Commit Graph

25 Commits

Author SHA1 Message Date
Andrey A. Chernov
be71004959 Fix too long (seed length >12 chars) challenge handling.
1) " ext" length should be included into OPIE_CHALLENGE_MAX (as all places
of opie code expects that).
2) Overflow check in challenge.c is off by 1 even with corrected
OPIE_CHALLENGE_MAX
3) When fallback to randomchallenge() happens and rval is 0 (i.e.
challenge is too long), its value should be set to error state too.

To demonstrate the bug, run opiepasswd with valid seed:
opiepasswd -s 1234567890123456
and notice that it falls back to randomchallenge() (i.e. no
1234567890123456 in the prompt).

PR:             191511
Submitted by:   mitsururike@gmail.com (partially)
MFC after:      1 week
2014-08-11 12:26:48 +00:00
Sean Bruno
2f1e5d4767 Queisce two category of clang warnings:
1.  missing explicit includes for string.h, stdio.h, etc
2.  missing explicit declaration for some common functions

I have been unable to contact the upstream maintainer for this patch,
http://www.inner.net/opie appears to be the source of truth but it
unreachable
2013-10-28 18:24:31 +00:00
Eitan Adler
37a6031461 Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in
share/mk/sys.mk instead.

This is part of a medium term project to permit deterministic builds of
FreeBSD.

Submitted by:	Erik Cederstrand <erik@cederstrand.dk>
Reviewed by:	imp, toolchain@
Approved by:	cperciva
MFC after:	2 weeks
2012-12-06 01:31:25 +00:00
Xin LI
9776cb63ad RFC 2289 requires all hashes be stored in little endian format before
folding to 64 bits, while SHA1 code is big endian.  Therefore, a bswap32
is required before using the value.

Without this change, the implementation does not conform to test vector
found in RFC 2289.

PR:		bin/170519
Submitted by:	Arthur Mesh <arthurmesh gmail com> (with changes)
MFC after:	1 week
2012-08-10 04:48:58 +00:00
Colin Percival
8fd6c56d29 Change the current working directory to be inside the jail created by
the jail(8) command. [10:04]

Fix a one-NUL-byte buffer overflow in libopie. [10:05]

Correctly sanity-check a buffer length in nfs mount. [10:06]

Approved by:	so (cperciva)
Approved by:	re (kensmith)
Security:	FreeBSD-SA-10:04.jail
Security:	FreeBSD-SA-10:05.opie
Security:	FreeBSD-SA-10:06.nfsclient
2010-05-27 03:15:04 +00:00
Ed Schouten
7845988449 Don't include <utmp.h> when using <utmpx.h>.
libopie includes both <utmp.h> and <utmpx.h> in this case and uses some
#defines to let the code use struct utmpx and its utility functions.
We'd better not include <utmp.h> here, because maybe it will not be
present in the future.
2010-01-11 16:27:56 +00:00
Andrey A. Chernov
85ca5e684e Create /etc/opiekeys with 0600, not 0644
PR:     84221
2005-07-29 09:59:24 +00:00
Dag-Erling Smørgrav
5da7cece45 When computing a new seed for an existing user, opienewseed() would
incorrectly compute the length of the numeric portion of the previous
seed, causing the new seed to be one character shorter than the old
one.

This patch has been submitted to the vendor; I'm committing it right
away since the file is already off the vendor branch.

MFC after:	3 days
2003-01-22 10:55:36 +00:00
Mark Murray
f4083b2413 Resolve conflicts. 2002-03-21 23:42:52 +00:00
Mark Murray
7b0f9607c9 This commit was generated by cvs2svn to compensate for changes in r92906,
which included commits to RCS files with non-trunk default branches.
2002-03-21 22:50:02 +00:00
Mark Murray
cfb697297a Vendor import of OPIE 2.4 2002-03-21 22:50:02 +00:00
Andrey A. Chernov
9df24552a0 Zeroing memset() in opiechallenge() really is not needed because it is the
very first thing immediately following opielookup() does being entered, i.e.
look at this:

int opielookup FUNCTION((opie, principal), struct opie *opie AND char
*principal
)
{
  int i;

  memset(opie, 0, sizeof(struct opie));
...
2002-01-24 22:19:21 +00:00
Andrey A. Chernov
eac68b24dc Add heuristic to detect SSH connection (in the same style as other
heuristics already here which not supposed to be secure, just helpers).

Approved by:	security@ silence
2001-08-29 13:17:02 +00:00
Mark Murray
c7ff6083f9 Fix SHA1 hashing. 2001-07-14 08:30:54 +00:00
Kris Kennaway
bf1d0435ca Allow applications to disable the installation of the atexit() handler
which cleans up OPIE lockfiles. This is required for pam_opie.

Submitted by:   Jim Bloom <bloom@acm.org>
2000-04-17 00:01:23 +00:00
Kris Kennaway
0d845f9706 Resolve conflicts 2000-04-10 11:18:54 +00:00
Kris Kennaway
dd9cf0235c Upgrade to OPIE 2.32, from http://www.inner.net/pub/opie/ 2000-04-10 11:09:42 +00:00
Kris Kennaway
46c66b6f15 This commit was generated by cvs2svn to compensate for changes in r59118,
which included commits to RCS files with non-trunk default branches.
2000-04-10 11:09:42 +00:00
Bruce Evans
9f15c7ece5 Fixed printf format errors. 1998-06-30 18:06:23 +00:00
Andrey A. Chernov
e9fcc517e1 Merge 1997-09-29 10:33:14 +00:00
Andrey A. Chernov
8fd53644f9 Upgrade to 2.31 1997-09-29 08:53:38 +00:00
Andrey A. Chernov
27544d1f2f This commit was generated by cvs2svn to compensate for changes in r29964,
which included commits to RCS files with non-trunk default branches.
1997-09-29 08:53:38 +00:00
Andrey A. Chernov
6d0f9ab962 Detect null secret as error, it is temp. fix until next release
Submitted by: Craig Metz <cmetz@inner.net>
1997-08-05 23:15:28 +00:00
Paul Traina
049c277a7b Disconnect OPIE from internal MD4/5 routines 1997-02-07 03:44:44 +00:00
Paul Traina
3c491303b5 Initial import of OPIE v2.3 from
ftp://ftp.nrl.navy.mil/pub/security/opie/
1997-02-06 17:52:29 +00:00