mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-04 15:40:44 +00:00
Put OPIE to rest.
Differential Revision: https://reviews.freebsd.org/D36592
This commit is contained in:
parent
a82308abab
commit
0aa2700123
|
@ -2953,7 +2953,7 @@ _prebuild_libs= ${_kerberos5_lib_libasn1} \
|
|||
lib/ncurses/tinfo \
|
||||
lib/ncurses/ncurses \
|
||||
lib/ncurses/form \
|
||||
lib/libopie lib/libpam/libpam lib/libthr \
|
||||
lib/libpam/libpam lib/libthr \
|
||||
${_lib_libradius} lib/libsbuf lib/libtacplus \
|
||||
lib/libgeom \
|
||||
${_cddl_lib_libumem} ${_cddl_lib_libnvpair} \
|
||||
|
@ -3026,7 +3026,7 @@ _generic_libs+= ${_DIR}
|
|||
.endif
|
||||
.endfor
|
||||
|
||||
lib/libopie__L lib/libtacplus__L: lib/libmd__L
|
||||
lib/libtacplus__L: lib/libmd__L
|
||||
|
||||
.if ${MK_CDDL} != "no"
|
||||
_cddl_lib_libumem= cddl/lib/libumem
|
||||
|
|
|
@ -52,6 +52,36 @@
|
|||
# xargs -n1 | sort | uniq -d;
|
||||
# done
|
||||
|
||||
# 20221001: deorbit opie
|
||||
OLD_FILES+=etc/opieaccess
|
||||
OLD_FILES+=etc/opiekeys
|
||||
OLD_FILES+=usr/bin/opieinfo
|
||||
OLD_FILES+=usr/bin/opiekey
|
||||
OLD_FILES+=usr/bin/opiepasswd
|
||||
OLD_FILES+=usr/bin/otp-md4
|
||||
OLD_FILES+=usr/bin/otp-md5
|
||||
OLD_FILES+=usr/bin/otp-sha1
|
||||
OLD_FILES+=usr/lib/libopie.a
|
||||
OLD_FILES+=usr/lib/libopie.so
|
||||
OLD_LIBS+=usr/lib/libopie.so.8
|
||||
OLD_FILES+=usr/lib/libopie_p.a
|
||||
OLD_FILES+=usr/bin/opieinfo
|
||||
OLD_FILES+=usr/lib/pam_opie.so
|
||||
OLD_LIBS+=usr/lib/pam_opie.so.6
|
||||
OLD_FILES+=usr/lib/pam_opieaccess.so
|
||||
OLD_LIBS+=usr/lib/pam_opieaccess.so.6
|
||||
OLD_FILES+=usr/share/man/man1/opieinfo.1.gz
|
||||
OLD_FILES+=usr/share/man/man1/opiekey.1.gz
|
||||
OLD_FILES+=usr/share/man/man1/opiepasswd.1.gz
|
||||
OLD_FILES+=usr/share/man/man1/otp-md4.1.gz
|
||||
OLD_FILES+=usr/share/man/man1/otp-md5.1.gz
|
||||
OLD_FILES+=usr/share/man/man1/otp-sha1.1.gz
|
||||
OLD_FILES+=usr/share/man/man4/opie.4.gz
|
||||
OLD_FILES+=usr/share/man/man5/opieaccess.5.gz
|
||||
OLD_FILES+=usr/share/man/man5/opiekeys.5.gz
|
||||
OLD_FILES+=usr/share/man/man8/pam_opie.8.gz
|
||||
OLD_FILES+=usr/share/man/man8/pam_opieaccess.8.gz
|
||||
|
||||
# 20220928: telnetd(8) removed
|
||||
OLD_FILES+=etc/pam.d/telnetd
|
||||
OLD_FILES+=usr/libexec/telnetd
|
||||
|
|
|
@ -1,85 +0,0 @@
|
|||
OPIE Software Distribution, Release 2.4 Bug Reporting Form
|
||||
======================================= ==================
|
||||
|
||||
Before submitting a bug report, please check the README file and make
|
||||
sure that your "bug" is not a known problem.
|
||||
|
||||
Please make a copy of this file and then edit it with your favorite
|
||||
text editor (NOT a word processor; the end result needs to be reasonable ASCII
|
||||
text) to include the answers to the following questions:
|
||||
|
||||
1. Your name and electronic mail address, in case we need more information.
|
||||
If you can provide multiple addresses, please do so in case we
|
||||
are unable to reply to the first one.
|
||||
|
||||
2. Your exact operating system vendor, name, and version number. If available,
|
||||
please provide the output of "uname -a" and/or the version of your C
|
||||
runtime library. Please be more specific than "UNIX".
|
||||
|
||||
3. The exact hardware the system was installed upon.
|
||||
|
||||
4. Which compiler and C runtime you used and its version number.
|
||||
For instance, some systems have been known to have the GNU libc
|
||||
installed as well as its native one, or to have a "BSD
|
||||
compatibility" environment.
|
||||
|
||||
5. What version of OPIE you are using (the output of opiepasswd -v) and,
|
||||
if you used the Autoconf install, a copy of the config.h, config.log,
|
||||
and Makefile that Autoconf created.
|
||||
|
||||
6. A clear description of what you did and what bug then appeared.
|
||||
If your system has the script(1) command, please run a session
|
||||
under that to demonstrate the bug. Window-system cut-and-paste
|
||||
also works well. Sometimes, the exact output is critical to
|
||||
finding the bug.
|
||||
|
||||
If you can provide any of the following things, it will greatly assist
|
||||
us in fixing the problem and improve the chances that we'll get back to you:
|
||||
|
||||
7. A diagnosis of what is causing the problem.
|
||||
|
||||
8. A test case that can repeatably demonstrate the problem.
|
||||
|
||||
9. A fix for the problem.
|
||||
|
||||
Bug reports should be sent by Internet electronic mail to
|
||||
<opie-bugs@inner.net>. This mail is run through an automated sorter that helps
|
||||
get the bug report into the hands of someone who can help you. In order to
|
||||
make that program work, we ask that you:
|
||||
|
||||
* Send this is normal RFC822 plain text or MIME text/plain.
|
||||
|
||||
* DO NOT send this or any other file as an "attachment" from
|
||||
your mailer.
|
||||
|
||||
* DO NOT send a copy of your bug report to ANYONE other than
|
||||
<opie-bugs@inner.net>. This includes listing more than one recipient
|
||||
or sending it as a carbon-copy ("Cc:") to someone else.
|
||||
|
||||
* DO NOT send a copy of your bug report directly to the
|
||||
authors or to any mailing lists. This really makes the
|
||||
authors angry, and will be interpreted as a request to not
|
||||
provide you with any help.
|
||||
|
||||
* DO NOT re-send bug reports because you didn't receive a
|
||||
response. We attempt to respond to ALL properly submitted
|
||||
bug reports. If we can't send mail back to you or you
|
||||
didn't bother to follow the directions for submitting a
|
||||
bug report, you won't receive a response.
|
||||
|
||||
While OPIE is NOT a supported program, we generally try to respond
|
||||
to all properly submitted bug reports as soon as we can. If your bug report
|
||||
is properly submitted so our machine sorter can process it, this usually
|
||||
takes one working day. If our machine sorter can't process your bug report,
|
||||
it usually takes a week or two.
|
||||
|
||||
Copyright
|
||||
=========
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
|
@ -1,68 +0,0 @@
|
|||
# @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
|
||||
|
||||
COPYRIGHT NOTICE
|
||||
|
||||
All of the documentation and software included in this software
|
||||
distribution from the US Naval Research Laboratory (NRL) are
|
||||
copyrighted by their respective developers.
|
||||
|
||||
Portions of the software are derived from the Net/2 and 4.4 Berkeley
|
||||
Software Distributions (BSD) of the University of California at
|
||||
Berkeley and those portions are copyright by The Regents of the
|
||||
University of California. All Rights Reserved. The UC Berkeley
|
||||
Copyright and License agreement is binding on those portions of the
|
||||
software. In all cases, the NRL developers have retained the original
|
||||
UC Berkeley copyright and license notices in the respective files in
|
||||
accordance with the UC Berkeley copyrights and license.
|
||||
|
||||
Portions of this software and documentation were developed at NRL by
|
||||
various people. Those developers have each copyrighted the portions
|
||||
that they developed at NRL and have assigned All Rights for those
|
||||
portions to NRL. Outside the USA, NRL has copyright on some of the
|
||||
software developed at NRL. The affected files all contain specific
|
||||
copyright notices and those notices must be retained in any derived
|
||||
work.
|
||||
|
||||
NRL LICENSE
|
||||
|
||||
NRL grants permission for redistribution and use in source and binary
|
||||
forms, with or without modification, of the software and documentation
|
||||
created at NRL provided that the following conditions are met:
|
||||
|
||||
1. All terms of the UC Berkeley copyright and license must be followed.
|
||||
2. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
3. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
4. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgements:
|
||||
|
||||
This product includes software developed by the University of
|
||||
California, Berkeley and its contributors.
|
||||
|
||||
This product includes software developed at the Information
|
||||
Technology Division, US Naval Research Laboratory.
|
||||
|
||||
5. Neither the name of the NRL nor the names of its contributors
|
||||
may be used to endorse or promote products derived from this software
|
||||
without specific prior written permission.
|
||||
|
||||
THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
|
||||
IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
|
||||
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
The views and conclusions contained in the software and documentation
|
||||
are those of the authors and should not be interpreted as representing
|
||||
official policies, either expressed or implied, of the US Naval
|
||||
Research Laboratory (NRL).
|
||||
|
||||
----------------------------------------------------------------------
|
|
@ -1,178 +0,0 @@
|
|||
OPIE Software Distribution, Release 2.4 Installation Instructions
|
||||
======================================= =========================
|
||||
|
||||
Did you read the README file?
|
||||
|
||||
If not, please go do so, then come back here. There is information in
|
||||
the README file that you will probably need to know in order to build and use
|
||||
OPIE, and you are better off doing it before you try to compile and install
|
||||
it.
|
||||
|
||||
OPIE uses Autoconf to automagically figure out as much as possible
|
||||
about your system. There are four steps to installing OPIE. Please read them
|
||||
all first before attempting to do them.
|
||||
|
||||
1. Run the "configure" script.
|
||||
|
||||
Normally, you will need to type:
|
||||
|
||||
sh configure
|
||||
|
||||
If you would like to use an access file to allow users from some hosts
|
||||
to log into your system without using OTPs (thus opening up a big security
|
||||
hole, but a necessary evil for some sites), type:
|
||||
|
||||
sh configure --enable-access-file=/etc/opieaccess
|
||||
|
||||
If you'd like the file to go somewhere else, adjust this appropriately.
|
||||
|
||||
There are a number of configure-time options available for OPIE. You
|
||||
probably don't want to change the defaults. To get a complete listing of the
|
||||
currently available options, type:
|
||||
|
||||
sh configure --help
|
||||
|
||||
Some options that may be of interest are:
|
||||
|
||||
--enable-access-file=FILENAME: Enable the OPIE access file FILENAME
|
||||
The OPIE access file provides a system administrator with the ability
|
||||
to make the use of OTP optional for certain hosts. Note that individual
|
||||
users can create a file named ".opiealways" in their home directory to
|
||||
require that OTP be used to access to their account. Note also that the
|
||||
access file is based on addresses, but many of the clients that use it
|
||||
are only given hostnames. This opens this entire scheme up to DNS
|
||||
spoofing attacks, which is a major security problem. ALWAYS use a
|
||||
package such as tcp_wrappers configured to do paranoid checking on DNS
|
||||
information if you enable this option (it's good practice anyway).
|
||||
|
||||
--enable-server-md4: Use MD4 instead of MD5 for the server
|
||||
The old S/Key package used MD4 instead of MD5. MD4 is believed to be
|
||||
less secure than MD5. Use this option only for compatibility with old
|
||||
key files.
|
||||
|
||||
--disable-user-locking: Disable user locking
|
||||
OPIE only allows one session at a time to attempt to authenticate a
|
||||
principal; this prevents a possible race attack on OTP. This locking
|
||||
mechanism can cause problems in some applications, in which case you
|
||||
might want to disable the locking. This option also provides a work-
|
||||
around if the locking code doesn't work reliably on your system.
|
||||
|
||||
--enable-user-locking[=DIR]: Put user lock files in DIR [/etc/opielocks]
|
||||
The OPIE lock files need to be put in an isolated directory that is
|
||||
only accessable by the super-user and has a parent directory that is
|
||||
only writable by the super-user. If you are trying to use OPIE with
|
||||
the key file shared by NFS, you need to make the lock directory
|
||||
shared too. (But you read the README file, so you knew this)
|
||||
|
||||
--enable-retype: Ask users to re-type their secret pass phrases
|
||||
On the one hand, this helps prevent users from having to go generate
|
||||
an OTP, type it into a remote system, and then found out they
|
||||
mistyped. On the other hand, it's annoying. If this is enabled, users
|
||||
can simply hit return at the second prompt and the generator will skip
|
||||
the retype check, which allows users who don't like the retype check
|
||||
to mostly skip it.
|
||||
|
||||
--enable-su-star-check: Refuse to switch to disabled accounts
|
||||
On many systems, an asterisk means one thing and one thing only: this
|
||||
account is never meant for human users. Therefore, it doesn't make
|
||||
much sense for anyone other than an attacker to try to su to that
|
||||
account. Enabling this check causes su to refuse to switch to
|
||||
accounts with an asterisk in their password field. While probably
|
||||
better for security, this is not compatible with traditional *IX su
|
||||
behavior, so it is disabled by default
|
||||
|
||||
--disable-new-prompts: Use more compatible (but less informative) prompts
|
||||
OPIE uses login prompts that tell you exactly what kind of response
|
||||
(an OTP response and/or a cleartext password) it expects you to give.
|
||||
This can break automatic login scripts that look for 'Password:' as
|
||||
the prompt for the password. If you have users that use such scripts,
|
||||
you might want to disable the more informative responses so as not to
|
||||
break those scripts.
|
||||
|
||||
--enable-insecure-override: Allow users to override insecure checks
|
||||
While OPIE cannot determine whether or not a session is secure, it can
|
||||
check for fairly common signs that it isn't secure. If it believes the
|
||||
session is insecure, some programs like opiekey will refuse to run
|
||||
because they prompt the user to send a secret pass phrase. Sometimes
|
||||
these checks declare a session insecure when it is, and sometimes the
|
||||
user wants to continue anyway even if the session is insecure. If this
|
||||
option is enabled, many commands gain a '-f' option to force them to
|
||||
operate even if OPIE thinks the session is insecure.
|
||||
|
||||
--enable-anonymous-ftp Enable anonymous FTP support
|
||||
By default, the OPIE FTP daemon does not support anonymous FTP
|
||||
service. The FTP daemon contains many security related bug fixes
|
||||
relative to the original source, but bugs probably remain. It was not
|
||||
intended to be used for anonymous FTP, where it is more open to the
|
||||
commands of potentially hostile users. If you enable this option, it
|
||||
will once again support anonymous FTP, but it probably isn't secure
|
||||
when that way.
|
||||
|
||||
--disable-utmp Disable utmp logging
|
||||
--disable-wtmp Disable wtmp logging
|
||||
On some systems, logging to the utmp and/or wtmp files is just a lost
|
||||
cause. If this is the case on your system, you might be better off
|
||||
not having OPIE even try.
|
||||
|
||||
--enable-opieauto Enable support for opieauto
|
||||
opieauto is a facility that caches an intermediate result of the OTP
|
||||
generator so that a user-selected number of OTPs can be generated on
|
||||
demand for each time the user types in the secret pass phrase. This
|
||||
is great for user convenience, as typing a twenty or thirty character
|
||||
secret pass phrase can be annoying. It can also be a minor security
|
||||
hole (see the README for details).
|
||||
|
||||
2. Edit the Makefile
|
||||
|
||||
The Makefile contains some options that you may wish to modify. Also
|
||||
verify that Autoconf chose the correct options for your system.
|
||||
|
||||
The Makefile created by Autoconf should be correct for most users
|
||||
as-is.
|
||||
|
||||
3. Build OPIE
|
||||
|
||||
Normally, you will need to type:
|
||||
|
||||
make
|
||||
|
||||
If you only want to build the client programs, type:
|
||||
|
||||
make client
|
||||
|
||||
If you only want to build the server programs, type:
|
||||
|
||||
make server
|
||||
|
||||
4. Verify that OPIE works on your system and install
|
||||
|
||||
Normall, you will need to type:
|
||||
|
||||
make install
|
||||
|
||||
If you only want to install the client programs, type:
|
||||
|
||||
make client-install
|
||||
|
||||
If you only want to install the server programs, type:
|
||||
|
||||
make server-install
|
||||
|
||||
If you encounter any problems, you may be able to run "make uninstall"
|
||||
to remove the OPIE software from your system and revert back to almost the
|
||||
way things were before.
|
||||
|
||||
Copyright
|
||||
=========
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this document are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
|
@ -1,45 +0,0 @@
|
|||
The Inner Net License, Version 2
|
||||
================================
|
||||
|
||||
The author(s) grant permission for redistribution and use in source and
|
||||
binary forms, with or without modification, of the software and documentation
|
||||
provided that the following conditions are met:
|
||||
|
||||
0. If you receive a version of the software that is specifically labelled
|
||||
as not being for redistribution (check the version message and/or README),
|
||||
you are not permitted to redistribute that version of the software in any
|
||||
way or form.
|
||||
1. All terms of the all other applicable copyrights and licenses must be
|
||||
followed.
|
||||
2. Redistributions of source code must retain the authors' copyright
|
||||
notice(s), this list of conditions, and the following disclaimer.
|
||||
3. Redistributions in binary form must reproduce the authors' copyright
|
||||
notice(s), this list of conditions, and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
4. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement with the name(s) of the
|
||||
authors as specified in the copyright notice(s) substituted where
|
||||
indicated:
|
||||
|
||||
This product includes software developed by <name(s)>, The Inner
|
||||
Net, and other contributors.
|
||||
|
||||
5. Neither the name(s) of the author(s) nor the names of its contributors
|
||||
may be used to endorse or promote products derived from this software
|
||||
without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY ITS AUTHORS AND CONTRIBUTORS ``AS IS'' AND ANY
|
||||
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY
|
||||
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
Please distribute a copy of this license with the software and make it
|
||||
reasonably easy for others to find.
|
||||
|
||||
If these license terms cause you a real problem, contact the author.
|
|
@ -1,327 +0,0 @@
|
|||
##
|
||||
# Makefile.source and Makefile: Directions for building and installing OPIE.
|
||||
#
|
||||
# %%% portions-copyright-cmetz-96
|
||||
# Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
# Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
# the software.
|
||||
# You should have received a copy of the license with this software. If
|
||||
# you didn't get a copy, you may request one from <license@inner.net>.
|
||||
#
|
||||
# Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
# McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
# to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
# License Agreement applies to this software.
|
||||
#
|
||||
# History:
|
||||
#
|
||||
# Modified by cmetz for OPIE 2.4. Add libmissing to include header path.
|
||||
# Renamed realclean to distclean. Added opieauto rules. Made
|
||||
# system program install more tolerant of non-existent files.
|
||||
# Modified by cmetz for OPIE 2.31. Moved logwtmp.o into libopie.
|
||||
# Modified by cmetz for OPIE 2.3. Removed manual config -- it's
|
||||
# Autoconf or bust. Replaced user configuration options
|
||||
# with options.h. Eliminated unused variables. Pass down
|
||||
# $(DEBUG) instead of several other variables to the
|
||||
# subdirs. Extended/standard key file support. Added
|
||||
# dependencies on subdir files. Made opietest call silent.
|
||||
# Removed opie-md4, opie-md5, and key aliases. Removed
|
||||
# test target. Make uninstall remove man page aliases.
|
||||
# Modified by cmetz for OPIE 2.22. Removed @LIBOBJS@ from MISSING for
|
||||
# Autoconf target. Re-ordered LFLAGS because some ld's won't
|
||||
# include libmissing properly if it's not at the end.
|
||||
# Modified by cmetz for OPIE 2.21. Added getusershell.o to IRIX
|
||||
# missing functions.
|
||||
# Modified by cmetz for OPIE 2.2. Added NEW_PROMPTS definition.
|
||||
# Added MISSING and new flags-passing for libmissing.
|
||||
# Quote MISSING or lose. Update TEST target for FTPD
|
||||
# variable. Removed line formatting for compile commands
|
||||
# since macro expansion confuses the issue anyway.
|
||||
# Added targets for opieserv. Added targets for opietest.
|
||||
# Removed obselete options.h target. Swapped libmissing
|
||||
# and libopie. Updated manual config options. Added more
|
||||
# explanatory text. Fixed uses of old SYSV and BSD4_3
|
||||
# symbols.
|
||||
# Modified at NRL for OPIE 2.2: Renamed LDFLAGS setting to LIBS,
|
||||
# renamed LDFLAGS in targets to LFLAGS. Added targets for
|
||||
# libopie and libmissing directories. Got rid of PROTOTYPES.
|
||||
# Added opiegen. Fixed RANLIB Autoconf target.
|
||||
# Modified at NRL for OPIE 2.11: Fixed fatal mistype of Autoconf.
|
||||
# Modified at NRL for OPIE 2.1: Changed targets to reflect source
|
||||
# file name changes. Changed explanation and flags for static
|
||||
# linking. Changed opieinfo target. Removed WHOAMI. Added
|
||||
# Autoconf targets. Changed if conditionals to use test
|
||||
# instead of [. Changed SU_DIR to SU to help autoconf.
|
||||
# Changed FTPDIR and FTPDNAME to FTPD to help autoconf.
|
||||
# Changed HP-UX to HP-UX9 and HP-UX10. Make uninstall
|
||||
# target depend on config. HPUX *is* no longer necessary, but
|
||||
# something does have to be there. Sub in Autoconf @CC@.
|
||||
# Modified at NRL for OPIE 2.04: Re-worded explanation of SU_STAR_CHECK.
|
||||
# Modified at NRL for OPIE 2.02: Added SU_STAR_CHECK flag.
|
||||
# Modified at NRL for OPIE 2.01: Test target makes opiesu and opielogin
|
||||
# setuid. install target clears that. uninstall target needs to
|
||||
# remove the opiekey symlinks. opieinfo target needs to
|
||||
# substitute for $(EXISTS). ifdefs target needs to check for
|
||||
# starting hash. $(LFLAGS) and -o should be at the end of all
|
||||
# link commands to spoon-feed drain bamaged link editors. Added
|
||||
# A/UX defaults.
|
||||
# Modified heavily at NRL for OPIE 2.0.
|
||||
# Written at Bellcore for the S/Key Version 1 software distribution
|
||||
# (Makefile).
|
||||
|
||||
#============================================================================
|
||||
# CONFIGURATION PARAMETERS -- CHANGE THESE TO SUIT YOUR MACHINE
|
||||
|
||||
# Shell to use for make(1)
|
||||
# It's usually a good idea to leave this as-is. On some systems, ksh or bash
|
||||
# may be necessary
|
||||
SHELL=/bin/sh
|
||||
|
||||
# OWNER is the username who should own the OPIE binaries.
|
||||
# GROUP is the groupname associated with the OPIE binaries.
|
||||
#
|
||||
OWNER=0
|
||||
GROUP=bin
|
||||
|
||||
# Where should the OPIE standard and extended databases be stored?
|
||||
#
|
||||
# Some sites might want to put this elsewhere. If you want to use an old
|
||||
# S/Key database, you should create a link from /etc/skeykeys to /etc/opiekeys.
|
||||
KEY_FILE=/etc/opiekeys
|
||||
|
||||
# Are we debugging?
|
||||
#
|
||||
# The first line will build a normal version of OPIE. You should use it.
|
||||
#
|
||||
# The second is for brave souls porting OPIE to a new system or trying to
|
||||
# debug it and should definitely NOT be used to build a production copy
|
||||
# of OPIE.
|
||||
#
|
||||
# The third is the above using nifty heap debugger called "Electric Fence".
|
||||
DEBUG=-O
|
||||
#DEBUG=-DDEBUG=1 -g
|
||||
#DEBUG=-DDEBUG=1 -g -lefence
|
||||
|
||||
# These parameters are determined by Autoconf and are probably correct.
|
||||
# If OPIE doesn't build or work right, try tweaking these.
|
||||
CC=@CC@
|
||||
YACC=@YACC@
|
||||
FTPD=@FTPD@
|
||||
LIBS=@LIBS@
|
||||
OPTIONS=@DEFS@
|
||||
EXISTS=@EXISTS@
|
||||
MKDIR=@MKDIR@
|
||||
CHOWN=@CHOWN@
|
||||
LOCALBIN=@LOCALBIN@
|
||||
LOCALMAN=@LOCALMAN@
|
||||
SU=@SU@
|
||||
ALT_SU=@ALT_SU@
|
||||
LOGIN=@LOGIN@
|
||||
LOCK_DIR=@LOCK_DIR@
|
||||
OPIEAUTO=@OPIEAUTO@
|
||||
|
||||
BACKUP=opie.old
|
||||
|
||||
CFLAGS=$(DEBUG) -Ilibmissing
|
||||
|
||||
LFLAGS=-Llibopie -Llibmissing -lopie $(LIBS) -lmissing -lopie
|
||||
LDEPS=libmissing/libmissing.a libopie/libopie.a
|
||||
|
||||
all: client server
|
||||
|
||||
ifdefs:
|
||||
egrep '^#*if*def' *.c *.h | cut -f2 -d: | sort | uniq
|
||||
|
||||
client: libopie/libopie.a libmissing/libmissing.a opietest-passed opiekey opiegen $(OPIEAUTO)
|
||||
|
||||
client-install: client
|
||||
@echo "Installing OPIE client software..."
|
||||
@echo "Copying OPIE key-related files"
|
||||
@if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi
|
||||
@cp opiekey $(OPIEAUTO) $(LOCALBIN)
|
||||
@$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey
|
||||
@if test ! -z "$(OPIEAUTO)"; then $(CHOWN) $(OWNER) $(LOCALBIN)/opieauto; fi
|
||||
@chgrp $(GROUP) $(LOCALBIN)/opiekey
|
||||
@echo "Changing file permissions"
|
||||
@chmod 0511 $(LOCALBIN)/opiekey
|
||||
@if test ! -z "$(OPIEAUTO)"; then chmod 0511 $(LOCALBIN)/opieauto; fi
|
||||
@echo "Symlinking aliases to opiekey"
|
||||
@-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4
|
||||
@-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5
|
||||
@echo "Installing manual pages"
|
||||
@-for i in otp-md4 otp-md5; do ln -s opiekey.1 $(LOCALMAN)/man1/$$i.1; done
|
||||
@if test ! -d $(LOCALMAN)/man1; then $(MKDIR) $(LOCALMAN)/man1; chmod 755 $(LOCALMAN)/man1; fi; cp opiekey.1 $(LOCALMAN)/man1/opiekey.1; $(CHOWN) $(OWNER) $(LOCALMAN)/man1/opiekey.1; chgrp $(GROUP) $(LOCALMAN)/man1/opiekey.1; chmod 644 $(LOCALMAN)/man1/opiekey.1
|
||||
|
||||
server: libopie/libopie.a libmissing/libmissing.a opietest-passed opielogin opiesu opiepasswd opieinfo opieftpd opieserv
|
||||
|
||||
server-install: server
|
||||
@echo "Installing OPIE server software..."
|
||||
@echo "Copying OPIE user programs"
|
||||
@if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi
|
||||
@cp opiepasswd opieinfo $(LOCALBIN)
|
||||
@echo "Changing ownership"
|
||||
@$(CHOWN) $(OWNER) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo
|
||||
@chgrp $(GROUP) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo
|
||||
@echo "Changing file permissions"
|
||||
@chmod 0555 $(LOCALBIN)/opieinfo
|
||||
@chmod 4511 $(LOCALBIN)/opiepasswd
|
||||
@echo "Installing OPIE system programs..."
|
||||
@if test ! -z $(LOGIN); \
|
||||
then \
|
||||
if test ! $(EXISTS) $(LOGIN).$(BACKUP); \
|
||||
then \
|
||||
echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; \
|
||||
mv $(LOGIN) $(LOGIN).$(BACKUP); \
|
||||
echo "Clearing permissions on $(LOGIN)"; \
|
||||
chmod 0 $(LOGIN).$(BACKUP); \
|
||||
fi; \
|
||||
echo "Copying OPIE login to $(LOGIN)"; \
|
||||
cp opielogin $(LOGIN); \
|
||||
echo "Changing ownership of $(LOGIN)"; \
|
||||
$(CHOWN) $(OWNER) $(LOGIN); \
|
||||
chgrp $(GROUP) $(LOGIN); \
|
||||
echo "Changing file permissions of $(LOGIN)"; \
|
||||
chmod 4111 $(LOGIN); \
|
||||
fi
|
||||
@if test ! -z $(SU); \
|
||||
then \
|
||||
if test ! $(EXISTS) $(SU).$(BACKUP); \
|
||||
then \
|
||||
echo "Renaming existing $(SU) to $(SU).$(BACKUP)"; \
|
||||
mv $(SU) $(SU).$(BACKUP); \
|
||||
echo "Clearing permissions on $(SU)"; \
|
||||
chmod 0 $(SU).$(BACKUP); \
|
||||
fi; \
|
||||
echo "Copying OPIE su to $(SU)"; \
|
||||
cp opiesu $(SU); \
|
||||
echo "Changing ownership of $(SU)"; \
|
||||
$(CHOWN) $(OWNER) $(SU); \
|
||||
chgrp $(GROUP) $(SU); \
|
||||
echo "Changing file permissions of $(SU)"; \
|
||||
chmod 4111 $(SU); \
|
||||
fi
|
||||
@if test ! -z $(ALT_SU); \
|
||||
then \
|
||||
if test ! $(EXISTS) $(ALT_SU).$(BACKUP); \
|
||||
then \
|
||||
echo "Renaming existing $(ALT_SU) to $(ALT_SU).$(BACKUP)"; \
|
||||
mv $(ALT_SU) $(ALT_SU).$(BACKUP); \
|
||||
echo "Clearing permissions on $(ALT_SU)"; \
|
||||
chmod 0 $(ALT_SU).$(BACKUP); \
|
||||
fi; \
|
||||
echo "Copying OPIE su to $(ALT_SU)"; \
|
||||
cp opiesu $(ALT_SU); \
|
||||
echo "Changing ownership of $(ALT_SU)"; \
|
||||
$(CHOWN) $(OWNER) $(ALT_SU); \
|
||||
chgrp $(GROUP) $(ALT_SU); \
|
||||
echo "Changing file permissions of $(ALT_SU)"; \
|
||||
chmod 4111 $(ALT_SU); \
|
||||
fi
|
||||
@if test ! -z $(FTPD); \
|
||||
then \
|
||||
if test ! $(EXISTS) $(FTPD).$(BACKUP); \
|
||||
then \
|
||||
echo "Renaming existing $(FTPD) to $(FTPD).$(BACKUP)"; \
|
||||
mv $(FTPD) $(FTPD).$(BACKUP); \
|
||||
echo "Clearing permissions on $(FTPD).$(BACKUP)"; \
|
||||
chmod 0 $(FTPD).$(BACKUP); \
|
||||
fi; \
|
||||
echo "Copying OPIE ftp daemon to $(FTPD)"; \
|
||||
cp opieftpd $(FTPD); \
|
||||
echo "Changing ownership of $(FTPD)"; \
|
||||
$(CHOWN) $(OWNER) $(FTPD); \
|
||||
chgrp $(GROUP) $(FTPD); \
|
||||
echo "Changing file permissions of $(FTPD)"; \
|
||||
chmod 0100 $(FTPD); \
|
||||
fi
|
||||
@echo "Making sure OPIE database file exists";
|
||||
@touch $(KEY_FILE)
|
||||
@echo "Changing permissions of OPIE database file"
|
||||
@chmod 0644 $(KEY_FILE)
|
||||
@echo "Changing ownership of OPIE database file"
|
||||
@$(CHOWN) $(OWNER) $(KEY_FILE)
|
||||
@chgrp $(GROUP) $(KEY_FILE)
|
||||
@-if test ! -z "$(LOCK_DIR)"; then echo "Creating OPIE lock directory"; mkdir $(LOCK_DIR); $(CHOWN) 0 $(LOCK_DIR); chgrp 0 $(LOCK_DIR); chmod 0700 $(LOCK_DIR); fi;
|
||||
@-if test ! -z "$(ACCESS_FILE)"; then echo "Creating OPIE access file (don't say we didn't warn you)"; touch $(ACCESS_FILE); $(CHOWN) 0 $(ACCESS_FILE); chgrp 0 $(ACCESS_FILE); chmod 0444 $(ACCESS_FILE); fi;
|
||||
@echo "Installing manual pages"
|
||||
@if test ! -d $(LOCALMAN); then $(MKDIR) $(LOCALMAN); chmod 755 $(LOCALMAN); fi
|
||||
@for i in 1 4 5 8; do for j in *.$$i; do if test ! -d $(LOCALMAN)/man$$i; then $(MKDIR) $(LOCALMAN)/man$$i; chmod 755 $(LOCALMAN)/man$$i; fi; cp $$j $(LOCALMAN)/man$$i/$$j; $(CHOWN) $(OWNER) $(LOCALMAN)/man$$i/$$j; chgrp $(GROUP) $(LOCALMAN)/man$$i/$$j; chmod 644 $(LOCALMAN)/man$$i/$$j; done; done
|
||||
@echo "REMEMBER to run opiepasswd on your users immediately."
|
||||
|
||||
install: client-install server-install
|
||||
|
||||
uninstall:
|
||||
@echo "Un-installing OPIE..."
|
||||
@echo "Removing symlinks"
|
||||
@-for i in otp-md4 otp-md5; do rm $(LOCALBIN)/$$i; done
|
||||
@echo "Removing OPIE programs"
|
||||
@-for i in opiekey opiepasswd opieinfo; do rm $(LOCALBIN)/$$i; done
|
||||
@echo "Removing OPIE manual pages"
|
||||
@-for i in 1 4 5 8; do for j in *.$$i; do rm $(LOCALMAN)/man$$i/$$j; done; done
|
||||
@-rm $(LOCALMAN)/man1/otp-md4.1 $(LOCALMAN)/man1/otp-md5.1
|
||||
@echo "Restoring old binaries"
|
||||
@-for i in $(SU) $(ALT_SU) $(LOGIN) $(FTPD); do FILE=`basename $$i`; if test ! $(EXISTS) $$i.$(BACKUP); then echo "No $$i.$(BACKUP)! Aborting."; exit 1; else echo "Removing $$FILE"; rm $$i || true; echo "Restoring old $$FILE"; mv $$i.$(BACKUP) $$i; fi; done
|
||||
@echo "Resetting permissions"
|
||||
@chmod 4111 $(SU) $(LOGIN)
|
||||
@chmod 0100 $(FTPD)
|
||||
@if test ! -z "$(ALT_SU)"; then chmod 4111 $(ALT_SU); fi
|
||||
@echo "OPIE is now un-installed."
|
||||
@echo "Please verify by hand that this process worked."
|
||||
|
||||
opietest-passed: opietest
|
||||
-./opietest && touch opietest-passed
|
||||
|
||||
libopie/libopie.a: libopie/*.c *.h
|
||||
(cd libopie ; $(MAKE) libopie.a CFL='$(CFLAGS) -DKEY_FILE=\"$(KEY_FILE)\"')
|
||||
|
||||
libmissing/libmissing.a: libmissing/*.c
|
||||
(cd libmissing ; $(MAKE) libmissing.a CFL='$(CFLAGS)')
|
||||
|
||||
clean:
|
||||
-rm -f *.o opiekey opiegen opielogin opiepasswd opiesu opieftpd
|
||||
-rm -f opieserv opieinfo opietest opieauto *core* opietest-passed
|
||||
-rm -f Makefile.munge configure.munger y.tab.c .gdb*
|
||||
(cd libopie ; $(MAKE) clean)
|
||||
(cd libmissing ; $(MAKE) clean)
|
||||
|
||||
realclean: distclean
|
||||
|
||||
distclean: clean
|
||||
-rm -f *~ core* "\#*\#" Makefile make.log
|
||||
-rm -f config.log config.status config.cache config.h
|
||||
(cd libopie ; $(MAKE) distclean)
|
||||
(cd libmissing ; $(MAKE) distclean)
|
||||
|
||||
opiekey: opiekey.o $(LDEPS)
|
||||
$(CC) $(CFLAGS) opiekey.o $(LFLAGS) -o opiekey
|
||||
|
||||
opiegen: opiegen.o $(LDEPS)
|
||||
$(CC) $(CFLAGS) opiegen.o $(LFLAGS) -o opiegen
|
||||
|
||||
opieserv: opieserv.o $(LDEPS)
|
||||
$(CC) $(CFLAGS) opieserv.o $(LFLAGS) -o opieserv
|
||||
|
||||
opieftpd: opieftpd.o glob.o popen.o y.tab.o $(LDEPS)
|
||||
$(CC) $(CFLAGS) opieftpd.o glob.o popen.o y.tab.o $(LFLAGS) -o opieftpd
|
||||
|
||||
opielogin: opielogin.o permsfile.o $(LDEPS)
|
||||
$(CC) $(CFLAGS) opielogin.o permsfile.o $(LFLAGS) -o opielogin
|
||||
|
||||
opiepasswd: opiepasswd.o $(LDEPS)
|
||||
$(CC) $(CFLAGS) opiepasswd.o $(LFLAGS) -o opiepasswd
|
||||
|
||||
opiesu: opiesu.o $(LDEPS)
|
||||
$(CC) $(CFLAGS) opiesu.o $(LFLAGS) -o opiesu
|
||||
|
||||
y.tab.c: ftpcmd.y
|
||||
$(YACC) ftpcmd.y
|
||||
|
||||
opieinfo: opieinfo.o $(LDEPS)
|
||||
$(CC) $(CFLAGS) opieinfo.o $(LFLAGS) -o opieinfo
|
||||
|
||||
opietest: opietest.o $(LDEPS)
|
||||
$(CC) $(CFLAGS) opietest.o $(LFLAGS) -o opietest
|
||||
|
||||
opieauto: opieauto.o $(LDEPS)
|
||||
$(CC) $(CFLAGS) opieauto.o $(LFLAGS) -o opieauto
|
||||
|
|
@ -1,508 +0,0 @@
|
|||
OPIE Software Distribution, Release 2.4 Important Information
|
||||
======================================= =====================
|
||||
|
||||
Introduction
|
||||
============
|
||||
|
||||
"One-time Passwords In Everything" (OPIE) is a freely distributable
|
||||
software package originally developed at and for the US Naval Research
|
||||
Laboratory (NRL). Recent versions are the result of a cooperative effort
|
||||
between of NRL, several of the original NRL authors, The Inner Net, and many
|
||||
other contributors from the Internet community.
|
||||
|
||||
OPIE is an implementation of the One-Time Password (OTP) System that
|
||||
is being considered for the Internet standards-track. OPIE provides a one-time
|
||||
password system. The system should be secure against the passive attacks
|
||||
now commonplace on the Internet (see RFC 1704 for more details). The system
|
||||
is vulnerable to active dictionary attacks, though these are not widespread
|
||||
at present and can be detected through proper use of system audit
|
||||
software.
|
||||
|
||||
OPIE is primarily written for UNIX-like operating systems, but
|
||||
we are working to make applicable portions portable to other operating systems.
|
||||
The OPIE software is derived in part from and is fully interoperable with the
|
||||
Bell Communications Research (Bellcore) S/Key Release 1 software. Because
|
||||
Bellcore claims "S/Key" as a trademark for their software, NRL was forced to
|
||||
use a different name (we picked "OPIE") for this software distribution.
|
||||
|
||||
OPIE includes the following additions/modifications to the
|
||||
original Bellcore S/Key(tm) Version 1 software:
|
||||
|
||||
* Just about three command installation (unpack the software, run the
|
||||
configure script, and run make install). While we still recommend that you
|
||||
follow instructions and test things by hand, the more adventurous can
|
||||
install OPIE quickly.
|
||||
|
||||
* A modified BSD FTP daemon that does OTP.
|
||||
|
||||
* A version of su that uses OTP by default.
|
||||
|
||||
* MD5 support. MD5 is now the default algorithm, though MD4 is still supported
|
||||
by changing a parameter in the Makefile. This change was made because MD5 is
|
||||
widely believed to be cryptographically stronger than MD4 (see RFC 1321).
|
||||
|
||||
* A more portable version of MD4 has been substituted for the original MD4.
|
||||
This should solve the endian problems that were in S/Key.
|
||||
|
||||
* Most of the system-dependencies have been moved to a new file "opie_cfg.h".
|
||||
|
||||
* Configuration options have been moved to the Makefile.
|
||||
|
||||
* Isolated system dependencies (e.g. BSDisms) with appropriate #ifdefs.
|
||||
|
||||
* Revised the opiekey(1) program to simultaneously support MD4 and MD5, with
|
||||
the default algorithm being tunable using the MDX symbol in the Makefile.
|
||||
|
||||
* More operating systems are supported by recent versions of OPIE, but older
|
||||
BSD systems that aren't close to being compliant with the POSIX standard are
|
||||
no longer supported.
|
||||
|
||||
* Transition mechanisms are optional to prevent potential back doors.
|
||||
|
||||
* On systems using the /etc/opieaccess transition mechanism, users can choose
|
||||
to require the use of OPIE to login to their accounts when it would
|
||||
otherwise be optional.
|
||||
|
||||
* Bug fixes
|
||||
|
||||
* Cosmetic changes
|
||||
|
||||
* Prompts (optionally) identify specifically what kind of entry (system
|
||||
password, secret pass phrase, or OTP response) is allowed.
|
||||
|
||||
* Changes to mostly conform with the draft Internet OTP standard.
|
||||
|
||||
A Glance at What's New
|
||||
======================
|
||||
|
||||
2.4 TEST VERSION -- NOT FOR REDISTRIBUTION
|
||||
|
||||
Merged in opieauto, which is disabled by default.
|
||||
|
||||
Lots of documentation updates.
|
||||
|
||||
Portability and bug fixes.
|
||||
|
||||
2.32 January 1, 1998.
|
||||
|
||||
Indicate support for extended responses in challenges and check for such
|
||||
indication before generating any extended responses.
|
||||
|
||||
Lots of portability and bug fixes.
|
||||
|
||||
2.31 March 20, 1997.
|
||||
|
||||
Removed active attack protection support due to patent problems.
|
||||
|
||||
Removed the supplemental key file; it did more harm than good.
|
||||
|
||||
Moved user locks to a separate directory.
|
||||
|
||||
Moved user-serviceable configuration options to the configure script.
|
||||
|
||||
Lots of portability and bug fixes.
|
||||
|
||||
2.3 September 22, 1996
|
||||
|
||||
Autoconf is now the only supported configuration method.
|
||||
|
||||
Lots of internal functions got re-written in ways that will make some
|
||||
planned future changes easier.
|
||||
|
||||
OTP extended responses, such as automatic re-initialization.
|
||||
|
||||
Support for a supplemental key file that stores information that was not
|
||||
in the original /etc/skeykeys file. This allows OPIE to store extra data needed
|
||||
for things like the OTP re-initialization extended response without breaking
|
||||
interoperability with other S/Key derived programs. This file is named
|
||||
"/etc/opiekeys.ext" by default. Unlike the standard key file, it MUST NOT be
|
||||
world readable.
|
||||
|
||||
OPIE should better support some of the native "features" of drain bamaged
|
||||
OSs such as AIX, HP-UX, and Solaris.
|
||||
|
||||
OPIE's utmp/wtmp handling has been completely re-written. This should solve
|
||||
many of the utmp/wtmp problems people have been having.
|
||||
|
||||
Lots of cleanups.
|
||||
|
||||
Bug fixes.
|
||||
|
||||
2.22 May 3, 1996.
|
||||
|
||||
More minor bug fixes. OPIE once again works on Solaris 2.x.
|
||||
|
||||
2.21 April 27, 1996.
|
||||
|
||||
Minor bug fixes.
|
||||
|
||||
2.2 April 11, 1996.
|
||||
|
||||
opiesubr.c, opiesubr2.c, and a few other functions moved into a
|
||||
subdirectory and split into files with fine granularity. Ditto with missing
|
||||
function replacements. This subdirectory structure changes a lot of things
|
||||
around and more splitting like this should be expected in the near future.
|
||||
|
||||
Added opiegenerator() library function that should make it very easy to
|
||||
create OTP clients using the OPIE library (this function is subject to change:
|
||||
there are a few problems remaining to be solved). Just about re-wrote
|
||||
opiegetpass() to use raw I/O and got most of the OPIE programs actually using
|
||||
that function. Autoconf build fixes. Lots of bug fixes. Lots of portability
|
||||
fixes. Function declarations should be ANSI style for ANSI compilers. Several
|
||||
fixes to bring OPIE in line with the latest OTP spec. MJR DES key crunch
|
||||
de-implemented.
|
||||
|
||||
Added sample programs: opiegen (client) and opieserv (server).
|
||||
|
||||
Probably broke non-autoconf support along the way :(. I've tried to bring
|
||||
this back in sync, but it may still be broken.
|
||||
|
||||
2.11 December 27, 1995.
|
||||
|
||||
Minor bug fixes.
|
||||
|
||||
2.10 December 26, 1995.
|
||||
|
||||
Optional autoconf support. opieinfo is now a normal program. Bugs fixed --
|
||||
should work much better on SunOS, HP-UX, and AIX.
|
||||
|
||||
2.01 -- 2.04
|
||||
|
||||
Bug fix releases.
|
||||
|
||||
2.00
|
||||
|
||||
Initial release of OPIE 2.0.
|
||||
|
||||
System Requirements
|
||||
===================
|
||||
|
||||
In order to build and run properly, OPIE requires:
|
||||
|
||||
* A UNIX-like operating system
|
||||
* An ANSI C compiler and run-time library
|
||||
* POSIX.1- and X/Open XPG-compliance (including termios)
|
||||
* The BSD sockets API
|
||||
* Approximately five megabytes of free disk space
|
||||
|
||||
In practice, we believe that many systems who are close to meeting
|
||||
these requirements but aren't completely there (for example, SunOS with the
|
||||
native compiler) will also work. Systems who aren't anywhere near close
|
||||
(for example, DOS) are not likely to work without major adjustments to the
|
||||
OPIE code.
|
||||
|
||||
If OPIE Doesn't Work
|
||||
====================
|
||||
|
||||
Under NO circumstances should you send trouble reports directly to the
|
||||
authors or contributors. They WILL BE IGNORED.
|
||||
|
||||
Make sure you have the latest version of OPIE. The latest version is
|
||||
available by HTTP at:
|
||||
|
||||
http://www.inner.net/pub/opie
|
||||
|
||||
(sorry, but anonymous FTP is no longer available)
|
||||
|
||||
If you have installed the OPIE software (either through "make test"
|
||||
in (7) above or "make install" in (14)), you can run "make uninstall" from the
|
||||
OPIE software distribution directory. This should remove the OPIE software and
|
||||
restore the original system programs, but it will not work properly (and can
|
||||
even result in the total loss of the old system programs -- beware!) if the
|
||||
installation procedure itself did not work properly.
|
||||
|
||||
If you are running a release version, try installing the latest public
|
||||
test version (look around). These frequently have already fixed the problem
|
||||
you are seeing, but may have new problems of their own (that's why they're
|
||||
test versions!). Similarly, if you are running a test version, try installing
|
||||
the latest released version.
|
||||
|
||||
OPIE is NOT supported software. We don't promise to support you or
|
||||
even to acknowledge your mail, but we are interested in bug reports and are
|
||||
reasonable folks. We also have an interest in seeing OPIE work on as many
|
||||
systems as we can. However, if your system doesn't meet the basic requirements
|
||||
for OPIE, this will probably require an unreasonable amount of effort.
|
||||
|
||||
The best bug reports include a diagnosis of the problem and a fix.
|
||||
Your bug report can still be valuable if you can at least diagnose what the
|
||||
problem is. If you just tell us "it doesn't work," then we won't be able to
|
||||
do anything to help you.
|
||||
|
||||
We've received a number of bug reports from people that look
|
||||
interesting, only to find when we try to follow up on them that the user
|
||||
either has an invalid return address or never bothered to respond to our
|
||||
followup. Please make sure that bug reports you send us have an electronic
|
||||
mail address that we can reply to somewhere in them (if necessary, just
|
||||
put it in the message body). If we send you a response and you are unable
|
||||
to invest the time to work with us to solve the problem, please tell us --
|
||||
few things are more irritating than when someone sends us information
|
||||
about a bug that we'd like to fix and then is never heard from again.
|
||||
|
||||
We try to respond to all properly submitted bug reports. Improperly
|
||||
submitted bug reports will be responded to only if we have time left after
|
||||
responding to properly submitted bug reports. We deliberately ignore bug
|
||||
"reports" sent to mailing lists or USENET news groups instead of or before
|
||||
our bug report address. At the least, the latter practice is lacking in
|
||||
courtesy.
|
||||
|
||||
The file BUG-REPORT contains our bug reporting form. Please use it
|
||||
and follow the submission instructions in that file. We are going to switch
|
||||
to machine-parsed bug report processing sometime in the near future to make
|
||||
it easier to coordinate bug hunting.
|
||||
|
||||
Gotchas
|
||||
=======
|
||||
|
||||
Solaris 2.x is just a lose. It does a lot of nonstandard and downright
|
||||
broken things. If you want OPIE to be reliable on your box, upgrade to OpenBSD
|
||||
or Linux.
|
||||
|
||||
While an almost universal "feature", most people remain unaware that
|
||||
an intruder can log into a system, then log in again by running the "login"
|
||||
command from a shell. Because the second login is from the local host, the
|
||||
utmp entry will not show a remote login host anymore. The OPIE replacement
|
||||
for /bin/login currently carries on this behavior for compatibility reasons.
|
||||
If you would like to prevent this from happening, you should change the
|
||||
permissions of /bin/login to 0100, thus preventing unprivileged users from
|
||||
executing it. This fix should work on non-OPIE /bin/login programs as well.
|
||||
|
||||
On 4.3BSDish systems, the supplied /bin/login replacement obtains
|
||||
the terminal type for the console comes from the console line in the /etc/ttys
|
||||
file. Several systems contain a default entry in this file that specifies the
|
||||
console terminal type as "unknown". This is probably not what you want.
|
||||
|
||||
The OPIE FTP daemon responds with two 530 error messages if you have
|
||||
not yet logged in and execute a command that will also do a PORT request. This
|
||||
is a feature, not a bug, as the FTP client is really sending the server two
|
||||
commands (for instance, a PORT and a LIST if you tell your BSD FTP client to do
|
||||
a DIR command) and the server is responding to each of them with an error. The
|
||||
stock BSD FTP daemon doesn't check the PORT commands to see if you are logged
|
||||
in, so you would only get one error message. This change should not break any
|
||||
standards-compliant FTP client, but there are a number of brain-damaged GUI
|
||||
clients that have a track record for not dealing gracefully with any server
|
||||
other than the stock BSD one.
|
||||
|
||||
The /etc/opieaccess transition mechanism is, by definition, a security
|
||||
hole in the OPIE software because an attacker could use it to circumvent the
|
||||
requirement for OPIE authentication. You should compile the software with
|
||||
support for this file disabled unless you absolutely cannot use the software
|
||||
without it because of your environment. If you do use this support for
|
||||
transition purposes, you should move people to OTP authentication as quickly
|
||||
as possible and rebuild and reinstall OPIE with this transition support
|
||||
disabled so that you won't have a lurking security hole.
|
||||
|
||||
If this wasn't already clear, do not let your sequence number fall
|
||||
below about ten. If your sequence number reaches zero, your OTP sequence
|
||||
can only be reset by the superuser. System administrators should make this
|
||||
caveat known to their users.
|
||||
|
||||
On Solaris 2.x systems (and possibly others) running NIS+, users
|
||||
should run keylogin(1) manually after login because opielogin(1) does not
|
||||
do that automatically like the system login(1) program.
|
||||
|
||||
There are reports that some versions of GNU C Compiler (GCC)
|
||||
(when installed on some systems) use their own termios(4) instead of
|
||||
the system's termios(4). This can cause problems. If you are having
|
||||
compilation problems that seem to relate to termios and you are using
|
||||
GCC, you should probably verify that it is using the system's
|
||||
termios(4) and not some internal-to-GCC termios(4). One report
|
||||
indicates that Sun's C compiler works fine with SunOS 4.1.3/4.1.4 on
|
||||
SPARC, but that some version of GCC on the same system has this
|
||||
termios(4) problem. We haven't reproduced these problems ourselves
|
||||
and hence aren't sure what is happening, but we pass this along for
|
||||
your information. (This may have something to do with the use of GNU
|
||||
libc)
|
||||
|
||||
If a user has a valid entry in the opiekeys database but has an
|
||||
asterisk in their traditional password entry, they will not be able to
|
||||
log in via opielogin, but opielogin will decrement their sequence number
|
||||
if a valid response is received.
|
||||
|
||||
On some systems, the OPIE login program does not always display
|
||||
a "login:" prompt the first time. There is a race condition in many older
|
||||
telnetds that is probably the cause of this problem. This should be fixed by
|
||||
replacing your telnetd with the latest version of the stock telnetd
|
||||
(ftp.cray.com:/src/telnet).
|
||||
|
||||
The standard HPUX compiler is severely drain bamaged. One of the
|
||||
worst parts is that it sometimes won't grok a symbol definition with forward
|
||||
slashes in them properly and can choke badly on the definition of the key
|
||||
file's location. If this happens to you, install and use GCC. (This problem
|
||||
may or may not also come up with the optional HP ANSI C compiler -- we don't
|
||||
know for sure what compilers have this problem).
|
||||
|
||||
As of OPIE 2.2, the seed is converted to lower case and its length is
|
||||
checked in order to comply with the OTP specification. If any of your users
|
||||
have seeds that use capital letters or are too long, they need to run the OPIE
|
||||
2.2 opiepasswd program to re-initialize their sequence to one with a different
|
||||
seed.
|
||||
|
||||
opielogin is a replacement for /bin/login. It is NOT an OPIE "shell."
|
||||
You can use it as one, but don't be surprised if it doesn't behave the way
|
||||
you expect -- we've seen various reports of success and failure when used this
|
||||
way. An OPIE "shell" is on the TODO list.
|
||||
|
||||
Clients that use opiegen() will automatically send a re-initialization
|
||||
extended response if the sequence number falls below ten. If the server does
|
||||
not support this, the user will need to log in using opiekey and reset his
|
||||
sequence manually (using opiepasswd).
|
||||
|
||||
For reasons that remain very unclear, Solaris passes the login name
|
||||
from getty/telnetd to login by stuffing it in the terminal input buffer
|
||||
instead of passing it on the command line like every other *IX. This is just
|
||||
plain broken. Solaris has other problems with its telnetd and getty; you may
|
||||
want to consider getting the telnet(d) sources (ftp.cray.com:/src/telnet)
|
||||
and reasonable getty sources (try sunsite.unc.edu:/pub/Linux/system/Serial, at
|
||||
least one of agetty, mingetty, and getty_ps should work) and replacing the
|
||||
Solaris versions with these. OPIE should work *much* more happily with these
|
||||
programs than the ones that come with Solaris. However, there could be negative
|
||||
side effects -- this is not a procedure recommended for the faint of heart.
|
||||
|
||||
OPIE is a lot more fussy than it used to be about lock files and where
|
||||
it puts them. The lock file directory must be a directory used only for OPIE
|
||||
lock files. It must be a directory, owned by the superuser, and must be mode
|
||||
0700.
