dim
581bacc0c7
In contrib/opie/opiekey.c, use the correct length to zero the secret.
...
Found by: clang ToT
Reviewed by: delphij
MFC after: 3 days
2013-02-16 12:45:57 +00:00
eadler
0af88b7eae
Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in
...
share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of
FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk>
Reviewed by: imp, toolchain@
Approved by: cperciva
MFC after: 2 weeks
2012-12-06 01:31:25 +00:00
delphij
804597f72d
RFC 2289 requires all hashes be stored in little endian format before
...
folding to 64 bits, while SHA1 code is big endian. Therefore, a bswap32
is required before using the value.
Without this change, the implementation does not conform to test vector
found in RFC 2289.
PR: bin/170519
Submitted by: Arthur Mesh <arthurmesh gmail com> (with changes)
MFC after: 1 week
2012-08-10 04:48:58 +00:00
cperciva
c8612ee587
Change the current working directory to be inside the jail created by
...
the jail(8) command. [10:04]
Fix a one-NUL-byte buffer overflow in libopie. [10:05]
Correctly sanity-check a buffer length in nfs mount. [10:06]
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient
2010-05-27 03:15:04 +00:00
ed
cdcbec7f04
Don't include <utmp.h> when using <utmpx.h>.
...
libopie includes both <utmp.h> and <utmpx.h> in this case and uses some
#defines to let the code use struct utmpx and its utility functions.
We'd better not include <utmp.h> here, because maybe it will not be
present in the future.
2010-01-11 16:27:56 +00:00
gabor
8e86e76809
- Remove non-existing reference
...
- Fix trailing comma
PR: docs/85118
Submitted by: vs
MFC after: 3 days
2009-01-30 15:43:55 +00:00
cperciva
e66460b894
Add missing code needed for the detection of IPSec packet replays. [1]
...
Correctly identify the user running opiepasswd(1) when the login name
differs from the account name. [2]
Security: FreeBSD-SA-06:11.ipsec [1]
Security: FreeBSD-SA-06:12.opie [2]
2006-03-22 16:00:42 +00:00
ache
7cefcfe3b0
Create /etc/opiekeys with 0600, not 0644
...
PR: 84221
2005-07-29 09:59:24 +00:00
kris
abf36ebac0
FreeBSD does not use this code, but ftpd_popen() contains a buffer overflow.
...
We might as well patch it.
Submitted by: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
PR: bin/23352
MFC After: The average time before an unpatched Windows 2000 server gets owned
2003-07-13 05:59:50 +00:00
des
58c84d11b0
When computing a new seed for an existing user, opienewseed() would
...
incorrectly compute the length of the numeric portion of the previous
seed, causing the new seed to be one character shorter than the old
one.
This patch has been submitted to the vendor; I'm committing it right
away since the file is already off the vendor branch.
MFC after: 3 days
2003-01-22 10:55:36 +00:00
markm
b38a0011c1
Resolve conflicts.
2002-03-21 23:42:52 +00:00
markm
da481742fe
This commit was generated by cvs2svn to compensate for changes in r92906,
...
which included commits to RCS files with non-trunk default branches.
2002-03-21 22:50:02 +00:00
markm
4cdfa7814c
Vendor import of OPIE 2.4
2002-03-21 22:50:02 +00:00
ache
a76b3153c4
Zeroing memset() in opiechallenge() really is not needed because it is the
...
very first thing immediately following opielookup() does being entered, i.e.
look at this:
int opielookup FUNCTION((opie, principal), struct opie *opie AND char
*principal
)
{
int i;
memset(opie, 0, sizeof(struct opie));
...
2002-01-24 22:19:21 +00:00
joerg
2590927e9e
Make the -a flag to opiekey(1) actually work as advertised.
...
Reviewed by: ache, audit, security
MFC after: 1 week
2002-01-09 13:36:26 +00:00
ache
c0930dcf75
Repo copied to /usr/src/lib/libopie/
2002-01-03 15:58:11 +00:00
ache
40c9b9ae1a
Add heuristic to detect SSH connection (in the same style as other
...
heuristics already here which not supposed to be secure, just helpers).
Approved by: security@ silence
2001-08-29 13:17:02 +00:00
markm
7aa03eaeb0
Fix overflow problem when giving a username that is too long.
...
Also minor declaration/header fixes while auditing the code.
2001-08-20 12:52:49 +00:00
ache
1a5b422654
Fix uninitialized "force" variable.
...
PR: 23203
Submitted by: fenner
Approved by: markm
2001-08-13 19:43:14 +00:00
markm
6cdc15e4a8
Fix SHA1 hashing.
2001-07-14 08:30:54 +00:00
markm
df9e832a1a
Usse a better method to get a user's credentials, as uid's may be
...
legally duplicated.
