22 files changed, 369 insertions, 244 deletions

diff --git a/lib/libskey/Makefile b/lib/libskey/Makefile
index f31f725da401..0630c5698b5e 100644
--- a/lib/libskey/Makefile
+++ b/lib/libskey/Makefile
@@ -1,14 +1,14 @@
 #	@(#)Makefile	5.4 (Berkeley) 5/7/91
 
 LIB=	skey
-SRCS=	skeyaccess.c md4.c put.c skey_crypt.c skeylogin.c skeysubr.c
+SRCS=	skeyaccess.c put.c skey_crypt.c skey_getpass.c skeylogin.c skeysubr.c
+MAN1=	skey.1
 MAN5=	skey.access.5
 
-CFLAGS+=-DMPU8086 -DPERMIT_CONSOLE -I${.CURDIR}
+CFLAGS+=-DPERMIT_CONSOLE -I${.CURDIR}
 
 beforeinstall:
-	-cd ${.CURDIR}; cmp -s skey.h ${DESTDIR}/usr/include/skey.h > \
-	  /dev/null 2>&1 || \
+	-cd ${.CURDIR}; cmp -s skey.h ${DESTDIR}/usr/include/skey.h || \
 	  install -c -o ${BINOWN} -g ${BINGRP} -m 444 skey.h \
 	  ${DESTDIR}/usr/include
 
diff --git a/lib/libskey/mdx.h b/lib/libskey/mdx.h
new file mode 100644
index 000000000000..567d541c959c
--- /dev/null
+++ b/lib/libskey/mdx.h
@@ -0,0 +1,19 @@
+#ifdef MD5
+/* S/Key can use MD5 now, if defined... */
+#include <md5.h>
+
+#define	MDXFinal	MD5Final
+#define	MDXInit		MD5Init
+#define	MDXUpdate	MD5Update
+#define	MDX_CTX		MD5_CTX
+#else
+
+/* By default, use MD4 for compatibility */
+#include <md4.h>
+
+#define	MDXFinal	MD4Final
+#define	MDXInit		MD4Init
+#define	MDXUpdate	MD4Update
+#define	MDX_CTX		MD4_CTX
+
+#endif
diff --git a/lib/libskey/pathnames.h b/lib/libskey/pathnames.h
index 43631f5133c3..87c8a2356dfa 100644
--- a/lib/libskey/pathnames.h
+++ b/lib/libskey/pathnames.h
@@ -1,5 +1,6 @@
-/* $Id$ (FreeBSD) */
+/* $Id: pathnames.h,v 1.1 1994/05/27 07:50:08 pst Exp $ (FreeBSD) */
 
 #include <paths.h>
 
-#define       _PATH_SKEYACCESS        "/etc/skey.access"
+#define _PATH_SKEYACCESS        "/etc/skey.access"
+#define	_PATH_SKEYFILE		"/etc/skeykeys"
diff --git a/lib/libskey/put.c b/lib/libskey/put.c
index 0f62d22499c1..d533714fcb18 100644
--- a/lib/libskey/put.c
+++ b/lib/libskey/put.c
@@ -2,7 +2,7 @@
 #include <string.h>
 #include <assert.h>
 #include <ctype.h>
-#include <skey.h>
+#include "skey.h"
 
