1 /* 2 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 3 * unrestricted use provided that this legend is included on all tape 4 * media and as a part of the software program in whole or part. Users 5 * may copy or modify Sun RPC without charge, but are not authorized 6 * to license or distribute it to anyone else except as part of a product or 7 * program developed by the user or with the express written consent of 8 * Sun Microsystems, Inc. 9 * 10 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 11 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 12 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 13 * 14 * Sun RPC is provided with no support and without any obligation on the 15 * part of Sun Microsystems, Inc. to assist in its use, correction, 16 * modification or enhancement. 17 * 18 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 19 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 20 * OR ANY PART THEREOF. 21 * 22 * In no event will Sun Microsystems, Inc. be liable for any lost revenue 23 * or profits or other special, indirect and consequential damages, even if 24 * Sun has been advised of the possibility of such damages. 25 * 26 * Sun Microsystems, Inc. 27 * 2550 Garcia Avenue 28 * Mountain View, California 94043 29 * 30 * @(#)newkey.c 1.8 91/03/11 Copyr 1986 Sun Micro 31 * $FreeBSD: src/usr.bin/newkey/newkey.c,v 1.3 1999/08/28 01:04:34 peter Exp $ 32 * $DragonFly: src/usr.bin/newkey/newkey.c,v 1.4 2005/01/11 00:29:12 joerg Exp $ 33 */ 34 35 /* 36 * Copyright (C) 1986, Sun Microsystems, Inc. 37 */ 38 39 /* 40 * Administrative tool to add a new user to the publickey database 41 */ 42 #include <sys/types.h> 43 #include <sys/time.h> 44 #include <sys/resource.h> 45 #include <err.h> 46 #include <pwd.h> 47 #include <unistd.h> 48 #include <stdio.h> 49 #include <stdlib.h> 50 #include <string.h> 51 52 #include <rpc/rpc.h> 53 #include <rpc/key_prot.h> 54 #ifdef YP 55 #include <rpcsvc/yp_prot.h> 56 #include <rpcsvc/ypclnt.h> 57 #include <sys/wait.h> 58 #include <netdb.h> 59 #endif /* YP */ 60 61 #include "externs.h" 62 63 #ifdef YP 64 #define MAXMAPNAMELEN 256 65 #else 66 #define YPOP_CHANGE 1 /* change, do not add */ 67 #define YPOP_INSERT 2 /* add, do not change */ 68 #define YPOP_DELETE 3 /* delete this entry */ 69 #define YPOP_STORE 4 /* add, or change */ 70 #define ERR_ACCESS 1 71 #define ERR_MALLOC 2 72 #define ERR_READ 3 73 #define ERR_WRITE 4 74 #define ERR_DBASE 5 75 #define ERR_KEY 6 76 #endif 77 78 #ifdef YP 79 static char YPDBPATH[]="/var/yp"; 80 static char PKMAP[] = "publickey.byname"; 81 #else 82 static char PKFILE[] = "/etc/publickey"; 83 static const char *err_string(int); 84 #endif /* YP */ 85 86 static int setpublicmap(char *, char *, char *); 87 static void usage(void); 88 89 int 90 main(int argc, char **argv) 91 { 92 char name[MAXNETNAMELEN + 1]; 93 char public[HEXKEYBYTES + 1]; 94 char secret[HEXKEYBYTES + 1]; 95 char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; 96 char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; 97 int status; 98 char *pass; 99 struct passwd *pw; 100 #ifdef undef 101 struct hostent *h; 102 #endif 103 104 if (argc != 3 || !(strcmp(argv[1], "-u") == 0 || 105 strcmp(argv[1], "-h") == 0)) { 106 usage(); 107 } 108 if (geteuid() != 0) 109 errx(1, "must be superuser"); 110 111 #ifdef YP 112 if (chdir(YPDBPATH) < 0) 113 warn("cannot chdir to %s", YPDBPATH); 114 #endif /* YP */ 115 if (strcmp(argv[1], "-u") == 0) { 116 pw = getpwnam(argv[2]); 117 if (pw == NULL) 118 errx(1, "unknown user: %s", argv[2]); 119 (void)user2netname(name, (int)pw->pw_uid, NULL); 120 } else { 121 #ifdef undef 122 h = gethostbyname(argv[2]); 123 if (h == NULL) 124 errx(1, "unknown host: %s", argv[1]); 125 (void)host2netname(name, h->h_name, NULL); 126 #else 127 (void)host2netname(name, argv[2], NULL); 128 #endif 129 } 130 131 (void)printf("Adding new key for %s.\n", name); 132 pass = getpass("New password:"); 133 genkeys(public, secret, pass); 134 135 memcpy(crypt1, secret, HEXKEYBYTES); 136 memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE); 137 crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0; 138 xencrypt(crypt1, pass); 139 140 memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1); 141 xdecrypt(crypt2, getpass("Retype password:")); 142 if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0 || 143 memcmp(crypt2, secret, HEXKEYBYTES) != 0) 144 errx(1, "password incorrect"); 145 146 #ifdef YP 147 (void)printf("Please wait for the database to get updated...\n"); 148 #endif 149 if ((status = setpublicmap(name, public, crypt1))) { 150 #ifdef YP 151 errx(1, "unable to update NIS database (%u): %s", 152 status, yperr_string(status)); 153 #else 154 errx(1, "unable to update publickey database (%u): %s", 155 status, err_string(status)); 156 #endif 157 } 158 (void)printf("Your new key has been successfully stored away.\n"); 159 exit(0); 160 /* NOTREACHED */ 161 } 162 163 static void 164 usage(void) 165 { 166 (void)fprintf(stderr, "%s\n%s\n", 167 "usage: newkey [-u username]", 168 " newkey [-h hostname]"); 169 exit(1); 170 } 171 172 /* 173 * Set the entry in the public key file 174 */ 175 static int 176 setpublicmap(char *name, char *public, char *secret) 177 { 178 char pkent[1024]; 179 180 (void)sprintf(pkent, "%s:%s", public, secret); 181 #ifdef YP 182 return (mapupdate(name, PKMAP, YPOP_STORE, 183 strlen(name), name, strlen(pkent), pkent)); 184 #else 185 return (localupdate(name, PKFILE, YPOP_STORE, name, pkent)); 186 #endif 187 } 188 189 #ifndef YP 190 /* 191 * This returns a pointer to an error message string appropriate 192 * to an input error code. An input value of zero will return 193 * a success message. 194 */ 195 static const char * 196 err_string(int code) 197 { 198 const char *pmesg; 199 200 switch (code) { 201 case 0: 202 pmesg = "update operation succeeded"; 203 break; 204 case ERR_KEY: 205 pmesg = "no such key in file"; 206 break; 207 case ERR_READ: 208 pmesg = "cannot read the database"; 209 break; 210 case ERR_WRITE: 211 pmesg = "cannot write to the database"; 212 break; 213 case ERR_DBASE: 214 pmesg = "cannot update database"; 215 break; 216 case ERR_ACCESS: 217 pmesg = "permission denied"; 218 break; 219 case ERR_MALLOC: 220 pmesg = "malloc failed"; 221 break; 222 default: 223 pmesg = "unknown error"; 224 break; 225 } 226 return (pmesg); 227 } 228 #endif 229