This commit was generated by cvs2svn to compensate for changes in r92906,

which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Mark Murray 2002-03-21 22:50:02 +00:00
commit 7b0f9607c9
52 changed files with 1872 additions and 639 deletions

View File

@ -1,11 +1,12 @@
OPIE Software Distribution, Release 2.32 Bug Reporting Form
======================================== ==================
OPIE Software Distribution, Release 2.4 Bug Reporting Form
======================================= ==================
Before submitting a bug report, please check the README file and make
sure that your "bug" is not a known problem.
Please make a copy of this file and then edit it with your favorite
text editor to include the answers to the following questions:
text editor (NOT a word processor; the end result needs to be reasonable ASCII
text) to include the answers to the following questions:
1. Your name and electronic mail address, in case we need more information.
If you can provide multiple addresses, please do so in case we
@ -76,7 +77,7 @@ Copyright
=========
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -1,5 +1,5 @@
OPIE Software Distribution, Release 2.31 Installation Instructions
======================================== =========================
OPIE Software Distribution, Release 2.4 Installation Instructions
======================================= =========================
Did you read the README file?
@ -26,11 +26,102 @@ hole, but a necessary evil for some sites), type:
If you'd like the file to go somewhere else, adjust this appropriately.
There are a number of configure-time options available for OPIE. To
get a list, type:
There are a number of configure-time options available for OPIE. You
probably don't want to change the defaults. To get a complete listing of the
currently available options, type:
sh configure --help
Some options that may be of interest are:
--enable-access-file=FILENAME: Enable the OPIE access file FILENAME
The OPIE access file provides a system administrator with the ability
to make the use of OTP optional for certain hosts. Note that individual
users can create a file named ".opiealways" in their home directory to
require that OTP be used to access to their account. Note also that the
access file is based on addresses, but many of the clients that use it
are only given hostnames. This opens this entire scheme up to DNS
spoofing attacks, which is a major security problem. ALWAYS use a
package such as tcp_wrappers configured to do paranoid checking on DNS
information if you enable this option (it's good practice anyway).
--enable-server-md4: Use MD4 instead of MD5 for the server
The old S/Key package used MD4 instead of MD5. MD4 is believed to be
less secure than MD5. Use this option only for compatibility with old
key files.
--disable-user-locking: Disable user locking
OPIE only allows one session at a time to attempt to authenticate a
principal; this prevents a possible race attack on OTP. This locking
mechanism can cause problems in some applications, in which case you
might want to disable the locking. This option also provides a work-
around if the locking code doesn't work reliably on your system.
--enable-user-locking[=DIR]: Put user lock files in DIR [/etc/opielocks]
The OPIE lock files need to be put in an isolated directory that is
only accessable by the super-user and has a parent directory that is
only writable by the super-user. If you are trying to use OPIE with
the key file shared by NFS, you need to make the lock directory
shared too. (But you read the README file, so you knew this)
--enable-retype: Ask users to re-type their secret pass phrases
On the one hand, this helps prevent users from having to go generate
an OTP, type it into a remote system, and then found out they
mistyped. On the other hand, it's annoying. If this is enabled, users
can simply hit return at the second prompt and the generator will skip
the retype check, which allows users who don't like the retype check
to mostly skip it.
--enable-su-star-check: Refuse to switch to disabled accounts
On many systems, an asterisk means one thing and one thing only: this
account is never meant for human users. Therefore, it doesn't make
much sense for anyone other than an attacker to try to su to that
account. Enabling this check causes su to refuse to switch to
accounts with an asterisk in their password field. While probably
better for security, this is not compatible with traditional *IX su
behavior, so it is disabled by default
--disable-new-prompts: Use more compatible (but less informative) prompts
OPIE uses login prompts that tell you exactly what kind of response
(an OTP response and/or a cleartext password) it expects you to give.
This can break automatic login scripts that look for 'Password:' as
the prompt for the password. If you have users that use such scripts,
you might want to disable the more informative responses so as not to
break those scripts.
--enable-insecure-override: Allow users to override insecure checks
While OPIE cannot determine whether or not a session is secure, it can
check for fairly common signs that it isn't secure. If it believes the
session is insecure, some programs like opiekey will refuse to run
because they prompt the user to send a secret pass phrase. Sometimes
these checks declare a session insecure when it is, and sometimes the
user wants to continue anyway even if the session is insecure. If this
option is enabled, many commands gain a '-f' option to force them to
operate even if OPIE thinks the session is insecure.
--enable-anonymous-ftp Enable anonymous FTP support
By default, the OPIE FTP daemon does not support anonymous FTP
service. The FTP daemon contains many security related bug fixes
relative to the original source, but bugs probably remain. It was not
intended to be used for anonymous FTP, where it is more open to the
commands of potentially hostile users. If you enable this option, it
will once again support anonymous FTP, but it probably isn't secure
when that way.
--disable-utmp Disable utmp logging
--disable-wtmp Disable wtmp logging
On some systems, logging to the utmp and/or wtmp files is just a lost
cause. If this is the case on your system, you might be better off
not having OPIE even try.
--enable-opieauto Enable support for opieauto
opieauto is a facility that caches an intermediate result of the OTP
generator so that a user-selected number of OTPs can be generated on
demand for each time the user types in the secret pass phrase. This
is great for user convenience, as typing a twenty or thirty character
secret pass phrase can be annoying. It can also be a minor security
hole (see the README for details).
2. Edit the Makefile
The Makefile contains some options that you may wish to modify. Also
@ -75,7 +166,7 @@ Copyright
=========
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -2,7 +2,7 @@
# Makefile.source and Makefile: Directions for building and installing OPIE.
#
# %%% portions-copyright-cmetz-96
# Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
# Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
# Reserved. The Inner Net License Version 2 applies to these portions of
# the software.
# You should have received a copy of the license with this software. If
@ -15,6 +15,9 @@
#
# History:
#
# Modified by cmetz for OPIE 2.4. Add libmissing to include header path.
# Renamed realclean to distclean. Added opieauto rules. Made
# system program install more tolerant of non-existent files.
# Modified by cmetz for OPIE 2.31. Moved logwtmp.o into libopie.
# Modified by cmetz for OPIE 2.3. Removed manual config -- it's
# Autoconf or bust. Replaced user configuration options
@ -80,9 +83,9 @@ SHELL=/bin/sh
OWNER=0
GROUP=bin
# Where should the OPIE standard and extended databases be stored?
# Where should the OPIE standard and extended databases be stored?
#
# Some sites might want to put this elsewhere. If you want to use an old
# Some sites might want to put this elsewhere. If you want to use an old
# S/Key database, you should create a link from /etc/skeykeys to /etc/opiekeys.
KEY_FILE=/etc/opiekeys
@ -115,10 +118,11 @@ SU=@SU@
ALT_SU=@ALT_SU@
LOGIN=@LOGIN@
LOCK_DIR=@LOCK_DIR@
OPIEAUTO=@OPIEAUTO@
BACKUP=opie.old
CFLAGS=$(DEBUG)
CFLAGS=$(DEBUG) -Ilibmissing
LFLAGS=-Llibopie -Llibmissing -lopie $(LIBS) -lmissing -lopie
LDEPS=libmissing/libmissing.a libopie/libopie.a
@ -128,17 +132,19 @@ all: client server
ifdefs:
egrep '^#*if*def' *.c *.h | cut -f2 -d: | sort | uniq
client: libopie/libopie.a libmissing/libmissing.a opietest-passed opiekey opiegen
client: libopie/libopie.a libmissing/libmissing.a opietest-passed opiekey opiegen $(OPIEAUTO)
client-install: client
@echo "Installing OPIE client software..."
@echo "Copying OPIE key-related files"
@if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi
@cp opiekey $(LOCALBIN)
@cp opiekey $(OPIEAUTO) $(LOCALBIN)
@$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey
@if test ! -z "$(OPIEAUTO)"; then $(CHOWN) $(OWNER) $(LOCALBIN)/opieauto; fi
@chgrp $(GROUP) $(LOCALBIN)/opiekey
@echo "Changing file permissions"
@chmod 0511 $(LOCALBIN)/opiekey
@if test ! -z "$(OPIEAUTO)"; then chmod 0511 $(LOCALBIN)/opieauto; fi
@echo "Symlinking aliases to opiekey"
@-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4
@-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5
@ -160,32 +166,75 @@ server-install: server
@chmod 0555 $(LOCALBIN)/opieinfo
@chmod 4511 $(LOCALBIN)/opiepasswd
@echo "Installing OPIE system programs..."
@if test ! $(EXISTS) $(LOGIN).$(BACKUP); then echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; mv $(LOGIN) $(LOGIN).$(BACKUP); echo "Clearing permissions on old $(LOGIN)"; chmod 0 $(LOGIN).$(BACKUP); fi
@echo "Copying opielogin to $(LOGIN)"
@cp opielogin $(LOGIN)
@echo "Changing ownership of $(LOGIN)"
@$(CHOWN) $(OWNER) $(LOGIN)
@chgrp $(GROUP) $(LOGIN)
@echo "Changing file permissions of $(LOGIN)"
@chmod 4111 $(LOGIN)
@if test ! $(EXISTS) $(SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(SU) $(SU).$(BACKUP); echo "Clearing permissions on old su"; chmod 0 $(SU).$(BACKUP); fi
@-if test ! -z "$(ALT_SU)"; then if test ! $(EXISTS) $(ALT_SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(ALT_SU) $(ALT_SU).$(BACKUP); fi; echo "Copying opiesu to su"; cp opiesu $(ALT_SU); echo "Changing ownership"; $(CHOWN) $(OWNER) $(ALT_SU); chgrp $(GROUP) $(ALT_SU); echo "Changing file permissions"; chmod 4111 $(ALT_SU); echo "Clearning permissions on old su"; chmod 0 $(ALT_SU).$(BACKUP); fi
@echo "Copying opiesu to su"
@cp opiesu $(SU)
@echo "Changing ownership of su"
@$(CHOWN) $(OWNER) $(SU)
@chgrp $(GROUP) $(SU)
@echo "Changing file permissions of su"
@chmod 4111 $(SU)
@if test ! $(EXISTS) $(FTPD).$(BACKUP); then echo "Renaming existing ftp daemon to $(FTPD).$(BACKUP)"; mv $(FTPD) $(FTPD).$(BACKUP); echo "Clearing permissions on old ftp daemon"; chmod 0 $(FTPD).$(BACKUP); fi
@echo "Copying OPIE ftp daemon"
@cp opieftpd $(FTPD)
@echo "Changing ownership of ftpd"
@$(CHOWN) $(OWNER) $(FTPD)
@chgrp $(GROUP) $(FTPD)
@echo "Changing file permissions of ftpd"
@chmod 0100 $(FTPD)
@echo "Making sure OPIE database file exists"
@if test ! -z $(LOGIN); \
then \
if test ! $(EXISTS) $(LOGIN).$(BACKUP); \
then \
echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; \
mv $(LOGIN) $(LOGIN).$(BACKUP); \
echo "Clearing permissions on $(LOGIN)"; \
chmod 0 $(LOGIN).$(BACKUP); \
fi; \
echo "Copying OPIE login to $(LOGIN)"; \
cp opielogin $(LOGIN); \
echo "Changing ownership of $(LOGIN)"; \
$(CHOWN) $(OWNER) $(LOGIN); \
chgrp $(GROUP) $(LOGIN); \
echo "Changing file permissions of $(LOGIN)"; \
chmod 4111 $(LOGIN); \
fi
@if test ! -z $(SU); \
then \
if test ! $(EXISTS) $(SU).$(BACKUP); \
then \
echo "Renaming existing $(SU) to $(SU).$(BACKUP)"; \
mv $(SU) $(SU).$(BACKUP); \
echo "Clearing permissions on $(SU)"; \
chmod 0 $(SU).$(BACKUP); \
fi; \
echo "Copying OPIE su to $(SU)"; \
cp opiesu $(SU); \
echo "Changing ownership of $(SU)"; \
$(CHOWN) $(OWNER) $(SU); \
chgrp $(GROUP) $(SU); \
echo "Changing file permissions of $(SU)"; \
chmod 4111 $(SU); \
fi
@if test ! -z $(ALT_SU); \
then \
if test ! $(EXISTS) $(ALT_SU).$(BACKUP); \
then \
echo "Renaming existing $(ALT_SU) to $(ALT_SU).$(BACKUP)"; \
mv $(ALT_SU) $(ALT_SU).$(BACKUP); \
echo "Clearing permissions on $(ALT_SU)"; \
chmod 0 $(ALT_SU).$(BACKUP); \
fi; \
echo "Copying OPIE su to $(ALT_SU)"; \
cp opiesu $(ALT_SU); \
echo "Changing ownership of $(ALT_SU)"; \
$(CHOWN) $(OWNER) $(ALT_SU); \
chgrp $(GROUP) $(ALT_SU); \
echo "Changing file permissions of $(ALT_SU)"; \
chmod 4111 $(ALT_SU); \
fi
@if test ! -z $(FTPD); \
then \
if test ! $(EXISTS) $(FTPD).$(BACKUP); \
then \
echo "Renaming existing $(FTPD) to $(FTPD).$(BACKUP)"; \
mv $(FTPD) $(FTPD).$(BACKUP); \
echo "Clearing permissions on $(FTPD).$(BACKUP)"; \
chmod 0 $(FTPD).$(BACKUP); \
fi; \
echo "Copying OPIE ftp daemon to $(FTPD)"; \
cp opieftpd $(FTPD); \
echo "Changing ownership of $(FTPD)"; \
$(CHOWN) $(OWNER) $(FTPD); \
chgrp $(GROUP) $(FTPD); \
echo "Changing file permissions of $(FTPD)"; \
chmod 0100 $(FTPD); \
fi
@echo "Making sure OPIE database file exists";
@touch $(KEY_FILE)
@echo "Changing permissions of OPIE database file"
@chmod 0644 $(KEY_FILE)
@ -230,16 +279,18 @@ libmissing/libmissing.a: libmissing/*.c
clean:
-rm -f *.o opiekey opiegen opielogin opiepasswd opiesu opieftpd
-rm -f opieserv opieinfo opietest *core* opietest-passed
-rm -f opieserv opieinfo opietest opieauto *core* opietest-passed
-rm -f Makefile.munge configure.munger y.tab.c .gdb*
(cd libopie ; $(MAKE) clean)
(cd libmissing ; $(MAKE) clean)
realclean: clean
realclean: distclean
distclean: clean
-rm -f *~ core* "\#*\#" Makefile make.log
-rm -f config.log config.status config.cache config.h
(cd libopie ; $(MAKE) realclean)
(cd libmissing ; $(MAKE) realclean)
(cd libopie ; $(MAKE) distclean)
(cd libmissing ; $(MAKE) distclean)
opiekey: opiekey.o $(LDEPS)
$(CC) $(CFLAGS) opiekey.o $(LFLAGS) -o opiekey
@ -270,3 +321,7 @@ opieinfo: opieinfo.o $(LDEPS)
opietest: opietest.o $(LDEPS)
$(CC) $(CFLAGS) opietest.o $(LFLAGS) -o opietest
opieauto: opieauto.o $(LDEPS)
$(CC) $(CFLAGS) opieauto.o $(LFLAGS) -o opieauto

