d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolve conflicts.

Browse Source
This commit is contained in:
markm 2002-03-21 23:42:52 +00:00
parent 084b4588f2
commit b38a0011c1
19 changed files with 520 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
contrib/opie/ftpcmd.y
View File

@ -1,7 +1,7 @@
/* ftpcmd.y: yacc parser for the FTP daemon.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -9,6 +9,7 @@ you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Use DOTITLE rather than SETPROCTITLE.
Modified by cmetz for OPIE 2.3. Moved LS_COMMAND here.
Modified by cmetz for OPIE 2.2. Fixed a *lot* of warnings.
Use FUNCTION declaration et al. Removed useless strings.
@ -964,10 +965,10 @@ int yylex FUNCTION_NOARGS
dologout(0);
}
(void) alarm(0);
#ifdef SETPROCTITLE
#if DOTITLE
if (strncasecmp(cbuf, "PASS", 4) != NULL)
setproctitle("%s: %s", proctitle, cbuf);
#endif /* SETPROCTITLE */
#endif /* DOTITLE */
if ((cp = strchr(cbuf, '\r'))) {
*cp++ = '\n';
*cp = '\0';

8
contrib/opie/libopie/challenge.c
View File

@ -1,7 +1,7 @@
/* challenge.c: The opiechallenge() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -67,11 +67,11 @@ int opiechallenge FUNCTION((mp, name, ss), struct opie *mp AND char *name AND ch
#endif /* DEBUG */
}
if (rval) {
if (rval ||
(snprintf(ss, OPIE_CHALLENGE_MAX, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX)) {
opierandomchallenge(ss);
memset(mp, 0, sizeof(*mp));
} else
sprintf(ss, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed);
}
return rval;
}

