d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade to 2.31

Browse Source
This commit is contained in:
Andrey A. Chernov 1997-09-29 08:53:38 +00:00
parent 5f386f3f23
commit 8fd53644f9
68 changed files with 2563 additions and 1142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
contrib/opie/BUG-REPORT
View File

@ -1,5 +1,5 @@
OPIE Software Distribution, Release 2.3 Bug Reporting Form
======================================= ==================
OPIE Software Distribution, Release 2.31 Bug Reporting Form
======================================== ==================
Please make a copy of this file and then edit it with your favorite
text editor to include the answers to the following questions:
@ -72,8 +72,8 @@ it usually takes a week or two.
Copyright
=========
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

23
contrib/opie/INSTALL
View File

@ -1,5 +1,5 @@
OPIE Software Distribution, Release 2.3 Installation Instructions
======================================= =========================
OPIE Software Distribution, Release 2.31 Installation Instructions
======================================== =========================
Did you read the README file?
@ -26,6 +26,11 @@ hole, but a necessary evil for some sites), type:
If you'd like the file to go somewhere else, adjust this appropriately.
There are a number of configure-time options available for OPIE. To
get a list, type:
sh configure --help
2. Edit the Makefile
The Makefile contains some options that you may wish to modify. Also
@ -34,13 +39,7 @@ verify that Autoconf chose the correct options for your system.
The Makefile created by Autoconf should be correct for most users
as-is.
3. Edit options.h
Most user-tweakable options are specified in this file.
The defaults should be reasonable for most users.
4. Build OPIE
3. Build OPIE
Normally, you will need to type:
@ -54,7 +53,7 @@ as-is.
make server
5. Verify that OPIE works on your system and install
4. Verify that OPIE works on your system and install
Normall, you will need to type:
@ -75,8 +74,8 @@ way things were before.
Copyright
=========
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

33
contrib/opie/Makefile.in
View File

@ -1,8 +1,8 @@
##
# Makefile.source and Makefile: Directions for building and installing OPIE.
#
# %%% portions-copyright-cmetz
# Portions of this software are Copyright 1996 by Craig Metz, All Rights
# %%% portions-copyright-cmetz-96
# Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
# Reserved. The Inner Net License Version 2 applies to these portions of
# the software.
# You should have received a copy of the license with this software. If
@ -15,6 +15,7 @@
#
# History:
#
# Modified by cmetz for OPIE 2.31. Moved logwtmp.o into libopie.
# Modified by cmetz for OPIE 2.3. Removed manual config -- it's
# Autoconf or bust. Replaced user configuration options
# with options.h. Eliminated unused variables. Pass down
@ -83,8 +84,7 @@ GROUP=bin
#
# Some sites might want to put this elsewhere. If you want to use an old
# S/Key database, you should create a link from /etc/skeykeys to /etc/opiekeys.
STD_KEY_FILE=/etc/opiekeys
EXT_KEY_FILE=/etc/opiekeys.ext
KEY_FILE=/etc/opiekeys
# Are we debugging?
#
@ -114,6 +114,7 @@ LOCALMAN=@LOCALMAN@
SU=@SU@
ALT_SU=@ALT_SU@
LOGIN=@LOGIN@
LOCK_DIR=@LOCK_DIR@
BACKUP=opie.old
@ -184,15 +185,15 @@ server-install: server
@chgrp $(GROUP) $(FTPD)
@echo "Changing file permissions of ftpd"
@chmod 0100 $(FTPD)
@echo "Making sure OPIE database files exist"
@touch $(STD_KEY_FILE) $(EXT_KEY_FILE)
@echo "Changing permissions of OPIE database files"
@chmod 0644 $(STD_KEY_FILE)
@chmod 0600 $(EXT_KEY_FILE)
@echo "Changing ownership of OPIE database files"
@$(CHOWN) $(OWNER) $(STD_KEY_FILE) $(EXT_KEY_FILE)
@chgrp $(GROUP) $(STD_KEY_FILE) $(EXT_KEY_FILE)
@-if test ! -z "$(ACCESS_FILE)"; then echo "Creating OPIE access file (don't say we didn't warn you)"; FILE=`echo $(ACCESS_FILE) | sed 's:^-DACCESS_FILE="\(.*\)":\1:'`; touch $$FILE; $(CHOWN) 0 $$FILE; chgrp 0 $$FILE; chmod 0444 $$FILE; fi;
@echo "Making sure OPIE database file exists"
@touch $(KEY_FILE)
@echo "Changing permissions of OPIE database file"
@chmod 0644 $(KEY_FILE)
@echo "Changing ownership of OPIE database file"
@$(CHOWN) $(OWNER) $(KEY_FILE)
@chgrp $(GROUP) $(KEY_FILE)
@-if test ! -z "$(LOCK_DIR)"; then echo "Creating OPIE lock directory"; mkdir $(LOCK_DIR); $(CHOWN) 0 $(LOCK_DIR); chgrp 0 $(LOCK_DIR); chmod 0700 $(LOCK_DIR); fi;
@-if test ! -z "$(ACCESS_FILE)"; then echo "Creating OPIE access file (don't say we didn't warn you)"; touch $(ACCESS_FILE); $(CHOWN) 0 $(ACCESS_FILE); chgrp 0 $(ACCESS_FILE); chmod 0444 $(ACCESS_FILE); fi;
@echo "Installing manual pages"
@if test ! -d $(LOCALMAN); then $(MKDIR) $(LOCALMAN); chmod 755 $(LOCALMAN); fi
@for i in 1 4 5 8; do for j in *.$$i; do if test ! -d $(LOCALMAN)/man$$i; then $(MKDIR) $(LOCALMAN)/man$$i; chmod 755 $(LOCALMAN)/man$$i; fi; cp $$j $(LOCALMAN)/man$$i/$$j; $(CHOWN) $(OWNER) $(LOCALMAN)/man$$i/$$j; chgrp $(GROUP) $(LOCALMAN)/man$$i/$$j; chmod 644 $(LOCALMAN)/man$$i/$$j; done; done
@ -222,7 +223,7 @@ opietest-passed: opietest
-./opietest && touch opietest-passed
libopie/libopie.a: libopie/*.c *.h
(cd libopie ; $(MAKE) libopie.a CFL='$(CFLAGS) -DSTD_KEY_FILE=\"$(STD_KEY_FILE)\" -DEXT_KEY_FILE=\"$(EXT_KEY_FILE)\"')
(cd libopie ; $(MAKE) libopie.a CFL='$(CFLAGS) -DKEY_FILE=\"$(KEY_FILE)\"')
libmissing/libmissing.a: libmissing/*.c
(cd libmissing ; $(MAKE) libmissing.a CFL='$(CFLAGS)')
@ -249,8 +250,8 @@ opiegen: opiegen.o $(LDEPS)
opieserv: opieserv.o $(LDEPS)
$(CC) $(CFLAGS) opieserv.o $(LFLAGS) -o opieserv
opieftpd: opieftpd.o glob.o logwtmp.o popen.o y.tab.o $(LDEPS)
$(CC) $(CFLAGS) opieftpd.o glob.o logwtmp.o popen.o y.tab.o $(LFLAGS) -o opieftpd
opieftpd: opieftpd.o glob.o popen.o y.tab.o $(LDEPS)
$(CC) $(CFLAGS) opieftpd.o glob.o popen.o y.tab.o $(LFLAGS) -o opieftpd
opielogin: opielogin.o permsfile.o $(LDEPS)
$(CC) $(CFLAGS) opielogin.o permsfile.o $(LFLAGS) -o opielogin

73
contrib/opie/README
View File

@ -1,5 +1,5 @@
OPIE Software Distribution, Release 2.3 Important Information
======================================= =====================
OPIE Software Distribution, Release 2.31 Important Information
======================================== =====================
Introduction
============
@ -75,6 +75,16 @@ original Bellcore S/Key(tm) Version 1 software:
A Glance at What's New
======================
2.31 March 20, 1997.
Removed active attack protection support due to patent problems.
Moved user locks to a separate directory.
Moved user-serviceable configuration options to the configure script.
Lots of portability and bug fixes.
2.3 September 22, 1996
Autoconf is now the only supported configuration method.
@ -174,6 +184,11 @@ restore the original system programs, but it will not work properly (and can
even result in the total loss of the old system programs -- beware!) if the
installation procedure itself did not work properly.
If you are running a release version, try installing the latest public
test version (look around). These frequently have already fixed the problem
you are seeing, but may have new problems of their own (that's why they're
test versions!).
OPIE is NOT supported software. We don't promise to support you or
even to acknowledge your mail, but we are interested in bug reports and are
reasonable folks. We also have an interest in seeing OPIE work on as many
@ -272,9 +287,10 @@ log in via opielogin, but opielogin will decrement their sequence number
if a valid response is received.
On some systems, the OPIE login program does not always display
a "login:" prompt the first time. We think that this has something to do
with the telnet daemon on those systems. (This is common on SunOS) You should
be able to fix this by upgrading to the latest version of telnetd.
a "login:" prompt the first time. There is a race condition in many older
telnetds that is probably the cause of this problem. This should be fixed by
replacing your telnetd with the latest version of the stock telnetd
(ftp.cray.com:/src/telnet).
The standard HPUX compiler is severely drain bamaged. One of the
worst parts is that it sometimes won't grok a symbol definition with forward
@ -291,20 +307,54 @@ seed.
opielogin is a replacement for /bin/login. It is NOT an OPIE "shell."
You can use it as one, but don't be surprised if it doesn't behave the way
you expect. An OPIE "shell" is on the TODO list.
you expect -- we've seen various reports of success and failure when used this
way. An OPIE "shell" is on the TODO list.
Clients that use opiegen() will automatically send a re-initialization
extended response if the sequence number falls below ten. If the server does
not support this, the user will need to log in using opiekey and reset his
sequence manually (using opiepasswd).
For reasons that remain very unclear, Solaris passes the login name
from getty/telnetd to login by stuffing it in the terminal input buffer
instead of passing it on the command line like every other *IX. This is just
plain broken. Solaris has other problems with its telnetd and getty; you may
want to consider getting the telnet(d) sources (ftp.cray.com:/src/telnet)
and reasonable getty sources (try sunsite.unc.edu:/pub/Linux/system/Serial, at
least one of agetty, mingetty, and getty_ps should work) and replacing the
Solaris versions with these. OPIE should work *much* more happily with these
programs than the ones that come with Solaris. However, there could be negative
side effects -- this is not a procedure recommended for the faint of heart. An
even more drastic solution more likely to make OPIE happy is to install Linux
or NetBSD on your box ;)
OPIE is a lot more fussy than it used to be about lock files and where
it puts them. The lock file directory must be a directory used only for OPIE
lock files. It must be a directory, owned by the superuser, and must be mode
0700.
Gripes
======
Is it too much to ask that certain OS vendors just do the right thing
and not fix what isn't broken? (Look at all the ifdefs in the OPIE code and
and not "fix" what isn't broken? (Look at all the ifdefs in the OPIE code and
the answer is clear)
utmp and wtmp handling in OPIE has been a very, very sore subject.
Every vendor does things differently, and, of course, most of them swear they
are complying to some or other "standard." My (cmetz) conclusion is that the
only thing that is standard about utmp and wtmp handling is that it will be
nonstandard on any given system. I've tried a lot of things and I've wasted
*a lot* of time on trying to make utmp and wtmp handling work for everybody;
my conclusion is that it will never happen. I personally am willing to stand
behind the code for utmp/wtmp handling on reasonable Linux and 4.4BSD-Lite
systems. If it breaks, tell me and I will fix it. While I am still interested
in hearing about fixes for other OSs, I'm not likely to go out of my way to fix
utmp/wtmp handling on them. If you want it fixed, the best way to do it is to
fix it yourself and give me a patch. As long as the patch is reasonable, I'll
include it in the next release. If you can't wait, use the --disable-utmp
option.
Credits
=======
@ -336,17 +386,22 @@ community effort. These contributors include:
Mowgli Assor
Lawrie Brown
Andrew Davis
Axel Grewe
"Hobbit"
Kojima Hajime
Darren Hosking
Martijn Koster
Osamu Kurati
Ayamura Kikuchi
Hiroshi Nakano
Ikuo Nakagawa
Angelo Neri
C. R. Oldham
D. Jason Penney
John Perkins
Jim Simmons
Brad Smith
Werner Wiethege
Wietse Venema
@ -371,8 +426,8 @@ trademarked by anyone.
Copyrights
==========
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

37
contrib/opie/acconfig.h
View File

@ -1,7 +1,7 @@
/* acconfig.h: Extra commentary for Autoheader
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -116,3 +116,36 @@ you didn't get a copy, you may request one from <license@inner.net>.
/* Define if there is a ut_host field in struct utmp */
#undef HAVE_UT_HOST
/* Define if the system has getutline() */
#undef HAVE_GETUTLINE
/* Defined if the system has SunOS C2 security shadow passwords */
#undef HAVE_SUNOS_C2_SHADOW
/* Defined if you want to disable utmp support */
#undef DISABLE_UTMP
/* Defined if you want to disable wtmp support */
#undef DISABLE_WTMP
/* Defined if you want to allow users to override the insecure checks */
#undef INSECURE_OVERRIDE
/* Defined to the default hash value, always defined */
#undef MDX
/* Defined if new-style prompts are to be used */
#undef NEW_PROMPTS
/* Defined to the path of the OPIE lock directory */
#undef OPIE_LOCK_DIR
/* Defined if users are to be asked to re-type secret pass phrases */
#undef RETYPE
/* Defined if su should not switch to disabled accounts */
#undef SU_STAR_CHECK
/* Defined if user locking is to be used */
#undef USER_LOCKING

