xref: /freebsd/usr.bin/chkey/chkey.c (revision 22cf89c938886d14f5796fc49f9f020c23ea8eaf)
1 /*
2  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3  * unrestricted use provided that this legend is included on all tape
4  * media and as a part of the software program in whole or part.  Users
5  * may copy or modify Sun RPC without charge, but are not authorized
6  * to license or distribute it to anyone else except as part of a product or
7  * program developed by the user or with the express written consent of
8  * Sun Microsystems, Inc.
9  *
10  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
11  * WARRANTIES OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
12  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
13  *
14  * Sun RPC is provided with no support and without any obligation on the
15  * part of Sun Microsystems, Inc. to assist in its use, correction,
16  * modification or enhancement.
17  *
18  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
19  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
20  * OR ANY PART THEREOF.
21  *
22  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
23  * or profits or other special, indirect and consequential damages, even if
24  * Sun has been advised of the possibility of such damages.
25  *
26  * Sun Microsystems, Inc.
27  * 2550 Garcia Avenue
28  * Mountain View, California  94043
29  */
30 
31 #if 0
32 #ifndef lint
33 static char sccsid[] = "@(#)chkey.c 1.7 91/03/11 Copyr 1986 Sun Micro";
34 #endif
35 #endif
36 
37 #include <sys/cdefs.h>
38 /*
39  * Copyright (C) 1986, Sun Microsystems, Inc.
40  */
41 
42 /*
43  * Command to change one's public key in the public key database
44  */
45 #include <rpc/rpc.h>
46 #include <rpc/key_prot.h>
47 #ifdef YP
48 #include <rpcsvc/yp_prot.h>
49 #include <rpcsvc/ypclnt.h>
50 #else
51 #define	YPOP_STORE	4
52 #endif
53 #include <sys/fcntl.h>
54 #include <err.h>
55 #include <pwd.h>
56 #include <stdio.h>
57 #include <stdlib.h>
58 #include <string.h>
59 #include <unistd.h>
60 
61 #include "extern.h"
62 
63 #ifdef YPPASSWD
64 struct passwd *ypgetpwuid(uid_t);
65 #endif
66 
67 #ifdef YP
68 static char *domain;
69 static char PKMAP[] = "publickey.byname";
70 #else
71 static char PKFILE[] = "/etc/publickey";
72 #endif	/* YP */
73 static char ROOTKEY[] = "/etc/.rootkey";
74 
75 static void usage(void) __dead2;
76 extern int yp_update(char *, char *, int, char *, size_t, char *, size_t);
77 
78 int
79 main(int argc, char **argv)
80 {
81 	char name[MAXNETNAMELEN+1];
82 	char public[HEXKEYBYTES + 1];
83 	char secret[HEXKEYBYTES + 1];
84 	char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
85 	char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
86 	int status;
87 	char *pass;
88 	struct passwd *pw;
89 	uid_t uid;
90 	int force = 0;
91 	int ch;
92 #ifdef YP
93 	char *master;
94 #endif
95 #ifdef YPPASSWD
96 	char *cryptpw;
97 #endif
98 
99 	while ((ch = getopt(argc, argv, "f")) != -1)
100 		switch(ch) {
101 		case 'f':
102 			force = 1;
103 			break;
104 		default:
105 			usage();
106 		}
107 	argc -= optind;
108 	argv += optind;
109 
110 	if (argc != 0)
111 		usage();
112 
113 #ifdef YP
114 	(void)yp_get_default_domain(&domain);
115 	if (yp_master(domain, PKMAP, &master) != 0)
116 		errx(1, "can't find master of publickey database");
117 #endif
118 	uid = getuid() /*geteuid()*/;
119 	if (uid == 0) {
120 		if (host2netname(name, NULL, NULL) == 0)
121 			errx(1, "cannot convert hostname to netname");
122 	} else {
123 		if (user2netname(name, uid, NULL) == 0)
124 			errx(1, "cannot convert username to netname");
125 	}
126 	(void)printf("Generating new key for %s.\n", name);
127 
128 	if (!force) {
