Vendor import of OPIE 2.4

This commit is contained in:
Mark Murray
2002-03-21 22:50:02 +00:00
parent 18690202e2
commit cfb697297a
71 changed files with 2417 additions and 856 deletions
+5 -4
View File
@@ -1,11 +1,12 @@
OPIE Software Distribution, Release 2.32 Bug Reporting Form OPIE Software Distribution, Release 2.4 Bug Reporting Form
======================================== ================== ======================================= ==================
Before submitting a bug report, please check the README file and make Before submitting a bug report, please check the README file and make
sure that your "bug" is not a known problem. sure that your "bug" is not a known problem.
Please make a copy of this file and then edit it with your favorite Please make a copy of this file and then edit it with your favorite
text editor to include the answers to the following questions: text editor (NOT a word processor; the end result needs to be reasonable ASCII
text) to include the answers to the following questions:
1. Your name and electronic mail address, in case we need more information. 1. Your name and electronic mail address, in case we need more information.
If you can provide multiple addresses, please do so in case we If you can provide multiple addresses, please do so in case we
@@ -76,7 +77,7 @@ Copyright
========= =========
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+96 -5
View File
@@ -1,5 +1,5 @@
OPIE Software Distribution, Release 2.31 Installation Instructions OPIE Software Distribution, Release 2.4 Installation Instructions
======================================== ========================= ======================================= =========================
Did you read the README file? Did you read the README file?
@@ -26,11 +26,102 @@ hole, but a necessary evil for some sites), type:
If you'd like the file to go somewhere else, adjust this appropriately. If you'd like the file to go somewhere else, adjust this appropriately.
There are a number of configure-time options available for OPIE. To There are a number of configure-time options available for OPIE. You
get a list, type: probably don't want to change the defaults. To get a complete listing of the
currently available options, type:
sh configure --help sh configure --help
Some options that may be of interest are:
--enable-access-file=FILENAME: Enable the OPIE access file FILENAME
The OPIE access file provides a system administrator with the ability
to make the use of OTP optional for certain hosts. Note that individual
users can create a file named ".opiealways" in their home directory to
require that OTP be used to access to their account. Note also that the
access file is based on addresses, but many of the clients that use it
are only given hostnames. This opens this entire scheme up to DNS
spoofing attacks, which is a major security problem. ALWAYS use a
package such as tcp_wrappers configured to do paranoid checking on DNS
information if you enable this option (it's good practice anyway).
--enable-server-md4: Use MD4 instead of MD5 for the server
The old S/Key package used MD4 instead of MD5. MD4 is believed to be
less secure than MD5. Use this option only for compatibility with old
key files.
--disable-user-locking: Disable user locking
OPIE only allows one session at a time to attempt to authenticate a
principal; this prevents a possible race attack on OTP. This locking
mechanism can cause problems in some applications, in which case you
might want to disable the locking. This option also provides a work-
around if the locking code doesn't work reliably on your system.
--enable-user-locking[=DIR]: Put user lock files in DIR [/etc/opielocks]
The OPIE lock files need to be put in an isolated directory that is
only accessable by the super-user and has a parent directory that is
only writable by the super-user. If you are trying to use OPIE with
the key file shared by NFS, you need to make the lock directory
shared too. (But you read the README file, so you knew this)
--enable-retype: Ask users to re-type their secret pass phrases
On the one hand, this helps prevent users from having to go generate
an OTP, type it into a remote system, and then found out they
mistyped. On the other hand, it's annoying. If this is enabled, users
can simply hit return at the second prompt and the generator will skip
the retype check, which allows users who don't like the retype check
to mostly skip it.
--enable-su-star-check: Refuse to switch to disabled accounts
On many systems, an asterisk means one thing and one thing only: this
account is never meant for human users. Therefore, it doesn't make
much sense for anyone other than an attacker to try to su to that
account. Enabling this check causes su to refuse to switch to
accounts with an asterisk in their password field. While probably
better for security, this is not compatible with traditional *IX su
behavior, so it is disabled by default
--disable-new-prompts: Use more compatible (but less informative) prompts
OPIE uses login prompts that tell you exactly what kind of response
(an OTP response and/or a cleartext password) it expects you to give.
This can break automatic login scripts that look for 'Password:' as
the prompt for the password. If you have users that use such scripts,
you might want to disable the more informative responses so as not to
break those scripts.
--enable-insecure-override: Allow users to override insecure checks
While OPIE cannot determine whether or not a session is secure, it can
check for fairly common signs that it isn't secure. If it believes the
session is insecure, some programs like opiekey will refuse to run
because they prompt the user to send a secret pass phrase. Sometimes
these checks declare a session insecure when it is, and sometimes the
user wants to continue anyway even if the session is insecure. If this
option is enabled, many commands gain a '-f' option to force them to
operate even if OPIE thinks the session is insecure.
--enable-anonymous-ftp Enable anonymous FTP support
By default, the OPIE FTP daemon does not support anonymous FTP
service. The FTP daemon contains many security related bug fixes
relative to the original source, but bugs probably remain. It was not
intended to be used for anonymous FTP, where it is more open to the
commands of potentially hostile users. If you enable this option, it
will once again support anonymous FTP, but it probably isn't secure
when that way.
--disable-utmp Disable utmp logging
--disable-wtmp Disable wtmp logging
On some systems, logging to the utmp and/or wtmp files is just a lost
cause. If this is the case on your system, you might be better off
not having OPIE even try.
--enable-opieauto Enable support for opieauto
opieauto is a facility that caches an intermediate result of the OTP
generator so that a user-selected number of OTPs can be generated on
demand for each time the user types in the secret pass phrase. This
is great for user convenience, as typing a twenty or thirty character
secret pass phrase can be annoying. It can also be a minor security
hole (see the README for details).
2. Edit the Makefile 2. Edit the Makefile
The Makefile contains some options that you may wish to modify. Also The Makefile contains some options that you may wish to modify. Also
@@ -75,7 +166,7 @@ Copyright
========= =========
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+89 -34
View File
@@ -2,7 +2,7 @@
# Makefile.source and Makefile: Directions for building and installing OPIE. # Makefile.source and Makefile: Directions for building and installing OPIE.
# #
# %%% portions-copyright-cmetz-96 # %%% portions-copyright-cmetz-96
# Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights # Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
# Reserved. The Inner Net License Version 2 applies to these portions of # Reserved. The Inner Net License Version 2 applies to these portions of
# the software. # the software.
# You should have received a copy of the license with this software. If # You should have received a copy of the license with this software. If
@@ -15,6 +15,9 @@
# #
# History: # History:
# #
# Modified by cmetz for OPIE 2.4. Add libmissing to include header path.
# Renamed realclean to distclean. Added opieauto rules. Made
# system program install more tolerant of non-existent files.
# Modified by cmetz for OPIE 2.31. Moved logwtmp.o into libopie. # Modified by cmetz for OPIE 2.31. Moved logwtmp.o into libopie.
# Modified by cmetz for OPIE 2.3. Removed manual config -- it's # Modified by cmetz for OPIE 2.3. Removed manual config -- it's
# Autoconf or bust. Replaced user configuration options # Autoconf or bust. Replaced user configuration options
@@ -115,10 +118,11 @@ SU=@SU@
ALT_SU=@ALT_SU@ ALT_SU=@ALT_SU@
LOGIN=@LOGIN@ LOGIN=@LOGIN@
LOCK_DIR=@LOCK_DIR@ LOCK_DIR=@LOCK_DIR@
OPIEAUTO=@OPIEAUTO@
BACKUP=opie.old BACKUP=opie.old
CFLAGS=$(DEBUG) CFLAGS=$(DEBUG) -Ilibmissing
LFLAGS=-Llibopie -Llibmissing -lopie $(LIBS) -lmissing -lopie LFLAGS=-Llibopie -Llibmissing -lopie $(LIBS) -lmissing -lopie
LDEPS=libmissing/libmissing.a libopie/libopie.a LDEPS=libmissing/libmissing.a libopie/libopie.a
@@ -128,17 +132,19 @@ all: client server
ifdefs: ifdefs:
egrep '^#*if*def' *.c *.h | cut -f2 -d: | sort | uniq egrep '^#*if*def' *.c *.h | cut -f2 -d: | sort | uniq
client: libopie/libopie.a libmissing/libmissing.a opietest-passed opiekey opiegen client: libopie/libopie.a libmissing/libmissing.a opietest-passed opiekey opiegen $(OPIEAUTO)
client-install: client client-install: client
@echo "Installing OPIE client software..." @echo "Installing OPIE client software..."
@echo "Copying OPIE key-related files" @echo "Copying OPIE key-related files"
@if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi @if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi
@cp opiekey $(LOCALBIN) @cp opiekey $(OPIEAUTO) $(LOCALBIN)
@$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey @$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey
@if test ! -z "$(OPIEAUTO)"; then $(CHOWN) $(OWNER) $(LOCALBIN)/opieauto; fi
@chgrp $(GROUP) $(LOCALBIN)/opiekey @chgrp $(GROUP) $(LOCALBIN)/opiekey
@echo "Changing file permissions" @echo "Changing file permissions"
@chmod 0511 $(LOCALBIN)/opiekey @chmod 0511 $(LOCALBIN)/opiekey
@if test ! -z "$(OPIEAUTO)"; then chmod 0511 $(LOCALBIN)/opieauto; fi
@echo "Symlinking aliases to opiekey" @echo "Symlinking aliases to opiekey"
@-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4
@-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5
@@ -160,32 +166,75 @@ server-install: server
@chmod 0555 $(LOCALBIN)/opieinfo @chmod 0555 $(LOCALBIN)/opieinfo
@chmod 4511 $(LOCALBIN)/opiepasswd @chmod 4511 $(LOCALBIN)/opiepasswd
@echo "Installing OPIE system programs..." @echo "Installing OPIE system programs..."
@if test ! $(EXISTS) $(LOGIN).$(BACKUP); then echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; mv $(LOGIN) $(LOGIN).$(BACKUP); echo "Clearing permissions on old $(LOGIN)"; chmod 0 $(LOGIN).$(BACKUP); fi @if test ! -z $(LOGIN); \
@echo "Copying opielogin to $(LOGIN)" then \
@cp opielogin $(LOGIN) if test ! $(EXISTS) $(LOGIN).$(BACKUP); \
@echo "Changing ownership of $(LOGIN)" then \
@$(CHOWN) $(OWNER) $(LOGIN) echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; \
@chgrp $(GROUP) $(LOGIN) mv $(LOGIN) $(LOGIN).$(BACKUP); \
@echo "Changing file permissions of $(LOGIN)" echo "Clearing permissions on $(LOGIN)"; \
@chmod 4111 $(LOGIN) chmod 0 $(LOGIN).$(BACKUP); \
@if test ! $(EXISTS) $(SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(SU) $(SU).$(BACKUP); echo "Clearing permissions on old su"; chmod 0 $(SU).$(BACKUP); fi fi; \
@-if test ! -z "$(ALT_SU)"; then if test ! $(EXISTS) $(ALT_SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(ALT_SU) $(ALT_SU).$(BACKUP); fi; echo "Copying opiesu to su"; cp opiesu $(ALT_SU); echo "Changing ownership"; $(CHOWN) $(OWNER) $(ALT_SU); chgrp $(GROUP) $(ALT_SU); echo "Changing file permissions"; chmod 4111 $(ALT_SU); echo "Clearning permissions on old su"; chmod 0 $(ALT_SU).$(BACKUP); fi echo "Copying OPIE login to $(LOGIN)"; \
@echo "Copying opiesu to su" cp opielogin $(LOGIN); \
@cp opiesu $(SU) echo "Changing ownership of $(LOGIN)"; \
@echo "Changing ownership of su" $(CHOWN) $(OWNER) $(LOGIN); \
@$(CHOWN) $(OWNER) $(SU) chgrp $(GROUP) $(LOGIN); \
@chgrp $(GROUP) $(SU) echo "Changing file permissions of $(LOGIN)"; \
@echo "Changing file permissions of su" chmod 4111 $(LOGIN); \
@chmod 4111 $(SU) fi
@if test ! $(EXISTS) $(FTPD).$(BACKUP); then echo "Renaming existing ftp daemon to $(FTPD).$(BACKUP)"; mv $(FTPD) $(FTPD).$(BACKUP); echo "Clearing permissions on old ftp daemon"; chmod 0 $(FTPD).$(BACKUP); fi @if test ! -z $(SU); \
@echo "Copying OPIE ftp daemon" then \
@cp opieftpd $(FTPD) if test ! $(EXISTS) $(SU).$(BACKUP); \
@echo "Changing ownership of ftpd" then \
@$(CHOWN) $(OWNER) $(FTPD) echo "Renaming existing $(SU) to $(SU).$(BACKUP)"; \
@chgrp $(GROUP) $(FTPD) mv $(SU) $(SU).$(BACKUP); \
@echo "Changing file permissions of ftpd" echo "Clearing permissions on $(SU)"; \
@chmod 0100 $(FTPD) chmod 0 $(SU).$(BACKUP); \
@echo "Making sure OPIE database file exists" fi; \
echo "Copying OPIE su to $(SU)"; \
cp opiesu $(SU); \
echo "Changing ownership of $(SU)"; \
$(CHOWN) $(OWNER) $(SU); \
chgrp $(GROUP) $(SU); \
echo "Changing file permissions of $(SU)"; \
chmod 4111 $(SU); \
fi
@if test ! -z $(ALT_SU); \
then \
if test ! $(EXISTS) $(ALT_SU).$(BACKUP); \
then \
echo "Renaming existing $(ALT_SU) to $(ALT_SU).$(BACKUP)"; \
mv $(ALT_SU) $(ALT_SU).$(BACKUP); \
echo "Clearing permissions on $(ALT_SU)"; \
chmod 0 $(ALT_SU).$(BACKUP); \
fi; \
echo "Copying OPIE su to $(ALT_SU)"; \
cp opiesu $(ALT_SU); \
echo "Changing ownership of $(ALT_SU)"; \
$(CHOWN) $(OWNER) $(ALT_SU); \
chgrp $(GROUP) $(ALT_SU); \
echo "Changing file permissions of $(ALT_SU)"; \
chmod 4111 $(ALT_SU); \
fi
@if test ! -z $(FTPD); \
then \
if test ! $(EXISTS) $(FTPD).$(BACKUP); \
then \
echo "Renaming existing $(FTPD) to $(FTPD).$(BACKUP)"; \
mv $(FTPD) $(FTPD).$(BACKUP); \
echo "Clearing permissions on $(FTPD).$(BACKUP)"; \
chmod 0 $(FTPD).$(BACKUP); \
fi; \
echo "Copying OPIE ftp daemon to $(FTPD)"; \
cp opieftpd $(FTPD); \
echo "Changing ownership of $(FTPD)"; \
$(CHOWN) $(OWNER) $(FTPD); \
chgrp $(GROUP) $(FTPD); \
echo "Changing file permissions of $(FTPD)"; \
chmod 0100 $(FTPD); \
fi
@echo "Making sure OPIE database file exists";
@touch $(KEY_FILE) @touch $(KEY_FILE)
@echo "Changing permissions of OPIE database file" @echo "Changing permissions of OPIE database file"
@chmod 0644 $(KEY_FILE) @chmod 0644 $(KEY_FILE)
@@ -230,16 +279,18 @@ libmissing/libmissing.a: libmissing/*.c
clean: clean:
-rm -f *.o opiekey opiegen opielogin opiepasswd opiesu opieftpd -rm -f *.o opiekey opiegen opielogin opiepasswd opiesu opieftpd
-rm -f opieserv opieinfo opietest *core* opietest-passed -rm -f opieserv opieinfo opietest opieauto *core* opietest-passed
-rm -f Makefile.munge configure.munger y.tab.c .gdb* -rm -f Makefile.munge configure.munger y.tab.c .gdb*
(cd libopie ; $(MAKE) clean) (cd libopie ; $(MAKE) clean)
(cd libmissing ; $(MAKE) clean) (cd libmissing ; $(MAKE) clean)
realclean: clean realclean: distclean
distclean: clean
-rm -f *~ core* "\#*\#" Makefile make.log -rm -f *~ core* "\#*\#" Makefile make.log
-rm -f config.log config.status config.cache config.h -rm -f config.log config.status config.cache config.h
(cd libopie ; $(MAKE) realclean) (cd libopie ; $(MAKE) distclean)
(cd libmissing ; $(MAKE) realclean) (cd libmissing ; $(MAKE) distclean)
opiekey: opiekey.o $(LDEPS) opiekey: opiekey.o $(LDEPS)
$(CC) $(CFLAGS) opiekey.o $(LFLAGS) -o opiekey $(CC) $(CFLAGS) opiekey.o $(LFLAGS) -o opiekey
@@ -270,3 +321,7 @@ opieinfo: opieinfo.o $(LDEPS)
opietest: opietest.o $(LDEPS) opietest: opietest.o $(LDEPS)
$(CC) $(CFLAGS) opietest.o $(LFLAGS) -o opietest $(CC) $(CFLAGS) opietest.o $(LFLAGS) -o opietest
opieauto: opieauto.o $(LDEPS)
$(CC) $(CFLAGS) opieauto.o $(LFLAGS) -o opieauto
+88 -44
View File
@@ -1,5 +1,5 @@
OPIE Software Distribution, Release 2.32 Important Information OPIE Software Distribution, Release 2.4 Important Information
======================================== ===================== ======================================= =====================
Introduction Introduction
============ ============
@@ -75,10 +75,18 @@ original Bellcore S/Key(tm) Version 1 software:
A Glance at What's New A Glance at What's New
====================== ======================
2.4 TEST VERSION -- NOT FOR REDISTRIBUTION
Merged in opieauto, which is disabled by default.
Lots of documentation updates.
Portability and bug fixes.
2.32 January 1, 1998. 2.32 January 1, 1998.
Indicate support for extended responses in challenges and check for Indicate support for extended responses in challenges and check for such
such indication before generating any extended responses. indication before generating any extended responses.
Lots of portability and bug fixes. Lots of portability and bug fixes.
@@ -86,6 +94,8 @@ A Glance at What's New
Removed active attack protection support due to patent problems. Removed active attack protection support due to patent problems.
Removed the supplemental key file; it did more harm than good.
Moved user locks to a separate directory. Moved user locks to a separate directory.
Moved user-serviceable configuration options to the configure script. Moved user-serviceable configuration options to the configure script.
@@ -101,18 +111,18 @@ planned future changes easier.
OTP extended responses, such as automatic re-initialization. OTP extended responses, such as automatic re-initialization.
Support for a supplemental key file that stores information that was Support for a supplemental key file that stores information that was not
not in the original /etc/skeykeys file. This allows OPIE to store extra data in the original /etc/skeykeys file. This allows OPIE to store extra data needed
needed for things like the OTP re-initialization extended response without for things like the OTP re-initialization extended response without breaking
breaking interoperability with other S/Key derived programs. This file is interoperability with other S/Key derived programs. This file is named
named "/etc/opiekeys.ext" by default. Unlike the standard key file, it MUST "/etc/opiekeys.ext" by default. Unlike the standard key file, it MUST NOT be
NOT be world readable. world readable.
OPIE should better support some of the native "features" of drain OPIE should better support some of the native "features" of drain bamaged
bamaged OSs such as AIX, HP-UX, and Solaris. OSs such as AIX, HP-UX, and Solaris.
OPIE's utmp/wtmp handling has been completely re-written. This should OPIE's utmp/wtmp handling has been completely re-written. This should solve
solve many of the utmp/wtmp problems people have been having. many of the utmp/wtmp problems people have been having.
Lots of cleanups. Lots of cleanups.
@@ -128,15 +138,14 @@ solve many of the utmp/wtmp problems people have been having.
2.2 April 11, 1996. 2.2 April 11, 1996.
opiesubr.c, opiesubr2.c, and a few other functions moved into opiesubr.c, opiesubr2.c, and a few other functions moved into a
a subdirectory and split into files with fine granularity. Ditto with subdirectory and split into files with fine granularity. Ditto with missing
missing function replacements. This subdirectory structure changes a lot function replacements. This subdirectory structure changes a lot of things
of things around and more splitting like this should be expected in the around and more splitting like this should be expected in the near future.
near future.
