d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade to OPIE 2.32, from http://www.inner.net/pub/opie/

Browse Source
This commit is contained in:
Kris Kennaway 2000-04-10 11:09:42 +00:00
parent 32fb311063
commit dd9cf0235c
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/opie/dist/; revision=59118
69 changed files with 629 additions and 527 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
contrib/opie/BUG-REPORT
View File

@ -1,6 +1,9 @@
OPIE Software Distribution, Release 2.31 Bug Reporting Form
OPIE Software Distribution, Release 2.32 Bug Reporting Form
======================================== ==================
Before submitting a bug report, please check the README file and make
sure that your "bug" is not a known problem.
Please make a copy of this file and then edit it with your favorite
text editor to include the answers to the following questions:
@ -8,9 +11,9 @@ text editor to include the answers to the following questions:
If you can provide multiple addresses, please do so in case we
are unable to reply to the first one.
2. Your exact operating system vendor, name, and version number.
Please be more specific than "UNIX" -- most vendors have a name
for their particular flavor of UNIX.
2. Your exact operating system vendor, name, and version number. If available,
please provide the output of "uname -a" and/or the version of your C
runtime library. Please be more specific than "UNIX".
3. The exact hardware the system was installed upon.
@ -73,7 +76,7 @@ Copyright
=========
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/INSTALL
View File

@ -75,7 +75,7 @@ Copyright
=========
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/Makefile.in
View File

@ -2,7 +2,7 @@
# Makefile.source and Makefile: Directions for building and installing OPIE.
#
# %%% portions-copyright-cmetz-96
# Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
# Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
# Reserved. The Inner Net License Version 2 applies to these portions of
# the software.
# You should have received a copy of the license with this software. If

28
contrib/opie/README
View File

@ -1,4 +1,4 @@
OPIE Software Distribution, Release 2.31 Important Information
OPIE Software Distribution, Release 2.32 Important Information
======================================== =====================
Introduction
@ -75,6 +75,13 @@ original Bellcore S/Key(tm) Version 1 software:
A Glance at What's New
======================
2.32 January 1, 1998.
Indicate support for extended responses in challenges and check for
such indication before generating any extended responses.
Lots of portability and bug fixes.
2.31 March 20, 1997.
Removed active attack protection support due to patent problems.
@ -225,6 +232,10 @@ it easier to coordinate bug hunting.
Gotchas
=======
Solaris 2.x is just a lose. It does a lot of nonstandard and downright
broken things. If you want OPIE to be reliable on your box, upgrade to NetBSD
or Linux.
While an almost universal "feature", most people remain unaware that
an intruder can log into a system, then log in again by running the "login"
command from a shell. Because the second login is from the local host, the
@ -324,9 +335,7 @@ and reasonable getty sources (try sunsite.unc.edu:/pub/Linux/system/Serial, at
least one of agetty, mingetty, and getty_ps should work) and replacing the
Solaris versions with these. OPIE should work *much* more happily with these
programs than the ones that come with Solaris. However, there could be negative
side effects -- this is not a procedure recommended for the faint of heart. An
even more drastic solution more likely to make OPIE happy is to install Linux
or NetBSD on your box ;)
side effects -- this is not a procedure recommended for the faint of heart.
OPIE is a lot more fussy than it used to be about lock files and where
it puts them. The lock file directory must be a directory used only for OPIE
@ -387,22 +396,31 @@ community effort. These contributors include:
Mowgli Assor
Lawrie Brown
Andrew Davis
Dennis Glatting
Ben Golding
Axel Grewe
"Hobbit"
Kojima Hajime
Darren Hosking
Matt Hucke
Charles Karney
Jeff Kletsky
Martijn Koster
Osamu Kurati
Ayamura Kikuchi
Ronald van der Meer
Hiroshi Nakano
Ikuo Nakagawa
Angelo Neri
C. R. Oldham
D. Jason Penney
John Perkins
Steve Price
Jim Simmons
Steve Simmons
Brad Smith
Werner Wiethege
Ken-ichi Yamasaki
Wietse Venema
OPIE development at NRL was sponsored by the Information Security
@ -427,7 +445,7 @@ trademarked by anyone.
Copyrights
==========
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/acconfig.h
View File

@ -1,7 +1,7 @@
/* acconfig.h: Extra commentary for Autoheader
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

3
contrib/opie/config.h.in
View File

@ -176,9 +176,6 @@
/* Defined if su should not switch to disabled accounts */
#undef SU_STAR_CHECK
/* Defined if user locking is to be used */
#undef USER_LOCKING
/* Define if you have the bcopy function. */
#undef HAVE_BCOPY

