usr.bin/skeyinit/skeyinit.c

139823Simp/*	$OpenBSD: skeyinit.c,v 1.75 2019/06/28 13:35:03 deraadt Exp $	*/
1541Srgrimes
1541Srgrimes/* OpenBSD S/Key (skeyinit.c)
1541Srgrimes *
1541Srgrimes * Authors:
1541Srgrimes *          Neil M. Haller <nmh@thumper.bellcore.com>
1541Srgrimes *          Philip R. Karn <karn@chicago.qualcomm.com>
1541Srgrimes *          John S. Walden <jsw@thumper.bellcore.com>
1541Srgrimes *          Scott Chasin <chasin@crimelab.com>
1541Srgrimes *          Todd C. Miller <millert@openbsd.org>
1541Srgrimes *
1541Srgrimes * S/Key initialization and seed update
1541Srgrimes */
1541Srgrimes
1541Srgrimes#include <sys/stat.h>
1541Srgrimes
1541Srgrimes#include <ctype.h>
1541Srgrimes#include <err.h>
1541Srgrimes#include <errno.h>
1541Srgrimes#include <fcntl.h>
1541Srgrimes#include <pwd.h>
1541Srgrimes#include <readpassphrase.h>
1541Srgrimes#include <stdio.h>
1541Srgrimes#include <stdlib.h>
1541Srgrimes#include <string.h>
1541Srgrimes#include <syslog.h>
1541Srgrimes#include <time.h>
1541Srgrimes#include <unistd.h>
85052Sru#include <limits.h>
50477Speter#include <utmp.h>
1541Srgrimes
1541Srgrimes#include <skey.h>
2168Spaul#include <bsd_auth.h>
2168Spaul
2168Spaul#ifndef SKEY_NAMELEN
1541Srgrimes#define SKEY_NAMELEN    4
1541Srgrimes#endif
8876Srgrimes
1541Srgrimesvoid	usage(void);
1541Srgrimesvoid	secure_mode(int *, char *, char *, size_t, char *, size_t);
1541Srgrimesvoid	normal_mode(char *, int, char *, char *);
1541Srgrimesvoid	enable_db(int);
1541Srgrimes
1541Srgrimesint
1541Srgrimesmain(int argc, char **argv)
1541Srgrimes{
1541Srgrimes	int     rval, i, l, n, defaultsetup, rmkey, hexmode, enable;
1541Srgrimes	char	hostname[HOST_NAME_MAX+1];
1541Srgrimes	char	seed[SKEY_MAX_SEED_LEN + 1];
1541Srgrimes	char    buf[256], key[SKEY_BINKEY_SIZE], filename[PATH_MAX], *ht;
1541Srgrimes	char    lastc, *p, *auth_type;
1541Srgrimes	const char *errstr;
1541Srgrimes	struct skey skey;
1541Srgrimes	struct passwd *pp;
1541Srgrimes
1541Srgrimes	n = rmkey = hexmode = enable = 0;
122922Sandre	defaultsetup = 1;
122922Sandre	ht = auth_type = NULL;
122922Sandre
122922Sandre	for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
122922Sandre		if (argv[i][2] == '\0') {
122922Sandre			/* Single character switch */
1541Srgrimes			switch (argv[i][1]) {
1541Srgrimes			case 'a':
1541Srgrimes				if (argv[++i] == NULL || argv[i][0] == '\0')
1541Srgrimes					usage();
1541Srgrimes				auth_type = argv[i];
13765Smpp				break;
13765Smpp			case 's':
1541Srgrimes				defaultsetup = 0;
1541Srgrimes				if (auth_type == NULL)
1541Srgrimes					auth_type = "skey";
1541Srgrimes				break;
5791Swollman			case 'x':
1541Srgrimes				hexmode = 1;
1541Srgrimes				break;
1541Srgrimes			case 'r':
1541Srgrimes				rmkey = 1;
1541Srgrimes				break;
1541Srgrimes			case 'n':
1541Srgrimes				if (argv[++i] == NULL || argv[i][0] == '\0')
1541Srgrimes					usage();
1541Srgrimes				n = strtonum(argv[i], 1, SKEY_MAX_SEQ - 1, &errstr);