89
contrib/opie/config.h
View File

@ -1,3 +1,6 @@
/* config.h. Generated automatically by configure. */
/* config.h.in. Generated automatically from configure.in by autoheader. */
/* Define if on AIX 3.
System headers sometimes define this.
We just want to avoid a redefinition error message. */
@ -40,9 +43,9 @@
/* If using the C implementation of alloca, define if you know the
direction of stack growth for your system; otherwise it will be
automatically deduced at run-time.
STACK_DIRECTION > 0 => grows toward higher addresses
STACK_DIRECTION < 0 => grows toward lower addresses
STACK_DIRECTION = 0 => direction of growth unknown
STACK_DIRECTION > 0 => grows toward higher addresses
STACK_DIRECTION < 0 => grows toward lower addresses
STACK_DIRECTION = 0 => direction of growth unknown
*/
/* #undef STACK_DIRECTION */
@ -78,6 +81,15 @@
/* The path to the mail spool, if we know it */
#define PATH_MAIL "/var/mail"
/* The path to the utmp file, if we know it */
#define PATH_UTMP_AC "/var/run/utmp"
/* The path to the wtmp file, if we know it */
#define PATH_WTMP_AC "/var/log/wtmp"
/* The path to the wtmpx file, if we know it */
/* #undef PATH_WTMPX_AC */
/* Defined if the system's profile (/etc/profile) displays
the motd file */
/* #undef HAVE_MOTD_IN_PROFILE */
@ -138,6 +150,36 @@
/* Define if there is a ut_host field in struct utmp */
#define HAVE_UT_HOST 1
/* Define if the system has getutline() */
/* #undef HAVE_GETUTLINE */
/* Defined if the system has SunOS C2 security shadow passwords */
/* #undef HAVE_SUNOS_C2_SHADOW */
/* Defined if you want to disable utmp support */
/* #undef DISABLE_UTMP */
/* Defined if you want to allow users to override the insecure checks */
/* #undef INSECURE_OVERRIDE */
/* Defined to the default hash value, always defined */
#define MDX 5
/* Defined if new-style prompts are to be used */
#define NEW_PROMPTS 1
/* Defined to the path of the OPIE lock directory */
#define OPIE_LOCK_DIR "/etc/opielocks"
/* Defined if users are to be asked to re-type secret pass phrases */
/* #undef RETYPE */
/* Defined if su should not switch to disabled accounts */
/* #undef SU_STAR_CHECK */
/* Defined if user locking is to be used */
#define USER_LOCKING 1
/* Define if you have the bcopy function. */
/* #undef HAVE_BCOPY */
@ -159,8 +201,8 @@
/* Define if you have the gethostname function. */
/* #undef HAVE_GETHOSTNAME */
/* Define if you have the getspent function. */
/* #undef HAVE_GETSPENT */
/* Define if you have the getspnam function. */
/* #undef HAVE_GETSPNAM */
/* Define if you have the gettimeofday function. */
#define HAVE_GETTIMEOFDAY 1
@ -168,6 +210,9 @@
/* Define if you have the getttynam function. */
#define HAVE_GETTTYNAM 1
/* Define if you have the getusershell function. */
#define HAVE_GETUSERSHELL 1
/* Define if you have the getutxline function. */
/* #undef HAVE_GETUTXLINE */
@ -180,18 +225,15 @@
/* Define if you have the lstat function. */
#define HAVE_LSTAT 1
/* Define if you have the on_exit function. */
/* #undef HAVE_ON_EXIT */
/* Define if you have the pututxline function. */
/* #undef HAVE_PUTUTXLINE */
/* Define if you have the rindex function. */
/* #undef HAVE_RINDEX */
/* Define if you have the setegid function. */
#define HAVE_SETEGID 1
/* Define if you have the seteuid function. */
#define HAVE_SETEUID 1
/* Define if you have the setgroups function. */
#define HAVE_SETGROUPS 1
@ -202,7 +244,7 @@
#define HAVE_SETPRIORITY 1
/* Define if you have the setregid function. */
#define HAVE_SETREGID 1
/* #undef HAVE_SETREGID */
/* Define if you have the setresgid function. */
/* #undef HAVE_SETRESGID */
@ -211,32 +253,44 @@
/* #undef HAVE_SETRESUID */
/* Define if you have the setreuid function. */
#define HAVE_SETREUID 1
/* #undef HAVE_SETREUID */
/* Define if you have the setvbuf function. */
#define HAVE_SETVBUF 1
/* Define if you have the sigaddset function. */
#define HAVE_SIGADDSET 1
/* Define if you have the sigblock function. */
/* #undef HAVE_SIGBLOCK */
/* Define if you have the sigemptyset function. */
#define HAVE_SIGEMPTYSET 1
/* Define if you have the sigsetmask function. */
/* #undef HAVE_SIGSETMASK */
/* Define if you have the socket function. */
#define HAVE_SOCKET 1
/* Define if you have the strerror function. */
#define HAVE_STRERROR 1
/* Define if you have the strftime function. */
#define HAVE_STRFTIME 1
/* Define if you have the strncasecmp function. */
#define HAVE_STRNCASECMP 1
/* Define if you have the strstr function. */
#define HAVE_STRSTR 1
/* Define if you have the sysconf function. */
#define HAVE_SYSCONF 1
/* Define if you have the ttyslot function. */
#define HAVE_TTYSLOT 1
/* Define if you have the usleep function. */
#define HAVE_USLEEP 1
/* Define if you have the <crypt.h> header file. */
/* #undef HAVE_CRYPT_H */
@ -288,6 +342,9 @@
/* Define if you have the <sys/param.h> header file. */
#define HAVE_SYS_PARAM_H 1
/* Define if you have the <sys/select.h> header file. */
#define HAVE_SYS_SELECT_H 1
/* Define if you have the <sys/signal.h> header file. */
#define HAVE_SYS_SIGNAL_H 1

82
contrib/opie/config.h.in
View File

@ -42,9 +42,9 @@
/* If using the C implementation of alloca, define if you know the
direction of stack growth for your system; otherwise it will be
automatically deduced at run-time.
STACK_DIRECTION > 0 => grows toward higher addresses
STACK_DIRECTION < 0 => grows toward lower addresses
STACK_DIRECTION = 0 => direction of growth unknown
STACK_DIRECTION > 0 => grows toward higher addresses
STACK_DIRECTION < 0 => grows toward lower addresses
STACK_DIRECTION = 0 => direction of growth unknown
*/
#undef STACK_DIRECTION
@ -80,6 +80,15 @@
/* The path to the mail spool, if we know it */
#undef PATH_MAIL
/* The path to the utmp file, if we know it */
#undef PATH_UTMP_AC
/* The path to the wtmp file, if we know it */
#undef PATH_WTMP_AC
/* The path to the wtmpx file, if we know it */
#undef PATH_WTMPX_AC
/* Defined if the system's profile (/etc/profile) displays
the motd file */
#undef HAVE_MOTD_IN_PROFILE
@ -140,6 +149,36 @@
/* Define if there is a ut_host field in struct utmp */
#undef HAVE_UT_HOST
/* Define if the system has getutline() */
#undef HAVE_GETUTLINE
/* Defined if the system has SunOS C2 security shadow passwords */
#undef HAVE_SUNOS_C2_SHADOW
/* Defined if you want to disable utmp support */
#undef DISABLE_UTMP
/* Defined if you want to allow users to override the insecure checks */
#undef INSECURE_OVERRIDE
/* Defined to the default hash value, always defined */
#undef MDX
/* Defined if new-style prompts are to be used */
#undef NEW_PROMPTS
/* Defined to the path of the OPIE lock directory */
#undef OPIE_LOCK_DIR
/* Defined if users are to be asked to re-type secret pass phrases */
#undef RETYPE
/* Defined if su should not switch to disabled accounts */
#undef SU_STAR_CHECK
/* Defined if user locking is to be used */
#undef USER_LOCKING
/* Define if you have the bcopy function. */
#undef HAVE_BCOPY
@ -161,8 +200,8 @@
/* Define if you have the gethostname function. */
#undef HAVE_GETHOSTNAME
/* Define if you have the getspent function. */
#undef HAVE_GETSPENT
/* Define if you have the getspnam function. */
#undef HAVE_GETSPNAM
/* Define if you have the gettimeofday function. */
#undef HAVE_GETTIMEOFDAY
@ -170,6 +209,9 @@
/* Define if you have the getttynam function. */
#undef HAVE_GETTTYNAM
/* Define if you have the getusershell function. */
#undef HAVE_GETUSERSHELL
/* Define if you have the getutxline function. */
#undef HAVE_GETUTXLINE
@ -182,18 +224,15 @@
/* Define if you have the lstat function. */
#undef HAVE_LSTAT
/* Define if you have the on_exit function. */
#undef HAVE_ON_EXIT
/* Define if you have the pututxline function. */
#undef HAVE_PUTUTXLINE
/* Define if you have the rindex function. */
#undef HAVE_RINDEX
/* Define if you have the setegid function. */
#undef HAVE_SETEGID
/* Define if you have the seteuid function. */
#undef HAVE_SETEUID
/* Define if you have the setgroups function. */
#undef HAVE_SETGROUPS
@ -218,27 +257,39 @@
/* Define if you have the setvbuf function. */
#undef HAVE_SETVBUF
/* Define if you have the sigaddset function. */
#undef HAVE_SIGADDSET
/* Define if you have the sigblock function. */
#undef HAVE_SIGBLOCK
/* Define if you have the sigemptyset function. */
#undef HAVE_SIGEMPTYSET
/* Define if you have the sigsetmask function. */
#undef HAVE_SIGSETMASK
/* Define if you have the socket function. */
#undef HAVE_SOCKET
/* Define if you have the strerror function. */
#undef HAVE_STRERROR
/* Define if you have the strftime function. */
#undef HAVE_STRFTIME
/* Define if you have the strncasecmp function. */
#undef HAVE_STRNCASECMP
/* Define if you have the strstr function. */
#undef HAVE_STRSTR
/* Define if you have the sysconf function. */
#undef HAVE_SYSCONF
/* Define if you have the ttyslot function. */
#undef HAVE_TTYSLOT
/* Define if you have the usleep function. */
#undef HAVE_USLEEP
/* Define if you have the <crypt.h> header file. */
#undef HAVE_CRYPT_H
@ -290,6 +341,9 @@
/* Define if you have the <sys/param.h> header file. */
#undef HAVE_SYS_PARAM_H
/* Define if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H
/* Define if you have the <sys/signal.h> header file. */
#undef HAVE_SYS_SIGNAL_H