510
contrib/opie/configure vendored
View File

File diff suppressed because it is too large Load Diff

32
contrib/opie/configure.in
View File

@ -1,7 +1,7 @@
dnl configure.in: Input for Autoconf
dnl
dnl %%% portions-copyright-cmetz-96
dnl Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
dnl Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
dnl Reserved. The Inner Net License Version 2 applies to these portions of
dnl the software.
dnl You should have received a copy of the license with this software. If
@ -14,6 +14,9 @@ dnl License Agreement applies to this software.
dnl
dnl History:
dnl
dnl Modified by cmetz for OPIE 2.32. Substitute default for LOCK_DIR.
dnl Fix the --disable-user-locking bug. AC_DEFINE variables to 1.
dnl Really check for ut_host.
dnl Modified by cmetz for OPIE 2.31. Put back manual utmp[x]/wtmp[x]
dnl checks -- too many OSs can't be trusted to tell us where they are.
dnl Check for sys/select.h. Spell endutent right. Replace strtoul()
@ -48,31 +51,30 @@ ACCESS_FILE="$enable_access_file"
AC_SUBST(ACCESS_FILE)
AC_ARG_ENABLE(server-md4, [ --enable-server-md4 Use MD4 instead of MD5 for the server], AC_DEFINE(MDX, 4), AC_DEFINE(MDX, 5))
set do_user_locking=1;
AC_ARG_ENABLE(user-locking, [ --disable-user-locking Disable user locking
--enable-user-locking[=DIR]
Put user lock files in DIR [/etc/opielocks]],, set do_user_locking=0)
if $do_user_locking;
Put user lock files in DIR [/etc/opielocks]],,)
if test "$enable_user_locking" != no;
then
AC_DEFINE(USER_LOCKING)
if test -z "$enable_user_locking"
then
AC_DEFINE(OPIE_LOCK_DIR, "/etc/opielocks")
LOCK_DIR="/etc/opielocks"
else
AC_DEFINE_UNQUOTED(OPIE_LOCK_DIR, "$enable_user_locking")
LOCK_DIR="$enable_user_locking"
fi
fi
LOCK_DIR="$enable_user_locking"
AC_SUBST(LOCK_DIR)
AC_ARG_ENABLE(retype, [ --enable-retype Ask users to re-type their secret pass phrases], AC_DEFINE(RETYPE))
AC_ARG_ENABLE(su-star-check, [ --enable-su-star-check Refuse to switch to disabled accounts], AC_DEFINE(SU_STAR_CHECK))
AC_ARG_ENABLE(new-prompts, [ --disable-new-prompts Use more compatible (but less informative) prompts],, AC_DEFINE(NEW_PROMPTS))
AC_ARG_ENABLE(retype, [ --enable-retype Ask users to re-type their secret pass phrases], AC_DEFINE(RETYPE, 1))
AC_ARG_ENABLE(su-star-check, [ --enable-su-star-check Refuse to switch to disabled accounts], AC_DEFINE(SU_STAR_CHECK, 1))
AC_ARG_ENABLE(new-prompts, [ --disable-new-prompts Use more compatible (but less informative) prompts],, AC_DEFINE(NEW_PROMPTS, 1))
AC_ARG_ENABLE(insecure-override, [ --enable-insecure-override
Allow users to override insecure checks], AC_DEFINE(INSECURE_OVERRIDE))
AC_ARG_ENABLE(anonymous-ftp, [ --enable-anonymous-ftp Enable anonymous FTP support], AC_DEFINE(DOANONYMOUS) echo "Enabling anonymous FTP support in ftp -- don't say we didn't warn you!")
AC_ARG_ENABLE(utmp, [ --disable-utmp Disable utmp logging], AC_DEFINE(DISABLE_UTMP) echo "Disabling utmp logging")
AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable wtmp logging], AC_DEFINE(DISABLE_UTMP) echo "Disabling wtmp logging")
Allow users to override insecure checks], AC_DEFINE(INSECURE_OVERRIDE, 1))
AC_ARG_ENABLE(anonymous-ftp, [ --enable-anonymous-ftp Enable anonymous FTP support], AC_DEFINE(DOANONYMOUS, 1) echo "Enabling anonymous FTP support in ftp -- don't say we didn't warn you!")
AC_ARG_ENABLE(utmp, [ --disable-utmp Disable utmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "Disabling utmp logging")
AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable wtmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "Disabling wtmp logging")
dnl Checks for programs.
AC_PROG_CC
@ -479,7 +481,9 @@ AC_TRY_COMPILE([#include <sys/types.h>
dnl AC_MSG_CHECKING(for ut_user in struct utmp)
dnl AC_TRY_COMPILE([#include <sys/types.h>
dnl #include <utmp.h>], [struct utmp foo; return (int)foo.ut_user[0];], AC_DEFINE(HAVE_UT_USER) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
AC_DEFINE(HAVE_UT_HOST)
AC_MSG_CHECKING(for ut_host in struct utmp)
AC_TRY_COMPILE([#include <sys/types.h>
#include <utmp.h>], [struct utmp foo; return (int)foo.ut_host[0];], AC_DEFINE(HAVE_UT_HOST) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
dnl Checks for library functions.
dnl AC_PROG_GCC_TRADITIONAL

2
contrib/opie/ftpcmd.y
View File

@ -1,7 +1,7 @@
/* ftpcmd.y: yacc parser for the FTP daemon.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

5
contrib/opie/glob.c
View File

@ -1,7 +1,7 @@
/* glob.c: The csh et al glob pattern matching routines.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
@ -13,6 +13,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.32. Remove include of dirent.h here; it's
done already (and conditionally) in opie_cfg.h.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
Remove useless strings. Prototype right.
Modified at NRL for OPIE 2.0.
@ -62,7 +64,6 @@ License Agreement applies to this software.
#endif /* HAVE_SYS_PARAM_H */
#include <sys/stat.h>
#include <dirent.h>
#if HAVE_PWD_H
#include <pwd.h>
#endif /* HAVE_PWD_H */

2
contrib/opie/libmissing/Makefile.in
View File

@ -2,7 +2,7 @@
# Makefile.in/Makefile: Directions for building libmissing.
#
# %%% copyright-cmetz-96
# This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
# This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
# The Inner Net License Version 2 applies to this software.
# You should have received a copy of the license with this software. If
# you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/libmissing/endutent.c
View File

@ -1,7 +1,7 @@
/* endutent.c: A replacement for the endutent function
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

8
contrib/opie/libmissing/getutline.c
View File

@ -1,13 +1,15 @@
/* getutline.c: A replacement for the getutline() function
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.32. Fixed check for fread() return
value.
Modified by cmetz for OPIE 2.31. If the OS won't tell us where
_PATH_UTMP is, play the SVID game, then use
Autoconf-discovered values.
@ -41,14 +43,14 @@ struct utmp *getutline FUNCTION((utmp), struct utmp *utmp)
if (i = ttyslot()) {
if (fseek(f, i * sizeof(struct utmp), SEEK_SET) < 0)
goto ret;
if (fread(&u, sizeof(struct utmp), 1, f) != sizeof(struct utmp))
if (fread(&u, sizeof(struct utmp), 1, f) != 1)
goto ret;
fclose(f);
return &u;
}
#endif /* HAVE_TTYSLOT */
while(fread(&u, sizeof(struct utmp), 1, f) == sizeof(struct utmp)) {
while(fread(&u, sizeof(struct utmp), 1, f) == 1) {
if (!strncmp(utmp->ut_line, u.ut_line, sizeof(u.ut_line) - 1)) {
fclose(f);
return &u;

