From 4cdfa7814cda254acabe1040a2b2d0c4f5bc4295 Mon Sep 17 00:00:00 2001 From: markm Date: Thu, 21 Mar 2002 22:50:02 +0000 Subject: Vendor import of OPIE 2.4 --- contrib/opie/libopie/Makefile.in | 14 +- contrib/opie/libopie/accessfile.c | 2 +- contrib/opie/libopie/atob8.c | 6 +- contrib/opie/libopie/btoa8.c | 8 +- contrib/opie/libopie/btoe.c | 15 +- contrib/opie/libopie/btoh.c | 7 +- contrib/opie/libopie/challenge.c | 8 +- contrib/opie/libopie/generator.c | 364 +++++++++++++++++++++++++++++---- contrib/opie/libopie/getsequence.c | 2 +- contrib/opie/libopie/getutmpentry.c | 4 +- contrib/opie/libopie/hash.c | 34 +-- contrib/opie/libopie/hashlen.c | 44 ++-- contrib/opie/libopie/insecure.c | 28 ++- contrib/opie/libopie/keycrunch.c | 8 +- contrib/opie/libopie/lock.c | 7 +- contrib/opie/libopie/login.c | 25 ++- contrib/opie/libopie/logwtmp.c | 27 ++- contrib/opie/libopie/lookup.c | 4 +- contrib/opie/libopie/md4c.c | 2 +- contrib/opie/libopie/md5c.c | 2 +- contrib/opie/libopie/newseed.c | 109 +++++----- contrib/opie/libopie/open.c | 26 ++- contrib/opie/libopie/parsechallenge.c | 8 +- contrib/opie/libopie/passcheck.c | 2 +- contrib/opie/libopie/passwd.c | 16 +- contrib/opie/libopie/randomchallenge.c | 8 +- contrib/opie/libopie/readpass.c | 2 +- contrib/opie/libopie/readrec.c | 19 +- contrib/opie/libopie/unlock.c | 2 +- contrib/opie/libopie/verify.c | 67 +++--- contrib/opie/libopie/version.c | 2 +- contrib/opie/libopie/writerec.c | 17 +- 32 files changed, 643 insertions(+), 246 deletions(-) (limited to 'contrib/opie/libopie') diff --git a/contrib/opie/libopie/Makefile.in b/contrib/opie/libopie/Makefile.in index 2b3c96c..dfc1c6f 100644 --- a/contrib/opie/libopie/Makefile.in +++ b/contrib/opie/libopie/Makefile.in @@ -2,30 +2,34 @@ # Makefile.in/Makefile: Directions for building libopie. # # %%% copyright-cmetz-96 -# This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -# The Inner Net License Version 2 applies to this software. +# This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +# The Inner Net License Version 3 applies to this software. # You should have received a copy of the license with this software. If # you didn't get a copy, you may request one from . # # History: # +# Modified by cmetz for OPIE 2.4. Add libmissing to include header path. +# Use ar 'cr' instead of 'r'. Renamed realclean to distclean. # Modified by cmetz for OPIE 2.31. Added logwtmp.o # Created by cmetz for OPIE 2.3 using old Makefiles as a guide. OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o logwtmp.o # sha.o CC=@CC@ -CFLAGS=$(CFL) -I.. +CFLAGS=$(CFL) -I.. -I../libmissing TARGET=libopie.a all: $(TARGET) $(TARGET): $(OBJS) - ar r $(TARGET) $(OBJS) + ar cr $(TARGET) $(OBJS) @RANLIB@ $(TARGET) clean: -rm -f $(OBJS) $(TARGET) -realclean: clean +realclean: distclean + +distclean: clean -rm -f *~ core* "\#*\#" *.o *.a Makefile diff --git a/contrib/opie/libopie/accessfile.c b/contrib/opie/libopie/accessfile.c index 0fe1d12..8e2765f 100644 --- a/contrib/opie/libopie/accessfile.c +++ b/contrib/opie/libopie/accessfile.c @@ -2,7 +2,7 @@ overrides. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/atob8.c b/contrib/opie/libopie/atob8.c index 78a7d43..77367f1 100644 --- a/contrib/opie/libopie/atob8.c +++ b/contrib/opie/libopie/atob8.c @@ -1,7 +1,7 @@ /* atob8.c: The opieatob8() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. Modified by cmetz for OPIE 2.3. Return the output variable. Don't check parameters. Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. @@ -27,10 +28,11 @@ License Agreement applies to this software. /* Convert 8-byte hex-ascii string to binary array */ -char *opieatob8 FUNCTION((out, in), char *out AND char *in) +char *opieatob8 FUNCTION((out, in), struct opie_otpkey *outkey AND char *in) { register int i; register int val; + unsigned char *out = (unsigned char *)outkey; for (i = 0; i < 8; i++) { while (*in == ' ' || *in == '\t') diff --git a/contrib/opie/libopie/btoa8.c b/contrib/opie/libopie/btoa8.c index 2b3e885..b66306f 100644 --- a/contrib/opie/libopie/btoa8.c +++ b/contrib/opie/libopie/btoa8.c @@ -1,13 +1,14 @@ /* btoa8.c: The opiebtoa8() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. Created by cmetz for OPIE 2.3 (quick re-write). */ @@ -17,9 +18,10 @@ you didn't get a copy, you may request one from . static char hextochar[16] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; -char *opiebtoa8 FUNCTION((out, in), char *out AND char *in) +char *opiebtoa8 FUNCTION((out, in), char *out AND struct opie_otpkey *inkey) { int i; + unsigned char *in = (unsigned char *)inkey; char *c = out; for (i = 0; i < 8; i++) { diff --git a/contrib/opie/libopie/btoe.c b/contrib/opie/libopie/btoe.c index b7ed3cde..fa91077 100644 --- a/contrib/opie/libopie/btoe.c +++ b/contrib/opie/libopie/btoe.c @@ -3,7 +3,7 @@ 64 bit OTP. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -16,6 +16,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. Remove unnecessary address futzing with Wp in opiebtoe. Changed unsigned long to UINT4 for Alpha. @@ -2088,13 +2089,13 @@ static char Wp[2048][4] = }; /* Encode 8 bytes in 'c' as a string of English words. */ -char *opiebtoe FUNCTION((engout, c), char *engout AND char *c) +char *opiebtoe FUNCTION((engout, c), char *engout AND struct opie_otpkey *c) { - char cp[9]; /* add in room for the parity 2 bits */ + char cp[sizeof(struct opie_otpkey) + 1]; /* add in room for the parity 2 bits */ int p, i; engout[0] = '\0'; - memcpy(cp, c, 8); + memcpy(cp, c, sizeof(struct opie_otpkey)); /* compute parity */ for (p = 0, i = 0; i < 64; i += 2) p += extract(cp, i, 2); @@ -2120,7 +2121,7 @@ char *opiebtoe FUNCTION((engout, c), char *engout AND char *c) * -1 badly formed in put ie > 4 char word * -2 words OK but parity is wrong */ -int opieetob FUNCTION((out, e), char *out AND char *e) +int opieetob FUNCTION((out, e), struct opie_otpkey *out AND char *e) { char *word, *c, *input, b[9]; int i, p, v, l, low, high, rval = -1; @@ -2137,7 +2138,7 @@ int opieetob FUNCTION((out, e), char *out AND char *e) strncpy(input, e, i); input[i] = 0; memset(b, 0, sizeof(b)); - memset(out, 0, 8); + memset(out, 0, sizeof(struct opie_otpkey)); for (i = 0, p = 0, word = c = input; i < 6; i++, p += 11) { while (*c && !isalpha(*c)) c++; @@ -2187,7 +2188,7 @@ int opieetob FUNCTION((out, e), char *out AND char *e) goto opiebtoeret; } - memcpy(out, b, 8); + memcpy(out, b, sizeof(struct opie_otpkey)); rval = 1; diff --git a/contrib/opie/libopie/btoh.c b/contrib/opie/libopie/btoh.c index c5ed150..45fb4c8 100644 --- a/contrib/opie/libopie/btoh.c +++ b/contrib/opie/libopie/btoh.c @@ -1,8 +1,8 @@ /* btoh.c: The opiebtoh() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . @@ -17,10 +17,11 @@ you didn't get a copy, you may request one from . static char hextochar[16] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'}; -char *opiebtoh FUNCTION((out, in), char *out AND char *in) +char *opiebtoh FUNCTION((out, in), char *out AND struct opie_otpkey *inkey) { int i; char *c = out; + unsigned char *in = (unsigned char *)inkey; for (i = 0; i < 4; i++) { *(c++) = hextochar[((*in) >> 4) & 0x0f]; diff --git a/contrib/opie/libopie/challenge.c b/contrib/opie/libopie/challenge.c index 0f3fec5..149403d 100644 --- a/contrib/opie/libopie/challenge.c +++ b/contrib/opie/libopie/challenge.c @@ -1,7 +1,7 @@ /* challenge.c: The opiechallenge() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -66,11 +66,11 @@ int opiechallenge FUNCTION((mp, name, ss), struct opie *mp AND char *name AND ch #endif /* DEBUG */ } - if (rval) { + if (rval || + (snprintf(ss, OPIE_CHALLENGE_MAX, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX)) { opierandomchallenge(ss); memset(mp, 0, sizeof(*mp)); - } else - sprintf(ss, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed); + } return rval; } diff --git a/contrib/opie/libopie/generator.c b/contrib/opie/libopie/generator.c index 618a131..24c6a73 100644 --- a/contrib/opie/libopie/generator.c +++ b/contrib/opie/libopie/generator.c @@ -1,7 +1,7 @@ /* generator.c: The opiegenerator() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -9,6 +9,9 @@ you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. Added opieauto code based on + previously released test code. Renamed buffer to challenge. + Use struct opie_otpkey for keys. Modified by cmetz for OPIE 2.32. If secret=NULL, always return as if opieauto returned "get the secret". Renamed _opieparsechallenge() to __opieparsechallenge(). Check @@ -31,73 +34,362 @@ you didn't get a copy, you may request one from . #if HAVE_STRING_H #include #endif /* HAVE_STRING_H */ +#if OPIEAUTO +#include +#if HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ +#include + +#include +#include +#endif /* OPIEAUTO */ +#if DEBUG +#include +#endif /* DEBUG */ #include "opie.h" static char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" }; -int opiegenerator FUNCTION((buffer, secret, response), char *buffer AND char *secret AND char *response) +#if OPIEAUTO +#ifndef max +#define max(x, y) (((x) > (y)) ? (x) : (y)) +#endif /* max */ + +static int opieauto_connect FUNCTION_NOARGS +{ + int s; + struct sockaddr_un sun; + char buffer[1024]; + char *c, *c2 ="/.opieauto"; + uid_t myuid = getuid(), myeuid = geteuid(); + + if (!myuid || !myeuid || (myuid != myeuid)) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: superuser and/or setuid not allowed"); +#endif /* DEBUG */ + return -1; + }; + + memset(&sun, 0, sizeof(struct sockaddr_un)); + sun.sun_family = AF_UNIX; + + if (!(c = getenv("HOME"))) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: no HOME variable?"); +#endif /* DEBUG */ + return -1; + }; + + if (strlen(c) > (sizeof(sun.sun_path) - strlen(c2) - 1)) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: HOME is too long: %s", c); +#endif /* DEBUG */ + return -1; + }; + + strcpy(sun.sun_path, c); + strcat(sun.sun_path, c2); + + if ((s = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: socket: %s(%d)", strerror(errno), errno); +#endif /* DEBUG */ + return -1; + }; + + { + struct stat st; + + if (stat(sun.sun_path, &st) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: stat: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + goto ret; + }; + + if (connect(s, (struct sockaddr *)&sun, sizeof(struct sockaddr_un))) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: connect: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + goto ret; + }; + + if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600)) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: something's fishy about the socket\n"); +#endif /* DEBUG */ + goto ret; + }; + }; + + return s; + +ret: + close(s); + return -1; +}; +#endif /* OPIEAUTO */ + +int opiegenerator FUNCTION((challenge, secret, response), char *challenge AND char *secret AND char *response) { int algorithm; int sequence; char *seed; - char key[8]; + struct opie_otpkey key; int i; int exts; +#if OPIEAUTO + int s; + int window; + char cmd[1+1+1+1+4+1+OPIE_SEED_MAX+1+4+1+4+1+4+1+4+1]; + char *c; +#endif /* OPIEAUTO */ - if (!