Added opiegenerator() library function that should make it very easy Added opiegenerator() library function that should make it very easy to
to create OTP clients using the OPIE library (this function is subject to create OTP clients using the OPIE library (this function is subject to change:
change: there are a few problems remaining to be solved). Just about re-write there are a few problems remaining to be solved). Just about re-wrote
opiegetpass() to use raw I/O and got most of the OPIE programs actually using opiegetpass() to use raw I/O and got most of the OPIE programs actually using
that function. Autoconf build fixes. Lots of bug fixes. Lots of portability that function. Autoconf build fixes. Lots of bug fixes. Lots of portability
fixes. Function declarations should be ANSI style for ANSI compilers. Several fixes. Function declarations should be ANSI style for ANSI compilers. Several
@@ -145,8 +154,8 @@ de-implemented.
Added sample programs: opiegen (client) and opieserv (server). Added sample programs: opiegen (client) and opieserv (server).
Probably broke non-autoconf support along the way :(. I've tried to Probably broke non-autoconf support along the way :(. I've tried to bring
bring this back in sync, but it may still be broken. this back in sync, but it may still be broken.
2.11 December 27, 1995. 2.11 December 27, 1995.
@@ -154,8 +163,16 @@ bring this back in sync, but it may still be broken.
2.10 December 26, 1995. 2.10 December 26, 1995.
Optional autoconf support. opieinfo is now a normal program. Optional autoconf support. opieinfo is now a normal program. Bugs fixed --
Bugs fixed -- should work much better on SunOS, HP-UX, and AIX. should work much better on SunOS, HP-UX, and AIX.
2.01 -- 2.04
Bug fix releases.
2.00
Initial release of OPIE 2.0.
System Requirements System Requirements
=================== ===================
@@ -177,12 +194,15 @@ OPIE code.
If OPIE Doesn't Work If OPIE Doesn't Work
==================== ====================
First and foremost, make sure you have the latest version of OPIE. The Under NO circumstances should you send trouble reports directly to the
latest version is available by anonymous FTP at: authors or contributors. They WILL BE IGNORED.
ftp://ftp.nrl.navy.mil/pub/security/opie Make sure you have the latest version of OPIE. The latest version is
and available by HTTP at:
ftp://ftp.inner.net/pub/opie
http://www.inner.net/pub/opie
(sorry, but anonymous FTP is no longer available)
If you have installed the OPIE software (either through "make test" If you have installed the OPIE software (either through "make test"
in (7) above or "make install" in (14)), you can run "make uninstall" from the in (7) above or "make install" in (14)), you can run "make uninstall" from the
@@ -194,7 +214,8 @@ installation procedure itself did not work properly.
If you are running a release version, try installing the latest public If you are running a release version, try installing the latest public
test version (look around). These frequently have already fixed the problem test version (look around). These frequently have already fixed the problem
you are seeing, but may have new problems of their own (that's why they're you are seeing, but may have new problems of their own (that's why they're
test versions!). test versions!). Similarly, if you are running a test version, try installing
the latest released version.
OPIE is NOT supported software. We don't promise to support you or OPIE is NOT supported software. We don't promise to support you or
even to acknowledge your mail, but we are interested in bug reports and are even to acknowledge your mail, but we are interested in bug reports and are
@@ -233,7 +254,7 @@ Gotchas
======= =======
Solaris 2.x is just a lose. It does a lot of nonstandard and downright Solaris 2.x is just a lose. It does a lot of nonstandard and downright
broken things. If you want OPIE to be reliable on your box, upgrade to NetBSD broken things. If you want OPIE to be reliable on your box, upgrade to OpenBSD
or Linux. or Linux.
While an almost universal "feature", most people remain unaware that While an almost universal "feature", most people remain unaware that
@@ -342,6 +363,25 @@ it puts them. The lock file directory must be a directory used only for OPIE
lock files. It must be a directory, owned by the superuser, and must be mode lock files. It must be a directory, owned by the superuser, and must be mode
0700. 0700.
opieauto is a potential security hole. It opens a limited window of
exposure by transmitting and storing information that can be used to
generate one or more OTPs earlier than the current sequence number. Every
effort has been made to limit the potential for compromise to the user-
specified window. However, an attacker with superuser priveleges or access to
your account on the client system can still generate OTPs based on the
information cached via opieauto. In practice, there are other ways for such an
an attacker to get your entire secret pass phrase, so this is probably not
creating a significant new security problem. However, because of this
potential for problems and because opieauto uses system features that are not
present on all systems, opieauto support is not compiled in by default and
must be specifically enabled at compile time.
Many users are running OPIE with the key file on a shared NFS volume
in order to use OTP as a single-login system for a cluster of machines. OPIE
was NOT designed to be operated this way, though it does seem to work. If it
fails or if this proves insecure, this is not OPIE's fault. Note that, if you
do this, you probably want to share the OPIE lock files too.
Gripes Gripes
====== ======
@@ -355,14 +395,12 @@ are complying to some or other "standard." My (cmetz) conclusion is that the
only thing that is standard about utmp and wtmp handling is that it will be only thing that is standard about utmp and wtmp handling is that it will be
nonstandard on any given system. I've tried a lot of things and I've wasted nonstandard on any given system. I've tried a lot of things and I've wasted
*a lot* of time on trying to make utmp and wtmp handling work for everybody; *a lot* of time on trying to make utmp and wtmp handling work for everybody;
my conclusion is that it will never happen. I personally am willing to stand my conclusion is that it will never happen. While I am still interested in
behind the code for utmp/wtmp handling on reasonable Linux and 4.4BSD-Lite hearing about fixes for utmp/wtmp on systems where they don't work, I'm not
systems. If it breaks, tell me and I will fix it. While I am still interested likely to go out of my way to fix utmp/wtmp handling. If you want it fixed,
in hearing about fixes for other OSs, I'm not likely to go out of my way to fix the best way to do it is to fix it yourself and contribute a patch. As long as
utmp/wtmp handling on them. If you want it fixed, the best way to do it is to the patch is reasonable, it will be included in the next release. If you can't
fix it yourself and give me a patch. As long as the patch is reasonable, I'll wait, use the --disable-utmp option.
include it in the next release. If you can't wait, use the --disable-utmp
option.
Credits Credits
======= =======
@@ -396,6 +434,8 @@ community effort. These contributors include:
Mowgli Assor Mowgli Assor
Lawrie Brown Lawrie Brown
Andrew Davis Andrew Davis
Taso N. Devetzis
Carson Gaspar
Dennis Glatting Dennis Glatting
Ben Golding Ben Golding
Axel Grewe Axel Grewe
@@ -403,16 +443,20 @@ community effort. These contributors include:
Kojima Hajime Kojima Hajime
Darren Hosking Darren Hosking
Matt Hucke Matt Hucke
Kenji Kamizono
Charles Karney Charles Karney
Jeff Kletsky Jeff Kletsky
Peter Koch
Martijn Koster Martijn Koster
Osamu Kurati Osamu Kurati
Ayamura Kikuchi Ayamura Kikuchi
Ronald van der Meer Ronald van der Meer
Bret Musser
Hiroshi Nakano Hiroshi Nakano
Ikuo Nakagawa Ikuo Nakagawa
Angelo Neri Angelo Neri
C. R. Oldham C. R. Oldham
Ossama Othman
D. Jason Penney D. Jason Penney
John Perkins John Perkins
Steve Price Steve Price
@@ -429,7 +473,7 @@ City, Virginia.
If you have problems with OPIE, please follow the instructions under If you have problems with OPIE, please follow the instructions under
"If OPIE Doesn't Work." Under NO circumstances should you send trouble "If OPIE Doesn't Work." Under NO circumstances should you send trouble
reports directly to the authors or contributors. reports directly to the authors or contributors. They WILL BE IGNORED.
Trademarks Trademarks
========== ==========
@@ -440,12 +484,12 @@ NRL is a trademark of the U. S. Naval Research Laboratory.
All other trademarks are trademarks of their respective owners. All other trademarks are trademarks of their respective owners.
The term "OPIE" is in the public domain and hence cannot be legally The term "OPIE" is in the public domain and hence cannot be legally
trademarked by anyone. trademarked by anyone. Please do not abuse it.
Copyrights Copyrights
========== ==========
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+76 -1
View File
@@ -1,7 +1,7 @@
/* acconfig.h: Extra commentary for Autoheader /* acconfig.h: Extra commentary for Autoheader
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -117,6 +117,15 @@ you didn't get a copy, you may request one from <license@inner.net>.
/* Define if there is a ut_host field in struct utmp */ /* Define if there is a ut_host field in struct utmp */
#undef HAVE_UT_HOST #undef HAVE_UT_HOST
/* Define if there is a ut_id field in struct utmp */
#undef HAVE_UT_ID
/* Define if there is a ut_syslen field in struct utmp */
#undef HAVE_UT_SYSLEN
/* Define if there is a utx_syslen field in struct utmpx */
#undef HAVE_UTX_SYSLEN
/* Define if the system has getutline() */ /* Define if the system has getutline() */
#undef HAVE_GETUTLINE #undef HAVE_GETUTLINE
@@ -149,3 +158,69 @@ you didn't get a copy, you may request one from <license@inner.net>.
/* Defined if user locking is to be used */ /* Defined if user locking is to be used */
#undef USER_LOCKING #undef USER_LOCKING
/* Defined if opieauto is to be used */
#undef OPIEAUTO
/* Define if you have the atexit function. */
#undef HAVE_ATEXIT
/* Define if you have the endutent function. */
#undef HAVE_ENDUTENT
/* Define if you have the initgroups function. */
#undef HAVE_INITGROUPS
/* Define if you have the memcmp function. */
#undef HAVE_MEMCMP
/* Define if you have the memcpy function. */
#undef HAVE_MEMCPY
/* Define if you have the memset function. */
#undef HAVE_MEMSET
/* Define if you have the getcwd function. */
#undef HAVE_GETCWD
/* Define if you have the getenv function. */
#undef HAVE_GETENV
/* Define if you have the getutline function. */
#undef HAVE_GETUTLINE
/* Define if you have the pututline function. */
#undef HAVE_PUTUTLINE
/* Define if you have the setenv function. */
#undef HAVE_SETENV
/* Define if you have the setegid function. */
#undef HAVE_SETEGID
/* Define if you have the seteuid function. */
#undef HAVE_SETEUID
/* Define if you have the setutent function. */
#undef HAVE_SETUTENT
/* Define if you have the sigprocmask function. */
#undef HAVE_SIGPROCMASK
/* Define if you have the strchr function. */
#undef HAVE_STRCHR
/* Define if you have the strrchr function. */
#undef HAVE_STRRCHR
/* Define if you have the strtoul function. */
#undef HAVE_STRTOUL
/* Define if you have the sysconf function. */
#undef HAVE_SYSCONF
/* Define if you have the uname function. */
#undef HAVE_UNAME
/* Define if you have the unsetenv function. */
#undef HAVE_UNSETENV
+75
View File
@@ -149,6 +149,12 @@
/* Define if there is a ut_host field in struct utmp */ /* Define if there is a ut_host field in struct utmp */
#undef HAVE_UT_HOST #undef HAVE_UT_HOST
/* Define if there is a ut_id field in struct utmp */
#undef HAVE_UT_ID
/* Define if there is a utx_syslen field in struct utmpx */
#undef HAVE_UTX_SYSLEN
/* Define if the system has getutline() */ /* Define if the system has getutline() */
#undef HAVE_GETUTLINE #undef HAVE_GETUTLINE
@@ -158,6 +164,9 @@
/* Defined if you want to disable utmp support */ /* Defined if you want to disable utmp support */
#undef DISABLE_UTMP #undef DISABLE_UTMP
/* Defined if you want to disable wtmp support */
#undef DISABLE_WTMP
/* Defined if you want to allow users to override the insecure checks */ /* Defined if you want to allow users to override the insecure checks */
#undef INSECURE_OVERRIDE #undef INSECURE_OVERRIDE
@@ -176,6 +185,72 @@
/* Defined if su should not switch to disabled accounts */ /* Defined if su should not switch to disabled accounts */
#undef SU_STAR_CHECK #undef SU_STAR_CHECK
/* Defined if opieauto is to be used */
#undef OPIEAUTO
/* Define if you have the atexit function. */
#undef HAVE_ATEXIT
/* Define if you have the endutent function. */
#undef HAVE_ENDUTENT
/* Define if you have the initgroups function. */
#undef HAVE_INITGROUPS
/* Define if you have the memcmp function. */
#undef HAVE_MEMCMP
/* Define if you have the memcpy function. */
#undef HAVE_MEMCPY
/* Define if you have the memset function. */
#undef HAVE_MEMSET
/* Define if you have the getcwd function. */
#undef HAVE_GETCWD
/* Define if you have the getenv function. */
#undef HAVE_GETENV
/* Define if you have the getutline function. */
#undef HAVE_GETUTLINE
/* Define if you have the pututline function. */
#undef HAVE_PUTUTLINE
/* Define if you have the setenv function. */
#undef HAVE_SETENV
/* Define if you have the setegid function. */
#undef HAVE_SETEGID
/* Define if you have the seteuid function. */
#undef HAVE_SETEUID
/* Define if you have the setutent function. */
#undef HAVE_SETUTENT
/* Define if you have the sigprocmask function. */
#undef HAVE_SIGPROCMASK
/* Define if you have the strchr function. */
#undef HAVE_STRCHR
/* Define if you have the strrchr function. */
#undef HAVE_STRRCHR
/* Define if you have the strtoul function. */
#undef HAVE_STRTOUL
/* Define if you have the sysconf function. */
#undef HAVE_SYSCONF
/* Define if you have the uname function. */
#undef HAVE_UNAME
/* Define if you have the unsetenv function. */
#undef HAVE_UNSETENV
/* Define if you have the bcopy function. */ /* Define if you have the bcopy function. */
#undef HAVE_BCOPY #undef HAVE_BCOPY
+622 -297
View File
File diff suppressed because it is too large Load Diff
+39 -19
View File
@@ -1,7 +1,7 @@
dnl configure.in: Input for Autoconf dnl configure.in: Input for Autoconf
dnl dnl
dnl %%% portions-copyright-cmetz-96 dnl %%% portions-copyright-cmetz-96
dnl Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights dnl Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
dnl Reserved. The Inner Net License Version 2 applies to these portions of dnl Reserved. The Inner Net License Version 2 applies to these portions of
dnl the software. dnl the software.
dnl You should have received a copy of the license with this software. If dnl You should have received a copy of the license with this software. If
@@ -14,6 +14,11 @@ dnl License Agreement applies to this software.
dnl dnl
dnl History: dnl History:
dnl dnl
dnl Modified by cmetz for OPIE 2.4. Add --enable-opieauto option. Check
dnl for ut_id and ut_syslen. Make disable-wtmp disable wtmp not utmp.
dnl Define HAVE_foo if foo is found by the libmissing function check.
dnl Added checks for libmissing functions that were there but never
dnl actually checked for and therefore available.
dnl Modified by cmetz for OPIE 2.32. Substitute default for LOCK_DIR. dnl Modified by cmetz for OPIE 2.32. Substitute default for LOCK_DIR.
dnl Fix the --disable-user-locking bug. AC_DEFINE variables to 1. dnl Fix the --disable-user-locking bug. AC_DEFINE variables to 1.
dnl Really check for ut_host. dnl Really check for ut_host.
@@ -72,9 +77,11 @@ AC_ARG_ENABLE(su-star-check, [ --enable-su-star-check Refuse to switch to disa
AC_ARG_ENABLE(new-prompts, [ --disable-new-prompts Use more compatible (but less informative) prompts],, AC_DEFINE(NEW_PROMPTS, 1)) AC_ARG_ENABLE(new-prompts, [ --disable-new-prompts Use more compatible (but less informative) prompts],, AC_DEFINE(NEW_PROMPTS, 1))
AC_ARG_ENABLE(insecure-override, [ --enable-insecure-override AC_ARG_ENABLE(insecure-override, [ --enable-insecure-override
Allow users to override insecure checks], AC_DEFINE(INSECURE_OVERRIDE, 1)) Allow users to override insecure checks], AC_DEFINE(INSECURE_OVERRIDE, 1))
AC_ARG_ENABLE(anonymous-ftp, [ --enable-anonymous-ftp Enable anonymous FTP support], AC_DEFINE(DOANONYMOUS, 1) echo "Enabling anonymous FTP support in ftp -- don't say we didn't warn you!") AC_ARG_ENABLE(anonymous-ftp, [ --enable-anonymous-ftp Enable anonymous FTP support], AC_DEFINE(DOANONYMOUS, 1) echo "enabling anonymous FTP support in ftp -- don't say we didn't warn you!")
AC_ARG_ENABLE(utmp, [ --disable-utmp Disable utmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "Disabling utmp logging") AC_ARG_ENABLE(utmp, [ --disable-utmp Disable utmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "disabling utmp logging")
AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable wtmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "Disabling wtmp logging") AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable wtmp logging], AC_DEFINE(DISABLE_WTMP, 1) echo "disabling wtmp logging")
AC_ARG_ENABLE(opieauto, [ --enable-opieauto Enable support for opieauto], AC_DEFINE(OPIEAUTO, 1) OPIEAUTO=opieauto; echo "enabling opieauto support")
AC_SUBST(OPIEAUTO)
dnl Checks for programs. dnl Checks for programs.