372
contrib/opie/libopie/generator.c
View File

@ -1,7 +1,7 @@
/* generator.c: The opiegenerator() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -9,6 +9,9 @@ you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Added opieauto code based on
previously released test code. Renamed buffer to challenge.
Use struct opie_otpkey for keys.
Modified by cmetz for OPIE 2.32. If secret=NULL, always return
as if opieauto returned "get the secret". Renamed
_opieparsechallenge() to __opieparsechallenge(). Check
@ -33,73 +36,362 @@ you didn't get a copy, you may request one from <license@inner.net>.
#if HAVE_STRING_H
#include <string.h>
#endif /* HAVE_STRING_H */
#if OPIEAUTO
#include <errno.h>
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif /* HAVE_STDLIB_H */
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
#endif /* OPIEAUTO */
#if DEBUG
#include <syslog.h>
#endif /* DEBUG */
#include "opie.h"
static char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
int opiegenerator FUNCTION((buffer, secret, response), char *buffer AND char *secret AND char *response)
#if OPIEAUTO
#ifndef max
#define max(x, y) (((x) > (y)) ? (x) : (y))
#endif /* max */
static int opieauto_connect FUNCTION_NOARGS
{
int s;
struct sockaddr_un sun;
char buffer[1024];
char *c, *c2 ="/.opieauto";
uid_t myuid = getuid(), myeuid = geteuid();
if (!myuid || !myeuid || (myuid != myeuid)) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: superuser and/or setuid not allowed");
#endif /* DEBUG */
return -1;
};
memset(&sun, 0, sizeof(struct sockaddr_un));
sun.sun_family = AF_UNIX;
if (!(c = getenv("HOME"))) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: no HOME variable?");
#endif /* DEBUG */
return -1;
};
if (strlen(c) > (sizeof(sun.sun_path) - strlen(c2) - 1)) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: HOME is too long: %s", c);
#endif /* DEBUG */
return -1;
};
strcpy(sun.sun_path, c);
strcat(sun.sun_path, c2);
if ((s = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: socket: %s(%d)", strerror(errno), errno);
#endif /* DEBUG */
return -1;
};
{
struct stat st;
if (stat(sun.sun_path, &st) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: stat: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
goto ret;
};
if (connect(s, (struct sockaddr *)&sun, sizeof(struct sockaddr_un))) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: connect: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
goto ret;
};
if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600)) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: something's fishy about the socket\n");
#endif /* DEBUG */
goto ret;
};
};
return s;
ret:
close(s);
return -1;
};
#endif /* OPIEAUTO */
int opiegenerator FUNCTION((challenge, secret, response), char *challenge AND char *secret AND char *response)
{
int algorithm;
int sequence;
char *seed;
char key[8];
struct opie_otpkey key;
int i;
int exts;
#if OPIEAUTO
int s;
int window;
char cmd[1+1+1+1+4+1+OPIE_SEED_MAX+1+4+1+4+1+4+1+4+1];
char *c;
#endif /* OPIEAUTO */
if (!(buffer = strstr(buffer, "otp-")))
if (!(challenge = strstr(challenge, "otp-")))
return 1;
buffer += 4;
challenge += 4;
if (__opieparsechallenge(buffer, &algorithm, &sequence, &seed, &exts))
if (__opieparsechallenge(challenge, &algorithm, &sequence, &seed, &exts))
return 1;
if ((sequence < 2) || (sequence > 9999))
return 1;
if (!secret[0])
return 2;
if (*secret) {
if (opiepasscheck(secret))
return -2;
if (opiepasscheck(secret))
return -2;
if (i = opiekeycrunch(algorithm, &key, seed, secret))
return i;
if (i = opiekeycrunch(algorithm, key, seed, secret))
return i;
if (sequence <= OPIE_SEQUENCE_RESTRICT) {
if (!(exts & 1))
return 1;
if (sequence < 10) {
if (!(exts & 1))
return 1;
{
char newseed[OPIE_SEED_MAX + 1];
struct opie_otpkey newkey;
char *c;
char buf[OPIE_SEED_MAX + 48 + 1];
while (sequence-- != 0)
opiehash(&key, algorithm);
if (opienewseed(strcpy(newseed, seed)) < 0)
return -1;
if (opiekeycrunch(algorithm, &newkey, newseed, secret))
return -1;
for (i = 0; i < 499; i++)
opiehash(&newkey, algorithm);
strcpy(response, "init-hex:");
strcat(response, opiebtoh(buf, &key));
if (snprintf(buf, sizeof(buf), ":%s 499 %s:", algids[algorithm],
newseed) >= sizeof(buf)) {
#ifdef DEBUG
syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at init-hex");
#endif /* DEBUG */
return -1;
}
strcat(response, buf);
strcat(response, opiebtoh(buf, &newkey));
};
};
};
#if OPIEAUTO
if ((s = opieauto_connect()) >= 0) {
if ((i = read(s, cmd, sizeof(cmd)-1)) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
close(s);
s = -1;
goto l0;
};
cmd[i] = 0;
if ((cmd[0] != 'C') || (cmd[1] != '+') || (cmd[2] != ' ')) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: got invalid/failing C+ response: %s\n", cmd);
#endif /* DEBUG */
close(s);
s = -1;
goto l0;
};
window = strtoul(&cmd[3], &c, 10);
if (!window || (window >= (OPIE_SEQUENCE_MAX - OPIE_SEQUENCE_RESTRICT)) || !isspace(*c)) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: got bogus option response: %s\n", cmd);
#endif /* DEBUG */
close(s);
s = -1;
goto l0;
};
};
l0:
if (*secret) {
int j;
if (s < 0) {
j = 0;
goto l1;
};
j = max(sequence - window + 1, OPIE_SEQUENCE_RESTRICT);
for (i = j; i > 0; i--)
opiehash(&key, algorithm);
{
char newseed[OPIE_SEED_MAX + 1];
char newkey[8];
char *c;
char buf[OPIE_SEED_MAX + 48 + 1];
char buf[16+1];
while (sequence-- != 0)
opiehash(key, algorithm);
opiebtoa8(buf, &key);
if (opienewseed(strcpy(newseed, seed)) < 0)
return -1;
if (snprintf(cmd, sizeof(cmd), "S= %d %d %s %s\n", algorithm, sequence,
seed, buf) >= sizeof(cmd)) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at S=\n");
#endif /* DEBUG */
goto l1;
}
}
if (opiekeycrunch(algorithm, newkey, newseed, secret))
return -1;
for (i = 0; i < 499; i++)
opiehash(newkey, algorithm);
strcpy(response, "init-hex:");
strcat(response, opiebtoh(buf, key));
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
strcat(response, buf);
strcat(response, opiebtoh(buf, newkey));
if (write(s, cmd, i = strlen(cmd)) != i) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
goto l1;
};
} else {
while (sequence-- != 0)
opiehash(key, algorithm);
opiebtoh(response, key);
}
if ((i = read(s, cmd, sizeof(cmd))) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
};
close(s);
cmd[i] = 0;
i = strlen(seed);
if ((cmd[0] != 'S') || (cmd[1] != '+') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i) || (*(c + i) != '\n')) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: got invalid/failing S+ response: %s\n", cmd);
#endif /* DEBUG */
};
l1:
for (i = sequence - j; i > 0; i--)
opiehash(&key, algorithm);
opiebtoh(response, &key);
} else {
if (s < 0)
goto l2;
if ((snprintf(cmd, sizeof(cmd), "s= %d %d %s\n", algorithm, sequence,
seed) >= sizeof(cmd))) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at s=\n");
#endif /* DEBUG */
goto l2;
}
if (write(s, cmd, i = strlen(cmd)) != i) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
goto l2;
};
if ((i = read(s, cmd, sizeof(cmd))) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
goto l2;
};
close(s);
i = strlen(seed);
if ((cmd[0] != 's') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i)) {
#if DEBUG
if (c)
*c = 0;
else
cmd[3] = 0;
syslog(LOG_DEBUG, "opiegenerator: got bogus/invalid s response: %s\n", cmd);
#endif /* DEBUG */
goto l2;
};
c += i;
if (cmd[1] == '-') {
#if DEBUG
if (*c != '\n') {
*c = 0;
syslog(LOG_DEBUG, "opiegenerator: got invalid s- response: %s\n", cmd);
};
#endif /* DEBUG */
goto l2;
};
if (cmd[1] != '+') {
#if DEBUG
*c = 0;
syslog(LOG_DEBUG, "opiegenerator: got invalid s response: %s\n", cmd);
#endif /* DEBUG */
goto l2;
};
{
char *c2;
if (!(c2 = strchr(++c, '\n'))) {
#if DEBUG
*c = 0;
syslog(LOG_DEBUG, "opiegenerator: got invalid s+ response: %s\n", cmd);
#endif /* DEBUG */
goto l2;
};
*c2++ = 0;
};
if (!opieatob8(&key, c))
goto l2;
opiebtoh(response, &key);
};
if (s >= 0)
close(s);
#else /* OPIEAUTO */
if (*secret) {
while (sequence-- != 0)
opiehash(&key, algorithm);
opiebtoh(response, &key);
} else
return -2;
#endif /* OPIEAUTO */
return 0;
}
#if OPIEAUTO
l2:
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: no opieauto response available.\n");
#endif /* DEBUG */
if (s >= 0)
close(s);
return -2;
#endif /* OPIEAUTO */
};

