Remove the S/Key key-handling apps, which are no longer needed, as

they are replaced by opiepasswd, opieinfo and opiekey.

usr.bin/Makefile

@@ -67,9 +67,6 @@ SUBDIR=	apply \
 	jot \
 	kdump \
 	kenv \
-	key \
-	keyinfo \
-	keyinit \
 	keylogin \
 	keylogout \
 	killall \

usr.bin/key/Makefile

@@ -1,12 +0,0 @@
-#	@(#)Makefile	5.6 (Berkeley) 3/5/91
-# $FreeBSD$
-
-PROG=	key
-SRCS=	skey.c
-
-CFLAGS+= -D_SKEY_INTERNAL
-
-DPADD=	${LIBSKEY} ${LIBCRYPT} ${LIBMD}
-LDADD=	-lskey -lcrypt -lmd
-
-.include <bsd.prog.mk>

usr.bin/key/key.1

@@ -1,50 +0,0 @@
-.\"	from: @(#)key.1	1.0 (Bellcore) 12/2/91
-.\" $FreeBSD$
-.\"
-.Dd December 2, 1991
-.Dt KEY 1
-.Os
-.Sh NAME
-.Nm key
-.Nd stand-alone program for computing responses to S/Key challenges
-.Sh SYNOPSIS
-.Nm
-.Op Fl n Ar count
-.Ar sequence
-.Ar key 
-.Sh DESCRIPTION
-.Nm Key
-takes the optional count of the number of one time access 
-passwords to print
-along with a (maximum) sequence number and key as command line arguments, 
-it prompts for the user's secret password, and produces both word 
-and hex format responses.
-.Pp
-The following option is available:
-.Bl -tag -width Fl
-.It Fl n Ar count
-The number of one time access passwords to print.
-The default is 1.
-.El
-.Sh EXAMPLES
-Usage example:
-.Bd -literal -offset indent -compact
->key -n 5 99 th91334
-Enter password: <your secret password is entered here>
-OMEN US HORN OMIT BACK AHOY
-\&.... 4 more passwords.
->
-.Ed
-.Sh SEE ALSO
-.Xr keyinfo 1 ,
-.Xr keyinit 1 ,
-.Xr skey 1
-.\" .BR keysu(1),
-.Sh AUTHORS
-.An -nosplit
-Command by
-.An Phil Karn ,
-.An Neil M. Haller ,
-.An John S. Walden
-.Sh CONTACT
-.Aq staff@thumper.bellcore.com

usr.bin/key/skey.c

@@ -1,125 +0,0 @@
-/* Stand-alone program for computing responses to S/Key challenges.
- * Takes the iteration count and seed as command line args, prompts
- * for the user's key, and produces both word and hex format responses.
- *
- * Usage example:
- *	>skey 88 ka9q2
- *	Enter password:
- *	OMEN US HORN OMIT BACK AHOY
- *	C848 666B 6435 0A93
- *	>
- */
-
-#ifndef lint
-static const char rcsid[] =
-  "$FreeBSD$";
-#endif /* not lint */
-
-#include <err.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#ifdef	__MSDOS__
-#include <dos.h>
-#else	/* Assume BSD Unix */
-#include <fcntl.h>
-#endif
-
-#include <skey.h>
-
-static void usage __P((void));
-
-int
-main(argc,argv)
-int argc;
-char *argv[];
-{
-	int n,cnt,i;
-	char passwd[256] /* ,passwd2[256] */;
-	char key[8];
-	char *seed;
-	char buf[33];
-	char *slash;
-
-	cnt = 1;
-	while((i = getopt(argc,argv,"n:")) != -1){
-		switch(i){
-		case 'n':
-			cnt = atoi(optarg);
-			break;
-		}
-	}
-	/* could be in the form <number>/<seed> */
-	if(argc <= optind + 1){
-		/*look for / in it */
-		if(argc <= optind)
-			usage();
-
-		slash = strchr(argv[optind], '/');
-		if(slash == NULL)
-			usage();
-		*slash++ = '\0';
-		seed = slash;
-
-		if((n = atoi(argv[optind])) < 0){
-			warnx("%s not positive",argv[optind]);
-			usage();
-		}
-	}
-	else {
-
-		if((n = atoi(argv[optind])) < 0){
-			warnx("%s not positive",argv[optind]);
-			usage();
-		}
-		seed = argv[++optind];
-	}
-	fprintf(stderr,"Reminder - Do not use this program while logged in via telnet or rlogin.\n");
-
-	/* Get user's secret password */
-	for(;;){
-		fprintf(stderr,"Enter secret password: ");
-		readpass(passwd,sizeof(passwd));
-		break;
-	/************
-		fprintf(stderr,"Again secret password: ");
-		readpass(passwd2,sizeof(passwd));
-		if(strcmp(passwd,passwd2) == 0) break;
-		fprintf(stderr, "Sorry no match\n");
-        **************/
-
-	}
-
-	/* Crunch seed and password into starting key */
-	if(keycrunch(key,seed,passwd) != 0)
-		errx(1, "key crunch failed");
-	if(cnt == 1){
-		while(n-- != 0)
-			f(key);
-		printf("%s\n",btoe(buf,key));
-#ifdef	HEXIN
-		printf("%s\n",put8(buf,key));
-#endif
-	} else {
-		for(i=0;i<=n-cnt;i++)
-			f(key);
-		for(;i<=n;i++){
-#ifdef	HEXIN
-			printf("%d: %-29s  %s\n",i,btoe(buf,key),put8(buf,key));
-#else
-			printf("%d: %-29s\n",i,btoe(buf,key));
-#endif
-			f(key);
-		}
-	}
-	return 0;
-}
-
-static void
-usage()
-{
-	fprintf(stderr,"usage: key [-n count] <sequence #>[/] <key>\n");
-	exit(1);
-}