 static unsigned long extract __P((char *s,int start,int length));
 static void standard __P((char *word));
diff --git a/lib/libskey/skey.1 b/lib/libskey/skey.1
new file mode 100644
index 000000000000..b4e0455aa298
--- /dev/null
+++ b/lib/libskey/skey.1
@@ -0,0 +1,59 @@
+.ll 6i
+.pl 10.5i
+.\"	@(#)skey.1	1.1 	10/28/93
+.\"
+.lt 6.0i
+.TH KEY 1 "28 October 1993"
+.AT 3
+.SH NAME
+S/key \-  A procedure to use one time passwords for accessing computer systems.
+.SH DESCRIPTION
+.I S/key
+is a procedure for using one time password to authenticate access to
+computer systems. It uses 64 bits of information transformed by the
+MD4 algorithm. The user supplies the 64 bits in the form of 6 English
+words that are generated by a secure computer.
+Example use of the S/key program 
+.I key
+.sp
+  Usage example:
+.sp 0
+ 	>key  99 th91334
+.sp 0
+ 	Enter password: <your secret password is entered here>
+.sp 0
+ 	OMEN US HORN OMIT BACK AHOY
+.sp 0
+ 	>
+.sp
+The programs that are part of the S/Key system are keyinit, key, and
+keyinfo. Keyinit is used to get your ID set up, key is
+used to get the one time password each time,
+keyinfo is used to extract information from the S/Key database.
+.sp
+When you run "keyinit" you inform the system of your
+secret password.  Running "key" then generates the
+one-time passwords, and also requires your secret
+password.  If however, you misspell your password
+while running "key", you will get a list of passwords
+that will not work, and no indication about the problem.
+.sp
+Password sequence numbers count backward from 99.  If you
+don't know this, the syntax for "key" will be confusing.
+.sp
+You can enter the passwords using small letters, even
+though the "key" program gives them in caps.
+.sp
+Macintosh and a general purpose PC use
+are available. 
+.sp
+Under FreeBSD, you can control, with /etc/skey.access, from which
+hosts and/or networks the use of S/Key passwords is obligated. 
+.LP
+.SH SEE ALSO
+.BR keyinit(1),
+.BR key(1),
+.BR keyinfo(1)
+.BR skey.access(5)
+.SH AUTHOR
+Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
diff --git a/lib/libskey/skey.access.5 b/lib/libskey/skey.access.5
index e92b4a66c3b6..2e12ad11935b 100644
--- a/lib/libskey/skey.access.5
+++ b/lib/libskey/skey.access.5
@@ -2,10 +2,9 @@
 .SH NAME
 skey.access \- S/Key password control table
 .SH DESCRIPTION
-The S/Key password control table (default
-.IR /etc/skey.access )
-is used by \fIlogin\fR-like programs to determine when UNIX passwords
-may be used to access the system.
+The S/Key password control table (\fI/etc/skey.access\fR) is used by
+\fIlogin\fR-like programs to determine when UNIX passwords may be used
+to access the system.
 .IP \(bu
 When the table does not exist, there are no password restrictions.  The
 user may enter the UNIX password or the S/Key one.
@@ -44,6 +43,7 @@ on it.
 .SH CONDITIONS
 .IP "hostname wzv.win.tue.nl"
 True when the login comes from host wzv.win.tue.nl.
+See the WARNINGS section below.
 .IP "internet 131.155.210.0 255.255.255.0"
 True when the remote host has an internet address in network
 131.155.210.  The general form of a net/mask rule is:
@@ -58,6 +58,7 @@ and
 .I mask
 equals
 .IR net.
+See the WARNINGS section below.
 .IP "port ttya"
 True when the login terminal is equal to
 .IR /dev/ttya .
@@ -74,6 +75,44 @@ group.
 For the sake of backwards compatibility, the
 .I internet
 keyword may be omitted from net/mask patterns.
+.SH WARNINGS
+Several rule types depend on host name or address information obtained
+through the network.  What follows is a list of conceivable attacks to
+force the system to permit UNIX passwords.
+.IP "Host address spoofing (source routing)"
+An intruder configures a local interface to an address in a trusted
+network and connects to the victim using that source address.  Given
+the wrong client address, the victim draws the wrong conclusion from
+rules based on host addresses or from rules based on host names derived
+from addresses.
+.sp
+Remedies: (1)  do not permit UNIX passwords with network logins; (2)
+use network software that discards source routing information (e.g.
+a tcp wrapper).
+.PP
+Almost every network server must look up the client host name using the
+client network address. The next obvious attack therefore is:
+.IP "Host name spoofing (bad PTR record)"
+An intruder manipulates the name server system so that the client
+network address resolves to the name of a trusted host.  Given the
+wrong host name, the victim draws the wrong conclusion from rules based
+on host names, or from rules based on addresses derived from host
+names.
+.sp
+Remedies: (1) do not permit UNIX passwords with network logins; (2) use
+network software that verifies that the hostname resolves to the client
+network address (e.g. a tcp wrapper).
+.PP
+Some applications, such as the UNIX login program, must look up the
+client network address using the client host name. In addition to the
+previous two attacks, this opens up yet another possibility:
+.IP "Host address spoofing (extra A record)"
+An intruder manipulates the name server system so that the client host
+name (also) resolves to a trusted address.
+.sp
+Remedies: (1)  do not permit UNIX passwords with network logins; (2)
+the skeyaccess() routines ignore network addresses that appear to
+belong to someone else.
 .SH DIAGNOSTICS
 Syntax errors are reported to the syslogd. When an error is found
 the rule is skipped.
diff --git a/lib/libskey/skey.h b/lib/libskey/skey.h
index e9ee453b586e..039da4e680af 100644
--- a/lib/libskey/skey.h
+++ b/lib/libskey/skey.h
@@ -12,8 +12,6 @@ struct skey {
 	char *seed;
 	char *val;
 	long	recstart; /*needed so reread of buffer is efficient*/
-
-
 };
 
 /* Client-side structure for scanning data stream for challenge */
@@ -32,6 +30,11 @@ void rip __P((char *buf));
 int skeychallenge __P((struct skey *mp,char *name, char *challenge));
 int skeylookup __P((struct skey *mp,char *name));
 int skeyverify __P((struct skey *mp,char *response));
-int skeyaccess __P((char *user, char *port, char *host));
+
+/* Simplified application programming interface. */
+#include <pwd.h>
+int skeyaccess __P((char *user, char *port, char *host, char *addr));
+char *skey_getpass __P((char *prompt, struct passwd *pwd, int pwok));
+char *skey_crypt __P((char *pp, char *salt, struct passwd *pwd, int pwok));
 
 #endif /* _SKEY_H_ */
diff --git a/lib/libskey/skey_crypt.c b/lib/libskey/skey_crypt.c
index b61bef08c90b..ca1024f77418 100644
--- a/lib/libskey/skey_crypt.c
+++ b/lib/libskey/skey_crypt.c
@@ -3,7 +3,8 @@
 #include <string.h>
 #include <stdio.h>
 #include <pwd.h>
-#include <skey.h>
+
+#include "skey.h"
 