1541Srgrimes				if (errstr)
183200Szec					errx(1, "count must be > 0 and < %d",
183200Szec					     SKEY_MAX_SEQ);
183200Szec				break;
183200Szec			case 'D':
183200Szec				enable = -1;
183200Szec				break;
183200Szec			case 'E':
183200Szec				enable = 1;
183200Szec				break;
183200Szec			default:
183200Szec				usage();
183200Szec			}
183200Szec		} else {
183200Szec			/* Multi character switches are hash types */
183200Szec			if ((ht = skey_set_algorithm(&argv[i][1])) == NULL) {
183200Szec				warnx("Unknown hash algorithm %s", &argv[i][1]);
183200Szec				usage();
183200Szec			}
183200Szec		}
183200Szec		i++;
183200Szec	}
178888Sjulian	argv += i;
178888Sjulian	argc -= i;
178888Sjulian
1541Srgrimes	if (argc > 1 || (enable && argc))
5833Sbde		usage();
5833Sbde
5833Sbde	/* Handle -D and -E */
5833Sbde	if (enable) {
5833Sbde		enable_db(enable);
1541Srgrimes		exit(0);
1541Srgrimes	}
1541Srgrimes
1541Srgrimes	if (getuid() != 0) {
1541Srgrimes		if (pledge("stdio rpath wpath cpath fattr flock tty proc exec "
1541Srgrimes		    "getpw", NULL) == -1)
1541Srgrimes			err(1, "pledge");
1541Srgrimes
1541Srgrimes		if ((pp = getpwuid(getuid())) == NULL)
178167Sqingli			err(1, "no user with uid %u", getuid());
178167Sqingli
1541Srgrimes		if (argc == 1) {
178167Sqingli			char me[UT_NAMESIZE + 1];
1541Srgrimes
1541Srgrimes			(void)strlcpy(me, pp->pw_name, sizeof me);
128454Sluigi			if ((pp = getpwnam(argv[0])) == NULL)
128454Sluigi				errx(1, "User unknown: %s", argv[0]);
128454Sluigi			if (strcmp(pp->pw_name, me) != 0)
128454Sluigi				errx(1, "Permission denied.");
128454Sluigi		}
132780Skan	} else {
132780Skan		if (pledge("stdio rpath wpath cpath fattr flock tty getpw id",
1541Srgrimes		    NULL) == -1)
186119Sqingli			err(1, "pledge");
186119Sqingli
1541Srgrimes		if (argc == 1) {
122922Sandre			if ((pp = getpwnam(argv[0])) == NULL) {
127828Sluigi				static struct passwd _pp;
178888Sjulian
120727Ssam				_pp.pw_name = argv[0];
120727Ssam				pp = &_pp;
120727Ssam				warnx("Warning, user unknown: %s", argv[0]);
120727Ssam			} else {
1541Srgrimes				/* So the file ends up owned by the proper ID */
1541Srgrimes				if (setresuid(-1, pp->pw_uid, -1) != 0)
1541Srgrimes					errx(1, "unable to change uid to %u",
1541Srgrimes					    pp->pw_uid);
1541Srgrimes			}
1541Srgrimes		} else if ((pp = getpwuid(0)) == NULL)
1541Srgrimes			err(1, "no user with uid 0");
1541Srgrimes
1541Srgrimes		if (pledge("stdio rpath wpath cpath fattr flock tty", NULL)
1541Srgrimes		    == -1)
1541Srgrimes			err(1, "pledge");
1541Srgrimes	}
1541Srgrimes
1541Srgrimes	switch (skey_haskey(pp->pw_name)) {
1541Srgrimes	case -1:
1541Srgrimes		if (errno == ENOENT || errno == EPERM)
4104Swollman			errx(1, "S/Key disabled");
4104Swollman		else
1541Srgrimes			err(1, "cannot open database");
1541Srgrimes		break;
1541Srgrimes	case 0:
1541Srgrimes		/* existing user */
1541Srgrimes		break;
1541Srgrimes	case 1:
