Resolve conflicts.

19 files changed, 522 insertions, 196 deletions

diff --git a/contrib/opie/ftpcmd.y b/contrib/opie/ftpcmd.y
index ea5bb36..abcffdc 100644
--- a/contrib/opie/ftpcmd.y
+++ b/contrib/opie/ftpcmd.y
@@ -1,7 +1,7 @@
 /* ftpcmd.y: yacc parser for the FTP daemon.
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
@@ -9,6 +9,7 @@ you didn't get a copy, you may request one from <license@inner.net>.
 
 	History:
 
+	Modified by cmetz for OPIE 2.4. Use DOTITLE rather than SETPROCTITLE.
 	Modified by cmetz for OPIE 2.3. Moved LS_COMMAND here.
         Modified by cmetz for OPIE 2.2. Fixed a *lot* of warnings.
                 Use FUNCTION declaration et al. Removed useless strings.
@@ -964,10 +965,10 @@ int yylex FUNCTION_NOARGS
 				dologout(0);
 			}
 			(void) alarm(0);
-#ifdef SETPROCTITLE
+#if DOTITLE
 			if (strncasecmp(cbuf, "PASS", 4) != NULL)
 				setproctitle("%s: %s", proctitle, cbuf);
-#endif /* SETPROCTITLE */
+#endif /* DOTITLE */
 			if ((cp = strchr(cbuf, '\r'))) {
 				*cp++ = '\n';
 				*cp = '\0';
diff --git a/contrib/opie/libopie/challenge.c b/contrib/opie/libopie/challenge.c
index b931714..fc836aa 100644
--- a/contrib/opie/libopie/challenge.c
+++ b/contrib/opie/libopie/challenge.c
@@ -1,7 +1,7 @@
 /* challenge.c: The opiechallenge() library function.
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
@@ -67,11 +67,11 @@ int opiechallenge FUNCTION((mp, name, ss), struct opie *mp AND char *name AND ch
 #endif /* DEBUG */
   }
 
-  if (rval) {
+  if (rval ||
+    (snprintf(ss, OPIE_CHALLENGE_MAX, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX)) {
     opierandomchallenge(ss);
     memset(mp, 0, sizeof(*mp));
-  } else
-    sprintf(ss, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed);
+  }
 
   return rval;
 }
diff --git a/contrib/opie/libopie/generator.c b/contrib/opie/libopie/generator.c
index eef7cac..d4888f9 100644
--- a/contrib/opie/libopie/generator.c
+++ b/contrib/opie/libopie/generator.c
@@ -1,7 +1,7 @@
 /* generator.c: The opiegenerator() library function.
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
@@ -9,6 +9,9 @@ you didn't get a copy, you may request one from <license@inner.net>.
 
         History:
 
+	Modified by cmetz for OPIE 2.4. Added opieauto code based on
+	        previously released test code. Renamed buffer to challenge.
+		Use struct opie_otpkey for keys.
 	Modified by cmetz for OPIE 2.32. If secret=NULL, always return
 		as if opieauto returned "get the secret". Renamed
 		_opieparsechallenge() to __opieparsechallenge(). Check
@@ -33,73 +36,362 @@ $FreeBSD$
 #if HAVE_STRING_H
 #include <string.h>
 #endif /* HAVE_STRING_H */
+#if OPIEAUTO
+#include <errno.h>
+#if HAVE_STDLIB_H
+#include <stdlib.h>
+#endif /* HAVE_STDLIB_H */
+#include <sys/stat.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#endif /* OPIEAUTO */
+#if DEBUG
+#include <syslog.h>
+#endif /* DEBUG */
 #include "opie.h"
 
 static char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
 
-int opiegenerator FUNCTION((buffer, secret, response), char *buffer AND char *secret AND char *response)
+#if OPIEAUTO
+#ifndef max
+#define max(x, y) (((x) > (y)) ? (x) : (y))
+#endif /* max */
+
+static int opieauto_connect FUNCTION_NOARGS
+{
+  int s;
+  struct sockaddr_un sun;
+  char buffer[1024];
+  char *c, *c2 ="/.opieauto";
+  uid_t myuid = getuid(), myeuid = geteuid();
+
+  if (!myuid || !myeuid || (myuid != myeuid)) {
+#if DEBUG
+    syslog(LOG_DEBUG, "opieauto_connect: superuser and/or setuid not allowed");
+#endif /* DEBUG */
+    return -1;
+  };
+
+  memset(&sun, 0, sizeof(struct sockaddr_un));
+  sun.sun_family = AF_UNIX;
+
+  if (!(c = getenv("HOME"))) {
+#if DEBUG
+    syslog(LOG_DEBUG, "opieauto_connect: no HOME variable?");
+#endif /* DEBUG */
+    return -1;
+  };
+
+  if (strlen(c) > (sizeof(sun.sun_path) - strlen(c2) - 1)) {
+#if DEBUG
+    syslog(LOG_DEBUG, "opieauto_connect: HOME is too long: %s", c);
+#endif /* DEBUG */
+    return -1;
+  };
+
+  strcpy(sun.sun_path, c);
+  strcat(sun.sun_path, c2);
+
+  if ((s = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
+#if DEBUG
+    syslog(LOG_DEBUG, "opieauto_connect: socket: %s(%d)", strerror(errno), errno);
+#endif /* DEBUG */
+    return -1;
+  };
+
+  {
+    struct stat st;
+
+    if (stat(sun.sun_path, &st) < 0) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opieauto_connect: stat: %s(%d)\n", strerror(errno), errno);
+#endif /* DEBUG */
+      goto ret;
+    };
+
+    if (connect(s, (struct sockaddr *)&sun, sizeof(struct sockaddr_un))) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opieauto_connect: connect: %s(%d)\n", strerror(errno), errno);
+#endif /* DEBUG */
+      goto ret;
+    };
+
+    if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600)) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opieauto_connect: something's fishy about the socket\n");
+#endif /* DEBUG */
+      goto ret;
+    };
+  };
+
+  return s;
+
+ret:
+  close(s);
+  return -1;
+};
+#endif /* OPIEAUTO */
+
+int opiegenerator FUNCTION((challenge, secret, response), char *challenge AND char *secret AND char *response)
 {
   int algorithm;
   int sequence;
   char *seed;
-  char key[8];
+  struct opie_otpkey key;
   int i;
   int exts;
+#if OPIEAUTO
+  int s;
+  int window;
+  char cmd[1+1+1+1+4+1+OPIE_SEED_MAX+1+4+1+4+1+4+1+4+1];
+  char *c;
+#endif /* OPIEAUTO */
 