 /* skey_crypt - return encrypted UNIX passwd if s/key or regular password ok */
 
diff --git a/lib/libskey/skeyaccess.c b/lib/libskey/skeyaccess.c
index 67ed549dce36..3cd877fd896a 100644
--- a/lib/libskey/skeyaccess.c
+++ b/lib/libskey/skeyaccess.c
@@ -2,9 +2,14 @@
   * Figure out if UNIX passwords are permitted for any combination of user
   * name, group member, terminal port, host_name or network:
   * 
-  * Programmatic interface: skeyaccess(char *user, char *port, char *host)
+  * Programmatic interface: skeyaccess(user, port, host, addr)
   * 
-  * Specify a null character pointer where information is not available.
+  * All arguments are null-terminated strings. Specify a null character pointer
+  * where information is not available.
+  * 
+  * When no address information is given this code performs the host (internet)
+  * address lookup itself. It rejects addresses that appear to belong to
+  * someone else.
   * 
   * When compiled with -DPERMIT_CONSOLE always permits UNIX passwords with
   * console logins, no matter what the configuration file says.
@@ -12,7 +17,9 @@
   * To build a stand-alone test version, compile with -DTEST and run it off an
   * skey.access file in the current directory:
   * 
-  * Command-line interface: ./skeyaccess user port [host]
+  * Command-line interface: ./skeyaccess user port [host_or_ip_addr]
+  * 
+  * Errors are reported via syslogd.
   * 
   * Author: Wietse Venema, Eindhoven University of Technology.
   */
@@ -54,6 +61,8 @@ static int match_internet_addr();
 static int match_group();
 static int match_token();
 static int is_internet_addr();
+static struct in_addr *convert_internet_addr();
+static struct in_addr *lookup_internet_addr();
 
 #define MAX_ADDR	32
 #define PERMIT		1
@@ -68,40 +77,53 @@ struct login_info {
 
 /* skeyaccess - find out if UNIX passwords are permitted */
 
-int     skeyaccess(user, port, host)
+int     skeyaccess(user, port, host, addr)
 char   *user;
 char   *port;
 char   *host;
+char   *addr;
 {
-    struct hostent *hp;
+    FILE   *fp;
     struct login_info login_info;
-    struct in_addr internet_addr[MAX_ADDR + 1];
-    char    hostname_buf[MAXHOSTNAMELEN + 1];
-    int     i;
+    int     result;
 
+    /*
+     * Assume no restriction on the use of UNIX passwords when the s/key
+     * acces table does not exist.
+     */
+    if ((fp = fopen(_PATH_SKEYACCESS, "r")) == 0) {
+#ifdef TEST
+	fprintf(stderr, "No file %s, thus no access control\n", _PATH_SKEYACCESS);
+#endif
+	return (PERMIT);
+    }
+
+    /*
+     * Bundle up the arguments in a structure so we won't have to drag around
+     * boring long argument lists.
+     * 
+     * Look up the host address when only the name is given. We try to reject
+     * addresses that belong to someone else.
+     */
     login_info.user = user;
     login_info.port = port;
-    login_info.host_name = 0;
-    login_info.internet_addr = 0;
-
-    if (host) {
-	if (is_internet_addr(host)) {		/* not DECnet */
-	    internet_addr[0].s_addr = inet_addr(host);
-	    internet_addr[1].s_addr = 0;
-	    login_info.internet_addr = internet_addr;
+
+    if (host != 0 && !is_internet_addr(host)) {
+	login_info.host_name = host;
+    } else {
+	login_info.host_name = 0;
+    }
+
+    if (addr != 0 && is_internet_addr(addr)) {
+	login_info.internet_addr = convert_internet_addr(addr);
+    } else if (host != 0) {
+	if (is_internet_addr(host)) {
+	    login_info.internet_addr = convert_internet_addr(host);
 	} else {
-	    if ((hp = gethostbyname(host)) != 0 && hp->h_addrtype == AF_INET) {
-		for (i = 0; i < MAX_ADDR && hp->h_addr_list[i]; i++)
-		    memcpy((char *) &internet_addr[i],
-			   hp->h_addr_list[i], hp->h_length);
-		internet_addr[i].s_addr = 0;
-		login_info.internet_addr = internet_addr;
-		host = hp->h_name;
-	    }
-	    strncpy(hostname_buf, host, MAXHOSTNAMELEN);
-	    hostname_buf[MAXHOSTNAMELEN] = 0;
-	    login_info.host_name = hostname_buf;
+	    login_info.internet_addr = lookup_internet_addr(host);
 	}
+    } else {
+	login_info.internet_addr = 0;
     }
 
     /*
@@ -115,20 +137,25 @@ char   *host;
     if (login_info.internet_addr == 0) {
 	printf("none\n");
     } else {
+	int     i;
+
 	for (i = 0; login_info.internet_addr[i].s_addr; i++)
-	    printf("%s%s", inet_ntoa(login_info.internet_addr[i]),
+	    printf("%s%s", login_info.internet_addr[i].s_addr == -1 ?
+		 "(see error log)" : inet_ntoa(login_info.internet_addr[i]),
 		   login_info.internet_addr[i + 1].s_addr ? " " : "\n");
     }
 #endif
-    return (_skeyaccess(&login_info));
+    result = _skeyaccess(fp, &login_info);
+    fclose(fp);
+    return (result);
 }
 
