diff options
Diffstat (limited to 'contrib/opie/libopie')
25 files changed, 196 insertions, 99 deletions
diff --git a/contrib/opie/libopie/Makefile.in b/contrib/opie/libopie/Makefile.in index 2b3c96c..dfc1c6f 100644 --- a/contrib/opie/libopie/Makefile.in +++ b/contrib/opie/libopie/Makefile.in @@ -2,30 +2,34 @@ # Makefile.in/Makefile: Directions for building libopie. # # %%% copyright-cmetz-96 -# This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -# The Inner Net License Version 2 applies to this software. +# This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +# The Inner Net License Version 3 applies to this software. # You should have received a copy of the license with this software. If # you didn't get a copy, you may request one from <license@inner.net>. # # History: # +# Modified by cmetz for OPIE 2.4. Add libmissing to include header path. +# Use ar 'cr' instead of 'r'. Renamed realclean to distclean. # Modified by cmetz for OPIE 2.31. Added logwtmp.o # Created by cmetz for OPIE 2.3 using old Makefiles as a guide. OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o logwtmp.o # sha.o CC=@CC@ -CFLAGS=$(CFL) -I.. +CFLAGS=$(CFL) -I.. -I../libmissing TARGET=libopie.a all: $(TARGET) $(TARGET): $(OBJS) - ar r $(TARGET) $(OBJS) + ar cr $(TARGET) $(OBJS) @RANLIB@ $(TARGET) clean: -rm -f $(OBJS) $(TARGET) -realclean: clean +realclean: distclean + +distclean: clean -rm -f *~ core* "\#*\#" *.o *.a Makefile diff --git a/contrib/opie/libopie/accessfile.c b/contrib/opie/libopie/accessfile.c index 0fe1d12..8e2765f 100644 --- a/contrib/opie/libopie/accessfile.c +++ b/contrib/opie/libopie/accessfile.c @@ -2,7 +2,7 @@ overrides. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/atob8.c b/contrib/opie/libopie/atob8.c index 78a7d43..77367f1 100644 --- a/contrib/opie/libopie/atob8.c +++ b/contrib/opie/libopie/atob8.c @@ -1,7 +1,7 @@ /* atob8.c: The opieatob8() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. Modified by cmetz for OPIE 2.3. Return the output variable. Don't check parameters. Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. @@ -27,10 +28,11 @@ License Agreement applies to this software. /* Convert 8-byte hex-ascii string to binary array */ -char *opieatob8 FUNCTION((out, in), char *out AND char *in) +char *opieatob8 FUNCTION((out, in), struct opie_otpkey *outkey AND char *in) { register int i; register int val; + unsigned char *out = (unsigned char *)outkey; for (i = 0; i < 8; i++) { while (*in == ' ' || *in == '\t') diff --git a/contrib/opie/libopie/btoa8.c b/contrib/opie/libopie/btoa8.c index 2b3e885..b66306f 100644 --- a/contrib/opie/libopie/btoa8.c +++ b/contrib/opie/libopie/btoa8.c @@ -1,13 +1,14 @@ /* btoa8.c: The opiebtoa8() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. Created by cmetz for OPIE 2.3 (quick re-write). */ @@ -17,9 +18,10 @@ you didn't get a copy, you may request one from <license@inner.net>. static char hextochar[16] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; -char *opiebtoa8 FUNCTION((out, in), char *out AND char *in) +char *opiebtoa8 FUNCTION((out, in), char *out AND struct opie_otpkey *inkey) { int i; + unsigned char *in = (unsigned char *)inkey; char *c = out; for (i = 0; i < 8; i++) { diff --git a/contrib/opie/libopie/btoe.c b/contrib/opie/libopie/btoe.c index b7ed3cde..fa91077 100644 --- a/contrib/opie/libopie/btoe.c +++ b/contrib/opie/libopie/btoe.c @@ -3,7 +3,7 @@ 64 bit OTP. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -16,6 +16,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. Remove unnecessary address futzing with Wp in opiebtoe. Changed unsigned long to UINT4 for Alpha. @@ -2088,13 +2089,13 @@ static char Wp[2048][4] = }; /* Encode 8 bytes in 'c' as a string of English words. */ -char *opiebtoe FUNCTION((engout, c), char *engout AND char *c) +char *opiebtoe FUNCTION((engout, c), char *engout AND struct opie_otpkey *c) { - char cp[9]; /* add in room for the parity 2 bits */ + char cp[sizeof(struct opie_otpkey) + 1]; /* add in room for the parity 2 bits */ int p, i; engout[0] = '\0'; - memcpy(cp, c, 8); + memcpy(cp, c, sizeof(struct opie_otpkey)); /* compute parity */ for (p = 0, i = 0; i < 64; i += 2) p += extract(cp, i, 2); @@ -2120,7 +2121,7 @@ char *opiebtoe FUNCTION((engout, c), char *engout AND char *c) * -1 badly formed in put ie > 4 char word * -2 words OK but parity is wrong */ -int opieetob FUNCTION((out, e), char *out AND char *e) +int opieetob FUNCTION((out, e), struct opie_otpkey *out AND char *e) { char *word, *c, *input, b[9]; int i, p, v, l, low, high, rval = -1; @@ -2137,7 +2138,7 @@ int opieetob FUNCTION((out, e), char *out AND char *e) strncpy(input, e, i); input[i] = 0; memset(b, 0, sizeof(b)); - memset(out, 0, 8); + memset(out, 0, sizeof(struct opie_otpkey)); for (i = 0, p = 0, word = c = input; i < 6; i++, p += 11) { while (*c && !isalpha(*c)) c++; @@ -2187,7 +2188,7 @@ int opieetob FUNCTION((out, e), char *out AND char *e) goto opiebtoeret; } - memcpy(out, b, 8); + memcpy(out, b, sizeof(struct opie_otpkey)); rval = 1; diff --git a/contrib/opie/libopie/btoh.c b/contrib/opie/libopie/btoh.c index c5ed150..45fb4c8 100644 --- a/contrib/opie/libopie/btoh.c +++ b/contrib/opie/libopie/btoh.c @@ -1,8 +1,8 @@ /* btoh.c: The opiebtoh() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. @@ -17,10 +17,11 @@ you didn't get a copy, you may request one from <license@inner.net>. static char hextochar[16] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'}; -char *opiebtoh FUNCTION((out, in), char *out AND char *in) +char *opiebtoh FUNCTION((out, in), char *out AND struct opie_otpkey *inkey) { int i; char *c = out; + unsigned char *in = (unsigned char *)inkey; for (i = 0; i < 4; i++) { *(c++) = hextochar[((*in) >> 4) & 0x0f]; diff --git a/contrib/opie/libopie/getsequence.c b/contrib/opie/libopie/getsequence.c index e6c96c5..77fd5a2 100644 --- a/contrib/opie/libopie/getsequence.c +++ b/contrib/opie/libopie/getsequence.c @@ -1,7 +1,7 @@ /* getsequence.c: The opiegetsequence() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/getutmpentry.c b/contrib/opie/libopie/getutmpentry.c index 531820e..f3afe0c 100644 --- a/contrib/opie/libopie/getutmpentry.c +++ b/contrib/opie/libopie/getutmpentry.c @@ -1,8 +1,8 @@ /* getutmpentry.c: The __opiegetutmpentry() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. diff --git a/contrib/opie/libopie/keycrunch.c b/contrib/opie/libopie/keycrunch.c index 94a1a53..2ca57e0 100644 --- a/contrib/opie/libopie/keycrunch.c +++ b/contrib/opie/libopie/keycrunch.c @@ -1,13 +1,14 @@ /* keycrunch.c: The opiekeycrunch() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for arg. Created by cmetz for OPIE 2.3 using the old keycrunch.c as a guide. */ @@ -23,7 +24,8 @@ you didn't get a copy, you may request one from <license@inner.net>. #include "opie.h" -int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND char *result AND char *seed AND char *secret) +int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND +struct opie_otpkey *result AND char *seed AND char *secret) { int i, rval = -1; char *c; diff --git a/contrib/opie/libopie/login.c b/contrib/opie/libopie/login.c index ca39143..6c6ca79 100644 --- a/contrib/opie/libopie/login.c +++ b/contrib/opie/libopie/login.c @@ -1,13 +1,15 @@ /* login.c: The opielogin() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Add