1767
contrib/opie/configure vendored
View File

File diff suppressed because it is too large Load Diff

175
contrib/opie/configure.in
View File

@ -1,7 +1,7 @@
dnl configure.in: Input for Autoconf
dnl
dnl %%% portions-copyright-cmetz
dnl Portions of this software are Copyright 1996 by Craig Metz, All Rights
dnl %%% portions-copyright-cmetz-96
dnl Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
dnl Reserved. The Inner Net License Version 2 applies to these portions of
dnl the software.
dnl You should have received a copy of the license with this software. If
@ -14,6 +14,14 @@ dnl License Agreement applies to this software.
dnl
dnl History:
dnl
dnl Modified by cmetz for OPIE 2.31. Put back manual utmp[x]/wtmp[x]
dnl checks -- too many OSs can't be trusted to tell us where they are.
dnl Check for sys/select.h. Spell endutent right. Replace strtoul()
dnl if needed. Removed duplicate check for sysconf. Added check for
dnl SunOS C2 shadow passwords (may need more work). Replace
dnl setutent. Added options to disable use of utmp/wtmp. Replace
dnl seteuid and setegid. Check for usleep. Moved options.h options
dnl here as enable/disable options.
dnl Modified by cmetz for OPIE 2.3. Removed redundant memset/memcpy.
dnl Changed ls -g test around. Changed logindevperm/fbtab defines.
dnl Added check for /etc/environment and /etc/src.sh. Check for
@ -34,8 +42,37 @@ dnl Created at NRL for OPIE 2.1.
AC_INIT(README)
AC_CONFIG_HEADER(config.h)
AC_ARG_ENABLE(access-file, [ --enable-access-file=PATH Use the OPIE access file PATH as a transition aid], AC_DEFINE_UNQUOTED(PATH_ACCESS_FILE, "$enable_access_file") echo "Using the access file in $enable_access_file -- don't say we didn't warn you!")
AC_ARG_ENABLE(access-file, [ --enable-access-file=FILENAME
Enable the OPIE access file FILENAME], AC_DEFINE_UNQUOTED(PATH_ACCESS_FILE, "$enable_access_file") echo "Using the access file in $enable_access_file -- don't say we didn't warn you!")
ACCESS_FILE="$enable_access_file"
AC_SUBST(ACCESS_FILE)
AC_ARG_ENABLE(server-md4, [ --enable-server-md4 Use MD4 instead of MD5 for the server], AC_DEFINE(MDX, 4), AC_DEFINE(MDX, 5))
set do_user_locking=1;
AC_ARG_ENABLE(user-locking, [ --disable-user-locking Disable user locking
--enable-user-locking[=DIR]
Put user lock files in DIR [/etc/opielocks]],, set do_user_locking=0)
if $do_user_locking;
then
AC_DEFINE(USER_LOCKING)
if test -z "$enable_user_locking"
then
AC_DEFINE(OPIE_LOCK_DIR, "/etc/opielocks")
else
AC_DEFINE_UNQUOTED(OPIE_LOCK_DIR, "$enable_user_locking")
fi
fi
LOCK_DIR="$enable_user_locking"
AC_SUBST(LOCK_DIR)
AC_ARG_ENABLE(retype, [ --enable-retype Ask users to re-type their secret pass phrases], AC_DEFINE(RETYPE))
AC_ARG_ENABLE(su-star-check, [ --enable-su-star-check Refuse to switch to disabled accounts], AC_DEFINE(SU_STAR_CHECK))
AC_ARG_ENABLE(new-prompts, [ --disable-new-prompts Use more compatible (but less informative) prompts],, AC_DEFINE(NEW_PROMPTS))
AC_ARG_ENABLE(insecure-override, [ --enable-insecure-override
Allow users to override insecure checks], AC_DEFINE(INSECURE_OVERRIDE))
AC_ARG_ENABLE(anonymous-ftp, [ --enable-anonymous-ftp Enable anonymous FTP support], AC_DEFINE(DOANONYMOUS) echo "Enabling anonymous FTP support in ftp -- don't say we didn't warn you!")
AC_ARG_ENABLE(utmp, [ --disable-utmp Disable utmp logging], AC_DEFINE(DISABLE_UTMP) echo "Disabling utmp logging")
AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable wtmp logging], AC_DEFINE(DISABLE_UTMP) echo "Disabling wtmp logging")
dnl Checks for programs.
AC_PROG_CC
@ -48,8 +85,6 @@ AC_AIX
AC_ISC_POSIX
AC_MINIX
AC_C_CROSS
dnl We'd put PATH in these checks, but it turns out that autoconf doesn't
dnl work as documented when it comes to the colon separator...
@ -233,7 +268,17 @@ then
result=yes
AC_DEFINE(HAVE_ETC_SHADOW)
else
result=no
AC_MSG_RESULT(no)
AC_MSG_CHECKING(for /etc/security/passwd.adjunct)
if test $EXISTS /etc/security/passwd.adjunct
then
result=yes
AC_DEFINE(HAVE_SUNOS_C2_SHADOW)
LIBOBJS="$LIBOBJS getspnam.o endspent.o"
else
result=no
fi
fi
AC_MSG_RESULT($result)
@ -265,41 +310,75 @@ else
fi
AC_MSG_RESULT($result)
dnl AC_MSG_CHECKING(where your system puts the utmp file)
dnl utmp_path=""
dnl for i in /var/run /var/adm /usr/adm /etc
dnl do
dnl if test $EXISTS $i/utmp
dnl then
dnl utmp_path="$i"
dnl fi
dnl done
dnl if test -z "$utmp_path"
dnl then
dnl result="not found"
dnl else
dnl result="$utmp_path"
dnl AC_DEFINE_UNQUOTED(PATH_UTMP_AC, "$utmp_path/utmp")
dnl fi
dnl AC_MSG_RESULT($result)
AC_MSG_CHECKING(where your system puts the utmp file)
utmp_path=""
for i in /var/run /var/adm /usr/adm /etc
do
if test $EXISTS $i/utmp
then
utmp_path="$i"
fi
done
if test -z "$utmp_path"
then
result="not found"
else
result="$utmp_path"
AC_DEFINE_UNQUOTED(PATH_UTMP_AC, "$utmp_path/utmp")
fi
AC_MSG_RESULT($result)
dnl AC_MSG_CHECKING(where your system puts the wtmp file)
dnl wtmp_path=""
dnl for i in /var/run /var/adm /usr/adm /etc
dnl do
dnl if test $EXISTS $i/wtmp
dnl then
dnl wtmp_path="$i"
dnl fi
dnl done
dnl if test -z "$wtmp_path"
dnl then
dnl result="not found"
dnl else
dnl result="$wtmp_path"
dnl AC_DEFINE_UNQUOTED(PATH_WTMP_AC, "$wtmp_path/wtmp")
dnl fi
dnl AC_MSG_RESULT($result)
AC_MSG_CHECKING(where your system puts the utmpx file)
utmp_path=""
for i in /var/run /var/adm /usr/adm /etc
do
if test $EXISTS $i/utmp
then
utmp_path="$i"
fi
done
if test -z "$utmp_path"
then
result="not found"
AC_DEFINE_UNQUOTED(PATH_UTMP_AC, "$utmp_path/utmpx")
fi
AC_MSG_RESULT($result)
AC_MSG_CHECKING(where your system puts the wtmp file)
wtmp_path=""
for i in /var/run /var/log /var/adm /usr/adm /etc
do
if test $EXISTS $i/wtmp
then
wtmp_path="$i"
fi
done
if test -z "$wtmp_path"
then
result="not found"
else
result="$wtmp_path"
AC_DEFINE_UNQUOTED(PATH_WTMP_AC, "$wtmp_path/wtmp")
fi
AC_MSG_RESULT($result)
AC_MSG_CHECKING(where your system puts the wtmpx file)
wtmpx_path=""
for i in /var/run /var/log /var/adm /usr/adm /etc
do
if test $EXISTS $i/wtmpx
then
wtmpx_path="$i"
fi
done
if test -z "$wtmpx_path"
then
result="not found"
else
result="$wtmpx_path"
AC_DEFINE_UNQUOTED(PATH_WTMPX_AC, "$wtmpx_path/wtmpx")
fi
AC_MSG_RESULT($result)
AC_MSG_CHECKING(whether the system profile displays the motd)
result=no
@ -379,7 +458,7 @@ AC_CHECK_LIB(socket, socket)
dnl Checks for header files.
AC_HEADER_DIRENT
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(crypt.h fcntl.h limits.h termios.h sys/file.h sys/ioctl.h sys/time.h syslog.h unistd.h paths.h shadow.h signal.h sys/signal.h lastlog.h sys/utsname.h pwd.h sys/param.h string.h stdlib.h utmpx.h)
AC_CHECK_HEADERS(crypt.h fcntl.h limits.h termios.h sys/file.h sys/ioctl.h sys/time.h syslog.h unistd.h paths.h shadow.h signal.h sys/signal.h lastlog.h sys/utsname.h pwd.h sys/param.h string.h stdlib.h utmpx.h sys/select.h)
dnl Checks for typedefs, structures, and compiler characteristics.
dnl AC_TYPE_UID_T
@ -405,25 +484,29 @@ AC_DEFINE(HAVE_UT_HOST)
dnl Checks for library functions.
dnl AC_PROG_GCC_TRADITIONAL
AC_TYPE_SIGNAL
AC_CHECK_FUNCS(gettimeofday socket strftime strstr setpriority seteuid setreuid setegid setregid setresuid setresgid getttynam sysconf setvbuf getspent endspent setgroups getgroups fpurge setlogin lstat getutxline pututxline)
AC_CHECK_FUNCS(gettimeofday socket strftime strstr setpriority getttynam setvbuf getspnam endspent setgroups getgroups fpurge setlogin lstat getutxline pututxline usleep)
dnl Libmissing...
AC_FUNC_MEMCMP
AC_FUNC_ALLOCA
AC_REPLACE_FUNCS(getusershell sigaddset sigemptyset strerror strncasecmp)
MISSING="$LIBOBJS $ALLOCA "
AC_CHECK_FUNC(atexit,, MISSING="${MISSING}atexit.o ")
AC_CHECK_FUNC(entutent,, MISSING="${MISSING}endutent.o ")
MISSING="$LIBOBJS $ALLOCA " ;
AC_CHECK_FUNC(atexit,, MISSING="${MISSING}atexit.o "; AC_CHECK_FUNCS(on_exit))
AC_CHECK_FUNC(endutent,, MISSING="${MISSING}endutent.o ")
AC_CHECK_FUNC(memcpy,, MISSING="${MISSING}memcpy.o "; AC_CHECK_FUNCS(bcopy))
AC_CHECK_FUNC(memset,, MISSING="${MISSING}memset.o "; AC_CHECK_FUNCS(bzero))
AC_CHECK_FUNC(getcwd,, MISSING="${MISSING}getcwd.o "; AC_CHECK_FUNCS(getwd))
AC_CHECK_FUNC(getenv, AC_DEFINE(HAVE_GETENV), MISSING="${MISSING}env.o ")
AC_CHECK_FUNC(getutline,, MISSING="${MISSING}getutline.o "; AC_CHECK_FUNCS(ttyslot))
AC_CHECK_FUNC(getutline, AC_DEFINE(HAVE_GETUTLINE), MISSING="${MISSING}getutline.o "; AC_CHECK_FUNCS(ttyslot))
AC_CHECK_FUNC(pututline,, MISSING="${MISSING}pututline.o "; AC_CHECK_FUNCS(ttyslot))
AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), MISSING="${MISSING}env.o ")
AC_CHECK_FUNC(setegid,, MISSING="${MISSING}setegid.o "; AC_CHECK_FUNCS(setregid setresgid))
AC_CHECK_FUNC(seteuid,, MISSING="${MISSING}seteuid.o "; AC_CHECK_FUNCS(setreuid setresuid))
AC_CHECK_FUNC(setutent,, MISSING="${MISSING}setutent.o ")
AC_CHECK_FUNC(sigprocmask,, MISSING="${MISSING}sigprocmask.o "; AC_CHECK_FUNCS(sigblock sigsetmask))
AC_CHECK_FUNC(strchr,, MISSING="${MISSING}strchr.o "; AC_CHECK_FUNCS(index))
AC_CHECK_FUNC(strrchr,, MISSING="${MISSING}strrchr.o "; AC_CHECK_FUNCS(rindex))
AC_CHECK_FUNC(strtoul,, MISSING="${MISSING}strtoul.o ")
AC_CHECK_FUNC(sysconf,, MISSING="${MISSING}sysconf.o "; AC_CHECK_FUNCS(getdtablesize))
AC_CHECK_FUNC(uname,, MISSING="${MISSING}uname.o "; AC_CHECK_FUNCS(gethostname))
AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV), MISSING="${MISSING}env.o ")

5
contrib/opie/ftpcmd.y
View File

@ -1,7 +1,7 @@
/* ftpcmd.y: yacc parser for the FTP daemon.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -1226,6 +1226,7 @@ VOIDRET help FUNCTION((ctab, s), struct tab *ctab AND char *s)
printf("\r\n");
}
(void) fflush(stdout);
reply(214, " ");
return;
}
upper(s);

4
contrib/opie/glob.c
View File

@ -1,7 +1,7 @@
/* glob.c: The csh et al glob pattern matching routines.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

4
contrib/opie/libmissing/Makefile.in
View File

@ -1,8 +1,8 @@
##
# Makefile.in/Makefile: Directions for building libmissing.
#
# %%% copyright-cmetz
# This software is Copyright 1996 by Craig Metz, All Rights Reserved.
# %%% copyright-cmetz-96
# This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
# The Inner Net License Version 2 applies to this software.
# You should have received a copy of the license with this software. If
# you didn't get a copy, you may request one from <license@inner.net>.

7
contrib/opie/libmissing/endutent.c
View File

@ -1,18 +1,19 @@
/* endutent.c: A replacement for the endutent function
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. Use VOIDRET macro.
Created by cmetz for OPIE 2.3.
*/
#include "opie_cfg.h"
#include "opie.h"
void endutent FUNCTION_NOARGS
VOIDRET endutent FUNCTION_NOARGS
{
}

15
contrib/opie/libmissing/getutline.c
View File

@ -1,13 +1,16 @@
/* getutline.c: A replacement for the getutline() function
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. If the OS won't tell us where
_PATH_UTMP is, play the SVID game, then use
Autoconf-discovered values.
Created by cmetz for OPIE 2.3.
*/
@ -18,6 +21,14 @@ you didn't get a copy, you may request one from <license@inner.net>.
static struct utmp u;
#ifndef _PATH_UTMP
#ifdef UTMP_FILE
#define _PATH_UTMP UTMP_FILE
#else /* UTMP_FILE */
#define _PATH_UTMP PATH_UTMP_AC
#endif /* UTMP_FILE */
#endif /* _PATH_UTMP */
struct utmp *getutline FUNCTION((utmp), struct utmp *utmp)
{
FILE *f;

10
contrib/opie/libmissing/pututline.c
View File

@ -1,13 +1,15 @@
/* pututline.c: A replacement for the pututline() function
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. If the OS won't tell us where
_PATH_UTMP is, use Autoconf-discovered values.
Created by cmetz for OPIE 2.3.
*/
@ -16,6 +18,10 @@ you didn't get a copy, you may request one from <license@inner.net>.
#include <utmp.h>
#include "opie.h"
#ifndef _PATH_UTMP
#define _PATH_UTMP PATH_UTMP_AC
#endif /* _PATH_UTMP */
void pututline FUNCTION((utmp), struct utmp *utmp)
{
FILE *f;

11
contrib/opie/libopie/Makefile.in
View File

@ -1,15 +1,18 @@
##
# Makefile.in/Makefile: Directions for building libopie.
#
# This software is Copyright 1996 by Craig Metz, All Rights Reserved. The Inner
# Net Copyright Notice and License Agreement version 2.00 applies to this
# software.
# %%% copyright-cmetz-96
# This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
# The Inner Net License Version 2 applies to this software.
# You should have received a copy of the license with this software. If
# you didn't get a copy, you may request one from <license@inner.net>.
#
# History:
#
# Modified by cmetz for OPIE 2.31. Added logwtmp.o
# Created by cmetz for OPIE 2.3 using old Makefiles as a guide.
OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o
OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o logwtmp.o # sha.o
CC=@CC@
CFLAGS=$(CFL) -I..

9
contrib/opie/libopie/accessfile.c
View File

@ -1,8 +1,8 @@
/* accessfile.c: Handle trusted network access file and per-user
overrides.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -15,6 +15,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Include syslog.h on debug.
Modified by cmetz for OPIE 2.3. Send debug info to syslog.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
Ifdef around some headers. Remove extra semicolon.
@ -42,6 +43,10 @@ License Agreement applies to this software.
#include <stdlib.h>
#endif /* HAVE_STDLIB_H */
#ifdef DEBUG
#include <syslog.h>
#endif /* DEBUG */
#include "opie.h"
int opieaccessfile FUNCTION((host), char *host)

4
contrib/opie/libopie/atob8.c
View File

@ -1,7 +1,7 @@
/* atob8.c: The opieatob8() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

4
contrib/opie/libopie/btoa8.c
View File

@ -1,7 +1,7 @@
/* btoa8.c: The opiebtoa8() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

4
contrib/opie/libopie/btoe.c
View File

@ -2,8 +2,8 @@
Conversion to/from the six-English-word representation of a
64 bit OTP.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

4
contrib/opie/libopie/btoh.c
View File

@ -1,7 +1,7 @@
/* btoh.c: The opiebtoh() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

4
contrib/opie/libopie/challenge.c
View File

@ -1,7 +1,7 @@
/* challenge.c: The opiechallenge() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

45
contrib/opie/libopie/generator.c
View File

@ -1,7 +1,7 @@
/* generator.c: The opiegenerator() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -9,6 +9,9 @@ you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. Renamed "init" to "init-hex".
Removed active attack protection support. Fixed fairly
bug in how init response was computed (i.e., dead wrong).
Modified by cmetz for OPIE 2.3. Use _opieparsechallenge(). ifdef
around string.h. Output hex responses by default, output
OTP re-init extended responses (same secret) if sequence
@ -51,12 +54,16 @@ int opiegenerator FUNCTION((buffer, secret, response), char *buffer AND char *se
if (i = opiekeycrunch(algorithm, key, seed, secret))
return i;
if (sequence < 10) {
char newseed[OPIE_SEED_MAX + 1];
char newkey[8], cko[8], ckn[8], ckxor[8], cv[8];
char newkey[8];
char *c;
char buf[OPIE_SEED_MAX + 48 + 1];
while (sequence-- != 0)
opiehash(key, algorithm);
if (opienewseed(strcpy(newseed, seed)) < 0)
return -1;
@ -66,43 +73,15 @@ int opiegenerator FUNCTION((buffer, secret, response), char *buffer AND char *se
for (i = 0; i < 499; i++)
opiehash(newkey, algorithm);
if (opiekeycrunch(algorithm | 0x10, cko, seed, secret))
return -1;
if (opiekeycrunch(algorithm | 0x10, ckn, newseed, secret))
return -1;
for (i = 0; i < 8; i++)
ckxor[i] = cko[i] ^ ckn[i];
strcpy(response, "init:");
strcpy(response, "init-hex:");
strcat(response, opiebtoh(buf, key));
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
strcat(response, buf);
strcat(response, opiebtoh(buf, newkey));
strcat(response, ":");
strcat(response, opiebtoh(buf, ckxor));
strcat(response, ":");
c = buf;
memcpy(c, ckn, sizeof(ckn)); c += sizeof(ckn);
memcpy(c, key, sizeof(key)); c += sizeof(key);
#ifdef HAVE_ANSISPRINTF
c += sprintf(c, "%s 499 %s", algids[algorithm], newseed);
#else /* HAVE_ANSISPRINTF */
sprintf(c, "%s 499 %s", algids[algorithm], newseed);
while(*c) c++;
#endif /* HAVE_ANSISPRINTF */
memcpy(c, newkey, sizeof(newkey)); c += sizeof(newkey);
memcpy(c, ckxor, sizeof(ckxor)); c += sizeof(ckxor);
memcpy(c, ckn, sizeof(ckn)); c += sizeof(ckn);
opiehashlen(algorithm, buf, cv, (unsigned int)c - (unsigned int)buf);
strcat(response, opiebtoh(buf, cv));
} else {
while (sequence-- != 0)
opiehash(key, algorithm);
opiebtoh(response, key);
}

4
contrib/opie/libopie/getsequence.c
View File

@ -1,7 +1,7 @@
/* getsequence.c: The opiegetsequence() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