AC_PROG_CC AC_PROG_CC
@@ -484,6 +491,15 @@ dnl #include <utmp.h>], [struct utmp foo; return (int)foo.ut_user[0];], AC_DEFIN
AC_MSG_CHECKING(for ut_host in struct utmp) AC_MSG_CHECKING(for ut_host in struct utmp)
AC_TRY_COMPILE([#include <sys/types.h> AC_TRY_COMPILE([#include <sys/types.h>
#include <utmp.h>], [struct utmp foo; return (int)foo.ut_host[0];], AC_DEFINE(HAVE_UT_HOST) AC_MSG_RESULT(yes), AC_MSG_RESULT(no)) #include <utmp.h>], [struct utmp foo; return (int)foo.ut_host[0];], AC_DEFINE(HAVE_UT_HOST) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
AC_MSG_CHECKING(for ut_id in struct utmp)
AC_TRY_COMPILE([#include <sys/types.h>
#include <utmp.h>], [struct utmp foo; return (int)foo.ut_id[0];], AC_DEFINE(HAVE_UT_ID) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
#AC_MSG_CHECKING(for ut_syslen in struct utmp)
#AC_TRY_COMPILE([#include <sys/types.h>
##include <utmp.h>], [struct utmp foo; return (int)foo.ut_syslen;], AC_DEFINE(HAVE_UT_SYSLEN) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
AC_MSG_CHECKING(for ut_syslen in struct utmpx)
AC_TRY_COMPILE([#include <sys/types.h>
#include <utmpx.h>], [struct utmpx foo; return (int)foo.ut_syslen;], AC_DEFINE(HAVE_UTX_SYSLEN) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
dnl Checks for library functions. dnl Checks for library functions.
dnl AC_PROG_GCC_TRADITIONAL dnl AC_PROG_GCC_TRADITIONAL
@@ -495,24 +511,28 @@ AC_FUNC_MEMCMP
AC_FUNC_ALLOCA AC_FUNC_ALLOCA
AC_REPLACE_FUNCS(getusershell sigaddset sigemptyset strerror strncasecmp) AC_REPLACE_FUNCS(getusershell sigaddset sigemptyset strerror strncasecmp)
MISSING="$LIBOBJS $ALLOCA " ; MISSING="$LIBOBJS $ALLOCA " ;
AC_CHECK_FUNC(atexit,, MISSING="${MISSING}atexit.o "; AC_CHECK_FUNCS(on_exit))
AC_CHECK_FUNC(endutent,, MISSING="${MISSING}endutent.o ") dnl These should be simplified by a macro
AC_CHECK_FUNC(memcpy,, MISSING="${MISSING}memcpy.o "; AC_CHECK_FUNCS(bcopy)) AC_CHECK_FUNC(atexit, AC_DEFINE(HAVE_ATEXIT), MISSING="${MISSING}atexit.o "; AC_CHECK_FUNCS(on_exit))
AC_CHECK_FUNC(memset,, MISSING="${MISSING}memset.o "; AC_CHECK_FUNCS(bzero)) AC_CHECK_FUNC(endutent, AC_DEFINE(HAVE_ENDUTENT), MISSING="${MISSING}endutent.o ")
AC_CHECK_FUNC(getcwd,, MISSING="${MISSING}getcwd.o "; AC_CHECK_FUNCS(getwd)) AC_CHECK_FUNC(initgroups, AC_DEFINE(HAVE_INITGROUPS), MISSING="${MISSING}initgroups.o ")
AC_CHECK_FUNC(memcmp, AC_DEFINE(HAVE_MEMCMP), MISSING="${MISSING}memcmp.o ")
AC_CHECK_FUNC(memcpy, AC_DEFINE(HAVE_MEMCPY), MISSING="${MISSING}memcpy.o "; AC_CHECK_FUNCS(bcopy))
AC_CHECK_FUNC(memset, AC_DEFINE(HAVE_MEMSET), MISSING="${MISSING}memset.o "; AC_CHECK_FUNCS(bzero))
AC_CHECK_FUNC(getcwd, AC_DEFINE(HAVE_GETCWD), MISSING="${MISSING}getcwd.o "; AC_CHECK_FUNCS(getwd))
AC_CHECK_FUNC(getenv, AC_DEFINE(HAVE_GETENV), MISSING="${MISSING}env.o ") AC_CHECK_FUNC(getenv, AC_DEFINE(HAVE_GETENV), MISSING="${MISSING}env.o ")
AC_CHECK_FUNC(getutline, AC_DEFINE(HAVE_GETUTLINE), MISSING="${MISSING}getutline.o "; AC_CHECK_FUNCS(ttyslot)) AC_CHECK_FUNC(getutline, AC_DEFINE(HAVE_GETUTLINE), MISSING="${MISSING}getutline.o "; AC_CHECK_FUNCS(ttyslot))
AC_CHECK_FUNC(pututline,, MISSING="${MISSING}pututline.o "; AC_CHECK_FUNCS(ttyslot)) AC_CHECK_FUNC(pututline, AC_DEFINE(HAVE_PUTUTLINE), MISSING="${MISSING}pututline.o "; AC_CHECK_FUNCS(ttyslot))
AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), MISSING="${MISSING}env.o ") AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), MISSING="${MISSING}env.o ")
AC_CHECK_FUNC(setegid,, MISSING="${MISSING}setegid.o "; AC_CHECK_FUNCS(setregid setresgid)) AC_CHECK_FUNC(setegid, AC_DEFINE(HAVE_SETEGID), MISSING="${MISSING}setegid.o "; AC_CHECK_FUNCS(setregid setresgid))
AC_CHECK_FUNC(seteuid,, MISSING="${MISSING}seteuid.o "; AC_CHECK_FUNCS(setreuid setresuid)) AC_CHECK_FUNC(seteuid, AC_DEFINE(HAVE_SETEUID), MISSING="${MISSING}seteuid.o "; AC_CHECK_FUNCS(setreuid setresuid))
AC_CHECK_FUNC(setutent,, MISSING="${MISSING}setutent.o ") AC_CHECK_FUNC(setutent, AC_DEFINE(HAVE_SETUTENT), MISSING="${MISSING}setutent.o ")
AC_CHECK_FUNC(sigprocmask,, MISSING="${MISSING}sigprocmask.o "; AC_CHECK_FUNCS(sigblock sigsetmask)) AC_CHECK_FUNC(sigprocmask, AC_DEFINE(HAVE_SIGPROCMASK), MISSING="${MISSING}sigprocmask.o "; AC_CHECK_FUNCS(sigblock sigsetmask))
AC_CHECK_FUNC(strchr,, MISSING="${MISSING}strchr.o "; AC_CHECK_FUNCS(index)) AC_CHECK_FUNC(strchr, AC_DEFINE(HAVE_STRCHR), MISSING="${MISSING}strchr.o "; AC_CHECK_FUNCS(index))
AC_CHECK_FUNC(strrchr,, MISSING="${MISSING}strrchr.o "; AC_CHECK_FUNCS(rindex)) AC_CHECK_FUNC(strrchr, AC_DEFINE(HAVE_STRRCHR), MISSING="${MISSING}strrchr.o "; AC_CHECK_FUNCS(rindex))
AC_CHECK_FUNC(strtoul,, MISSING="${MISSING}strtoul.o ") AC_CHECK_FUNC(strtoul, AC_DEFINE(HAVE_STRTOUL), MISSING="${MISSING}strtoul.o ")
AC_CHECK_FUNC(sysconf,, MISSING="${MISSING}sysconf.o "; AC_CHECK_FUNCS(getdtablesize)) AC_CHECK_FUNC(sysconf, AC_DEFINE(HAVE_SYSCONF), MISSING="${MISSING}sysconf.o "; AC_CHECK_FUNCS(getdtablesize))
AC_CHECK_FUNC(uname,, MISSING="${MISSING}uname.o "; AC_CHECK_FUNCS(gethostname)) AC_CHECK_FUNC(uname, AC_DEFINE(HAVE_UNAME), MISSING="${MISSING}uname.o "; AC_CHECK_FUNCS(gethostname))
AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV), MISSING="${MISSING}env.o ") AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV), MISSING="${MISSING}env.o ")
AC_SUBST(MISSING) AC_SUBST(MISSING)
+4 -3
View File
@@ -1,7 +1,7 @@
/* ftpcmd.y: yacc parser for the FTP daemon. /* ftpcmd.y: yacc parser for the FTP daemon.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -9,6 +9,7 @@ you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Use DOTITLE rather than SETPROCTITLE.
Modified by cmetz for OPIE 2.3. Moved LS_COMMAND here. Modified by cmetz for OPIE 2.3. Moved LS_COMMAND here.
Modified by cmetz for OPIE 2.2. Fixed a *lot* of warnings. Modified by cmetz for OPIE 2.2. Fixed a *lot* of warnings.
Use FUNCTION declaration et al. Removed useless strings. Use FUNCTION declaration et al. Removed useless strings.
@@ -962,10 +963,10 @@ int yylex FUNCTION_NOARGS
dologout(0); dologout(0);
} }
(void) alarm(0); (void) alarm(0);
#ifdef SETPROCTITLE #if DOTITLE
if (strncasecmp(cbuf, "PASS", 4) != NULL) if (strncasecmp(cbuf, "PASS", 4) != NULL)
setproctitle("%s: %s", proctitle, cbuf); setproctitle("%s: %s", proctitle, cbuf);
#endif /* SETPROCTITLE */ #endif /* DOTITLE */
if ((cp = strchr(cbuf, '\r'))) { if ((cp = strchr(cbuf, '\r'))) {
*cp++ = '\n'; *cp++ = '\n';
*cp = '\0'; *cp = '\0';
+2 -2
View File
@@ -1,8 +1,8 @@
/* glob.c: The csh et al glob pattern matching routines. /* glob.c: The csh et al glob pattern matching routines.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
+9 -5
View File
@@ -2,29 +2,33 @@
# Makefile.in/Makefile: Directions for building libmissing. # Makefile.in/Makefile: Directions for building libmissing.
# #
# %%% copyright-cmetz-96 # %%% copyright-cmetz-96
# This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. # This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
# The Inner Net License Version 2 applies to this software. # The Inner Net License Version 3 applies to this software.
# You should have received a copy of the license with this software. If # You should have received a copy of the license with this software. If
# you didn't get a copy, you may request one from <license@inner.net>. # you didn't get a copy, you may request one from <license@inner.net>.
# #
# History: # History:
# #
# Modified by cmetz for OPIE 2.4. Add current dir to include header path.
# Use ar 'cr' instead of 'r'. Renamed realclean to distclean.
# Created by cmetz for OPIE 2.3 using old Makefiles as a guide. # Created by cmetz for OPIE 2.3 using old Makefiles as a guide.
OBJS=bogus.o @MISSING@ OBJS=bogus.o @MISSING@
CC=@CC@ CC=@CC@
CFLAGS=$(CFL) -I.. CFLAGS=$(CFL) -I.. -I.
TARGET=libmissing.a TARGET=libmissing.a
all: $(TARGET) all: $(TARGET)
$(TARGET): $(OBJS) $(TARGET): $(OBJS)
ar r $(TARGET) $(OBJS) ar cr $(TARGET) $(OBJS)
@RANLIB@ $(TARGET) @RANLIB@ $(TARGET)
clean: clean:
-rm -f $(OBJS) $(TARGET) -rm -f $(OBJS) $(TARGET)
realclean: clean realclean: distclean
distclean: clean
-rm -f *~ core* "\#*\#" *.o *.a Makefile -rm -f *~ core* "\#*\#" *.o *.a Makefile
+2 -2
View File
@@ -1,8 +1,8 @@
/* endutent.c: A replacement for the endutent function /* endutent.c: A replacement for the endutent function
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
+2 -2
View File
@@ -1,8 +1,8 @@
/* getutline.c: A replacement for the getutline() function /* getutline.c: A replacement for the getutline() function
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
+2 -2
View File
@@ -1,8 +1,8 @@
/* pututline.c: A replacement for the pututline() function /* pututline.c: A replacement for the pututline() function
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
+2 -2
View File
@@ -1,8 +1,8 @@
/* setutent.c: A replacement for the setutent function /* setutent.c: A replacement for the setutent function
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
+9 -5
View File
@@ -2,30 +2,34 @@
# Makefile.in/Makefile: Directions for building libopie. # Makefile.in/Makefile: Directions for building libopie.
# #
# %%% copyright-cmetz-96 # %%% copyright-cmetz-96
# This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. # This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
# The Inner Net License Version 2 applies to this software. # The Inner Net License Version 3 applies to this software.
# You should have received a copy of the license with this software. If # You should have received a copy of the license with this software. If
# you didn't get a copy, you may request one from <license@inner.net>. # you didn't get a copy, you may request one from <license@inner.net>.
# #
# History: # History:
# #
# Modified by cmetz for OPIE 2.4. Add libmissing to include header path.
# Use ar 'cr' instead of 'r'. Renamed realclean to distclean.
# Modified by cmetz for OPIE 2.31. Added logwtmp.o # Modified by cmetz for OPIE 2.31. Added logwtmp.o
# Created by cmetz for OPIE 2.3 using old Makefiles as a guide. # Created by cmetz for OPIE 2.3 using old Makefiles as a guide.
OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o logwtmp.o # sha.o OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o logwtmp.o # sha.o
CC=@CC@ CC=@CC@
CFLAGS=$(CFL) -I.. CFLAGS=$(CFL) -I.. -I../libmissing
TARGET=libopie.a TARGET=libopie.a
all: $(TARGET) all: $(TARGET)
$(TARGET): $(OBJS) $(TARGET): $(OBJS)
ar r $(TARGET) $(OBJS) ar cr $(TARGET) $(OBJS)
@RANLIB@ $(TARGET) @RANLIB@ $(TARGET)
clean: clean:
-rm -f $(OBJS) $(TARGET) -rm -f $(OBJS) $(TARGET)
realclean: clean realclean: distclean
distclean: clean
-rm -f *~ core* "\#*\#" *.o *.a Makefile -rm -f *~ core* "\#*\#" *.o *.a Makefile
+1 -1
View File
@@ -2,7 +2,7 @@
overrides. overrides.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+4 -2
View File
@@ -1,7 +1,7 @@
/* atob8.c: The opieatob8() library function. /* atob8.c: The opieatob8() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
Modified by cmetz for OPIE 2.3. Return the output variable. Modified by cmetz for OPIE 2.3. Return the output variable.
Don't check parameters. Don't check parameters.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
@@ -27,10 +28,11 @@ License Agreement applies to this software.
/* Convert 8-byte hex-ascii string to binary array /* Convert 8-byte hex-ascii string to binary array
*/ */
char *opieatob8 FUNCTION((out, in), char *out AND char *in) char *opieatob8 FUNCTION((out, in), struct opie_otpkey *outkey AND char *in)
{ {
register int i; register int i;
register int val; register int val;
unsigned char *out = (unsigned char *)outkey;
for (i = 0; i < 8; i++) { for (i = 0; i < 8; i++) {
while (*in == ' ' || *in == '\t') while (*in == ' ' || *in == '\t')
+5 -3
View File
@@ -1,13 +1,14 @@
/* btoa8.c: The opiebtoa8() library function. /* btoa8.c: The opiebtoa8() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
Created by cmetz for OPIE 2.3 (quick re-write). Created by cmetz for OPIE 2.3 (quick re-write).
*/ */
@@ -17,9 +18,10 @@ you didn't get a copy, you may request one from <license@inner.net>.
static char hextochar[16] = static char hextochar[16] =
{'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
char *opiebtoa8 FUNCTION((out, in), char *out AND char *in) char *opiebtoa8 FUNCTION((out, in), char *out AND struct opie_otpkey *inkey)
{ {
int i; int i;
unsigned char *in = (unsigned char *)inkey;
char *c = out; char *c = out;
for (i = 0; i < 8; i++) { for (i = 0; i < 8; i++) {
+8 -7
View File
@@ -3,7 +3,7 @@
64 bit OTP. 64 bit OTP.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -16,6 +16,7 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
Remove unnecessary address futzing with Wp in opiebtoe. Remove unnecessary address futzing with Wp in opiebtoe.
Changed unsigned long to UINT4 for Alpha. Changed unsigned long to UINT4 for Alpha.
@@ -2088,13 +2089,13 @@ static char Wp[2048][4] =
}; };
/* Encode 8 bytes in 'c' as a string of English words. */ /* Encode 8 bytes in 'c' as a string of English words. */
char *opiebtoe FUNCTION((engout, c), char *engout AND char *c) char *opiebtoe FUNCTION((engout, c), char *engout AND struct opie_otpkey *c)
{ {
char cp[9]; /* add in room for the parity 2 bits */ char cp[sizeof(struct opie_otpkey) + 1]; /* add in room for the parity 2 bits */
int p, i; int p, i;
engout[0] = '\0'; engout[0] = '\0';
memcpy(cp, c, 8); memcpy(cp, c, sizeof(struct opie_otpkey));
/* compute parity */ /* compute parity */
for (p = 0, i = 0; i < 64; i += 2) for (p = 0, i = 0; i < 64; i += 2)
p += extract(cp, i, 2); p += extract(cp, i, 2);
@@ -2120,7 +2121,7 @@ char *opiebtoe FUNCTION((engout, c), char *engout AND char *c)
* -1 badly formed in put ie > 4 char word * -1 badly formed in put ie > 4 char word
* -2 words OK but parity is wrong * -2 words OK but parity is wrong
*/ */
int opieetob FUNCTION((out, e), char *out AND char *e) int opieetob FUNCTION((out, e), struct opie_otpkey *out AND char *e)
{ {
char *word, *c, *input, b[9]; char *word, *c, *input, b[9];
int i, p, v, l, low, high, rval = -1; int i, p, v, l, low, high, rval = -1;
@@ -2137,7 +2138,7 @@ int opieetob FUNCTION((out, e), char *out AND char *e)
strncpy(input, e, i); strncpy(input, e, i);
input[i] = 0; input[i] = 0;
memset(b, 0, sizeof(b)); memset(b, 0, sizeof(b));
memset(out, 0, 8); memset(out, 0, sizeof(struct opie_otpkey));
for (i = 0, p = 0, word = c = input; i < 6; i++, p += 11) { for (i = 0, p = 0, word = c = input; i < 6; i++, p += 11) {
while (*c && !isalpha(*c)) c++; while (*c && !isalpha(*c)) c++;
@@ -2187,7 +2188,7 @@ int opieetob FUNCTION((out, e), char *out AND char *e)
goto opiebtoeret; goto opiebtoeret;
} }
memcpy(out, b, 8); memcpy(out, b, sizeof(struct opie_otpkey));
rval = 1; rval = 1;
+4 -3
View File
@@ -1,8 +1,8 @@
/* btoh.c: The opiebtoh() library function. /* btoh.c: The opiebtoh() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
@@ -17,10 +17,11 @@ you didn't get a copy, you may request one from <license@inner.net>.
static char hextochar[16] = static char hextochar[16] =
{'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'}; {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
char *opiebtoh FUNCTION((out, in), char *out AND char *in) char *opiebtoh FUNCTION((out, in), char *out AND struct opie_otpkey *inkey)
{ {
int i; int i;
char *c = out; char *c = out;
unsigned char *in = (unsigned char *)inkey;
for (i = 0; i < 4; i++) { for (i = 0; i < 4; i++) {
*(c++) = hextochar[((*in) >> 4) & 0x0f]; *(c++) = hextochar[((*in) >> 4) & 0x0f];
+4 -4
View File
@@ -1,7 +1,7 @@
/* challenge.c: The opiechallenge() library function. /* challenge.c: The opiechallenge() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -66,11 +66,11 @@ int opiechallenge FUNCTION((mp, name, ss), struct opie *mp AND char *name AND ch
#endif /* DEBUG */ #endif /* DEBUG */
} }
if (rval) { if (rval ||
(snprintf(ss, OPIE_CHALLENGE_MAX, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX)) {
opierandomchallenge(ss); opierandomchallenge(ss);
memset(mp, 0, sizeof(*mp)); memset(mp, 0, sizeof(*mp));
} else }
sprintf(ss, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed);
return rval; return rval;
} }
+318 -26
View File
@@ -1,7 +1,7 @@
/* generator.c: The opiegenerator() library function. /* generator.c: The opiegenerator() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -9,6 +9,9 @@ you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Added opieauto code based on
previously released test code. Renamed buffer to challenge.
Use struct opie_otpkey for keys.
Modified by cmetz for OPIE 2.32. If secret=NULL, always return Modified by cmetz for OPIE 2.32. If secret=NULL, always return
as if opieauto returned "get the secret". Renamed as if opieauto returned "get the secret". Renamed
_opieparsechallenge() to __opieparsechallenge(). Check _opieparsechallenge() to __opieparsechallenge(). Check
@@ -31,73 +34,362 @@ you didn't get a copy, you may request one from <license@inner.net>.
