/* Login code for S/KEY Authentication. S/KEY is a trademark * of Bellcore. * * Mink is the former name of the S/KEY authentication system. * Many reference for mink may still be found in this program. */ #include #include #include #include #include #include "skey.h" #define KEYFILE "/etc/skeykeys" char *skipspace(); int skeylookup __ARGS((struct skey *mp,char *name)); /* Issue a skey challenge for user 'name'. If successful, * fill in the caller's skey structure and return 0. If unsuccessful * (e.g., if name is unknown) return -1. * * The file read/write pointer is left at the start of the * record. */ int skeychallenge(mp,name) struct skey *mp; char *name; { int rval; rval = skeylookup(mp,name); switch(rval){ case -1: /* File error */ return -1; case 0: /* Lookup succeeded, issue challenge */ printf("s/key %d %s\n",mp->n - 1,mp->seed); return 0; case 1: /* User not found */ fclose(mp->keyfile); return -1; } return -1; /* Can't happen */ } /* Find an entry in the One-time Password database. * Return codes: * -1: error in opening database * 0: entry found, file R/W pointer positioned at beginning of record * 1: entry not found, file R/W pointer positioned at EOF */ int skeylookup(mp,name) struct skey *mp; char *name; { int found; int len; long recstart; char *cp; struct stat statbuf; /* See if the KEYFILE exists, and create it if not */ if(stat(KEYFILE,&statbuf) == -1 && errno == ENOENT){ mp->keyfile = fopen(KEYFILE,"w+"); } else { /* Otherwise open normally for update */ mp->keyfile = fopen(KEYFILE,"r+"); } if(mp->keyfile == NULL) return -1; /* Look up user name in database */ len = strlen(name); if( len > 8 ) len = 8; /* Added 8/2/91 - nmh */ found = 0; while(!feof(mp->keyfile)){ recstart = ftell(mp->keyfile); if(fgets(mp->buf,sizeof(mp->buf),mp->keyfile) != mp->buf){ break; } rip(mp->buf); if(mp->buf[0] == '#') continue; /* Comment */ if((mp->logname = strtok(mp->buf," \t")) == NULL) continue; if((cp = strtok(NULL," \t")) == NULL) continue; mp->n = atoi(cp); if((mp->seed = strtok(NULL," \t")) == NULL) continue; if((mp->val = strtok(NULL," \t")) == NULL) continue; if(strlen(mp->logname) == len && strncmp(mp->logname,name,len) == 0){ found = 1; break; } } if(found){ fseek(mp->keyfile,recstart,0); return 0; } else return 1; } /* Verify response to a s/key challenge. * * Return codes: * -1: Error of some sort; database unchanged * 0: Verify successful, database updated * 1: Verify failed, database unchanged * * The database file is always closed by this call. */ int skeyverify(mp,response) struct skey *mp; char *response; { char key[8]; char fkey[8]; char filekey[8]; if(response == NULL){ fclose(mp->keyfile); return -1; } rip(response); /* Convert response to binary */ if(etob(key,response) != 1 && atob8(key,response) != 0){ /* Neither english words or ascii hex */ fclose(mp->keyfile); return -1; } /* Compute fkey = f(key) */ memcpy(fkey,key,sizeof(key)); f(fkey); /* And convert file value to hex for comparison */ atob8(filekey,mp->val); /* Do actual comparison */ if(memcmp(filekey,fkey,8) != 0){ /* Wrong response */ fclose(mp->keyfile); return 1; } /* Update key in database by overwriting entire record. Note * that we must write exactly the same number of bytes as in * the original record (note fixed width field for N) */ btoa8(mp->val,key); mp->n--; fprintf(mp->keyfile,"%s %04d %-16s %s",mp->logname,mp->n,mp->seed, mp->val); fclose(mp->keyfile); return 0; } /* Convert 8-byte hex-ascii string to binary array * Returns 0 on success, -1 on error */ atob8(out,in) register char *out,*in; { register int i; register int val; if(in == NULL || out == NULL) return -1; for(i=0;i<8;i++){ if((in = skipspace(in)) == NULL) return -1; if((val = htoi(*in++)) == -1) return -1; *out = val << 4; if((in = skipspace(in)) == NULL) return -1; if((val = htoi(*in++)) == -1) return -1; *out++ |= val; } return 0; } char * skipspace(cp) register char *cp; { while(*cp == ' ' || *cp == '\t') cp++; if(*cp == '\0') return NULL; else return cp; } /* Convert 8-byte binary array to hex-ascii string */ int btoa8(out,in) register char *out,*in; { register int i; if(in == NULL || out == NULL) return -1; for(i=0;i<8;i++){ sprintf(out,"%02x",*in++ & 0xff); out += 2; } return 0; } /* Convert hex digit to binary integer */ int htoi(c) register char c; { if('0' <= c && c <= '9') return c - '0'; if('a' <= c && c <= 'f') return 10 + c - 'a'; if('A' <= c && c <= 'F') return 10 + c - 'A'; return -1; }