(buffer = strstr(buffer, "otp-"))) + if (!(challenge = strstr(challenge, "otp-"))) return 1; - buffer += 4; + challenge += 4; - if (__opieparsechallenge(buffer, &algorithm, &sequence, &seed, &exts)) + if (__opieparsechallenge(challenge, &algorithm, &sequence, &seed, &exts)) return 1; if ((sequence < 2) || (sequence > 9999)) return 1; - if (!secret[0]) - return 2; + if (*secret) { + if (opiepasscheck(secret)) + return -2; - if (opiepasscheck(secret)) - return -2; + if (i = opiekeycrunch(algorithm, &key, seed, secret)) + return i; + + if (sequence <= OPIE_SEQUENCE_RESTRICT) { + if (!(exts & 1)) + return 1; + + { + char newseed[OPIE_SEED_MAX + 1]; + struct opie_otpkey newkey; + char *c; + char buf[OPIE_SEED_MAX + 48 + 1]; + + while (sequence-- != 0) + opiehash(&key, algorithm); + + if (opienewseed(strcpy(newseed, seed)) < 0) + return -1; + + if (opiekeycrunch(algorithm, &newkey, newseed, secret)) + return -1; - if (i = opiekeycrunch(algorithm, key, seed, secret)) - return i; + for (i = 0; i < 499; i++) + opiehash(&newkey, algorithm); - if (sequence < 10) { - if (!(exts & 1)) - return 1; + strcpy(response, "init-hex:"); + strcat(response, opiebtoh(buf, &key)); + if (snprintf(buf, sizeof(buf), ":%s 499 %s:", algids[algorithm], + newseed) >= sizeof(buf)) { +#ifdef DEBUG + syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at init-hex"); +#endif /* DEBUG */ + return -1; + } + strcat(response, buf); + strcat(response, opiebtoh(buf, &newkey)); + }; + }; + }; + +#if OPIEAUTO + if ((s = opieauto_connect()) >= 0) { + if ((i = read(s, cmd, sizeof(cmd)-1)) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + close(s); + s = -1; + goto l0; + }; + cmd[i] = 0; + if ((cmd[0] != 'C') || (cmd[1] != '+') || (cmd[2] != ' ')) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: got invalid/failing C+ response: %s\n", cmd); +#endif /* DEBUG */ + close(s); + s = -1; + goto l0; + }; + + window = strtoul(&cmd[3], &c, 10); + if (!window || (window >= (OPIE_SEQUENCE_MAX - OPIE_SEQUENCE_RESTRICT)) || !isspace(*c)) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: got bogus option response: %s\n", cmd); +#endif /* DEBUG */ + close(s); + s = -1; + goto l0; + }; + }; + +l0: + if (*secret) { + int j; + + if (s < 0) { + j = 0; + goto l1; + }; + + j = max(sequence - window + 1, OPIE_SEQUENCE_RESTRICT); + + for (i = j; i > 0; i--) + opiehash(&key, algorithm); { - char newseed[OPIE_SEED_MAX + 1]; - char newkey[8]; - char *c; - char buf[OPIE_SEED_MAX + 48 + 1]; + char buf[16+1]; - while (sequence-- != 0) - opiehash(key, algorithm); + opiebtoa8(buf, &key); - if (opienewseed(strcpy(newseed, seed)) < 0) - return -1; + if (snprintf(cmd, sizeof(cmd), "S= %d %d %s %s\n", algorithm, sequence, + seed, buf) >= sizeof(cmd)) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at S=\n"); +#endif /* DEBUG */ + goto l1; + } + } - if (opiekeycrunch(algorithm, newkey, newseed, secret)) - return -1; + if (write(s, cmd, i = strlen(cmd)) != i) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + goto l1; + }; - for (i = 0; i < 499; i++) - opiehash(newkey, algorithm); + if ((i = read(s, cmd, sizeof(cmd))) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + }; + close(s); - strcpy(response, "init-hex:"); - strcat(response, opiebtoh(buf, key)); - sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed); - strcat(response, buf); - strcat(response, opiebtoh(buf, newkey)); + cmd[i] = 0; + i = strlen(seed); + if ((cmd[0] != 'S') || (cmd[1] != '+') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i) || (*(c + i) != '\n')) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: got invalid/failing S+ response: %s\n", cmd); +#endif /* DEBUG */ }; + +l1: + for (i = sequence - j; i > 0; i--) + opiehash(&key, algorithm); + + opiebtoh(response, &key); } else { + if (s < 0) + goto l2; + + if ((snprintf(cmd, sizeof(cmd), "s= %d %d %s\n", algorithm, sequence, + seed) >= sizeof(cmd))) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at s=\n"); +#endif /* DEBUG */ + goto l2; + } + + if (write(s, cmd, i = strlen(cmd)) != i) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + goto l2; + }; + + if ((i = read(s, cmd, sizeof(cmd))) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + goto l2; + }; + close(s); + + i = strlen(seed); + + if ((cmd[0] != 's') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i)) { +#if DEBUG + if (c) + *c = 0; + else + cmd[3] = 0; + + syslog(LOG_DEBUG, "opiegenerator: got bogus/invalid s response: %s\n", cmd); +#endif /* DEBUG */ + goto l2; + }; + + c += i; + + if (cmd[1] == '-') { +#if DEBUG + if (*c != '\n') { + *c = 0; + syslog(LOG_DEBUG, "opiegenerator: got invalid s- response: %s\n", cmd); + }; +#endif /* DEBUG */ + goto l2; + }; + + if (cmd[1] != '+') { +#if DEBUG + *c = 0; + syslog(LOG_DEBUG, "opiegenerator: got invalid s response: %s\n", cmd); +#endif /* DEBUG */ + goto l2; + }; + + { + char *c2; + + if (!