|
||||
|
||||
opieauto is a potential security hole. It opens a limited window of
|
||||
exposure by transmitting and storing information that can be used to
|
||||
generate one or more OTPs earlier than the current sequence number. Every
|
||||
effort has been made to limit the potential for compromise to the user-
|
||||
specified window. However, an attacker with superuser priveleges or access to
|
||||
your account on the client system can still generate OTPs based on the
|
||||
information cached via opieauto. In practice, there are other ways for such an
|
||||
an attacker to get your entire secret pass phrase, so this is probably not
|
||||
creating a significant new security problem. However, because of this
|
||||
potential for problems and because opieauto uses system features that are not
|
||||
present on all systems, opieauto support is not compiled in by default and
|
||||
must be specifically enabled at compile time.
|
||||
|
||||
Many users are running OPIE with the key file on a shared NFS volume
|
||||
in order to use OTP as a single-login system for a cluster of machines. OPIE
|
||||
was NOT designed to be operated this way, though it does seem to work. If it
|
||||
fails or if this proves insecure, this is not OPIE's fault. Note that, if you
|
||||
do this, you probably want to share the OPIE lock files too.
|
||||
|
||||
Gripes
|
||||
======
|
||||
|
||||
Is it too much to ask that certain OS vendors just do the right thing
|
||||
and not "fix" what isn't broken? (Look at all the ifdefs in the OPIE code and
|
||||
the answer is clear)
|
||||
|
||||
utmp and wtmp handling in OPIE has been a very, very sore subject.
|
||||
Every vendor does things differently, and, of course, most of them swear they
|
||||
are complying to some or other "standard." My (cmetz) conclusion is that the
|
||||
only thing that is standard about utmp and wtmp handling is that it will be
|
||||
nonstandard on any given system. I've tried a lot of things and I've wasted
|
||||
*a lot* of time on trying to make utmp and wtmp handling work for everybody;
|
||||
my conclusion is that it will never happen. While I am still interested in
|
||||
hearing about fixes for utmp/wtmp on systems where they don't work, I'm not
|
||||
likely to go out of my way to fix utmp/wtmp handling. If you want it fixed,
|
||||
the best way to do it is to fix it yourself and contribute a patch. As long as
|
||||
the patch is reasonable, it will be included in the next release. If you can't
|
||||
wait, use the --disable-utmp option.
|
||||
|
||||
Credits
|
||||
=======
|
||||
|
||||
First and foremost credit goes to Phil Karn, Neil M. Haller, and John
|
||||
S. Walden of Bellcore for creating the S/Key Version 1 software distribution
|
||||
and for making its source code freely available to the public. Without their
|
||||
work, OPIE would not exist. Neil has also invested a good amount of his time
|
||||
in the development of a standard for One-Time Passwords so that packages like
|
||||
OPIE can interoperate.
|
||||
|
||||
The first NRL OPIE distribution included modifications made primarily
|
||||
by Dan McDonald of the U.S. Naval Research Laboratory (NRL) during March 1994.
|
||||
The 2nd NRL OPIE distribution, which has a number of improvements in areas
|
||||
such as portability of software and ease of installation, is primarily the
|
||||
work of Ran Atkinson and Craig Metz. Other NRL contributors include Brian
|
||||
Adamson, Steve Batsell, Preston Mullen, Bao Phan, Jim Ramsey, and Georg Thomas.
|
||||
|
||||
Some of version 2.2 was developed at NRL and released as a work in
|
||||
progress. Most of the release version was developed by Craig Metz (also of
|
||||
NRL), others at The Inner Net, and contributors from the Internet community.
|
||||
Versions beyond 2.2 were developed outside NRL, so don't blame them if they
|
||||
don't work (But please credit them when it does. Without the NRL effort, there
|
||||
wouldn't be an OPIE).
|
||||
|
||||
We would like to also thank everyone who helped us by by beta testing,
|
||||
reporting bugs, suggesting improvements, and/or sending us patches. We
|
||||
appreciate your contributions -- they have helped to make OPIE more of a
|
||||
community effort. These contributors include:
|
||||
|
||||
Mowgli Assor
|
||||
Lawrie Brown
|
||||
Andrew Davis
|
||||
Taso N. Devetzis
|
||||
Carson Gaspar
|
||||
Dennis Glatting
|
||||
Ben Golding
|
||||
Axel Grewe
|
||||
"Hobbit"
|
||||
Kojima Hajime
|
||||
Darren Hosking
|
||||
Matt Hucke
|
||||
Kenji Kamizono
|
||||
Charles Karney
|
||||
Jeff Kletsky
|
||||
Peter Koch
|
||||
Martijn Koster
|
||||
Osamu Kurati
|
||||
Ayamura Kikuchi
|
||||
Ronald van der Meer
|
||||
Bret Musser
|
||||
Hiroshi Nakano
|
||||
Ikuo Nakagawa
|
||||
Angelo Neri
|
||||
C. R. Oldham
|
||||
Ossama Othman
|
||||
D. Jason Penney
|
||||
John Perkins
|
||||
Steve Price
|
||||
Jim Simmons
|
||||
Steve Simmons
|
||||
Brad Smith
|
||||
Werner Wiethege
|
||||
Ken-ichi Yamasaki
|
||||
Wietse Venema
|
||||
|
||||
OPIE development at NRL was sponsored by the Information Security
|
||||
Program Office (PD 71E), U.S. Space and Naval Warfare Systems Command, Crystal
|
||||
City, Virginia.
|
||||
|
||||
If you have problems with OPIE, please follow the instructions under
|
||||
"If OPIE Doesn't Work." Under NO circumstances should you send trouble
|
||||
reports directly to the authors or contributors. They WILL BE IGNORED.
|
||||
|
||||
Trademarks
|
||||
==========
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
UNIX is a trademark of X/Open.
|
||||
NRL is a trademark of the U. S. Naval Research Laboratory.
|
||||
|
||||
All other trademarks are trademarks of their respective owners.
|
||||
|
||||
The term "OPIE" is in the public domain and hence cannot be legally
|
||||
trademarked by anyone. Please do not abuse it.
|
||||
|
||||
Copyrights
|
||||
==========
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
Portions of this software are copyright 1980-1990 Regents of the
|
||||
University of California, all rights reserved. The Berkeley Software
|
||||
License Agreement specifies the terms and conditions for redistribution.
|
||||
|
||||
Portions of this software are copyright 1990 Bell Communications Research
|
||||
(Bellcore), all rights reserved.
|
|
@ -1,226 +0,0 @@
|
|||
/* acconfig.h: Extra commentary for Autoheader
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
/* Define if the closedir function returns void instead of int. */
|
||||
#undef CLOSEDIR_VOID
|
||||
|
||||
/* Define if you want the FTP daemon to support anonymous logins. */
|
||||
#undef DOANONYMOUS
|
||||
|
||||
/* The default value of the PATH environment variable */
|
||||
#undef DEFAULT_PATH
|
||||
|
||||
/* Defined if the file /etc/default/login exists
|
||||
(and, presumably, should be looked at by login) */
|
||||
#undef HAVE_ETC_DEFAULT_LOGIN
|
||||
|
||||
/* Defined to the name of a file that contains a list of files whose
|
||||
permissions and ownerships should be changed on login. */
|
||||
#undef HAVE_LOGIN_PERMFILE
|
||||
|
||||
/* Defined to the name of a file that contains a list of environment
|
||||
values that should be set on login. */
|
||||
#undef HAVE_LOGIN_ENVFILE
|
||||
|
||||
/* Defined if the file /etc/securetty exists
|
||||
(and, presumably, should be looked at by login) */
|
||||
#undef HAVE_SECURETTY
|
||||
|
||||
/* Defined if the file /etc/shadow exists
|
||||
(and, presumably, should be looked at for shadow passwords) */
|
||||
#undef HAVE_ETC_SHADOW
|
||||
|
||||
/* The path to the access file, if we're going to use it */
|
||||
#undef PATH_ACCESS_FILE
|
||||
|
||||
/* The path to the mail spool, if we know it */
|
||||
#undef PATH_MAIL
|
||||
|
||||
/* The path to the utmp file, if we know it */
|
||||
#undef PATH_UTMP_AC
|
||||
|
||||
/* The path to the utmpx file, if we know it */
|
||||
#undef PATH_UTMPX_AC
|
||||
|
||||
/* The path to the wtmp file, if we know it */
|
||||
#undef PATH_WTMP_AC
|
||||
|
||||
/* The path to the wtmpx file, if we know it */
|
||||
#undef PATH_WTMPX_AC
|
||||
|
||||
/* Defined if the system's profile (/etc/profile) displays
|
||||
the motd file */
|
||||
#undef HAVE_MOTD_IN_PROFILE
|
||||
|
||||
/* Defined if the system's profile (/etc/profile) informs the
|
||||
user of new mail */
|
||||
#undef HAVE_MAILCHECK_IN_PROFILE
|
||||
|
||||
/* Define if you have a nonstandard gettimeofday() that takes one argument
|
||||
instead of two. */
|
||||
#undef HAVE_ONE_ARG_GETTIMEOFDAY
|
||||
|
||||
/* Define if the system has the getenv function */
|
||||
#undef HAVE_GETENV
|
||||
|
||||
/* Define if the system has the setenv function */
|
||||
#undef HAVE_SETENV
|
||||
|
||||
/* Define if the system has the /var/adm/sulog file */
|
||||
#undef HAVE_SULOG
|
||||
|
||||
/* Define if the system has the unsetenv function */
|
||||
#undef HAVE_UNSETENV
|
||||
|
||||
/* Define if the compiler can handle ANSI-style argument lists */
|
||||
#undef HAVE_ANSIDECL
|
||||
|
||||
/* Define if the compiler can handle ANSI-style prototypes */
|
||||
#undef HAVE_ANSIPROTO
|
||||
|
||||
/* Define if the system has an ANSI-style printf (returns int instead of char *) */
|
||||
#undef HAVE_ANSISPRINTF
|
||||
|
||||
/* Define if the compiler can handle ANSI-style variable argument lists */
|
||||
#undef HAVE_ANSISTDARG
|
||||
|
||||
/* Define if the compiler can handle void argument lists to functions */
|
||||
#undef HAVE_VOIDARG
|
||||
|
||||
/* Define if the compiler can handle void return "values" from functions */
|
||||
#undef HAVE_VOIDRET
|
||||
|
||||
/* Define if the compiler can handle void pointers to our liking */
|
||||
#undef HAVE_VOIDPTR
|
||||
|
||||
/* Define if the /bin/ls command seems to support the -g flag */
|
||||
#undef HAVE_LS_G_FLAG
|
||||
|
||||
/* Define if there is a ut_pid field in struct utmp */
|
||||
#undef HAVE_UT_PID
|
||||
|
||||
/* Define if there is a ut_type field in struct utmp */
|
||||
#undef HAVE_UT_TYPE
|
||||
|
||||
/* Define if there is a ut_user field in struct utmp */
|
||||
#undef HAVE_UT_USER
|
||||
|
||||
/* Define if there is a ut_name field in struct utmp */
|
||||
#undef HAVE_UT_NAME
|
||||
|
||||
/* Define if there is a ut_host field in struct utmp */
|
||||
#undef HAVE_UT_HOST
|
||||
|
||||
/* Define if there is a ut_id field in struct utmp */
|
||||
#undef HAVE_UT_ID
|
||||
|
||||
/* Define if there is a ut_syslen field in struct utmp */
|
||||
#undef HAVE_UT_SYSLEN
|
||||
|
||||
/* Define if there is a utx_syslen field in struct utmpx */
|
||||
#undef HAVE_UTX_SYSLEN
|
||||
|
||||
/* Define if the system has getutline() */
|
||||
#undef HAVE_GETUTLINE
|
||||
|
||||
/* Defined if the system has SunOS C2 security shadow passwords */
|
||||
#undef HAVE_SUNOS_C2_SHADOW
|
||||
|
||||
/* Defined if you want to disable utmp support */
|
||||
#undef DISABLE_UTMP
|
||||
|
||||
/* Defined if you want to disable wtmp support */
|
||||
#undef DISABLE_WTMP
|
||||
|
||||
/* Defined if you want to allow users to override the insecure checks */
|
||||
#undef INSECURE_OVERRIDE
|
||||
|
||||
/* Defined to the default hash value, always defined */
|
||||
#undef MDX
|
||||
|
||||
/* Defined if new-style prompts are to be used */
|
||||
#undef NEW_PROMPTS
|
||||
|
||||
/* Defined to the path of the OPIE lock directory */
|
||||
#undef OPIE_LOCK_DIR
|
||||
|
||||
/* Defined if users are to be asked to re-type secret pass phrases */
|
||||
#undef RETYPE
|
||||
|
||||
/* Defined if su should not switch to disabled accounts */
|
||||
#undef SU_STAR_CHECK
|
||||
|
||||
/* Defined if user locking is to be used */
|
||||
#undef USER_LOCKING
|
||||
|
||||
/* Defined if opieauto is to be used */
|
||||
#undef OPIEAUTO
|
||||
|
||||
/* Define if you have the atexit function. */
|
||||
#undef HAVE_ATEXIT
|
||||
|
||||
/* Define if you have the endutent function. */
|
||||
#undef HAVE_ENDUTENT
|
||||
|
||||
/* Define if you have the initgroups function. */
|
||||
#undef HAVE_INITGROUPS
|
||||
|
||||
/* Define if you have the memcmp function. */
|
||||
#undef HAVE_MEMCMP
|
||||
|
||||
/* Define if you have the memcpy function. */
|
||||
#undef HAVE_MEMCPY
|
||||
|
||||
/* Define if you have the memset function. */
|
||||
#undef HAVE_MEMSET
|
||||
|
||||
/* Define if you have the getcwd function. */
|
||||
#undef HAVE_GETCWD
|
||||
|
||||
/* Define if you have the getenv function. */
|
||||
#undef HAVE_GETENV
|
||||
|
||||
/* Define if you have the getutline function. */
|
||||
#undef HAVE_GETUTLINE
|
||||
|
||||
/* Define if you have the pututline function. */
|
||||
#undef HAVE_PUTUTLINE
|
||||
|
||||
/* Define if you have the setenv function. */
|
||||
#undef HAVE_SETENV
|
||||
|
||||
/* Define if you have the setegid function. */
|
||||
#undef HAVE_SETEGID
|
||||
|
||||
/* Define if you have the seteuid function. */
|
||||
#undef HAVE_SETEUID
|
||||
|
||||
/* Define if you have the setutent function. */
|
||||
#undef HAVE_SETUTENT
|
||||
|
||||
/* Define if you have the sigprocmask function. */
|
||||
#undef HAVE_SIGPROCMASK
|
||||
|
||||
/* Define if you have the strchr function. */
|
||||
#undef HAVE_STRCHR
|
||||
|
||||
/* Define if you have the strrchr function. */
|
||||
#undef HAVE_STRRCHR
|
||||
|
||||
/* Define if you have the strtoul function. */
|
||||
#undef HAVE_STRTOUL
|
||||
|
||||
/* Define if you have the sysconf function. */
|
||||
#undef HAVE_SYSCONF
|
||||
|
||||
/* Define if you have the uname function. */
|
||||
#undef HAVE_UNAME
|
||||
|
||||
/* Define if you have the unsetenv function. */
|
||||
#undef HAVE_UNSETENV
|
|
@ -1,450 +0,0 @@
|
|||
/* config.h.in. Generated automatically from configure.in by autoheader. */
|
||||
|
||||
/* Define if on AIX 3.
|
||||
System headers sometimes define this.
|
||||
We just want to avoid a redefinition error message. */
|
||||
#ifndef _ALL_SOURCE
|
||||
#undef _ALL_SOURCE
|
||||
#endif
|
||||
|
||||
/* Define if using alloca.c. */
|
||||
#undef C_ALLOCA
|
||||
|
||||
/* Define to empty if the keyword does not work. */
|
||||
#undef const
|
||||
|
||||
/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems.
|
||||
This function is required for alloca.c support on those systems. */
|
||||
#undef CRAY_STACKSEG_END
|
||||
|
||||
/* Define if you have alloca, as a function or macro. */
|
||||
#undef HAVE_ALLOCA
|
||||
|
||||
/* Define if you have <alloca.h> and it should be used (not on Ultrix). */
|
||||
#undef HAVE_ALLOCA_H
|
||||
|
||||
/* Define if you have <sys/wait.h> that is POSIX.1 compatible. */
|
||||
#undef HAVE_SYS_WAIT_H
|
||||
|
||||
/* Define if on MINIX. */
|
||||
#undef _MINIX
|
||||
|
||||
/* Define if the system does not provide POSIX.1 features except
|
||||
with this defined. */
|
||||
#undef _POSIX_1_SOURCE
|
||||
|
||||
/* Define if you need to in order for stat and other things to work. */
|
||||
#undef _POSIX_SOURCE
|
||||
|
||||
/* Define as the return type of signal handlers (int or void). */
|
||||
#undef RETSIGTYPE
|
||||
|
||||
/* If using the C implementation of alloca, define if you know the
|
||||
direction of stack growth for your system; otherwise it will be
|
||||
automatically deduced at run-time.
|
||||
STACK_DIRECTION > 0 => grows toward higher addresses
|
||||
STACK_DIRECTION < 0 => grows toward lower addresses
|
||||
STACK_DIRECTION = 0 => direction of growth unknown
|
||||
*/
|
||||
#undef STACK_DIRECTION
|
||||
|
||||
/* Define if you want the FTP daemon to support anonymous logins. */
|
||||
#undef DOANONYMOUS
|
||||
|
||||
/* The default value of the PATH environment variable */
|
||||
#undef DEFAULT_PATH
|
||||
|
||||
/* Defined if the file /etc/default/login exists
|
||||
(and, presumably, should be looked at by login) */
|
||||
#undef HAVE_ETC_DEFAULT_LOGIN
|
||||
|
||||
/* Defined to the name of a file that contains a list of files whose
|
||||
permissions and ownerships should be changed on login. */
|
||||
#undef HAVE_LOGIN_PERMFILE
|
||||
|
||||
/* Defined to the name of a file that contains a list of environment
|
||||
values that should be set on login. */
|
||||
#undef HAVE_LOGIN_ENVFILE
|
||||
|
||||
/* Defined if the file /etc/securetty exists
|
||||
(and, presumably, should be looked at by login) */
|
||||
#undef HAVE_SECURETTY
|
||||
|
||||
/* Defined if the file /etc/shadow exists
|
||||
(and, presumably, should be looked at for shadow passwords) */
|
||||
#undef HAVE_ETC_SHADOW
|
||||
|
||||
/* The path to the access file, if we're going to use it */
|
||||
#undef PATH_ACCESS_FILE
|
||||
|
||||
/* The path to the mail spool, if we know it */
|
||||
#undef PATH_MAIL
|
||||
|
||||
/* The path to the utmp file, if we know it */
|
||||
#undef PATH_UTMP_AC
|
||||
|
||||
/* The path to the wtmp file, if we know it */
|
||||
#undef PATH_WTMP_AC
|
||||
|
||||
/* The path to the wtmpx file, if we know it */
|
||||
#undef PATH_WTMPX_AC
|
||||
|
||||
/* Defined if the system's profile (/etc/profile) displays
|
||||
the motd file */
|
||||
#undef HAVE_MOTD_IN_PROFILE
|
||||
|
||||
/* Defined if the system's profile (/etc/profile) informs the
|
||||
user of new mail */
|
||||
#undef HAVE_MAILCHECK_IN_PROFILE
|
||||
|
||||
/* Define if you have a nonstandard gettimeofday() that takes one argument
|
||||
instead of two. */
|
||||
#undef HAVE_ONE_ARG_GETTIMEOFDAY
|
||||
|
||||
/* Define if the system has the getenv function */
|
||||
#undef HAVE_GETENV
|
||||
|
||||
/* Define if the system has the setenv function */
|
||||
#undef HAVE_SETENV
|
||||
|
||||
/* Define if the system has the /var/adm/sulog file */
|
||||
#undef HAVE_SULOG
|
||||
|
||||
/* Define if the system has the unsetenv function */
|
||||
#undef HAVE_UNSETENV
|
||||
|
||||
/* Define if the compiler can handle ANSI-style argument lists */
|
||||
#undef HAVE_ANSIDECL
|
||||
|
||||
/* Define if the compiler can handle ANSI-style prototypes */
|
||||
#undef HAVE_ANSIPROTO
|
||||
|
||||
/* Define if the system has an ANSI-style printf (returns int instead of char *) */
|
||||
#undef HAVE_ANSISPRINTF
|
||||
|
||||
/* Define if the compiler can handle ANSI-style variable argument lists */
|
||||
#undef HAVE_ANSISTDARG
|
||||
|
||||
/* Define if the compiler can handle void argument lists to functions */
|
||||
#undef HAVE_VOIDARG
|
||||
|
||||
/* Define if the compiler can handle void return "values" from functions */
|
||||
#undef HAVE_VOIDRET
|
||||
|
||||
/* Define if the compiler can handle void pointers to our liking */
|
||||
#undef HAVE_VOIDPTR
|
||||
|
||||
/* Define if the /bin/ls command seems to support the -g flag */
|
||||
#undef HAVE_LS_G_FLAG
|
||||
|
||||
/* Define if there is a ut_pid field in struct utmp */
|
||||
#undef HAVE_UT_PID
|
||||
|
||||
/* Define if there is a ut_type field in struct utmp */
|
||||
#undef HAVE_UT_TYPE
|
||||
|
||||
/* Define if there is a ut_name field in struct utmp */
|
||||
#undef HAVE_UT_NAME
|
||||
|
||||
/* Define if there is a ut_host field in struct utmp */
|
||||
#undef HAVE_UT_HOST
|
||||
|
||||
/* Define if there is a ut_id field in struct utmp */
|
||||
#undef HAVE_UT_ID
|
||||
|
||||
/* Define if there is a utx_syslen field in struct utmpx */
|
||||
#undef HAVE_UTX_SYSLEN
|
||||
|
||||
/* Define if the system has getutline() */
|
||||
#undef HAVE_GETUTLINE
|
||||
|
||||
/* Defined if the system has SunOS C2 security shadow passwords */
|
||||
#undef HAVE_SUNOS_C2_SHADOW
|
||||
|
||||
/* Defined if you want to disable utmp support */
|
||||
#undef DISABLE_UTMP
|
||||
|
||||
/* Defined if you want to disable wtmp support */
|
||||
#undef DISABLE_WTMP
|
||||
|
||||
/* Defined if you want to allow users to override the insecure checks */
|
||||
#undef INSECURE_OVERRIDE
|
||||
|
||||
/* Defined to the default hash value, always defined */
|
||||
#undef MDX
|
||||
|
||||
/* Defined if new-style prompts are to be used */
|
||||
#undef NEW_PROMPTS
|
||||
|
||||
/* Defined to the path of the OPIE lock directory */
|
||||
#undef OPIE_LOCK_DIR
|
||||
|
||||
/* Defined if users are to be asked to re-type secret pass phrases */
|
||||
#undef RETYPE
|
||||
|
||||
/* Defined if su should not switch to disabled accounts */
|
||||
#undef SU_STAR_CHECK
|
||||
|
||||
/* Defined if opieauto is to be used */
|
||||
#undef OPIEAUTO
|
||||
|
||||
/* Define if you have the atexit function. */
|
||||
#undef HAVE_ATEXIT
|
||||
|
||||
/* Define if you have the endutent function. */
|
||||
#undef HAVE_ENDUTENT
|
||||
|
||||
/* Define if you have the initgroups function. */
|
||||
#undef HAVE_INITGROUPS
|
||||
|
||||
/* Define if you have the memcmp function. */
|
||||
#undef HAVE_MEMCMP
|
||||
|
||||
/* Define if you have the memcpy function. */
|
||||
#undef HAVE_MEMCPY
|
||||
|
||||
/* Define if you have the memset function. */
|
||||
#undef HAVE_MEMSET
|
||||
|
||||
/* Define if you have the getcwd function. */
|
||||
#undef HAVE_GETCWD
|
||||
|
||||
/* Define if you have the getenv function. */
|
||||
#undef HAVE_GETENV
|
||||
|
||||
/* Define if you have the getutline function. */
|
||||
#undef HAVE_GETUTLINE
|
||||
|
||||
/* Define if you have the pututline function. */
|
||||
#undef HAVE_PUTUTLINE
|
||||
|
||||
/* Define if you have the setenv function. */
|
||||
#undef HAVE_SETENV
|
||||
|
||||
/* Define if you have the setegid function. */
|
||||
#undef HAVE_SETEGID
|
||||
|
||||
/* Define if you have the seteuid function. */
|
||||
#undef HAVE_SETEUID
|
||||
|
||||
/* Define if you have the setutent function. */
|
||||
#undef HAVE_SETUTENT
|
||||
|
||||
/* Define if you have the sigprocmask function. */
|
||||
#undef HAVE_SIGPROCMASK
|
||||
|
||||
/* Define if you have the strchr function. */
|
||||
#undef HAVE_STRCHR
|
||||
|
||||
/* Define if you have the strrchr function. */
|
||||
#undef HAVE_STRRCHR
|
||||
|
||||
/* Define if you have the strtoul function. */
|
||||
#undef HAVE_STRTOUL
|
||||
|
||||
/* Define if you have the sysconf function. */
|
||||
#undef HAVE_SYSCONF
|
||||
|
||||
/* Define if you have the uname function. */
|
||||
#undef HAVE_UNAME
|
||||
|
||||
/* Define if you have the unsetenv function. */
|
||||
#undef HAVE_UNSETENV
|
||||
|
||||
/* Define if you have the bcopy function. */
|
||||
#undef HAVE_BCOPY
|
||||
|
||||
/* Define if you have the bzero function. */
|
||||
#undef HAVE_BZERO
|
||||
|
||||
/* Define if you have the endspent function. */
|
||||
#undef HAVE_ENDSPENT
|
||||
|
||||
/* Define if you have the fpurge function. */
|
||||
#undef HAVE_FPURGE
|
||||
|
||||
/* Define if you have the getdtablesize function. */
|
||||
#undef HAVE_GETDTABLESIZE
|
||||
|
||||
/* Define if you have the getgroups function. */
|
||||
#undef HAVE_GETGROUPS
|
||||
|
||||
/* Define if you have the gethostname function. */
|
||||
#undef HAVE_GETHOSTNAME
|
||||
|
||||
/* Define if you have the getspnam function. */
|
||||
#undef HAVE_GETSPNAM
|
||||
|
||||
/* Define if you have the gettimeofday function. */
|
||||
#undef HAVE_GETTIMEOFDAY
|
||||
|
||||
/* Define if you have the getttynam function. */
|
||||
#undef HAVE_GETTTYNAM
|
||||
|
||||
/* Define if you have the getusershell function. */
|
||||
#undef HAVE_GETUSERSHELL
|
||||
|
||||
/* Define if you have the getutxline function. */
|
||||
#undef HAVE_GETUTXLINE
|
||||
|
||||
/* Define if you have the getwd function. */
|
||||
#undef HAVE_GETWD
|
||||
|
||||
/* Define if you have the index function. */
|
||||
#undef HAVE_INDEX
|
||||
|
||||
/* Define if you have the lstat function. */
|
||||
#undef HAVE_LSTAT
|
||||
|
||||
/* Define if you have the on_exit function. */
|
||||
#undef HAVE_ON_EXIT
|
||||
|
||||
/* Define if you have the pututxline function. */
|
||||
#undef HAVE_PUTUTXLINE
|
||||
|
||||
/* Define if you have the rindex function. */
|
||||
#undef HAVE_RINDEX
|
||||
|
||||
/* Define if you have the setgroups function. */
|
||||
#undef HAVE_SETGROUPS
|
||||
|
||||
/* Define if you have the setlogin function. */
|
||||
#undef HAVE_SETLOGIN
|
||||
|
||||
/* Define if you have the setpriority function. */
|
||||
#undef HAVE_SETPRIORITY
|
||||
|
||||
/* Define if you have the setregid function. */
|
||||
#undef HAVE_SETREGID
|
||||
|
||||
/* Define if you have the setresgid function. */
|
||||
#undef HAVE_SETRESGID
|
||||
|
||||
/* Define if you have the setresuid function. */
|
||||
#undef HAVE_SETRESUID
|
||||
|
||||
/* Define if you have the setreuid function. */
|
||||
#undef HAVE_SETREUID
|
||||
|
||||
/* Define if you have the setvbuf function. */
|
||||
#undef HAVE_SETVBUF
|
||||
|
||||
/* Define if you have the sigaddset function. */
|
||||
#undef HAVE_SIGADDSET
|
||||
|
||||
/* Define if you have the sigblock function. */
|
||||
#undef HAVE_SIGBLOCK
|
||||
|
||||
/* Define if you have the sigemptyset function. */
|
||||
#undef HAVE_SIGEMPTYSET
|
||||
|
||||
/* Define if you have the sigsetmask function. */
|
||||
#undef HAVE_SIGSETMASK
|
||||
|
||||
/* Define if you have the socket function. */
|
||||
#undef HAVE_SOCKET
|
||||
|
||||
/* Define if you have the strerror function. */
|
||||
#undef HAVE_STRERROR
|
||||
|
||||
/* Define if you have the strftime function. */
|
||||
#undef HAVE_STRFTIME
|
||||
|
||||
/* Define if you have the strncasecmp function. */
|
||||
#undef HAVE_STRNCASECMP
|
||||
|
||||
/* Define if you have the strstr function. */
|
||||
#undef HAVE_STRSTR
|
||||
|
||||
/* Define if you have the ttyslot function. */
|
||||
#undef HAVE_TTYSLOT
|
||||
|
||||
/* Define if you have the usleep function. */
|
||||
#undef HAVE_USLEEP
|
||||
|
||||
/* Define if you have the <crypt.h> header file. */
|
||||
#undef HAVE_CRYPT_H
|
||||
|
||||
/* Define if you have the <dirent.h> header file. */
|
||||
#undef HAVE_DIRENT_H
|
||||
|
||||
/* Define if you have the <fcntl.h> header file. */
|
||||
#undef HAVE_FCNTL_H
|
||||
|
||||
/* Define if you have the <lastlog.h> header file. */
|
||||
#undef HAVE_LASTLOG_H
|
||||
|
||||
/* Define if you have the <limits.h> header file. */
|
||||
#undef HAVE_LIMITS_H
|
||||
|
||||
/* Define if you have the <ndir.h> header file. */
|
||||
#undef HAVE_NDIR_H
|
||||
|
||||
/* Define if you have the <paths.h> header file. */
|
||||
#undef HAVE_PATHS_H
|
||||
|
||||
/* Define if you have the <pwd.h> header file. */
|
||||
#undef HAVE_PWD_H
|
||||
|
||||
/* Define if you have the <shadow.h> header file. */
|
||||
#undef HAVE_SHADOW_H
|
||||
|
||||
/* Define if you have the <signal.h> header file. */
|
||||
#undef HAVE_SIGNAL_H
|
||||
|
||||
/* Define if you have the <stdlib.h> header file. */
|
||||
#undef HAVE_STDLIB_H
|
||||
|
||||
/* Define if you have the <string.h> header file. */
|
||||
#undef HAVE_STRING_H
|
||||
|
||||
/* Define if you have the <sys/dir.h> header file. */
|
||||
#undef HAVE_SYS_DIR_H
|
||||
|
||||
/* Define if you have the <sys/file.h> header file. */
|
||||
#undef HAVE_SYS_FILE_H
|
||||
|
||||
/* Define if you have the <sys/ioctl.h> header file. */
|
||||
#undef HAVE_SYS_IOCTL_H
|
||||
|
||||
/* Define if you have the <sys/ndir.h> header file. */
|
||||
#undef HAVE_SYS_NDIR_H
|
||||
|
||||
/* Define if you have the <sys/param.h> header file. */
|
||||
#undef HAVE_SYS_PARAM_H
|
||||
|
||||
/* Define if you have the <sys/select.h> header file. */
|
||||
#undef HAVE_SYS_SELECT_H
|
||||
|
||||
/* Define if you have the <sys/signal.h> header file. */
|
||||
#undef HAVE_SYS_SIGNAL_H
|
||||
|
||||
/* Define if you have the <sys/time.h> header file. */
|
||||
#undef HAVE_SYS_TIME_H
|
||||
|
||||
/* Define if you have the <sys/utsname.h> header file. */
|
||||
#undef HAVE_SYS_UTSNAME_H
|
||||
|
||||
/* Define if you have the <syslog.h> header file. */
|
||||
#undef HAVE_SYSLOG_H
|
||||
|
||||
/* Define if you have the <termios.h> header file. */
|
||||
#undef HAVE_TERMIOS_H
|
||||
|
||||
/* Define if you have the <unistd.h> header file. */
|
||||
#undef HAVE_UNISTD_H
|
||||
|
||||
/* Define if you have the <utmpx.h> header file. */
|
||||
#undef HAVE_UTMPX_H
|
||||
|
||||
/* Define if you have the crypt library (-lcrypt). */
|
||||
#undef HAVE_LIBCRYPT
|
||||
|
||||
/* Define if you have the nsl library (-lnsl). */
|
||||
#undef HAVE_LIBNSL
|
||||
|
||||
/* Define if you have the posix library (-lposix). */
|
||||
#undef HAVE_LIBPOSIX
|
||||
|
||||
/* Define if you have the socket library (-lsocket). */
|
||||
#undef HAVE_LIBSOCKET
|
|
@ -1,12 +0,0 @@
|
|||
#! /bin/sh
|
||||
if test -e README >/dev/null 2>/dev/null
|
||||
then
|
||||
if test -e a.non-existant-file >/dev/null 2>/dev/null
|
||||
then
|
||||
exit 1
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
else
|
||||
exit 1
|
||||
fi
|
5247
contrib/opie/configure
vendored
5247
contrib/opie/configure
vendored
File diff suppressed because it is too large
Load diff
|
@ -1,562 +0,0 @@
|
|||
dnl configure.in: Input for Autoconf
|
||||
dnl
|
||||
dnl %%% portions-copyright-cmetz-96
|
||||
dnl Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
dnl Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
dnl the software.
|
||||
dnl You should have received a copy of the license with this software. If
|
||||
dnl you didn't get a copy, you may request one from <license@inner.net>.
|
||||
dnl
|
||||
dnl Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
dnl McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
dnl to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
dnl License Agreement applies to this software.
|
||||
dnl
|
||||
dnl History:
|
||||
dnl
|
||||
dnl Modified by cmetz for OPIE 2.4. Add --enable-opieauto option. Check
|
||||
dnl for ut_id and ut_syslen. Make disable-wtmp disable wtmp not utmp.
|
||||
dnl Define HAVE_foo if foo is found by the libmissing function check.
|
||||
dnl Added checks for libmissing functions that were there but never
|
||||
dnl actually checked for and therefore available.
|
||||
dnl Modified by cmetz for OPIE 2.32. Substitute default for LOCK_DIR.
|
||||
dnl Fix the --disable-user-locking bug. AC_DEFINE variables to 1.
|
||||
dnl Really check for ut_host.
|
||||
dnl Modified by cmetz for OPIE 2.31. Put back manual utmp[x]/wtmp[x]
|
||||
dnl checks -- too many OSs can't be trusted to tell us where they are.
|
||||
dnl Check for sys/select.h. Spell endutent right. Replace strtoul()
|
||||
dnl if needed. Removed duplicate check for sysconf. Added check for
|
||||
dnl SunOS C2 shadow passwords (may need more work). Replace
|
||||
dnl setutent. Added options to disable use of utmp/wtmp. Replace
|
||||
dnl seteuid and setegid. Check for usleep. Moved options.h options
|
||||
dnl here as enable/disable options.
|
||||
dnl Modified by cmetz for OPIE 2.3. Removed redundant memset/memcpy.
|
||||
dnl Changed ls -g test around. Changed logindevperm/fbtab defines.
|
||||
dnl Added check for /etc/environment and /etc/src.sh. Check for
|
||||
dnl /var/adm/sulog. Check for {get,put}utxline, provide libmissing
|
||||
dnl versionf of {get,put}utline. Added --enable option for anonymous
|
||||
dnl FTP. Got rid of a few unneeded checks. Check for functions only
|
||||
dnl used by libmissing only if the replacement function that needs
|
||||
dnl them is itself needed.
|
||||
dnl Modified by cmetz for OPIE 2.22. Check for Solaris drain bamaged ls.
|
||||
dnl Check for setlogin(). Removed duplicate checks for some funcs.
|
||||
dnl Modified by cmetz for OPIE 2.21. Filename must be in utmp[x]/wtmp[x]
|
||||
dnl defines.
|
||||
dnl Modified by cmetz for OPIE 2.2. Misc changes. Changed for libmissing
|
||||
dnl support and building its target object list. Changed to support
|
||||
dnl FUNCTION declaration et al. Added a LOT of checks and a LOT of
|
||||
dnl fixes.
|
||||
dnl Created at NRL for OPIE 2.1.
|
||||
|
||||
AC_INIT(README)
|
||||
AC_CONFIG_HEADER(config.h)
|
||||
AC_ARG_ENABLE(access-file, [ --enable-access-file=FILENAME
|
||||
Enable the OPIE access file FILENAME], AC_DEFINE_UNQUOTED(PATH_ACCESS_FILE, "$enable_access_file") echo "Using the access file in $enable_access_file -- don't say we didn't warn you!")
|
||||
ACCESS_FILE="$enable_access_file"
|
||||
AC_SUBST(ACCESS_FILE)
|
||||
AC_ARG_ENABLE(server-md4, [ --enable-server-md4 Use MD4 instead of MD5 for the server], AC_DEFINE(MDX, 4), AC_DEFINE(MDX, 5))
|
||||
|
||||
AC_ARG_ENABLE(user-locking, [ --disable-user-locking Disable user locking
|
||||
--enable-user-locking[=DIR]
|
||||
Put user lock files in DIR [/etc/opielocks]],,)
|
||||
if test "$enable_user_locking" != no;
|
||||
then
|
||||
if test -z "$enable_user_locking"
|
||||
then
|
||||
AC_DEFINE(OPIE_LOCK_DIR, "/etc/opielocks")
|
||||
LOCK_DIR="/etc/opielocks"
|
||||
else
|
||||
AC_DEFINE_UNQUOTED(OPIE_LOCK_DIR, "$enable_user_locking")
|
||||
LOCK_DIR="$enable_user_locking"
|
||||
fi
|
||||
fi
|
||||
AC_SUBST(LOCK_DIR)
|
||||
|
||||
AC_ARG_ENABLE(retype, [ --enable-retype Ask users to re-type their secret pass phrases], AC_DEFINE(RETYPE, 1))
|
||||
AC_ARG_ENABLE(su-star-check, [ --enable-su-star-check Refuse to switch to disabled accounts], AC_DEFINE(SU_STAR_CHECK, 1))
|
||||
AC_ARG_ENABLE(new-prompts, [ --disable-new-prompts Use more compatible (but less informative) prompts],, AC_DEFINE(NEW_PROMPTS, 1))
|
||||
AC_ARG_ENABLE(insecure-override, [ --enable-insecure-override
|
||||
Allow users to override insecure checks], AC_DEFINE(INSECURE_OVERRIDE, 1))
|
||||
AC_ARG_ENABLE(anonymous-ftp, [ --enable-anonymous-ftp Enable anonymous FTP support], AC_DEFINE(DOANONYMOUS, 1) echo "enabling anonymous FTP support in ftp -- don't say we didn't warn you!")
|
||||
AC_ARG_ENABLE(utmp, [ --disable-utmp Disable utmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "disabling utmp logging")
|
||||
AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable wtmp logging], AC_DEFINE(DISABLE_WTMP, 1) echo "disabling wtmp logging")
|
||||
AC_ARG_ENABLE(opieauto, [ --enable-opieauto Enable support for opieauto], AC_DEFINE(OPIEAUTO, 1) OPIEAUTO=opieauto; echo "enabling opieauto support")
|
||||
AC_SUBST(OPIEAUTO)
|
||||
|
||||
dnl Checks for programs.
|
||||
AC_PROG_CC
|
||||
AC_PROG_CPP
|
||||
AC_PROG_LN_S
|
||||
AC_PROG_RANLIB
|
||||
AC_PROG_YACC
|
||||
|
||||
AC_AIX
|
||||
AC_ISC_POSIX
|
||||
AC_MINIX
|
||||
|
||||
dnl We'd put PATH in these checks, but it turns out that autoconf doesn't
|
||||
dnl work as documented when it comes to the colon separator...
|
||||
|
||||
AC_PATH_PROG(CHOWN, chown, /bin/chown, /usr/bin /bin /usr/sbin /sbin /usr/etc /etc)
|
||||
|
||||
AC_PATH_PROG(SU, su, /bin/su, /usr/bin /bin)
|
||||
AC_PATH_PROG(ALT_SU, su,, /usr/sbin /sbin)
|
||||
|
||||
AC_PATH_PROG(SCHEME, scheme,, /usr/lib/iaf/scheme)
|
||||
AC_PATH_PROG(LOGIN, login, /bin/login, /usr/bin /bin)
|
||||
dnl AC_DEFINE_UNQUOTED(PATH_LOGIN, "$LOGIN")
|
||||
|
||||
if test ! -z "$SCHEME";
|
||||
then
|
||||
LOGIN="$SCHEME";
|
||||
fi
|
||||
|
||||
AC_PATH_PROG(FTPD, ftpd,, /usr/libexec /usr/etc /etc /usr/sbin /sbin /usr/lbin)
|
||||
AC_PATH_PROG(INFTPD, in.ftpd,, /usr/libexec /usr/etc /etc /usr/sbin /sbin /usr/lbin)
|
||||
|
||||
if test -z "$FTPD"
|
||||
then
|
||||
if test ! -z "$INFTPD"
|
||||
then
|
||||
FTPD="$INFTPD"
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING(for default PATH entries)
|
||||
default_path=""
|
||||
save_IFS="$IFS"
|
||||
IFS=" "
|
||||
for i in /usr/bin /bin /usr/ucb /usr/sbin /usr/bsd /sbin /usr/bin/X11 /etc /usr/local/X11/bin /usr/X11R6/bin /your-system-is-broken
|
||||
do
|
||||
IFS=":"
|
||||
for j in $PATH
|
||||
do
|
||||
if test "$i" = "$j"
|
||||
then
|
||||
if test -d "$i"
|
||||
then
|
||||
if test -z "$default_path"
|
||||
then
|
||||
default_path="$i"
|
||||
else
|
||||
default_path="$default_path:$i"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done
|
||||
IFS=" "
|
||||
done
|
||||
AC_DEFINE_UNQUOTED(DEFAULT_PATH, "$default_path")
|
||||
AC_MSG_RESULT($default_path)
|
||||
|
||||
AC_MSG_CHECKING(for test -e flag)
|
||||
if sh config.testeflag
|
||||
then
|
||||
result=yes
|
||||
EXISTS="-e"
|
||||
else
|
||||
result=no
|
||||
EXISTS="-f"
|
||||
fi
|
||||
AC_SUBST(EXISTS)
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(for mkdir -p flag)
|
||||
if test -d config.tmpdir
|
||||
then
|
||||
rmdir config.tmpdir/foo/bar >/dev/null 2>/dev/null
|
||||
rmdir config.tmpdir/foo >/dev/null 2>/dev/null
|
||||
rmdir config.tmpdir >/dev/null 2>/dev/null
|
||||
fi
|
||||
|
||||
result=no
|
||||
if mkdir -p config.tmpdir/foo/bar >/dev/null 2>/dev/null
|
||||
then
|
||||
if test -d config.tmpdir
|
||||
then
|
||||
if test -d config.tmpdir/foo
|
||||
then
|
||||
if test -d config.tmpdir/foo/bar
|
||||
then
|
||||
result=yes
|
||||
rmdir config.tmpdir/foo/bar >/dev/null 2>/dev/null
|
||||
fi
|
||||
rmdir config.tmpdir/foo >/dev/null 2>/dev/null
|
||||
fi
|
||||
rmdir config.tmpdir >/dev/null 2>/dev/null
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$result" = yes
|
||||
then
|
||||
MKDIR="mkdir -p"
|
||||
else
|
||||
MKDIR="mkdir"
|
||||
fi
|
||||
AC_SUBST(MKDIR)
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(for ls group field)
|
||||
lsg=`/bin/ls -ldg / | wc -w | awk '{print $1}'`;
|
||||
ls=`/bin/ls -ld / | wc -w | awk '{print $1}'`;
|
||||
result="no"
|
||||
if test $ls = 9;
|
||||
then
|
||||
result="yes"
|
||||
else
|
||||
if test "$ls" = 8 -a "$lsg" = 9;
|
||||
then
|
||||
result="yes, with -g"
|
||||
AC_DEFINE(HAVE_LS_G_FLAG)
|
||||
fi
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
dnl Checks for various system characteristics
|
||||
AC_MSG_CHECKING(for /etc/default/login)
|
||||
if test $EXISTS /etc/default/login
|
||||
then
|
||||
result=yes
|
||||
AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
|
||||
else
|
||||
result=no
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(for /etc/securetty)
|
||||
if test $EXISTS /etc/securetty
|
||||
then
|
||||
result=yes
|
||||
AC_DEFINE(HAVE_SECURETTY)
|
||||
else
|
||||
result=no
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(for /etc/logindevperm)
|
||||
if test $EXISTS /etc/logindevperm
|
||||
then
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(HAVE_LOGIN_PERMFILE, "/etc/logindevperm")
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
|
||||
AC_MSG_CHECKING(for /etc/fbtab)
|
||||
if test $EXISTS /etc/fbtab
|
||||
then
|
||||
result=yes
|
||||
AC_DEFINE(HAVE_LOGIN_PERMFILE, "/etc/fbtab")
|
||||
else
|
||||
result=no
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING(for /etc/environment)
|
||||
if test $EXISTS /etc/environment
|
||||
then
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(HAVE_LOGIN_ENVFILE, "/etc/environment")
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
|
||||
AC_MSG_CHECKING(for /etc/src.sh)
|
||||
if test $EXISTS /etc/src.sh
|
||||
then
|
||||
result=yes
|
||||
AC_DEFINE(HAVE_LOGIN_ENVFILE, "/etc/src.sh")
|
||||
else
|
||||
result=no
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING(for /etc/shadow)
|
||||
if test $EXISTS /etc/shadow
|
||||
then
|
||||
result=yes
|
||||
AC_DEFINE(HAVE_ETC_SHADOW)
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
|
||||
AC_MSG_CHECKING(for /etc/security/passwd.adjunct)
|
||||
if test $EXISTS /etc/security/passwd.adjunct
|
||||
then
|
||||
result=yes
|
||||
AC_DEFINE(HAVE_SUNOS_C2_SHADOW)
|
||||
LIBOBJS="$LIBOBJS getspnam.o endspent.o"
|
||||
else
|
||||
result=no
|
||||
fi
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(for /var/adm/sulog)
|
||||
if test $EXISTS /var/adm/sulog
|
||||
then
|
||||
result=yes
|
||||
AC_DEFINE(HAVE_SULOG)
|
||||
else
|
||||
result=no
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(mail spool location)
|
||||
mail_spool=""
|
||||
for i in /var/mail /usr/mail /var/spool/mail /usr/spool/mail
|
||||
do
|
||||
if test -d $i
|
||||
then
|
||||
mail_spool="$i"
|
||||
fi
|
||||
done
|
||||
if test -z "$mail_spool"
|
||||
then
|
||||
result="not found"
|
||||
else
|
||||
result="$mail_spool"
|
||||
AC_DEFINE_UNQUOTED(PATH_MAIL, "$mail_spool")
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(where your system puts the utmp file)
|
||||
utmp_path=""
|
||||
for i in /var/run /var/adm /usr/adm /etc
|
||||
do
|
||||
if test $EXISTS $i/utmp
|
||||
then
|
||||
utmp_path="$i"
|
||||
fi
|
||||
done
|
||||
if test -z "$utmp_path"
|
||||
then
|
||||
result="not found"
|
||||
else
|
||||
result="$utmp_path"
|
||||
AC_DEFINE_UNQUOTED(PATH_UTMP_AC, "$utmp_path/utmp")
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(where your system puts the utmpx file)
|
||||
utmp_path=""
|
||||
for i in /var/run /var/adm /usr/adm /etc
|
||||
do
|
||||
if test $EXISTS $i/utmp
|
||||
then
|
||||
utmp_path="$i"
|
||||
fi
|
||||
done
|
||||
if test -z "$utmp_path"
|
||||
then
|
||||
result="not found"
|
||||
AC_DEFINE_UNQUOTED(PATH_UTMP_AC, "$utmp_path/utmpx")
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(where your system puts the wtmp file)
|
||||
wtmp_path=""
|
||||
for i in /var/run /var/log /var/adm /usr/adm /etc
|
||||
do
|
||||
if test $EXISTS $i/wtmp
|
||||
then
|
||||
wtmp_path="$i"
|
||||
fi
|
||||
done
|
||||
if test -z "$wtmp_path"
|
||||
then
|
||||
result="not found"
|
||||
else
|
||||
result="$wtmp_path"
|
||||
AC_DEFINE_UNQUOTED(PATH_WTMP_AC, "$wtmp_path/wtmp")
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(where your system puts the wtmpx file)
|
||||
wtmpx_path=""
|
||||
for i in /var/run /var/log /var/adm /usr/adm /etc
|
||||
do
|
||||
if test $EXISTS $i/wtmpx
|
||||
then
|
||||
wtmpx_path="$i"
|
||||
fi
|
||||
done
|
||||
if test -z "$wtmpx_path"
|
||||
then
|
||||
result="not found"
|
||||
else
|
||||
result="$wtmpx_path"
|
||||
AC_DEFINE_UNQUOTED(PATH_WTMPX_AC, "$wtmpx_path/wtmpx")
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(whether the system profile displays the motd)
|
||||
result=no
|
||||
if test $EXISTS /etc/profile
|
||||
then
|
||||
if grep motd /etc/profile >/dev/null 2>/dev/null
|
||||
then
|
||||
result=yes
|
||||
fi
|
||||
fi
|
||||
if test "$result" = yes
|
||||
then
|
||||
AC_DEFINE(HAVE_MOTD_IN_PROFILE)
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
AC_MSG_CHECKING(whether the system profile checks for mail)
|
||||
result=no
|
||||
if test $EXISTS /etc/profile
|
||||
then
|
||||
if grep 'mail\.' /etc/profile >/dev/null 2>/dev/null
|
||||
then
|
||||
result=yes
|
||||
fi
|
||||
fi
|
||||
if test "$result" = yes
|
||||
then
|
||||
AC_DEFINE(HAVE_MAILCHECK_IN_PROFILE)
|
||||
fi
|
||||
AC_MSG_RESULT($result)
|
||||
|
||||
dnl Random checks
|
||||
AC_C_CONST
|
||||
|
||||
AC_MSG_CHECKING(to see if your compiler can handle void arguments)
|
||||
AC_TRY_COMPILE(foo(void) { },, AC_DEFINE(HAVE_VOIDARG) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
|
||||
AC_MSG_CHECKING(to see if your compiler can handle void return values)
|
||||
AC_TRY_COMPILE(void foo() { },, AC_DEFINE(HAVE_VOIDRET) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
|
||||
AC_MSG_CHECKING(to see if your compiler can handle void pointers)
|
||||
AC_TRY_COMPILE(foo() { void *bar = (void *)0x42; bar = bar + 1; },, AC_DEFINE(HAVE_VOIDPTR) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
|
||||
AC_MSG_CHECKING(to see if your compiler can handle ANSI argument lists)
|
||||
AC_TRY_COMPILE(int foo(int bar, int baz) { return 0; },, AC_DEFINE(HAVE_ANSIDECL) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
|
||||
AC_MSG_CHECKING(to see if your compiler can handle ANSI prototypes)
|
||||
AC_TRY_COMPILE(extern int foo(int, int);,, AC_DEFINE(HAVE_ANSIPROTO) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
|
||||
AC_MSG_CHECKING(to see if your compiler can handle ANSI variable arguments)
|
||||
AC_TRY_COMPILE([#include <stdarg.h>
|
||||
int foo(int arg, ...) {
|
||||
va_list ap;
|
||||
va_start(ap, arg);
|
||||
va_end(ap);
|
||||
return 0;
|
||||
}],, AC_DEFINE(HAVE_ANSISTDARG) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
|
||||
AC_MSG_CHECKING(to see if you have an ANSI-style sprintf)
|
||||
AC_TRY_RUN([#include <stdio.h>
|
||||
int main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
char buf[5];
|
||||
int i = 2;
|
||||
i += sprintf(buf, "1234");
|
||||
return (i == 6) ? 0 : -1;
|
||||
}], AC_DEFINE(HAVE_ANSISPRINTF) AC_MSG_RESULT(yes), AC_MSG_RESULT(no), AC_MSG_RESULT(no))
|
||||
|
||||
dnl Checks for libraries.
|
||||
AC_CHECK_LIB(crypt, crypt)
|
||||
AC_CHECK_LIB(nsl, gethostname)
|
||||
AC_CHECK_LIB(posix, main)
|
||||
AC_CHECK_LIB(socket, socket)
|
||||
|
||||
dnl Checks for header files.
|
||||
AC_HEADER_DIRENT
|
||||
AC_HEADER_SYS_WAIT
|
||||
AC_CHECK_HEADERS(crypt.h fcntl.h limits.h termios.h sys/file.h sys/ioctl.h sys/time.h syslog.h unistd.h paths.h shadow.h signal.h sys/signal.h lastlog.h sys/utsname.h pwd.h sys/param.h string.h stdlib.h utmpx.h sys/select.h)
|
||||
|
||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||
dnl AC_TYPE_UID_T
|
||||
dnl AC_TYPE_OFF_T
|
||||
dnl AC_TYPE_PID_T
|
||||
dnl AC_STRUCT_ST_BLKSIZE
|
||||
dnl AC_STRUCT_TM
|
||||
|
||||
AC_MSG_CHECKING(for ut_pid in struct utmp)
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <utmp.h>], [struct utmp foo; return (int)foo.ut_pid;], AC_DEFINE(HAVE_UT_PID) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
AC_MSG_CHECKING(for ut_type in struct utmp)
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <utmp.h>], [struct utmp foo; return (int)foo.ut_type;], AC_DEFINE(HAVE_UT_TYPE) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
AC_MSG_CHECKING(for ut_name in struct utmp)
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <utmp.h>], [struct utmp foo; return (int)foo.ut_name[0];], AC_DEFINE(HAVE_UT_NAME) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
dnl AC_MSG_CHECKING(for ut_user in struct utmp)
|
||||
dnl AC_TRY_COMPILE([#include <sys/types.h>
|
||||
dnl #include <utmp.h>], [struct utmp foo; return (int)foo.ut_user[0];], AC_DEFINE(HAVE_UT_USER) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
AC_MSG_CHECKING(for ut_host in struct utmp)
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <utmp.h>], [struct utmp foo; return (int)foo.ut_host[0];], AC_DEFINE(HAVE_UT_HOST) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
AC_MSG_CHECKING(for ut_id in struct utmp)
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <utmp.h>], [struct utmp foo; return (int)foo.ut_id[0];], AC_DEFINE(HAVE_UT_ID) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
#AC_MSG_CHECKING(for ut_syslen in struct utmp)
|
||||
#AC_TRY_COMPILE([#include <sys/types.h>
|
||||
##include <utmp.h>], [struct utmp foo; return (int)foo.ut_syslen;], AC_DEFINE(HAVE_UT_SYSLEN) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
AC_MSG_CHECKING(for ut_syslen in struct utmpx)
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <utmpx.h>], [struct utmpx foo; return (int)foo.ut_syslen;], AC_DEFINE(HAVE_UTX_SYSLEN) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))
|
||||
|
||||
dnl Checks for library functions.
|
||||
dnl AC_PROG_GCC_TRADITIONAL
|
||||
AC_TYPE_SIGNAL
|
||||
AC_CHECK_FUNCS(gettimeofday socket strftime strstr setpriority getttynam setvbuf getspnam endspent setgroups getgroups fpurge setlogin lstat getutxline pututxline usleep)
|
||||
|
||||
dnl Libmissing...
|
||||
AC_FUNC_MEMCMP
|
||||
AC_FUNC_ALLOCA
|
||||
AC_REPLACE_FUNCS(getusershell sigaddset sigemptyset strerror strncasecmp)
|
||||
MISSING="$LIBOBJS $ALLOCA " ;
|
||||
|
||||
dnl These should be simplified by a macro
|
||||
AC_CHECK_FUNC(atexit, AC_DEFINE(HAVE_ATEXIT), MISSING="${MISSING}atexit.o "; AC_CHECK_FUNCS(on_exit))
|
||||
AC_CHECK_FUNC(endutent, AC_DEFINE(HAVE_ENDUTENT), MISSING="${MISSING}endutent.o ")
|
||||
AC_CHECK_FUNC(initgroups, AC_DEFINE(HAVE_INITGROUPS), MISSING="${MISSING}initgroups.o ")
|
||||
AC_CHECK_FUNC(memcmp, AC_DEFINE(HAVE_MEMCMP), MISSING="${MISSING}memcmp.o ")
|
||||
AC_CHECK_FUNC(memcpy, AC_DEFINE(HAVE_MEMCPY), MISSING="${MISSING}memcpy.o "; AC_CHECK_FUNCS(bcopy))
|
||||
AC_CHECK_FUNC(memset, AC_DEFINE(HAVE_MEMSET), MISSING="${MISSING}memset.o "; AC_CHECK_FUNCS(bzero))
|
||||
AC_CHECK_FUNC(getcwd, AC_DEFINE(HAVE_GETCWD), MISSING="${MISSING}getcwd.o "; AC_CHECK_FUNCS(getwd))
|
||||
AC_CHECK_FUNC(getenv, AC_DEFINE(HAVE_GETENV), MISSING="${MISSING}env.o ")
|
||||
AC_CHECK_FUNC(getutline, AC_DEFINE(HAVE_GETUTLINE), MISSING="${MISSING}getutline.o "; AC_CHECK_FUNCS(ttyslot))
|
||||
AC_CHECK_FUNC(pututline, AC_DEFINE(HAVE_PUTUTLINE), MISSING="${MISSING}pututline.o "; AC_CHECK_FUNCS(ttyslot))
|
||||
AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), MISSING="${MISSING}env.o ")
|
||||
AC_CHECK_FUNC(setegid, AC_DEFINE(HAVE_SETEGID), MISSING="${MISSING}setegid.o "; AC_CHECK_FUNCS(setregid setresgid))
|
||||
AC_CHECK_FUNC(seteuid, AC_DEFINE(HAVE_SETEUID), MISSING="${MISSING}seteuid.o "; AC_CHECK_FUNCS(setreuid setresuid))
|
||||
AC_CHECK_FUNC(setutent, AC_DEFINE(HAVE_SETUTENT), MISSING="${MISSING}setutent.o ")
|
||||
AC_CHECK_FUNC(sigprocmask, AC_DEFINE(HAVE_SIGPROCMASK), MISSING="${MISSING}sigprocmask.o "; AC_CHECK_FUNCS(sigblock sigsetmask))
|
||||
AC_CHECK_FUNC(strchr, AC_DEFINE(HAVE_STRCHR), MISSING="${MISSING}strchr.o "; AC_CHECK_FUNCS(index))
|
||||
AC_CHECK_FUNC(strrchr, AC_DEFINE(HAVE_STRRCHR), MISSING="${MISSING}strrchr.o "; AC_CHECK_FUNCS(rindex))
|
||||
AC_CHECK_FUNC(strtoul, AC_DEFINE(HAVE_STRTOUL), MISSING="${MISSING}strtoul.o ")
|
||||
AC_CHECK_FUNC(sysconf, AC_DEFINE(HAVE_SYSCONF), MISSING="${MISSING}sysconf.o "; AC_CHECK_FUNCS(getdtablesize))
|
||||
AC_CHECK_FUNC(uname, AC_DEFINE(HAVE_UNAME), MISSING="${MISSING}uname.o "; AC_CHECK_FUNCS(gethostname))
|
||||
AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV), MISSING="${MISSING}env.o ")
|
||||
AC_SUBST(MISSING)
|
||||
|
||||
AC_MSG_CHECKING(for nonstandard gettimeofday)
|
||||
AC_TRY_COMPILE([
|
||||
#if HAVE_SYS_TIME_H
|
||||
#include <sys/time.h>
|
||||
#endif /* HAVE_SYS_TIME_H */
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
],
|
||||
[struct timeval tv;
|
||||
gettimeofday(&tv, NULL)], AC_MSG_RESULT(no), AC_MSG_RESULT(maybe) AC_TRY_COMPILE([
|
||||
#if HAVE_SYS_TIME_H
|
||||
#include <sys/time.h>
|
||||
#endif /* HAVE_SYS_TIME_H */
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
],
|
||||
[struct timeval tv;
|
||||
gettimeofday(&tv)], AC_DEFINE(HAVE_ONE_ARG_GETTIMEOFDAY) AC_MSG_RESULT(yes), AC_MSG_RESULT(no)))
|
||||
|
||||
# Munge out LOCALBIN and LOCALMAN in canonical (no bletch) form
|
||||
AC_OUTPUT(configure.munger libmissing/Makefile libopie/Makefile Makefile.munge:Makefile.in)
|
||||
sh configure.munger
|
|
@ -1,16 +0,0 @@
|
|||
prefix=@prefix@
|
||||
exec_prefix=@exec_prefix@
|
||||
bindir=@bindir@
|
||||
mandir=@mandir@
|
||||
|
||||
LOCALBIN=$bindir
|
||||
LOCALMAN=$mandir
|
||||
|
||||
echo ""
|
||||
echo "Binaries are going to be installed into $LOCALBIN,"
|
||||
echo "Manual pages are going to be installed into $LOCALMAN."
|
||||
echo ""
|
||||
echo "creating Makefile"
|
||||
cat Makefile.munge | sed s:@LOCALMAN@:$LOCALMAN:g | sed s:@LOCALBIN@:$LOCALBIN:g > Makefile
|
||||
echo ""
|
||||
echo "Have you read the README file?"
|
File diff suppressed because it is too large
Load diff
|
@ -1,668 +0,0 @@
|
|||
/* glob.c: The csh et al glob pattern matching routines.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.32. Remove include of dirent.h here; it's
|
||||
done already (and conditionally) in opie_cfg.h.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Remove useless strings. Prototype right.
|
||||
Modified at NRL for OPIE 2.0.
|
||||
Originally from BSD.
