NetBSD Problem Report #15736

Received: (qmail 3544 invoked from network); 26 Feb 2002 00:33:56 -0000
Message-Id: <20020226003442.9F50F11110@www.netbsd.org>
Date: Mon, 25 Feb 2002 16:34:42 -0800 (PST)
From: vkhr@rawsocket.net
Sender: nobody@netbsd.org
Reply-To: vkhr@rawsocket.net
To: gnats-bugs@gnats.netbsd.org
Subject: Patch for skeyinit(1) extending command line features.
X-Send-Pr-Version: www-1.0

>Number:         15736
>Category:       security
>Synopsis:       Patch for skeyinit(1) extending command line features.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    security-officer
>State:          closed
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 26 00:35:01 +0000 2002
>Closed-Date:    Sun Sep 18 21:53:03 +0000 2005
>Last-Modified:  Fri Apr 28 21:29:03 +0000 2006
>Originator:     V. Hari
>Release:        1.5ZA
>Organization:
>Environment:
NetBSD burnt.rawsocket.net 1.5ZA NetBSD 1.5ZA (BURNT) #3: Fri Feb 22 19:01:37 EST 2002     root@burnt.rawsocket.net:/usr/src/sys/arch/i386/compile/BURNT i386

>Description:
I found it convenient to have passwords and secret passwords entered over the command-line rather than having skeyinit(1) prompt for them. It's handy just for general usage, and especially for scripting. 
>How-To-Repeat:
Use skeyinit(1).
>Fix:
*** skeyinit.c~	Mon Feb 25 17:58:26 2002
--- skeyinit.c	Mon Feb 25 17:59:02 2002
***************
*** 10,15 ****
--- 10,16 ----
   *
   * Modifications:
   *          Todd C. Miller <Todd.Miller@courtesan.com>
+  *          vkhr <vkhr@rawsocket.net>
   *
   * S/KEY initialization and seed update
   */
***************
*** 52,57 ****
--- 53,59 ----
  	struct	passwd *pp;
  	struct	tm *tm;
  	int c;
+ 	unsigned char argpass=0, argkey=0;

  	if (geteuid() != 0)
  		errx(1, "must be setuid root.");
***************
*** 86,92 ****
  		err(1, "Who are you?");
  	salt = pp->pw_passwd;

! 	while((c = getopt(argc, argv, "n:t:sxz")) != -1) {
  		switch(c) {
  			case 'n':
  				n = atoi(optarg);
--- 88,94 ----
  		err(1, "Who are you?");
  	salt = pp->pw_passwd;

! 	while((c = getopt(argc, argv, "n:t:p:k:sxz")) != -1) {
  		switch(c) {
  			case 'n':
  				n = atoi(optarg);
***************
*** 107,114 ****
  			case 'z':
  				zerokey = 1;
  				break;
  			default:
! 				err(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [user]\n", argv[0]);
  		}
  	}

--- 109,126 ----
  			case 'z':
  				zerokey = 1;
  				break;
+ 			case 'p':
+ 				argpass = 1;
+ 				pw=malloc(SKEY_MAX_PW_LEN+2);
+ 				strncpy(pw,optarg,sizeof(SKEY_MAX_PW_LEN));
+ 				break;
+ 			case 'k':
+ 				argkey = 1;
+ 				strncpy(passwd,optarg,sizeof(passwd));
+ 				strncpy(passwd2,optarg,sizeof(passwd2));
+ 				break;
  			default:
! 				err(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [-p password] [-k secret] [user]\n", argv[0]);
  		}
  	}

***************
*** 126,132 ****
  	}

  	if (getuid() != 0) {
! 		pw = getpass("Password:");
  		p = crypt(pw, salt);

  		if (strcmp(p, pp->pw_passwd)) {
--- 138,145 ----
  	}

  	if (getuid() != 0) {
! 		if(!argpass)
! 			pw = getpass("Password:");
  		p = crypt(pw, salt);

  		if (strcmp(p, pp->pw_passwd)) {
***************
*** 255,264 ****
  			if (i >= 2)
  				exit(1);

! 			printf("Enter secret password: ");
! 			readpass(passwd, sizeof(passwd));
! 			if (passwd[0] == '\0')
! 				exit(1);

  			if (strlen(passwd) < SKEY_MIN_PW_LEN) {
  				(void)fprintf(stderr,
--- 268,279 ----
  			if (i >= 2)
  				exit(1);

! 			if(!argkey) {
! 				printf("Enter secret password: ");
! 				readpass(passwd, sizeof(passwd));
! 				if (passwd[0] == '\0')
! 					exit(1);
! 			}

  			if (strlen(passwd) < SKEY_MIN_PW_LEN) {
  				(void)fprintf(stderr,
***************
*** 275,284 ****
  				continue;
  			}
  #endif
! 			printf("Again secret password: ");
! 			readpass(passwd2, sizeof(passwd));
! 			if (passwd2[0] == '\0')
! 				exit(1);

  			if (strcmp(passwd, passwd2) == 0)
  				break;
--- 290,301 ----
  				continue;
  			}
  #endif
! 			if(!argkey) {
! 				printf("Again secret password: ");
! 				readpass(passwd2, sizeof(passwd));
! 				if (passwd2[0] == '\0')
! 					exit(1);
! 			}

  			if (strcmp(passwd, passwd2) == 0)
  				break;

>Release-Note:
>Audit-Trail:
From: Elad Efrat <elad@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: PR/15736 CVS commit: src/usr.bin/skeyinit
Date: Sun, 18 Sep 2005 21:50:20 +0000 (UTC)

 Module Name:	src
 Committed By:	elad
 Date:		Sun Sep 18 21:50:20 UTC 2005

 Modified Files:
 	src/usr.bin/skeyinit: skeyinit.c

 Log Message:
 Add -k key and -p password.
 Slightly modified diff from V. Hari.
 PR/15736.


 To generate a diff of this commit:
 cvs rdiff -r1.24 -r1.25 src/usr.bin/skeyinit/skeyinit.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: elad@netbsd.org
State-Changed-When: Sun, 18 Sep 2005 21:53:03 +0000
State-Changed-Why:
Added -k key and -p password based on a slightly modified patch.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.