1541Srgrimes		if (!defaultsetup && strcmp(auth_type, "skey") == 0) {
86764Sjlemon			fprintf(stderr,
186119Sqingli"You must authenticate yourself before using S/Key for the first time.  In\n"
1541Srgrimes"secure mode this is normally done via an existing S/Key key.  However, since\n"
186119Sqingli"you do not have an entry in the S/Key database you will have to specify an\n"
186500Sqingli"alternate authentication type via the `-a' flag, e.g.\n"
1541Srgrimes"    \"skeyinit -s -a passwd\"\n\n"
1541Srgrimes"Note that entering a plaintext password over a non-secure link defeats the\n"
1541Srgrimes"purpose of using S/Key in the fist place.\n");
1541Srgrimes			exit(1);
1541Srgrimes		}
122921Sandre		break;
122921Sandre	}
122921Sandre
122921Sandre	if (getuid() != 0) {
122921Sandre		if ((pp = pw_dup(pp)) == NULL)
186119Sqingli			err(1, NULL);
5099Swollman		if (!auth_userokay(pp->pw_name, auth_type, NULL, NULL))
18839Swollman			errx(1, "Password incorrect");
6245Swollman	}
15652Swollman
15652Swollman	if (pledge("stdio rpath wpath cpath fattr flock tty", NULL) == -1)
15652Swollman		err(1, "pledge");
15652Swollman
185747Skmacy	/* Build up a default seed based on the hostname and some randomness */
1541Srgrimes	if (gethostname(hostname, sizeof(hostname)) == -1)
156750Sandre		err(1, "gethostname");
156750Sandre	for (i = 0, p = seed; hostname[i] && i < SKEY_NAMELEN; i++) {
156750Sandre		if (isalnum((unsigned char)hostname[i]))
156750Sandre			*p++ = tolower((unsigned char)hostname[i]);
156750Sandre	}
1541Srgrimes	for (i = 0; i < 5; i++)
1541Srgrimes		*p++ = arc4random_uniform(10) + '0';
1541Srgrimes	*p = '\0';
1541Srgrimes
1541Srgrimes	/*
1541Srgrimes	 * Lookup and lock the record we are about to modify.
1541Srgrimes	 * If this is a new entry this will prevent other users
1541Srgrimes	 * from appending new entries (and clobbering ours).
1541Srgrimes	 */
1541Srgrimes	rval = skeylookup(&skey, pp->pw_name);
1541Srgrimes	switch (rval) {
1541Srgrimes		case -1:
1541Srgrimes			err(1, "cannot open database");
1541Srgrimes			break;
1541Srgrimes		case 0:
1541Srgrimes			/* remove user if asked to do so */
1541Srgrimes			if (rmkey) {
1541Srgrimes				if (snprintf(filename, sizeof(filename),
1541Srgrimes				    "%s/%s", _PATH_SKEYDIR, pp->pw_name)
1541Srgrimes				    >= sizeof(filename))
1541Srgrimes					errc(1, ENAMETOOLONG,
1541Srgrimes					    "Cannot remove S/Key entry");
1541Srgrimes				if (unlink(filename) != 0)
156750Sandre					err(1, "Cannot remove S/Key entry");
156750Sandre				printf("S/Key entry for %s removed.\n",
1541Srgrimes				    pp->pw_name);
1541Srgrimes				exit(0);
1541Srgrimes			}
1541Srgrimes
5791Swollman			(void)printf("[Updating %s with %s]\n", pp->pw_name,
1541Srgrimes			    ht ? ht : skey_get_algorithm());
51252Sru			(void)printf("Old seed: [%s] %s\n",
51252Sru				     skey_get_algorithm(), skey.seed);
51252Sru
1541Srgrimes			/*
1541Srgrimes			 * Sanity check old seed.