#if HAVE_STRING_H #if HAVE_STRING_H
#include <string.h> #include <string.h>
#endif /* HAVE_STRING_H */ #endif /* HAVE_STRING_H */
#if OPIEAUTO
#include <errno.h>
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif /* HAVE_STDLIB_H */
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
#endif /* OPIEAUTO */
#if DEBUG
#include <syslog.h>
#endif /* DEBUG */
#include "opie.h" #include "opie.h"
static char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" }; static char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
int opiegenerator FUNCTION((buffer, secret, response), char *buffer AND char *secret AND char *response) #if OPIEAUTO
#ifndef max
#define max(x, y) (((x) > (y)) ? (x) : (y))
#endif /* max */
static int opieauto_connect FUNCTION_NOARGS
{
int s;
struct sockaddr_un sun;
char buffer[1024];
char *c, *c2 ="/.opieauto";
uid_t myuid = getuid(), myeuid = geteuid();
if (!myuid || !myeuid || (myuid != myeuid)) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: superuser and/or setuid not allowed");
#endif /* DEBUG */
return -1;
};
memset(&sun, 0, sizeof(struct sockaddr_un));
sun.sun_family = AF_UNIX;
if (!(c = getenv("HOME"))) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: no HOME variable?");
#endif /* DEBUG */
return -1;
};
if (strlen(c) > (sizeof(sun.sun_path) - strlen(c2) - 1)) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: HOME is too long: %s", c);
#endif /* DEBUG */
return -1;
};
strcpy(sun.sun_path, c);
strcat(sun.sun_path, c2);
if ((s = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: socket: %s(%d)", strerror(errno), errno);
#endif /* DEBUG */
return -1;
};
{
struct stat st;
if (stat(sun.sun_path, &st) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: stat: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
goto ret;
};
if (connect(s, (struct sockaddr *)&sun, sizeof(struct sockaddr_un))) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: connect: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
goto ret;
};
if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600)) {
#if DEBUG
syslog(LOG_DEBUG, "opieauto_connect: something's fishy about the socket\n");
#endif /* DEBUG */
goto ret;
};
};
return s;
ret:
close(s);
return -1;
};
#endif /* OPIEAUTO */
int opiegenerator FUNCTION((challenge, secret, response), char *challenge AND char *secret AND char *response)
{ {
int algorithm; int algorithm;
int sequence; int sequence;
char *seed; char *seed;
char key[8]; struct opie_otpkey key;
int i; int i;
int exts; int exts;
#if OPIEAUTO
int s;
int window;
char cmd[1+1+1+1+4+1+OPIE_SEED_MAX+1+4+1+4+1+4+1+4+1];
char *c;
#endif /* OPIEAUTO */
if (!(buffer = strstr(buffer, "otp-"))) if (!(challenge = strstr(challenge, "otp-")))
return 1; return 1;
buffer += 4; challenge += 4;
if (__opieparsechallenge(buffer, &algorithm, &sequence, &seed, &exts)) if (__opieparsechallenge(challenge, &algorithm, &sequence, &seed, &exts))
return 1; return 1;
if ((sequence < 2) || (sequence > 9999)) if ((sequence < 2) || (sequence > 9999))
return 1; return 1;
if (!secret[0]) if (*secret) {
return 2;
if (opiepasscheck(secret)) if (opiepasscheck(secret))
return -2; return -2;
if (i = opiekeycrunch(algorithm, key, seed, secret)) if (i = opiekeycrunch(algorithm, &key, seed, secret))
return i; return i;
if (sequence < 10) { if (sequence <= OPIE_SEQUENCE_RESTRICT) {
if (!(exts & 1)) if (!(exts & 1))
return 1; return 1;
{ {
char newseed[OPIE_SEED_MAX + 1]; char newseed[OPIE_SEED_MAX + 1];
char newkey[8]; struct opie_otpkey newkey;
char *c; char *c;
char buf[OPIE_SEED_MAX + 48 + 1]; char buf[OPIE_SEED_MAX + 48 + 1];
while (sequence-- != 0) while (sequence-- != 0)
opiehash(key, algorithm); opiehash(&key, algorithm);
if (opienewseed(strcpy(newseed, seed)) < 0) if (opienewseed(strcpy(newseed, seed)) < 0)
return -1; return -1;
if (opiekeycrunch(algorithm, newkey, newseed, secret)) if (opiekeycrunch(algorithm, &newkey, newseed, secret))
return -1; return -1;
for (i = 0; i < 499; i++) for (i = 0; i < 499; i++)
opiehash(newkey, algorithm); opiehash(&newkey, algorithm);
strcpy(response, "init-hex:"); strcpy(response, "init-hex:");
strcat(response, opiebtoh(buf, key)); strcat(response, opiebtoh(buf, &key));
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed); if (snprintf(buf, sizeof(buf), ":%s 499 %s:", algids[algorithm],
strcat(response, buf); newseed) >= sizeof(buf)) {
strcat(response, opiebtoh(buf, newkey)); #ifdef DEBUG
}; syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at init-hex");
} else { #endif /* DEBUG */
while (sequence-- != 0) return -1;
opiehash(key, algorithm);
opiebtoh(response, key);
} }
strcat(response, buf);
strcat(response, opiebtoh(buf, &newkey));
};
};
};
#if OPIEAUTO
if ((s = opieauto_connect()) >= 0) {
if ((i = read(s, cmd, sizeof(cmd)-1)) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
close(s);
s = -1;
goto l0;
};
cmd[i] = 0;
if ((cmd[0] != 'C') || (cmd[1] != '+') || (cmd[2] != ' ')) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: got invalid/failing C+ response: %s\n", cmd);
#endif /* DEBUG */
close(s);
s = -1;
goto l0;
};
window = strtoul(&cmd[3], &c, 10);
if (!window || (window >= (OPIE_SEQUENCE_MAX - OPIE_SEQUENCE_RESTRICT)) || !isspace(*c)) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: got bogus option response: %s\n", cmd);
#endif /* DEBUG */
close(s);
s = -1;
goto l0;
};
};
l0:
if (*secret) {
int j;
if (s < 0) {
j = 0;
goto l1;
};
j = max(sequence - window + 1, OPIE_SEQUENCE_RESTRICT);
for (i = j; i > 0; i--)
opiehash(&key, algorithm);
{
char buf[16+1];
opiebtoa8(buf, &key);
if (snprintf(cmd, sizeof(cmd), "S= %d %d %s %s\n", algorithm, sequence,
seed, buf) >= sizeof(cmd)) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at S=\n");
#endif /* DEBUG */
goto l1;
}
}
if (write(s, cmd, i = strlen(cmd)) != i) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
goto l1;
};
if ((i = read(s, cmd, sizeof(cmd))) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
};
close(s);
cmd[i] = 0;
i = strlen(seed);
if ((cmd[0] != 'S') || (cmd[1] != '+') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i) || (*(c + i) != '\n')) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: got invalid/failing S+ response: %s\n", cmd);
#endif /* DEBUG */
};
l1:
for (i = sequence - j; i > 0; i--)
opiehash(&key, algorithm);
opiebtoh(response, &key);
} else {
if (s < 0)
goto l2;
if ((snprintf(cmd, sizeof(cmd), "s= %d %d %s\n", algorithm, sequence,
seed) >= sizeof(cmd))) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at s=\n");
#endif /* DEBUG */
goto l2;
}
if (write(s, cmd, i = strlen(cmd)) != i) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
goto l2;
};
if ((i = read(s, cmd, sizeof(cmd))) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
#endif /* DEBUG */
goto l2;
};
close(s);
i = strlen(seed);
if ((cmd[0] != 's') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i)) {
#if DEBUG
if (c)
*c = 0;
else
cmd[3] = 0;
syslog(LOG_DEBUG, "opiegenerator: got bogus/invalid s response: %s\n", cmd);
#endif /* DEBUG */
goto l2;
};
c += i;
if (cmd[1] == '-') {
#if DEBUG
if (*c != '\n') {
*c = 0;
syslog(LOG_DEBUG, "opiegenerator: got invalid s- response: %s\n", cmd);
};
#endif /* DEBUG */
goto l2;
};
if (cmd[1] != '+') {
#if DEBUG
*c = 0;
syslog(LOG_DEBUG, "opiegenerator: got invalid s response: %s\n", cmd);
#endif /* DEBUG */
goto l2;
};
{
char *c2;
if (!(c2 = strchr(++c, '\n'))) {
#if DEBUG
*c = 0;
syslog(LOG_DEBUG, "opiegenerator: got invalid s+ response: %s\n", cmd);
#endif /* DEBUG */
goto l2;
};
*c2++ = 0;
};
if (!opieatob8(&key, c))
goto l2;
opiebtoh(response, &key);
};
if (s >= 0)
close(s);
#else /* OPIEAUTO */
if (*secret) {
while (sequence-- != 0)
opiehash(&key, algorithm);
opiebtoh(response, &key);
} else
return -2;
#endif /* OPIEAUTO */
return 0; return 0;
}
#if OPIEAUTO
l2:
#if DEBUG
syslog(LOG_DEBUG, "opiegenerator: no opieauto response available.\n");
#endif /* DEBUG */
if (s >= 0)
close(s);
return -2;
#endif /* OPIEAUTO */
};
+1 -1
View File
@@ -1,7 +1,7 @@
/* getsequence.c: The opiegetsequence() library function. /* getsequence.c: The opiegetsequence() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+2 -2
View File
@@ -1,8 +1,8 @@
/* getutmpentry.c: The __opiegetutmpentry() library function. /* getutmpentry.c: The __opiegetutmpentry() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
+19 -15
View File
@@ -1,14 +1,15 @@
/* hash.c: The opiehash() library function. /* hash.c: The opiehash() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Updated by cmetz for OPIE 2.31. Added SHA support (which may Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
Modified by cmetz for OPIE 2.31. Added SHA support (which may
not be correct). Backed out previous optimizations as not be correct). Backed out previous optimizations as
they killed thread-safety. they killed thread-safety.
Created by cmetz for OPIE 2.3 using the old hash.c as a guide. Created by cmetz for OPIE 2.3 using the old hash.c as a guide.
@@ -20,20 +21,21 @@ you didn't get a copy, you may request one from <license@inner.net>.
#endif /* 0 */ #endif /* 0 */
#include "opie.h" #include "opie.h"
VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm) VOIDRET opiehash FUNCTION((x, algorithm), struct opie_otpkey *results AND
unsigned algorithm)
{ {
UINT4 *results = (UINT4 *)x;
switch(algorithm) { switch(algorithm) {
#if 0 #if 0
case 3: case 3:
{ {
SHA_CTX sha; SHA_CTX sha;
SHAInit(&sha); SHAInit(&sha);
SHAUpdate(&sha, (unsigned char *)x, 8); SHAUpdate(&sha, (unsigned char *)results, 8);
SHAFinal(&sha); SHAFinal(&sha);
results[0] = sha.buffer[0] ^ sha.buffer[2] ^ sha.buffer[4];
results[1] = sha.buffer[1] ^ sha.buffer[3]; results->words[0] = sha.buffer[0] ^ sha.buffer[2] ^ sha.buffer[4];
results->words[1] = sha.buffer[1] ^ sha.buffer[3];
}; };
break; break;
#endif /* 0 */ #endif /* 0 */
@@ -43,10 +45,11 @@ VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm)
UINT4 mdx_tmp[4]; UINT4 mdx_tmp[4];
opiemd4init(&mdx); opiemd4init(&mdx);
opiemd4update(&mdx, (unsigned char *)x, 8); opiemd4update(&mdx, (unsigned char *)results, 8);
opiemd4final((unsigned char *)mdx_tmp, &mdx); opiemd4final((unsigned char *)mdx_tmp, &mdx);
results[0] = mdx_tmp[0] ^ mdx_tmp[2];
results[1] = mdx_tmp[1] ^ mdx_tmp[3]; results->words[0] = mdx_tmp[0] ^ mdx_tmp[2];
results->words[1] = mdx_tmp[1] ^ mdx_tmp[3];
}; };
break; break;
case 5: case 5:
@@ -55,10 +58,11 @@ VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm)
UINT4 mdx_tmp[4]; UINT4 mdx_tmp[4];
opiemd5init(&mdx); opiemd5init(&mdx);
opiemd5update(&mdx, (unsigned char *)x, 8); opiemd5update(&mdx, (unsigned char *)results, 8);
opiemd5final((unsigned char *)mdx_tmp, &mdx); opiemd5final((unsigned char *)mdx_tmp, &mdx);
results[0] = mdx_tmp[0] ^ mdx_tmp[2];
results[1] = mdx_tmp[1] ^ mdx_tmp[3]; results->words[0] = mdx_tmp[0] ^ mdx_tmp[2];
results->words[1] = mdx_tmp[1] ^ mdx_tmp[3];
}; };
break; break;
} }
+28 -16
View File
@@ -1,51 +1,63 @@
/* hashlen.c: The opiehashlen() library function. /* hashlen.c: The opiehashlen() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey, isolate variables.
Created by cmetz for OPIE 2.3. Created by cmetz for OPIE 2.3.
*/ */
#include "opie_cfg.h" #include "opie_cfg.h"
#include "opie.h" #include "opie.h"
VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND VOIDPTR in AND VOIDPTR out AND int n) VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND
VOIDPTR in AND struct opie_otpkey *results AND int n)
{ {
UINT4 *results = (UINT4 *)out;
struct opiemdx_ctx mdx;
UINT4 mdx_tmp[4];
#if 0
SHA_INFO sha;
#endif /* 0 */
switch(algorithm) { switch(algorithm) {
#if 0 #if 0
case 3: case 3:
{
SHA_INFO sha;
sha_init(&sha); sha_init(&sha);
sha_update(&sha, (BYTE *)in, n); sha_update(&sha, (BYTE *)in, n);
sha_final(&sha); sha_final(&sha);
results[0] = sha.digest[0] ^ sha.digest[2] ^ sha.digest[4];
results[1] = sha.digest[1] ^ sha.digest[3] ^ sha.digest[5]; results->words[0] = sha.digest[0] ^ sha.digest[2] ^ sha.digest[4];
results->words[1] = sha.digest[1] ^ sha.digest[3] ^ sha.digest[5];
};
break; break;
#endif /* 0 */ #endif /* 0 */
case 4: case 4:
{
struct opiemdx_ctx mdx;
UINT4 mdx_tmp[4];
opiemd4init(&mdx); opiemd4init(&mdx);
opiemd4update(&mdx, (unsigned char *)in, n); opiemd4update(&mdx, (unsigned char *)in, n);
opiemd4final((unsigned char *)mdx_tmp, &mdx); opiemd4final((unsigned char *)mdx_tmp, &mdx);
results[0] = mdx_tmp[0] ^ mdx_tmp[2];
results[1] = mdx_tmp[1] ^ mdx_tmp[3]; results->words[0] = mdx_tmp[0] ^ mdx_tmp[2];
results->words[1] = mdx_tmp[1] ^ mdx_tmp[3];
}
break; break;
case 5: case 5:
{
struct opiemdx_ctx mdx;
UINT4 mdx_tmp[4];
opiemd5init(&mdx); opiemd5init(&mdx);
opiemd5update(&mdx, (unsigned char *)in, n); opiemd5update(&mdx, (unsigned char *)in, n);
opiemd5final((unsigned char *)mdx_tmp, &mdx); opiemd5final((unsigned char *)mdx_tmp, &mdx);
results[0] = mdx_tmp[0] ^ mdx_tmp[2];
results[1] = mdx_tmp[1] ^ mdx_tmp[3]; results->words[0] = mdx_tmp[0] ^ mdx_tmp[2];
results->words[1] = mdx_tmp[1] ^ mdx_tmp[3];
}
break; break;
} }
} }
+17 -11
View File
@@ -1,7 +1,7 @@
/* insecure.c: The opieinsecure() library function. /* insecure.c: The opieinsecure() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -14,6 +14,8 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Do utmp checks on utmpx systems.
Handle unterminated ut_host.
Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent(). Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent().
Modified by cmetz for OPIE 2.3. Added result caching. Use Modified by cmetz for OPIE 2.3. Added result caching. Use
__opiegetutmpentry(). Ifdef around ut_host check. Eliminate __opiegetutmpentry(). Ifdef around ut_host check. Eliminate
@@ -56,9 +58,9 @@ int opieinsecure FUNCTION_NOARGS
char *s; char *s;
char *term_name; char *term_name;
int insecure = 0; int insecure = 0;
#if HAVE_UT_HOST #if HAVE_UT_HOST || DOUTMPX
struct utmp utmp; struct utmp utmp;
#endif /* HAVE_UT_HOST */ #endif /* HAVE_UT_HOST || DOUTMPX */
static int result = -1; static int result = -1;
if (result != -1) if (result != -1)
@@ -117,30 +119,34 @@ int opieinsecure FUNCTION_NOARGS
return (result = 1); return (result = 1);
}; };
#if HAVE_UT_HOST #if HAVE_UT_HOST || DOUTMPX
if (isatty(0)) { if (isatty(0)) {
memset(&utmp, 0, sizeof(struct utmp)); memset(&utmp, 0, sizeof(struct utmp));
{ {
int i = __opiegetutmpentry(ttyname(0), &utmp); int i = __opiegetutmpentry(ttyname(0), &utmp);
endutent(); endutent();
if (!i && utmp.ut_host[0]) { if (!i && utmp.ut_host[0]) {
char host[sizeof(utmp.ut_host) + 1];
insecure = 1; insecure = 1;
if (s = strchr(utmp.ut_host, ':')) { strncpy(host, utmp.ut_host, sizeof(utmp.ut_host));
int n = s - utmp.ut_host; host[sizeof(utmp.ut_host)] = 0;
if (s = strchr(host, ':')) {
int n = s - host;
if (!n) if (!n)
insecure = 0; insecure = 0;
else else
if (display_name) { if (display_name) {
if (!strncmp(utmp.ut_host, display_name, n)) if (!strncmp(host, display_name, n))
insecure = 0; insecure = 0;
#ifdef SOLARIS #if 1 /* def SOLARIS */
else else
if (s = strchr(utmp.ut_host, ' ')) { if (s = strchr(host, ' ')) {
*s = ':'; *s = ':';
if (s = strchr(s + 1, ' ')) if (s = strchr(s + 1, ' '))
*s = '.'; *s = '.';
if (!strncmp(utmp.ut_host, display_name, n)) if (!strncmp(host, display_name, n))
insecure = 0; insecure = 0;
} }
#endif /* SOLARIS */ #endif /* SOLARIS */
@@ -149,7 +155,7 @@ int opieinsecure FUNCTION_NOARGS
} }
}; };
}; };
#endif /* HAVE_UT_HOST */ #endif /* HAVE_UT_HOST || DOUTMPX */
if (insecure) if (insecure)
return (result = 1); return (result = 1);
+5 -3
View File
@@ -1,13 +1,14 @@
/* keycrunch.c: The opiekeycrunch() library function. /* keycrunch.c: The opiekeycrunch() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for arg.
Created by cmetz for OPIE 2.3 using the old keycrunch.c as a guide. Created by cmetz for OPIE 2.3 using the old keycrunch.c as a guide.
*/ */
@@ -23,7 +24,8 @@ you didn't get a copy, you may request one from <license@inner.net>.
#include "opie.h" #include "opie.h"
int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND char *result AND char *seed AND char *secret) int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND
struct opie_otpkey *result AND char *seed AND char *secret)
{ {
int i, rval = -1; int i, rval = -1;
char *c; char *c;
+5 -2
View File
@@ -1,7 +1,7 @@
/* lock.c: The opielock() library function. /* lock.c: The opielock() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Use snprintf.
Modified by cmetz for OPIE 2.31. Put locks in a separate dir. Modified by cmetz for OPIE 2.31. Put locks in a separate dir.
Bug fixes. Bug fixes.
Modified by cmetz for OPIE 2.3. Do refcounts whether or not we Modified by cmetz for OPIE 2.3. Do refcounts whether or not we
@@ -194,7 +195,9 @@ int opielock FUNCTION((principal), char *principal)
if (!S_ISREG(statbuf[0].st_mode) || (statbuf[0].st_mode != statbuf[1].st_mode) || (statbuf[0].st_ino != statbuf[1].st_ino)) if (!S_ISREG(statbuf[0].st_mode) || (statbuf[0].st_mode != statbuf[1].st_mode) || (statbuf[0].st_ino != statbuf[1].st_ino))
goto lockret; goto lockret;
sprintf(buffer, "%d\n%d\n", getpid(), time(0)); if (snprintf(buffer, sizeof(buffer), "%d\n%d\n", getpid(), time(0)) >= sizeof(buffer))
goto lockret;
i = strlen(buffer) + 1; i = strlen(buffer) + 1;
if (lseek(fh, 0, SEEK_SET)) { if (lseek(fh, 0, SEEK_SET)) {
close(fh); close(fh);
+18 -7
View File
@@ -1,13 +1,15 @@
/* login.c: The opielogin() library function. /* login.c: The opielogin() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Add support for ut_id and
ut_syslen. Don't zero-terminate ut_name and ut_host.
Modified by cmetz for OPIE 2.31. If the OS won't tell us where Modified by cmetz for OPIE 2.31. If the OS won't tell us where
_PATH_WTMP[X] is, try playing the SVID game, then use _PATH_WTMP[X] is, try playing the SVID game, then use
Autoconf-discovered values. Fixed gettimeofday() call Autoconf-discovered values. Fixed gettimeofday() call
@@ -38,12 +40,15 @@ you didn't get a copy, you may request one from <license@inner.net>.