10
contrib/opie/libopie/hash.c
View File

@ -1,14 +1,15 @@
/* hash.c: The opiehash() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Updated by cmetz for OPIE 2.31. Added SHA support (which may
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
Modified by cmetz for OPIE 2.31. Added SHA support (which may
not be correct). Backed out previous optimizations as
they killed thread-safety.
Created by cmetz for OPIE 2.3 using the old hash.c as a guide.
@ -23,7 +24,8 @@ you didn't get a copy, you may request one from <license@inner.net>.
#include <md4.h>
#include <md5.h>
VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm)
VOIDRET opiehash FUNCTION((x, algorithm), struct opie_otpkey *x AND
unsigned algorithm)
{
UINT4 *results = (UINT4 *)x;

8
contrib/opie/libopie/hashlen.c
View File

@ -1,13 +1,14 @@
/* hashlen.c: The opiehashlen() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey, isolate variables.
Created by cmetz for OPIE 2.3.
$FreeBSD$
@ -20,7 +21,8 @@ you didn't get a copy, you may request one from <license@inner.net>.
#include <md4.h>
#include <md5.h>
VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND VOIDPTR in AND VOIDPTR out AND int n)
VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND
VOIDPTR in AND struct opie_otpkey *out AND int n)
{
UINT4 *results = (UINT4 *)out;
UINT4 mdx_tmp[4];

