summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Müller <ulm@gentoo.org>2012-01-04 21:16:06 +0000
committerUlrich Müller <ulm@gentoo.org>2013-02-15 11:58:08 +0100
commit2946ef3ecc0b56c19d9e6edec8be94eb3b669137 (patch)
treeeebd19911ecd1a530b5c1a1f1c6be3da2ae2f77d
parentFix buffer overflow in libmrm, bug 340249. (diff)
downloadulm-2946ef3ecc0b56c19d9e6edec8be94eb3b669137.tar.gz
ulm-2946ef3ecc0b56c19d9e6edec8be94eb3b669137.tar.bz2
ulm-2946ef3ecc0b56c19d9e6edec8be94eb3b669137.zip
Patchset for skey-1.1.5skey-1.1.5-patches-1
-rw-r--r--patchsets/skey/1.1.5/01_all_gentoo.patch5358
-rw-r--r--patchsets/skey/1.1.5/02_all_login_name_max.patch18
-rw-r--r--patchsets/skey/1.1.5/03_all_fPIC.patch12
-rw-r--r--patchsets/skey/1.1.5/04_all_bind-now.patch15
-rw-r--r--patchsets/skey/1.1.5/05_all_otp.patch53
-rw-r--r--patchsets/skey/1.1.5/06_all_binary-search.patch36
-rw-r--r--patchsets/skey/1.1.5/07_all_skeyprune-dir.patch13
-rw-r--r--patchsets/skey/1.1.5/08_all_skeyprune-regex.patch13
-rw-r--r--patchsets/skey/1.1.5/09_all_man_default-md5.patch26
-rw-r--r--patchsets/skey/1.1.5/10_all_man_libpath.patch16
-rw-r--r--patchsets/skey/1.1.5/11_all_strncat-warning.patch11
11 files changed, 5571 insertions, 0 deletions
diff --git a/patchsets/skey/1.1.5/01_all_gentoo.patch b/patchsets/skey/1.1.5/01_all_gentoo.patch
new file mode 100644
index 0000000..270fe6b
--- /dev/null
+++ b/patchsets/skey/1.1.5/01_all_gentoo.patch
@@ -0,0 +1,5358 @@
+porting some updates to this skey implementation from the
+NetBSD project, some other updates and fixes, and the addition
+of some new features like shadow password and cracklib support.
+ (05 Nov 2003) -taviso@gentoo.org
+
+--- skey-1.1.5.orig/CHANGES 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/CHANGES 2003-11-06 17:46:45.000000000 +0000
+@@ -1,6 +1,19 @@
+ *** Changes in version 1.1.5
+
+ - Bug fixes for errx/warnx
++(05/11/2003) taviso@gentoo.org
++ - ported some updates from the NetBSD project to Linux.
++ - removed a load of cast to voids.
++ - syntax changes.
++ - killing skeyaudit, using a shell script modified from NetBSD.
++ - cleanups to stop warnings with gcc.
++ - building a library for dynamic linking.
++ - swapping some str{cat,cpy} for strn{cat,cpy}
++ - killing rmd160 support.
++ - removing strlcpy function, not useful.
++ - quick hack for shadow support.
++ - quick hack for cracklib support.
++ - various other stuff.
+
+ *** Changes in version 1.1.4
+
+--- skey-1.1.5.orig/config.h.in 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/config.h.in 2003-11-06 17:46:45.000000000 +0000
+@@ -109,6 +109,9 @@
+ /* Define if you have the strtol function. */
+ #undef HAVE_STRTOL
+
++/* Define if you have the <crack.h> header file. */
++#undef HAVE_CRACK_H
++
+ /* Define if you have the <crypt.h> header file. */
+ #undef HAVE_CRYPT_H
+
+@@ -130,12 +133,12 @@
+ /* Define if you have the <md5global.h> header file. */
+ #undef HAVE_MD5GLOBAL_H
+
+-/* Define if you have the <rmd160.h> header file. */
+-#undef HAVE_RMD160_H
+-
+ /* Define if you have the <sha1.h> header file. */
+ #undef HAVE_SHA1_H
+
++/* Define if you have the <shadow.h> header file. */
++#undef HAVE_SHADOW_H
++
+ /* Define if you have the <sys/cdefs.h> header file. */
+ #undef HAVE_SYS_CDEFS_H
+
+--- skey-1.1.5.orig/configure 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/configure 2003-11-06 17:47:49.000000000 +0000
+@@ -960,47 +960,11 @@
+ echo "$ac_t""no" 1>&6
+ fi
+
+-# Extract the first word of "sendmail", so it can be a program name with args.
+-set dummy sendmail; ac_word=$2
+-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:967: checking for $ac_word" >&5
+-if eval "test \"`echo '$''{'ac_cv_path_SENDMAIL'+set}'`\" = set"; then
+- echo $ac_n "(cached) $ac_c" 1>&6
+-else
+- case "$SENDMAIL" in
+- /*)
+- ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a path.
+- ;;
+- ?:/*)
+- ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a dos path.
+- ;;
+- *)
+- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
+- ac_dummy="$PATH:/usr/sbin:/usr/lib:/usr/bin"
+- for ac_dir in $ac_dummy; do
+- test -z "$ac_dir" && ac_dir=.
+- if test -f $ac_dir/$ac_word; then
+- ac_cv_path_SENDMAIL="$ac_dir/$ac_word"
+- break
+- fi
+- done
+- IFS="$ac_save_ifs"
+- test -z "$ac_cv_path_SENDMAIL" && ac_cv_path_SENDMAIL="/usr/lib/sendmail"
+- ;;
+-esac
+-fi
+-SENDMAIL="$ac_cv_path_SENDMAIL"
+-if test -n "$SENDMAIL"; then
+- echo "$ac_t""$SENDMAIL" 1>&6
+-else
+- echo "$ac_t""no" 1>&6
+-fi
+-
+
+
+
+ echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
+-echo "configure:1004: checking for crypt in -lcrypt" >&5
++echo "configure:968: checking for crypt in -lcrypt" >&5
+ ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -1008,7 +972,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lcrypt $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 1012 "configure"
++#line 976 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -1019,7 +983,7 @@
+ crypt()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -1040,7 +1004,7 @@
+ fi
+
+ echo $ac_n "checking for flock in -lucb""... $ac_c" 1>&6
+-echo "configure:1044: checking for flock in -lucb" >&5
++echo "configure:1008: checking for flock in -lucb" >&5
+ ac_lib_var=`echo ucb'_'flock | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -1048,7 +1012,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lucb $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 1052 "configure"
++#line 1016 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -1059,7 +1023,7 @@
+ flock()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -1079,10 +1043,50 @@
+ echo "$ac_t""no" 1>&6
+ fi
+
++echo $ac_n "checking for FascistCheck in -lcrack""... $ac_c" 1>&6
++echo "configure:1048: checking for FascistCheck in -lcrack" >&5
++ac_lib_var=`echo crack'_'FascistCheck | sed 'y%./+-%__p_%'`
++if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
++ echo $ac_n "(cached) $ac_c" 1>&6
++else
++ ac_save_LIBS="$LIBS"
++LIBS="-lcrack $LIBS"
++cat > conftest.$ac_ext <<EOF
++#line 1056 "configure"
++#include "confdefs.h"
++/* Override any gcc2 internal prototype to avoid an error. */
++/* We use char because int might match the return type of a gcc2
++ builtin and then its argument prototype would still apply. */
++char FascistCheck();
++
++int main() {
++FascistCheck()
++; return 0; }
++EOF
++if { (eval echo configure:1067: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++ rm -rf conftest*
++ eval "ac_cv_lib_$ac_lib_var=yes"
++else
++ echo "configure: failed program was:" >&5
++ cat conftest.$ac_ext >&5
++ rm -rf conftest*
++ eval "ac_cv_lib_$ac_lib_var=no"
++fi
++rm -f conftest*
++LIBS="$ac_save_LIBS"
++
++fi
++if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
++ echo "$ac_t""yes" 1>&6
++ LIBS="$LIBS -lcrack"
++else
++ echo "$ac_t""no" 1>&6
++fi
++
+
+
+ echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
+-echo "configure:1086: checking how to run the C preprocessor" >&5
++echo "configure:1090: checking how to run the C preprocessor" >&5
+ # On Suns, sometimes $CPP names a directory.
+ if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+@@ -1097,13 +1101,13 @@
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp.
+ cat > conftest.$ac_ext <<EOF
+-#line 1101 "configure"
++#line 1105 "configure"
+ #include "confdefs.h"
+ #include <assert.h>
+ Syntax Error
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1107: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ :
+@@ -1114,13 +1118,13 @@
+ rm -rf conftest*
+ CPP="${CC-cc} -E -traditional-cpp"
+ cat > conftest.$ac_ext <<EOF
+-#line 1118 "configure"
++#line 1122 "configure"
+ #include "confdefs.h"
+ #include <assert.h>
+ Syntax Error
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1124: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ :
+@@ -1131,13 +1135,13 @@
+ rm -rf conftest*
+ CPP="${CC-cc} -nologo -E"
+ cat > conftest.$ac_ext <<EOF
+-#line 1135 "configure"
++#line 1139 "configure"
+ #include "confdefs.h"
+ #include <assert.h>
+ Syntax Error
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1141: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ :
+@@ -1162,12 +1166,12 @@
+ echo "$ac_t""$CPP" 1>&6
+
+ echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
+-echo "configure:1166: checking for ANSI C header files" >&5
++echo "configure:1170: checking for ANSI C header files" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1171 "configure"
++#line 1175 "configure"
+ #include "confdefs.h"
+ #include <stdlib.h>
+ #include <stdarg.h>
+@@ -1175,7 +1179,7 @@
+ #include <float.h>
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1179: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1183: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ rm -rf conftest*
+@@ -1192,7 +1196,7 @@
+ if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat > conftest.$ac_ext <<EOF
+-#line 1196 "configure"
++#line 1200 "configure"
+ #include "confdefs.h"
+ #include <string.h>
+ EOF
+@@ -1210,7 +1214,7 @@
+ if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat > conftest.$ac_ext <<EOF
+-#line 1214 "configure"
++#line 1218 "configure"
+ #include "confdefs.h"
+ #include <stdlib.h>
+ EOF
+@@ -1231,7 +1235,7 @@
+ :
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1235 "configure"
++#line 1239 "configure"
+ #include "confdefs.h"
+ #include <ctype.h>
+ #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+@@ -1242,7 +1246,7 @@
+ exit (0); }
+
+ EOF
+-if { (eval echo configure:1246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
++if { (eval echo configure:1250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+ then
+ :
+ else
+@@ -1266,12 +1270,12 @@
+ fi
+
+ echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6
+-echo "configure:1270: checking for sys/wait.h that is POSIX.1 compatible" >&5
++echo "configure:1274: checking for sys/wait.h that is POSIX.1 compatible" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1275 "configure"
++#line 1279 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #include <sys/wait.h>
+@@ -1287,7 +1291,7 @@
+ s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1291: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_header_sys_wait_h=yes
+ else
+@@ -1307,21 +1311,21 @@
+
+ fi
+
+-for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h
++for ac_hdr in fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h
+ do
+ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+ echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+-echo "configure:1315: checking for $ac_hdr" >&5
++echo "configure:1319: checking for $ac_hdr" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1320 "configure"
++#line 1324 "configure"
+ #include "confdefs.h"
+ #include <$ac_hdr>
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1325: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1329: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ rm -rf conftest*
+@@ -1349,12 +1353,12 @@
+
+
+ echo $ac_n "checking for working const""... $ac_c" 1>&6
+-echo "configure:1353: checking for working const" >&5
++echo "configure:1357: checking for working const" >&5
+ if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1358 "configure"
++#line 1362 "configure"
+ #include "confdefs.h"
+
+ int main() {
+@@ -1403,7 +1407,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1407: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1411: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_c_const=yes
+ else
+@@ -1424,14 +1428,14 @@
+ fi
+
+ echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
+-echo "configure:1428: checking whether byte ordering is bigendian" >&5
++echo "configure:1432: checking whether byte ordering is bigendian" >&5
+ if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ ac_cv_c_bigendian=unknown
+ # See if sys/param.h defines the BYTE_ORDER macro.
+ cat > conftest.$ac_ext <<EOF
+-#line 1435 "configure"
++#line 1439 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #include <sys/param.h>
+@@ -1442,11 +1446,11 @@
+ #endif
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1446: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1450: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ # It does; now see whether it defined to BIG_ENDIAN or not.
+ cat > conftest.$ac_ext <<EOF
+-#line 1450 "configure"
++#line 1454 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #include <sys/param.h>
+@@ -1457,7 +1461,7 @@
+ #endif
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1461: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1465: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_c_bigendian=yes
+ else
+@@ -1477,7 +1481,7 @@
+ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1481 "configure"
++#line 1485 "configure"
+ #include "confdefs.h"
+ main () {
+ /* Are we little or big endian? From Harbison&Steele. */
+@@ -1490,7 +1494,7 @@
+ exit (u.c[sizeof (long) - 1] == 1);
+ }
+ EOF
+-if { (eval echo configure:1494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
++if { (eval echo configure:1498: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+ then
+ ac_cv_c_bigendian=no
+ else
+@@ -1514,12 +1518,12 @@
+ fi
+
+ echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
+-echo "configure:1518: checking for uid_t in sys/types.h" >&5
++echo "configure:1522: checking for uid_t in sys/types.h" >&5
+ if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1523 "configure"
++#line 1527 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ EOF
+@@ -1548,12 +1552,12 @@
+ fi
+
+ echo $ac_n "checking for off_t""... $ac_c" 1>&6
+-echo "configure:1552: checking for off_t" >&5
++echo "configure:1556: checking for off_t" >&5
+ if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1557 "configure"
++#line 1561 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #if STDC_HEADERS
+@@ -1581,12 +1585,12 @@
+ fi
+
+ echo $ac_n "checking for size_t""... $ac_c" 1>&6
+-echo "configure:1585: checking for size_t" >&5
++echo "configure:1589: checking for size_t" >&5
+ if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1590 "configure"
++#line 1594 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #if STDC_HEADERS
+@@ -1614,12 +1618,12 @@
+ fi
+
+ echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6
+-echo "configure:1618: checking whether struct tm is in sys/time.h or time.h" >&5
++echo "configure:1622: checking whether struct tm is in sys/time.h or time.h" >&5
+ if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1623 "configure"
++#line 1627 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #include <time.h>
+@@ -1627,7 +1631,7 @@
+ struct tm *tp; tp->tm_sec;
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1631: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1635: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_struct_tm=time.h
+ else
+@@ -1649,7 +1653,7 @@
+
+
+ echo $ac_n "checking size of char""... $ac_c" 1>&6
+-echo "configure:1653: checking size of char" >&5
++echo "configure:1657: checking size of char" >&5
+ if eval "test \"`echo '$''{'ac_cv_sizeof_char'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1657,7 +1661,7 @@
+ ac_cv_sizeof_char=1
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1661 "configure"
++#line 1665 "configure"
+ #include "confdefs.h"
+ #include <stdio.h>
+ main()
+@@ -1668,7 +1672,7 @@
+ exit(0);
+ }
+ EOF
+-if { (eval echo configure:1672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
++if { (eval echo configure:1676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+ then
+ ac_cv_sizeof_char=`cat conftestval`
+ else
+@@ -1688,7 +1692,7 @@
+
+
+ echo $ac_n "checking size of short int""... $ac_c" 1>&6
+-echo "configure:1692: checking size of short int" >&5
++echo "configure:1696: checking size of short int" >&5
+ if eval "test \"`echo '$''{'ac_cv_sizeof_short_int'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1696,7 +1700,7 @@
+ ac_cv_sizeof_short_int=2
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1700 "configure"
++#line 1704 "configure"
+ #include "confdefs.h"
+ #include <stdio.h>
+ main()
+@@ -1707,7 +1711,7 @@
+ exit(0);
+ }
+ EOF
+-if { (eval echo configure:1711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
++if { (eval echo configure:1715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+ then
+ ac_cv_sizeof_short_int=`cat conftestval`
+ else
+@@ -1727,7 +1731,7 @@
+
+
+ echo $ac_n "checking size of int""... $ac_c" 1>&6
+-echo "configure:1731: checking size of int" >&5
++echo "configure:1735: checking size of int" >&5
+ if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1735,7 +1739,7 @@
+ ac_cv_sizeof_int=4
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1739 "configure"
++#line 1743 "configure"
+ #include "confdefs.h"
+ #include <stdio.h>
+ main()
+@@ -1746,7 +1750,7 @@
+ exit(0);
+ }
+ EOF
+-if { (eval echo configure:1750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
++if { (eval echo configure:1754: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+ then
+ ac_cv_sizeof_int=`cat conftestval`
+ else
+@@ -1766,7 +1770,7 @@
+
+
+ echo $ac_n "checking size of long int""... $ac_c" 1>&6
+-echo "configure:1770: checking size of long int" >&5
++echo "configure:1774: checking size of long int" >&5
+ if eval "test \"`echo '$''{'ac_cv_sizeof_long_int'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1774,7 +1778,7 @@
+ ac_cv_sizeof_long_int=4
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1778 "configure"
++#line 1782 "configure"
+ #include "confdefs.h"
+ #include <stdio.h>
+ main()
+@@ -1785,7 +1789,7 @@
+ exit(0);
+ }
+ EOF
+-if { (eval echo configure:1789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
++if { (eval echo configure:1793: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+ then
+ ac_cv_sizeof_long_int=`cat conftestval`
+ else
+@@ -1805,7 +1809,7 @@
+
+
+ echo $ac_n "checking size of long long int""... $ac_c" 1>&6
+-echo "configure:1809: checking size of long long int" >&5
++echo "configure:1813: checking size of long long int" >&5
+ if eval "test \"`echo '$''{'ac_cv_sizeof_long_long_int'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1813,7 +1817,7 @@
+ ac_cv_sizeof_long_long_int=8
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1817 "configure"
++#line 1821 "configure"
+ #include "confdefs.h"
+ #include <stdio.h>
+ main()
+@@ -1824,7 +1828,7 @@
+ exit(0);
+ }
+ EOF
+-if { (eval echo configure:1828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
++if { (eval echo configure:1832: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+ then
+ ac_cv_sizeof_long_long_int=`cat conftestval`
+ else
+@@ -1854,7 +1858,7 @@
+ fi
+ CFLAGS="$CFLAGS -D_HPUX_SOURCE"
+ echo $ac_n "checking for HPUX trusted system password database""... $ac_c" 1>&6
+-echo "configure:1858: checking for HPUX trusted system password database" >&5
++echo "configure:1862: checking for HPUX trusted system password database" >&5
+ if test -f /tcb/files/auth/system/default; then
+ echo "$ac_t""yes" 1>&6
+ cat >> confdefs.h <<\EOF
+@@ -1903,16 +1907,16 @@
+
+
+ echo $ac_n "checking for intXX_t types""... $ac_c" 1>&6
+-echo "configure:1907: checking for intXX_t types" >&5
++echo "configure:1911: checking for intXX_t types" >&5
+ cat > conftest.$ac_ext <<EOF
+-#line 1909 "configure"
++#line 1913 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ int main() {
+ int16_t a; int32_t b; a = 1235; b = 1235;
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1916: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1920: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+
+ cat >> confdefs.h <<\EOF
+@@ -1932,16 +1936,16 @@
+ rm -f conftest*
+
+ echo $ac_n "checking for u_intXX_t types""... $ac_c" 1>&6
+-echo "configure:1936: checking for u_intXX_t types" >&5
++echo "configure:1940: checking for u_intXX_t types" >&5
+ cat > conftest.$ac_ext <<EOF
+-#line 1938 "configure"
++#line 1942 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ int main() {
+ u_int16_t c; u_int32_t d; c = 1235; d = 1235;
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+
+ cat >> confdefs.h <<\EOF
+@@ -1964,9 +1968,9 @@
+ "x$ac_cv_header_sys_bitypes_h" = "xyes"
+ then
+ echo $ac_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h""... $ac_c" 1>&6
+-echo "configure:1968: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
++echo "configure:1972: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
+ cat > conftest.$ac_ext <<EOF
+-#line 1970 "configure"
++#line 1974 "configure"
+ #include "confdefs.h"
+ #include <sys/bitypes.h>
+ int main() {
+@@ -1978,7 +1982,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1982: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1986: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+
+ cat >> confdefs.h <<\EOF
+@@ -2002,16 +2006,16 @@
+ fi
+
+ echo $ac_n "checking for uintXX_t types""... $ac_c" 1>&6
+-echo "configure:2006: checking for uintXX_t types" >&5
++echo "configure:2010: checking for uintXX_t types" >&5
+ cat > conftest.$ac_ext <<EOF
+-#line 2008 "configure"
++#line 2012 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ int main() {
+ uint16_t c; uint32_t d; c = 1235; d = 1235;
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2015: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:2019: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+
+ cat >> confdefs.h <<\EOF
+@@ -2054,7 +2058,7 @@
+
+
+ echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6
+-echo "configure:2058: checking for 8-bit clean memcmp" >&5
++echo "configure:2062: checking for 8-bit clean memcmp" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -2062,7 +2066,7 @@
+ ac_cv_func_memcmp_clean=no
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 2066 "configure"
++#line 2070 "configure"
+ #include "confdefs.h"
+
+ main()
+@@ -2072,7 +2076,7 @@
+ }
+
+ EOF
+-if { (eval echo configure:2076: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
++if { (eval echo configure:2080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+ then
+ ac_cv_func_memcmp_clean=yes
+ else
+@@ -2090,12 +2094,12 @@
+ test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}"
+
+ echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
+-echo "configure:2094: checking return type of signal handlers" >&5
++echo "configure:2098: checking return type of signal handlers" >&5
+ if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 2099 "configure"
++#line 2103 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #include <signal.h>
+@@ -2112,7 +2116,7 @@
+ int i;
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2116: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:2120: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_type_signal=void
+ else
+@@ -2131,12 +2135,12 @@
+
+
+ echo $ac_n "checking for strftime""... $ac_c" 1>&6
+-echo "configure:2135: checking for strftime" >&5
++echo "configure:2139: checking for strftime" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_strftime'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 2140 "configure"
++#line 2144 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strftime(); below. */
+@@ -2159,7 +2163,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:2167: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_func_strftime=yes"
+ else
+@@ -2181,7 +2185,7 @@
+ echo "$ac_t""no" 1>&6
+ # strftime is in -lintl on SCO UNIX.
+ echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6
+-echo "configure:2185: checking for strftime in -lintl" >&5
++echo "configure:2189: checking for strftime in -lintl" >&5
+ ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -2189,7 +2193,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lintl $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 2193 "configure"
++#line 2197 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -2200,7 +2204,7 @@
+ strftime()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:2208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -2227,12 +2231,12 @@
+ fi
+
+ echo $ac_n "checking for vprintf""... $ac_c" 1>&6
+-echo "configure:2231: checking for vprintf" >&5
++echo "configure:2235: checking for vprintf" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 2236 "configure"
++#line 2240 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char vprintf(); below. */
+@@ -2255,7 +2259,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2259: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:2263: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_func_vprintf=yes"
+ else
+@@ -2279,12 +2283,12 @@
+
+ if test "$ac_cv_func_vprintf" != yes; then
+ echo $ac_n "checking for _doprnt""... $ac_c" 1>&6
+-echo "configure:2283: checking for _doprnt" >&5
++echo "configure:2287: checking for _doprnt" >&5
+ if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 2288 "configure"
++#line 2292 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char _doprnt(); below. */
+@@ -2307,7 +2311,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:2315: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_func__doprnt=yes"
+ else
+@@ -2334,12 +2338,12 @@
+ for ac_func in gethostname strcspn strdup strerror strspn strtol flock fcntl lockf strlcpy setusercontext
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:2338: checking for $ac_func" >&5
++echo "configure:2342: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 2343 "configure"
++#line 2347 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+@@ -2362,7 +2366,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2366: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:2370: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+ else
+--- skey-1.1.5.orig/configure.in 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/configure.in 2003-11-06 17:47:14.000000000 +0000
+@@ -9,19 +9,19 @@
+ AC_CHECK_PROG(AR, ar, ar)
+ AC_PATH_PROG(PERL, perl)
+ AC_PATH_PROG(TOUCH, touch)
+-AC_PATH_PROG(SENDMAIL, sendmail, /usr/lib/sendmail, $PATH:/usr/sbin:/usr/lib:/usr/bin)
+ AC_SUBST(PERL)
+ AC_SUBST(SENDMAIL)
+
+ dnl Checks for libraries.
+ AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
+ AC_CHECK_LIB(ucb, flock, LIBS="$LIBS -lucb" LDFLAGS="$LDFLAGS -L/usr/ucblib")
++AC_CHECK_LIB(crack, FascistCheck, LIBS="$LIBS -lcrack")
+
+
+ dnl Checks for header files.
+ AC_HEADER_STDC
+ AC_HEADER_SYS_WAIT
+-AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h rmd160.h md4.h md5.h md5global.h err.h crypt.h)
++AC_CHECK_HEADERS(fcntl.h limits.h sys/file.h sys/time.h sys/cdefs.h syslog.h unistd.h sha1.h md4.h md5.h md5global.h err.h crypt.h shadow.h crack.h)
+
+ dnl Checks for typedefs, structures, and compiler characteristics.
+ AC_C_CONST
+--- skey-1.1.5.orig/login_cap.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/login_cap.c 2003-11-06 17:46:45.000000000 +0000
+@@ -37,6 +37,7 @@
+ #include <errno.h>
+ #include <unistd.h>
+ #include <pwd.h>
++#include <grp.h>
+ #include <syslog.h>
+
+ /*
+--- skey-1.1.5.orig/Makefile.in 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/Makefile.in 2003-11-06 17:47:42.000000000 +0000
+@@ -27,12 +27,11 @@
+ TOUCH=@TOUCH@
+ LDFLAGS=-L. @LDFLAGS@
+
+-TARGETS=skey skeyinit skeyinfo skeyaudit
+-LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o rmd160.o rmd160hl.o sha1.o sha1hl.o flock.o strlcpy.o login_cap.o
++TARGETS=skey skeyinit skeyinfo libskey.a
++LIBOBJS=skeylogin.o skeysubr.o put.o errx.o md4c.o md5c.o sha1.o sha1hl.o flock.o login_cap.o
+ SKEYOBJS=skey.o
+ SKEYINITOBJS=skeyinit.o
+ SKEYINFOOBJS=skeyinfo.o
+-SKEYAUDITOBJS=skeyaudit.o
+
+
+ SCRIPTS=skeyprune.pl
+@@ -41,11 +40,11 @@
+ CATMAN = skey.0 skeyinit.0 skeyinfo.0 skeyaudit.0 skeyprune.0
+ MANPAGES = @MANTYPE@
+
+-PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL} -D/usr/lib/sendmail=${SENDMAIL}
++PATHSUBS = -D/etc/skeykeys=${sysconfdir}/skeykeys -D/usr/bin/perl=${PERL}
+
+ FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
+
+-HDRS= skey.h sha1.h rmd160.h
++HDRS= skey.h sha1.h
+
+ all: ${TARGETS} ${MANPAGES}
+
+@@ -55,24 +54,27 @@
+ ${AR} rv $@ ${LIBOBJS}
+ ${RANLIB} $@
+
+-skey: libskey.a ${SKEYOBJS}
++libskey.so: ${LIBOBJS}
++ ${CC} ${LDFLAGS} -shared -Wl,-soname,libskey.so.1 -o libskey.so.1.1.5 ${LIBOBJS}
++ ln -fs libskey.so.1.1.5 libskey.so
++ ln -fs libskey.so.1.1.5 libskey.so.1
++ ln -fs libskey.so.1.1.5 libskey.so.1.1
++
++skey: libskey.so ${SKEYOBJS}
+ ${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS}
+
+-skeyinit: libskey.a ${SKEYINITOBJS}
++skeyinit: libskey.so ${SKEYINITOBJS}
+ ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS}
+
+-skeyinfo: libskey.a ${SKEYINFOOBJS}
++skeyinfo: libskey.so ${SKEYINFOOBJS}
+ ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS}
+
+-skeyaudit: libskey.a ${SKEYAUDITOBJS}
+- ${CC} -o $@ ${SKEYAUDITOBJS} ${LDFLAGS} -lskey ${LIBS}
+-
+ ${MANPAGES} ${SCRIPTS}::
+ ${FIXPATHSCMD} ${srcdir}/$@
+
+ clean:
+ rm -f *.o *.a ${TARGETS} config.status config.cache config.log
+- rm -f *.out core
++ rm -f *.out core *.so *.so.*
+
+ distclean: clean
+ rm -f Makefile config.h core *~
+@@ -97,6 +99,10 @@
+ $(INSTALL) -d $(DESTDIR)$(includedir)
+ $(INSTALL) -d $(DESTDIR)$(sysconfdir)
+ ${INSTALL_DATA} libskey.a $(DESTDIR)$(libdir)
++ ${INSTALL_DATA} libskey.so.1.1.5 $(DESTDIR)$(libdir)
++ ${INSTALL_DATA} libskey.so.1.1 $(DESTDIR)$(libdir)
++ ${INSTALL_DATA} libskey.so.1 $(DESTDIR)$(libdir)
++ ${INSTALL_DATA} libskey.so $(DESTDIR)$(libdir)
+ ${INSTALL_DATA} ${HDRS} $(DESTDIR)$(includedir)
+ @for target in ${TARGETS}; do \
+ ${INSTALL_PROGRAM} $$target $(DESTDIR)$(bindir); \
+@@ -119,9 +125,9 @@
+ -rm -f $(DESTDIR)$(bindir)/skeyaudit
+ -rm -f $(DESTDIR)$(bindir)/skeyprune
+ -rm -f $(DESTDIR)$(libdir)/libskey.a
++ -rm -f $(DESTDIR)$(libdir)/libskey.so*
+ -rm -f $(DESTDIR)$(includedir)/skey.h
+ -rm -f $(DESTDIR)$(includedir)/sha1.h
+- -rm -f $(DESTDIR)$(includedir)/rmd160.h
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skey.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinfo.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/skeyinit.1
+--- skey-1.1.5.orig/put.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/put.c 2003-11-06 17:46:45.000000000 +0000
+@@ -14,7 +14,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <assert.h>
+-/*#include <ctype.h>*/
++#include <ctype.h>
+ #include "config.h"
+
+ #include "skey.h"
+@@ -22,10 +22,10 @@
+ static unsigned int extract __P ((char *s, int start, int length));
+ static void standard __P ((char *word));
+ static void insert __P ((char *s, int x, int start, int length));
+-static int wsrch __P ((char *w, int low, int high));
++static int wsrch __P ((const char *w, int low, int high));
+
+ /* Dictionary for integer-word translations */
+-static char Wp[2048][4] = {
++char Wp[2048][4] = {
+ "A",
+ "ABE",
+ "ACE",
+@@ -2079,19 +2079,13 @@
+ /* Encode 8 bytes in 'c' as a string of English words.
+ * Returns a pointer to a static buffer
+ */
+-char *
+-btoe(engout, c)
+- char *c;
+- char *engout;
++char *btoe(char *engout, const char *c)
+ {
+- char cp[10]; /* add in room for the parity 2 bits + extract() slop */
++ char cp[9]; /* add in room for the parity 2 bits */
+ int p, i;
+
+ engout[0] = '\0';
+-
+- /* workaround for extract() reads beyond end of data */
+- (void)memset(cp, 0, sizeof(cp));
+- (void)memcpy(cp, c, 8);
++ memcpy(cp, c, 8);
+
+ /* compute parity */
+ for (p = 0, i = 0; i < 64; i += 2)
+@@ -2099,20 +2093,20 @@
+
+ cp[8] = (char)p << 6;
+
+- (void)strncat(engout, &Wp[extract (cp, 0, 11)][0], 4);
+- (void)strcat(engout, " ");
+- (void)strncat(engout, &Wp[extract (cp, 11, 11)][0], 4);
+- (void)strcat(engout, " ");
+- (void)strncat(engout, &Wp[extract (cp, 22, 11)][0], 4);
+- (void)strcat(engout, " ");
+- (void)strncat(engout, &Wp[extract (cp, 33, 11)][0], 4);
+- (void)strcat(engout, " ");
+- (void)strncat(engout, &Wp[extract (cp, 44, 11)][0], 4);
+- (void)strcat(engout, " ");
+- (void)strncat(engout, &Wp[extract (cp, 55, 11)][0], 4);
++ strncat(engout, &Wp[extract (cp, 0, 11)][0], 4);
++ strcat(engout, " ");
++ strncat(engout, &Wp[extract (cp, 11, 11)][0], 4);
++ strcat(engout, " ");
++ strncat(engout, &Wp[extract (cp, 22, 11)][0], 4);
++ strcat(engout, " ");
++ strncat(engout, &Wp[extract (cp, 33, 11)][0], 4);
++ strcat(engout, " ");
++ strncat(engout, &Wp[extract (cp, 44, 11)][0], 4);
++ strcat(engout, " ");
++ strncat(engout, &Wp[extract (cp, 55, 11)][0], 4);
+
+ #ifdef notdef
+- (void)fprintf(stderr, "engout is %s\n\r", engout);
++ printf ("engout is %s\n\r", engout);
+ #endif
+ return(engout);
+ }
+@@ -2123,41 +2117,42 @@
+ * -1 badly formed in put ie > 4 char word
+ * -2 words OK but parity is wrong
+ */
+-int
+-etob(out, e)
+- char *out;
+- char *e;
++int etob(char *out, const char *e)
+ {
+ char *word;
+ int i, p, v, l, low, high;
+- char b[SKEY_BINKEY_SIZE+1];
++ char b[9];
+ char input[36];
++ char *last;
+
+ if (e == NULL)
+- return(-1);
++ return -1;
+
+- (void)strncpy(input, e, sizeof(input) - 1);
+- input[sizeof(input) - 1] = '\0';
+- (void)memset(b, 0, sizeof(b));
+- (void)memset(out, 0, SKEY_BINKEY_SIZE);
+- for (i = 0, p = 0; i < 6; i++, p += 11) {
+- if ((word = strtok(i == 0 ? input : NULL, " ")) == NULL)
+- return(-1);
+-
+- l = strlen(word);
+- if (l > 4 || l < 1) {
+- return(-1);
+- } else if (l < 4) {
++ strncpy (input, e, sizeof(input));
++ memset(b, 0, sizeof(b));
++ memset(out, 0, 8);
++ for (i = 0, p = 0; i < 6; i++, p += 11)
++ {
++ if ((word = strtok_r(i == 0 ? input : NULL, " ", &last)) == NULL)
++ return -1;
++
++ l = strlen (word);
++ if (l > 4 || l < 1)
++ return -1;
++ else if (l < 4)
++ {
+ low = 0;
+ high = 570;
+- } else {
++ }
++ else
++ {
+ low = 571;
+ high = 2047;
+ }
+ standard(word);
+
+ if ((v = wsrch(word, low, high)) < 0)
+- return(0);
++ return 0;
+
+ insert(b, v, p, 11);
+ }
+@@ -2167,55 +2162,47 @@
+ p += extract (b, i, 2);
+
+ if ((p & 3) != extract (b, 64, 2))
+- return(-2);
++ return -2;
+
+- (void)memcpy(out, b, SKEY_BINKEY_SIZE);
++ memcpy(out, b, 8);
+
+- return(1);
++ return 1;
+ }
+
+ /* Display 8 bytes as a series of 16-bit hex digits */
+-char *
+-put8(out, s)
+- char *out;
+- char *s;
++char *put8(char *out, const char *s)
+ {
+- (void)sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X",
++ sprintf(out, "%02X%02X %02X%02X %02X%02X %02X%02X",
+ s[0] & 0xff, s[1] & 0xff, s[2] & 0xff,
+ s[3] & 0xff, s[4] & 0xff, s[5] & 0xff,
+ s[6] & 0xff, s[7] & 0xff);
+- return(out);
++ return out;
+ }
+
+ #ifdef notdef
+ /* Encode 8 bytes in 'cp' as stream of ascii letters.
+ * Provided as a possible alternative to btoe()
+ */
+-char *
+-btoc(cp)
+- char *cp;
++char *btoc(char *cp)
+ {
+ int i;
+ static char out[31];
+
+ /* code out put by characters 6 bits each added to 0x21 (!) */
+- for (i = 0; i <= 10; i++) {
++ for (i = 0; i <= 10; i++)
++ {
+ /* last one is only 4 bits not 6 */
+ out[i] = '!' + extract (cp, 6 * i, i >= 10 ? 4 : 6);
+ }
+ out[i] = '\0';
+- return(out);
++ return out;
+ }
+ #endif
+
+ /* Internal subroutines for word encoding/decoding */
+
+ /* Dictionary binary search */
+-static int
+-wsrch(w, low, high)
+- char *w;
+- int low;
+- int high;
++static int wsrch(const char *w, int low, int high)
+ {
+ int i, j;
+
+@@ -2223,18 +2210,18 @@
+ i = (low + high) / 2;
+
+ if ((j = strncmp(w, Wp[i], 4)) == 0)
+- return(i); /* Found it */
+-
+- if (high == low + 1) {
++ return i; /* Found it */
++ if (high == low + 1)
++ {
+ /* Avoid effects of integer truncation in /2 */
+ if (strncmp(w, Wp[high], 4) == 0)
+- return(high);
++ return high;
+ else
+- return(-1);
++ return -1;
+ }
+
+ if (low >= high)
+- return(-1); /* I don't *think* this can happen... */
++ return -1; /* I don't *think* this can happen... */
+ if (j < 0)
+ high = i; /* Search lower half */
+ else
+@@ -2242,12 +2229,7 @@
+ }
+ }
+
+-static void
+-insert(s, x, start, length)
+- char *s;
+- int x;
+- int start;
+- int length;
++static void insert(char *s, int x, int start, int length)
+ {
+ unsigned char cl;
+ unsigned char cc;
+@@ -2261,25 +2243,28 @@
+ assert(start + length <= 66);
+
+ shift = ((8 - ((start + length) % 8)) % 8);
+- y = x << shift;
++ y = (int) x << shift;
+ cl = (y >> 16) & 0xff;
+ cc = (y >> 8) & 0xff;
+ cr = y & 0xff;
+- if (shift + length > 16) {
++ if (shift + length > 16)
++ {
+ s[start / 8] |= cl;
+ s[start / 8 + 1] |= cc;
+ s[start / 8 + 2] |= cr;
+- } else if (shift + length > 8) {
++ }
++ else if (shift + length > 8)
++ {
+ s[start / 8] |= cc;
+ s[start / 8 + 1] |= cr;
+- } else {
++ }
++ else
++ {
+ s[start / 8] |= cr;
+ }
+ }
+
+-static void
+-standard(word)
+- register char *word;
++static void standard(char *word)
+ {
+ while (*word) {
+ if (!isascii(*word))
+@@ -2297,11 +2282,7 @@
+ }
+
+ /* Extract 'length' bits from the char array 's' starting with bit 'start' */
+-static unsigned int
+-extract(s, start, length)
+- char *s;
+- int start;
+- int length;
++static unsigned int extract(char *s, int start, int length)
+ {
+ unsigned char cl;
+ unsigned char cc;
+@@ -2320,5 +2301,5 @@
+ x = x >> (24 - (length + (start % 8)));
+ x = (x & (0xffff >> (16 - length)));
+
+- return(x);
++ return x;
+ }
+--- skey-1.1.5.orig/rmd160.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/rmd160.c 1970-01-01 01:00:00.000000000 +0100
+@@ -1,428 +0,0 @@
+-/********************************************************************\
+- *
+- * FILE: rmd160.c
+- *
+- * CONTENTS: A sample C-implementation of the RIPEMD-160
+- * hash-function.