-  if (!(buffer = strstr(buffer, "otp-")))
+  if (!(challenge = strstr(challenge, "otp-")))
     return 1;
 
-  buffer += 4;
+  challenge += 4;
 
-  if (__opieparsechallenge(buffer, &algorithm, &sequence, &seed, &exts))
+  if (__opieparsechallenge(challenge, &algorithm, &sequence, &seed, &exts))
     return 1;
 
   if ((sequence < 2) || (sequence > 9999))
     return 1;
 
-  if (!secret[0])
-   return 2;
+  if (*secret) {
+    if (opiepasscheck(secret))
+      return -2;
 
-  if (opiepasscheck(secret))
-    return -2;
+    if (i = opiekeycrunch(algorithm, &key, seed, secret))
+      return i;
+
+    if (sequence <= OPIE_SEQUENCE_RESTRICT) {
+      if (!(exts & 1))
+	return 1;
+
+      {
+	char newseed[OPIE_SEED_MAX + 1];
+	struct opie_otpkey newkey;
+	char *c;
+	char buf[OPIE_SEED_MAX + 48 + 1];
+
+	while (sequence-- != 0)
+	  opiehash(&key, algorithm);
+
+	if (opienewseed(strcpy(newseed, seed)) < 0)
+	  return -1;
+
+	if (opiekeycrunch(algorithm, &newkey, newseed, secret))
+	  return -1;
 
-  if (i = opiekeycrunch(algorithm, key, seed, secret))
-    return i;
+	for (i = 0; i < 499; i++)
+	  opiehash(&newkey, algorithm);
 
-  if (sequence < 10) {
-    if (!(exts & 1))
-      return 1;
+	strcpy(response, "init-hex:");
+	strcat(response, opiebtoh(buf, &key));
+	if (snprintf(buf, sizeof(buf), ":%s 499 %s:", algids[algorithm],
+	    newseed) >= sizeof(buf)) {
+#ifdef DEBUG
+	  syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at init-hex");
+#endif /* DEBUG */
+	  return -1;
+	}
+	strcat(response, buf);
+	strcat(response, opiebtoh(buf, &newkey));
+      };
+    };
+  };
+
+#if OPIEAUTO
+  if ((s = opieauto_connect()) >= 0) {
+    if ((i = read(s, cmd, sizeof(cmd)-1)) < 0) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
+#endif /* DEBUG */
+      close(s);
+      s = -1;
+      goto l0;
+    };
+    cmd[i] = 0;
+    if ((cmd[0] != 'C') || (cmd[1] != '+') || (cmd[2] != ' ')) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opiegenerator: got invalid/failing C+ response: %s\n", cmd);
+#endif /* DEBUG */
+      close(s);
+      s = -1;
+      goto l0;
+    };
+
+    window = strtoul(&cmd[3], &c, 10);
+    if (!window || (window >= (OPIE_SEQUENCE_MAX - OPIE_SEQUENCE_RESTRICT)) || !isspace(*c)) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opiegenerator: got bogus option response: %s\n", cmd);
+#endif /* DEBUG */
+      close(s);
+      s = -1;
+      goto l0;
+    };
+  };
+
+l0:
+  if (*secret) {
+    int j;
+
+    if (s < 0) {
+      j = 0;
+      goto l1;
+    };
+
+    j = max(sequence - window + 1, OPIE_SEQUENCE_RESTRICT);
+
+    for (i = j; i > 0; i--)
+      opiehash(&key, algorithm);
 
     {
-    char newseed[OPIE_SEED_MAX + 1];
-    char newkey[8];
-    char *c;
-    char buf[OPIE_SEED_MAX + 48 + 1];
+      char buf[16+1];
 
-    while (sequence-- != 0)
-      opiehash(key, algorithm);
+      opiebtoa8(buf, &key);
 
-    if (opienewseed(strcpy(newseed, seed)) < 0)
-      return -1;
+      if (snprintf(cmd, sizeof(cmd), "S= %d %d %s %s\n", algorithm, sequence,
+          seed, buf) >= sizeof(cmd)) {
+#if DEBUG
+        syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at S=\n");
+#endif /* DEBUG */
+	goto l1;
+      }
+    }
 
-    if (opiekeycrunch(algorithm, newkey, newseed, secret))
-      return -1;
+    if (write(s, cmd, i = strlen(cmd)) != i) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno);
+#endif /* DEBUG */
+      goto l1;
+    };
 
-    for (i = 0; i < 499; i++)
-      opiehash(newkey, algorithm);
+    if ((i = read(s, cmd, sizeof(cmd))) < 0) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
+#endif /* DEBUG */
+    };
+    close(s);
 