1541Srgrimes			 */
1541Srgrimes			l = strlen(skey.seed);
1541Srgrimes			for (p = skey.seed; *p; p++) {
1541Srgrimes				if (isalpha((unsigned char)*p)) {
1541Srgrimes					if (isupper((unsigned char)*p))
1541Srgrimes						*p = tolower((unsigned char)*p);
1541Srgrimes				} else if (!isdigit((unsigned char)*p)) {
1541Srgrimes					memmove(p, p + 1, l - (p - skey.seed));
1541Srgrimes					l--;
1541Srgrimes				}
1541Srgrimes			}
1541Srgrimes
21666Swollman			/* If the seed ends in 0-8 just add one.  */
21666Swollman			if (l > 0) {
89498Sru				lastc = skey.seed[l - 1];
136155Ssam				if (isdigit((unsigned char)lastc) &&
1541Srgrimes				    lastc != '9') {
51252Sru					(void)strlcpy(seed, skey.seed,
51252Sru					    sizeof seed);
51252Sru					seed[l - 1] = lastc + 1;
1541Srgrimes				}
1541Srgrimes				if (isdigit((unsigned char)lastc) &&
51252Sru				    lastc == '9' && l < 16) {
1541Srgrimes					(void)strlcpy(seed, skey.seed,
1541Srgrimes					    sizeof seed);
1541Srgrimes					seed[l - 1] = '0';
1541Srgrimes					seed[l] = '0';
1541Srgrimes					seed[l + 1] = '\0';
1541Srgrimes				}
1541Srgrimes			}
51252Sru			break;
1541Srgrimes		case 1:
1541Srgrimes			if (rmkey)
1541Srgrimes				errx(1, "You have no entry to remove.");
1541Srgrimes			(void)printf("[Adding %s with %s]\n", pp->pw_name,
1541Srgrimes			    ht ? ht : skey_get_algorithm());
1541Srgrimes			if (snprintf(filename, sizeof(filename), "%s/%s",
1541Srgrimes			    _PATH_SKEYDIR, pp->pw_name) >= sizeof(filename))
1541Srgrimes				errc(1, ENAMETOOLONG,
1541Srgrimes				    "Cannot create S/Key entry");
1541Srgrimes			if ((l = open(filename,
1541Srgrimes			    O_RDWR | O_NONBLOCK | O_CREAT | O_TRUNC |O_NOFOLLOW,
1541Srgrimes			    S_IRUSR | S_IWUSR)) == -1 ||
1541Srgrimes			    flock(l, LOCK_EX) != 0 ||
1541Srgrimes			    (skey.keyfile = fdopen(l, "r+")) == NULL)
1541Srgrimes				err(1, "Cannot create S/Key entry");
1541Srgrimes			break;
1541Srgrimes	}
1541Srgrimes	if (fchown(fileno(skey.keyfile), pp->pw_uid, -1) != 0 ||
1541Srgrimes	    fchmod(fileno(skey.keyfile), S_IRUSR | S_IWUSR) != 0)
1541Srgrimes		err(1, "can't set owner/mode for %s", pp->pw_name);
1541Srgrimes	if (defaultsetup && n == 0)
1541Srgrimes		n = 100;
1541Srgrimes
1541Srgrimes	/* Set hash type if asked to */
1541Srgrimes	if (ht && strcmp(ht, skey_get_algorithm()) != 0)
1541Srgrimes		skey_set_algorithm(ht);
85074Sru
85074Sru	alarm(180);
85074Sru	if (!defaultsetup)
1541Srgrimes		secure_mode(&n, key, seed, sizeof seed, buf, sizeof(buf));
1541Srgrimes	else
128185Sluigi		normal_mode(pp->pw_name, n, key, seed);
128185Sluigi	alarm(0);
128185Sluigi
128185Sluigi	/* XXX - why use malloc here? */
128185Sluigi	if ((skey.val = malloc(16 + 1)) == NULL)
128185Sluigi		err(1, "Can't allocate memory");
128185Sluigi	btoa8(skey.val, key);
128185Sluigi
128185Sluigi	(void)fseek(skey.keyfile, 0L, SEEK_SET);
128185Sluigi	(void)fprintf(skey.keyfile, "%s\n%s\n%04d\n%s\n%s\n",
128185Sluigi	    pp->pw_name, skey_get_algorithm(), n, seed, skey.val);
128185Sluigi	(void)fclose(skey.keyfile);
55205Speter
117752Shsu	(void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
120727Ssam	    skey_get_algorithm(), n, seed);