 /* _skeyaccess - find out if UNIX passwords are permitted */
 
-int     _skeyaccess(login_info)
+int     _skeyaccess(fp, login_info)
+FILE   *fp;
 struct login_info *login_info;
 {
-    FILE   *fp;
     char    buf[BUFSIZ];
     char   *tok;
     int     match;
@@ -140,13 +167,6 @@ struct login_info *login_info;
 #endif
 
     /*
-     * Assume no restriction on the use of UNIX passwords when the s/key
-     * acces table does not exist.
-     */
-    if ((fp = fopen(_PATH_SKEYACCESS, "r")) == 0)
-	return (PERMIT);
-
-    /*
      * Scan the s/key access table until we find an entry that matches. If no
      * match is found, assume that UNIX passwords are disallowed.
      */
@@ -187,7 +207,6 @@ struct login_info *login_info;
 	    }
 	}
     }
-    fclose(fp);
     return (match ? permission : DENY);
 }
 
@@ -200,7 +219,6 @@ struct login_info *login_info;
     long    pattern;
     long    mask;
     struct in_addr *addrp;
-    struct hostent *hp;
 
     if (login_info->internet_addr == 0)
 	return (0);
@@ -212,26 +230,13 @@ struct login_info *login_info;
     mask = inet_addr(tok);
 
     /*
-     * See if any of the addresses matches a pattern in the control file.
-     * Report and skip the address if it does not belong to the remote host.
-     * Assume localhost == localhost.domain.
+     * See if any of the addresses matches a pattern in the control file. We
+     * have already tried to drop addresses that belong to someone else.
      */
 
-#define NEQ(x,y) (strcasecmp((x),(y)) != 0)
-
-    for (addrp = login_info->internet_addr; addrp->s_addr; addrp++) {
-	if ((addrp->s_addr & mask) == pattern) {
-	    if (login_info->host_name != 0 &&
-		((hp = gethostbyaddr((char *) addrp, sizeof(*addrp), AF_INET)) == 0
-		 || (NEQ(login_info->host_name, hp->h_name)
-		     && NEQ(login_info->host_name, "localhost")))) {
-		syslog(LOG_ERR, "address %s not registered for host %s",
-		       inet_ntoa(*addrp), login_info->host_name);
-		continue;
-	    }
+    for (addrp = login_info->internet_addr; addrp->s_addr; addrp++)
+	if (addrp->s_addr != -1 && (addrp->s_addr & mask) == pattern)
 	    return (1);
-	}
-    }
     return (0);
 }
 
@@ -365,18 +370,97 @@ char   *str;
     return (runs == 4);
 }
 
+/* lookup_internet_addr - look up internet addresses with extreme prejudice */
+
+static struct in_addr *lookup_internet_addr(host)
+char   *host;
+{
+    struct hostent *hp;
+    static struct in_addr list[MAX_ADDR + 1];
+    char    buf[MAXHOSTNAMELEN + 1];
+    int     length;
+    int     i;
+
+    if ((hp = gethostbyname(host)) == 0 || hp->h_addrtype != AF_INET)
+	return (0);
+
+    /*
+     * Save a copy of the results before gethostbyaddr() clobbers them.
+     */
+
+    for (i = 0; i < MAX_ADDR && hp->h_addr_list[i]; i++)
+	memcpy((char *) &list[i],
+	       hp->h_addr_list[i], hp->h_length);
+    list[i].s_addr = 0;
+
+    strncpy(buf, hp->h_name, MAXHOSTNAMELEN);
+    buf[MAXHOSTNAMELEN] = 0;
+    length = hp->h_length;
+
+    /*
+     * Wipe addresses that appear to belong to someone else. We will get
+     * false alarms when when the hostname comes from DNS, while its
+     * addresses are listed under different names in local databases.
+     */
+#define NEQ(x,y)	(strcasecmp((x),(y)) != 0)
+#define NEQ3(x,y,n)	(strncasecmp((x),(y), (n)) != 0)
+
+    while (--i >= 0) {
+	if ((hp = gethostbyaddr((char *) &list[i], length, AF_INET)) == 0) {
+	    syslog(LOG_ERR, "address %s not registered for host %s",
+		   inet_ntoa(list[i]), buf);
+	    list[i].s_addr = -1;
+	}
+	if (NEQ(buf, hp->h_name) && NEQ3(buf, "localhost.", 10)) {
+	    syslog(LOG_ERR, "address %s registered for host %s and %s",
+		   inet_ntoa(list[i]), hp->h_name, buf);
+	    list[i].s_addr = -1;
+	}
+    }
+    return (list);
+}
+
+/* convert_internet_addr - convert string to internet address */
+
+static struct in_addr *convert_internet_addr(string)
+char   *string;
+{
+    static struct in_addr list[2];
+
+    list[0].s_addr = inet_addr(string);
+    list[1].s_addr = 0;
+    return (list);
+}
+
 #ifdef TEST
 