-    strcpy(response, "init-hex:");
-    strcat(response, opiebtoh(buf, key));
-    sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
-    strcat(response, buf);
-    strcat(response, opiebtoh(buf, newkey));
+    cmd[i] = 0;
+    i = strlen(seed);
+    if ((cmd[0] != 'S') || (cmd[1] != '+') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i) || (*(c + i) != '\n')) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opiegenerator: got invalid/failing S+ response: %s\n", cmd);
+#endif /* DEBUG */
     };
+
+l1:
+    for (i = sequence - j; i > 0; i--)
+      opiehash(&key, algorithm);
+
+    opiebtoh(response, &key);
   } else {
+    if (s < 0)
+      goto l2;
+
+    if ((snprintf(cmd, sizeof(cmd), "s= %d %d %s\n", algorithm, sequence,
+        seed) >= sizeof(cmd))) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at s=\n");
+#endif /* DEBUG */
+      goto l2;
+    }
+
+    if (write(s, cmd, i = strlen(cmd)) != i) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno);
+#endif /* DEBUG */
+      goto l2;
+    };
+
+    if ((i = read(s, cmd, sizeof(cmd))) < 0) {
+#if DEBUG
+      syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
+#endif /* DEBUG */
+      goto l2;
+    };
+    close(s);
+
+    i = strlen(seed);
+
+    if ((cmd[0] != 's') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i)) {
+#if DEBUG
+      if (c)
+	*c = 0;
+      else
+	cmd[3] = 0;
+      
+      syslog(LOG_DEBUG, "opiegenerator: got bogus/invalid s response: %s\n", cmd);
+#endif /* DEBUG */
+      goto l2;
+    };
+
+    c += i;
+
+    if (cmd[1] == '-') {
+#if DEBUG
+      if (*c != '\n') {
+	*c = 0;
+	syslog(LOG_DEBUG, "opiegenerator: got invalid s- response: %s\n", cmd);
+      };
+#endif /* DEBUG */
+      goto l2;
+    };
+
+    if (cmd[1] != '+') {
+#if DEBUG
+      *c = 0;
+      syslog(LOG_DEBUG, "opiegenerator: got invalid s response: %s\n", cmd);
+#endif /* DEBUG */
+      goto l2;
+    };
+
+    {
+      char *c2;
+
+      if (!(c2 = strchr(++c, '\n'))) {
+#if DEBUG
+	*c = 0;
+	syslog(LOG_DEBUG, "opiegenerator: got invalid s+ response: %s\n", cmd);
+#endif /* DEBUG */
+	goto l2;
+      };
+
+      *c2++ = 0;
+    };
+
+    if (!opieatob8(&key, c))
+      goto l2;
+
+    opiebtoh(response, &key);
+  };
+
+  if (s >= 0)
+    close(s);
+#else /* OPIEAUTO */
+  if (*secret) {
     while (sequence-- != 0)
-      opiehash(key, algorithm);
+      opiehash(&key, algorithm);
 
-    opiebtoh(response, key);
-  }
+    opiebtoh(response, &key);
+  } else
+    return -2;
+#endif /* OPIEAUTO */
 
   return 0;
-}
+
+#if OPIEAUTO
+l2:
+#if DEBUG
+  syslog(LOG_DEBUG, "opiegenerator: no opieauto response available.\n");
+#endif /* DEBUG */
+  if (s >= 0)
+    close(s);
+
+  return -2;
+#endif /* OPIEAUTO */
+};
diff --git a/contrib/opie/libopie/hash.c b/contrib/opie/libopie/hash.c
index 0edbdd1..babcbfa 100644
--- a/contrib/opie/libopie/hash.c
+++ b/contrib/opie/libopie/hash.c
@@ -1,14 +1,15 @@
 /* hash.c: The opiehash() library function.
 
 %%% copyright-cmetz-96
-This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
-The Inner Net License Version 2 applies to this software.
+This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
+The Inner Net License Version 3 applies to this software.
 You should have received a copy of the license with this software. If
 you didn't get a copy, you may request one from <license@inner.net>.
 
         History:
 
-	Updated by cmetz for OPIE 2.31. Added SHA support (which may
+	Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. 
+	Modified by cmetz for OPIE 2.31. Added SHA support (which may
               not be correct). Backed out previous optimizations as
               they killed thread-safety.
         Created by cmetz for OPIE 2.3 using the old hash.c as a guide.
@@ -23,7 +24,8 @@ $FreeBSD$
 #include <md4.h>
 #include <md5.h>
 
-VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm)
+VOIDRET opiehash FUNCTION((x, algorithm), struct opie_otpkey *x AND
+unsigned algorithm)
 {
   UINT4 *results = (UINT4 *)x;
 
diff --git a/contrib/opie/libopie/hashlen.c b/contrib/opie/libopie/hashlen.c
index 66f7d2c..29d855d 100644
--- a/contrib/opie/libopie/hashlen.c
+++ b/contrib/opie/libopie/hashlen.c
@@ -1,13 +1,14 @@
 /* hashlen.c: The opiehashlen() library function.
 
 %%% copyright-cmetz-96
-This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
-The Inner Net License Version 2 applies to this software.
+This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
+The Inner Net License Version 3 applies to this software.
 You should have received a copy of the license with this software. If
 you didn't get a copy, you may request one from <license@inner.net>.
 
         History:
 
+	Modified by cmetz for OPIE 2.4. Use struct opie_otpkey, isolate variables.
 	Created by cmetz for OPIE 2.3.
 
 $FreeBSD$
@@ -20,7 +21,8 @@ $FreeBSD$
 #include <md4.h>
 #include <md5.h>
 
-VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND VOIDPTR in AND VOIDPTR out AND int n)
+VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND
+VOIDPTR in AND struct opie_otpkey *out AND int n)
 {
   UINT4 *results = (UINT4 *)out;
   UINT4 mdx_tmp[4];
diff --git a/contrib/opie/libopie/insecure.c b/contrib/opie/libopie/insecure.c
index e02183a..bc61c54 100644
--- a/contrib/opie/libopie/insecure.c
+++ b/contrib/opie/libopie/insecure.c
@@ -1,7 +1,7 @@
 /* insecure.c: The opieinsecure() library function.
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
@@ -14,6 +14,8 @@ License Agreement applies to this software.
 