View File

@ -1,5 +1,5 @@
OPIE Software Distribution, Release 2.32 Important Information
======================================== =====================
OPIE Software Distribution, Release 2.4 Important Information
======================================= =====================
Introduction
============
@ -75,87 +75,104 @@ original Bellcore S/Key(tm) Version 1 software:
A Glance at What's New
======================
2.32 January 1, 1998.
2.4 TEST VERSION -- NOT FOR REDISTRIBUTION
Indicate support for extended responses in challenges and check for
such indication before generating any extended responses.
Merged in opieauto, which is disabled by default.
Lots of portability and bug fixes.
Lots of documentation updates.
2.31 March 20, 1997.
Portability and bug fixes.
Removed active attack protection support due to patent problems.
2.32 January 1, 1998.
Moved user locks to a separate directory.
Indicate support for extended responses in challenges and check for such
indication before generating any extended responses.
Moved user-serviceable configuration options to the configure script.
Lots of portability and bug fixes.
Lots of portability and bug fixes.
2.31 March 20, 1997.
2.3 September 22, 1996
Removed active attack protection support due to patent problems.
Autoconf is now the only supported configuration method.
Removed the supplemental key file; it did more harm than good.
Lots of internal functions got re-written in ways that will make some
Moved user locks to a separate directory.
Moved user-serviceable configuration options to the configure script.
Lots of portability and bug fixes.
2.3 September 22, 1996
Autoconf is now the only supported configuration method.
Lots of internal functions got re-written in ways that will make some
planned future changes easier.
OTP extended responses, such as automatic re-initialization.
OTP extended responses, such as automatic re-initialization.
Support for a supplemental key file that stores information that was
not in the original /etc/skeykeys file. This allows OPIE to store extra data
needed for things like the OTP re-initialization extended response without
breaking interoperability with other S/Key derived programs. This file is
named "/etc/opiekeys.ext" by default. Unlike the standard key file, it MUST
NOT be world readable.
Support for a supplemental key file that stores information that was not
in the original /etc/skeykeys file. This allows OPIE to store extra data needed
for things like the OTP re-initialization extended response without breaking
interoperability with other S/Key derived programs. This file is named
"/etc/opiekeys.ext" by default. Unlike the standard key file, it MUST NOT be
world readable.
OPIE should better support some of the native "features" of drain
bamaged OSs such as AIX, HP-UX, and Solaris.
OPIE should better support some of the native "features" of drain bamaged
OSs such as AIX, HP-UX, and Solaris.
OPIE's utmp/wtmp handling has been completely re-written. This should
solve many of the utmp/wtmp problems people have been having.
OPIE's utmp/wtmp handling has been completely re-written. This should solve
many of the utmp/wtmp problems people have been having.
Lots of cleanups.
Lots of cleanups.
Bug fixes.
Bug fixes.
2.22 May 3, 1996.
2.22 May 3, 1996.
More minor bug fixes. OPIE once again works on Solaris 2.x.
More minor bug fixes. OPIE once again works on Solaris 2.x.
2.21 April 27, 1996.
2.21 April 27, 1996.
Minor bug fixes.
Minor bug fixes.
2.2 April 11, 1996.
2.2 April 11, 1996.
opiesubr.c, opiesubr2.c, and a few other functions moved into
a subdirectory and split into files with fine granularity. Ditto with
missing function replacements. This subdirectory structure changes a lot
of things around and more splitting like this should be expected in the
near future.
opiesubr.c, opiesubr2.c, and a few other functions moved into a
subdirectory and split into files with fine granularity. Ditto with missing
function replacements. This subdirectory structure changes a lot of things
around and more splitting like this should be expected in the near future.
Added opiegenerator() library function that should make it very easy
to create OTP clients using the OPIE library (this function is subject to
change: there are a few problems remaining to be solved). Just about re-write
Added opiegenerator() library function that should make it very easy to
create OTP clients using the OPIE library (this function is subject to change:
there are a few problems remaining to be solved). Just about re-wrote
opiegetpass() to use raw I/O and got most of the OPIE programs actually using
that function. Autoconf build fixes. Lots of bug fixes. Lots of portability
fixes. Function declarations should be ANSI style for ANSI compilers. Several
fixes to bring OPIE in line with the latest OTP spec. MJR DES key crunch
fixes to bring OPIE in line with the latest OTP spec. MJR DES key crunch
de-implemented.
Added sample programs: opiegen (client) and opieserv (server).
Added sample programs: opiegen (client) and opieserv (server).
Probably broke non-autoconf support along the way :(. I've tried to
bring this back in sync, but it may still be broken.
Probably broke non-autoconf support along the way :(. I've tried to bring
this back in sync, but it may still be broken.
2.11 December 27, 1995.
2.11 December 27, 1995.
Minor bug fixes.
Minor bug fixes.
2.10 December 26, 1995.
2.10 December 26, 1995.
Optional autoconf support. opieinfo is now a normal program.
Bugs fixed -- should work much better on SunOS, HP-UX, and AIX.
Optional autoconf support. opieinfo is now a normal program. Bugs fixed --
should work much better on SunOS, HP-UX, and AIX.
2.01 -- 2.04
Bug fix releases.
2.00
Initial release of OPIE 2.0.
System Requirements
===================
@ -177,12 +194,15 @@ OPIE code.
If OPIE Doesn't Work
====================
First and foremost, make sure you have the latest version of OPIE. The
latest version is available by anonymous FTP at:
Under NO circumstances should you send trouble reports directly to the
authors or contributors. They WILL BE IGNORED.
ftp://ftp.nrl.navy.mil/pub/security/opie
and
ftp://ftp.inner.net/pub/opie
Make sure you have the latest version of OPIE. The latest version is
available by HTTP at:
http://www.inner.net/pub/opie
(sorry, but anonymous FTP is no longer available)
If you have installed the OPIE software (either through "make test"
in (7) above or "make install" in (14)), you can run "make uninstall" from the
@ -194,7 +214,8 @@ installation procedure itself did not work properly.
If you are running a release version, try installing the latest public
test version (look around). These frequently have already fixed the problem
you are seeing, but may have new problems of their own (that's why they're
test versions!).
test versions!). Similarly, if you are running a test version, try installing
the latest released version.
OPIE is NOT supported software. We don't promise to support you or
even to acknowledge your mail, but we are interested in bug reports and are
@ -233,7 +254,7 @@ Gotchas
=======
Solaris 2.x is just a lose. It does a lot of nonstandard and downright
broken things. If you want OPIE to be reliable on your box, upgrade to NetBSD
broken things. If you want OPIE to be reliable on your box, upgrade to OpenBSD
or Linux.
While an almost universal "feature", most people remain unaware that
@ -342,6 +363,25 @@ it puts them. The lock file directory must be a directory used only for OPIE
lock files. It must be a directory, owned by the superuser, and must be mode
0700.
opieauto is a potential security hole. It opens a limited window of
exposure by transmitting and storing information that can be used to
generate one or more OTPs earlier than the current sequence number. Every
effort has been made to limit the potential for compromise to the user-
specified window. However, an attacker with superuser priveleges or access to
your account on the client system can still generate OTPs based on the
information cached via opieauto. In practice, there are other ways for such an
an attacker to get your entire secret pass phrase, so this is probably not
creating a significant new security problem. However, because of this
potential for problems and because opieauto uses system features that are not
present on all systems, opieauto support is not compiled in by default and
must be specifically enabled at compile time.
Many users are running OPIE with the key file on a shared NFS volume
in order to use OTP as a single-login system for a cluster of machines. OPIE
was NOT designed to be operated this way, though it does seem to work. If it
fails or if this proves insecure, this is not OPIE's fault. Note that, if you
do this, you probably want to share the OPIE lock files too.
Gripes
======
@ -355,14 +395,12 @@ are complying to some or other "standard." My (cmetz) conclusion is that the
only thing that is standard about utmp and wtmp handling is that it will be
nonstandard on any given system. I've tried a lot of things and I've wasted
*a lot* of time on trying to make utmp and wtmp handling work for everybody;
my conclusion is that it will never happen. I personally am willing to stand
behind the code for utmp/wtmp handling on reasonable Linux and 4.4BSD-Lite
systems. If it breaks, tell me and I will fix it. While I am still interested
in hearing about fixes for other OSs, I'm not likely to go out of my way to fix
utmp/wtmp handling on them. If you want it fixed, the best way to do it is to
fix it yourself and give me a patch. As long as the patch is reasonable, I'll
include it in the next release. If you can't wait, use the --disable-utmp
option.
my conclusion is that it will never happen. While I am still interested in
hearing about fixes for utmp/wtmp on systems where they don't work, I'm not
likely to go out of my way to fix utmp/wtmp handling. If you want it fixed,
the best way to do it is to fix it yourself and contribute a patch. As long as
the patch is reasonable, it will be included in the next release. If you can't
wait, use the --disable-utmp option.
Credits
=======
@ -396,23 +434,29 @@ community effort. These contributors include:
Mowgli Assor
Lawrie Brown
Andrew Davis
Taso N. Devetzis
Carson Gaspar
Dennis Glatting
Ben Golding
Axel Grewe
"Hobbit"
Kojima Hajime
Darren Hosking
Matt Hucke
Matt Hucke
Kenji Kamizono
Charles Karney
Jeff Kletsky
Peter Koch
Martijn Koster
Osamu Kurati
Ayamura Kikuchi
Ronald van der Meer
Bret Musser
Hiroshi Nakano
Ikuo Nakagawa
Angelo Neri
C. R. Oldham
Ossama Othman
D. Jason Penney
John Perkins
Steve Price
@ -429,7 +473,7 @@ City, Virginia.
If you have problems with OPIE, please follow the instructions under
"If OPIE Doesn't Work." Under NO circumstances should you send trouble
reports directly to the authors or contributors.
reports directly to the authors or contributors. They WILL BE IGNORED.
Trademarks
==========
@ -440,12 +484,12 @@ NRL is a trademark of the U. S. Naval Research Laboratory.
All other trademarks are trademarks of their respective owners.
The term "OPIE" is in the public domain and hence cannot be legally
trademarked by anyone.
trademarked by anyone. Please do not abuse it.
Copyrights
==========
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -1,7 +1,7 @@
/* acconfig.h: Extra commentary for Autoheader
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -117,6 +117,15 @@ you didn't get a copy, you may request one from <license@inner.net>.
/* Define if there is a ut_host field in struct utmp */
#undef HAVE_UT_HOST
/* Define if there is a ut_id field in struct utmp */
#undef HAVE_UT_ID
/* Define if there is a ut_syslen field in struct utmp */
#undef HAVE_UT_SYSLEN
/* Define if there is a utx_syslen field in struct utmpx */
#undef HAVE_UTX_SYSLEN
/* Define if the system has getutline() */
#undef HAVE_GETUTLINE
@ -149,3 +158,69 @@ you didn't get a copy, you may request one from <license@inner.net>.
/* Defined if user locking is to be used */
#undef USER_LOCKING
/* Defined if opieauto is to be used */
#undef OPIEAUTO
/* Define if you have the atexit function. */
#undef HAVE_ATEXIT
/* Define if you have the endutent function. */
#undef HAVE_ENDUTENT
/* Define if you have the initgroups function. */
#undef HAVE_INITGROUPS
/* Define if you have the memcmp function. */
#undef HAVE_MEMCMP
/* Define if you have the memcpy function. */
#undef HAVE_MEMCPY
/* Define if you have the memset function. */
#undef HAVE_MEMSET
/* Define if you have the getcwd function. */
#undef HAVE_GETCWD
/* Define if you have the getenv function. */
#undef HAVE_GETENV
/* Define if you have the getutline function. */
#undef HAVE_GETUTLINE
/* Define if you have the pututline function. */
#undef HAVE_PUTUTLINE
/* Define if you have the setenv function. */
#undef HAVE_SETENV
/* Define if you have the setegid function. */
#undef HAVE_SETEGID
/* Define if you have the seteuid function. */
#undef HAVE_SETEUID
/* Define if you have the setutent function. */
#undef HAVE_SETUTENT
/* Define if you have the sigprocmask function. */
#undef HAVE_SIGPROCMASK
/* Define if you have the strchr function. */
#undef HAVE_STRCHR
/* Define if you have the strrchr function. */
#undef HAVE_STRRCHR
/* Define if you have the strtoul function. */
#undef HAVE_STRTOUL
/* Define if you have the sysconf function. */
#undef HAVE_SYSCONF
/* Define if you have the uname function. */
#undef HAVE_UNAME
/* Define if you have the unsetenv function. */
#undef HAVE_UNSETENV