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 1980 Regents of the University of California.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the University of
|
||||
* California, Berkeley and its contributors.
|
||||
* 4. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/*
|
||||
* C-shell glob for random programs.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#if HAVE_SYS_PARAM_H
|
||||
#include <sys/param.h>
|
||||
#endif /* HAVE_SYS_PARAM_H */
|
||||
#include <sys/stat.h>
|
||||
|
||||
#if HAVE_PWD_H
|
||||
#include <pwd.h>
|
||||
#endif /* HAVE_PWD_H */
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#if HAVE_LIMITS_H
|
||||
#include <limits.h>
|
||||
#endif /* HAVE_LIMITS_H */
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
#ifndef NCARGS
|
||||
#define NCARGS 600
|
||||
#endif /* NCARGS */
|
||||
#define QUOTE 0200
|
||||
#define TRIM 0177
|
||||
#define eq(a,b) (strcmp((a),(b)) == (0))
|
||||
#define GAVSIZ (NCARGS/6)
|
||||
#define isdir(d) (((d.st_mode) & S_IFMT) == S_IFDIR)
|
||||
|
||||
static char **gargv; /* Pointer to the (stack) arglist */
|
||||
static int gargc; /* Number args in gargv */
|
||||
static int gnleft;
|
||||
static short gflag;
|
||||
|
||||
static int letter __P((register char));
|
||||
static int digit __P((register char));
|
||||
static int any __P((int, char *));
|
||||
static int blklen __P((register char **));
|
||||
VOIDRET blkfree __P((char **));
|
||||
static char *strspl __P((register char *, register char *));
|
||||
|
||||
static int tglob __P((register char c));
|
||||
|
||||
extern int errno;
|
||||
static char *strend __P((char *));
|
||||
|
||||
static int globcnt;
|
||||
|
||||
static char *globchars = "`{[*?";
|
||||
char *globerr = NULL;
|
||||
char *home = NULL;
|
||||
|
||||
static char *gpath, *gpathp, *lastgpathp;
|
||||
static int globbed;
|
||||
static char *entp;
|
||||
static char **sortbas;
|
||||
|
||||
static int amatch __P((char *p, char *s));
|
||||
static int execbrc __P((register char *p, register char *s));
|
||||
VOIDRET opiefatal __P((char *));
|
||||
char **copyblk __P((char **));
|
||||
|
||||
static int match FUNCTION((s, p), char *s AND char *p)
|
||||
{
|
||||
register int c;
|
||||
register char *sentp;
|
||||
char sglobbed = globbed;
|
||||
|
||||
if (*s == '.' && *p != '.')
|
||||
return (0);
|
||||
sentp = entp;
|
||||
entp = s;
|
||||
c = amatch(s, p);
|
||||
entp = sentp;
|
||||
globbed = sglobbed;
|
||||
return (c);
|
||||
}
|
||||
|
||||
|
||||
static int Gmatch FUNCTION((s, p), register char *s AND register char *p)
|
||||
{
|
||||
register int scc;
|
||||
int ok, lc;
|
||||
int c, cc;
|
||||
|
||||
for (;;) {
|
||||
scc = *s++ & TRIM;
|
||||
switch (c = *p++) {
|
||||
|
||||
case '[':
|
||||
ok = 0;
|
||||
lc = 077777;
|
||||
while (cc = *p++) {
|
||||
if (cc == ']') {
|
||||
if (ok)
|
||||
break;
|
||||
return (0);
|
||||
}
|
||||
if (cc == '-') {
|
||||
if (lc <= scc && scc <= *p++)
|
||||
ok++;
|
||||
} else
|
||||
if (scc == (lc = cc))
|
||||
ok++;
|
||||
}
|
||||
if (cc == 0)
|
||||
if (ok)
|
||||
p--;
|
||||
else
|
||||
return 0;
|
||||
continue;
|
||||
|
||||
case '*':
|
||||
if (!*p)
|
||||
return (1);
|
||||
for (s--; *s; s++)
|
||||
if (Gmatch(s, p))
|
||||
return (1);
|
||||
return (0);
|
||||
|
||||
case 0:
|
||||
return (scc == 0);
|
||||
|
||||
default:
|
||||
if ((c & TRIM) != scc)
|
||||
return (0);
|
||||
continue;
|
||||
|
||||
case '?':
|
||||
if (scc == 0)
|
||||
return (0);
|
||||
continue;
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static VOIDRET Gcat FUNCTION((s1, s2), register char *s1 AND register char *s2)
|
||||
{
|
||||
register int len = strlen(s1) + strlen(s2) + 1;
|
||||
|
||||
if (len >= gnleft || gargc >= GAVSIZ - 1)
|
||||
globerr = "Arguments too long";
|
||||
else {
|
||||
gargc++;
|
||||
gnleft -= len;
|
||||
gargv[gargc] = 0;
|
||||
gargv[gargc - 1] = strspl(s1, s2);
|
||||
}
|
||||
}
|
||||
|
||||
static VOIDRET addpath FUNCTION((c), char c)
|
||||
{
|
||||
|
||||
if (gpathp >= lastgpathp)
|
||||
globerr = "Pathname too long";
|
||||
else {
|
||||
*gpathp++ = c;
|
||||
*gpathp = 0;
|
||||
}
|
||||
}
|
||||
|
||||
static VOIDRET rscan FUNCTION((t, f), register char **t AND int (*f)__P((char)))
|
||||
{
|
||||
register char *p, c;
|
||||
|
||||
while (p = *t++) {
|
||||
if (f == tglob)
|
||||
if (*p == '~')
|
||||
gflag |= 2;
|
||||
else
|
||||
if (eq(p, "{") || eq(p, "{}"))
|
||||
continue;
|
||||
while (c = *p++)
|
||||
(*f) (c);
|
||||
}
|
||||
}
|
||||
|
||||
static int tglob FUNCTION((c), register char c)
|
||||
{
|
||||
if (any(c, globchars))
|
||||
gflag |= c == '{' ? 2 : 1;
|
||||
return (c);
|
||||
}
|
||||
|
||||
static int letter FUNCTION((c), register char c)
|
||||
{
|
||||
return (c >= 'a' && c <= 'z' || c >= 'A' && c <= 'Z' || c == '_');
|
||||
}
|
||||
|
||||
static int digit FUNCTION((c), register char c)
|
||||
{
|
||||
return (c >= '0' && c <= '9');
|
||||
}
|
||||
|
||||
static int any FUNCTION((c, s), int c AND char *s)
|
||||
{
|
||||
while (*s)
|
||||
if (*s++ == c)
|
||||
return (1);
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int blklen FUNCTION((av), register char **av)
|
||||
{
|
||||
register int i = 0;
|
||||
|
||||
while (*av++)
|
||||
i++;
|
||||
return (i);
|
||||
}
|
||||
|
||||
static char **blkcpy FUNCTION((oav, bv), char **oav AND register char **bv)
|
||||
{
|
||||
register char **av = oav;
|
||||
|
||||
while (*av++ = *bv++)
|
||||
continue;
|
||||
return (oav);
|
||||
}
|
||||
|
||||
VOIDRET blkfree FUNCTION((av0), char **av0)
|
||||
{
|
||||
register char **av = av0;
|
||||
|
||||
while (*av)
|
||||
free(*av++);
|
||||
}
|
||||
|
||||
static char *strspl FUNCTION((cp, dp), register char *cp AND register char *dp)
|
||||
{
|
||||
register char *ep = (char *) malloc((unsigned) (strlen(cp) +
|
||||
strlen(dp) + 1));
|
||||
|
||||
if (ep == (char *) 0)
|
||||
opiefatal("Out of memory");
|
||||
strcpy(ep, cp);
|
||||
strcat(ep, dp);
|
||||
return (ep);
|
||||
}
|
||||
|
||||
char **copyblk FUNCTION((v), char **v)
|
||||
{
|
||||
register char **nv = (char **) malloc((unsigned) ((blklen(v) + 1) *
|
||||
sizeof(char **)));
|
||||
|
||||
if (nv == (char **) 0)
|
||||
opiefatal("Out of memory");
|
||||
|
||||
return (blkcpy(nv, v));
|
||||
}
|
||||
|
||||
static char *strend FUNCTION((cp), register char *cp)
|
||||
{
|
||||
|
||||
while (*cp)
|
||||
cp++;
|
||||
return (cp);
|
||||
}
|
||||
|
||||
/*
|
||||
* Extract a home directory from the password file
|
||||
* The argument points to a buffer where the name of the
|
||||
* user whose home directory is sought is currently.
|
||||
* We write the home directory of the user back there.
|
||||
*/
|
||||
static int gethdir FUNCTION((home), char *home)
|
||||
{
|
||||
register struct passwd *pp = getpwnam(home);
|
||||
|
||||
if (!pp || home + strlen(pp->pw_dir) >= lastgpathp)
|
||||
return (1);
|
||||
strcpy(home, pp->pw_dir);
|
||||
return (0);
|
||||
}
|
||||
|
||||
static VOIDRET ginit FUNCTION((agargv), char **agargv)
|
||||
{
|
||||
agargv[0] = 0;
|
||||
gargv = agargv;
|
||||
sortbas = agargv;
|
||||
gargc = 0;
|
||||
gnleft = NCARGS - 4;
|
||||
}
|
||||
|
||||
static VOIDRET sort FUNCTION_NOARGS
|
||||
{
|
||||
register char **p1, **p2, *c;
|
||||
char **Gvp = &gargv[gargc];
|
||||
|
||||
p1 = sortbas;
|
||||
while (p1 < Gvp - 1) {
|
||||
p2 = p1;
|
||||
while (++p2 < Gvp)
|
||||
if (strcmp(*p1, *p2) > 0)
|
||||
c = *p1, *p1 = *p2, *p2 = c;
|
||||
p1++;
|
||||
}
|
||||
sortbas = Gvp;
|
||||
}
|
||||
|
||||
static VOIDRET matchdir FUNCTION((pattern), char *pattern)
|
||||
{
|
||||
struct stat stb;
|
||||
|
||||
register struct dirent *dp;
|
||||
|
||||
DIR *dirp;
|
||||
|
||||
dirp = opendir(*gpath == '\0' ? "." : gpath);
|
||||
if (dirp == NULL) {
|
||||
if (globbed)
|
||||
return;
|
||||
goto patherr2;
|
||||
}
|
||||
#if !defined(linux)
|
||||
if (fstat(dirp->dd_fd, &stb) < 0)
|
||||
goto patherr1;
|
||||
if (!isdir(stb)) {
|
||||
errno = ENOTDIR;
|
||||
goto patherr1;
|
||||
}
|
||||
#endif /* !defined(linux) */
|
||||
while ((dp = readdir(dirp)) != NULL) {
|
||||
if (dp->d_ino == 0)
|
||||
continue;
|
||||
if (match(dp->d_name, pattern)) {
|
||||
Gcat(gpath, dp->d_name);
|
||||
globcnt++;
|
||||
}
|
||||
}
|
||||
closedir(dirp);
|
||||
return;
|
||||
|
||||
patherr1:
|
||||
closedir(dirp);
|
||||
patherr2:
|
||||
globerr = "Bad directory components";
|
||||
}
|
||||
|
||||
static VOIDRET expand FUNCTION((as), char *as)
|
||||
{
|
||||
register char *cs;
|
||||
register char *sgpathp, *oldcs;
|
||||
struct stat stb;
|
||||
|
||||
sgpathp = gpathp;
|
||||
cs = as;
|
||||
if (*cs == '~' && gpathp == gpath) {
|
||||
addpath('~');
|
||||
for (cs++; letter(*cs) || digit(*cs) || *cs == '-';)
|
||||
addpath(*cs++);
|
||||
if (!*cs || *cs == '/') {
|
||||
if (gpathp != gpath + 1) {
|
||||
*gpathp = 0;
|
||||
if (gethdir(gpath + 1))
|
||||
globerr = "Unknown user name after ~";
|
||||
strcpy(gpath, gpath + 1);
|
||||
} else
|
||||
strcpy(gpath, home);
|
||||
gpathp = strend(gpath);
|
||||
}
|
||||
}
|
||||
while (!any(*cs, globchars)) {
|
||||
if (*cs == 0) {
|
||||
if (!globbed)
|
||||
Gcat(gpath, "");
|
||||
else
|
||||
if (stat(gpath, &stb) >= 0) {
|
||||
Gcat(gpath, "");
|
||||
globcnt++;
|
||||
}
|
||||
goto endit;
|
||||
}
|
||||
addpath(*cs++);
|
||||
}
|
||||
oldcs = cs;
|
||||
while (cs > as && *cs != '/')
|
||||
cs--, gpathp--;
|
||||
if (*cs == '/')
|
||||
cs++, gpathp++;
|
||||
*gpathp = 0;
|
||||
if (*oldcs == '{') {
|
||||
execbrc(cs, ((char *) 0));
|
||||
return;
|
||||
}
|
||||
matchdir(cs);
|
||||
endit:
|
||||
gpathp = sgpathp;
|
||||
*gpathp = 0;
|
||||
}
|
||||
|
||||
static int execbrc FUNCTION((p, s), char *p AND char *s)
|
||||
{
|
||||
char restbuf[BUFSIZ + 2];
|
||||
register char *pe, *pm, *pl;
|
||||
int brclev = 0;
|
||||
char *lm, savec, *sgpathp;
|
||||
|
||||
for (lm = restbuf; *p != '{'; *lm++ = *p++)
|
||||
continue;
|
||||
for (pe = ++p; *pe; pe++)
|
||||
switch (*pe) {
|
||||
|
||||
case '{':
|
||||
brclev++;
|
||||
continue;
|
||||
|
||||
case '}':
|
||||
if (brclev == 0)
|
||||
goto pend;
|
||||
brclev--;
|
||||
continue;
|
||||
|
||||
case '[':
|
||||
for (pe++; *pe && *pe != ']'; pe++)
|
||||
continue;
|
||||
continue;
|
||||
}
|
||||
pend:
|
||||
brclev = 0;
|
||||
for (pl = pm = p; pm <= pe; pm++)
|
||||
switch (*pm & (QUOTE | TRIM)) {
|
||||
|
||||
case '{':
|
||||
brclev++;
|
||||
continue;
|
||||
|
||||
case '}':
|
||||
if (brclev) {
|
||||
brclev--;
|
||||
continue;
|
||||
}
|
||||
goto doit;
|
||||
|
||||
case ',' | QUOTE:
|
||||
case ',':
|
||||
if (brclev)
|
||||
continue;
|
||||
doit:
|
||||
savec = *pm;
|
||||
*pm = 0;
|
||||
strcpy(lm, pl);
|
||||
strcat(restbuf, pe + 1);
|
||||
*pm = savec;
|
||||
if (s == 0) {
|
||||
sgpathp = gpathp;
|
||||
expand(restbuf);
|
||||
gpathp = sgpathp;
|
||||
*gpathp = 0;
|
||||
} else
|
||||
if (amatch(s, restbuf))
|
||||
return (1);
|
||||
sort();
|
||||
pl = pm + 1;
|
||||
if (brclev)
|
||||
return (0);
|
||||
continue;
|
||||
|
||||
case '[':
|
||||
for (pm++; *pm && *pm != ']'; pm++)
|
||||
continue;
|
||||
if (!*pm)
|
||||
pm--;
|
||||
continue;
|
||||
}
|
||||
if (brclev)
|
||||
goto doit;
|
||||
return (0);
|
||||
}
|
||||
|
||||
static VOIDRET acollect FUNCTION((as), register char *as)
|
||||
{
|
||||
register int ogargc = gargc;
|
||||
|
||||
gpathp = gpath;
|
||||
*gpathp = 0;
|
||||
globbed = 0;
|
||||
expand(as);
|
||||
if (gargc != ogargc)
|
||||
sort();
|
||||
}
|
||||
|
||||
static VOIDRET collect FUNCTION((as), register char *as)
|
||||
{
|
||||
if (eq(as, "{") || eq(as, "{}")) {
|
||||
Gcat(as, "");
|
||||
sort();
|
||||
} else
|
||||
acollect(as);
|
||||
}
|
||||
|
||||
static int amatch FUNCTION((s, p), register char *s AND register char *p)
|
||||
{
|
||||
register int scc;
|
||||
int ok, lc;
|
||||
char *sgpathp;
|
||||
struct stat stb;
|
||||
int c, cc;
|
||||
|
||||
globbed = 1;
|
||||
for (;;) {
|
||||
scc = *s++ & TRIM;
|
||||
switch (c = *p++) {
|
||||
|
||||
case '{':
|
||||
return (execbrc(p - 1, s - 1));
|
||||
|
||||
case '[':
|
||||
ok = 0;
|
||||
lc = 077777;
|
||||
while (cc = *p++) {
|
||||
if (cc == ']') {
|
||||
if (ok)
|
||||
break;
|
||||
return (0);
|
||||
}
|
||||
if (cc == '-') {
|
||||
if (lc <= scc && scc <= *p++)
|
||||
ok++;
|
||||
} else
|
||||
if (scc == (lc = cc))
|
||||
ok++;
|
||||
}
|
||||
if (cc == 0)
|
||||
if (ok)
|
||||
p--;
|
||||
else
|
||||
return 0;
|
||||
continue;
|
||||
|
||||
case '*':
|
||||
if (!*p)
|
||||
return (1);
|
||||
if (*p == '/') {
|
||||
p++;
|
||||
goto slash;
|
||||
}
|
||||
s--;
|
||||
do {
|
||||
if (amatch(s, p))
|
||||
return (1);
|
||||
}
|
||||
while (*s++);
|
||||
return (0);
|
||||
|
||||
case 0:
|
||||
return (scc == 0);
|
||||
|
||||
default:
|
||||
if (c != scc)
|
||||
return (0);
|
||||
continue;
|
||||
|
||||
case '?':
|
||||
if (scc == 0)
|
||||
return (0);
|
||||
continue;
|
||||
|
||||
case '/':
|
||||
if (scc)
|
||||
return (0);
|
||||
slash:
|
||||
s = entp;
|
||||
sgpathp = gpathp;
|
||||
while (*s)
|
||||
addpath(*s++);
|
||||
addpath('/');
|
||||
if (stat(gpath, &stb) == 0 && isdir(stb))
|
||||
if (*p == 0) {
|
||||
Gcat(gpath, "");
|
||||
globcnt++;
|
||||
} else
|
||||
expand(p);
|
||||
gpathp = sgpathp;
|
||||
*gpathp = 0;
|
||||
return (0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
char **ftpglob FUNCTION((v), register char *v)
|
||||
{
|
||||
char agpath[BUFSIZ];
|
||||
char *agargv[GAVSIZ];
|
||||
char *vv[2];
|
||||
|
||||
vv[0] = v;
|
||||
vv[1] = 0;
|
||||
gflag = 0;
|
||||
rscan(vv, tglob);
|
||||
if (gflag == 0) {
|
||||
vv[0] = strspl(v, "");
|
||||
return (copyblk(vv));
|
||||
}
|
||||
globerr = 0;
|
||||
gpath = agpath;
|
||||
gpathp = gpath;
|
||||
*gpathp = 0;
|
||||
lastgpathp = &gpath[sizeof agpath - 2];
|
||||
ginit(agargv);
|
||||
globcnt = 0;
|
||||
collect(v);
|
||||
if (globcnt == 0 && (gflag & 1)) {
|
||||
blkfree(gargv), gargv = 0;
|
||||
return (0);
|
||||
} else
|
||||
return (gargv = copyblk(gargv));
|
||||
}
|
|
@ -1,238 +0,0 @@
|
|||
#! /bin/sh
|
||||
#
|
||||
# install - install a program, script, or datafile
|
||||
# This comes from X11R5.
|
||||
#
|
||||
# Calling this script install-sh is preferred over install.sh, to prevent
|
||||
# `make' implicit rules from creating a file called install from it
|
||||
# when there is no Makefile.
|
||||
#
|
||||
# This script is compatible with the BSD install script, but was written
|
||||
# from scratch.
|
||||
#
|
||||
|
||||
|
||||
# set DOITPROG to echo to test this script
|
||||
|
||||
# Don't use :- since 4.3BSD and earlier shells don't like it.
|
||||
doit="${DOITPROG-}"
|
||||
|
||||
|
||||
# put in absolute paths if you don't have them in your path; or use env. vars.
|
||||
|
||||
mvprog="${MVPROG-mv}"
|
||||
cpprog="${CPPROG-cp}"
|
||||
chmodprog="${CHMODPROG-chmod}"
|
||||
chownprog="${CHOWNPROG-chown}"
|
||||
chgrpprog="${CHGRPPROG-chgrp}"
|
||||
stripprog="${STRIPPROG-strip}"
|
||||
rmprog="${RMPROG-rm}"
|
||||
mkdirprog="${MKDIRPROG-mkdir}"
|
||||
|
||||
tranformbasename=""
|
||||
transform_arg=""
|
||||
instcmd="$mvprog"
|
||||
chmodcmd="$chmodprog 0755"
|
||||
chowncmd=""
|
||||
chgrpcmd=""
|
||||
stripcmd=""
|
||||
rmcmd="$rmprog -f"
|
||||
mvcmd="$mvprog"
|
||||
src=""
|
||||
dst=""
|
||||
dir_arg=""
|
||||
|
||||
while [ x"$1" != x ]; do
|
||||
case $1 in
|
||||
-c) instcmd="$cpprog"
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-d) dir_arg=true
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-m) chmodcmd="$chmodprog $2"
|
||||
shift
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-o) chowncmd="$chownprog $2"
|
||||
shift
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-g) chgrpcmd="$chgrpprog $2"
|
||||
shift
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-s) stripcmd="$stripprog"
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
|
||||
shift
|
||||
continue;;
|
||||
|
||||
*) if [ x"$src" = x ]
|
||||
then
|
||||
src=$1
|
||||
else
|
||||
# this colon is to work around a 386BSD /bin/sh bug
|
||||
:
|
||||
dst=$1
|
||||
fi
|
||||
shift
|
||||
continue;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ x"$src" = x ]
|
||||
then
|
||||
echo "install: no input file specified"
|
||||
exit 1
|
||||
else
|
||||
true
|
||||
fi
|
||||
|
||||
if [ x"$dir_arg" != x ]; then
|
||||
dst=$src
|
||||
src=""
|
||||
|
||||
if [ -d $dst ]; then
|
||||
instcmd=:
|
||||
else
|
||||
instcmd=mkdir
|
||||
fi
|
||||
else
|
||||
|
||||
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
|
||||
# might cause directories to be created, which would be especially bad
|
||||
# if $src (and thus $dsttmp) contains '*'.
|
||||
|
||||
if [ -f $src -o -d $src ]
|
||||
then
|
||||
true
|
||||
else
|
||||
echo "install: $src does not exist"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ x"$dst" = x ]
|
||||
then
|
||||
echo "install: no destination specified"
|
||||
exit 1
|
||||
else
|
||||
true
|
||||
fi
|
||||
|
||||
# If destination is a directory, append the input filename; if your system
|
||||
# does not like double slashes in filenames, you may need to add some logic
|
||||
|
||||
if [ -d $dst ]
|
||||
then
|
||||
dst="$dst"/`basename $src`
|
||||
else
|
||||
true
|
||||
fi
|
||||
fi
|
||||
|
||||
## this sed command emulates the dirname command
|
||||
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
|
||||
|
||||
# Make sure that the destination directory exists.
|
||||
# this part is taken from Noah Friedman's mkinstalldirs script
|
||||
|
||||
# Skip lots of stat calls in the usual case.
|
||||
if [ ! -d "$dstdir" ]; then
|
||||
defaultIFS='
|
||||
'
|
||||
IFS="${IFS-${defaultIFS}}"
|
||||
|
||||
oIFS="${IFS}"
|
||||
# Some sh's can't handle IFS=/ for some reason.
|
||||
IFS='%'
|
||||
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
|
||||
IFS="${oIFS}"
|
||||
|
||||
pathcomp=''
|
||||
|
||||
while [ $# -ne 0 ] ; do
|
||||
pathcomp="${pathcomp}${1}"
|
||||
shift
|
||||
|
||||
if [ ! -d "${pathcomp}" ] ;
|
||||
then
|
||||
$mkdirprog "${pathcomp}"
|
||||
else
|
||||
true
|
||||
fi
|
||||
|
||||
pathcomp="${pathcomp}/"
|
||||
done
|
||||
fi
|
||||
|
||||
if [ x"$dir_arg" != x ]
|
||||
then
|
||||
$doit $instcmd $dst &&
|
||||
|
||||
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
|
||||
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
|
||||
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
|
||||
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
|
||||
else
|
||||
|
||||
# If we're going to rename the final executable, determine the name now.
|
||||
|
||||
if [ x"$transformarg" = x ]
|
||||
then
|
||||
dstfile=`basename $dst`
|
||||
else
|
||||
dstfile=`basename $dst $transformbasename |
|
||||
sed $transformarg`$transformbasename
|
||||
fi
|
||||
|
||||
# don't allow the sed command to completely eliminate the filename
|
||||
|
||||
if [ x"$dstfile" = x ]
|
||||
then
|
||||
dstfile=`basename $dst`
|
||||
else
|
||||
true
|
||||
fi
|
||||
|
||||
# Make a temp file name in the proper directory.
|
||||
|
||||
dsttmp=$dstdir/#inst.$$#
|
||||
|
||||
# Move or copy the file name to the temp name
|
||||
|
||||
$doit $instcmd $src $dsttmp &&
|
||||
|
||||
trap "rm -f ${dsttmp}" 0 &&
|
||||
|
||||
# and set any options; do chmod last to preserve setuid bits
|
||||
|
||||
# If any of these fail, we abort the whole thing. If we want to
|
||||
# ignore errors from any of these, just make sure not to ignore
|
||||
# errors from the above "$doit $instcmd $src $dsttmp" command.
|
||||
|
||||
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
|
||||
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
|
||||
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
|
||||
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
|
||||
|
||||
# Now rename the file to the real destination.
|
||||
|
||||
$doit $rmcmd -f $dstdir/$dstfile &&
|
||||
$doit $mvcmd $dsttmp $dstdir/$dstfile
|
||||
|
||||
fi &&
|
||||
|
||||
|
||||
exit 0
|
|
@ -1,34 +0,0 @@
|
|||
##
|
||||
# Makefile.in/Makefile: Directions for building libmissing.
|
||||
#
|
||||
# %%% copyright-cmetz-96
|
||||
# This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
# The Inner Net License Version 3 applies to this software.
|
||||
# You should have received a copy of the license with this software. If
|
||||
# you didn't get a copy, you may request one from <license@inner.net>.
|
||||
#
|
||||
# History:
|
||||
#
|
||||
# Modified by cmetz for OPIE 2.4. Add current dir to include header path.
|
||||
# Use ar 'cr' instead of 'r'. Renamed realclean to distclean.
|
||||
# Created by cmetz for OPIE 2.3 using old Makefiles as a guide.
|
||||
|
||||
OBJS=bogus.o @MISSING@
|
||||
|
||||
CC=@CC@
|
||||
CFLAGS=$(CFL) -I.. -I.
|
||||
TARGET=libmissing.a
|
||||
|
||||
all: $(TARGET)
|
||||
|
||||
$(TARGET): $(OBJS)
|
||||
@AR@ @ARFLAGS@ $(TARGET) $(OBJS)
|
||||
@RANLIB@ $(TARGET)
|
||||
|
||||
clean:
|
||||
-rm -f $(OBJS) $(TARGET)
|
||||
|
||||
realclean: distclean
|
||||
|
||||
distclean: clean
|
||||
-rm -f *~ core* "\#*\#" *.o *.a Makefile
|
|
@ -1 +0,0 @@
|
|||
int _bogus;
|
|
@ -1,19 +0,0 @@
|
|||
/* endutent.c: A replacement for the endutent function
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.31. Use VOIDRET macro.
|
||||
Created by cmetz for OPIE 2.3.
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
VOIDRET endutent FUNCTION_NOARGS
|
||||
{
|
||||
}
|
|
@ -1,63 +0,0 @@
|
|||
/* getutline.c: A replacement for the getutline() function
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.32. Fixed check for fread() return
|
||||
value.
|
||||
Modified by cmetz for OPIE 2.31. If the OS won't tell us where
|
||||
_PATH_UTMP is, play the SVID game, then use
|
||||
Autoconf-discovered values.
|
||||
Created by cmetz for OPIE 2.3.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include <stdio.h>
|
||||
#include <utmp.h>
|
||||
#include "opie.h"
|
||||
|
||||
static struct utmp u;
|
||||
|
||||
#ifndef _PATH_UTMP
|
||||
#ifdef UTMP_FILE
|
||||
#define _PATH_UTMP UTMP_FILE
|
||||
#else /* UTMP_FILE */
|
||||
#define _PATH_UTMP PATH_UTMP_AC
|
||||
#endif /* UTMP_FILE */
|
||||
#endif /* _PATH_UTMP */
|
||||
|
||||
struct utmp *getutline FUNCTION((utmp), struct utmp *utmp)
|
||||
{
|
||||
FILE *f;
|
||||
int i;
|
||||
|
||||
if (!(f = __opieopen(_PATH_UTMP, 0, 0644)))
|
||||
return 0;
|
||||
|
||||
#if HAVE_TTYSLOT
|
||||
if (i = ttyslot()) {
|
||||
if (fseek(f, i * sizeof(struct utmp), SEEK_SET) < 0)
|
||||
goto ret;
|
||||
if (fread(&u, sizeof(struct utmp), 1, f) != 1)
|
||||
goto ret;
|
||||
fclose(f);
|
||||
return &u;
|
||||
}
|
||||
#endif /* HAVE_TTYSLOT */
|
||||
|
||||
while(fread(&u, sizeof(struct utmp), 1, f) == 1) {
|
||||
if (!strncmp(utmp->ut_line, u.ut_line, sizeof(u.ut_line) - 1)) {
|
||||
fclose(f);
|
||||
return &u;
|
||||
}
|
||||
}
|
||||
|
||||
ret:
|
||||
fclose(f);
|
||||
return NULL;
|
||||
}
|
|
@ -1,64 +0,0 @@
|
|||
/* pututline.c: A replacement for the pututline() function
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.32. Fixed check for fread() return
|
||||
value.
|
||||
Modified by cmetz for OPIE 2.31. If the OS won't tell us where
|
||||
_PATH_UTMP is, use Autoconf-discovered values.
|
||||
Created by cmetz for OPIE 2.3.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include <stdio.h>
|
||||
#include <utmp.h>
|
||||
#include "opie.h"
|
||||
|
||||
#ifndef _PATH_UTMP
|
||||
#define _PATH_UTMP PATH_UTMP_AC
|
||||
#endif /* _PATH_UTMP */
|
||||
|
||||
void pututline FUNCTION((utmp), struct utmp *utmp)
|
||||
{
|
||||
FILE *f;
|
||||
struct utmp u;
|
||||
int i;
|
||||
|
||||
if (!(f = __opieopen(_PATH_UTMP, 1, 0644)))
|
||||
return;
|
||||
|
||||
#if HAVE_TTYSLOT
|
||||
if (i = ttyslot()) {
|
||||
if (fseek(f, i * sizeof(struct utmp), SEEK_SET) < 0)
|
||||
goto ret;
|
||||
fwrite(utmp, sizeof(struct utmp), 1, f);
|
||||
goto ret;
|
||||
}
|
||||
#endif /* HAVE_TTYSLOT */
|
||||
|
||||
while(fread(&u, sizeof(struct utmp), 1, f) == 1) {
|
||||
if (!strncmp(utmp->ut_line, u.ut_line, sizeof(u.ut_line) - 1)) {
|
||||
if ((i = ftell(f)) < 0)
|
||||
goto ret;
|
||||
if (fseek(f, i - sizeof(struct utmp), SEEK_SET) < 0)
|
||||
goto ret;
|
||||
fwrite(utmp, sizeof(struct utmp), 1, f);
|
||||
goto ret;
|
||||
}
|
||||
}
|
||||
|
||||
fclose(f);
|
||||
|
||||
if (!(f = __opieopen(_PATH_UTMP, 2, 0644)))
|
||||
return;
|
||||
fwrite(utmp, sizeof(struct utmp), 1, f);
|
||||
|
||||
ret:
|
||||
fclose(f);
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
/* setutent.c: A replacement for the setutent function
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Created by cmetz for OPIE 2.31.
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
VOIDRET setutent FUNCTION_NOARGS
|
||||
{
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
##
|
||||
# Makefile.in/Makefile: Directions for building libopie.
|
||||
#
|
||||
# %%% copyright-cmetz-96
|
||||
# This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
# The Inner Net License Version 3 applies to this software.
|
||||
# You should have received a copy of the license with this software. If
|
||||
# you didn't get a copy, you may request one from <license@inner.net>.
|
||||
#
|
||||
# History:
|
||||
#
|
||||
# Modified by cmetz for OPIE 2.4. Add libmissing to include header path.
|
||||
# Use ar 'cr' instead of 'r'. Renamed realclean to distclean.
|
||||
# Modified by cmetz for OPIE 2.31. Added logwtmp.o
|
||||
# Created by cmetz for OPIE 2.3 using old Makefiles as a guide.
|
||||
|
||||
OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o logwtmp.o # sha.o
|
||||
|
||||
CC=@CC@
|
||||
CFLAGS=$(CFL) -I.. -I../libmissing
|
||||
TARGET=libopie.a
|
||||
|
||||
all: $(TARGET)
|
||||
|
||||
$(TARGET): $(OBJS)
|
||||
@AR@ @ARFLAGS@ $(TARGET) $(OBJS)
|
||||
@RANLIB@ $(TARGET)
|
||||
|
||||
clean:
|
||||
-rm -f $(OBJS) $(TARGET)
|
||||
|
||||
realclean: distclean
|
||||
|
||||
distclean: clean
|
||||
-rm -f *~ core* "\#*\#" *.o *.a Makefile
|
|
@ -1,171 +0,0 @@
|
|||
/* accessfile.c: Handle trusted network access file and per-user
|
||||
overrides.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.31. Include syslog.h on debug.
|
||||
Modified by cmetz for OPIE 2.3. Send debug info to syslog.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Ifdef around some headers. Remove extra semicolon.
|
||||
Modified at NRL for OPIE 2.2. Moved from accessfile.c to
|
||||
libopie/opieaccessfile.c.
|
||||
Modified at NRL for OPIE 2.0.
|
||||
Written at Bellcore for the S/Key Version 1 software distribution
|
||||
(login.c).
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netdb.h>
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#if HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif /* HAVE_STDLIB_H */
|
||||
|
||||
#ifdef DEBUG
|
||||
#include <syslog.h>
|
||||
#endif /* DEBUG */
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
int opieaccessfile FUNCTION((host), char *host)
|
||||
{
|
||||
#ifdef PATH_ACCESS_FILE
|
||||
/* Turn host into an IP address and then look it up in the authorization
|
||||
* database to determine if ordinary password logins are OK
|
||||
*/
|
||||
long n;
|
||||
struct hostent *hp;
|
||||
FILE *fp;
|
||||
char buf[128], **lp;
|
||||
|
||||
#ifdef DEBUG
|
||||
syslog(LOG_DEBUG, "accessfile: host=%s", host);
|
||||
#endif /* DEBUG */
|
||||
if (!host[0])
|
||||
/* Local login, okay */
|
||||
return (1);
|
||||
if (isaddr(host)) {
|
||||
n = inet_addr(host);
|
||||
return rdnets(n);
|
||||
} else {
|
||||
hp = gethostbyname(host);
|
||||
if (!hp) {
|
||||
printf("Unknown host %s\n", host);
|
||||
return 0;
|
||||
}
|
||||
for (lp = hp->h_addr_list; *lp; lp++) {
|
||||
memcpy((char *) &n, *lp, sizeof(n));
|
||||
if (rdnets(n))
|
||||
return (1);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
}
|
||||
|
||||
int rdnets FUNCTION((host), long host)
|
||||
{
|
||||
FILE *fp;
|
||||
char buf[128], *cp;
|
||||
long pattern, mask;
|
||||
int permit_it;
|
||||
|
||||
if (!(fp = fopen(PATH_ACCESS_FILE, "r")))
|
||||
return 0;
|
||||
|
||||
while (fgets(buf, sizeof(buf), fp), !feof(fp)) {
|
||||
if (buf[0] == '#')
|
||||
continue; /* Comment */
|
||||
if (!(cp = strtok(buf, " \t")))
|
||||
continue;
|
||||
/* two choices permit of deny */
|
||||
if (strncasecmp(cp, "permit", 4) == 0) {
|
||||
permit_it = 1;
|
||||
} else {
|
||||
if (strncasecmp(cp, "deny", 4) == 0) {
|
||||
permit_it = 0;
|
||||
} else {
|
||||
continue; /* ignore; it is not permit/deny */
|
||||
}
|
||||
}
|
||||
if (!(cp = strtok(NULL, " \t")))
|
||||
continue; /* Invalid line */
|
||||
pattern = inet_addr(cp);
|
||||
if (!(cp = strtok(NULL, " \t")))
|
||||
continue; /* Invalid line */
|
||||
mask = inet_addr(cp);
|
||||
#ifdef DEBUG
|
||||
syslog(LOG_DEBUG, "accessfile: %08x & %08x == %08x (%s)", host, mask, pattern, ((host & mask) == pattern) ? "true" : "false");
|
||||
#endif /* DEBUG */
|
||||
if ((host & mask) == pattern) {
|
||||
fclose(fp);
|
||||
return permit_it;
|
||||
}
|
||||
}
|
||||
fclose(fp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Return TRUE if string appears to be an IP address in dotted decimal;
|
||||
* return FALSE otherwise (i.e., if string is a domain name)
|
||||
*/
|
||||
int isaddr FUNCTION((s), register char *s)
|
||||
{
|
||||
char c;
|
||||
|
||||
if (!s)
|
||||
return 1; /* Can't happen */
|
||||
|
||||
while ((c = *s++) != '\0') {
|
||||
if (c != '[' && c != ']' && !isdigit(c) && c != '.')
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
#else /* PATH_ACCESS_FILE */
|
||||
return !host[0];
|
||||
#endif /* PATH_ACCESS_FILE */
|
||||
}
|
||||
|
||||
/* Returns the opposite of what you might expect */
|
||||
/* Returns 1 on error (allow)... this might not be what you want */
|
||||
int opiealways FUNCTION((homedir), char *homedir)
|
||||
{
|
||||
char *opiealwayspath;
|
||||
int i;
|
||||
|
||||
if (!homedir)
|
||||
return 1;
|
||||
|
||||
if (!(opiealwayspath = malloc(strlen(homedir) + sizeof(OPIE_ALWAYS_FILE) + 1)))
|
||||
return 1;
|
||||
|
||||
strcpy(opiealwayspath, homedir);
|
||||
strcat(opiealwayspath, "/");
|
||||
strcat(opiealwayspath, OPIE_ALWAYS_FILE);
|
||||
i = access(opiealwayspath, F_OK);
|
||||
free(opiealwayspath);
|
||||
return (i);
|
||||
}
|
|
@ -1,76 +0,0 @@
|
|||
/* atob8.c: The opieatob8() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
|
||||
Modified by cmetz for OPIE 2.3. Return the output variable.
|
||||
Don't check parameters.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Inlined and obseleted opieskipspace(). Inlined and obseleted
|
||||
opiehtoi().
|
||||
Created at NRL for OPIE 2.2 from opiesubr2.c
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
#include <stdio.h>
|
||||
#include "opie.h"
|
||||
|
||||
/* Convert 8-byte hex-ascii string to binary array
|
||||
*/
|
||||
char *opieatob8 FUNCTION((out, in), struct opie_otpkey *outkey AND char *in)
|
||||
{
|
||||
register int i;
|
||||
register int val;
|
||||
unsigned char *out = (unsigned char *)outkey;
|
||||
|
||||
for (i = 0; i < 8; i++) {
|
||||
while (*in == ' ' || *in == '\t')
|
||||
in++;
|
||||
if (!*in)
|
||||
return NULL;
|
||||
|
||||
if ((*in >= '0') && (*in <= '9'))
|
||||
val = *(in++) - '0';
|
||||
else
|
||||
if ((*in >= 'a') && (*in <= 'f'))
|
||||
val = *(in++) - 'a' + 10;
|
||||
else
|
||||
if ((*in >= 'A') && (*in <= 'F'))
|
||||
val = *(in++) - 'A' + 10;
|
||||
else
|
||||
return NULL;
|
||||
|
||||
*out = val << 4;
|
||||
|
||||
while (*in == ' ' || *in == '\t')
|
||||
in++;
|
||||
if (!*in)
|
||||
return NULL;
|
||||
|
||||
if ((*in >= '0') && (*in <= '9'))
|
||||
val = *(in++) - '0';
|
||||
else
|
||||
if ((*in >= 'a') && (*in <= 'f'))
|
||||
val = *(in++) - 'a' + 10;
|
||||
else
|
||||
if ((*in >= 'A') && (*in <= 'F'))
|
||||
val = *(in++) - 'A' + 10;
|
||||
else
|
||||
return NULL;
|
||||
|
||||
*out++ |= val;
|
||||
}
|
||||
|
||||
return out;
|
||||
}
|
|
@ -1,34 +0,0 @@
|
|||
/* btoa8.c: The opiebtoa8() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
|
||||
Created by cmetz for OPIE 2.3 (quick re-write).
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
static char hextochar[16] =
|
||||
{'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
|
||||
|
||||
char *opiebtoa8 FUNCTION((out, in), char *out AND struct opie_otpkey *inkey)
|
||||
{
|
||||
int i;
|
||||
unsigned char *in = (unsigned char *)inkey;
|
||||
char *c = out;
|
||||
|
||||
for (i = 0; i < 8; i++) {
|
||||
*(c++) = hextochar[((*in) >> 4) & 0x0f];
|
||||
*(c++) = hextochar[(*in++) & 0x0f];
|
||||
}
|
||||
*c = 0;
|
||||
|
||||
return out;
|
||||
}
|
File diff suppressed because it is too large
Load diff
|
@ -1,36 +0,0 @@
|
|||
/* btoh.c: The opiebtoh() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Created by cmetz for OPIE 2.3.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
static char hextochar[16] =
|
||||
{'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
|
||||
|
||||
char *opiebtoh FUNCTION((out, in), char *out AND struct opie_otpkey *inkey)
|
||||
{
|
||||
int i;
|
||||
char *c = out;
|
||||
unsigned char *in = (unsigned char *)inkey;
|
||||
|
||||
for (i = 0; i < 4; i++) {
|
||||
*(c++) = hextochar[((*in) >> 4) & 0x0f];
|
||||
*(c++) = hextochar[(*in++) & 0x0f];
|
||||
*(c++) = hextochar[((*in) >> 4) & 0x0f];
|
||||
*(c++) = hextochar[(*in++) & 0x0f];
|
||||
*(c++) = ' ';
|
||||
}
|
||||
*(--c) = 0;
|
||||
|
||||
return out;
|
||||
}
|
|
@ -1,79 +0,0 @@
|
|||
/* challenge.c: The opiechallenge() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.32. Added extended response set
|
||||
identifier to the challenge.
|
||||
Modified by cmetz for OPIE 2.3. Use opie_ prefix. Send debug info to
|
||||
syslog. Add sha plumbing.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Created at NRL for OPIE 2.2 from opiesubr2.c
|
||||
|
||||
$FreeBSD$
|
||||
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#if DEBUG
|
||||
#include <syslog.h>
|
||||
#endif /* DEBUG */
|
||||
#include "opie.h"
|
||||
|
||||
/* Return an OTP challenge string for user 'name'.
|
||||
|
||||
The return values are:
|
||||
|
||||
0 = All good
|
||||
-1 = Low-level error (file, memory, I/O, etc.)
|
||||
1 = High-level error (user not found or locked)
|
||||
|
||||
This function MUST eventually be followed by an opieverify() to release
|
||||
the user lock and file handles.
|
||||
|
||||
This function will give you a blanked-out state block if it returns a
|
||||
nonzero status. Even though it returns a non-zero status and a blank
|
||||
state block, you still MUST call opieverify() to clear the lock and
|
||||
any internal state (the latter condition is not actually used yet).
|
||||
*/
|
||||
|
||||
static char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
|
||||
|
||||
int opiechallenge FUNCTION((mp, name, ss), struct opie *mp AND char *name AND char *ss)
|
||||
{
|
||||
int rval = -1;
|
||||
|
||||
rval = opielookup(mp, name);
|
||||
#if DEBUG
|
||||
if (rval) syslog(LOG_DEBUG, "opiechallenge: opielookup(mp, name=%s) returned %d", name, rval);
|
||||
#endif /* DEBUG */
|
||||
|
||||
if (!rval) {
|
||||
rval = opielock(name);
|
||||
#if DEBUG
|
||||
if (rval) syslog(LOG_DEBUG, "opiechallenge: opielock(name=%s) returned %d", name, rval);
|
||||
#endif /* DEBUG */
|
||||
}
|
||||
|
||||
if (rval ||
|
||||
(snprintf(ss, OPIE_CHALLENGE_MAX+1, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX+1)) {
|
||||
if (!rval)
|
||||
rval = 1;
|
||||
opierandomchallenge(ss);
|
||||
memset(mp, 0, sizeof(*mp));
|
||||
}
|
||||
|
||||
return rval;
|
||||
}
|
|
@ -1,398 +0,0 @@
|
|||
/* generator.c: The opiegenerator() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Added opieauto code based on
|
||||
previously released test code. Renamed buffer to challenge.
|
||||
Use struct opie_otpkey for keys.
|
||||
Modified by cmetz for OPIE 2.32. If secret=NULL, always return
|
||||
as if opieauto returned "get the secret". Renamed
|
||||
_opieparsechallenge() to __opieparsechallenge(). Check
|
||||
challenge for extended response support and don't send
|
||||
an init-hex response if extended response support isn't
|
||||
indicated in the challenge.
|
||||
Modified by cmetz for OPIE 2.31. Renamed "init" to "init-hex".
|
||||
Removed active attack protection support. Fixed fairly
|
||||
bug in how init response was computed (i.e., dead wrong).
|
||||
Modified by cmetz for OPIE 2.3. Use _opieparsechallenge(). ifdef
|
||||
around string.h. Output hex responses by default, output
|
||||
OTP re-init extended responses (same secret) if sequence
|
||||
number falls below 10.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Bug fixes.
|
||||
Created at NRL for OPIE 2.2.