         History:
 
+	Modified by cmetz for OPIE 2.4. Do utmp checks on utmpx systems.
+	     Handle unterminated ut_host.
 	Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent().
 	Modified by cmetz for OPIE 2.3. Added result caching. Use
 	     __opiegetutmpentry(). Ifdef around ut_host check. Eliminate
@@ -59,9 +61,9 @@ int opieinsecure FUNCTION_NOARGS
   char *s;
   char *term_name;
   int  insecure = 0;
-#if HAVE_UT_HOST
+#if HAVE_UT_HOST || DOUTMPX
   struct utmp utmp;
-#endif /* HAVE_UT_HOST */
+#endif /* HAVE_UT_HOST || DOUTMPX */
   static int result = -1;
 
   if (result != -1)
@@ -122,30 +124,34 @@ int opieinsecure FUNCTION_NOARGS
         return (result = 1);
   };
 
-#if HAVE_UT_HOST
+#if HAVE_UT_HOST || DOUTMPX
   if (isatty(0)) {
     memset(&utmp, 0, sizeof(struct utmp));
     {
       int i = __opiegetutmpentry(ttyname(0), &utmp);
       endutent();
       if (!i && utmp.ut_host[0]) {
+	char host[sizeof(utmp.ut_host) + 1];
 	insecure = 1;
 
-	if (s = strchr(utmp.ut_host, ':')) {
-	  int n = s - utmp.ut_host;
+	strncpy(host, utmp.ut_host, sizeof(utmp.ut_host));
+	host[sizeof(utmp.ut_host)] = 0;
+
+	if (s = strchr(host, ':')) {
+	  int n = s - host;
 	  if (!n)
 	    insecure = 0;
 	  else
 	    if (display_name) {
-	      if (!strncmp(utmp.ut_host, display_name, n))
+	      if (!strncmp(host, display_name, n))
 		insecure = 0;
-#ifdef SOLARIS
+#if 1 /* def SOLARIS */
 	      else
-		if (s = strchr(utmp.ut_host, ' ')) {
+		if (s = strchr(host, ' ')) {
 		  *s = ':';
 		  if (s = strchr(s + 1, ' '))
 		    *s = '.';
-		  if (!strncmp(utmp.ut_host, display_name, n))
+		  if (!strncmp(host, display_name, n))
 		    insecure = 0; 
 		}
 #endif /* SOLARIS */
@@ -154,7 +160,7 @@ int opieinsecure FUNCTION_NOARGS
       }
     };
   };
-#endif /* HAVE_UT_HOST */
+#endif /* HAVE_UT_HOST || DOUTMPX */
   if (insecure)
     return (result = 1);
 
diff --git a/contrib/opie/libopie/lock.c b/contrib/opie/libopie/lock.c
index 0f666a6..865d270 100644
--- a/contrib/opie/libopie/lock.c
+++ b/contrib/opie/libopie/lock.c
@@ -1,7 +1,7 @@
 /* lock.c: The opielock() library function.
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@ License Agreement applies to this software.
 
         History:
 
+	Modified by cmetz for OPIE 2.4. Use snprintf.
 	Modified by cmetz for OPIE 2.31. Put locks in a separate dir.
             Bug fixes.
 	Modified by cmetz for OPIE 2.3. Do refcounts whether or not we
@@ -201,7 +202,9 @@ int opielock FUNCTION((principal), char *principal)
   if (!S_ISREG(statbuf[0].st_mode) || (statbuf[0].st_mode != statbuf[1].st_mode) || (statbuf[0].st_ino != statbuf[1].st_ino))
     goto lockret;
 
-  sprintf(buffer, "%d\n%d\n", getpid(), time(0));
+  if (snprintf(buffer, sizeof(buffer), "%d\n%d\n", getpid(), time(0)) >= sizeof(buffer))
+    goto lockret;
+
   i = strlen(buffer) + 1;
   if (lseek(fh, 0, SEEK_SET)) { 
     close(fh);
diff --git a/contrib/opie/libopie/newseed.c b/contrib/opie/libopie/newseed.c
index 23cdce4..f32b075 100644
--- a/contrib/opie/libopie/newseed.c
+++ b/contrib/opie/libopie/newseed.c
@@ -1,13 +1,15 @@
 /* newseed.c: The opienewseed() library function.
 
 %%% copyright-cmetz-96
-This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved.
-The Inner Net License Version 2 applies to this software.
+This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
+The Inner Net License Version 3 applies to this software.
 You should have received a copy of the license with this software. If
 you didn't get a copy, you may request one from <license@inner.net>.
 
 	History:
 
+	Modified by cmetz for OPIE 2.4. Greatly simplified increment. Now does
+		not add digits. Reformatted the code.
 	Modified by cmetz for OPIE 2.32. Added syslog.h if DEBUG.
 	Modified by cmetz for OPIE 2.31. Added time.h.
 	Created by cmetz for OPIE 2.22.
@@ -37,73 +39,54 @@ $FreeBSD$
 
 int opienewseed FUNCTION((seed), char *seed)
 {
-  if (!seed)
-    return -1;
-
-  if (seed[0]) {
-    int i;
-    
-    if ((i = strlen(seed)) >= OPIE_SEED_MIN) {
-      long j;
-      char *c;
-      
-      if (i > OPIE_SEED_MAX)
-	i = OPIE_SEED_MAX;
-
-      c = seed + i - 1;
-
-      while(c != seed) {
-	if (!isdigit(*c))
-	  break;
-	c--;
-      }
-
-      c++;
-
-      if (j = strtol(c, (char **)0, 10)) {
-	char buf[OPIE_SEED_MAX];
-
-	*c = 0;
-	strcpy(buf, seed);
-
-	if (errno == ERANGE) {
-	  j = 1;
-	} else {
-	  int k = 1, l = OPIE_SEED_MAX - strlen(buf);
-	  while(l--) k *= 10;
-
-	  if (++j >= k)
-	    j = 1;
+	if (!seed)
+		return -1;
+
+	if (seed[0]) {
+		char *c, *end;
+		unsigned int i, max;
+
+		if ((i = strlen(seed)) > OPIE_SEED_MAX)
+			i = OPIE_SEED_MAX;
+
+		for (c = end = seed + i - 1, max = 1;
+				(c > seed) && isdigit(*c); c--)
+			max *= 10;
+
+		if ((i = strtoul(++c, (char **)0, 10)) < max) {
+			if (++i >= max)
+				i = 1;
+
+			snprintf(c, end - c, "%d", i);
+			seed[OPIE_SEED_MAX] = 0;
+			return 0;
+		}
 	}
 