View File

@ -149,6 +149,12 @@
/* Define if there is a ut_host field in struct utmp */
#undef HAVE_UT_HOST
/* Define if there is a ut_id field in struct utmp */
#undef HAVE_UT_ID
/* Define if there is a utx_syslen field in struct utmpx */
#undef HAVE_UTX_SYSLEN
/* Define if the system has getutline() */
#undef HAVE_GETUTLINE
@ -158,6 +164,9 @@
/* Defined if you want to disable utmp support */
#undef DISABLE_UTMP
/* Defined if you want to disable wtmp support */
#undef DISABLE_WTMP
/* Defined if you want to allow users to override the insecure checks */
#undef INSECURE_OVERRIDE
@ -176,6 +185,72 @@
/* Defined if su should not switch to disabled accounts */
#undef SU_STAR_CHECK
/* Defined if opieauto is to be used */
#undef OPIEAUTO
/* Define if you have the atexit function. */
#undef HAVE_ATEXIT
/* Define if you have the endutent function. */
#undef HAVE_ENDUTENT
/* Define if you have the initgroups function. */
#undef HAVE_INITGROUPS
/* Define if you have the memcmp function. */
#undef HAVE_MEMCMP
/* Define if you have the memcpy function. */
#undef HAVE_MEMCPY
/* Define if you have the memset function. */
#undef HAVE_MEMSET
/* Define if you have the getcwd function. */
#undef HAVE_GETCWD
/* Define if you have the getenv function. */
#undef HAVE_GETENV
/* Define if you have the getutline function. */
#undef HAVE_GETUTLINE
/* Define if you have the pututline function. */
#undef HAVE_PUTUTLINE
/* Define if you have the setenv function. */
#undef HAVE_SETENV
/* Define if you have the setegid function. */
#undef HAVE_SETEGID
/* Define if you have the seteuid function. */
#undef HAVE_SETEUID
/* Define if you have the setutent function. */
#undef HAVE_SETUTENT
/* Define if you have the sigprocmask function. */
#undef HAVE_SIGPROCMASK
/* Define if you have the strchr function. */
#undef HAVE_STRCHR
/* Define if you have the strrchr function. */
#undef HAVE_STRRCHR
/* Define if you have the strtoul function. */
#undef HAVE_STRTOUL
/* Define if you have the sysconf function. */
#undef HAVE_SYSCONF
/* Define if you have the uname function. */
#undef HAVE_UNAME
/* Define if you have the unsetenv function. */
#undef HAVE_UNSETENV
/* Define if you have the bcopy function. */
#undef HAVE_BCOPY