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#if OPIEAUTO
|
||||
#include <errno.h>
|
||||
#if HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif /* HAVE_STDLIB_H */
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
#endif /* OPIEAUTO */
|
||||
#if DEBUG
|
||||
#include <syslog.h>
|
||||
#endif /* DEBUG */
|
||||
#include <stdio.h>
|
||||
#include "opie.h"
|
||||
|
||||
static char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
|
||||
|
||||
#if OPIEAUTO
|
||||
#ifndef max
|
||||
#define max(x, y) (((x) > (y)) ? (x) : (y))
|
||||
#endif /* max */
|
||||
|
||||
static int opieauto_connect FUNCTION_NOARGS
|
||||
{
|
||||
int s;
|
||||
struct sockaddr_un sun;
|
||||
char buffer[1024];
|
||||
char *c, *c2 ="/.opieauto";
|
||||
uid_t myuid = getuid(), myeuid = geteuid();
|
||||
|
||||
if (!myuid || !myeuid || (myuid != myeuid)) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opieauto_connect: superuser and/or setuid not allowed");
|
||||
#endif /* DEBUG */
|
||||
return -1;
|
||||
};
|
||||
|
||||
memset(&sun, 0, sizeof(struct sockaddr_un));
|
||||
sun.sun_family = AF_UNIX;
|
||||
|
||||
if (!(c = getenv("HOME"))) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opieauto_connect: no HOME variable?");
|
||||
#endif /* DEBUG */
|
||||
return -1;
|
||||
};
|
||||
|
||||
if (strlen(c) > (sizeof(sun.sun_path) - strlen(c2) - 1)) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opieauto_connect: HOME is too long: %s", c);
|
||||
#endif /* DEBUG */
|
||||
return -1;
|
||||
};
|
||||
|
||||
strcpy(sun.sun_path, c);
|
||||
strcat(sun.sun_path, c2);
|
||||
|
||||
if ((s = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opieauto_connect: socket: %s(%d)", strerror(errno), errno);
|
||||
#endif /* DEBUG */
|
||||
return -1;
|
||||
};
|
||||
|
||||
{
|
||||
struct stat st;
|
||||
|
||||
if (stat(sun.sun_path, &st) < 0) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opieauto_connect: stat: %s(%d)\n", strerror(errno), errno);
|
||||
#endif /* DEBUG */
|
||||
goto ret;
|
||||
};
|
||||
|
||||
if (connect(s, (struct sockaddr *)&sun, sizeof(struct sockaddr_un))) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opieauto_connect: connect: %s(%d)\n", strerror(errno), errno);
|
||||
#endif /* DEBUG */
|
||||
goto ret;
|
||||
};
|
||||
|
||||
if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600)) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opieauto_connect: something's fishy about the socket\n");
|
||||
#endif /* DEBUG */
|
||||
goto ret;
|
||||
};
|
||||
};
|
||||
|
||||
return s;
|
||||
|
||||
ret:
|
||||
close(s);
|
||||
return -1;
|
||||
};
|
||||
#endif /* OPIEAUTO */
|
||||
|
||||
int opiegenerator FUNCTION((challenge, secret, response), char *challenge AND char *secret AND char *response)
|
||||
{
|
||||
int algorithm;
|
||||
int sequence;
|
||||
char *seed;
|
||||
struct opie_otpkey key;
|
||||
int i;
|
||||
int exts;
|
||||
#if OPIEAUTO
|
||||
int s;
|
||||
int window;
|
||||
char cmd[1+1+1+1+4+1+OPIE_SEED_MAX+1+4+1+4+1+4+1+4+1];
|
||||
char *c;
|
||||
#endif /* OPIEAUTO */
|
||||
|
||||
if (!(challenge = strstr(challenge, "otp-")))
|
||||
return 1;
|
||||
|
||||
challenge += 4;
|
||||
|
||||
if (__opieparsechallenge(challenge, &algorithm, &sequence, &seed, &exts))
|
||||
return 1;
|
||||
|
||||
if ((sequence < 2) || (sequence > 9999))
|
||||
return 1;
|
||||
|
||||
if (*secret) {
|
||||
if (opiepasscheck(secret))
|
||||
return -2;
|
||||
|
||||
if (i = opiekeycrunch(algorithm, &key, seed, secret))
|
||||
return i;
|
||||
|
||||
if (sequence <= OPIE_SEQUENCE_RESTRICT) {
|
||||
if (!(exts & 1))
|
||||
return 1;
|
||||
|
||||
{
|
||||
char newseed[OPIE_SEED_MAX + 1];
|
||||
struct opie_otpkey newkey;
|
||||
char *c;
|
||||
char buf[OPIE_SEED_MAX + 48 + 1];
|
||||
|
||||
while (sequence-- != 0)
|
||||
opiehash(&key, algorithm);
|
||||
|
||||
if (opienewseed(strcpy(newseed, seed)) < 0)
|
||||
return -1;
|
||||
|
||||
if (opiekeycrunch(algorithm, &newkey, newseed, secret))
|
||||
return -1;
|
||||
|
||||
for (i = 0; i < 499; i++)
|
||||
opiehash(&newkey, algorithm);
|
||||
|
||||
strcpy(response, "init-hex:");
|
||||
strcat(response, opiebtoh(buf, &key));
|
||||
if (snprintf(buf, sizeof(buf), ":%s 499 %s:", algids[algorithm],
|
||||
newseed) >= sizeof(buf)) {
|
||||
#ifdef DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at init-hex");
|
||||
#endif /* DEBUG */
|
||||
return -1;
|
||||
}
|
||||
strcat(response, buf);
|
||||
strcat(response, opiebtoh(buf, &newkey));
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
#if OPIEAUTO
|
||||
if ((s = opieauto_connect()) >= 0) {
|
||||
if ((i = read(s, cmd, sizeof(cmd)-1)) < 0) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
|
||||
#endif /* DEBUG */
|
||||
close(s);
|
||||
s = -1;
|
||||
goto l0;
|
||||
};
|
||||
cmd[i] = 0;
|
||||
if ((cmd[0] != 'C') || (cmd[1] != '+') || (cmd[2] != ' ')) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: got invalid/failing C+ response: %s\n", cmd);
|
||||
#endif /* DEBUG */
|
||||
close(s);
|
||||
s = -1;
|
||||
goto l0;
|
||||
};
|
||||
|
||||
window = strtoul(&cmd[3], &c, 10);
|
||||
if (!window || (window >= (OPIE_SEQUENCE_MAX - OPIE_SEQUENCE_RESTRICT)) || !isspace(*c)) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: got bogus option response: %s\n", cmd);
|
||||
#endif /* DEBUG */
|
||||
close(s);
|
||||
s = -1;
|
||||
goto l0;
|
||||
};
|
||||
};
|
||||
|
||||
l0:
|
||||
if (*secret) {
|
||||
int j;
|
||||
|
||||
if (s < 0) {
|
||||
j = 0;
|
||||
goto l1;
|
||||
};
|
||||
|
||||
j = max(sequence - window + 1, OPIE_SEQUENCE_RESTRICT);
|
||||
|
||||
for (i = j; i > 0; i--)
|
||||
opiehash(&key, algorithm);
|
||||
|
||||
{
|
||||
char buf[16+1];
|
||||
|
||||
opiebtoa8(buf, &key);
|
||||
|
||||
if (snprintf(cmd, sizeof(cmd), "S= %d %d %s %s\n", algorithm, sequence,
|
||||
seed, buf) >= sizeof(cmd)) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at S=\n");
|
||||
#endif /* DEBUG */
|
||||
goto l1;
|
||||
}
|
||||
}
|
||||
|
||||
if (write(s, cmd, i = strlen(cmd)) != i) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno);
|
||||
#endif /* DEBUG */
|
||||
goto l1;
|
||||
};
|
||||
|
||||
if ((i = read(s, cmd, sizeof(cmd))) < 0) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
|
||||
#endif /* DEBUG */
|
||||
};
|
||||
close(s);
|
||||
|
||||
cmd[i] = 0;
|
||||
i = strlen(seed);
|
||||
if ((cmd[0] != 'S') || (cmd[1] != '+') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i) || (*(c + i) != '\n')) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: got invalid/failing S+ response: %s\n", cmd);
|
||||
#endif /* DEBUG */
|
||||
};
|
||||
|
||||
l1:
|
||||
for (i = sequence - j; i > 0; i--)
|
||||
opiehash(&key, algorithm);
|
||||
|
||||
opiebtoh(response, &key);
|
||||
} else {
|
||||
if (s < 0)
|
||||
goto l2;
|
||||
|
||||
if ((snprintf(cmd, sizeof(cmd), "s= %d %d %s\n", algorithm, sequence,
|
||||
seed) >= sizeof(cmd))) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at s=\n");
|
||||
#endif /* DEBUG */
|
||||
goto l2;
|
||||
}
|
||||
|
||||
if (write(s, cmd, i = strlen(cmd)) != i) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno);
|
||||
#endif /* DEBUG */
|
||||
goto l2;
|
||||
};
|
||||
|
||||
if ((i = read(s, cmd, sizeof(cmd))) < 0) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno);
|
||||
#endif /* DEBUG */
|
||||
goto l2;
|
||||
};
|
||||
close(s);
|
||||
|
||||
i = strlen(seed);
|
||||
|
||||
if ((cmd[0] != 's') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i)) {
|
||||
#if DEBUG
|
||||
if (c)
|
||||
*c = 0;
|
||||
else
|
||||
cmd[3] = 0;
|
||||
|
||||
syslog(LOG_DEBUG, "opiegenerator: got bogus/invalid s response: %s\n", cmd);
|
||||
#endif /* DEBUG */
|
||||
goto l2;
|
||||
};
|
||||
|
||||
c += i;
|
||||
|
||||
if (cmd[1] == '-') {
|
||||
#if DEBUG
|
||||
if (*c != '\n') {
|
||||
*c = 0;
|
||||
syslog(LOG_DEBUG, "opiegenerator: got invalid s- response: %s\n", cmd);
|
||||
};
|
||||
#endif /* DEBUG */
|
||||
goto l2;
|
||||
};
|
||||
|
||||
if (cmd[1] != '+') {
|
||||
#if DEBUG
|
||||
*c = 0;
|
||||
syslog(LOG_DEBUG, "opiegenerator: got invalid s response: %s\n", cmd);
|
||||
#endif /* DEBUG */
|
||||
goto l2;
|
||||
};
|
||||
|
||||
{
|
||||
char *c2;
|
||||
|
||||
if (!(c2 = strchr(++c, '\n'))) {
|
||||
#if DEBUG
|
||||
*c = 0;
|
||||
syslog(LOG_DEBUG, "opiegenerator: got invalid s+ response: %s\n", cmd);
|
||||
#endif /* DEBUG */
|
||||
goto l2;
|
||||
};
|
||||
|
||||
*c2++ = 0;
|
||||
};
|
||||
|
||||
if (!opieatob8(&key, c))
|
||||
goto l2;
|
||||
|
||||
opiebtoh(response, &key);
|
||||
};
|
||||
|
||||
if (s >= 0)
|
||||
close(s);
|
||||
#else /* OPIEAUTO */
|
||||
if (*secret) {
|
||||
while (sequence-- != 0)
|
||||
opiehash(&key, algorithm);
|
||||
|
||||
opiebtoh(response, &key);
|
||||
} else
|
||||
return -2;
|
||||
#endif /* OPIEAUTO */
|
||||
|
||||
return 0;
|
||||
|
||||
#if OPIEAUTO
|
||||
l2:
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegenerator: no opieauto response available.\n");
|
||||
#endif /* DEBUG */
|
||||
if (s >= 0)
|
||||
close(s);
|
||||
|
||||
return -2;
|
||||
#endif /* OPIEAUTO */
|
||||
};
|
|
@ -1,27 +0,0 @@
|
|||
/* getsequence.c: The opiegetsequence() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.3. Use opie_ prefix.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Created at NRL for OPIE 2.2 from opiesubr2.c
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
int opiegetsequence FUNCTION((stateblock), struct opie *stateblock)
|
||||
{
|
||||
return stateblock->opie_n;
|
||||
}
|
|
@ -1,85 +0,0 @@
|
|||
/* getutmpentry.c: The __opiegetutmpentry() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.31. Cache result.
|
||||
Created by cmetz for OPIE 2.3 (re-write).
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#if DOUTMPX
|
||||
#include <utmpx.h>
|
||||
#define setutent setutxent
|
||||
#define getutline(x) getutxline(x)
|
||||
#define utmp utmpx
|
||||
#else
|
||||
#include <utmp.h>
|
||||
#endif /* DOUTMPX */
|
||||
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
|
||||
#if DEBUG
|
||||
#include <syslog.h>
|
||||
#endif /* DEBUG */
|
||||
#include "opie.h"
|
||||
|
||||
#if !HAVE_GETUTLINE && !DOUTMPX
|
||||
struct utmp *getutline __P((struct utmp *));
|
||||
#endif /* HAVE_GETUTLINE && !DOUTMPX */
|
||||
|
||||
static struct utmp u;
|
||||
|
||||
int __opiegetutmpentry FUNCTION((line, utmp), char *line AND struct utmp *utmp)
|
||||
{
|
||||
struct utmp *pu;
|
||||
|
||||
if (u.ut_line[0]) {
|
||||
pu = &u;
|
||||
goto gotit;
|
||||
};
|
||||
|
||||
memset(&u, 0, sizeof(u));
|
||||
|
||||
if (!strncmp(line, "/dev/", 5)) {
|
||||
strncpy(u.ut_line, line + 5, sizeof(u.ut_line));
|
||||
setutent();
|
||||
if ((pu = getutline(&u)))
|
||||
goto gotit;
|
||||
|
||||
#ifdef hpux
|
||||
strcpy(u.ut_line, "pty/");
|
||||
strncpy(u.ut_line + 4, line + 5, sizeof(u.ut_line) - 4);
|
||||
setutent();
|
||||
if ((pu = getutline(&u)))
|
||||
goto gotit;
|
||||
#endif /* hpux */
|
||||
}
|
||||
|
||||
strncpy(u.ut_line, line, sizeof(u.ut_line));
|
||||
setutent();
|
||||
if ((pu = getutline(&u)))
|
||||
goto gotit;
|
||||
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "__opiegetutmpentry: failed to find entry for line %s", line);
|
||||
#endif /* DEBUG */
|
||||
return -1;
|
||||
|
||||
gotit:
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "__opiegetutmpentry: succeeded with line %s", pu->ut_line);
|
||||
#endif /* DEBUG */
|
||||
memcpy(utmp, pu, sizeof(struct utmp));
|
||||
return 0;
|
||||
}
|
|
@ -1,78 +0,0 @@
|
|||
/* hash.c: The opiehash() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg.
|
||||
Modified by cmetz for OPIE 2.31. Added SHA support (which may
|
||||
not be correct). Backed out previous optimizations as
|
||||
they killed thread-safety.
|
||||
Created by cmetz for OPIE 2.3 using the old hash.c as a guide.
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
|
||||
#include <sys/endian.h>
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
#include <sha.h>
|
||||
#include <md4.h>
|
||||
#include <md5.h>
|
||||
|
||||
VOIDRET opiehash FUNCTION((x, algorithm), struct opie_otpkey *x AND
|
||||
unsigned algorithm)
|
||||
{
|
||||
UINT4 *results = (UINT4 *)x;
|
||||
|
||||
switch(algorithm) {
|
||||
case 3:
|
||||
{
|
||||
SHA_CTX sha;
|
||||
UINT4 digest[5];
|
||||
SHA1_Init(&sha);
|
||||
SHA1_Update(&sha, (unsigned char *)x, 8);
|
||||
SHA1_Final((unsigned char *)digest, &sha);
|
||||
results[0] = digest[0] ^ digest[2] ^ digest[4];
|
||||
results[1] = digest[1] ^ digest[3];
|
||||
|
||||
/*
|
||||
* RFC2289 mandates that we convert SHA1 digest from big-endian to little
|
||||
* see Appendix A.
|
||||
*/
|
||||
results[0] = bswap32(results[0]);
|
||||
results[1] = bswap32(results[1]);
|
||||
};
|
||||
break;
|
||||
case 4:
|
||||
{
|
||||
MD4_CTX mdx;
|
||||
UINT4 mdx_tmp[4];
|
||||
|
||||
MD4Init(&mdx);
|
||||
MD4Update(&mdx, (unsigned char *)x, 8);
|
||||
MD4Final((unsigned char *)mdx_tmp, &mdx);
|
||||
results[0] = mdx_tmp[0] ^ mdx_tmp[2];
|
||||
results[1] = mdx_tmp[1] ^ mdx_tmp[3];
|
||||
};
|
||||
break;
|
||||
case 5:
|
||||
{
|
||||
MD5_CTX mdx;
|
||||
UINT4 mdx_tmp[4];
|
||||
|
||||
MD5Init(&mdx);
|
||||
MD5Update(&mdx, (unsigned char *)x, 8);
|
||||
MD5Final((unsigned char *)mdx_tmp, &mdx);
|
||||
results[0] = mdx_tmp[0] ^ mdx_tmp[2];
|
||||
results[1] = mdx_tmp[1] ^ mdx_tmp[3];
|
||||
};
|
||||
break;
|
||||
}
|
||||
}
|
|
@ -1,69 +0,0 @@
|
|||
/* hashlen.c: The opiehashlen() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey, isolate variables.
|
||||
Created by cmetz for OPIE 2.3.
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
|
||||
#include <sys/endian.h>
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
#include <sha.h>
|
||||
#include <md4.h>
|
||||
#include <md5.h>
|
||||
|
||||
VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND
|
||||
VOIDPTR in AND struct opie_otpkey *out AND int n)
|
||||
{
|
||||
UINT4 *results = (UINT4 *)out;
|
||||
UINT4 mdx_tmp[4];
|
||||
|
||||
switch(algorithm) {
|
||||
case 3: {
|
||||
SHA_CTX sha;
|
||||
UINT4 digest[5];
|
||||
SHA1_Init(&sha);
|
||||
SHA1_Update(&sha, (unsigned char *)in, n);
|
||||
SHA1_Final((unsigned char *)digest, &sha);
|
||||
results[0] = digest[0] ^ digest[2] ^ digest[4];
|
||||
results[1] = digest[1] ^ digest[3];
|
||||
|
||||
/*
|
||||
* RFC2289 mandates that we convert SHA1 digest from big-endian to little
|
||||
* see Appendix A.
|
||||
*/
|
||||
results[0] = bswap32(results[0]);
|
||||
results[1] = bswap32(results[1]);
|
||||
break;
|
||||
}
|
||||
case 4: {
|
||||
MD4_CTX mdx;
|
||||
MD4Init(&mdx);
|
||||
MD4Update(&mdx, (unsigned char *)in, n);
|
||||
MD4Final((unsigned char *)mdx_tmp, &mdx);
|
||||
results[0] = mdx_tmp[0] ^ mdx_tmp[2];
|
||||
results[1] = mdx_tmp[1] ^ mdx_tmp[3];
|
||||
break;
|
||||
}
|
||||
case 5: {
|
||||
MD5_CTX mdx;
|
||||
MD5Init(&mdx);
|
||||
MD5Update(&mdx, (unsigned char *)in, n);
|
||||
MD5Final((unsigned char *)mdx_tmp, &mdx);
|
||||
results[0] = mdx_tmp[0] ^ mdx_tmp[2];
|
||||
results[1] = mdx_tmp[1] ^ mdx_tmp[3];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,172 +0,0 @@
|
|||
/* insecure.c: The opieinsecure() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Do utmp checks on utmpx systems.
|
||||
Handle unterminated ut_host.
|
||||
Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent().
|
||||
Modified by cmetz for OPIE 2.3. Added result caching. Use
|
||||
__opiegetutmpentry(). Ifdef around ut_host check. Eliminate
|
||||
unused variable.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Allow IP loopback. DISPLAY and ut_host must match exactly,
|
||||
not just the part before the colon. Added work-around for
|
||||
Sun CDE dtterm bug. Leave the environment as it was
|
||||
found. Use uname().
|
||||
Created at NRL for OPIE 2.2 from opiesubr.c. Fixed pointer
|
||||
assignment that should have been a comparison.
|
||||
|
||||
$FreeBSD$
|
||||
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h> /* ANSI C standard library */
|
||||
#include <sys/param.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#if DOUTMPX
|
||||
#include <utmpx.h>
|
||||
#define utmp utmpx
|
||||
#define endutent endutxent
|
||||
#else
|
||||
#include <utmp.h>
|
||||
#endif /* DOUTMPX */
|
||||
|
||||
#if HAVE_SYS_UTSNAME_H
|
||||
#include <sys/utsname.h>
|
||||
#endif /* HAVE_SYS_UTSNAME_H */
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
char *remote_terms[] = { "xterm", "xterms", "kterm", NULL };
|
||||
|
||||
int opieinsecure FUNCTION_NOARGS
|
||||
{
|
||||
#ifndef NO_INSECURE_CHECK
|
||||
char *display_name;
|
||||
char *s;
|
||||
char *term_name;
|
||||
int insecure = 0;
|
||||
#if HAVE_UT_HOST || DOUTMPX
|
||||
struct utmp utmp;
|
||||
#endif /* HAVE_UT_HOST || DOUTMPX */
|
||||
static int result = -1;
|
||||
|
||||
if (result != -1)
|
||||
return result;
|
||||
|
||||
if (getenv("SSH_CLIENT") != NULL)
|
||||
return (result = 0);
|
||||
display_name = (char *) getenv("DISPLAY");
|
||||
term_name = (char *) getenv("TERM");
|
||||
|
||||
if (display_name) {
|
||||
insecure = 1;
|
||||
if (s = strchr(display_name, ':')) {
|
||||
int n = s - display_name;
|
||||
if (!n)
|
||||
insecure = 0;
|
||||
else {
|
||||
if (!strncmp("unix", display_name, n))
|
||||
insecure = 0;
|
||||
else if (!strncmp("localhost", display_name, n))
|
||||
insecure = 0;
|
||||
else if (!strncmp("loopback", display_name, n))
|
||||
insecure = 0;
|
||||
else if (!strncmp("127.0.0.1", display_name, n))
|
||||
insecure = 0;
|
||||
else {
|
||||
struct utsname utsname;
|
||||
|
||||
if (!uname(&utsname)) {
|
||||
if (!strncmp(utsname.nodename, display_name, n))
|
||||
insecure = 0;
|
||||
else {
|
||||
if (s = strchr(display_name, '.')) {
|
||||
int n2 = s - display_name;
|
||||
if (n < n2)
|
||||
n2 = n;
|
||||
if (!strncmp(utsname.nodename, display_name, n2))
|
||||
insecure = 0;
|
||||
} /* endif display_name is '.' */
|
||||
} /* endif hostname != display_name */
|
||||
} /* endif was able to get hostname */
|
||||
} /* endif display_name == UNIX */
|
||||
}
|
||||
}
|
||||
} /* endif display_name == ":" */
|
||||
if (insecure)
|
||||
return (result = 1);
|
||||
|
||||
/* If no DISPLAY variable exists and TERM=xterm,
|
||||
then we probably have an xterm executing on a remote system
|
||||
with an rlogin or telnet to our system. If it were a local
|
||||
xterm, then the DISPLAY environment variable would
|
||||
have to exist. rja */
|
||||
if (!display_name && term_name) {
|
||||
int i;
|
||||
for (i = 0; remote_terms[i]; i++)
|
||||
if (!strcmp(term_name, remote_terms[i]))
|
||||
return (result = 1);
|
||||
};
|
||||
|
||||
#if HAVE_UT_HOST || DOUTMPX
|
||||
if (isatty(0)) {
|
||||
memset(&utmp, 0, sizeof(struct utmp));
|
||||
{
|
||||
int i = __opiegetutmpentry(ttyname(0), &utmp);
|
||||
endutent();
|
||||
if (!i && utmp.ut_host[0]) {
|
||||
char host[sizeof(utmp.ut_host) + 1];
|
||||
insecure = 1;
|
||||
|
||||
strncpy(host, utmp.ut_host, sizeof(utmp.ut_host));
|
||||
host[sizeof(utmp.ut_host)] = 0;
|
||||
|
||||
if (s = strchr(host, ':')) {
|
||||
int n = s - host;
|
||||
if (!n)
|
||||
insecure = 0;
|
||||
else
|
||||
if (display_name) {
|
||||
if (!strncmp(host, display_name, n))
|
||||
insecure = 0;
|
||||
#if 1 /* def SOLARIS */
|
||||
else
|
||||
if (s = strchr(host, ' ')) {
|
||||
*s = ':';
|
||||
if (s = strchr(s + 1, ' '))
|
||||
*s = '.';
|
||||
if (!strncmp(host, display_name, n))
|
||||
insecure = 0;
|
||||
}
|
||||
#endif /* SOLARIS */
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
||||
};
|
||||
#endif /* HAVE_UT_HOST || DOUTMPX */
|
||||
if (insecure)
|
||||
return (result = 1);
|
||||
|
||||
return (result = 0);
|
||||
#else /* NO_INSECURE_CHECK */
|
||||
return 0;
|
||||
#endif /* NO_INSECURE_CHECK */
|
||||
}
|
|
@ -1,66 +0,0 @@
|
|||
/* keycrunch.c: The opiekeycrunch() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for arg.
|
||||
Created by cmetz for OPIE 2.3 using the old keycrunch.c as a guide.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#if HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif /* HAVE_STDLIB_H */
|
||||
#include <ctype.h>
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND
|
||||
struct opie_otpkey *result AND char *seed AND char *secret)
|
||||
{
|
||||
int i, rval = -1;
|
||||
char *c;
|
||||
|
||||
if (!result || !seed || !secret)
|
||||
return 1;
|
||||
|
||||
i = strlen(seed) + strlen(secret);
|
||||
if (!(c = malloc(i + 1)))
|
||||
return -1;
|
||||
|
||||
{
|
||||
char *c2 = c;
|
||||
|
||||
if (algorithm & 0x10)
|
||||
while(*c2 = *(secret++)) c2++;
|
||||
|
||||
while(*seed)
|
||||
if (isspace(*(c2++) = tolower(*(seed++))))
|
||||
goto kcret;
|
||||
|
||||
if (!(algorithm & 0x10))
|
||||
strcpy(c2, secret);
|
||||
}
|
||||
|
||||
opiehashlen(algorithm & 0x0f, c, result, i);
|
||||
rval = 0;
|
||||
|
||||
kcret:
|
||||
{
|
||||
char *c2 = c;
|
||||
while(*c2)
|
||||
*(c2++) = 0;
|
||||
}
|
||||
|
||||
free(c);
|
||||
return rval;
|
||||
}
|
|
@ -1,255 +0,0 @@
|
|||
/* lock.c: The opielock() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use snprintf.
|
||||
Modified by cmetz for OPIE 2.31. Put locks in a separate dir.
|
||||
Bug fixes.
|
||||
Modified by cmetz for OPIE 2.3. Do refcounts whether or not we
|
||||
actually lock. Fixed USER_LOCKING=0 case.
|
||||
Modified by cmetz for OPIE 2.22. Added reference count for locks.
|
||||
Changed lock filename/refcount symbol names to better indicate
|
||||
that they're not user serviceable.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Use "principal" instead of "name" to make it clearer.
|
||||
Ifdef around some headers, be more careful about allowed
|
||||
error return values. Check open() return value properly.
|
||||
Avoid NULL.
|
||||
Created at NRL for OPIE 2.2 from opiesubr2.c
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#include <sys/stat.h>
|
||||
#include <syslog.h>
|
||||
#include <fcntl.h>
|
||||
#if HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif /* HAVE_STDLIB_H */
|
||||
#include <errno.h>
|
||||
#include "opie.h"
|
||||
|
||||
#if !HAVE_LSTAT
|
||||
#define lstat(x, y) stat(x, y)
|
||||
#endif /* !HAVE_LSTAT */
|
||||
|
||||
int __opie_lockrefcount = 0;
|
||||
static int do_atexit = 1;
|
||||
|
||||
VOIDRET opiedisableaeh FUNCTION_NOARGS
|
||||
{
|
||||
do_atexit = 0;
|
||||
}
|
||||
#if USER_LOCKING
|
||||
char *__opie_lockfilename = (char *)0;
|
||||
|
||||
/* atexit() handler for opielock() */
|
||||
VOIDRET opieunlockaeh FUNCTION_NOARGS
|
||||
{
|
||||
if (__opie_lockfilename) {
|
||||
__opie_lockrefcount = 0;
|
||||
opieunlock();
|
||||
}
|
||||
}
|
||||
#endif /* USER_LOCKING */
|
||||
|
||||
/*
|
||||
Serialize (we hope) authentication of user to prevent race conditions.
|
||||
Creates a lock file with a name of OPIE_LOCK_PREFIX with the user name
|
||||
appended. This file contains the pid of the lock's owner and a time()
|
||||
stamp. We use the former to check for dead owners and the latter to
|
||||
provide an upper bound on the lock duration. If there are any problems,
|
||||
we assume the lock is bogus.
|
||||
|
||||
The value of this locking and its security implications are still not
|
||||
completely clear and require further study.
|
||||
|
||||
One could conceivably hack this facility to provide locking of user
|
||||
accounts after several authentication failures.
|
||||
|
||||
Return -1 on low-level error, 0 if ok, 1 on locking failure.
|
||||
*/
|
||||
int opielock FUNCTION((principal), char *principal)
|
||||
{
|
||||
#if USER_LOCKING
|
||||
int fh, waits = 0, rval = -1, pid, t, i;
|
||||
char buffer[128], buffer2[128], *c, *c2;
|
||||
struct stat statbuf[2];
|
||||
|
||||
if (getuid() && geteuid()) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opielock: requires superuser priveleges");
|
||||
#endif /* DEBUG */
|
||||
return -1;
|
||||
};
|
||||
|
||||
if (__opie_lockfilename) {
|
||||
__opie_lockrefcount++;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!(__opie_lockfilename = (char *)malloc(sizeof(OPIE_LOCK_DIR) + 1 + strlen(principal))))
|
||||
return -1;
|
||||
|
||||
strcpy(__opie_lockfilename, OPIE_LOCK_DIR);
|
||||
|
||||
if (mkdir(__opie_lockfilename, 0700) < 0)
|
||||
if (errno != EEXIST)
|
||||
return -1;
|
||||
|
||||
if (lstat(__opie_lockfilename, &statbuf[0]) < 0)
|
||||
return -1;
|
||||
|
||||
if (statbuf[0].st_uid) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opielock: %s isn't owned by the superuser.", __opie_lockfilename);
|
||||
#endif /* DEBUG */
|
||||
return -1;
|
||||
};
|
||||
|
||||
if (!S_ISDIR(statbuf[0].st_mode)) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opielock: %s isn't a directory.", __opie_lockfilename);
|
||||
#endif /* DEBUG */
|
||||
return -1;
|
||||
};
|
||||
|
||||
if ((statbuf[0].st_mode & 0777) != 00700) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opielock: permissions on %s are not correct.", __opie_lockfilename);
|
||||
#endif /* DEBUG */
|
||||
return -1;
|
||||
};
|
||||
|
||||
strcat(__opie_lockfilename, "/");
|
||||
strcat(__opie_lockfilename, principal);
|
||||
|
||||
fh = -1;
|
||||
while (fh < 0) {
|
||||
if (!lstat(__opie_lockfilename, &statbuf[0]))
|
||||
if (!S_ISREG(statbuf[0].st_mode))
|
||||
goto lockret;
|
||||
|
||||
if ((fh = open(__opie_lockfilename, O_WRONLY | O_CREAT | O_EXCL, 0600)) < 0) {
|
||||
if (lstat(__opie_lockfilename, &statbuf[1]) < 0)
|
||||
goto lockret;
|
||||
if (statbuf[0].st_ino != statbuf[1].st_ino)
|
||||
goto lockret;
|
||||
if (statbuf[0].st_mode != statbuf[1].st_mode)
|
||||
goto lockret;
|
||||
if ((fh = open(__opie_lockfilename, O_RDONLY, 0600)) < 0)
|
||||
goto lockret;
|
||||
if ((i = read(fh, buffer, sizeof(buffer))) <= 0)
|
||||
goto lockret;
|
||||
|
||||
buffer[sizeof(buffer) - 1] = 0;
|
||||
buffer[i - 1] = 0;
|
||||
|
||||
if (!(c = strchr(buffer, '\n')))
|
||||
break;
|
||||
|
||||
*(c++) = 0;
|
||||
|
||||
if (!(c2 = strchr(c, '\n')))
|
||||
break;
|
||||
|
||||
*(c2++) = 0;
|
||||
|
||||
if (!(pid = atoi(buffer)))
|
||||
break;
|
||||
|
||||
if (!(t = atoi(c)))
|
||||
break;
|
||||
|
||||
if ((t + OPIE_LOCK_TIMEOUT) < time(0))
|
||||
break;
|
||||
|
||||
if (kill(pid, 0))
|
||||
break;
|
||||
|
||||
close(fh);
|
||||
fh = 0;
|
||||
sleep(1);
|
||||
if (waits++ > 3) {
|
||||
rval = 1;
|
||||
goto lockret;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
if (lstat(__opie_lockfilename, &statbuf[0]) < 0)
|
||||
goto lockret;
|
||||
if (fstat(fh, &statbuf[1]) < 0)
|
||||
goto lockret;
|
||||
if (!S_ISREG(statbuf[0].st_mode) || (statbuf[0].st_mode != statbuf[1].st_mode) || (statbuf[0].st_ino != statbuf[1].st_ino))
|
||||
goto lockret;
|
||||
|
||||
if (snprintf(buffer, sizeof(buffer), "%d\n%d\n", getpid(), time(0)) >= sizeof(buffer))
|
||||
goto lockret;
|
||||
|
||||
i = strlen(buffer) + 1;
|
||||
if (lseek(fh, 0, SEEK_SET)) {
|
||||
close(fh);
|
||||
unlink(__opie_lockfilename);
|
||||
fh = 0;
|
||||
goto lockret;
|
||||
};
|
||||
if (write(fh, buffer, i) != i) {
|
||||
close(fh);
|
||||
unlink(__opie_lockfilename);
|
||||
fh = 0;
|
||||
goto lockret;
|
||||
};
|
||||
close(fh);
|
||||
if ((fh = open(__opie_lockfilename, O_RDWR, 0600)) < 0) {
|
||||
unlink(__opie_lockfilename);
|
||||
goto lockret;
|
||||
};
|
||||
if (read(fh, buffer2, i) != i) {
|
||||
close(fh);
|
||||
unlink(__opie_lockfilename);
|
||||
fh = 0;
|
||||
goto lockret;
|
||||
};
|
||||
close(fh);
|
||||
if (memcmp(buffer, buffer2, i)) {
|
||||
unlink(__opie_lockfilename);
|
||||
goto lockret;
|
||||
};
|
||||
|
||||
__opie_lockrefcount++;
|
||||
rval = 0;
|
||||
if (do_atexit)
|
||||
atexit(opieunlockaeh);
|
||||
|
||||
lockret:
|
||||
if (fh >= 0)
|
||||
close(fh);
|
||||
if (!__opie_lockrefcount) {
|
||||
free (__opie_lockfilename);
|
||||
__opie_lockfilename = NULL;
|
||||
};
|
||||
return rval;
|
||||
#else /* USER_LOCKING */
|
||||
__opie_lockrefcount++;
|
||||
return 0;
|
||||
#endif /* USER_LOCKING */
|
||||
}
|
|
@ -1,124 +0,0 @@
|
|||
/* login.c: The opielogin() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Add support for ut_id and
|
||||
ut_syslen. Don't zero-terminate ut_name and ut_host.
|
||||
Modified by cmetz for OPIE 2.31. If the OS won't tell us where
|
||||
_PATH_WTMP[X] is, try playing the SVID game, then use
|
||||
Autoconf-discovered values. Fixed gettimeofday() call
|
||||
and updwtmpx() call. Call endutxent for utmpx. Added
|
||||
DISABLE_UTMP.
|
||||
Created by cmetz for OPIE 2.3.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#if DOUTMPX
|
||||
#include <utmpx.h>
|
||||
#define pututline(x) pututxline(x)
|
||||
#define endutent endutxent
|
||||
#define utmp utmpx
|
||||
#else
|
||||
#include <utmp.h>
|
||||
#endif /* DOUTMPX */
|
||||
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#include <sys/stat.h>
|
||||
#if DEBUG
|
||||
#include <syslog.h>
|
||||
#include <errno.h>
|
||||
#endif /* DEBUG */
|
||||
#include "opie.h"
|
||||
|
||||
#define IDLEN 4
|
||||
|
||||
int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *host)
|
||||
{
|
||||
int rval = 0;
|
||||
#if !DISABLE_UTMP
|
||||
struct utmp u;
|
||||
char id[IDLEN + 1] = "";
|
||||
|
||||
if (__opiegetutmpentry(line, &u)) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opielogin: __opiegetutmpentry(line=%s, &u) failed", line);
|
||||
#endif /* DEBUG */
|
||||
memset(&u, 0, sizeof(struct utmp));
|
||||
if (!strncmp(line, "/dev/", 5))
|
||||
strncpy(u.ut_line, line + 5, sizeof(u.ut_line));
|
||||
else
|
||||
strncpy(u.ut_line, line, sizeof(u.ut_line));
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opielogin: continuing with ut_line=%s", u.ut_line);
|
||||
#endif /* DEBUG */
|
||||
}
|
||||
|
||||
#if DOUTMPX || HAVE_UT_ID
|
||||
strncpy(id, u.ut_id, sizeof(u.ut_id));
|
||||
id[sizeof(id)-1] = 0;
|
||||
#endif /* DOUTMPX || HAVE_UT_ID */
|
||||
|
||||
#if HAVE_UT_TYPE && defined(USER_PROCESS)
|
||||
u.ut_type = USER_PROCESS;
|
||||
#endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */
|
||||
#if HAVE_UT_PID
|
||||
u.ut_pid = getpid();
|
||||
#endif /* HAVE_UT_PID */
|
||||
|
||||
#if HAVE_UT_NAME
|
||||
strncpy(u.ut_name, name, sizeof(u.ut_name));
|
||||
#else /* HAVE_UT_NAME */
|
||||
#error No ut_name field in struct utmp? (Please send in a bug report)
|
||||
#endif /* HAVE_UT_NAME */
|
||||
|
||||
#if HAVE_UT_HOST
|
||||
strncpy(u.ut_host, host, sizeof(u.ut_host));
|
||||
#endif /* HAVE_UT_HOST */
|
||||
#if DOUTMPX && HAVE_UTX_SYSLEN
|
||||
u.ut_syslen = strlen(host) + 1;
|
||||
#endif /* DOUTMPX && HAVE_UT_SYSLEN */
|
||||
|
||||
#if DOUTMPX
|
||||
#ifdef HAVE_ONE_ARG_GETTIMEOFDAY
|
||||
gettimeofday(&u.ut_tv);
|
||||
#else /* HAVE_ONE_ARG_GETTIMEOFDAY */
|
||||
gettimeofday(&u.ut_tv, NULL);
|
||||
#endif /* HAVE_ONE_ARG_GETTIMEOFDAY */
|
||||
#else /* DOUTMPX */
|
||||
time(&u.ut_time);
|
||||
#endif /* DOUTMPX */
|
||||
|
||||
pututline(&u);
|
||||
endutent();
|
||||
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opielogin: utmp suceeded");
|
||||
#endif /* DEBUG */
|
||||
#endif /* !DISABLE_UTMP */
|
||||
|
||||
dowtmp:
|
||||
opielogwtmp(line, name, host, id);
|
||||
opielogwtmp(NULL, NULL, NULL);
|
||||
|
||||
dosetlogin:
|
||||
#if HAVE_SETLOGIN
|
||||
setlogin(name);
|
||||
#endif /* HAVE_SETLOGIN */
|
||||
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opielogin: rval=%d", rval);
|
||||
#endif /* DEBUG */
|
||||
|
||||
return rval;
|
||||
}
|
|
@ -1,197 +0,0 @@
|
|||
/* logwtmp.c: Put an entry in the wtmp file.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Set process to dead if name is null.
|
||||
Added support for ut_id and ut_syslen.
|
||||
Modified by cmetz for OPIE 2.32. Don't leave line=NULL, skip
|
||||
past /dev/ in line. Fill in ut_host on systems with UTMPX and
|
||||
ut_host.
|
||||
Modified by cmetz for OPIE 2.31. Move wtmp log functions here, to
|
||||
improve portability. Added DISABLE_WTMP.
|
||||
Modified by cmetz for OPIE 2.22. Call gettimeofday() properly.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Ifdef around some headers. Added file close hook.
|
||||
Modified at NRL for OPIE 2.1. Set process type for HPUX.
|
||||
Modified at NRL for OPIE 2.0.
|
||||
Originally from BSD.
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 1988 The Regents of the University of California.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the University of
|
||||
* California, Berkeley and its contributors.
|
||||
* 4. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#if HAVE_SYS_TIME_H
|
||||
#include <sys/time.h>
|
||||
#endif /* HAVE_SYS_TIME_H */
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
#include <utmp.h>
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
static int fd = -1;
|
||||
|
||||
#if DOUTMPX
|
||||
static int fdx = -1;
|
||||
#include <utmpx.h>
|
||||
#endif /* DOUTMPX */
|
||||
|
||||
#ifndef _PATH_WTMP
|
||||
#ifdef WTMP_FILE
|
||||
#define _PATH_WTMP WTMP_FILE
|
||||
#else /* WTMP_FILE */
|
||||
#ifdef PATH_WTMP_AC
|
||||
#define _PATH_WTMP PATH_WTMP_AC
|
||||
#endif /* PATH_WTMP_AC */
|
||||
#endif /* WTMP_FILE */
|
||||
#endif /* _PATH_WTMP */
|
||||
|
||||
#ifndef _PATH_WTMPX
|
||||
#ifdef WTMPX_FILE
|
||||
#define _PATH_WTMPX WTMPX_FILE
|
||||
#else /* WTMPX_FILE */
|
||||
#ifdef PATH_WTMPX_AC
|
||||
#define _PATH_WTMPX PATH_WTMPX_AC
|
||||
#endif /* PATH_WTMPX_AC */
|
||||
#endif /* WTMPX_FILE */
|
||||
#endif /* _PATH_WTMPX */
|
||||
|
||||
/*
|
||||
* Modified version of logwtmp that holds wtmp file open
|
||||
* after first call, for use with ftp (which may chroot
|
||||
* after login, but before logout).
|
||||
*/
|
||||
VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host AND char *id)
|
||||
{
|
||||
#if !DISABLE_WTMP
|
||||
struct utmp ut;
|
||||
|
||||
#if DOUTMPX && defined(_PATH_WTMPX)
|
||||
struct utmpx utx;
|
||||
#endif /* DOUTMPX && defined(_PATH_WTMPX) */
|
||||
struct stat buf;
|
||||
|
||||
memset(&ut, 0, sizeof(struct utmp));
|
||||
|
||||
if (!line) {
|
||||
close(fd);
|
||||
#if DOUTMPX && defined(_PATH_WTMPX)
|
||||
close(fdx);
|
||||
#endif /* DOUTMPX && defined(_PATH_WTMPX) */
|
||||
line = "";
|
||||
} else
|
||||
if (!strncmp(line, "/dev/", 5))
|
||||
line += 5;
|
||||
|
||||
if (fd < 0 && (fd = open(_PATH_WTMP, O_WRONLY | O_APPEND, 0)) < 0)
|
||||
return;
|
||||
if (fstat(fd, &buf) == 0) {
|
||||
#if HAVE_UT_TYPE && defined(USER_PROCESS)
|
||||
if (name && *name)
|
||||
ut.ut_type = USER_PROCESS;
|
||||
else
|
||||
ut.ut_type = DEAD_PROCESS;
|
||||
#endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */
|
||||
#if HAVE_UT_ID
|
||||
if (id)
|
||||
strncpy(ut.ut_id, id, sizeof(ut.ut_id));
|
||||
#endif /* HAVE_UT_ID */
|
||||
#if HAVE_UT_PID
|
||||
ut.ut_pid = getpid();
|
||||
#endif /* HAVE_UT_PID */
|
||||
strncpy(ut.ut_line, line, sizeof(ut.ut_line));
|
||||
strncpy(ut.ut_name, name, sizeof(ut.ut_name));
|
||||
#if HAVE_UT_HOST
|
||||
strncpy(ut.ut_host, host, sizeof(ut.ut_host));
|
||||
#endif /* HAVE_UT_HOST */
|
||||
time(&ut.ut_time);
|
||||
if (write(fd, (char *) &ut, sizeof(struct utmp)) !=
|
||||
sizeof(struct utmp))
|
||||
ftruncate(fd, buf.st_size);
|
||||
}
|
||||
|
||||
#if DOUTMPX && defined(_PATH_WTMPX)
|
||||
memset(&utx, 0, sizeof(struct utmpx));
|
||||
|
||||
if (fdx < 0 && (fdx = open(_PATH_WTMPX, O_WRONLY | O_APPEND, 0)) < 0)
|
||||
return;
|
||||
if (fstat(fdx, &buf) == 0) {
|
||||
strncpy(utx.ut_line, line, sizeof(utx.ut_line));
|
||||
strncpy(utx.ut_name, name, sizeof(utx.ut_name));
|
||||
strncpy(utx.ut_host, host, sizeof(utx.ut_host));
|
||||
#ifdef USER_PROCESS
|
||||
if (name && *name)
|
||||
utx.ut_type = USER_PROCESS;
|
||||
else
|
||||
utx.ut_type = DEAD_PROCESS;
|
||||
#endif /* USER_PROCESS */
|
||||
if (id)
|
||||
strncpy(utx.ut_id, id, sizeof(utx.ut_id));
|
||||
utx.ut_pid = getpid();
|
||||
#if HAVE_UTX_SYSLEN
|
||||
utx.ut_syslen = strlen(utx.ut_host) + 1;
|
||||
#endif /* HAVE_UTX_SYSLEN */
|
||||
#if HAVE_GETTIMEOFDAY
|
||||
#if HAVE_ONE_ARG_GETTIMEOFDAY
|
||||
gettimeofday(&utx.ut_tv);
|
||||
#else /* HAVE_ONE_ARG_GETTIMEOFDAY */
|
||||
gettimeofday(&utx.ut_tv, NULL);
|
||||
#endif /* HAVE_ONE_ARG_GETTIMEOFDAY */
|
||||
#endif /* HAVE_GETTIMEOFDAY */
|
||||
if (write(fdx, (char *) &utx, sizeof(struct utmpx)) != sizeof(struct utmpx))
|
||||
ftruncate(fdx, buf.st_size);
|
||||
}
|
||||
#endif /* DOUTMPX && defined(_PATH_WTMPX) */
|
||||
#endif /* !DISABLE_WTMP */
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
/* lookup.c: The opielookup() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Created by cmetz for OPIE 2.3 (re-write).
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "opie.h"
|
||||
|
||||
int opielookup FUNCTION((opie, principal), struct opie *opie AND char *principal)
|
||||
{
|
||||
int i;
|
||||
|
||||
memset(opie, 0, sizeof(struct opie));
|
||||
opie->opie_principal = principal;
|
||||
|
||||
if (i = __opiereadrec(opie))
|
||||
return i;
|
||||
|
||||
return (opie->opie_flags & __OPIE_FLAGS_RW) ? 0 : 2;
|
||||
}
|
||||
|
|
@ -1,267 +0,0 @@
|
|||
/* md4c.c: "RSA Data Security, Inc. MD4 Message-Digest Algorithm"
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Use the real memcpy() and memset(). Use unified context
|
||||
structure.
|
||||
Modified at NRL for OPIE 2.0.
|
||||
Originally from RSADSI reference code.
|
||||
*/
|
||||
/* Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved.
|
||||
|
||||
License to copy and use this software is granted provided that it
|
||||
is identified as the "RSA Data Security, Inc. MD4 Message-Digest
|
||||
Algorithm" in all material mentioning or referencing this software
|
||||
or this function.
|
||||
|
||||
License is also granted to make and use derivative works provided
|
||||
that such works are identified as "derived from the RSA Data
|
||||
Security, Inc. MD4 Message-Digest Algorithm" in all material
|
||||
mentioning or referencing the derived work.
|
||||
|
||||
RSA Data Security, Inc. makes no representations concerning either
|
||||
the merchantability of this software or the suitability of this
|
||||
software for any particular purpose. It is provided "as is"
|
||||
without express or implied warranty of any kind.
|
||||
|
||||
These notices must be retained in any copies of any part of this
|
||||
documentation and/or software.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
/* Constants for MD4Transform routine.
|
||||
*/
|
||||
#define S11 3
|
||||
#define S12 7
|
||||
#define S13 11
|
||||
#define S14 19
|
||||
#define S21 3
|
||||
#define S22 5
|
||||
#define S23 9
|
||||
#define S24 13
|
||||
#define S31 3
|
||||
#define S32 9
|
||||
#define S33 11
|
||||
#define S34 15
|
||||
|
||||
static VOIDRET MD4Transform __P((UINT4[4], unsigned char[64]));
|
||||
static VOIDRET Encode __P((unsigned char *, UINT4 *, unsigned int));
|
||||
static VOIDRET Decode __P((UINT4 *, unsigned char *, unsigned int));
|
||||
|
||||
static unsigned char PADDING[64] =
|
||||
{
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
||||
};
|
||||
|
||||
/* F, G and H are basic MD4 functions.
|
||||
*/
|
||||
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
|
||||
#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
|
||||
#define H(x, y, z) ((x) ^ (y) ^ (z))
|
||||
|
||||
/* ROTATE_LEFT rotates x left n bits.
|
||||
*/
|
||||
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
|
||||
|
||||
/* FF, GG and HH are transformations for rounds 1, 2 and 3 */
|
||||
/* Rotation is separate from addition to prevent recomputation */
|
||||
|
||||
#define FF(a, b, c, d, x, s) { \
|
||||
(a) += F ((b), (c), (d)) + (x); \
|
||||
(a) = ROTATE_LEFT ((a), (s)); \
|
||||
}
|
||||
#define GG(a, b, c, d, x, s) { \
|
||||
(a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \
|
||||
(a) = ROTATE_LEFT ((a), (s)); \
|
||||
}
|
||||
#define HH(a, b, c, d, x, s) { \
|
||||
(a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \
|
||||
(a) = ROTATE_LEFT ((a), (s)); \
|
||||
}
|
||||
|
||||
/* MD4 initialization. Begins an MD4 operation, writing a new context.
|
||||
*/
|
||||
VOIDRET opiemd4init FUNCTION((context), struct opiemdx_ctx *context)
|
||||
{
|
||||
context->count[0] = context->count[1] = 0;
|
||||
|
||||
/* Load magic initialization constants. */
|
||||
context->state[0] = 0x67452301;
|
||||
context->state[1] = 0xefcdab89;
|
||||
context->state[2] = 0x98badcfe;
|
||||
context->state[3] = 0x10325476;
|
||||
}
|
||||
|
||||
/* MD4 block update operation. Continues an MD4 message-digest
|
||||
operation, processing another message block, and updating the
|
||||
context.
|
||||
*/
|
||||
VOIDRET opiemd4update FUNCTION((context, input, inputLen), struct opiemdx_ctx *context AND unsigned char *input AND unsigned int inputLen)
|
||||
{
|
||||
unsigned int i, index, partLen;
|
||||
|
||||
/* Compute number of bytes mod 64 */
|
||||
index = (unsigned int) ((context->count[0] >> 3) & 0x3F);
|
||||
/* Update number of bits */
|
||||
if ((context->count[0] += ((UINT4) inputLen << 3))
|
||||
< ((UINT4) inputLen << 3))
|
||||
context->count[1]++;
|
||||
context->count[1] += ((UINT4) inputLen >> 29);
|
||||
|
||||
partLen = 64 - index;
|
||||
|
||||
/* Transform as many times as possible. */
|
||||
if (inputLen >= partLen) {
|
||||
memcpy((POINTER) & context->buffer[index], (POINTER) input, partLen);
|
||||
MD4Transform(context->state, context->buffer);
|
||||
|
||||
for (i = partLen; i + 63 < inputLen; i += 64)
|
||||
MD4Transform(context->state, &input[i]);
|
||||
|
||||
index = 0;
|
||||
} else
|
||||
i = 0;
|
||||
|
||||
/* Buffer remaining input */
|
||||
memcpy((POINTER) & context->buffer[index], (POINTER) & input[i], inputLen - i);
|
||||
}
|
||||
|
||||
/* MD4 finalization. Ends an MD4 message-digest operation, writing the
|
||||
the message digest and zeroizing the context.
|
||||
*/
|
||||
VOIDRET opiemd4final FUNCTION((digest, context), unsigned char *digest AND struct opiemdx_ctx *context)
|
||||
{
|
||||
unsigned char bits[8];
|
||||
unsigned int index, padLen;
|
||||
|
||||
/* Save number of bits */
|
||||
Encode(bits, context->count, 8);
|
||||
|
||||
/* Pad out to 56 mod 64. */
|
||||
index = (unsigned int) ((context->count[0] >> 3) & 0x3f);
|
||||
padLen = (index < 56) ? (56 - index) : (120 - index);
|
||||
opiemd4update(context, PADDING, padLen);
|
||||
|
||||
/* Append length (before padding) */
|
||||
opiemd4update(context, bits, 8);
|
||||
/* Store state in digest */
|
||||
Encode(digest, context->state, 16);
|
||||
|
||||
/* Zeroize sensitive information. */
|
||||
memset((POINTER) context, 0, sizeof(*context));
|
||||
}
|
||||
|
||||
/* MD4 basic transformation. Transforms state based on block.
|
||||
*/
|
||||
static VOIDRET MD4Transform FUNCTION((state, block), UINT4 state[4] AND unsigned char block[64])
|
||||
{
|
||||
UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
|
||||
|
||||
Decode(x, block, 64);
|
||||
|
||||
/* Round 1 */
|
||||
FF(a, b, c, d, x[0], S11); /* 1 */
|
||||
FF(d, a, b, c, x[1], S12); /* 2 */
|
||||
FF(c, d, a, b, x[2], S13); /* 3 */
|
||||
FF(b, c, d, a, x[3], S14); /* 4 */
|
||||
FF(a, b, c, d, x[4], S11); /* 5 */
|
||||
FF(d, a, b, c, x[5], S12); /* 6 */
|
||||
FF(c, d, a, b, x[6], S13); /* 7 */
|
||||
FF(b, c, d, a, x[7], S14); /* 8 */
|
||||
FF(a, b, c, d, x[8], S11); /* 9 */
|
||||
FF(d, a, b, c, x[9], S12); /* 10 */
|
||||
FF(c, d, a, b, x[10], S13); /* 11 */
|
||||
FF(b, c, d, a, x[11], S14); /* 12 */
|
||||
FF(a, b, c, d, x[12], S11); /* 13 */
|
||||
FF(d, a, b, c, x[13], S12); /* 14 */
|
||||
FF(c, d, a, b, x[14], S13); /* 15 */
|
||||
FF(b, c, d, a, x[15], S14); /* 16 */
|
||||
|
||||
/* Round 2 */
|
||||
GG(a, b, c, d, x[0], S21); /* 17 */
|
||||
GG(d, a, b, c, x[4], S22); /* 18 */
|
||||
GG(c, d, a, b, x[8], S23); /* 19 */
|
||||
GG(b, c, d, a, x[12], S24); /* 20 */
|
||||
GG(a, b, c, d, x[1], S21); /* 21 */
|
||||
GG(d, a, b, c, x[5], S22); /* 22 */
|
||||
GG(c, d, a, b, x[9], S23); /* 23 */
|
||||
GG(b, c, d, a, x[13], S24); /* 24 */
|
||||
GG(a, b, c, d, x[2], S21); /* 25 */
|
||||
GG(d, a, b, c, x[6], S22); /* 26 */
|
||||
GG(c, d, a, b, x[10], S23); /* 27 */
|
||||
GG(b, c, d, a, x[14], S24); /* 28 */
|
||||
GG(a, b, c, d, x[3], S21); /* 29 */
|
||||
GG(d, a, b, c, x[7], S22); /* 30 */
|
||||
GG(c, d, a, b, x[11], S23); /* 31 */
|
||||
GG(b, c, d, a, x[15], S24); /* 32 */
|
||||
|
||||
/* Round 3 */
|
||||
HH(a, b, c, d, x[0], S31); /* 33 */
|
||||
HH(d, a, b, c, x[8], S32); /* 34 */
|
||||
HH(c, d, a, b, x[4], S33); /* 35 */
|
||||
HH(b, c, d, a, x[12], S34); /* 36 */
|
||||
HH(a, b, c, d, x[2], S31); /* 37 */
|
||||
HH(d, a, b, c, x[10], S32); /* 38 */
|
||||
HH(c, d, a, b, x[6], S33); /* 39 */
|
||||
HH(b, c, d, a, x[14], S34); /* 40 */
|
||||
HH(a, b, c, d, x[1], S31); /* 41 */
|
||||
HH(d, a, b, c, x[9], S32); /* 42 */
|
||||
HH(c, d, a, b, x[5], S33); /* 43 */
|
||||
HH(b, c, d, a, x[13], S34); /* 44 */
|
||||
HH(a, b, c, d, x[3], S31); /* 45 */
|
||||
HH(d, a, b, c, x[11], S32); /* 46 */
|
||||
HH(c, d, a, b, x[7], S33); /* 47 */
|
||||
HH(b, c, d, a, x[15], S34); /* 48 */
|
||||
|
||||
state[0] += a;
|
||||
state[1] += b;
|
||||
state[2] += c;
|
||||
state[3] += d;
|
||||
|
||||
/* Zeroize sensitive information. */
|
||||
memset((POINTER) x, 0, sizeof(x));
|
||||
}
|
||||
|
||||
/* Encodes input (UINT4) into output (unsigned char). Assumes len is
|
||||
a multiple of 4.