 main(argc, argv)
 int     argc;
 char  **argv;
 {
+    struct hostent *hp;
+    char    host[MAXHOSTNAMELEN + 1];
+    int     verdict;
+    char   *user;
+    char   *port;
+
     if (argc != 3 && argc != 4) {
 	fprintf(stderr, "usage: %s user port [host_or_ip_address]\n", argv[0]);
 	exit(0);
     }
+    if (_PATH_SKEYACCESS[0] != '/')
+	printf("Warning: this program uses control file: %s\n", KEYACCESS);
     openlog("login", LOG_PID, LOG_AUTH);
-    printf("%s\n", skeyaccess(argv[1], argv[2], argv[3]) ? "YES" : "NO");
+
+    user = argv[1];
+    port = argv[2];
+    if (argv[3]) {
+	strncpy(host, (hp = gethostbyname(argv[3])) ?
+		hp->h_name : argv[3], MAXHOSTNAMELEN);
+	host[MAXHOSTNAMELEN] = 0;
+    }
+    verdict = skeyaccess(user, port, argv[3] ? host : (char *) 0, (char *) 0);
+    printf("UNIX passwords %spermitted\n", verdict ? "" : "NOT ");
     return (0);
 }
 
diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c
index f2d41049e1d8..e15edb5b4f60 100644
--- a/lib/libskey/skeylogin.c
+++ b/lib/libskey/skeylogin.c
@@ -2,12 +2,10 @@
  *   of Bellcore.
  *
  *   Mink is the former name of the S/KEY authentication system.
- *   Many references for mink  may still be found in this program.   */
+ *   Many references for mink  may still be found in this program.
+ */
 
 #include <sys/param.h>
-#ifdef	QUOTA
-#include <sys/quota.h>
-#endif
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/resource.h>
@@ -19,9 +17,9 @@
 #include <sys/stat.h>
 #include <time.h>
 #include <errno.h>
-#include <skey.h>
 
-#define	KEYFILE	"/etc/skeykeys"
+#include "skey.h"
+#include "pathnames.h"
 
 char *skipspace();
 int skeylookup __P((struct skey *mp,char *name));
@@ -57,7 +55,8 @@ char *prompt;
 		return -1;
 	}
 	return -1;	/* Can't happen */
-}	
+}
+
 /* Return  a skey challenge string for user 'name'. If successful,
  * fill in the caller's skey structure and return 0. If unsuccessful
  * (e.g., if name is unknown) return -1.
@@ -104,13 +103,13 @@ char *name;
 	char *cp;
 	struct stat statbuf;
 
-	/* See if the KEYFILE exists, and create it if not */
-	if(stat(KEYFILE,&statbuf) == -1 && errno == ENOENT){
-		mp->keyfile = fopen(KEYFILE,"w+");
-		(void) chmod(KEYFILE, 0644);
+	/* See if the _PATH_SKEYFILE exists, and create it if not */
+	if(stat(_PATH_SKEYFILE,&statbuf) == -1 && errno == ENOENT){
+		mp->keyfile = fopen(_PATH_SKEYFILE,"w+");
+		(void) chmod(_PATH_SKEYFILE, 0644);
 	} else {
 		/* Otherwise open normally for update */
-		mp->keyfile = fopen(KEYFILE,"r+");
+		mp->keyfile = fopen(_PATH_SKEYFILE,"r+");
 	}
 	if(mp->keyfile == NULL)
 		return -1;
diff --git a/lib/libskey/skeysubr.c b/lib/libskey/skeysubr.c
index b947c0164068..e144202a7655 100644
--- a/lib/libskey/skeysubr.c
+++ b/lib/libskey/skeysubr.c
@@ -4,19 +4,14 @@
 #ifdef	__MSDOS__
 #include <dos.h>
 #endif
-#ifdef unix	/* Assume POSIX */
+#ifdef unix
 #include <fcntl.h>
 #include <termios.h>
+#include <signal.h>
 #endif
-#include <skey.h>
-#include "md4.h"
-
-#ifndef LITTLE_ENDIAN
-#if (defined(__MSDOS__) || defined(MPU8086) || defined(MPU8080) \
- || defined(vax) || defined (MIPSEL))
-#define	LITTLE_ENDIAN	/* Low order bytes are first in memory */
-#endif			/* Almost all other machines are big-endian */
-#endif
+
+#include "skey.h"
+#include "mdx.h"
 
 /* Crunch a key:
  * concatenate the seed and the password, run through MD4 and
@@ -24,17 +19,14 @@
  */
 int
 keycrunch(result,seed,passwd)
-char *result;	/* 8-byte result */
-char *seed;	/* Seed, any length */
-char *passwd;	/* Password, any length */
+char *result;   /* 8-byte result */
+char *seed;     /* Seed, any length */
+char *passwd;   /* Password, any length */
 {
 	char *buf;
-	MDstruct md;
+	MDX_CTX md;
+	u_long results[4];
 	unsigned int buflen;
-#ifndef	LITTLE_ENDIAN
-	int i;
-	register long tmp;
-#endif
 	
 	buflen = strlen(seed) + strlen(passwd);
 	if((buf = malloc(buflen+1)) == NULL)
@@ -42,35 +34,17 @@ char *passwd;	/* Password, any length */
 	strcpy(buf,seed);
 	strcat(buf,passwd);
 