+- * TARGET: any computer with an ANSI C compiler
+- *
+- * AUTHOR: Antoon Bosselaers, ESAT-COSIC
+- * (Arranged for libc by Todd C. Miller)
+- * DATE: 1 March 1996
+- * VERSION: 1.0
+- *
+- * Copyright (c) Katholieke Universiteit Leuven
+- * 1996, All Rights Reserved
+- *
+-\********************************************************************/
+-#ifndef HAVE_RMD160_H
+-
+-/* header files */
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <string.h>
+-#include <sys/types.h>
+-#include "config.h"
+-#include "rmd160.h"
+-
+-/********************************************************************/
+-
+-/* macro definitions */
+-
+-/* collect four bytes into one word: */
+-#define BYTES_TO_DWORD(strptr) \
+- (((u_int32_t) *((strptr)+3) << 24) | \
+- ((u_int32_t) *((strptr)+2) << 16) | \
+- ((u_int32_t) *((strptr)+1) << 8) | \
+- ((u_int32_t) *(strptr)))
+-
+-/* ROL(x, n) cyclically rotates x over n bits to the left */
+-/* x must be of an unsigned 32 bits type and 0 <= n < 32. */
+-#define ROL(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+-
+-/* the three basic functions F(), G() and H() */
+-#define F(x, y, z) ((x) ^ (y) ^ (z))
+-#define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
+-#define H(x, y, z) (((x) | ~(y)) ^ (z))
+-#define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
+-#define J(x, y, z) ((x) ^ ((y) | ~(z)))
+-
+-/* the eight basic operations FF() through III() */
+-#define FF(a, b, c, d, e, x, s) { \
+- (a) += F((b), (c), (d)) + (x); \
+- (a) = ROL((a), (s)) + (e); \
+- (c) = ROL((c), 10); \
+-}
+-#define GG(a, b, c, d, e, x, s) { \
+- (a) += G((b), (c), (d)) + (x) + 0x5a827999U; \
+- (a) = ROL((a), (s)) + (e); \
+- (c) = ROL((c), 10); \
+-}
+-#define HH(a, b, c, d, e, x, s) { \
+- (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1U; \
+- (a) = ROL((a), (s)) + (e); \
+- (c) = ROL((c), 10); \
+-}
+-#define II(a, b, c, d, e, x, s) { \
+- (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcU; \
+- (a) = ROL((a), (s)) + (e); \
+- (c) = ROL((c), 10); \
+-}
+-#define JJ(a, b, c, d, e, x, s) { \
+- (a) += J((b), (c), (d)) + (x) + 0xa953fd4eU; \
+- (a) = ROL((a), (s)) + (e); \
+- (c) = ROL((c), 10); \
+-}
+-#define FFF(a, b, c, d, e, x, s) { \
+- (a) += F((b), (c), (d)) + (x); \
+- (a) = ROL((a), (s)) + (e); \
+- (c) = ROL((c), 10); \
+-}
+-#define GGG(a, b, c, d, e, x, s) { \
+- (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9U; \
+- (a) = ROL((a), (s)) + (e); \
+- (c) = ROL((c), 10); \
+-}
+-#define HHH(a, b, c, d, e, x, s) { \
+- (a) += H((b), (c), (d)) + (x) + 0x6d703ef3U; \
+- (a) = ROL((a), (s)) + (e); \
+- (c) = ROL((c), 10); \
+-}
+-#define III(a, b, c, d, e, x, s) { \
+- (a) += I((b), (c), (d)) + (x) + 0x5c4dd124U; \
+- (a) = ROL((a), (s)) + (e); \
+- (c) = ROL((c), 10); \
+-}
+-#define JJJ(a, b, c, d, e, x, s) { \
+- (a) += J((b), (c), (d)) + (x) + 0x50a28be6U; \
+- (a) = ROL((a), (s)) + (e); \
+- (c) = ROL((c), 10); \
+-}
+-
+-/********************************************************************/
+-
+-void
+-RMD160Init(context)
+- RMD160_CTX *context;
+-{
+-
+- /* ripemd-160 initialization constants */
+- context->state[0] = 0x67452301U;
+- context->state[1] = 0xefcdab89U;
+- context->state[2] = 0x98badcfeU;
+- context->state[3] = 0x10325476U;
+- context->state[4] = 0xc3d2e1f0U;
+- context->length[0] = context->length[1] = 0;
+- context->buflen = 0;
+-}
+-
+-/********************************************************************/
+-
+-void
+-RMD160Transform(state, block)
+- u_int32_t state[5];
+- const u_int32_t block[16];
+-{
+- u_int32_t aa = state[0], bb = state[1], cc = state[2],
+- dd = state[3], ee = state[4];
+- u_int32_t aaa = state[0], bbb = state[1], ccc = state[2],
+- ddd = state[3], eee = state[4];
+-
+- /* round 1 */
+- FF(aa, bb, cc, dd, ee, block[ 0], 11);
+- FF(ee, aa, bb, cc, dd, block[ 1], 14);
+- FF(dd, ee, aa, bb, cc, block[ 2], 15);
+- FF(cc, dd, ee, aa, bb, block[ 3], 12);
+- FF(bb, cc, dd, ee, aa, block[ 4], 5);
+- FF(aa, bb, cc, dd, ee, block[ 5], 8);
+- FF(ee, aa, bb, cc, dd, block[ 6], 7);
+- FF(dd, ee, aa, bb, cc, block[ 7], 9);
+- FF(cc, dd, ee, aa, bb, block[ 8], 11);
+- FF(bb, cc, dd, ee, aa, block[ 9], 13);
+- FF(aa, bb, cc, dd, ee, block[10], 14);
+- FF(ee, aa, bb, cc, dd, block[11], 15);
+- FF(dd, ee, aa, bb, cc, block[12], 6);
+- FF(cc, dd, ee, aa, bb, block[13], 7);
+- FF(bb, cc, dd, ee, aa, block[14], 9);
+- FF(aa, bb, cc, dd, ee, block[15], 8);
+-
+- /* round 2 */
+- GG(ee, aa, bb, cc, dd, block[ 7], 7);
+- GG(dd, ee, aa, bb, cc, block[ 4], 6);
+- GG(cc, dd, ee, aa, bb, block[13], 8);
+- GG(bb, cc, dd, ee, aa, block[ 1], 13);
+- GG(aa, bb, cc, dd, ee, block[10], 11);
+- GG(ee, aa, bb, cc, dd, block[ 6], 9);
+- GG(dd, ee, aa, bb, cc, block[15], 7);
+- GG(cc, dd, ee, aa, bb, block[ 3], 15);
+- GG(bb, cc, dd, ee, aa, block[12], 7);
+- GG(aa, bb, cc, dd, ee, block[ 0], 12);
+- GG(ee, aa, bb, cc, dd, block[ 9], 15);
+- GG(dd, ee, aa, bb, cc, block[ 5], 9);
+- GG(cc, dd, ee, aa, bb, block[ 2], 11);
+- GG(bb, cc, dd, ee, aa, block[14], 7);
+- GG(aa, bb, cc, dd, ee, block[11], 13);
+- GG(ee, aa, bb, cc, dd, block[ 8], 12);
+-
+- /* round 3 */
+- HH(dd, ee, aa, bb, cc, block[ 3], 11);
+- HH(cc, dd, ee, aa, bb, block[10], 13);
+- HH(bb, cc, dd, ee, aa, block[14], 6);
+- HH(aa, bb, cc, dd, ee, block[ 4], 7);
+- HH(ee, aa, bb, cc, dd, block[ 9], 14);
+- HH(dd, ee, aa, bb, cc, block[15], 9);
+- HH(cc, dd, ee, aa, bb, block[ 8], 13);
+- HH(bb, cc, dd, ee, aa, block[ 1], 15);
+- HH(aa, bb, cc, dd, ee, block[ 2], 14);
+- HH(ee, aa, bb, cc, dd, block[ 7], 8);
+- HH(dd, ee, aa, bb, cc, block[ 0], 13);
+- HH(cc, dd, ee, aa, bb, block[ 6], 6);
+- HH(bb, cc, dd, ee, aa, block[13], 5);
+- HH(aa, bb, cc, dd, ee, block[11], 12);
+- HH(ee, aa, bb, cc, dd, block[ 5], 7);
+- HH(dd, ee, aa, bb, cc, block[12], 5);
+-
+- /* round 4 */
+- II(cc, dd, ee, aa, bb, block[ 1], 11);
+- II(bb, cc, dd, ee, aa, block[ 9], 12);
+- II(aa, bb, cc, dd, ee, block[11], 14);
+- II(ee, aa, bb, cc, dd, block[10], 15);
+- II(dd, ee, aa, bb, cc, block[ 0], 14);
+- II(cc, dd, ee, aa, bb, block[ 8], 15);
+- II(bb, cc, dd, ee, aa, block[12], 9);
+- II(aa, bb, cc, dd, ee, block[ 4], 8);
+- II(ee, aa, bb, cc, dd, block[13], 9);
+- II(dd, ee, aa, bb, cc, block[ 3], 14);
+- II(cc, dd, ee, aa, bb, block[ 7], 5);
+- II(bb, cc, dd, ee, aa, block[15], 6);
+- II(aa, bb, cc, dd, ee, block[14], 8);
+- II(ee, aa, bb, cc, dd, block[ 5], 6);
+- II(dd, ee, aa, bb, cc, block[ 6], 5);
+- II(cc, dd, ee, aa, bb, block[ 2], 12);
+-
+- /* round 5 */
+- JJ(bb, cc, dd, ee, aa, block[ 4], 9);
+- JJ(aa, bb, cc, dd, ee, block[ 0], 15);
+- JJ(ee, aa, bb, cc, dd, block[ 5], 5);
+- JJ(dd, ee, aa, bb, cc, block[ 9], 11);
+- JJ(cc, dd, ee, aa, bb, block[ 7], 6);
+- JJ(bb, cc, dd, ee, aa, block[12], 8);
+- JJ(aa, bb, cc, dd, ee, block[ 2], 13);
+- JJ(ee, aa, bb, cc, dd, block[10], 12);
+- JJ(dd, ee, aa, bb, cc, block[14], 5);
+- JJ(cc, dd, ee, aa, bb, block[ 1], 12);
+- JJ(bb, cc, dd, ee, aa, block[ 3], 13);
+- JJ(aa, bb, cc, dd, ee, block[ 8], 14);
+- JJ(ee, aa, bb, cc, dd, block[11], 11);
+- JJ(dd, ee, aa, bb, cc, block[ 6], 8);
+- JJ(cc, dd, ee, aa, bb, block[15], 5);
+- JJ(bb, cc, dd, ee, aa, block[13], 6);
+-
+- /* parallel round 1 */
+- JJJ(aaa, bbb, ccc, ddd, eee, block[ 5], 8);
+- JJJ(eee, aaa, bbb, ccc, ddd, block[14], 9);
+- JJJ(ddd, eee, aaa, bbb, ccc, block[ 7], 9);
+- JJJ(ccc, ddd, eee, aaa, bbb, block[ 0], 11);
+- JJJ(bbb, ccc, ddd, eee, aaa, block[ 9], 13);
+- JJJ(aaa, bbb, ccc, ddd, eee, block[ 2], 15);
+- JJJ(eee, aaa, bbb, ccc, ddd, block[11], 15);
+- JJJ(ddd, eee, aaa, bbb, ccc, block[ 4], 5);
+- JJJ(ccc, ddd, eee, aaa, bbb, block[13], 7);
+- JJJ(bbb, ccc, ddd, eee, aaa, block[ 6], 7);
+- JJJ(aaa, bbb, ccc, ddd, eee, block[15], 8);
+- JJJ(eee, aaa, bbb, ccc, ddd, block[ 8], 11);
+- JJJ(ddd, eee, aaa, bbb, ccc, block[ 1], 14);
+- JJJ(ccc, ddd, eee, aaa, bbb, block[10], 14);
+- JJJ(bbb, ccc, ddd, eee, aaa, block[ 3], 12);
+- JJJ(aaa, bbb, ccc, ddd, eee, block[12], 6);
+-
+- /* parallel round 2 */
+- III(eee, aaa, bbb, ccc, ddd, block[ 6], 9);
+- III(ddd, eee, aaa, bbb, ccc, block[11], 13);
+- III(ccc, ddd, eee, aaa, bbb, block[ 3], 15);
+- III(bbb, ccc, ddd, eee, aaa, block[ 7], 7);
+- III(aaa, bbb, ccc, ddd, eee, block[ 0], 12);
+- III(eee, aaa, bbb, ccc, ddd, block[13], 8);
+- III(ddd, eee, aaa, bbb, ccc, block[ 5], 9);
+- III(ccc, ddd, eee, aaa, bbb, block[10], 11);
+- III(bbb, ccc, ddd, eee, aaa, block[14], 7);
+- III(aaa, bbb, ccc, ddd, eee, block[15], 7);
+- III(eee, aaa, bbb, ccc, ddd, block[ 8], 12);
+- III(ddd, eee, aaa, bbb, ccc, block[12], 7);
+- III(ccc, ddd, eee, aaa, bbb, block[ 4], 6);
+- III(bbb, ccc, ddd, eee, aaa, block[ 9], 15);
+- III(aaa, bbb, ccc, ddd, eee, block[ 1], 13);
+- III(eee, aaa, bbb, ccc, ddd, block[ 2], 11);
+-
+- /* parallel round 3 */
+- HHH(ddd, eee, aaa, bbb, ccc, block[15], 9);
+- HHH(ccc, ddd, eee, aaa, bbb, block[ 5], 7);
+- HHH(bbb, ccc, ddd, eee, aaa, block[ 1], 15);
+- HHH(aaa, bbb, ccc, ddd, eee, block[ 3], 11);
+- HHH(eee, aaa, bbb, ccc, ddd, block[ 7], 8);
+- HHH(ddd, eee, aaa, bbb, ccc, block[14], 6);
+- HHH(ccc, ddd, eee, aaa, bbb, block[ 6], 6);
+- HHH(bbb, ccc, ddd, eee, aaa, block[ 9], 14);
+- HHH(aaa, bbb, ccc, ddd, eee, block[11], 12);
+- HHH(eee, aaa, bbb, ccc, ddd, block[ 8], 13);
+- HHH(ddd, eee, aaa, bbb, ccc, block[12], 5);
+- HHH(ccc, ddd, eee, aaa, bbb, block[ 2], 14);
+- HHH(bbb, ccc, ddd, eee, aaa, block[10], 13);
+- HHH(aaa, bbb, ccc, ddd, eee, block[ 0], 13);
+- HHH(eee, aaa, bbb, ccc, ddd, block[ 4], 7);
+- HHH(ddd, eee, aaa, bbb, ccc, block[13], 5);
+-
+- /* parallel round 4 */
+- GGG(ccc, ddd, eee, aaa, bbb, block[ 8], 15);
+- GGG(bbb, ccc, ddd, eee, aaa, block[ 6], 5);
+- GGG(aaa, bbb, ccc, ddd, eee, block[ 4], 8);
+- GGG(eee, aaa, bbb, ccc, ddd, block[ 1], 11);
+- GGG(ddd, eee, aaa, bbb, ccc, block[ 3], 14);
+- GGG(ccc, ddd, eee, aaa, bbb, block[11], 14);
+- GGG(bbb, ccc, ddd, eee, aaa, block[15], 6);
+- GGG(aaa, bbb, ccc, ddd, eee, block[ 0], 14);
+- GGG(eee, aaa, bbb, ccc, ddd, block[ 5], 6);
+- GGG(ddd, eee, aaa, bbb, ccc, block[12], 9);
+- GGG(ccc, ddd, eee, aaa, bbb, block[ 2], 12);
+- GGG(bbb, ccc, ddd, eee, aaa, block[13], 9);
+- GGG(aaa, bbb, ccc, ddd, eee, block[ 9], 12);
+- GGG(eee, aaa, bbb, ccc, ddd, block[ 7], 5);
+- GGG(ddd, eee, aaa, bbb, ccc, block[10], 15);
+- GGG(ccc, ddd, eee, aaa, bbb, block[14], 8);
+-
+- /* parallel round 5 */
+- FFF(bbb, ccc, ddd, eee, aaa, block[12] , 8);
+- FFF(aaa, bbb, ccc, ddd, eee, block[15] , 5);
+- FFF(eee, aaa, bbb, ccc, ddd, block[10] , 12);
+- FFF(ddd, eee, aaa, bbb, ccc, block[ 4] , 9);
+- FFF(ccc, ddd, eee, aaa, bbb, block[ 1] , 12);
+- FFF(bbb, ccc, ddd, eee, aaa, block[ 5] , 5);
+- FFF(aaa, bbb, ccc, ddd, eee, block[ 8] , 14);
+- FFF(eee, aaa, bbb, ccc, ddd, block[ 7] , 6);
+- FFF(ddd, eee, aaa, bbb, ccc, block[ 6] , 8);
+- FFF(ccc, ddd, eee, aaa, bbb, block[ 2] , 13);
+- FFF(bbb, ccc, ddd, eee, aaa, block[13] , 6);
+- FFF(aaa, bbb, ccc, ddd, eee, block[14] , 5);
+- FFF(eee, aaa, bbb, ccc, ddd, block[ 0] , 15);
+- FFF(ddd, eee, aaa, bbb, ccc, block[ 3] , 13);
+- FFF(ccc, ddd, eee, aaa, bbb, block[ 9] , 11);
+- FFF(bbb, ccc, ddd, eee, aaa, block[11] , 11);
+-
+- /* combine results */
+- ddd += cc + state[1]; /* final result for state[0] */
+- state[1] = state[2] + dd + eee;
+- state[2] = state[3] + ee + aaa;
+- state[3] = state[4] + aa + bbb;
+- state[4] = state[0] + bb + ccc;
+- state[0] = ddd;
+-}
+-
+-/********************************************************************/
+-
+-void
+-RMD160Update(context, data, nbytes)
+- RMD160_CTX *context;
+- const u_char *data;
+- u_int32_t nbytes;
+-{
+- u_int32_t X[16];
+- u_int32_t ofs = 0;
+- u_int32_t i;
+-#ifdef WORDS_BIGENDIAN
+- u_int32_t j;
+-#endif
+-
+- /* update length[] */
+- if (context->length[0] + nbytes < context->length[0])
+- context->length[1]++; /* overflow to msb of length */
+- context->length[0] += nbytes;
+-
+- (void)memset(X, 0, sizeof(X));
+-
+- if ( context->buflen + nbytes < 64 )
+- {
+- (void)memcpy(context->bbuffer + context->buflen, data, nbytes);
+- context->buflen += nbytes;
+- }
+- else
+- {
+- /* process first block */
+- ofs = 64 - context->buflen;
+- (void)memcpy(context->bbuffer + context->buflen, data, ofs);
+-#ifndef WORDS_BIGENDIAN
+- (void)memcpy(X, context->bbuffer, sizeof(X));
+-#else
+- for (j=0; j < 16; j++)
+- X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j));
+-#endif
+- RMD160Transform(context->state, X);
+- nbytes -= ofs;
+-
+- /* process remaining complete blocks */
+- for (i = 0; i < (nbytes >> 6); i++) {
+-#ifndef WORDS_BIGENDIAN
+- (void)memcpy(X, data + (64 * i) + ofs, sizeof(X));
+-#else
+- for (j=0; j < 16; j++)
+- X[j] = BYTES_TO_DWORD(data + (64 * i) + (4 * j) + ofs);
+-#endif
+- RMD160Transform(context->state, X);
+- }
+-
+- /*
+- * Put last bytes from data into context's buffer
+- */
+- context->buflen = nbytes & 63;
+- memcpy(context->bbuffer, data + (64 * i) + ofs, context->buflen);
+- }
+-}
+-
+-/********************************************************************/
+-
+-void
+-RMD160Final(digest, context)
+- u_char digest[20];
+- RMD160_CTX *context;
+-{
+- u_int32_t i;
+- u_int32_t X[16];
+-#ifdef WORDS_BIGENDIAN
+- u_int32_t j;
+-#endif
+-
+- /* append the bit m_n == 1 */
+- context->bbuffer[context->buflen] = '\200';
+-
+- (void)memset(context->bbuffer + context->buflen + 1, 0,
+- 63 - context->buflen);
+-#ifndef WORDS_BIGENDIAN
+- (void)memcpy(X, context->bbuffer, sizeof(X));
+-#else
+- for (j=0; j < 16; j++)
+- X[j] = BYTES_TO_DWORD(context->bbuffer + (4 * j));
+-#endif
+- if ((context->buflen) > 55) {
+- /* length goes to next block */
+- RMD160Transform(context->state, X);
+- (void)memset(X, 0, sizeof(X));
+- }
+-
+- /* append length in bits */
+- X[14] = context->length[0] << 3;
+- X[15] = (context->length[0] >> 29) |
+- (context->length[1] << 3);
+- RMD160Transform(context->state, X);
+-
+- if (digest != NULL) {
+- for (i = 0; i < 20; i += 4) {
+- /* extracts the 8 least significant bits. */
+- digest[i] = context->state[i>>2];
+- digest[i + 1] = (context->state[i>>2] >> 8);
+- digest[i + 2] = (context->state[i>>2] >> 16);
+- digest[i + 3] = (context->state[i>>2] >> 24);
+- }
+- }
+-}
+-
+-/************************ end of file rmd160.c **********************/
+-#endif
+--- skey-1.1.5.orig/rmd160.h 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/rmd160.h 1970-01-01 01:00:00.000000000 +0100
+@@ -1,48 +0,0 @@
+-/* $OpenBSD: rmd160.h,v 1.4 1999/08/16 09:59:04 millert Exp $ */
+-
+-/********************************************************************\
+- *
+- * FILE: rmd160.h
+- *
+- * CONTENTS: Header file for a sample C-implementation of the
+- * RIPEMD-160 hash-function.
+- * TARGET: any computer with an ANSI C compiler
+- *
+- * AUTHOR: Antoon Bosselaers, ESAT-COSIC
+- * DATE: 1 March 1996
+- * VERSION: 1.0
+- *
+- * Copyright (c) Katholieke Universiteit Leuven
+- * 1996, All Rights Reserved
+- *
+-\********************************************************************/
+-
+-#ifndef _RMD160_H /* make sure this file is read only once */
+-#define _RMD160_H
+-
+-/********************************************************************/
+-
+-/* structure definitions */
+-
+-typedef struct {
+- u_int32_t state[5]; /* state (ABCDE) */
+- u_int32_t length[2]; /* number of bits */
+- u_char bbuffer[64]; /* overflow buffer */
+- u_int32_t buflen; /* number of chars in bbuffer */
+-} RMD160_CTX;
+-
+-/********************************************************************/
+-
+-/* function prototypes */
+-
+-void RMD160Init __P((RMD160_CTX *context));
+-void RMD160Transform __P((u_int32_t state[5], const u_int32_t block[16]));
+-void RMD160Update __P((RMD160_CTX *context, const u_char *data, u_int32_t nbytes));
+-void RMD160Final __P((u_char digest[20], RMD160_CTX *context));
+-char *RMD160End __P((RMD160_CTX *, char *));
+-char *RMD160File __P((char *, char *));
+-char *RMD160Data __P((const u_char *, size_t, char *));
+-
+-#endif /* _RMD160_H */
+-
+-/*********************** end of file rmd160.h ***********************/
+--- skey-1.1.5.orig/rmd160hl.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/rmd160hl.c 1970-01-01 01:00:00.000000000 +0100
+@@ -1,85 +0,0 @@
+-/* rmd160hl.c
+- * ----------------------------------------------------------------------------
+- * "THE BEER-WARE LICENSE" (Revision 42):
+- * <phk@login.dkuug.dk> wrote this file. As long as you retain this notice you
+- * can do whatever you want with this stuff. If we meet some day, and you think
+- * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
+- * ----------------------------------------------------------------------------
+- */
+-
+-#if defined(LIBC_SCCS) && !defined(lint)
+-static char rcsid[] = "$OpenBSD: rmd160hl.c,v 1.2 1999/08/17 09:13:12 millert Exp $";
+-#endif /* LIBC_SCCS and not lint */
+-
+-#include <stdlib.h>
+-#include <stdio.h>
+-#include <errno.h>
+-#include <fcntl.h>
+-#include <sys/types.h>
+-#include <sys/uio.h>
+-#include <unistd.h>
+-#include "config.h"
+-#ifdef HAVE_RMD160_H
+-#include <rmd160.h>
+-#else
+-#include "rmd160.h"
+-#endif
+-
+-/* ARGSUSED */
+-char *
+-RMD160End(ctx, buf)
+- RMD160_CTX *ctx;
+- char *buf;
+-{
+- int i;
+- char *p = buf;
+- u_char digest[20];
+- static const char hex[]="0123456789abcdef";
+-
+- if (p == NULL && (p = malloc(41)) == NULL)
+- return 0;
+-
+- RMD160Final(digest,ctx);
+- for (i = 0; i < 20; i++) {
+- p[i + i] = hex[digest[i] >> 4];
+- p[i + i + 1] = hex[digest[i] & 0x0f];
+- }
+- p[i + i] = '\0';
+- return(p);
+-}
+-
+-char *
+-RMD160File (filename, buf)
+- char *filename;
+- char *buf;
+-{
+- u_char buffer[BUFSIZ];
+- RMD160_CTX ctx;
+- int fd, num, oerrno;
+-
+- RMD160Init(&ctx);
+-
+- if ((fd = open(filename, O_RDONLY)) < 0)
+- return(0);
+-
+- while ((num = read(fd, buffer, sizeof(buffer))) > 0)
+- RMD160Update(&ctx, buffer, num);
+-
+- oerrno = errno;
+- close(fd);
+- errno = oerrno;
+- return(num < 0 ? 0 : RMD160End(&ctx, buf));
+-}
+-
+-char *
+-RMD160Data (data, len, buf)
+- const u_char *data;
+- size_t len;
+- char *buf;
+-{
+- RMD160_CTX ctx;
+-
+- RMD160Init(&ctx);
+- RMD160Update(&ctx, data, len);
+- return(RMD160End(&ctx, buf));
+-}
+--- skey-1.1.5.orig/skey.1 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skey.1 2003-11-06 17:46:45.000000000 +0000
+@@ -1,95 +1,165 @@
+-.\" $OpenBSD: skey.1,v 1.21 2000/11/09 17:52:38 aaron Exp $
+-.\" @(#)skey.1 1.1 10/28/93
++.\" $NetBSD: skey.1,v 1.21 2003/09/07 16:22:24 wiz Exp $
+ .\"
+-.Dd October 28, 1993
++.\" from: @(#)skey.1 1.1 10/28/93
++.\"
++.Dd July 25, 2001
+ .Dt SKEY 1
+ .Os
+ .Sh NAME
+-.Nm skey, otp-md4, otp-md5, otp-sha1, otp-rmd160
++.Nm skey
+ .Nd respond to an OTP challenge
+ .Sh SYNOPSIS
+-.Nm skey
+-.Op Fl x
+-.Oo
+-.Fl md4 | Fl md5 | Fl sha1 |
+-.Fl rmd160
+-.Oc
++.Nm
+ .Op Fl n Ar count
+-.Op Fl p Ar passwd
+-<sequence#>[/] key
++.Op Fl p Ar password
++.Op Fl t Ar hash
++.Op Fl x
++.Ar sequence#
++.Op /
++.Ar key
+ .Sh DESCRIPTION
+-.Nm S/key
+-is a procedure for using one-time passwords to authenticate access to
+-computer systems.
+-It uses 64 bits of information transformed by the
+-MD4, MD5, SHA1, or RIPEMD-160 algorithms.
+-The user supplies the 64 bits
+-in the form of 6 English words that are generated by a secure computer.
+-This implementation of
+-.Nm s/key
+-is RFC 1938 compliant.
++.Em S/Key
++is a One Time Password (OTP) authentication system.
++It is intended to be used when the communication channel between
++a user and host is not secure (e.g. not encrypted or hardwired).
++Since each password is used only once, even if it is "seen" by a
++hostile third party, it cannot be used again to gain access to the host.
+ .Pp
+-When
+-.Nm skey
+-is invoked as
+-.Nm otp-method ,
+-.Nm skey
+-will use
+-.Ar method
+-as the hash function where
+-.Ar method
+-is currently one of md4, md5, sha1, or rmd160.
++.Em S/Key
++uses 64 bits of information, transformed by the
++.Tn MD4
++algorithm into 6 English words.
++The user supplies the words to authenticate himself to programs like
++.Xr login 1
++or
++.Xr ftpd 8 .
++.Pp
++Example use of the
++.Em S/Key
++program
++.Nm :
++.Bd -literal -offset indent
++% skey 99 th91334
++Enter password: \*[Lt]your secret password is entered here\*[Gt]
++OMEN US HORN OMIT BACK AHOY
++%
++.Ed
++.Pp
++The string that is given back by
++.Nm
++can then be used to log into a system.
++.Pp
++The programs that are part of the
++.Em S/Key
++system are:
++.Bl -tag -width skeyauditxxx
++.It Xr skeyinit 1
++used to set up your
++.Em S/Key .
++.It Nm
++used to get the one time password(s).
++.It Xr skeyinfo 1
++used to initialize the
++.Em S/Key
++database for the specified user.
++It also tells the user what the next challenge will be.
++.It Xr skeyaudit 1
++used to inform users that they will soon have to rerun
++.Xr skeyinit 1 .
++.El
+ .Pp
+-If you misspell your password while running
+-.Nm skey ,
++When you run
++.Xr skeyinit 1
++you inform the system of your
++secret password.
++Running
++.Nm
++then generates the
++one-time password(s), after requiring your secret password.
++If however, you misspell your secret password that you have given to
++.Xr skeyinit 1
++while running
++.Xr skey 1
+ you will get a list of passwords
+-that will not work, and no indication of the problem.