945
contrib/opie/configure vendored

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
dnl configure.in: Input for Autoconf
dnl
dnl %%% portions-copyright-cmetz-96
dnl Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
dnl Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
dnl Reserved. The Inner Net License Version 2 applies to these portions of
dnl the software.
dnl You should have received a copy of the license with this software. If
@ -14,6 +14,11 @@ dnl License Agreement applies to this software.
dnl
dnl History:
dnl
dnl Modified by cmetz for OPIE 2.4. Add --enable-opieauto option. Check
dnl for ut_id and ut_syslen. Make disable-wtmp disable wtmp not utmp.
dnl Define HAVE_foo if foo is found by the libmissing function check.
dnl Added checks for libmissing functions that were there but never
dnl actually checked for and therefore available.
dnl Modified by cmetz for OPIE 2.32. Substitute default for LOCK_DIR.
dnl Fix the --disable-user-locking bug. AC_DEFINE variables to 1.
dnl Really check for ut_host.
@ -72,9 +77,11 @@ AC_ARG_ENABLE(su-star-check, [ --enable-su-star-check Refuse to switch to disa
AC_ARG_ENABLE(new-prompts, [ --disable-new-prompts Use more compatible (but less informative) prompts],, AC_DEFINE(NEW_PROMPTS, 1))
AC_ARG_ENABLE(insecure-override, [ --enable-insecure-override
Allow users to override insecure checks], AC_DEFINE(INSECURE_OVERRIDE, 1))
AC_ARG_ENABLE(anonymous-ftp, [ --enable-anonymous-ftp Enable anonymous FTP support], AC_DEFINE(DOANONYMOUS, 1) echo "Enabling anonymous FTP support in ftp -- don't say we didn't warn you!")
AC_ARG_ENABLE(utmp, [ --disable-utmp Disable utmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "Disabling utmp logging")
AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable wtmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "Disabling wtmp logging")
AC_ARG_ENABLE(anonymous-ftp, [ --enable-anonymous-ftp Enable anonymous FTP support], AC_DEFINE(DOANONYMOUS, 1) echo "enabling anonymous FTP support in ftp -- don't say we didn't warn you!")
AC_ARG_ENABLE(utmp, [ --disable-utmp Disable utmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "disabling utmp logging")
AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable wtmp logging], AC_DEFINE(DISABLE_WTMP, 1) echo "disabling wtmp logging")
AC_ARG_ENABLE(opieauto, [ --enable-opieauto Enable support for opieauto], AC_DEFINE(OPIEAUTO, 1) OPIEAUTO=opieauto; echo "enabling opieauto support")
AC_SUBST(OPIEAUTO)
dnl Checks for programs.
AC_PROG_CC
@ -484,6 +491,15 @@ dnl #include <utmp.h>], [struct utmp foo; return (int)foo.ut_user[0];], AC_DEFIN
AC_MSG_CHECKING(for ut_host in struct utmp)
AC_TRY_COMPILE([#include <sys/types.h>
#include <utmp.h>], [struct utmp foo; return (int)foo.ut_host[0];], AC_DEFINE(HAVE_UT_HOST) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
AC_MSG_CHECKING(for ut_id in struct utmp)
AC_TRY_COMPILE([#include <sys/types.h>
#include <utmp.h>], [struct utmp foo; return (int)foo.ut_id[0];], AC_DEFINE(HAVE_UT_ID) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
#AC_MSG_CHECKING(for ut_syslen in struct utmp)
#AC_TRY_COMPILE([#include <sys/types.h>
##include <utmp.h>], [struct utmp foo; return (int)foo.ut_syslen;], AC_DEFINE(HAVE_UT_SYSLEN) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
AC_MSG_CHECKING(for ut_syslen in struct utmpx)
AC_TRY_COMPILE([#include <sys/types.h>
#include <utmpx.h>], [struct utmpx foo; return (int)foo.ut_syslen;], AC_DEFINE(HAVE_UTX_SYSLEN) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
dnl Checks for library functions.
dnl AC_PROG_GCC_TRADITIONAL
@ -495,25 +511,29 @@ AC_FUNC_MEMCMP
AC_FUNC_ALLOCA
AC_REPLACE_FUNCS(getusershell sigaddset sigemptyset strerror strncasecmp)
MISSING="$LIBOBJS $ALLOCA " ;
AC_CHECK_FUNC(atexit,, MISSING="${MISSING}atexit.o "; AC_CHECK_FUNCS(on_exit))
AC_CHECK_FUNC(endutent,, MISSING="${MISSING}endutent.o ")
AC_CHECK_FUNC(memcpy,, MISSING="${MISSING}memcpy.o "; AC_CHECK_FUNCS(bcopy))
AC_CHECK_FUNC(memset,, MISSING="${MISSING}memset.o "; AC_CHECK_FUNCS(bzero))
AC_CHECK_FUNC(getcwd,, MISSING="${MISSING}getcwd.o "; AC_CHECK_FUNCS(getwd))
AC_CHECK_FUNC(getenv, AC_DEFINE(HAVE_GETENV), MISSING="${MISSING}env.o ")
AC_CHECK_FUNC(getutline, AC_DEFINE(HAVE_GETUTLINE), MISSING="${MISSING}getutline.o "; AC_CHECK_FUNCS(ttyslot))
AC_CHECK_FUNC(pututline,, MISSING="${MISSING}pututline.o "; AC_CHECK_FUNCS(ttyslot))
AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), MISSING="${MISSING}env.o ")
AC_CHECK_FUNC(setegid,, MISSING="${MISSING}setegid.o "; AC_CHECK_FUNCS(setregid setresgid))
AC_CHECK_FUNC(seteuid,, MISSING="${MISSING}seteuid.o "; AC_CHECK_FUNCS(setreuid setresuid))
AC_CHECK_FUNC(setutent,, MISSING="${MISSING}setutent.o ")
AC_CHECK_FUNC(sigprocmask,, MISSING="${MISSING}sigprocmask.o "; AC_CHECK_FUNCS(sigblock sigsetmask))
AC_CHECK_FUNC(strchr,, MISSING="${MISSING}strchr.o "; AC_CHECK_FUNCS(index))
AC_CHECK_FUNC(strrchr,, MISSING="${MISSING}strrchr.o "; AC_CHECK_FUNCS(rindex))
AC_CHECK_FUNC(strtoul,, MISSING="${MISSING}strtoul.o ")
AC_CHECK_FUNC(sysconf,, MISSING="${MISSING}sysconf.o "; AC_CHECK_FUNCS(getdtablesize))
AC_CHECK_FUNC(uname,, MISSING="${MISSING}uname.o "; AC_CHECK_FUNCS(gethostname))
AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV), MISSING="${MISSING}env.o ")
dnl These should be simplified by a macro
AC_CHECK_FUNC(atexit, AC_DEFINE(HAVE_ATEXIT), MISSING="${MISSING}atexit.o "; AC_CHECK_FUNCS(on_exit))
AC_CHECK_FUNC(endutent, AC_DEFINE(HAVE_ENDUTENT), MISSING="${MISSING}endutent.o ")
AC_CHECK_FUNC(initgroups, AC_DEFINE(HAVE_INITGROUPS), MISSING="${MISSING}initgroups.o ")
AC_CHECK_FUNC(memcmp, AC_DEFINE(HAVE_MEMCMP), MISSING="${MISSING}memcmp.o ")
AC_CHECK_FUNC(memcpy, AC_DEFINE(HAVE_MEMCPY), MISSING="${MISSING}memcpy.o "; AC_CHECK_FUNCS(bcopy))
AC_CHECK_FUNC(memset, AC_DEFINE(HAVE_MEMSET), MISSING="${MISSING}memset.o "; AC_CHECK_FUNCS(bzero))
AC_CHECK_FUNC(getcwd, AC_DEFINE(HAVE_GETCWD), MISSING="${MISSING}getcwd.o "; AC_CHECK_FUNCS(getwd))
AC_CHECK_FUNC(getenv, AC_DEFINE(HAVE_GETENV), MISSING="${MISSING}env.o ")
AC_CHECK_FUNC(getutline, AC_DEFINE(HAVE_GETUTLINE), MISSING="${MISSING}getutline.o "; AC_CHECK_FUNCS(ttyslot))
AC_CHECK_FUNC(pututline, AC_DEFINE(HAVE_PUTUTLINE), MISSING="${MISSING}pututline.o "; AC_CHECK_FUNCS(ttyslot))
AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), MISSING="${MISSING}env.o ")
AC_CHECK_FUNC(setegid, AC_DEFINE(HAVE_SETEGID), MISSING="${MISSING}setegid.o "; AC_CHECK_FUNCS(setregid setresgid))
AC_CHECK_FUNC(seteuid, AC_DEFINE(HAVE_SETEUID), MISSING="${MISSING}seteuid.o "; AC_CHECK_FUNCS(setreuid setresuid))
AC_CHECK_FUNC(setutent, AC_DEFINE(HAVE_SETUTENT), MISSING="${MISSING}setutent.o ")
AC_CHECK_FUNC(sigprocmask, AC_DEFINE(HAVE_SIGPROCMASK), MISSING="${MISSING}sigprocmask.o "; AC_CHECK_FUNCS(sigblock sigsetmask))
AC_CHECK_FUNC(strchr, AC_DEFINE(HAVE_STRCHR), MISSING="${MISSING}strchr.o "; AC_CHECK_FUNCS(index))
AC_CHECK_FUNC(strrchr, AC_DEFINE(HAVE_STRRCHR), MISSING="${MISSING}strrchr.o "; AC_CHECK_FUNCS(rindex))
AC_CHECK_FUNC(strtoul, AC_DEFINE(HAVE_STRTOUL), MISSING="${MISSING}strtoul.o ")
AC_CHECK_FUNC(sysconf, AC_DEFINE(HAVE_SYSCONF), MISSING="${MISSING}sysconf.o "; AC_CHECK_FUNCS(getdtablesize))
AC_CHECK_FUNC(uname, AC_DEFINE(HAVE_UNAME), MISSING="${MISSING}uname.o "; AC_CHECK_FUNCS(gethostname))
AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV), MISSING="${MISSING}env.o ")
AC_SUBST(MISSING)
AC_MSG_CHECKING(for nonstandard gettimeofday)

View File

@ -1,8 +1,8 @@
/* glob.c: The csh et al glob pattern matching routines.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

View File

@ -2,29 +2,33 @@
# Makefile.in/Makefile: Directions for building libmissing.
#
# %%% copyright-cmetz-96
# This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
# The Inner Net License Version 2 applies to this software.
# This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
# The Inner Net License Version 3 applies to this software.
# You should have received a copy of the license with this software. If
# you didn't get a copy, you may request one from <license@inner.net>.
#
# History:
#
# Modified by cmetz for OPIE 2.4. Add current dir to include header path.
# Use ar 'cr' instead of 'r'. Renamed realclean to distclean.
# Created by cmetz for OPIE 2.3 using old Makefiles as a guide.
OBJS=bogus.o @MISSING@
CC=@CC@
CFLAGS=$(CFL) -I..
CFLAGS=$(CFL) -I.. -I.
TARGET=libmissing.a
all: $(TARGET)
$(TARGET): $(OBJS)
ar r $(TARGET) $(OBJS)
ar cr $(TARGET) $(OBJS)
@RANLIB@ $(TARGET)
clean:
-rm -f $(OBJS) $(TARGET)
realclean: clean
realclean: distclean
distclean: clean
-rm -f *~ core* "\#*\#" *.o *.a Makefile

View File

@ -1,8 +1,8 @@
/* endutent.c: A replacement for the endutent function
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

View File

@ -1,8 +1,8 @@
/* getutline.c: A replacement for the getutline() function
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

View File

@ -1,8 +1,8 @@
/* pututline.c: A replacement for the pututline() function
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

View File

@ -1,8 +1,8 @@
/* setutent.c: A replacement for the setutent function
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

View File

@ -2,30 +2,34 @@
# Makefile.in/Makefile: Directions for building libopie.
#
# %%% copyright-cmetz-96
# This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
# The Inner Net License Version 2 applies to this software.
# This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
# The Inner Net License Version 3 applies to this software.
# You should have received a copy of the license with this software. If
# you didn't get a copy, you may request one from <license@inner.net>.
#
# History:
#
# Modified by cmetz for OPIE 2.4. Add libmissing to include header path.
# Use ar 'cr' instead of 'r'. Renamed realclean to distclean.
# Modified by cmetz for OPIE 2.31. Added logwtmp.o
# Created by cmetz for OPIE 2.3 using old Makefiles as a guide.
OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o logwtmp.o # sha.o
CC=@CC@
CFLAGS=$(CFL) -I..
CFLAGS=$(CFL) -I.. -I../libmissing
TARGET=libopie.a
all: $(TARGET)
$(TARGET): $(OBJS)
ar r $(TARGET) $(OBJS)
ar cr $(TARGET) $(OBJS)
@RANLIB@ $(TARGET)
clean:
-rm -f $(OBJS) $(TARGET)
realclean: clean
realclean: distclean
distclean: clean
-rm -f *~ core* "\#*\#" *.o *.a Makefile

View File

@ -2,7 +2,7 @@
overrides.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -1,7 +1,7 @@
/* atob8.c: The opieatob8() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
Modified by cmetz for OPIE 2.3. Return the output variable.
Don't check parameters.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
@ -27,10 +28,11 @@ License Agreement applies to this software.
/* Convert 8-byte hex-ascii string to binary array
*/
char *opieatob8 FUNCTION((out, in), char *out AND char *in)
char *opieatob8 FUNCTION((out, in), struct opie_otpkey *outkey AND char *in)
{
register int i;
register int val;
unsigned char *out = (unsigned char *)outkey;
for (i = 0; i < 8; i++) {
while (*in == ' ' || *in == '\t')

View File

@ -1,13 +1,14 @@
/* btoa8.c: The opiebtoa8() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
Created by cmetz for OPIE 2.3 (quick re-write).
*/
@ -17,9 +18,10 @@ you didn't get a copy, you may request one from <license@inner.net>.
static char hextochar[16] =
{'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
char *opiebtoa8 FUNCTION((out, in), char *out AND char *in)
char *opiebtoa8 FUNCTION((out, in), char *out AND struct opie_otpkey *inkey)
{
int i;
unsigned char *in = (unsigned char *)inkey;
char *c = out;
for (i = 0; i < 8; i++) {

