usr.bin/chkey/chkey.c

168054Sflz/*
168054Sflz * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
168266Sgabor * unrestricted use provided that this legend is included on all tape
168266Sgabor * media and as a part of the software program in whole or part.  Users
168266Sgabor * may copy or modify Sun RPC without charge, but are not authorized
168266Sgabor * to license or distribute it to anyone else except as part of a product or
168266Sgabor * program developed by the user or with the express written consent of
168266Sgabor * Sun Microsystems, Inc.
168266Sgabor *
168266Sgabor * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
168054Sflz * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
168054Sflz * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
168064Sflz *
168064Sflz * Sun RPC is provided with no support and without any obligation on the
168064Sflz * part of Sun Microsystems, Inc. to assist in its use, correction,
168064Sflz * modification or enhancement.
168064Sflz *
168064Sflz * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
168064Sflz * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
168064Sflz * OR ANY PART THEREOF.
168064Sflz *
168064Sflz * In no event will Sun Microsystems, Inc. be liable for any lost revenue
168064Sflz * or profits or other special, indirect and consequential damages, even if
168064Sflz * Sun has been advised of the possibility of such damages.
168064Sflz *
168064Sflz * Sun Microsystems, Inc.
168054Sflz * 2550 Garcia Avenue
168054Sflz * Mountain View, California  94043
168064Sflz */
168054Sflz#ifndef lint
168064Sflzstatic char sccsid[] = "@(#)chkey.c 1.7 91/03/11 Copyr 1986 Sun Micro";
171129Sobrien#endif
168939Stmclaugh/*
168131Sbmah * Copyright (C) 1986, Sun Microsystems, Inc.
168113Smarcus */
180225Smarcel
168123Snetchild/*
168939Stmclaugh * Command to change one's public key in the public key database
168064Sflz */
168054Sflz#include <stdio.h>
168054Sflz#include <rpc/rpc.h>
168054Sflz#include <rpc/key_prot.h>
168054Sflz#ifdef YP
168261Sache#include <rpcsvc/yp_prot.h>
168077Sflz#include <rpcsvc/ypclnt.h>
168077Sflz#else
232357Sak#define	YPOP_STORE	4
168126Sale#endif
168069Sgarga#include <pwd.h>
168472Snovel#include <string.h>
179877Samdmi3#include <sys/fcntl.h>
168274Ssem
169073Saraujoextern char *getpass();
168667Sstefan#define index strchr
209039Sashishextern char *crypt();
203044Savilla#ifdef YPPASSWD
193190Savlstruct passwd *ypgetpwuid();
168274Ssem#endif
210573Sbapt
188692Sbeat#ifdef YP
170471Sbeechstatic char *domain;
168113Smarcusstatic char PKMAP[] = "publickey.byname";
218631Smiwi#else
173254Sbrixstatic char PKFILE[] = "/etc/publickey";
168098Skrion#endif	/* YP */
168123Snetchildstatic char ROOTKEY[] = "/etc/.rootkey";
170601Schinsan
168082Sgargamain(argc, argv)
168116Sclsung	int argc;
168937Scperciva	char **argv;
222995Screes{
225632Scs	char name[MAXNETNAMELEN+1];
213988Sculot	char public[HEXKEYBYTES + 1];
168177Sgabor	char secret[HEXKEYBYTES + 1];
168354Sdanfe	char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
168072Sehaupt	char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
206034Sdecke	int status;
168108Srafan	char *pass;
168186Smat	struct passwd *pw;
218631Smiwi	uid_t uid;
168210Sitetcu	int force = 0;
225853Seadler	char *self;
168068Serwin#ifdef YP
168072Sehaupt	char *master;
168113Smarcus#endif
168059Sgabor
168542Smiwi	self = argv[0];
168098Skrion	for (argc--, argv++; argc > 0 && **argv == '-'; argc--, argv++) {
216282Sflo		if (argv[0][2] != 0) {
206495Sfluffy			usage(self);
168054Sflz		}
168059Sgabor		switch (argv[0][1]) {
176595Sgahr		case 'f':
168054Sflz			force = 1;
210773Sglarkin			break;
210773Sglarkin		default:
172158Sjkim			usage(self);
172158Sjkim		}
168256Sijliao	}
168209Sitetcu	if (argc != 0) {