6
contrib/opie/libmissing/pututline.c
View File

@ -1,13 +1,15 @@
/* pututline.c: A replacement for the pututline() function
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.32. Fixed check for fread() return
value.
Modified by cmetz for OPIE 2.31. If the OS won't tell us where
_PATH_UTMP is, use Autoconf-discovered values.
Created by cmetz for OPIE 2.3.
@ -40,7 +42,7 @@ void pututline FUNCTION((utmp), struct utmp *utmp)
}
#endif /* HAVE_TTYSLOT */
while(fread(&u, sizeof(struct utmp), 1, f) == sizeof(struct utmp)) {
while(fread(&u, sizeof(struct utmp), 1, f) == 1) {
if (!strncmp(utmp->ut_line, u.ut_line, sizeof(u.ut_line) - 1)) {
if ((i = ftell(f)) < 0)
goto ret;

2
contrib/opie/libmissing/setutent.c
View File

@ -1,7 +1,7 @@
/* setutent.c: A replacement for the setutent function
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/libopie/Makefile.in
View File

@ -2,7 +2,7 @@
# Makefile.in/Makefile: Directions for building libopie.
#
# %%% copyright-cmetz-96
# This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
# This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
# The Inner Net License Version 2 applies to this software.
# You should have received a copy of the license with this software. If
# you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/libopie/accessfile.c
View File

@ -2,7 +2,7 @@
overrides.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/libopie/atob8.c
View File

@ -1,7 +1,7 @@
/* atob8.c: The opieatob8() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/libopie/btoa8.c
View File

@ -1,7 +1,7 @@
/* btoa8.c: The opiebtoa8() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/libopie/btoe.c
View File

@ -3,7 +3,7 @@
64 bit OTP.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/libopie/btoh.c
View File

@ -1,7 +1,7 @@
/* btoh.c: The opiebtoh() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

6
contrib/opie/libopie/challenge.c
View File

@ -1,7 +1,7 @@
/* challenge.c: The opiechallenge() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.32. Added extended response set
identifier to the challenge.
Modified by cmetz for OPIE 2.3. Use opie_ prefix. Send debug info to
syslog. Add sha plumbing.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
@ -68,7 +70,7 @@ int opiechallenge FUNCTION((mp, name, ss), struct opie *mp AND char *name AND ch
opierandomchallenge(ss);
memset(mp, 0, sizeof(*mp));
} else
sprintf(ss, "otp-%s %d %s", algids[MDX], mp->opie_n - 1, mp->opie_seed);
sprintf(ss, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed);
return rval;
}

32
contrib/opie/libopie/generator.c
View File

@ -1,7 +1,7 @@
/* generator.c: The opiegenerator() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -9,15 +9,21 @@ you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.32. If secret=NULL, always return
as if opieauto returned "get the secret". Renamed
_opieparsechallenge() to __opieparsechallenge(). Check
challenge for extended response support and don't send
an init-hex response if extended response support isn't
indicated in the challenge.
Modified by cmetz for OPIE 2.31. Renamed "init" to "init-hex".
Removed active attack protection support. Fixed fairly
bug in how init response was computed (i.e., dead wrong).
Removed active attack protection support. Fixed fairly
bug in how init response was computed (i.e., dead wrong).
Modified by cmetz for OPIE 2.3. Use _opieparsechallenge(). ifdef
around string.h. Output hex responses by default, output
OTP re-init extended responses (same secret) if sequence
number falls below 10.
around string.h. Output hex responses by default, output
OTP re-init extended responses (same secret) if sequence
number falls below 10.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
Bug fixes.
Bug fixes.
Created at NRL for OPIE 2.2.
*/
@ -36,26 +42,33 @@ int opiegenerator FUNCTION((buffer, secret, response), char *buffer AND char *se
char *seed;
char key[8];
int i;
int exts;
if (!(buffer = strstr(buffer, "otp-")))
return 1;
buffer += 4;
if (_opieparsechallenge(buffer, &algorithm, &sequence, &seed))
if (__opieparsechallenge(buffer, &algorithm, &sequence, &seed, &exts))
return 1;
if ((sequence < 2) || (sequence > 9999))
return 1;
if (!secret[0])
return 2;
if (opiepasscheck(secret))
return -2;
if (i = opiekeycrunch(algorithm, key, seed, secret))
return i;
if (sequence < 10) {
if (!(exts & 1))
return 1;
{
char newseed[OPIE_SEED_MAX + 1];
char newkey[8];
char *c;
@ -78,6 +91,7 @@ int opiegenerator FUNCTION((buffer, secret, response), char *buffer AND char *se
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
strcat(response, buf);
strcat(response, opiebtoh(buf, newkey));
};
} else {
while (sequence-- != 0)
opiehash(key, algorithm);

2
contrib/opie/libopie/getsequence.c
View File

@ -1,7 +1,7 @@
/* getsequence.c: The opiegetsequence() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/libopie/getutmpentry.c
View File

@ -1,7 +1,7 @@
/* getutmpentry.c: The __opiegetutmpentry() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/libopie/hash.c
View File

@ -1,7 +1,7 @@
/* hash.c: The opiehash() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/libopie/hashlen.c
View File

@ -1,7 +1,7 @@
/* hashlen.c: The opiehashlen() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