++that will not work, and no indication about the problem.
+ .Pp
+-Password sequence numbers count backwards.
++Password sequence numbers count backward from 99.
+ You can enter the passwords using small letters, even though
+-.Nm skey
++.Xr skey 1
+ prints them capitalized.
+ .Pp
+-The options are as follows:
+-.Bl -tag -width Ds
+-.It Fl n Ar count
+-Prints out
++The
++.Fl n Ar count
++argument asks for
+ .Ar count
+-one-time passwords.
+-The default is to print one.
+-.It Fl p Ar password
+-Uses
+-.Ar password
+-as the secret password.
+-Use of this option is discouraged as
+-your secret password could be visible in a process listing.
+-.It Fl x
+-Causes output to be in hexadecimal instead of ASCII.
+-.It Fl md4
+-Selects MD4 as the hash algorithm.
+-.It Fl md5
+-Selects MD5 as the hash algorithm.
+-.It Fl sha1
+-Selects SHA-1 (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
+-.It Fl rmd160
+-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
+-.El
++password sequences to be printed out ending with the requested
++sequence number.
++.Pp
++The hash algorithm is selected using the
++.Fl t Ar hash
++option, possible choices here are md4, md5 or sha1.
++.Pp
++The
++.Fl p Ar password
++allows the user to specify the
++.Em S/Key
++password on the command line.
++.Pp
++To output the S/Key list in hexadecimal instead of words,
++use the
++.Fl x
++option.
+ .Sh EXAMPLES
+-.sp 0
+- % skey 99 th91334
+-.sp 0
+- Enter secret password: <your secret password is entered here>
+-.sp 0
+- OMEN US HORN OMIT BACK AHOY
+-.sp 0
+- %
++Initialize generation of one time passwords:
++.Bd -literal -offset indent
++host% skeyinit
++Password: \*[Lt]normal login password\*[Gt]
++[Adding username]
++Enter secret password: \*[Lt]new secret password\*[Gt]
++Again secret password: \*[Lt]new secret password again\*[Gt]
++ID username s/key is 99 host12345
++Next login password: SOME SIX WORDS THAT WERE COMPUTED
++.Ed
++.Pp
++Produce a list of one time passwords to take with to a conference:
++.Bd -literal -offset indent
++host% skey -n 3 99 host12345
++Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt]
++97: NOSE FOOT RUSH FEAR GREY JUST
++98: YAWN LEO DEED BIND WACK BRAE
++99: SOME SIX WORDS THAT WERE COMPUTED
++.Ed
++.Pp
++Logging in to a host where
++.Nm
++is installed:
++.Bd -literal -offset indent
++host% telnet host
++
++login: \*[Lt]username\*[Gt]
++Password [s/key 97 host12345]:
++.Ed
++.Pp
++Note that the user can use either his/her
++.Em S/Key
++password at the prompt but also the normal one unless the
++.Fl s
++flag is given to
++.Xr login 1 .
+ .Sh SEE ALSO
+ .Xr login 1 ,
++.Xr skeyaudit 1 ,
+ .Xr skeyinfo 1 ,
+-.Xr skeyinit 1
++.Xr skeyinit 1 ,
++.Xr ftpd 8
+ .Pp
+-.Em RFC1938
++.Em RFC 2289
+ .Sh TRADEMARKS AND PATENTS
+-S/Key is a Trademark of Bellcore.
++.Em S/Key
++is a trademark of
++.Tn Bellcore .
+ .Sh AUTHORS
+-Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
++Phil Karn,
++Neil M. Haller,
++John S. Walden,
++Scott Chasin
+--- skey-1.1.5.orig/skey.3 1970-01-01 01:00:00.000000000 +0100
++++ skey-1.1.5/skey.3 2003-11-06 17:46:45.000000000 +0000
+@@ -0,0 +1,264 @@
++.\" $NetBSD: skey.3,v 1.8 2003/06/06 13:42:50 wiz Exp $
++.\"
++.\" Copyright (c) 2001 The NetBSD Foundation, Inc.
++.\" All rights reserved.
++.\"
++.\" This code is derived from software contributed to The NetBSD Foundation
++.\" by Gregory McGarry.
++.\"
++.\" Redistribution and use in source and binary forms, with or without
++.\" modification, are permitted provided that the following conditions
++.\" are met:
++.\" 1. Redistributions of source code must retain the above copyright
++.\" notice, this list of conditions and the following disclaimer.
++.\" 2. Redistributions in binary form must reproduce the above copyright
++.\" notice, this list of conditions and the following disclaimer in the
++.\" documentation and/or other materials provided with the distribution.
++.\" 3. All advertising materials mentioning features or use of this software
++.\" must display the following acknowledgement:
++.\" This product includes software developed by the NetBSD
++.\" Foundation, Inc. and its contributors.
++.\" 4. Neither the name of The NetBSD Foundation nor the names of its
++.\" contributors may be used to endorse or promote products derived
++.\" from this software without specific prior written permission.
++.\"
++.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
++.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
++.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
++.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++.\" POSSIBILITY OF SUCH DAMAGE.
++.\"
++.Dd November 10, 2001
++.Dt SKEY 3
++.Os
++.Sh NAME
++.Nm skey ,
++.Nm skeychallenge ,
++.Nm skeylookup ,
++.Nm skeygetnext ,
++.Nm skeyverify ,
++.Nm skeyzero ,
++.Nm getskeyprompt ,
++.Nm skey_set_algorithm ,
++.Nm skey_get_algorithm ,
++.Nm skey_haskey ,
++.Nm skey_keyinfo ,
++.Nm skey_passcheck ,
++.Nm skey_authenticate
++.Nd one-time password (OTP) library
++.Sh LIBRARY
++S/key One-Time Password Library (libskey, -lskey)
++.Sh SYNOPSIS
++.In skey.h
++.Ft int
++.Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \
++"size_t sslen"
++.Ft int
++.Fn skeylookup "struct skey *mp" "const char *name"
++.Ft int
++.Fn skeygetnext "struct skey *mp"
++.Ft int
++.Fn skeyverify "struct skey *mp" "char *response"
++.Ft int
++.Fn skeyzero "struct skey *mp" "char *response"
++.Ft int
++.Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt"
++.Ft const char *
++.Fn skey_set_algorithm "const char *new"
++.Ft const char *
++.Fn skey_get_algorithm "void"
++.Ft int
++.Fn skey_haskey "const char *username"
++.Ft const char *
++.Fn skey_keyinfo "const char *username"
++.Ft int
++.Fn skey_passcheck "const char *username" "char *passwd"
++.Ft int
++.Fn skey_authenticate "const char *username"
++.Ft void
++.Fn f "char *x"
++.Ft int
++.Fn keycrunch "char *result" "const char *seed" "const char *passwd"
++.Ft void
++.Fn rip "char *buf"
++.Ft char *
++.Fn readpass "char *buf " "int n"
++.Ft char *
++.Fn readskey "char *buf" "int n"
++.Ft int
++.Fn atob8 "char *out" "const char *in"
++.Ft int
++.Fn btoa8 "char *out" "const char *in"
++.Ft int
++.Fn htoi "int c"
++.Ft const char *
++.Fn skipspace "const char *cp"
++.Ft void
++.Fn backspace "char *buf"
++.Ft void
++.Fn sevenbit "char *buf"
++.Ft char *
++.Fn btoe "char *engout" "const char *c"
++.Ft int
++.Fn etob "char *out" "const char *e"
++.Ft char *
++.Fn put8 "char *out" "const char *s"
++.Sh DESCRIPTION
++The
++.Nm
++library provides routines for accessing
++.Nx Ns 's
++one-time password (OTP) authentication system.
++.Pp
++Most S/Key operations take a pointer to a
++.Em struct skey ,
++which should be considered as an opaque identifier.
++.Sh FUNCTIONS
++The following high-level functions are available:
++.Bl -tag -width compact
++.It Fn skeychallenge "mp" "name" "ss" "sslen"
++Return a S/Key challenge for user
++.Fa name .
++If successful, the caller's skey structure
++.Fa mp
++is filled and 0 is returned.
++If unsuccessful (e.g. if name is unknown),
++\-1 is returned.
++.It Fn skeylookup "mp" "name"
++Find an entry for user
++.Fa name
++in the one-time password database.
++Returns 0 if the entry is found and 1 if the entry is not found.
++If an error occurs accessing the database, \-1 is returned.
++.It Fn skeygetnext "mp"
++Get the next entry in the one-time password database.
++Returns 0 on success and the entry is stored in
++.Ar mp
++and 1 if no more entries are available.
++If an error occurs accessing the database, \-1 is returned.
++.It Fn skeyverify "mp" "response"
++Verify response
++.Fa response
++to a S/Key challenge.
++Returns 0 if the verification is successful and 1 if the verification failed.
++If an error occurs accessing the database, \-1 is returned.
++.It Fn skeyzero "mp" "response"
++Comment out user's entry in the S/Key database.
++Returns 0 on success and the database is updated,
++otherwise \-1 is returned and the database remains unchanged.
++.It Fn getskeyprompt "mp" "name" "prompt"
++Issue a S/Key challenge for user
++.Ar name .
++If successful, fill in the caller's skey structure
++.Fa mp
++and return 0.
++If unsuccessful (e.g. if name is unknown) \-1 is returned.
++.El
++.Pp
++The following lower-level functions are available:
++.Bl -tag -width compact
++.It Fn skey_set_algorithm "new"
++Set hash algorithm type.
++Valid values for
++.Fa new
++are "md4", "md5" and "sha1".
++.It Fn skey_get_algorithm "void"
++Get current hash type.
++.It Fn skey_haskey "username"
++Returns 0 if the user
++.Fa username
++exists and 1 if the user doesn't exist.
++Returns \-1 on file error.
++.It Fn skey_keyinfo "username"
++Returns the current sequence number and seed for user
++.Ar username .
++.It Fn skey_passcheck "username" "passwd"
++Checks to see if answer is the correct one to the current challenge.
++.It Fn skey_authenticate "username"
++Used when calling program will allow input of the user's response to
++the challenge.
++Returns zero on success or \-1 on failure.
++.El
++.Pp
++The following miscellaneous functions are available:
++.Bl -tag -width compact
++.It Fn f "x"
++One-way function to take 8 bytes pointed to by
++.Fa x
++and return 8 bytes in place.
++.It Fn keycrunch "char *result" "const char *seed" "const char *passwd"
++Crunch a key.
++.It Fn rip "buf"
++Strip trailing CR/LF characters from a line of text
++.Fa buf .
++.It Fn readpass "buf" "n"
++Read in secret passwd (turns off echo).
++.It Fn readskey "buf" "n"
++Read in an s/key OTP (does not turn off echo).
++.It Fn atob8 "out" "in"
++Convert 8-byte hex-ascii string
++.Fa in
++to binary array
++.Fa out .
++Returns 0 on success, \-1 on error.
++.It Fn btoa8 "out" "in"
++Convert 8-byte binary array
++.Fa in
++to hex-ascii string
++.Fa out .
++Returns 0 on success, \-1 on error.
++.It Fn htoi "int c"
++Convert hex digit to binary integer.
++.It Fn skipspace "cp"
++Skip leading spaces from the string
++.Fa cp .
++.It Fn backspace "buf"
++Remove backspaced over characters from the string
++.Fa buf .
++.It Fn sevenbit "buf"
++Ensure line
++.Fa buf
++is all seven bits.
++.It Fn btoe "engout" "c"
++Encode 8 bytes in
++.Ar c
++as a string of English words.
++Returns a pointer to a static buffer in
++.Fa engout .
++.It Fn etob "out" "e"
++Convert English to binary.
++Returns 0 if the word is not in the database, 1 if all good words and
++parity is valid, \-1 if badly formed input (i.e. \*[Gt] 4 char word)
++and -2 if words are valid but parity is wrong.
++.It Fn put8 "out" "s"
++Display 8 bytes
++.Fa s
++as a series of 16-bit hex digits.
++.El
++.Sh FILES
++.Bl -tag -width /usr/lib/libskey_p.a -compact
++.It Pa /usr/lib/libskey.a
++static skey library
++.It Pa /usr/lib/libskey.so
++dynamic skey library
++.It Pa /usr/lib/libskey_p.a
++static skey library compiled for profiling
++.El
++.Sh SEE ALSO
++.Xr skey 1 ,
++.Xr skeyaudit 1 ,
++.Xr skeyinfo 1
++.Sh BUGS
++The
++.Nm
++library functions are not re-entrant or thread-safe.
++.Pp
++The
++.Nm
++library defines many poorly named functions which pollute the name space.
+--- skey-1.1.5.orig/skeyaudit.1 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skeyaudit.1 2003-11-06 17:46:45.000000000 +0000
+@@ -1,46 +1,29 @@
+-.\" $OpenBSD: skeyaudit.1,v 1.8 2000/11/09 17:52:38 aaron Exp $
++.\" $NetBSD: skeyaudit.1,v 1.6 2001/04/09 12:34:14 wiz Exp $
+ .\"
+-.Dd 22 July 1997
++.Dd June 9, 1994
+ .Dt SKEYAUDIT 1
+ .Os
+ .Sh NAME
+ .Nm skeyaudit
+ .Nd warn users if their S/Key will soon expire
+ .Sh SYNOPSIS
+-.Nm skeyaudit
+-.Op Fl a
+-.Op Fl i
+-.Op Fl l Ar limit
++.Nm
++.Op Ar limit
+ .Sh DESCRIPTION
+ .Nm
+ searches through the file
+-.Pa /etc/skeykeys
++.Dq Pa /etc/skey/skeykeys
+ for users whose S/Key sequence number is less than
+ .Ar limit ,
+-and mails them a reminder to run
++and sends them a reminder to run
+ .Xr skeyinit 1
+-soon.
+-.Pp
+-The options are as follows:
+-.Bl -tag -width Ds
+-.It Fl a
+-Check all keys in
+-.Pa /etc/skeykeys .
+-This option is only available to the superuser and
+-is useful to run regularly via
+-.Xr cron 8 .
+-.It Fl i
+-Interactive mode.
+-Don't send mail, just print to the standard output.
+-.It Fl l Ar limit
+-The limit used to determine whether or not a user should be notified.
+-The default is to notify if there are fewer than 12 keys left.
+-.El
++soon. If no limit is specified a default of 12 is used.
+ .Sh FILES
+-.Bl -tag -width /etc/skeykeys -compact
+-.It Pa /etc/skeykeys
+-S/Key key information database
++.Bl -tag -width /etc/skey/skeykeys -compact
++.It Pa /etc/skey/skeykeys
++The S/Key key information database
+ .El
+ .Sh SEE ALSO
+ .Xr skey 1 ,
++.Xr skeyinfo 1 ,
+ .Xr skeyinit 1
+--- skey-1.1.5.orig/skeyaudit.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skeyaudit.c 1970-01-01 01:00:00.000000000 +0100
+@@ -1,236 +0,0 @@
+-/* $OpenBSD: skeyaudit.c,v 1.10 2000/09/20 21:53:49 pjanzen Exp $ */
+-
+-/*
+- * Copyright (c) 1997, 2000 Todd C. Miller <Todd.Miller@courtesan.com>
+- * All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- * 3. The name of the author may not be used to endorse or promote products
+- * derived from this software without specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+- */
+-
+-#include <errno.h>
+-/*#include <limits.h>*/
+-#include <pwd.h>
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <string.h>
+-#include <unistd.h>
+-#include <netdb.h>
+-#include "config.h"
+-#ifdef HAVE_ERR_H
+-#include <err.h>
+-#else
+-#include "err.h"
+-#endif
+-#include "skey.h"
+-
+-#include <sys/types.h>
+-#include <sys/param.h>
+-#include <sys/wait.h>
+-
+-#ifdef HAVE_LOGIN_CAP_H
+-# include <login_cap.h>
+-#else
+-# include "login_cap.h"
+-#endif
+-
+-char *__progname;
+-
+-void notify __P((struct passwd *, int, int));
+-FILE *runsendmail __P((struct passwd *, int *));
+-void usage __P((void));
+-
+-int
+-main(argc, argv)
+- int argc;
+- char **argv;
+-{
+- struct passwd *pw;
+- struct skey key;
+- int ch, errs = 0, left = 0, aflag = 0, iflag = 0, limit = 12;
+- char *name;
+-
+- __progname = argv[0];
+-
+- if (geteuid() != 0)
+- errx(1, "must be setuid root");
+-
+- while ((ch = getopt(argc, argv, "ail:")) != -1)
+- switch(ch) {
+- case 'a':
+- aflag = 1;
+- if (getuid() != 0)
+- errx(1, "only root may use the -a flag");
+- break;
+- case 'i':
+- iflag = 1;
+- break;
+- case 'l':
+- errno = 0;
+- if ((limit = (int)strtol(optarg, NULL, 10)) == 0)
+- errno = ERANGE;
+- if (errno) {
+- warn("key limit");
+- usage();
+- }
+- break;
+- default:
+- usage();
+- }
+-
+- if (argc - optind > 0)
+- usage();
+-
+- /* Need key.keyfile zero'd at the very least */
+- (void)memset(&key, 0, sizeof(key));
+-
+- if (aflag) {
+- while ((ch = skeygetnext(&key)) == 0) {
+- left = key.n - 1;
+- if ((pw = getpwnam(key.logname)) == NULL)
+- continue;
+- if (left >= limit)
+- continue;
+- notify(pw, left, iflag);
+- }
+- if (ch == -1)
+- errx(-1, "cannot open %s", SKEYKEYS);
+- else
+- (void)fclose(key.keyfile);
+- } else {
+- if ((pw = getpwuid(getuid())) == NULL)
+- errx(1, "no passwd entry for uid %u", getuid());
+- if ((name = strdup(pw->pw_name)) == NULL)
+- err(1, "cannot allocate memory");
+- sevenbit(name);
+-
+- errs = skeylookup(&key, name);
+- switch (errs) {
+- case 0: /* Success! */
+- left = key.n - 1;
+- break;
+- case -1: /* File error */
+- errx(errs, "cannot open %s", SKEYKEYS);
+- break;
+- case 1: /* Unknown user */
+- warnx("%s is not listed in %s", name,
+- SKEYKEYS);
+- }
+- (void)fclose(key.keyfile);
+-
+- if (!errs && left < limit)
+- notify(pw, left, iflag);
+- }
+-
+- exit(errs);
+-}
+-
+-void
+-notify(pw, seq, interactive)
+- struct passwd *pw;
+- int seq;
+- int interactive;
+-{
+- static char hostname[MAXHOSTNAMELEN];
+- int pid;
+- FILE *out;
+-
+- /* Only set this once */
+- if (hostname[0] == '\0' && gethostname(hostname, sizeof(hostname)) == -1)
+- strcpy(hostname, "unknown");
+-
+- if (interactive)
+- out = stdout;
+- else
+- out = runsendmail(pw, &pid);
+-
+- if (!interactive)
+- (void)fprintf(out,
+- "To: %s\nSubject: IMPORTANT action required\n", pw->pw_name);
+-
+- if (seq)
+- (void)fprintf(out,
+-"\nYou are nearing the end of your current S/Key sequence for account\n\
+-%s on system %s.\n\n\
+-Your S/Key sequence number is now %d. When it reaches zero\n\
+-you will no longer be able to use S/Key to log into the system.\n\n",
+-pw->pw_name, hostname, seq);
+- else
+- (void)fprintf(out,
+-"\nYou are at the end of your current S/Key sequence for account\n\
+-%s on system %s.\n\n\
+-At this point you can no longer use S/Key to log into the system.\n\n",
+-pw->pw_name, hostname);
+- (void)fprintf(out,
+-"Type \"skeyinit -s\" to reinitialize your sequence number.\n\n");
+-
+- (void)fclose(out);
+- if (!interactive)
+- (void)waitpid(pid, NULL, 0);
+-}
+-
+-FILE *
+-runsendmail(pw, pidp)
+- struct passwd *pw;
+- int *pidp;
+-{
+- FILE *fp;
+- int pfd[2], pid;
+-
+- if (pipe(pfd) < 0)
+- return(NULL);
+-
+- switch (pid = fork()) {
+- case -1: /* fork(2) failed */
+- (void)close(pfd[0]);
+- (void)close(pfd[1]);
+- return(NULL);
+- case 0: /* In child */
+- (void)close(pfd[1]);
+- (void)dup2(pfd[0], STDIN_FILENO);
+- (void)close(pfd[0]);
+-
+- /* Run sendmail as target user not root */
+- if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) {
+- warn("cannot set user context");
+- _exit(127);
+- }
+-
+- execl(SENDMAIL, "sendmail", "-t", NULL);
+- warn("cannot run \"%s -t\"", SENDMAIL);
+- _exit(127);
+- }
+-
+- /* In parent */
+- *pidp = pid;
+- fp = fdopen(pfd[1], "w");
+- (void)close(pfd[0]);
+-
+- return(fp);
+-}
+-void
+-usage()
+-{
+- (void)fprintf(stderr, "Usage: %s [-i] [-l limit]\n",
+- __progname);
+- exit(1);
+-}
+--- skey-1.1.5.orig/skeyaudit.sh 1970-01-01 01:00:00.000000000 +0100
++++ skey-1.1.5/skeyaudit.sh 2003-11-06 17:46:45.000000000 +0000
+@@ -0,0 +1,58 @@
++#!/bin/sh
++#
++# $NetBSD: skeyaudit.sh,v 1.2.12.2 2000/07/28 12:42:59 mjl Exp $
++#
++# This script will look thru the skeykeys file for
++# people with sequence numbers less than LOWLIMIT=12
++# and send them an e-mail reminder to use skeyinit soon
++#
++
++KEYDB=/etc/skey/skeykeys
++LOWLIMIT=12
++ADMIN=root
++SUBJECT="Reminder: Run skeyinit"
++HOST=`/bin/hostname`
++
++
++if [ "$1" != "" ]
++then
++ LOWLIMIT=$1
++fi
++
++if [ ! -s "${KEYDB}" ]; then
++ exit 0
++fi
++
++# an skeykeys entry looks like
++# jsw 0076 la13079 ba20a75528de9d3a
++# #oot md5 0005 aspa26398 9432d570ff4421f0 Jul 07,2000 01:36:43
++# mjl sha1 0099 alpha2 459a5dac23d20a90 Jul 07,2000 02:14:17
++# the sequence number is the second (or third) entry
++#
++
++SKEYS=`awk '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB`
++
++set -- ${SKEYS}
++
++while [ "X$1" != "X" ]; do
++ USER=$1
++ SEQ=$2
++ KEY=$3
++ shift 3
++ # echo "$USER -- $SEQ -- $KEY"
++ if [ $SEQ -lt $LOWLIMIT ]; then
++ if [ $SEQ -lt 3 ]; then
++ SUBJECT="IMPORTANT action required"
++ fi
++ (
++ echo "You are nearing the end of your current S/Key sequence for account $i"
++ echo "on system $HOST."
++ echo ""
++ echo "Your S/key sequence number is now $SEQ. When it reaches zero you"
++ echo "will no longer be able to use S/Key to login into the system. "
++ echo " "
++ echo "Use \"skeyinit -s\" to reinitialize your sequence number."
