Revert to using the S/Key database directly (instead of BSD auth)

so we can get real error messages.  This means the -a option is history
but it wasn't very useful anyway.

3 files changed, 52 insertions, 61 deletions

diff --git a/usr.bin/skeyinfo/Makefile b/usr.bin/skeyinfo/Makefile
index 72c534bb4f4..08721312698 100644
--- a/usr.bin/skeyinfo/Makefile
+++ b/usr.bin/skeyinfo/Makefile
@@ -1,6 +1,8 @@
-#	$OpenBSD: Makefile,v 1.3 2001/06/17 22:44:50 millert Exp $
+#	$OpenBSD: Makefile,v 1.4 2002/05/16 17:26:58 millert Exp $
 
 PROG=	skeyinfo
+DPADD=	${LIBSKEY}
+LDADD=	-lskey
 
 BINOWN=	root
 BINGRP=	auth
diff --git a/usr.bin/skeyinfo/skeyinfo.1 b/usr.bin/skeyinfo/skeyinfo.1
index f0609869829..ee0164e79ba 100644
--- a/usr.bin/skeyinfo/skeyinfo.1
+++ b/usr.bin/skeyinfo/skeyinfo.1
@@ -1,6 +1,6 @@
-.\" $OpenBSD: skeyinfo.1,v 1.5 2001/06/19 01:49:45 millert Exp $
+.\" $OpenBSD: skeyinfo.1,v 1.6 2002/05/16 17:26:58 millert Exp $
 .\"
-.Dd 17 June 2001
+.Dd May 16, 2002
 .Dt SKEYINFO 1
 .Os
 .Sh NAME
@@ -8,7 +8,6 @@
 .Nd obtain the next S/Key challenge for a user
 .Sh SYNOPSIS
 .Nm skeyinfo
-.Op Fl a Ar auth-type
 .Op Fl v
 .Op Ar user
 .Sh DESCRIPTION
@@ -17,14 +16,7 @@ prints out the next S/Key challenge for the specified user or for the
 current user if no user is specified.
 .Pp
 The options are as follows:
-.Bl -tag -width auth-typeXXXX
-.It Fl a Ar auth-type
-Specify an authentication type instead of the default
-.Dq skey .
-This can be used to get a challenge for a challenge/response authentication
-mechanism other than S/Key, or if a remote S/Key server is in use.
-Note that this will cause an error if the selected type
-does not support challenge/response style authentication.
+.Bl -tag -width Ds
 .It Fl v
 Print the hash algorithm as well.
 .El
@@ -33,9 +25,26 @@ Print the hash algorithm as well.
 .Pp
 This would print out a list of S/Key passwords for use over
 an untrusted network (perhaps for use at a conference).
+.Sh ERRORS
+.Bl -tag -width Ds
+.It cannot open /etc/skey/user
+The user does not have an entry in
+.Pa /etc/skey
+or access to the S/Key database has been disabled.
+The database can be enabled with the
+.Xr skeyinit 1
+program.
+.It user is not listed in /etc/skey
+The S/Key database is enabled but the user does not have an entry in it.
+The
+.Xr skeyinit 1
+program can be used to create an entry for the user.
+.El
+.Sh FILES
+.Bl -tag -width /etc/skey
+.It Pa /etc/skey
+directory containing user entries for S/Key
+.El
 .Sh SEE ALSO
 .Xr skey 1 ,
 .Xr skeyinit 1
-.Sh CAVEATS
-If the user does not have an entry in the S/Key database a fake
-challenge will be printed.
diff --git a/usr.bin/skeyinfo/skeyinfo.c b/usr.bin/skeyinfo/skeyinfo.c
index fb0fc91009b..13d4cf13744 100644
--- a/usr.bin/skeyinfo/skeyinfo.c
+++ b/usr.bin/skeyinfo/skeyinfo.c
@@ -1,7 +1,7 @@
-/*	$OpenBSD: skeyinfo.c,v 1.9 2001/06/19 01:49:45 millert Exp $	*/
+/*	$OpenBSD: skeyinfo.c,v 1.10 2002/05/16 17:26:58 millert Exp $	*/
 
 /*
- * Copyright (c) 1997, 2001 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1997, 2001, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28,13 +28,14 @@
  */
 
 #include <err.h>
+#include <limits.h>
+#include <paths.h>
 #include <pwd.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <skey.h>
-#include <login_cap.h>
-#include <bsd_auth.h>
 
 extern char *__progname;
 
@@ -44,18 +45,12 @@ int
 main(int argc, char **argv)
 {
 	struct passwd *pw;
-	char *style, *challenge, *cp, *name;
-	int ch, verbose = 0;
-	login_cap_t *lc;
-	auth_session_t *as;
+	struct skey key;
+	char *name = NULL;
+	int error, ch, verbose = 0;
 
-	name = NULL;
-	style = "skey";
-	while ((ch = getopt(argc, argv, "a:v")) != -1)
+	while ((ch = getopt(argc, argv, "v")) != -1)
 		switch(ch) {
-		case 'a':
-			style = optarg;
-			break;
 		case 'v':
 			verbose = 1;
 			break;
@@ -84,43 +79,28 @@ main(int argc, char **argv)
 	if ((name = strdup(pw->pw_name)) == NULL)
 		err(1, "cannot allocate memory");
 
-	if ((lc = login_getclass(pw->pw_class)) == NULL)
-		errx(1, "unable to classify user %s", name);
-
-	if ((cp = login_getstyle(lc, style, NULL)) == NULL)
-		errx(1, "unknown authentication method %s", style);
-
-	as = auth_userchallenge(name, cp, NULL, &challenge);
-	if (as == NULL || challenge == NULL) {
-		if (as)
-			auth_close(as);
-		errx(1, "unable to retrieve challenge for %s", name);
+	error = skeylookup(&key, name);
+	switch (error) {
+		case 0:		/* Success! */
+			if (verbose)
+				(void)printf("otp-%s ", skey_get_algorithm());
+			(void)printf("%d %s\n", key.n - 1, key.seed);
+			break;
+		case -1:	/* File error */
+			err(1, "cannot open %s/%s", _PATH_SKEYDIR, name);
+			break;
+		case 1:		/* Unknown user */
+			errx(1, "%s is not listed in %s", name, _PATH_SKEYDIR);
+			break;
 	}
+	(void)fclose(key.keyfile);
 
-	/*
-	 * We only want the first line of the challenge so stop after a newline.
-	 * If the user wants the full challenge including the hash type
-	 * or if the challenge didn't start with 'otp-', print it verbatim.
-	 * Otherwise, strip off the first word.
-	 */
-	if ((cp = strchr(challenge, '\n')))
-		*cp = '\0';
-	cp = strchr(challenge, ' ');
-	if (verbose || *challenge != 'o' || !cp)
-		cp = challenge;
-	else
-		cp++;
-	puts(cp);
-
-	auth_close(as);
-	exit(0);
+	exit(error ? 1 : 0);
 }
 
 void
-usage(void)
+usage()
 {
-
-	(void)fprintf(stderr, "Usage: %s [-a auth-type] [-v] [user]\n",
-	    __progname);
+	(void)fprintf(stderr, "usage: %s [-v] [user]\n", __progname);
 	exit(1);
 }