View File

@ -3,7 +3,7 @@
64 bit OTP.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -16,6 +16,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
Remove unnecessary address futzing with Wp in opiebtoe.
Changed unsigned long to UINT4 for Alpha.
@ -2088,13 +2089,13 @@ static char Wp[2048][4] =
};
/* Encode 8 bytes in 'c' as a string of English words. */
char *opiebtoe FUNCTION((engout, c), char *engout AND char *c)
char *opiebtoe FUNCTION((engout, c), char *engout AND struct opie_otpkey *c)
{
char cp[9]; /* add in room for the parity 2 bits */
char cp[sizeof(struct opie_otpkey) + 1]; /* add in room for the parity 2 bits */
int p, i;
engout[0] = '\0';
memcpy(cp, c, 8);
memcpy(cp, c, sizeof(struct opie_otpkey));
/* compute parity */
for (p = 0, i = 0; i < 64; i += 2)
p += extract(cp, i, 2);
@ -2120,7 +2121,7 @@ char *opiebtoe FUNCTION((engout, c), char *engout AND char *c)
* -1 badly formed in put ie > 4 char word
* -2 words OK but parity is wrong
*/
int opieetob FUNCTION((out, e), char *out AND char *e)
int opieetob FUNCTION((out, e), struct opie_otpkey *out AND char *e)
{
char *word, *c, *input, b[9];
int i, p, v, l, low, high, rval = -1;
@ -2137,7 +2138,7 @@ int opieetob FUNCTION((out, e), char *out AND char *e)
strncpy(input, e, i);
input[i] = 0;
memset(b, 0, sizeof(b));
memset(out, 0, 8);
memset(out, 0, sizeof(struct opie_otpkey));
for (i = 0, p = 0, word = c = input; i < 6; i++, p += 11) {
while (*c && !isalpha(*c)) c++;
@ -2187,7 +2188,7 @@ int opieetob FUNCTION((out, e), char *out AND char *e)
goto opiebtoeret;
}
memcpy(out, b, 8);
memcpy(out, b, sizeof(struct opie_otpkey));
rval = 1;

View File

@ -1,8 +1,8 @@
/* btoh.c: The opiebtoh() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
@ -17,10 +17,11 @@ you didn't get a copy, you may request one from <license@inner.net>.
static char hextochar[16] =
{'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
char *opiebtoh FUNCTION((out, in), char *out AND char *in)
char *opiebtoh FUNCTION((out, in), char *out AND struct opie_otpkey *inkey)
{
int i;
char *c = out;
unsigned char *in = (unsigned char *)inkey;
for (i = 0; i < 4; i++) {
*(c++) = hextochar[((*in) >> 4) & 0x0f];

View File

@ -1,7 +1,7 @@
/* getsequence.c: The opiegetsequence() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -1,8 +1,8 @@
/* getutmpentry.c: The __opiegetutmpentry() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

View File

@ -1,13 +1,14 @@
/* keycrunch.c: The opiekeycrunch() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for arg.
Created by cmetz for OPIE 2.3 using the old keycrunch.c as a guide.
*/
@ -23,7 +24,8 @@ you didn't get a copy, you may request one from <license@inner.net>.
#include "opie.h"
int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND char *result AND char *seed AND char *secret)
int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND
struct opie_otpkey *result AND char *seed AND char *secret)
{
int i, rval = -1;
char *c;

View File

@ -1,13 +1,15 @@
/* login.c: The opielogin() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Add support for ut_id and
ut_syslen. Don't zero-terminate ut_name and ut_host.
Modified by cmetz for OPIE 2.31. If the OS won't tell us where
_PATH_WTMP[X] is, try playing the SVID game, then use
Autoconf-discovered values. Fixed gettimeofday() call
@ -38,12 +40,15 @@ you didn't get a copy, you may request one from <license@inner.net>.
#endif /* DEBUG */
#include "opie.h"
#define IDLEN 4
int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *host)
{
struct utmp u;
int rval = 0;
#if !DISABLE_UTMP
struct utmp u;
char id[IDLEN + 1] = "";
if (__opiegetutmpentry(line, &u)) {
#if DEBUG
syslog(LOG_DEBUG, "opielogin: __opiegetutmpentry(line=%s, &u) failed", line);
@ -58,6 +63,11 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h
#endif /* DEBUG */
}
#if DOUTMPX || HAVE_UT_ID
strncpy(id, u.ut_id, sizeof(u.ut_id));
id[sizeof(id)-1] = 0;
#endif /* DOUTMPX || HAVE_UT_ID */
#if HAVE_UT_TYPE && defined(USER_PROCESS)
u.ut_type = USER_PROCESS;
#endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */
@ -67,15 +77,16 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h
#if HAVE_UT_NAME
strncpy(u.ut_name, name, sizeof(u.ut_name));
u.ut_name[sizeof(u.ut_name)-1] = 0;
#else /* HAVE_UT_NAME */
#error No ut_name field in struct utmp? (Please send in a bug report)
#endif /* HAVE_UT_NAME */
#if HAVE_UT_HOST
strncpy(u.ut_host, host, sizeof(u.ut_host));
u.ut_host[sizeof(u.ut_host)-1] = 0;
#endif /* HAVE_UT_HOST */
#if DOUTMPX && HAVE_UTX_SYSLEN
u.ut_syslen = strlen(host) + 1;
#endif /* DOUTMPX && HAVE_UT_SYSLEN */
#if DOUTMPX
#ifdef HAVE_ONE_ARG_GETTIMEOFDAY
@ -96,7 +107,7 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h
#endif /* !DISABLE_UTMP */
dowtmp:
opielogwtmp(line, name, host);
opielogwtmp(line, name, host, id);
opielogwtmp(NULL, NULL, NULL);
dosetlogin:

View File

@ -1,7 +1,7 @@
/* logwtmp.c: Put an entry in the wtmp file.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Set process to dead if name is null.
Added support for ut_id and ut_syslen.
Modified by cmetz for OPIE 2.32. Don't leave line=NULL, skip
past /dev/ in line. Fill in ut_host on systems with UTMPX and
ut_host.
@ -110,7 +112,7 @@ static int fdx = -1;
* after first call, for use with ftp (which may chroot
* after login, but before logout).
*/
VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host)
VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host AND char *id)
{
#if !DISABLE_WTMP
struct utmp ut;
@ -136,8 +138,15 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c
return;
if (fstat(fd, &buf) == 0) {
#if HAVE_UT_TYPE && defined(USER_PROCESS)
ut.ut_type = USER_PROCESS;
if (name && *name)
ut.ut_type = USER_PROCESS;
else
ut.ut_type = DEAD_PROCESS;
#endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */
#if HAVE_UT_ID
if (id)
strncpy(ut.ut_id, id, sizeof(ut.ut_id));
#endif /* HAVE_UT_ID */
#if HAVE_UT_PID
ut.ut_pid = getpid();
#endif /* HAVE_UT_PID */
@ -161,6 +170,18 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c
strncpy(utx.ut_line, line, sizeof(utx.ut_line));
strncpy(utx.ut_name, name, sizeof(utx.ut_name));
strncpy(utx.ut_host, host, sizeof(utx.ut_host));
#ifdef USER_PROCESS
if (name && *name)
utx.ut_type = USER_PROCESS;
else
utx.ut_type = DEAD_PROCESS;
#endif /* USER_PROCESS */
if (id)
strncpy(utx.ut_id, id, sizeof(utx.ut_id));
utx.ut_pid = getpid();
#if HAVE_UTX_SYSLEN
utx.ut_syslen = strlen(utx.ut_host) + 1;
#endif /* HAVE_UTX_SYSLEN */
#if HAVE_GETTIMEOFDAY
#if HAVE_ONE_ARG_GETTIMEOFDAY
gettimeofday(&utx.ut_tv);

View File

@ -1,8 +1,8 @@
/* lookup.c: The opielookup() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

View File

@ -1,7 +1,7 @@
/* md4c.c: "RSA Data Security, Inc. MD4 Message-Digest Algorithm"
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -2,7 +2,7 @@
"derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm"
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -1,13 +1,15 @@
/* open.c: The __opieopen() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. More portable way to get the mode
string for fopen.
Created by cmetz for OPIE 2.3.
*/
#include "opie_cfg.h"
@ -51,9 +53,23 @@ FILE *__opieopen FUNCTION((file, rw, mode), char *file AND int rw AND int mode)
return NULL;
{
char *fmodes[] = { "r", "r+", "a" };
char *fmode;
if (!(f = fopen(file, fmodes[rw])))
switch(rw) {
case 0:
fmode = "r";
break;
case 1:
fmode = "r+";
break;
case 2:
fmode = "a";
break;
default:
return NULL;
};
if (!(f = fopen(file, fmode)))
return NULL;
}

View File

@ -1,13 +1,15 @@
/* parsechallenge.c: The __opieparsechallenge() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Use OPIE_SEQUENCE_MAX, check for
sequence number of zero.
Modified by cmetz for OPIE 2.32. Check for extended response sets.
Change prefix to double underscore.
Created by cmetz for OPIE 2.3 using generator.c as a guide.
@ -48,7 +50,7 @@ int __opieparsechallenge FUNCTION((buffer, algorithm, sequence, seed, exts), cha
*algorithm = a->num;
}
if ((*sequence = strtoul(++c, &c, 10)) > 9999)
if (((*sequence = strtoul(++c, &c, 10)) > OPIE_SEQUENCE_MAX) || !*sequence)
return -1;
while(*c && isspace(*c)) c++;

View File

@ -1,7 +1,7 @@
/* passcheck.c: The opiepasscheck() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -1,8 +1,8 @@
/* passwd.c: The opiepasswd() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
@ -46,19 +46,19 @@ int opiepasswd FUNCTION((old, flags, principal, n, seed, ks), struct opie *old A
opie.opie_seed = seed;
if (ks) {
char key[8];
struct opie_otpkey key;
if (flags & OPIEPASSWD_CONSOLE) {
if (opiekeycrunch(MDX, key, seed, ks))
if (opiekeycrunch(MDX, &key, seed, ks))
return -1;
for (i = n; i; i--)
opiehash(key, MDX);
if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key)))
opiehash(&key, MDX);
if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key)))
return -1;
} else {
if ((opieetob(key, ks) != 1) && !opieatob8(key, ks))
if ((opieetob(&key, ks) != 1) && !opieatob8(&key, ks))
return 1;
if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key)))
if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key)))
return 1;
}
}

View File

@ -1,7 +1,7 @@
/* randomchallenge.c: The opierandomchallenge() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Use snprintf().
Modified by cmetz for OPIE 2.32. Initialize algids[] with 0s
instead of NULL.
Modified by cmetz for OPIE 2.3. Add sha support.
@ -35,11 +36,12 @@ static char *algids[] = { 0, 0, 0, "sha1", "md4", "md5" };
most situations; it is certainly better than a fixed string */
VOIDRET opierandomchallenge FUNCTION((prompt), char *prompt)
{
char buf[OPIE_SEED_MAX + 1];
char buf[OPIE_SEED_MAX+1];
buf[0] = 0;
if (opienewseed(buf))
strcpy(buf, "ke4452");
sprintf(prompt, "otp-%s %d %s ext", algids[MDX], (rand() % 499) + 1, buf);
snprintf(prompt, OPIE_CHALLENGE_MAX+1, "otp-%s %d %s ext", algids[MDX],
(rand() % 499) + 1, buf);
}