usr.bin/keyinfo/Makefile

@@ -1,10 +0,0 @@
-#	@(#)Makefile	5.5 (Berkeley) 7/1/90
-# $FreeBSD$
-
-PROG=	keyinfo
-CFLAGS+=-Wall
-DPADD=	${LIBSKEY} ${LIBCRYPT} ${LIBMD}
-LDADD=	-lskey -lcrypt -lmd
-BINMODE=4555
-
-.include <bsd.prog.mk>

usr.bin/keyinfo/keyinfo.1

@@ -1,64 +0,0 @@
-.\"	from: @(#)keyinfo.1	1.1 (Bellcore) 7/20/93
-.\" $FreeBSD$
-.\"
-.Dd April 26, 1996
-.Dt KEYINFO 1
-.Os
-.Sh NAME
-.Nm keyinfo
-.Nd display current S/Key sequence number and seed
-.Sh SYNOPSIS
-.Nm
-.Op Ar username
-.Sh DESCRIPTION
-.Nm
-takes an optional user name and displays the user\'s current sequence
-number and seed found in the S/Key database
-.Pa /etc/skeykeys .
-.Pp
-The command can be useful when generating a list of passwords for use
-on a field trip, by combining with the command
-.Xr key 1
-in the form:
-.Bd -literal -offset indent
-key -n  <number of passwords> `keyinfo` | lpr
-.Ed
-.Pp
-The optional
-.Ar username
-argument specifies the S/Key user for whom to display the information.
-The default is to display S/Key information
-on the user who invokes the command.
-Only the superuser can ask for another user's key information.
-.Sh EXAMPLES
-Usage example:
-.Bd -literal -offset indent
-$ keyinfo
-.Ed
-.Pp
-This would produce the following output:
-.Bd -literal -offset indent
-98 ws91340
-.Ed
-.Sh DIAGNOSTICS
-The
-.Nm
-utility
-exits with status 0 if a key for the requested user has been found,
-else with status 1.
-.Sh SEE ALSO
-.Xr key 1 ,
-.Xr keyinit 1
-.Sh AUTHORS
-.An -nosplit
-Original command by
-.An Phil Karn ,
-.An Neil M. Haller
-and
-.An John S. Walden .
-Rewritten in Perl by
-.An J\(:org Wunsch
-so that it could be made setuid, with the S/Key keys file read-protected
-from the users.
-Rewritten in C by
-.An Warner Losh .

usr.bin/keyinfo/keyinfo.c

@@ -1,58 +0,0 @@
-/*-
- * Copyright (c) 2000 Warner Losh.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#include <sys/param.h>
-#include <stdio.h>
-#include <string.h>
-#include <skey.h>
-#include <unistd.h>
-#include <err.h>
-
-int
-main(int argc, char *argv[])
-{
- 	struct skey skey;
- 	char *login;
- 	char *name;
-	int serr;
- 
- 	login = getlogin();
- 	if (login == NULL)
- 		errx(1, "Cannot find login name");
- 	if (getuid() != 0 && argc > 1 && strcmp(login, argv[1]) != 0)
- 		errx(1, "Only superuser may get another user's keys");
- 	name = argc > 1 ? argv[1] : login;
-	serr = skeylookup(&skey, name);
-	if (serr == -1)
-		err(1, "skeylookup os failure");
- 	fclose(skey.keyfile);
-	if (serr != 0)
-		errx(1, "skeylookup: user %s not found", name);
- 	printf("%d %s\n", skey.n - 1, skey.seed);
- 	return (0);
-}