206184Sjacula		usage(self);
176768Sjadawin	}
236343Sjase
228752Sjgh#ifdef YP
172158Sjkim	(void)yp_get_default_domain(&domain);
222797Sjlaffaye	if (yp_master(domain, PKMAP, &master) != 0) {
168076Sjmelo		(void)fprintf(stderr,
168123Snetchild			"can't find master of publickey database\n");
168054Sflz		exit(1);
168055Spav	}
182814Sjpaetzel#endif
210169Sjsa	uid = getuid() /*geteuid()*/;
168055Spav	if (uid == 0) {
168536Skevlo		if (host2netname(name, NULL, NULL) == 0) {
168177Sgabor			(void)fprintf(stderr,
168098Skrion			"chkey: cannot convert hostname to netname\n");
218631Smiwi			exit(1);
168055Spav		}
168161Sphilip	} else {
168054Sflz		if (user2netname(name, uid, NULL) == 0) {
168208Sitetcu			(void)fprintf(stderr,
168295Sleeym			"chkey: cannot convert username to netname\n");
168295Sleeym			exit(1);
172158Sjkim		}
175205Sedwin	}
168939Stmclaugh	(void)printf("Generating new key for %s.\n", name);
176979Slippe
218631Smiwi	if (!force) {
168068Serwin		if (uid != 0) {
168337Slwhsu#ifdef YPPASSWD
175205Sedwin			pw = ypgetpwuid(uid);
234195Smadpilot#else
168177Sgabor			pw = getpwuid(uid);
199480Smandree#endif
199479Smandree			if (pw == NULL) {
168113Smarcus#ifdef YPPASSWD
168918Sbrueffer				(void)fprintf(stderr,
220095Smartymac		"No NIS password entry found: can't change key.\n");
168186Smat#else
231275Smatthew				(void)fprintf(stderr,
168055Spav		"No password entry found: can't change key.\n");
168098Skrion#endif
168359Smm				exit(1);
168100Smnag			}
218631Smiwi		} else {
169036Snemoliu			pw = getpwuid(0);
168123Snetchild			if (pw == NULL) {
168177Sgabor				(void)fprintf(stderr,
168134Snork				"No password entry found: can't change key.\n");
168084Sehaupt				exit(1);
168542Smiwi			}
171129Sobrien		}
236257Solivierd	}
171129Sobrien	pass = getpass("Password:");
169253Sfjoe#ifdef YPPASSWD
168939Stmclaugh	if (!force) {
168054Sflz		if (strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd) != 0) {
219614Spawel			(void)fprintf(stderr, "Invalid password.\n");
190977Spgj			exit(1);
168098Skrion		}
180729Spgollucci	}
168108Srafan#else
226351Srakuco	force = 1;	/* Make this mandatory */
206489Srene#endif
227417Srm	genkeys(public, secret, pass);
180983Srnoland
203046Sromain	memcpy(crypt1, secret, HEXKEYBYTES);
206532Ssahil	memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
168098Skrion	crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
219730Ssbz	xencrypt(crypt1, pass);
227731Sscheidell
168098Skrion	if (force) {
168098Skrion		memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
168055Spav		xdecrypt(crypt2, getpass("Retype password:"));
168068Serwin		if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0 ||
191885Sskreuzer		    memcmp(crypt2, secret, HEXKEYBYTES) != 0) {
168939Stmclaugh			(void)fprintf(stderr, "Password incorrect.\n");
234343Ssperber			exit(1);
168290Ssem		}
168667Sstefan	}
223090Sstephen
213001Ssunpoet#ifdef YP
218631Smiwi	(void)printf("Sending key change request to %s...\n", master);
212219Sswills#endif
172276Stabthorpe	status = setpublicmap(name, public, crypt1);
168125Stdb	if (status != 0) {
170675Stimur#ifdef YP
236348Stj		(void)fprintf(stderr,
192568Stota		"%s: unable to update NIS database (%u): %s\n",
169018Strasz				self, status, yperr_string(status));
168225Strhodes#else
168186Smat		(void)fprintf(stderr,
168061Sahze		"%s: unable to update publickey database\n", self);
231128Suqs#endif
168069Sgarga		exit(1);
216401Swen	}
180728Swxs
168935Stmclaugh	if (uid == 0) {
195800Syzlin		/*
224071Szi		 * Root users store their key in /etc/$ROOTKEY so
172158Sjkim		 * that they can auto reboot without having to be
168054Sflz		 * around to type a password. Storing this in a file
168054Sflz		 * is rather dubious: it should really be in the EEPROM
168064Sflz		 * so it does not go over the net.