54
contrib/opie/libopie/insecure.c
View File

@ -1,7 +1,7 @@
/* insecure.c: The opieinsecure() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -118,34 +118,36 @@ int opieinsecure FUNCTION_NOARGS
};
#if HAVE_UT_HOST
memset(&utmp, 0, sizeof(struct utmp));
{
int i = __opiegetutmpentry(ttyname(0), &utmp);
endutent();
if (!i && utmp.ut_host[0]) {
insecure = 1;
if (isatty(0)) {
memset(&utmp, 0, sizeof(struct utmp));
{
int i = __opiegetutmpentry(ttyname(0), &utmp);
endutent();
if (!i && utmp.ut_host[0]) {
insecure = 1;
if (s = strchr(utmp.ut_host, ':')) {
int n = s - utmp.ut_host;
if (!n)
insecure = 0;
else
if (display_name) {
if (!strncmp(utmp.ut_host, display_name, n))
insecure = 0;
if (s = strchr(utmp.ut_host, ':')) {
int n = s - utmp.ut_host;
if (!n)
insecure = 0;
else
if (display_name) {
if (!strncmp(utmp.ut_host, display_name, n))
insecure = 0;
#ifdef SOLARIS
else
if (s = strchr(utmp.ut_host, ' ')) {
*s = ':';
if (s = strchr(s + 1, ' '))
*s = '.';
if (!strncmp(utmp.ut_host, display_name, n))
insecure = 0;
}
else
if (s = strchr(utmp.ut_host, ' ')) {
*s = ':';
if (s = strchr(s + 1, ' '))
*s = '.';
if (!strncmp(utmp.ut_host, display_name, n))
insecure = 0;
}
#endif /* SOLARIS */
}
}
}
}
}
}
};
};
#endif /* HAVE_UT_HOST */
if (insecure)

2
contrib/opie/libopie/keycrunch.c
View File

@ -1,7 +1,7 @@
/* keycrunch.c: The opiekeycrunch() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/libopie/lock.c
View File

@ -1,7 +1,7 @@
/* lock.c: The opielock() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/libopie/login.c
View File

@ -1,7 +1,7 @@
/* login.c: The opielogin() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

18
contrib/opie/libopie/logwtmp.c
View File

@ -1,7 +1,7 @@
/* logwtmp.c: Put an entry in the wtmp file.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,11 +14,14 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.32. Don't leave line=NULL, skip
past /dev/ in line. Fill in ut_host on systems with UTMPX and
ut_host.
Modified by cmetz for OPIE 2.31. Move wtmp log functions here, to
improve portability. Added DISABLE_WTMP.
improve portability. Added DISABLE_WTMP.
Modified by cmetz for OPIE 2.22. Call gettimeofday() properly.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
Ifdef around some headers. Added file close hook.
Ifdef around some headers. Added file close hook.
Modified at NRL for OPIE 2.1. Set process type for HPUX.
Modified at NRL for OPIE 2.0.
Originally from BSD.
@ -124,7 +127,10 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c
#if DOUTMPX && defined(_PATH_WTMPX)
close(fdx);
#endif /* DOUTMPX && defined(_PATH_WTMPX) */
}
line = "";
} else
if (!strncmp(line, "/dev/", 5))
line += 5;
if (fd < 0 && (fd = open(_PATH_WTMP, O_WRONLY | O_APPEND, 0)) < 0)
return;
@ -137,9 +143,9 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c
#endif /* HAVE_UT_PID */
strncpy(ut.ut_line, line, sizeof(ut.ut_line));
strncpy(ut.ut_name, name, sizeof(ut.ut_name));
#if !DOUTMPX
#if HAVE_UT_HOST
strncpy(ut.ut_host, host, sizeof(ut.ut_host));
#endif /* !DOUTMPX */
#endif /* HAVE_UT_HOST */
time(&ut.ut_time);
if (write(fd, (char *) &ut, sizeof(struct utmp)) !=
sizeof(struct utmp))

2
contrib/opie/libopie/lookup.c
View File

@ -1,7 +1,7 @@
/* lookup.c: The opielookup() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/libopie/md4c.c
View File

@ -1,7 +1,7 @@
/* md4c.c: "RSA Data Security, Inc. MD4 Message-Digest Algorithm"
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/libopie/md5c.c
View File

@ -2,7 +2,7 @@
"derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm"
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

12
contrib/opie/libopie/newseed.c
View File

@ -1,13 +1,14 @@
/* newseed.c: The opienewseed() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.32. Added syslog.h if DEBUG.
Modified by cmetz for OPIE 2.31. Added time.h.
Created by cmetz for OPIE 2.22.
*/
@ -27,6 +28,9 @@ you didn't get a copy, you may request one from <license@inner.net>.
#include <sys/utsname.h>
#endif /* HAVE_SYS_UTSNAME_H */
#include <errno.h>
#if DEBUG
#include <syslog.h>
#endif /* DEBUG */
#include "opie.h"
int opienewseed FUNCTION((seed), char *seed)
@ -87,9 +91,9 @@ int opienewseed FUNCTION((seed), char *seed)
struct utsname utsname;
if (uname(&utsname) < 0) {
#if 0
perror("uname");
#endif /* 0 */
#if DEBUG
syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno), errno);
#endif /* DEBUG */
utsname.nodename[0] = 'k';
utsname.nodename[1] = 'e';
}

2
contrib/opie/libopie/open.c
View File

@ -1,7 +1,7 @@
/* open.c: The __opieopen() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

16
contrib/opie/libopie/parsechallenge.c
View File

@ -1,13 +1,15 @@
/* parsechallenge.c: The _opieparsechallenge() library function.
/* parsechallenge.c: The __opieparsechallenge() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.32. Check for extended response sets.
Change prefix to double underscore.
Created by cmetz for OPIE 2.3 using generator.c as a guide.
*/
@ -29,7 +31,7 @@ static struct algorithm algorithms[] = {
{ NULL, 0 },
};
int _opieparsechallenge FUNCTION((buffer, algorithm, sequence, seed), char *buffer AND int *algorithm AND int *sequence AND char **seed)
int __opieparsechallenge FUNCTION((buffer, algorithm, sequence, seed, exts), char *buffer AND int *algorithm AND int *sequence AND char **seed AND int *exts)
{
char *c;
@ -64,7 +66,13 @@ int _opieparsechallenge FUNCTION((buffer, algorithm, sequence, seed), char *buff
}
*seed = buffer;
*c = 0;
*(c++) = 0;
while(*c && !isspace(*c)) c++;
if (*c && !strncmp(c, "ext", 3))
*exts = 1;
else
*exts = 0;
return 0;
}

2
contrib/opie/libopie/passcheck.c
View File

@ -1,7 +1,7 @@
/* passcheck.c: The opiepasscheck() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