support for ut_id and + ut_syslen. Don't zero-terminate ut_name and ut_host. Modified by cmetz for OPIE 2.31. If the OS won't tell us where _PATH_WTMP[X] is, try playing the SVID game, then use Autoconf-discovered values. Fixed gettimeofday() call @@ -38,12 +40,15 @@ you didn't get a copy, you may request one from <license@inner.net>. #endif /* DEBUG */ #include "opie.h" +#define IDLEN 4 + int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *host) { - struct utmp u; int rval = 0; - #if !DISABLE_UTMP + struct utmp u; + char id[IDLEN + 1] = ""; + if (__opiegetutmpentry(line, &u)) { #if DEBUG syslog(LOG_DEBUG, "opielogin: __opiegetutmpentry(line=%s, &u) failed", line); @@ -58,6 +63,11 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h #endif /* DEBUG */ } +#if DOUTMPX || HAVE_UT_ID + strncpy(id, u.ut_id, sizeof(u.ut_id)); + id[sizeof(id)-1] = 0; +#endif /* DOUTMPX || HAVE_UT_ID */ + #if HAVE_UT_TYPE && defined(USER_PROCESS) u.ut_type = USER_PROCESS; #endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */ @@ -67,15 +77,16 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h #if HAVE_UT_NAME strncpy(u.ut_name, name, sizeof(u.ut_name)); - u.ut_name[sizeof(u.ut_name)-1] = 0; #else /* HAVE_UT_NAME */ #error No ut_name field in struct utmp? (Please send in a bug report) #endif /* HAVE_UT_NAME */ #if HAVE_UT_HOST strncpy(u.ut_host, host, sizeof(u.ut_host)); - u.ut_host[sizeof(u.ut_host)-1] = 0; #endif /* HAVE_UT_HOST */ +#if DOUTMPX && HAVE_UTX_SYSLEN + u.ut_syslen = strlen(host) + 1; +#endif /* DOUTMPX && HAVE_UT_SYSLEN */ #if DOUTMPX #ifdef HAVE_ONE_ARG_GETTIMEOFDAY @@ -96,7 +107,7 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h #endif /* !DISABLE_UTMP */ dowtmp: - opielogwtmp(line, name, host); + opielogwtmp(line, name, host, id); opielogwtmp(NULL, NULL, NULL); dosetlogin: diff --git a/contrib/opie/libopie/logwtmp.c b/contrib/opie/libopie/logwtmp.c index a42fdec..873ca9b 100644 --- a/contrib/opie/libopie/logwtmp.c +++ b/contrib/opie/libopie/logwtmp.c @@ -1,7 +1,7 @@ /* logwtmp.c: Put an entry in the wtmp file. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,8 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Set process to dead if name is null. + Added support for ut_id and ut_syslen. Modified by cmetz for OPIE 2.32. Don't leave line=NULL, skip past /dev/ in line. Fill in ut_host on systems with UTMPX and ut_host. @@ -110,7 +112,7 @@ static int fdx = -1; * after first call, for use with ftp (which may chroot * after login, but before logout). */ -VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host) +VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host AND char *id) { #if !DISABLE_WTMP struct utmp ut; @@ -136,8 +138,15 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c return; if (fstat(fd, &buf) == 0) { #if HAVE_UT_TYPE && defined(USER_PROCESS) - ut.ut_type = USER_PROCESS; + if (name && *name) + ut.ut_type = USER_PROCESS; + else + ut.ut_type = DEAD_PROCESS; #endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */ +#if HAVE_UT_ID + if (id) + strncpy(ut.ut_id, id, sizeof(ut.ut_id)); +#endif /* HAVE_UT_ID */ #if HAVE_UT_PID ut.ut_pid = getpid(); #endif /* HAVE_UT_PID */ @@ -161,6 +170,18 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c strncpy(utx.ut_line, line, sizeof(utx.ut_line)); strncpy(utx.ut_name, name, sizeof(utx.ut_name)); strncpy(utx.ut_host, host, sizeof(utx.ut_host)); +#ifdef USER_PROCESS + if (name && *name) + utx.ut_type = USER_PROCESS; + else + utx.ut_type = DEAD_PROCESS; +#endif /* USER_PROCESS */ + if (id) + strncpy(utx.ut_id, id, sizeof(utx.ut_id)); + utx.ut_pid = getpid(); +#if HAVE_UTX_SYSLEN + utx.ut_syslen = strlen(utx.ut_host) + 1; +#endif /* HAVE_UTX_SYSLEN */ #if HAVE_GETTIMEOFDAY #if HAVE_ONE_ARG_GETTIMEOFDAY gettimeofday(&utx.ut_tv); diff --git a/contrib/opie/libopie/lookup.c b/contrib/opie/libopie/lookup.c index d05e1fa..3003da7 100644 --- a/contrib/opie/libopie/lookup.c +++ b/contrib/opie/libopie/lookup.c @@ -1,8 +1,8 @@ /* lookup.c: The opielookup() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. diff --git a/contrib/opie/libopie/md4c.c b/contrib/opie/libopie/md4c.c index acc8857..f6adc67 100644 --- a/contrib/opie/libopie/md4c.c +++ b/contrib/opie/libopie/md4c.c @@ -1,7 +1,7 @@ /* md4c.c: "RSA Data Security, Inc. MD4 Message-Digest Algorithm" %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/md5c.c b/contrib/opie/libopie/md5c.c index 09611a5..cdd21e0 100644 --- a/contrib/opie/libopie/md5c.c +++ b/contrib/opie/libopie/md5c.c @@ -2,7 +2,7 @@ "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/open.c b/contrib/opie/libopie/open.c index dac03a8..c0c76c2 100644 --- a/contrib/opie/libopie/open.c +++ b/contrib/opie/libopie/open.c @@ -1,13 +1,15 @@ /* open.c: The __opieopen() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. More portable way to get the mode + string for fopen. Created by cmetz for OPIE 2.3. */ #include "opie_cfg.h" @@ -51,9 +53,23 @@ FILE *__opieopen FUNCTION((file, rw, mode), char *file AND int rw AND int mode) return NULL; { - char *fmodes[] = { "r", "r+", "a" }; - - if (!(f = fopen(file, fmodes[rw]))) + char *fmode; + + switch(rw) { + case 0: + fmode = "r"; + break; + case 1: + fmode = "r+"; + break; + case 2: + fmode = "a"; + break; + default: + return NULL; + }; + + if (!(f = fopen(file, fmode))) return NULL; } diff --git a/contrib/opie/libopie/parsechallenge.c b/contrib/opie/libopie/parsechallenge.c index 2035c38..2b23a35 100644 --- a/contrib/opie/libopie/parsechallenge.c +++ b/contrib/opie/libopie/parsechallenge.c @@ -1,13 +1,15 @@ /* parsechallenge.c: The __opieparsechallenge() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use OPIE_SEQUENCE_MAX, check for + sequence number of zero. Modified by cmetz for OPIE 2.32. Check for extended response sets. Change prefix to double underscore. Created by cmetz for OPIE 2.3 using generator.c as a guide. @@ -48,7 +50,7 @@ int __opieparsechallenge FUNCTION((buffer, algorithm, sequence, seed, exts), cha *algorithm = a->num; } - if ((*sequence = strtoul(++c, &c, 10)) > 9999) + if (((*sequence = strtoul(++c, &c, 10)) > OPIE_SEQUENCE_MAX) || !*sequence) return -1; while(*c && isspace(*c)) c++; diff --git a/contrib/opie/libopie/passcheck.c b/contrib/opie/libopie/passcheck.c index 8bfa87d..140b8fb 100644 --- a/contrib/opie/libopie/passcheck.c +++ b/contrib/opie/libopie/passcheck.c @@ -1,7 +1,7 @@ /* passcheck.c: The opiepasscheck() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/passwd.c b/contrib/opie/libopie/passwd.c index 6bac249..1c3b1ab6 100644 --- a/contrib/opie/libopie/passwd.c +++ b/contrib/opie/libopie/passwd.c @@ -1,8 +1,8 @@ /* passwd.c: The opiepasswd() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. @@ -46,19 +46,19 @@ int opiepasswd FUNCTION((old, flags, principal, n, seed, ks), struct opie *old A opie.opie_seed = seed; if (ks) { - char key[8]; + struct opie_otpkey key; if (flags & OPIEPASSWD_CONSOLE) { - if (opiekeycrunch(MDX, key, seed, ks)) + if (opiekeycrunch(MDX, &key, seed, ks)) return -1; for (i = n; i; i--) - opiehash(key, MDX); - if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key))) + opiehash(&key, MDX); + if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key))) return -1; } else { - if ((opieetob(key, ks) != 1) && !opieatob8(key, ks)) + if ((opieetob(&key, ks) != 