xref: /freebsd/usr.bin/newkey/newkey.c (revision 61ba55bcf70f2340f9c943c9571113b3fd8eda69)
1 /*
2  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3  * unrestricted use provided that this legend is included on all tape
4  * media and as a part of the software program in whole or part.  Users
5  * may copy or modify Sun RPC without charge, but are not authorized
6  * to license or distribute it to anyone else except as part of a product or
7  * program developed by the user or with the express written consent of
8  * Sun Microsystems, Inc.
9  *
10  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
11  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
12  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
13  *
14  * Sun RPC is provided with no support and without any obligation on the
15  * part of Sun Microsystems, Inc. to assist in its use, correction,
16  * modification or enhancement.
17  *
18  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
19  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
20  * OR ANY PART THEREOF.
21  *
22  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
23  * or profits or other special, indirect and consequential damages, even if
24  * Sun has been advised of the possibility of such damages.
25  *
26  * Sun Microsystems, Inc.
27  * 2550 Garcia Avenue
28  * Mountain View, California  94043
29  */
30 
31 #if !defined(lint) && defined(SCCSIDS)
32 #if 0
33 static char sccsid[] = "@(#)newkey.c 1.8 91/03/11 Copyr 1986 Sun Micro";
34 #endif
35 #endif
36 
37 /*
38  * Copyright (C) 1986, Sun Microsystems, Inc.
39  */
40 
41 /*
42  * Administrative tool to add a new user to the publickey database
43  */
44 #include <sys/cdefs.h>
45 #include <sys/types.h>
46 #include <sys/time.h>
47 #include <sys/resource.h>
48 
49 #include <rpc/rpc.h>
50 #include <rpc/key_prot.h>
51 
52 #ifdef YP
53 #include <sys/wait.h>
54 #include <rpcsvc/yp_prot.h>
55 #include <rpcsvc/ypclnt.h>
56 #include <netdb.h>
57 #endif	/* YP */
58 
59 #include <err.h>
60 #include <pwd.h>
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <string.h>
64 #include <unistd.h>
65 
66 #include "extern.h"
67 
68 #ifdef YP
69 #define MAXMAPNAMELEN 256
70 #else
71 #define	YPOP_CHANGE 1			/* change, do not add */
72 #define	YPOP_INSERT 2			/* add, do not change */
73 #define	YPOP_DELETE 3			/* delete this entry */
74 #define	YPOP_STORE  4			/* add, or change */
75 #define	ERR_ACCESS	1
76 #define	ERR_MALLOC	2
77 #define	ERR_READ	3
78 #define	ERR_WRITE	4
79 #define	ERR_DBASE	5
80 #define	ERR_KEY		6
81 #endif
82 
83 #ifdef YP
84 static char YPDBPATH[]="/var/yp";
85 static char PKMAP[] = "publickey.byname";
86 #else
87 static char PKFILE[] = "/etc/publickey";
88 static const char *err_string(int);
89 #endif	/* YP */
90 
91 static void usage(void) __dead2;
92 
93 int
94 main(int argc, char *argv[])
95 {
96 	char name[MAXNETNAMELEN + 1];
97 	char public[HEXKEYBYTES + 1];
98 	char secret[HEXKEYBYTES + 1];
99 	char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
100 	char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
101 	int status;
102 	char *pass;
103 	struct passwd *pw;
104 #ifdef undef
105 	struct hostent *h;
106 #endif
107 
108 	if (argc != 3 || !(strcmp(argv[1], "-u") == 0 ||
109 		strcmp(argv[1], "-h") == 0)) {
110 		usage();
111 	}
112 	if (geteuid() != 0)
113 		errx(1, "must be superuser");
114 
115 #ifdef YP
116 	if (chdir(YPDBPATH) < 0)
117 		warn("cannot chdir to %s", YPDBPATH);
118 #endif	/* YP */
119 	if (strcmp(argv[1], "-u") == 0) {
120 		pw = getpwnam(argv[2]);
121 		if (pw == NULL)
122 			errx(1, "unknown user: %s", argv[2]);
123 		(void)user2netname(name, (int)pw->pw_uid, (char *)NULL);
124 	} else {
125 #ifdef undef
126 		h = gethostbyname(argv[2]);
127 		if (h == NULL)
128 			errx(1, "unknown host: %s", argv[1]);
129 		(void)host2netname(name, h->h_name, (char *)NULL);
130 #else
131 		(void)host2netname(name, argv[2], (char *)NULL);
132 #endif
133 	}
134 
135 	(void)printf("Adding new key for %s.\n", name);
136 	pass = getpass("New password:");
137 	genkeys(public, secret, pass);
138 
139 	memcpy(crypt1, secret, HEXKEYBYTES);
140 	memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
141 	crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
142 	xencrypt(crypt1, pass);
143 
144 	memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
145 	xdecrypt(crypt2, getpass("Retype password:"));
146 	if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0 ||
147 		memcmp(crypt2, secret, HEXKEYBYTES) != 0)
148 		errx(1, "password incorrect");
149 
150 #ifdef YP
151 	(void)printf("Please wait for the database to get updated...\n");
152 #endif
153 	if ((status = setpublicmap(name, public, crypt1))) {
154 #ifdef YP
155 		errx(1, "unable to update NIS database (%u): %s",
156 			status, yperr_string(status));
157 #else
158 		errx(1, "unable to update publickey database (%u): %s",
159 			status, err_string(status));
160 #endif
161 	}
162 	(void)printf("Your new key has been successfully stored away.\n");
163 	exit(0);
164 	/* NOTREACHED */
165 }
166 
167 static void
168 usage(void)
169 {
170 	(void)fprintf(stderr, "%s\n%s\n",
171 		"usage: newkey -h hostname",
172 		"       newkey -u username");
173 	exit(1);
174 }
175 
176 /*
177  * Set the entry in the public key file
178  */
179 int
180 setpublicmap(char *name, char *public, char *secret)
181 {
182 	char pkent[1024];
183 
184 	(void)sprintf(pkent, "%s:%s", public, secret);
185 #ifdef YP
186 	return (mapupdate(name, PKMAP, YPOP_STORE,
187 		strlen(name), name, strlen(pkent), pkent));
188 #else
189 	return (localupdate(name, PKFILE, YPOP_STORE,
190 		strlen(name), name, strlen(pkent), pkent));
191 #endif
192 	}
193 
194 #ifndef YP
195 	/*
196 	 * This returns a pointer to an error message string appropriate
197 	 * to an input error code.  An input value of zero will return
198 	 * a success message.
199 	 */
200 static const char *
201 err_string(int code)
202 {
203 	const char *pmesg;
204 
205 	switch (code) {
206 	case 0:
207 		pmesg = "update operation succeeded";
208 		break;
209 	case ERR_KEY:
210 		pmesg = "no such key in file";
211 		break;
212 	case ERR_READ:
213 		pmesg = "cannot read the database";
214 		break;
215 	case ERR_WRITE:
216 		pmesg = "cannot write to the database";
217 		break;
218 	case ERR_DBASE:
219 		pmesg = "cannot update database";
220 		break;
221 	case ERR_ACCESS:
222 		pmesg = "permission denied";
223 		break;
224 	case ERR_MALLOC:
225 		pmesg = "malloc failed";
226 		break;
227 	default:
228 		pmesg = "unknown error";
229 		break;
230 	}
231 	return (pmesg);
232 }
233 #endif
234