120727Ssam	(void)printf("Next login password: %s\n\n",
120727Ssam	    hexmode ? put8(buf, key) : btoe(buf, key));
174934Smux	exit(0);
120727Ssam}
120727Ssam
120727Ssamvoid
117752Shsusecure_mode(int *count, char *key, char *seed, size_t seedlen,
122334Ssam    char *buf, size_t bufsiz)
122334Ssam{
122334Ssam	char *p, newseed[SKEY_MAX_SEED_LEN + 2];
186119Sqingli	const char *errstr;
122334Ssam	int i, n = *count;
150130Sandre
182801Sjulian	(void)puts("You need the 6 words generated from the \"skey\" command.");
122334Ssam	if (n == 0) {
122334Ssam		for (i = 0; ; i++) {
122334Ssam			if (i >= 2)
186119Sqingli				exit(1);
122334Ssam
150130Sandre			(void)printf("Enter sequence count from 1 to %d: ",
122334Ssam			    SKEY_MAX_SEQ);
122334Ssam			(void)fgets(buf, bufsiz, stdin);
183017Sjulian			clearerr(stdin);
183017Sjulian			rip(buf);
183017Sjulian			n = strtonum(buf, 1, SKEY_MAX_SEQ-1, &errstr);
183017Sjulian			if (!errstr)
183017Sjulian				break;	/* Valid range */
183017Sjulian			fprintf(stderr,
183017Sjulian			    "ERROR: Count must be between 1 and %d\n",
183017Sjulian			    SKEY_MAX_SEQ - 1);
183017Sjulian		}
182801Sjulian		*count= n;
122334Ssam	}
183017Sjulian
183017Sjulian	for (i = 0; ; i++) {
183017Sjulian		if (i >= 2)
1541Srgrimes			exit(1);
183017Sjulian
183017Sjulian		(void)printf("Enter new seed [default %s]: ", seed);
183017Sjulian		(void)fgets(newseed, sizeof(newseed), stdin); /* XXX */
183017Sjulian		clearerr(stdin);
183017Sjulian		rip(newseed);
183017Sjulian		if (strlen(newseed) > SKEY_MAX_SEED_LEN) {
183017Sjulian			(void)fprintf(stderr, "ERROR: Seed must be between 1 "
183017Sjulian			    "and %d characters in length\n", SKEY_MAX_SEED_LEN);
183017Sjulian			continue;
183017Sjulian		}
183017Sjulian		for (p = newseed; *p; p++) {
183017Sjulian			if (isspace((unsigned char)*p)) {
183017Sjulian				(void)fputs("ERROR: Seed must not contain "
183017Sjulian				    "any spaces\n", stderr);
183017Sjulian				break;
183017Sjulian			} else if (isalpha((unsigned char)*p)) {
178898Sjulian				if (isupper((unsigned char)*p))
1541Srgrimes					*p = tolower((unsigned char)*p);
21666Swollman			} else if (!isdigit((unsigned char)*p)) {
21666Swollman				(void)fputs("ERROR: Seed must be purely "
136155Ssam				    "alphanumeric\n", stderr);
92725Salfred				break;
92725Salfred			}
92725Salfred		}
92725Salfred		if (*p == '\0')
92725Salfred			break;  /* Valid seed */
92725Salfred	}
128621Sluigi	if (newseed[0] != '\0')
128621Sluigi		(void)strlcpy(seed, newseed, seedlen);
128621Sluigi
128621Sluigi	for (i = 0; ; i++) {
128621Sluigi		if (i >= 2)
128621Sluigi			exit(1);
128621Sluigi
128621Sluigi		(void)printf("otp-%s %d %s\nS/Key access password: ",
128621Sluigi			     skey_get_algorithm(), n, seed);
128621Sluigi		(void)fgets(buf, bufsiz, stdin);
128621Sluigi		clearerr(stdin);
128621Sluigi		rip(buf);
128621Sluigi		backspace(buf);
178888Sjulian
178888Sjulian		if (buf[0] == '?') {
183013Sjulian			(void)puts("Enter 6 words from secure S/Key calculation.");
178888Sjulian			continue;
178888Sjulian		} else if (buf[0] == '\0')
178888Sjulian			exit(1);
178888Sjulian
