summaryrefslogtreecommitdiffstats
path: root/contrib/opie
Commit message (Collapse)AuthorAgeFilesLines
* In contrib/opie/opiekey.c, use the correct length to zero the secret.dim2013-02-161-3/+3
| | | | | | Found by: clang ToT Reviewed by: delphij MFC after: 3 days
* Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS ineadler2012-12-062-2/+2
| | | | | | | | | | | | share/mk/sys.mk instead. This is part of a medium term project to permit deterministic builds of FreeBSD. Submitted by: Erik Cederstrand <erik@cederstrand.dk> Reviewed by: imp, toolchain@ Approved by: cperciva MFC after: 2 weeks
* RFC 2289 requires all hashes be stored in little endian format beforedelphij2012-08-102-0/+18
| | | | | | | | | | | | folding to 64 bits, while SHA1 code is big endian. Therefore, a bswap32 is required before using the value. Without this change, the implementation does not conform to test vector found in RFC 2289. PR: bin/170519 Submitted by: Arthur Mesh <arthurmesh gmail com> (with changes) MFC after: 1 week
* Change the current working directory to be inside the jail created bycperciva2010-05-271-3/+1
| | | | | | | | | | | | | | the jail(8) command. [10:04] Fix a one-NUL-byte buffer overflow in libopie. [10:05] Correctly sanity-check a buffer length in nfs mount. [10:06] Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-10:04.jail Security: FreeBSD-SA-10:05.opie Security: FreeBSD-SA-10:06.nfsclient
* Don't include <utmp.h> when using <utmpx.h>.ed2010-01-113-3/+6
| | | | | | | libopie includes both <utmp.h> and <utmpx.h> in this case and uses some #defines to let the code use struct utmpx and its utility functions. We'd better not include <utmp.h> here, because maybe it will not be present in the future.
* - Remove non-existing referencegabor2009-01-301-2/+1
| | | | | | | | - Fix trailing comma PR: docs/85118 Submitted by: vs MFC after: 3 days
* Add missing code needed for the detection of IPSec packet replays. [1]cperciva2006-03-221-1/+8
| | | | | | | | Correctly identify the user running opiepasswd(1) when the login name differs from the account name. [2] Security: FreeBSD-SA-06:11.ipsec [1] Security: FreeBSD-SA-06:12.opie [2]
* Create /etc/opiekeys with 0600, not 0644ache2005-07-292-3/+7
| | | | PR: 84221
* FreeBSD does not use this code, but ftpd_popen() contains a buffer overflow.kris2003-07-131-4/+10
| | | | | | | | We might as well patch it. Submitted by: Przemyslaw Frasunek <venglin@freebsd.lublin.pl> PR: bin/23352 MFC After: The average time before an unpatched Windows 2000 server gets owned
* When computing a new seed for an existing user, opienewseed() woulddes2003-01-221-5/+4
| | | | | | | | | | | incorrectly compute the length of the numeric portion of the previous seed, causing the new seed to be one character shorter than the old one. This patch has been submitted to the vendor; I'm committing it right away since the file is already off the vendor branch. MFC after: 3 days
* Resolve conflicts.markm2002-03-2119-196/+522
|
* This commit was generated by cvs2svn to compensate for changes in r92906,markm2002-03-2152-640/+1873
|\ | | | | | | which included commits to RCS files with non-trunk default branches.
| * Vendor import of OPIE 2.4markm2002-03-2171-859/+2420
| |
* | Zeroing memset() in opiechallenge() really is not needed because it is theache2002-01-241-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | very first thing immediately following opielookup() does being entered, i.e. look at this: int opielookup FUNCTION((opie, principal), struct opie *opie AND char *principal ) { int i; memset(opie, 0, sizeof(struct opie)); ...
* | Make the -a flag to opiekey(1) actually work as advertised.joerg2002-01-091-1/+1
| | | | | | | | | | Reviewed by: ache, audit, security MFC after: 1 week
* | Repo copied to /usr/src/lib/libopie/ache2002-01-031-379/+0
| |
* | Add heuristic to detect SSH connection (in the same style as otherache2001-08-291-0/+5
| | | | | | | | | | | | heuristics already here which not supposed to be secure, just helpers). Approved by: security@ silence
* | Fix overflow problem when giving a username that is too long.markm2001-08-201-1/+9
| | | | | | | | Also minor declaration/header fixes while auditing the code.