|
||||
*/
|
||||
static VOIDRET Encode FUNCTION((output, input, len), unsigned char *output AND UINT4 *input AND unsigned int len)
|
||||
{
|
||||
unsigned int i, j;
|
||||
|
||||
for (i = 0, j = 0; j < len; i++, j += 4) {
|
||||
output[j] = (unsigned char) (input[i] & 0xff);
|
||||
output[j + 1] = (unsigned char) ((input[i] >> 8) & 0xff);
|
||||
output[j + 2] = (unsigned char) ((input[i] >> 16) & 0xff);
|
||||
output[j + 3] = (unsigned char) ((input[i] >> 24) & 0xff);
|
||||
}
|
||||
}
|
||||
|
||||
/* Decodes input (unsigned char) into output (UINT4). Assumes len is
|
||||
a multiple of 4.
|
||||
*/
|
||||
static VOIDRET Decode FUNCTION((output, input, len), UINT4 *output AND unsigned char *input AND unsigned int len)
|
||||
{
|
||||
unsigned int i, j;
|
||||
|
||||
for (i = 0, j = 0; j < len; i++, j += 4)
|
||||
output[i] = ((UINT4) input[j]) | (((UINT4) input[j + 1]) << 8) |
|
||||
(((UINT4) input[j + 2]) << 16) | (((UINT4) input[j + 3]) << 24);
|
||||
}
|
|
@ -1,304 +0,0 @@
|
|||
/* md5c.c: "RSA Data Security, Inc. MD5 Message-Digest Algorithm"
|
||||
"derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm"
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.3. Changed PTR to VOIDPTR.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Don't play macro games with memset/memcpy. Renamed exported
|
||||
functions to avoid conflicts. Use unified context structure.
|
||||
Modified at NRL for OPIE 2.1. Minor autoconf mods.
|
||||
Modified at NRL for OPIE 2.0.
|
||||
Originally from RSADSI reference code.
|
||||
*/
|
||||
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
|
||||
rights reserved.
|
||||
|
||||
License to copy and use this software is granted provided that it
|
||||
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
|
||||
Algorithm" in all material mentioning or referencing this software
|
||||
or this function.
|
||||
|
||||
License is also granted to make and use derivative works provided
|
||||
that such works are identified as "derived from the RSA Data
|
||||
Security, Inc. MD5 Message-Digest Algorithm" in all material
|
||||
mentioning or referencing the derived work.
|
||||
|
||||
RSA Data Security, Inc. makes no representations concerning either
|
||||
the merchantability of this software or the suitability of this
|
||||
software for any particular purpose. It is provided "as is"
|
||||
without express or implied warranty of any kind.
|
||||
|
||||
These notices must be retained in any copies of any part of this
|
||||
documentation and/or software.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
/* Constants for MD5Transform routine.
|
||||
*/
|
||||
#define S11 7
|
||||
#define S12 12
|
||||
#define S13 17
|
||||
#define S14 22
|
||||
#define S21 5
|
||||
#define S22 9
|
||||
#define S23 14
|
||||
#define S24 20
|
||||
#define S31 4
|
||||
#define S32 11
|
||||
#define S33 16
|
||||
#define S34 23
|
||||
#define S41 6
|
||||
#define S42 10
|
||||
#define S43 15
|
||||
#define S44 21
|
||||
|
||||
static VOIDRET MD5Transform __P((UINT4[4], unsigned char[64]));
|
||||
|
||||
static unsigned char PADDING[64] =
|
||||
{
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
||||
};
|
||||
|
||||
/*
|
||||
* Encodes input (UINT4) into output (unsigned char).
|
||||
* Assumes len is a multiple of 4.
|
||||
*/
|
||||
static VOIDRET EEncode FUNCTION((output, input, len), unsigned char *output AND UINT4 *input AND unsigned int len)
|
||||
{
|
||||
unsigned int i, j;
|
||||
|
||||
for (i = 0, j = 0; j < len; i++, j += 4) {
|
||||
output[j] = (unsigned char) (input[i] & 0xff);
|
||||
output[j + 1] = (unsigned char) ((input[i] >> 8) & 0xff);
|
||||
output[j + 2] = (unsigned char) ((input[i] >> 16) & 0xff);
|
||||
output[j + 3] = (unsigned char) ((input[i] >> 24) & 0xff);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Decodes input (unsigned char) into output (UINT4).
|
||||
* Assumes len is a multiple of 4.
|
||||
*/
|
||||
static VOIDRET EDecode FUNCTION((output, input, len), UINT4 *output AND unsigned char *input AND unsigned int len)
|
||||
{
|
||||
unsigned int i, j;
|
||||
|
||||
for (i = 0, j = 0; j < len; i++, j += 4)
|
||||
output[i] = ((UINT4) input[j]) | (((UINT4) input[j + 1]) << 8) |
|
||||
(((UINT4) input[j + 2]) << 16) | (((UINT4) input[j + 3]) << 24);
|
||||
}
|
||||
|
||||
/* F, G, H and I are basic MD5 functions. */
|
||||
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
|
||||
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
|
||||
#define H(x, y, z) ((x) ^ (y) ^ (z))
|
||||
#define I(x, y, z) ((y) ^ ((x) | (~z)))
|
||||
|
||||
/* ROTATE_LEFT rotates x left n bits. */
|
||||
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
|
||||
|
||||
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
|
||||
Rotation is separate from addition to prevent recomputation. */
|
||||
|
||||
#define FF(a, b, c, d, x, s, ac) { \
|
||||
(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
|
||||
(a) = ROTATE_LEFT ((a), (s)); \
|
||||
(a) += (b); \
|
||||
}
|
||||
|
||||
#define GG(a, b, c, d, x, s, ac) { \
|
||||
(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
|
||||
(a) = ROTATE_LEFT ((a), (s)); \
|
||||
(a) += (b); \
|
||||
}
|
||||
|
||||
#define HH(a, b, c, d, x, s, ac) { \
|
||||
(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
|
||||
(a) = ROTATE_LEFT ((a), (s)); \
|
||||
(a) += (b); \
|
||||
}
|
||||
|
||||
#define II(a, b, c, d, x, s, ac) { \
|
||||
(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
|
||||
(a) = ROTATE_LEFT ((a), (s)); \
|
||||
(a) += (b); \
|
||||
}
|
||||
|
||||
/* MD5 initialization. Begins an MD5 operation, writing a new context. */
|
||||
VOIDRET opiemd5init FUNCTION((context), struct opiemdx_ctx *context)
|
||||
{
|
||||
context->count[0] = context->count[1] = 0;
|
||||
/* Load magic initialization constants. */
|
||||
context->state[0] = 0x67452301;
|
||||
context->state[1] = 0xefcdab89;
|
||||
context->state[2] = 0x98badcfe;
|
||||
context->state[3] = 0x10325476;
|
||||
}
|
||||
|
||||
/*
|
||||
* MD5 block update operation. Continues an MD5 message-digest
|
||||
* operation, processing another message block, and updating the
|
||||
* context.
|
||||
*/
|
||||
VOIDRET opiemd5update FUNCTION((context, input, inputLen), struct opiemdx_ctx *context AND unsigned char *input AND unsigned int inputLen)
|
||||
{
|
||||
unsigned int i, index, partLen;
|
||||
|
||||
/* Compute number of bytes mod 64 */
|
||||
index = (unsigned int) ((context->count[0] >> 3) & 0x3F);
|
||||
|
||||
/* Update number of bits */
|
||||
if ((context->count[0] += ((UINT4) inputLen << 3)) < ((UINT4) inputLen << 3))
|
||||
context->count[1]++;
|
||||
|
||||
context->count[1] += ((UINT4) inputLen >> 29);
|
||||
partLen = 64 - index;
|
||||
|
||||
/* Transform as many times as possible. */
|
||||
if (inputLen >= partLen) {
|
||||
memcpy((VOIDPTR)&context->buffer[index], (VOIDPTR)input, partLen);
|
||||
MD5Transform(context->state, context->buffer);
|
||||
|
||||
for (i = partLen; i + 63 < inputLen; i += 64)
|
||||
MD5Transform(context->state, &input[i]);
|
||||
|
||||
index = 0;
|
||||
} else
|
||||
i = 0;
|
||||
|
||||
/* Buffer remaining input */
|
||||
memcpy((VOIDPTR) & context->buffer[index],
|
||||
(VOIDPTR) & input[i],
|
||||
inputLen - i);
|
||||
}
|
||||
|
||||
/* MD5 finalization. Ends an MD5 message-digest operation, writing the
|
||||
the message digest and zeroizing the context.
|
||||
*/
|
||||
VOIDRET opiemd5final FUNCTION((digest, context), unsigned char *digest AND struct opiemdx_ctx *context)
|
||||
{
|
||||
unsigned char bits[8];
|
||||
unsigned int index, padLen;
|
||||
|
||||
/* Save number of bits */
|
||||
EEncode(bits, context->count, 8);
|
||||
|
||||
/* Pad out to 56 mod 64. */
|
||||
index = (unsigned int) ((context->count[0] >> 3) & 0x3f);
|
||||
padLen = (index < 56) ? (56 - index) : (120 - index);
|
||||
opiemd5update(context, PADDING, padLen);
|
||||
|
||||
/* Append length (before padding) */
|
||||
opiemd5update(context, bits, 8);
|
||||
|
||||
/* Store state in digest */
|
||||
EEncode(digest, context->state, 16);
|
||||
|
||||
/* Zeroize sensitive information. */
|
||||
memset((VOIDPTR) context, 0, sizeof(*context));
|
||||
}
|
||||
|
||||
/* MD5 basic transformation. Transforms state based on block. */
|
||||
static VOIDRET MD5Transform FUNCTION((state, block), UINT4 state[4] AND unsigned char block[64])
|
||||
{
|
||||
UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
|
||||
|
||||
EDecode(x, block, 64);
|
||||
|
||||
/* Round 1 */
|
||||
FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */
|
||||
FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */
|
||||
FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */
|
||||
FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */
|
||||
FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */
|
||||
FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */
|
||||
FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */
|
||||
FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */
|
||||
FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */
|
||||
FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */
|
||||
FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
|
||||
FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
|
||||
FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
|
||||
FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
|
||||
FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
|
||||
FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
|
||||
|
||||
/* Round 2 */
|
||||
GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */
|
||||
GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */
|
||||
GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
|
||||
GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */
|
||||
GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */
|
||||
GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
|
||||
GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
|
||||
GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */
|
||||
GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */
|
||||
GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
|
||||
GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */
|
||||
GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */
|
||||
GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
|
||||
GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */
|
||||
GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */
|
||||
GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
|
||||
|
||||
/* Round 3 */
|
||||
HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */
|
||||
HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */
|
||||
HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
|
||||
HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
|
||||
HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */
|
||||
HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */
|
||||
HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */
|
||||
HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
|
||||
HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
|
||||
HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */
|
||||
HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */
|
||||
HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */
|
||||
HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */
|
||||
HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
|
||||
HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
|
||||
HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */
|
||||
|
||||
/* Round 4 */
|
||||
II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */
|
||||
II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */
|
||||
II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
|
||||
II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */
|
||||
II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
|
||||
II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */
|
||||
II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
|
||||
II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */
|
||||
II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */
|
||||
II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
|
||||
II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */
|
||||
II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
|
||||
II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */
|
||||
II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
|
||||
II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */
|
||||
II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */
|
||||
|
||||
state[0] += a;
|
||||
state[1] += b;
|
||||
state[2] += c;
|
||||
state[3] += d;
|
||||
|
||||
/* Zeroize sensitive information. */
|
||||
memset((VOIDPTR)x, 0, sizeof(x));
|
||||
}
|
|
@ -1,96 +0,0 @@
|
|||
/* newseed.c: The opienewseed() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Greatly simplified increment. Now does
|
||||
not add digits. Reformatted the code.
|
||||
Modified by cmetz for OPIE 2.32. Added syslog.h if DEBUG.
|
||||
Modified by cmetz for OPIE 2.31. Added time.h.
|
||||
Created by cmetz for OPIE 2.22.
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#ifndef HAVE_TIME_H
|
||||
#define HAVE_TIME_H 1
|
||||
#endif
|
||||
#if HAVE_TIME_H
|
||||
#include <time.h>
|
||||
#endif /* HAVE_TIME_H */
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#include <ctype.h>
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#if HAVE_SYS_UTSNAME_H
|
||||
#include <sys/utsname.h>
|
||||
#endif /* HAVE_SYS_UTSNAME_H */
|
||||
#include <errno.h>
|
||||
#if DEBUG
|
||||
#include <syslog.h>
|
||||
#endif /* DEBUG */
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include "opie.h"
|
||||
|
||||
int opienewseed FUNCTION((seed), char *seed)
|
||||
{
|
||||
if (!seed)
|
||||
return -1;
|
||||
|
||||
if (seed[0]) {
|
||||
char *c;
|
||||
unsigned int i, max;
|
||||
|
||||
if ((i = strlen(seed)) > OPIE_SEED_MAX)
|
||||
i = OPIE_SEED_MAX;
|
||||
|
||||
for (c = seed + i - 1, max = 1;
|
||||
(c >= seed) && isdigit(*c); c--)
|
||||
max *= 10;
|
||||
|
||||
if ((i = strtoul(++c, (char **)0, 10)) < max) {
|
||||
if (++i >= max)
|
||||
i = 1;
|
||||
|
||||
sprintf(c, "%d", i);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
time_t now;
|
||||
|
||||
time(&now);
|
||||
srand(now);
|
||||
}
|
||||
|
||||
{
|
||||
struct utsname utsname;
|
||||
|
||||
if (uname(&utsname) < 0) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno),
|
||||
errno);
|
||||
#endif /* DEBUG */
|
||||
utsname.nodename[0] = 'k';
|
||||
utsname.nodename[1] = 'e';
|
||||
}
|
||||
utsname.nodename[2] = 0;
|
||||
|
||||
if (snprintf(seed, OPIE_SEED_MAX+1, "%s%04d", utsname.nodename,
|
||||
(rand() % 9999) + 1) >= OPIE_SEED_MAX+1)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,77 +0,0 @@
|
|||
/* open.c: The __opieopen() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. More portable way to get the mode
|
||||
string for fopen.
|
||||
Created by cmetz for OPIE 2.3.
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#include <sys/stat.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
#if !HAVE_LSTAT
|
||||
#define lstat(x, y) stat(x, y)
|
||||
#endif /* !HAVE_LSTAT */
|
||||
|
||||
FILE *__opieopen FUNCTION((file, rw, mode), char *file AND int rw AND int mode)
|
||||
{
|
||||
FILE *f;
|
||||
struct stat st;
|
||||
|
||||
if (lstat(file, &st)) {
|
||||
if (errno != ENOENT)
|
||||
return NULL;
|
||||
|
||||
if (!(f = fopen(file, "w")))
|
||||
return NULL;
|
||||
|
||||
fclose(f);
|
||||
|
||||
if (chmod(file, mode))
|
||||
return NULL;
|
||||
|
||||
if (lstat(file, &st))
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!S_ISREG(st.st_mode))
|
||||
return NULL;
|
||||
|
||||
{
|
||||
char *fmode;
|
||||
|
||||
switch(rw) {
|
||||
case 0:
|
||||
fmode = "r";
|
||||
break;
|
||||
case 1:
|
||||
fmode = "r+";
|
||||
break;
|
||||
case 2:
|
||||
fmode = "a";
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
};
|
||||
|
||||
if (!(f = fopen(file, fmode)))
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return f;
|
||||
}
|
|
@ -1,82 +0,0 @@
|
|||
/* parsechallenge.c: The __opieparsechallenge() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use OPIE_SEQUENCE_MAX, check for
|
||||
sequence number of zero.
|
||||
Modified by cmetz for OPIE 2.32. Check for extended response sets.
|
||||
Change prefix to double underscore.
|
||||
Created by cmetz for OPIE 2.3 using generator.c as a guide.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#include <ctype.h>
|
||||
#include <stdlib.h>
|
||||
#include "opie.h"
|
||||
|
||||
struct algorithm {
|
||||
char *name;
|
||||
int num;
|
||||
};
|
||||
|
||||
static struct algorithm algorithms[] = {
|
||||
{ "md5", 5 },
|
||||
{ "md4", 4 },
|
||||
{ "sha1", 3 },
|
||||
{ NULL, 0 },
|
||||
};
|
||||
|
||||
int __opieparsechallenge FUNCTION((buffer, algorithm, sequence, seed, exts), char *buffer AND int *algorithm AND int *sequence AND char **seed AND int *exts)
|
||||
{
|
||||
char *c;
|
||||
|
||||
if (!(c = strchr(buffer, ' ')))
|
||||
return 1;
|
||||
|
||||
{
|
||||
struct algorithm *a;
|
||||
|
||||
for (a = algorithms; a->name && strncmp(buffer, a->name, (int)(c - buffer)); a++);
|
||||
if (!a->name)
|
||||
return -1;
|
||||
|
||||
*algorithm = a->num;
|
||||
}
|
||||
|
||||
if (((*sequence = strtoul(++c, &c, 10)) > OPIE_SEQUENCE_MAX) || !*sequence)
|
||||
return -1;
|
||||
|
||||
while(*c && isspace(*c)) c++;
|
||||
if (!*c)
|
||||
return -1;
|
||||
|
||||
buffer = c;
|
||||
while(*c && !isspace(*c)) c++;
|
||||
|
||||
{
|
||||
int i = (int)(c - buffer);
|
||||
|
||||
if ((i > OPIE_SEED_MAX) || (i < OPIE_SEED_MIN))
|
||||
return -1;
|
||||
}
|
||||
|
||||
*seed = buffer;
|
||||
*(c++) = 0;
|
||||
|
||||
while(*c && !isspace(*c)) c++;
|
||||
if (*c && !strncmp(c, "ext", 3))
|
||||
*exts = 1;
|
||||
else
|
||||
*exts = 0;
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
/* passcheck.c: The opiepasscheck() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.3. OPIE_PASS_{MIN,MAX} changed to
|
||||
OPIE_SECRET_{MIN,MAX}.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Created at NRL for OPIE 2.2 from opiesubr.c.
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
/*
|
||||
Applies "good password" rules to the secret pass phrase.
|
||||
|
||||
We currently implement the following:
|
||||
|
||||
Passwords must be at least OPIE_SECRET_MIN (10) characters long.
|
||||
Passwords must be at most OPIE_SECRET_MAX (127) characters long.
|
||||
|
||||
N.B.: Passing NULL pointers to this function is a bad idea.
|
||||
*/
|
||||
int opiepasscheck FUNCTION((secret), char *secret)
|
||||
{
|
||||
int len = strlen(secret);
|
||||
|
||||
if (len < OPIE_SECRET_MIN)
|
||||
return 1;
|
||||
|
||||
if (len > OPIE_SECRET_MAX)
|
||||
return 1;
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -1,76 +0,0 @@
|
|||
/* passwd.c: The opiepasswd() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.32. Renamed mode to flags. Made flag
|
||||
values symbolic constants. Added a flag for insecure override
|
||||
support.
|
||||
Modified by cmetz for OPIE 2.31. Removed active attack protection
|
||||
support.
|
||||
Modified by cmetz for OPIE 2.3. Split most of the function off
|
||||
and turned this into a front-end for the new __opiewriterec().
|
||||
Added code to compute the key from the secret. Use the opie_
|
||||
prefix. Use new opieatob8() and opiebtoa8() return values.
|
||||
Created by cmetz for OPIE 2.22.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
int opiepasswd FUNCTION((old, flags, principal, n, seed, ks), struct opie *old AND int flags AND char *principal AND int n AND char *seed AND char *ks)
|
||||
{
|
||||
int i;
|
||||
struct opie opie;
|
||||
|
||||
if ((flags & OPIEPASSWD_CONSOLE) && opieinsecure())
|
||||
#if INSECURE_OVERRIDE
|
||||
if (!(flags & OPIEPASSWD_FORCE))
|
||||
#endif /* INSECURE_OVERRIDE */
|
||||
return -1;
|
||||
|
||||
memset(&opie, 0, sizeof(struct opie));
|
||||
|
||||
if (old) {
|
||||
opie.opie_flags = old->opie_flags;
|
||||
opie.opie_recstart = old->opie_recstart;
|
||||
}
|
||||
|
||||
opie.opie_principal = principal;
|
||||
opie.opie_n = n;
|
||||
opie.opie_seed = seed;
|
||||
|
||||
if (ks) {
|
||||
struct opie_otpkey key;
|
||||
|
||||
if (flags & OPIEPASSWD_CONSOLE) {
|
||||
if (opiekeycrunch(MDX, &key, seed, ks))
|
||||
return -1;
|
||||
for (i = n; i; i--)
|
||||
opiehash(&key, MDX);
|
||||
if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key)))
|
||||
return -1;
|
||||
} else {
|
||||
if ((opieetob(&key, ks) != 1) && !opieatob8(&key, ks))
|
||||
return 1;
|
||||
if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key)))
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (opielock(principal))
|
||||
return -1;
|
||||
|
||||
i = __opiewriterec(&opie);
|
||||
|
||||
if (opieunlock())
|
||||
return -1;
|
||||
|
||||
return i;
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
/* randomchallenge.c: The opierandomchallenge() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use snprintf().
|
||||
Modified by cmetz for OPIE 2.32. Initialize algids[] with 0s
|
||||
instead of NULL.
|
||||
Modified by cmetz for OPIE 2.3. Add sha support.
|
||||
Modified by cmetz for OPIE 2.22. Don't include stdio.h.
|
||||
Use opienewseed(). Don't include unneeded headers.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Changed use of gethostname() to uname(). Ifdefed around some
|
||||
headers.
|
||||
Created at NRL for OPIE 2.2 from opiesubr2.c
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
static char *algids[] = { 0, 0, 0, "sha1", "md4", "md5" };
|
||||
|
||||
/* Generate a random challenge */
|
||||
/* This could grow into quite a monster, really. Random is good enough for
|
||||
most situations; it is certainly better than a fixed string */
|
||||
VOIDRET opierandomchallenge FUNCTION((prompt), char *prompt)
|
||||
{
|
||||
char buf[OPIE_SEED_MAX+1];
|
||||
|
||||
buf[0] = 0;
|
||||
if (opienewseed(buf))
|
||||
strcpy(buf, "ke4452");
|
||||
|
||||
snprintf(prompt, OPIE_CHALLENGE_MAX+1, "otp-%s %d %s ext", algids[MDX],
|
||||
(rand() % 499) + 1, buf);
|
||||
}
|
|
@ -1,315 +0,0 @@
|
|||
/* readpass.c: The opiereadpass() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.31. Use usleep() to delay after setting
|
||||
the terminal attributes; this might help certain buggy
|
||||
systems.
|
||||
Modified by cmetz for OPIE 2.3. Use TCSAFLUSH always.
|
||||
Modified by cmetz for OPIE 2.22. Replaced echo w/ flags.
|
||||
Really use FUNCTION.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Flush extraneous characters up to eol. Handle gobs of possible
|
||||
erase and kill keys if on a terminal. To do so, use RAW
|
||||
terminal I/O and handle echo ourselves. (should also help
|
||||
DOS et al portability). Fixed include order. Re-did MSDOS
|
||||
and OS/2 includes. Set up VMIN and VTIME. Added some non-UNIX
|
||||
portability cruft. Limit backspacing and killing. In terminal
|
||||
mode, eat random other control characters. Added eof handling.
|
||||
Created at NRL for OPIE 2.2 from opiesubr.c. Change opiestrip_crlf to
|
||||
opiestripcrlf. Don't strip to seven bits.
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h> /* ANSI C standard library */
|
||||
|
||||
#ifdef unix
|
||||
#include <fcntl.h> /* POSIX file control function headers */
|
||||
#include <termios.h> /* POSIX Terminal I/O functions */
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h> /* POSIX standard definitions */
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#include <signal.h>
|
||||
#include <setjmp.h>
|
||||
#endif /* unix */
|
||||
|
||||
#ifdef __MSDOS__
|
||||
#include <dos.h>
|
||||
#endif /* __MSDOS__ */
|
||||
|
||||
#ifdef __OS2__
|
||||
#define INCL_KBD
|
||||
#include <os2.h>
|
||||
#include <io.h>
|
||||
#endif /* __OS2__ */
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
#define CONTROL(x) (x - 64)
|
||||
|
||||
char *bsseq = "\b \b";
|
||||
|
||||
#ifdef unix
|
||||
static jmp_buf jmpbuf;
|
||||
|
||||
static VOIDRET catch FUNCTION((i), int i)
|
||||
{
|
||||
longjmp(jmpbuf, 1);
|
||||
}
|
||||
#endif /* unix */
|
||||
|
||||
char *opiereadpass FUNCTION((buf, len, flags), char *buf AND int len AND int flags)
|
||||
{
|
||||
#ifdef unix
|
||||
struct termios attr, orig_attr;
|
||||
#endif /* unix */
|
||||
char erase[5];
|
||||
char kill[4];
|
||||
char eof[4];
|
||||
|
||||
memset(erase, 0, sizeof(erase));
|
||||
memset(kill, 0, sizeof(kill));
|
||||
memset(eof, 0, sizeof(eof));
|
||||
|
||||
/* This section was heavily rewritten by rja following the model of code
|
||||
samples circa page 151 of the POSIX Programmer's Guide by Donald Lewine,
|
||||
ISBN 0-937175-73-0. That book is Copyright 1991 by O'Reilly &
|
||||
Associates, Inc. All Rights Reserved. I recommend the book to anyone
|
||||
trying to write portable software. rja */
|
||||
|
||||
#ifdef unix
|
||||
if (setjmp(jmpbuf))
|
||||
goto error;
|
||||
|
||||
signal(SIGINT, catch);
|
||||
#endif /* unix */
|
||||
|
||||
/* Flush any pending output */
|
||||
fflush(stderr);
|
||||
fflush(stdout);
|
||||
|
||||
#ifdef unix
|
||||
/* Get original terminal attributes */
|
||||
if (isatty(0)) {
|
||||
if (tcgetattr(0, &orig_attr))
|
||||
return NULL;
|
||||
|
||||
/* copy terminal settings into attr */
|
||||
memcpy(&attr, &orig_attr, sizeof(struct termios));
|
||||
|
||||
attr.c_lflag &= ~(ECHO | ICANON);
|
||||
attr.c_lflag |= ISIG;
|
||||
|
||||
attr.c_cc[VMIN] = 1;
|
||||
attr.c_cc[VTIME] = 0;
|
||||
|
||||
erase[0] = CONTROL('H');
|
||||
erase[1] = 127;
|
||||
|
||||
#ifdef CERASE
|
||||
{
|
||||
char *e = erase;
|
||||
|
||||
while(*e)
|
||||
if (*(e++) == CERASE)
|
||||
break;
|
||||
|
||||
if (!*e)
|
||||
*e = CERASE;
|
||||
}
|
||||
#endif /* CERASE */
|
||||
#ifdef VERASE
|
||||
{
|
||||
char *e = erase;
|
||||
|
||||
while(*e)
|
||||
if (*(e++) == attr.c_cc[VERASE])
|
||||
break;
|
||||
|
||||
if (!*e)
|
||||
*e = attr.c_cc[VERASE];
|
||||
}
|
||||
#endif /* VERASE */
|
||||
|
||||
kill[0] = CONTROL('U');
|
||||
#ifdef CKILL
|
||||
{
|
||||
char *e = kill;
|
||||
|
||||
while(*e)
|
||||
if (*(e++) == CKILL)
|
||||
break;
|
||||
|
||||
if (!*e)
|
||||
*e = CKILL;
|
||||
}
|
||||
#endif /* CKILL */
|
||||
#ifdef VKILL
|
||||
{
|
||||
char *e = kill;
|
||||
|
||||
while(*e)
|
||||
if (*(e++) == attr.c_cc[VKILL])
|
||||
break;
|
||||
|
||||
if (!*e)
|
||||
*e = attr.c_cc[VKILL];
|
||||
}
|
||||
#endif /* VKILL */
|
||||
|
||||
eof[0] = CONTROL('D');
|
||||
#ifdef CEOF
|
||||
{
|
||||
char *e = eof;
|
||||
|
||||
while(*e)
|
||||
if (*(e++) == CEOF)
|
||||
break;
|
||||
|
||||
if (!*e)
|
||||
*e = CEOF;
|
||||
}
|
||||
#endif /* CEOF */
|
||||
#ifdef VEOF
|
||||
{
|
||||
char *e = eof;
|
||||
|
||||
while(*e)
|
||||
if (*(e++) == attr.c_cc[VEOF])
|
||||
break;
|
||||
|
||||
if (!*e)
|
||||
*e = VEOF;
|
||||
}
|
||||
#endif /* VEOF */
|
||||
|
||||
#if HAVE_USLEEP
|
||||
usleep(1);
|
||||
#endif /* HAVE_USLEEP */
|
||||
|
||||
if (tcsetattr(0, TCSAFLUSH, &attr))
|
||||
goto error;
|
||||
|
||||
#if HAVE_USLEEP
|
||||
usleep(1);
|
||||
#endif /* HAVE_USLEEP */
|
||||
}
|
||||
#else /* unix */
|
||||
erase[0] = CONTROL('H');
|
||||
erase[1] = 127;
|
||||
kill[0] = CONTROL('U');
|
||||
eof[0] = CONTROL('D');
|
||||
eof[1] = CONTROL('Z');
|
||||
#endif /* unix */
|
||||
|
||||
{
|
||||
char *c = buf, *end = buf + len, *e;
|
||||
#ifdef __OS2__
|
||||
KBDKEYINFO keyInfo;
|
||||
#endif /* __OS2__ */
|
||||
|
||||
loop:
|
||||
#ifdef unix
|
||||
if (read(0, c, 1) != 1)
|
||||
goto error;
|
||||
#endif /* unix */
|
||||
#ifdef MSDOS
|
||||
*c = bdos(7, 0, 0);
|
||||
#endif /* MSDOS */
|
||||
#ifdef __OS2__
|
||||
KbdCharIn(&keyInfo, 0, 0);
|
||||
*c = keyInfo.chChar;
|
||||
#endif /* __OS2__ */
|
||||
|
||||
if ((*c == '\r') || (*c == '\n')) {
|
||||
*c = 0;
|
||||
goto restore;
|
||||
}
|
||||
|
||||
e = eof;
|
||||
while(*e)
|
||||
if (*(e++) == *c)
|
||||
goto error;
|
||||
|
||||
e = erase;
|
||||
while(*e)
|
||||
if (*(e++) == *c) {
|
||||
if (c <= buf)
|
||||
goto beep;
|
||||
|
||||
if (flags & 1)
|
||||
write(1, bsseq, sizeof(bsseq) - 1);
|
||||
c--;
|
||||
goto loop;
|
||||
}
|
||||
|
||||
e = kill;
|
||||
while(*e)
|
||||
if (*(e++) == *c) {
|
||||
if (c <= buf)
|
||||
goto beep;
|
||||
|
||||
if (flags & 1)
|
||||
while(c-- > buf)
|
||||
write(1, bsseq, sizeof(bsseq) - 1);
|
||||
|
||||
c = buf;
|
||||
goto loop;
|
||||
}
|
||||
|
||||
if (c < end) {
|
||||
if (*c < 32)
|
||||
goto beep;
|
||||
if (flags & 1)
|
||||
write(1, c, 1);
|
||||
c++;
|
||||
} else {
|
||||
beep:
|
||||
*c = CONTROL('G');
|
||||
write(1, c, 1);
|
||||
}
|
||||
|
||||
goto loop;
|
||||
}
|
||||
|
||||
restore:
|
||||
#ifdef unix
|
||||
/* Restore previous tty modes */
|
||||
if (isatty(0))
|
||||
if (tcsetattr(0, TCSAFLUSH, &orig_attr))
|
||||
return NULL;
|
||||
|
||||
signal(SIGINT, SIG_DFL);
|
||||
#endif /* unix */
|
||||
|
||||
/* After the secret key is taken from the keyboard, the line feed is
|
||||
written to standard error instead of standard output. That means that
|
||||
anyone using the program from a terminal won't notice, but capturing
|
||||
standard output will get the key words without a newline in front of
|
||||
them. */
|
||||
if (!(flags & 4)) {
|
||||
fprintf(stderr, "\n");
|
||||
fflush(stderr);
|
||||
}
|
||||
|
||||
return buf;
|
||||
|
||||
error:
|
||||
*buf = 0;
|
||||
buf = NULL;
|
||||
goto restore;
|
||||
}
|
|
@ -1,167 +0,0 @@
|
|||
/* readrec.c: The __opiereadrec() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and
|
||||
response values are valid.
|
||||
Modified by cmetz for OPIE 2.31. Removed active attack protection
|
||||
support. Fixed a debug message typo. Keep going after bogus
|
||||
records. Set read flag.
|
||||
Created by cmetz for OPIE 2.3.
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <errno.h>
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#if HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif /* HAVE_STDLIB_H */
|
||||
#if HAVE_FCNTL_H
|
||||
#include <fcntl.h>
|
||||
#endif /* HAVE_FCNTL_H */
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#if DEBUG
|
||||
#include <syslog.h>
|
||||
#endif /* DEBUG */
|
||||
#include "opie.h"
|
||||
|
||||
static int parserec FUNCTION((opie), struct opie *opie)
|
||||
{
|
||||
char *c, *c2;
|
||||
|
||||
if (!(c2 = strchr(opie->opie_principal = opie->opie_buf, ' ')))
|
||||
return -1;
|
||||
|
||||
while(*c2 == ' ') c2++;
|
||||
*(c2 - 1) = 0;
|
||||
|
||||
if (!(c2 = strchr(c = c2, ' ')))
|
||||
return -1;
|
||||
|
||||
*(c2++) = 0;
|
||||
|
||||
{
|
||||
char *c3;
|
||||
|
||||
opie->opie_n = strtoul(c, &c3, 10);
|
||||
|
||||
if (*c3 || (opie->opie_n <= 0) || (opie->opie_n > 9999))
|
||||
return -1;
|
||||
};
|
||||
|
||||
if (!(c2 = strchr(opie->opie_seed = c2, ' ')))
|
||||
return -1;
|
||||
|
||||
*(c2++) = 0;
|
||||
|
||||
for (c = opie->opie_seed; *c; c++)
|
||||
if (!isalnum(*c))
|
||||
return -1;
|
||||
|
||||
while(*c2 == ' ') c2++;
|
||||
|
||||
if (!(c2 = strchr(opie->opie_val = c2, ' ')))
|
||||
return -1;
|
||||
|
||||
*(c2++) = 0;
|
||||
|
||||
{
|
||||
struct opie_otpkey otpkey;
|
||||
|
||||
if (!opieatob8(&otpkey, opie->opie_val))
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int __opiereadrec FUNCTION((opie), struct opie *opie)
|
||||
{
|
||||
FILE *f = NULL;
|
||||
int rval = -1;
|
||||
|
||||
if (!(f = __opieopen(KEY_FILE, 0, 0600))) {
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "__opiereadrec: __opieopen(KEY_FILE..) failed!");
|
||||
#endif /* DEBUG */
|
||||
goto ret;
|
||||
}
|
||||
|
||||
{
|
||||
int i;
|
||||
|
||||
if ((i = open(KEY_FILE, O_RDWR)) < 0) {
|
||||
opie->opie_flags &= ~__OPIE_FLAGS_RW;
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "__opiereadrec: open(KEY_FILE, O_RDWR) failed: %s", strerror(errno));
|
||||
#endif /* DEBUG */
|
||||
} else {
|
||||
close(i);
|
||||
opie->opie_flags |= __OPIE_FLAGS_RW;
|
||||
}
|
||||
}
|
||||
|
||||
if (opie->opie_buf[0]) {
|
||||
if (fseek(f, opie->opie_recstart, SEEK_SET))
|
||||
goto ret;
|
||||
|
||||
if (fgets(opie->opie_buf, sizeof(opie->opie_buf), f))
|
||||
goto ret;
|
||||
|
||||
if (parserec(opie))
|
||||
goto ret;
|
||||
|
||||
opie->opie_flags |= __OPIE_FLAGS_READ;
|
||||
rval = 0;
|
||||
goto ret;
|
||||
}
|
||||
|
||||
if (!opie->opie_principal)
|
||||
goto ret;
|
||||
|
||||
{
|
||||
char *c, principal[OPIE_PRINCIPAL_MAX];
|
||||
int i;
|
||||
|
||||
if (c = strchr(opie->opie_principal, ':'))
|
||||
*c = 0;
|
||||
|
||||
strlcpy(principal, opie->opie_principal, sizeof(principal));
|
||||
|
||||
do {
|
||||
if ((opie->opie_recstart = ftell(f)) < 0)
|
||||
goto ret;
|
||||
|
||||
if (!fgets(opie->opie_buf, sizeof(opie->opie_buf), f)) {
|
||||
rval = 1;
|
||||
goto ret;
|
||||
}
|
||||
|
||||
if (parserec(opie))
|
||||
continue;
|
||||
} while (strcmp(principal, opie->opie_principal));
|
||||
|
||||
rval = 0;
|
||||
}
|
||||
|
||||
ret:
|
||||
if (f)
|
||||
fclose(f);
|
||||
return rval;
|
||||
}
|
|
@ -1,103 +0,0 @@
|
|||
/* unlock.c: The opieunlock() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.31. Bug fix.
|
||||
Modified by cmetz for OPIE 2.3. Do refcounts whether or not
|
||||
we actually lock. Fixed USER_LOCKING=0 case.
|
||||
Modified by cmetz for OPIE 2.22. Added reference count support.
|
||||
Changed lock filename/refcount symbol names to better indicate
|
||||
that they're not user serviceable.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration.
|
||||
Check for read() == -1. ifdef around unistd.h.
|
||||
Created at NRL for OPIE 2.2 from opiesubr2.c
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
#include <string.h>
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#include <fcntl.h>
|
||||
#include "opie.h"
|
||||
|
||||
extern int __opie_lockrefcount;
|
||||
#if USER_LOCKING
|
||||
extern char *__opie_lockfilename;
|
||||
#endif /* USER_LOCKING */
|
||||
|
||||
/*
|
||||
Just remove the lock, right?
|
||||
Well, not exactly -- we need to make sure it's ours.
|
||||
*/
|
||||
int opieunlock FUNCTION_NOARGS
|
||||
{
|
||||
#if USER_LOCKING
|
||||
int fh, rval = -1, pid, t, i;
|
||||
char buffer[128], *c, *c2;
|
||||
|
||||
if (--__opie_lockrefcount > 0)
|
||||
return 0;
|
||||
|
||||
if (!__opie_lockfilename)
|
||||
return -1;
|
||||
|
||||
if (!(fh = open(__opie_lockfilename, O_RDWR, 0600)))
|
||||
goto unlockret;
|
||||
|
||||
if ((i = read(fh, buffer, sizeof(buffer))) < 0)
|
||||
goto unlockret;
|
||||
|
||||
buffer[sizeof(buffer) - 1] = 0;
|
||||
buffer[i - 1] = 0;
|
||||
|
||||
if (!(c = strchr(buffer, '\n')))
|
||||
goto unlockret;
|
||||
|
||||
*(c++) = 0;
|
||||
|
||||
if (!(c2 = strchr(c, '\n')))
|
||||
goto unlockret;
|
||||
|
||||
*(c2++) = 0;
|
||||
|
||||
if (!(pid = atoi(buffer)))
|
||||
goto unlockret;
|
||||
|
||||
if (!(t = atoi(c)))
|
||||
goto unlockret;
|
||||
|
||||
if ((pid != getpid()) && (time(0) <= OPIE_LOCK_TIMEOUT + t) && (!kill(pid, 0))) {
|
||||
rval = 1;
|
||||
goto unlockret1;
|
||||
}
|
||||
|
||||
rval = 0;
|
||||
|
||||
unlockret:
|
||||
unlink(__opie_lockfilename);
|
||||
|
||||
unlockret1:
|
||||
if (fh)
|
||||
close(fh);
|
||||
free(__opie_lockfilename);
|
||||
__opie_lockfilename = NULL;
|
||||
return rval;
|
||||
#else /* USER_LOCKING */
|
||||
if (__opie_lockrefcount-- > 0)
|
||||
return 0;
|
||||
|
||||
return -1;
|
||||
#endif /* USER_LOCKING */
|
||||
}
|
|
@ -1,222 +0,0 @@
|
|||
/* verify.c: The opieverify() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for keys.
|
||||
Check that seed and sequence number are valid.
|
||||
Modified by cmetz for OPIE 2.32. Renamed _opieparsechallenge() to
|
||||
__opieparsechallenge() and handle new argument. Fixed init
|
||||
response parsing bug.
|
||||
Modified by cmetz for OPIE 2.31. Renamed "init" to "init-hex".
|
||||
Modified by cmetz for OPIE 2.31. Renamed "init" and "RESPONSE_INIT"
|
||||
to "init-hex" and "RESPONSE_INIT_HEX". Removed active attack
|
||||
protection support.
|
||||
Created by cmetz for OPIE 2.3 using the old verify.c as a guide.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#ifdef HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#include <ctype.h>
|
||||
#include "opie.h"
|
||||
|
||||
#define RESPONSE_STANDARD 0
|
||||
#define RESPONSE_WORD 1
|
||||
#define RESPONSE_HEX 2
|
||||
#define RESPONSE_INIT_HEX 3
|
||||
#define RESPONSE_INIT_WORD 4
|
||||
#define RESPONSE_UNKNOWN 5
|
||||
|
||||
struct _rtrans {
|
||||
int type;
|
||||
char *name;
|
||||
};
|
||||
|
||||
static struct _rtrans rtrans[] = {
|
||||
{ RESPONSE_WORD, "word" },
|
||||
{ RESPONSE_HEX, "hex" },
|
||||
{ RESPONSE_INIT_HEX, "init-hex" },
|
||||
{ RESPONSE_INIT_WORD, "init-word" },
|
||||
{ RESPONSE_STANDARD, "" },
|
||||
{ RESPONSE_UNKNOWN, NULL }
|
||||
};
|
||||
|
||||
static char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
|
||||
|
||||
static int changed FUNCTION((opie), struct opie *opie)
|
||||
{
|
||||
struct opie opie2;
|
||||
|
||||
memset(&opie2, 0, sizeof(struct opie));
|
||||
opie2.opie_principal = opie->opie_principal;
|
||||
if (__opiereadrec(&opie2))
|
||||
return 1;
|
||||
|
||||
if ((opie2.opie_n != opie->opie_n) || strcmp(opie2.opie_val, opie->opie_val) || strcmp(opie2.opie_seed, opie->opie_seed))
|
||||
return 1;
|
||||
|
||||
memset(&opie2, 0, sizeof(struct opie));
|
||||
return 0;
|
||||
}
|
||||
|
||||
int opieverify FUNCTION((opie, response), struct opie *opie AND char *response)
|
||||
{
|
||||
int i, rval = -1;
|
||||
char *c;
|
||||
struct opie_otpkey key, fkey, lastkey;
|
||||
struct opie nopie;
|
||||
|
||||
if (!opie || !response)
|
||||
goto verret;
|
||||
|
||||
if (!opie->opie_principal)
|
||||
#if DEBUG
|
||||
abort();
|
||||
#else /* DEBUG */
|
||||
goto verret;
|
||||
#endif /* DEBUG */
|
||||
|
||||
if (!opieatob8(&lastkey, opie->opie_val))
|
||||
goto verret;
|
||||
|
||||
for (c = opie->opie_seed; *c; c++)
|
||||
if (!isalnum(*c))
|
||||
goto verret;
|
||||
|
||||
if (opie->opie_n <= 0)
|
||||
goto verret;
|
||||
|
||||
if (c = strchr(response, ':')) {
|
||||
*(c++) = 0;
|
||||
{
|
||||
struct _rtrans *r;
|
||||
for (r = rtrans; r->name && strcmp(r->name, response); r++);
|
||||
i = r->type;
|
||||
}
|
||||
} else
|
||||
i = RESPONSE_STANDARD;
|
||||
|
||||
switch(i) {
|
||||
case RESPONSE_STANDARD:
|
||||
i = 1;
|
||||
|
||||
if (opieetob(&key, response) == 1) {
|
||||
memcpy(&fkey, &key, sizeof(struct opie_otpkey));
|
||||
opiehash(&fkey, MDX);
|
||||
i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
|
||||
}
|
||||
if (i && opieatob8(&key, response)) {
|
||||
memcpy(&fkey, &key, sizeof(struct opie_otpkey));
|
||||
opiehash(&fkey, MDX);
|
||||
i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
|
||||
}
|
||||
break;
|
||||
case RESPONSE_WORD:
|
||||
i = 1;
|
||||
|
||||
if (opieetob(&key, c) == 1) {
|
||||
memcpy(&fkey, &key, sizeof(struct opie_otpkey));
|
||||
opiehash(&fkey, MDX);
|
||||
i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
|
||||
}
|
||||
break;
|
||||
case RESPONSE_HEX:
|
||||
i = 1;
|
||||
|
||||
if (opieatob8(&key, c)) {
|
||||
memcpy(&fkey, &key, sizeof(struct opie_otpkey));
|
||||
opiehash(&fkey, MDX);
|
||||
i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey));
|
||||
}
|
||||
break;
|
||||
case RESPONSE_INIT_HEX:
|
||||
case RESPONSE_INIT_WORD:
|
||||
{
|
||||
char *c2;
|
||||
|
||||
if (!(c2 = strchr(c, ':')))
|
||||
goto verret;
|
||||
|
||||
*(c2++) = 0;
|
||||
|
||||
if (i == RESPONSE_INIT_HEX) {
|
||||
if (!opieatob8(&key, c))
|
||||
goto verret;
|
||||
} else {
|
||||
if (opieetob(&key, c) != 1)
|
||||
goto verret;
|
||||
}
|
||||
|
||||
memcpy(&fkey, &key, sizeof(struct opie_otpkey));
|
||||
opiehash(&fkey, MDX);
|
||||
|
||||
if (memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)))
|
||||
goto verret;
|
||||
|
||||
if (changed(opie))
|
||||
goto verret;
|
||||
|
||||
opie->opie_n--;
|
||||
|
||||
if (!opiebtoa8(opie->opie_val, &key))
|
||||
goto verret;
|
||||
|
||||
if (__opiewriterec(opie))
|
||||
goto verret;
|
||||
|
||||
if (!(c2 = strchr(c = c2, ':')))
|
||||
goto verret;
|
||||
|
||||
*(c2++) = 0;
|
||||
|
||||
{
|
||||
int j, k;
|
||||
|
||||
if (__opieparsechallenge(c, &j, &(opie->opie_n), &(opie->opie_seed), &k) || (j != MDX) || k)
|
||||
goto verret;
|
||||
}
|
||||
|
||||
if (i == RESPONSE_INIT_HEX) {
|
||||
if (!opieatob8(&key, c2))
|
||||
goto verret;
|
||||
} else {
|
||||
if (opieetob(&key, c2) != 1)
|
||||
goto verret;
|
||||
}
|
||||
}
|
||||
goto verwrt;
|
||||
case RESPONSE_UNKNOWN:
|
||||
rval = 1;
|
||||
goto verret;
|
||||
default:
|
||||
rval = -1;
|
||||
goto verret;
|
||||
}
|
||||
|
||||
if (i) {
|
||||
rval = 1;
|
||||
goto verret;
|
||||
}
|
||||
|
||||
if (changed(opie))
|
||||
goto verret;
|
||||
|
||||
opie->opie_n--;
|
||||
|
||||
verwrt:
|
||||
if (!opiebtoa8(opie->opie_val, &key))
|
||||
goto verret;
|
||||
rval = __opiewriterec(opie);
|
||||
|
||||
verret:
|
||||
opieunlock();
|
||||
memset(opie, 0, sizeof(struct opie));
|
||||
return rval;
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
/* version.c: The opieversion() library function.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Created at NRL for OPIE 2.2 from opiesubr.c.
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include "opie_cfg.h"
|
||||
#include "opie.h"
|
||||
|
||||
VOIDRET opieversion FUNCTION_NOARGS
|
||||
{
|
||||
printf("\nOPIE %s (%s)\n\n", VERSION, DATE);
|
||||
exit(0);
|
||||
}
|
|
@ -1,89 +0,0 @@
|
|||
/* writerec.c: The __opiewriterec() library function.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Check that seed and sequence number are
|
||||
valid.
|
||||
Modified by cmetz for OPIE 2.31. Removed active attack protection
|
||||
support. Fixed passwd bug.
|
||||
Created by cmetz for OPIE 2.3 from passwd.c.
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#if TM_IN_SYS_TIME
|
||||
#include <sys/time.h>
|
||||
#else /* TM_IN_SYS_TIME */
|
||||
#include <time.h>
|
||||
#endif /* TM_IN_SYS_TIME */
|
||||
#include <sys/types.h>
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#if HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif /* HAVE_STDLIB_H */
|
||||
#include <ctype.h>
|
||||
#include "opie.h"
|
||||
|
||||
char *__opienone = "****************";
|
||||
|
||||
int __opiewriterec FUNCTION((opie), struct opie *opie)
|
||||
{
|
||||
char buf[17], buf2[64];
|
||||
time_t now;
|
||||
FILE *f, *f2 = NULL;
|
||||
int i = 0;
|
||||
char *c;
|
||||
|
||||
time(&now);
|
||||
if (strftime(buf2, sizeof(buf2), " %b %d,%Y %T", localtime(&now)) < 1)
|
||||
return -1;
|
||||
|
||||
if (!(opie->opie_flags & __OPIE_FLAGS_READ)) {
|
||||
struct opie opie2;
|
||||
i = opielookup(&opie2, opie->opie_principal);
|
||||
opie->opie_flags = opie2.opie_flags;
|
||||
opie->opie_recstart = opie2.opie_recstart;
|
||||
}
|
||||
|
||||
for (c = opie->opie_seed; *c; c++)
|
||||
if (!isalnum(*c))
|
||||
return -1;
|
||||
|
||||
if ((opie->opie_n < 0) || (opie->opie_n > 9999))
|
||||
return -1;
|
||||
|
||||
switch(i) {
|
||||
case 0:
|
||||
if (!(f = __opieopen(KEY_FILE, 1, 0600)))
|
||||
return -1;
|
||||
if (fseek(f, opie->opie_recstart, SEEK_SET))
|
||||
return -1;
|
||||
break;
|
||||
case 1:
|
||||
if (!(f = __opieopen(KEY_FILE, 2, 0600)))
|
||||
return -1;
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (fprintf(f, "%s %04d %-16s %s %-21s\n", opie->opie_principal, opie->opie_n, opie->opie_seed, opie->opie_val ? opie->opie_val : __opienone, buf2) < 1)
|
||||
return -1;
|
||||
|
||||
fclose(f);
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -1,342 +0,0 @@
|
|||
.\" opie.4: Overview of the OPIE software.
|
||||
.\"
|
||||
.\" %%% portions-copyright-cmetz-96
|
||||
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
.\" Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
.\" the software.
|
||||
.\" You should have received a copy of the license with this software. If
|
||||
.\" you didn't get a copy, you may request one from <license@inner.net>.