28
contrib/opie/libopie/insecure.c
View File

@ -1,7 +1,7 @@
/* insecure.c: The opieinsecure() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Do utmp checks on utmpx systems.
Handle unterminated ut_host.
Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent().
Modified by cmetz for OPIE 2.3. Added result caching. Use
__opiegetutmpentry(). Ifdef around ut_host check. Eliminate
@ -59,9 +61,9 @@ int opieinsecure FUNCTION_NOARGS
char *s;
char *term_name;
int insecure = 0;
#if HAVE_UT_HOST
#if HAVE_UT_HOST || DOUTMPX
struct utmp utmp;
#endif /* HAVE_UT_HOST */
#endif /* HAVE_UT_HOST || DOUTMPX */
static int result = -1;
if (result != -1)
@ -122,30 +124,34 @@ int opieinsecure FUNCTION_NOARGS
return (result = 1);
};
#if HAVE_UT_HOST
#if HAVE_UT_HOST || DOUTMPX
if (isatty(0)) {
memset(&utmp, 0, sizeof(struct utmp));
{
int i = __opiegetutmpentry(ttyname(0), &utmp);
endutent();
if (!i && utmp.ut_host[0]) {
char host[sizeof(utmp.ut_host) + 1];
insecure = 1;
if (s = strchr(utmp.ut_host, ':')) {
int n = s - utmp.ut_host;
strncpy(host, utmp.ut_host, sizeof(utmp.ut_host));
host[sizeof(utmp.ut_host)] = 0;
if (s = strchr(host, ':')) {
int n = s - host;
if (!n)
insecure = 0;
else
if (display_name) {
if (!strncmp(utmp.ut_host, display_name, n))
if (!strncmp(host, display_name, n))
insecure = 0;
#ifdef SOLARIS
#if 1 /* def SOLARIS */
else
if (s = strchr(utmp.ut_host, ' ')) {
if (s = strchr(host, ' ')) {
*s = ':';
if (s = strchr(s + 1, ' '))
*s = '.';
if (!strncmp(utmp.ut_host, display_name, n))
if (!strncmp(host, display_name, n))
insecure = 0;
}
#endif /* SOLARIS */
@ -154,7 +160,7 @@ int opieinsecure FUNCTION_NOARGS
}
};
};
#endif /* HAVE_UT_HOST */
#endif /* HAVE_UT_HOST || DOUTMPX */
if (insecure)
return (result = 1);

7
contrib/opie/libopie/lock.c
View File

@ -1,7 +1,7 @@
/* lock.c: The opielock() library function.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Use snprintf.
Modified by cmetz for OPIE 2.31. Put locks in a separate dir.
Bug fixes.
Modified by cmetz for OPIE 2.3. Do refcounts whether or not we
@ -201,7 +202,9 @@ int opielock FUNCTION((principal), char *principal)
if (!S_ISREG(statbuf[0].st_mode) || (statbuf[0].st_mode != statbuf[1].st_mode) || (statbuf[0].st_ino != statbuf[1].st_ino))
goto lockret;
sprintf(buffer, "%d\n%d\n", getpid(), time(0));
if (snprintf(buffer, sizeof(buffer), "%d\n%d\n", getpid(), time(0)) >= sizeof(buffer))
goto lockret;
i = strlen(buffer) + 1;
if (lseek(fh, 0, SEEK_SET)) {
close(fh);

97
contrib/opie/libopie/newseed.c
View File

@ -1,13 +1,15 @@
/* newseed.c: The opienewseed() library function.
%%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software.
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Modified by cmetz for OPIE 2.4. Greatly simplified increment. Now does
not add digits. Reformatted the code.
Modified by cmetz for OPIE 2.32. Added syslog.h if DEBUG.
Modified by cmetz for OPIE 2.31. Added time.h.
Created by cmetz for OPIE 2.22.
@ -37,73 +39,54 @@ you didn't get a copy, you may request one from <license@inner.net>.
int opienewseed FUNCTION((seed), char *seed)
{
if (!seed)
return -1;
if (!seed)
return -1;
if (seed[0]) {
int i;
if ((i = strlen(seed)) >= OPIE_SEED_MIN) {
long j;
char *c;
if (i > OPIE_SEED_MAX)
i = OPIE_SEED_MAX;
if (seed[0]) {
char *c, *end;
unsigned int i, max;
c = seed + i - 1;
if ((i = strlen(seed)) > OPIE_SEED_MAX)
i = OPIE_SEED_MAX;
while(c != seed) {
if (!isdigit(*c))
break;
c--;
}
for (c = end = seed + i - 1, max = 1;
(c > seed) && isdigit(*c); c--)
max *= 10;
c++;
if ((i = strtoul(++c, (char **)0, 10)) < max) {
if (++i >= max)
i = 1;
if (j = strtol(c, (char **)0, 10)) {
char buf[OPIE_SEED_MAX];
*c = 0;
strcpy(buf, seed);
if (errno == ERANGE) {
j = 1;
} else {
int k = 1, l = OPIE_SEED_MAX - strlen(buf);
while(l--) k *= 10;
if (++j >= k)
j = 1;
snprintf(c, end - c, "%d", i);
seed[OPIE_SEED_MAX] = 0;
return 0;
}
}
sprintf(seed, "%s%04ld", buf, j);
return 0;
}
}
}
{
time_t now;
{
{
time_t now;
time(&now);
srand(now);
}
time(&now);
srand(now);
}
{
struct utsname utsname;
{
struct utsname utsname;
if (uname(&utsname) < 0) {
if (uname(&utsname) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno), errno);
syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno),
errno);
#endif /* DEBUG */
utsname.nodename[0] = 'k';
utsname.nodename[1] = 'e';
}
utsname.nodename[2] = 0;
utsname.nodename[0] = 'k';
utsname.nodename[1] = 'e';
}
utsname.nodename[2] = 0;
sprintf(seed, "%s%04d", utsname.nodename, (rand() % 9999) + 1);
return 0;
}
}
if (snprintf(seed, OPIE_SEED_MAX+1, "%s%04d", utsname.nodename,
(rand() % 9999) + 1) >= OPIE_SEED_MAX+1)
return -1;
return 0;
}
}