usr.bin/keyinit/Makefile

@@ -1,14 +0,0 @@
-#	@(#)Makefile	5.6 (Berkeley) 3/5/91
-# $FreeBSD$
-
-PROG=	keyinit
-SRCS=	skeyinit.c
-
-CFLAGS+= -D_SKEY_INTERNAL
-
-BINMODE=4555
-
-DPADD=	${LIBSKEY} ${LIBCRYPT} ${LIBMD}
-LDADD=	-lskey -lcrypt -lmd
-
-.include <bsd.prog.mk>

usr.bin/keyinit/keyinit.1

@@ -1,90 +0,0 @@
-.\"	@(#)keyinit.1	1.0 (Bellcore) 7/20/93
-.\" $FreeBSD$
-.\"
-.Dd July 20, 1993
-.Dt KEYINIT 1
-.Os
-.Sh NAME
-.Nm keyinit
-.Nd change password or add user to S/Key authentication system
-.Sh SYNOPSIS
-.Nm
-.Op Fl s
-.Op Ar userID 
-.Sh DESCRIPTION
-.Nm Keyinit
-initializes the system so you can use S/Key one-time passwords to
-login.  The program will ask you to enter a secret pass phrase; enter a
-phrase of several words in response.
-After the S/Key database has been
-updated you can login using either your regular UNIX password or using
-S/Key one-time passwords. 
-.Pp
-When logging in from another machine you can avoid typing a real
-password over the network, by typing your S/Key pass phrase to the
-.Nm key
-command on the local machine:  the program will respond with
-the one-time password that you should use to log into the remote
-machine.  This is most conveniently done with cut-and-paste operations
-using a mouse.  Alternatively, you can pre-compute one-time passwords
-using the
-.Nm key
-command and carry them with you on a piece of paper.
-.Pp
-.Nm Keyinit
-requires you to type your secret password, so it should
-be used only on a secure terminal.
-For example, on the console of a
-workstation.
-If you are using
-.Nm
-while logged in over an
-untrusted network, follow the instructions given below with the
-.Fl s
-option.
-.Sh OPTIONS
-.Bl -tag -width indent
-.It Fl s
-Set secure mode where the user is expected to have used a secure
-machine to generate the first one time password.  Without the
-.Fl s
-the
-system will assume you are direct connected over secure communications
-and prompt you for your secret password.
-The
-.Fl s
-option also allows one to set the seed and count for complete
-control of the parameters.  You can use
-.Nm
-.Fl s
-in combination with
-the 
-.Nm key
-command to set the seed and count if you do not like the defaults.
-To do this run
-.Nm
-in one window and put in your count and seed
-then run
-.Nm key
-in another window to generate the correct 6 English words
-for that count and seed.
-You can then
-"cut" and "paste" them or copy them into the
-.Nm
-window.
-.It Ar userID
-The ID for the user to be changed/added
-.El
-.Sh FILES
-.Pa /etc/skeykeys
-data base of information for S/Key system.
-.Sh SEE ALSO
-.Xr key 1 ,
-.Xr keyinfo 1 ,
-.Xr skey 1 ,
-.Xr su 1
-.Sh AUTHORS
-Command by
-.An Phil Karn ,
-.An Neil M. Haller ,
-.An John S. Walden