++ echo ""
++ ) | mail -s "$SUBJECT" $USER $ADMIN
++ fi
++done
+--- skey-1.1.5.orig/skey.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skey.c 2003-11-06 17:46:45.000000000 +0000
+@@ -25,6 +25,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
++#include <ctype.h>
+ #include "config.h"
+
+ #ifdef HAVE_ERR_H
+@@ -35,102 +36,93 @@
+
+ #include "skey.h"
+
+-void usage __P((char *));
++int main(int, char **);
++void usage(char *);
+
+ int
+-main(argc, argv)
+- int argc;
+- char *argv[];
++main(int argc, char **argv)
+ {
+- int n, i, cnt = 1, pass = 0, hexmode = 0;
+- char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
+- char buf[33], *seed, *slash;
+-
+- /* If we were called as otp-METHOD, set algorithm based on that */
+- if ((slash = strrchr(argv[0], '/')))
+- slash++;
+- else
+- slash = argv[0];
+- if (strncmp(slash, "otp-", 4) == 0) {
+- slash += 4;
+- if (skey_set_algorithm(slash) == NULL)
+- errx(1, "Unknown hash algorithm %s", slash);
+- }
+-
+- for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
+- if (argv[i][2] == '\0') {
+- /* Single character switch */
+- switch (argv[i][1]) {
++ int n, cnt = 1, i, pass = 0, hexmode = 0;
++ char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
++ char buf[33], *seed, *slash, *t;
++
++ while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) {
++ switch(i) {
++ case 'f':
++ break; /* unused */
+ case 'n':
+- if (i + 1 == argc)
+- usage(argv[0]);
+- cnt = atoi(argv[++i]);
++ cnt = atoi(optarg);
+ break;
+ case 'p':
+- if (i + 1 == argc)
+- usage(argv[0]);
+- if (strlcpy(passwd, argv[++i], sizeof(passwd)) >=
+- sizeof(passwd))
+- errx(1, "Password too long");
++ if (strncpy(passwd, optarg, sizeof(passwd)) == NULL)
++ errx(1, "Password too long");
+ pass = 1;
+ break;
++ case 't':
++ if (skey_set_algorithm(optarg) == NULL)
++ errx(1, "Unknown hash algorithm %s", optarg);
++ break;
+ case 'x':
+ hexmode = 1;
+ break;
+ default:
+ usage(argv[0]);
+- }
+- } else {
+- /* Multi character switches are hash types */
+- if (skey_set_algorithm(&argv[i][1]) == NULL) {
+- warnx("Unknown hash algorithm %s", &argv[i][1]);
+- usage(argv[0]);
+- }
++ break;
+ }
+- i++;
+ }
+
+- if (argc > i + 2)
+- usage(argv[0]);
+-
+- /* Could be in the form <number>/<seed> */
+- if (argc <= i + 1) {
++ /* could be in the form <number>/<seed> */
++ if (argc <= optind + 1) {
+ /* look for / in it */
+- if (argc <= i)
++ if (argc <= optind)
+ usage(argv[0]);
+- slash = strchr(argv[i], '/');
++ slash = strchr(argv[optind], '/');
+ if (slash == NULL)
+ usage(argv[0]);
+ *slash++ = '\0';
+ seed = slash;
+
+- if ((n = atoi(argv[i])) < 0) {
+- warnx("%d not positive", n);
++ if ((n = atoi(argv[optind])) < 0) {
++ fprintf(stderr, "%s is not positive\n", argv[optind]);
+ usage(argv[0]);
+ } else if (n > SKEY_MAX_SEQ) {
+ warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
+ usage(argv[0]);
+ }
+ } else {
+- if ((n = atoi(argv[i])) < 0) {
+- warnx("%d not positive", n);
++ if ((n = atoi(argv[optind])) < 0) {
++ fprintf(stderr, "%s not positive\n", argv[optind]);
+ usage(argv[0]);
+ } else if (n > SKEY_MAX_SEQ) {
+ warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ);
+ usage(argv[0]);
+ }
+- seed = argv[++i];
++ seed = argv[++optind];
++ }
++
++ for (t = seed; *t; t++) {
++ if (!isalnum(*t))
++ errx(1, "seed must be alphanumeric");
+ }
+
++ if (!*seed || strlen(seed) > SKEY_MAX_SEED_LEN)
++ errx(1, "seed must be between 1 and %d long", SKEY_MAX_SEED_LEN);
++
+ /* Get user's secret password */
+ if (!pass) {
+- (void)fputs("Reminder - Do not use this program while logged in via telnet or rlogin.\n", stderr);
+- (void)fputs("Enter secret password: ", stderr);
++ fputs("Reminder - Do not use this program while "
++ "logged in via telnet or rlogin.\n", stderr);
++ fprintf(stderr, "Enter secret password: ");
+ readpass(passwd, sizeof(passwd));
+ if (passwd[0] == '\0')
+ exit(1);
+ }
+
++ if (strlen(passwd) < SKEY_MIN_PW_LEN)
++ warnx(
++ "RFC2289 states that password should be at least %d characters long",
++ SKEY_MIN_PW_LEN);
++
+ /* Crunch seed and password into starting key */
+ if (keycrunch(key, seed, passwd) != 0)
+ errx(1, "key crunch failed");
+@@ -138,16 +130,15 @@
+ if (cnt == 1) {
+ while (n-- != 0)
+ f(key);
+- (void)puts(hexmode ? put8(buf, key) : btoe(buf, key));
++ puts(hexmode ? put8(buf, key) : btoe(buf, key));
+ } else {
+ for (i = 0; i <= n - cnt; i++)
+ f(key);
+ for (; i <= n; i++) {
++ printf("%3d: %-29s", i, btoe(buf, key));
+ if (hexmode)
+- (void)printf("%d: %-29s %s\n", i,
+- btoe(buf, key), put8(buf, key));
+- else
+- (void)printf("%d: %-29s\n", i, btoe(buf, key));
++ printf("\t%s", put8(buf, key));
++ puts("");
+ f(key);
+ }
+ }
+@@ -155,9 +146,10 @@
+ }
+
+ void
+-usage(s)
+- char *s;
++usage(char *s)
+ {
+- (void)fprintf(stderr, "Usage: %s [-x] [-md4|-md5|-sha1|-rmd160] [-n count] [-p password] <sequence#>[/] key\n", s);
++ fprintf(stderr,
++"Usage: %s [-n count] [-p password] [-t hash] [-x] sequence# [/] key\n",
++ s);
+ exit(1);
+ }
+--- skey-1.1.5.orig/skey.h 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skey.h 2003-11-06 17:46:45.000000000 +0000
+@@ -1,3 +1,5 @@
++/* $NetBSD: skey.h,v 1.8 2000/07/28 16:35:11 thorpej Exp $ */
++
+ /*
+ * S/KEY v1.1b (skey.h)
+ *
+@@ -11,86 +13,86 @@
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Main client header
+- *
+- * $OpenBSD: skey.h,v 1.13 1999/07/15 14:33:48 provos Exp $
+ */
+
+ /* Server-side data structure for reading keys file during login */
+-struct skey {
+- FILE *keyfile;
+- char buf[256];
+- char *logname;
+- int n;
+- char *seed;
+- char *val;
+- long recstart; /* needed so reread of buffer is efficient */
++struct skey
++{
++ FILE *keyfile;
++ char buf[256];
++ char *logname;
++ int n;
++ char *seed;
++ char *val;
++ long recstart; /* needed so reread of buffer is efficient */
+ };
+
+ /* Client-side structure for scanning data stream for challenge */
+-struct mc {
+- char buf[256];
+- int skip;
+- int cnt;
++struct mc
++{
++ char buf[256];
++ int skip;
++ int cnt;
+ };
+
+ /* Maximum sequence number we allow */
+ #ifndef SKEY_MAX_SEQ
+-#define SKEY_MAX_SEQ 10000
++#define SKEY_MAX_SEQ 10000
+ #endif
+
+-/* Minimum secret password length (rfc1938) */
++/* Minimum secret password length (rfc2289) */
+ #ifndef SKEY_MIN_PW_LEN
+-#define SKEY_MIN_PW_LEN 10
++#define SKEY_MIN_PW_LEN 10
+ #endif
+
+-/* Max secret password length (rfc1938 says 63 but allows more) */
++/* Max secret password length (rfc2289 says 63 but allows more) */
+ #ifndef SKEY_MAX_PW_LEN
+-#define SKEY_MAX_PW_LEN 255
++#define SKEY_MAX_PW_LEN 255
+ #endif
+
+-/* Max length of an S/Key seed (rfc1938) */
++/* Max length of an S/Key seed (rfc2289) */
+ #ifndef SKEY_MAX_SEED_LEN
+-#define SKEY_MAX_SEED_LEN 16
++#define SKEY_MAX_SEED_LEN 16
+ #endif
+
+ /* Max length of S/Key challenge (otp-???? 9999 seed) */
+ #ifndef SKEY_MAX_CHALLENGE
+-#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN)
++#define SKEY_MAX_CHALLENGE (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN)
+ #endif
+
+ /* Max length of hash algorithm name (md4/md5/sha1/rmd160) */
+-#define SKEY_MAX_HASHNAME_LEN 6
++#define SKEY_MAX_HASHNAME_LEN 6
+
+ /* Size of a binary key (not NULL-terminated) */
+-#define SKEY_BINKEY_SIZE 8
++#define SKEY_BINKEY_SIZE 8
+
+ /* Location of random file for bogus challenges */
+-#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random"
++#define _SKEY_RAND_FILE_PATH_ "/var/db/host.random"
+
+ /* Prototypes */
+-void f(char *x);
+-int keycrunch(char *result, char *seed, char *passwd);
+-char *btoe(char *engout, char *c);
+-char *put8(char *out, char *s);
+-int etob(char *out, char *e);
+-void rip(char *buf);
+-int skeychallenge(struct skey * mp, char *name, char *ss);
+-int skeylookup (struct skey * mp, char *name);
+-int skeyverify (struct skey * mp, char *response);
+-int skeyzero (struct skey * mp, char *response);
+-void sevenbit (char *s);
+-void backspace (char *s);
+-char *skipspace (char *s);
+-char *readpass (char *buf, int n);
+-char *readskey (char *buf, int n);
+-int skey_authenticate (char *username);
+-int skey_passcheck (char *username, char *passwd);
+-char *skey_keyinfo (char *username);
+-int skey_haskey (char *username);
+-int getskeyprompt (struct skey *mp, char *name, char *prompt);
+-int atob8 (char *out, char *in);
+-int btoa8 (char *out, char *in);
+-int htoi (int c);
+-const char *skey_get_algorithm (void);
+-char *skey_set_algorithm (char *new);
+-int skeygetnext (struct skey *mp);
++void f __P ((char *));
++int keycrunch __P ((char *, const char *, const char *));
++char *btoe __P ((char *, const char *));
++char *put8 __P ((char *, const char *));
++int etob __P ((char *, const char *));
++void rip __P ((char *));
++int skeychallenge __P ((struct skey *, const char *, char *, size_t));
++int skeylookup __P ((struct skey *, const char *));
++int skeyverify __P ((struct skey *, char *));
++void sevenbit __P ((char *));
++void backspace __P ((char *));
++const char *skipspace __P ((const char *));
++char *readpass __P ((char *, int));
++char *readskey __P ((char *, int));
++int skey_authenticate __P ((const char *));
++int skey_passcheck __P ((const char *, char *));
++const char *skey_keyinfo __P ((const char *));
++int skey_haskey __P ((const char *));
++int getskeyprompt __P ((struct skey *, char *, char *));
++int atob8 __P((char *, const char *));
++int btoa8 __P((char *, const char *));
++int htoi __P((int));
++const char *skey_get_algorithm __P((void));
++const char *skey_set_algorithm __P((const char *));
++int skeygetnext __P((struct skey *));
++int skeyzero __P((struct skey *, char *));
+--- skey-1.1.5.orig/skeyinfo.1 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skeyinfo.1 2003-11-06 17:46:45.000000000 +0000
+@@ -1,30 +1,19 @@
+-.\" $OpenBSD: skeyinfo.1,v 1.3 2000/03/11 21:40:02 aaron Exp $
++.\" $NetBSD: skeyinfo.1,v 1.5 2001/04/09 12:34:44 wiz Exp $
+ .\"
+-.Dd 22 July 1997
++.Dd June 9, 1994
+ .Dt SKEYINFO 1
+ .Os
+ .Sh NAME
+ .Nm skeyinfo
+ .Nd obtain the next S/Key challenge for a user
+ .Sh SYNOPSIS
+-.Nm skeyinfo
+-.Op Fl v
++.Nm
+ .Op Ar user
+ .Sh DESCRIPTION
+ .Nm
+ prints out the next S/Key challenge for the specified user or for the
+ current user if no user is specified.
+-.Pp
+-The options are as follows:
+-.Bl -tag -width Ds
+-.It Fl v
+-Print the hash algorithm as well.
+-.El
+-.Sh EXAMPLES
+-% skey -n <number of passwords to print> `skeyinfo` | lpr
+-.Pp
+-This would print out a list of S/Key passwords for use over
+-an untrusted network (perhaps for use at a conference).
+ .Sh SEE ALSO
+ .Xr skey 1 ,
++.Xr skeyaudit 1 ,
+ .Xr skeyinit 1
+--- skey-1.1.5.orig/skeyinfo.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skeyinfo.c 2003-11-06 17:46:45.000000000 +0000
+@@ -1,9 +1,12 @@
+-/* $OpenBSD: skeyinfo.c,v 1.6 2001/02/05 16:58:11 millert Exp $ */
++/* $NetBSD: skeyinfo.c,v 1.4 2003/07/23 04:11:50 itojun Exp $ */
+
+-/*
+- * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
++/*-
++ * Copyright (c) 1997 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
++ * This code is derived from software contributed to The NetBSD Foundation
++ * by Andrew Brown.
++ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+@@ -12,104 +15,79 @@
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+- * 3. The name of the author may not be used to endorse or promote products
+- * derived from this software without specific prior written permission.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * This product includes software developed by the NetBSD
++ * Foundation, Inc. and its contributors.
++ * 4. Neither the name of The NetBSD Foundation nor the names of its
++ * contributors may be used to endorse or promote products derived
++ * from this software without specific prior written permission.
+ *
+- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
++ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
++ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+-/*#include <limits.h>*/
+-#include <pwd.h>
+ #include <stdio.h>
+-#include <stdlib.h>
++#include <pwd.h>
++#include <err.h>
+ #include <string.h>
+ #include <unistd.h>
+-#include "config.h"
+-#include "skey.h"
+-/*#include "defines.h"*/
+
+-char *__progname;
++#include "skey.h"
+
+-void usage(void);
++int main __P((int, char *[]));
+
+-int
+-main(argc, argv)
+- int argc;
+- char **argv;
++int main(int argc, char **argv)
+ {
+- struct passwd *pw;
+- struct skey key;
+- char *name = NULL;
+- int error, ch, verbose = 0;
+-
+- __progname=argv[0];
+-
+- if (geteuid() != 0)
+- errx(1, "must be setuid root");
+-
+- while ((ch = getopt(argc, argv, "v")) != -1)
+- switch(ch) {
+- case 'v':
+- verbose = 1;
+- break;
+- default:
+- usage();
++ struct skey skey;
++ char name[100], prompt[1024];
++ int uid;
++ struct passwd *pw = NULL;
++
++ argc--;
++ argv++;
++
++ if (geteuid())
++ errx(1, "must be root to read %s", SKEYKEYS);
++
++ uid = getuid();
++
++ if (!argc)
++ pw = getpwuid(uid);
++ else if (!uid)
++ pw = getpwnam(argv[0]);
++ else
++ errx(1, "permission denied to look other users skeys");
++
++ if (!pw) {
++ if (argc)
++ errx(1, "%s: no such user", argv[0]);
++ else
++ errx(1, "who are you?");
+ }
+- argc -= optind;
+- argv += optind;
+
+- if (argc == 1)
+- name = argv[0];
+- else if (argc > 1)
+- usage();
+-
+- if (name && getuid() != 0)
+- errx(1, "only root may specify an alternate user");
+-
+- if (name) {
+- if (strlen(name) > PASS_MAX)
+- errx(1, "username too long (%d chars max)", PASS_MAX);
+- if ((pw = getpwnam(name)) == NULL)
+- errx(1, "no passwd entry for %s", name);
+- } else {
+- if ((pw = getpwuid(getuid())) == NULL)
+- errx(1, "no passwd entry for uid %u", getuid());
+- }
++ strncpy(name, pw->pw_name, sizeof(name));
+
+- if ((name = strdup(pw->pw_name)) == NULL)
+- err(1, "cannot allocate memory");
+- sevenbit(name);
+-
+- error = skeylookup(&key, name);
+- switch (error) {
+- case 0: /* Success! */
+- if (verbose)
+- (void)printf("otp-%s ", skey_get_algorithm());
+- (void)printf("%d %s\n", key.n - 1, key.seed);
+- break;
+- case -1: /* File error */
+- warnx("cannot open %s", SKEYKEYS);
+- break;
+- case 1: /* Unknown user */
+- warnx("%s is not listed in %s", name, SKEYKEYS);
++ if (getskeyprompt(&skey, name, prompt) == -1) {
++ printf("%s %s no s/key\n",
++ argc ? name : "You",
++ argc ? "has" : "have");
+ }
+- (void)fclose(key.keyfile);
+-
+- exit(error);
+-}
+-
+-void
+-usage()
+-{
+- (void)fprintf(stderr, "Usage: %s [-v] [user]\n", __progname);
+- exit(1);
++ else {
++ if (argc)
++ printf("%s's ", pw->pw_name);
++ else
++ printf("Your ");
++ printf("next %s", prompt);
++ }
++ return 0;
+ }
+--- skey-1.1.5.orig/skeyinit.1 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skeyinit.1 2003-11-06 17:46:45.000000000 +0000
+@@ -1,22 +1,18 @@
+-.\" $OpenBSD: skeyinit.1,v 1.19 2000/11/09 17:52:39 aaron Exp $
+-.\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
++.\" $NetBSD: skeyinit.1,v 1.11 2001/04/09 12:35:00 wiz Exp $
+ .\" @(#)skeyinit.1 1.1 10/28/93
+ .\"
+-.Dd February 24, 1998
++.Dd June 7, 2000
+ .Dt SKEYINIT 1
+ .Os
+ .Sh NAME
+ .Nm skeyinit
+ .Nd change password or add user to S/Key authentication system
+ .Sh SYNOPSIS
+-.Nm skeyinit
++.Nm
++.Op Fl n Ar count
+ .Op Fl s
++.Op Fl t Ar hash
+ .Op Fl z
+-.Op Fl n Ar count
+-.Oo
+-.Fl md4 | Fl md5 | Fl sha1 |
+-.Fl rmd160
+-.Oc
+ .Op Ar user
+ .Sh DESCRIPTION
+ .Nm
+@@ -30,52 +26,17 @@
+ .Nm
+ requires you to type a secret password, so it should be used
+ only on a secure terminal.
+-For example, on the console of a
+-workstation or over an encrypted network session.
+-If you are using
+-.Nm
+-while logged in over an untrusted network, follow the instructions
+-given below with the
+-.Fl s
+-option.
+-.Pp
+-Before initializing an S/Key entry, the user must authenticate
+-using either a standard password or an S/Key challenge.
+-When used over an untrusted network, a password of
+-.Sq s/key
+-should be used.
+-The user will then be presented with the standard
+-S/Key challenge and allowed to proceed if it is correct.
+-.Pp
+-The options are as follows:
++.Sh OPTIONS
+ .Bl -tag -width Ds
+-.It Fl x
+-Displays pass phrase in hexadecimal instead of ASCII.
+ .It Fl s
+-Set secure mode where the user is expected to have used a secure
+-machine to generate the first one-time password.
+-Without the
+-.Fl s
+-option the system will assume you are directly connected over secure
+-communications and prompt you for your secret password.
+-The
+-.Fl s
+-option also allows one to set the seed and count for complete
+-control of the parameters.
+-You can use
+-.Ic skeyinit -s
+-in combination with the
+-.Nm skey
+-command to set the seed and count if you do not like the defaults.
+-To do this run
+-.Nm
+-in one window and put in your count and seed, then run
+-.Nm skey
+-in another window to generate the correct 6 English words for that
+-count and seed.
+-You can then "cut-and-paste" or type the words into the
+-.Nm
+-window.
++allows the user to set the seed and count for complete control
++of the parameters.
++To do this run skeyinit in one window and put in your count and seed;
++then run
++.Xr skey 1
++in another window to generate the correct 6 english words
++for that count and seed.
++You can then "cut-and-paste" or type the words into the skeyinit window.
+ .It Fl z
+ Allows the user to zero their S/Key entry.
+ .It Fl n Ar count
+@@ -84,30 +45,22 @@
+ sequence at
+ .Ar count
+ (default is 100).
+-.It Fl md4
+-Selects MD4 as the hash algorithm.
+-.It Fl md5
+-Selects MD5 as the hash algorithm.
+-.It Fl sha1
+-Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
+-.It Fl rmd160
+-Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
++.It Fl t Ar hash
++Selects the hash algorithm to use.
++Available choices are md4 (the default), md5 or sha1.
+ .It Ar user
+ The username to be changed/added.
+-By default the current user is operated on.
++By default the current user is operated on, only root may
++change other user's entries.
+ .El
+-.Sh ERRORS
+-.Bl -tag -width "skey disabled"
+-.It skey disabled
+-.Pa /etc/skeykeys
+-does not exist.
+-It must be created by the superuser in order to use
+-.Nm skeyinit .
+ .Sh FILES
+-.Bl -tag -width /etc/skeykeys
+-.It Pa /etc/skeykeys
+-database of information for S/Key system
++.Bl -tag -width /etc/skey/skeykeys
++.It Pa /etc/skey/skeykeys
++data base of information for S/Key system.