View File

@ -1,7 +1,7 @@
/* readpass.c: The opiereadpass() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -1,13 +1,15 @@
/* readrec.c: The __opiereadrec() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and
response values are valid.
Modified by cmetz for OPIE 2.31. Removed active attack protection
support. Fixed a debug message typo. Keep going after bogus
records. Set read flag.
@ -57,7 +59,7 @@ static int parserec FUNCTION((opie), struct opie *opie)
opie->opie_n = strtoul(c, &c3, 10);
if (*c3)
if (*c3 || (opie->opie_n <= 0) || (opie->opie_n > 9999))
return -1;
};
@ -66,6 +68,10 @@ static int parserec FUNCTION((opie), struct opie *opie)
*(c2++) = 0;
for (c = opie->opie_seed; *c; c++)
if (!isalnum(*c))
return -1;
while(*c2 == ' ') c2++;
if (!(c2 = strchr(opie->opie_val = c2, ' ')))
@ -73,6 +79,13 @@ static int parserec FUNCTION((opie), struct opie *opie)
*(c2++) = 0;
{
struct opie_otpkey otpkey;
if (!opieatob8(&otpkey, opie->opie_val))
return -1;
}
return 0;
}

View File

@ -1,7 +1,7 @@
/* unlock.c: The opieunlock() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -1,13 +1,15 @@
/* verify.c: The opieverify() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for keys.
Check that seed and sequence number are valid.
Modified by cmetz for OPIE 2.32. Renamed _opieparsechallenge() to
__opieparsechallenge() and handle new argument. Fixed init
response parsing bug.
@ -67,7 +69,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
{
int i, rval = -1;
char *c;
char key[8], fkey[8], lastkey[8];
struct opie_otpkey key, fkey, lastkey;
struct opie nopie;
if (!opie || !response)
@ -80,7 +82,14 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
goto verret;
#endif /* DEBUG */
if (!opieatob8(lastkey, opie->opie_val))
if (!opieatob8(&lastkey, opie->opie_val))
goto verret;
for (c = opie->opie_seed; *c; c++)
if (!isalnum(*c))
goto verret;
if (opie->opie_n <= 0)
goto verret;
if (c = strchr(response, ':')) {
@ -97,33 +106,33 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
case RESPONSE_STANDARD:
i = 1;
if (opieetob(key, response) == 1) {
memcpy(fkey, key, sizeof(key));
opiehash(fkey, MDX);
i = memcmp(fkey, lastkey, sizeof(key));
if (opieetob(&key, response) == 1) {
memcpy(&fkey, &key, sizeof(struct opie_otpkey));
opiehash(&fkey, MDX);
i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
}
if (i && opieatob8(key, response)) {
memcpy(fkey, key, sizeof(key));
opiehash(fkey, MDX);
i = memcmp(fkey, lastkey, sizeof(key));
if (i && opieatob8(&key, response)) {
memcpy(&fkey, &key, sizeof(struct opie_otpkey));
opiehash(&fkey, MDX);
i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
}
break;
case RESPONSE_WORD:
i = 1;
if (opieetob(key, c) == 1) {
memcpy(fkey, key, sizeof(key));
opiehash(fkey, MDX);
i = memcmp(fkey, lastkey, sizeof(key));
if (opieetob(&key, c) == 1) {
memcpy(&fkey, &key, sizeof(struct opie_otpkey));
opiehash(&fkey, MDX);
i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
}
break;
case RESPONSE_HEX:
i = 1;
if (opieatob8(key, c)) {
memcpy(fkey, key, sizeof(key));
opiehash(fkey, MDX);
i = memcmp(fkey, lastkey, sizeof(key));
if (opieatob8(&key, c)) {
memcpy(&fkey, &key, sizeof(struct opie_otpkey));
opiehash(&fkey, MDX);
i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
}
break;
case RESPONSE_INIT_HEX:
@ -137,17 +146,17 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
*(c2++) = 0;
if (i == RESPONSE_INIT_HEX) {
if (!opieatob8(key, c))
if (!opieatob8(&key, c))
goto verret;
} else {
if (opieetob(key, c) != 1)
if (opieetob(&key, c) != 1)
goto verret;
}
memcpy(fkey, key, sizeof(key));
opiehash(fkey, MDX);
memcpy(&fkey, &key, sizeof(struct opie_otpkey));
opiehash(&fkey, MDX);
if (memcmp(fkey, lastkey, sizeof(key)))
if (memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)))
goto verret;
if (changed(opie))
@ -155,7 +164,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
opie->opie_n--;
if (!opiebtoa8(opie->opie_val, key))
if (!opiebtoa8(opie->opie_val, &key))
goto verret;
if (__opiewriterec(opie))
@ -174,10 +183,10 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
}
if (i == RESPONSE_INIT_HEX) {
if (!opieatob8(key, c2))
if (!opieatob8(&key, c2))
goto verret;
} else {
if (opieetob(key, c2) != 1)
if (opieetob(&key, c2) != 1)
goto verret;
}
}
@ -201,7 +210,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
opie->opie_n--;
verwrt:
if (!opiebtoa8(opie->opie_val, key))
if (!opiebtoa8(opie->opie_val, &key))
goto verret;
rval = __opiewriterec(opie);

View File

@ -1,7 +1,7 @@
/* version.c: The opieversion() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -1,13 +1,15 @@
/* writerec.c: The __opiewriterec() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Check that seed and sequence number are
valid.
Modified by cmetz for OPIE 2.31. Removed active attack protection
support. Fixed passwd bug.
Created by cmetz for OPIE 2.3 from passwd.c.
@ -30,6 +32,7 @@ you didn't get a copy, you may request one from <license@inner.net>.
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif /* HAVE_STDLIB_H */
#include <ctype.h>
#include "opie.h"
char *__opienone = "****************";
@ -40,6 +43,7 @@ int __opiewriterec FUNCTION((opie), struct opie *opie)
time_t now;
FILE *f, *f2 = NULL;
int i = 0;
char *c;
time(&now);
if (strftime(buf2, sizeof(buf2), " %b %d,%Y %T", localtime(&now)) < 1)
@ -51,7 +55,14 @@ int __opiewriterec FUNCTION((opie), struct opie *opie)
opie->opie_flags = opie2.opie_flags;
opie->opie_recstart = opie2.opie_recstart;
}
for (c = opie->opie_seed; *c; c++)
if (!isalnum(*c))
return -1;
if ((opie->opie_n < 0) || (opie->opie_n > 9999))
return -1;
switch(i) {
case 0:
if (!(f = __opieopen(KEY_FILE, 1, 0644)))