14
contrib/opie/libopie/passwd.c
View File

@ -1,13 +1,16 @@
/* passwd.c: The opiepasswd() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.32. Renamed mode to flags. Made flag
values symbolic constants. Added a flag for insecure override
support.
Modified by cmetz for OPIE 2.31. Removed active attack protection
support.
Modified by cmetz for OPIE 2.3. Split most of the function off
@ -20,12 +23,15 @@ you didn't get a copy, you may request one from <license@inner.net>.
#include "opie_cfg.h"
#include "opie.h"
int opiepasswd FUNCTION((old, mode, principal, n, seed, ks), struct opie *old AND int mode AND char *principal AND int n AND char *seed AND char *ks)
int opiepasswd FUNCTION((old, flags, principal, n, seed, ks), struct opie *old AND int flags AND char *principal AND int n AND char *seed AND char *ks)
{
int i;
struct opie opie;
if ((mode & 1) && opieinsecure())
if ((flags & OPIEPASSWD_CONSOLE) && opieinsecure())
#if INSECURE_OVERRIDE
if (!(flags & OPIEPASSWD_FORCE))
#endif /* INSECURE_OVERRIDE */
return -1;
memset(&opie, 0, sizeof(struct opie));
@ -42,7 +48,7 @@ int opiepasswd FUNCTION((old, mode, principal, n, seed, ks), struct opie *old AN
if (ks) {
char key[8];
if (mode & 1) {
if (flags & OPIEPASSWD_CONSOLE) {
if (opiekeycrunch(MDX, key, seed, ks))
return -1;
for (i = n; i; i--)

8
contrib/opie/libopie/randomchallenge.c
View File

@ -1,7 +1,7 @@
/* randomchallenge.c: The opierandomchallenge() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.32. Initialize algids[] with 0s
instead of NULL.
Modified by cmetz for OPIE 2.3. Add sha support.
Modified by cmetz for OPIE 2.22. Don't include stdio.h.
Use opienewseed(). Don't include unneeded headers.
@ -26,7 +28,7 @@ License Agreement applies to this software.
#include "opie_cfg.h"
#include "opie.h"
static char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
static char *algids[] = { 0, 0, 0, "sha1", "md4", "md5" };
/* Generate a random challenge */
/* This could grow into quite a monster, really. Random is good enough for
@ -39,5 +41,5 @@ VOIDRET opierandomchallenge FUNCTION((prompt), char *prompt)
if (opienewseed(buf))
strcpy(buf, "ke4452");
sprintf(prompt, "otp-%s %d %s", algids[MDX], (rand() % 499) + 1, buf);
sprintf(prompt, "otp-%s %d %s ext", algids[MDX], (rand() % 499) + 1, buf);
}

2
contrib/opie/libopie/readpass.c
View File

@ -1,7 +1,7 @@
/* readpass.c: The opiereadpass() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

12
contrib/opie/libopie/readrec.c
View File

@ -1,7 +1,7 @@
/* readrec.c: The __opiereadrec() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
@ -52,8 +52,14 @@ static int parserec FUNCTION((opie), struct opie *opie)
*(c2++) = 0;
if (!(opie->opie_n = atoi(c)))
{
char *c3;
opie->opie_n = strtoul(c, &c3, 10);
if (*c3)
return -1;
};
if (!(c2 = strchr(opie->opie_seed = c2, ' ')))
return -1;
@ -112,7 +118,7 @@ int __opiereadrec FUNCTION((opie), struct opie *opie)
}
if (!opie->opie_principal)
return -1;
goto ret;
{
char *c, principal[OPIE_PRINCIPAL_MAX];

2
contrib/opie/libopie/unlock.c
View File

@ -1,7 +1,7 @@
/* unlock.c: The opieunlock() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

21
contrib/opie/libopie/verify.c
View File

@ -1,13 +1,17 @@
/* verify.c: The opieverify() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.32. Renamed _opieparsechallenge() to
__opieparsechallenge() and handle new argument. Fixed init
response parsing bug.
Modified by cmetz for OPIE 2.31. Renamed "init" to "init-hex".
Modified by cmetz for OPIE 2.31. Renamed "init" and "RESPONSE_INIT"
to "init-hex" and "RESPONSE_INIT_HEX". Removed active attack
protection support.
@ -126,8 +130,6 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
case RESPONSE_INIT_WORD:
{
char *c2;
char newkey[8];
char buf[OPIE_SEED_MAX + 48 + 1];
if (!(c2 = strchr(c, ':')))
goto verret;
@ -165,22 +167,17 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
*(c2++) = 0;
{
int j;
int j, k;
if (_opieparsechallenge(c, &j, &(opie->opie_n), &(opie->opie_seed)) || (j != MDX))
if (__opieparsechallenge(c, &j, &(opie->opie_n), &(opie->opie_seed), &k) || (j != MDX) || k)
goto verret;
}
if (!(c2 = strchr(c = c2, ':')))
goto verret;
*(c2++) = 0;
if (i == RESPONSE_INIT_HEX) {
if (!opieatob8(newkey, c))
if (!opieatob8(key, c2))
goto verret;
} else {
if (opieetob(newkey, c) != 1)
if (opieetob(key, c2) != 1)
goto verret;
}
}

2
contrib/opie/libopie/version.c
View File

@ -1,7 +1,7 @@
/* version.c: The opieversion() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/libopie/writerec.c
View File

@ -1,7 +1,7 @@
/* writerec.c: The __opiewriterec() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/opie.4
View File

@ -1,7 +1,7 @@
.\" opie.4: Overview of the OPIE software.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

9
contrib/opie/opie.h
View File

@ -2,7 +2,7 @@
system that a program might need.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -15,6 +15,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.32. Added symbolic flag names for
opiepasswd(). Added __opieparsechallenge() prototype.
Modified by cmetz for OPIE 2.31. Removed active attack protection.
Modified by cmetz for OPIE 2.3. Renamed PTR to VOIDPTR. Added
re-init key and extension file fields to struct opie. Added
@ -218,5 +220,10 @@ FILE *__opieopen __P((char *, int, int));
#endif /* EOF */
int __opiereadrec __P((struct opie *));
int __opiewriterec __P((struct opie *));
int __opieparsechallenge __P((char *buffer, int *algorithm, int *sequence, char **seed, int *exts));
#endif /* _OPIE */
#define OPIEPASSWD_CONSOLE 1
#define OPIEPASSWD_FORCE 2
#endif /* _OPIE_H */