7
contrib/opie/opie.4
View File

@ -1,7 +1,7 @@
.\" opie.4: Overview of the OPIE software.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@
.\"
.\" History:
.\"
.\" Modified by cmetz for OPIE 2.4. Spelling fixes.
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. Removed
.\" references to the old square brackets challenge delimiters.
.\" Modified at NRL for OPIE 2.01. Updated UNIX trademark credit.
@ -87,7 +88,7 @@ the calculator given the challenge and the secret password. For example,
.TP
.I seed
A piece of information that is used in conjunction with the secret password
and sequence numer to compute the response. Its purpose is to allow the same
and sequence number to compute the response. Its purpose is to allow the same
secret password to be used for multiple sequences, by changing the seed, or
for authentication to multiple machines by using different seeds.
.TP
@ -143,7 +144,7 @@ technique was implemented by Haller, Karn, and Walden at Bellcore. They
created a free software package called "S/Key" that used an algorithm
called a cryptographic checksum. A cryptographic checksum is a strong one-way
function such that, knowing the result of such a function, an attacker still
cannot feasably determine the input. Further, unlike cyclic redundancy
cannot feasibly determine the input. Further, unlike cyclic redundancy
checksums (CRCs), cryptographic checksums have few inputs that result in the
same output.
.LP

54
contrib/opie/opie.h
View File

@ -2,7 +2,7 @@
system that a program might need.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -15,6 +15,9 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Added sequence number limits. Added
struct opie_otpkey and made many functions use it. Added
opiestrncpy(). Include header with libmissing prototypes.
Modified by cmetz for OPIE 2.32. Added symbolic flag names for
opiepasswd(). Added __opieparsechallenge() prototype.
Modified by cmetz for OPIE 2.31. Removed active attack protection.
@ -53,7 +56,9 @@ struct opie {
#define __OPIE_FLAGS_READ 2
/* Minimum length of a secret password */
#ifndef OPIE_SECRET_MIN
#define OPIE_SECRET_MIN 10
#endif /* OPIE_SECRET_MIN */
/* Maximum length of a secret password */
#define OPIE_SECRET_MAX 127
@ -76,25 +81,47 @@ struct opie {
/* Maximum length of a principal (read: user name) */
#define OPIE_PRINCIPAL_MAX 32
#include <sys/cdefs.h>
/* Maximum sequence number */
#ifndef OPIE_SEQUENCE_MAX
#define OPIE_SEQUENCE_MAX 9999
#endif /* OPIE_SEQUENCE_MAX */
/* Restricted sequence number */
#ifndef OPIE_SEQUENCE_RESTRICT
#define OPIE_SEQUENCE_RESTRICT 9
#endif /* OPIE_SEQUENCE_RESTRICT */
#define UINT4 u_int32_t
struct opie_otpkey {
UINT4 words[2];
};
#ifndef SEEK_SET
#define SEEK_SET 0
#endif /* SEEK_SET */
#ifndef SEEK_END
#define SEEK_END 2
#endif /* SEEK_END */
__BEGIN_DECLS
int opieaccessfile __P((char *));
int rdnets __P((long));
int isaddr __P((register char *));
int opiealways __P((char *));
char *opieatob8 __P((char *,char *));
char *opieatob8 __P((struct opie_otpkey *, char *));
void opiebackspace __P((char *));
char *opiebtoa8 __P((char *,char *));
char *opiebtoe __P((char *,char *));
char *opiebtoh __P((char *,char *));
int opieetob __P((char *,char *));
char *opiebtoa8 __P((char *, struct opie_otpkey *));
char *opiebtoe __P((char *, struct opie_otpkey *));
char *opiebtoh __P((char *, struct opie_otpkey *));
int opieetob __P((struct opie_otpkey *, char *));
int opiechallenge __P((struct opie *,char *,char *));
int opiegenerator __P((char *,char *,char *));
int opiegetsequence __P((struct opie *));
void opiehash __P((void *, unsigned));
void opiehash __P((struct opie_otpkey *, unsigned));
int opiehtoi __P((register char));
int opiekeycrunch __P((int, char *, char *, char *));
int opiekeycrunch __P((int, struct opie_otpkey *, char *, char *));
int opielock __P((char *));
int opieunlock __P((void));
void opieunlockaeh __P((void));
@ -121,7 +148,6 @@ __END_DECLS
#define FUNCTION(arglist, args) (args)
#define AND ,
#define FUNCTION_NOARGS ()
#define UINT4 u_int32_t
__BEGIN_DECLS
struct utmp;
@ -133,6 +159,14 @@ int __opiereadrec __P((struct opie *));
int __opiewriterec __P((struct opie *));
int __opieparsechallenge __P((char *buffer, int *algorithm, int *sequence, char **seed, int *exts));
__END_DECLS
#define opiestrncpy(dst, src, n) \
do { \
strncpy(dst, src, n-1); \
dst[n-1] = 0; \
} while(0)
/* #include "missing.h" */
#endif /* _OPIE */
#define OPIEPASSWD_CONSOLE 1