++.El
+ .Sh SEE ALSO
+-.Xr skey 1
++.Xr skey 1 ,
++.Xr skeyaudit 1 ,
++.Xr skeyinfo 1
+ .Sh AUTHORS
+ Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
+--- skey-1.1.5.orig/skeyinit.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skeyinit.c 2003-11-06 17:46:45.000000000 +0000
+@@ -43,6 +43,18 @@
+
+ #include <netdb.h>
+
++#ifdef HAVE_SHADOW_H
++#include <shadow.h>
++#endif
++
++#ifdef HAVE_CRACK_H
++#include <crack.h>
++#ifndef CRACKLIB_DICTPATH
++#define CRACKLIB_DICTPATH "/usr/lib/cracklib_dict"
++#endif
++#endif
++
++#include "err.h"
+ #include "skey.h"
+
+
+@@ -50,62 +62,80 @@
+ #define SKEY_NAMELEN 4
+ #endif
+
+-void usage __P((char *));
++int main __P((int, char **));
+
+-int
+-main(argc, argv)
+- int argc;
+- char *argv[];
++int main(int argc, char **argv)
+ {
+- int rval, nn, i, l, n=0, defaultsetup=1, zerokey=0, hexmode=0;
++ int rval, nn, i, l, n=0, defaultsetup=1, c, zerokey=0, hexmode=0;
+ time_t now;
+- struct utmp old_ut;
+-
+-#ifndef UT_LINESIZE
+-# define UT_LINESIZE (sizeof(old_ut.ut_line))
+-# define UT_NAMESIZE (sizeof(old_ut.ut_name))
+-# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
+-# endif
+-
+- char hostname[MAXHOSTNAMELEN];
++ char hostname[MAXHOSTNAMELEN+1];
++ char seed[SKEY_MAX_PW_LEN+2], key[SKEY_BINKEY_SIZE];
++ char defaultseed[SKEY_MAX_SEED_LEN+1];
+ char passwd[SKEY_MAX_PW_LEN+2], passwd2[SKEY_MAX_PW_LEN+2];
+- char seed[SKEY_MAX_SEED_LEN+2], defaultseed[SKEY_MAX_SEED_LEN+1];
+- char tbuf[27], buf[80], key[SKEY_BINKEY_SIZE];
+- char lastc, me[UT_NAMESIZE+1], *salt, *p, *pw, *ht=NULL;
+- struct skey skey;
+- struct passwd *pp;
+- struct tm *tm;
++ char tbuf[27], buf[80];
++ char lastc, me[LOGIN_NAME_MAX+1], *p, *pw, *ht=NULL, *msg;
++ const char *salt;
++ struct skey skey;
++ struct passwd *pp;
++ struct tm *tm;
++#ifdef HAVE_SHADOW_H
++ struct spwd *sp;
++#endif
++
++ i = open(_PATH_DEVNULL, O_RDWR);
++ while (i >= 0 && i < 2)
++ i = dup(i);
++ if (i > 2)
++ close(i);
+
+ if (geteuid() != 0)
+ errx(1, "must be setuid root.");
+
+ if (gethostname(hostname, sizeof(hostname)) < 0)
+- err(1, "gethostname");
+- for (i = 0, p = defaultseed; hostname[i] && i < SKEY_NAMELEN; i++) {
+- if (isalpha(hostname[i])) {
+- if (isupper(hostname[i]))
+- hostname[i] = tolower(hostname[i]);
+- *p++ = hostname[i];
+- } else if (isdigit(hostname[i]))
+- *p++ = hostname[i];
++ err(1, "gethostname() error");
++
++ for (i = 0, l = 0; l < sizeof(defaultseed); i++) {
++ if (hostname[i] == '\0') {
++ defaultseed[l] = hostname[i];
++ break;
++ }
++ if (isalnum(hostname[i]))
++ defaultseed[l++] = hostname[i];
+ }
+- *p = '\0';
+- (void)time(&now);
+- (void)sprintf(tbuf, "%05ld", (long) (now % 100000));
+- (void)strncat(defaultseed, tbuf, sizeof(defaultseed) - 5);
++
++ defaultseed[SKEY_NAMELEN] = '\0';
++ time(&now);
++ snprintf(tbuf, sizeof(tbuf), "%05ld", (long) (now % 100000));
++ strncat(defaultseed, tbuf, sizeof(defaultseed));
+
+ if ((pp = getpwuid(getuid())) == NULL)
+- err(1, "no user with uid %d", getuid());
+- (void)strcpy(me, pp->pw_name);
++ err(1, "no user with uid %ld", (u_long)getuid());
++ strncpy(me, pp->pw_name, sizeof(me));
+
+ if ((pp = getpwnam(me)) == NULL)
+- err(1, "Who are you?");
++ err(1, "getpwnam() returned NULL, Who are you?");
++#ifdef HAVE_SHADOW_H
++ /* hacking in shadow support... */
++ else if (strcmp(pp->pw_passwd, "x") == 0) {
++ if ((sp = getspnam(me)) == NULL)
++ err(1, "Unable to verify Password");
++ pp->pw_passwd = sp->sp_pwdp;
++ }
++#endif
+ salt = pp->pw_passwd;
+
+- for (i = 1; i < argc && argv[i][0] == '-' && strcmp(argv[i], "--");) {
+- if (argv[i][2] == '\0') {
+- /* Single character switch */
+- switch (argv[i][1]) {
++ while((c = getopt(argc, argv, "n:t:sxz")) != -1) {
++ switch(c) {
++ case 'n':
++ n = atoi(optarg);
++ if (n < 1 || n > SKEY_MAX_SEQ)
++ errx(1, "count must be between 1 and %d", SKEY_MAX_SEQ);
++ break;
++ case 't':
++ if(skey_set_algorithm(optarg) == NULL)
++ errx(1, "Unknown hash algorithm %s", optarg);
++ ht = optarg;
++ break;
+ case 's':
+ defaultsetup = 0;
+ break;
+@@ -115,105 +145,51 @@
+ case 'z':
+ zerokey = 1;
+ break;
+- case 'n':
+- if (argv[++i] == NULL || argv[i][0] == '\0')
+- usage(argv[0]);
+- if ((n = atoi(argv[i])) < 1 || n >= SKEY_MAX_SEQ)
+- errx(1, "count must be > 0 and < %d",
+- SKEY_MAX_SEQ);
+- break;
+ default:
+- usage(argv[0]);
+- }
+- } else {
+- /* Multi character switches are hash types */
+- if ((ht = skey_set_algorithm(&argv[i][1])) == NULL) {
+- warnx("Unknown hash algorithm %s", &argv[i][1]);
+- usage(argv[0]);
++ errx(1, "Usage: %s [-n count] [-t md4|md5|sha1] [-s] [-x] [-z] [user]", argv[0]);
+ }
+ }
+- i++;
+- }
++
++ if (argc > optind) {
++ pp = getpwnam(argv[optind]);
++ if (pp == NULL)
++ errx(1, "User %s unknown", argv[optind]);
++ }
+
+- /* check for optional user string */
+- if (argc - i > 1) {
+- usage(argv[0]);
+- } else if (argv[i]) {
+- if ((pp = getpwnam(argv[i])) == NULL) {
+- if (getuid() == 0) {
+- static struct passwd _pp;
+-
+- _pp.pw_name = argv[i];
+- pp = &_pp;
+- warnx("Warning, user unknown: %s", argv[i]);
+- } else {
+- errx(1, "User unknown: %s", argv[i]);
+- }
+- } else if (strcmp(pp->pw_name, me) != 0) {
++ if (strcmp(pp->pw_name, me) != 0) {
+ if (getuid() != 0) {
+ /* Only root can change other's passwds */
+ errx(1, "Permission denied.");
+ }
+ }
+- }
+
+ if (getuid() != 0) {
+- pw = getpass("Password (or `s/key'):");
+- if (strcasecmp(pw, "s/key") == 0) {
+- if (skey_haskey(me))
+- exit(1);
+- if (skey_authenticate(me))
+- errx(1, "Password incorrect.");
+- } else {
+- p = crypt(pw, salt);
+- if (strcmp(p, pp->pw_passwd))
+- errx(1, "Password incorrect.");
+- }
++ pw = getpass("Password: ");
++ p = crypt(pw, salt);
++ if (strcmp(p, pp->pw_passwd))
++ errx(1, "Password incorrect.");
+ }
+
+ rval = skeylookup(&skey, pp->pw_name);
+ switch (rval) {
+ case -1:
+- if (errno == ENOENT)
+- errx(1, "S/Key disabled");
+- else
+- err(1, "cannot open database");
+- break;
++ err(1, "cannot open database");
+ case 0:
+- /* comment out user if asked to */
+ if (zerokey)
+- exit(skeyzero(&skey, pp->pw_name));
++ exit (skeyzero(&skey, pp->pw_name));
++ printf("[Updating %s]\n", pp->pw_name);
++ printf("Old key: [%s] %s\n", skey_get_algorithm(), skey.seed);
+
+- (void)printf("[Updating %s]\n", pp->pw_name);
+- (void)printf("Old key: [%s] %s\n", skey_get_algorithm(),
+- skey.seed);
+-
+- /*
+- * Sanity check old seed.
+- */
+ l = strlen(skey.seed);
+- for (p = skey.seed; *p; p++) {
+- if (isalpha(*p)) {
+- if (isupper(*p))
+- *p = tolower(*p);
+- } else if (!isdigit(*p)) {
+- memmove(p, p + 1, l - (p - skey.seed));
+- l--;
+- }
+- }
+-
+- /*
+- * Let's be nice if they have an skey.seed that
+- * ends in 0-8 just add one
+- */
+ if (l > 0) {
+ lastc = skey.seed[l - 1];
+- if (isdigit(lastc) && lastc != '9') {
+- (void)strcpy(defaultseed, skey.seed);
++ if (isdigit((unsigned char)lastc) && lastc != '9') {
++ strncpy(defaultseed, skey.seed, sizeof(defaultseed));
+ defaultseed[l - 1] = lastc + 1;
+ }
+- if (isdigit(lastc) && lastc == '9' && l < 16) {
+- (void)strcpy(defaultseed, skey.seed);
++ if (isdigit((unsigned char)lastc) && lastc == '9' &&
++ l < 16) {
++ strncpy(defaultseed, skey.seed, sizeof(defaultseed));
+ defaultseed[l - 1] = '0';
+ defaultseed[l] = '0';
+ defaultseed[l + 1] = '\0';
+@@ -223,7 +199,7 @@
+ case 1:
+ if (zerokey)
+ errx(1, "You have no entry to zero.");
+- (void)printf("[Adding %s]\n", pp->pw_name);
++ printf("[Adding %s]\n", pp->pw_name);
+ break;
+ }
+ if (n == 0)
+@@ -237,37 +213,33 @@
+ }
+
+ if (!defaultsetup) {
+- (void)printf("You need the 6 english words generated from the \"skey\" command.\n");
++ printf("You need the 6 english words generated from the \"skey\" command.\n");
+ for (i = 0; ; i++) {
+ if (i >= 2)
+ exit(1);
+
+- (void)printf("Enter sequence count from 1 to %d: ",
+- SKEY_MAX_SEQ);
+- (void)fgets(buf, sizeof(buf), stdin);
++ printf("Enter sequence count from 1 to %d: ", SKEY_MAX_SEQ);
++ fgets(buf, sizeof(buf), stdin);
+ n = atoi(buf);
+ if (n > 0 && n < SKEY_MAX_SEQ)
+ break; /* Valid range */
+- (void)printf("Error: Count must be > 0 and < %d\n",
+- SKEY_MAX_SEQ);
++ printf("\nError: Count must be between 0 and %d\n", SKEY_MAX_SEQ);
+ }
+
+ for (i = 0;; i++) {
+ if (i >= 2)
+ exit(1);
+
+- (void)printf("Enter new key [default %s]: ",
+- defaultseed);
+- (void)fgets(seed, sizeof(seed), stdin);
++ printf("Enter new seed [default %s]: ", defaultseed);
++ fflush(stdout);
++ fgets(seed, sizeof(seed), stdin);
+ rip(seed);
+- if (seed[0] == '\0')
+- (void)strcpy(seed, defaultseed);
+ for (p = seed; *p; p++) {
+ if (isalpha(*p)) {
+ if (isupper(*p))
+ *p = tolower(*p);
+ } else if (!isdigit(*p)) {
+- (void)puts("Error: seed may only contain alpha numeric characters");
++ puts("Error: seed may only contain alpha numeric characters");
+ break;
+ }
+ }
+@@ -275,66 +247,75 @@
+ break; /* Valid seed */
+ }
+ if (strlen(seed) > SKEY_MAX_SEED_LEN) {
+- (void)printf("Notice: Seed truncated to %d characters.\n",
+- SKEY_MAX_SEED_LEN);
++ printf("Notice: Seed truncated to %d characters.\n", SKEY_MAX_SEED_LEN);
+ seed[SKEY_MAX_SEED_LEN] = '\0';
+ }
++ if (seed[0] == '\0')
++ strncpy(seed, defaultseed, sizeof(seed));
+
+ for (i = 0;; i++) {
+ if (i >= 2)
+ exit(1);
+
+- (void)printf("otp-%s %d %s\nS/Key access password: ",
++ printf("otp-%s %d %s\ns/key access password: ",
+ skey_get_algorithm(), n, seed);
+- (void)fgets(buf, sizeof(buf), stdin);
++ fgets(buf, sizeof(buf), stdin);
+ rip(buf);
+ backspace(buf);
+
+ if (buf[0] == '?') {
+- (void)puts("Enter 6 English words from secure S/Key calculation.");
++ puts("Enter 6 English words from secure s/key calculation.");
+ continue;
+ } else if (buf[0] == '\0')
+ exit(1);
+ if (etob(key, buf) == 1 || atob8(key, buf) == 0)
+ break; /* Valid format */
+- (void)puts("Invalid format - try again with 6 English words.");
++ puts("Invalid format - try again with 6 English words.");
+ }
+ } else {
+ /* Get user's secret password */
+- fputs("Reminder - Only use this method if you are directly connected\n or have an encrypted channel. If you are using telnet\n or rlogin, exit with no password and use skeyinit -s.\n", stderr);
++ puts("Reminder - Only use this method if you are directly connected\n"
++ "or have an encrypted channel. If you are using telnet\n"
++ "or rlogin, exit with no password and use skeyinit -s.\n");
+
+ for (i = 0;; i++) {
+- if (i > 2)
++ if (i >= 3)
+ exit(1);
+
+- (void)fputs("Enter secret password: ", stderr);
++ printf("Enter secret password: ");
+ readpass(passwd, sizeof(passwd));
+ if (passwd[0] == '\0')
+ exit(1);
+
+ if (strlen(passwd) < SKEY_MIN_PW_LEN) {
+- (void)fprintf(stderr,
+- "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN);
++ fprintf(stderr,
++ "Your password must be at least %d characters long.\n", SKEY_MIN_PW_LEN);
+ continue;
+ } else if (strcmp(passwd, pp->pw_name) == 0) {
+- (void)fputs("Your password may not be the same as your user name.\n", stderr);
+- continue;
+- } else if (strspn(passwd, "abcdefghijklmnopqrstuvwxyz") == strlen(passwd)) {
+- (void)fputs("Your password must contain more than just lower case letters.\nWhitespace, numbers, and puctuation are suggested.\n", stderr);
++ fputs("Your password may not be the same as your user name.\n", stderr);
+ continue;
++ }
++#ifdef HAVE_CRACK_H
++ if (msg = (char *) FascistCheck(passwd, CRACKLIB_DICTPATH)) {
++ warnx("Warning: %s", msg);
++ /* if (!i) */ /* reject passwords cracklib doesnt like the first time its entered... */
++ /* continue; */
+ }
++#endif
+
+- (void)fputs("Again secret password: ", stderr);
++ printf("Again secret password: ");
+ readpass(passwd2, sizeof(passwd));
++ if (passwd2[0] == '\0')
++ exit(1);
+
+ if (strcmp(passwd, passwd2) == 0)
+ break;
+
+- (void)fputs("Passwords do not match.\n", stderr);
++ puts("Passwords do not match.");
+ }
+
+ /* Crunch seed and password into starting key */
+- (void)strcpy(seed, defaultseed);
++ strncpy(seed, defaultseed, sizeof(seed));
+ if (keycrunch(key, seed, passwd) != 0)
+ err(2, "key crunch failed");
+
+@@ -342,16 +323,16 @@
+ while (nn-- != 0)
+ f(key);
+ }
+- (void)time(&now);
++ time(&now);
+ tm = localtime(&now);
+- (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
++ strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
+
+ if ((skey.val = (char *)malloc(16 + 1)) == NULL)
+ err(1, "Can't allocate memory");
+
+- /* Zero out old key if necesary (entry would change size) */
++ /* Zero out old key if necessary (entry would change size) */
+ if (zerokey) {
+- (void)skeyzero(&skey, pp->pw_name);
++ skeyzero(&skey, pp->pw_name);
+ /* Re-open keys file and seek to the end */
+ if (skeylookup(&skey, pp->pw_name) == -1)
+ err(1, "cannot open database");
+@@ -376,26 +357,17 @@
+
+ /* Don't save algorithm type for md4 (keep record length same) */
+ if (strcmp(skey_get_algorithm(), "md4") == 0)
+- (void)fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
++ fprintf(skey.keyfile, "%s %04d %-16s %s %-21s\n",
+ pp->pw_name, n, seed, skey.val, tbuf);
+ else
+- (void)fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
++ fprintf(skey.keyfile, "%s %s %04d %-16s %s %-21s\n",
+ pp->pw_name, skey_get_algorithm(), n, seed, skey.val, tbuf);
+
+- (void)fclose(skey.keyfile);
++ fclose(skey.keyfile);
+
+- (void)printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
++ printf("\nID %s skey is otp-%s %d %s\n", pp->pw_name,
+ skey_get_algorithm(), n, seed);
+- (void)printf("Next login password: %s\n\n",
++ printf("Next login password: %s\n\n",
+ hexmode ? put8(buf, key) : btoe(buf, key));
+- exit(0);
+-}
+-
+-void
+-usage(s)
+- char *s;
+-{
+- (void)fprintf(stderr,
+- "Usage: %s [-s] [-x] [-z] [-n count] [-md4|-md5|-sha1|-rmd160] [user]\n", s);
+- exit(1);
++ return 0;
+ }
+--- skey-1.1.5.orig/skeylogin.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skeylogin.c 2003-11-06 17:46:45.000000000 +0000
+@@ -20,6 +20,7 @@
+ #include <sys/quota.h>
+ #endif
+ #include <sys/stat.h>
++#include <sys/file.h>
+ #include <sys/time.h>
+ #include <sys/resource.h>
+ #include <sys/types.h>
+@@ -32,6 +33,7 @@
+ #include <string.h>
+ #include <time.h>
+ #include <unistd.h>
++#include <grp.h>
+
+ #include "config.h"
+
+@@ -45,73 +47,85 @@
+ #include "sha1.h"
+ #endif
+
++#include "err.h"
+ #include "skey.h"
+
+-char *skipspace __P((char *));
+-int skeylookup __P((struct skey *, char *));
++#define OTP_FMT "otp-%.*s %d %.*s"
+
+ /* Issue a skey challenge for user 'name'. If successful,
+- * fill in the caller's skey structure and return(0). If unsuccessful
+- * (e.g., if name is unknown) return(-1).
++ * fill in the caller's skey structure and return 0. If unsuccessful
++ * (e.g., if name is unknown) return -1.
+ *
+ * The file read/write pointer is left at the start of the
+ * record.
+ */
+-int
+-getskeyprompt(mp, name, prompt)
+- struct skey *mp;
+- char *name;
+- char *prompt;
++int getskeyprompt(struct skey *mp, char *name, char *prompt)
+ {
+ int rval;
+
+ sevenbit(name);
+ rval = skeylookup(mp, name);
+- (void)strcpy(prompt, "otp-md0 55 latour1\n");
++
++ *prompt = '\0';
+ switch (rval) {
+- case -1: /* File error */
+- return(-1);
+- case 0: /* Lookup succeeded, return challenge */
+- (void)sprintf(prompt, "otp-%.*s %d %.*s\n",
+- SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
++ case -1: /* File error */
++ return -1;
++ case 0: /* Lookup succeeded, return challenge */
++ sprintf(prompt, OTP_FMT "\n",
++ SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(),
+ mp->n - 1, SKEY_MAX_SEED_LEN, mp->seed);
+- return(0);
+- case 1: /* User not found */
+- (void)fclose(mp->keyfile);
+- return(-1);
++ return 0;
++ case 1: /* User not found */
++ fclose(mp->keyfile);
++ mp->keyfile = NULL;
++ return -1;
+ }
+- return(-1); /* Can't happen */
++ return -1; /* Can't happen, never ever ever. ever. I'm serious. */
+ }
+
+ /* Return a skey challenge string for user 'name'. If successful,
+- * fill in the caller's skey structure and return(0). If unsuccessful
+- * (e.g., if name is unknown) return(-1).
++ * fill in the caller's skey structure and return 0. If unsuccessful
++ * (e.g., if name is unknown) return -1.
+ *
+ * The file read/write pointer is left at the start of the
+ * record.
+ */
+-int
+-skeychallenge(mp, name, ss)
+- struct skey *mp;
+- char *name;
+- char *ss;
++int skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen)
+ {
+ int rval;
+
+ rval = skeylookup(mp,name);
++ *ss = '\0';
+ switch(rval){
+- case -1: /* File error */
+- return(-1);
+- case 0: /* Lookup succeeded, issue challenge */
+- (void)sprintf(ss, "otp-%.*s %d %.*s", SKEY_MAX_HASHNAME_LEN,
++ case -1: /* File error */
++ return -1;
++ case 0: /* Lookup succeeded, issue challenge */
++ snprintf(ss, sslen, OTP_FMT, SKEY_MAX_HASHNAME_LEN,
+ skey_get_algorithm(), mp->n - 1,
+ SKEY_MAX_SEED_LEN, mp->seed);
+- return(0);
+- case 1: /* User not found */
+- (void)fclose(mp->keyfile);
+- return(-1);
++ return 0;
++ case 1: /* User not found */
++ fclose(mp->keyfile);
++ mp->keyfile = NULL;
++ return -1;
++ }
++ return -1; /* Can't happen - or your money back */
++}
++
++static FILE *openskey(void)
++{
++ struct stat statbuf;
++ FILE *keyfile = NULL;
++
++ if (stat(SKEYKEYS, &statbuf) == 0 &&
++ (keyfile = fopen(SKEYKEYS, "r+"))) {
++ if ((statbuf.st_mode & 0007777) != 0600)
++ fchmod(fileno(keyfile), 0600);
++ } else {
++ keyfile = NULL;
+ }
+- return(-1); /* Can't happen */
++
++ return keyfile;
+ }
+
+ /* Find an entry in the One-time Password database.
