11 #include "authcmdlib.h"
19 * a -> c challenge prompt
20 * c -> a KC'{challenge}
24 void catchalarm(void*, char*);
33 main(int argc, char *argv[])
38 char ukey[DESKEYLEN], resp[32], buf[NETCHLEN];
47 db = ndbopen("/lib/ndb/auth");
49 syslog(0, AUTHLOG, "no /lib/ndb/auth");
52 syslog(0, AUTHLOG, "no /lib/ndb/local");
56 strcpy(raddr, "unknown");
58 getraddr(argv[argc-1]);
64 * read the host and client and get their keys
66 if(readarg(0, user, sizeof user) < 0)
72 chal = nfastrand(MAXNETCHAL);
73 sprint(buf, "challenge: %lud\nresponse: ", chal);
75 if(write(1, buf, n) != n){
77 syslog(0, AUTHLOG, "g-fail %s@%s: %r sending chal",
79 exits("replying to server");
83 if(readarg(0, resp, sizeof resp) < 0){
85 syslog(0, AUTHLOG, "g-fail %s@%s: %r reading resp",
91 /* remove password login from guard.research.bell-labs.com, sucre, etc. */
92 if(!finddeskey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp))
93 if((err = secureidcheck(user, resp)) != nil){
100 * don't log the entire response, since the first
101 * Pinlen digits may be the user's secure-id pin.
103 if (strlen(resp) < Pinlen)
104 r = strdup("<too short for pin>");
105 else if (strlen(resp) == Pinlen)
106 r = strdup("<pin only>");
108 r = smprint("%.*s%s", Pinlen,
109 "******************", resp + Pinlen);
111 "g-fail %s@%s: %s: resp %s to chal %lud",
112 user, raddr, err, r, chal);
119 syslog(0, AUTHLOG, "g-ok %s@%s", user, raddr);
125 catchalarm(void *x, char *msg)
129 syslog(0, AUTHLOG, "g-timed out %s", raddr);
140 snprint(file, sizeof(file), "%s/remote", dir);
141 fd = open(file, OREAD);
144 n = read(fd, raddr, sizeof(raddr)-1);
149 cp = strchr(raddr, '\n');
152 cp = strchr(raddr, '!');