9
contrib/opie/opie_cfg.h
View File

@ -1,7 +1,7 @@
/* opie_cfg.h: Various configuration-type pieces of information for OPIE.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.32. Include <sys/types.h> before
<dirent.h> to make *BSD happy.
Modified by cmetz for OPIE 2.31. Added 4.4BSD-Lite pathnames.h
definitions from ftpd. Added struct spwd definition and
HAVE_SHADOW logic for SunOS C2 shadow password support.
@ -49,8 +51,8 @@ License Agreement applies to this software.
#ifndef _OPIE_CFG_H
#define _OPIE_CFG_H 1
#define VERSION "2.31"
#define DATE "Thursday, March 20, 1997"
#define VERSION "2.32"
#define DATE "Thursday, January 1, 1998"
#ifndef unix
#define unix 1
@ -66,6 +68,7 @@ License Agreement applies to this software.
#define DOUTMPX 0
#endif /* HAVE_GETUTXLINE && HAVE_UTMPX_H */
#include <sys/types.h>
/* Adapted from the Autoconf hypertext info pages */
#if HAVE_DIRENT_H
#include <dirent.h>

5
contrib/opie/opieftpd.c
View File

@ -1,7 +1,7 @@
/* opieftpd.c: Main program for an FTP daemon.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.32. Remove include of dirent.h here; it's
done already (and conditionally) in opie_cfg.h.
Modified by cmetz for OPIE 2.31. Merged in some 4.4BSD-Lite changes.
Merged in a security fix to BSD-derived ftpds.
Modified by cmetz for OPIE 2.3. Fixed the filename at the top.
@ -111,7 +113,6 @@ License Agreement applies to this software.
#include <arpa/telnet.h>
#include <signal.h>
#include <dirent.h>
#include <fcntl.h>
#if HAVE_TIME_H
#include <time.h>

2
contrib/opie/opiegen.1
View File

@ -1,7 +1,7 @@
.\" opiegen.1: Manual page for the opiegen(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

2
contrib/opie/opiegen.c
View File

@ -2,7 +2,7 @@
library routine.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/opieinfo.1
View File

@ -1,7 +1,7 @@
.\" opieinfo.1: Manual page for the opieinfo(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

2
contrib/opie/opieinfo.c
View File

@ -2,7 +2,7 @@
opieinfo: Print a user's current OPIE sequence number and seed
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/opiekey.1
View File

@ -1,7 +1,7 @@
.\" opiekey.1: Manual page for the opiekey(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

4
contrib/opie/opiekey.c
View File

@ -5,7 +5,7 @@
and outputs a response.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -312,7 +312,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
case RESPONSE_INIT_HEX:
case RESPONSE_INIT_WORD:
if (type == RESPONSE_INIT_HEX) {
strcpy(response, "init:");
strcpy(response, "init-hex:");
strcat(response, opiebtoh(buf, key));
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
strcat(response, buf);

8
contrib/opie/opiekeys.5
View File

@ -1,4 +1,4 @@
.\" opieaccess.5: Manual page describing the /etc/opiekeys file.
.\" opiekeys.5: Manual page describing the /etc/opiekeys file.
.\"
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
@ -7,14 +7,16 @@
.\"
.\" History:
.\"
.\" Modified by cmetz for OPIE 2.32. This is opiekeys.5, not opiekeys.1 or
.\" opieaccess.5.
.\" Written at NRL for OPIE 2.0.
.\"
.ll 6i
.pl 10.5i
.\" @(#)opiekeys.1 2.0 (NRL) 1/10/95
.\" @(#)opiekeys.5 2.0 (NRL) 1/10/95
.\"
.lt 6.0i
.TH OPIEKEYS 1 "January 10, 1995"
.TH OPIEKEYS 5 "January 10, 1995"
.AT 3
.SH NAME
[/etc/]opiekeys \- OPIE database of user key information

2
contrib/opie/opielogin.1
View File

@ -1,7 +1,7 @@
.\" opielogin.1: Manual page for the opielogin(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