22
contrib/opie/libopie/getutmpentry.c
View File

@ -1,13 +1,14 @@
/* getutmpentry.c: The __opiegetutmpentry() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. Cache result.
Created by cmetz for OPIE 2.3 (re-write).
*/
@ -18,6 +19,7 @@ you didn't get a copy, you may request one from <license@inner.net>.
#if DOUTMPX
#include <utmpx.h>
#define setutent setutxent
#define getutline(x) getutxline(x)
#define utmp utmpx
#endif /* DOUTMPX */
@ -31,30 +33,40 @@ you didn't get a copy, you may request one from <license@inner.net>.
#endif /* DEBUG */
#include "opie.h"
#if !HAVE_GETUTLINE
#if !HAVE_GETUTLINE && !DOUTMPX
struct utmp *getutline __P((struct utmp *));
#endif /* HAVE_GETUTLINE */
#endif /* HAVE_GETUTLINE && !DOUTMPX */
static struct utmp u;
int __opiegetutmpentry FUNCTION((line, utmp), char *line AND struct utmp *utmp)
{
struct utmp u, *pu;
struct utmp *pu;
if (u.ut_line[0]) {
pu = &u;
goto gotit;
};
memset(&u, 0, sizeof(u));
if (!strncmp(line, "/dev/", 5)) {
strncpy(u.ut_line, line + 5, sizeof(u.ut_line));
setutent();
if ((pu = getutline(&u)))
goto gotit;
#ifdef hpux
strcpy(u.ut_line, "pty/");
strncpy(u.ut_line + 4, line + 5, sizeof(u.ut_line) - 4);
setutent();
if ((pu = getutline(&u)))
goto gotit;
#endif /* hpux */
}
strncpy(u.ut_line, line, sizeof(u.ut_line));
setutent();
if ((pu = getutline(&u)))
goto gotit;

37
contrib/opie/libopie/hash.c
View File

@ -1,24 +1,24 @@
/* hash.c: The opiehash() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Updated by cmetz for OPIE 2.31. Added SHA support (which may
not be correct). Backed out previous optimizations as
they killed thread-safety.
Created by cmetz for OPIE 2.3 using the old hash.c as a guide.
*/
#include "opie_cfg.h"
#include "opie.h"
static struct opiemdx_ctx mdx;
static UINT4 mdx_tmp[4];
#if 0
static SHA_INFO sha;
#include "sha.h"
#endif /* 0 */
#include "opie.h"
VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm)
{
@ -27,26 +27,39 @@ VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm)
switch(algorithm) {
#if 0
case 3:
sha_init(&sha);
sha_update(&sha, (BYTE *)x, 8);
sha_final(&sha);
results[0] = sha.digest[0] ^ sha.digest[2] ^ sha.digest[4];
results[1] = sha.digest[1] ^ sha.digest[3] ^ sha.digest[5];
{
SHA_CTX sha;
SHAInit(&sha);
SHAUpdate(&sha, (unsigned char *)x, 8);
SHAFinal(&sha);
results[0] = sha.buffer[0] ^ sha.buffer[2] ^ sha.buffer[4];
results[1] = sha.buffer[1] ^ sha.buffer[3];
};
break;
#endif /* 0 */
case 4:
{
struct opiemdx_ctx mdx;
UINT4 mdx_tmp[4];
opiemd4init(&mdx);
opiemd4update(&mdx, (unsigned char *)x, 8);
opiemd4final((unsigned char *)mdx_tmp, &mdx);
results[0] = mdx_tmp[0] ^ mdx_tmp[2];
results[1] = mdx_tmp[1] ^ mdx_tmp[3];
};
break;
case 5:
{
struct opiemdx_ctx mdx;
UINT4 mdx_tmp[4];
opiemd5init(&mdx);
opiemd5update(&mdx, (unsigned char *)x, 8);
opiemd5final((unsigned char *)mdx_tmp, &mdx);
results[0] = mdx_tmp[0] ^ mdx_tmp[2];
results[1] = mdx_tmp[1] ^ mdx_tmp[3];
};
break;
}
}

4
contrib/opie/libopie/hashlen.c
View File

@ -1,7 +1,7 @@
/* hashlen.c: The opiehashlen() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

24
contrib/opie/libopie/insecure.c
View File

@ -1,7 +1,7 @@
/* insecure.c: The opieinsecure() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent().
Modified by cmetz for OPIE 2.3. Added result caching. Use
__opiegetutmpentry(). Ifdef around ut_host check. Eliminate
unused variable.
@ -37,6 +38,7 @@ License Agreement applies to this software.
#if DOUTMPX
#include <utmpx.h>
#define utmp utmpx
#define endutent endutxent
#endif /* DOUTMPX */
#if HAVE_SYS_UTSNAME_H
@ -45,6 +47,8 @@ License Agreement applies to this software.
#include "opie.h"
char *remote_terms[] = { "xterm", "xterms", "kterm", NULL };
int opieinsecure FUNCTION_NOARGS
{
#ifndef NO_INSECURE_CHECK
@ -89,7 +93,7 @@ int opieinsecure FUNCTION_NOARGS
int n2 = s - display_name;
if (n < n2)
n2 = n;
if (!strncmp(utsname.nodename, display_name, n))
if (!strncmp(utsname.nodename, display_name, n2))
insecure = 0;
} /* endif display_name is '.' */
} /* endif hostname != display_name */
@ -106,12 +110,19 @@ int opieinsecure FUNCTION_NOARGS
with an rlogin or telnet to our system. If it were a local
xterm, then the DISPLAY environment variable would
have to exist. rja */
if (!display_name && !term_name && !strcmp("xterm", term_name))
return (result = 1);
if (!display_name && term_name) {
int i;
for (i = 0; remote_terms[i]; i++)
if (!strcmp(term_name, remote_terms[i]))
return (result = 1);
};
#if HAVE_UT_HOST
memset(&utmp, 0, sizeof(struct utmp));
if (!__opiegetutmpentry(ttyname(0), &utmp) && utmp.ut_host[0]) {
{
int i = __opiegetutmpentry(ttyname(0), &utmp);
endutent();
if (!i && utmp.ut_host[0]) {
insecure = 1;
if (s = strchr(utmp.ut_host, ':')) {
@ -135,6 +146,7 @@ int opieinsecure FUNCTION_NOARGS
}
}
}
};
#endif /* HAVE_UT_HOST */
if (insecure)
return (result = 1);

4
contrib/opie/libopie/keycrunch.c
View File

@ -1,7 +1,7 @@
/* keycrunch.c: The opiekeycrunch() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

87
contrib/opie/libopie/lock.c
View File

@ -1,7 +1,7 @@
/* lock.c: The opielock() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Put locks in a separate dir.
Bug fixes.
Modified by cmetz for OPIE 2.3. Do refcounts whether or not we
actually lock. Fixed USER_LOCKING=0 case.
Modified by cmetz for OPIE 2.22. Added reference count for locks.
@ -33,12 +35,19 @@ License Agreement applies to this software.
#if HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <sys/stat.h>
#include <syslog.h>
#include <fcntl.h>
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif /* HAVE_STDLIB_H */
#include <errno.h>
#include "opie.h"
#if !HAVE_LSTAT
#define lstat(x, y) stat(x, y)
#endif /* !HAVE_LSTAT */
int __opie_lockrefcount = 0;
#if USER_LOCKING
@ -75,22 +84,70 @@ int opielock FUNCTION((principal), char *principal)
#if USER_LOCKING
int fh, waits = 0, rval = -1, pid, t, i;
char buffer[128], buffer2[128], *c, *c2;
struct stat statbuf[2];
if (getuid() && geteuid()) {
#if DEBUG
syslog(LOG_DEBUG, "opielock: requires superuser priveleges");
#endif /* DEBUG */
return -1;
};
if (__opie_lockfilename) {
__opie_lockrefcount++;
return 0;
}
if (!(__opie_lockfilename = (char *)malloc(sizeof(OPIE_LOCK_PREFIX) + strlen(principal))))
if (!(__opie_lockfilename = (char *)malloc(sizeof(OPIE_LOCK_DIR) + 1 + strlen(principal))))
return -1;
strcpy(__opie_lockfilename, OPIE_LOCK_PREFIX);
strcpy(__opie_lockfilename, OPIE_LOCK_DIR);
if (mkdir(__opie_lockfilename, 0700) < 0)
if (errno != EEXIST)
return -1;
if (lstat(__opie_lockfilename, &statbuf[0]) < 0)
return -1;
if (statbuf[0].st_uid) {
#if DEBUG
syslog(LOG_DEBUG, "opielock: %s isn't owned by the superuser.", __opie_lockfilename);
#endif /* DEBUG */
return -1;
};
if (!S_ISDIR(statbuf[0].st_mode)) {
#if DEBUG
syslog(LOG_DEBUG, "opielock: %s isn't a directory.", __opie_lockfilename);
#endif /* DEBUG */
return -1;
};
if ((statbuf[0].st_mode & 0777) != 00700) {
#if DEBUG
syslog(LOG_DEBUG, "opielock: permissions on %s are not correct.", __opie_lockfilename);
#endif /* DEBUG */
return -1;
};
strcat(__opie_lockfilename, "/");
strcat(__opie_lockfilename, principal);
fh = 0;
while (!fh)
fh = -1;
while (fh < 0) {
if (!lstat(__opie_lockfilename, &statbuf[0]))
if (!S_ISREG(statbuf[0].st_mode))
goto lockret;
if ((fh = open(__opie_lockfilename, O_WRONLY | O_CREAT | O_EXCL, 0600)) < 0) {
if ((fh = open(__opie_lockfilename, O_RDWR, 0600)) < 0)
if (lstat(__opie_lockfilename, &statbuf[1]) < 0)
goto lockret;
if (statbuf[0].st_ino != statbuf[1].st_ino)
goto lockret;
if (statbuf[0].st_mode != statbuf[1].st_mode)
goto lockret;
if ((fh = open(__opie_lockfilename, O_RDONLY, 0600)) < 0)
goto lockret;
if ((i = read(fh, buffer, sizeof(buffer))) <= 0)
goto lockret;
@ -114,7 +171,7 @@ int opielock FUNCTION((principal), char *principal)
if (!(t = atoi(c)))
break;
if ((time(0) + OPIE_LOCK_TIMEOUT) < t)
if ((t + OPIE_LOCK_TIMEOUT) < time(0))
break;
if (kill(pid, 0))
@ -128,6 +185,14 @@ int opielock FUNCTION((principal), char *principal)
goto lockret;
};
};
};
if (lstat(__opie_lockfilename, &statbuf[0]) < 0)
goto lockret;
if (fstat(fh, &statbuf[1]) < 0)
goto lockret;
if (!S_ISREG(statbuf[0].st_mode) || (statbuf[0].st_mode != statbuf[1].st_mode) || (statbuf[0].st_ino != statbuf[1].st_ino))
goto lockret;
sprintf(buffer, "%d\n%d\n", getpid(), time(0));
i = strlen(buffer) + 1;
@ -165,8 +230,12 @@ int opielock FUNCTION((principal), char *principal)
atexit(opieunlockaeh);
lockret:
if (fh)
if (fh >= 0)
close(fh);
if (!__opie_lockrefcount) {
free (__opie_lockfilename);
__opie_lockfilename = NULL;
};
return rval;
#else /* USER_LOCKING */
__opie_lockrefcount++;

50
contrib/opie/libopie/login.c
View File

@ -1,13 +1,18 @@
/* login.c: The opielogin() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. If the OS won't tell us where
_PATH_WTMP[X] is, try playing the SVID game, then use
Autoconf-discovered values. Fixed gettimeofday() call
and updwtmpx() call. Call endutxent for utmpx. Added
DISABLE_UTMP.
Created by cmetz for OPIE 2.3.
*/
@ -19,6 +24,7 @@ you didn't get a copy, you may request one from <license@inner.net>.
#if DOUTMPX
#include <utmpx.h>
#define pututline(x) pututxline(x)
#define endutent endutxent
#define utmp utmpx
#endif /* DOUTMPX */
@ -37,6 +43,7 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h
struct utmp u;
int rval = 0;
#if !DISABLE_UTMP
if (__opiegetutmpentry(line, &u)) {
#if DEBUG
syslog(LOG_DEBUG, "opielogin: __opiegetutmpentry(line=%s, &u) failed", line);
@ -60,21 +67,21 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h
#if HAVE_UT_NAME
strncpy(u.ut_name, name, sizeof(u.ut_name));
u.ut_name[sizeof(u.ut_name)] = 0;
u.ut_name[sizeof(u.ut_name)-1] = 0;
#else /* HAVE_UT_NAME */
#error No ut_name field in struct utmp? (Please send in a bug report)
#endif /* HAVE_UT_NAME */
#if HAVE_UT_HOST
strncpy(u.ut_host, host, sizeof(u.ut_host));
u.ut_host[sizeof(u.ut_host)] = 0;
u.ut_host[sizeof(u.ut_host)-1] = 0;
#endif /* HAVE_UT_HOST */
#if DOUTMPX
#ifdef HAVE_ONE_ARG_GETTIMEOFDAY
gettimeofday(&u->ut_tv);
gettimeofday(&u.ut_tv);
#else /* HAVE_ONE_ARG_GETTIMEOFDAY */
gettimeofday(&u->ut_tv, NULL);
gettimeofday(&u.ut_tv, NULL);
#endif /* HAVE_ONE_ARG_GETTIMEOFDAY */
#else /* DOUTMPX */
time(&u.ut_time);
@ -86,36 +93,11 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h
#if DEBUG
syslog(LOG_DEBUG, "opielogin: utmp suceeded");
#endif /* DEBUG */
#endif /* !DISABLE_UTMP */
dowtmp:
{
FILE *f;
#if DOUTMPX
updutmpx(_PATH_WTMPX, &u);
#else /* DOUTMPX */
if (!(f = __opieopen(_PATH_WTMP, 2, 0664))) {
rval = -1;
#if DEBUG
syslog(LOG_DEBUG, "opielogin: wtmp open failed: %s (%d)", strerror(errno), errno);
#endif /* DEBUG */
goto dosetlogin;
}
if (fwrite(&u, sizeof(struct utmp), 1, f) != sizeof(struct utmp)) {
#if DEBUG
syslog(LOG_DEBUG, "opielogin: wtmp write failed: %s (%d)", strerror(errno), errno);
#endif /* DEBUG */
rval = -1;
}
fclose(f);
#endif /* DOUTMPX */
}
#if DEBUG
syslog(LOG_DEBUG, "opielogin: wtmp suceeded");
#endif /* DEBUG */
opielogwtmp(line, name, host);
opielogwtmp(NULL, NULL, NULL);
dosetlogin:
#if HAVE_SETLOGIN