#endif /* DEBUG */ #endif /* DEBUG */
#include "opie.h" #include "opie.h"
#define IDLEN 4
int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *host) int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *host)
{ {
struct utmp u;
int rval = 0; int rval = 0;
#if !DISABLE_UTMP #if !DISABLE_UTMP
struct utmp u;
char id[IDLEN + 1] = "";
if (__opiegetutmpentry(line, &u)) { if (__opiegetutmpentry(line, &u)) {
#if DEBUG #if DEBUG
syslog(LOG_DEBUG, "opielogin: __opiegetutmpentry(line=%s, &u) failed", line); syslog(LOG_DEBUG, "opielogin: __opiegetutmpentry(line=%s, &u) failed", line);
@@ -58,6 +63,11 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h
#endif /* DEBUG */ #endif /* DEBUG */
} }
#if DOUTMPX || HAVE_UT_ID
strncpy(id, u.ut_id, sizeof(u.ut_id));
id[sizeof(id)-1] = 0;
#endif /* DOUTMPX || HAVE_UT_ID */
#if HAVE_UT_TYPE && defined(USER_PROCESS) #if HAVE_UT_TYPE && defined(USER_PROCESS)
u.ut_type = USER_PROCESS; u.ut_type = USER_PROCESS;
#endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */ #endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */
@@ -67,15 +77,16 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h
#if HAVE_UT_NAME #if HAVE_UT_NAME
strncpy(u.ut_name, name, sizeof(u.ut_name)); strncpy(u.ut_name, name, sizeof(u.ut_name));
u.ut_name[sizeof(u.ut_name)-1] = 0;
#else /* HAVE_UT_NAME */ #else /* HAVE_UT_NAME */
#error No ut_name field in struct utmp? (Please send in a bug report) #error No ut_name field in struct utmp? (Please send in a bug report)
#endif /* HAVE_UT_NAME */ #endif /* HAVE_UT_NAME */
#if HAVE_UT_HOST #if HAVE_UT_HOST
strncpy(u.ut_host, host, sizeof(u.ut_host)); strncpy(u.ut_host, host, sizeof(u.ut_host));
u.ut_host[sizeof(u.ut_host)-1] = 0;
#endif /* HAVE_UT_HOST */ #endif /* HAVE_UT_HOST */
#if DOUTMPX && HAVE_UTX_SYSLEN
u.ut_syslen = strlen(host) + 1;
#endif /* DOUTMPX && HAVE_UT_SYSLEN */
#if DOUTMPX #if DOUTMPX
#ifdef HAVE_ONE_ARG_GETTIMEOFDAY #ifdef HAVE_ONE_ARG_GETTIMEOFDAY
@@ -96,7 +107,7 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h
#endif /* !DISABLE_UTMP */ #endif /* !DISABLE_UTMP */
dowtmp: dowtmp:
opielogwtmp(line, name, host); opielogwtmp(line, name, host, id);
opielogwtmp(NULL, NULL, NULL); opielogwtmp(NULL, NULL, NULL);
dosetlogin: dosetlogin:
+23 -2
View File
@@ -1,7 +1,7 @@
/* logwtmp.c: Put an entry in the wtmp file. /* logwtmp.c: Put an entry in the wtmp file.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -14,6 +14,8 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Set process to dead if name is null.
Added support for ut_id and ut_syslen.
Modified by cmetz for OPIE 2.32. Don't leave line=NULL, skip Modified by cmetz for OPIE 2.32. Don't leave line=NULL, skip
past /dev/ in line. Fill in ut_host on systems with UTMPX and past /dev/ in line. Fill in ut_host on systems with UTMPX and
ut_host. ut_host.
@@ -110,7 +112,7 @@ static int fdx = -1;
* after first call, for use with ftp (which may chroot * after first call, for use with ftp (which may chroot
* after login, but before logout). * after login, but before logout).
*/ */
VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host) VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host AND char *id)
{ {
#if !DISABLE_WTMP #if !DISABLE_WTMP
struct utmp ut; struct utmp ut;
@@ -136,8 +138,15 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c
return; return;
if (fstat(fd, &buf) == 0) { if (fstat(fd, &buf) == 0) {
#if HAVE_UT_TYPE && defined(USER_PROCESS) #if HAVE_UT_TYPE && defined(USER_PROCESS)
if (name && *name)
ut.ut_type = USER_PROCESS; ut.ut_type = USER_PROCESS;
else
ut.ut_type = DEAD_PROCESS;
#endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */ #endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */
#if HAVE_UT_ID
if (id)
strncpy(ut.ut_id, id, sizeof(ut.ut_id));
#endif /* HAVE_UT_ID */
#if HAVE_UT_PID #if HAVE_UT_PID
ut.ut_pid = getpid(); ut.ut_pid = getpid();
#endif /* HAVE_UT_PID */ #endif /* HAVE_UT_PID */
@@ -161,6 +170,18 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c
strncpy(utx.ut_line, line, sizeof(utx.ut_line)); strncpy(utx.ut_line, line, sizeof(utx.ut_line));
strncpy(utx.ut_name, name, sizeof(utx.ut_name)); strncpy(utx.ut_name, name, sizeof(utx.ut_name));
strncpy(utx.ut_host, host, sizeof(utx.ut_host)); strncpy(utx.ut_host, host, sizeof(utx.ut_host));
#ifdef USER_PROCESS
if (name && *name)
utx.ut_type = USER_PROCESS;
else
utx.ut_type = DEAD_PROCESS;
#endif /* USER_PROCESS */
if (id)
strncpy(utx.ut_id, id, sizeof(utx.ut_id));
utx.ut_pid = getpid();
#if HAVE_UTX_SYSLEN
utx.ut_syslen = strlen(utx.ut_host) + 1;
#endif /* HAVE_UTX_SYSLEN */
#if HAVE_GETTIMEOFDAY #if HAVE_GETTIMEOFDAY
#if HAVE_ONE_ARG_GETTIMEOFDAY #if HAVE_ONE_ARG_GETTIMEOFDAY
gettimeofday(&utx.ut_tv); gettimeofday(&utx.ut_tv);
+2 -2
View File
@@ -1,8 +1,8 @@
/* lookup.c: The opielookup() library function. /* lookup.c: The opielookup() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
+1 -1
View File
@@ -1,7 +1,7 @@
/* md4c.c: "RSA Data Security, Inc. MD4 Message-Digest Algorithm" /* md4c.c: "RSA Data Security, Inc. MD4 Message-Digest Algorithm"
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+1 -1
View File
@@ -2,7 +2,7 @@
"derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm"
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+21 -38
View File
@@ -1,13 +1,15 @@
/* newseed.c: The opienewseed() library function. /* newseed.c: The opienewseed() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Greatly simplified increment. Now does
not add digits. Reformatted the code.
Modified by cmetz for OPIE 2.32. Added syslog.h if DEBUG. Modified by cmetz for OPIE 2.32. Added syslog.h if DEBUG.
Modified by cmetz for OPIE 2.31. Added time.h. Modified by cmetz for OPIE 2.31. Added time.h.
Created by cmetz for OPIE 2.22. Created by cmetz for OPIE 2.22.
@@ -39,50 +41,29 @@ int opienewseed FUNCTION((seed), char *seed)
return -1; return -1;
if (seed[0]) { if (seed[0]) {
int i; char *c, *end;
unsigned int i, max;
if ((i = strlen(seed)) >= OPIE_SEED_MIN) { if ((i = strlen(seed)) > OPIE_SEED_MAX)
long j;
char *c;
if (i > OPIE_SEED_MAX)
i = OPIE_SEED_MAX; i = OPIE_SEED_MAX;
c = seed + i - 1; for (c = end = seed + i - 1, max = 1;
(c > seed) && isdigit(*c); c--)
max *= 10;
while(c != seed) { if ((i = strtoul(++c, (char **)0, 10)) < max) {
if (!isdigit(*c)) if (++i >= max)
break; i = 1;
c--;
}
c++; snprintf(c, end - c, "%d", i);
seed[OPIE_SEED_MAX] = 0;
if (j = strtol(c, (char **)0, 10)) {
char buf[OPIE_SEED_MAX];
*c = 0;
strcpy(buf, seed);
if (errno == ERANGE) {
j = 1;
} else {
int k = 1, l = OPIE_SEED_MAX - strlen(buf);
while(l--) k *= 10;
if (++j >= k)
j = 1;
}
sprintf(seed, "%s%04d", buf, j);
return 0; return 0;
} }
} }
}
{
{ {
time_t now; time_t now;
time(&now); time(&now);
srand(now); srand(now);
} }
@@ -92,16 +73,18 @@ int opienewseed FUNCTION((seed), char *seed)
if (uname(&utsname) < 0) { if (uname(&utsname) < 0) {
#if DEBUG #if DEBUG
syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno), errno); syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno),
errno);
#endif /* DEBUG */ #endif /* DEBUG */
utsname.nodename[0] = 'k'; utsname.nodename[0] = 'k';
utsname.nodename[1] = 'e'; utsname.nodename[1] = 'e';
} }
utsname.nodename[2] = 0; utsname.nodename[2] = 0;
sprintf(seed, "%s%04d", utsname.nodename, (rand() % 9999) + 1); if (snprintf(seed, OPIE_SEED_MAX+1, "%s%04d", utsname.nodename,
(rand() % 9999) + 1) >= OPIE_SEED_MAX+1)
return -1;
return 0; return 0;
} }
} }
}
+20 -4
View File
@@ -1,13 +1,15 @@
/* open.c: The __opieopen() library function. /* open.c: The __opieopen() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. More portable way to get the mode
string for fopen.
Created by cmetz for OPIE 2.3. Created by cmetz for OPIE 2.3.
*/ */
#include "opie_cfg.h" #include "opie_cfg.h"
@@ -51,9 +53,23 @@ FILE *__opieopen FUNCTION((file, rw, mode), char *file AND int rw AND int mode)
return NULL; return NULL;
{ {
char *fmodes[] = { "r", "r+", "a" }; char *fmode;
if (!(f = fopen(file, fmodes[rw]))) switch(rw) {
case 0:
fmode = "r";
break;
case 1:
fmode = "r+";
break;
case 2:
fmode = "a";
break;
default:
return NULL;
};
if (!(f = fopen(file, fmode)))
return NULL; return NULL;
} }
+5 -3
View File
@@ -1,13 +1,15 @@
/* parsechallenge.c: The __opieparsechallenge() library function. /* parsechallenge.c: The __opieparsechallenge() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Use OPIE_SEQUENCE_MAX, check for
sequence number of zero.
Modified by cmetz for OPIE 2.32. Check for extended response sets. Modified by cmetz for OPIE 2.32. Check for extended response sets.
Change prefix to double underscore. Change prefix to double underscore.
Created by cmetz for OPIE 2.3 using generator.c as a guide. Created by cmetz for OPIE 2.3 using generator.c as a guide.
@@ -48,7 +50,7 @@ int __opieparsechallenge FUNCTION((buffer, algorithm, sequence, seed, exts), cha
*algorithm = a->num; *algorithm = a->num;
} }
if ((*sequence = strtoul(++c, &c, 10)) > 9999) if (((*sequence = strtoul(++c, &c, 10)) > OPIE_SEQUENCE_MAX) || !*sequence)
return -1; return -1;
while(*c && isspace(*c)) c++; while(*c && isspace(*c)) c++;
+1 -1
View File
@@ -1,7 +1,7 @@
/* passcheck.c: The opiepasscheck() library function. /* passcheck.c: The opiepasscheck() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+8 -8
View File
@@ -1,8 +1,8 @@
/* passwd.c: The opiepasswd() library function. /* passwd.c: The opiepasswd() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
@@ -46,19 +46,19 @@ int opiepasswd FUNCTION((old, flags, principal, n, seed, ks), struct opie *old A
opie.opie_seed = seed; opie.opie_seed = seed;
if (ks) { if (ks) {
char key[8]; struct opie_otpkey key;
if (flags & OPIEPASSWD_CONSOLE) { if (flags & OPIEPASSWD_CONSOLE) {
if (opiekeycrunch(MDX, key, seed, ks)) if (opiekeycrunch(MDX, &key, seed, ks))
return -1; return -1;
for (i = n; i; i--) for (i = n; i; i--)
opiehash(key, MDX); opiehash(&key, MDX);
if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key))) if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key)))
return -1; return -1;
} else { } else {
if ((opieetob(key, ks) != 1) && !opieatob8(key, ks)) if ((opieetob(&key, ks) != 1) && !opieatob8(&key, ks))
return 1; return 1;
if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key))) if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key)))
return 1; return 1;
} }
} }
+4 -2
View File
@@ -1,7 +1,7 @@
/* randomchallenge.c: The opierandomchallenge() library function. /* randomchallenge.c: The opierandomchallenge() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Use snprintf().
Modified by cmetz for OPIE 2.32. Initialize algids[] with 0s Modified by cmetz for OPIE 2.32. Initialize algids[] with 0s
instead of NULL. instead of NULL.
Modified by cmetz for OPIE 2.3. Add sha support. Modified by cmetz for OPIE 2.3. Add sha support.
@@ -41,5 +42,6 @@ VOIDRET opierandomchallenge FUNCTION((prompt), char *prompt)
if (opienewseed(buf)) if (opienewseed(buf))
strcpy(buf, "ke4452"); strcpy(buf, "ke4452");
sprintf(prompt, "otp-%s %d %s ext", algids[MDX], (rand() % 499) + 1, buf); snprintf(prompt, OPIE_CHALLENGE_MAX+1, "otp-%s %d %s ext", algids[MDX],
(rand() % 499) + 1, buf);
} }
+1 -1
View File
@@ -1,7 +1,7 @@
/* readpass.c: The opiereadpass() library function. /* readpass.c: The opiereadpass() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+16 -3
View File
@@ -1,13 +1,15 @@
/* readrec.c: The __opiereadrec() library function. /* readrec.c: The __opiereadrec() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and
response values are valid.
Modified by cmetz for OPIE 2.31. Removed active attack protection Modified by cmetz for OPIE 2.31. Removed active attack protection
support. Fixed a debug message typo. Keep going after bogus support. Fixed a debug message typo. Keep going after bogus
records. Set read flag. records. Set read flag.
@@ -57,7 +59,7 @@ static int parserec FUNCTION((opie), struct opie *opie)
opie->opie_n = strtoul(c, &c3, 10); opie->opie_n = strtoul(c, &c3, 10);
if (*c3) if (*c3 || (opie->opie_n <= 0) || (opie->opie_n > 9999))
return -1; return -1;
}; };
@@ -66,6 +68,10 @@ static int parserec FUNCTION((opie), struct opie *opie)
*(c2++) = 0; *(c2++) = 0;
for (c = opie->opie_seed; *c; c++)
if (!isalnum(*c))
return -1;
while(*c2 == ' ') c2++; while(*c2 == ' ') c2++;
if (!(c2 = strchr(opie->opie_val = c2, ' '))) if (!(c2 = strchr(opie->opie_val = c2, ' ')))
@@ -73,6 +79,13 @@ static int parserec FUNCTION((opie), struct opie *opie)
*(c2++) = 0; *(c2++) = 0;
{
struct opie_otpkey otpkey;
if (!opieatob8(&otpkey, opie->opie_val))
return -1;
}
return 0; return 0;
} }
+1 -1
View File
@@ -1,7 +1,7 @@
/* unlock.c: The opieunlock() library function. /* unlock.c: The opieunlock() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+38 -29
View File
@@ -1,13 +1,15 @@
/* verify.c: The opieverify() library function. /* verify.c: The opieverify() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for keys.
Check that seed and sequence number are valid.
Modified by cmetz for OPIE 2.32. Renamed _opieparsechallenge() to Modified by cmetz for OPIE 2.32. Renamed _opieparsechallenge() to
__opieparsechallenge() and handle new argument. Fixed init __opieparsechallenge() and handle new argument. Fixed init
response parsing bug. response parsing bug.
@@ -67,7 +69,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
{ {
int i, rval = -1; int i, rval = -1;
char *c; char *c;
char key[8], fkey[8], lastkey[8]; struct opie_otpkey key, fkey, lastkey;
struct opie nopie; struct opie nopie;
if (!opie || !response) if (!opie || !response)
@@ -80,7 +82,14 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
goto verret; goto verret;
#endif /* DEBUG */ #endif /* DEBUG */
if (!opieatob8(lastkey, opie->opie_val)) if (!opieatob8(&lastkey, opie->opie_val))
goto verret;
for (c = opie->opie_seed; *c; c++)
if (!isalnum(*c))
goto verret;
if (opie->opie_n <= 0)
goto verret; goto verret;
if (c = strchr(response, ':')) { if (c = strchr(response, ':')) {
@@ -97,33 +106,33 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
case RESPONSE_STANDARD: case RESPONSE_STANDARD:
i = 1; i = 1;
if (opieetob(key, response) == 1) { if (opieetob(&key, response) == 1) {
memcpy(fkey, key, sizeof(key)); memcpy(&fkey, &key, sizeof(struct opie_otpkey));
opiehash(fkey, MDX); opiehash(&fkey, MDX);
i = memcmp(fkey, lastkey, sizeof(key)); i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
} }
if (i && opieatob8(key, response)) { if (i && opieatob8(&key, response)) {
memcpy(fkey, key, sizeof(key)); memcpy(&fkey, &key, sizeof(struct opie_otpkey));
opiehash(fkey, MDX); opiehash(&fkey, MDX);
i = memcmp(fkey, lastkey, sizeof(key)); i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
} }
break; break;
case RESPONSE_WORD: case RESPONSE_WORD:
i = 1; i = 1;
if (opieetob(key, c) == 1) { if (opieetob(&key, c) == 1) {
memcpy(fkey, key, sizeof(key)); memcpy(&fkey, &key, sizeof(struct opie_otpkey));
opiehash(fkey, MDX); opiehash(&fkey, MDX);
i = memcmp(fkey, lastkey, sizeof(key)); i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
} }
break; break;
case RESPONSE_HEX: case RESPONSE_HEX:
i = 1; i = 1;
if (opieatob8(key, c)) { if (opieatob8(&key, c)) {
memcpy(fkey, key, sizeof(key)); memcpy(&fkey, &key, sizeof(struct opie_otpkey));
opiehash(fkey, MDX); opiehash(&fkey, MDX);
i = memcmp(fkey, lastkey, sizeof(key)); i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
} }
break; break;
case RESPONSE_INIT_HEX: case RESPONSE_INIT_HEX:
@@ -137,17 +146,17 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
*(c2++) = 0; *(c2++) = 0;
if (i == RESPONSE_INIT_HEX) { if (i == RESPONSE_INIT_HEX) {
if (!opieatob8(key, c)) if (!opieatob8(&key, c))
goto verret; goto verret;
} else { } else {
if (opieetob(key, c) != 1) if (opieetob(&key, c) != 1)
goto verret; goto verret;
} }
memcpy(fkey, key, sizeof(key)); memcpy(&fkey, &key, sizeof(struct opie_otpkey));
opiehash(fkey, MDX); opiehash(&fkey, MDX);
if (memcmp(fkey, lastkey, sizeof(key))) if (memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)))
goto verret; goto verret;
if (changed(opie)) if (changed(opie))
@@ -155,7 +164,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
opie->opie_n--; opie->opie_n--;
if (!opiebtoa8(opie->opie_val, key)) if (!opiebtoa8(opie->opie_val, &key))
goto verret; goto verret;
if (__opiewriterec(opie)) if (__opiewriterec(opie))
@@ -174,10 +183,10 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
} }
if (i == RESPONSE_INIT_HEX) { if (i == RESPONSE_INIT_HEX) {
if (!opieatob8(key, c2)) if (!opieatob8(&key, c2))
goto verret; goto verret;
} else { } else {
if (opieetob(key, c2) != 1) if (opieetob(&key, c2) != 1)
goto verret; goto verret;
} }
} }
@@ -201,7 +210,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
opie->opie_n--; opie->opie_n--;
verwrt: verwrt:
if (!opiebtoa8(opie->opie_val, key)) if (!opiebtoa8(opie->opie_val, &key))
goto verret; goto verret;
rval = __opiewriterec(opie); rval = __opiewriterec(opie);
+1 -1
View File
@@ -1,7 +1,7 @@
/* version.c: The opieversion() library function. /* version.c: The opieversion() library function.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+13 -2
View File
@@ -1,13 +1,15 @@
/* writerec.c: The __opiewriterec() library function. /* writerec.c: The __opiewriterec() library function.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Check that seed and sequence number are
valid.
Modified by cmetz for OPIE 2.31. Removed active attack protection Modified by cmetz for OPIE 2.31. Removed active attack protection
support. Fixed passwd bug. support. Fixed passwd bug.
Created by cmetz for OPIE 2.3 from passwd.c. Created by cmetz for OPIE 2.3 from passwd.c.
@@ -30,6 +32,7 @@ you didn't get a copy, you may request one from <license@inner.net>.
