1 /* 2 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 3 * unrestricted use provided that this legend is included on all tape 4 * media and as a part of the software program in whole or part. Users 5 * may copy or modify Sun RPC without charge, but are not authorized 6 * to license or distribute it to anyone else except as part of a product or 7 * program developed by the user or with the express written consent of 8 * Sun Microsystems, Inc. 9 * 10 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 11 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 12 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 13 * 14 * Sun RPC is provided with no support and without any obligation on the 15 * part of Sun Microsystems, Inc. to assist in its use, correction, 16 * modification or enhancement. 17 * 18 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 19 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 20 * OR ANY PART THEREOF. 21 * 22 * In no event will Sun Microsystems, Inc. be liable for any lost revenue 23 * or profits or other special, indirect and consequential damages, even if 24 * Sun has been advised of the possibility of such damages. 25 * 26 * Sun Microsystems, Inc. 27 * 2550 Garcia Avenue 28 * Mountain View, California 94043 29 * 30 * @(#)newkey.c 1.8 91/03/11 Copyr 1986 Sun Micro 31 * $FreeBSD: src/usr.bin/newkey/newkey.c,v 1.3 1999/08/28 01:04:34 peter Exp $ 32 * $DragonFly: src/usr.bin/newkey/newkey.c,v 1.3 2003/10/04 20:36:49 hmp Exp $ 33 */ 34 35 /* 36 * Copyright (C) 1986, Sun Microsystems, Inc. 37 */ 38 39 /* 40 * Administrative tool to add a new user to the publickey database 41 */ 42 #include <err.h> 43 #include <stdio.h> 44 #include <rpc/rpc.h> 45 #include <rpc/key_prot.h> 46 #ifdef YP 47 #include <rpcsvc/yp_prot.h> 48 #include <rpcsvc/ypclnt.h> 49 #include <sys/wait.h> 50 #include <netdb.h> 51 #endif /* YP */ 52 #include <pwd.h> 53 #include <string.h> 54 #include <unistd.h> 55 #include <sys/resource.h> 56 57 #ifdef YP 58 #define MAXMAPNAMELEN 256 59 #else 60 #define YPOP_CHANGE 1 /* change, do not add */ 61 #define YPOP_INSERT 2 /* add, do not change */ 62 #define YPOP_DELETE 3 /* delete this entry */ 63 #define YPOP_STORE 4 /* add, or change */ 64 #define ERR_ACCESS 1 65 #define ERR_MALLOC 2 66 #define ERR_READ 3 67 #define ERR_WRITE 4 68 #define ERR_DBASE 5 69 #define ERR_KEY 6 70 #endif 71 72 #ifdef YP 73 static char *basename(); 74 static char SHELL[] = "/bin/sh"; 75 static char YPDBPATH[]="/var/yp"; 76 static char PKMAP[] = "publickey.byname"; 77 static char UPDATEFILE[] = "updaters"; 78 #else 79 static char PKFILE[] = "/etc/publickey"; 80 static char *err_string(); 81 #endif /* YP */ 82 83 static void usage(void); 84 85 int 86 main(int argc, char **argv) 87 { 88 char name[MAXNETNAMELEN + 1]; 89 char public[HEXKEYBYTES + 1]; 90 char secret[HEXKEYBYTES + 1]; 91 char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; 92 char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; 93 int status; 94 char *pass; 95 struct passwd *pw; 96 #ifdef undef 97 struct hostent *h; 98 #endif 99 100 if (argc != 3 || !(strcmp(argv[1], "-u") == 0 || 101 strcmp(argv[1], "-h") == 0)) { 102 usage(); 103 } 104 if (geteuid() != 0) 105 errx(1, "must be superuser"); 106 107 #ifdef YP 108 if (chdir(YPDBPATH) < 0) 109 warn("cannot chdir to %s", YPDBPATH); 110 #endif /* YP */ 111 if (strcmp(argv[1], "-u") == 0) { 112 pw = getpwnam(argv[2]); 113 if (pw == NULL) 114 errx(1, "unknown user: %s", argv[2]); 115 (void)user2netname(name, (int)pw->pw_uid, (char *)NULL); 116 } else { 117 #ifdef undef 118 h = gethostbyname(argv[2]); 119 if (h == NULL) 120 errx(1, "unknown host: %s", argv[1]); 121 (void)host2netname(name, h->h_name, (char *)NULL); 122 #else 123 (void)host2netname(name, argv[2], (char *)NULL); 124 #endif 125 } 126 127 (void)printf("Adding new key for %s.\n", name); 128 pass = getpass("New password:"); 129 genkeys(public, secret, pass); 130 131 memcpy(crypt1, secret, HEXKEYBYTES); 132 memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE); 133 crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0; 134 xencrypt(crypt1, pass); 135 136 memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1); 137 xdecrypt(crypt2, getpass("Retype password:")); 138 if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0 || 139 memcmp(crypt2, secret, HEXKEYBYTES) != 0) 140 errx(1, "password incorrect"); 141 142 #ifdef YP 143 (void)printf("Please wait for the database to get updated...\n"); 144 #endif 145 if ((status = setpublicmap(name, public, crypt1))) { 146 #ifdef YP 147 errx(1, "unable to update NIS database (%u): %s", 148 status, yperr_string(status)); 149 #else 150 errx(1, "unable to update publickey database (%u): %s", 151 status, err_string(status)); 152 #endif 153 } 154 (void)printf("Your new key has been successfully stored away.\n"); 155 exit(0); 156 /* NOTREACHED */ 157 } 158 159 static void 160 usage(void) 161 { 162 (void)fprintf(stderr, "%s\n%s\n", 163 "usage: newkey [-u username]", 164 " newkey [-h hostname]"); 165 exit(1); 166 } 167 168 /* 169 * Set the entry in the public key file 170 */ 171 setpublicmap(char *name, char *public, char *secret) 172 { 173 char pkent[1024]; 174 175 (void)sprintf(pkent, "%s:%s", public, secret); 176 #ifdef YP 177 return (mapupdate(name, PKMAP, YPOP_STORE, 178 strlen(name), name, strlen(pkent), pkent)); 179 #else 180 return (localupdate(name, PKFILE, YPOP_STORE, 181 strlen(name), name, strlen(pkent), pkent)); 182 #endif 183 } 184 185 #ifndef YP 186 /* 187 * This returns a pointer to an error message string appropriate 188 * to an input error code. An input value of zero will return 189 * a success message. 190 */ 191 static char * 192 err_string(int code) 193 { 194 char *pmesg; 195 196 switch (code) { 197 case 0: 198 pmesg = "update operation succeeded"; 199 break; 200 case ERR_KEY: 201 pmesg = "no such key in file"; 202 break; 203 case ERR_READ: 204 pmesg = "cannot read the database"; 205 break; 206 case ERR_WRITE: 207 pmesg = "cannot write to the database"; 208 break; 209 case ERR_DBASE: 210 pmesg = "cannot update database"; 211 break; 212 case ERR_ACCESS: 213 pmesg = "permission denied"; 214 break; 215 case ERR_MALLOC: 216 pmesg = "malloc failed"; 217 break; 218 default: 219 pmesg = "unknown error"; 220 break; 221 } 222 return (pmesg); 223 } 224 #endif 225