+@@ -120,27 +134,19 @@
+ * 0: entry found, file R/W pointer positioned at beginning of record
+ * 1: entry not found, file R/W pointer positioned at EOF
+ */
+-int
+-skeylookup(mp, name)
+- struct skey *mp;
+- char *name;
++int skeylookup(struct skey *mp, const char *name)
+ {
+ int found = 0;
+ long recstart = 0;
+- char *cp, *ht = NULL;
+- struct stat statbuf;
+-
+- /* Open SKEYKEYS if it exists, else return an error */
+- if (stat(SKEYKEYS, &statbuf) == 0 &&
+- (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) {
+- if ((statbuf.st_mode & 0007777) != 0600)
+- fchmod(fileno(mp->keyfile), 0600);
+- } else {
+- return(-1);
+- }
++ const char *ht = NULL;
++ char *last;
+
++ if(!(mp->keyfile = openskey()))
++ return -1;
++
+ /* Look up user name in database */
+ while (!feof(mp->keyfile)) {
++ char *cp;
+ recstart = ftell(mp->keyfile);
+ mp->recstart = recstart;
+ if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
+@@ -148,22 +154,22 @@
+ rip(mp->buf);
+ if (mp->buf[0] == '#')
+ continue; /* Comment */
+- if ((mp->logname = strtok(mp->buf, " \t")) == NULL)
++ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
+ continue;
+- if ((cp = strtok(NULL, " \t")) == NULL)
++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
+ continue;
+ /* Save hash type if specified, else use md4 */
+- if (isalpha(*cp)) {
++ if (isalpha((u_char) *cp)) {
+ ht = cp;
+- if ((cp = strtok(NULL, " \t")) == NULL)
++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
+ continue;
+ } else {
+ ht = "md4";
+ }
+ mp->n = atoi(cp);
+- if ((mp->seed = strtok(NULL, " \t")) == NULL)
++ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
+ continue;
+- if ((mp->val = strtok(NULL, " \t")) == NULL)
++ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
+ continue;
+ if (strcmp(mp->logname, name) == 0) {
+ found = 1;
+@@ -171,7 +177,7 @@
+ }
+ }
+ if (found) {
+- (void)fseek(mp->keyfile, recstart, SEEK_SET);
++ fseek(mp->keyfile, recstart, SEEK_SET);
+ /* Set hash type */
+ if (ht && skey_set_algorithm(ht) == NULL) {
+ warnx("Unknown hash algorithm %s, using %s", ht,
+@@ -189,27 +195,21 @@
+ * 0: next entry found and stored in mp
+ * 1: no more entries, file R/W pointer positioned at EOF
+ */
+-int
+-skeygetnext(mp)
+- struct skey *mp;
++int skeygetnext(struct skey *mp)
+ {
+ long recstart = 0;
+- char *cp;
+- struct stat statbuf;
++ char *last;
+
+ /* Open SKEYKEYS if it exists, else return an error */
+ if (mp->keyfile == NULL) {
+- if (stat(SKEYKEYS, &statbuf) == 0 &&
+- (mp->keyfile = fopen(SKEYKEYS, "r+")) != NULL) {
+- if ((statbuf.st_mode & 0007777) != 0600)
+- fchmod(fileno(mp->keyfile), 0600);
+- } else {
+- return(-1);
+- }
++ if(!(mp->keyfile = openskey()))
++ return -1;
+ }
+
+ /* Look up next user in database */
+ while (!feof(mp->keyfile)) {
++ char *cp;
++
+ recstart = ftell(mp->keyfile);
+ mp->recstart = recstart;
+ if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf)
+@@ -217,19 +217,19 @@
+ rip(mp->buf);
+ if (mp->buf[0] == '#')
+ continue; /* Comment */
+- if ((mp->logname = strtok(mp->buf, " \t")) == NULL)
++ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
+ continue;
+- if ((cp = strtok(NULL, " \t")) == NULL)
++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
+ continue;
+ /* Save hash type if specified, else use md4 */
+- if (isalpha(*cp)) {
+- if ((cp = strtok(NULL, " \t")) == NULL)
++ if (isalpha((u_char) *cp)) {
++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
+ continue;
+ }
+ mp->n = atoi(cp);
+- if ((mp->seed = strtok(NULL, " \t")) == NULL)
++ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
+ continue;
+- if ((mp->val = strtok(NULL, " \t")) == NULL)
++ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
+ continue;
+ /* Got a real entry */
+ break;
+@@ -246,10 +246,7 @@
+ *
+ * The database file is always closed by this call.
+ */
+-int
+-skeyverify(mp, response)
+- struct skey *mp;
+- char *response;
++int skeyverify(struct skey *mp, char *response)
+ {
+ char key[SKEY_BINKEY_SIZE];
+ char fkey[SKEY_BINKEY_SIZE];
+@@ -257,29 +254,31 @@
+ time_t now;
+ struct tm *tm;
+ char tbuf[27];
+- char *cp;
++ char *cp, *last;
+ int i, rval;
+
+ time(&now);
+ tm = localtime(&now);
+- (void)strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
++ strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm);
+
+ if (response == NULL) {
+- (void)fclose(mp->keyfile);
+- return(-1);
++ fclose(mp->keyfile);
++ mp->keyfile = NULL;
++ return -1;
+ }
+ rip(response);
+
+ /* Convert response to binary */
+ if (etob(key, response) != 1 && atob8(key, response) != 0) {
+ /* Neither english words or ascii hex */
+- (void)fclose(mp->keyfile);
+- return(-1);
++ fclose(mp->keyfile);
++ mp->keyfile = NULL;
++ return -1;
+ }
+
+ /* Compute fkey = f(key) */
+- (void)memcpy(fkey, key, sizeof(key));
+- (void)fflush(stdout);
++ memcpy(fkey, key, sizeof(key));
++ fflush(stdout);
+ f(fkey);
+
+ /*
+@@ -298,26 +297,33 @@
+ }
+
+ /* Reread the file record NOW */
+- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
++ fseek(mp->keyfile, mp->recstart, SEEK_SET);
+ if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) {
+- (void)fclose(mp->keyfile);
+- return(-1);
++ fclose(mp->keyfile);
++ mp->keyfile = NULL;
++ return -1;
+ }
+ rip(mp->buf);
+- mp->logname = strtok(mp->buf, " \t");
+- cp = strtok(NULL, " \t") ;
+- if (isalpha(*cp))
+- cp = strtok(NULL, " \t") ;
+- mp->seed = strtok(NULL, " \t");
+- mp->val = strtok(NULL, " \t");
++ if ((mp->logname = strtok_r(mp->buf, " \t", &last)) == NULL)
++ goto verify_failure;
++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
++ goto verify_failure;
++ if (isalpha((u_char) *cp))
++ if ((cp = strtok_r(NULL, " \t", &last)) == NULL)
++ goto verify_failure;
++ if ((mp->seed = strtok_r(NULL, " \t", &last)) == NULL)
++ goto verify_failure;
++ if ((mp->val = strtok_r(NULL, " \t", &last)) == NULL)
++ goto verify_failure;
+ /* And convert file value to hex for comparison */
+ atob8(filekey, mp->val);
+
+ /* Do actual comparison */
+ if (memcmp(filekey, fkey, SKEY_BINKEY_SIZE) != 0){
+ /* Wrong response */
+- (void)fclose(mp->keyfile);
+- return(1);
++ fclose(mp->keyfile);
++ mp->keyfile = NULL;
++ return 1;
+ }
+
+ /*
+@@ -327,19 +333,24 @@
+ */
+ btoa8(mp->val,key);
+ mp->n--;
+- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
++ fseek(mp->keyfile, mp->recstart, SEEK_SET);
+ /* Don't save algorithm type for md4 (keep record length same) */
+ if (strcmp(skey_get_algorithm(), "md4") == 0)
+- (void)fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
++ fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n",
+ mp->logname, mp->n, mp->seed, mp->val, tbuf);
+ else
+- (void)fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
++ fprintf(mp->keyfile, "%s %s %04d %-16s %s %-21s\n",
+ mp->logname, skey_get_algorithm(), mp->n,
+ mp->seed, mp->val, tbuf);
+
+- (void)fclose(mp->keyfile);
+-
+- return(0);
++ fclose(mp->keyfile);
++ mp->keyfile = NULL;
++ return 0;
++
++ verify_failure:
++ fclose(mp->keyfile);
++ mp->keyfile = NULL;
++ return -1;
+ }
+
+ /*
+@@ -348,13 +359,18 @@
+ * Returns: 1 user doesnt exist, -1 fle error, 0 user exists.
+ *
+ */
+-int
+-skey_haskey(username)
+- char *username;
++int skey_haskey(const char *username)
+ {
+ struct skey skey;
++ int i;
++
++ i = skeylookup(&skey, username);
+
+- return(skeylookup(&skey, username));
++ if (skey.keyfile != NULL) {
++ fclose(skey.keyfile);
++ skey.keyfile = NULL;
++ }
++ return i;
+ }
+
+ /*
+@@ -364,19 +380,21 @@
+ * seed for the passed user.
+ *
+ */
+-char *
+-skey_keyinfo(username)
+- char *username;
++const char *skey_keyinfo(const char *username)
+ {
+ int i;
+ static char str[SKEY_MAX_CHALLENGE];
+ struct skey skey;
+
+- i = skeychallenge(&skey, username, str);
++ i = skeychallenge(&skey, username, str, sizeof str);
+ if (i == -1)
+- return(0);
++ return 0;
+
+- return(str);
++ if (skey.keyfile != NULL) {
++ fclose(skey.keyfile);
++ skey.keyfile = NULL;
++ }
++ return str;
+ }
+
+ /*
+@@ -388,40 +406,38 @@
+ * Returns: 0 success, -1 failure
+ *
+ */
+-int
+-skey_passcheck(username, passwd)
+- char *username, *passwd;
++int skey_passcheck(const char *username, char *passwd)
+ {
+ int i;
+ struct skey skey;
+
+ i = skeylookup(&skey, username);
+ if (i == -1 || i == 1)
+- return(-1);
++ return -1;
+
+ if (skeyverify(&skey, passwd) == 0)
+- return(skey.n);
++ return skey.n;
+
+- return(-1);
++ return -1;
+ }
+
++#if DO_FAKE_CHALLENGE
+ #define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
+ ((x)[3]))
+
+ /*
+ * hash_collapse()
+ */
+-static u_int32_t
+-hash_collapse(s)
+- u_char *s;
++static u_int32_t hash_collapse(u_char *s)
+ {
+- int len, target;
++ int len, target, slen;
+ u_int32_t i;
+-
+- if ((strlen(s) % sizeof(u_int32_t)) == 0)
+- target = strlen(s); /* Multiple of 4 */
++
++ slen = strlen((char *)s);
++ if ((slen % sizeof(u_int32_t)) == 0)
++ target = slen; /* Multiple of 4 */
+ else
+- target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
++ target = slen - slen % sizeof(u_int32_t);
+
+ for (i = 0, len = 0; len < target; len += 4)
+ i ^= ROUND(s + len);
+@@ -429,6 +445,8 @@
+ return i;
+ }
+
++#endif
++
+ /*
+ * skey_authenticate()
+ *
+@@ -438,22 +456,22 @@
+ * Returns: 0 success, -1 failure
+ *
+ */
+-int
+-skey_authenticate(username)
+- char *username;
++int skey_authenticate(const char *username)
+ {
+ int i;
++ char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
++ struct skey skey;
++#if DO_FAKE_CHALLENGE
+ u_int ptr;
+ u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
+- char pbuf[SKEY_MAX_PW_LEN+1], skeyprompt[SKEY_MAX_CHALLENGE+1];
+- char *secret;
+ size_t secretlen;
+- struct skey skey;
+ SHA1_CTX ctx;
+-
++#endif
++
+ /* Attempt an S/Key challenge */
+- i = skeychallenge(&skey, username, skeyprompt);
++ i = skeychallenge(&skey, username, skeyprompt, sizeof skeyprompt);
+
++#if DO_FAKE_CHALLENGE
+ /* Cons up a fake prompt if no entry in keys file */
+ if (i != 0) {
+ char *p, *u;
+@@ -465,11 +483,11 @@
+ if (gethostname(pbuf, sizeof(pbuf)) == -1)
+ *(p = pbuf) = '.';
+ else
+- for (p = pbuf; *p && isalnum(*p); p++)
+- if (isalpha(*p) && isupper(*p))
+- *p = tolower(*p);
++ for (p = pbuf; *p && isalnum((u_char)*p); p++)
++ if (isalpha((u_char)*p) && isupper((u_char)*p))
++ *p = tolower((u_char)*p);
+ if (*p && pbuf - p < 4)
+- (void)strncpy(p, "asjd", 4 - (pbuf - p));
++ strncpy(p, "asjd", 4 - (pbuf - p));
+ pbuf[4] = '\0';
+
+ /* Hash the username if possible */
+@@ -490,6 +508,7 @@
+ SEEK_SET) != -1 && read(fd, hseed,
+ SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
+ close(fd);
++ fd = -1;
+ secret = hseed;
+ secretlen = SKEY_MAX_SEED_LEN;
+ flg = 0;
+@@ -499,6 +518,8 @@
+ secretlen = strlen(secret);
+ flg = 0;
+ }
++ if (fd != -1)
++ close(fd);
+ }
+
+ /* Put that in your pipe and smoke it */
+@@ -531,7 +552,7 @@
+ memset(up, 0, 20); /* SHA1 specific */
+ free(up);
+
+- (void)sprintf(skeyprompt,
++ sprintf(skeyprompt,
+ "otp-%.*s %d %.*s",
+ SKEY_MAX_HASHNAME_LEN,
+ skey_get_algorithm(),
+@@ -554,29 +575,30 @@
+ } while (--i != 0);
+ pbuf[12] = '\0';
+
+- (void)sprintf(skeyprompt, "otp-%.*s %d %.*s",
++ sprintf(skeyprompt, "otp-%.*s %d %.*s",
+ SKEY_MAX_HASHNAME_LEN,
+ skey_get_algorithm(),
+ 99, SKEY_MAX_SEED_LEN, pbuf);
+ }
+ }
++#endif
+
+- (void)fprintf(stderr, "%s\n", skeyprompt);
+- (void)fflush(stderr);
++ fprintf(stderr, "[%s]\n", skeyprompt);
++ fflush(stderr);
+
+- (void)fputs("Response: ", stderr);
++ fputs("Response: ", stderr);
+ readskey(pbuf, sizeof(pbuf));
+
+ /* Is it a valid response? */
+ if (i == 0 && skeyverify(&skey, pbuf) == 0) {
+ if (skey.n < 5) {
+- (void)fprintf(stderr,
++ fprintf(stderr,
+ "\nWarning! Key initialization needed soon. (%d logins left)\n",
+ skey.n);
+ }
+- return(0);
++ return 0;
+ }
+- return(-1);
++ return -1;
+ }
+
+ /* Comment out user's entry in the s/key database
+@@ -587,22 +609,21 @@
+ *
+ * The database file is always closed by this call.
+ */
+-int
+-skeyzero(mp, response)
+- struct skey *mp;
+- char *response;
++int skeyzero(struct skey *mp, char *response)
+ {
+ /*
+ * Seek to the right place and write comment character
+ * which effectively zero's out the entry.
+ */
+- (void)fseek(mp->keyfile, mp->recstart, SEEK_SET);
++ fseek(mp->keyfile, mp->recstart, SEEK_SET);
+ if (fputc('#', mp->keyfile) == EOF) {
+ fclose(mp->keyfile);
+- return(-1);
++ mp->keyfile = NULL;
++ return -1;
+ }
+
+- (void)fclose(mp->keyfile);
++ fclose(mp->keyfile);
++ mp->keyfile = NULL;
+
+- return(0);
++ return 0;
+ }
+--- skey-1.1.5.orig/skeyprune.8 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skeyprune.8 2003-11-06 17:46:45.000000000 +0000
+@@ -13,7 +13,7 @@
+ .Sh DESCRIPTION
+ .Nm skeyprune
+ searches through the file
+-.Dq Pa /etc/skeykeys
++.Dq Pa /etc/skey/skeykeys
+ and prunes out users who have zeroed their entries via
+ .Xr skeyinit 1
+ as well as entries that have not been modified in
+@@ -22,8 +22,8 @@
+ .Ar days
+ is not specified only commented out entries are pruned.
+ .Sh FILES
+-.Bl -tag -width /etc/skeykeys -compact
+-.It Pa /etc/skeykeys
++.Bl -tag -width /etc/skey/skeykeys -compact
++.It Pa /etc/skey/skeykeys
+ S/Key key information database
+ .El
+ .Sh SEE ALSO
+@@ -33,7 +33,7 @@
+ Since
+ .Nm skeyprune
+ rewrites
+-.Dq Pa /etc/skeykeys ,
++.Dq Pa /etc/skey/skeykeys ,
+ there is a window where S/Key changes could get lost.
+ It is therefore suggested that
+ .Nm skeyprune
+--- skey-1.1.5.orig/skeysubr.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/skeysubr.c 2003-11-06 17:46:45.000000000 +0000
+@@ -40,11 +40,6 @@
+ #else
+ #include "sha1.h"
+ #endif
+-#ifdef HAVE_RMD160_H
+-#include <rmd160.h>
+-#else
+-#include "rmd160.h"
+-#endif
+
+ #include "skey.h"
+
+@@ -53,17 +48,18 @@
+ #define SKEY_HASH_DEFAULT 1
+ #endif
+
+-static void f_md4 __P((char *x));
+-static void f_md5 __P((char *x));
+-static void f_sha1 __P((char *x));
+-static void f_rmd160 __P((char *x));
+-static int keycrunch_md4 __P((char *result, char *seed, char *passwd));
+-static int keycrunch_md5 __P((char *result, char *seed, char *passwd));
+-static int keycrunch_sha1 __P((char *result, char *seed, char *passwd));
+-static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd));
+-static void lowcase __P((char *s));
+-static void skey_echo __P((int action));
+-static void trapped __P((int sig));
++static void f_md4 __P((char *));
++static void f_md5 __P((char *));
++static void f_sha1 __P((char *));
++/* static void f_rmd160 __P((char *x)); */
++static int keycrunch_md4 __P((char *, const char *, const char *));
++static int keycrunch_md5 __P((char *, const char *, const char *));
++static int keycrunch_sha1 __P((char *, const char *, const char *));
++/* static int keycrunch_rmd160 __P((char *result, char *seed, char *passwd)); */
++static void lowcase __P((char *));
++static void skey_echo __P((int));
++static void trapped __P((int));
++static char *mkseedpassword(const char *, const char *, size_t *);
+
+ /* Current hash type (index into skey_hash_types array) */
+ static int skey_hash_type = SKEY_HASH_DEFAULT;
+@@ -72,17 +68,16 @@
+ * Hash types we support.
+ * Each has an associated keycrunch() and f() function.
+ */
+-#define SKEY_ALGORITH_LAST 4
+ struct skey_algorithm_table {
+ const char *name;
+- int (*keycrunch) (char *, char *, char *);
+- void (*f) (char *);
++ int (*keycrunch) __P((char *, const char *, const char *));
++ void (*f) __P((char *));
+ };
+ static struct skey_algorithm_table skey_algorithm_table[] = {
+ { "md4", keycrunch_md4, f_md4 },
+ { "md5", keycrunch_md5, f_md5 },
+ { "sha1", keycrunch_sha1, f_sha1 },
+- { "rmd160", keycrunch_rmd160, f_rmd160 }
++ { NULL }
+ };
+
+
+@@ -91,242 +86,172 @@
+ * concatenate the seed and the password, run through MD4/5 and
+ * collapse to 64 bits. This is defined as the user's starting key.
+ */
+-int
+-keycrunch(result, seed, passwd)
+- char *result; /* SKEY_BINKEY_SIZE result */
+- char *seed; /* Seed, any length */
+- char *passwd; /* Password, any length */
++int keycrunch(char *result, const char *seed, const char *passwd)
+ {
+ return(skey_algorithm_table[skey_hash_type].keycrunch(result, seed, passwd));
+ }
+
+-static int
+-keycrunch_md4(result, seed, passwd)
+- char *result; /* SKEY_BINKEY_SIZE result */
+- char *seed; /* Seed, any length */
+- char *passwd; /* Password, any length */
++static char *mkseedpassword(const char *seed, const char *passwd, size_t *buflen)
+ {
+ char *buf;
+- MD4_CTX md;
+- u_int32_t results[4];
+- unsigned int buflen;
+
+- buflen = strlen(seed) + strlen(passwd);
+- if ((buf = (char *)malloc(buflen+1)) == NULL)
+- return(-1);
+- (void)strcpy(buf, seed);
++ *buflen = strlen(seed) + strlen(passwd);
++ if ((buf = (char *) malloc(*buflen + 1)) == NULL)
++ return NULL;
++ strcpy(buf, seed);
+ lowcase(buf);
+- (void)strcat(buf, passwd);
++ strcat(buf, passwd);
++ sevenbit(buf);
++
++ return buf;
++}
+
++static int keycrunch_md4(char *result, const char *seed, const char *passwd)
++{
++ char *buf;
++ MD4_CTX md;
++ size_t buflen;
++ u_int32_t results[4];
++
++ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
++ return -1;
++
+ /* Crunch the key through MD4 */
+- sevenbit(buf);
+ MD4Init(&md);
+ MD4Update(&md, (unsigned char *)buf, buflen);
+- MD4Final((unsigned char *)results, &md);
+- (void)free(buf);
++ MD4Final((unsigned char *) (void *) results, &md);
++ free(buf);
+
+ /* Fold result from 128 to 64 bits */
+ results[0] ^= results[2];
+ results[1] ^= results[3];
+
+- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
++ memcpy(result, results, SKEY_BINKEY_SIZE);
+
+- return(0);
++ return 0;
+ }
+
+-static int
+-keycrunch_md5(result, seed, passwd)
+- char *result; /* SKEY_BINKEY_SIZE result */
+- char *seed; /* Seed, any length */
+- char *passwd; /* Password, any length */
++static int keycrunch_md5(char *result, const char *seed, const char *passwd)
+ {
+ char *buf;
+ MD5_CTX md;
+ u_int32_t results[4];
+- unsigned int buflen;
++ size_t buflen;
+
+- buflen = strlen(seed) + strlen(passwd);
+- if ((buf = (char *)malloc(buflen+1)) == NULL)
+- return(-1);
+- (void)strcpy(buf, seed);
+- lowcase(buf);
+- (void)strcat(buf, passwd);
++ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
++ return -1;
+
+ /* Crunch the key through MD5 */
+- sevenbit(buf);
+ MD5Init(&md);
+ MD5Update(&md, (unsigned char *)buf, buflen);
+- MD5Final((unsigned char *)results, &md);
+- (void)free(buf);
++ MD5Final((unsigned char *) (void *)results, &md);
++ free(buf);
+
+ /* Fold result from 128 to 64 bits */
+ results[0] ^= results[2];
+ results[1] ^= results[3];
+
+- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
++ memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+
+ return(0);
+ }
+
+-static int
+-keycrunch_sha1(result, seed, passwd)
+- char *result; /* SKEY_BINKEY_SIZE result */
+- char *seed; /* Seed, any length */
+- char *passwd; /* Password, any length */
++static int keycrunch_sha1(char *result, const char *seed, const char *passwd)
+ {
+ char *buf;
+ SHA1_CTX sha;
+- u_int32_t results[5];
+- unsigned int buflen;
+-
+- buflen = strlen(seed) + strlen(passwd);
+- if ((buf = (char *)malloc(buflen+1)) == NULL)
+- return(-1);
+- (void)strcpy(buf, seed);
+- lowcase(buf);
+- (void)strcat(buf, passwd);
++ size_t buflen;
++ int i, j;
+
++ if ((buf = mkseedpassword(seed, passwd, &buflen)) == NULL)
++ return -1;
++
+ /* Crunch the key through SHA1 */
+- sevenbit(buf);
+ SHA1Init(&sha);
+ SHA1Update(&sha, (unsigned char *)buf, buflen);
+- SHA1Final((unsigned char *)results, &sha);
+- (void)free(buf);
++ SHA1Final(NULL, &sha);
++ free(buf);
+
+ /* Fold 160 to 64 bits */
+- results[0] ^= results[2];
+- results[1] ^= results[3];
+- results[0] ^= results[4];
+-
+- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
+-
+- return(0);
+-}
+-
+-static int
+-keycrunch_rmd160(result, seed, passwd)
+- char *result; /* SKEY_BINKEY_SIZE result */
+- char *seed; /* Seed, any length */
+- char *passwd; /* Password, any length */
+-{
+- char *buf;
+- RMD160_CTX rmd;
+- u_int32_t results[5];
+- unsigned int buflen;
+-
+- buflen = strlen(seed) + strlen(passwd);
+- if ((buf = (char *)malloc(buflen+1)) == NULL)
+- return(-1);
+- (void)strcpy(buf, seed);
+- lowcase(buf);
+- (void)strcat(buf, passwd);
+-
+- /* Crunch the key through RMD-160 */
+- sevenbit(buf);
+- RMD160Init(&rmd);
+- RMD160Update(&rmd, (unsigned char *)buf, buflen);
+- RMD160Final((unsigned char *)results, &rmd);
+- (void)free(buf);
+-
+- /* Fold 160 to 64 bits */
+- results[0] ^= results[2];
+- results[1] ^= results[3];
+- results[0] ^= results[4];
+-
+- (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE);
++ sha.state[0] ^= sha.state[2];
++ sha.state[1] ^= sha.state[3];
++ sha.state[0] ^= sha.state[4];
++
++ for (i=j=0; j<8; i++, j+=4) {
++ result[j] = (unsigned char)(sha.state[i] & 0xff);
++ result[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff);
++ result[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff);
++ result[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff);
++ }
+
+- return(0);
++ return 0;
+ }
+
+ /*
+ * The one-way function f().