#if HAVE_STDLIB_H #if HAVE_STDLIB_H
#include <stdlib.h> #include <stdlib.h>
#endif /* HAVE_STDLIB_H */ #endif /* HAVE_STDLIB_H */
#include <ctype.h>
#include "opie.h" #include "opie.h"
char *__opienone = "****************"; char *__opienone = "****************";
@@ -40,6 +43,7 @@ int __opiewriterec FUNCTION((opie), struct opie *opie)
time_t now; time_t now;
FILE *f, *f2 = NULL; FILE *f, *f2 = NULL;
int i = 0; int i = 0;
char *c;
time(&now); time(&now);
if (strftime(buf2, sizeof(buf2), " %b %d,%Y %T", localtime(&now)) < 1) if (strftime(buf2, sizeof(buf2), " %b %d,%Y %T", localtime(&now)) < 1)
@@ -52,6 +56,13 @@ int __opiewriterec FUNCTION((opie), struct opie *opie)
opie->opie_recstart = opie2.opie_recstart; opie->opie_recstart = opie2.opie_recstart;
} }
for (c = opie->opie_seed; *c; c++)
if (!isalnum(*c))
return -1;
if ((opie->opie_n < 0) || (opie->opie_n > 9999))
return -1;
switch(i) { switch(i) {
case 0: case 0:
if (!(f = __opieopen(KEY_FILE, 1, 0644))) if (!(f = __opieopen(KEY_FILE, 1, 0644)))
+4 -3
View File
@@ -1,7 +1,7 @@
.\" opie.4: Overview of the OPIE software. .\" opie.4: Overview of the OPIE software.
.\" .\"
.\" %%% portions-copyright-cmetz-96 .\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights .\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of .\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software. .\" the software.
.\" You should have received a copy of the license with this software. If .\" You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@
.\" .\"
.\" History: .\" History:
.\" .\"
.\" Modified by cmetz for OPIE 2.4. Spelling fixes.
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. Removed .\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. Removed
.\" references to the old square brackets challenge delimiters. .\" references to the old square brackets challenge delimiters.
.\" Modified at NRL for OPIE 2.01. Updated UNIX trademark credit. .\" Modified at NRL for OPIE 2.01. Updated UNIX trademark credit.
@@ -85,7 +86,7 @@ the calculator given the challenge and the secret password. For example,
.TP .TP
.I seed .I seed
A piece of information that is used in conjunction with the secret password A piece of information that is used in conjunction with the secret password
and sequence numer to compute the response. Its purpose is to allow the same and sequence number to compute the response. Its purpose is to allow the same
secret password to be used for multiple sequences, by changing the seed, or secret password to be used for multiple sequences, by changing the seed, or
for authentication to multiple machines by using different seeds. for authentication to multiple machines by using different seeds.
.TP .TP
@@ -141,7 +142,7 @@ technique was implemented by Haller, Karn, and Walden at Bellcore. They
They created a free software package called "S/Key" that used an algorithm They created a free software package called "S/Key" that used an algorithm
called a cryptographic checksum. A cryptographic checksum is a strong one-way called a cryptographic checksum. A cryptographic checksum is a strong one-way
function such that, knowing the result of such a function, an attacker still function such that, knowing the result of such a function, an attacker still
cannot feasably determine the input. Further, unlike cyclic redundancy cannot feasibly determine the input. Further, unlike cyclic redundancy
checksums (CRCs), cryptographic checksums have few inputs that result in the checksums (CRCs), cryptographic checksums have few inputs that result in the
same output. same output.
.LP .LP
+34 -9
View File
@@ -2,7 +2,7 @@
system that a program might need. system that a program might need.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -15,6 +15,9 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Added sequence number limits. Added
struct opie_otpkey and made many functions use it. Added
opiestrncpy(). Include header with libmissing prototypes.
Modified by cmetz for OPIE 2.32. Added symbolic flag names for Modified by cmetz for OPIE 2.32. Added symbolic flag names for
opiepasswd(). Added __opieparsechallenge() prototype. opiepasswd(). Added __opieparsechallenge() prototype.
Modified by cmetz for OPIE 2.31. Removed active attack protection. Modified by cmetz for OPIE 2.31. Removed active attack protection.
@@ -126,7 +129,7 @@ struct opie {
/* Minimum length of a secret password */ /* Minimum length of a secret password */
#ifndef OPIE_SECRET_MIN #ifndef OPIE_SECRET_MIN
#define OPIE_SECRET_MIN 10 #define OPIE_SECRET_MIN 1
#endif /* OPIE_SECRET_MIN */ #endif /* OPIE_SECRET_MIN */
/* Maximum length of a secret password */ /* Maximum length of a secret password */
@@ -159,6 +162,16 @@ struct opie {
#define OPIE_PRINCIPAL_MAX 32 #define OPIE_PRINCIPAL_MAX 32
#endif /* OPIE_PRINCIPAL_MAX */ #endif /* OPIE_PRINCIPAL_MAX */
/* Maximum sequence number */
#ifndef OPIE_SEQUENCE_MAX
#define OPIE_SEQUENCE_MAX 9999
#endif /* OPIE_SEQUENCE_MAX */
/* Restricted sequence number */
#ifndef OPIE_SEQUENCE_RESTRICT
#define OPIE_SEQUENCE_RESTRICT 9
#endif /* OPIE_SEQUENCE_RESTRICT */
#ifndef __alpha #ifndef __alpha
#define UINT4 unsigned long #define UINT4 unsigned long
#else /* __alpha */ #else /* __alpha */
@@ -171,6 +184,10 @@ struct opiemdx_ctx {
unsigned char buffer[64]; unsigned char buffer[64];
}; };
struct opie_otpkey {
UINT4 words[2];
};
#ifndef SEEK_SET #ifndef SEEK_SET
#define SEEK_SET 0 #define SEEK_SET 0
#endif /* SEEK_SET */ #endif /* SEEK_SET */
@@ -183,18 +200,18 @@ int opieaccessfile __P((char *));
int rdnets __P((long)); int rdnets __P((long));
int isaddr __P((register char *)); int isaddr __P((register char *));
int opiealways __P((char *)); int opiealways __P((char *));
char *opieatob8 __P((char *,char *)); char *opieatob8 __P((struct opie_otpkey *, char *));
VOIDRET opiebackspace __P((char *)); VOIDRET opiebackspace __P((char *));
char *opiebtoa8 __P((char *,char *)); char *opiebtoa8 __P((char *, struct opie_otpkey *));
char *opiebtoe __P((char *,char *)); char *opiebtoe __P((char *, struct opie_otpkey *));
char *opiebtoh __P((char *,char *)); char *opiebtoh __P((char *, struct opie_otpkey *));
int opieetob __P((char *,char *)); int opieetob __P((struct opie_otpkey *, char *));
int opiechallenge __P((struct opie *,char *,char *)); int opiechallenge __P((struct opie *,char *,char *));
int opiegenerator __P((char *,char *,char *)); int opiegenerator __P((char *,char *,char *));
int opiegetsequence __P((struct opie *)); int opiegetsequence __P((struct opie *));
VOIDRET opiehash __P((VOIDPTR, unsigned)); VOIDRET opiehash __P((struct opie_otpkey *, unsigned));
int opiehtoi __P((register char)); int opiehtoi __P((register char));
int opiekeycrunch __P((int, char *, char *, char *)); int opiekeycrunch __P((int, struct opie_otpkey *, char *, char *));
int opielock __P((char *)); int opielock __P((char *));
int opielookup __P((struct opie *,char *)); int opielookup __P((struct opie *,char *));
VOIDRET opiemd4init __P((struct opiemdx_ctx *)); VOIDRET opiemd4init __P((struct opiemdx_ctx *));
@@ -221,6 +238,14 @@ FILE *__opieopen __P((char *, int, int));
int __opiereadrec __P((struct opie *)); int __opiereadrec __P((struct opie *));
int __opiewriterec __P((struct opie *)); int __opiewriterec __P((struct opie *));
int __opieparsechallenge __P((char *buffer, int *algorithm, int *sequence, char **seed, int *exts)); int __opieparsechallenge __P((char *buffer, int *algorithm, int *sequence, char **seed, int *exts));
#define opiestrncpy(dst, src, n) \
do { \
strncpy(dst, src, n-1); \
dst[n-1] = 0; \
} while(0)
/* #include "missing.h" */
#endif /* _OPIE */ #endif /* _OPIE */
#define OPIEPASSWD_CONSOLE 1 #define OPIEPASSWD_CONSOLE 1
+4 -7
View File
@@ -1,7 +1,7 @@
/* opie_cfg.h: Various configuration-type pieces of information for OPIE. /* opie_cfg.h: Various configuration-type pieces of information for OPIE.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Removed NBBY definition.
Modified by cmetz for OPIE 2.32. Include <sys/types.h> before Modified by cmetz for OPIE 2.32. Include <sys/types.h> before
<dirent.h> to make *BSD happy. <dirent.h> to make *BSD happy.
Modified by cmetz for OPIE 2.31. Added 4.4BSD-Lite pathnames.h Modified by cmetz for OPIE 2.31. Added 4.4BSD-Lite pathnames.h
@@ -51,8 +52,8 @@ License Agreement applies to this software.
#ifndef _OPIE_CFG_H #ifndef _OPIE_CFG_H
#define _OPIE_CFG_H 1 #define _OPIE_CFG_H 1
#define VERSION "2.32" #define VERSION "2.4"
#define DATE "Thursday, January 1, 1998" #define DATE "Friday, January 19, 2001"
#ifndef unix #ifndef unix
#define unix 1 #define unix 1
@@ -163,10 +164,6 @@ License Agreement applies to this software.
#define MOTD_FILE "/etc/motd" #define MOTD_FILE "/etc/motd"
#endif #endif
#ifndef NBBY
#define NBBY 8 /* Reasonable for modern systems */
#endif /* NBBY */
#ifndef LOGIN_PATH #ifndef LOGIN_PATH
#define LOGIN_PATH "/usr/ucb:/bin:/usr/bin" #define LOGIN_PATH "/usr/ucb:/bin:/usr/bin"
#endif /* LOGIN_PATH */ #endif /* LOGIN_PATH */
+2 -1
View File
@@ -7,6 +7,7 @@
.\" .\"
.\" History: .\" History:
.\" .\"
.\" Modified by cmetz for OPIE 2.4. Fixed "0PIE" typo.
.\" Written at NRL for OPIE 2.0. .\" Written at NRL for OPIE 2.0.
.\" .\"
.ll 6i .ll 6i
@@ -61,7 +62,7 @@ mask Mask of the network to match
Subnets can be controlled by using the appropriate address and mask. Individual Subnets can be controlled by using the appropriate address and mask. Individual
hosts can be controlled by using the appropriate address and a mask of hosts can be controlled by using the appropriate address and a mask of
255.255.255.255. If no rules are matched, the default is to deny non-0PIE 255.255.255.255. If no rules are matched, the default is to deny non-OPIE
logins. logins.
.SH SEE ALSO .SH SEE ALSO
+386
View File
@@ -0,0 +1,386 @@
/* opieauto.c: The opieauto program.
%%% copyright-cmetz-96
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>.
History:
Created by cmetz for OPIE 2.4 based on previously released
test code. Use opiestrncpy().
*/
#include "opie_cfg.h"
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#if HAVE_SYS_TIME_H
#include <sys/time.h>
#endif /* HAVE_SYS_TIME_H */
#include <stdio.h>
#include <errno.h>
#if HAVE_STRING_H
#include <string.h>
#endif /* HAVE_STRING_H */
#include <getopt.h>
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif /* HAVE_STDLIB_H */
#if HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <sys/stat.h>
#include "opie.h"
#ifndef max
#define max(x, y) (((x) > (y)) ? (x) : (y))
#endif /* max */
int window = 10;
char *myname = NULL;
uid_t myuid = 0;
#define MAXCLIENTS 2
int parents, s[MAXCLIENTS + 1];
char cmd[1+1+1+1+4+1+OPIE_SEED_MAX+1+4+1+4+1+4+1+4+1];
struct cachedotp {
struct cachedotp *next;
int algorithm, base, current;
struct opie_otpkey basekey;
char seed[OPIE_SEED_MAX+1];
};
struct cachedotp *head = NULL;
char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
void baile(x) {
fprintf(stderr, "%s: %s: %s(%d)\n", myname, x, strerror(errno), errno);
exit(1);
}
void bail(x) {
fprintf(stderr, "%s: %s\n", myname, x);
exit(1);
}
void zerocache(void)
{
struct cachedotp *c = head, *c2;
while(c) {
c2 = c->next;
memset(c, 0, sizeof(struct cachedotp));
c = c2;
};
};
int doreq(int fd)
{
int algorithm, sequence, i;
char *seed = NULL, *response = NULL;
if (((cmd[0] != 'S') && (cmd[0] != 's')) || (cmd[1] != '=') || (cmd[2] != ' ')) {
#if DEBUG
fprintf(stderr, "%s: got bogus command: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
{
char *c;
if (((algorithm = strtoul(&cmd[3], &c, 10)) < 3) || (algorithm > 5) || (*c != ' ')) {
#if DEBUG
fprintf(stderr, "%s: got bogus algorithm: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
if (((sequence = strtoul(c + 1, &c, 10)) <= OPIE_SEQUENCE_RESTRICT) || (sequence > OPIE_SEQUENCE_MAX)) {
#if DEBUG
fprintf(stderr, "%s: got bogus sequence: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
if (cmd[0] == 'S') {
if (!(c = strchr(seed = c + 1, ' '))) {
#if DEBUG
fprintf(stderr, "%s: got bogus seed: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
*c = 0;
if (!(c = strchr(response = c + 1, '\n'))) {
#if DEBUG
fprintf(stderr, "%s: got bogus response: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
*c = 0;
} else {
if (!(c = strchr(seed = c + 1, '\n'))) {
#if DEBUG
fprintf(stderr, "%s: got bogus seed: %s\n", myname, cmd);
#endif /* DEBUG */
goto error;
};
*c = 0;
};
};
#if DEBUG
fprintf(stderr, "got cmd=%c, algorithm=%d sequence=%d seed=+%s+ response=+%s+ on fd %d\n", cmd[0], algorithm, sequence, seed, response, fd);
#endif /* DEBUG */
seed = strdup(seed);
if (sequence < 10) {
#if DEBUG
fprintf(stderr, "sequence < 10; can't do it\n");
#endif /* DEBUG */
sprintf(cmd, "%c- %d %d %s\n", cmd[0], algorithm, sequence, seed);
};
{
struct cachedotp **c;
for (c = &head; *c && (strcmp((*c)->seed, seed) || ((*c)->algorithm != algorithm)); c = &((*c)->next));
if (!(*c)) {
if (cmd[0] == 's') {
#if DEBUG
fprintf(stderr, "(seed, algorithm) not found for s command\n");
#endif /* DEBUG */
sprintf(cmd, "s- %d %d %s\n", algorithm, sequence, seed);
goto out;
}
if (!(*c = malloc(sizeof(struct cachedotp))))
baile("malloc");
memset(*c, 0, sizeof(struct cachedotp));
(*c)->algorithm = algorithm;
opiestrncpy((*c)->seed, seed, OPIE_SEED_MAX);
};
if (cmd[0] == 'S') {
(*c)->base = max(sequence - window + 1, OPIE_SEQUENCE_RESTRICT);
(*c)->current = sequence;
if (!opieatob8(&(*c)->basekey, response))
goto error;
sprintf(cmd, "S+ %d %d %s\n", algorithm, sequence, (*c)->seed);
} else {
if (sequence != ((*c)->current - 1)) {
#if DEBUG
fprintf(stderr, "out of sequence: sequence=%d, base=%d, current=%d\n", sequence, (*c)->base, (*c)->current);
#endif /* DEBUG */
sprintf(cmd, "s- %d %d %s\n", algorithm, sequence, (*c)->seed);
goto out;
};
if (sequence < (*c)->base) {
#if DEBUG
fprintf(stderr, "attempt to generate below base: sequence=%d, base=%d, current=%d\n", sequence, (*c)->base, (*c)->current);
#endif /* DEBUG */
sprintf(cmd, "s- %d %d %s\n", algorithm, sequence, (*c)->seed);
goto out;
};
(*c)->current = sequence;
i = sequence - (*c)->base;
{
struct opie_otpkey key;
char buffer[16+1];
key = (*c)->basekey;
while(i--)
opiehash(&key, algorithm);
opiebtoa8(buffer, &key);
sprintf(cmd, "s+ %d %d %s %s\n", algorithm, sequence, (*c)->seed, buffer);
};
};
printf("%c otp-%s %d %s (%d/%d)\n", cmd[0], algids[algorithm], sequence, (*c)->seed, sequence - (*c)->base, window);
fflush(stdout);
if (sequence == (*c)->base) {
struct cachedotp *c2 = *c;
*c = (*c)->next;
memset(c2, 0, sizeof(struct cachedotp));
free(c2);
};
};
out:
write(fd, cmd, i = strlen(cmd));
free(seed);
return 0;
error:
fprintf(stderr, "Invalid command on fd %d\n", fd);
if (seed)
free(seed);
return -1;
}
static void usage()
{
fprintf(stderr, "usage: %s [-v] [-h] [-q] [-n <number of OTPs>]\n", myname);
exit(1);
}
int main(int argc, char **argv)
{
int i;
struct stat st;
char *sockpath;
if (myname = strrchr(argv[0], '/'))
myname++;
else
myname = argv[0];
while((i = getopt(argc, argv, "w:hv")) != EOF) {
switch(i) {
case 'v':
opieversion();
case 'w':
if (!(window = atoi(optarg))) {
fprintf(stderr, "%s: invalid number of OTPs: %s\n", myname, optarg);
exit(1);
};
break;
default:
usage();
}
};
{
uid_t myeuid;
if (!(myuid = getuid()) || !(myeuid = geteuid()) || (myuid != myeuid))
bail("this program must not be run with superuser priveleges or setuid.");
};
if (atexit(zerocache) < 0)
baile("atexit");
{
struct sockaddr_un sun;
memset(&sun, 0, sizeof(struct sockaddr_un));
sun.sun_family = AF_UNIX;
{
char *c;
char *c2 = "/.opieauto";
if (!(c = getenv("HOME")))
bail("getenv(HOME) failed -- no HOME variable?");
if (strlen(c) > (sizeof(sun.sun_path) - strlen(c2) - 1))
bail("your HOME is too long");
strcpy(sun.sun_path, c);
strcat(sun.sun_path, c2);
sockpath = strdup(sun.sun_path);
};
if ((parents = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
baile("socket");
if (unlink(sockpath) && (errno != ENOENT))
baile("unlink");
if (umask(0177) < 0)
baile("umask");
if (bind(parents, (struct sockaddr *)&sun, sizeof(struct sockaddr_un)))
baile("bind");
if (stat(sockpath, &st) < 0)
baile("stat");
if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600))
bail("socket permissions and/or ownership were not correctly created.");
if (listen(parents, 1) < 0)
baile("listen");
};
{
fd_set fds, rfds, efds;
int maxfd = parents;
int i, j;
FD_ZERO(&fds);
FD_SET(parents, &fds);
while(1) {
memcpy(&rfds, &fds, sizeof(fd_set));
if (select(maxfd + 1, &rfds, NULL, NULL, NULL) < 0)
baile("select");
for (i = 0; s[i]; i++) {
if (!FD_ISSET(s[i], &rfds))
continue;
if (((j = read(s[i], cmd, sizeof(cmd)-1)) <= 0) || ((cmd[j] = 0) || doreq(s[i]))) {
close(s[i]);
FD_CLR(s[i], &fds);
if (s[i] == maxfd)
maxfd--;
for (j = i; s[j]; s[j] = s[j + 1], j++);
FD_SET(parents, &fds);
i--;
continue;
};
};
if (FD_ISSET(parents, &rfds)) {
for (i = 0; s[i]; i++)
if (i > MAXCLIENTS)
bail("this message never printed");
if (stat(sockpath, &st) < 0)
baile("stat");
if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600))
bail("socket permissions and/or ownership has been messed with.");
if ((s[i] = accept(parents, NULL, 0)) < 0)
baile("accept");
FD_SET(s[i], &fds);
if (s[i] > maxfd)
maxfd = s[i];
sprintf(cmd, "C+ %d\n", window);
if (write(s[i], cmd, j = strlen(cmd)) != j)
baile("write");
if (++i == MAXCLIENTS)
FD_CLR(parents, &fds);
}
}
}
}
+14
View File
@@ -1,5 +1,13 @@
.\" opieftpd.8: Manual page describing the FTP daemon. .\" opieftpd.8: Manual page describing the FTP daemon.
