chkey.c revision 87628 
1/*
2 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3 * unrestricted use provided that this legend is included on all tape
4 * media and as a part of the software program in whole or part.  Users
5 * may copy or modify Sun RPC without charge, but are not authorized
6 * to license or distribute it to anyone else except as part of a product or
7 * program developed by the user or with the express written consent of
8 * Sun Microsystems, Inc.
9 *
10 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
11 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
12 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
13 *
14 * Sun RPC is provided with no support and without any obligation on the
15 * part of Sun Microsystems, Inc. to assist in its use, correction,
16 * modification or enhancement.
17 *
18 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
19 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
20 * OR ANY PART THEREOF.
21 *
22 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
23 * or profits or other special, indirect and consequential damages, even if
24 * Sun has been advised of the possibility of such damages.
25 *
26 * Sun Microsystems, Inc.
27 * 2550 Garcia Avenue
28 * Mountain View, California  94043
29 */
30
31#if 0
32#ifndef lint
33static char sccsid[] = "@(#)chkey.c 1.7 91/03/11 Copyr 1986 Sun Micro";
34#endif
35#endif
36
37#include <sys/cdefs.h>
38__FBSDID("$FreeBSD: head/usr.bin/chkey/chkey.c 87628 2001-12-10 21:13:08Z dwmalone $");
39
40/*
41 * Copyright (C) 1986, Sun Microsystems, Inc.
42 */
43
44/*
45 * Command to change one's public key in the public key database
46 */
47#include <rpc/rpc.h>
48#include <rpc/key_prot.h>
49#ifdef YP
50#include <rpcsvc/yp_prot.h>
51#include <rpcsvc/ypclnt.h>
52#else
53#define	YPOP_STORE	4
54#endif
55#include <sys/fcntl.h>
56#include <pwd.h>
57#include <stdio.h>
58#include <string.h>
59#include <unistd.h>
60
61#include "extern.h"
62
63#define index strchr
64#ifdef YPPASSWD
65struct passwd *ypgetpwuid(uid_t);
66#endif
67
68#ifdef YP
69static char *domain;
70static char PKMAP[] = "publickey.byname";
71#else
72static char PKFILE[] = "/etc/publickey";
73#endif	/* YP */
74static char ROOTKEY[] = "/etc/.rootkey";
75
76static void usage(char *);
77extern int yp_update(char *, char *, int, char *, size_t, char *, size_t);
78
79int
80main(argc, argv)
81	int argc;
82	char **argv;
83{
84	char name[MAXNETNAMELEN+1];
85	char public[HEXKEYBYTES + 1];
86	char secret[HEXKEYBYTES + 1];
87	char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
88	char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
89	int status;
90	char *pass;
91	struct passwd *pw;
92	uid_t uid;
93	int force = 0;
94	char *self;
95#ifdef YP
96	char *master;
97#endif
98
99	self = argv[0];
100	for (argc--, argv++; argc > 0 && **argv == '-'; argc--, argv++) {
101		if (argv[0][2] != 0) {
102			usage(self);
103		}
104		switch (argv[0][1]) {
105		case 'f':
106			force = 1;
107			break;
108		default:
109			usage(self);
110		}
111	}
112	if (argc != 0) {
113		usage(self);
114	}
115
116#ifdef YP
117	(void)yp_get_default_domain(&domain);
118	if (yp_master(domain, PKMAP, &master) != 0) {
119		(void)fprintf(stderr,
120			"can't find master of publickey database\n");
121		exit(1);
122	}
123#endif
124	uid = getuid() /*geteuid()*/;
125	if (uid == 0) {
126		if (host2netname(name, NULL, NULL) == 0) {
127			(void)fprintf(stderr,
128			"chkey: cannot convert hostname to netname\n");
129			exit(1);
130		}
131	} else {
132		if (user2netname(name, uid, NULL) == 0) {
133			(void)fprintf(stderr,
134			"chkey: cannot convert username to netname\n");
135			exit(1);
136		}
137	}
138	(void)printf("Generating new key for %s.\n", name);
139
140	if (!force) {
141		if (uid != 0) {
142#ifdef YPPASSWD
143			pw = ypgetpwuid(uid);