-	sprintf(seed, "%s%04ld", buf, j);
-	return 0;
-      }
-    }
-  }
+	{
+		time_t now;
 
-  {
-    {
-    time_t now;
-    time(&now);
-    srand(now);
-    }
+		time(&now);
+		srand(now);
+	}
 
-    {
-    struct utsname utsname;
+	{
+		struct utsname utsname;
 
-    if (uname(&utsname) < 0) {
+		if (uname(&utsname) < 0) {
 #if DEBUG
-      syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno), errno);
+			syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno),
+				errno);
 #endif /* DEBUG */
-      utsname.nodename[0] = 'k';
-      utsname.nodename[1] = 'e';
-    }
-    utsname.nodename[2] = 0;
-
-    sprintf(seed, "%s%04d", utsname.nodename, (rand() % 9999) + 1);
-    return 0;
-    }
-  }
+			utsname.nodename[0] = 'k';
+			utsname.nodename[1] = 'e';
+		}
+		utsname.nodename[2] = 0;
+
+		if (snprintf(seed, OPIE_SEED_MAX+1, "%s%04d", utsname.nodename,
+				(rand() % 9999) + 1) >= OPIE_SEED_MAX+1)
+			return -1;
+		return 0;
+	}
 }
 
diff --git a/contrib/opie/opie.4 b/contrib/opie/opie.4
index 58fa0d3..3ac1932 100644
--- a/contrib/opie/opie.4
+++ b/contrib/opie/opie.4
@@ -1,7 +1,7 @@
 .\" opie.4: Overview of the OPIE software.
 .\"
 .\" %%% portions-copyright-cmetz-96
-.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 .\" Reserved. The Inner Net License Version 2 applies to these portions of
 .\" the software.
 .\" You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@
 .\"
 .\"	History:
 .\"
+.\"	Modified by cmetz for OPIE 2.4. Spelling fixes.
 .\"     Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. Removed
 .\"         references to the old square brackets challenge delimiters.
 .\"     Modified at NRL for OPIE 2.01. Updated UNIX trademark credit.
@@ -87,7 +88,7 @@ the calculator given the challenge and the secret password. For example,
 .TP
 .I seed
 A piece of information that is used in conjunction with the secret password
-and sequence numer to compute the response. Its purpose is to allow the same
+and sequence number to compute the response. Its purpose is to allow the same
 secret password to be used for multiple sequences, by changing the seed, or
 for authentication to multiple machines by using different seeds.
 .TP
@@ -143,7 +144,7 @@ technique was implemented by Haller, Karn, and Walden at Bellcore. They
 created a free software package called "S/Key" that used an algorithm
 called a cryptographic checksum. A cryptographic checksum is a strong one-way
 function such that, knowing the result of such a function, an attacker still
-cannot feasably determine the input. Further, unlike cyclic redundancy
+cannot feasibly determine the input. Further, unlike cyclic redundancy
 checksums (CRCs), cryptographic checksums have few inputs that result in the
 same output.
 .LP
diff --git a/contrib/opie/opie.h b/contrib/opie/opie.h
index 7ac9b21..be508c7 100644
--- a/contrib/opie/opie.h
+++ b/contrib/opie/opie.h
@@ -2,7 +2,7 @@
 	system that a program might need.
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
@@ -15,6 +15,9 @@ License Agreement applies to this software.
 
 	History:
 
+	Modified by cmetz for OPIE 2.4. Added sequence number limits. Added
+		struct opie_otpkey and made many functions use it. Added
+		opiestrncpy(). Include header with libmissing prototypes.
 	Modified by cmetz for OPIE 2.32. Added symbolic flag names for
 		opiepasswd(). Added __opieparsechallenge() prototype.
 	Modified by cmetz for OPIE 2.31. Removed active attack protection.
@@ -53,7 +56,9 @@ struct opie {
 #define __OPIE_FLAGS_READ 2
 
 /* Minimum length of a secret password */
+#ifndef OPIE_SECRET_MIN
 #define OPIE_SECRET_MIN 10
+#endif	/* OPIE_SECRET_MIN */
 
 /* Maximum length of a secret password */
 #define OPIE_SECRET_MAX 127
@@ -76,25 +81,47 @@ struct opie {
 /* Maximum length of a principal (read: user name) */
 #define OPIE_PRINCIPAL_MAX 32
 
-#include <sys/cdefs.h>
+/* Maximum sequence number */
+#ifndef OPIE_SEQUENCE_MAX
+#define OPIE_SEQUENCE_MAX 9999
+#endif /* OPIE_SEQUENCE_MAX */
+
+/* Restricted sequence number */
+#ifndef OPIE_SEQUENCE_RESTRICT
+#define OPIE_SEQUENCE_RESTRICT 9
+#endif /* OPIE_SEQUENCE_RESTRICT */
+
+#define UINT4 u_int32_t
+
+struct opie_otpkey {
+	UINT4 words[2];
+};
+
+#ifndef SEEK_SET
+#define SEEK_SET 0
+#endif /* SEEK_SET */
+
+#ifndef SEEK_END
+#define SEEK_END 2
+#endif /* SEEK_END */
 
 __BEGIN_DECLS
 int  opieaccessfile __P((char *));
 int  rdnets __P((long));
 int  isaddr __P((register char *));
 int  opiealways __P((char *));
-char *opieatob8 __P((char *,char *));
+char *opieatob8 __P((struct opie_otpkey *, char *));
 void opiebackspace __P((char *));
-char *opiebtoa8 __P((char *,char *));
-char *opiebtoe __P((char *,char *));
-char *opiebtoh __P((char *,char *));
-int  opieetob __P((char *,char *));
+char *opiebtoa8 __P((char *, struct opie_otpkey *));
+char *opiebtoe __P((char *, struct opie_otpkey *));
+char *opiebtoh __P((char *, struct opie_otpkey *));
+int  opieetob __P((struct opie_otpkey *, char *));
 int  opiechallenge __P((struct opie *,char *,char *));
 int  opiegenerator __P((char *,char *,char *));
 int  opiegetsequence __P((struct opie *));
-void opiehash __P((void *, unsigned));
+void opiehash __P((struct opie_otpkey *, unsigned));
 int  opiehtoi __P((register char));
-int  opiekeycrunch __P((int, char *, char *, char *));
+int  opiekeycrunch __P((int, struct opie_otpkey *, char *, char *));
 int  opielock __P((char *));
 int  opieunlock __P((void));
 void opieunlockaeh __P((void));
@@ -121,7 +148,6 @@ __END_DECLS
 #define FUNCTION(arglist, args) (args)
 #define AND ,
 #define FUNCTION_NOARGS ()
-#define UINT4 u_int32_t
 
