| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
official freebsd packages
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r269806:
Fix too long (seed length >12 chars) challenge handling.
1) " ext" length should be included into OPIE_CHALLENGE_MAX (as all places
of opie code expects that).
2) Overflow check in challenge.c is off by 1 even with corrected
OPIE_CHALLENGE_MAX
3) When fallback to randomchallenge() happens and rval is 0 (i.e.
challenge is too long), its value should be set to error state too.
To demonstrate the bug, run opiepasswd with valid seed:
opiepasswd -s 1234567890123456
and notice that it falls back to randomchallenge() (i.e. no
1234567890123456 in the prompt).
r269809:
When sha1 support was added, they forget to increase OPIE_HASHNAME_MAX
r269811:
Last '/' for program name, not first one.
r269810:
Link otp-sha1 to match real challenge prompt, not otp-sha.
PR: 191511
Submitted by: mitsururike@gmail.com (partially, PR 269806)
|
| |
|
|
|
|
| |
Found by: clang ToT
Reviewed by: delphij
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
| |
share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of
FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk>
Reviewed by: imp, toolchain@
Approved by: cperciva
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
| |
folding to 64 bits, while SHA1 code is big endian. Therefore, a bswap32
is required before using the value.
Without this change, the implementation does not conform to test vector
found in RFC 2289.
PR: bin/170519
Submitted by: Arthur Mesh <arthurmesh gmail com> (with changes)
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
the jail(8) command. [10:04]
Fix a one-NUL-byte buffer overflow in libopie. [10:05]
Correctly sanity-check a buffer length in nfs mount. [10:06]
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient
|
| |
|
|
|
|
|
| |
libopie includes both <utmp.h> and <utmpx.h> in this case and uses some
#defines to let the code use struct utmpx and its utility functions.
We'd better not include <utmp.h> here, because maybe it will not be
present in the future.
|
| |
|
|
|
|
|
|
| |
- Fix trailing comma
PR: docs/85118
Submitted by: vs
MFC after: 3 days
|
| |
|
|
|
|
|
|
| |
Correctly identify the user running opiepasswd(1) when the login name
differs from the account name. [2]
Security: FreeBSD-SA-06:11.ipsec [1]
Security: FreeBSD-SA-06:12.opie [2]
|
| |
|
|
| |
PR: 84221
|
| |
|
|
|
|
|
|
| |
We might as well patch it.
Submitted by: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
PR: bin/23352
MFC After: The average time before an unpatched Windows 2000 server gets owned
|
| |
|
|
|
|
|
|
|
|
|
| |
incorrectly compute the length of the numeric portion of the previous
seed, causing the new seed to be one character shorter than the old
one.
This patch has been submitted to the vendor; I'm committing it right
away since the file is already off the vendor branch.
MFC after: 3 days
|
| | |
|
| |\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
very first thing immediately following opielookup() does being entered, i.e.
look at this:
int opielookup FUNCTION((opie, principal), struct opie *opie AND char
*principal
)
{
int i;
memset(opie, 0, sizeof(struct opie));
...
|
| | |
| |
| |
| |
| | |
Reviewed by: ache, audit, security
MFC after: 1 week
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
heuristics already here which not supposed to be secure, just helpers).
Approved by: security@ silence
|
| | |
| |
| |
| | |
Also minor declaration/header fixes while auditing the code.
|
| | |
| |
| |
| |
| |
| | |
PR: 23203
Submitted by: fenner
Approved by: markm
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
legally duplicated.
Requested by: ache
|
| | | |
|
| | |
| |
| |
| |
| | |
sequence and allow root to get everybody's one. Before this change user
can't get his own sequence, root required.
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| | |
approved by the vendor and will be present in future releases.
|
| | |
| |
| |
| | |
having the security hole there makes my skin itch.
|
| | |
| |
| |
| | |
OpenSSH OPIE support.
|
| | |
| |
| |
| |
| |
| | |
which cleans up OPIE lockfiles. This is required for pam_opie.
Submitted by: Jim Bloom <bloom@acm.org>
|
| | | |
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
- Replace nonexistent OPIE_PROMPT_MAX with OPIE_CHALLENGE_MAX
PR: 16209
Submitted by: Tetsuro Furuya <tfuruya@ppp142197.asahi-net.or.jp>
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
PR: 6912
Submitted by: Stefan Eggers <seggers@semyam.dinoco.de>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
changes has also been sent to opie-bugs@inner.net.
PR: 5129
Submitted by: jkh
|
| | |
| |
| |
| | |
/etc non-writeable as possible
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | | |
|
| | | |
|