* | Fix uninitialized "force" variable.ache2001-08-131-1/+4
| | | | | | | | | | | | PR: 23203 Submitted by: fenner Approved by: markm
* | Fix SHA1 hashing.markm2001-07-142-21/+17
| |
* | Usse a better method to get a user's credentials, as uid's may bemarkm2001-07-141-1/+3
| | | | | | | | | | | | legally duplicated. Requested by: ache
* | Eliminate troff(1) warnings that were hiding some useful text.ru2001-07-121-1/+1
| |
* | Make the similar changes as in our keyinfo, i.e. allow user to get his ownache2001-06-231-10/+16
| | | | | | | | | | sequence and allow root to get everybody's one. Before this change user can't get his own sequence, root required.
* | This commit was generated by cvs2svn to compensate for changes in r73569,kris2001-03-052-2/+2
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import patch to fix non-constant format string abuses. This patch waskris2001-03-052-2/+2
| | | | | | | | approved by the vendor and will be present in future releases.
* | Correct security hole in setproctitle(). We don't compile this code, butkris2000-07-101-3/+3
| | | | | | | | having the security hole there makes my skin itch.
* | Add some extra functions adapted from OpenBSD, in preparation forkris2000-05-151-1/+8
| | | | | | | | OpenSSH OPIE support.
* | Allow applications to disable the installation of the atexit() handlerkris2000-04-172-2/+13
| | | | | | | | | | | | which cleans up OPIE lockfiles. This is required for pam_opie. Submitted by: Jim Bloom <bloom@acm.org>
* | Resolve conflictskris2000-04-1013-28/+78
| |
* | This commit was generated by cvs2svn to compensate for changes in r59118,kris2000-04-1056-500/+571
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Upgrade to OPIE 2.32, from http://www.inner.net/pub/opie/kris2000-04-1069-529/+631
| |
* | - Use proper markup for a section header.chris2000-01-191-5/+7
| | | | | | | | | | | | | | - Replace nonexistent OPIE_PROMPT_MAX with OPIE_CHALLENGE_MAX PR: 16209 Submitted by: Tetsuro Furuya <tfuruya@ppp142197.asahi-net.or.jp>
* | sprintf -> snprintfimp1998-09-091-12/+13
| |
* | Fixed printf format errors.bde1998-06-301-1/+1
| |
* | 'They They' -> 'They'steve1998-06-141-1/+1
| | | | | | | | | | PR: 6912 Submitted by: Stefan Eggers <seggers@semyam.dinoco.de>
* | YTK fix.alex1997-12-221-2/+2
| |
* | Make this manpage reveal its true identity. A diff of thesesteve1997-11-271-2/+2
| | | | | | | | | | | | | | changes has also been sent to opie-bugs@inner.net. PR: 5129 Submitted by: jkh
* | Move locks from /etc/opielocks to /var/run/opielocks to keepache1997-10-011-1/+1
| | | | | | | | /etc non-writeable as possible
* | This commit was generated by cvs2svn to compensate for changes in r29975,ache1997-09-291-0/+18
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Add setutent.cache1997-09-291-0/+18
| |
* | Oops, __END_DECLS was in wrong placeache1997-09-291-1/+1
| |
* | Not used in this versionache1997-09-291-85/+0
| |
* | Moved to libopieache1997-09-291-154/+0
| |
* | Mergeache1997-09-2910-137/+178
| |
* | This commit was generated by cvs2svn to compensate for changes in r29964,ache1997-09-2958-961/+2320
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Upgrade to 2.31ache1997-09-2968-1061/+2482
| |
| * This commit was manufactured by cvs2svn to create branch 'VENDOR-opie'.cvs2svn1997-02-071-0/+322
| |
* | Remove bits of libmissing we don't care about.pst1997-09-0317-1237/+0
| |
* | Update synopsis. A partial fix has also been submitted to opie@bugs@inner.netpst1997-08-261-1/+7
| | | | | | | | Submitted by: bde
* | Detect null secret as error, it is temp. fix until next releaseache1997-08-051-0/+3
| | | | | | | | Submitted by: Craig Metz <cmetz@inner.net>
OpenPOWER on IntegriCloud