 __BEGIN_DECLS
 struct utmp;
@@ -133,6 +159,14 @@ int __opiereadrec __P((struct opie *));
 int __opiewriterec __P((struct opie *));
 int __opieparsechallenge __P((char *buffer, int *algorithm, int *sequence, char **seed, int *exts));
 __END_DECLS
+
+#define opiestrncpy(dst, src, n) \
+  do { \
+    strncpy(dst, src, n-1); \
+    dst[n-1] = 0; \
+  } while(0)
+
+/* #include "missing.h" */
 #endif /* _OPIE */
 
 #define OPIEPASSWD_CONSOLE 1
diff --git a/contrib/opie/opie_cfg.h b/contrib/opie/opie_cfg.h
index be29b59..bd000ae 100644
--- a/contrib/opie/opie_cfg.h
+++ b/contrib/opie/opie_cfg.h
@@ -1,7 +1,7 @@
 /* opie_cfg.h: Various configuration-type pieces of information for OPIE.
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@ License Agreement applies to this software.
 
 	History:
 
+	Modified by cmetz for OPIE 2.4. Removed NBBY definition.
 	Modified by cmetz for OPIE 2.32. Include <sys/types.h> before
 		<dirent.h> to make *BSD happy.
 	Modified by cmetz for OPIE 2.31. Added 4.4BSD-Lite pathnames.h
@@ -53,8 +54,8 @@ $FreeBSD$
 #ifndef _OPIE_CFG_H
 #define _OPIE_CFG_H 1
 
-#define VERSION "2.32"
-#define DATE    "Thursday, January 1, 1998"
+#define VERSION "2.4"
+#define DATE    "Friday, January 19, 2001"
 
 #ifndef unix
 #define unix 1
@@ -165,10 +166,6 @@ $FreeBSD$
 #define MOTD_FILE         "/etc/motd"
 #endif
 
-#ifndef NBBY
-#define NBBY 8	/* Reasonable for modern systems */
-#endif	/* NBBY */
-
 #ifndef LOGIN_PATH
 #define LOGIN_PATH "/usr/ucb:/bin:/usr/bin"
 #endif	/* LOGIN_PATH */
diff --git a/contrib/opie/opieaccess.5 b/contrib/opie/opieaccess.5
index 1d8f6f3..41b1ec0 100644
--- a/contrib/opie/opieaccess.5
+++ b/contrib/opie/opieaccess.5
@@ -7,11 +7,13 @@
 .\"
 .\"	History:
 .\"
+.\"	Modified by cmetz for OPIE 2.4. Fixed "0PIE" typo.
 .\"	Written at NRL for OPIE 2.0.
 .\"
 .ll 6i
 .pl 10.5i
 .\"	@(#)opieaccess.5	2.0 (NRL) 1/10/95
+.\" $FreeBSD$
 .\"
 .lt 6.0i
 .TH OPIEACCESS 5 "January 10, 1995"
@@ -61,7 +63,7 @@ mask	Mask of the network to match
 
 Subnets can be controlled by using the appropriate address and mask. Individual
 hosts can be controlled by using the appropriate address and a mask of
-255.255.255.255. If no rules are matched, the default is to deny non-0PIE
+255.255.255.255. If no rules are matched, the default is to deny non-OPIE
 logins.
 
 .SH SEE ALSO
diff --git a/contrib/opie/opieftpd.c b/contrib/opie/opieftpd.c
index 1bace12..eb6015f 100644
--- a/contrib/opie/opieftpd.c
+++ b/contrib/opie/opieftpd.c
@@ -1,7 +1,7 @@
 /* opieftpd.c: Main program for an FTP daemon.
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
@@ -14,6 +14,8 @@ License Agreement applies to this software.
 
 	History:
 
+	Modified by cmetz for OPIE 2.4. Add id parameter to opielogwtmp. Use
+		opiestrncpy(). Fix incorrect use of setproctitle().
 	Modified by cmetz for OPIE 2.32. Remove include of dirent.h here; it's
 		done already (and conditionally) in opie_cfg.h.
 	Modified by cmetz for OPIE 2.31. Merged in some 4.4BSD-Lite changes.
@@ -243,7 +245,7 @@ static int receive_data __P((FILE *, FILE *));
 static char *gunique __P((char *));
 static char *sgetsave __P((char *));
 
-int opielogwtmp __P((char *, char *, char *));
+int opielogwtmp __P((char *, char *, char *, char *));
 
 int fclose __P((FILE *));
 
@@ -510,7 +512,7 @@ static VOIDRET end_login FUNCTION_NOARGS
   if (seteuid((uid_t) 0))
     syslog(LOG_ERR, "Can't set euid");
   if (logged_in)
-    opielogwtmp(ttyline, "", "");
+    opielogwtmp(ttyline, "", "", "ftp");
   pw = NULL;
   logged_in = 0;
 #if DOANONYMOUS
@@ -564,7 +566,7 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
 
   /* open wtmp before chroot */
   sprintf(ttyline, "ftp%d", getpid());
-  opielogwtmp(ttyline, pw->pw_name, remotehost);
+  opielogwtmp(ttyline, pw->pw_name, remotehost, "ftp");
   logged_in = 1;
 
