xref: /freebsd/usr.bin/newkey/newkey.c (revision b59017c5cad90d0f09a59e68c00457b7faf93e7c)
1 /*
2  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3  * unrestricted use provided that this legend is included on all tape
4  * media and as a part of the software program in whole or part.  Users
5  * may copy or modify Sun RPC without charge, but are not authorized
6  * to license or distribute it to anyone else except as part of a product or
7  * program developed by the user or with the express written consent of
8  * Sun Microsystems, Inc.
9  *
10  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
11  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
12  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
13  *
14  * Sun RPC is provided with no support and without any obligation on the
15  * part of Sun Microsystems, Inc. to assist in its use, correction,
16  * modification or enhancement.
17  *
18  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
19  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
20  * OR ANY PART THEREOF.
21  *
22  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
23  * or profits or other special, indirect and consequential damages, even if
24  * Sun has been advised of the possibility of such damages.
25  *
26  * Sun Microsystems, Inc.
27  * 2550 Garcia Avenue
28  * Mountain View, California  94043
29  */
30 
31 /*
32  * Copyright (C) 1986, Sun Microsystems, Inc.
33  */
34 
35 /*
36  * Administrative tool to add a new user to the publickey database
37  */
38 
39 #include <sys/types.h>
40 #include <sys/time.h>
41 #include <sys/resource.h>
42 
43 #include <rpc/rpc.h>
44 #include <rpc/key_prot.h>
45 
46 #ifdef YP
47 #include <sys/wait.h>
48 #include <rpcsvc/yp_prot.h>
49 #include <rpcsvc/ypclnt.h>
50 #include <netdb.h>
51 #endif	/* YP */
52 
53 #include <err.h>
54 #include <pwd.h>
55 #include <stdio.h>
56 #include <stdlib.h>
57 #include <string.h>
58 #include <unistd.h>
59 
60 #include "extern.h"
61 
62 #ifdef YP
63 #define MAXMAPNAMELEN 256
64 #else
65 #define	YPOP_CHANGE 1			/* change, do not add */
66 #define	YPOP_INSERT 2			/* add, do not change */
67 #define	YPOP_DELETE 3			/* delete this entry */
68 #define	YPOP_STORE  4			/* add, or change */
69 #define	ERR_ACCESS	1
70 #define	ERR_MALLOC	2
71 #define	ERR_READ	3
72 #define	ERR_WRITE	4
73 #define	ERR_DBASE	5
74 #define	ERR_KEY		6
75 #endif
76 
77 #ifdef YP
78 static char YPDBPATH[]="/var/yp";
79 static char PKMAP[] = "publickey.byname";
80 #else
81 static char PKFILE[] = "/etc/publickey";
82 static const char *err_string(int);
83 #endif	/* YP */
84 
85 static void usage(void) __dead2;
86 
87 int
88 main(int argc, char *argv[])
89 {
90 	char name[MAXNETNAMELEN + 1];
91 	char public[HEXKEYBYTES + 1];
92 	char secret[HEXKEYBYTES + 1];
93 	char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
94 	char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
95 	int status;
96 	char *pass;
97 	struct passwd *pw;
98 #ifdef undef
99 	struct hostent *h;
100 #endif
101 
102 	if (argc != 3 || !(strcmp(argv[1], "-u") == 0 ||
103 		strcmp(argv[1], "-h") == 0)) {
104 		usage();
105 	}
106 	if (geteuid() != 0)
107 		errx(1, "must be superuser");
108 
109 #ifdef YP
110 	if (chdir(YPDBPATH) < 0)
111 		warn("cannot chdir to %s", YPDBPATH);
112 #endif	/* YP */
113 	if (strcmp(argv[1], "-u") == 0) {
114 		pw = getpwnam(argv[2]);
115 		if (pw == NULL)
116 			errx(1, "unknown user: %s", argv[2]);
117 		(void)user2netname(name, (int)pw->pw_uid, (char *)NULL);
118 	} else {
119 #ifdef undef
120 		h = gethostbyname(argv[2]);
121 		if (h == NULL)
122 			errx(1, "unknown host: %s", argv[1]);
123 		(void)host2netname(name, h->h_name, (char *)NULL);
124 #else
125 		(void)host2netname(name, argv[2], (char *)NULL);
126 #endif
127 	}
128 
129 	(void)printf("Adding new key for %s.\n", name);
130 	pass = getpass("New password:");
131 	genkeys(public, secret, pass);
132 
133 	memcpy(crypt1, secret, HEXKEYBYTES);
134 	memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
135 	crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
136 	xencrypt(crypt1, pass);
137 
138 	memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
139 	xdecrypt(crypt2, getpass("Retype password:"));
140 	if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0 ||
141 		memcmp(crypt2, secret, HEXKEYBYTES) != 0)
142 		errx(1, "password incorrect");
143 
144 #ifdef YP
145 	(void)printf("Please wait for the database to get updated...\n");
146 #endif
147 	if ((status = setpublicmap(name, public, crypt1))) {
148 #ifdef YP
149 		errx(1, "unable to update NIS database (%u): %s",
150 			status, yperr_string(status));
151 #else
152 		errx(1, "unable to update publickey database (%u): %s",
153 			status, err_string(status));
154 #endif
155 	}
156 	(void)printf("Your new key has been successfully stored away.\n");
157 	exit(0);
158 	/* NOTREACHED */
159 }
160 
161 static void
162 usage(void)
163 {
164 	(void)fprintf(stderr, "%s\n%s\n",
165 		"usage: newkey -h hostname",
166 		"       newkey -u username");
167 	exit(1);
168 }
169 
170 /*
171  * Set the entry in the public key file
172  */
173 int
174 setpublicmap(char *name, char *public, char *secret)
175 {
176 	char pkent[1024];
177 
178 	(void)sprintf(pkent, "%s:%s", public, secret);
179 #ifdef YP
180 	return (mapupdate(name, PKMAP, YPOP_STORE,
181 		strlen(name), name, strlen(pkent), pkent));
182 #else
183 	return (localupdate(name, PKFILE, YPOP_STORE,
184 		strlen(name), name, strlen(pkent), pkent));
185 #endif
186 	}
187 
188 #ifndef YP
189 	/*
190 	 * This returns a pointer to an error message string appropriate
191 	 * to an input error code.  An input value of zero will return
192 	 * a success message.
193 	 */
194 static const char *
195 err_string(int code)
196 {
197 	const char *pmesg;
198 
199 	switch (code) {
200 	case 0:
201 		pmesg = "update operation succeeded";
202 		break;
203 	case ERR_KEY:
204 		pmesg = "no such key in file";
205 		break;
206 	case ERR_READ:
207 		pmesg = "cannot read the database";
208 		break;
209 	case ERR_WRITE:
210 		pmesg = "cannot write to the database";
211 		break;
212 	case ERR_DBASE:
213 		pmesg = "cannot update database";
214 		break;
215 	case ERR_ACCESS:
216 		pmesg = "permission denied";
217 		break;
218 	case ERR_MALLOC:
219 		pmesg = "malloc failed";
220 		break;
221 	default:
222 		pmesg = "unknown error";
223 		break;
224 	}
225 	return (pmesg);
226 }
227 #endif
228