usr.bin/keyinit/skeyinit.c

@@ -1,190 +0,0 @@
-/*   change password or add user to S/KEY authentication system.
- *   S/KEY is a tradmark of Bellcore  */
-
-#include <ctype.h>
-#include <err.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-#include <skey.h>
-#include <unistd.h>
-
-#define NAMELEN 2
-
-int
-main(argc,argv)
-int argc;
-char *argv[];
-{
-	struct skey skey;
-	int rval,n,nn,i,defaultsetup;
-	char seed[18],tmp[80],key[8];
-	struct passwd *ppuser,*pp;
-	char defaultseed[17], passwd[256],passwd2[256] ;
-
-
-	time_t now;
-	struct tm *tm;
-	char tbuf[27],buf[60];
-	char lastc, me[80];
-	int l;
-
-	time(&now);
-#if 0	/* Choose a more random seed */
-	tm = localtime(&now);
-	strftime(tbuf, sizeof(tbuf), "%M%j", tm);
-#else
-	sprintf(tbuf, "%05ld", (long) (now % 100000));
-#endif
-	gethostname(defaultseed,NAMELEN);
-	strcpy(&defaultseed[NAMELEN],tbuf);
-
-	pp = ppuser = getpwuid(getuid());
-	strcpy(me,pp->pw_name);
-	defaultsetup = 1;
-	if( argc > 1){
-		if(strcmp("-s", argv[1]) == 0)
-			defaultsetup = 0;
-		else
-			pp = getpwnam(argv[1]);
-		if(argc > 2)
-			pp = getpwnam(argv[2]);
-
-	}
-	if(pp == NULL){
-		printf("User unknown\n");
-		return 1;
-	}
-	if(strcmp( pp->pw_name,me) != 0){
-		if(getuid() != 0){
-			/* Only root can change other's passwds */
-			printf("Permission denied.\n");
-			return(1);
-		}
-	}
-
-
-
-	rval = skeylookup(&skey,pp->pw_name);
-	switch(rval){
-	case -1:
-		perror("error in opening database");
-		return 1;
-	case 0:
-		printf("Updating %s:\n",pp->pw_name);
-		printf("Old key: %s\n",skey.seed);
-		/* lets be nice if they have a skey.seed that ends in 0-8 just add one*/
-		l = strlen(skey.seed);
-		if( l > 0){
-			lastc = skey.seed[l-1];
-			if( isdigit(lastc) && lastc != '9' ){
-				strcpy(defaultseed, skey.seed);
-				defaultseed[l-1] = lastc + 1;
-			}
-			if( isdigit(lastc) && lastc == '9' && l < 16){
-				strcpy(defaultseed, skey.seed);
-				defaultseed[l-1] = '0';
-				defaultseed[l] = '0';
-				defaultseed[l+1] = '\0';
-			}
-		}
-		break;
-	case 1:
-		skey.val = 0;	/* XXX */
-		printf("Adding %s:\n",pp->pw_name);
-		break;
-	}
-    n = 99;
-    if( ! defaultsetup){
-	printf("Reminder you need the 6 english words from the key command.\n");
-	for(i=0;;i++){
-		if(i >= 2) exit(1);
-		printf("Enter sequence count from 1 to 9999: ");
-		fgets(tmp,sizeof(tmp),stdin);
-		n = atoi(tmp);
-		if(n > 0 && n < 10000)
-			break;	/* Valid range */
-		printf("Count must be > 0 and < 10000\n");
-	}
-    }
-    if( !defaultsetup){
-	printf("Enter new key [default %s]: ", defaultseed);
-	fflush(stdout);
-	fgets(seed,sizeof(seed),stdin);
-	rip(seed);
-	if(strlen(seed) > 16){
-		printf("Seed truncated to 16 chars\n");
-		seed[16] = '\0';
-	}
-	if( seed[0] == '\0') strcpy(seed,defaultseed);
-	for(i=0;;i++){
-		if(i >= 2) exit(1);
-		printf("s/key %d %s\ns/key access password: ",n,seed);
-		fgets(tmp,sizeof(tmp),stdin);
-		rip(tmp);
-		if(tmp[0] == '?'){
-			printf("Enter 6 English words from secure S/Key calculation.\n");
-			continue;
-		}
-		if(tmp[0] == '\0'){
-			exit(1);
-		}
-		if(etob(key,tmp) == 1 || atob8(key,tmp) == 0)
-			break;	/* Valid format */
-		printf("Invalid format, try again with 6 English words.\n");
-	}
-    } else {
-	/* Get user's secret password */
-	fprintf(stderr,"Reminder - Only use this method if you are directly connected.\n");
-	fprintf(stderr,"If you are using telnet or rlogin exit with no password and use keyinit -s.\n");
-	for(i=0;;i++){
-		if(i >= 2) exit(1);
-		fprintf(stderr,"Enter secret password: ");
-		readpass(passwd,sizeof(passwd));
-		if(passwd[0] == '\0'){
-			exit(1);
-		}
-		fprintf(stderr,"Again secret password: ");
-		readpass(passwd2,sizeof(passwd));
-		if(passwd2[0] == '\0'){
-			exit(1);
-		}
-		if(strlen(passwd) < 4 && strlen(passwd2) < 4) {
-			fprintf(stderr, "Sorry your password must be longer\n\r");
-			exit(1);
-		}
-		if(strcmp(passwd,passwd2) == 0) break;
-		fprintf(stderr, "Sorry no match\n");
-
-
-	}
-	strcpy(seed,defaultseed);
-
-	/* Crunch seed and password into starting key */
-	if(keycrunch(key,seed,passwd) != 0)
-		errx(1, "key crunch failed");
-	nn = n;
-	while(nn-- != 0)
-		f(key);
-    }
-	time(&now);
-	tm = localtime(&now);
-	strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
-        if (skey.val == NULL)
-                  skey.val = (char *) malloc(16+1);
-
-
-	btoa8(skey.val,key);
-	fprintf(skey.keyfile,"%s %04d %-16s %s %-21s\n",pp->pw_name,n,
-		seed,skey.val, tbuf);
-	fclose(skey.keyfile);
-	printf("\nID %s s/key is %d %s\n",pp->pw_name,n,seed);
-	printf("%s\n",btoe(buf,key));
-#ifdef HEXIN
-	printf("%s\n",put8(buf,key));
-#endif
-	return 0;
-}