 #if DOANONYMOUS
@@ -631,10 +633,10 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
   if (guest) {
     reply(230, "Guest login ok, access restrictions apply.");
 #if DOTITLE
-    snprintf(proctitle, sizeof(proctitle), "%s: anonymous/%s", remotehost,
-	passwd);
-    setproctitle("%s", proctitle);
-#endif	/* DOTITLE */
+    setproctitle("%s: anonymous/%.*s", remotehost,
+            sizeof(proctitle) - sizeof(remotehost) - sizeof(": anonymous/"),
+	    passwd);
+#endif /* DOTITLE */
     syslog(LOG_NOTICE, "ANONYMOUS FTP login from %s with ID %s",
             remotehost, passwd);
   } else
@@ -643,9 +645,8 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
     reply(230, "User %s logged in.", pw->pw_name);
 
 #if DOTITLE
-    snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
-    setproctitle("%s", proctitle);
-#endif	/* DOTITLE */
+    setproctitle("%s: %s", remotehost, pw->pw_name);
+#endif /* DOTITLE */
     syslog(LOG_INFO, "FTP login from %s with user name %s", remotehost, pw->pw_name);
   }
   home = pw->pw_dir;	/* home dir for globbing */
@@ -1256,13 +1257,11 @@ static VOIDRET dolog FUNCTION((sin), struct sockaddr_in *sin)
   time_t t, time();
 
   if (hp)
-    strncpy(remotehost, hp->h_name, sizeof(remotehost));
+    opiestrncpy(remotehost, hp->h_name, sizeof(remotehost));
   else
-    strncpy(remotehost, inet_ntoa(sin->sin_addr), sizeof(remotehost));
-  remotehost[sizeof(remotehost) - 1] = '\0';
+    opiestrncpy(remotehost, inet_ntoa(sin->sin_addr), sizeof(remotehost));
 #if DOTITLE
-  snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
-  setproctitle("%s", proctitle);
+  setproctitle("%s: connected", remotehost);
 #endif	/* DOTITLE */
 
   t = time((time_t *) 0);
@@ -1280,7 +1279,7 @@ VOIDRET dologout FUNCTION((status), int status)
   if (logged_in) {
     if (seteuid((uid_t) 0))
       syslog(LOG_ERR, "Can't set euid");
-    opielogwtmp(ttyline, "", "");
+    opielogwtmp(ttyline, "", "", "ftp");
   }
   /* beware of flushing buffers after a SIGPIPE */
   _exit(status);
diff --git a/contrib/opie/opieinfo.1 b/contrib/opie/opieinfo.1
index 0b09455..41cdebe 100644
--- a/contrib/opie/opieinfo.1
+++ b/contrib/opie/opieinfo.1
@@ -1,7 +1,7 @@
 .\" opieinfo.1: Manual page for the opieinfo(1) program.
 .\"
 .\" %%% portions-copyright-cmetz-96
-.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 .\" Reserved. The Inner Net License Version 2 applies to these portions of
 .\" the software.
 .\" You should have received a copy of the license with this software. If
diff --git a/contrib/opie/opieinfo.c b/contrib/opie/opieinfo.c
index 614dad6..09f9784 100644
--- a/contrib/opie/opieinfo.c
+++ b/contrib/opie/opieinfo.c
@@ -2,7 +2,7 @@
 opieinfo: Print a user's current OPIE sequence number and seed
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
diff --git a/contrib/opie/opiekey.1 b/contrib/opie/opiekey.1
index 4adf0ef..1f6e35e 100644
--- a/contrib/opie/opiekey.1
+++ b/contrib/opie/opiekey.1
@@ -1,7 +1,7 @@
 .\" opiekey.1: Manual page for the opiekey(1) program.
 .\"
 .\" %%% portions-copyright-cmetz-96
-.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 .\" Reserved. The Inner Net License Version 2 applies to these portions of
 .\" the software.
 .\" You should have received a copy of the license with this software. If
diff --git a/contrib/opie/opiekey.c b/contrib/opie/opiekey.c
index 32a1f9c..20ba658 100644
--- a/contrib/opie/opiekey.c
+++ b/contrib/opie/opiekey.c
@@ -5,7 +5,7 @@
  and outputs a response.
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
@@ -18,6 +18,7 @@ License Agreement applies to this software.
 
 	History:
 
+	Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
 	Modified by cmetz for OPIE 2.31. Renamed "init" and RESPONSE_INIT
 	        to "init-hex" and RESPONSE_INIT_HEX. Removed active attack
 		protection support.
@@ -135,7 +136,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
   int i;
   int count = 1;
   char secret[OPIE_SECRET_MAX + 1], newsecret[OPIE_SECRET_MAX + 1];
-  char key[8], newkey[8];
+  struct opie_otpkey key, newkey;
   char *seed, newseed[OPIE_SEED_MAX + 1];
   char response[OPIE_RESPONSE_MAX + 1];
   char *slash;
@@ -266,13 +267,13 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
       goto error;
     }
 
-    if (opiekeycrunch(algorithm, newkey, newseed, newsecret)) {
+    if (opiekeycrunch(algorithm, &newkey, newseed, newsecret)) {
       fprintf(stderr, "%s: key crunch failed (1)\n", argv[0]);
       goto error;
     }
 
     for (i = 0; i < 499; i++)
-      opiehash(newkey, algorithm);
+      opiehash(&newkey, algorithm);
   } else
 #if RETYPE
     getsecret(secret, "", 1);
@@ -281,13 +282,13 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
 #endif /* RETYPE */
 
   /* Crunch seed and secret password into starting key normally */
-  if (opiekeycrunch(algorithm, key, seed, secret)) {
+  if (opiekeycrunch(algorithm, &key, seed, secret)) {
     fprintf(stderr, "%s: key crunch failed\n", argv[0]);
     goto error;
   }
 
   for (i = 0; i <= (keynum - count); i++)
-    opiehash(key, algorithm);
+    opiehash(&key, algorithm);
 