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Modified by cmetz for OPIE 2.4. Spelling fixes.
|
||||
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. Removed
|
||||
.\" references to the old square brackets challenge delimiters.
|
||||
.\" Modified at NRL for OPIE 2.01. Updated UNIX trademark credit.
|
||||
.\" Definition of "seed" written by Neil Haller of Bellcore
|
||||
.\" Written at NRL for OPIE 2.0.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.TH OPIE 4 "January 10, 1995"
|
||||
.SH NAME
|
||||
.B OPIE \- One-time Passwords In Everything
|
||||
.SH DEPRECATION NOTICE
|
||||
OPIE is deprecated, and may not be available in FreeBSD 14.0 and later.
|
||||
.SH DESCRIPTION
|
||||
.LP
|
||||
OPIE is a package derived from the Bellcore S/Key Version 1 distribution
|
||||
that helps to secure a system against replay attacks (see below). It does so
|
||||
using a secure hash function and a challenge/response system. It provides
|
||||
replacements for the
|
||||
.IR login (1),
|
||||
.IR su (1),
|
||||
and
|
||||
.IR ftpd (8)
|
||||
programs that use OPIE
|
||||
authentication as well as demonstrate how a program might be adapted to use
|
||||
OPIE authentication. OPIE was developed at and for the United States Naval
|
||||
Research Laboratory (NRL). OPIE is derived in part from Berkeley Standard
|
||||
Distribution UNIX and the Bellcore S/Key Version 1 distribution.
|
||||
.LP
|
||||
From the average user's perspective, OPIE is a nuisance that prevents their
|
||||
account from being broken into. The first time a user wishes to use OPIE,
|
||||
(s)he needs to use the
|
||||
.IR opiepasswd (1)
|
||||
command to put an entry for them into
|
||||
the OPIE database. The user can then use OPIE to authenticate themselves
|
||||
with any program that supports it. If no other clients are being used,
|
||||
this means they can use OPIE to
|
||||
.I telnet,
|
||||
.I rlogin,
|
||||
or
|
||||
.I ftp
|
||||
into the system,
|
||||
log in on a terminal port (like a modem), or switch to another user's
|
||||
account. When they would normally be asked for a password, they will get
|
||||
a challenge from the server. They then need to copy that challenge (or
|
||||
re-type, if they don't have the ability to copy and paste through something
|
||||
like a window system) to their calculator program, enter their password,
|
||||
then copy (or re-type) the response from the calculator as their password.
|
||||
While this will seem cumbersome at first, with some practice, it becomes
|
||||
easy.
|
||||
|
||||
.SH TERMS
|
||||
.TP
|
||||
.I user name
|
||||
The name that the system knows you as. For example, "jdoe".
|
||||
.TP
|
||||
.I secret password
|
||||
A password, usually selected by the user, that is needed to gain access to the
|
||||
system. For example, "SEc1_rt".
|
||||
.TP
|
||||
.I challenge
|
||||
A packet of information output by a system when it wishes to authenticate a
|
||||
user. In OPIE, this is a three-item group consisting of a hash identifier,
|
||||
a sequence number, and a seed. This
|
||||
information is needed by the OPIE calculator to generate a proper response.
|
||||
For example, "otp-md5 95 wi14321".
|
||||
.TP
|
||||
.I response
|
||||
A packet of information generated from a challenge that is used by a system to
|
||||
authenticate a user. In OPIE, this is a group of six words that is generated by
|
||||
the calculator given the challenge and the secret password. For example,
|
||||
"PUP SOFT ROSE BIAS FLAG END".
|
||||
.TP
|
||||
.I seed
|
||||
A piece of information that is used in conjunction with the secret password
|
||||
and sequence number to compute the response. Its purpose is to allow the same
|
||||
secret password to be used for multiple sequences, by changing the seed, or
|
||||
for authentication to multiple machines by using different seeds.
|
||||
.TP
|
||||
.I sequence number
|
||||
A counter used to keep track of key iterations. In OPIE, each time a successful
|
||||
response is received by the system, the sequence number is decremented. For
|
||||
example, "95".
|
||||
.TP
|
||||
.I hash identifier
|
||||
A piece of text that identifies the actual algorithm that needs to be used to
|
||||
generate a proper response. In OPIE, the only two valid hash identifiers are
|
||||
"otp-md4", which selects MD4 hashing, and "otp-md5", which selects MD5.
|
||||
|
||||
.SH REPLAY ATTACKS
|
||||
When you use a network terminal program like
|
||||
.IR telnet (1)
|
||||
or even use a modem to log into a
|
||||
computer system, you need a user name and a secret password. Anyone who can
|
||||
provide those to the system is recognized as you because, in theory, only you
|
||||
would have your secret password. Unfortunately, it is now easy to listen in
|
||||
on many computer communications media. From modem communication to many
|
||||
networks, your password is not usually safe over remote links. If a
|
||||
cracker can listen in when you send your password, (s)he then has a copy
|
||||
of your password that can be used at any time in the future to access your
|
||||
account. On more than one occasion, major sites on the Internet have been
|
||||
broken into exactly this way.
|
||||
.LP
|
||||
All an attacker has to
|
||||
do is capture your password once and then replay it to the server when it's
|
||||
asked for. Even if the password is communicated between machines in encoded
|
||||
or encrypted form, as long as a cracker can get in by simply replaying
|
||||
a previously captured communication, you are at risk. Up until very recently,
|
||||
Novell NetWare was vulnerable this way. A cracker couldn't find out what your
|
||||
password actually is, but (s)he didn't need to -- all that was necessary to
|
||||
get into your account was to capture the encrypted password and send that
|
||||
back to the server when asked for it.
|
||||
|
||||
.SH ONE-TIME PASSWORDS
|
||||
One solution to the problem of replay attacks
|
||||
is to keep changing the way that a password is being encoded so that what is
|
||||
sent over the link to another system can only be used once. If you can do that,
|
||||
then a cracker can replay it as many times as (s)he wants -- it's just not
|
||||
going to get them anywhere. It's important, however, to make sure you encode
|
||||
the password in such a way that the cracker can't use the encoded version to
|
||||
figure out what the password is or what a future encoded password will be.
|
||||
Otherwise, while still an improvement over no encoding or a fixed encoding,
|
||||
you can still be broken into.
|
||||
|
||||
.SH THE S/KEY ALGORITHM
|
||||
|
||||
A solution to this whole problem was invented by Lamport in 1981. This
|
||||
technique was implemented by Haller, Karn, and Walden at Bellcore. They
|
||||
created a free software package called "S/Key" that used an algorithm
|
||||
called a cryptographic checksum. A cryptographic checksum is a strong one-way
|
||||
function such that, knowing the result of such a function, an attacker still
|
||||
cannot feasibly determine the input. Further, unlike cyclic redundancy
|
||||
checksums (CRCs), cryptographic checksums have few inputs that result in the
|
||||
same output.
|
||||
.LP
|
||||
In S/Key, what changes is the number of
|
||||
times the password is run through the secure hash. The password is run through
|
||||
the secure hash once, then the output of the hash is run through the secure
|
||||
hash again, that output is run through the secure hash again, and so on until
|
||||
the number of times the password has been run through the secure hash is equal
|
||||
to the desired sequence number. This is much slower than just, say, putting
|
||||
the sequence number in before the password and running that through the secure
|
||||
hash once, but it gains you one significant benefit. The server machine you
|
||||
are trying to connect to has to have some way to determine whether the output
|
||||
of that whole mess is right. If it stores it either without any encoding or
|
||||
with a normal encoding, a cracker could still get at your password. But if it
|
||||
stores it with a secure hash, then how does it account for the response
|
||||
changing every time because the sequence number is changing? Also what if you
|
||||
can never get to the machine any way that can't be listened in on? How do you
|
||||
change your password without sending it over the link?
|
||||
.LP
|
||||
The clever solution
|
||||
devised by Lamport is to keep in mind that the sequence number is
|
||||
always decrementing by one and that, in the S/Key system, simply by running any
|
||||
response with a sequence number N through the secure hash, you can get the
|
||||
response with a sequence number N+1, but you can't go the other way. At any
|
||||
given time, call the sequence number of the last valid response that the
|
||||
system got N+1 and the sequence number of the response you are giving it N.
|
||||
If the password that generated the response for N is the same as the one for
|
||||
N+1, then you should be able to run the response for N through the secure hash
|
||||
one more time, for a total of N+1 times, and get the same response as you got
|
||||
back for N+1. Once you compare the two and find that they are the same, you
|
||||
subtract one from N so that, now, the key for N that you just verified becomes
|
||||
the new key for N+1 that you can store away to use the next time you need to
|
||||
verify a key. This also means that if you need to change your password but
|
||||
don't have a secure way to access your machine, all the system really needs to
|
||||
have to verify your password is a valid response for one more than the sequence
|
||||
number you want to start with.
|
||||
.LP
|
||||
Just for good measure, each side of
|
||||
all of this uses a seed in conjunction with your password when it actually
|
||||
generates and verifies the responses. This helps to jumble things up a little
|
||||
bit more, just in case. Otherwise, someone with a lot of time and disk space
|
||||
on their hands could generate all the responses for a lot of frequent passwords
|
||||
and defeat the system.
|
||||
.LP
|
||||
This is not, by any means, the best explanation of how the S/Key algorithm
|
||||
works or some of the more minor details. For that, you should go to some of
|
||||
the papers now published on the topic. It is simply a quick-and-dirty
|
||||
introduction to what's going on under the hood.
|
||||
|
||||
.SH OPIE COMPONENTS
|
||||
|
||||
The OPIE distribution has been incorporated into three standard client
|
||||
programs:
|
||||
.IR login (1),
|
||||
.IR su (1),
|
||||
and
|
||||
.IR ftpd (8),
|
||||
.LP
|
||||
There are also three programs in the OPIE distribution that are specific to
|
||||
the OPIE system:
|
||||
.IR opiepasswd (1),
|
||||
which allows a user to set and change their
|
||||
OPIE password,
|
||||
.IR opieinfo (1),
|
||||
which allows a user to find out what their current
|
||||
sequence number and seed are, and
|
||||
.IR opiekey(1),
|
||||
which is an OPIE key calculator.
|
||||
|
||||
.SH ADDING OPIE TO OTHER PROGRAMS
|
||||
|
||||
Adding OPIE authentication to programs other than the ones included as clients
|
||||
in the OPIE distribution isn't very difficult. First, you will need to make
|
||||
sure that the program includes <stdio.h> somewhere. Then, below the other
|
||||
includes such as <stdio.h>, but before variable declarations, you need to
|
||||
include <opie.h>. You need to add a variable of type "struct opie" to your
|
||||
program, you need to make sure that the buffer that you use to get a password
|
||||
from the user is big enough to hold OPIE_RESPONSE_MAX+1 characters, and you
|
||||
need to have a buffer in which to store the challenge string that is big enough
|
||||
to hold OPIE_CHALLENGE_MAX+1 characters.
|
||||
.LP
|
||||
When you are ready to output the challenge string and know the user's name,
|
||||
you would use a call to opiechallenge. Later, to verify the response received,
|
||||
you would use a call to opieverify. For example:
|
||||
.sp 0
|
||||
|
||||
.sp 0
|
||||
#include <stdio.h>
|
||||
.sp 0
|
||||
.
|
||||
.sp 0
|
||||
.
|
||||
.sp 0
|
||||
#include <opie.h>
|
||||
.sp 0
|
||||
.
|
||||
.sp 0
|
||||
.
|
||||
.sp 0
|
||||
char *user_name;
|
||||
.sp 0
|
||||
/* Always remember the trailing null! */
|
||||
.sp 0
|
||||
char password[OPIE_RESPONSE_MAX+1];
|
||||
.sp 0
|
||||
.
|
||||
.sp 0
|
||||
.
|
||||
.sp 0
|
||||
struct opie opiedata;
|
||||
.sp 0
|
||||
char opieprompt[OPIE_CHALLENGE_MAX+1];
|
||||
.sp 0
|
||||
.
|
||||
.sp 0
|
||||
.
|
||||
.sp 0
|
||||
opiechallenge(&opiedata, user_name, opieprompt);
|
||||
.sp 0
|
||||
.
|
||||
.sp 0
|
||||
.
|
||||
.sp 0
|
||||
if (opieverify(&opiedata, password)) {
|
||||
.sp 0
|
||||
printf("Login incorrect");
|
||||
.sp 0
|
||||
.SH TERMINAL SECURITY AND OPIE
|
||||
|
||||
When using OPIE, you need to be careful not to allow your password to be
|
||||
communicated over an insecure channel where someone might be able to listen
|
||||
in and capture it. OPIE can protect you against people who might get your
|
||||
password from snooping on the line, but only if you make sure that the password
|
||||
itself never gets sent over the line. The important thing is to always run the
|
||||
OPIE calculator on whichever machine you are actually using - never on a machine
|
||||
you are connected to by network or by dialup.
|
||||
.LP
|
||||
You need to be careful about the
|
||||
X Window System, because it changes things quite a bit. For instance, if you
|
||||
run an xterm (or your favorite equivalent) on another machine and display it
|
||||
on your machine, you should not run an OPIE calculator in that window. When you
|
||||
type in your secret password, it still gets transmitted over the network to go
|
||||
to the machine the xterm is running on. People with machines such as
|
||||
X terminals that can only run the calculator over the network are in an
|
||||
especially precarious position because they really have no choice. Also, with
|
||||
the X Window System, as with some other window system (NeWS as an example),
|
||||
it is sometimes possible for people to read your keystrokes and capture your
|
||||
password even if you are running the OPIE calculator on your local machine.
|
||||
You should always use the best security mechanism available on your system to
|
||||
protect your X server, be it XDM-AUTHORIZATION-1, XDM-MAGIC-COOKIE-1, or host
|
||||
access control. *Never* just allow any machine to connect to your server
|
||||
because, by doing so, you are allowing any machine to read any of your windows
|
||||
or your keystrokes without you knowing it.
|
||||
|
||||
.SH SEE ALSO
|
||||
.BR ftpd (8)
|
||||
.BR login (1),
|
||||
.BR opie (4),
|
||||
.BR opiekeys (5),
|
||||
.BR opieaccess (5),
|
||||
.BR opiekey (1),
|
||||
.BR opieinfo (1),
|
||||
.BR opiepasswd (1),
|
||||
.sp
|
||||
Lamport, L. "Password Authentication with Insecure Communication",
|
||||
Communications of the ACM 24.11 (November 1981), pp. 770-772.
|
||||
.sp
|
||||
Haller, N. "The S/KEY One-Time Password System", Proceedings of the ISOC
|
||||
Symposium on Network and Distributed System Security, February 1994,
|
||||
San Diego, CA.
|
||||
.sp
|
||||
Haller, N. and Atkinson, R, "On Internet Authentication", RFC-1704,
|
||||
DDN Network Information Center, October 1994.
|
||||
.sp
|
||||
Rivest, R. "The MD5 Message Digest Algorithm", RFC-1321,
|
||||
DDN Network Information Center, April 1992.
|
||||
.sp
|
||||
Rivest, R. "The MD4 Message Digest Algorithm", RFC-1320,
|
||||
DDN Network Information Center, April 1992.
|
||||
|
||||
.SH AUTHOR
|
||||
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
||||
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
||||
Craig Metz.
|
||||
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
UNIX is a trademark of X/Open.
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
|
@ -1,179 +0,0 @@
|
|||
/* opie.h: Data structures and values for the OPIE authentication
|
||||
system that a program might need.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Added sequence number limits. Added
|
||||
struct opie_otpkey and made many functions use it. Added
|
||||
opiestrncpy(). Include header with libmissing prototypes.
|
||||
Modified by cmetz for OPIE 2.32. Added symbolic flag names for
|
||||
opiepasswd(). Added __opieparsechallenge() prototype.
|
||||
Modified by cmetz for OPIE 2.31. Removed active attack protection.
|
||||
Modified by cmetz for OPIE 2.3. Renamed PTR to VOIDPTR. Added
|
||||
re-init key and extension file fields to struct opie. Added
|
||||
opie_ prefix on struct opie members. Added opie_flags field
|
||||
and definitions. Added more prototypes. Changed opiehash()
|
||||
prototype.
|
||||
Modified by cmetz for OPIE 2.22. Define __P correctly if this file
|
||||
is included in a third-party program.
|
||||
Modified by cmetz for OPIE 2.2. Re-did prototypes. Added FUNCTION
|
||||
definition et al. Multiple-include protection. Added struct
|
||||
utsname fake. Got rid of gethostname() cruft. Moved UINT4
|
||||
here. Provide for *seek whence values. Move MDx context here
|
||||
and unify. Re-did prototypes.
|
||||
Modified at NRL for OPIE 2.0.
|
||||
Written at Bellcore for the S/Key Version 1 software distribution
|
||||
(skey.h).
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
#ifndef _OPIE_H
|
||||
#define _OPIE_H 1
|
||||
|
||||
struct opie {
|
||||
int opie_flags;
|
||||
char opie_buf[256];
|
||||
char *opie_principal;
|
||||
int opie_n;
|
||||
char *opie_seed;
|
||||
char *opie_val;
|
||||
long opie_recstart;
|
||||
};
|
||||
|
||||
#define __OPIE_FLAGS_RW 1
|
||||
#define __OPIE_FLAGS_READ 2
|
||||
|
||||
/* Minimum length of a secret password */
|
||||
#ifndef OPIE_SECRET_MIN
|
||||
#define OPIE_SECRET_MIN 10
|
||||
#endif /* OPIE_SECRET_MIN */
|
||||
|
||||
/* Maximum length of a secret password */
|
||||
#define OPIE_SECRET_MAX 127
|
||||
|
||||
/* Minimum length of a seed */
|
||||
#define OPIE_SEED_MIN 5
|
||||
|
||||
/* Maximum length of a seed */
|
||||
#define OPIE_SEED_MAX 16
|
||||
|
||||
/* Max length of hash algorithm name (md4/md5/sha1) */
|
||||
#define OPIE_HASHNAME_MAX 4
|
||||
|
||||
/* Maximum length of a challenge (otp-md? 9999 seed ext) */
|
||||
#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX+1+3)
|
||||
|
||||
/* Maximum length of a response that we allow */
|
||||
#define OPIE_RESPONSE_MAX (9+1+19+1+9+OPIE_SEED_MAX+1+19+1+19+1+19)
|
||||
|
||||
/* Maximum length of a principal (read: user name) */
|
||||
#define OPIE_PRINCIPAL_MAX 32
|
||||
|
||||
/* Maximum sequence number */
|
||||
#ifndef OPIE_SEQUENCE_MAX
|
||||
#define OPIE_SEQUENCE_MAX 9999
|
||||
#endif /* OPIE_SEQUENCE_MAX */
|
||||
|
||||
/* Restricted sequence number */
|
||||
#ifndef OPIE_SEQUENCE_RESTRICT
|
||||
#define OPIE_SEQUENCE_RESTRICT 9
|
||||
#endif /* OPIE_SEQUENCE_RESTRICT */
|
||||
|
||||
#define UINT4 u_int32_t
|
||||
|
||||
struct opie_otpkey {
|
||||
UINT4 words[2];
|
||||
};
|
||||
|
||||
#ifndef SEEK_SET
|
||||
#define SEEK_SET 0
|
||||
#endif /* SEEK_SET */
|
||||
|
||||
#ifndef SEEK_END
|
||||
#define SEEK_END 2
|
||||
#endif /* SEEK_END */
|
||||
|
||||
__BEGIN_DECLS
|
||||
int opieaccessfile __P((char *));
|
||||
int rdnets __P((long));
|
||||
int isaddr __P((register char *));
|
||||
int opiealways __P((char *));
|
||||
char *opieatob8 __P((struct opie_otpkey *, char *));
|
||||
void opiebackspace __P((char *));
|
||||
char *opiebtoa8 __P((char *, struct opie_otpkey *));
|
||||
char *opiebtoe __P((char *, struct opie_otpkey *));
|
||||
char *opiebtoh __P((char *, struct opie_otpkey *));
|
||||
int opieetob __P((struct opie_otpkey *, char *));
|
||||
int opiechallenge __P((struct opie *,char *,char *));
|
||||
int opiegenerator __P((char *,char *,char *));
|
||||
int opiegetsequence __P((struct opie *));
|
||||
void opiehash __P((struct opie_otpkey *, unsigned));
|
||||
int opiehtoi __P((register char));
|
||||
int opiekeycrunch __P((int, struct opie_otpkey *, char *, char *));
|
||||
int opielock __P((char *));
|
||||
int opieunlock __P((void));
|
||||
void opieunlockaeh __P((void));
|
||||
void opiedisableaeh __P((void));
|
||||
int opielookup __P((struct opie *,char *));
|
||||
int opiepasscheck __P((char *));
|
||||
int opienewseed __P((char *));
|
||||
void opierandomchallenge __P((char *));
|
||||
char * opieskipspace __P((register char *));
|
||||
void opiestripcrlf __P((char *));
|
||||
int opieverify __P((struct opie *,char *));
|
||||
int opiepasswd __P((struct opie *, int, char *, int, char *, char *));
|
||||
char *opiereadpass __P((char *, int, int));
|
||||
int opielogin __P((char *line, char *name, char *host));
|
||||
const char *opie_get_algorithm __P((void));
|
||||
int opie_haskey __P((char *username));
|
||||
char *opie_keyinfo __P((char *));
|
||||
int opie_passverify __P((char *username, char *passwd));
|
||||
int opieinsecure __P((void));
|
||||
void opieversion __P((void));
|
||||
__END_DECLS
|
||||
|
||||
#if _OPIE
|
||||
#define VOIDPTR void *
|
||||
#define VOIDRET void
|
||||
#define NOARGS void
|
||||
#define FUNCTION(arglist, args) (args)
|
||||
#define AND ,
|
||||
#define FUNCTION_NOARGS ()
|
||||
|
||||
__BEGIN_DECLS
|
||||
struct utmp;
|
||||
int __opiegetutmpentry __P((char *, struct utmp *));
|
||||
#ifdef EOF
|
||||
FILE *__opieopen __P((char *, int, int));
|
||||
#endif /* EOF */
|
||||
int __opiereadrec __P((struct opie *));
|
||||
int __opiewriterec __P((struct opie *));
|
||||
int __opieparsechallenge __P((char *buffer, int *algorithm, int *sequence, char **seed, int *exts));
|
||||
VOIDRET opiehashlen __P((int algorithm, VOIDPTR in, struct opie_otpkey *out, int n));
|
||||
__END_DECLS
|
||||
|
||||
#define opiestrncpy(dst, src, n) \
|
||||
do { \
|
||||
strncpy(dst, src, n-1); \
|
||||
dst[n-1] = 0; \
|
||||
} while(0)
|
||||
|
||||
/* #include "missing.h" */
|
||||
#endif /* _OPIE */
|
||||
|
||||
#define OPIEPASSWD_CONSOLE 1
|
||||
#define OPIEPASSWD_FORCE 2
|
||||
|
||||
#endif /* _OPIE_H */
|
|
@ -1,184 +0,0 @@
|
|||
/* opie_cfg.h: Various configuration-type pieces of information for OPIE.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Removed NBBY definition.
|
||||
Modified by cmetz for OPIE 2.32. Include <sys/types.h> before
|
||||
<dirent.h> to make *BSD happy.
|
||||
Modified by cmetz for OPIE 2.31. Added 4.4BSD-Lite pathnames.h
|
||||
definitions from ftpd. Added struct spwd definition and
|
||||
HAVE_SHADOW logic for SunOS C2 shadow password support.
|
||||
Moved user locking config to configure script. Removed
|
||||
options.h.
|
||||
Modified by cmetz for OPIE 2.3. Splatted with opie_auto.h.
|
||||
Obseleted many symbols. Changed OPIE_PASS_{MIN,MAX} to
|
||||
OPIE_SECRET_{MIN,MAX}. Fixed SHADOW+UTMP definitions.
|
||||
Removed a lot of symbols.
|
||||
Modified by cmetz for OPIE 2.2. Got rid of ANSIPROTO and ARGS.
|
||||
Got rid of TRUE and FALSE definitions. Moved UINT4 to
|
||||
opie.h and removed UINT2.
|
||||
Modified at NRL for OPIE 2.1. Fixed sigprocmask declaration.
|
||||
Gutted for autoconf. Split up for autoconf.
|
||||
Written at NRL for OPIE 2.0.
|
||||
|
||||
History of opie_auto.h:
|
||||
|
||||
Modified by cmetz for OPIE 2.22. Support the Solaris TTYPROMPT drain
|
||||
bamage on all systems -- it doesn't hurt others, and it's
|
||||
not something Autoconf can check for yet.
|
||||
Modified by cmetz for OPIE 2.2. Don't replace sigprocmask by ifdef.
|
||||
Added configure check for LS_COMMAND. Added setreuid/setgid
|
||||
band-aids.
|
||||
Modified at NRL for OPIE 2.2. Require /etc/shadow for Linux to use
|
||||
shadow passwords.
|
||||
Modified at NRL for OPIE 2.11. Removed version defines.
|
||||
Modified at NRL for OPIE 2.1. Fixed sigprocmask declaration.
|
||||
Gutted for autoconf. Split up for autoconf.
|
||||
Written at NRL for OPIE 2.0.
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
|
||||
#ifndef _OPIE_CFG_H
|
||||
#define _OPIE_CFG_H 1
|
||||
|
||||
#define VERSION "2.4"
|
||||
#define DATE "Friday, January 19, 2001"
|
||||
|
||||
#ifndef unix
|
||||
#define unix 1
|
||||
#endif /* unix */
|
||||
|
||||
#include "config.h"
|
||||
|
||||
/* System characteristics */
|
||||
|
||||
#if HAVE_GETUTXLINE && HAVE_UTMPX_H
|
||||
#define DOUTMPX 1
|
||||
#else /* HAVE_GETUTXLINE && HAVE_UTMPX_H */
|
||||
#define DOUTMPX 0
|
||||
#endif /* HAVE_GETUTXLINE && HAVE_UTMPX_H */
|
||||
|
||||
#include <sys/types.h>
|
||||
/* Adapted from the Autoconf hypertext info pages */
|
||||
#if HAVE_DIRENT_H
|
||||
#include <dirent.h>
|
||||
#else /* HAVE_DIRENT_H */
|
||||
#define dirent direct
|
||||
#if HAVE_SYS_NDIR_H
|
||||
#include <sys/ndir.h>
|
||||
#endif /* HAVE_SYS_NDIR_H */
|
||||
#if HAVE_SYS_DIR_H
|
||||
#include <sys/dir.h>
|
||||
#endif /* HAVE_SYS_DIR_H */
|
||||
#if HAVE_NDIR_H
|
||||
#include <ndir.h>
|
||||
#endif /* HAVE_NDIR_H */
|
||||
#endif /* HAVE_DIRENT_H */
|
||||
|
||||
#ifndef MAIL_DIR
|
||||
#ifdef PATH_MAIL
|
||||
#define MAIL_DIR PATH_MAIL
|
||||
#else /* PATH_MAIL */
|
||||
#ifdef _PATH_MAIL
|
||||
#define MAIL_DIR _PATH_MAIL
|
||||
#else /* _PATH_MAIL */
|
||||
#ifdef _PATH_MAILDIR
|
||||
#define MAIL_DIR _PATH_MAILDIR
|
||||
#else /* _PATH_MAILDIR */
|
||||
#define MAIL_DIR "/usr/spool/mail"
|
||||
#endif /* _PATH_MAILDIR */
|
||||
#endif /* _PATH_MAIL */
|
||||
#endif /* PATH_MAIL */
|
||||
#endif /* MAIL_DIR */
|
||||
|
||||
#if HAVE_SHADOW_H && HAVE_GETSPNAM && HAVE_ENDSPENT
|
||||
#if defined(linux) && !HAVE_ETC_SHADOW
|
||||
#define HAVE_SHADOW 0
|
||||
#else /* defined(linux) && !HAVE_ETC_SHADOW */
|
||||
#define HAVE_SHADOW 1
|
||||
#endif /* defined(linux) && !HAVE_ETC_SHADOW */
|
||||
#endif /* HAVE_SHADOW_H && HAVE_GETSPNAM && HAVE_ENDSPENT */
|
||||
|
||||
#if HAVE_SUNOS_C2_SHADOW && !HAVE_SHADOW
|
||||
#undef HAVE_SHADOW
|
||||
#define HAVE_SHADOW 1
|
||||
#endif /* HAVE_SUNOS_C2_SHADOW && !HAVE_SHADOW */
|
||||
|
||||
/* If the user didn't specify, default to MD5 */
|
||||
#ifndef MDX
|
||||
#define MDX 5
|
||||
#endif /* MDX */
|
||||
|
||||
#ifndef _PATH_BSHELL
|
||||
#define _PATH_BSHELL "/bin/sh"
|
||||
#endif
|
||||
|
||||
#ifndef _PATH_DEVNULL
|
||||
#define _PATH_DEVNULL "/dev/null"
|
||||
#endif
|
||||
|
||||
#ifndef _PATH_FTPUSERS
|
||||
#define _PATH_FTPUSERS "/etc/ftpusers"
|
||||
#endif
|
||||
|
||||
#ifndef _PATH_FTPLOGINMESG
|
||||
#define _PATH_FTPLOGINMESG "/etc/ftpmotd"
|
||||
#endif /* _PATH_FTPLOGINMESG */
|
||||
|
||||
#ifndef _PATH_FTPWELCOME
|
||||
#define _PATH_FTPWELCOME "/etc/ftpwelcome"
|
||||
#endif /* _PATH_FTPWELCOME */
|
||||
|
||||
#ifndef _PATH_NOLOGIN
|
||||
#define _PATH_NOLOGIN "/etc/nologin"
|
||||
#endif /* _PATH_NOLOGIN */
|
||||
|
||||
#ifndef TTYGRPNAME
|
||||
#define TTYGRPNAME "tty" /* name of group to own ttys */
|
||||
#endif
|
||||
|
||||
#ifndef QUIET_LOGIN_FILE
|
||||
#define QUIET_LOGIN_FILE ".hushlogin"
|
||||
#endif
|
||||
|
||||
#ifndef OPIE_ALWAYS_FILE
|
||||
#define OPIE_ALWAYS_FILE ".opiealways"
|
||||
#endif
|
||||
|
||||
#ifndef OPIE_LOCK_TIMEOUT
|
||||
#define OPIE_LOCK_TIMEOUT (30*60)
|
||||
#endif
|
||||
|
||||
#ifndef MOTD_FILE
|
||||
#define MOTD_FILE "/etc/motd"
|
||||
#endif
|
||||
|
||||
#ifndef LOGIN_PATH
|
||||
#define LOGIN_PATH "/usr/ucb:/bin:/usr/bin"
|
||||
#endif /* LOGIN_PATH */
|
||||
|
||||
#ifndef POINTER
|
||||
#define POINTER unsigned char *
|
||||
#endif /* POINTER */
|
||||
|
||||
#ifdef HAVE_SUNOS_C2_SHADOW
|
||||
struct spwd {
|
||||
char *sp_pwdp;
|
||||
};
|
||||
#endif /* HAVE_SUNOS_C2_SHADOW */
|
||||
|
||||
#define _OPIE 1
|
||||
#endif /* _OPIE_CFG_H */
|
|
@ -1,92 +0,0 @@
|
|||
.\" opieaccess.5: Manual page describing the /etc/opieaccess file.
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Modified by cmetz for OPIE 2.4. Fixed "0PIE" typo.
|
||||
.\" Written at NRL for OPIE 2.0.
|
||||
.\"
|
||||
.ll 6i
|
||||
.pl 10.5i
|
||||
.\" @(#)opieaccess.5 2.0 (NRL) 1/10/95
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.lt 6.0i
|
||||
.TH OPIEACCESS 5 "January 10, 1995"
|
||||
.AT 3
|
||||
.SH NAME
|
||||
/etc/opieaccess \- OPIE database of trusted networks
|
||||
|
||||
.SH DEPRECATION NOTICE
|
||||
OPIE is deprecated, and may not be available in FreeBSD 14.0 and later.
|
||||
|
||||
.SH DESCRIPTION
|
||||
The
|
||||
.I opieaccess
|
||||
file contains a list of networks that are considered trusted by the system as
|
||||
far as security against passive attacks is concerned. Users from networks so
|
||||
trusted will be able to log in using OPIE responses, but not be required to
|
||||
do so, while users from networks that are not trusted will always be required
|
||||
to use OPIE responses (the default behavior). This trust allows a site to
|
||||
have a more gentle migration to OPIE by allowing it to be non-mandatory for
|
||||
"inside" networks while allowing users to choose whether they with to use OPIE
|
||||
to protect their passwords or not.
|
||||
.sp
|
||||
The entire notion of trust implemented in the
|
||||
.I opieaccess
|
||||
file is a major security hole because it opens your system back up to the same
|
||||
passive attacks that the OPIE system is designed to protect you against. The
|
||||
.I opieaccess
|
||||
support in this version of OPIE exists solely because we believe that it is
|
||||
better to have it so that users who don't want their accounts broken into can
|
||||
use OPIE than to have them prevented from doing so by users who don't want
|
||||
to use OPIE. In any environment, it should be considered a transition tool and
|
||||
not a permanent fixture. When it is not being used as a transition tool, a
|
||||
version of OPIE that has been built without support for the
|
||||
.I opieaccess
|
||||
file should be built to prevent the possibility of an attacker using this file
|
||||
as a means to circumvent the OPIE software.
|
||||
.sp
|
||||
The
|
||||
.I opieaccess
|
||||
file consists of lines containing three fields separated by spaces (tabs are
|
||||
properly interpreted, but spaces should be used instead) as follows:
|
||||
.PP
|
||||
.nf
|
||||
.ta \w' 'u
|
||||
Field Description
|
||||
action "permit" or "deny" non-OPIE logins
|
||||
address Address of the network to match
|
||||
mask Mask of the network to match
|
||||
.fi
|
||||
|
||||
Subnets can be controlled by using the appropriate address and mask. Individual
|
||||
hosts can be controlled by using the appropriate address and a mask of
|
||||
255.255.255.255. If no rules are matched, the default is to deny non-OPIE
|
||||
logins.
|
||||
|
||||
.SH SEE ALSO
|
||||
.BR ftpd (8)
|
||||
.BR login (1),
|
||||
.BR opie (4),
|
||||
.BR opiekeys (5),
|
||||
.BR opiepasswd (1),
|
||||
.BR opieinfo (1),
|
||||
.BR su (1),
|
||||
|
||||
.SH AUTHOR
|
||||
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
||||
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
||||
Craig Metz.
|
||||
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
|
@ -1,386 +0,0 @@
|
|||
/* opieauto.c: The opieauto program.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Created by cmetz for OPIE 2.4 based on previously released
|
||||
test code. Use opiestrncpy().
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
#if HAVE_SYS_TIME_H
|
||||
#include <sys/time.h>
|
||||
#endif /* HAVE_SYS_TIME_H */
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#include <getopt.h>
|
||||
#if HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif /* HAVE_STDLIB_H */
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
#ifndef max
|
||||
#define max(x, y) (((x) > (y)) ? (x) : (y))
|
||||
#endif /* max */
|
||||
|
||||
int window = 10;
|
||||
char *myname = NULL;
|
||||
|
||||
uid_t myuid = 0;
|
||||
|
||||
#define MAXCLIENTS 2
|
||||
int parents, s[MAXCLIENTS + 1];
|
||||
|
||||
char cmd[1+1+1+1+4+1+OPIE_SEED_MAX+1+4+1+4+1+4+1+4+1];
|
||||
|
||||
struct cachedotp {
|
||||
struct cachedotp *next;
|
||||
int algorithm, base, current;
|
||||
struct opie_otpkey basekey;
|
||||
char seed[OPIE_SEED_MAX+1];
|
||||
};
|
||||
|
||||
struct cachedotp *head = NULL;
|
||||
|
||||
char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
|
||||
|
||||
void baile(x) {
|
||||
fprintf(stderr, "%s: %s: %s(%d)\n", myname, x, strerror(errno), errno);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
void bail(x) {
|
||||
fprintf(stderr, "%s: %s\n", myname, x);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
void zerocache(void)
|
||||
{
|
||||
struct cachedotp *c = head, *c2;
|
||||
|
||||
while(c) {
|
||||
c2 = c->next;
|
||||
memset(c, 0, sizeof(struct cachedotp));
|
||||
c = c2;
|
||||
};
|
||||
};
|
||||
|
||||
int doreq(int fd)
|
||||
{
|
||||
int algorithm, sequence, i;
|
||||
char *seed = NULL, *response = NULL;
|
||||
|
||||
if (((cmd[0] != 'S') && (cmd[0] != 's')) || (cmd[1] != '=') || (cmd[2] != ' ')) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "%s: got bogus command: %s\n", myname, cmd);
|
||||
#endif /* DEBUG */
|
||||
goto error;
|
||||
};
|
||||
|
||||
{
|
||||
char *c;
|
||||
|
||||
if (((algorithm = strtoul(&cmd[3], &c, 10)) < 3) || (algorithm > 5) || (*c != ' ')) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "%s: got bogus algorithm: %s\n", myname, cmd);
|
||||
#endif /* DEBUG */
|
||||
goto error;
|
||||
};
|
||||
|
||||
if (((sequence = strtoul(c + 1, &c, 10)) <= OPIE_SEQUENCE_RESTRICT) || (sequence > OPIE_SEQUENCE_MAX)) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "%s: got bogus sequence: %s\n", myname, cmd);
|
||||
#endif /* DEBUG */
|
||||
goto error;
|
||||
};
|
||||
|
||||
if (cmd[0] == 'S') {
|
||||
if (!(c = strchr(seed = c + 1, ' '))) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "%s: got bogus seed: %s\n", myname, cmd);
|
||||
#endif /* DEBUG */
|
||||
goto error;
|
||||
};
|
||||
|
||||
*c = 0;
|
||||
|
||||
if (!(c = strchr(response = c + 1, '\n'))) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "%s: got bogus response: %s\n", myname, cmd);
|
||||
#endif /* DEBUG */
|
||||
goto error;
|
||||
};
|
||||
|
||||
*c = 0;
|
||||
} else {
|
||||
if (!(c = strchr(seed = c + 1, '\n'))) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "%s: got bogus seed: %s\n", myname, cmd);
|
||||
#endif /* DEBUG */
|
||||
goto error;
|
||||
};
|
||||
|
||||
*c = 0;
|
||||
};
|
||||
};
|
||||
|
||||
#if DEBUG
|
||||
fprintf(stderr, "got cmd=%c, algorithm=%d sequence=%d seed=+%s+ response=+%s+ on fd %d\n", cmd[0], algorithm, sequence, seed, response, fd);
|
||||
#endif /* DEBUG */
|
||||
|
||||
seed = strdup(seed);
|
||||
|
||||
if (sequence < 10) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "sequence < 10; can't do it\n");
|
||||
#endif /* DEBUG */
|
||||
sprintf(cmd, "%c- %d %d %s\n", cmd[0], algorithm, sequence, seed);
|
||||
};
|
||||
|
||||
{
|
||||
struct cachedotp **c;
|
||||
|
||||
for (c = &head; *c && (strcmp((*c)->seed, seed) || ((*c)->algorithm != algorithm)); c = &((*c)->next));
|
||||
if (!(*c)) {
|
||||
if (cmd[0] == 's') {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "(seed, algorithm) not found for s command\n");
|
||||
#endif /* DEBUG */
|
||||
sprintf(cmd, "s- %d %d %s\n", algorithm, sequence, seed);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!(*c = malloc(sizeof(struct cachedotp))))
|
||||
baile("malloc");
|
||||
memset(*c, 0, sizeof(struct cachedotp));
|
||||
|
||||
(*c)->algorithm = algorithm;
|
||||
opiestrncpy((*c)->seed, seed, OPIE_SEED_MAX);
|
||||
};
|
||||
|
||||
if (cmd[0] == 'S') {
|
||||
(*c)->base = max(sequence - window + 1, OPIE_SEQUENCE_RESTRICT);
|
||||
(*c)->current = sequence;
|
||||
|
||||
if (!opieatob8(&(*c)->basekey, response))
|
||||
goto error;
|
||||
|
||||
sprintf(cmd, "S+ %d %d %s\n", algorithm, sequence, (*c)->seed);
|
||||
} else {
|
||||
if (sequence != ((*c)->current - 1)) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "out of sequence: sequence=%d, base=%d, current=%d\n", sequence, (*c)->base, (*c)->current);
|
||||
#endif /* DEBUG */
|
||||
sprintf(cmd, "s- %d %d %s\n", algorithm, sequence, (*c)->seed);
|
||||
goto out;
|
||||
};
|
||||
|
||||
if (sequence < (*c)->base) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "attempt to generate below base: sequence=%d, base=%d, current=%d\n", sequence, (*c)->base, (*c)->current);
|
||||
#endif /* DEBUG */
|
||||
sprintf(cmd, "s- %d %d %s\n", algorithm, sequence, (*c)->seed);
|
||||
goto out;
|
||||
};
|
||||
|
||||
(*c)->current = sequence;
|
||||
i = sequence - (*c)->base;
|
||||
{
|
||||
struct opie_otpkey key;
|
||||
char buffer[16+1];
|
||||
|
||||
key = (*c)->basekey;
|
||||
while(i--)
|
||||
opiehash(&key, algorithm);
|
||||
|
||||
opiebtoa8(buffer, &key);
|
||||
sprintf(cmd, "s+ %d %d %s %s\n", algorithm, sequence, (*c)->seed, buffer);
|
||||
};
|
||||
};
|
||||
|
||||
printf("%c otp-%s %d %s (%d/%d)\n", cmd[0], algids[algorithm], sequence, (*c)->seed, sequence - (*c)->base, window);
|
||||
fflush(stdout);
|
||||
|
||||
if (sequence == (*c)->base) {
|
||||
struct cachedotp *c2 = *c;
|
||||
*c = (*c)->next;
|
||||
memset(c2, 0, sizeof(struct cachedotp));
|
||||
free(c2);
|
||||
};
|
||||
};
|
||||
|
||||
out:
|
||||
write(fd, cmd, i = strlen(cmd));
|
||||
free(seed);
|
||||
return 0;
|
||||
|
||||
error:
|
||||
fprintf(stderr, "Invalid command on fd %d\n", fd);
|
||||
if (seed)
|
||||
free(seed);
|
||||
return -1;
|
||||
}
|
||||
|
||||
static void usage()
|
||||
{
|
||||
fprintf(stderr, "usage: %s [-v] [-h] [-q] [-n <number of OTPs>]\n", myname);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int i;
|
||||
struct stat st;
|
||||
char *sockpath;
|
||||
|
||||
if (myname = strrchr(argv[0], '/'))
|
||||
myname++;
|
||||
else
|
||||
myname = argv[0];
|
||||
|
||||
while((i = getopt(argc, argv, "w:hv")) != EOF) {
|
||||
switch(i) {
|
||||
case 'v':
|
||||
opieversion();
|
||||
|
||||
case 'w':
|
||||
if (!(window = atoi(optarg))) {
|
||||
fprintf(stderr, "%s: invalid number of OTPs: %s\n", myname, optarg);
|
||||
exit(1);
|
||||
};
|
||||
break;
|
||||
|
||||
default:
|
||||
usage();
|
||||
}
|
||||
};
|
||||
|
||||
{
|
||||
uid_t myeuid;
|
||||
|
||||
if (!(myuid = getuid()) || !(myeuid = geteuid()) || (myuid != myeuid))
|
||||
bail("this program must not be run with superuser priveleges or setuid.");
|
||||
};
|
||||
|
||||
if (atexit(zerocache) < 0)
|
||||
baile("atexit");
|
||||
|
||||
{
|
||||
struct sockaddr_un sun;
|
||||
|
||||
memset(&sun, 0, sizeof(struct sockaddr_un));
|
||||
sun.sun_family = AF_UNIX;
|
||||
|
||||
{
|
||||
char *c;
|
||||
char *c2 = "/.opieauto";
|
||||
|
||||
if (!(c = getenv("HOME")))
|
||||
bail("getenv(HOME) failed -- no HOME variable?");
|
||||
|
||||
if (strlen(c) > (sizeof(sun.sun_path) - strlen(c2) - 1))
|
||||
bail("your HOME is too long");
|
||||
|
||||
strcpy(sun.sun_path, c);
|
||||
strcat(sun.sun_path, c2);
|
||||
sockpath = strdup(sun.sun_path);
|
||||
};
|
||||
|
||||
if ((parents = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
|
||||
baile("socket");
|
||||
|
||||
if (unlink(sockpath) && (errno != ENOENT))
|
||||
baile("unlink");
|
||||
|
||||
if (umask(0177) < 0)
|
||||
baile("umask");
|
||||
|
||||
if (bind(parents, (struct sockaddr *)&sun, sizeof(struct sockaddr_un)))
|
||||
baile("bind");
|
||||
|
||||
if (stat(sockpath, &st) < 0)
|
||||
baile("stat");
|
||||
|
||||
if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600))
|
||||
bail("socket permissions and/or ownership were not correctly created.");
|
||||
|
||||
if (listen(parents, 1) < 0)
|
||||
baile("listen");
|
||||
};
|
||||
|
||||
{
|
||||
fd_set fds, rfds, efds;
|
||||
int maxfd = parents;
|
||||
int i, j;
|
||||
|
||||
FD_ZERO(&fds);
|
||||
FD_SET(parents, &fds);
|
||||
|
||||
while(1) {
|
||||
memcpy(&rfds, &fds, sizeof(fd_set));
|
||||
|
||||
if (select(maxfd + 1, &rfds, NULL, NULL, NULL) < 0)
|
||||
baile("select");
|
||||
|
||||
for (i = 0; s[i]; i++) {
|
||||
if (!FD_ISSET(s[i], &rfds))
|
||||
continue;
|
||||
|
||||
if (((j = read(s[i], cmd, sizeof(cmd)-1)) <= 0) || ((cmd[j] = 0) || doreq(s[i]))) {
|
||||
close(s[i]);
|
||||
FD_CLR(s[i], &fds);
|
||||
|
||||
if (s[i] == maxfd)
|
||||
maxfd--;
|
||||
|
||||
for (j = i; s[j]; s[j] = s[j + 1], j++);
|
||||
FD_SET(parents, &fds);
|
||||
i--;
|
||||
continue;
|
||||
};
|
||||
};
|
||||
|
||||
if (FD_ISSET(parents, &rfds)) {
|
||||
for (i = 0; s[i]; i++)
|
||||
if (i > MAXCLIENTS)
|
||||
bail("this message never printed");
|
||||
|
||||
if (stat(sockpath, &st) < 0)
|
||||
baile("stat");
|
||||
|
||||
if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600))
|
||||
bail("socket permissions and/or ownership has been messed with.");
|
||||
|
||||
if ((s[i] = accept(parents, NULL, 0)) < 0)
|
||||
baile("accept");
|
||||
|
||||
FD_SET(s[i], &fds);
|
||||
if (s[i] > maxfd)
|
||||
maxfd = s[i];
|
||||
|
||||
sprintf(cmd, "C+ %d\n", window);
|
||||
if (write(s[i], cmd, j = strlen(cmd)) != j)
|
||||
baile("write");
|
||||
|
||||
if (++i == MAXCLIENTS)
|
||||
FD_CLR(parents, &fds);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,294 +0,0 @@
|
|||
.\" opieftpd.8: Manual page describing the FTP daemon.
|
||||
.\"
|
||||
.\" %%% portions-copyright-cmetz-98
|
||||
.\" Portions of this software are Copyright 1998-1999 by Craig Metz, All Rights
|
||||
.\" Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
.\" the software.
|
||||
.\" You should have received a copy of the license with this software. If
|
||||
.\" you didn't get a copy, you may request one from <license@inner.net>.
|
||||
.\"
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Modified by cmetz for OPIE 2.4. Document -u option.
|
||||
.\" Modified at NRL for OPIE 2.0.
|
||||
.\" Originally from BSD.
|
||||
.\"
|
||||
.\" NOTE:
|
||||
.\"
|
||||
.\" This manual page uses the BSD >= Net/2 "mandoc" macros and may not
|
||||
.\" format properly on all systems.
|
||||
.\"
|
||||
.\" Copyright (c) 1985, 1988, 1991 The Regents of the University of California.
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\" 3. All advertising materials mentioning features or use of this software
|
||||
.\" must display the following acknowledgement:
|
||||
.\" This product includes software developed by the University of
|
||||
.\" California, Berkeley and its contributors.
|
||||
.\" 4. Neither the name of the University nor the names of its contributors
|
||||
.\" may be used to endorse or promote products derived from this software
|
||||
.\" without specific prior written permission.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" @(#)opieopieftpd.8 6.9 (Berkeley) 3/16/91
|
||||
.\"
|
||||
.TH OPIEFTPD 8 "10 January 1995"
|
||||
|
||||
.SH NAME
|
||||
opieftpd \- File Transfer Protocol server that uses OPIE authentication
|
||||
|
||||
.SH SYNOPSIS
|
||||
.B opieftpd
|
||||
[\-d] [\-l] [\-t
|
||||
.I timeout
|
||||
] [\-T
|
||||
.I maxtimeout
|
||||
] [\-u
|
||||
.I umask
|
||||
]
|
||||
|
||||
.SH DESCRIPTION
|
||||
.I opieftpd
|
||||
is the Internet File Transfer Protocol server process. The server uses the
|
||||
TCP protocol and listens at the port specified in the ftp service
|
||||
specification; see
|
||||
.IR services (5).
|
||||
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.B \-d
|
||||
Debugging information is written to the system logs.
|
||||
.TP
|
||||
.B \-l
|
||||
Each
|
||||
.IR ftp (1)
|
||||
session is logged in the system logs.
|
||||
.TP
|
||||
.B \-t
|
||||
The inactivity timeout period is set to
|
||||
.I timeout
|
||||
seconds (the default is 15 minutes).
|
||||
.TP
|
||||
.B \-T
|
||||
A client may also request a different timeout period;
|
||||
the maximum period allowed may be set to
|
||||
.I maxtimeout
|
||||
seconds with the
|
||||
.B \-T
|
||||
option. The default limit is 2 hours.
|
||||
.B \-u
|
||||
Set the default umask value to
|
||||
.I umask.
|
||||
.SH COMMANDS
|
||||
The ftp server currently supports the following ftp
|
||||
requests; case is not distinguished:
|
||||
.PP
|
||||
.nf
|
||||
.ta \w'Request 'u
|
||||
Request Description
|
||||
ABOR abort previous command
|
||||
ACCT specify account (ignored)
|
||||
ALLO allocate storage (vacuously)
|
||||
APPE append to a file
|
||||
CDUP change to parent of current working directory
|
||||
CWD change working directory
|
||||
DELE delete a file
|
||||
HELP give help information
|
||||
LIST give a list of files in a directory
|
||||
MKD make a directory
|
||||
MDTM show last modification time of file
|
||||
MODE specify data transfer mode
|
||||
NLST give name list of files in directory
|
||||
NOOP do nothing
|
||||
PASS specify password
|
||||
PASV prepare for server-to-server transfer
|
||||
PORT specify data connection port
|
||||
PWD print the current working directory
|
||||
QUIT terminate session
|
||||
REST restart incomplete transfer
|
||||
RETR retrieve a file
|
||||
RMD remove a directory
|
||||
RNFR specify rename-from file name
|
||||
RNTO specify rename-to file name
|
||||
SITE non-standard commands (see next section)
|
||||
SIZE return size of file
|
||||
STAT return status of server
|
||||
STOR store a file
|
||||
STOU store a file with a unique name
|
||||
STRU specify data transfer structure
|
||||
SYST show operating system type of server system
|
||||
TYPE specify data transfer type
|
||||
USER specify user name
|
||||
XCUP change to parent of current working directory (deprecated)
|
||||
XCWD change working directory (deprecated)
|
||||
XMKD make a directory (deprecated)
|
||||
XPWD print the current working directory (deprecated)
|
||||
XRMD remove a directory (deprecated)
|
||||
.fi
|
||||
|
||||
The following non-standard or UNIX-specific commands are supported
|
||||
by the SITE request:
|
||||
.PP
|
||||
.nf
|
||||
.ta \w'Request 'u
|
||||
Request Description
|
||||
UMASK change umask (e.g. SITE UMASK 002)
|
||||
IDLE set idle-timer (e.g. SITE IDLE 60)
|
||||
CHMOD change mode of a file (e.g. SITE CHMOD 755 file)
|
||||
HELP give help information (e.g. SITE HELP)
|
||||
.fi
|
||||
.sp
|
||||
The remaining ftp requests specified in Internet RFC-959 are
|
||||
recognized, but not implemented.
|
||||
.sp
|
||||
MDTM and SIZE are not specified in RFC-959, but will appear
|
||||
in the next updated FTP RFC.
|
||||
|
||||
The ftp server will abort an active file transfer only when the
|
||||
ABOR command is preceded by a Telnet "Interrupt Process" (IP)
|
||||
signal and a Telnet "Synch" signal in the command Telnet stream,
|
||||
as described in Internet RFC-959.
|
||||
If a STAT command is received during a data transfer, preceded by
|
||||
a Telnet IP and Synch, transfer status will be returned.
|
||||
.I opieftpd
|
||||
interprets file names according to the globbing conventions used by
|
||||
.IR csh (1).
|
||||
This allows users to utilize the metacharacters
|
||||
\&*?[]{}~.
|
||||
.sp
|
||||
.I opieftpd
|
||||
authenticates users according to three rules:
|
||||
.sp
|
||||
The user name must be in the password data base,
|
||||
.I /etc/passwd,
|
||||
and not have a null password. In this case, a password
|
||||
must be provided by the client before any file operations
|
||||
may be performed.
|
||||
.sp
|
||||
The user name must not appear in the file
|
||||
.I /etc/ftpusers.
|
||||
.sp
|
||||
The user must have a standard shell returned by
|
||||
.IR getusershell (3).
|
||||
.sp
|
||||
If the user name is
|
||||
.I anonymous
|
||||
or
|
||||
.I ftp,
|
||||
an anonymous ftp account must be present in the password
|
||||
file (user
|
||||
.I ftp ).
|
||||
In this case, the user is allowed to log in by specifying any
|
||||
password (by convention, this is given as the client host's name).
|
||||
|
||||
In the last case,
|
||||
.I opieftpd
|
||||
takes special measures to restrict the client's access privileges.
|
||||
The server performs a
|
||||
.IR chroot (2)
|
||||
command to the home directory of the
|
||||
.I ftp
|
||||
user.
|
||||
In order that system security is not breached, it is recommended
|
||||
that the
|
||||
.I ftp
|
||||
subtree be constructed with care; the following
|
||||
rules are recommended:
|
||||
.sp
|
||||
.TP
|
||||
.B ~ftp
|
||||
Make the home directory owned by
|
||||
.I ftp
|
||||
and unwritable by anyone.
|
||||
.TP
|
||||
.B ~ftp/bin
|
||||
Make this directory owned by the super-user and unwritable by
|
||||
anyone. The program
|
||||
.IR ls (1)
|
||||
must be present to support the LIST command. This
|
||||
program should have mode 111.
|
||||
.TP
|
||||
.B ~ftp/etc
|
||||
Make this directory owned by the super-user and unwritable by
|
||||
anyone. The files
|
||||
.IR passwd (5)
|
||||
and
|
||||
.IR group (5)
|
||||
must be present for the
|
||||
.IR ls (1)
|
||||
command to be able to produce owner names rather than numbers.
|
||||
The password field in
|
||||
.I passwd
|
||||
is not used, and should not contain real encrypted passwords.
|
||||
These files should be mode 444.
|
||||
.TP
|
||||
.B ~ftp/pub
|
||||
Make this directory mode 777 and owned by
|
||||
.I ftp.
|
||||
Users should then place files which are to be accessible via the
|
||||
anonymous account in this directory.
|
||||
.SH SEE ALSO
|
||||
.BR ftpd (8),
|
||||
.BR ftp (1),
|
||||
.BR opie (4),
|
||||
.BR opiekey (1),
|
||||
.BR opiepasswd (1),
|
||||
.BR opieinfo (1),
|
||||
.BR opiesu (1),
|
||||
.BR opieftpd (8),
|
||||
.BR opiekeys (5),
|
||||
.BR opieaccess (5)
|
||||
|
||||
.SH BUGS
|
||||
The anonymous account is inherently dangerous and should
|
||||
avoided when possible. In
|
||||
.I opieftpd,
|
||||
it is a compile-time option that should be disabled if it is not
|
||||
being used.
|
||||
The server must run as the super-user
|
||||
to create sockets with privileged port numbers. It maintains
|
||||
an effective user id of the logged in user, reverting to
|
||||
the super-user only when binding addresses to sockets. The
|
||||
possible security holes have been scrutinized, but are possibly incomplete.
|
||||
|
||||
.SH HISTORY
|
||||
The
|
||||
.I ftpd
|
||||
command appeared in 4.2BSD.
|
||||
|
||||
.SH AUTHOR
|
||||
Originally written for BSD,
|
||||
.I ftpd
|
||||
was modified at NRL by Randall Atkinson, Dan McDonald, and Craig Metz to
|
||||
support OTP authentication.
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
File diff suppressed because it is too large
Load diff
|
@ -1,90 +0,0 @@
|
|||
.\" opiegen.1: Manual page for the opiegen(1) program.
|
||||
.\"
|
||||
.\" %%% portions-copyright-cmetz-96
|
||||
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
.\" Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
.\" the software.
|
||||
.\" You should have received a copy of the license with this software. If
|
||||
.\" you didn't get a copy, you may request one from <license@inner.net>.
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Modified by cmetz for OPIE 2.4. Fixed *roff bug.
|
||||
.\" Created by cmetz for OPIE 2.2 from opiekey.1.
|
||||
.\"
|
||||
.ll 6i
|
||||
.pl 10.5i
|
||||
.lt 6.0i
|
||||
.TH OPIEKEY 1 "February 20, 1996"
|
||||
.AT 3
|
||||
.SH NAME
|
||||
opiegen \- Example OPIE-based OTP generator
|
||||
|
||||
.SH SYNOPSIS
|
||||
.B opiegen
|
||||
.sp 0
|
||||
[
|
||||
.I challenge
|
||||
]
|
||||
.sp 0
|
||||
|
||||
.SH DESCRIPTION
|
||||
.I opiegen
|
||||
takes a properly formed OTP challenge either from the command line or from
|
||||
standard input, prompts the user for a secret pass phrase, and generates an
|
||||
OTP response to that challenge. It is intended as an example for programmers
|
||||
of how a simple OTP generator can be built. Users should probably use the
|
||||
.I opiekey
|
||||
program instead.
|
||||
|
||||
.SH EXAMPLE
|
||||
.sp 0
|
||||
wintermute$ opiegen otp-md5 495 wi01309
|
||||
.sp 0
|
||||
Secret Pass Phrase:
|
||||
.sp 0
|
||||
GILL HUED GOES CHUM LIEU VAIN
|
||||
.sp 0
|
||||
wintermute$
|
||||
.LP
|
||||
|
||||
.SH BUGS
|
||||
.BR opiegen(1)
|
||||
can lull a user into revealing his/her password when remotely logged in, thus
|
||||
defeating the purpose of OPIE. This is especially a problem with xterm.
|
||||
.BR opiegen(1)
|
||||
implements simple checks to reduce the risk of a user making
|
||||
this mistake. Better checks are needed.
|
||||
.LP
|
||||
|
||||
.SH SEE ALSO
|
||||
.BR opiekey (1),
|
||||
.BR opieserv (1),
|
||||
.BR opie (4),
|
||||
.BR opiepasswd (1),
|
||||
.BR opieinfo (1),
|
||||
.BR opiesu (1),
|
||||
.BR opielogin (1),
|
||||
.BR opieftpd (8),
|
||||
.BR opiekeys (5),
|
||||
.BR opieaccess (5)
|
||||
|
||||
.SH AUTHOR
|
||||
The opiegen(1) program was created by Craig Metz for OPIE 2.2.
|
||||
|
||||
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
||||
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
||||
Craig Metz.
|
||||
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
|
@ -1,88 +0,0 @@
|
|||
/* opiegen.c: Sample OTP generator based on the opiegenerator()
|
||||
library routine.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.3. OPIE_PASS_MAX changed to
|
||||
OPIE_SECRET_MAX. Send debug info to syslog.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION definition et al.
|
||||
Fixed include order.
|
||||
Created at NRL for OPIE 2.2.