11
contrib/opie/opie_cfg.h
View File

@ -1,7 +1,7 @@
/* opie_cfg.h: Various configuration-type pieces of information for OPIE.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Removed NBBY definition.
Modified by cmetz for OPIE 2.32. Include <sys/types.h> before
<dirent.h> to make *BSD happy.
Modified by cmetz for OPIE 2.31. Added 4.4BSD-Lite pathnames.h
@ -53,8 +54,8 @@ License Agreement applies to this software.
#ifndef _OPIE_CFG_H
#define _OPIE_CFG_H 1
#define VERSION "2.32"
#define DATE "Thursday, January 1, 1998"
#define VERSION "2.4"
#define DATE "Friday, January 19, 2001"
#ifndef unix
#define unix 1
@ -165,10 +166,6 @@ License Agreement applies to this software.
#define MOTD_FILE "/etc/motd"
#endif
#ifndef NBBY
#define NBBY 8 /* Reasonable for modern systems */
#endif /* NBBY */
#ifndef LOGIN_PATH
#define LOGIN_PATH "/usr/ucb:/bin:/usr/bin"
#endif /* LOGIN_PATH */

4
contrib/opie/opieaccess.5
View File

@ -7,11 +7,13 @@
.\"
.\" History:
.\"
.\" Modified by cmetz for OPIE 2.4. Fixed "0PIE" typo.
.\" Written at NRL for OPIE 2.0.
.\"
.ll 6i
.pl 10.5i
.\" @(#)opieaccess.5 2.0 (NRL) 1/10/95
.\" $FreeBSD$
.\"
.lt 6.0i
.TH OPIEACCESS 5 "January 10, 1995"
@ -61,7 +63,7 @@ mask Mask of the network to match
Subnets can be controlled by using the appropriate address and mask. Individual
hosts can be controlled by using the appropriate address and a mask of
255.255.255.255. If no rules are matched, the default is to deny non-0PIE
255.255.255.255. If no rules are matched, the default is to deny non-OPIE
logins.
.SH SEE ALSO