+ * Takes SKEY_BINKEY_SIZE bytes and returns SKEY_BINKEY_SIZE bytes in place.
+ */
+-void
+-f(x)
+- char *x;
++void f(char *x)
+ {
+ skey_algorithm_table[skey_hash_type].f(x);
+ }
+
+-static void
+-f_md4(x)
+- char *x;
++static void f_md4(char *x)
+ {
+ MD4_CTX md;
+ u_int32_t results[4];
+
+ MD4Init(&md);
+ MD4Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
+- MD4Final((unsigned char *)results, &md);
++ MD4Final((unsigned char *) (void *) results, &md);
+
+ /* Fold 128 to 64 bits */
+ results[0] ^= results[2];
+ results[1] ^= results[3];
+
+- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
++ memcpy(x, results, SKEY_BINKEY_SIZE);
+ }
+
+-static void
+-f_md5(x)
+- char *x;
++static void f_md5(char *x)
+ {
+ MD5_CTX md;
+ u_int32_t results[4];
+
+ MD5Init(&md);
+ MD5Update(&md, (unsigned char *)x, SKEY_BINKEY_SIZE);
+- MD5Final((unsigned char *)results, &md);
++ MD5Final((unsigned char *) (void *) results, &md);
+
+ /* Fold 128 to 64 bits */
+ results[0] ^= results[2];
+ results[1] ^= results[3];
+
+- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
++ memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+ }
+
+-static void
+-f_sha1(x)
+- char *x;
++static void f_sha1(char *x)
+ {
+ SHA1_CTX sha;
+- u_int32_t results[5];
++ int i, j;
+
+ SHA1Init(&sha);
+ SHA1Update(&sha, (unsigned char *)x, SKEY_BINKEY_SIZE);
+- SHA1Final((unsigned char *)results, &sha);
++ SHA1Final(NULL, &sha);
+
+ /* Fold 160 to 64 bits */
+- results[0] ^= results[2];
+- results[1] ^= results[3];
+- results[0] ^= results[4];
+-
+- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
+-}
+-
+-static void
+-f_rmd160(x)
+- char *x;
+-{
+- RMD160_CTX rmd;
+- u_int32_t results[5];
+-
+- RMD160Init(&rmd);
+- RMD160Update(&rmd, (unsigned char *)x, SKEY_BINKEY_SIZE);
+- RMD160Final((unsigned char *)results, &rmd);
+-
+- /* Fold 160 to 64 bits */
+- results[0] ^= results[2];
+- results[1] ^= results[3];
+- results[0] ^= results[4];
+-
+- (void)memcpy((void *)x, (void *)results, SKEY_BINKEY_SIZE);
++ sha.state[0] ^= sha.state[2];
++ sha.state[1] ^= sha.state[3];
++ sha.state[0] ^= sha.state[4];
++
++ for (i=j=0; j<8; i++, j+=4) {
++ x[j] = (unsigned char)(sha.state[i] & 0xff);
++ x[j+1] = (unsigned char)((sha.state[i] >> 8) & 0xff);
++ x[j+2] = (unsigned char)((sha.state[i] >> 16) & 0xff);
++ x[j+3] = (unsigned char)((sha.state[i] >> 24) & 0xff);
++ }
+ }
+
+ /* Strip trailing cr/lf from a line of text */
+-void
+-rip(buf)
+- char *buf;
++void rip(char *buf)
+ {
+ buf += strcspn(buf, "\r\n");
+
+@@ -335,12 +260,9 @@
+ }
+
+ /* Read in secret password (turns off echo) */
+-char *
+-readpass(buf, n)
+- char *buf;
+- int n;
++char *readpass(char *buf, int n)
+ {
+- void (*old_handler) ();
++ void *old_handler;
+
+ /* Turn off echoing */
+ skey_echo(0);
+@@ -348,131 +270,114 @@
+ /* Catch SIGINT and save old signal handler */
+ old_handler = signal(SIGINT, trapped);
+
+- (void)fgets(buf, n, stdin);
++ fgets(buf, n, stdin);
+ rip(buf);
+
+- (void)putc('\n', stderr);
+- (void)fflush(stderr);
++ putc('\n', stderr);
++ fflush(stderr);
+
+ /* Restore signal handler and turn echo back on */
+ if (old_handler != SIG_ERR)
+- (void)signal(SIGINT, old_handler);
++ signal(SIGINT, old_handler);
+ skey_echo(1);
+
+ sevenbit(buf);
+
+- return(buf);
++ return buf;
+ }
+
+ /* Read in an s/key OTP (does not turn off echo) */
+-char *
+-readskey(buf, n)
+- char *buf;
+- int n;
++char *readskey(char *buf, int n)
+ {
+- (void)fgets(buf, n, stdin);
++ fgets(buf, n, stdin);
+ rip(buf);
+
+ sevenbit(buf);
+
+- return(buf);
++ return buf;
+ }
+
+ /* Signal handler for trapping ^C */
+-static void
+-trapped(sig)
+- int sig;
++static void trapped(int sig)
+ {
+- (void)fputs("^C\n", stderr);
+- (void)fflush(stderr);
++ fputs("^C\n", stderr);
++ fflush(stderr);
+
+- /* Turn on echo if necesary */
++ /* Turn on echo if necemassary */
+ skey_echo(1);
+
+- exit(-1);
++ exit(1);
+ }
+
+ /*
+ * Convert 8-byte hex-ascii string to binary array
+ * Returns 0 on success, -1 on error
+ */
+-int
+-atob8(out, in)
+- register char *out;
+- register char *in;
++int atob8(char *out, const char *in)
+ {
+- register int i;
+- register int val;
++ int i;
++ int val;
+
+ if (in == NULL || out == NULL)
+- return(-1);
++ return -1;
+
+ for (i=0; i < 8; i++) {
+ if ((in = skipspace(in)) == NULL)
+- return(-1);
++ return -1;
+ if ((val = htoi(*in++)) == -1)
+- return(-1);
++ return -1;
+ *out = val << 4;
+
+ if ((in = skipspace(in)) == NULL)
+- return(-1);
++ return -1;
+ if ((val = htoi(*in++)) == -1)
+- return(-1);
++ return -1;
+ *out++ |= val;
+ }
+- return(0);
++ return 0;
+ }
+
+ /* Convert 8-byte binary array to hex-ascii string */
+-int
+-btoa8(out, in)
+- register char *out;
+- register char *in;
++int btoa8(char *out, const char *in)
+ {
+- register int i;
++ int i;
+
+ if (in == NULL || out == NULL)
+- return(-1);
++ return -1;
+
+ for (i=0; i < 8; i++) {
+- (void)sprintf(out, "%02x", *in++ & 0xff);
++ sprintf(out, "%02x", *in++ & 0xff);
+ out += 2;
+ }
+- return(0);
++ return 0;
+ }
+
+ /* Convert hex digit to binary integer */
+-int
+-htoi(c)
+- register int c;
++int htoi(int c)
+ {
+ if ('0' <= c && c <= '9')
+- return(c - '0');
++ return c - '0';
+ if ('a' <= c && c <= 'f')
+- return(10 + c - 'a');
++ return 10 + c - 'a';
+ if ('A' <= c && c <= 'F')
+- return(10 + c - 'A');
+- return(-1);
++ return 10 + c - 'A';
++ return -1;
+ }
+
+ /* Skip leading spaces from the string */
+-char *
+-skipspace(cp)
+- register char *cp;
++const char *skipspace(const char *cp)
+ {
+ while (*cp == ' ' || *cp == '\t')
+ cp++;
+
+ if (*cp == '\0')
+- return(NULL);
++ return NULL;
+ else
+- return(cp);
++ return cp;
+ }
+
+ /* Remove backspaced over characters from the string */
+-void
+-backspace(buf)
+- char *buf;
++void backspace(char *buf)
+ {
+ char bs = 0x8;
+ char *cp = buf;
+@@ -496,77 +401,68 @@
+ }
+
+ /* Make sure line is all seven bits */
+-void
+-sevenbit(s)
+- char *s;
++void sevenbit(char *s)
+ {
+ while (*s)
+ *s++ &= 0x7f;
+ }
+
+ /* Set hash algorithm type */
+-char *
+-skey_set_algorithm(new)
+- char *new;
++const char *skey_set_algorithm(const char *new)
+ {
+ int i;
+
+- for (i = 0; i < SKEY_ALGORITH_LAST; i++) {
++ for (i = 0; skey_algorithm_table[i].name; i++) {
+ if (strcmp(new, skey_algorithm_table[i].name) == 0) {
+ skey_hash_type = i;
+- return(new);
++ return new;
+ }
+ }
+
+- return(NULL);
++ return NULL;
+ }
+
+ /* Get current hash type */
+-const char *
+-skey_get_algorithm()
++const char *skey_get_algorithm()
+ {
+ return(skey_algorithm_table[skey_hash_type].name);
+ }
+
+ /* Turn echo on/off */
+-static void
+-skey_echo(action)
+- int action;
++static void skey_echo(int action)
+ {
+ static struct termios term;
+ static int echo = 0;
+
+ if (action == 0) {
+ /* Turn echo off */
+- (void) tcgetattr(fileno(stdin), &term);
++ tcgetattr(fileno(stdin), &term);
+ if ((echo = (term.c_lflag & ECHO))) {
+ term.c_lflag &= ~ECHO;
+ #ifdef TCSASOFT
+- (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
++ tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
+ #else
+- (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term);
++ tcsetattr(fileno(stdin), TCSAFLUSH, &term);
+ #endif
+ }
+ } else if (action && echo) {
+ /* Turn echo on */
+ term.c_lflag |= ECHO;
+ #ifdef TCSASOFT
+- (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
++ tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term);
+ #else
+- (void) tcsetattr(fileno(stdin), TCSAFLUSH, &term);
++ tcsetattr(fileno(stdin), TCSAFLUSH, &term);
+ #endif
+ echo = 0;
+ }
+ }
+
+ /* Convert string to lower case */
+-static void
+-lowcase(s)
+- char *s;
++static void lowcase(char *s)
+ {
+- char *p;
++ u_char *p;
+
+- for (p = s; *p; p++)
++ for (p = (u_char *) s; *p; p++)
+ if (isupper(*p))
+ *p = tolower(*p);
+ }
+--- skey-1.1.5.orig/strlcpy.c 2001-05-10 17:10:49.000000000 +0100
++++ skey-1.1.5/strlcpy.c 1970-01-01 01:00:00.000000000 +0100
+@@ -1,72 +0,0 @@
+-/* $OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $ */
+-
+-/*
+- * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+- * All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- * 3. The name of the author may not be used to endorse or promote products
+- * derived from this software without specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+- */
+-#include "config.h"
+-#ifndef HAVE_STRLCPY
+-
+-#if defined(LIBC_SCCS) && !defined(lint)
+-static char *rcsid = "$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $";
+-#endif /* LIBC_SCCS and not lint */
+-
+-#include <sys/types.h>
+-#include <string.h>
+-
+-/*
+- * Copy src to string dst of size siz. At most siz-1 characters
+- * will be copied. Always NUL terminates (unless siz == 0).
+- * Returns strlen(src); if retval >= siz, truncation occurred.
+- */
+-size_t strlcpy(dst, src, siz)
+- char *dst;
+- const char *src;
+- size_t siz;
+-{
+- register char *d = dst;
+- register const char *s = src;
+- register size_t n = siz;
+-
+- /* Copy as many bytes as will fit */
+- if (n != 0 && --n != 0) {
+- do {
+- if ((*d++ = *s++) == 0)
+- break;
+- } while (--n != 0);
+- }
+-
+- /* Not enough room in dst, add NUL and traverse rest of src */
+- if (n == 0) {
+- if (siz != 0)
+- *d = '\0'; /* NUL-terminate dst */
+- while (*s++)
+- ;
+- }
+-
+- return(s - src - 1); /* count does not include NUL */
+-}
+-
+-#endif
diff --git a/patchsets/skey/1.1.5/02_all_login_name_max.patch b/patchsets/skey/1.1.5/02_all_login_name_max.patch
new file mode 100644
index 0000000..55bd36b
--- /dev/null
+++ b/patchsets/skey/1.1.5/02_all_login_name_max.patch
@@ -0,0 +1,18 @@
+https://bugs.gentoo.org/33315
+glibc 2.2.x does not define LOGIN_NAME_MAX
+ (12 Nov 2003) -taviso@gentoo.org
+
+--- skey-1.1.5.orig/skeyinit.c
++++ skey-1.1.5/skeyinit.c
+@@ -62,6 +62,11 @@
+ #define SKEY_NAMELEN 4
+ #endif
+
++/* #33315 */
++#ifndef LOGIN_NAME_MAX
++#define LOGIN_NAME_MAX 256
++#endif
++
+ int main __P((int, char **));
+
+ int main(int argc, char **argv)
diff --git a/patchsets/skey/1.1.5/03_all_fPIC.patch b/patchsets/skey/1.1.5/03_all_fPIC.patch
new file mode 100644
index 0000000..8a91192
--- /dev/null
+++ b/patchsets/skey/1.1.5/03_all_fPIC.patch
@@ -0,0 +1,12 @@
+--- skey-1.1.5-orig/Makefile.in
++++ skey-1.1.5/Makefile.in
+@@ -50,6 +50,9 @@
+
+ ${LIBOBJS}: config.h
+
++${LIBOBJS}: %.o: %.c
++ ${CC} ${CFLAGS} -fPIC -c $< -o $@
++
+ libskey.a: ${LIBOBJS}
+ ${AR} rv $@ ${LIBOBJS}
+ ${RANLIB} $@
diff --git a/patchsets/skey/1.1.5/04_all_bind-now.patch b/patchsets/skey/1.1.5/04_all_bind-now.patch
new file mode 100644
index 0000000..3a1062d
--- /dev/null
+++ b/patchsets/skey/1.1.5/04_all_bind-now.patch
@@ -0,0 +1,15 @@
+--- skey-1.1.5-orig/Makefile.in
++++ skey-1.1.5/Makefile.in
+@@ -67,10 +67,10 @@
+ ${CC} -o $@ ${SKEYOBJS} ${LDFLAGS} -lskey ${LIBS}
+
+ skeyinit: libskey.so ${SKEYINITOBJS}
+- ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS}
++ ${CC} -o $@ ${SKEYINITOBJS} ${LDFLAGS} -lskey ${LIBS} -Wl,-z,now
+
+ skeyinfo: libskey.so ${SKEYINFOOBJS}
+- ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS}
++ ${CC} -o $@ ${SKEYINFOOBJS} ${LDFLAGS} -lskey ${LIBS} -Wl,-z,now
+
+ ${MANPAGES} ${SCRIPTS}::
+ ${FIXPATHSCMD} ${srcdir}/$@
diff --git a/patchsets/skey/1.1.5/05_all_otp.patch b/patchsets/skey/1.1.5/05_all_otp.patch
new file mode 100644
index 0000000..6f80f74
--- /dev/null
+++ b/patchsets/skey/1.1.5/05_all_otp.patch
@@ -0,0 +1,53 @@
+https://bugs.gentoo.org/71015
+allow invokation as otp-foo.
+ (03 Mar 2005) -taviso.
+
+--- skey-1.1.5.orig/skey.c
++++ skey-1.1.5/skey.c
+@@ -46,6 +46,17 @@
+ char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
+ char buf[33], *seed, *slash, *t;
+
++ /* If we were called as otp-METHOD, set algorithm based on that */
++ if ((slash = strrchr(argv[0], '/')))
++ slash++;
++ else
++ slash = argv[0];
++ if (strncmp(slash, "otp-", 4) == 0) {
++ slash += 4;
++ if (skey_set_algorithm(slash) == NULL)
++ errx(1, "Unknown hash algorithm %s", slash);
++ }
++
+ while ((i = getopt(argc, argv, "fn:p:t:x")) != -1) {
+ switch(i) {
+ case 'f':
+--- skey-1.1.5.orig/skey.1
++++ skey-1.1.5/skey.1
+@@ -6,7 +6,7 @@
+ .Dt SKEY 1
+ .Os
+ .Sh NAME
+-.Nm skey
++.Nm skey, otp-md4, otp-md5, otp-sha1
+ .Nd respond to an OTP challenge
+ .Sh SYNOPSIS
+ .Nm
+@@ -34,6 +34,17 @@
+ or
+ .Xr ftpd 8 .
+ .Pp
++When
++.Nm skey
++is invoked as
++.Nm otp-method ,
++.Nm skey
++will use
++.Ar method
++as the hash function where
++.Ar method
++is currently one of md4, md5, or sha1.
++.Pp
+ Example use of the
+ .Em S/Key
+ program
diff --git a/patchsets/skey/1.1.5/06_all_binary-search.patch b/patchsets/skey/1.1.5/06_all_binary-search.patch
new file mode 100644
index 0000000..90e399c
--- /dev/null
+++ b/patchsets/skey/1.1.5/06_all_binary-search.patch
@@ -0,0 +1,36 @@
+Fix binary search.
+
+--- skey-1.1.5-orig/put.c
++++ skey-1.1.5/put.c
+@@ -2206,27 +2206,17 @@
+ {
+ int i, j;
+
+- for (;;) {
++ while (low <= high) {
+ i = (low + high) / 2;
+
+ if ((j = strncmp(w, Wp[i], 4)) == 0)
+ return i; /* Found it */
+- if (high == low + 1)
+- {
+- /* Avoid effects of integer truncation in /2 */
+- if (strncmp(w, Wp[high], 4) == 0)
+- return high;
+- else
+- return -1;
+- }
+-
+- if (low >= high)
+- return -1; /* I don't *think* this can happen... */
+ if (j < 0)
+- high = i; /* Search lower half */
++ high = i - 1; /* Search lower half */
+ else
+- low = i; /* Search upper half */
++ low = i + 1; /* Search upper half */
+ }
++ return -1;
+ }
+
+ static void insert(char *s, int x, int start, int length)
diff --git a/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch b/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch
new file mode 100644
index 0000000..967eb70
--- /dev/null
+++ b/patchsets/skey/1.1.5/07_all_skeyprune-dir.patch
@@ -0,0 +1,13 @@
+skeyprune won't honour @sysconfdir@
+
+--- skey-1.1.5-orig/skeyprune.pl
++++ skey-1.1.5/skeyprune.pl
+@@ -14,7 +14,7 @@
+ die "Usage: $0 [days]\n" if $#ARGC > 0;
+
+ # Pathnames
+-$keyfile = '/etc/skeykeys';
++$keyfile = '/etc/skey/skeykeys';
+ $temp = "$keyfile.tmp$$";
+
+ # Quick mapping of month name -> number
diff --git a/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch b/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch
new file mode 100644
index 0000000..b5039fa
--- /dev/null
+++ b/patchsets/skey/1.1.5/08_all_skeyprune-regex.patch
@@ -0,0 +1,13 @@
+skeyprune uses a case sensitive regex to check for zeroed entries
+
+--- skey-1.1.5-orig/skeyprune.pl
++++ skey-1.1.5/skeyprune.pl
+@@ -37,7 +37,7 @@
+
+ while (<OLD>) {
+ # Ignore commented out entries
+- if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/ ) {
++ if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/i ) {
+ /((Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+)$/;
+
+ # Prune out old entries if asked to
diff --git a/patchsets/skey/1.1.5/09_all_man_default-md5.patch b/patchsets/skey/1.1.5/09_all_man_default-md5.patch
new file mode 100644
index 0000000..02bf45c
--- /dev/null
+++ b/patchsets/skey/1.1.5/09_all_man_default-md5.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/64971
+skey(1) and skeyinit(1) describe md4 as the default hash algorithm,
+which is no longer the case.
+
+--- skey-1.1.5-orig/skey.1
++++ skey-1.1.5/skey.1
+@@ -27,7 +27,7 @@
+ .Pp
+ .Em S/Key
+ uses 64 bits of information, transformed by the
+-.Tn MD4
++.Tn MD5
+ algorithm into 6 English words.
+ The user supplies the words to authenticate himself to programs like
+ .Xr login 1
+--- skey-1.1.5-orig/skeyinit.1 2012-01-04 20:24:22.000000000 +0100
++++ skey-1.1.5/skeyinit.1 2012-01-04 20:31:13.000000000 +0100
+@@ -47,7 +47,7 @@
+ (default is 100).
+ .It Fl t Ar hash
+ Selects the hash algorithm to use.
+-Available choices are md4 (the default), md5 or sha1.
++Available choices are md4, md5 (the default) or sha1.
+ .It Ar user
+ The username to be changed/added.
+ By default the current user is operated on, only root may
diff --git a/patchsets/skey/1.1.5/10_all_man_libpath.patch b/patchsets/skey/1.1.5/10_all_man_libpath.patch
new file mode 100644
index 0000000..4892645
--- /dev/null
+++ b/patchsets/skey/1.1.5/10_all_man_libpath.patch
@@ -0,0 +1,16 @@
+skey(3): shared library is in /lib; we don't install a profiling library
+
+--- skey-1.1.5-orig/skey.3
++++ skey-1.1.5/skey.3
+@@ -245,10 +245,8 @@
+ .Bl -tag -width /usr/lib/libskey_p.a -compact
+ .It Pa /usr/lib/libskey.a
+ static skey library
+-.It Pa /usr/lib/libskey.so
++.It Pa /lib/libskey.so
+ dynamic skey library
+-.It Pa /usr/lib/libskey_p.a
+-static skey library compiled for profiling
+ .El
+ .Sh SEE ALSO
+ .Xr skey 1 ,
diff --git a/patchsets/skey/1.1.5/11_all_strncat-warning.patch b/patchsets/skey/1.1.5/11_all_strncat-warning.patch
new file mode 100644
index 0000000..6eeefdd
--- /dev/null
+++ b/patchsets/skey/1.1.5/11_all_strncat-warning.patch
@@ -0,0 +1,11 @@
+--- skey-1.1.5-orig/skeyinit.c
++++ skey-1.1.5/skeyinit.c
+@@ -111,7 +111,7 @@
+ defaultseed[SKEY_NAMELEN] = '\0';
+ time(&now);
+ snprintf(tbuf, sizeof(tbuf), "%05ld", (long) (now % 100000));
+- strncat(defaultseed, tbuf, sizeof(defaultseed));
++ strncat(defaultseed, tbuf, sizeof(defaultseed) - SKEY_NAMELEN - 1);
+
+ if ((pp = getpwuid(getuid())) == NULL)
+ err(1, "no user with uid %ld", (u_long)getuid());