Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory

where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root.  They must now be setgid auth instead.

1 files changed, 7 insertions, 5 deletions

diff --git a/lib/libskey/skey.h b/lib/libskey/skey.h
index 37d9bd269fe..750dd8095f2 100644
--- a/lib/libskey/skey.h
+++ b/lib/libskey/skey.h
@@ -10,23 +10,22 @@
  *
  * Main client header
  *
- * $OpenBSD: skey.h,v 1.17 2002/02/16 21:27:28 millert Exp $
+ * $OpenBSD: skey.h,v 1.18 2002/05/16 03:50:42 millert Exp $
  */
 
 #ifndef _SKEY_H_
 #define _SKEY_H_ 1
 
-#include <sys/cdefs.h>
+#include <dirent.h>
 
 /* Server-side data structure for reading keys file during login */
 struct skey {
 	FILE *keyfile;
+	DIR  *keydir;
 	char *logname;
 	char *seed;
 	char *val;
-	int n;
-	int len;
-	long recstart;		/* needed so reread of buffer is efficient */
+	unsigned int n;
 	char buf[256];
 };
 
@@ -61,6 +60,9 @@ struct mc {
 /* Location of random file for bogus challenges */
 #define _SKEY_RAND_FILE_PATH_	"/var/db/host.random"
 
+/* Directory for S/Key per-user files */
+#define _PATH_SKEYDIR		"/etc/skey"
+
 __BEGIN_DECLS
 void f(char *);
 int keycrunch(char *, char *, char *);