   {
     char buf[OPIE_SEED_MAX + 48 + 1];
@@ -300,37 +301,37 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
       switch(type) {
       case RESPONSE_STANDARD:
 	if (hex)
-	  opiebtoh(response, key);
+	  opiebtoh(response, &key);
 	else
-	  opiebtoe(response, key);
+	  opiebtoe(response, &key);
 	break;
       case RESPONSE_WORD:
 	strcpy(response, "word:");
-	strcat(response, opiebtoe(buf, key));
+	strcat(response, opiebtoe(buf, &key));
 	break;
       case RESPONSE_HEX:
 	strcpy(response, "hex:");
-	strcat(response, opiebtoh(buf, key));
+	strcat(response, opiebtoh(buf, &key));
 	break;
       case RESPONSE_INIT_HEX:
       case RESPONSE_INIT_WORD:
 	if (type == RESPONSE_INIT_HEX) {
 	  strcpy(response, "init-hex:");
-	  strcat(response, opiebtoh(buf, key));
+	  strcat(response, opiebtoh(buf, &key));
 	  sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
 	  strcat(response, buf);
-	  strcat(response, opiebtoh(buf, newkey));
+	  strcat(response, opiebtoh(buf, &newkey));
 	} else {
 	  strcpy(response, "init-word:");
-	  strcat(response, opiebtoe(buf, key));
+	  strcat(response, opiebtoe(buf, &key));
 	  sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
 	  strcat(response, buf);
-	  strcat(response, opiebtoe(buf, newkey));
+	  strcat(response, opiebtoe(buf, &newkey));
 	}
 	break;
       }
       puts(response);
-      opiehash(key, algorithm);
+      opiehash(&key, algorithm);
     }
   }
 
diff --git a/contrib/opie/opiepasswd.1 b/contrib/opie/opiepasswd.1
index d3fc5e3..5ce6cb0 100644
--- a/contrib/opie/opiepasswd.1
+++ b/contrib/opie/opiepasswd.1
@@ -1,7 +1,7 @@
 .\" opiepasswd.1: Manual page for the opiepasswd(1) program.
 .\"
 .\" %%% portions-copyright-cmetz-96
-.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 .\" Reserved. The Inner Net License Version 2 applies to these portions of
 .\" the software.
 .\" You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@
 .\"
 .\"	History:
 .\"
+.\"	Modified by cmetz for OPIE 2.4. Fixed spelling bug.
 .\"	Modified by cmetz for OPIE 2.3. Added -f flag documentation.
 .\"           Updated console example.
 .\"     Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
@@ -36,7 +37,7 @@ system.
 [\-v] [\-h] [\-c|\-d] [\-f]
 .sp 0
 [\-n
-.I inital_sequence_number
+.I initial_sequence_number
 ]
 [\-s 
 .I seed 
diff --git a/contrib/opie/opiepasswd.c b/contrib/opie/opiepasswd.c
index 6cb2728..2e2358a 100644
--- a/contrib/opie/opiepasswd.c
+++ b/contrib/opie/opiepasswd.c
@@ -1,7 +1,7 @@
 /* opiepasswd.c: Add/change an OTP password in the key database.
 
 %%% portions-copyright-cmetz-96
-Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
+Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
 Reserved. The Inner Net License Version 2 applies to these portions of
 the software.
 You should have received a copy of the license with this software. If
@@ -14,6 +14,8 @@ License Agreement applies to this software.
 
 	History:
 
+	Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
+		Use opiestrncpy().
 	Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of
 		hard coding the length. Unlock user on failed lookup.
 	Modified by cmetz for OPIE 2.3. Got of some variables and made some
@@ -97,12 +99,13 @@ static VOIDRET finish FUNCTION((name), char *name)
     }
     printf("OTP key is %d %s\n", opie.opie_n, opie.opie_seed);
     {
-      char key[8];
-      if (!opieatob8(key, opie.opie_val)) {
+      struct opie_otpkey key;
+
+      if (!opieatob8(&key, opie.opie_val)) {
 	fprintf(stderr, "Error verifying key -- possible database corruption.\n");
 	finish(NULL);
       }
-      printf("%s\n", opiebtoe(buf, key));
+      printf("%s\n", opiebtoe(buf, &key));
     }
   }
 
@@ -156,8 +159,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
 	       OPIE_SEED_MIN, OPIE_SEED_MAX);
 	finish(NULL);
       }
-      strncpy(seed, optarg, sizeof(seed));
-      seed[sizeof(seed) - 1] = 0;
+      opiestrncpy(seed, optarg, sizeof(seed));
       break;
     default:
       usage(argv[0]);
@@ -242,7 +244,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
 	{
 	  char *c;
 	  if (c = strrchr(tmp, ' '))
-	    strncpy(oseed, c + 1, sizeof(oseed));
+	    opiestrncpy(oseed, c + 1, sizeof(oseed));
 	  else {
 #if DEBUG
 	    fprintf(stderr, "opiepasswd: bogus challenge\n");
@@ -278,7 +280,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
 	  {
 	    char *c;
 	    if (c = strrchr(tmp, ' '))
-	      strncpy(nseed, c + 1, sizeof(nseed));
+	      opiestrncpy(nseed, c + 1, sizeof(nseed));
 	    else {
 #if DEBUG
 	      fprintf(stderr, "opiepasswd: bogus challenge\n");
@@ -349,18 +351,18 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
 	  finish(NULL);
 	}
 	{
-	  char key[8];
+	  struct opie_otpkey key;
 	  char tbuf[OPIE_RESPONSE_MAX + 1];
 	  
-	  if (opiekeycrunch(MDX, key, opie.opie_seed, passwd) != 0) {
+	  if (opiekeycrunch(MDX, &key, opie.opie_seed, passwd) != 0) {
 	    fprintf(stderr, "%s: key crunch failed. Secret pass phrase unchanged\n", argv[0]);
 	    finish(NULL);
 	  }
 	  memset(passwd, 0, sizeof(passwd));
 	  i = opie.opie_n - 1;
 	  while (i-- != 0)
-	    opiehash(key, MDX);
-	  opiebtoe(tbuf, key);
+	    opiehash(&key, MDX);
+	  opiebtoe(tbuf, &key);
 	  if (opieverify(&opie, tbuf)) {
 	    fprintf(stderr, "Sorry.\n");
 	    finish(NULL);