(c2 = strchr(++c, '\n'))) { +#if DEBUG + *c = 0; + syslog(LOG_DEBUG, "opiegenerator: got invalid s+ response: %s\n", cmd); +#endif /* DEBUG */ + goto l2; + }; + + *c2++ = 0; + }; + + if (!opieatob8(&key, c)) + goto l2; + + opiebtoh(response, &key); + }; + + if (s >= 0) + close(s); +#else /* OPIEAUTO */ + if (*secret) { while (sequence-- != 0) - opiehash(key, algorithm); + opiehash(&key, algorithm); - opiebtoh(response, key); - } + opiebtoh(response, &key); + } else + return -2; +#endif /* OPIEAUTO */ return 0; -} + +#if OPIEAUTO +l2: +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: no opieauto response available.\n"); +#endif /* DEBUG */ + if (s >= 0) + close(s); + + return -2; +#endif /* OPIEAUTO */ +}; diff --git a/contrib/opie/libopie/getsequence.c b/contrib/opie/libopie/getsequence.c index e6c96c5..77fd5a2 100644 --- a/contrib/opie/libopie/getsequence.c +++ b/contrib/opie/libopie/getsequence.c @@ -1,7 +1,7 @@ /* getsequence.c: The opiegetsequence() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/getutmpentry.c b/contrib/opie/libopie/getutmpentry.c index 531820e..f3afe0c 100644 --- a/contrib/opie/libopie/getutmpentry.c +++ b/contrib/opie/libopie/getutmpentry.c @@ -1,8 +1,8 @@ /* getutmpentry.c: The __opiegetutmpentry() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . diff --git a/contrib/opie/libopie/hash.c b/contrib/opie/libopie/hash.c index ef80a79..e89508c 100644 --- a/contrib/opie/libopie/hash.c +++ b/contrib/opie/libopie/hash.c @@ -1,14 +1,15 @@ /* hash.c: The opiehash() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: - Updated by cmetz for OPIE 2.31. Added SHA support (which may + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. + Modified by cmetz for OPIE 2.31. Added SHA support (which may not be correct). Backed out previous optimizations as they killed thread-safety. Created by cmetz for OPIE 2.3 using the old hash.c as a guide. @@ -20,20 +21,21 @@ you didn't get a copy, you may request one from . #endif /* 0 */ #include "opie.h" -VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm) +VOIDRET opiehash FUNCTION((x, algorithm), struct opie_otpkey *results AND +unsigned algorithm) { - UINT4 *results = (UINT4 *)x; - switch(algorithm) { #if 0 case 3: { SHA_CTX sha; + SHAInit(&sha); - SHAUpdate(&sha, (unsigned char *)x, 8); + SHAUpdate(&sha, (unsigned char *)results, 8); SHAFinal(&sha); - results[0] = sha.buffer[0] ^ sha.buffer[2] ^ sha.buffer[4]; - results[1] = sha.buffer[1] ^ sha.buffer[3]; + + results->words[0] = sha.buffer[0] ^ sha.buffer[2] ^ sha.buffer[4]; + results->words[1] = sha.buffer[1] ^ sha.buffer[3]; }; break; #endif /* 0 */ @@ -43,10 +45,11 @@ VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm) UINT4 mdx_tmp[4]; opiemd4init(&mdx); - opiemd4update(&mdx, (unsigned char *)x, 8); + opiemd4update(&mdx, (unsigned char *)results, 8); opiemd4final((unsigned char *)mdx_tmp, &mdx); - results[0] = mdx_tmp[0] ^ mdx_tmp[2]; - results[1] = mdx_tmp[1] ^ mdx_tmp[3]; + + results->words[0] = mdx_tmp[0] ^ mdx_tmp[2]; + results->words[1] = mdx_tmp[1] ^ mdx_tmp[3]; }; break; case 5: @@ -55,10 +58,11 @@ VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm) UINT4 mdx_tmp[4]; opiemd5init(&mdx); - opiemd5update(&mdx, (unsigned char *)x, 8); + opiemd5update(&mdx, (unsigned char *)results, 8); opiemd5final((unsigned char *)mdx_tmp, &mdx); - results[0] = mdx_tmp[0] ^ mdx_tmp[2]; - results[1] = mdx_tmp[1] ^ mdx_tmp[3]; + + results->words[0] = mdx_tmp[0] ^ mdx_tmp[2]; + results->words[1] = mdx_tmp[1] ^ mdx_tmp[3]; }; break; } diff --git a/contrib/opie/libopie/hashlen.c b/contrib/opie/libopie/hashlen.c index 1284a7b..09390c3 100644 --- a/contrib/opie/libopie/hashlen.c +++ b/contrib/opie/libopie/hashlen.c @@ -1,51 +1,63 @@ /* hashlen.c: The opiehashlen() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey, isolate variables. Created by cmetz for OPIE 2.3. */ #include "opie_cfg.h" #include "opie.h" -VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND VOIDPTR in AND VOIDPTR out AND int n) +VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND +VOIDPTR in AND struct opie_otpkey *results AND int n) { - UINT4 *results = (UINT4 *)out; - struct opiemdx_ctx mdx; - UINT4 mdx_tmp[4]; -#if 0 - SHA_INFO sha; -#endif /* 0 */ - switch(algorithm) { #if 0 case 3: + { + SHA_INFO sha; + sha_init(&sha); sha_update(&sha, (BYTE *)in, n); sha_final(&sha); - results[0] = sha.digest[0] ^ sha.digest[2] ^ sha.digest[4]; - results[1] = sha.digest[1] ^ sha.digest[3] ^ sha.digest[5]; + + results->words[0] = sha.digest[0] ^ sha.digest[2] ^ sha.digest[4]; + results->words[1] = sha.digest[1] ^ sha.digest[3] ^ sha.digest[5]; + }; break; #endif /* 0 */ case 4: + { + struct opiemdx_ctx mdx; + UINT4 mdx_tmp[4]; + opiemd4init(&mdx); opiemd4update(&mdx, (unsigned char *)in, n); opiemd4final((unsigned char *)mdx_tmp, &mdx); - results[0] = mdx_tmp[0] ^ mdx_tmp[2]; - results[1] = mdx_tmp[1] ^ mdx_tmp[3]; + + results->words[0] = mdx_tmp[0] ^ mdx_tmp[2]; + results->words[1] = mdx_tmp[1] ^ mdx_tmp[3]; + } break; case 5: + { + struct opiemdx_ctx mdx; + UINT4 mdx_tmp[4]; + opiemd5init(&mdx); opiemd5update(&mdx, (unsigned char *)in, n); opiemd5final((unsigned char *)mdx_tmp, &mdx); - results[0] = mdx_tmp[0] ^ mdx_tmp[2]; - results[1] = mdx_tmp[1] ^ mdx_tmp[3]; + + results->words[0] = mdx_tmp[0] ^ mdx_tmp[2]; + results->words[1] = mdx_tmp[1] ^ mdx_tmp[3]; + } break; } } diff --git a/contrib/opie/libopie/insecure.c b/contrib/opie/libopie/insecure.c index a7fda7b..383206f 100644 --- a/contrib/opie/libopie/insecure.c +++ b/contrib/opie/libopie/insecure.c @@ -1,7 +1,7 @@ /* insecure.c: The opieinsecure() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,8 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Do utmp checks on utmpx systems. + Handle unterminated ut_host. Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent(). Modified by cmetz for OPIE 2.3. Added result caching. Use __opiegetutmpentry(). Ifdef around ut_host check. Eliminate @@ -56,9 +58,9 @@ int opieinsecure FUNCTION_NOARGS char *s; char *term_name; int insecure = 0; -#if HAVE_UT_HOST +#if HAVE_UT_HOST || DOUTMPX struct utmp utmp; -#endif /* HAVE_UT_HOST */ +#endif /* HAVE_UT_HOST || DOUTMPX */ static int result = -1; if (result != -1) @@ -117,30 +119,34 @@ int opieinsecure FUNCTION_NOARGS return (result = 1); }; -#if HAVE_UT_HOST +#if HAVE_UT_HOST || DOUTMPX if (isatty(0)) { memset(&utmp, 0, sizeof(struct utmp)); { int i = __opiegetutmpentry(ttyname(0), &utmp); endutent(); if (!i && utmp.ut_host[0]) { + char host[sizeof(utmp.ut_host) + 1]; insecure = 1; - if (s = strchr(utmp.ut_host, ':')) { - int n = s - utmp.ut_host; + strncpy(host, utmp.ut_host, sizeof(utmp.ut_host)); + host[sizeof(utmp.ut_host)] = 0; + + if (s = strchr(host, ':')) { + int n = s - host; if (!n) insecure = 0; else if (display_name) { - if (!strncmp(utmp.ut_host, display_name, n)) + if (!strncmp(host, display_name, n)) insecure = 0; -#ifdef SOLARIS +#if 1 /* def SOLARIS */ else - if (s = strchr(utmp.ut_host, ' ')) { + if (s = strchr(host, ' ')) { *s = ':'; if (s = strchr(s + 1, ' ')) *s = '.'; - if (!strncmp(utmp.ut_host, display_name, n)) + if (!strncmp(host, display_name, n)) insecure = 0; } #endif /* SOLARIS */ @@ -149,7 +155,7 @@ int opieinsecure FUNCTION_NOARGS } }; }; -#endif /* HAVE_UT_HOST */ +#endif /* HAVE_UT_HOST || DOUTMPX */ if (insecure) return (result = 1); diff --git a/contrib/opie/libopie/keycrunch.c b/contrib/opie/libopie/keycrunch.c index 94a1a53..2ca57e0 100644 --- a/contrib/opie/libopie/keycrunch.c +++ b/contrib/opie/libopie/keycrunch.c @@ -1,13 +1,14 @@ /* keycrunch.c: The opiekeycrunch() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for arg. Created by cmetz for OPIE 2.3 using the old keycrunch.c as a guide. */ @@ -23,7 +24,8 @@ you didn't get a copy, you may request one from . #include "opie.h" -int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND char *result AND char *seed AND char *secret) +int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND +struct opie_otpkey *result AND char *seed AND char *secret) { int i, rval = -1; char *c; diff --git a/contrib/opie/libopie/lock.c b/contrib/opie/libopie/lock.c index fc449d4..bd92607 100644 --- a/contrib/opie/libopie/lock.c +++ b/contrib/opie/libopie/lock.c @@ -1,7 +1,7 @@ /* lock.c: The opielock() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use snprintf. Modified by cmetz for OPIE 2.31. Put locks in a separate dir. Bug fixes. Modified by cmetz for OPIE 2.3. Do refcounts whether or not we @@ -194,7 +195,9 @@ int opielock FUNCTION((principal), char *principal) if (!S_ISREG(statbuf[0].st_mode) || (statbuf[0].st_mode != statbuf[1].st_mode) || (statbuf[0].st_ino != statbuf[1].st_ino)) goto lockret; - sprintf(buffer, "%d\n%d\n", getpid(), time(0)); + if (snprintf(buffer, sizeof(buffer), "%d\n%d\n", getpid(), time(0)) >= sizeof(buffer)) + goto lockret; + i = strlen(buffer) + 1; if (lseek(fh, 0, SEEK_SET)) { close(fh); diff --git a/contrib/opie/libopie/login.c b/contrib/opie/libopie/login.c index ca39143..6c6ca79 100644 --- a/contrib/opie/libopie/login.c +++ b/contrib/opie/libopie/login.c @@ -1,13 +1,15 @@ /* login.c: The opielogin() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. Add support for ut_id and + ut_syslen. Don't zero-terminate ut_name and ut_host. Modified by cmetz for OPIE 2.31. If the OS won't tell us where _PATH_WTMP[X] is, try playing the SVID game, then use Autoconf-discovered values. Fixed gettimeofday() call @@ -38,12 +40,15 @@ you didn't get a copy, you may request one from . #endif /* DEBUG */ #include "opie.h" +#define IDLEN 4 + int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *host) { - struct utmp u; int rval = 0; - #if !DISABLE_UTMP + struct utmp u; + char id[IDLEN + 1] = ""; + if (__opiegetutmpentry(line, &u)) { #if DEBUG syslog(LOG_DEBUG, "opielogin: __opiegetutmpentry(line=%s, &u) failed", line); @@ -58,6 +63,11 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h #endif /* DEBUG */ } +#if DOUTMPX || HAVE_UT_ID + strncpy(id, u.ut_id, sizeof(u.ut_id)); + id[sizeof(id)-1] = 0; +#endif /* DOUTMPX || HAVE_UT_ID */ + #if HAVE_UT_TYPE && defined(USER_PROCESS) u.ut_type = USER_PROCESS; #endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */ @@ -67,15 +77,16 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h #if HAVE_UT_NAME strncpy(u.ut_name, name, sizeof(u.ut_name)); - u.ut_name[sizeof(u.ut_name)-1] = 0; #else /* HAVE_UT_NAME */ #error No ut_name