Requested by: ache
2001-07-14 08:29:19 +00:00
ru
044b30cecd
Eliminate troff(1) warnings that were hiding some useful text.
2001-07-12 14:29:59 +00:00
ache
49fc10f4a2
Make the similar changes as in our keyinfo, i.e. allow user to get his own
...
sequence and allow root to get everybody's one. Before this change user
can't get his own sequence, root required.
2001-06-23 04:48:59 +00:00
kris
e1012a939e
Import patch to fix non-constant format string abuses. This patch was
...
approved by the vendor and will be present in future releases.
2001-03-05 02:54:13 +00:00
kris
fd7e18a5ae
This commit was generated by cvs2svn to compensate for changes in r73569,
...
which included commits to RCS files with non-trunk default branches.
2001-03-05 02:54:13 +00:00
kris
1e2b778cca
Correct security hole in setproctitle(). We don't compile this code, but
...
having the security hole there makes my skin itch.
2000-07-10 07:30:28 +00:00
kris
d8a32b7ba0
Add some extra functions adapted from OpenBSD, in preparation for
...
OpenSSH OPIE support.
2000-05-15 04:20:54 +00:00
kris
7db2ebc8f6
Allow applications to disable the installation of the atexit() handler
...
which cleans up OPIE lockfiles. This is required for pam_opie.
Submitted by: Jim Bloom <bloom@acm.org>
2000-04-17 00:01:23 +00:00
kris
7833f1a4d2
Resolve conflicts
2000-04-10 11:18:54 +00:00
kris
aee7d5e2d9
Upgrade to OPIE 2.32, from http://www.inner.net/pub/opie/
2000-04-10 11:09:42 +00:00
kris
73aab67427
This commit was generated by cvs2svn to compensate for changes in r59118,
...
which included commits to RCS files with non-trunk default branches.
2000-04-10 11:09:42 +00:00
chris
c3602b40ed
- Use proper markup for a section header.
...
- Replace nonexistent OPIE_PROMPT_MAX with OPIE_CHALLENGE_MAX
PR: 16209
Submitted by: Tetsuro Furuya <tfuruya@ppp142197.asahi-net.or.jp>
2000-01-19 21:54:19 +00:00
imp
ad467c4556
sprintf -> snprintf
1998-09-09 17:08:46 +00:00
bde
8c3de9bd74
Fixed printf format errors.
1998-06-30 18:06:23 +00:00
steve
ccb6372369
'They They' -> 'They'
...
PR: 6912
Submitted by: Stefan Eggers <seggers@semyam.dinoco.de>
1998-06-14 16:06:00 +00:00
alex
cbab4c9147
YTK fix.
1997-12-22 23:00:35 +00:00
steve
9e7dd67979
Make this manpage reveal its true identity. A diff of these
...
changes has also been sent to opie-bugs@inner.net .
PR: 5129
Submitted by: jkh
1997-11-27 18:10:42 +00:00
ache
fea46d545c
Move locks from /etc/opielocks to /var/run/opielocks to keep
...
/etc non-writeable as possible
1997-10-01 13:02:20 +00:00
ache
5bec5470a5
Add setutent.c
1997-09-29 11:31:22 +00:00
ache
5be3e0a85f
This commit was generated by cvs2svn to compensate for changes in r29975,
...
which included commits to RCS files with non-trunk default branches.
1997-09-29 11:31:22 +00:00
ache
74f17da1a6
Oops, __END_DECLS was in wrong place
1997-09-29 10:58:53 +00:00
ache
ba1d008827
Not used in this version
1997-09-29 10:42:45 +00:00
ache
0324469d8f
Moved to libopie
1997-09-29 10:38:24 +00:00
ache
84d99714d1
Merge
1997-09-29 10:33:14 +00:00
ache
620a15402c
Upgrade to 2.31
1997-09-29 08:53:38 +00:00
ache
f80f68544c
This commit was generated by cvs2svn to compensate for changes in r29964,
...
which included commits to RCS files with non-trunk default branches.
1997-09-29 08:53:38 +00:00
pst
a2fbfa731d
Remove bits of libmissing we don't care about.
1997-09-03 08:24:28 +00:00
pst
5c80f76918
Update synopsis. A partial fix has also been submitted to opie@bugs@inner.net
...
Submitted by: bde
1997-08-26 20:55:43 +00:00
ache
00ca5799cb
Detect null secret as error, it is temp. fix until next release
...
Submitted by: Craig Metz <cmetz@inner.net>
1997-08-05 23:15:28 +00:00
pst
b24bfb19c5
Make OPIE's public API use BSD conventions.
1997-03-08 19:42:17 +00:00