-	/* Crunch the key through MD4 */
+	/* Crunch the key through MD[45] */
 	sevenbit(buf);
-	MDbegin(&md);
-	MDupdate(&md,(unsigned char *)buf,8*buflen);
-
+	MDXInit(&md);
+	MDXUpdate(&md,(unsigned char *)buf,buflen);
+	MDXFinal((unsigned char *)results,&md);
 	free(buf);
 
-	/* Fold result from 128 to 64 bits */
-	md.buffer[0] ^= md.buffer[2];
-	md.buffer[1] ^= md.buffer[3];
+	results[0] ^= results[2];
+	results[1] ^= results[3];
 
-#ifdef	LITTLE_ENDIAN
-	/* Only works on byte-addressed little-endian machines!! */
-	memcpy(result,(char *)md.buffer,8);
-#else
-	/* Default (but slow) code that will convert to
-	 * little-endian byte ordering on any machine
-	 */
-	for(i=0;i<2;i++){
-		tmp = md.buffer[i];
-		*result++ = tmp;
-		tmp >>= 8;
-		*result++ = tmp;
-		tmp >>= 8;
-		*result++ = tmp;
-		tmp >>= 8;
-		*result++ = tmp;
-	}
-#endif
+	memcpy(result,(char *)results,8);
 
 	return 0;
 }
@@ -80,44 +54,18 @@ void
 f(x)
 char *x;
 {
-	MDstruct md;
-#ifndef	LITTLE_ENDIAN
-	register long tmp;
-#endif
-
-	MDbegin(&md);
-	MDupdate(&md,(unsigned char *)x,64);
+	MDX_CTX md;
+	u_long results[4];
 
+	MDXInit(&md);
+	MDXUpdate(&md,(unsigned char *)x,8);
+	MDXFinal((unsigned char *)results,&md);
 	/* Fold 128 to 64 bits */
-	md.buffer[0] ^= md.buffer[2];
-	md.buffer[1] ^= md.buffer[3];
+	results[0] ^= results[2];
+	results[1] ^= results[3];
 
-#ifdef	LITTLE_ENDIAN
 	/* Only works on byte-addressed little-endian machines!! */
-	memcpy(x,(char *)md.buffer,8);
-
-#else
-	/* Default (but slow) code that will convert to
-	 * little-endian byte ordering on any machine
-	 */
-	tmp = md.buffer[0];
-	*x++ = tmp;
-	tmp >>= 8;
-	*x++ = tmp;
-	tmp >>= 8;
-	*x++ = tmp;
-	tmp >>= 8;
-	*x++ = tmp;
-
-	tmp = md.buffer[1];
-	*x++ = tmp;
-	tmp >>= 8;
-	*x++ = tmp;
-	tmp >>= 8;
-	*x++ = tmp;
-	tmp >>= 8;
-	*x = tmp;
-#endif
+	memcpy(x,(char *)results,8);
 }
 
 /* Strip trailing cr/lf from a line of text */
@@ -152,16 +100,26 @@ int n;
 	return buf;
 }
 #else
+static struct termios saved_ttymode;
+
+static void interrupt()
+{
+	tcsetattr(0, TCSANOW, &saved_ttymode);
+	exit(1);
+}
+
 char *
 readpass(buf,n)
 char *buf;
 int n;
 {
-	struct termios saved_ttymode;
 	struct termios noecho_ttymode;
+	void (*oldsig)();
 
 	/* Save normal line editing modes */
 	tcgetattr(0, &saved_ttymode);
+	if ((oldsig = signal(SIGINT, SIG_IGN)) != SIG_IGN)
+		signal(SIGINT, interrupt);
 
 	/* Turn off echoing */
 	tcgetattr(0, &noecho_ttymode);
@@ -172,6 +130,8 @@ int n;
 
 	/* Restore previous tty modes */
 	tcsetattr(0, TCSANOW, &saved_ttymode);
+	if (oldsig != SIG_IGN)
+		signal(SIGINT, oldsig);
 
 	/*
 	after the secret key is taken from the keyboard, the line feed is
@@ -189,33 +149,6 @@ int n;
 
 #endif
 
-/* removebackspaced over charaters from the string*/
-backspace(buf)
-char *buf;
-{
-	char bs = 0x8;
-	char *cp = buf;
-	char *out = buf;
-
-	while(*cp){
-		if( *cp == bs ) {
-			if(out == buf){
-				cp++;
-				continue;
-			}
-			else {
-			  cp++;
-			  out--;
-			}
-		}
-		else {
-			*out++ = *cp++;
-		}
-
-	}
-	*out = '\0';
-	
-}
 sevenbit(s)
 char *s;
 {
diff --git a/libexec/ftpd/Makefile b/libexec/ftpd/Makefile
index 396deee0d729..e1e5be2b3658 100644
--- a/libexec/ftpd/Makefile
+++ b/libexec/ftpd/Makefile
@@ -6,8 +6,8 @@ SRCS=	ftpd.c ftpcmd.c logwtmp.c popen.c skey-stuff.c
 