field in struct utmp? (Please send in a bug report) #endif /* HAVE_UT_NAME */ #if HAVE_UT_HOST strncpy(u.ut_host, host, sizeof(u.ut_host)); - u.ut_host[sizeof(u.ut_host)-1] = 0; #endif /* HAVE_UT_HOST */ +#if DOUTMPX && HAVE_UTX_SYSLEN + u.ut_syslen = strlen(host) + 1; +#endif /* DOUTMPX && HAVE_UT_SYSLEN */ #if DOUTMPX #ifdef HAVE_ONE_ARG_GETTIMEOFDAY @@ -96,7 +107,7 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h #endif /* !DISABLE_UTMP */ dowtmp: - opielogwtmp(line, name, host); + opielogwtmp(line, name, host, id); opielogwtmp(NULL, NULL, NULL); dosetlogin: diff --git a/contrib/opie/libopie/logwtmp.c b/contrib/opie/libopie/logwtmp.c index a42fdec..873ca9b 100644 --- a/contrib/opie/libopie/logwtmp.c +++ b/contrib/opie/libopie/logwtmp.c @@ -1,7 +1,7 @@ /* logwtmp.c: Put an entry in the wtmp file. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,8 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Set process to dead if name is null. + Added support for ut_id and ut_syslen. Modified by cmetz for OPIE 2.32. Don't leave line=NULL, skip past /dev/ in line. Fill in ut_host on systems with UTMPX and ut_host. @@ -110,7 +112,7 @@ static int fdx = -1; * after first call, for use with ftp (which may chroot * after login, but before logout). */ -VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host) +VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host AND char *id) { #if !DISABLE_WTMP struct utmp ut; @@ -136,8 +138,15 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c return; if (fstat(fd, &buf) == 0) { #if HAVE_UT_TYPE && defined(USER_PROCESS) - ut.ut_type = USER_PROCESS; + if (name && *name) + ut.ut_type = USER_PROCESS; + else + ut.ut_type = DEAD_PROCESS; #endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */ +#if HAVE_UT_ID + if (id) + strncpy(ut.ut_id, id, sizeof(ut.ut_id)); +#endif /* HAVE_UT_ID */ #if HAVE_UT_PID ut.ut_pid = getpid(); #endif /* HAVE_UT_PID */ @@ -161,6 +170,18 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c strncpy(utx.ut_line, line, sizeof(utx.ut_line)); strncpy(utx.ut_name, name, sizeof(utx.ut_name)); strncpy(utx.ut_host, host, sizeof(utx.ut_host)); +#ifdef USER_PROCESS + if (name && *name) + utx.ut_type = USER_PROCESS; + else + utx.ut_type = DEAD_PROCESS; +#endif /* USER_PROCESS */ + if (id) + strncpy(utx.ut_id, id, sizeof(utx.ut_id)); + utx.ut_pid = getpid(); +#if HAVE_UTX_SYSLEN + utx.ut_syslen = strlen(utx.ut_host) + 1; +#endif /* HAVE_UTX_SYSLEN */ #if HAVE_GETTIMEOFDAY #if HAVE_ONE_ARG_GETTIMEOFDAY gettimeofday(&utx.ut_tv); diff --git a/contrib/opie/libopie/lookup.c b/contrib/opie/libopie/lookup.c index d05e1fa..3003da7 100644 --- a/contrib/opie/libopie/lookup.c +++ b/contrib/opie/libopie/lookup.c @@ -1,8 +1,8 @@ /* lookup.c: The opielookup() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . diff --git a/contrib/opie/libopie/md4c.c b/contrib/opie/libopie/md4c.c index acc8857..f6adc67 100644 --- a/contrib/opie/libopie/md4c.c +++ b/contrib/opie/libopie/md4c.c @@ -1,7 +1,7 @@ /* md4c.c: "RSA Data Security, Inc. MD4 Message-Digest Algorithm" %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/md5c.c b/contrib/opie/libopie/md5c.c index 09611a5..cdd21e0 100644 --- a/contrib/opie/libopie/md5c.c +++ b/contrib/opie/libopie/md5c.c @@ -2,7 +2,7 @@ "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/newseed.c b/contrib/opie/libopie/newseed.c index b351798..0455857 100644 --- a/contrib/opie/libopie/newseed.c +++ b/contrib/opie/libopie/newseed.c @@ -1,13 +1,15 @@ /* newseed.c: The opienewseed() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. Greatly simplified increment. Now does + not add digits. Reformatted the code. Modified by cmetz for OPIE 2.32. Added syslog.h if DEBUG. Modified by cmetz for OPIE 2.31. Added time.h. Created by cmetz for OPIE 2.22. @@ -35,73 +37,54 @@ you didn't get a copy, you may request one from . int opienewseed FUNCTION((seed), char *seed) { - if (!seed) - return -1; - - if (seed[0]) { - int i; - - if ((i = strlen(seed)) >= OPIE_SEED_MIN) { - long j; - char *c; - - if (i > OPIE_SEED_MAX) - i = OPIE_SEED_MAX; - - c = seed + i - 1; - - while(c != seed) { - if (!isdigit(*c)) - break; - c--; - } - - c++; - - if (j = strtol(c, (char **)0, 10)) { - char buf[OPIE_SEED_MAX]; - - *c = 0; - strcpy(buf, seed); - - if (errno == ERANGE) { - j = 1; - } else { - int k = 1, l = OPIE_SEED_MAX - strlen(buf); - while(l--) k *= 10; - - if (++j >= k) - j = 1; + if (!seed) + return -1; + + if (seed[0]) { + char *c, *end; + unsigned int i, max; + + if ((i = strlen(seed)) > OPIE_SEED_MAX) + i = OPIE_SEED_MAX; + + for (c = end = seed + i - 1, max = 1; + (c > seed) && isdigit(*c); c--) + max *= 10; + + if ((i = strtoul(++c, (char **)0, 10)) < max) { + if (++i >= max) + i = 1; + + snprintf(c, end - c, "%d", i); + seed[OPIE_SEED_MAX] = 0; + return 0; + } } - sprintf(seed, "%s%04d", buf, j); - return 0; - } - } - } + { + time_t now; - { - { - time_t now; - time(&now); - srand(now); - } + time(&now); + srand(now); + } - { - struct utsname utsname; + { + struct utsname utsname; - if (uname(&utsname) < 0) { + if (uname(&utsname) < 0) { #if DEBUG - syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno), errno); + syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno), + errno); #endif /* DEBUG */ - utsname.nodename[0] = 'k'; - utsname.nodename[1] = 'e'; - } - utsname.nodename[2] = 0; - - sprintf(seed, "%s%04d", utsname.nodename, (rand() % 9999) + 1); - return 0; - } - } + utsname.nodename[0] = 'k'; + utsname.nodename[1] = 'e'; + } + utsname.nodename[2] = 0; + + if (snprintf(seed, OPIE_SEED_MAX+1, "%s%04d", utsname.nodename, + (rand() % 9999) + 1) >= OPIE_SEED_MAX+1) + return -1; + return 0; + } } diff --git a/contrib/opie/libopie/open.c b/contrib/opie/libopie/open.c index dac03a8..c0c76c2 100644 --- a/contrib/opie/libopie/open.c +++ b/contrib/opie/libopie/open.c @@ -1,13 +1,15 @@ /* open.c: The __opieopen() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. More portable way to get the mode + string for fopen. Created by cmetz for OPIE 2.3. */ #include "opie_cfg.h" @@ -51,9 +53,23 @@ FILE *__opieopen FUNCTION((file, rw, mode), char *file AND int rw AND int mode) return NULL; { - char *fmodes[] = { "r", "r+", "a" }; - - if (!(f = fopen(file, fmodes[rw]))) + char *fmode; + + switch(rw) { + case 0: + fmode = "r"; + break; + case 1: + fmode = "r+"; + break; + case 2: + fmode = "a"; + break; + default: + return NULL; + }; + + if (!(f = fopen(file, fmode))) return NULL; } diff --git a/contrib/opie/libopie/parsechallenge.c b/contrib/opie/libopie/parsechallenge.c index 2035c38..2b23a35 100644 --- a/contrib/opie/libopie/parsechallenge.c +++ b/contrib/opie/libopie/parsechallenge.c @@ -1,13 +1,15 @@ /* parsechallenge.c: The __opieparsechallenge() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. Use OPIE_SEQUENCE_MAX, check for + sequence number of zero. Modified by cmetz for OPIE 2.32. Check for extended response sets. Change prefix to double underscore. Created by cmetz for OPIE 2.3 using generator.c as a guide. @@ -48,7 +50,7 @@ int __opieparsechallenge FUNCTION((buffer, algorithm, sequence, seed, exts), cha *algorithm = a->num; } - if ((*sequence = strtoul(++c, &c, 10)) > 9999) + if (((*sequence = strtoul(++c, &c, 10)) > OPIE_SEQUENCE_MAX) || !*sequence) return -1; while(*c && isspace(*c)) c++; diff --git a/contrib/opie/libopie/passcheck.c b/contrib/opie/libopie/passcheck.c index 8bfa87d..140b8fb 100644 --- a/contrib/opie/libopie/passcheck.c +++ b/contrib/opie/libopie/passcheck.c @@ -1,7 +1,7 @@ /* passcheck.c: The opiepasscheck() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/passwd.c b/contrib/opie/libopie/passwd.c index 6bac249..1c3b1ab6 100644 --- a/contrib/opie/libopie/passwd.c +++ b/contrib/opie/libopie/passwd.c @@ -1,8 +1,8 @@ /* passwd.c: The opiepasswd() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . @@ -46,19 +46,19 @@ int opiepasswd FUNCTION((old, flags, principal, n, seed, ks), struct opie *old A opie.opie_seed = seed; if (ks) { - char key[8]; + struct opie_otpkey key; if (flags & OPIEPASSWD_CONSOLE) { - if (opiekeycrunch(MDX, key, seed, ks)) + if (opiekeycrunch(MDX, &key, seed, ks)) return -1; for (i = n; i; i--) - opiehash(key, MDX); - if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key))) + opiehash(&key, MDX); + if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key))) return -1; } else { - if ((opieetob(key, ks) != 1) && !opieatob8(key, ks)) + if ((opieetob(&key, ks) != 1) && !opieatob8(&key, ks)) return 1; - if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key))) + if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key))) return 1; } } diff --git a/contrib/opie/libopie/randomchallenge.c b/contrib/opie/libopie/randomchallenge.c index 99b4c48..7cf18bb 100644 --- a/contrib/opie/libopie/randomchallenge.c +++ b/contrib/opie/libopie/randomchallenge.c @@ -1,7 +1,7 @@ /* randomchallenge.c: The opierandomchallenge() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use snprintf(). Modified by cmetz for OPIE 2.32. Initialize algids[] with 0s instead of NULL. Modified by cmetz for OPIE 2.3. Add sha support. @@ -35,11 +36,12 @@ static char *algids[] = { 0, 0, 0, "sha1", "md4", "md5" }; most situations; it is certainly better than a fixed string */ VOIDRET opierandomchallenge FUNCTION((prompt), char *prompt) { - char buf[OPIE_SEED_MAX + 1]; + char buf[OPIE_SEED_MAX+1]; buf[0] = 0; if (opienewseed(buf)) strcpy(buf, "ke4452"); - sprintf(prompt, "otp-%s %d %s ext", algids[MDX], (rand() % 499) + 1, buf); + snprintf(prompt, OPIE_CHALLENGE_MAX+1, "otp-%s %d %s ext", algids[MDX], + (rand() % 499) + 1, buf); } diff --git a/contrib/opie/libopie/readpass.c b/contrib/opie/libopie/readpass.c index 5808f02..bd24b02 100644 --- a/contrib/opie/libopie/readpass.c +++ b/contrib/opie/libopie/readpass.c @@ -1,7 +1,7 @@ /* readpass.c: The opiereadpass() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/readrec.c b/contrib/opie/libopie/readrec.c index f6361eb..98ec658 100644 --- a/contrib/opie/libopie/readrec.c +++ b/contrib/opie/libopie/readrec.c @@ -1,13 +1,15 @@ /* readrec.c: The __opiereadrec() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and + response values are valid. Modified by cmetz for OPIE 2.31. Removed active attack protection support. Fixed a debug message typo. Keep going after bogus records. Set read flag. @@ -57,7 +59,7 @@ static int parserec FUNCTION((opie), struct opie *opie) opie->opie_n = strtoul(c, &c3, 10); - if (*c3) + if (*c3 || (opie->opie_n <= 0) || (opie->opie_n > 9999)) return -1; }; @@ -66,6 +68,10 @@ static int parserec FUNCTION((opie), struct opie *opie) *(c2++) = 0; + for (c = opie->opie_seed; *c; c++) + if (!isalnum(*c)) + return -1; + while(*c2 == ' ') c2++; if (!