386
contrib/opie/opieauto.c Normal file
View File

@ -0,0 +1,386 @@
/* opieauto.c: The opieauto program.
%%% copyright-cmetz-96
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Created by cmetz for OPIE 2.4 based on previously released
test code. Use opiestrncpy().
*/
#include "opie_cfg.h"
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#if HAVE_SYS_TIME_H
#include <sys/time.h>
#endif /* HAVE_SYS_TIME_H */
#include <stdio.h>
#include <errno.h>
#if HAVE_STRING_H
#include <string.h>
#endif /* HAVE_STRING_H */
#include <getopt.h>
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif /* HAVE_STDLIB_H */
#if HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <sys/stat.h>
#include "opie.h"
#ifndef max
#define max(x, y) (((x) > (y)) ? (x) : (y))
#endif /* max */
int window = 10;
char *myname = NULL;
uid_t myuid = 0;
#define MAXCLIENTS 2
int parents, s[MAXCLIENTS + 1];
char cmd[1+1+1+1+4+1+OPIE_SEED_MAX+1+4+1+4+1+4+1+4+1];
struct cachedotp {
struct cachedotp *next;
int algorithm, base, current;
struct opie_otpkey basekey;
char seed[OPIE_SEED_MAX+1];
};
struct cachedotp *head = NULL;
char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
void baile(x) {
fprintf(stderr, "%s: %s: %s(%d)\n", myname, x, strerror(errno), errno);
exit(1);
}
void bail(x) {
fprintf(stderr, "%s: %s\n", myname, x);
exit(1);
}
void zerocache(void)
{
struct cachedotp *c = head, *c2;
while(c) {
c2 = c->next;
memset(c, 0, sizeof(struct cachedotp));
c = c2;
};
};
int doreq(int fd)
{
int algorithm, sequence, i;
char *seed = NULL, *response = NULL;
if (((cmd[0] != 'S') && (cmd[0] != 's')) || (cmd[1] != '=') || (cmd[2] != ' ')) {
#if DEBUG
fprintf(stderr, "%s: got bogus command: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
{
char *c;
if (((algorithm = strtoul(&cmd[3], &c, 10)) < 3) || (algorithm > 5) || (*c != ' ')) {
#if DEBUG
fprintf(stderr, "%s: got bogus algorithm: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
if (((sequence = strtoul(c + 1, &c, 10)) <= OPIE_SEQUENCE_RESTRICT) || (sequence > OPIE_SEQUENCE_MAX)) {
#if DEBUG
fprintf(stderr, "%s: got bogus sequence: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
if (cmd[0] == 'S') {
if (!(c = strchr(seed = c + 1, ' '))) {
#if DEBUG
fprintf(stderr, "%s: got bogus seed: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
*c = 0;
if (!(c = strchr(response = c + 1, '\n'))) {
#if DEBUG
fprintf(stderr, "%s: got bogus response: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
*c = 0;
} else {
if (!(c = strchr(seed = c + 1, '\n'))) {
#if DEBUG
fprintf(stderr, "%s: got bogus seed: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
*c = 0;
};
};
#if DEBUG
fprintf(stderr, "got cmd=%c, algorithm=%d sequence=%d seed=+%s+ response=+%s+ on fd %d\n", cmd[0], algorithm, sequence, seed, response, fd);
#endif /* DEBUG */
seed = strdup(seed);
if (sequence < 10) {
#if DEBUG
fprintf(stderr, "sequence < 10; can't do it\n");
#endif /* DEBUG */
sprintf(cmd, "%c- %d %d %s\n", cmd[0], algorithm, sequence, seed);
};
{
struct cachedotp **c;
for (c = &head; *c && (strcmp((*c)->seed, seed) || ((*c)->algorithm != algorithm)); c = &((*c)->next));
if (!(*c)) {
if (cmd[0] == 's') {
#if DEBUG
fprintf(stderr, "(seed, algorithm) not found for s command\n");
#endif /* DEBUG */
sprintf(cmd, "s- %d %d %s\n", algorithm, sequence, seed);
goto out;
}
if (!(*c = malloc(sizeof(struct cachedotp))))
baile("malloc");
memset(*c, 0, sizeof(struct cachedotp));
(*c)->algorithm = algorithm;
opiestrncpy((*c)->seed, seed, OPIE_SEED_MAX);
};
if (cmd[0] == 'S') {
(*c)->base = max(sequence - window + 1, OPIE_SEQUENCE_RESTRICT);
(*c)->current = sequence;
if (!opieatob8(&(*c)->basekey, response))
goto error;
sprintf(cmd, "S+ %d %d %s\n", algorithm, sequence, (*c)->seed);
} else {
if (sequence != ((*c)->current - 1)) {
#if DEBUG
fprintf(stderr, "out of sequence: sequence=%d, base=%d, current=%d\n", sequence, (*c)->base, (*c)->current);
#endif /* DEBUG */
sprintf(cmd, "s- %d %d %s\n", algorithm, sequence, (*c)->seed);
goto out;
};
if (sequence < (*c)->base) {
#if DEBUG
fprintf(stderr, "attempt to generate below base: sequence=%d, base=%d, current=%d\n", sequence, (*c)->base, (*c)->current);
#endif /* DEBUG */
sprintf(cmd, "s- %d %d %s\n", algorithm, sequence, (*c)->seed);
goto out;
};
(*c)->current = sequence;
i = sequence - (*c)->base;
{
struct opie_otpkey key;
char buffer[16+1];
key = (*c)->basekey;
while(i--)
opiehash(&key, algorithm);
opiebtoa8(buffer, &key);
sprintf(cmd, "s+ %d %d %s %s\n", algorithm, sequence, (*c)->seed, buffer);
};
};
printf("%c otp-%s %d %s (%d/%d)\n", cmd[0], algids[algorithm], sequence, (*c)->seed, sequence - (*c)->base, window);
fflush(stdout);
if (sequence == (*c)->base) {
struct cachedotp *c2 = *c;
*c = (*c)->next;
memset(c2, 0, sizeof(struct cachedotp));
free(c2);
};
};
out:
write(fd, cmd, i = strlen(cmd));
free(seed);
return 0;
error:
fprintf(stderr, "Invalid command on fd %d\n", fd);
if (seed)
free(seed);
return -1;
}
static void usage()
{
fprintf(stderr, "usage: %s [-v] [-h] [-q] [-n <number of OTPs>]\n", myname);
exit(1);
}
int main(int argc, char **argv)
{
int i;
struct stat st;
char *sockpath;
if (myname = strrchr(argv[0], '/'))
myname++;
else
myname = argv[0];
while((i = getopt(argc, argv, "w:hv")) != EOF) {
switch(i) {
case 'v':
opieversion();
case 'w':
if (!(window = atoi(optarg))) {
fprintf(stderr, "%s: invalid number of OTPs: %s\n", myname, optarg);
exit(1);
};
break;
default:
usage();
}
};
{
uid_t myeuid;
if (!(myuid = getuid()) || !(myeuid = geteuid()) || (myuid != myeuid))
bail("this program must not be run with superuser priveleges or setuid.");
};
if (atexit(zerocache) < 0)
baile("atexit");
{
struct sockaddr_un sun;
memset(&sun, 0, sizeof(struct sockaddr_un));
sun.sun_family = AF_UNIX;
{
char *c;
char *c2 = "/.opieauto";
if (!(c = getenv("HOME")))
bail("getenv(HOME) failed -- no HOME variable?");
if (strlen(c) > (sizeof(sun.sun_path) - strlen(c2) - 1))
bail("your HOME is too long");
strcpy(sun.sun_path, c);
strcat(sun.sun_path, c2);
sockpath = strdup(sun.sun_path);
};
if ((parents = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
baile("socket");
if (unlink(sockpath) && (errno != ENOENT))
baile("unlink");
if (umask(0177) < 0)
baile("umask");
if (bind(parents, (struct sockaddr *)&sun, sizeof(struct sockaddr_un)))
baile("bind");
if (stat(sockpath, &st) < 0)
baile("stat");
if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600))
bail("socket permissions and/or ownership were not correctly created.");
if (listen(parents, 1) < 0)
baile("listen");
};
{
fd_set fds, rfds, efds;
int maxfd = parents;
int i, j;
FD_ZERO(&fds);
FD_SET(parents, &fds);
while(1) {
memcpy(&rfds, &fds, sizeof(fd_set));
if (select(maxfd + 1, &rfds, NULL, NULL, NULL) < 0)
baile("select");
for (i = 0; s[i]; i++) {
if (!FD_ISSET(s[i], &rfds))
continue;
if (((j = read(s[i], cmd, sizeof(cmd)-1)) <= 0) || ((cmd[j] = 0) || doreq(s[i]))) {
close(s[i]);
FD_CLR(s[i], &fds);
if (s[i] == maxfd)
maxfd--;
for (j = i; s[j]; s[j] = s[j + 1], j++);
FD_SET(parents, &fds);
i--;
continue;
};
};
if (FD_ISSET(parents, &rfds)) {
for (i = 0; s[i]; i++)
if (i > MAXCLIENTS)
bail("this message never printed");
if (stat(sockpath, &st) < 0)
baile("stat");
if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600))
bail("socket permissions and/or ownership has been messed with.");
if ((s[i] = accept(parents, NULL, 0)) < 0)
baile("accept");
FD_SET(s[i], &fds);
if (s[i] > maxfd)
maxfd = s[i];
sprintf(cmd, "C+ %d\n", window);
if (write(s[i], cmd, j = strlen(cmd)) != j)
baile("write");
if (++i == MAXCLIENTS)
FD_CLR(parents, &fds);
}
}
}
}

View File

@ -1,5 +1,13 @@
.\" opieftpd.8: Manual page describing the FTP daemon.
.\"
.\" %%% portions-copyright-cmetz-98
.\" Portions of this software are Copyright 1998-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If
.\" you didn't get a copy, you may request one from <license@inner.net>.
.\"
.\"
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
@ -7,6 +15,7 @@
.\"
.\" History:
.\"
.\" Modified by cmetz for OPIE 2.4. Document -u option.
.\" Modified at NRL for OPIE 2.0.
.\" Originally from BSD.
.\"
@ -59,6 +68,8 @@ opieftpd \- File Transfer Protocol server that uses OPIE authentication
.I timeout
] [\-T
.I maxtimeout
] [\-u
.I umask
]
.SH DESCRIPTION
@ -90,6 +101,9 @@ the maximum period allowed may be set to
seconds with the
.B \-T
option. The default limit is 2 hours.
.B \-u
Set the default umask value to
.I umask.
.SH COMMANDS
The ftp server currently supports the following ftp
requests; case is not distinguished:

View File

@ -1,7 +1,7 @@
.\" opiegen.1: Manual page for the opiegen(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@
.\"
.\" History:
.\"
.\" Modified by cmetz for OPIE 2.4. Fixed *roff bug.
.\" Created by cmetz for OPIE 2.2 from opiekey.1.
.\"
.ll 6i
@ -56,7 +57,8 @@ wintermute$
.BR opiegen(1)
can lull a user into revealing his/her password when remotely logged in, thus
defeating the purpose of OPIE. This is especially a problem with xterm.
.BR opiegen(1) implements simple checks to reduce the risk of a user making
.BR opiegen(1)
implements simple checks to reduce the risk of a user making
this mistake. Better checks are needed.
.LP

View File

@ -2,7 +2,7 @@
library routine.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

View File

@ -1,7 +1,7 @@
.\" opielogin.1: Manual page for the opielogin(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