33
contrib/opie/opieftpd.c
View File

@ -1,7 +1,7 @@
/* opieftpd.c: Main program for an FTP daemon.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Add id parameter to opielogwtmp. Use
opiestrncpy(). Fix incorrect use of setproctitle().
Modified by cmetz for OPIE 2.32. Remove include of dirent.h here; it's
done already (and conditionally) in opie_cfg.h.
Modified by cmetz for OPIE 2.31. Merged in some 4.4BSD-Lite changes.
@ -243,7 +245,7 @@ static int receive_data __P((FILE *, FILE *));
static char *gunique __P((char *));
static char *sgetsave __P((char *));
int opielogwtmp __P((char *, char *, char *));
int opielogwtmp __P((char *, char *, char *, char *));
int fclose __P((FILE *));
@ -510,7 +512,7 @@ static VOIDRET end_login FUNCTION_NOARGS
if (seteuid((uid_t) 0))
syslog(LOG_ERR, "Can't set euid");
if (logged_in)
opielogwtmp(ttyline, "", "");
opielogwtmp(ttyline, "", "", "ftp");
pw = NULL;
logged_in = 0;
#if DOANONYMOUS
@ -564,7 +566,7 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
/* open wtmp before chroot */
sprintf(ttyline, "ftp%d", getpid());
opielogwtmp(ttyline, pw->pw_name, remotehost);
opielogwtmp(ttyline, pw->pw_name, remotehost, "ftp");
logged_in = 1;
#if DOANONYMOUS
@ -631,10 +633,10 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
if (guest) {
reply(230, "Guest login ok, access restrictions apply.");
#if DOTITLE
snprintf(proctitle, sizeof(proctitle), "%s: anonymous/%s", remotehost,
passwd);
setproctitle("%s", proctitle);
#endif /* DOTITLE */
setproctitle("%s: anonymous/%.*s", remotehost,
sizeof(proctitle) - sizeof(remotehost) - sizeof(": anonymous/"),
passwd);
#endif /* DOTITLE */
syslog(LOG_NOTICE, "ANONYMOUS FTP login from %s with ID %s",
remotehost, passwd);
} else
@ -643,9 +645,8 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
reply(230, "User %s logged in.", pw->pw_name);
#if DOTITLE
snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
setproctitle("%s", proctitle);
#endif /* DOTITLE */
setproctitle("%s: %s", remotehost, pw->pw_name);
#endif /* DOTITLE */
syslog(LOG_INFO, "FTP login from %s with user name %s", remotehost, pw->pw_name);
}
home = pw->pw_dir; /* home dir for globbing */
@ -1256,13 +1257,11 @@ static VOIDRET dolog FUNCTION((sin), struct sockaddr_in *sin)
time_t t, time();
if (hp)
strncpy(remotehost, hp->h_name, sizeof(remotehost));
opiestrncpy(remotehost, hp->h_name, sizeof(remotehost));
else
strncpy(remotehost, inet_ntoa(sin->sin_addr), sizeof(remotehost));
remotehost[sizeof(remotehost) - 1] = '\0';
opiestrncpy(remotehost, inet_ntoa(sin->sin_addr), sizeof(remotehost));
#if DOTITLE
snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
setproctitle("%s", proctitle);
setproctitle("%s: connected", remotehost);
#endif /* DOTITLE */
t = time((time_t *) 0);
@ -1280,7 +1279,7 @@ VOIDRET dologout FUNCTION((status), int status)
if (logged_in) {
if (seteuid((uid_t) 0))
syslog(LOG_ERR, "Can't set euid");
opielogwtmp(ttyline, "", "");
opielogwtmp(ttyline, "", "", "ftp");
}
/* beware of flushing buffers after a SIGPIPE */
_exit(status);

2
contrib/opie/opieinfo.1
View File

@ -1,7 +1,7 @@
.\" opieinfo.1: Manual page for the opieinfo(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

2
contrib/opie/opieinfo.c
View File

@ -2,7 +2,7 @@
opieinfo: Print a user's current OPIE sequence number and seed
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If

2
contrib/opie/opiekey.1
View File

@ -1,7 +1,7 @@
.\" opiekey.1: Manual page for the opiekey(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If

31
contrib/opie/opiekey.c
View File

@ -5,7 +5,7 @@
and outputs a response.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -18,6 +18,7 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
Modified by cmetz for OPIE 2.31. Renamed "init" and RESPONSE_INIT
to "init-hex" and RESPONSE_INIT_HEX. Removed active attack
protection support.
@ -135,7 +136,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
int i;
int count = 1;
char secret[OPIE_SECRET_MAX + 1], newsecret[OPIE_SECRET_MAX + 1];
char key[8], newkey[8];
struct opie_otpkey key, newkey;
char *seed, newseed[OPIE_SEED_MAX + 1];
char response[OPIE_RESPONSE_MAX + 1];
char *slash;
@ -266,13 +267,13 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
goto error;
}
if (opiekeycrunch(algorithm, newkey, newseed, newsecret)) {
if (opiekeycrunch(algorithm, &newkey, newseed, newsecret)) {
fprintf(stderr, "%s: key crunch failed (1)\n", argv[0]);
goto error;
}
for (i = 0; i < 499; i++)
opiehash(newkey, algorithm);
opiehash(&newkey, algorithm);
} else
#if RETYPE
getsecret(secret, "", 1);
@ -281,13 +282,13 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
#endif /* RETYPE */
/* Crunch seed and secret password into starting key normally */
if (opiekeycrunch(algorithm, key, seed, secret)) {
if (opiekeycrunch(algorithm, &key, seed, secret)) {
fprintf(stderr, "%s: key crunch failed\n", argv[0]);
goto error;
}
for (i = 0; i <= (keynum - count); i++)
opiehash(key, algorithm);
opiehash(&key, algorithm);
{
char buf[OPIE_SEED_MAX + 48 + 1];
@ -300,37 +301,37 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
switch(type) {
case RESPONSE_STANDARD:
if (hex)
opiebtoh(response, key);
opiebtoh(response, &key);
else
opiebtoe(response, key);
opiebtoe(response, &key);
break;
case RESPONSE_WORD:
strcpy(response, "word:");
strcat(response, opiebtoe(buf, key));
strcat(response, opiebtoe(buf, &key));
break;
case RESPONSE_HEX:
strcpy(response, "hex:");
strcat(response, opiebtoh(buf, key));
strcat(response, opiebtoh(buf, &key));
break;
case RESPONSE_INIT_HEX:
case RESPONSE_INIT_WORD:
if (type == RESPONSE_INIT_HEX) {
strcpy(response, "init-hex:");
strcat(response, opiebtoh(buf, key));
strcat(response, opiebtoh(buf, &key));
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
strcat(response, buf);
strcat(response, opiebtoh(buf, newkey));
strcat(response, opiebtoh(buf, &newkey));
} else {
strcpy(response, "init-word:");
strcat(response, opiebtoe(buf, key));
strcat(response, opiebtoe(buf, &key));
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
strcat(response, buf);
strcat(response, opiebtoe(buf, newkey));
strcat(response, opiebtoe(buf, &newkey));
}
break;
}
puts(response);
opiehash(key, algorithm);
opiehash(&key, algorithm);
}
}