170
contrib/opie/libopie/logwtmp.c Normal file
View File

@ -0,0 +1,170 @@
/* logwtmp.c: Put an entry in the wtmp file.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
McDonald, All Rights Reserved. All Rights under this copyright are assigned
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Move wtmp log functions here, to
improve portability. Added DISABLE_WTMP.
Modified by cmetz for OPIE 2.22. Call gettimeofday() properly.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
Ifdef around some headers. Added file close hook.
Modified at NRL for OPIE 2.1. Set process type for HPUX.
Modified at NRL for OPIE 2.0.
Originally from BSD.
*/
/*
* Copyright (c) 1988 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
#include "opie_cfg.h"
#include <sys/types.h>
#if HAVE_SYS_TIME_H
#include <sys/time.h>
#endif /* HAVE_SYS_TIME_H */
#include <sys/stat.h>
#include <fcntl.h>
#include <utmp.h>
#if HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#if HAVE_STRING_H
#include <string.h>
#endif /* HAVE_STRING_H */
#include "opie.h"
static int fd = -1;
#if DOUTMPX
static int fdx = -1;
#include <utmpx.h>
#endif /* DOUTMPX */
#ifndef _PATH_WTMP
#ifdef WTMP_FILE
#define _PATH_WTMP WTMP_FILE
#else /* WTMP_FILE */
#ifdef PATH_WTMP_AC
#define _PATH_WTMP PATH_WTMP_AC
#endif /* PATH_WTMP_AC */
#endif /* WTMP_FILE */
#endif /* _PATH_WTMP */
#ifndef _PATH_WTMPX
#ifdef WTMPX_FILE
#define _PATH_WTMPX WTMPX_FILE
#else /* WTMPX_FILE */
#ifdef PATH_WTMPX_AC
#define _PATH_WTMPX PATH_WTMPX_AC
#endif /* PATH_WTMPX_AC */
#endif /* WTMPX_FILE */
#endif /* _PATH_WTMPX */
/*
* Modified version of logwtmp that holds wtmp file open
* after first call, for use with ftp (which may chroot
* after login, but before logout).
*/
VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host)
{
#if !DISABLE_WTMP
struct utmp ut;
#if DOUTMPX && defined(_PATH_WTMPX)
struct utmpx utx;
#endif /* DOUTMPX && defined(_PATH_WTMPX) */
struct stat buf;
memset(&ut, 0, sizeof(struct utmp));
if (!line) {
close(fd);
#if DOUTMPX && defined(_PATH_WTMPX)
close(fdx);
#endif /* DOUTMPX && defined(_PATH_WTMPX) */
}
if (fd < 0 && (fd = open(_PATH_WTMP, O_WRONLY | O_APPEND, 0)) < 0)
return;
if (fstat(fd, &buf) == 0) {
#if HAVE_UT_TYPE && defined(USER_PROCESS)
ut.ut_type = USER_PROCESS;
#endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */
#if HAVE_UT_PID
ut.ut_pid = getpid();
#endif /* HAVE_UT_PID */
strncpy(ut.ut_line, line, sizeof(ut.ut_line));
strncpy(ut.ut_name, name, sizeof(ut.ut_name));
#if !DOUTMPX
strncpy(ut.ut_host, host, sizeof(ut.ut_host));
#endif /* !DOUTMPX */
time(&ut.ut_time);
if (write(fd, (char *) &ut, sizeof(struct utmp)) !=
sizeof(struct utmp))
ftruncate(fd, buf.st_size);
}
#if DOUTMPX && defined(_PATH_WTMPX)
memset(&utx, 0, sizeof(struct utmpx));
if (fdx < 0 && (fdx = open(_PATH_WTMPX, O_WRONLY | O_APPEND, 0)) < 0)
return;
if (fstat(fdx, &buf) == 0) {
strncpy(utx.ut_line, line, sizeof(utx.ut_line));
strncpy(utx.ut_name, name, sizeof(utx.ut_name));
strncpy(utx.ut_host, host, sizeof(utx.ut_host));
#if HAVE_GETTIMEOFDAY
#if HAVE_ONE_ARG_GETTIMEOFDAY
gettimeofday(&utx.ut_tv);
#else /* HAVE_ONE_ARG_GETTIMEOFDAY */
gettimeofday(&utx.ut_tv, NULL);
#endif /* HAVE_ONE_ARG_GETTIMEOFDAY */
#endif /* HAVE_GETTIMEOFDAY */
if (write(fdx, (char *) &utx, sizeof(struct utmpx)) != sizeof(struct utmpx))
ftruncate(fdx, buf.st_size);
}
#endif /* DOUTMPX && defined(_PATH_WTMPX) */
#endif /* !DISABLE_WTMP */
}

4
contrib/opie/libopie/lookup.c
View File

@ -1,7 +1,7 @@
/* lookup.c: The opielookup() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

4
contrib/opie/libopie/md4c.c
View File

@ -1,7 +1,7 @@
/* md4c.c: "RSA Data Security, Inc. MD4 Message-Digest Algorithm"
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

4
contrib/opie/libopie/md5c.c
View File

@ -1,8 +1,8 @@
/* md5c.c: "RSA Data Security, Inc. MD5 Message-Digest Algorithm"
"derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm"
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

8
contrib/opie/libopie/newseed.c
View File

@ -1,17 +1,21 @@
/* newseed.c: The opienewseed() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. Added time.h.
Created by cmetz for OPIE 2.22.
*/
#include "opie_cfg.h"
#if HAVE_TIME_H
#include <time.h>
#endif /* HAVE_TIME_H */
#if HAVE_STRING_H
#include <string.h>
#endif /* HAVE_STRING_H */

4
contrib/opie/libopie/open.c
View File

@ -1,7 +1,7 @@
/* open.c: The __opieopen() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

4
contrib/opie/libopie/parsechallenge.c
View File

@ -1,7 +1,7 @@
/* parsechallenge.c: The _opieparsechallenge() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

4
contrib/opie/libopie/passcheck.c
View File

@ -1,7 +1,7 @@
/* passcheck.c: The opiepasscheck() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

19
contrib/opie/libopie/passwd.c
View File

@ -1,17 +1,19 @@
/* passwd.c: The opiepasswd() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. Removed active attack protection
support.
Modified by cmetz for OPIE 2.3. Split most of the function off
and turned this into a front-end for the new __opiewriterec().
Added code to compute the key from the secret. Use the opie_
prefix. Use new opieatob8() and opiebtoa8() return values.
and turned this into a front-end for the new __opiewriterec().
Added code to compute the key from the secret. Use the opie_
prefix. Use new opieatob8() and opiebtoa8() return values.
Created by cmetz for OPIE 2.22.
*/
@ -31,7 +33,6 @@ int opiepasswd FUNCTION((old, mode, principal, n, seed, ks), struct opie *old AN
if (old) {
opie.opie_flags = old->opie_flags;
opie.opie_recstart = old->opie_recstart;
opie.opie_extrecstart = old->opie_extrecstart;
}
opie.opie_principal = principal;
@ -48,12 +49,6 @@ int opiepasswd FUNCTION((old, mode, principal, n, seed, ks), struct opie *old AN
opiehash(key, MDX);
if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key)))
return -1;
if (opiekeycrunch(MDX | 0x10, key, seed, ks))
return -1;
if (!(opie.opie_reinitkey = opiebtoa8(opie.opie_extbuf, key)))
return -1;
} else {
if ((opieetob(key, ks) != 1) && !opieatob8(key, ks))
return 1;

4
contrib/opie/libopie/randomchallenge.c
View File

@ -1,7 +1,7 @@
/* randomchallenge.c: The opierandomchallenge() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

15
contrib/opie/libopie/readpass.c
View File

@ -1,7 +1,7 @@
/* readpass.c: The opiereadpass() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,9 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Use usleep() to delay after setting
the terminal attributes; this might help certain buggy
systems.
Modified by cmetz for OPIE 2.3. Use TCSAFLUSH always.
Modified by cmetz for OPIE 2.22. Replaced echo w/ flags.
Really use FUNCTION.
@ -194,8 +197,16 @@ char *opiereadpass FUNCTION((buf, len, flags), char *buf AND int len AND int fla
}
#endif /* VEOF */
#if HAVE_USLEEP
usleep(1);
#endif /* HAVE_USLEEP */
if (tcsetattr(0, TCSAFLUSH, &attr))
goto error;
#if HAVE_USLEEP
usleep(1);
#endif /* HAVE_USLEEP */
}
#else /* unix */
erase[0] = CONTROL('H');

100
contrib/opie/libopie/readrec.c
View File

@ -1,19 +1,23 @@
/* readrec.c: The __opiereadrec() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. Removed active attack protection
support. Fixed a debug message typo. Keep going after bogus
records. Set read flag.
Created by cmetz for OPIE 2.3.
*/
#include "opie_cfg.h"
#include <stdio.h>
#include <sys/types.h>
#include <errno.h>
#if HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
@ -66,61 +70,29 @@ static int parserec FUNCTION((opie), struct opie *opie)
return 0;
}
static int parseextrec FUNCTION((opie), struct opie *opie)
{
char *c;
if (!(c = strchr(opie->opie_extbuf, ' ')))
return -1;
*(c++) = 0;
while(*c == ' ') c++;
if (!(c = strchr(opie->opie_reinitkey = c, ' ')))
return -1;
*(c++) = 0;
return 0;
}
int __opiereadrec FUNCTION((opie), struct opie *opie)
{
FILE *f = NULL, *f2 = NULL;
FILE *f = NULL;
int rval = -1;
if (!(f = __opieopen(STD_KEY_FILE, 0, 0644))) {
if (!(f = __opieopen(KEY_FILE, 0, 0644))) {
#if DEBUG
syslog(LOG_DEBUG, "__opiereadrec: __opieopen(STD_KEY_FILE..) failed!");
syslog(LOG_DEBUG, "__opiereadrec: __opieopen(KEY_FILE..) failed!");
#endif /* DEBUG */
goto ret;
}
if (!(f2 = __opieopen(EXT_KEY_FILE, 0, 0600))) {
#if DEBUG
syslog(LOG_DEBUG, "__opiereadrec: __opieopen(EXT_KEY_FILE..) failed!");
#endif /* DEBUG */
}
{
int i;
if ((i = open(STD_KEY_FILE, O_RDWR)) < 0) {
if ((i = open(KEY_FILE, O_RDWR)) < 0) {
opie->opie_flags &= ~__OPIE_FLAGS_RW;
#if DEBUG
syslog(LOG_DEBUG, "__opiereadrec: open(STD_KEY_FILE, O_RDWR) failed: %s", strerror(errno));
syslog(LOG_DEBUG, "__opiereadrec: open(KEY_FILE, O_RDWR) failed: %s", strerror(errno));
#endif /* DEBUG */
} else {
close(i);
if ((i = open(EXT_KEY_FILE, O_RDWR)) < 0) {
opie->opie_flags &= ~__OPIE_FLAGS_RW;
#if DEBUG
syslog(LOG_DEBUG, "__opiereadrec: open(STD_KEY_FILE, O_RDWR) failed: %s", strerror(errno));
#endif /* DEBUG */
} else {
close(i);
opie->opie_flags |= __OPIE_FLAGS_RW;
}
opie->opie_flags |= __OPIE_FLAGS_RW;
}
}
@ -134,31 +106,14 @@ int __opiereadrec FUNCTION((opie), struct opie *opie)
if (parserec(opie))
goto ret;
if (opie->opie_extbuf[0]) {
if (!f2) {
#if DEBUG
syslog(LOG_DEBUG, "__opiereadrec: can't read ext file, but could before?");
#endif /* DEBUG */
goto ret;
}
if (fseek(f2, opie->opie_extrecstart, SEEK_SET))
goto ret;
if (fgets(opie->opie_extbuf, sizeof(opie->opie_extbuf), f2))
goto ret;
if (parseextrec(opie))
goto ret;
}
opie->opie_flags |= __OPIE_FLAGS_READ;
rval = 0;
goto ret;
}
if (!opie->opie_principal)
return -1;
{
char *c, principal[OPIE_PRINCIPAL_MAX];
int i;
@ -180,39 +135,14 @@ int __opiereadrec FUNCTION((opie), struct opie *opie)
}
if (parserec(opie))
goto ret;
continue;
} while (strcmp(principal, opie->opie_principal));
if (!f2) {
opie->opie_extbuf[0] = rval = 0;
goto ret;
}
do {
if ((opie->opie_extrecstart = ftell(f2)) < 0)
goto ret;
if (!fgets(opie->opie_extbuf, sizeof(opie->opie_extbuf), f2)) {
if (feof(f2)) {
opie->opie_reinitkey = NULL;
rval = 0;
} else
rval = 1;
goto ret;
}
if (parseextrec(opie))
goto ret;
} while (strcmp(principal, opie->opie_extbuf));
rval = 0;
}
ret:
if (f)
fclose(f);
if (f2)
fclose(f2);
return rval;
}

8
contrib/opie/libopie/unlock.c
View File

@ -1,7 +1,7 @@
/* unlock.c: The opieunlock() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Bug fix.
Modified by cmetz for OPIE 2.3. Do refcounts whether or not
we actually lock. Fixed USER_LOCKING=0 case.
Modified by cmetz for OPIE 2.22. Added reference count support.
@ -77,8 +78,7 @@ int opieunlock FUNCTION_NOARGS
if (!(t = atoi(c)))
goto unlockret;
if ((pid != getpid()) && (time(NULL) + OPIE_LOCK_TIMEOUT <= t) &&
(!kill(pid, 0))) {
if ((pid != getpid()) && (time(0) <= OPIE_LOCK_TIMEOUT + t) && (!kill(pid, 0))) {
rval = 1;
goto unlockret1;
}