View File

@ -1,7 +1,7 @@
/* opielogin.c: The infamous /bin/login
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,13 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Omit "/dev/" in lastlog entry.
Don't chdir for invalid users. Fixed bug where getloginname()
didn't actually change spaces to underscores. Use struct
opie_key for key blocks. Do the home directory chdir() after
doing the setuid() in case we're on superuser-mapped NFS.
Initialize some variables explicitly. Call opieverify() if
login times out. Use opiestrncpy().
Modified by cmetz for OPIE 2.32. Partially handle environment
variables on the command line (a better implementation is
coming soon). Handle failure to issue a challenge more
@ -157,13 +164,13 @@ License Agreement applies to this software.
static int rflag = 0;
static int usererr = -1;
static int stopmotd;
static int stopmotd = 0;
static char rusername[NMAX + 1];
static char name[NMAX + 1] = "";
static char minusnam[16] = "-";
static char *envinit[1]; /* now set by setenv calls */
static char term[64] = "\0"; /* important to initialise to a NULL string */
static char host[HMAX + 1] = "\0";
static char term[64] = ""; /* important to initialise to a NULL string */
static char host[HMAX + 1] = "";
static struct passwd nouser;
static struct passwd thisuser;
@ -208,6 +215,9 @@ static void getstr __P((char *, int, char *));
#undef TRUE
#define TRUE -1
static int need_opieverify = 0;
static struct opie opie;
#ifdef TIOCSWINSZ
/* Windowing variable relating to JWINSIZE/TIOCSWINSZ/TIOCGWINSZ. This is
available on BSDish systems and at least Solaris 2.x, but portability to
@ -276,8 +286,7 @@ static int lookupuser FUNCTION_NOARGS
static VOIDRET getloginname FUNCTION_NOARGS
{
register char *namep;
char c, d;
char *namep, d;
int flags;
static int first = 1;
@ -291,7 +300,7 @@ static VOIDRET getloginname FUNCTION_NOARGS
flags = 4;
first--;
} else
printf("%s", ttyprompt);
printf(ttyprompt);
} else
printf("login: ");
fflush(stdout);
@ -302,8 +311,8 @@ static VOIDRET getloginname FUNCTION_NOARGS
exit(0);
}
for (namep = name; *namep; namep++) {
if (c == ' ')
c = '_';
if (*namep == ' ')
*namep = '_';
}
}
}
@ -313,6 +322,10 @@ static VOIDRET timedout FUNCTION((i), int i)
/* input variable declared just to keep the compiler quiet */
printf("Login timed out after %d seconds\n", timeout);
syslog(LOG_CRIT, "Login timed out after %d seconds!", timeout);
if (need_opieverify)
opieverify(&opie, NULL);
exit(0);
}
@ -632,7 +645,6 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
{
extern char **environ;
register char *namep;
struct opie opie;
int invalid, quietlog;
FILE *nlfd;
@ -643,7 +655,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
char *p;
char opieprompt[OPIE_CHALLENGE_MAX + 1];
int af_pwok;
int authsok;
int authsok = 0;
char *pp;
char buf[256];
int uid;
@ -651,7 +663,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
#ifndef DEBUG
if (geteuid()) {
fprintf(stderr, "This program requires super-user priveleges.\n");
fprintf(stderr, "This program requires super-user privileges.\n");
exit(1);
}
#endif /* DEBUG */
@ -669,7 +681,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
#ifdef DEBUG
syslog(LOG_DEBUG, "environment TERM=%s", p);
#endif /* DEBUG */
strncpy(term, p, sizeof(term));
opiestrncpy(term, p, sizeof(term));
};
memset(&nouser, 0, sizeof(nouser));
@ -696,13 +708,9 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
#endif
#ifdef DEBUG
{
int foo;
syslog(LOG_DEBUG, "my args are: (argc=%d)", foo = argc);
while (--foo)
syslog(LOG_DEBUG, "%d: %s", foo, argv[foo]);
}
syslog(LOG_DEBUG, "my args are: (argc=%d)", i = argc);
while (--i)
syslog(LOG_DEBUG, "%d: %s", i, argv[i]);
#endif /* DEBUG */
/* Implement our own getopt()-like functionality, but do so in a much more
@ -742,7 +750,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
if (!doremotelogin(ouroptarg))
rflag = 1;
strncpy(host, ouroptarg, sizeof(host));
opiestrncpy(host, ouroptarg, sizeof(host));
break;
case 'h':
@ -759,7 +767,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
if (!(ouroptarg = argv[ouroptind]))
exit(1);
strncpy(host, ouroptarg, sizeof(host));
opiestrncpy(host, ouroptarg, sizeof(host));
}
break;
@ -776,7 +784,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
if (!(ouroptarg = argv[ouroptind]))
exit(1);
strncpy(name, ouroptarg, sizeof(name));
opiestrncpy(name, ouroptarg, sizeof(name));
break;
case 'p':
pflag = 1;
@ -788,8 +796,8 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
if (strchr(argv[ouroptind], '=')) {
if (!strncmp(argv[ouroptind], "TERM=", 5)) {
strncpy(term, &(argv[ouroptind][5]), sizeof(term));
term[sizeof(term) - 1] = 0;
opiestrncpy(term, &(argv[ouroptind][5]), sizeof(term));
#ifdef DEBUG
syslog(LOG_DEBUG, "passed TERM=%s, ouroptind = %d", term, ouroptind);
#endif /* DEBUG */
@ -801,7 +809,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
continue;
};
strncpy(name, argv[ouroptind], sizeof(name));
opiestrncpy(name, argv[ouroptind], sizeof(name));
};
#ifdef TIOCNXCL
@ -1088,6 +1096,7 @@ completeness, but these are set within appropriate defines for portability. */
/* Attempt a one-time password challenge */
i = opiechallenge(&opie, name, opieprompt);
need_opieverify = TRUE;
if ((i < 0) || (i > 1)) {
syslog(LOG_ERR, "error: opiechallenge() returned %d, errno=%d!\n", i, errno);
@ -1126,7 +1135,7 @@ completeness, but these are set within appropriate defines for portability. */
if (!opiereadpass(buf, sizeof(buf), !(authsok & 2)))
invalid = TRUE;
#else /* NEW_PROMPTS */
if (!(authsok & 1) && authsok)
if ((authsok & 3) == 1)
printf("(OTP response required)\n");
printf("Password:");
fflush(stdout);
@ -1150,6 +1159,7 @@ completeness, but these are set within appropriate defines for portability. */
if (authsok & 1) {
i = opiegetsequence(&opie);
opiepassed = !opieverify(&opie, buf);
need_opieverify = 0;
#ifdef DEBUG
syslog(LOG_DEBUG, "opiepassed = %d", opiepassed);
@ -1209,15 +1219,6 @@ completeness, but these are set within appropriate defines for portability. */
}
if (*thisuser.pw_shell == '\0')
thisuser.pw_shell = "/bin/sh";
if ((chdir(thisuser.pw_dir) < 0) && !invalid) {
if (chdir("/") < 0) {
printf("No directory!\n");
invalid = TRUE;
} else {
printf("No directory! %s\n", "Logging in with HOME=/");
strcpy(thisuser.pw_dir, "/");
}
}
/* Remote login invalid must have been because of a restriction of some
sort, no extra chances. */
if (invalid) {
@ -1271,8 +1272,11 @@ completeness, but these are set within appropriate defines for portability. */
lseek(f, (long)thisuser.pw_uid * sizeof(struct lastlog), 0);
time(&ll.ll_time);
strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
strncpy(ll.ll_host, host, sizeof(ll.ll_host));
if (!strncmp(tty, "/dev/", 5))
opiestrncpy(ll.ll_line, tty + 5, sizeof(ll.ll_line));
else
opiestrncpy(ll.ll_line, tty, sizeof(ll.ll_line));
opiestrncpy(ll.ll_host, host, sizeof(ll.ll_host));
write(f, (char *) &ll, sizeof ll);
close(f);
}
@ -1312,6 +1316,21 @@ interested in hearing of a more portable approach. rja */
environ = envinit;
setenv("HOME", thisuser.pw_dir, 1);
setenv("SHELL", thisuser.pw_shell, 1);
if (chdir(thisuser.pw_dir) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "chdir(%s): %s(%d)", thisuser.pw_dir, strerror(errno),
errno);
#endif /* DEBUG */
if (chdir("/") < 0) {
printf("No directory!\n");
invalid = TRUE;
} else {
printf("No directory! %s\n", "Logging in with HOME=/");
strcpy(thisuser.pw_dir, "/");
}
}
if (!term[0]) {
#if HAVE_GETTTYNAM
/*
@ -1328,7 +1347,7 @@ interested in hearing of a more portable approach. rja */
c = tty;
if (t = getttynam(c))
strncpy(term, t->ty_type, sizeof(term));
opiestrncpy(term, t->ty_type, sizeof(term));
else
#endif /* HAVE_GETTTYNAM */
strcpy(term, "unknown");
@ -1407,8 +1426,7 @@ interested in hearing of a more portable approach. rja */
char buf[128];
int len;
strncpy(buf, PATH_MAIL, sizeof(buf) - 2);
buf[sizeof(buf) - 2] = 0;
opiestrncpy(buf, PATH_MAIL, sizeof(buf) - 2);
len = strlen(buf);
if (*(buf + len - 1) != '/') {

View File

@ -1,7 +1,7 @@
.\" opieserv.1: Manual page for the opieserv(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

View File

@ -2,8 +2,8 @@
opieverify() library routines.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

View File

@ -1,7 +1,7 @@
.\" opiesu.c: Manual page for the opiesu(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

View File

@ -1,7 +1,7 @@
/* opiesu.c: main body of code for the su(1m) program
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Check euid on startup. Use
opiestrncpy().
Modified by cmetz for OPIE 2.32. Set up TERM and PATH correctly.
Modified by cmetz for OPIE 2.31. Fix sulog(). Replaced Getlogin() with
currentuser. Fixed fencepost error in month printed by sulog().
@ -302,6 +304,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
argv++;
}
{
struct passwd *pwd;
char *p = getlogin();
@ -314,14 +317,12 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
#endif /* HAVE_SULOG */
exit(1);
}
strncpy(buf, pwd->pw_name, sizeof(buf)-1);
buf[sizeof(buf)-1] = 0;
opiestrncpy(buf, pwd->pw_name, sizeof(buf));
if (!p)
p = "unknown";
strncpy(currentuser, p, 31);
currentuser[31] = 0;
opiestrncpy(currentuser, p, 31);
if (p && *p && strcmp(currentuser, buf)) {
strcat(currentuser, "(");
@ -338,6 +339,15 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
exit(1);
}
if (geteuid()) {
syslog(LOG_CRIT, "'%s' failed for %s on %s: not running with superuser priveleges", argvbuf, currentuser, ttyname(2));
#if HAVE_SULOG
sulog(0, NULL);
#endif /* HAVE_SULOG */
fprintf(stderr, "You do not have permission to su %s\n", user);
exit(1);
};
/* Implement the BSD "wheel group" su restriction. */
#if DOWHEEL
/* Only allow those in group zero to su to root? */

View File

@ -9,13 +9,14 @@
on your system. The converse is not such a safe statement.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
Modified by cmetz for OPIE 2.31. Added a couple of new checks,
removed a few commented-out checks for functions that
no longer exist, added test-skip capability.
@ -34,12 +35,13 @@ char buffer[1024];
int testatob8()
{
static char testin[] = "0123456789abcdef";
static unsigned char testout[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
if (!opieatob8(buffer, testin))
static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
struct opie_otpkey key;
if (!opieatob8(&key, testin))
return -1;
if (memcmp(buffer, testout, sizeof(testout)))
if (memcmp(&key, testout, sizeof(testout)))
return -1;
return 0;
@ -47,10 +49,13 @@ int testatob8()
int testbtoa8()
{
static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static char testout[] = "0123456789abcdef";
struct opie_otpkey testin_aligned;
memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
if (!opiebtoa8(buffer, testin))
if (!opiebtoa8(buffer, &testin_aligned))
return -1;
if (memcmp(buffer, testout, sizeof(testout)))
@ -61,10 +66,13 @@ int testbtoa8()
int testbtoe()
{
static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static char testout[] = "AIM HEW BLUM FED MITE WARM";
struct opie_otpkey testin_aligned;
memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
if (!opiebtoe(buffer, testin))
if (!opiebtoe(buffer, &testin_aligned))
return -1;
if (memcmp(buffer, testout, sizeof(testout)))
@ -76,12 +84,13 @@ int testbtoe()
int testetob()
{
static char testin[] = "AIM HEW BLUM FED MITE WARM";
static unsigned char testout[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
struct opie_otpkey key;
if (opieetob(buffer, testin) != 1)
if (opieetob(&key, testin) != 1)
return -1;
if (memcmp(buffer, testout, sizeof(testout)))
if (memcmp(&key, testout, sizeof(testout)))
return -1;
return 0;
@ -116,12 +125,15 @@ int testgetsequence()
int testhashmd4()
{
static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static unsigned char testout[] = { 0x9f, 0x40, 0xfb, 0x84, 0xb, 0xf8, 0x7f, 0x4b };
static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x9f, 0x40, 0xfb, 0x84, 0xb, 0xf8, 0x7f, 0x4b };
struct opie_otpkey testin_aligned;
opiehash(testin, 4);
memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
if (memcmp(testin, testout, sizeof(testout)))
opiehash(&testin_aligned, 4);
if (memcmp(&testin_aligned, testout, sizeof(struct opie_otpkey)))
return -1;
return 0;
@ -131,10 +143,13 @@ int testhashmd5()
{
static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static unsigned char testout[] = { 0x78, 0xdd, 0x1a, 0x37, 0xf8, 0x91, 0x54, 0xe1 };
struct opie_otpkey testin_aligned;
opiehash(testin, 5);
memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
if (memcmp(testin, testout, sizeof(testout)))
opiehash(&testin_aligned, 5);
if (memcmp(&testin_aligned, testout, sizeof(struct opie_otpkey)))
return -1;
return 0;
@ -151,12 +166,13 @@ int testkeycrunch()
{
static char testin1[] = "ke1234";
static char testin2[] = "this is a test";
static unsigned char testout[] = { 0x2e, 0xd3, 0x5d, 0x74, 0x3e, 0xa9, 0xe9, 0xe8 };
static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x2e, 0xd3, 0x5d, 0x74, 0x3e, 0xa9, 0xe9, 0xe8 };
struct opie_otpkey opie_otpkey;
if (opiekeycrunch(5, buffer, testin1, testin2))
if (opiekeycrunch(5, &opie_otpkey, testin1, testin2))
return -1;
if (memcmp(buffer, testout, sizeof(testout)))
if (memcmp(&opie_otpkey, testout, sizeof(struct opie_otpkey)))
return -1;
return 0;

View File

@ -2,7 +2,7 @@
functionality to set device permissions on login
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -48,7 +48,7 @@ char **ftpglob __P((char *));
VOIDRET opiefatal FUNCTION((x), char *x)
{
fprintf(stderr, "%s", x);
fprintf(stderr, x);
exit(1);
}

View File

@ -1,7 +1,7 @@
/* popen.c: A "safe" pipe open routine.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If