 CFLAGS+=-DSETPROCTITLE -DSKEY
 
-LDADD=	-lcrypt -lskey
-DPADD=	${LIBCRYPT} ${LIBSKEY}
+LDADD=	-lcrypt -lskey -lmd
+DPADD=	${LIBCRYPT} ${LIBSKEY} ${LIBMD}
 
 CLEANFILES+=ftpcmd.c y.tab.h
 
diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index 6ec3d252545a..5c090e35fae7 100644
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -951,7 +951,7 @@ yylex()
 			upper(cbuf);
 			p = lookup(cmdtab, cbuf);
 			cbuf[cpos] = c;
-			if (p != 0) {
+			if (guest != 0 && p != 0) {
 				if (p->implemented == 0) {
 					nack(p->name);
 					longjmp(errcatch,0);
diff --git a/libexec/ftpd/skey-stuff.c b/libexec/ftpd/skey-stuff.c
index fdec650bcef0..5c34b9b7395d 100644
--- a/libexec/ftpd/skey-stuff.c
+++ b/libexec/ftpd/skey-stuff.c
@@ -18,6 +18,7 @@ int     pwok;
     /* Display s/key challenge where appropriate. */
 
     if (pwd == 0 || skeychallenge(&skey, pwd->pw_name, buf) != 0)
-	sprintf(buf, "Password required for %s.", name);
+	sprintf(buf, "%s required for %s.",
+		pwok ? "Password" : "S/Key password", name);
     return (buf);
 }
diff --git a/usr.bin/key/Makefile b/usr.bin/key/Makefile
index b8553abe3879..9612051552e7 100644
--- a/usr.bin/key/Makefile
+++ b/usr.bin/key/Makefile
@@ -1,21 +1,11 @@
-
 #	@(#)Makefile	5.6 (Berkeley) 3/5/91
 #
 
 PROG=	key
-MAN1=   key.1 skey.1
-CFLAGS+=-I${.CURDIR}/../../lib
-
-
-DPADD=	/usr/bin/libskey.a
-LDADD=	-lskey
-
-.if exists(/usr/lib/libcrypt.a)
-DPADD+= ${LIBCRYPT}
-LDADD+= -lcrypt
-.endif
-
 SRCS=	skey.c
+MAN1=   key.1
 
-.include <bsd.prog.mk>
+DPADD=	${LIBSKEY} ${LIBMD}
+LDADD=	-lskey -lmd
 
+.include <bsd.prog.mk>
diff --git a/usr.bin/key/skey.c b/usr.bin/key/skey.c
index d1bc239bed99..1e810e90a4f4 100644
--- a/usr.bin/key/skey.c
+++ b/usr.bin/key/skey.c
@@ -12,12 +12,13 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
 #ifdef	__MSDOS__
 #include <dos.h>
 #else	/* Assume BSD unix */
 #include <fcntl.h>
 #endif
-#include "libskey/md4.h"
+
 #include <skey.h>
 
 char *readpass();
@@ -119,10 +120,10 @@ char *argv[];
 	}
 	return 0;
 }
+
 void
 usage(s)
 char *s;
 {
 	fprintf(stderr,"Usage: %s [-n count] <sequence #>[/] <key> \n",s);
 }
-
diff --git a/usr.bin/keyinit/Makefile b/usr.bin/keyinit/Makefile
index a716f14cb3d9..a9ed54ee0eac 100644
--- a/usr.bin/keyinit/Makefile
+++ b/usr.bin/keyinit/Makefile
@@ -1,20 +1,13 @@
-
 #	@(#)Makefile	5.6 (Berkeley) 3/5/91
 #
-
 PROG=	keyinit
 MAN1=   keyinit.1
-DPADD=	/usr/bin/libskey.a
-LDADD=	-lskey
-
-.if exists(/usr/lib/libcrypt.a)
-DPADD+= ${LIBCRYPT}
-LDADD+= -lcrypt
-.endif
-
 SRCS=	skeyinit.c
 
 BINOWN=	root
 BINMODE=4555
 
+DPADD=	${LIBSKEY} ${LIBMD}
+LDADD=	-lskey -lmd
+
 .include <bsd.prog.mk>
diff --git a/usr.bin/keyinit/skeyinit.c b/usr.bin/keyinit/skeyinit.c
index 7c8e5d6f1c6d..5dfd1b19f12e 100644
--- a/usr.bin/keyinit/skeyinit.c
+++ b/usr.bin/keyinit/skeyinit.c
@@ -4,17 +4,15 @@
 #include <stdio.h>
 #include <string.h>
 #include <pwd.h>
-#include <skey.h>
 #include <time.h>
 
+#include <skey.h>
+
 extern int optind;
 extern char *optarg;
 