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
#include <stdio.h>
|
||||
#if DEBUG
|
||||
#include <syslog.h>
|
||||
#endif /* DEBUG */
|
||||
#include "opie.h"
|
||||
|
||||
int main FUNCTION((argc, argv), int argc AND char *argv[])
|
||||
{
|
||||
char buffer[OPIE_CHALLENGE_MAX+1];
|
||||
char secret[OPIE_SECRET_MAX+1];
|
||||
char response[OPIE_RESPONSE_MAX+1];
|
||||
int result;
|
||||
|
||||
if (opieinsecure()) {
|
||||
fputs("Sorry, but you don't seem to be on a secure terminal.\n", stderr);
|
||||
#if !DEBUG
|
||||
exit(1);
|
||||
#endif /* !DEBUG */
|
||||
}
|
||||
|
||||
if (argc <= 1) {
|
||||
fputs("Challenge: ", stderr);
|
||||
if (!opiereadpass(buffer, sizeof(buffer)-1, 1))
|
||||
fprintf(stderr, "Error reading challenge!");
|
||||
} else {
|
||||
char *ap, *ep, *c;
|
||||
int i;
|
||||
|
||||
ep = buffer + sizeof(buffer) - 1;
|
||||
for (i = 1, ap = buffer; (i < argc) && (ap < ep); i++) {
|
||||
c = argv[i];
|
||||
while ((*(ap++) = *(c++)) && (ap < ep));
|
||||
*(ap - 1) = ' ';
|
||||
}
|
||||
*(ap - 1) = 0;
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "opiegen: challenge is +%s+\n", buffer);
|
||||
#endif /* DEBUG */
|
||||
}
|
||||
buffer[sizeof(buffer)-1] = 0;
|
||||
|
||||
fputs("Secret pass phrase: ", stderr);
|
||||
if (!opiereadpass(secret, OPIE_SECRET_MAX, 0)) {
|
||||
fputs("Error reading secret pass phrase!\n", stderr);
|
||||
exit(1);
|
||||
};
|
||||
|
||||
switch (result = opiegenerator(buffer, secret, response)) {
|
||||
case -2:
|
||||
fputs("Not a valid OTP secret pass phrase.\n", stderr);
|
||||
break;
|
||||
case -1:
|
||||
fputs("Error processing challenge!\n", stderr);
|
||||
break;
|
||||
case 1:
|
||||
fputs("Not a valid OTP challenge.\n", stderr);
|
||||
break;
|
||||
case 0:
|
||||
fputs(response, stdout);
|
||||
fputc('\n', stdout);
|
||||
fflush(stdout);
|
||||
memset(secret, 0, sizeof(secret));
|
||||
exit(0);
|
||||
default:
|
||||
fprintf(stderr, "Unknown error %d!\n", result);
|
||||
}
|
||||
memset(secret, 0, sizeof(secret));
|
||||
return 1;
|
||||
}
|
|
@ -1,103 +0,0 @@
|
|||
.\" opieinfo.1: Manual page for the opieinfo(1) program.
|
||||
.\"
|
||||
.\" %%% portions-copyright-cmetz-96
|
||||
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
.\" Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
.\" the software.
|
||||
.\" You should have received a copy of the license with this software. If
|
||||
.\" you didn't get a copy, you may request one from <license@inner.net>.
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
|
||||
.\" Modified at NRL for OPIE 2.0.
|
||||
.\" Written at Bellcore for the S/Key Version 1 software distribution
|
||||
.\" (keyinfo.1).
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.ll 6i
|
||||
.pl 10.5i
|
||||
.lt 6.0i
|
||||
.TH OPIEINFO 1 "January 10, 1995"
|
||||
.AT 3
|
||||
.SH NAME
|
||||
opieinfo \- Extract sequence number and seed for future OPIE challenges.
|
||||
|
||||
.SH SYNOPSIS
|
||||
.B opieinfo
|
||||
[\-v] [\-h] [
|
||||
.I user_name
|
||||
]
|
||||
|
||||
.SH DEPRECATION NOTICE
|
||||
OPIE is deprecated, and may not be available in FreeBSD 14.0 and later.
|
||||
|
||||
.SH DESCRIPTION
|
||||
.I opieinfo
|
||||
takes an optional user name and writes the current sequence number
|
||||
and seed found in the OPIE key database for either the current user
|
||||
or the user specified. opiekey is compatible with the
|
||||
.IR keyinfo (1)
|
||||
program
|
||||
from Bellcore's S/Key Version 1 except that specification of a remote
|
||||
system name is not permitted.
|
||||
.sp
|
||||
.I opieinfo
|
||||
can be used to generate a listing of your future OPIE responses
|
||||
if you are going to be without an OPIE calculator and still need to log into
|
||||
the system. To do so, you would run something like:
|
||||
.sp
|
||||
.B opiekey \-n 42 `opieinfo`
|
||||
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.B \-v
|
||||
Display the version number and compile-time options, then exit.
|
||||
.TP
|
||||
.B \-h
|
||||
Display a brief help message and exit.
|
||||
.TP
|
||||
.B <user_name>
|
||||
The name of a user whose key information you wish to display. The default is
|
||||
the user running opieinfo.
|
||||
|
||||
.SH EXAMPLE
|
||||
.sp 0
|
||||
wintermute$ opieinfo
|
||||
.sp 0
|
||||
495 wi01309
|
||||
.sp 0
|
||||
wintermute$
|
||||
.LP
|
||||
|
||||
.SH FILES
|
||||
.TP
|
||||
/etc/opiekeys -- database of key information for the OPIE system.
|
||||
|
||||
.SH SEE ALSO
|
||||
.BR opie (4),
|
||||
.BR opiekey (1),
|
||||
.BR opiepasswd (1),
|
||||
.BR su (1),
|
||||
.BR login (1),
|
||||
.BR ftpd (8),
|
||||
.BR opiekeys (5)
|
||||
.BR opieaccess (5)
|
||||
|
||||
.SH AUTHOR
|
||||
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
||||
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
||||
Craig Metz.
|
||||
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
|
@ -1,105 +0,0 @@
|
|||
/*
|
||||
opieinfo: Print a user's current OPIE sequence number and seed
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.3. Removed unneeded debug message.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION definition et al.
|
||||
Fixed include order. Make everything static. Ifdef around
|
||||
some headers.
|
||||
Modified at NRL for OPIE 2.1. Substitute @@KEY_FILE@@. Re-write in
|
||||
C.
|
||||
Modified at NRL for OPIE 2.01. Remove hard-coded paths for grep and
|
||||
awk and let PATH take care of it. Substitute for Makefile
|
||||
variables $(EXISTS) and $(KEY_FILE). Only compute $WHO if
|
||||
there's a key file. Got rid of grep since awk can do the job
|
||||
itself.
|
||||
Modified at NRL for OPIE 2.0.
|
||||
Written at Bellcore for the S/Key Version 1 software distribution
|
||||
(keyinfo)
|
||||
|
||||
$FreeBSD$
|
||||
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#include <sys/param.h>
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#include "opie.h"
|
||||
|
||||
/* extern char *optarg; */
|
||||
/* extern int errno, optind; */
|
||||
|
||||
static char *getusername FUNCTION_NOARGS
|
||||
{
|
||||
char *login;
|
||||
|
||||
login = getlogin();
|
||||
if (login == NULL) {
|
||||
fprintf(stderr, "Cannot find login name\n");
|
||||
exit(1);
|
||||
}
|
||||
return login;
|
||||
}
|
||||
|
||||
int main FUNCTION((argc, argv), int argc AND char *argv[])
|
||||
{
|
||||
char *username;
|
||||
struct opie opie;
|
||||
int i;
|
||||
|
||||
while ((i = getopt(argc, argv, "hv")) != EOF) {
|
||||
switch (i) {
|
||||
case 'v':
|
||||
opieversion();
|
||||
case 'h':
|
||||
default:
|
||||
fprintf(stderr, "usage: %s [-h] [-v] [user_name]\n", argv[0]);
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
|
||||
if (optind < argc) {
|
||||
if (getuid() != 0) {
|
||||
fprintf(stderr, "Only superuser may get another user's keys\n");
|
||||
exit(1);
|
||||
}
|
||||
username = argv[optind];
|
||||
} else
|
||||
username = getusername();
|
||||
|
||||
if (strlen(username) >= MAXLOGNAME) {
|
||||
fprintf(stderr, "Username too long.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if ((i = opielookup(&opie, username)) && (i != 2)) {
|
||||
if (i < 0)
|
||||
fprintf(stderr, "Error opening database! (errno = %d)\n", errno);
|
||||
else
|
||||
fprintf(stderr, "%s not found in database.\n", username);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
printf("%d %s\n", opie.opie_n - 1, opie.opie_seed);
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -1,176 +0,0 @@
|
|||
.\" opiekey.1: Manual page for the opiekey(1) program.
|
||||
.\"
|
||||
.\" %%% portions-copyright-cmetz-96
|
||||
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
.\" Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
.\" the software.
|
||||
.\" You should have received a copy of the license with this software. If
|
||||
.\" you didn't get a copy, you may request one from <license@inner.net>.
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Modified by cmetz for OPIE 2.3. Added -t documentation. Removed
|
||||
.\" opie-bugs pointer. Removed opie-md5 and opie-md4 names. Fixed
|
||||
.\" a bolding bug. Added -f flag. Added escapes on flags. Minor
|
||||
.\" editorial changes. Updated example.
|
||||
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
|
||||
.\" Re-worded retype documentation. Added opiegen reference.
|
||||
.\" Added -x documentation.
|
||||
.\" Modified at NRL for OPIE 2.0.
|
||||
.\" Written at Bellcore for the S/Key Version 1 software distribution
|
||||
.\" (key.1).
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.ll 6i
|
||||
.pl 10.5i
|
||||
.lt 6.0i
|
||||
.TH OPIEKEY 1 "February 20, 1996"
|
||||
.AT 3
|
||||
.SH NAME
|
||||
opiekey, otp-md4, otp-md5 \- Programs for computing responses to OTP challenges.
|
||||
|
||||
.SH SYNOPSIS
|
||||
.B opiekey
|
||||
|
|
||||
.B otp-md4
|
||||
|
|
||||
.B otp-md5
|
||||
[\-v] [\-h] [\-f] [\-x]
|
||||
.sp 0
|
||||
[\-t
|
||||
.I
|
||||
type
|
||||
] [\-4|\-5]
|
||||
[\-a] [\-n
|
||||
.I count
|
||||
]
|
||||
.I sequence_number seed
|
||||
.sp 0
|
||||
|
||||
.SH DEPRECATION NOTICE
|
||||
OPIE is deprecated, and may not be available in FreeBSD 14.0 and later.
|
||||
|
||||
.SH DESCRIPTION
|
||||
.I opiekey
|
||||
takes the optional count of the number of responses to
|
||||
print along with a (maximum) sequence number and seed as command line
|
||||
args. It prompts for the user's secret pass phrase and produces an OPIE
|
||||
response as six words. If compiled to do so, it can prompt for the user's
|
||||
secret pass phrase twice to help reduce errors due to mistypes. The second
|
||||
password entry can be circumvented by entering only an end of line.
|
||||
.I opiekey
|
||||
is downward compatible with the
|
||||
.IR key (1)
|
||||
program from the Bellcore S/Key Version 1 distribution and several of its
|
||||
variants.
|
||||
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.B \-v
|
||||
Display the version number and compile-time options, then exit.
|
||||
.TP
|
||||
.B \-h
|
||||
Display a brief help message and exit.
|
||||
.TP
|
||||
.B \-4, \-5
|
||||
Selects MD4 or MD5, respectively, as the response generation algorithm. The
|
||||
default for otp-md4 is MD4 and the default for opie-md5 is MD5. The default
|
||||
for opiekey depends on compile-time configuration, but should be MD5. MD4 is
|
||||
compatible with the Bellcore S/Key Version 1 distribution.
|
||||
.TP
|
||||
.B \-f
|
||||
Force
|
||||
.I opiekey
|
||||
to continue, even where it normally shouldn't. This is currently used to
|
||||
force opiekey to operate in even from terminals it believes to be insecure.
|
||||
It can also allow users to disclose their secret pass phrases to attackers.
|
||||
Use of the -f flag may be disabled by compile-time option in your particular
|
||||
build of OPIE.
|
||||
.TP
|
||||
.B \-a
|
||||
Allows you to input an arbitrary secret pass phrase, instead of running checks
|
||||
against it. Arbitrary currently does not include '\\0' or '\\n' characters. This
|
||||
can be used for backwards compatibility with key generators that do not check
|
||||
passwords.
|
||||
.TP
|
||||
.B \-n <count>
|
||||
the number of one time access passwords to print.
|
||||
The default is one.
|
||||
.TP
|
||||
.B \-x
|
||||
Output the OTPs as hexadecimal numbers instead of six words.
|
||||
.TP
|
||||
.B \-t <type>
|
||||
Generate an extended response of the specified type. Supported types are:
|
||||
.sp 1
|
||||
word six-word
|
||||
.sp 0
|
||||
hex hexadecimal
|
||||
.sp 0
|
||||
init hexadecimal re-initialization
|
||||
.sp 0
|
||||
init-word six-word re-initialization
|
||||
.sp 1
|
||||
The re-initialization responses
|
||||
.I always
|
||||
generate the simple active attack protection.
|
||||
.TP
|
||||
.SH EXAMPLE
|
||||
.sp 0
|
||||
wintermute$ opiekey \-5 \-n 5 495 wi01309
|
||||
.sp 0
|
||||
Using MD5 algorithm to compute response.
|
||||
.sp 0
|
||||
Reminder: Don't use opiekey from telnet or dial-in sessions.
|
||||
.sp 0
|
||||
Enter secret pass phrase:
|
||||
.sp 0
|
||||
491: HOST VET FOWL SEEK IOWA YAP
|
||||
.sp 0
|
||||
492: JOB ARTS WERE FEAT TILE IBIS
|
||||
.sp 0
|
||||
493: TRUE BRED JOEL USER HALT EBEN
|
||||
.sp 0
|
||||
494: HOOD WED MOLT PAN FED RUBY
|
||||
.sp 0
|
||||
495: SUB YAW BILE GLEE OWE NOR
|
||||
.sp 0
|
||||
wintermute$
|
||||
.LP
|
||||
|
||||
.SH BUGS
|
||||
.BR opiekey(1)
|
||||
can lull a user into revealing his/her password when remotely logged in, thus
|
||||
defeating the purpose of OPIE. This is especially a problem with xterm.
|
||||
.BR opiekey(1)
|
||||
implements simple checks to reduce the risk of a user making
|
||||
this mistake. Better checks are needed.
|
||||
.LP
|
||||
|
||||
.SH SEE ALSO
|
||||
.BR ftpd (8),
|
||||
.BR login (1),
|
||||
.BR opie (4),
|
||||
.BR opiepasswd (1),
|
||||
.BR opieinfo (1),
|
||||
.BR opiekeys (5),
|
||||
.BR opieaccess (5),
|
||||
.BR su (1)
|
||||
|
||||
.SH AUTHOR
|
||||
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
||||
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
||||
Craig Metz.
|
||||
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
|
@ -1,347 +0,0 @@
|
|||
/* opiekey.c: Stand-alone program for computing responses to OTP challenges.
|
||||
|
||||
Takes a sequence number and seed (presumably from an OPIE challenge)
|
||||
as command line arguments, prompts for the user's secret pass phrase,
|
||||
and outputs a response.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
|
||||
Modified by cmetz for OPIE 2.31. Renamed "init" and RESPONSE_INIT
|
||||
to "init-hex" and RESPONSE_INIT_HEX. Removed active attack
|
||||
protection support.
|
||||
Modified by cmetz for OPIE 2.3. OPIE_PASS_MAX changed to
|
||||
OPIE_SECRET_MAX. Added extended responses, which created
|
||||
lots of changes. Eliminated extra variable. Added -x and
|
||||
-t to help. Added -f flag. Added SHA support.
|
||||
Modified by cmetz for OPIE 2.22. Print newline after seed too long
|
||||
message. Check for minimum seed length. Correct a grammar
|
||||
error.
|
||||
Modified at NRL for OPIE 2.2. Check opiereadpass() return.
|
||||
Change opiereadpass() calls to add echo arg. Use FUNCTION
|
||||
definition et al. Check seed length here, too. Added back
|
||||
hex output. Reworked final output function.
|
||||
Modified at NRL for OPIE 2.0.
|
||||
Written at Bellcore for the S/Key Version 1 software distribution
|
||||
(skey.c).
|
||||
|
||||
$FreeBSD$
|
||||
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
#ifdef __MSDOS__
|
||||
#include <dos.h>
|
||||
#endif
|
||||
|
||||
#if HAVE_FCNTL_H
|
||||
#include <fcntl.h>
|
||||
#endif /* HAVE_FCNTL_H */
|
||||
|
||||
extern char *optarg;
|
||||
extern int optind, opterr;
|
||||
|
||||
int aflag = 0;
|
||||
|
||||
char *algnames[] = { NULL, NULL, NULL, "SHA-1", "MD4", "MD5" };
|
||||
char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
|
||||
|
||||
/******** Begin real source code ***************/
|
||||
|
||||
static VOIDRET usage FUNCTION((s), char *s)
|
||||
{
|
||||
fprintf(stderr, "usage: %s [-v] [-h] [-f] [-x] [-t type] [-4 | -5 | -s] [-a] [-n count] sequence_number seed\n", s);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
#define RESPONSE_STANDARD 0
|
||||
#define RESPONSE_WORD 1
|
||||
#define RESPONSE_HEX 2
|
||||
#define RESPONSE_INIT_HEX 3
|
||||
#define RESPONSE_INIT_WORD 4
|
||||
#define RESPONSE_UNKNOWN 5
|
||||
|
||||
struct _rtrans {
|
||||
int type;
|
||||
char *name;
|
||||
};
|
||||
|
||||
static struct _rtrans rtrans[] = {
|
||||
{ RESPONSE_WORD, "word" },
|
||||
{ RESPONSE_HEX, "hex" },
|
||||
{ RESPONSE_INIT_HEX, "init-hex" },
|
||||
{ RESPONSE_INIT_WORD, "init-word" },
|
||||
{ RESPONSE_STANDARD, "" },
|
||||
{ RESPONSE_STANDARD, "standard" },
|
||||
{ RESPONSE_STANDARD, "otp" },
|
||||
{ RESPONSE_UNKNOWN, NULL }
|
||||
};
|
||||
|
||||
static void getsecret FUNCTION((secret, promptextra, retype), char *secret AND char *promptextra AND int flags)
|
||||
{
|
||||
fprintf(stderr, "Enter %ssecret pass phrase: ", promptextra);
|
||||
if (!opiereadpass(secret, OPIE_SECRET_MAX, 0)) {
|
||||
fprintf(stderr, "Error reading %ssecret pass phrase!\n", promptextra);
|
||||
exit(1);
|
||||
}
|
||||
if (secret[0] && (flags & 1)) {
|
||||
char verify[OPIE_SECRET_MAX + 1];
|
||||
|
||||
fprintf(stderr, "Again %ssecret pass phrase: ", promptextra);
|
||||
if (!opiereadpass(verify, OPIE_SECRET_MAX, 0)) {
|
||||
fprintf(stderr, "Error reading %ssecret pass phrase!\n", promptextra);
|
||||
memset(verify, 0, sizeof(verify));
|
||||
memset(secret, 0, OPIE_SECRET_MAX + 1);
|
||||
exit(1);
|
||||
}
|
||||
if (verify[0] && strcmp(verify, secret)) {
|
||||
fprintf(stderr, "They don't match. Try again.\n");
|
||||
memset(verify, 0, sizeof(verify));
|
||||
memset(secret, 0, OPIE_SECRET_MAX + 1);
|
||||
exit(1);
|
||||
}
|
||||
memset(verify, 0, sizeof(verify));
|
||||
}
|
||||
if (!(flags & 2) && !aflag && opiepasscheck(secret)) {
|
||||
memset(secret, 0, OPIE_SECRET_MAX + 1);
|
||||
fprintf(stderr, "Secret pass phrases must be between %d and %d characters long.\n", OPIE_SECRET_MIN, OPIE_SECRET_MAX);
|
||||
exit(1);
|
||||
};
|
||||
}
|
||||
|
||||
int main FUNCTION((argc, argv), int argc AND char *argv[])
|
||||
{
|
||||
/* variable declarations */
|
||||
unsigned algorithm = MDX; /* default algorithm per Makefile's MDX
|
||||
symbol */
|
||||
int keynum = 0;
|
||||
int i;
|
||||
int count = 1;
|
||||
char secret[OPIE_SECRET_MAX + 1], newsecret[OPIE_SECRET_MAX + 1];
|
||||
struct opie_otpkey key, newkey;
|
||||
char *seed, newseed[OPIE_SEED_MAX + 1];
|
||||
char response[OPIE_RESPONSE_MAX + 1];
|
||||
char *slash;
|
||||
int hex = 0;
|
||||
int type = RESPONSE_STANDARD;
|
||||
int force = 0;
|
||||
|
||||
if (slash = strrchr(argv[0], '/'))
|
||||
slash++;
|
||||
else
|
||||
slash = argv[0];
|
||||
|
||||
if (!strcmp(slash, "key") || strstr(slash, "md4"))
|
||||
algorithm = 4;
|
||||
|
||||
if (strstr(slash, "md5"))
|
||||
algorithm = 5;
|
||||
|
||||
if (strstr(slash, "sha"))
|
||||
algorithm = 3;
|
||||
|
||||
while ((i = getopt(argc, argv, "fhvn:x45at:s")) != EOF) {
|
||||
switch (i) {
|
||||
case 'v':
|
||||
opieversion();
|
||||
|
||||
case 'n':
|
||||
count = atoi(optarg);
|
||||
break;
|
||||
|
||||
case 'x':
|
||||
hex = 1;
|
||||
break;
|
||||
|
||||
case 'f':
|
||||
#if INSECURE_OVERRIDE
|
||||
force = 1;
|
||||
#else /* INSECURE_OVERRIDE */
|
||||
fprintf(stderr, "Sorry, but the -f option is not supported by this build of OPIE.\n");
|
||||
#endif /* INSECURE_OVERRIDE */
|
||||
break;
|
||||
|
||||
case '4':
|
||||
/* use MD4 algorithm */
|
||||
algorithm = 4;
|
||||
break;
|
||||
|
||||
case '5':
|
||||
/* use MD5 algorithm */
|
||||
algorithm = 5;
|
||||
break;
|
||||
|
||||
case 'a':
|
||||
aflag = 1;
|
||||
break;
|
||||
|
||||
case 't':
|
||||
{
|
||||
struct _rtrans *r;
|
||||
for (r = rtrans; r->name && strcmp(r->name, optarg); r++);
|
||||
if (!r->name) {
|
||||
fprintf(stderr, "%s: %s: unknown response type.\n", argv[0], optarg);
|
||||
exit(1);
|
||||
}
|
||||
type = r->type;
|
||||
}
|
||||
break;
|
||||
|
||||
case 's':
|
||||
algorithm = 3;
|
||||
break;
|
||||
|
||||
default:
|
||||
usage(argv[0]);
|
||||
}
|
||||
}
|
||||
|
||||
if ((argc - optind) < 2)
|
||||
usage(argv[0]);
|
||||
|
||||
fprintf(stderr, "Using the %s algorithm to compute response.\n", algnames[algorithm]);
|
||||
|
||||
/* get sequence number, which is next-to-last parameter */
|
||||
keynum = atoi(argv[optind]);
|
||||
if (keynum < 1) {
|
||||
fprintf(stderr, "Sequence number %s is not positive.\n", argv[optind]);
|
||||
exit(1);
|
||||
}
|
||||
/* get seed string, which is last parameter */
|
||||
seed = argv[optind + 1];
|
||||
{
|
||||
i = strlen(seed);
|
||||
|
||||
if (i > OPIE_SEED_MAX) {
|
||||
fprintf(stderr, "Seeds must be less than %d characters long.\n", OPIE_SEED_MAX);
|
||||
exit(1);
|
||||
}
|
||||
if (i < OPIE_SEED_MIN) {
|
||||
fprintf(stderr, "Seeds must be greater than %d characters long.\n", OPIE_SEED_MIN);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
fprintf(stderr, "Reminder: Don't use opiekey from telnet or dial-in sessions.\n");
|
||||
|
||||
if (opieinsecure()) {
|
||||
fprintf(stderr, "Sorry, but you don't seem to be on the console or a secure terminal.\n");
|
||||
#if INSECURE_OVERRIDE
|
||||
if (force)
|
||||
fprintf(stderr, "Warning: Continuing could disclose your secret pass phrase to an attacker!\n");
|
||||
else
|
||||
#endif /* INSECURE_OVERRIDE */
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if ((type == RESPONSE_INIT_HEX) || (type == RESPONSE_INIT_WORD)) {
|
||||
#if RETYPE
|
||||
getsecret(secret, "old ", 1);
|
||||
#else /* RETYPE */
|
||||
getsecret(secret, "old ", 0);
|
||||
#endif /* RETYPE */
|
||||
getsecret(newsecret, "new ", 1);
|
||||
if (!newsecret[0])
|
||||
strcpy(newsecret, secret);
|
||||
|
||||
if (opienewseed(strcpy(newseed, seed)) < 0) {
|
||||
fprintf(stderr, "Error updating seed.\n");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (opiekeycrunch(algorithm, &newkey, newseed, newsecret)) {
|
||||
fprintf(stderr, "%s: key crunch failed (1)\n", argv[0]);
|
||||
goto error;
|
||||
}
|
||||
|
||||
for (i = 0; i < 499; i++)
|
||||
opiehash(&newkey, algorithm);
|
||||
} else
|
||||
#if RETYPE
|
||||
getsecret(secret, "", 1);
|
||||
#else /* RETYPE */
|
||||
getsecret(secret, "", 0);
|
||||
#endif /* RETYPE */
|
||||
|
||||
/* Crunch seed and secret password into starting key normally */
|
||||
if (opiekeycrunch(algorithm, &key, seed, secret)) {
|
||||
fprintf(stderr, "%s: key crunch failed\n", argv[0]);
|
||||
goto error;
|
||||
}
|
||||
|
||||
for (i = 0; i <= (keynum - count); i++)
|
||||
opiehash(&key, algorithm);
|
||||
|
||||
{
|
||||
char buf[OPIE_SEED_MAX + 48 + 1];
|
||||
char *c;
|
||||
|
||||
for (; i <= keynum; i++) {
|
||||
if (count > 1)
|
||||
printf("%d: %s", i, (type == RESPONSE_STANDARD) ? "" : "\n");
|
||||
|
||||
switch(type) {
|
||||
case RESPONSE_STANDARD:
|
||||
if (hex)
|
||||
opiebtoh(response, &key);
|
||||
else
|
||||
opiebtoe(response, &key);
|
||||
break;
|
||||
case RESPONSE_WORD:
|
||||
strcpy(response, "word:");
|
||||
strcat(response, opiebtoe(buf, &key));
|
||||
break;
|
||||
case RESPONSE_HEX:
|
||||
strcpy(response, "hex:");
|
||||
strcat(response, opiebtoh(buf, &key));
|
||||
break;
|
||||
case RESPONSE_INIT_HEX:
|
||||
case RESPONSE_INIT_WORD:
|
||||
if (type == RESPONSE_INIT_HEX) {
|
||||
strcpy(response, "init-hex:");
|
||||
strcat(response, opiebtoh(buf, &key));
|
||||
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
|
||||
strcat(response, buf);
|
||||
strcat(response, opiebtoh(buf, &newkey));
|
||||
} else {
|
||||
strcpy(response, "init-word:");
|
||||
strcat(response, opiebtoe(buf, &key));
|
||||
sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed);
|
||||
strcat(response, buf);
|
||||
strcat(response, opiebtoe(buf, &newkey));
|
||||
}
|
||||
break;
|
||||
}
|
||||
puts(response);
|
||||
opiehash(&key, algorithm);
|
||||
}
|
||||
}
|
||||
|
||||
memset(secret, 0, sizeof(secret));
|
||||
memset(newsecret, 0, sizeof(newsecret));
|
||||
return 0;
|
||||
|
||||
error:
|
||||
memset(secret, 0, sizeof(secret));
|
||||
memset(newsecret, 0, sizeof(newsecret));
|
||||
return 1;
|
||||
}
|
|
@ -1,72 +0,0 @@
|
|||
.\" opiekeys.5: Manual page describing the /etc/opiekeys file.
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Modified by cmetz for OPIE 2.32. This is opiekeys.5, not opiekeys.1 or
|
||||
.\" opieaccess.5.
|
||||
.\" Written at NRL for OPIE 2.0.
|
||||
.\"
|
||||
.ll 6i
|
||||
.pl 10.5i
|
||||
.\" @(#)opiekeys.5 2.0 (NRL) 1/10/95
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.lt 6.0i
|
||||
.TH OPIEKEYS 5 "January 10, 1995"
|
||||
.AT 3
|
||||
.SH NAME
|
||||
/etc/opiekeys \- OPIE database of user key information
|
||||
|
||||
.SH DEPRECATION NOTICE
|
||||
OPIE is deprecated, and may not be available in FreeBSD 14.0 and later.
|
||||
|
||||
.SH DESCRIPTION
|
||||
The
|
||||
.I opiekeys
|
||||
file contains user information used by the OPIE software to authenticate
|
||||
users. The
|
||||
.I opiekeys
|
||||
file is backwards compatible with the S/Key
|
||||
.I /etc/skeykeys
|
||||
database file, but only if the hashing algorithm (MD4 and MD5) is the same
|
||||
between S/Key and OPIE (i.e., MD5 OPIE cannot use MD4 S/Key keys). The
|
||||
.I opiekeys
|
||||
file consists of six fields separated by spaces (tabs are properly
|
||||
interpreted, but spaces should be used instead) as follows:
|
||||
.PP
|
||||
.nf
|
||||
.ta \w' 'u
|
||||
Field Description
|
||||
name User's login name.
|
||||
sequence User's sequence number.
|
||||
seed User's seed.
|
||||
key User's last response (hex).
|
||||
date Last change date.
|
||||
time Last change time.
|
||||
.fi
|
||||
.SH SEE ALSO
|
||||
.BR ftpd (8)
|
||||
.BR login (1),
|
||||
.BR opie (4),
|
||||
.BR opiekeys (5),
|
||||
.BR opiepasswd (1),
|
||||
.BR opieinfo (1),
|
||||
.BR su (1),
|
||||
|
||||
.SH AUTHOR
|
||||
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
||||
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
||||
Craig Metz.
|
||||
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
|
@ -1,131 +0,0 @@
|
|||
.\" opielogin.1: Manual page for the opielogin(1) program.
|
||||
.\"
|
||||
.\" %%% portions-copyright-cmetz-96
|
||||
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
.\" Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
.\" the software.
|
||||
.\" You should have received a copy of the license with this software. If
|
||||
.\" you didn't get a copy, you may request one from <license@inner.net>.
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
|
||||
.\" Modified at NRL for OPIE 2.0.
|
||||
.\" Option descriptions added from BSD.
|
||||
.\" Written at Bellcore for the S/Key Version 1 software distribution
|
||||
.\" (keylogin.1).
|
||||
.\"
|
||||
.ll 6i
|
||||
.pl 10.5i
|
||||
.lt 6.0i
|
||||
.TH OPIELOGIN 1 "January 10, 1995"
|
||||
.AT 3
|
||||
|
||||
.SH NAME
|
||||
opielogin \- Replacement for login(1) that issues OPIE challenges.
|
||||
|
||||
.SH SYNOPSIS
|
||||
.B opielogin
|
||||
[ -p ] [ -r
|
||||
.I hostname
|
||||
| -h
|
||||
.I hostname
|
||||
| -f
|
||||
.I username
|
||||
.sp 0
|
||||
|
|
||||
.I username
|
||||
]
|
||||
|
||||
.SH DESCRIPTION
|
||||
.I opielogin
|
||||
provides a replacement for the
|
||||
.IR login (1)
|
||||
program that provides OPIE challenges
|
||||
to users and accepts OPIE responses. It is downward compatible with the
|
||||
.IR keylogin(1)
|
||||
program from the Bellcore S/Key Version 1 distribution, which, in
|
||||
turn, is downward compatible with the
|
||||
.IR login(1)
|
||||
program from the 4.3BSD Net/2 distribution.
|
||||
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.B \-p
|
||||
By default, login discards any previous environment. The \-p
|
||||
option disables this behavior.
|
||||
.TP
|
||||
.B \-r
|
||||
Process remote login from
|
||||
.I hostname.
|
||||
.TP
|
||||
.B \-h
|
||||
The -h option specifies the host from which the connection was
|
||||
received. It is used by various daemons such as telnetd(8).
|
||||
This option may only be used by the super\-user.
|
||||
.TP
|
||||
.B \-f
|
||||
The -f option is used when a user name is specified to indicate
|
||||
that proper authentication has already been done and that no
|
||||
password need be requested. This option may only be used by the
|
||||
super\-user or when an already logged in user is logging in as
|
||||
themselves.
|
||||
.TP
|
||||
.I username
|
||||
The user name to log in as.
|
||||
.SH EXAMPLE
|
||||
.sp 0
|
||||
wintermute$ opielogin
|
||||
.sp 0
|
||||
login: kebe
|
||||
.sp 0
|
||||
otp-md5 499 wi43143
|
||||
.sp 0
|
||||
Password: (echo on)
|
||||
.sp 0
|
||||
Password:SLY BLOB TOUR POP BRED EDDY
|
||||
.sp 0
|
||||
|
||||
.sp 0
|
||||
Welcome to wintermute.
|
||||
.sp 0
|
||||
|
||||
.sp 0
|
||||
wintermute$
|
||||
.LP
|
||||
.SH FILES
|
||||
.TP
|
||||
/etc/opiekeys -- database of information for the OPIE system.
|
||||
.TP
|
||||
/etc/opieaccess -- list of safe and unsafe networks and masks to go with them.
|
||||
.TP
|
||||
$HOME/.opiealways -- presence makes OPIE for logins mandatory for the user.
|
||||
|
||||
.SH SEE ALSO
|
||||
.BR login (1),
|
||||
.BR opie (4),
|
||||
.BR opiekey (1),
|
||||
.BR opiepasswd (1),
|
||||
.BR opieinfo (1),
|
||||
.BR opiesu (1),
|
||||
.BR opieftpd (8),
|
||||
.BR opiekeys (5),
|
||||
.BR opieaccess (5)
|
||||
|
||||
.SH AUTHOR
|
||||
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
||||
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
||||
Craig Metz.
|
||||
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
File diff suppressed because it is too large
Load diff
|
@ -1,181 +0,0 @@
|
|||
.\" opiepasswd.1: Manual page for the opiepasswd(1) program.
|
||||
.\"
|
||||
.\" %%% portions-copyright-cmetz-96
|
||||
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
.\" Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
.\" the software.
|
||||
.\" You should have received a copy of the license with this software. If
|
||||
.\" you didn't get a copy, you may request one from <license@inner.net>.
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Modified by cmetz for OPIE 2.4. Fixed spelling bug.
|
||||
.\" Modified by cmetz for OPIE 2.3. Added -f flag documentation.
|
||||
.\" Updated console example.
|
||||
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
|
||||
.\" Modified at NRL for OPIE 2.0.
|
||||
.\" Written at Bellcore for the S/Key Version 1 software distribution
|
||||
.\" (keyinit.1).
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.ll 6i
|
||||
.pl 10.5i
|
||||
.lt 6.0i
|
||||
.TH OPIEPASSWD 1 "January 10, 1995"
|
||||
.AT 3
|
||||
.SH NAME
|
||||
opiepasswd \- Change or set a user's password for the OPIE authentication
|
||||
system.
|
||||
|
||||
.SH SYNOPSIS
|
||||
.B opiepasswd
|
||||
[\-v] [\-h] [\-c|\-d] [\-f]
|
||||
.sp 0
|
||||
[\-n
|
||||
.I initial_sequence_number
|
||||
]
|
||||
[\-s
|
||||
.I seed
|
||||
] [
|
||||
.I user_name
|
||||
]
|
||||
|
||||
.SH DEPRECATION NOTICE
|
||||
OPIE is deprecated, and may not be available in FreeBSD 14.0 and later.
|
||||
|
||||
.SH DESCRIPTION
|
||||
.I opiepasswd
|
||||
will initialize the system information to allow one to use OPIE to login.
|
||||
.I opiepasswd
|
||||
is downward compatible with the keyinit(1) program from the
|
||||
Bellcore S/Key Version 1 distribution.
|
||||
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.TP
|
||||
.B \-v
|
||||
Display the version number and compile-time options, then exit.
|
||||
.TP
|
||||
.B \-h
|
||||
Display a brief help message and exit.
|
||||
.TP
|
||||
.B \-c
|
||||
Set console mode where the user is expected to have secure access to the
|
||||
system. In console mode, you will be asked to input your password directly
|
||||
instead of having to use an OPIE calculator. If you do not have secure access
|
||||
to the system (i.e., you are not on the system's console), you are
|
||||
volunteering your password to attackers by using this mode.
|
||||
.TP
|
||||
.B \-d
|
||||
Disable OTP logins to the specified account.
|
||||
.TP
|
||||
.B \-f
|
||||
Force
|
||||
.I opiepasswd
|
||||
to continue, even where it normally shouldn't. This is currently used to
|
||||
force opiepasswd to operate in "console" mode even from terminals it believes
|
||||
to be insecure. It can also allow users to disclose their secret pass phrases
|
||||
to attackers. Use of the -f flag may be disabled by compile-time option in
|
||||
your particular build of OPIE.
|
||||
.TP
|
||||
.B \-n
|
||||
Manually specify the initial sequence number. The default is 499.
|
||||
.TP
|
||||
.B \-s
|
||||
Specify a non-random seed. The default is to generate a "random" seed using
|
||||
the first two characters of the host name and five pseudo-random digits.
|
||||
.SH EXAMPLE
|
||||
Using
|
||||
.I opiepasswd
|
||||
from the console:
|
||||
.LP
|
||||
.sp 0
|
||||
wintermute$ opiepasswd \-c
|
||||
.sp 0
|
||||
Updating kebe:
|
||||
.sp 0
|
||||
Reminder \- Only use this method from the console; NEVER from remote. If you
|
||||
.sp 0
|
||||
are using telnet, xterm, or a dial\-in, type ^C now or exit with no password.
|
||||
.sp 0
|
||||
Then run opiepasswd without the \-c parameter.
|
||||
.sp 0
|
||||
Using MD5 to compute responses.
|
||||
.sp 0
|
||||
Enter old secret pass phrase:
|
||||
.sp 0
|
||||
Enter new secret pass phrase:
|
||||
.sp 0
|
||||
Again new secret pass phrase:
|
||||
.sp 0
|
||||
|
||||
.sp 0
|
||||
ID kebe OPIE key is 499 be93564
|
||||
.sp 0
|
||||
CITE JAN GORY BELA GET ABED
|
||||
.sp 0
|
||||
wintermute$
|
||||
.LP
|
||||
Using
|
||||
.I opiepasswd
|
||||
from remote:
|
||||
.LP
|
||||
.sp 0
|
||||
wintermute$ opiepasswd
|
||||
.sp 0
|
||||
Updating kebe:
|
||||
.sp 0
|
||||
Reminder: You need the response from your OPIE calculator.
|
||||
.sp 0
|
||||
Old secret password:
|
||||
.sp 0
|
||||
otp-md5 482 wi93563
|
||||
.sp 0
|
||||
Response: FIRM BERN THEE DUCK MANN AWAY
|
||||
.sp 0
|
||||
New secret password:
|
||||
.sp 0
|
||||
otp-md5 499 wi93564
|
||||
.sp 0
|
||||
Response: SKY FAN BUG HUFF GUS BEAT
|
||||
.sp 0
|
||||
|
||||
.sp 0
|
||||
ID kebe OPIE key is 499 wi93564
|
||||
.sp 0
|
||||
SKY FAN BUG HUFF GUS BEAT
|
||||
.sp 0
|
||||
wintermute$
|
||||
.LP
|
||||
.SH FILES
|
||||
.TP
|
||||
/etc/opiekeys -- database of key information for the OPIE system.
|
||||
|
||||
.SH SEE ALSO
|
||||
.BR ftpd (8),
|
||||
.BR login (1),
|
||||
.BR passwd (1),
|
||||
.BR opie (4),
|
||||
.BR opiekey (1),
|
||||
.BR opieinfo (1),
|
||||
.BR su (1),
|
||||
.BR opiekeys (5),
|
||||
.BR opieaccess (5)
|
||||
|
||||
.SH AUTHOR
|
||||
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
||||
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
||||
Craig Metz.
|
||||
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
|
@ -1,442 +0,0 @@
|
|||
/* opiepasswd.c: Add/change an OTP password in the key database.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
|
||||
Use opiestrncpy().
|
||||
Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of
|
||||
hard coding the length. Unlock user on failed lookup.
|
||||
Modified by cmetz for OPIE 2.3. Got of some variables and made some
|
||||
local to where they're used. Split out the finishing code. Use
|
||||
opielookup() instead of opiechallenge() to find user. Three
|
||||
strikes on prompts. Use opiepasswd()'s new calling
|
||||
convention. Changed OPIE_PASS_{MAX,MIN} to
|
||||
OPIE_SECRET_{MAX,MIN}. Handle automatic reinits happenning
|
||||
below us. Got rid of unneeded headers. Use new opieatob8()
|
||||
return value convention. Added -f flag. Added SHA support.
|
||||
Modified by cmetz for OPIE 2.22. Finally got rid of the lock
|
||||
filename kluge by implementing refcounts for locks.
|
||||
Use opiepasswd() to update key file. Error if we can't
|
||||
write to the key file. Check for minimum seed length.
|
||||
Modified at NRL for OPIE 2.2. Changed opiestrip_crlf to
|
||||
opiestripcrlf. Check opiereadpass() return value.
|
||||
Minor optimization. Change calls to opiereadpass() to
|
||||
use echo arg. Use opiereadpass() where we can.
|
||||
Make everything static. Ifdef around some headers.
|
||||
Changed use of gethostname() to uname(). Got rid of
|
||||
the need for buf[]. Properly check return value of
|
||||
opieatob8. Check seed length. Always generate proper-
|
||||
length seeds.
|
||||
Modified at NRL for OPIE 2.1. Minor autoconf changes.
|
||||
Modified heavily at NRL for OPIE 2.0.
|
||||
Written at Bellcore for the S/Key Version 1 software distribution
|
||||
(skeyinit.c).
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#if HAVE_PWD_H
|
||||
#include <pwd.h>
|
||||
#endif /* HAVE_PWD_H */
|
||||
#include <stdio.h>
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#if HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif /* HAVE_STDLIB_H */
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
#define MODE_DEFAULT 0
|
||||
#define MODE_CONSOLE 1
|
||||
#define MODE_DISABLE 2
|
||||
|
||||
extern int optind;
|
||||
extern char *optarg;
|
||||
|
||||
char *algnames[] = { NULL, NULL, NULL, "SHA-1", "MD4", "MD5" };
|
||||
char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" };
|
||||
|
||||
static VOIDRET usage FUNCTION((myname), char *myname)
|
||||
{
|
||||
fprintf(stderr, "usage: %s [-v] [-h] [-c|-d] [-f] [-n initial_sequence_number]\n [-s seed] [username]\n", myname);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
static VOIDRET finish FUNCTION((name), char *name)
|
||||
{
|
||||
struct opie opie;
|
||||
char buf[OPIE_RESPONSE_MAX + 1];
|
||||
|
||||
if (name) {
|
||||
if (opiechallenge(&opie, name, buf)) {
|
||||
fprintf(stderr, "Error verifying database.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
printf("\nID %s ", opie.opie_principal);
|
||||
if (opie.opie_val && (opie.opie_val[0] == '*')) {
|
||||
printf("is disabled.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
printf("OTP key is %d %s\n", opie.opie_n, opie.opie_seed);
|
||||
{
|
||||
struct opie_otpkey key;
|
||||
|
||||
if (!opieatob8(&key, opie.opie_val)) {
|
||||
fprintf(stderr, "Error verifying key -- possible database corruption.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
printf("%s\n", opiebtoe(buf, &key));
|
||||
}
|
||||
}
|
||||
|
||||
while(!opieunlock());
|
||||
exit(name ? 0 : 1);
|
||||
}
|
||||
|
||||
int main FUNCTION((argc, argv), int argc AND char *argv[])
|
||||
{
|
||||
struct opie opie;
|
||||
int rval, n = 499, i, mode = MODE_DEFAULT, force = 0;
|
||||
char seed[OPIE_SEED_MAX+1];
|
||||
char *username;
|
||||
uid_t ruid;
|
||||
struct passwd *pp;
|
||||
|
||||
memset(seed, 0, sizeof(seed));
|
||||
|
||||
ruid = getuid();
|
||||
username = getlogin();
|
||||
pp = getpwnam(username);
|
||||
if (username == NULL || pp == NULL || pp->pw_uid != ruid)
|
||||
pp = getpwuid(ruid);
|
||||
if (pp == NULL) {
|
||||
fprintf(stderr, "Who are you?");
|
||||
return 1;
|
||||
}
|
||||
|
||||
while ((i = getopt(argc, argv, "fhvcn:s:d")) != EOF) {
|
||||
switch (i) {
|
||||
case 'v':
|
||||
opieversion();
|
||||
case 'f':
|
||||
#if INSECURE_OVERRIDE
|
||||
force = OPIEPASSWD_FORCE;
|
||||
#else /* INSECURE_OVERRIDE */
|
||||
fprintf(stderr, "Sorry, but the -f option is not supported by this build of OPIE.\n");
|
||||
#endif /* INSECURE_OVERRIDE */
|
||||
break;
|
||||
case 'c':
|
||||
mode = MODE_CONSOLE;
|
||||
break;
|
||||
case 'd':
|
||||
mode = MODE_DISABLE;
|
||||
break;
|
||||
case 'n':
|
||||
i = atoi(optarg);
|
||||
if (!(i > 0 && i < 10000)) {
|
||||
printf("Sequence numbers must be > 0 and < 10000\n");
|
||||
finish(NULL);
|
||||
}
|
||||
n = i;
|
||||
break;
|
||||
case 's':
|
||||
i = strlen(optarg);
|
||||
if ((i > OPIE_SEED_MAX) || (i < OPIE_SEED_MIN)) {
|
||||
printf("Seeds must be between %d and %d characters long.\n",
|
||||
OPIE_SEED_MIN, OPIE_SEED_MAX);
|
||||
finish(NULL);
|
||||
}
|
||||
opiestrncpy(seed, optarg, sizeof(seed));
|
||||
break;
|
||||
default:
|
||||
usage(argv[0]);
|
||||
}
|
||||
}
|
||||
|
||||
if (argc - optind >= 1) {
|
||||
if (strcmp(argv[optind], pp->pw_name)) {
|
||||
if (getuid()) {
|
||||
printf("Only root can change others' passwords.\n");
|
||||
exit(1);
|
||||
}
|
||||
if ((pp = getpwnam(argv[optind])) == NULL) {
|
||||
printf("%s: user unknown.\n", argv[optind]);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
opielock(pp->pw_name);
|
||||
rval = opielookup(&opie, pp->pw_name);
|
||||
|
||||
switch (rval) {
|
||||
case 0:
|
||||
printf("Updating %s:\n", pp->pw_name);
|
||||
break;
|
||||
case 1:
|
||||
printf("Adding %s:\n", pp->pw_name);
|
||||
break;
|
||||
case 2:
|
||||
fprintf(stderr, "Error: Can't update key database.\n");
|
||||
finish(NULL);
|
||||
default:
|
||||
fprintf(stderr, "Error reading key database\n");
|
||||
finish(NULL);
|
||||
}
|
||||
|
||||
if (seed[0]) {
|
||||
i = strlen(seed);
|
||||
if (i > OPIE_SEED_MAX) {
|
||||
fprintf(stderr, "Seeds must be less than %d characters long.", OPIE_SEED_MAX);
|
||||
finish(NULL);
|
||||
}
|
||||
if (i < OPIE_SEED_MIN) {
|
||||
fprintf(stderr, "Seeds must be greater than %d characters long.", OPIE_SEED_MIN);
|
||||
finish(NULL);
|
||||
}
|
||||
} else {
|
||||
if (!rval)
|
||||
strcpy(seed, opie.opie_seed);
|
||||
|
||||
if (opienewseed(seed) < 0) {
|
||||
fprintf(stderr, "Error updating seed.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
}
|
||||
|
||||
if (opie.opie_seed && opie.opie_seed[0] && !strcmp(opie.opie_seed, seed)) {
|
||||
fprintf(stderr, "You must use a different seed for the new OTP sequence.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
|
||||
switch(mode) {
|
||||
case MODE_DEFAULT:
|
||||
{
|
||||
char tmp[OPIE_RESPONSE_MAX + 2];
|
||||
|
||||
printf("You need the response from an OTP generator.\n");
|
||||
#if DEBUG
|
||||
if (!rval) {
|
||||
#else /* DEBUG */
|
||||
if (!rval && getuid()) {
|
||||
#endif /* DEBUG */
|
||||
char oseed[OPIE_SEED_MAX + 1];
|
||||
int on;
|
||||
|
||||
if (opiechallenge(&opie, pp->pw_name, tmp)) {
|
||||
fprintf(stderr, "Error issuing challenge.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
on = opiegetsequence(&opie);
|
||||
{
|
||||
char *c;
|
||||
if (c = strrchr(tmp, ' '))
|
||||
opiestrncpy(oseed, c + 1, sizeof(oseed));
|
||||
else {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "opiepasswd: bogus challenge\n");
|
||||
#endif /* DEBUG */
|
||||
finish(NULL);
|
||||
}
|
||||
}
|
||||
printf("Old secret pass phrase:\n\t%s\n\tResponse: ", tmp);
|
||||
if (!opiereadpass(tmp, sizeof(tmp), 1))
|
||||
tmp[0] = 0;
|
||||
i = opieverify(&opie, tmp);
|
||||
if (!tmp[0]) {
|
||||
fprintf(stderr, "Error reading response.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
if (i) {
|
||||
fprintf(stderr, "Error verifying response.\n");
|
||||
#if DEBUG
|
||||
fprintf(stderr, "opiepasswd: opieverify() returned %d\n", i);
|
||||
#endif /* DEBUG */
|
||||
finish(NULL);
|
||||
}
|
||||
{
|
||||
char nseed[OPIE_SEED_MAX + 1];
|
||||
int nn;
|
||||
|
||||
if (opiechallenge(&opie, pp->pw_name, tmp)) {
|
||||
fprintf(stderr, "Error verifying database.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
|
||||
nn = opiegetsequence(&opie);
|
||||
{
|
||||
char *c;
|
||||
if (c = strrchr(tmp, ' '))
|
||||
opiestrncpy(nseed, c + 1, sizeof(nseed));
|
||||
else {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "opiepasswd: bogus challenge\n");
|
||||
#endif /* DEBUG */
|
||||
finish(NULL);
|
||||
}
|
||||
}
|
||||
|
||||
opieverify(&opie, "");
|
||||
nn++;
|
||||
|
||||
if ((nn != on) || strcmp(oseed, nseed))
|
||||
finish(pp->pw_name);
|
||||
}
|
||||
}
|
||||
printf("New secret pass phrase:");
|
||||
for (i = 0;; i++) {
|
||||
if (i > 2)
|
||||
finish(NULL);
|
||||
printf("\n\totp-%s %d %s\n\tResponse: ", algids[MDX], n, seed);
|
||||
if (!opiereadpass(tmp, sizeof(tmp), 1)) {
|
||||
fprintf(stderr, "Error reading response.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
if (tmp[0] == '?') {
|
||||
printf("Enter the response from your OTP calculator: \n");
|
||||
continue;
|
||||
}
|
||||
if (tmp[0] == '\0') {
|
||||
fprintf(stderr, "Secret pass phrase unchanged.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
|
||||
if (!(rval = opiepasswd(&opie, force, pp->pw_name, n, seed, tmp)))
|
||||
finish(pp->pw_name);
|
||||
|
||||
if (rval < 0) {
|
||||
fprintf(stderr, "Error updating key database.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
printf("\tThat is not a valid OTP response.\n");
|
||||
}
|
||||
}
|
||||
break;
|
||||
case MODE_CONSOLE:
|
||||
{
|
||||
char passwd[OPIE_SECRET_MAX + 1], passwd2[OPIE_SECRET_MAX + 1];
|
||||
/* Get user's secret password */
|
||||
fprintf(stderr, "Only use this method from the console; NEVER from remote. If you are using\n");
|
||||
fprintf(stderr, "telnet, xterm, or a dial-in, type ^C now or exit with no password.\n");
|
||||
fprintf(stderr, "Then run opiepasswd without the -c parameter.\n");
|
||||
if (opieinsecure() && !force) {
|
||||
fprintf(stderr, "Sorry, but you don't seem to be on the console or a secure terminal.\n");
|
||||
if (force)
|
||||
fprintf(stderr, "Warning: Continuing could disclose your secret pass phrase to an attacker!\n");
|
||||
else
|
||||
finish(NULL);
|
||||
};
|
||||
printf("Using %s to compute responses.\n", algnames[MDX]);
|
||||
if (!rval && getuid()) {
|
||||
printf("Enter old secret pass phrase: ");
|
||||
if (!opiereadpass(passwd, sizeof(passwd), 0)) {
|
||||
fprintf(stderr, "Error reading secret pass phrase!\n");
|
||||
finish(NULL);
|
||||
}
|
||||
if (!passwd[0]) {
|
||||
fprintf(stderr, "Secret pass phrase unchanged.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
{
|
||||
struct opie_otpkey key;
|
||||
char tbuf[OPIE_RESPONSE_MAX + 1];
|
||||
|
||||
if (opiekeycrunch(MDX, &key, opie.opie_seed, passwd) != 0) {
|
||||
fprintf(stderr, "%s: key crunch failed. Secret pass phrase unchanged\n", argv[0]);
|
||||
finish(NULL);
|
||||
}
|
||||
memset(passwd, 0, sizeof(passwd));
|
||||
i = opie.opie_n - 1;
|
||||
while (i-- != 0)
|
||||
opiehash(&key, MDX);
|
||||
opiebtoe(tbuf, &key);
|
||||
if (opieverify(&opie, tbuf)) {
|
||||
fprintf(stderr, "Sorry.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
}
|
||||
}
|
||||
for (i = 0;; i++) {
|
||||
if (i > 2)
|
||||
finish(NULL);
|
||||
printf("Enter new secret pass phrase: ");
|
||||
if (!opiereadpass(passwd, sizeof(passwd), 0)) {
|
||||
fprintf(stderr, "Error reading secret pass phrase.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
if (!passwd[0] || feof(stdin)) {
|
||||
fprintf(stderr, "Secret pass phrase unchanged.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
if (opiepasscheck(passwd)) {
|
||||
memset(passwd, 0, sizeof(passwd));
|
||||
fprintf(stderr, "Secret pass phrases must be between %d and %d characters long.\n", OPIE_SECRET_MIN, OPIE_SECRET_MAX);
|
||||
continue;
|
||||
}
|
||||
printf("Again new secret pass phrase: ");
|
||||
if (!opiereadpass(passwd2, sizeof(passwd2), 0)) {
|
||||
fprintf(stderr, "Error reading secret pass phrase.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
if (feof(stdin)) {
|
||||
fprintf(stderr, "Secret pass phrase unchanged.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
if (!passwd[0] || !strcmp(passwd, passwd2))
|
||||
break;
|
||||
fprintf(stderr, "Sorry, no match.\n");
|
||||
}
|
||||
memset(passwd2, 0, sizeof(passwd2));
|
||||
if (opiepasswd(&opie, 1 | force, pp->pw_name, n, seed, passwd)) {
|
||||
fprintf(stderr, "Error updating key database.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
finish(pp->pw_name);
|
||||
}
|
||||
case MODE_DISABLE:
|
||||
{
|
||||
char tmp[4];
|
||||
int i;
|
||||
|
||||
for (i = 0;; i++) {
|
||||
if (i > 2)
|
||||
finish(NULL);
|
||||
|
||||
printf("Disable %s's OTP access? (yes or no) ", pp->pw_name);
|
||||
if (!opiereadpass(tmp, sizeof(tmp), 1)) {
|
||||
fprintf(stderr, "Error reading entry.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
if (!strcmp(tmp, "no"))
|
||||
finish(NULL);
|
||||
if (!strcmp(tmp, "yes")) {
|
||||
if (opiepasswd(&opie, 0, pp->pw_name, n, seed, NULL)) {
|
||||
fprintf(stderr, "Error updating key database.\n");
|
||||
finish(NULL);
|
||||
}
|
||||
finish(pp->pw_name);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,82 +0,0 @@
|
|||
.\" opieserv.1: Manual page for the opieserv(1) program.
|
||||
.\"
|
||||
.\" %%% portions-copyright-cmetz-96
|
||||
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
.\" Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
.\" the software.
|
||||
.\" You should have received a copy of the license with this software. If
|
||||
.\" you didn't get a copy, you may request one from <license@inner.net>.