208
contrib/opie/opielogin.c
View File

@ -1,7 +1,7 @@
/* opielogin.c: The infamous /bin/login
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,10 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.32. Partially handle environment
variables on the command line (a better implementation is
coming soon). Handle failure to issue a challenge more
gracefully.
Modified by cmetz for OPIE 2.31. Use _PATH_NOLOGIN. Move Solaris
drain bamage kluge after rflag check; it breaks rlogin.
Use TCSAFLUSH instead of TCSANOW (except where it flushes
@ -638,7 +642,8 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
int i;
char *p;
char opieprompt[OPIE_CHALLENGE_MAX + 1];
int pwok, otpok, af_pwok;
int af_pwok;
int authsok;
char *pp;
char buf[256];
int uid;
@ -700,111 +705,104 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
}
#endif /* DEBUG */
/* Some OSs pass environment variables on the command line. All of them except
for TERM get eaten. */
i = argc;
while (--i)
if (strchr(argv[i], '=')) {
#ifdef DEBUG
syslog(LOG_DEBUG, "eating %s", argv[i]);
#endif /* DEBUG */
argc--;
if (!strncmp(argv[i], "TERM=", 5)) {
strncpy(term, &(argv[i][5]), sizeof(term));
term[sizeof(term) - 1] = 0;
#ifdef DEBUG
syslog(LOG_DEBUG, "passed TERM=%s, ouroptind = %d", term, i);
#endif /* DEBUG */
}
}
/* Implement our own getopt()-like functionality, but do so in a much more
strict manner to prevent security problems. */
for (ouroptind = 1; ouroptind < argc; ouroptind++) {
i = 0;
if (argv[ouroptind])
if (argv[ouroptind][0] == '-')
if (i = argv[ouroptind][1])
if (!argv[ouroptind][2])
switch (i) {
case 'd':
if (++ouroptind == argc)
exit(1);
if (!argv[ouroptind])
continue;
if (argv[ouroptind][0] == '-') {
char *c = argv[ouroptind] + 1;
while(*c) {
switch(*(c++)) {
case 'd':
if (*c || (++ouroptind == argc))
exit(1);
/* The '-d' option is apparently a performance hack to get around
ttyname() being slow. The potential does exist for it to be used
for malice, and it does not seem to be strictly necessary, so we
will just eat it. */
break;
break;
case 'r':
case 'r':
if (rflag || hflag || fflag) {
fprintf(stderr, "Other options not allowed with -r\n");
exit(1);
}
if (*c || (++ouroptind == argc))
exit(1);
if (!(ouroptarg = argv[ouroptind]))
exit(1);
rflag = -1;
if (!doremotelogin(ouroptarg))
rflag = 1;
strncpy(host, ouroptarg, sizeof(host));
break;
case 'h':
if (!getuid()) {
if (rflag || hflag || fflag) {
printf("Other options not allowed with -r\n");
fprintf(stderr, "Other options not allowed with -h\n");
exit(1);
}
if (++ouroptind == argc)
hflag = 1;
if (*c || (++ouroptind == argc))
exit(1);
ouroptarg = argv[ouroptind];
if (!ouroptarg)
if (!(ouroptarg = argv[ouroptind]))
exit(1);
rflag = -1;
if (!doremotelogin(ouroptarg))
rflag = 1;
strncpy(host, ouroptarg, sizeof(host));
break;
}
break;
case 'h':
if (!getuid()) {
if (rflag || hflag || fflag) {
printf("Other options not allowed with -h\n");
exit(1);
}
hflag = 1;
case 'f':
if (rflag) {
fprintf(stderr, "Only one of -r and -f allowed\n");
exit(1);
}
fflag = 1;
if (++ouroptind == argc)
exit(1);
if (*c || (++ouroptind == argc))
exit(1);
ouroptarg = argv[ouroptind];
if (!(ouroptarg = argv[ouroptind]))
exit(1);
if (!ouroptarg)
exit(1);
strncpy(host, ouroptarg, sizeof(host));
}
break;
strncpy(name, ouroptarg, sizeof(name));
break;
case 'p':
pflag = 1;
break;
};
};
continue;
};
case 'f':
if (rflag) {
printf("Only one of -r and -f allowed\n");
exit(1);
}
fflag = 1;
if (strchr(argv[ouroptind], '=')) {
if (!strncmp(argv[ouroptind], "TERM=", 5)) {
strncpy(term, &(argv[ouroptind][5]), sizeof(term));
term[sizeof(term) - 1] = 0;
#ifdef DEBUG
syslog(LOG_DEBUG, "passed TERM=%s, ouroptind = %d", term, ouroptind);
#endif /* DEBUG */
} else {
#ifdef DEBUG
syslog(LOG_DEBUG, "eating %s, ouroptind = %d", argv[ouroptind], ouroptind);
#endif /* DEBUG */
};
continue;
};
if (++ouroptind == argc)
exit(1);
ouroptarg = argv[ouroptind];
if (!ouroptarg)
exit(1);
strncpy(name, ouroptarg, sizeof(name));
break;
case 'p':
pflag = 1;
break;
} else
i = 0;
if (!i) {
ouroptarg = argv[ouroptind++];
strncpy(name, ouroptarg, sizeof(name));
break;
}
}
strncpy(name, argv[ouroptind], sizeof(name));
};
#ifdef TIOCNXCL
/* BSDism: not sure how to rewrite for POSIX. rja */
@ -1063,6 +1061,7 @@ completeness, but these are set within appropriate defines for portability. */
if (invalid && !name[0]) {
getloginname();
invalid = lookupuser();
authsok = 0;
}
#ifdef DEBUG
syslog(LOG_DEBUG, "login name is +%s+, of length %d, [0] = %d", name, strlen(name), name[0]);
@ -1092,11 +1091,9 @@ completeness, but these are set within appropriate defines for portability. */
if ((i < 0) || (i > 1)) {
syslog(LOG_ERR, "error: opiechallenge() returned %d, errno=%d!\n", i, errno);
fprintf(stderr, "System error; can't issue challenge!\n");
otpok = 0;
} else {
printf("%s\n", opieprompt);
otpok = 1;
authsok |= 1;
}
if (!memcmp(&thisuser, &nouser, sizeof(thisuser)))
@ -1107,28 +1104,29 @@ completeness, but these are set within appropriate defines for portability. */
syslog(LOG_WARNING, "Invalid login attempt for %s on %s.",
name, tty);
pwok = af_pwok && opiealways(thisuser.pw_dir);
if (af_pwok && opiealways(thisuser.pw_dir))
authsok |= 2;
#if DEBUG
syslog(LOG_DEBUG, "af_pwok = %d, pwok = %d", af_pwok, pwok);
syslog(LOG_DEBUG, "af_pwok = %d, authsok = %d", af_pwok, authsok);
#endif /* DEBUG */
if (!pwok && !otpok) {
fprintf(stderr, "Can't authenticate %s!\n", name);
exit(1);
}
if (!authsok)
syslog(LOG_ERR, "no authentication methods are available for %s!", name);
#if NEW_PROMPTS
if (otpok)
if ((authsok & 1) || !authsok)
printf("Response");
if (otpok && pwok)
if (((authsok & 3) == 3) || !authsok)
printf(" or ");
if (pwok)
if ((authsok & 2) || !authsok)
printf("Password");
printf(": ");
if (!opiereadpass(buf, sizeof(buf), !pwok))
fflush(stdout);
if (!opiereadpass(buf, sizeof(buf), !(authsok & 2)))
invalid = TRUE;
#else /* NEW_PROMPTS */
if (!pwok)
if (!(authsok & 1) && authsok)
printf("(OTP response required)\n");
printf("Password:");
fflush(stdout);
@ -1136,8 +1134,8 @@ completeness, but these are set within appropriate defines for portability. */
invalid = TRUE;
#endif /* NEW_PROMPTS */
if (!buf[0] && otpok) {
pwok = 0;
if (!buf[0] && (authsok & 1)) {
authsok &= ~2;
/* Null line entered, so display appropriate prompt & flush current
data. */
#if NEW_PROMPTS
@ -1149,7 +1147,7 @@ completeness, but these are set within appropriate defines for portability. */
invalid = TRUE;
}
if (otpok) {
if (authsok & 1) {
i = opiegetsequence(&opie);
opiepassed = !opieverify(&opie, buf);
@ -1159,7 +1157,7 @@ completeness, but these are set within appropriate defines for portability. */
}
if (!invalid) {
if (otpok && opiepassed) {
if ((authsok & 1) && opiepassed) {
if (i < 10) {
printf("Warning: Re-initialize your OTP information");
if (i < 5)
@ -1167,7 +1165,7 @@ completeness, but these are set within appropriate defines for portability. */
printf("\n");
}
} else {
if (pwok) {
if (authsok & 2) {
pp = crypt(buf, thisuser.pw_passwd);
invalid = strcmp(pp, thisuser.pw_passwd);
} else