62
contrib/opie/libopie/verify.c
View File

@ -1,13 +1,16 @@
/* verify.c: The opieverify() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. Renamed "init" and "RESPONSE_INIT"
to "init-hex" and "RESPONSE_INIT_HEX". Removed active attack
protection support.
Created by cmetz for OPIE 2.3 using the old verify.c as a guide.
*/
@ -20,7 +23,7 @@ you didn't get a copy, you may request one from <license@inner.net>.
#define RESPONSE_STANDARD 0
#define RESPONSE_WORD 1
#define RESPONSE_HEX 2
#define RESPONSE_INIT 3
#define RESPONSE_INIT_HEX 3
#define RESPONSE_INIT_WORD 4
#define RESPONSE_UNKNOWN 5
@ -32,7 +35,7 @@ struct _rtrans {
static struct _rtrans rtrans[] = {
{ RESPONSE_WORD, "word" },
{ RESPONSE_HEX, "hex" },
{ RESPONSE_INIT, "init" },
{ RESPONSE_INIT_HEX, "init-hex" },
{ RESPONSE_INIT_WORD, "init-word" },
{ RESPONSE_STANDARD, "" },
{ RESPONSE_UNKNOWN, NULL }
@ -119,11 +122,11 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
i = memcmp(fkey, lastkey, sizeof(key));
}
break;
case RESPONSE_INIT:
case RESPONSE_INIT_HEX:
case RESPONSE_INIT_WORD:
{
char *c2;
char newkey[8], ckxor[8], ck[8], cv[8], cvc[8];
char newkey[8];
char buf[OPIE_SEED_MAX + 48 + 1];
if (!(c2 = strchr(c, ':')))
@ -131,7 +134,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
*(c2++) = 0;
if (i == RESPONSE_INIT) {
if (i == RESPONSE_INIT_HEX) {
if (!opieatob8(key, c))
goto verret;
} else {
@ -173,56 +176,13 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
*(c2++) = 0;
if (i == RESPONSE_INIT) {
if (i == RESPONSE_INIT_HEX) {
if (!opieatob8(newkey, c))
goto verret;
} else {
if (opieetob(newkey, c) != 1)
goto verret;
}
if (!opie->opie_reinitkey || (opie->opie_reinitkey[0] == '*'))
goto verwrt;
if (!(c2 = strchr(c = c2, ':')))
goto verret;
*(c2++) = 0;
if (i == RESPONSE_INIT) {
if (!opieatob8(ckxor, c))
goto verret;
if (!opieatob8(cv, c2))
goto verret;
} else {
if (opieetob(ckxor, c) != 1)
goto verret;
if (opieetob(cv, c2) != 1)
goto verret;
}
if (!opieatob8(ck, opie->opie_reinitkey))
goto verret;
c = buf;
memcpy(c, ck, sizeof(ck)); c += sizeof(ck);
memcpy(c, key, sizeof(key)); c += sizeof(key);
c += sprintf(c, "%s 499 %s", algids[MDX], opie->opie_seed);
memcpy(c, newkey, sizeof(newkey)); c += sizeof(newkey);
memcpy(c, ckxor, sizeof(ckxor)); c += sizeof(ckxor);
memcpy(c, ck, sizeof(ck)); c += sizeof(ck);
opiehashlen(MDX, buf, cvc, (unsigned int)c - (unsigned int)buf);
if (memcmp(cv, cvc, sizeof(cv)))
goto verret;
for (i = 0; i < 8; i++)
ck[i] ^= ckxor[i];
if (!opiebtoa8(opie->opie_reinitkey, ck))
goto verret;
memcpy(key, newkey, sizeof(key));
}
goto verwrt;
case RESPONSE_UNKNOWN:

4
contrib/opie/libopie/version.c
View File

@ -1,7 +1,7 @@
/* version.c: The opieversion() library function.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

25
contrib/opie/libopie/writerec.c
View File

@ -1,13 +1,15 @@
/* writerec.c: The __opiewriterec() library function.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. Removed active attack protection
support. Fixed passwd bug.
Created by cmetz for OPIE 2.3 from passwd.c.
*/
#include "opie_cfg.h"
@ -46,23 +48,19 @@ int __opiewriterec FUNCTION((opie), struct opie *opie)
if (!(opie->opie_flags & __OPIE_FLAGS_READ)) {
struct opie opie2;
i = opielookup(&opie2, opie->opie_principal);
opie->opie_flags = opie2.opie_flags;
opie->opie_recstart = opie2.opie_recstart;
}
switch(i) {
case 0:
if (!(f = __opieopen(STD_KEY_FILE, 1, 0644)))
return -1;
if (!(f2 = __opieopen(EXT_KEY_FILE, 1, 0600)))
if (!(f = __opieopen(KEY_FILE, 1, 0644)))
return -1;
if (fseek(f, opie->opie_recstart, SEEK_SET))
return -1;
if (fseek(f2, opie->opie_extrecstart, SEEK_SET))
return -1;
break;
case 1:
if (!(f = __opieopen(STD_KEY_FILE, 2, 0644)))
return -1;
if (!(f2 = __opieopen(EXT_KEY_FILE, 2, 0600)))
if (!(f = __opieopen(KEY_FILE, 2, 0644)))
return -1;
break;
default:
@ -74,12 +72,5 @@ int __opiewriterec FUNCTION((opie), struct opie *opie)
fclose(f);
if (f2) {
if (fprintf(f2, "%-32s %-16s %-77s\n", opie->opie_principal, opie->opie_reinitkey ? opie->opie_reinitkey : __opienone, "") < 1)
return -1;
fclose(f2);
}
return 0;
}

4
contrib/opie/opie.4
View File

@ -1,7 +1,7 @@
.\" opie.4: Overview of the OPIE software.
.\"
.\" %%% portions-copyright-cmetz
.\" Portions of this software are Copyright 1996 by Craig Metz, All Rights
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

10
contrib/opie/opie.h
View File

@ -1,8 +1,8 @@
/* opie.h: Data structures and values for the OPIE authentication
system that a program might need.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -15,6 +15,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Removed active attack protection.
Modified by cmetz for OPIE 2.3. Renamed PTR to VOIDPTR. Added
re-init key and extension file fields to struct opie. Added
opie_ prefix on struct opie members. Added opie_flags field
@ -32,7 +33,7 @@ License Agreement applies to this software.
(skey.h).
*/
#ifndef _OPIE_H
#define _OPIE_H
#define _OPIE_H 1
#if _OPIE
@ -116,9 +117,6 @@ struct opie {
char *opie_seed;
char *opie_val;
long opie_recstart;
char opie_extbuf[129]; /* > OPIE_PRINCIPAL_MAX + 1 + 16 + 2 + 1 */
long opie_extrecstart;
char *opie_reinitkey;
};
#define __OPIE_FLAGS_RW 1

61
contrib/opie/opie_cfg.h
View File

@ -1,7 +1,7 @@
/* opie_cfg.h: Various configuration-type pieces of information for OPIE.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,11 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Added 4.4BSD-Lite pathnames.h
definitions from ftpd. Added struct spwd definition and
HAVE_SHADOW logic for SunOS C2 shadow password support.
Moved user locking config to configure script. Removed
options.h.
Modified by cmetz for OPIE 2.3. Splatted with opie_auto.h.
Obseleted many symbols. Changed OPIE_PASS_{MIN,MAX} to
OPIE_SECRET_{MIN,MAX}. Fixed SHADOW+UTMP definitions.
@ -41,15 +46,17 @@ License Agreement applies to this software.
Written at NRL for OPIE 2.0.
*/
#define VERSION "2.3"
#define DATE "Sunday, September 22, 1996"
#ifndef _OPIE_CFG_H
#define _OPIE_CFG_H 1
#define VERSION "2.31"
#define DATE "Thursday, March 20, 1997"
#ifndef unix
#define unix 1
#endif /* unix */
#include "config.h"
#include "options.h"
/* System characteristics */
@ -91,21 +98,18 @@ License Agreement applies to this software.
#endif /* PATH_MAIL */
#endif /* MAIL_DIR */
#if HAVE_SHADOW_H && HAVE_GETSPENT && HAVE_ENDSPENT
#if defined(linux) && !HAVE_ETC_SHADOW
#if HAVE_SHADOW_H && HAVE_GETSPNAM && HAVE_ENDSPENT
#if defined(linux) && !HAVE_ETC_SHADOW
#define HAVE_SHADOW 0
#else /* defined(linux) && !HAVE_ETC_SHADOW */
#define HAVE_SHADOW 1
#endif /* defined(linux) && !HAVE_ETC_SHADOW */
#endif /* HAVE_SHADOW_H && HAVE_GETSPENT && HAVE_ENDSPENT */
#endif /* HAVE_SHADOW_H && HAVE_GETSPNAM && HAVE_ENDSPENT */
#if !HAVE_SETEUID && HAVE_SETREUID
#define seteuid(x) setreuid(-1, x)
#endif /* !HAVE_SETEUID && HAVE_SETREUID */
#if !HAVE_SETEGID && HAVE_SETREGID
#define setegid(x) setregid(-1, x)
#endif /* !HAVE_SETEGID && HAVE_SETREGID */
#if HAVE_SUNOS_C2_SHADOW && !HAVE_SHADOW
#undef HAVE_SHADOW
#define HAVE_SHADOW 1
#endif /* HAVE_SUNOS_C2_SHADOW && !HAVE_SHADOW */
/* If the user didn't specify, default to MD5 */
#ifndef MDX
@ -124,14 +128,22 @@ License Agreement applies to this software.
#define _PATH_FTPUSERS "/etc/ftpusers"
#endif
#ifndef _PATH_FTPLOGINMESG
#define _PATH_FTPLOGINMESG "/etc/ftpmotd"
#endif /* _PATH_FTPLOGINMESG */
#ifndef _PATH_FTPWELCOME
#define _PATH_FTPWELCOME "/etc/ftpwelcome"
#endif /* _PATH_FTPWELCOME */
#ifndef _PATH_NOLOGIN
#define _PATH_NOLOGIN "/etc/nologin"
#endif /* _PATH_NOLOGIN */
#ifndef TTYGRPNAME
#define TTYGRPNAME "tty" /* name of group to own ttys */
#endif
#ifndef NO_LOGINS_FILE
#define NO_LOGINS_FILE "/etc/nologin"
#endif
#ifndef QUIET_LOGIN_FILE
#define QUIET_LOGIN_FILE ".hushlogin"
#endif
@ -140,10 +152,6 @@ License Agreement applies to this software.
#define OPIE_ALWAYS_FILE ".opiealways"
#endif
#ifndef OPIE_LOCK_PREFIX
#define OPIE_LOCK_PREFIX "/tmp/opie-lock."
#endif
#ifndef OPIE_LOCK_TIMEOUT
#define OPIE_LOCK_TIMEOUT (30*60)
#endif
@ -164,4 +172,11 @@ License Agreement applies to this software.
#define POINTER unsigned char *
#endif /* POINTER */
#ifdef HAVE_SUNOS_C2_SHADOW
struct spwd {
char *sp_pwdp;
};
#endif /* HAVE_SUNOS_C2_SHADOW */
#define _OPIE 1
#endif /* _OPIE_CFG_H */

131
contrib/opie/opieftpd.c
View File

@ -1,7 +1,7 @@
/* opieftpd.c: Main program for an FTP daemon.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Merged in some 4.4BSD-Lite changes.
Merged in a security fix to BSD-derived ftpds.
Modified by cmetz for OPIE 2.3. Fixed the filename at the top.
Moved LS_COMMAND here.
Modified by cmetz for OPIE 2.2. Use FUNCTION definition et al.
@ -228,6 +230,7 @@ char *getline __P((char *, int, FILE *));
VOIDRET upper __P((char *));
static VOIDRET lostconn __P((int));
static VOIDRET myoob __P((int));
static FILE *getdatasock __P((char *));
static FILE *dataconn __P((char *, off_t, char *));
static int checkuser __P((char *));
@ -237,7 +240,7 @@ static int receive_data __P((FILE *, FILE *));
static char *gunique __P((char *));
static char *sgetsave __P((char *));
int logwtmp __P((char *, char *, char *));
int opielogwtmp __P((char *, char *, char *));
int fclose __P((FILE *));
@ -299,6 +302,20 @@ VOIDRET lreply FUNCTION((n, fmt, p0, p1, p2, p3, p4, p5), int n AND char *fmt AN
}
#endif /* HAVE_ANSISTDARG */
VOIDRET enable_signalling FUNCTION_NOARGS
{
signal(SIGPIPE, lostconn);
if ((int)signal(SIGURG, myoob) < 0)
syslog(LOG_ERR, "signal: %m");
}
VOIDRET disable_signalling FUNCTION_NOARGS
{
signal(SIGPIPE, SIG_IGN);
if ((int)signal(SIGURG, SIG_IGN) < 0)
syslog(LOG_ERR, "signal: %m");
}
static VOIDRET lostconn FUNCTION((input), int input)
{
if (debug)
@ -404,9 +421,8 @@ int user FUNCTION((name), char *name)
if ((pw = sgetpwnam("ftp")) != NULL) {
guest = 1;
askpasswd = 1;
reply(331, "Guest login ok, send ident as password.");
syslog(LOG_INFO, "Anonymous FTP connection made from host %s.",
remotehost);
reply(331, "Guest login ok, send your e-mail address as your password.");
syslog(LOG_INFO, "Anonymous FTP connection made from host %s.", remotehost);
return 0;
}
#endif /* DOANONYMOUS */
@ -417,8 +433,7 @@ int user FUNCTION((name), char *name)
if (!strcmp(cp, shell))
break;
endusershell();
if (cp == NULL || checkuser(name) ||
((pw->pw_passwd[0] == '*') || (pw->pw_passwd[0] == '#'))) {
if (cp == NULL || checkuser(name) || ((pw->pw_passwd[0] == '*') || (pw->pw_passwd[0] == '#'))) {
#if DEBUG
if (!cp)
syslog(LOG_DEBUG, "Couldn't find %s in the list of valid shells.", pw->pw_shell);
@ -472,8 +487,10 @@ static int checkuser FUNCTION((name), char *name)
*p = '\0';
if (line[0] == '#')
continue;
if (strcmp(line, name) == 0)
if (!strcmp(line, name)) {
fclose(fd);
return (1);
}
}
fclose(fd);
}
@ -486,15 +503,17 @@ static int checkuser FUNCTION((name), char *name)
*/
static VOIDRET end_login FUNCTION_NOARGS
{
disable_signalling();
if (seteuid((uid_t) 0))
syslog(LOG_ERR, "Can't set euid");
if (logged_in)
logwtmp(ttyline, "", "");
opielogwtmp(ttyline, "", "");
pw = NULL;
logged_in = 0;
#if DOANONYMOUS
guest = 0;
#endif /* DOANONYMOUS */
enable_signalling();
}
VOIDRET pass FUNCTION((passwd), char *passwd)
@ -525,15 +544,24 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
return;
}
#if DOANONYMOUS
}
} else
if ((passwd[0] <= ' ') || checkuser(passwd)) {
reply(530, "No identity, no service.");
syslog(LOG_DEBUG, "Bogus address: %s", passwd);
exit(0);
}
#endif /* DOANONYMOUS */
login_attempts = 0; /* this time successful */
setegid((gid_t) pw->pw_gid);
if (setegid((gid_t) pw->pw_gid) < 0) {
reply(550, "Can't set gid.");
syslog(LOG_DEBUG, "gid = %d, errno = %s(%d)", pw->pw_gid, strerror(errno), errno);
return;
}
initgroups(pw->pw_name, pw->pw_gid);
/* open wtmp before chroot */
sprintf(ttyline, "ftp%d", getpid());
logwtmp(ttyline, pw->pw_name, remotehost);
opielogwtmp(ttyline, pw->pw_name, remotehost);
logged_in = 1;
#if DOANONYMOUS
@ -577,6 +605,25 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
goto bad;
}
#endif /* _AIX */
/*
* Display a login message, if it exists.
* N.B. reply(230,) must follow the message.
*/
{
FILE *fd;
if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) {
char *cp, line[128];
while (fgets(line, sizeof(line), fd) != NULL) {
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
lreply(230, "%s", line);
}
(void) fflush(stdout);
(void) fclose(fd);
}
}
#if DOANONYMOUS
if (guest) {
reply(230, "Guest login ok, access restrictions apply.");
@ -597,8 +644,7 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
sprintf(proctitle, "%s: %s", remotehost, pw->pw_name);
setproctitle(proctitle);
#endif /* DOTITLE */
syslog(LOG_NOTICE, "FTP login from %s with user name %s",
remotehost, pw->pw_name);
syslog(LOG_INFO, "FTP login from %s with user name %s", remotehost, pw->pw_name);
}
home = pw->pw_dir; /* home dir for globbing */
umask(defumask);
@ -740,6 +786,7 @@ static FILE *getdatasock FUNCTION((mode), char *mode)
if (data >= 0)
return (fdopen(data, mode));
disable_signalling();
if (seteuid((uid_t) 0))
syslog(LOG_ERR, "Can't set euid");
s = socket(AF_INET, SOCK_STREAM, 0);
@ -761,6 +808,7 @@ static FILE *getdatasock FUNCTION((mode), char *mode)
}
if (seteuid((uid_t) pw->pw_uid))
syslog(LOG_ERR, "Can't set euid");
enable_signalling();
#ifdef IP_TOS
on = IPTOS_THROUGHPUT;
if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *) &on, sizeof(int)) < 0)
@ -768,9 +816,16 @@ static FILE *getdatasock FUNCTION((mode), char *mode)
#endif
return (fdopen(s, mode));
bad:
{
int t = errno;
if (seteuid((uid_t) pw->pw_uid))
syslog(LOG_ERR, "Can't set euid");
enable_signalling();
close(s);
errno = t;
}
return (NULL);
}
@ -1217,10 +1272,11 @@ static VOIDRET dolog FUNCTION((sin), struct sockaddr_in *sin)
*/
VOIDRET dologout FUNCTION((status), int status)
{
disable_signalling();
if (logged_in) {
if (seteuid((uid_t) 0))
syslog(LOG_ERR, "Can't set euid");
logwtmp(ttyline, "", "");
opielogwtmp(ttyline, "", "");
}
/* beware of flushing buffers after a SIGPIPE */
_exit(status);
@ -1308,7 +1364,7 @@ pasv_error:
*/
static char *gunique FUNCTION((local), char *local)
{
static char new[MAXPATHLEN];
static char new[MAXPATHLEN+1];
struct stat st;
char *cp = strrchr(local, '/');
int count = 0;
@ -1417,7 +1473,7 @@ VOIDRET send_file_list FUNCTION((whichfiles), char *whichfiles)
continue;
while ((dir = readdir(dirp)) != NULL) {
char nbuf[MAXPATHLEN];
char nbuf[MAXPATHLEN+1];
if (dir->d_name[0] == '.' && (strlen(dir->d_name) == 1))
continue;
@ -1496,7 +1552,7 @@ VOIDRET setproctitle FUNCTION((fmt, a, b, c), char *fmt AND int a AND int b AND
}
#endif /* DOTITLE */
void catchexit FUNCTION_NOARGS
VOIDRET catchexit FUNCTION_NOARGS
{
closelog();
}
@ -1595,10 +1651,8 @@ nextopt:
argc--, argv++;
}
freopen(_PATH_DEVNULL, "w", stderr);
signal(SIGPIPE, lostconn);
signal(SIGCHLD, SIG_IGN);
if ((int) signal(SIGURG, myoob) < 0)
syslog(LOG_ERR, "signal: %m");
enable_signalling();
/* Try to handle urgent data inline */
#ifdef SO_OOBINLINE
@ -1620,20 +1674,35 @@ nextopt:
tmpline[0] = '\0';
af_pwok = opieaccessfile(remotehost);
#if 0
{
struct utsname utsname;
FILE *fd;
char line[128];
if (uname(&utsname) < 0) {
syslog(LOG_ERR, "uname() failed: %s", strerror(errno));
exit(1);
/* If logins are disabled, print out the message. */
if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) {
while (fgets(line, sizeof(line), fd) != NULL) {
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
lreply(530, "%s", line);
}
(void) fflush(stdout);
(void) fclose(fd);
reply(530, "System not available.");
exit(0);
}
if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) {
while (fgets(line, sizeof(line), fd) != NULL) {
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
lreply(220, "%s", line);
}
(void) fflush(stdout);
(void) fclose(fd);
/* reply(220,) must follow */
}
};
reply(220, "%s FTP server ready.", utsname.nodename);
}
#else /* 0 */
reply(220, "FTP server ready.");
#endif /* 0 */
setjmp(errcatch);
for (;;)