144#else
145			pw = getpwuid(uid);
146#endif
147			if (pw == NULL) {
148#ifdef YPPASSWD
149				(void)fprintf(stderr,
150		"No NIS password entry found: can't change key.\n");
151#else
152				(void)fprintf(stderr,
153		"No password entry found: can't change key.\n");
154#endif
155				exit(1);
156			}
157		} else {
158			pw = getpwuid(0);
159			if (pw == NULL) {
160				(void)fprintf(stderr,
161				"No password entry found: can't change key.\n");
162				exit(1);
163			}
164		}
165	}
166	pass = getpass("Password:");
167#ifdef YPPASSWD
168	if (!force) {
169		if (strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd) != 0) {
170			(void)fprintf(stderr, "Invalid password.\n");
171			exit(1);
172		}
173	}
174#else
175	force = 1;	/* Make this mandatory */
176#endif
177	genkeys(public, secret, pass);
178
179	memcpy(crypt1, secret, HEXKEYBYTES);
180	memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
181	crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
182	xencrypt(crypt1, pass);
183
184	if (force) {
185		memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
186		xdecrypt(crypt2, getpass("Retype password:"));
187		if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0 ||
188		    memcmp(crypt2, secret, HEXKEYBYTES) != 0) {
189			(void)fprintf(stderr, "Password incorrect.\n");
190			exit(1);
191		}
192	}
193
194#ifdef YP
195	(void)printf("Sending key change request to %s...\n", master);
196#endif
197	status = setpublicmap(name, public, crypt1);
198	if (status != 0) {
199#ifdef YP
200		(void)fprintf(stderr,
201		"%s: unable to update NIS database (%u): %s\n",
202				self, status, yperr_string(status));
203#else
204		(void)fprintf(stderr,
205		"%s: unable to update publickey database\n", self);
206#endif
207		exit(1);
208	}
209
210	if (uid == 0) {
211		/*
212		 * Root users store their key in /etc/$ROOTKEY so
213		 * that they can auto reboot without having to be
214		 * around to type a password. Storing this in a file
215		 * is rather dubious: it should really be in the EEPROM
216		 * so it does not go over the net.
217		 */
218		int fd;
219
220		fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
221		if (fd < 0) {
222			perror(ROOTKEY);
223		} else {
224			char newline = '\n';
225
226			if (write(fd, secret, strlen(secret)) < 0 ||
227			    write(fd, &newline, sizeof(newline)) < 0) {
228				(void)fprintf(stderr, "%s: ", ROOTKEY);
229				perror("write");
230			}
231		}
232	}
233
234	if (key_setsecret(secret) < 0) {
235		(void)printf("Unable to login with new secret key.\n");
236		exit(1);
237	}
238	(void)printf("Done.\n");
239	exit(0);
240	/* NOTREACHED */
241}
242
243static void
244usage(name)
245	char *name;
246{
247	(void)fprintf(stderr, "usage: %s [-f]\n", name);
248	exit(1);
249	/* NOTREACHED */
250}
251
252
253/*
254 * Set the entry in the public key file
255 */
256int
257setpublicmap(name, public, secret)
258	char *name;
259	char *public;
260	char *secret;
261{
262	char pkent[1024];
263
264	(void)sprintf(pkent,"%s:%s", public, secret);
265#ifdef YP
266	return (yp_update(domain, PKMAP, YPOP_STORE,
267		name, strlen(name), pkent, strlen(pkent)));
268#else
269	return (localupdate(name, PKFILE, YPOP_STORE,
270		strlen(name), name, strlen(pkent), pkent));
271#endif
272}
273
274#ifdef YPPASSWD
275struct passwd *
276ypgetpwuid(uid)
277	uid_t uid;
278{
279	char uidstr[10];
280	char *val;
281	int vallen;
282	static struct passwd pw;
283	char *p;
284
285	(void)sprintf(uidstr, "%d", uid);
286	if (yp_match(domain, "passwd.byuid", uidstr, strlen(uidstr),
287			&val, &vallen) != 0) {
288		return (NULL);
289	}
290	p = index(val, ':');
291	if (p == NULL) {
292		return (NULL);
293	}
294	pw.pw_passwd = p + 1;
295	p = index(pw.pw_passwd, ':');
296	if (p == NULL) {
297		return (NULL);
298	}
299	*p = 0;
300	return (&pw);
301}
302#endif	/* YPPASSWD */
303