128621Sluigi		if (etob(key, buf) == 1 || atob8(key, buf) == 0)
128621Sluigi			break;	/* Valid format */
120727Ssam		(void)fputs("ERROR: Invalid format - try again with the 6 words.\n",
92725Salfred		    stderr);
92725Salfred	}
92725Salfred}
120727Ssam
92725Salfredvoid
92725Salfrednormal_mode(char *username, int n, char *key, char *seed)
174559Skmacy{
178888Sjulian	int i, nn;
178888Sjulian	char passwd[SKEY_MAX_PW_LEN+2], key2[SKEY_BINKEY_SIZE];
178888Sjulian
178888Sjulian	/* Get user's secret passphrase */
178888Sjulian	for (i = 0; ; i++) {
178888Sjulian		if (i > 2)
178888Sjulian			errx(1, "S/Key entry not updated");
178888Sjulian
178888Sjulian		if (readpassphrase("Enter new secret passphrase: ", passwd,
178888Sjulian		    sizeof(passwd), 0) == NULL || passwd[0] == '\0')
178888Sjulian			exit(1);
178888Sjulian
178888Sjulian		if (strlen(passwd) < SKEY_MIN_PW_LEN) {
178888Sjulian			(void)fprintf(stderr,
178888Sjulian			    "ERROR: Your passphrase must be at least %d "
178888Sjulian			    "characters long.\n", SKEY_MIN_PW_LEN);
178888Sjulian			continue;
178888Sjulian		} else if (strcmp(passwd, username) == 0) {
174559Skmacy			(void)fputs("ERROR: Your passphrase may not be the "
174703Skmacy			    "same as your user name.\n", stderr);
174703Skmacy			continue;
174703Skmacy		} else if (strspn(passwd, "abcdefghijklmnopqrstuvwxyz") ==
174703Skmacy		    strlen(passwd)) {
1541Srgrimes			(void)fputs("ERROR: Your passphrase must contain more "
2168Spaul			    "than just lower case letters.\nWhitespace, "
2168Spaul			    "numbers, and punctuation are suggested.\n",
			    stderr);
			continue;
		} else if (strlen(passwd) > 63) {
			(void)fprintf(stderr, "WARNING: Your passphrase is "
			    "longer than the recommended maximum length of 63\n");
		}
		/* XXX - should check for passphrase that is really too long */

		/* Crunch seed and passphrase into starting key */
		nn = keycrunch(key, seed, passwd);
		explicit_bzero(passwd, sizeof(passwd));
		if (nn != 0)
			err(2, "key crunch failed");

		if (readpassphrase("Again secret passphrase: ", passwd,
		    sizeof(passwd), 0) == NULL || passwd[0] == '\0')
			exit(1);

		/* Crunch seed and passphrase into starting key */
		nn = keycrunch(key2, seed, passwd);
		explicit_bzero(passwd, sizeof(passwd));
		if (nn != 0)
			err(2, "key crunch failed");

		if (memcmp(key, key2, sizeof(key2)) == 0)
			break;

		(void)fputs("Passphrases do not match.\n", stderr);
	}

	nn = n;
	while (nn-- != 0)
		f(key);
}

void
enable_db(int op)
{
	if (op == 1) {
		/* enable */
		if (mkdir(_PATH_SKEYDIR, 01730) != 0 && errno != EEXIST)
			err(1, "can't mkdir %s", _PATH_SKEYDIR);
		if (chown(_PATH_SKEYDIR, geteuid(), getegid()) != 0)
			err(1, "can't chown %s", _PATH_SKEYDIR);
		if (chmod(_PATH_SKEYDIR, 01730) != 0)
			err(1, "can't chmod %s", _PATH_SKEYDIR);
	} else {
		/* disable */
		if (chmod(_PATH_SKEYDIR, 0) != 0 && errno != ENOENT)
			err(1, "can't chmod %s", _PATH_SKEYDIR);
	}
}

void
usage(void)
{
	extern char *__progname;

	(void)fprintf(stderr, "usage: %s [-DErsx] [-a auth-type] [-n count]"
	    "\n\t[-md5 | -rmd160 | -sha1] [user]\n", __progname);
	exit(1);
}