129 		if (uid != 0) {
130 #ifdef YPPASSWD
131 			pw = ypgetpwuid(uid);
132 #else
133 			pw = getpwuid(uid);
134 #endif
135 			if (pw == NULL) {
136 #ifdef YPPASSWD
137 				errx(1,
138 			"no NIS password entry found: can't change key");
139 #else
140 				errx(1,
141 			"no password entry found: can't change key");
142 #endif
143 			}
144 		} else {
145 			pw = getpwuid(0);
146 			if (pw == NULL)
147 			  errx(1, "no password entry found: can't change key");
148 		}
149 	}
150 	pass = getpass("Password:");
151 #ifdef YPPASSWD
152 	if (!force) {
153 		cryptpw = crypt(pass, pw->pw_passwd);
154 		if (cryptpw == NULL || strcmp(cryptpw, pw->pw_passwd) != 0)
155 			errx(1, "invalid password");
156 	}
157 #else
158 	force = 1;	/* Make this mandatory */
159 #endif
160 	genkeys(public, secret, pass);
161 
162 	memcpy(crypt1, secret, HEXKEYBYTES);
163 	memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
164 	crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
165 	xencrypt(crypt1, pass);
166 
167 	if (force) {
168 		memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
169 		xdecrypt(crypt2, getpass("Retype password:"));
170 		if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0
171 			|| memcmp(crypt2, secret, HEXKEYBYTES) != 0)
172 			errx(1, "password incorrect");
173 	}
174 
175 #ifdef YP
176 	(void)printf("Sending key change request to %s...\n", master);
177 #endif
178 	status = setpublicmap(name, public, crypt1);
179 	if (status != 0) {
180 #ifdef YP
181 		errx(1, "unable to update NIS database (%u): %s",
182 				status, yperr_string(status));
183 #else
184 		errx(1, "unable to update publickey database");
185 #endif
186 	}
187 
188 	if (uid == 0) {
189 		/*
190 		 * Root users store their key in /etc/$ROOTKEY so
191 		 * that they can auto reboot without having to be
192 		 * around to type a password. Storing this in a file
193 		 * is rather dubious: it should really be in the EEPROM
194 		 * so it does not go over the net.
195 		 */
196 		int fd;
197 
198 		fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
199 		if (fd < 0) {
200 			warn("%s", ROOTKEY);
201 		} else {
202 			char newline = '\n';
203 
204 			if (write(fd, secret, strlen(secret)) < 0 ||
205 			    write(fd, &newline, sizeof(newline)) < 0)
206 				warn("%s: write", ROOTKEY);
207 		}
208 		close(fd);
209 	}
210 
211 	if (key_setsecret(secret) < 0)
212 		errx(1, "unable to login with new secret key");
213 	(void)printf("Done.\n");
214 	exit(0);
215 	/* NOTREACHED */
216 }
217 
218 static void
219 usage(void)
220 {
221 	(void)fprintf(stderr, "usage: chkey [-f]\n");
222 	exit(1);
223 	/* NOTREACHED */
224 }
225 
226 
227 /*
228  * Set the entry in the public key file
229  */
230 int
231 setpublicmap(char *name, char *public, char *secret)
232 {
233 	char pkent[1024];
234 
235 	(void)sprintf(pkent,"%s:%s", public, secret);
236 #ifdef YP
237 	return (yp_update(domain, PKMAP, YPOP_STORE,
238 		name, strlen(name), pkent, strlen(pkent)));
239 #else
240 	return (localupdate(name, PKFILE, YPOP_STORE,
241 		strlen(name), name, strlen(pkent), pkent));
242 #endif
243 }
244 
245 #ifdef YPPASSWD
246 struct passwd *
247 ypgetpwuid(uid_t uid)
248 {
249 	char uidstr[10];
250 	char *val;
251 	int vallen;
252 	static struct passwd pw;
253 	char *p;
254 
255 	(void)sprintf(uidstr, "%d", uid);
256 	if (yp_match(domain, "passwd.byuid", uidstr, strlen(uidstr),
257 			&val, &vallen) != 0) {
258 		return (NULL);
259 	}
260 	p = strchr(val, ':');
261 	if (p == NULL) {
262 		return (NULL);
263 	}
264 	pw.pw_passwd = p + 1;
265 	p = strchr(pw.pw_passwd, ':');
266 	if (p == NULL) {
267 		return (NULL);
268 	}
269 	*p = 0;
270 	return (&pw);
271 }
272 #endif	/* YPPASSWD */
273