5
contrib/opie/opiepasswd.1
View File

@ -1,7 +1,7 @@
.\" opiepasswd.1: Manual page for the opiepasswd(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If
@ -14,6 +14,7 @@
.\"
.\" History:
.\"
.\" Modified by cmetz for OPIE 2.4. Fixed spelling bug.
.\" Modified by cmetz for OPIE 2.3. Added -f flag documentation.
.\" Updated console example.
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
@ -36,7 +37,7 @@ system.
[\-v] [\-h] [\-c|\-d] [\-f]
.sp 0
[\-n
.I inital_sequence_number
.I initial_sequence_number
]
[\-s
.I seed

26
contrib/opie/opiepasswd.c
View File

@ -1,7 +1,7 @@
/* opiepasswd.c: Add/change an OTP password in the key database.
%%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of
the software.
You should have received a copy of the license with this software. If
@ -14,6 +14,8 @@ License Agreement applies to this software.
History:
Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
Use opiestrncpy().
Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of
hard coding the length. Unlock user on failed lookup.
Modified by cmetz for OPIE 2.3. Got of some variables and made some
@ -97,12 +99,13 @@ static VOIDRET finish FUNCTION((name), char *name)
}
printf("OTP key is %d %s\n", opie.opie_n, opie.opie_seed);
{
char key[8];
if (!opieatob8(key, opie.opie_val)) {
struct opie_otpkey key;
if (!opieatob8(&key, opie.opie_val)) {
fprintf(stderr, "Error verifying key -- possible database corruption.\n");
finish(NULL);
}
printf("%s\n", opiebtoe(buf, key));
printf("%s\n", opiebtoe(buf, &key));
}
}
@ -156,8 +159,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
OPIE_SEED_MIN, OPIE_SEED_MAX);
finish(NULL);
}
strncpy(seed, optarg, sizeof(seed));
seed[sizeof(seed) - 1] = 0;
opiestrncpy(seed, optarg, sizeof(seed));
break;
default:
usage(argv[0]);
@ -242,7 +244,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
{
char *c;
if (c = strrchr(tmp, ' '))
strncpy(oseed, c + 1, sizeof(oseed));
opiestrncpy(oseed, c + 1, sizeof(oseed));
else {
#if DEBUG
fprintf(stderr, "opiepasswd: bogus challenge\n");
@ -278,7 +280,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
{
char *c;
if (c = strrchr(tmp, ' '))
strncpy(nseed, c + 1, sizeof(nseed));
opiestrncpy(nseed, c + 1, sizeof(nseed));
else {
#if DEBUG
fprintf(stderr, "opiepasswd: bogus challenge\n");
@ -349,18 +351,18 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
finish(NULL);
}
{
char key[8];
struct opie_otpkey key;
char tbuf[OPIE_RESPONSE_MAX + 1];
if (opiekeycrunch(MDX, key, opie.opie_seed, passwd) != 0) {
if (opiekeycrunch(MDX, &key, opie.opie_seed, passwd) != 0) {
fprintf(stderr, "%s: key crunch failed. Secret pass phrase unchanged\n", argv[0]);
finish(NULL);
}
memset(passwd, 0, sizeof(passwd));
i = opie.opie_n - 1;
while (i-- != 0)
opiehash(key, MDX);
opiebtoe(tbuf, key);
opiehash(&key, MDX);
opiebtoe(tbuf, &key);
if (opieverify(&opie, tbuf)) {
fprintf(stderr, "Sorry.\n");
finish(NULL);