.\" .\"
.\" %%% portions-copyright-cmetz-98
.\" Portions of this software are Copyright 1998-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If
.\" you didn't get a copy, you may request one from <license@inner.net>.
.\"
.\"
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
@@ -7,6 +15,7 @@
.\" .\"
.\" History: .\" History:
.\" .\"
.\" Modified by cmetz for OPIE 2.4. Document -u option.
.\" Modified at NRL for OPIE 2.0. .\" Modified at NRL for OPIE 2.0.
.\" Originally from BSD. .\" Originally from BSD.
.\" .\"
@@ -59,6 +68,8 @@ opieftpd \- File Transfer Protocol server that uses OPIE authentication
.I timeout .I timeout
] [\-T ] [\-T
.I maxtimeout .I maxtimeout
] [\-u
.I umask
] ]
.SH DESCRIPTION .SH DESCRIPTION
@@ -90,6 +101,9 @@ the maximum period allowed may be set to
seconds with the seconds with the
.B \-T .B \-T
option. The default limit is 2 hours. option. The default limit is 2 hours.
.B \-u
Set the default umask value to
.I umask.
.SH COMMANDS .SH COMMANDS
The ftp server currently supports the following ftp The ftp server currently supports the following ftp
requests; case is not distinguished: requests; case is not distinguished:
+14 -15
View File
@@ -1,7 +1,7 @@
/* opieftpd.c: Main program for an FTP daemon. /* opieftpd.c: Main program for an FTP daemon.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -14,6 +14,8 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Add id parameter to opielogwtmp. Use
opiestrncpy(). Fix incorrect use of setproctitle().
Modified by cmetz for OPIE 2.32. Remove include of dirent.h here; it's Modified by cmetz for OPIE 2.32. Remove include of dirent.h here; it's
done already (and conditionally) in opie_cfg.h. done already (and conditionally) in opie_cfg.h.
Modified by cmetz for OPIE 2.31. Merged in some 4.4BSD-Lite changes. Modified by cmetz for OPIE 2.31. Merged in some 4.4BSD-Lite changes.
@@ -241,7 +243,7 @@ static int receive_data __P((FILE *, FILE *));
static char *gunique __P((char *)); static char *gunique __P((char *));
static char *sgetsave __P((char *)); static char *sgetsave __P((char *));
int opielogwtmp __P((char *, char *, char *)); int opielogwtmp __P((char *, char *, char *, char *));
int fclose __P((FILE *)); int fclose __P((FILE *));
@@ -508,7 +510,7 @@ static VOIDRET end_login FUNCTION_NOARGS
if (seteuid((uid_t) 0)) if (seteuid((uid_t) 0))
syslog(LOG_ERR, "Can't set euid"); syslog(LOG_ERR, "Can't set euid");
if (logged_in) if (logged_in)
opielogwtmp(ttyline, "", ""); opielogwtmp(ttyline, "", "", "ftp");
pw = NULL; pw = NULL;
logged_in = 0; logged_in = 0;
#if DOANONYMOUS #if DOANONYMOUS
@@ -562,7 +564,7 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
/* open wtmp before chroot */ /* open wtmp before chroot */
sprintf(ttyline, "ftp%d", getpid()); sprintf(ttyline, "ftp%d", getpid());
opielogwtmp(ttyline, pw->pw_name, remotehost); opielogwtmp(ttyline, pw->pw_name, remotehost, "ftp");
logged_in = 1; logged_in = 1;
#if DOANONYMOUS #if DOANONYMOUS
@@ -629,10 +631,9 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
if (guest) { if (guest) {
reply(230, "Guest login ok, access restrictions apply."); reply(230, "Guest login ok, access restrictions apply.");
#if DOTITLE #if DOTITLE
sprintf(proctitle, "%s: anonymous/%.*s", remotehost, setproctitle("%s: anonymous/%.*s", remotehost,
sizeof(proctitle) - sizeof(remotehost) - sizeof(proctitle) - sizeof(remotehost) - sizeof(": anonymous/"),
sizeof(": anonymous/"), passwd); passwd);
setproctitle(proctitle);
#endif /* DOTITLE */ #endif /* DOTITLE */
syslog(LOG_NOTICE, "ANONYMOUS FTP login from %s with ID %s", syslog(LOG_NOTICE, "ANONYMOUS FTP login from %s with ID %s",
remotehost, passwd); remotehost, passwd);
@@ -642,8 +643,7 @@ VOIDRET pass FUNCTION((passwd), char *passwd)
reply(230, "User %s logged in.", pw->pw_name); reply(230, "User %s logged in.", pw->pw_name);
#if DOTITLE #if DOTITLE
sprintf(proctitle, "%s: %s", remotehost, pw->pw_name); setproctitle("%s: %s", remotehost, pw->pw_name);
setproctitle(proctitle);
#endif /* DOTITLE */ #endif /* DOTITLE */
syslog(LOG_INFO, "FTP login from %s with user name %s", remotehost, pw->pw_name); syslog(LOG_INFO, "FTP login from %s with user name %s", remotehost, pw->pw_name);
} }
@@ -1254,12 +1254,11 @@ static VOIDRET dolog FUNCTION((sin), struct sockaddr_in *sin)
time_t t, time(); time_t t, time();
if (hp) if (hp)
strncpy(remotehost, hp->h_name, sizeof(remotehost)); opiestrncpy(remotehost, hp->h_name, sizeof(remotehost));
else else
strncpy(remotehost, inet_ntoa(sin->sin_addr), sizeof(remotehost)); opiestrncpy(remotehost, inet_ntoa(sin->sin_addr), sizeof(remotehost));
#if DOTITLE #if DOTITLE
sprintf(proctitle, "%s: connected", remotehost); setproctitle("%s: connected", remotehost);
setproctitle(proctitle);
#endif /* DOTITLE */ #endif /* DOTITLE */
t = time((time_t *) 0); t = time((time_t *) 0);
@@ -1277,7 +1276,7 @@ VOIDRET dologout FUNCTION((status), int status)
if (logged_in) { if (logged_in) {
if (seteuid((uid_t) 0)) if (seteuid((uid_t) 0))
syslog(LOG_ERR, "Can't set euid"); syslog(LOG_ERR, "Can't set euid");
opielogwtmp(ttyline, "", ""); opielogwtmp(ttyline, "", "", "ftp");
} }
/* beware of flushing buffers after a SIGPIPE */ /* beware of flushing buffers after a SIGPIPE */
_exit(status); _exit(status);
+4 -2
View File
@@ -1,7 +1,7 @@
.\" opiegen.1: Manual page for the opiegen(1) program. .\" opiegen.1: Manual page for the opiegen(1) program.
.\" .\"
.\" %%% portions-copyright-cmetz-96 .\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights .\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of .\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software. .\" the software.
.\" You should have received a copy of the license with this software. If .\" You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@
.\" .\"
.\" History: .\" History:
.\" .\"
.\" Modified by cmetz for OPIE 2.4. Fixed *roff bug.
.\" Created by cmetz for OPIE 2.2 from opiekey.1. .\" Created by cmetz for OPIE 2.2 from opiekey.1.
.\" .\"
.ll 6i .ll 6i
@@ -56,7 +57,8 @@ wintermute$
.BR opiegen(1) .BR opiegen(1)
can lull a user into revealing his/her password when remotely logged in, thus can lull a user into revealing his/her password when remotely logged in, thus
defeating the purpose of OPIE. This is especially a problem with xterm. defeating the purpose of OPIE. This is especially a problem with xterm.
.BR opiegen(1) implements simple checks to reduce the risk of a user making .BR opiegen(1)
implements simple checks to reduce the risk of a user making
this mistake. Better checks are needed. this mistake. Better checks are needed.
.LP .LP
+1 -1
View File
@@ -2,7 +2,7 @@
library routine. library routine.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+1 -1
View File
@@ -1,7 +1,7 @@
.\" opieinfo.1: Manual page for the opieinfo(1) program. .\" opieinfo.1: Manual page for the opieinfo(1) program.
.\" .\"
.\" %%% portions-copyright-cmetz-96 .\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights .\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of .\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software. .\" the software.
.\" You should have received a copy of the license with this software. If .\" You should have received a copy of the license with this software. If
+1 -1
View File
@@ -2,7 +2,7 @@
opieinfo: Print a user's current OPIE sequence number and seed opieinfo: Print a user's current OPIE sequence number and seed
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
+1 -1
View File
@@ -1,7 +1,7 @@
.\" opiekey.1: Manual page for the opiekey(1) program. .\" opiekey.1: Manual page for the opiekey(1) program.
.\" .\"
.\" %%% portions-copyright-cmetz-96 .\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights .\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of .\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software. .\" the software.
.\" You should have received a copy of the license with this software. If .\" You should have received a copy of the license with this software. If
+16 -15
View File
@@ -5,7 +5,7 @@
and outputs a response. and outputs a response.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -18,6 +18,7 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
Modified by cmetz for OPIE 2.31. Renamed "init" and RESPONSE_INIT Modified by cmetz for OPIE 2.31. Renamed "init" and RESPONSE_INIT
to "init-hex" and RESPONSE_INIT_HEX. Removed active attack to "init-hex" and RESPONSE_INIT_HEX. Removed active attack
protection support. protection support.
@@ -132,7 +133,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
int i; int i;
int count = 1; int count = 1;
char secret[OPIE_SECRET_MAX + 1], newsecret[OPIE_SECRET_MAX + 1]; char secret[OPIE_SECRET_MAX + 1], newsecret[OPIE_SECRET_MAX + 1];
char key[8], newkey[8]; struct opie_otpkey key, newkey;
char *seed, newseed[OPIE_SEED_MAX + 1]; char *seed, newseed[OPIE_SEED_MAX + 1];
char response[OPIE_RESPONSE_MAX + 1]; char response[OPIE_RESPONSE_MAX + 1];
char *slash; char *slash;
@@ -263,13 +264,13 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
goto error; goto error;
} }
if (opiekeycrunch(algorithm, newkey, newseed, newsecret)) { if (opiekeycrunch(algorithm, &newkey, newseed, newsecret)) {
fprintf(stderr, "%s: key crunch failed (1)\n", argv[0]); fprintf(stderr, "%s: key crunch failed (1)\n", argv[0]);
goto error; goto error;
} }
for (i = 0; i < 499; i++) for (i = 0; i < 499; i++)
opiehash(newkey, algorithm); opiehash(&newkey, algorithm);
} else } else
#if RETYPE #if RETYPE
getsecret(secret, "", 1); getsecret(secret, "", 1);
@@ -278,13 +279,13 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
#endif /* RETYPE */ #endif /* RETYPE */
/* Crunch seed and secret password into starting key normally */ /* Crunch seed and secret password into starting key normally */
if (opiekeycrunch(algorithm, key, seed, secret)) { if (opiekeycrunch(algorithm, &key, seed, secret)) {
fprintf(stderr, "%s: key crunch failed\n", argv[0]); fprintf(stderr, "%s: key crunch failed\n", argv[0]);
goto error; goto error;
} }
for (i = 0; i <= (keynum - count); i++) for (i = 0; i <= (keynum - count); i++)
opiehash(key, algorithm); opiehash(&key, algorithm);
{ {
char buf[OPIE_SEED_MAX + 48 + 1]; char buf[OPIE_SEED_MAX + 48 + 1];
@@ -297,37 +298,37 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
switch(type) { switch(type) {
case RESPONSE_STANDARD: case RESPONSE_STANDARD:
if (hex) if (hex)
opiebtoh(response, key); opiebtoh(response, &key);
else else
opiebtoe(response, key); opiebtoe(response, &key);
break; break;
case RESPONSE_WORD: case RESPONSE_WORD:
strcpy(response, "word:"); strcpy(response, "word:");
strcat(response, opiebtoe(buf, key)); strcat(response, opiebtoe(buf, &key));
break; break;
case RESPONSE_HEX: case RESPONSE_HEX:
strcpy(response, "hex:"); strcpy(response, "hex:");
strcat(response, opiebtoh(buf, key)); strcat(response, opiebtoh(buf, &key));
break; break;
case RESPONSE_INIT_HEX: case RESPONSE_INIT_HEX:
case RESPONSE_INIT_WORD: case RESPONSE_INIT_WORD:
if (type == RESPONSE_INIT_HEX) { if (type == RESPONSE_INIT_HEX) {
strcpy(response, "init-hex:"); strcpy(response, "init-hex:");
strcat(response, opiebtoh(buf, key)); strcat(response, opiebtoh(buf, &key));
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed); sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
strcat(response, buf); strcat(response, buf);
strcat(response, opiebtoh(buf, newkey)); strcat(response, opiebtoh(buf, &newkey));
} else { } else {
strcpy(response, "init-word:"); strcpy(response, "init-word:");
strcat(response, opiebtoe(buf, key)); strcat(response, opiebtoe(buf, &key));
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed); sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
strcat(response, buf); strcat(response, buf);
strcat(response, opiebtoe(buf, newkey)); strcat(response, opiebtoe(buf, &newkey));
} }
break; break;
} }
puts(response); puts(response);
opiehash(key, algorithm); opiehash(&key, algorithm);
} }
} }
+1 -1
View File
@@ -1,7 +1,7 @@
.\" opielogin.1: Manual page for the opielogin(1) program. .\" opielogin.1: Manual page for the opielogin(1) program.
.\" .\"
.\" %%% portions-copyright-cmetz-96 .\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights .\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of .\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software. .\" the software.
.\" You should have received a copy of the license with this software. If .\" You should have received a copy of the license with this software. If
+59 -41
View File
@@ -1,7 +1,7 @@
/* opielogin.c: The infamous /bin/login /* opielogin.c: The infamous /bin/login
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -14,6 +14,13 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Omit "/dev/" in lastlog entry.
Don't chdir for invalid users. Fixed bug where getloginname()
didn't actually change spaces to underscores. Use struct
opie_key for key blocks. Do the home directory chdir() after
doing the setuid() in case we're on superuser-mapped NFS.
Initialize some variables explicitly. Call opieverify() if
login times out. Use opiestrncpy().
Modified by cmetz for OPIE 2.32. Partially handle environment Modified by cmetz for OPIE 2.32. Partially handle environment
variables on the command line (a better implementation is variables on the command line (a better implementation is
coming soon). Handle failure to issue a challenge more coming soon). Handle failure to issue a challenge more
@@ -157,13 +164,13 @@ License Agreement applies to this software.