1) && !opieatob8(&key, ks)) return 1; - if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key))) + if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key))) return 1; } } diff --git a/contrib/opie/libopie/randomchallenge.c b/contrib/opie/libopie/randomchallenge.c index 99b4c48..7cf18bb 100644 --- a/contrib/opie/libopie/randomchallenge.c +++ b/contrib/opie/libopie/randomchallenge.c @@ -1,7 +1,7 @@ /* randomchallenge.c: The opierandomchallenge() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use snprintf(). Modified by cmetz for OPIE 2.32. Initialize algids[] with 0s instead of NULL. Modified by cmetz for OPIE 2.3. Add sha support. @@ -35,11 +36,12 @@ static char *algids[] = { 0, 0, 0, "sha1", "md4", "md5" }; most situations; it is certainly better than a fixed string */ VOIDRET opierandomchallenge FUNCTION((prompt), char *prompt) { - char buf[OPIE_SEED_MAX + 1]; + char buf[OPIE_SEED_MAX+1]; buf[0] = 0; if (opienewseed(buf)) strcpy(buf, "ke4452"); - sprintf(prompt, "otp-%s %d %s ext", algids[MDX], (rand() % 499) + 1, buf); + snprintf(prompt, OPIE_CHALLENGE_MAX+1, "otp-%s %d %s ext", algids[MDX], + (rand() % 499) + 1, buf); } diff --git a/contrib/opie/libopie/readpass.c b/contrib/opie/libopie/readpass.c index 5808f02..bd24b02 100644 --- a/contrib/opie/libopie/readpass.c +++ b/contrib/opie/libopie/readpass.c @@ -1,7 +1,7 @@ /* readpass.c: The opiereadpass() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/readrec.c b/contrib/opie/libopie/readrec.c index f6361eb..98ec658 100644 --- a/contrib/opie/libopie/readrec.c +++ b/contrib/opie/libopie/readrec.c @@ -1,13 +1,15 @@ /* readrec.c: The __opiereadrec() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and + response values are valid. Modified by cmetz for OPIE 2.31. Removed active attack protection support. Fixed a debug message typo. Keep going after bogus records. Set read flag. @@ -57,7 +59,7 @@ static int parserec FUNCTION((opie), struct opie *opie) opie->opie_n = strtoul(c, &c3, 10); - if (*c3) + if (*c3 || (opie->opie_n <= 0) || (opie->opie_n > 9999)) return -1; }; @@ -66,6 +68,10 @@ static int parserec FUNCTION((opie), struct opie *opie) *(c2++) = 0; + for (c = opie->opie_seed; *c; c++) + if (!isalnum(*c)) + return -1; + while(*c2 == ' ') c2++; if (!(c2 = strchr(opie->opie_val = c2, ' '))) @@ -73,6 +79,13 @@ static int parserec FUNCTION((opie), struct opie *opie) *(c2++) = 0; + { + struct opie_otpkey otpkey; + + if (!opieatob8(&otpkey, opie->opie_val)) + return -1; + } + return 0; } diff --git a/contrib/opie/libopie/unlock.c b/contrib/opie/libopie/unlock.c index 4c01a5c..0f607ab 100644 --- a/contrib/opie/libopie/unlock.c +++ b/contrib/opie/libopie/unlock.c @@ -1,7 +1,7 @@ /* unlock.c: The opieunlock() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/verify.c b/contrib/opie/libopie/verify.c index 990e293..e6abec4 100644 --- a/contrib/opie/libopie/verify.c +++ b/contrib/opie/libopie/verify.c @@ -1,13 +1,15 @@ /* verify.c: The opieverify() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for keys. + Check that seed and sequence number are valid. Modified by cmetz for OPIE 2.32. Renamed _opieparsechallenge() to __opieparsechallenge() and handle new argument. Fixed init response parsing bug. @@ -67,7 +69,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) { int i, rval = -1; char *c; - char key[8], fkey[8], lastkey[8]; + struct opie_otpkey key, fkey, lastkey; struct opie nopie; if (!opie || !response) @@ -80,7 +82,14 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) goto verret; #endif /* DEBUG */ - if (!opieatob8(lastkey, opie->opie_val)) + if (!opieatob8(&lastkey, opie->opie_val)) + goto verret; + + for (c = opie->opie_seed; *c; c++) + if (!isalnum(*c)) + goto verret; + + if (opie->opie_n <= 0) goto verret; if (c = strchr(response, ':')) { @@ -97,33 +106,33 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) case RESPONSE_STANDARD: i = 1; - if (opieetob(key, response) == 1) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (opieetob(&key, response) == 1) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } - if (i && opieatob8(key, response)) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (i && opieatob8(&key, response)) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } break; case RESPONSE_WORD: i = 1; - if (opieetob(key, c) == 1) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (opieetob(&key, c) == 1) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } break; case RESPONSE_HEX: i = 1; - if (opieatob8(key, c)) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (opieatob8(&key, c)) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } break; case RESPONSE_INIT_HEX: @@ -137,17 +146,17 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) *(c2++) = 0; if (i == RESPONSE_INIT_HEX) { - if (!opieatob8(key, c)) + if (!opieatob8(&key, c)) goto verret; } else { - if (opieetob(key, c) != 1) + if (opieetob(&key, c) != 1) goto verret; } - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); - if (memcmp(fkey, lastkey, sizeof(key))) + if (memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey))) goto verret; if (changed(opie)) @@ -155,7 +164,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) opie->opie_n--; - if (!opiebtoa8(opie->opie_val, key)) + if (!opiebtoa8(opie->opie_val, &key)) goto verret; if (__opiewriterec(opie)) @@ -174,10 +183,10 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) } if (i == RESPONSE_INIT_HEX) { - if (!opieatob8(key, c2)) + if (!opieatob8(&key, c2)) goto verret; } else { - if (opieetob(key, c2) != 1) + if (opieetob(&key, c2) != 1) goto verret; } } @@ -201,7 +210,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) opie->opie_n--; verwrt: - if (!opiebtoa8(opie->opie_val, key)) + if (!opiebtoa8(opie->opie_val, &key)) goto verret; rval = __opiewriterec(opie); diff --git a/contrib/opie/libopie/version.c b/contrib/opie/libopie/version.c index ef6523d..2364e77 100644 --- a/contrib/opie/libopie/version.c +++ b/contrib/opie/libopie/version.c @@ -1,7 +1,7 @@ /* version.c: The opieversion() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/writerec.c b/contrib/opie/libopie/writerec.c index 0843423..5ba53fe 100644 --- a/contrib/opie/libopie/writerec.c +++ b/contrib/opie/libopie/writerec.c @@ -1,13 +1,15 @@ /* writerec.c: The __opiewriterec() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Check that seed and sequence number are + valid. Modified by cmetz for OPIE 2.31. Removed active attack protection support. Fixed passwd bug. Created by cmetz for OPIE 2.3 from passwd.c. @@ -30,6 +32,7 @@ you didn't get a copy, you may request one from <license@inner.net>. #if HAVE_STDLIB_H #include <stdlib.h> #endif /* HAVE_STDLIB_H */ +#include <ctype.h> #include "opie.h" char *__opienone = "****************"; @@ -40,6 +43,7 @@ int __opiewriterec FUNCTION((opie), struct opie *opie) time_t now; FILE *f, *f2 = NULL; int i = 0; + char *c; time(&now); if (strftime(buf2, sizeof(buf2), " %b %d,%Y %T", localtime(&now)) < 1) @@ -51,7 +55,14 @@ int __opiewriterec FUNCTION((opie), struct opie *opie) opie->opie_flags = opie2.opie_flags; opie->opie_recstart = opie2.opie_recstart; } - + + for (c = opie->opie_seed; *c; c++) + if (!isalnum(*c)) + return -1; + + if ((opie->opie_n < 0) || (opie->opie_n > 9999)) + return -1; + switch(i) { case 0: if (!(f = __opieopen(KEY_FILE, 1, 0644))) |