4
contrib/opie/opiegen.1
View File

@ -1,7 +1,7 @@
.\" opiegen.1: Manual page for the opiegen(1) program.
.\"
.\" %%% portions-copyright-cmetz
.\" Portions of this software are Copyright 1996 by Craig Metz, All Rights
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

4
contrib/opie/opiegen.c
View File

@ -1,8 +1,8 @@
/* opiegen.c: Sample OTP generator based on the opiegenerator()
library routine.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

4
contrib/opie/opieinfo.1
View File

@ -1,7 +1,7 @@
.\" opieinfo.1: Manual page for the opieinfo(1) program.
.\"
.\" %%% portions-copyright-cmetz
.\" Portions of this software are Copyright 1996 by Craig Metz, All Rights
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

4
contrib/opie/opieinfo.c
View File

@ -1,8 +1,8 @@
/*
opieinfo: Print a user's current OPIE sequence number and seed
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

4
contrib/opie/opiekey.1
View File

@ -1,7 +1,7 @@
.\" opiekey.1: Manual page for the opiekey(1) program.
.\"
.\" %%% portions-copyright-cmetz
.\" Portions of this software are Copyright 1996 by Craig Metz, All Rights
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

53
contrib/opie/opiekey.c
View File

@ -4,8 +4,8 @@
as command line arguments, prompts for the user's secret pass phrase,
and outputs a response.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -18,6 +18,9 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Renamed "init" and RESPONSE_INIT
to "init-hex" and RESPONSE_INIT_HEX. Removed active attack
protection support.
Modified by cmetz for OPIE 2.3. OPIE_PASS_MAX changed to
OPIE_SECRET_MAX. Added extended responses, which created
lots of changes. Eliminated extra variable. Added -x and
@ -68,7 +71,7 @@ static VOIDRET usage FUNCTION((s), char *s)
#define RESPONSE_STANDARD 0
#define RESPONSE_WORD 1
#define RESPONSE_HEX 2
#define RESPONSE_INIT 3
#define RESPONSE_INIT_HEX 3
#define RESPONSE_INIT_WORD 4
#define RESPONSE_UNKNOWN 5
@ -80,7 +83,7 @@ struct _rtrans {
static struct _rtrans rtrans[] = {
{ RESPONSE_WORD, "word" },
{ RESPONSE_HEX, "hex" },
{ RESPONSE_INIT, "init" },
{ RESPONSE_INIT_HEX, "init-hex" },
{ RESPONSE_INIT_WORD, "init-word" },
{ RESPONSE_STANDARD, "" },
{ RESPONSE_STANDARD, "standard" },
@ -130,7 +133,6 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
int count = 1;
char secret[OPIE_SECRET_MAX + 1], newsecret[OPIE_SECRET_MAX + 1];
char key[8], newkey[8];
char cko[8], ckn[8], ckxor[8], cv[8];
char *seed, newseed[OPIE_SEED_MAX + 1];
char response[OPIE_RESPONSE_MAX + 1];
char *slash;
@ -246,7 +248,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
exit(1);
}
if ((type == RESPONSE_INIT) || (type == RESPONSE_INIT_WORD)) {
if ((type == RESPONSE_INIT_HEX) || (type == RESPONSE_INIT_WORD)) {
#if RETYPE
getsecret(secret, "old ", 1);
#else /* RETYPE */
@ -268,19 +270,6 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
for (i = 0; i < 499; i++)
opiehash(newkey, algorithm);
if (opiekeycrunch(algorithm | 0x10, cko, seed, secret)) {
fprintf(stderr, "%s: key crunch failed (2)\n", argv[0]);
goto error;
}
if (opiekeycrunch(algorithm | 0x10, ckn, newseed, newsecret)) {
fprintf(stderr, "%s: key crunch failed (3)\n", argv[0]);
goto error;
}
for (i = 0; i < 8; i++)
ckxor[i] = cko[i] ^ ckn[i];
} else
#if RETYPE
getsecret(secret, "", 1);
@ -320,43 +309,21 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
strcpy(response, "hex:");
strcat(response, opiebtoh(buf, key));
break;
case RESPONSE_INIT:
case RESPONSE_INIT_HEX:
case RESPONSE_INIT_WORD:
if (type == RESPONSE_INIT) {
if (type == RESPONSE_INIT_HEX) {
strcpy(response, "init:");
strcat(response, opiebtoh(buf, key));
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
strcat(response, buf);
strcat(response, opiebtoh(buf, newkey));
strcat(response, ":");
strcat(response, opiebtoh(buf, ckxor));
strcat(response, ":");
} else {
strcpy(response, "init-word:");
strcat(response, opiebtoe(buf, key));
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
strcat(response, buf);
strcat(response, opiebtoe(buf, newkey));
strcat(response, ":");
strcat(response, opiebtoe(buf, ckxor));
strcat(response, ":");
}
c = buf;
memcpy(c, cko, sizeof(cko)); c += sizeof(cko);
memcpy(c, key, sizeof(key)); c += sizeof(key);
#ifdef HAVE_ANSISPRINTF
c += sprintf(c, "%s 499 %s", algids[algorithm], newseed);
#else /* HAVE_ANSISPRINTF */
sprintf(c, "%s 499 %s", algids[algorithm], newseed);
while(*c) c++;
#endif /* HAVE_ANSISPRINTF */
memcpy(c, newkey, sizeof(newkey)); c += sizeof(newkey);
memcpy(c, ckxor, sizeof(ckxor)); c += sizeof(ckxor);
memcpy(c, cko, sizeof(cko)); c += sizeof(cko);
opiehashlen(algorithm, buf, cv, (unsigned int)c - (unsigned int)buf);
strcat(response, (type == RESPONSE_INIT) ? opiebtoh(buf, cv) : opiebtoe(buf, cv));
break;
}
puts(response);

4
contrib/opie/opielogin.1
View File

@ -1,7 +1,7 @@
.\" opielogin.1: Manual page for the opielogin(1) program.
.\"
.\" %%% portions-copyright-cmetz
.\" Portions of this software are Copyright 1996 by Craig Metz, All Rights
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

106
contrib/opie/opielogin.c
View File

@ -1,7 +1,7 @@
/* opielogin.c: The infamous /bin/login
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,10 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Use _PATH_NOLOGIN. Move Solaris
drain bamage kluge after rflag check; it breaks rlogin.
Use TCSAFLUSH instead of TCSANOW (except where it flushes
data we need). Sleep before kluging for Solaris.
Modified by cmetz for OPIE 2.3. Process login environment files.
Made logindevperm/fbtab handling more generic. Kluge around
Solaris drain bamage differently (maybe better?). Maybe
@ -123,6 +127,9 @@ License Agreement applies to this software.
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif /* HAVE_STDLIB_H */
#if HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif /* HAVE_SYS_SELECT_H */
#ifdef QUOTA
#include <sys/quota.h>
@ -317,7 +324,7 @@ static VOIDRET catch FUNCTION((i), int i)
static VOIDRET catchexit FUNCTION_NOARGS
{
int i;
tcsetattr(STDIN_FILENO, TCSANOW, &attr);
tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr);
putchar('\n');
closelog();
for (i = sysconf(_SC_OPEN_MAX); i > 2; i--)
@ -644,44 +651,11 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
}
#endif /* DEBUG */
for (t = sysconf(_SC_OPEN_MAX); t > 2; t--)
close(t);
openlog("login", LOG_ODELAY, LOG_AUTH);
{
struct termios termios;
fd_set fds;
struct timeval timeval;
memset(&timeval, 0, sizeof(struct timeval));
FD_ZERO(&fds);
FD_SET(0, &fds);
if (select(1, &fds, NULL, NULL, &timeval)) {
#ifdef DEBUG
syslog(LOG_DEBUG, "reading user name from tty buffer");
#endif /* DEBUG */
if (tcgetattr(0, &termios)) {
#ifdef DEBUG
syslog(LOG_DEBUG, "tcgetattr(0, &termios) failed");
#endif /* DEBUG */
exit(1);
}
termios.c_lflag &= ~ECHO;
if (tcsetattr(0, TCSANOW, &termios)) {
#ifdef DEBUG
syslog(LOG_DEBUG, "tcsetattr(0, &termios) failed");
#endif /* DEBUG */
exit(1);
}
if ((i = read(0, name, sizeof(name)-1)) > 0)
name[i] = 0;
}
}
/* initialisation */
host[0] = '\0';
opieprompt[0] = '\0';
@ -832,9 +806,6 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
}
}
for (t = sysconf(_SC_OPEN_MAX); t > 2; t--)
close(t);
#ifdef TIOCNXCL
/* BSDism: not sure how to rewrite for POSIX. rja */
ioctl(0, TIOCNXCL, 0); /* set non-exclusive use of tty */
@ -848,6 +819,49 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
across the network. */
if (rflag)
doremoteterm(term);
else {
struct termios termios;
fd_set fds;
struct timeval timeval;
memset(&timeval, 0, sizeof(struct timeval));
FD_ZERO(&fds);
FD_SET(0, &fds);
#if HAVE_USLEEP
usleep(1);
#endif /* HAVE_USLEEP */
if (select(1, &fds, NULL, NULL, &timeval)) {
#ifdef DEBUG
syslog(LOG_DEBUG, "reading user name from tty buffer");
#endif /* DEBUG */
if (tcgetattr(0, &termios)) {
#ifdef DEBUG
syslog(LOG_DEBUG, "tcgetattr(0, &termios) failed");
#endif /* DEBUG */
exit(1);
}
termios.c_lflag &= ~ECHO;
if (tcsetattr(0, TCSANOW, &termios)) {
#ifdef DEBUG
syslog(LOG_DEBUG, "tcsetattr(0, &termios) failed");
#endif /* DEBUG */
exit(1);
}
if ((i = read(0, name, sizeof(name)-1)) > 0)
name[i] = 0;
if ((p = strchr(name, '\r')))
*p = 0;
if ((p = strchr(name, '\n')))
*p = 0;
}
}
/* Force termios portable control characters to the system default values as
specified in termios.h. This should help the one-time password login feel the
@ -975,7 +989,7 @@ completeness, but these are set within appropriate defines for portability. */
attr.c_cflag |= HUPCL; /* hangup on close */
/* Set revised termio attributes */
if (tcsetattr(STDIN_FILENO, TCSANOW, &attr))
if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr))
return (-1);
atexit(catchexit);
@ -1099,8 +1113,8 @@ completeness, but these are set within appropriate defines for portability. */
#endif /* DEBUG */
if (!pwok && !otpok) {
fprintf(stderr, "Can't authenticate %s!\n");
continue;
fprintf(stderr, "Can't authenticate %s!\n", name);
exit(1);
}
#if NEW_PROMPTS
@ -1164,7 +1178,7 @@ completeness, but these are set within appropriate defines for portability. */
/* If user not super-user, check for logins disabled. */
if (thisuser.pw_uid) {
if (nlfd = fopen(NO_LOGINS_FILE, "r")) {
if (nlfd = fopen(_PATH_NOLOGIN, "r")) {
while ((c = getc(nlfd)) != EOF)
putchar(c);
fflush(stdout);

4
contrib/opie/opiepasswd.1
View File

@ -1,7 +1,7 @@
.\" opiepasswd.1: Manual page for the opiepasswd(1) program.
.\"
.\" %%% portions-copyright-cmetz
.\" Portions of this software are Copyright 1996 by Craig Metz, All Rights
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

6
contrib/opie/opiepasswd.c
View File

@ -1,7 +1,7 @@
/* opiepasswd.c: Add/change an OTP password in the key database.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -120,7 +120,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
return 1;
}
while ((i = getopt(argc, argv, "fhvcn:s:")) != EOF) {
while ((i = getopt(argc, argv, "fhvcn:s:d")) != EOF) {
switch (i) {
case 'v':
opieversion();

4
contrib/opie/opieserv.1
View File

@ -1,7 +1,7 @@
.\" opieserv.1: Manual page for the opieserv(1) program.
.\"
.\" %%% portions-copyright-cmetz
.\" Portions of this software are Copyright 1996 by Craig Metz, All Rights
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

4
contrib/opie/opieserv.c
View File

@ -1,8 +1,8 @@
/* opieserv.c: Sample OTP server based on the opiechallenge() and
opieverify() library routines.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.