(c2 = strchr(opie->opie_val = c2, ' '))) @@ -73,6 +79,13 @@ static int parserec FUNCTION((opie), struct opie *opie) *(c2++) = 0; + { + struct opie_otpkey otpkey; + + if (!opieatob8(&otpkey, opie->opie_val)) + return -1; + } + return 0; } diff --git a/contrib/opie/libopie/unlock.c b/contrib/opie/libopie/unlock.c index 4c01a5c..0f607ab 100644 --- a/contrib/opie/libopie/unlock.c +++ b/contrib/opie/libopie/unlock.c @@ -1,7 +1,7 @@ /* unlock.c: The opieunlock() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/verify.c b/contrib/opie/libopie/verify.c index 990e293..e6abec4 100644 --- a/contrib/opie/libopie/verify.c +++ b/contrib/opie/libopie/verify.c @@ -1,13 +1,15 @@ /* verify.c: The opieverify() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for keys. + Check that seed and sequence number are valid. Modified by cmetz for OPIE 2.32. Renamed _opieparsechallenge() to __opieparsechallenge() and handle new argument. Fixed init response parsing bug. @@ -67,7 +69,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) { int i, rval = -1; char *c; - char key[8], fkey[8], lastkey[8]; + struct opie_otpkey key, fkey, lastkey; struct opie nopie; if (!opie || !response) @@ -80,7 +82,14 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) goto verret; #endif /* DEBUG */ - if (!opieatob8(lastkey, opie->opie_val)) + if (!opieatob8(&lastkey, opie->opie_val)) + goto verret; + + for (c = opie->opie_seed; *c; c++) + if (!isalnum(*c)) + goto verret; + + if (opie->opie_n <= 0) goto verret; if (c = strchr(response, ':')) { @@ -97,33 +106,33 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) case RESPONSE_STANDARD: i = 1; - if (opieetob(key, response) == 1) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (opieetob(&key, response) == 1) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } - if (i && opieatob8(key, response)) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (i && opieatob8(&key, response)) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } break; case RESPONSE_WORD: i = 1; - if (opieetob(key, c) == 1) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (opieetob(&key, c) == 1) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } break; case RESPONSE_HEX: i = 1; - if (opieatob8(key, c)) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (opieatob8(&key, c)) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } break; case RESPONSE_INIT_HEX: @@ -137,17 +146,17 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) *(c2++) = 0; if (i == RESPONSE_INIT_HEX) { - if (!opieatob8(key, c)) + if (!opieatob8(&key, c)) goto verret; } else { - if (opieetob(key, c) != 1) + if (opieetob(&key, c) != 1) goto verret; } - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); - if (memcmp(fkey, lastkey, sizeof(key))) + if (memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey))) goto verret; if (changed(opie)) @@ -155,7 +164,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) opie->opie_n--; - if (!opiebtoa8(opie->opie_val, key)) + if (!opiebtoa8(opie->opie_val, &key)) goto verret; if (__opiewriterec(opie)) @@ -174,10 +183,10 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) } if (i == RESPONSE_INIT_HEX) { - if (!opieatob8(key, c2)) + if (!opieatob8(&key, c2)) goto verret; } else { - if (opieetob(key, c2) != 1) + if (opieetob(&key, c2) != 1) goto verret; } } @@ -201,7 +210,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) opie->opie_n--; verwrt: - if (!opiebtoa8(opie->opie_val, key)) + if (!opiebtoa8(opie->opie_val, &key)) goto verret; rval = __opiewriterec(opie); diff --git a/contrib/opie/libopie/version.c b/contrib/opie/libopie/version.c index ef6523d..2364e77 100644 --- a/contrib/opie/libopie/version.c +++ b/contrib/opie/libopie/version.c @@ -1,7 +1,7 @@ /* version.c: The opieversion() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/writerec.c b/contrib/opie/libopie/writerec.c index 0843423..5ba53fe 100644 --- a/contrib/opie/libopie/writerec.c +++ b/contrib/opie/libopie/writerec.c @@ -1,13 +1,15 @@ /* writerec.c: The __opiewriterec() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from . History: + Modified by cmetz for OPIE 2.4. Check that seed and sequence number are + valid. Modified by cmetz for OPIE 2.31. Removed active attack protection support. Fixed passwd bug. Created by cmetz for OPIE 2.3 from passwd.c. @@ -30,6 +32,7 @@ you didn't get a copy, you may request one from . #if HAVE_STDLIB_H #include #endif /* HAVE_STDLIB_H */ +#include #include "opie.h" char *__opienone = "****************"; @@ -40,6 +43,7 @@ int __opiewriterec FUNCTION((opie), struct opie *opie) time_t now; FILE *f, *f2 = NULL; int i = 0; + char *c; time(&now); if (strftime(buf2, sizeof(buf2), " %b %d,%Y %T", localtime(&now)) < 1) @@ -51,7 +55,14 @@ int __opiewriterec FUNCTION((opie), struct opie *opie) opie->opie_flags = opie2.opie_flags; opie->opie_recstart = opie2.opie_recstart; } - + + for (c = opie->opie_seed; *c; c++) + if (!isalnum(*c)) + return -1; + + if ((opie->opie_n < 0) || (opie->opie_n > 9999)) + return -1; + switch(i) { case 0: if (!(f = __opieopen(KEY_FILE, 1, 0644))) -- cgit v1.1