of the + .Em S/Key + program diff --git a/patchsets/skey/1.1.5/06_all_binary-search.patch b/patchsets/skey/1.1.5/06_all_binary-search.patch new file mode 100644 index 0000000..90e399c --- /dev/null +++ b/patchsets/skey/1.1.5/06_all_binary-search.patch @@ -0,0 +1,36 @@ +Fix binary search. + +--- skey-1.1.5-orig/put.c ++++ skey-1.1.5/put.c +@@ -2206,27 +2206,17 @@ + { + int i, j; + +- for (;;) { ++ while (low <= high) { + i = (low + high) / 2; + + if ((j = strncmp(w, Wp[i], 4)) == 0) + return i; /* Found it */ +- if (high == low + 1) +- { +- /* Avoid effects of integer truncation in /2 */ +- if (strncmp(w, Wp[high], 4) == 0) +- return high; +- else +- return -1; +- } +- +- if (low >= high) +- return -1; /* I don't *think* this can happen... */ + if (j < 0) +- high = i; /* Search lower half */ ++ high = i - 1; /* Search lower half */ + else +- low = i; /* Search upper half */ ++ low = i + 1; /* Search upper half */ + } ++ return -1; + } + + static void insert(char *s, int x, int start, int length) diff --git a/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch b/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch new file mode 100644 index 0000000..967eb70 --- /dev/null +++ b/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch @@ -0,0 +1,13 @@ +skeyprune won't honour @sysconfdir@ + +--- skey-1.1.5-orig/skeyprune.pl ++++ skey-1.1.5/skeyprune.pl +@@ -14,7 +14,7 @@ + die "Usage: $0 [days]\n" if $#ARGC > 0; + + # Pathnames +-$keyfile = '/etc/skeykeys'; ++$keyfile = '/etc/skey/skeykeys'; + $temp = "$keyfile.tmp$$"; + + # Quick mapping of month name -> number diff --git a/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch b/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch new file mode 100644 index 0000000..b5039fa --- /dev/null +++ b/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch @@ -0,0 +1,13 @@ +skeyprune uses a case sensitive regex to check for zeroed entries + +--- skey-1.1.5-orig/skeyprune.pl ++++ skey-1.1.5/skeyprune.pl +@@ -37,7 +37,7 @@ + + while (<OLD>) { + # Ignore commented out entries +- if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/ ) { ++ if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/i ) { + /((Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+)$/; + + # Prune out old entries if asked to diff --git a/patchsets/skey/1.1.5/09_all_man_default-md5.patch b/patchsets/skey/1.1.5/09_all_man_default-md5.patch new file mode 100644 index 0000000..02bf45c --- /dev/null +++ b/patchsets/skey/1.1.5/09_all_man_default-md5.patch @@ -0,0 +1,26 @@ +https://bugs.gentoo.org/64971 +skey(1) and skeyinit(1) describe md4 as the default hash algorithm, +which is no longer the case. + +--- skey-1.1.5-orig/skey.1 ++++ skey-1.1.5/skey.1 +@@ -27,7 +27,7 @@ + .Pp + .Em S/Key + uses 64 bits of information, transformed by the +-.Tn MD4 ++.Tn MD5 + algorithm into 6 English words. + The user supplies the words to authenticate himself to programs like + .Xr login 1 +--- skey-1.1.5-orig/skeyinit.1 2012-01-04 20:24:22.000000000 +0100 ++++ skey-1.1.5/skeyinit.1 2012-01-04 20:31:13.000000000 +0100 +@@ -47,7 +47,7 @@ + (default is 100). + .It Fl t Ar hash + Selects the hash algorithm to use. +-Available choices are md4 (the default), md5 or sha1. ++Available choices are md4, md5 (the default) or sha1. + .It Ar user + The username to be changed/added. + By default the current user is operated on, only root may diff --git a/patchsets/skey/1.1.5/10_all_man_libpath.patch b/patchsets/skey/1.1.5/10_all_man_libpath.patch new file mode 100644 index 0000000..4892645 --- /dev/null +++ b/patchsets/skey/1.1.5/10_all_man_libpath.patch @@ -0,0 +1,16 @@ +skey(3): shared library is in /lib; we don't install a profiling library + +--- skey-1.1.5-orig/skey.3 ++++ skey-1.1.5/skey.3 +@@ -245,10 +245,8 @@ + .Bl -tag -width /usr/lib/libskey_p.a -compact + .It Pa /usr/lib/libskey.a + static skey library +-.It Pa /usr/lib/libskey.so ++.It Pa /lib/libskey.so + dynamic skey library +-.It Pa /usr/lib/libskey_p.a +-static skey library compiled for profiling + .El + .Sh SEE ALSO + .Xr skey 1 , diff --git a/patchsets/skey/1.1.5/11_all_strncat-warning.patch b/patchsets/skey/1.1.5/11_all_strncat-warning.patch new file mode 100644 index 0000000..6eeefdd --- /dev/null +++ b/patchsets/skey/1.1.5/11_all_strncat-warning.patch @@ -0,0 +1,11 @@ +--- skey-1.1.5-orig/skeyinit.c ++++ skey-1.1.5/skeyinit.c +@@ -111,7 +111,7 @@ + defaultseed[SKEY_NAMELEN] = '\0'; + time(&now); + snprintf(tbuf, sizeof(tbuf), "%05ld", (long) (now % 100000)); +- strncat(defaultseed, tbuf, sizeof(defaultseed)); ++ strncat(defaultseed, tbuf, sizeof(defaultseed) - SKEY_NAMELEN - 1); + + if ((pp = getpwuid(getuid())) == NULL) + err(1, "no user with uid %ld", (u_long)getuid()); |