static int rflag = 0; static int rflag = 0;
static int usererr = -1; static int usererr = -1;
static int stopmotd; static int stopmotd = 0;
static char rusername[NMAX + 1]; static char rusername[NMAX + 1];
static char name[NMAX + 1] = ""; static char name[NMAX + 1] = "";
static char minusnam[16] = "-"; static char minusnam[16] = "-";
static char *envinit[1]; /* now set by setenv calls */ static char *envinit[1]; /* now set by setenv calls */
static char term[64] = "\0"; /* important to initialise to a NULL string */ static char term[64] = ""; /* important to initialise to a NULL string */
static char host[HMAX + 1] = "\0"; static char host[HMAX + 1] = "";
static struct passwd nouser; static struct passwd nouser;
static struct passwd thisuser; static struct passwd thisuser;
@@ -208,6 +215,9 @@ static void getstr __P((char *, int, char *));
#undef TRUE #undef TRUE
#define TRUE -1 #define TRUE -1
static int need_opieverify = 0;
static struct opie opie;
#ifdef TIOCSWINSZ #ifdef TIOCSWINSZ
/* Windowing variable relating to JWINSIZE/TIOCSWINSZ/TIOCGWINSZ. This is /* Windowing variable relating to JWINSIZE/TIOCSWINSZ/TIOCGWINSZ. This is
available on BSDish systems and at least Solaris 2.x, but portability to available on BSDish systems and at least Solaris 2.x, but portability to
@@ -276,8 +286,7 @@ static int lookupuser FUNCTION_NOARGS
static VOIDRET getloginname FUNCTION_NOARGS static VOIDRET getloginname FUNCTION_NOARGS
{ {
register char *namep; char *namep, d;
char c, d;
int flags; int flags;
static int first = 1; static int first = 1;
@@ -291,7 +300,7 @@ static VOIDRET getloginname FUNCTION_NOARGS
flags = 4; flags = 4;
first--; first--;
} else } else
printf("%s", ttyprompt); printf(ttyprompt);
} else } else
printf("login: "); printf("login: ");
fflush(stdout); fflush(stdout);
@@ -302,8 +311,8 @@ static VOIDRET getloginname FUNCTION_NOARGS
exit(0); exit(0);
} }
for (namep = name; *namep; namep++) { for (namep = name; *namep; namep++) {
if (c == ' ') if (*namep == ' ')
c = '_'; *namep = '_';
} }
} }
} }
@@ -313,6 +322,10 @@ static VOIDRET timedout FUNCTION((i), int i)
/* input variable declared just to keep the compiler quiet */ /* input variable declared just to keep the compiler quiet */
printf("Login timed out after %d seconds\n", timeout); printf("Login timed out after %d seconds\n", timeout);
syslog(LOG_CRIT, "Login timed out after %d seconds!", timeout); syslog(LOG_CRIT, "Login timed out after %d seconds!", timeout);
if (need_opieverify)
opieverify(&opie, NULL);
exit(0); exit(0);
} }
@@ -632,7 +645,6 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
{ {
extern char **environ; extern char **environ;
register char *namep; register char *namep;
struct opie opie;
int invalid, quietlog; int invalid, quietlog;
FILE *nlfd; FILE *nlfd;
@@ -643,7 +655,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
char *p; char *p;
char opieprompt[OPIE_CHALLENGE_MAX + 1]; char opieprompt[OPIE_CHALLENGE_MAX + 1];
int af_pwok; int af_pwok;
int authsok; int authsok = 0;
char *pp; char *pp;
char buf[256]; char buf[256];
int uid; int uid;
@@ -651,7 +663,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
#ifndef DEBUG #ifndef DEBUG
if (geteuid()) { if (geteuid()) {
fprintf(stderr, "This program requires super-user priveleges.\n"); fprintf(stderr, "This program requires super-user privileges.\n");
exit(1); exit(1);
} }
#endif /* DEBUG */ #endif /* DEBUG */
@@ -669,7 +681,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
#ifdef DEBUG #ifdef DEBUG
syslog(LOG_DEBUG, "environment TERM=%s", p); syslog(LOG_DEBUG, "environment TERM=%s", p);
#endif /* DEBUG */ #endif /* DEBUG */
strncpy(term, p, sizeof(term)); opiestrncpy(term, p, sizeof(term));
}; };
memset(&nouser, 0, sizeof(nouser)); memset(&nouser, 0, sizeof(nouser));
@@ -696,13 +708,9 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
#endif #endif
#ifdef DEBUG #ifdef DEBUG
{ syslog(LOG_DEBUG, "my args are: (argc=%d)", i = argc);
int foo; while (--i)
syslog(LOG_DEBUG, "%d: %s", i, argv[i]);
syslog(LOG_DEBUG, "my args are: (argc=%d)", foo = argc);
while (--foo)
syslog(LOG_DEBUG, "%d: %s", foo, argv[foo]);
}
#endif /* DEBUG */ #endif /* DEBUG */
/* Implement our own getopt()-like functionality, but do so in a much more /* Implement our own getopt()-like functionality, but do so in a much more
@@ -742,7 +750,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
if (!doremotelogin(ouroptarg)) if (!doremotelogin(ouroptarg))
rflag = 1; rflag = 1;
strncpy(host, ouroptarg, sizeof(host)); opiestrncpy(host, ouroptarg, sizeof(host));
break; break;
case 'h': case 'h':
@@ -759,7 +767,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
if (!(ouroptarg = argv[ouroptind])) if (!(ouroptarg = argv[ouroptind]))
exit(1); exit(1);
strncpy(host, ouroptarg, sizeof(host)); opiestrncpy(host, ouroptarg, sizeof(host));
} }
break; break;
@@ -776,7 +784,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
if (!(ouroptarg = argv[ouroptind])) if (!(ouroptarg = argv[ouroptind]))
exit(1); exit(1);
strncpy(name, ouroptarg, sizeof(name)); opiestrncpy(name, ouroptarg, sizeof(name));
break; break;
case 'p': case 'p':
pflag = 1; pflag = 1;
@@ -788,8 +796,8 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
if (strchr(argv[ouroptind], '=')) { if (strchr(argv[ouroptind], '=')) {
if (!strncmp(argv[ouroptind], "TERM=", 5)) { if (!strncmp(argv[ouroptind], "TERM=", 5)) {
strncpy(term, &(argv[ouroptind][5]), sizeof(term)); opiestrncpy(term, &(argv[ouroptind][5]), sizeof(term));
term[sizeof(term) - 1] = 0;
#ifdef DEBUG #ifdef DEBUG
syslog(LOG_DEBUG, "passed TERM=%s, ouroptind = %d", term, ouroptind); syslog(LOG_DEBUG, "passed TERM=%s, ouroptind = %d", term, ouroptind);
#endif /* DEBUG */ #endif /* DEBUG */
@@ -801,7 +809,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
continue; continue;
}; };
strncpy(name, argv[ouroptind], sizeof(name)); opiestrncpy(name, argv[ouroptind], sizeof(name));
}; };
#ifdef TIOCNXCL #ifdef TIOCNXCL
@@ -1088,6 +1096,7 @@ completeness, but these are set within appropriate defines for portability. */
/* Attempt a one-time password challenge */ /* Attempt a one-time password challenge */
i = opiechallenge(&opie, name, opieprompt); i = opiechallenge(&opie, name, opieprompt);
need_opieverify = TRUE;
if ((i < 0) || (i > 1)) { if ((i < 0) || (i > 1)) {
syslog(LOG_ERR, "error: opiechallenge() returned %d, errno=%d!\n", i, errno); syslog(LOG_ERR, "error: opiechallenge() returned %d, errno=%d!\n", i, errno);
@@ -1126,7 +1135,7 @@ completeness, but these are set within appropriate defines for portability. */
if (!opiereadpass(buf, sizeof(buf), !(authsok & 2))) if (!opiereadpass(buf, sizeof(buf), !(authsok & 2)))
invalid = TRUE; invalid = TRUE;
#else /* NEW_PROMPTS */ #else /* NEW_PROMPTS */
if (!(authsok & 1) && authsok) if ((authsok & 3) == 1)
printf("(OTP response required)\n"); printf("(OTP response required)\n");
printf("Password:"); printf("Password:");
fflush(stdout); fflush(stdout);
@@ -1150,6 +1159,7 @@ completeness, but these are set within appropriate defines for portability. */
if (authsok & 1) { if (authsok & 1) {
i = opiegetsequence(&opie); i = opiegetsequence(&opie);
opiepassed = !opieverify(&opie, buf); opiepassed = !opieverify(&opie, buf);
need_opieverify = 0;
#ifdef DEBUG #ifdef DEBUG
syslog(LOG_DEBUG, "opiepassed = %d", opiepassed); syslog(LOG_DEBUG, "opiepassed = %d", opiepassed);
@@ -1209,15 +1219,6 @@ completeness, but these are set within appropriate defines for portability. */
} }
if (*thisuser.pw_shell == '\0') if (*thisuser.pw_shell == '\0')
thisuser.pw_shell = "/bin/sh"; thisuser.pw_shell = "/bin/sh";
if ((chdir(thisuser.pw_dir) < 0) && !invalid) {
if (chdir("/") < 0) {
printf("No directory!\n");
invalid = TRUE;
} else {
printf("No directory! %s\n", "Logging in with HOME=/");
strcpy(thisuser.pw_dir, "/");
}
}
/* Remote login invalid must have been because of a restriction of some /* Remote login invalid must have been because of a restriction of some
sort, no extra chances. */ sort, no extra chances. */
if (invalid) { if (invalid) {
@@ -1271,8 +1272,11 @@ completeness, but these are set within appropriate defines for portability. */
lseek(f, (long)thisuser.pw_uid * sizeof(struct lastlog), 0); lseek(f, (long)thisuser.pw_uid * sizeof(struct lastlog), 0);
time(&ll.ll_time); time(&ll.ll_time);
strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); if (!strncmp(tty, "/dev/", 5))
strncpy(ll.ll_host, host, sizeof(ll.ll_host)); opiestrncpy(ll.ll_line, tty + 5, sizeof(ll.ll_line));
else
opiestrncpy(ll.ll_line, tty, sizeof(ll.ll_line));
opiestrncpy(ll.ll_host, host, sizeof(ll.ll_host));
write(f, (char *) &ll, sizeof ll); write(f, (char *) &ll, sizeof ll);
close(f); close(f);
} }
@@ -1312,6 +1316,21 @@ interested in hearing of a more portable approach. rja */
environ = envinit; environ = envinit;
setenv("HOME", thisuser.pw_dir, 1); setenv("HOME", thisuser.pw_dir, 1);
setenv("SHELL", thisuser.pw_shell, 1); setenv("SHELL", thisuser.pw_shell, 1);
if (chdir(thisuser.pw_dir) < 0) {
#if DEBUG
syslog(LOG_DEBUG, "chdir(%s): %s(%d)", thisuser.pw_dir, strerror(errno),
errno);
#endif /* DEBUG */
if (chdir("/") < 0) {
printf("No directory!\n");
invalid = TRUE;
} else {
printf("No directory! %s\n", "Logging in with HOME=/");
strcpy(thisuser.pw_dir, "/");
}
}
if (!term[0]) { if (!term[0]) {
#if HAVE_GETTTYNAM #if HAVE_GETTTYNAM
/* /*
@@ -1328,7 +1347,7 @@ interested in hearing of a more portable approach. rja */
c = tty; c = tty;
if (t = getttynam(c)) if (t = getttynam(c))
strncpy(term, t->ty_type, sizeof(term)); opiestrncpy(term, t->ty_type, sizeof(term));
else else
#endif /* HAVE_GETTTYNAM */ #endif /* HAVE_GETTTYNAM */
strcpy(term, "unknown"); strcpy(term, "unknown");
@@ -1407,8 +1426,7 @@ interested in hearing of a more portable approach. rja */
char buf[128]; char buf[128];
int len; int len;
strncpy(buf, PATH_MAIL, sizeof(buf) - 2); opiestrncpy(buf, PATH_MAIL, sizeof(buf) - 2);
buf[sizeof(buf) - 2] = 0;
len = strlen(buf); len = strlen(buf);
if (*(buf + len - 1) != '/') { if (*(buf + len - 1) != '/') {
+3 -2
View File
@@ -1,7 +1,7 @@
.\" opiepasswd.1: Manual page for the opiepasswd(1) program. .\" opiepasswd.1: Manual page for the opiepasswd(1) program.
.\" .\"
.\" %%% portions-copyright-cmetz-96 .\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights .\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of .\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software. .\" the software.
.\" You should have received a copy of the license with this software. If .\" You should have received a copy of the license with this software. If
@@ -14,6 +14,7 @@
.\" .\"
.\" History: .\" History:
.\" .\"
.\" Modified by cmetz for OPIE 2.4. Fixed spelling bug.
.\" Modified by cmetz for OPIE 2.3. Added -f flag documentation. .\" Modified by cmetz for OPIE 2.3. Added -f flag documentation.
.\" Updated console example. .\" Updated console example.
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. .\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
@@ -35,7 +36,7 @@ system.
[\-v] [\-h] [\-c|\-d] [\-f] [\-v] [\-h] [\-c|\-d] [\-f]
.sp 0 .sp 0
[\-n [\-n
.I inital_sequence_number .I initial_sequence_number
] ]
[\-s [\-s
.I seed .I seed
+14 -12
View File
@@ -1,7 +1,7 @@
/* opiepasswd.c: Add/change an OTP password in the key database. /* opiepasswd.c: Add/change an OTP password in the key database.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -14,6 +14,8 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
Use opiestrncpy().
Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of
hard coding the length. Unlock user on failed lookup. hard coding the length. Unlock user on failed lookup.
Modified by cmetz for OPIE 2.3. Got of some variables and made some Modified by cmetz for OPIE 2.3. Got of some variables and made some
@@ -95,12 +97,13 @@ static VOIDRET finish FUNCTION((name), char *name)
} }
printf("OTP key is %d %s\n", opie.opie_n, opie.opie_seed); printf("OTP key is %d %s\n", opie.opie_n, opie.opie_seed);
{ {
char key[8]; struct opie_otpkey key;
if (!opieatob8(key, opie.opie_val)) {
if (!opieatob8(&key, opie.opie_val)) {
fprintf(stderr, "Error verifying key -- possible database corruption.\n"); fprintf(stderr, "Error verifying key -- possible database corruption.\n");
finish(NULL); finish(NULL);
} }
printf("%s\n", opiebtoe(buf, key)); printf("%s\n", opiebtoe(buf, &key));
} }
} }
@@ -154,8 +157,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
OPIE_SEED_MIN, OPIE_SEED_MAX); OPIE_SEED_MIN, OPIE_SEED_MAX);
finish(NULL); finish(NULL);
} }
strncpy(seed, optarg, sizeof(seed)); opiestrncpy(seed, optarg, sizeof(seed));
seed[sizeof(seed) - 1] = 0;
break; break;
default: default:
usage(argv[0]); usage(argv[0]);
@@ -240,7 +242,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
{ {
char *c; char *c;
if (c = strrchr(tmp, ' ')) if (c = strrchr(tmp, ' '))
strncpy(oseed, c + 1, sizeof(oseed)); opiestrncpy(oseed, c + 1, sizeof(oseed));
else { else {
#if DEBUG #if DEBUG
fprintf(stderr, "opiepasswd: bogus challenge\n"); fprintf(stderr, "opiepasswd: bogus challenge\n");
@@ -276,7 +278,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
{ {
char *c; char *c;
if (c = strrchr(tmp, ' ')) if (c = strrchr(tmp, ' '))
strncpy(nseed, c + 1, sizeof(nseed)); opiestrncpy(nseed, c + 1, sizeof(nseed));
else { else {
#if DEBUG #if DEBUG
fprintf(stderr, "opiepasswd: bogus challenge\n"); fprintf(stderr, "opiepasswd: bogus challenge\n");
@@ -347,18 +349,18 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
finish(NULL); finish(NULL);
} }
{ {
char key[8]; struct opie_otpkey key;
char tbuf[OPIE_RESPONSE_MAX + 1]; char tbuf[OPIE_RESPONSE_MAX + 1];
if (opiekeycrunch(MDX, key, opie.opie_seed, passwd) != 0) { if (opiekeycrunch(MDX, &key, opie.opie_seed, passwd) != 0) {
fprintf(stderr, "%s: key crunch failed. Secret pass phrase unchanged\n", argv[0]); fprintf(stderr, "%s: key crunch failed. Secret pass phrase unchanged\n", argv[0]);
finish(NULL); finish(NULL);
} }
memset(passwd, 0, sizeof(passwd)); memset(passwd, 0, sizeof(passwd));
i = opie.opie_n - 1; i = opie.opie_n - 1;
while (i-- != 0) while (i-- != 0)
opiehash(key, MDX); opiehash(&key, MDX);
opiebtoe(tbuf, key); opiebtoe(tbuf, &key);
if (opieverify(&opie, tbuf)) { if (opieverify(&opie, tbuf)) {
fprintf(stderr, "Sorry.\n"); fprintf(stderr, "Sorry.\n");
finish(NULL); finish(NULL);
+1 -1
View File
@@ -1,7 +1,7 @@
.\" opieserv.1: Manual page for the opieserv(1) program. .\" opieserv.1: Manual page for the opieserv(1) program.
.\" .\"
.\" %%% portions-copyright-cmetz-96 .\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights .\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of .\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software. .\" the software.
.\" You should have received a copy of the license with this software. If .\" You should have received a copy of the license with this software. If
+2 -2
View File
@@ -2,8 +2,8 @@
opieverify() library routines. opieverify() library routines.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
+1 -1
View File
@@ -1,7 +1,7 @@
.\" opiesu.c: Manual page for the opiesu(1) program. .\" opiesu.c: Manual page for the opiesu(1) program.
.\" .\"
.\" %%% portions-copyright-cmetz-96 .\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights .\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of .\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software. .\" the software.
.\" You should have received a copy of the license with this software. If .\" You should have received a copy of the license with this software. If
+15 -5
View File
@@ -1,7 +1,7 @@
/* opiesu.c: main body of code for the su(1m) program /* opiesu.c: main body of code for the su(1m) program
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -14,6 +14,8 @@ License Agreement applies to this software.
History: History:
Modified by cmetz for OPIE 2.4. Check euid on startup. Use
opiestrncpy().
Modified by cmetz for OPIE 2.32. Set up TERM and PATH correctly. Modified by cmetz for OPIE 2.32. Set up TERM and PATH correctly.
Modified by cmetz for OPIE 2.31. Fix sulog(). Replaced Getlogin() with Modified by cmetz for OPIE 2.31. Fix sulog(). Replaced Getlogin() with
currentuser. Fixed fencepost error in month printed by sulog(). currentuser. Fixed fencepost error in month printed by sulog().
@@ -302,6 +304,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
argv++; argv++;
} }
{ {
struct passwd *pwd; struct passwd *pwd;
char *p = getlogin(); char *p = getlogin();
@@ -314,14 +317,12 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
#endif /* HAVE_SULOG */ #endif /* HAVE_SULOG */
exit(1); exit(1);
} }
strncpy(buf, pwd->pw_name, sizeof(buf)-1); opiestrncpy(buf, pwd->pw_name, sizeof(buf));
buf[sizeof(buf)-1] = 0;
if (!p) if (!p)
p = "unknown"; p = "unknown";
strncpy(currentuser, p, 31); opiestrncpy(currentuser, p, 31);
currentuser[31] = 0;
if (p && *p && strcmp(currentuser, buf)) { if (p && *p && strcmp(currentuser, buf)) {
strcat(currentuser, "("); strcat(currentuser, "(");
@@ -338,6 +339,15 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
exit(1); exit(1);
} }
if (geteuid()) {
syslog(LOG_CRIT, "'%s' failed for %s on %s: not running with superuser priveleges", argvbuf, currentuser, ttyname(2));
#if HAVE_SULOG
sulog(0, NULL);
#endif /* HAVE_SULOG */
fprintf(stderr, "You do not have permission to su %s\n", user);
exit(1);
};
/* Implement the BSD "wheel group" su restriction. */ /* Implement the BSD "wheel group" su restriction. */
#if DOWHEEL #if DOWHEEL
/* Only allow those in group zero to su to root? */ /* Only allow those in group zero to su to root? */
+37 -21
View File
@@ -9,13 +9,14 @@
on your system. The converse is not such a safe statement. on your system. The converse is not such a safe statement.
%%% copyright-cmetz-96 %%% copyright-cmetz-96
This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
The Inner Net License Version 2 applies to this software. The Inner Net License Version 3 applies to this software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
you didn't get a copy, you may request one from <license@inner.net>. you didn't get a copy, you may request one from <license@inner.net>.
History: History:
Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
Modified by cmetz for OPIE 2.31. Added a couple of new checks, Modified by cmetz for OPIE 2.31. Added a couple of new checks,
removed a few commented-out checks for functions that removed a few commented-out checks for functions that
no longer exist, added test-skip capability. no longer exist, added test-skip capability.
@@ -34,12 +35,13 @@ char buffer[1024];
int testatob8() int testatob8()
{ {
static char testin[] = "0123456789abcdef"; static char testin[] = "0123456789abcdef";
static unsigned char testout[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
struct opie_otpkey key;
if (!opieatob8(buffer, testin)) if (!opieatob8(&key, testin))
return -1; return -1;
if (memcmp(buffer, testout, sizeof(testout))) if (memcmp(&key, testout, sizeof(testout)))
return -1; return -1;
return 0; return 0;
@@ -47,10 +49,13 @@ int testatob8()
int testbtoa8() int testbtoa8()
{ {
static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static char testout[] = "0123456789abcdef"; static char testout[] = "0123456789abcdef";
struct opie_otpkey testin_aligned;
if (!opiebtoa8(buffer, testin)) memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
if (!opiebtoa8(buffer, &testin_aligned))
return -1; return -1;
if (memcmp(buffer, testout, sizeof(testout))) if (memcmp(buffer, testout, sizeof(testout)))
@@ -61,10 +66,13 @@ int testbtoa8()
int testbtoe() int testbtoe()
{ {
static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static char testout[] = "AIM HEW BLUM FED MITE WARM"; static char testout[] = "AIM HEW BLUM FED MITE WARM";
struct opie_otpkey testin_aligned;
if (!opiebtoe(buffer, testin)) memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
if (!opiebtoe(buffer, &testin_aligned))
return -1; return -1;
if (memcmp(buffer, testout, sizeof(testout))) if (memcmp(buffer, testout, sizeof(testout)))
@@ -76,12 +84,13 @@ int testbtoe()
int testetob() int testetob()
{ {
static char testin[] = "AIM HEW BLUM FED MITE WARM"; static char testin[] = "AIM HEW BLUM FED MITE WARM";
static unsigned char testout[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
struct opie_otpkey key;
if (opieetob(buffer, testin) != 1) if (opieetob(&key, testin) != 1)
return -1; return -1;
if (memcmp(buffer, testout, sizeof(testout))) if (memcmp(&key, testout, sizeof(testout)))
return -1; return -1;
return 0; return 0;
@@ -116,12 +125,15 @@ int testgetsequence()
int testhashmd4() int testhashmd4()
{ {
static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static unsigned char testout[] = { 0x9f, 0x40, 0xfb, 0x84, 0xb, 0xf8, 0x7f, 0x4b }; static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x9f, 0x40, 0xfb, 0x84, 0xb, 0xf8, 0x7f, 0x4b };
struct opie_otpkey testin_aligned;
opiehash(testin, 4); memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
if (memcmp(testin, testout, sizeof(testout))) opiehash(&testin_aligned, 4);
if (memcmp(&testin_aligned, testout, sizeof(struct opie_otpkey)))
return -1; return -1;
return 0; return 0;
@@ -131,10 +143,13 @@ int testhashmd5()
{ {
static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static unsigned char testout[] = { 0x78, 0xdd, 0x1a, 0x37, 0xf8, 0x91, 0x54, 0xe1 }; static unsigned char testout[] = { 0x78, 0xdd, 0x1a, 0x37, 0xf8, 0x91, 0x54, 0xe1 };
struct opie_otpkey testin_aligned;
opiehash(testin, 5); memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
if (memcmp(testin, testout, sizeof(testout))) opiehash(&testin_aligned, 5);
if (memcmp(&testin_aligned, testout, sizeof(struct opie_otpkey)))
return -1; return -1;
return 0; return 0;
@@ -151,12 +166,13 @@ int testkeycrunch()
{ {
static char testin1[] = "ke1234"; static char testin1[] = "ke1234";
static char testin2[] = "this is a test"; static char testin2[] = "this is a test";
static unsigned char testout[] = { 0x2e, 0xd3, 0x5d, 0x74, 0x3e, 0xa9, 0xe9, 0xe8 }; static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x2e, 0xd3, 0x5d, 0x74, 0x3e, 0xa9, 0xe9, 0xe8 };
struct opie_otpkey opie_otpkey;
if (opiekeycrunch(5, buffer, testin1, testin2)) if (opiekeycrunch(5, &opie_otpkey, testin1, testin2))
return -1; return -1;
if (memcmp(buffer, testout, sizeof(testout))) if (memcmp(&opie_otpkey, testout, sizeof(struct opie_otpkey)))
return -1; return -1;
return 0; return 0;
+2 -2
View File
@@ -2,7 +2,7 @@
functionality to set device permissions on login functionality to set device permissions on login
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If
@@ -48,7 +48,7 @@ char **ftpglob __P((char *));
VOIDRET opiefatal FUNCTION((x), char *x) VOIDRET opiefatal FUNCTION((x), char *x)
{ {
fprintf(stderr, "%s", x); fprintf(stderr, x);
exit(1); exit(1);
} }
+1 -1
View File
@@ -1,7 +1,7 @@
/* popen.c: A "safe" pipe open routine. /* popen.c: A "safe" pipe open routine.
%%% portions-copyright-cmetz-96 %%% portions-copyright-cmetz-96
Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
Reserved. The Inner Net License Version 2 applies to these portions of Reserved. The Inner Net License Version 2 applies to these portions of
the software. the software.
You should have received a copy of the license with this software. If You should have received a copy of the license with this software. If