2
contrib/opie/opiepasswd.1
View File

@ -1,7 +1,7 @@
.\" opiepasswd.1: Manual page for the opiepasswd(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

18
contrib/opie/opiepasswd.c
View File

@ -1,7 +1,7 @@
/* opiepasswd.c: Add/change an OTP password in the key database.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of
hard coding the length. Unlock user on failed lookup.
Modified by cmetz for OPIE 2.3. Got of some variables and made some
local to where they're used. Split out the finishing code. Use
opielookup() instead of opiechallenge() to find user. Three
@ -110,7 +112,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
{
struct opie opie;
int rval, n = 499, i, mode = MODE_DEFAULT, force = 0;
char seed[18];
char seed[OPIE_SEED_MAX+1];
struct passwd *pp;
memset(seed, 0, sizeof(seed));
@ -126,7 +128,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
opieversion();
case 'f':
#if INSECURE_OVERRIDE
force = 1;
force = OPIEPASSWD_FORCE;
#else /* INSECURE_OVERRIDE */
fprintf(stderr, "Sorry, but the -f option is not supported by this build of OPIE.\n");
#endif /* INSECURE_OVERRIDE */
@ -185,10 +187,10 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
break;
case 2:
fprintf(stderr, "Error: Can't update key database.\n");
exit(1);
finish(NULL);
default:
fprintf(stderr, "Error reading key database\n");
exit(1);
finish(NULL);
}
if (seed[0]) {
@ -308,7 +310,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
finish(NULL);
}
if (!(rval = opiepasswd(&opie, 0, pp->pw_name, n, seed, tmp)))
if (!(rval = opiepasswd(&opie, force, pp->pw_name, n, seed, tmp)))
finish(pp->pw_name);
if (rval < 0) {
@ -326,7 +328,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
fprintf(stderr, "Only use this method from the console; NEVER from remote. If you are using\n");
fprintf(stderr, "telnet, xterm, or a dial-in, type ^C now or exit with no password.\n");
fprintf(stderr, "Then run opiepasswd without the -c parameter.\n");
if (opieinsecure()) {
if (opieinsecure() && !force) {
fprintf(stderr, "Sorry, but you don't seem to be on the console or a secure terminal.\n");
if (force)
fprintf(stderr, "Warning: Continuing could disclose your secret pass phrase to an attacker!\n");
@ -394,7 +396,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
fprintf(stderr, "Sorry, no match.\n");
}
memset(passwd2, 0, sizeof(passwd2));
if (opiepasswd(&opie, 1, pp->pw_name, n, seed, passwd)) {
if (opiepasswd(&opie, 1 | force, pp->pw_name, n, seed, passwd)) {
fprintf(stderr, "Error updating key database.\n");
finish(NULL);
}

2
contrib/opie/opieserv.1
View File

@ -1,7 +1,7 @@
.\" opieserv.1: Manual page for the opieserv(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

2
contrib/opie/opieserv.c
View File

@ -2,7 +2,7 @@
opieverify() library routines.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/opiesu.1
View File

@ -1,7 +1,7 @@
.\" opiesu.c: Manual page for the opiesu(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

11
contrib/opie/opiesu.c
View File

@ -1,7 +1,7 @@
/* opiesu.c: main body of code for the su(1m) program
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.32. Set up TERM and PATH correctly.
Modified by cmetz for OPIE 2.31. Fix sulog(). Replaced Getlogin() with
currentuser. Fixed fencepost error in month printed by sulog().
Modified by cmetz for OPIE 2.3. Limit the length of TERM on full login.
@ -99,7 +100,7 @@ License Agreement applies to this software.
static char userbuf[16] = "USER=";
static char homebuf[128] = "HOME=";
static char shellbuf[128] = "SHELL=";
static char pathbuf[128] = "PATH=";
static char pathbuf[sizeof("PATH") + sizeof(DEFAULT_PATH) - 1] = "PATH=";
static char termbuf[32] = "TERM=";
static char *cleanenv[] = {userbuf, homebuf, shellbuf, pathbuf, 0, 0};
static char *user = "root";
@ -268,7 +269,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
};
};
strcpy(pathbuf, DEFAULT_PATH);
strcat(pathbuf, DEFAULT_PATH);
again:
if (argc > 1 && strcmp(argv[1], "-f") == 0) {
@ -459,8 +460,8 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
if (thisuser.pw_shell && *thisuser.pw_shell)
shell = thisuser.pw_shell;
if (fulllogin) {
if (p = getenv("TERM")) {
strncpy(termbuf, p, sizeof(termbuf));
if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) - 1 < sizeof(termbuf))) {
strcat(termbuf, p);
cleanenv[4] = termbuf;
}
environ = cleanenv;

2
contrib/opie/opietest.c
View File

@ -9,7 +9,7 @@
on your system. The converse is not such a safe statement.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

2
contrib/opie/permsfile.c
View File

@ -2,7 +2,7 @@
functionality to set device permissions on login
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/popen.c
View File

@ -1,7 +1,7 @@
/* popen.c: A "safe" pipe open routine.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If