![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to secret.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Research Unix] / researchv10no / ipc / mgrs / authmgr|
Return to secret.c CVS log | Up to [Research Unix] / researchv10no / ipc / mgrs / authmgr |
1.1 root 1: #include <stdio.h>
2: #include <string.h>
3: #include <ctype.h>
4: #include <sys/types.h>
5: #include <time.h>
6: #include "auth.h"
7:
8: #define FIELDSIZE 100 /* maximum field size in the keys file */
9: #define LARGECH 99999 /* largest challenge */
10:
11: typedef struct keydesc keydesc;
12:
13: struct keydesc {
14: char name[FIELDSIZE];
15: char type[FIELDSIZE];
16: char key[FIELDSIZE];
17: long expires;
18: struct keydesc *next;
19: };
20:
21: struct keydesc *firstkey;
22: struct keydesc *kp;
23: enum keytypes kt;
24:
25: unsigned long challenge = 0;
26: time_t now; /* current time, for expiration purposes */
27:
28: extern char *keyfile;
29:
30:
31: /*
32: * Get challenge string for `login'. `type' is the login type, "" for the
33: * first one found.
34: */
35: char *
36: getchallenge(login, type, echo)
37: char *login;
38: char *type;
39: int *echo;
40: {
41: static char buf[BUFSIZ];
42: static int inited=0;
43:
44: for (kp=firstkey; kp; kp = kp->next)
45: if (strcmp(kp->name, login) == NULL)
46: if (type == NULL || strcmp(type, "") == NULL ||
47: strcmp(type, kp->type) == NULL)
48: break;
49:
50: if (kp == (keydesc *)0 || (strcmp(kp->type, "passwd") != NULL)) {
51: /*
52: * atalla entry or illegal user. Generate a challenge.
53: */
54: if(!inited)
55: srand((int)time((long*)0));
56: challenge = lrand()%LARGECH;
57: sprintf(buf, "Enter response code for %lu: ", challenge);
58: if (kp == (keydesc *)0)
59: kt = NONE;
60: else
61: kt = ATALLA;
62: *echo = TRUE;
63: } else {
64: kt = PASS;
65: strcpy(buf, "Password: ");
66: *echo = FALSE;
67: }
68: return buf;
69: }
70:
71: /*
72: * He gave `response'. Return TRUE iff it is the correct
73: * response.
74: */
75: int
76: responseok(response)
77: char response[];
78: {
79: char b[64];
80: int k[8];
81: char buf[12];
82: int i,j;
83: unsigned long bresponse = 0;
84: char cresponse[10];
85:
86: /*
87: * check expiration date.
88: */
89: if (kt != NONE && kp->expires < now) {
90: fprintf(stderr, "Account `%s' is expired (%d)\n",
91: kp->name, kp->expires);
92: kt = NONE;
93: kp = (keydesc *)0;
94: }
95:
96: switch(kt) {
97: case NONE: /* take some time, then say no. */
98: setkey(b);
99: encrypt(b, 0);
100: return FALSE;
101: case PASS: /* the classic password hash */
102: return (strcmp(crypt(response, kp->key), kp->key) == NULL);
103: case ATALLA:
104: /*
105: * set the key
106: */
107: sscanf(kp->key, "%o %o %o %o %o %o %o %o",
108: &k[0], &k[1], &k[2], &k[3], &k[4], &k[5], &k[6], &k[7]);
109: for(i=0; i<8; i++)
110: for(j=0; j<8; j++)
111: b[8*i+j] = (k[i]>>(7-j))&1;
112: setkey(b);
113:
114: /*
115: * compute the proper response. We encrypt the ascii of
116: * challenge number, with trailing binary zero fill.
117: * This process was derived empirically.