-char * readpass();
-
-int skeylookup __P((struct skey *mp,char *name));
-
 #define NAMELEN 2
+
 int
 main(argc,argv)
 int argc;
@@ -103,7 +101,7 @@ char *argv[];
 	printf("Reminder you need the 6 english words from the skey command.\n");
 	for(i=0;;i++){
 		if(i >= 2) exit(1);
-		printf("Enter sequence count from 1 to 10000: ");
+		printf("Enter sequence count from 1 to 9999: ");
 		fgets(tmp,sizeof(tmp),stdin);
 		n = atoi(tmp);
 		if(n > 0 && n < 10000)
@@ -126,7 +124,6 @@ char *argv[];
 		printf("s/key %d %s\ns/key access password: ",n,seed);
 		fgets(tmp,sizeof(tmp),stdin);
 		rip(tmp);
-		backspace(tmp);
 		if(tmp[0] == '?'){
 			printf("Enter 6 English words from secure S/Key calculation.\n");
 			continue;
diff --git a/usr.bin/login/Makefile b/usr.bin/login/Makefile
index bae657d9640e..21131d954da0 100644
--- a/usr.bin/login/Makefile
+++ b/usr.bin/login/Makefile
@@ -1,16 +1,18 @@
 # From:	@(#)Makefile	8.1 (Berkeley) 7/19/93
-# $Id$
+# $Id: Makefile,v 1.8 1994/09/30 13:26:15 csgr Exp $
 
 PROG=	login
 MAN1=	login.1
 MAN5=	login.access.5
-SRCS=	login.c login_access.c login_skey.c login_fbtab.c
-DPADD=	${LIBUTIL} ${LIBSKEY}
-LDADD=	-lutil -lcrypt -lskey
+SRCS=	login.c login_access.c login_fbtab.c
+
 CFLAGS+=-DLOGIN_ACCESS -DSKEY -DLOGALL
 
-.if exists(${DESTDIR}/usr/lib/libkrb.a) && (defined(MAKE_KERBEROS) \
-	|| defined(MAKE_EBONES))
+DPADD=	${LIBUTIL} ${LIBCRYPT} ${LIBSKEY} ${LIBMD}
+LDADD=	-lutil -lcrypt -lskey -lmd
+
+.if exists(${DESTDIR}/usr/lib/libkrb.a) && \
+	(defined(MAKE_KERBEROS) || defined(MAKE_EBONES))
 CFLAGS+=-DKERBEROS
 SRCS+=	klogin.c
 DPADD+=	${LIBKRB} ${LIBDES}
@@ -22,4 +24,3 @@ BINMODE=4555
 INSTALLFLAGS=-fschg
 
 .include <bsd.prog.mk>
-
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index f240b1ba848f..a3b2683fc6b8 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -68,6 +68,10 @@ static char sccsid[] = "@(#)login.c	8.4 (Berkeley) 4/2/94";
 #include <unistd.h>
 #include <utmp.h>
 
+#ifdef	SKEY
+#include <skey.h>
+#endif
+
 #include "pathnames.h"
 
 void	 badlogin __P((char *));
@@ -125,7 +129,6 @@ main(argc, argv)
 	char full_hostname[MAXHOSTNAMELEN];
 #ifdef	SKEY
 	int permit_passwd = 0;
-	char *skey_getpass(), *skey_crypt();
 #endif
 
 	(void)signal(SIGALRM, timedout);
@@ -259,7 +262,8 @@ main(argc, argv)
 
 #ifdef	SKEY
 		permit_passwd = skeyaccess(username, tty, 
-					   hostname ? full_hostname : NULL);
+					   hostname ? full_hostname : NULL,
+					   NULL);
 		p = skey_getpass("Password:", pwd, permit_passwd);
 		ep = skey_crypt(p, salt, pwd, permit_passwd);
 #else
diff --git a/usr.bin/su/Makefile b/usr.bin/su/Makefile
index c353734dd7e8..f9b61b1a9966 100644
--- a/usr.bin/su/Makefile
+++ b/usr.bin/su/Makefile
@@ -1,12 +1,12 @@
 #	@(#)Makefile	8.1 (Berkeley) 7/19/93
 
 PROG=	su
-LDADD=	-lcrypt -lskey
-DPADD=	${LIBCRYPT} ${LIBSKEY}
-SRCS=	su.c login_skey.c
+SRCS=	su.c
+
 CFLAGS+=-DSKEY
 
-.PATH:	${.CURDIR}/../login
+LDADD=	-lcrypt -lskey -lmd
+DPADD=	${LIBCRYPT} ${LIBSKEY} ${LIBMD}
 
 .if exists(${DESTDIR}/usr/lib/libkrb.a) && (defined(MAKE_KERBEROS) \
 	|| defined(MAKE_EBONES))
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index 1928d1ee4a22..244a6954c582 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -56,6 +56,10 @@ static char sccsid[] = "@(#)su.c	8.3 (Berkeley) 4/2/94";
 #include <syslog.h>
 #include <unistd.h>
 
+#ifdef	SKEY
+#include <skey.h>
+#endif
+
 #ifdef KERBEROS
 #include <kerberosIV/des.h>
 #include <kerberosIV/krb.h>
@@ -68,10 +72,6 @@ int use_kerberos = 1;
 #define	ARGSTR	"-flm"
 #endif
 
-#ifdef	SKEY
-char	*skey_crypt(), *skey_getpass();
-#endif
-
 char   *ontty __P((void));
 int	chshell __P((char *));