4
contrib/opie/opiesu.1
View File

@ -1,7 +1,7 @@
.\" opiesu.c: Manual page for the opiesu(1) program.
.\"
.\" %%% portions-copyright-cmetz
.\" Portions of this software are Copyright 1996 by Craig Metz, All Rights
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

91
contrib/opie/opiesu.c
View File

@ -1,7 +1,7 @@
/* opiesu.c: main body of code for the su(1m) program
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Fix sulog(). Replaced Getlogin() with
currentuser. Fixed fencepost error in month printed by sulog().
Modified by cmetz for OPIE 2.3. Limit the length of TERM on full login.
Use HAVE_SULOG instead of DOSULOG.
Modified by cmetz for OPIE 2.2. Don't try to clear non-blocking I/O.
@ -103,7 +105,13 @@ static char *cleanenv[] = {userbuf, homebuf, shellbuf, pathbuf, 0, 0};
static char *user = "root";
static char *shell = "/bin/sh";
static int fulllogin;
#if 0
static int fastlogin;
#else /* 0 */
static int force = 0;
#endif /* 0 */
static char currentuser[65];
extern char **environ;
static struct passwd thisuser, nouser;
@ -209,7 +217,7 @@ static int sulog FUNCTION((status, who), int status AND char *who)
if (who)
from = who;
else
from = Getlogin();
from = currentuser;
if (!strncmp(ttynam = ttyname(2), "/dev/", 5))
ttynam += 5;
@ -223,31 +231,56 @@ static int sulog FUNCTION((status, who), int status AND char *who)
}
fprintf(f, "SU %02d/%02d %02d:%02d %c %s %s-%s\n",
tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min,
result ? '+' : '-', ttynam, from, user);
tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min,
status ? '+' : '-', ttynam, from, user);
fclose(f);
}
#endif /* HAVE_SULOG */
int main FUNCTION((argc, argv), int argc AND char *argv[])
{
char buf[1000], *p;
char *p;
struct opie opie;
int i;
char pbuf[256];
char opieprompt[80];
int console = 0;
#define Getlogin() (((p = getlogin()) && *p) ? p : buf)
char *argvbuf;
for (i = sysconf(_SC_OPEN_MAX); i > 2; i--)
close(i);
strcat(pathbuf, DEFAULT_PATH);
openlog("su", LOG_ODELAY, LOG_AUTH);
atexit(catchexit);
{
int argvsize = 0;
for (i = 0; i < argc; argvsize += strlen(argv[i++]));
argvsize += argc;
if (!(argvbuf = malloc(argvsize))) {
syslog(LOG_ERR, "can't allocate memory to store command line");
exit(1);
};
for (i = 0, *argvbuf = 0; i < argc;) {
strcat(argvbuf, argv[i]);
if (++i < argc)
strcat(argvbuf, " ");
};
};
strcpy(pathbuf, DEFAULT_PATH);
again:
if (argc > 1 && strcmp(argv[1], "-f") == 0) {
#if 0
fastlogin++;
#else /* 0 */
#if INSECURE_OVERRIDE
force = 1;
#else /* INSECURE_OVERRIDE */
fprintf(stderr, "Sorry, but the -f option is not supported by this build of OPIE.\n");
#endif /* INSECURE_OVERRIDE */
#endif /* 0 */
argc--, argv++;
goto again;
}
@ -268,24 +301,35 @@ again:
argv++;
}
openlog("su", LOG_ODELAY, LOG_AUTH);
atexit(catchexit);
{
struct passwd *pwd;
char *p = getlogin();
char buf[32];
if ((pwd = getpwuid(getuid())) == NULL) {
syslog(LOG_CRIT, "'%s' failed for unknown uid %d on %s", argv[0], getuid(), ttyname(2));
syslog(LOG_CRIT, "'%s' failed for unknown uid %d on %s", argvbuf, getuid(), ttyname(2));
#if HAVE_SULOG
sulog(0, "unknown");
#endif /* HAVE_SULOG */
exit(1);
}
strcpy(buf, pwd->pw_name);
}
strncpy(buf, pwd->pw_name, sizeof(buf)-1);
buf[sizeof(buf)-1] = 0;
if (!p)
p = "unknown";
strncpy(currentuser, p, 31);
currentuser[31] = 0;
if (p && *p && strcmp(currentuser, buf)) {
strcat(currentuser, "(");
strcat(currentuser, buf);
strcat(currentuser, ")");
};
if (lookupuser(user)) {
syslog(LOG_CRIT, "'%s' failed for %s on %s", argv[0], Getlogin(), ttyname(2));
syslog(LOG_CRIT, "'%s' failed for %s on %s", argvbuf, currentuser, ttyname(2));
#if HAVE_SULOG
sulog(0, NULL);
#endif /* HAVE_SULOG */
@ -312,6 +356,7 @@ userok:
#endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */
}
#endif /* DOWHEEL */
};
if (!thisuser.pw_passwd[0] || getuid() == 0)
goto ok;
@ -327,6 +372,11 @@ userok:
fprintf(stderr, "Then run su without the -c parameter.\n");
if (opieinsecure()) {
fprintf(stderr, "Sorry, but you don't seem to be on the console or a secure terminal.\n");
#if INSECURE_OVERRIDE
if (force)
fprintf(stderr, "Warning: Continuing could disclose your secret pass phrase to an attacker!\n");
else
#endif /* INSECURE_OVERRIDE */
exit(1);
};
#if NEW_PROMPTS
@ -379,16 +429,17 @@ userok:
};
};
error:
opieverify(&opie, "");
if (!console)
opieverify(&opie, "");
fprintf(stderr, "Sorry\n");
syslog(LOG_CRIT, "'%s' failed for %s on %s", argv[0], Getlogin(), ttyname(2));
syslog(LOG_CRIT, "'%s' failed for %s on %s", argvbuf, currentuser, ttyname(2));
#if HAVE_SULOG
sulog(0, NULL);
#endif /* HAVE_SULOG */
exit(2);
ok:
syslog(LOG_NOTICE, "'%s' by %s on %s", argv[0], Getlogin(), ttyname(2));
syslog(LOG_NOTICE, "'%s' by %s on %s", argvbuf, currentuser, ttyname(2));
#if HAVE_SULOG
sulog(1, NULL);
#endif /* HAVE_SULOG */
@ -423,10 +474,12 @@ ok:
setpriority(PRIO_PROCESS, 0, 0);
#endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */
#if 0
if (fastlogin) {
*argv-- = "-f";
*argv = "su";
} else
#endif /* 0 */
if (fulllogin) {
if (chdir(thisuser.pw_dir) < 0) {
fprintf(stderr, "No directory\n");

79
contrib/opie/opietest.c
View File

@ -8,14 +8,17 @@
It's safe to say that, if tests fail, OPIE isn't going to work right
on your system. The converse is not such a safe statement.
%%% copyright-cmetz
This software is Copyright 1996 by Craig Metz, All Rights Reserved.
%%% copyright-cmetz-96
This software is Copyright 1996-1997 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.31. Added a couple of new checks,
removed a few commented-out checks for functions that
no longer exist, added test-skip capability.
Modified by cmetz for OPIE 2.3. Use new calling conventions for
opiebtoa8()/atob8(). opiegenerator() outputs hex now.
Modified by cmetz for OPIE 2.22. Test opielock()/opieunlock()
@ -27,9 +30,6 @@ you didn't get a copy, you may request one from <license@inner.net>.
#include "opie.h"
char buffer[1024];
int tests_passed = 0;
int tests_failed = 0;
int ntests = 0, testn = 0;
int testatob8()
{
@ -140,6 +140,13 @@ int testhashmd5()
return 0;
}
int testinsecure()
{
opieinsecure();
return 0;
}
int testkeycrunch()
{
static char testin1[] = "ke1234";
@ -159,6 +166,9 @@ int testlock()
{
int i;
if (getuid())
return -2;
for (i = 0; i < 3; i++)
if (opielock("__opietest"))
return -1;
@ -180,10 +190,25 @@ int testpasscheck()
return 0;
}
int testrandomchallenge()
{
char buffer[OPIE_CHALLENGE_MAX+1];
opierandomchallenge(buffer);
if (strncmp(buffer, "otp-", 4))
return -1;
return 0;
}
int testunlock()
{
int i;
if (getuid())
return -2;
for (i = 0; i < 3; i++)
if (opieunlock())
return -1;
@ -204,27 +229,33 @@ static struct opietest opietests[] = {
{ testbtoa8, "btoa8" },
{ testbtoe, "btoe" },
{ testetob, "etob" },
/* { testchallenge, "challenge" }, */
/* { testchallenge, "challenge" }, */
{ testgenerator, "generator" },
{ testgetsequence, "getsequence" },
/* { testgetutmpentry, "getutmpentry" }, */
{ testhashmd4, "hash(MD4)" },
{ testhashmd5, "hash(MD5)" },
/* { testinsecure, "insecure" }, */
{ testinsecure, "insecure" },
{ testkeycrunch, "keycrunch" },
{ testlock, "lock" },
/* { testpututmpentry, "pututmpentry" }, */
/* { testrandomchallenge, "randomchallenge" }, */
{ testrandomchallenge, "randomchallenge" },
/* { testreadpass, "readpass" }, */
{ testunlock, "unlock" },
/* { testverify, "verify" }, */
/* { testversion, "version" }, */
/* { testverify, "verify" }, */
{ NULL, NULL }
};
int main FUNCTION((argc, argv), int argc AND char *argv[])
{
struct opietest *opietest;
int tests_passed = 0;
int tests_failed = 0;
int tests_skipped = 0;
int ntests = 0, testn = 0;
if (getuid() != geteuid()) {
fprintf(stderr, "opietest: do not make this program setuid!\n");
exit(1);
};
for (opietest = opietests; opietest->n; opietest++)
ntests++;
@ -233,17 +264,25 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
for (opietest = opietests, testn = 1; opietest->n; opietest++) {
printf("(%2d/%2d) testing opie%s... ", testn++, ntests, opietest->n);
if (opietest->f()) {
printf("FAILED!\n");
tests_failed++;
} else {
printf("passed\n");
tests_passed++;
opietest->f = NULL;
switch(opietest->f()) {
case -2:
printf("skipped\n");
tests_skipped++;
opietest->f = NULL;
break;
case -1:
printf("FAILED!\n");
tests_failed++;
break;
case 0:
printf("passed\n");
tests_passed++;
opietest->f = NULL;
break;
}
}
printf("opietest: completed %d tests. %d tests passed, %d tests failed.\n", ntests, tests_passed, tests_failed);
printf("opietest: completed %d tests. %d tests passed, %d tests skipped, %d tests failed.\n", ntests, tests_passed, tests_skipped, tests_failed);
if (tests_failed) {
printf("opietest: please correct the following failures before attempting to use OPIE:\n");
for (opietest = opietests; opietest->n; opietest++)

8
contrib/opie/permsfile.c
View File

@ -1,8 +1,8 @@
/* permsfile.c: implement SunOS /etc/fbtab and Solaris /etc/logindevperm
functionality to set device permissions on login
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -15,6 +15,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Include unistd.h.
Modified by cmetz for OPIE 2.3. Check for NULL return from
ftpglob(), combine some expressions, fix a typo. Made file
selection a bit more generic.
@ -30,6 +31,9 @@ License Agreement applies to this software.
#if HAVE_STRING_H
#include <string.h>
#endif /* HAVE_STRING_H */
#if HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <syslog.h>
#include "opie.h"

28
contrib/opie/popen.c
View File

@ -1,7 +1,7 @@
/* popen.c: A "safe" pipe open routine.
%%% portions-copyright-cmetz
Portions of this software are Copyright 1996 by Craig Metz, All Rights
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.31. Merged in some 4.4BSD-Lite fixes.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
Removed useless string. ifdef around some headers.
Modified at NRL for OPIE 2.1. Optimized for only one pipe at a time.
@ -24,8 +25,8 @@ License Agreement applies to this software.
*/
/*
* Copyright (c) 1988 The Regents of the University of California.
* All rights reserved.
* Copyright (c) 1988, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software written by Ken Arnold and
* published in UNIX Review, Vol. 6, No. 8.
@ -88,16 +89,18 @@ char **copyblk __P((char **));
VOIDRET blkfree __P((char **));
/*
* Special version of popen which avoids call to shell. This insures noone
* Special version of popen which avoids call to shell. This ensures noone
* may create a pipe to a hidden program as a side effect of a list or dir
* command.
*/
static pid_t child_pid = -1;
static int pipe_fd;
extern char **environ;
FILE *ftpd_popen FUNCTION((program, type), char *program AND char *type)
{
register char *cp;
char *cp;
FILE *iop;
int argc, gargc, pdes[2];
char **pop, *argv[100], *gargv[1000], *vv[2];
@ -150,6 +153,7 @@ FILE *ftpd_popen FUNCTION((program, type), char *program AND char *type)
}
close(pdes[1]);
}
environ = NULL;
execv(gargv[0], gargv);
_exit(1);
}
@ -195,10 +199,12 @@ int ftpd_pclose FUNCTION((iop), FILE *iop)
child_pid = -1;
pipe_fd = -1;
#ifdef WEXITSTATUS
/* this is the fully POSIX compliant implementation */
return (pid == -1 ? -1 : WEXITSTATUS(status));
#else
#if defined(WEXITSTATUS) && defined(WIFEXITED)
if ((pid > 0) && WIFEXITED(status))
return WEXITSTATUS(status);
return -1;
#else /* defined(WEXITSTATUS) && defined(WIFEXITED) */
return (pid == -1 ? -1 : status.w_status);
#endif
#endif /* defined(WEXITSTATUS) && defined(WIFEXITED) */
}