118: */
119: for(i=0; i<8; buf[i++] = 0)
120: ;
121: sprintf(buf, "%lu", challenge);
122: for(i=0; i<8; i++)
123: for(j=0; j<8; j++)
124: b[8*i+j] = (buf[i]>>(7-j))&1;
125: encrypt(b, 0);
126: for(i=0; i<32; i++) {
127: bresponse = (bresponse<<1) | b[i];
128: }
129:
130: /*
131: * check for hex match
132: */
133: sprintf(cresponse, "%08x", bresponse);
134: for (i=0; response[i]; i++)
135: if (isupper(response[i]))
136: response[i] = tolower(response[i]);
137: if (strcmp(response, cresponse) == 0)
138: return TRUE; /* Hex matches */
139:
140: /*
141: * check for decimal match
142: */
143: for (i=0; cresponse[i]; i++)
144: if (cresponse[i] == 'a' || cresponse[i] == 'b' ||
145: cresponse[i] == 'c')
146: cresponse[i] = '2';
147: else if (cresponse[i] == 'd' || cresponse[i] == 'e' ||
148: cresponse[i] == 'f')
149: cresponse[i] = '3';
150: return (strcmp(response, cresponse) == NULL); /* Decimal matches */
151: }
152: }
153:
154:
155: /*
156: * Read in the keys. This won't happen in a secret-server version.
157: *
158: * key file has the following colon-separated fields:
159: *
160: * id user's id
161: * type entry type (`atalla' is only legal entry at the moment)
162: * key the key's value:
163: * for atalla: 8 blank-separated octal bytes
164: * expire expiration date of this entry [optional]
165: * comment [optional]
166: */
167: readkeyfile()
168: {
169: FILE *kf;
170: int linenumber = 0;
171: char line[BUFSIZE];
172: #define NFLDS 10
173: char *field[NFLDS];
174: keydesc *lastkey = firstkey = (keydesc *)0;
175: time_t t = time((long*)0);
176: struct tm *tm = localtime(&t);
177:
178: now = tm->tm_mday + 100*(tm->tm_mon+1) + 10000*(tm->tm_year+1900);
179:
180: if ((kf = fopen(keyfile, "r")) == NULL) {
181: printf("Could not open key file: get help!\n");
182: exit(100);
183: }
184: setfields(":");
185: while(fgets(line, sizeof(line), kf) != NULL) {
186: int i;
187: char *cp;
188:
189: linenumber++;
190: for(i=0; line[i] == ' ' || line[i] == '\t'; i++)
191: ;
192: if(line[i] == '#')
193: continue;
194: if((cp = strchr(&line[i], '\n')) != NULL)
195: *cp = '\0';
196:
197: i = getfields(&line[i], field, NFLDS);
198: if(i <= 1) /* blank line */
199: continue;
200: if (i < 3) {
201: fprintf(stderr, "Bad key entry for line %d, ignored\n",
202: linenumber);
203: continue;
204: }
205:
206: if ((kp = (keydesc *)malloc(sizeof(keydesc))) == (keydesc *)0) {
207: printf("Out of memory: get help!\n");
208: fprintf("Out of memory building key table\n");
209: exit(101);
210: }
211: if (firstkey == (keydesc *)0)
212: firstkey = kp;
213: if (lastkey)
214: lastkey->next = kp;
215: strncpy(kp->name, field[0], FIELDSIZE);
216: strncpy(kp->type, field[1], FIELDSIZE);
217: strncpy(kp->key, field[2], FIELDSIZE);
218: if (i >= 4)
219: if(strcmp(field[3], "") != 0) {
220: kp->expires = atol(field[3]);
221: if (kp->expires < 19700101 ||
222: kp->expires > 99991231) {
223: fprintf(stderr, "Bad expiration for line %d, ignored\n",
224: linenumber);
225: continue;
226: }
227: } else
228: kp->expires = 99991231;
229: kp->next = (keydesc *)0;
230: lastkey = kp;
231: }
232:
233: }
234:
235: dumpkeys()
236: {
237: keydesc *kp;
238:
239: for (kp=firstkey; kp; kp = kp->next)
240: printf("%s/%s/%s/%s/\n",
241: kp->name, kp->type, kp->key, kp->expires);
242: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.