168064Sflz		 */
168054Sflz		int fd;
168055Spav
168055Spav		fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
168055Spav		if (fd < 0) {
168055Spav			perror(ROOTKEY);
168055Spav		} else {
182814Sjpaetzel			char newline = '\n';
182814Sjpaetzel
168055Spav			if (write(fd, secret, strlen(secret)) < 0 ||
168057Sahze			    write(fd, &newline, sizeof(newline)) < 0) {
168055Spav				(void)fprintf(stderr, "%s: ", ROOTKEY);
176979Slippe				perror("write");
180729Spgollucci			}
176979Slippe		}
168919Sbrueffer	}
168667Sstefan
168667Sstefan	if (key_setsecret(secret) < 0) {
171129Sobrien		(void)printf("Unable to login with new secret key.\n");
171129Sobrien		exit(1);
226351Srakuco	}
226351Srakuco	(void)printf("Done.\n");
225848Seadler	exit(0);
222817Sjlaffaye	/* NOTREACHED */
222817Sjlaffaye}
206034Sdecke
234343Ssperberusage(name)
231128Suqs	char *name;
206034Sdecke{
188837Sbeech	(void)fprintf(stderr, "usage: %s [-f]\n", name);
188837Sbeech	exit(1);
188837Sbeech	/* NOTREACHED */
168939Stmclaugh}
168939Stmclaugh
168939Stmclaugh
218631Smiwi/*
218631Smiwi * Set the entry in the public key file
168125Stdb */
168208Sitetcusetpublicmap(name, public, secret)
168125Stdb	char *name;
168337Slwhsu	char *public;
172275Stabthorpe	char *secret;
168337Slwhsu{
228752Sjgh	char pkent[1024];
234195Smadpilot
228752Sjgh	(void)sprintf(pkent,"%s:%s", public, secret);
236348Stj#ifdef YP
236348Stj	return (yp_update(domain, PKMAP, YPOP_STORE,
236343Sjase		name, strlen(name), pkent, strlen(pkent)));
236343Sjase#else
234343Ssperber	return (localupdate(name, PKFILE, YPOP_STORE,
234343Ssperber		strlen(name), name, strlen(pkent), pkent));
169036Snemoliu#endif
168108Srafan}
168108Srafan
168186Smat#ifdef YPPASSWD
168186Smatstruct passwd *
232357Sakypgetpwuid(uid)
236348Stj	uid_t uid;
232357Sak{
168938Scperciva	char uidstr[10];
168068Serwin	char *val;
175205Sedwin	int vallen;
175205Sedwin	static struct passwd pw;
168068Serwin	char *p;
168072Sehaupt
220182Smartymac	(void)sprintf(uidstr, "%d", uid);
168072Sehaupt	if (yp_match(domain, "passwd.byuid", uidstr, strlen(uidstr),
168274Ssem			&val, &vallen) != 0) {
168225Strhodes		return (NULL);
168225Strhodes	}
173254Sbrix	p = index(val, ':');
168068Serwin	if (p == NULL) {
168059Sgabor		return (NULL);
168068Serwin	}
168068Serwin	pw.pw_passwd = p + 1;
168068Serwin	p = index(pw.pw_passwd, ':');
168059Sgabor	if (p == NULL) {
168354Sdanfe		return (NULL);
216282Sflo	}
168098Skrion	*p = 0;
169251Sfjoe	return (&pw);
168098Skrion}
236343Sjase#endif	/* YPPASSWD */
236343Sjase