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Created by cmetz for OPIE 2.2 from opiegen.1.
|
||||
.\"
|
||||
.ll 6i
|
||||
.pl 10.5i
|
||||
.lt 6.0i
|
||||
.TH OPIEKEY 1 "February 20, 1996"
|
||||
.AT 3
|
||||
.SH NAME
|
||||
opieserv \- Example OPIE-based OTP server
|
||||
|
||||
.SH SYNOPSIS
|
||||
.B opieserv
|
||||
.sp 0
|
||||
[
|
||||
.I principal
|
||||
]
|
||||
.sp 0
|
||||
|
||||
.SH DESCRIPTION
|
||||
.I opieserv
|
||||
takes an OTP principal (e.g., a user name) from either the command line or
|
||||
standard input and returns a current OTP challenge for that principal. It then
|
||||
reads an OTP response to that challenge from standard input and displays a
|
||||
message and returns a value to indicate either success (exit value = 0) or
|
||||
failure (exit value = 1). It is intended as an example for programmers
|
||||
of how a simple OTP server can be built.
|
||||
|
||||
.SH EXAMPLE
|
||||
.sp 0
|
||||
wintermute$ opieserv kebe
|
||||
.sp 0
|
||||
otp-md5 495 wi01309
|
||||
.sp 0
|
||||
Response:
|
||||
.sp 0
|
||||
User verified.
|
||||
.sp 0
|
||||
wintermute$
|
||||
.LP
|
||||
|
||||
.SH SEE ALSO
|
||||
.BR opiegen (1),
|
||||
.BR opiekey (1),
|
||||
.BR opie (4),
|
||||
.BR opiepasswd (1),
|
||||
.BR opieinfo (1),
|
||||
.BR opiesu (1),
|
||||
.BR opielogin (1),
|
||||
.BR opieftpd (8),
|
||||
.BR opiekeys (5),
|
||||
.BR opieaccess (5)
|
||||
|
||||
.SH AUTHOR
|
||||
The opieserv1) program was created by Craig Metz for OPIE 2.2.
|
||||
|
||||
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
||||
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
||||
Craig Metz.
|
||||
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
|
@ -1,83 +0,0 @@
|
|||
/* opieserv.c: Sample OTP server based on the opiechallenge() and
|
||||
opieverify() library routines.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.3. Send debug info to syslog.
|
||||
Created by cmetz for OPIE 2.2.
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
#include <stdio.h>
|
||||
#if DEBUG
|
||||
#include <syslog.h>
|
||||
#endif /* DEBUG */
|
||||
#include "opie.h"
|
||||
|
||||
int main FUNCTION((argc, argv), int argc AND char *argv[])
|
||||
{
|
||||
struct opie opie;
|
||||
char *principal;
|
||||
char buffer[1024];
|
||||
char challenge[OPIE_CHALLENGE_MAX+1];
|
||||
char response[OPIE_RESPONSE_MAX+1];
|
||||
int result;
|
||||
|
||||
if (argc <= 1) {
|
||||
fputs("Principal: ", stderr);
|
||||
if (!opiereadpass(buffer, sizeof(buffer)-1, 1))
|
||||
fprintf(stderr, "Error reading principal!");
|
||||
principal = buffer;
|
||||
} else {
|
||||
principal = argv[1];
|
||||
}
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "Principal is +%s+", principal);
|
||||
#endif /* DEBUG */
|
||||
|
||||
switch (result = opiechallenge(&opie, principal, challenge)) {
|
||||
case -1:
|
||||
fputs("System error!\n", stderr);
|
||||
exit(1);
|
||||
case 0:
|
||||
break;
|
||||
case 1:
|
||||
fputs("User not found!\n", stderr);
|
||||
exit(1);
|
||||
case 2:
|
||||
fputs("System error!\n", stderr);
|
||||
exit(1);
|
||||
default:
|
||||
fprintf(stderr, "Unknown error %d!\n", result);
|
||||
exit(1);
|
||||
};
|
||||
|
||||
fputs(challenge, stdout);
|
||||
fputc('\n', stdout);
|
||||
fflush(stdout);
|
||||
fputs("Response: ", stderr);
|
||||
if (!opiereadpass(response, OPIE_RESPONSE_MAX, 1)) {
|
||||
fputs("Error reading response!\n", stderr);
|
||||
exit(1);
|
||||
};
|
||||
|
||||
switch (result = opieverify(&opie, response)) {
|
||||
case -1:
|
||||
fputs("System error!\n", stderr);
|
||||
exit(1);
|
||||
case 0:
|
||||
fputs("User verified.\n", stderr);
|
||||
exit(0);
|
||||
case 1:
|
||||
fputs("Verify failed!\n", stderr);
|
||||
exit(1);
|
||||
default:
|
||||
fprintf(stderr, "Unknown error %d!\n", result);
|
||||
exit(1);
|
||||
}
|
||||
}
|
|
@ -1,101 +0,0 @@
|
|||
.\" opiesu.c: Manual page for the opiesu(1) program.
|
||||
.\"
|
||||
.\" %%% portions-copyright-cmetz-96
|
||||
.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
.\" Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
.\" the software.
|
||||
.\" You should have received a copy of the license with this software. If
|
||||
.\" you didn't get a copy, you may request one from <license@inner.net>.
|
||||
.\"
|
||||
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
.\" License Agreement applies to this software.
|
||||
.\"
|
||||
.\" History:
|
||||
.\"
|
||||
.\" Modified by cmetz for OPIE 2.3. Removed statement that opiesu will
|
||||
.\" only accept OTP responses.
|
||||
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
|
||||
.\" Modified at NRL for OPIE 2.0.
|
||||
.\" Documentation for the "-f" option from BSD.
|
||||
.\" Written at Bellcore for the S/Key Version 1 software distribution
|
||||
.\" (keysu.1).
|
||||
.\"
|
||||
.ll 6i
|
||||
.pl 10.5i
|
||||
.lt 6.0i
|
||||
.TH OPIESU 1 "January 10, 1995"
|
||||
.AT 3
|
||||
.SH NAME
|
||||
opiesu \- Replacement su(1) program that uses OPIE challenges
|
||||
.SH SYNOPSIS
|
||||
.B opiesu
|
||||
[ \-f ] [ \-c ] [
|
||||
.I user_name
|
||||
]
|
||||
.SH DESCRIPTION
|
||||
.I opiesu
|
||||
is a replacement for the su(1) program that issues OPIE challenges and
|
||||
uses OPIE responses. It is downward compatible with keysu(1) from the
|
||||
Bellcore S/Key Version 1 distribution and the su(1) program from the 4.3BSD
|
||||
Net/2 distribution.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.B \-f
|
||||
If the invoked shell is csh(1), this option prevents it from
|
||||
reading the ``.cshrc'' file. (The [f] option may be passed as a
|
||||
shell argument after the login name, so this option is redundant
|
||||
and obsolescent.)
|
||||
.TP
|
||||
.B \-c
|
||||
Set console mode where the user is expected to have secure access to the
|
||||
system. In console mode, you will be asked to input your password directly
|
||||
instead of having to use an OPIE calculator. If you do not have secure access
|
||||
to the system (i.e., you are not on the system's console), you are
|
||||
volunteering your password to attackers by using this mode.
|
||||
.TP
|
||||
.I user_name
|
||||
The name of the user to become.
|
||||
The default is root.
|
||||
.SH EXAMPLE
|
||||
.sp 0
|
||||
wintermute$ opiesu kebe
|
||||
.sp 0
|
||||
otp-md5 498 wi910502
|
||||
.sp 0
|
||||
(OTP response required)
|
||||
.sp 0
|
||||
kebe's password: (echo on)
|
||||
.sp 0
|
||||
kebe's password: RARE GLEN HUGH BOYD NECK MOLL
|
||||
.sp 0
|
||||
wintermute#
|
||||
.LP
|
||||
.SH FILES
|
||||
.TP
|
||||
/etc/opiekeys database of information for OPIE system.
|
||||
.LP
|
||||
.SH SEE ALSO
|
||||
.BR su (1),
|
||||
.BR opie (4),
|
||||
.BR opiekey (1),
|
||||
.BR opieinfo (1),
|
||||
.BR opiesu (1),
|
||||
.BR opielogin (1),
|
||||
.BR opieftpd (8),
|
||||
.BR opiekeys (5),
|
||||
.BR opieaccess (5)
|
||||
|
||||
.SH AUTHOR
|
||||
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
||||
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
||||
Craig Metz.
|
||||
|
||||
S/Key is a trademark of Bell Communications Research (Bellcore).
|
||||
|
||||
.SH CONTACT
|
||||
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
||||
send an email request to:
|
||||
.sp
|
||||
skey-users-request@thumper.bellcore.com
|
|
@ -1,512 +0,0 @@
|
|||
/* opiesu.c: main body of code for the su(1m) program
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Check euid on startup. Use
|
||||
opiestrncpy().
|
||||
Modified by cmetz for OPIE 2.32. Set up TERM and PATH correctly.
|
||||
Modified by cmetz for OPIE 2.31. Fix sulog(). Replaced Getlogin() with
|
||||
currentuser. Fixed fencepost error in month printed by sulog().
|
||||
Modified by cmetz for OPIE 2.3. Limit the length of TERM on full login.
|
||||
Use HAVE_SULOG instead of DOSULOG.
|
||||
Modified by cmetz for OPIE 2.2. Don't try to clear non-blocking I/O.
|
||||
Use opiereadpass(). Minor speedup. Removed termios manipulation
|
||||
-- that's opiereadpass()'s job. Change opiereadpass() calls
|
||||
to add echo arg. Removed useless strings (I don't think that
|
||||
removing the ucb copyright one is a problem -- please let me
|
||||
know if I'm wrong). Use FUNCTION declaration et al. Ifdef
|
||||
around some headers. Make everything static. Removed
|
||||
closelog() prototype. Use the same catchexit() trickery as
|
||||
opielogin.
|
||||
Modified at NRL for OPIE 2.2. Changed opiestrip_crlf to
|
||||
opiestripcrlf.
|
||||
Modified at NRL for OPIE 2.1. Added struct group declaration.
|
||||
Added Solaris(+others?) sulog capability. Symbol changes
|
||||
for autoconf. Removed des_crypt.h. File renamed to
|
||||
opiesu.c. Symbol+misc changes for autoconf. Added bletch
|
||||
for setpriority.
|
||||
Modified at NRL for OPIE 2.02. Added SU_STAR_CHECK (turning a bug
|
||||
into a feature ;). Fixed Solaris shadow password problem
|
||||
introduced in OPIE 2.01 (the shadow password structure is
|
||||
spwd, not spasswd).
|
||||
Modified at NRL for OPIE 2.01. Changed password lookup handling
|
||||
to use a static structure to avoid problems with drain-
|
||||
bamaged shadow password packages. Always log failures.
|
||||
Make sure to close syslog by function to avoid problems
|
||||
with drain bamaged syslog implementations. Log a few
|
||||
interesting errors.
|
||||
Modified at NRL for OPIE 2.0.
|
||||
Modified at Bellcore for the S/Key Version 1 software distribution.
|
||||
Originally from BSD.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (c) 1980 Regents of the University of California.
|
||||
* All rights reserved. The Berkeley software License Agreement
|
||||
* specifies the terms and conditions for redistribution.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#if HAVE_PWD_H
|
||||
#include <pwd.h>
|
||||
#endif /* HAVE_PWD_H */
|
||||
#include <grp.h>
|
||||
#include <syslog.h>
|
||||
#include <sys/types.h>
|
||||
#if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H
|
||||
#if TIME_WITH_SYS_TIME
|
||||
# include <sys/time.h>
|
||||
# include <time.h>
|
||||
#else /* TIME_WITH_SYS_TIME */
|
||||
#if HAVE_SYS_TIME_H
|
||||
#include <sys/time.h>
|
||||
#else /* HAVE_SYS_TIME_H */
|
||||
#include <time.h>
|
||||
#endif /* HAVE_SYS_TIME_H */
|
||||
#endif /* TIME_WITH_SYS_TIME */
|
||||
#include <sys/resource.h>
|
||||
#else /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */
|
||||
#if TM_IN_SYS_TIME
|
||||
#include <sys/time.h>
|
||||
#else /* TM_IN_SYS_TIME */
|
||||
#include <time.h>
|
||||
#endif /* TM_IN_SYS_TIME */
|
||||
#endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */
|
||||
#if HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif /* HAVE_STDLIB_H */
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#include <errno.h>
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
static char userbuf[16] = "USER=";
|
||||
static char homebuf[128] = "HOME=";
|
||||
static char shellbuf[128] = "SHELL=";
|
||||
static char pathbuf[sizeof("PATH") + sizeof(DEFAULT_PATH) - 1] = "PATH=";
|
||||
static char termbuf[32] = "TERM=";
|
||||
static char *cleanenv[] = {userbuf, homebuf, shellbuf, pathbuf, 0, 0};
|
||||
static char *user = "root";
|
||||
static char *shell = "/bin/sh";
|
||||
static int fulllogin;
|
||||
#if 0
|
||||
static int fastlogin;
|
||||
#else /* 0 */
|
||||
static int force = 0;
|
||||
#endif /* 0 */
|
||||
|
||||
static char currentuser[65];
|
||||
|
||||
extern char **environ;
|
||||
static struct passwd thisuser, nouser;
|
||||
|
||||
#if HAVE_SHADOW_H
|
||||
#include <shadow.h>
|
||||
#endif /* HAVE_SHADOW_H */
|
||||
|
||||
#if HAVE_CRYPT_H
|
||||
#include <crypt.h>
|
||||
#endif /* HAVE_CRYPT_H */
|
||||
|
||||
static VOIDRET catchexit FUNCTION_NOARGS
|
||||
{
|
||||
int i;
|
||||
closelog();
|
||||
for (i = sysconf(_SC_OPEN_MAX); i > 2; i--)
|
||||
close(i);
|
||||
}
|
||||
|
||||
/* We allow the malloc()s to potentially leak data out because we can
|
||||
only call this routine about four times in the lifetime of this process
|
||||
and the kernel will free all heap memory when we exit or exec. */
|
||||
static int lookupuser FUNCTION((name), char *name)
|
||||
{
|
||||
struct passwd *pwd;
|
||||
#if HAVE_SHADOW
|
||||
struct spwd *spwd;
|
||||
#endif /* HAVE_SHADOW */
|
||||
|
||||
memcpy(&thisuser, &nouser, sizeof(thisuser));
|
||||
|
||||
if (!(pwd = getpwnam(name)))
|
||||
return -1;
|
||||
|
||||
thisuser.pw_uid = pwd->pw_uid;
|
||||
thisuser.pw_gid = pwd->pw_gid;
|
||||
|
||||
if (!(thisuser.pw_name = malloc(strlen(pwd->pw_name) + 1)))
|
||||
goto lookupuserbad;
|
||||
strcpy(thisuser.pw_name, pwd->pw_name);
|
||||
|
||||
if (!(thisuser.pw_dir = malloc(strlen(pwd->pw_dir) + 1)))
|
||||
goto lookupuserbad;
|
||||
strcpy(thisuser.pw_dir, pwd->pw_dir);
|
||||
|
||||
if (!(thisuser.pw_shell = malloc(strlen(pwd->pw_shell) + 1)))
|
||||
goto lookupuserbad;
|
||||
strcpy(thisuser.pw_shell, pwd->pw_shell);
|
||||
|
||||
#if HAVE_SHADOW
|
||||
if (!(spwd = getspnam(name)))
|
||||
goto lookupuserbad;
|
||||
|
||||
pwd->pw_passwd = spwd->sp_pwdp;
|
||||
|
||||
endspent();
|
||||
#endif /* HAVE_SHADOW */
|
||||
|
||||
if (!(thisuser.pw_passwd = malloc(strlen(pwd->pw_passwd) + 1)))
|
||||
goto lookupuserbad;
|
||||
strcpy(thisuser.pw_passwd, pwd->pw_passwd);
|
||||
|
||||
endpwent();
|
||||
|
||||
#if SU_STAR_CHECK
|
||||
return ((thisuser.pw_passwd[0] == '*') || (thisuser.pw_passwd[0] == '#'));
|
||||
#else /* SU_STAR_CHECK */
|
||||
return 0;
|
||||
#endif /* SU_STAR_CHECK */
|
||||
|
||||
lookupuserbad:
|
||||
memcpy(&thisuser, &nouser, sizeof(thisuser));
|
||||
return -1;
|
||||
}
|
||||
|
||||
static VOIDRET lsetenv FUNCTION((ename, eval, buf), char *ename AND char *eval AND char *buf)
|
||||
{
|
||||
register char *cp, *dp;
|
||||
register char **ep = environ;
|
||||
|
||||
/* this assumes an environment variable "ename" already exists */
|
||||
while (dp = *ep++) {
|
||||
for (cp = ename; *cp == *dp && *cp; cp++, dp++)
|
||||
continue;
|
||||
if (*cp == 0 && (*dp == '=' || *dp == 0)) {
|
||||
strcat(buf, eval);
|
||||
*--ep = buf;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#if HAVE_SULOG
|
||||
static int sulog FUNCTION((status, who), int status AND char *who)
|
||||
{
|
||||
char *from;
|
||||
char *ttynam;
|
||||
struct tm *tm;
|
||||
FILE *f;
|
||||
time_t now;
|
||||
|
||||
if (who)
|
||||
from = who;
|
||||
else
|
||||
from = currentuser;
|
||||
|
||||
if (!strncmp(ttynam = ttyname(2), "/dev/", 5))
|
||||
ttynam += 5;
|
||||
|
||||
now = time(NULL);
|
||||
tm = localtime(&now);
|
||||
|
||||
if (!(f = fopen("/var/adm/sulog", "a"))) {
|
||||
fprintf(stderr, "Can't update su log!\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
fprintf(f, "SU %02d/%02d %02d:%02d %c %s %s-%s\n",
|
||||
tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min,
|
||||
status ? '+' : '-', ttynam, from, user);
|
||||
fclose(f);
|
||||
}
|
||||
#endif /* HAVE_SULOG */
|
||||
|
||||
int main FUNCTION((argc, argv), int argc AND char *argv[])
|
||||
{
|
||||
char *p;
|
||||
struct opie opie;
|
||||
int i;
|
||||
char pbuf[256];
|
||||
char opieprompt[80];
|
||||
int console = 0;
|
||||
char *argvbuf;
|
||||
|
||||
for (i = sysconf(_SC_OPEN_MAX); i > 2; i--)
|
||||
close(i);
|
||||
|
||||
openlog("su", LOG_ODELAY, LOG_AUTH);
|
||||
atexit(catchexit);
|
||||
|
||||
{
|
||||
int argvsize = 0;
|
||||
for (i = 0; i < argc; argvsize += strlen(argv[i++]));
|
||||
argvsize += argc;
|
||||
if (!(argvbuf = malloc(argvsize))) {
|
||||
syslog(LOG_ERR, "can't allocate memory to store command line");
|
||||
exit(1);
|
||||
};
|
||||
for (i = 0, *argvbuf = 0; i < argc;) {
|
||||
strcat(argvbuf, argv[i]);
|
||||
if (++i < argc)
|
||||
strcat(argvbuf, " ");
|
||||
};
|
||||
};
|
||||
|
||||
strcat(pathbuf, DEFAULT_PATH);
|
||||
|
||||
again:
|
||||
if (argc > 1 && strcmp(argv[1], "-f") == 0) {
|
||||
#if 0
|
||||
fastlogin++;
|
||||
#else /* 0 */
|
||||
#if INSECURE_OVERRIDE
|
||||
force = 1;
|
||||
#else /* INSECURE_OVERRIDE */
|
||||
fprintf(stderr, "Sorry, but the -f option is not supported by this build of OPIE.\n");
|
||||
#endif /* INSECURE_OVERRIDE */
|
||||
#endif /* 0 */
|
||||
argc--, argv++;
|
||||
goto again;
|
||||
}
|
||||
if (argc > 1 && strcmp(argv[1], "-c") == 0) {
|
||||
console++;
|
||||
argc--, argv++;
|
||||
goto again;
|
||||
}
|
||||
if (argc > 1 && strcmp(argv[1], "-") == 0) {
|
||||
fulllogin++;
|
||||
argc--;
|
||||
argv++;
|
||||
goto again;
|
||||
}
|
||||
if (argc > 1 && argv[1][0] != '-') {
|
||||
user = argv[1];
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
|
||||
{
|
||||
struct passwd *pwd;
|
||||
char *p = getlogin();
|
||||
char buf[32];
|
||||
|
||||
if ((pwd = getpwuid(getuid())) == NULL) {
|
||||
syslog(LOG_CRIT, "'%s' failed for unknown uid %d on %s", argvbuf, getuid(), ttyname(2));
|
||||
#if HAVE_SULOG
|
||||
sulog(0, "unknown");
|
||||
#endif /* HAVE_SULOG */
|
||||
exit(1);
|
||||
}
|
||||
opiestrncpy(buf, pwd->pw_name, sizeof(buf));
|
||||
|
||||
if (!p)
|
||||
p = "unknown";
|
||||
|
||||
opiestrncpy(currentuser, p, 31);
|
||||
|
||||
if (p && *p && strcmp(currentuser, buf)) {
|
||||
strcat(currentuser, "(");
|
||||
strcat(currentuser, buf);
|
||||
strcat(currentuser, ")");
|
||||
};
|
||||
|
||||
if (lookupuser(user)) {
|
||||
syslog(LOG_CRIT, "'%s' failed for %s on %s", argvbuf, currentuser, ttyname(2));
|
||||
#if HAVE_SULOG
|
||||
sulog(0, NULL);
|
||||
#endif /* HAVE_SULOG */
|
||||
fprintf(stderr, "Unknown user: %s\n", user);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (geteuid()) {
|
||||
syslog(LOG_CRIT, "'%s' failed for %s on %s: not running with superuser priveleges", argvbuf, currentuser, ttyname(2));
|
||||
#if HAVE_SULOG
|
||||
sulog(0, NULL);
|
||||
#endif /* HAVE_SULOG */
|
||||
fprintf(stderr, "You do not have permission to su %s\n", user);
|
||||
exit(1);
|
||||
};
|
||||
|
||||
/* Implement the BSD "wheel group" su restriction. */
|
||||
#if DOWHEEL
|
||||
/* Only allow those in group zero to su to root? */
|
||||
if (thisuser.pw_uid == 0) {
|
||||
struct group *gr;
|
||||
if ((gr = getgrgid(0)) != NULL) {
|
||||
for (i = 0; gr->gr_mem[i] != NULL; i++)
|
||||
if (strcmp(buf, gr->gr_mem[i]) == 0)
|
||||
goto userok;
|
||||
fprintf(stderr, "You do not have permission to su %s\n", user);
|
||||
exit(1);
|
||||
}
|
||||
userok:
|
||||
;
|
||||
#if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H
|
||||
setpriority(PRIO_PROCESS, 0, -2);
|
||||
#endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */
|
||||
}
|
||||
#endif /* DOWHEEL */
|
||||
};
|
||||
|
||||
if (!thisuser.pw_passwd[0] || getuid() == 0)
|
||||
goto ok;
|
||||
|
||||
if (console) {
|
||||
if (!opiealways(thisuser.pw_dir)) {
|
||||
fprintf(stderr, "That account requires OTP responses.\n");
|
||||
exit(1);
|
||||
};
|
||||
/* Get user's secret password */
|
||||
fprintf(stderr, "Reminder - Only use this method from the console; NEVER from remote. If you\n");
|
||||
fprintf(stderr, "are using telnet, xterm, or a dial-in, type ^C now or exit with no password.\n");
|
||||
fprintf(stderr, "Then run su without the -c parameter.\n");
|
||||
if (opieinsecure()) {
|
||||
fprintf(stderr, "Sorry, but you don't seem to be on the console or a secure terminal.\n");
|
||||
#if INSECURE_OVERRIDE
|
||||
if (force)
|
||||
fprintf(stderr, "Warning: Continuing could disclose your secret pass phrase to an attacker!\n");
|
||||
else
|
||||
#endif /* INSECURE_OVERRIDE */
|
||||
exit(1);
|
||||
};
|
||||
#if NEW_PROMPTS
|
||||
printf("%s's system password: ", thisuser.pw_name);
|
||||
if (!opiereadpass(pbuf, sizeof(pbuf), 0))
|
||||
goto error;
|
||||
#endif /* NEW_PROMPTS */
|
||||
} else {
|
||||
/* Attempt an OTP challenge */
|
||||
i = opiechallenge(&opie, user, opieprompt);
|
||||
printf("%s\n", opieprompt);
|
||||
#if NEW_PROMPTS
|
||||
printf("%s's response: ", thisuser.pw_name);
|
||||
if (!opiereadpass(pbuf, sizeof(pbuf), 1))
|
||||
goto error;
|
||||
#else /* NEW_PROMPTS */
|
||||
printf("(OTP response required)\n");
|
||||
#endif /* NEW_PROMPTS */
|
||||
fflush(stdout);
|
||||
};
|
||||
#if !NEW_PROMPTS
|
||||
printf("%s's password: ", thisuser.pw_name);
|
||||
if (!opiereadpass(pbuf, sizeof(pbuf), 0))
|
||||
goto error;
|
||||
#endif /* !NEW_PROMPTS */
|
||||
|
||||
#if !NEW_PROMPTS
|
||||
if (!pbuf[0] && !console) {
|
||||
/* Null line entered; turn echoing back on and read again */
|
||||
printf(" (echo on)\n%s's password: ", thisuser.pw_name);
|
||||
if (!opiereadpass(pbuf, sizeof(pbuf), 1))
|
||||
goto error;
|
||||
}
|
||||
#endif /* !NEW_PROMPTS */
|
||||
|
||||
if (console) {
|
||||
/* Try regular password check, if allowed */
|
||||
if (!strcmp(crypt(pbuf, thisuser.pw_passwd), thisuser.pw_passwd))
|
||||
goto ok;
|
||||
} else {
|
||||
int i = opiegetsequence(&opie);
|
||||
if (!opieverify(&opie, pbuf)) {
|
||||
/* OPIE authentication succeeded */
|
||||
if (i < 5)
|
||||
fprintf(stderr, "Warning: Change %s's OTP secret pass phrase NOW!\n", user);
|
||||
else
|
||||
if (i < 10)
|
||||
fprintf(stderr, "Warning: Change %s's OTP secret pass phrase soon.\n", user);
|
||||
goto ok;
|
||||
};
|
||||
};
|
||||
error:
|
||||
if (!console)
|
||||
opieverify(&opie, "");
|
||||
fprintf(stderr, "Sorry\n");
|
||||
syslog(LOG_CRIT, "'%s' failed for %s on %s", argvbuf, currentuser, ttyname(2));
|
||||
#if HAVE_SULOG
|
||||
sulog(0, NULL);
|
||||
#endif /* HAVE_SULOG */
|
||||
exit(2);
|
||||
|
||||
ok:
|
||||
syslog(LOG_NOTICE, "'%s' by %s on %s", argvbuf, currentuser, ttyname(2));
|
||||
#if HAVE_SULOG
|
||||
sulog(1, NULL);
|
||||
#endif /* HAVE_SULOG */
|
||||
|
||||
if (setgid(thisuser.pw_gid) < 0) {
|
||||
perror("su: setgid");
|
||||
exit(3);
|
||||
}
|
||||
if (initgroups(user, thisuser.pw_gid)) {
|
||||
fprintf(stderr, "su: initgroups failed (errno=%d)\n", errno);
|
||||
exit(4);
|
||||
}
|
||||
if (setuid(thisuser.pw_uid) < 0) {
|
||||
perror("su: setuid");
|
||||
exit(5);
|
||||
}
|
||||
if (thisuser.pw_shell && *thisuser.pw_shell)
|
||||
shell = thisuser.pw_shell;
|
||||
if (fulllogin) {
|
||||
if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) - 1 < sizeof(termbuf))) {
|
||||
strcat(termbuf, p);
|
||||
cleanenv[4] = termbuf;
|
||||
}
|
||||
environ = cleanenv;
|
||||
}
|
||||
if (fulllogin || strcmp(user, "root") != 0)
|
||||
lsetenv("USER", thisuser.pw_name, userbuf);
|
||||
lsetenv("SHELL", shell, shellbuf);
|
||||
lsetenv("HOME", thisuser.pw_dir, homebuf);
|
||||
|
||||
#if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H
|
||||
setpriority(PRIO_PROCESS, 0, 0);
|
||||
#endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */
|
||||
|
||||
#if 0
|
||||
if (fastlogin) {
|
||||
*argv-- = "-f";
|
||||
*argv = "su";
|
||||
} else
|
||||
#endif /* 0 */
|
||||
if (fulllogin) {
|
||||
if (chdir(thisuser.pw_dir) < 0) {
|
||||
fprintf(stderr, "No directory\n");
|
||||
exit(6);
|
||||
}
|
||||
*argv = "-su";
|
||||
} else {
|
||||
*argv = "su";
|
||||
}
|
||||
|
||||
catchexit();
|
||||
|
||||
#if DEBUG
|
||||
syslog(LOG_DEBUG, "execing %s", shell);
|
||||
#endif /* DEBUG */
|
||||
execv(shell, argv);
|
||||
fprintf(stderr, "No shell\n");
|
||||
exit(7);
|
||||
}
|
|
@ -1,310 +0,0 @@
|
|||
/* opietest.c: Quick, though definitely not complete, regression test for
|
||||
libopie. This is intended to catch two things:
|
||||
|
||||
(1) when changes break something
|
||||
(2) if some system wierdness (libc, compiler, or CPU/hardware) is
|
||||
not getting along at all with OPIE.
|
||||
|
||||
It's safe to say that, if tests fail, OPIE isn't going to work right
|
||||
on your system. The converse is not such a safe statement.
|
||||
|
||||
%%% copyright-cmetz-96
|
||||
This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved.
|
||||
The Inner Net License Version 3 applies to this software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
|
||||
Modified by cmetz for OPIE 2.31. Added a couple of new checks,
|
||||
removed a few commented-out checks for functions that
|
||||
no longer exist, added test-skip capability.
|
||||
Modified by cmetz for OPIE 2.3. Use new calling conventions for
|
||||
opiebtoa8()/atob8(). opiegenerator() outputs hex now.
|
||||
Modified by cmetz for OPIE 2.22. Test opielock()/opieunlock()
|
||||
refcount support.
|
||||
Created by cmetz for OPIE 2.2.
|
||||
*/
|
||||
#include "opie_cfg.h"
|
||||
#include <stdio.h>
|
||||
#include "opie.h"
|
||||
|
||||
char buffer[1024];
|
||||
|
||||
int testatob8()
|
||||
{
|
||||
static char testin[] = "0123456789abcdef";
|
||||
static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
|
||||
struct opie_otpkey key;
|
||||
|
||||
if (!opieatob8(&key, testin))
|
||||
return -1;
|
||||
|
||||
if (memcmp(&key, testout, sizeof(testout)))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testbtoa8()
|
||||
{
|
||||
static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
|
||||
static char testout[] = "0123456789abcdef";
|
||||
struct opie_otpkey testin_aligned;
|
||||
|
||||
memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
|
||||
|
||||
if (!opiebtoa8(buffer, &testin_aligned))
|
||||
return -1;
|
||||
|
||||
if (memcmp(buffer, testout, sizeof(testout)))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testbtoe()
|
||||
{
|
||||
static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
|
||||
static char testout[] = "AIM HEW BLUM FED MITE WARM";
|
||||
struct opie_otpkey testin_aligned;
|
||||
|
||||
memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
|
||||
|
||||
if (!opiebtoe(buffer, &testin_aligned))
|
||||
return -1;
|
||||
|
||||
if (memcmp(buffer, testout, sizeof(testout)))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testetob()
|
||||
{
|
||||
static char testin[] = "AIM HEW BLUM FED MITE WARM";
|
||||
static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
|
||||
struct opie_otpkey key;
|
||||
|
||||
if (opieetob(&key, testin) != 1)
|
||||
return -1;
|
||||
|
||||
if (memcmp(&key, testout, sizeof(testout)))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testgenerator()
|
||||
{
|
||||
static char testin1[] = "otp-md5 123 ke1234";
|
||||
static char testin2[] = "this is a test";
|
||||
/* static char testout[] = "END KERN BALM NICK EROS WAVY"; */
|
||||
static char testout[] = "11D4 C147 E227 C1F1";
|
||||
|
||||
if (opiegenerator(testin1, testin2, buffer))
|
||||
return -1;
|
||||
|
||||
if (memcmp(buffer, testout, sizeof(testout)))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testgetsequence()
|
||||
{
|
||||
struct opie testin;
|
||||
testin.opie_n = 42;
|
||||
|
||||
if (opiegetsequence(&testin) != 42)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testhashmd4()
|
||||
{
|
||||
static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
|
||||
static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x9f, 0x40, 0xfb, 0x84, 0xb, 0xf8, 0x7f, 0x4b };
|
||||
struct opie_otpkey testin_aligned;
|
||||
|
||||
memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
|
||||
|
||||
opiehash(&testin_aligned, 4);
|
||||
|
||||
if (memcmp(&testin_aligned, testout, sizeof(struct opie_otpkey)))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testhashmd5()
|
||||
{
|
||||
static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
|
||||
static unsigned char testout[] = { 0x78, 0xdd, 0x1a, 0x37, 0xf8, 0x91, 0x54, 0xe1 };
|
||||
struct opie_otpkey testin_aligned;
|
||||
|
||||
memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey));
|
||||
|
||||
opiehash(&testin_aligned, 5);
|
||||
|
||||
if (memcmp(&testin_aligned, testout, sizeof(struct opie_otpkey)))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testinsecure()
|
||||
{
|
||||
opieinsecure();
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testkeycrunch()
|
||||
{
|
||||
static char testin1[] = "ke1234";
|
||||
static char testin2[] = "this is a test";
|
||||
static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x2e, 0xd3, 0x5d, 0x74, 0x3e, 0xa9, 0xe9, 0xe8 };
|
||||
struct opie_otpkey opie_otpkey;
|
||||
|
||||
if (opiekeycrunch(5, &opie_otpkey, testin1, testin2))
|
||||
return -1;
|
||||
|
||||
if (memcmp(&opie_otpkey, testout, sizeof(struct opie_otpkey)))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testlock()
|
||||
{
|
||||
int i;
|
||||
|
||||
if (getuid())
|
||||
return -2;
|
||||
|
||||
for (i = 0; i < 3; i++)
|
||||
if (opielock("__opietest"))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testpasscheck()
|
||||
{
|
||||
static char testin1[] = "abadone";
|
||||
static char testin2[] = "A more reasonable choice.";
|
||||
|
||||
if (!opiepasscheck(testin1))
|
||||
return -1;
|
||||
|
||||
if (opiepasscheck(testin2))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testrandomchallenge()
|
||||
{
|
||||
char buffer[OPIE_CHALLENGE_MAX+1];
|
||||
|
||||
opierandomchallenge(buffer);
|
||||
|
||||
if (strncmp(buffer, "otp-", 4))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int testunlock()
|
||||
{
|
||||
int i;
|
||||
|
||||
if (getuid())
|
||||
return -2;
|
||||
|
||||
for (i = 0; i < 3; i++)
|
||||
if (opieunlock())
|
||||
return -1;
|
||||
|
||||
if (opieunlock() != -1)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct opietest {
|
||||
int (*f)();
|
||||
char *n;
|
||||
};
|
||||
|
||||
static struct opietest opietests[] = {
|
||||
{ testatob8, "atob8" },
|
||||
{ testbtoa8, "btoa8" },
|
||||
{ testbtoe, "btoe" },
|
||||
{ testetob, "etob" },
|
||||
/* { testchallenge, "challenge" }, */
|
||||
{ testgenerator, "generator" },
|
||||
{ testgetsequence, "getsequence" },
|
||||
{ testhashmd4, "hash(MD4)" },
|
||||
{ testhashmd5, "hash(MD5)" },
|
||||
{ testinsecure, "insecure" },
|
||||
{ testkeycrunch, "keycrunch" },
|
||||
{ testlock, "lock" },
|
||||
{ testrandomchallenge, "randomchallenge" },
|
||||
/* { testreadpass, "readpass" }, */
|
||||
{ testunlock, "unlock" },
|
||||
/* { testverify, "verify" }, */
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
int main FUNCTION((argc, argv), int argc AND char *argv[])
|
||||
{
|
||||
struct opietest *opietest;
|
||||
int tests_passed = 0;
|
||||
int tests_failed = 0;
|
||||
int tests_skipped = 0;
|
||||
int ntests = 0, testn = 0;
|
||||
|
||||
if (getuid() != geteuid()) {
|
||||
fprintf(stderr, "opietest: do not make this program setuid!\n");
|
||||
exit(1);
|
||||
};
|
||||
|
||||
for (opietest = opietests; opietest->n; opietest++)
|
||||
ntests++;
|
||||
|
||||
printf("opietest: executing %d tests\n", ntests);
|
||||
|
||||
for (opietest = opietests, testn = 1; opietest->n; opietest++) {
|
||||
printf("(%2d/%2d) testing opie%s... ", testn++, ntests, opietest->n);
|
||||
switch(opietest->f()) {
|
||||
case -2:
|
||||
printf("skipped\n");
|
||||
tests_skipped++;
|
||||
opietest->f = NULL;
|
||||
break;
|
||||
case -1:
|
||||
printf("FAILED!\n");
|
||||
tests_failed++;
|
||||
break;
|
||||
case 0:
|
||||
printf("passed\n");
|
||||
tests_passed++;
|
||||
opietest->f = NULL;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
printf("opietest: completed %d tests. %d tests passed, %d tests skipped, %d tests failed.\n", ntests, tests_passed, tests_skipped, tests_failed);
|
||||
if (tests_failed) {
|
||||
printf("opietest: please correct the following failures before attempting to use OPIE:\n");
|
||||
for (opietest = opietests; opietest->n; opietest++)
|
||||
if (opietest->f)
|
||||
printf(" opie%s\n", opietest->n);
|
||||
exit(1);
|
||||
}
|
||||
exit(0);
|
||||
}
|
|
@ -1,167 +0,0 @@
|
|||
/* permsfile.c: implement SunOS /etc/fbtab and Solaris /etc/logindevperm
|
||||
functionality to set device permissions on login
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.31. Include unistd.h.
|
||||
Modified by cmetz for OPIE 2.3. Check for NULL return from
|
||||
ftpglob(), combine some expressions, fix a typo. Made file
|
||||
selection a bit more generic.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Add opie.h. Ifdef around a header.
|
||||
Written at NRL for OPIE 2.0.
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
#ifdef HAVE_LOGIN_PERMFILE
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#include <syslog.h>
|
||||
#include "opie.h"
|
||||
|
||||
/* Line buffer size (one more than max line length) */
|
||||
#define BUFSIZE 128
|
||||
/* Maximum number of list items in a field */
|
||||
#define LISTSIZE 10
|
||||
|
||||
static char buf[BUFSIZE], buf2[8];
|
||||
|
||||
char **ftpglob __P((char *));
|
||||
|
||||
VOIDRET opiefatal FUNCTION((x), char *x)
|
||||
{
|
||||
fprintf(stderr, x);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
#include "glob.c"
|
||||
|
||||
static int getalist FUNCTION((string, list), char **string AND char **list)
|
||||
{
|
||||
char *s = *string;
|
||||
int i = 0;
|
||||
|
||||
while (*s && (*s != '\n') && (*s != ' ') && (*s != '\t'))
|
||||
if ((*s == ':') || (*s == ',')) {
|
||||
*(s++) = 0;
|
||||
list[i++] = *string;
|
||||
*string = s;
|
||||
if (i == LISTSIZE)
|
||||
return i;
|
||||
} else
|
||||
s++;
|
||||
|
||||
if ((int) (s) - (int) (*string)) {
|
||||
*s = 0;
|
||||
list[i++] = *string;
|
||||
}
|
||||
*string = ++s;
|
||||
|
||||
return i;
|
||||
}
|
||||
|
||||
static VOIDRET doaline FUNCTION((line, name, ttyn, uid, gid), char *line AND char *name AND char *ttyn AND uid_t uid AND gid_t gid)
|
||||
{
|
||||
char *ptr;
|
||||
int i;
|
||||
int applies, llen;
|
||||
char *listbuf[LISTSIZE], **globlist;
|
||||
|
||||
if (ptr = strchr(buf, '#'))
|
||||
*ptr = 0;
|
||||
|
||||
/* Skip whitespace */
|
||||
for (ptr = buf; *ptr && ((*ptr == ' ') || (*ptr == '\t'));
|
||||
ptr++);
|
||||
|
||||
if (!*ptr)
|
||||
return;
|
||||
|
||||
/* (Optional) Field 1: user name(s) */
|
||||
if ((*ptr != '/') && (*ptr != '~')) {
|
||||
llen = getalist(&ptr, listbuf);
|
||||
for (applies = i = 0; (i < llen) && !applies; i++)
|
||||
if (!strcmp(listbuf[i], name))
|
||||
applies++;
|
||||
while (*ptr && ((*ptr == ' ') || (*ptr == '\t')))
|
||||
ptr++;
|
||||
if (!applies || !*ptr)
|
||||
return;
|
||||
}
|
||||
/* Field 2: terminal(s) */
|
||||
llen = getalist(&ptr, listbuf);
|
||||
for (applies = i = 0; (i < llen) && !applies; i++)
|
||||
if (!strcmp(listbuf[i], ttyn))
|
||||
applies++;
|
||||
|
||||
while (*ptr && ((*ptr == ' ') || (*ptr == '\t')))
|
||||
ptr++;
|
||||
|
||||
if (!applies || !*ptr)
|
||||
return;
|
||||
|
||||
/* Field 3: mode */
|
||||
for (applies = 0; *ptr && (*ptr >= '0') && (*ptr <= '7');
|
||||
applies = (applies << 3) | (*(ptr++) - '0'));
|
||||
|
||||
while (*ptr && ((*ptr == ' ') || (*ptr == '\t')))
|
||||
ptr++;
|
||||
|
||||
if (!*ptr)
|
||||
return;
|
||||
|
||||
/* Field 4: devices (the fun part...) */
|
||||
llen = getalist(&ptr, listbuf);
|
||||
for (i = 0; i < llen; i++) {
|
||||
if (globlist = ftpglob(listbuf[i]))
|
||||
while (*globlist) {
|
||||
#ifdef DEBUG
|
||||
syslog(LOG_DEBUG, "setting %s to %d/%d %o", *globlist, uid, gid, applies);
|
||||
#endif /* DEBUG */
|
||||
if ((chown(*globlist, uid, gid) < 0) && (errno != ENOENT))
|
||||
perror("chown");
|
||||
if ((chmod(*(globlist++), applies) < 0) && (errno != ENOENT))
|
||||
perror("chmod");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
VOIDRET permsfile FUNCTION((name, ttyn, uid, gid), char *name AND char *ttyn AND uid_t uid AND gid_t gid)
|
||||
{
|
||||
FILE *fh;
|
||||
|
||||
if (!(fh = fopen(HAVE_LOGIN_PERMFILE, "r"))) {
|
||||
syslog(LOG_ERR, "Can't open %s!", HAVE_LOGIN_PERMFILE);
|
||||
fprintf(stderr, "Warning: Can't set device permissions.\n");
|
||||
return;
|
||||
}
|
||||
do {
|
||||
if (feof(fh))
|
||||
return;
|
||||
if (fgets(buf, BUFSIZE, fh) == NULL)
|
||||
return;
|
||||
buf[BUFSIZE] = 0;
|
||||
|
||||
doaline(buf, name, ttyn, uid, gid);
|
||||
}
|
||||
while (1);
|
||||
}
|
||||
#endif /* HAVE_LOGIN_PERMFILE */
|
|
@ -1,216 +0,0 @@
|
|||
/* popen.c: A "safe" pipe open routine.
|
||||
|
||||
%%% portions-copyright-cmetz-96
|
||||
Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
||||
Reserved. The Inner Net License Version 2 applies to these portions of
|
||||
the software.
|
||||
You should have received a copy of the license with this software. If
|
||||
you didn't get a copy, you may request one from <license@inner.net>.
|
||||
|
||||
Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
||||
McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
||||
to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
||||
License Agreement applies to this software.
|
||||
|
||||
History:
|
||||
|
||||
Modified by cmetz for OPIE 2.31. Merged in some 4.4BSD-Lite fixes.
|
||||
Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al.
|
||||
Removed useless string. ifdef around some headers.
|
||||
Modified at NRL for OPIE 2.1. Optimized for only one pipe at a time.
|
||||
Added minimal version of sigprocmask(). Moved some pid_t
|
||||
dancing to the config headers.
|
||||
Modified at NRL for OPIE 2.0.
|
||||
Originally from BSD.
|
||||
|
||||
$FreeBSD$
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 1988, 1993, 1994
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* This code is derived from software written by Ken Arnold and
|
||||
* published in UNIX Review, Vol. 6, No. 8.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the University of
|
||||
* California, Berkeley and its contributors.
|
||||
* 4. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "opie_cfg.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#if HAVE_SIGNAL_H
|
||||
#include <signal.h>
|
||||
#endif /* HAVE_SIGNAL_H */
|
||||
#if HAVE_SYS_SIGNAL_H
|
||||
#include <sys/signal.h>
|
||||
#endif /* HAVE_SYS_SIGNAL_H */
|
||||
#if HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#include <stdio.h>
|
||||
#if HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#endif /* HAVE_STDLIB_H */
|
||||
#if HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
|
||||
#include "opie.h"
|
||||
|
||||
#define MAXUSRARGS 100
|
||||
#define MAXGLOBARGS 1000
|
||||
|
||||
char **ftpglob __P((register char *));
|
||||
char **copyblk __P((char **));
|
||||
VOIDRET blkfree __P((char **));
|
||||
|
||||
/*
|
||||
* Special version of popen which avoids call to shell. This ensures noone
|
||||
* may create a pipe to a hidden program as a side effect of a list or dir
|
||||
* command.
|
||||
*/
|
||||
static pid_t child_pid = -1;
|
||||
static int pipe_fd;
|
||||
|
||||
extern char **environ;
|
||||
|
||||
FILE *ftpd_popen FUNCTION((program, type), char *program AND char *type)
|
||||
{
|
||||
char *cp;
|
||||
FILE *iop;
|
||||
int argc, gargc, pdes[2];
|
||||
char **pop, *argv[MAXUSRARGS], *gargv[MAXGLOBARGS], *vv[2];
|
||||
|
||||
if ((*type != 'r' && *type != 'w') || type[1])
|
||||
return (NULL);
|
||||
|
||||
if (pipe(pdes) < 0)
|
||||
return (NULL);
|
||||
|
||||
/* break up string into pieces */
|
||||
for (argc = 0, cp = program; argc < MAXUSRARGS-1; cp = NULL) {
|
||||
if (!(argv[argc++] = strtok(cp, " \t\n")))
|
||||
break;
|
||||
}
|
||||
argv[argc - 1] = NULL;
|
||||
|
||||
/* glob each piece */
|
||||
gargv[0] = argv[0];
|
||||
for (gargc = argc = 1; argv[argc] && gargc < (MAXGLOBARGS-1); argc++) {
|
||||
if (!(pop = (char **) ftpglob(argv[argc]))) {
|
||||
/* globbing failed */
|
||||
vv[0] = argv[argc];
|
||||
vv[1] = NULL;
|
||||
pop = (char **) copyblk(vv);
|
||||
}
|
||||
argv[argc] = (char *) pop; /* save to free later */
|
||||
while (*pop && gargc < MAXGLOBARGS-1)
|
||||
gargv[gargc++] = *pop++;
|
||||
}
|
||||
gargv[gargc] = NULL;
|
||||
|
||||
iop = NULL;
|
||||
switch (child_pid = fork()) {
|
||||
case -1: /* error */
|
||||
close(pdes[0]);
|
||||
close(pdes[1]);
|
||||
goto pfree;
|
||||
/* NOTREACHED */
|
||||
case 0: /* child */
|
||||
if (*type == 'r') {
|
||||
if (pdes[1] != 1) {
|
||||
dup2(pdes[1], 1);
|
||||
dup2(pdes[1], 2); /* stderr, too! */
|
||||
close(pdes[1]);
|
||||
}
|
||||
close(pdes[0]);
|
||||
} else {
|
||||
if (pdes[0] != 0) {
|
||||
dup2(pdes[0], 0);
|
||||
close(pdes[0]);
|
||||
}
|
||||
close(pdes[1]);
|
||||
}
|
||||
environ = NULL;
|
||||
execv(gargv[0], gargv);
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
/* parent; assume fdopen can't fail... */
|
||||
if (*type == 'r') {
|
||||
iop = fdopen(pipe_fd = pdes[0], type);
|
||||
close(pdes[1]);
|
||||
} else {
|
||||
iop = fdopen(pipe_fd = pdes[1], type);
|
||||
close(pdes[0]);
|
||||
}
|
||||
|
||||
pfree: for (argc = 1; argv[argc] != NULL; argc++) {
|
||||
blkfree((char **) argv[argc]);
|
||||
free((char *) argv[argc]);
|
||||
}
|
||||
return (iop);
|
||||
}
|
||||
|
||||
int ftpd_pclose FUNCTION((iop), FILE *iop)
|
||||
{
|
||||
int status;
|
||||
pid_t pid;
|
||||
sigset_t omask, mask;
|
||||
|
||||
sigemptyset(&mask);
|
||||
sigaddset(&mask, SIGINT);
|
||||
sigaddset(&mask, SIGQUIT);
|
||||
sigaddset(&mask, SIGHUP);
|
||||
|
||||
/* pclose returns -1 if stream is not associated with a `popened' command,
|
||||
or, if already `pclosed'. */
|
||||
if ((child_pid < 0) || (fileno(iop) != pipe_fd))
|
||||
return (-1);
|
||||
|
||||
fclose(iop);
|
||||
sigprocmask(SIG_BLOCK, &mask, &omask);
|
||||
|
||||
while ((pid = wait(&status)) != child_pid && (pid != -1));
|
||||
sigprocmask(SIG_SETMASK, &omask, NULL);
|
||||
|
||||
child_pid = -1;
|
||||
pipe_fd = -1;
|
||||
|
||||
#if defined(WEXITSTATUS) && defined(WIFEXITED)
|
||||
if ((pid > 0) && WIFEXITED(status))
|
||||
return WEXITSTATUS(status);
|
||||
|
||||
return -1;
|
||||
#else /* defined(WEXITSTATUS) && defined(WIFEXITED) */
|
||||
return (pid == -1 ? -1 : status.w_status);
|
||||
#endif /* defined(WEXITSTATUS) && defined(WIFEXITED) */
|
||||
}
|
|
@ -1103,10 +1103,6 @@ Displays the legal
|
|||
.Pq Ic unset
|
||||
commands.
|
||||
.El
|
||||
.It Ic opie Ar sequence challenge
|
||||
The
|
||||
.Ic opie
|
||||
command computes a response to the OPIE challenge.
|
||||
.It Ic slc Ar state
|
||||
The
|
||||
.Ic slc
|
||||
|
|
|
@ -95,8 +95,6 @@
|
|||
/set gname=daemon
|
||||
lpd
|
||||
..
|
||||
opielocks mode=0700
|
||||
..
|
||||
output
|
||||
lpd
|
||||
..
|
||||
|
|
|
@ -77,7 +77,6 @@ SUBDIR= ${SUBDIR_BOOTSTRAP} \
|
|||
libnetmap \
|
||||
libnv \
|
||||
libopenbsd \
|
||||
libopie \
|
||||
libpam \
|
||||
libpathconv \
|
||||
libpcap \
|
||||
|
@ -132,8 +131,7 @@ SUBDIR_DEPEND_libgeom= libexpat libsbuf
|
|||
SUBDIR_DEPEND_librpcsec_gss= libgssapi
|
||||
SUBDIR_DEPEND_libmagic= libz
|
||||
SUBDIR_DEPEND_libmemstat= libkvm
|
||||
SUBDIR_DEPEND_libopie= libmd
|
||||
SUBDIR_DEPEND_libpam= libcrypt libopie ${_libradius} librpcsvc libtacplus libutil ${_libypclnt} ${_libcom_err}
|
||||
SUBDIR_DEPEND_libpam= libcrypt ${_libradius} librpcsvc libtacplus libutil ${_libypclnt} ${_libcom_err}
|
||||
SUBDIR_DEPEND_libpjdlog= libutil
|
||||
SUBDIR_DEPEND_libprocstat= libkvm libutil
|
||||
SUBDIR_DEPEND_libradius= libmd
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
# Makefile for libopie
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
CONFS= opieaccess
|
||||
CONFSMODE= 600
|
||||
PACKAGE=lib${LIB}
|
||||
OPIE_DIST?= ${SRCTOP}/contrib/opie
|
||||
DIST_DIR= ${OPIE_DIST}/${.CURDIR:T}
|
||||
SHLIB_MAJOR= 8
|
||||
|
||||
KEYFILE?= \"/etc/opiekeys\"
|
||||
|
||||
.PATH: ${DIST_DIR}
|
||||
|
||||
LIB= opie
|
||||
SRCS= atob8.c btoa8.c btoh.c challenge.c getsequence.c hash.c hashlen.c \
|
||||
keycrunch.c lock.c lookup.c newseed.c parsechallenge.c passcheck.c \
|
||||
passwd.c randomchallenge.c readpass.c unlock.c verify.c version.c \
|
||||
btoe.c accessfile.c generator.c insecure.c getutmpentry.c \
|
||||
readrec.c writerec.c open.c
|
||||
SRCS+= opieextra.c
|
||||
INCS= ${OPIE_DIST}/opie.h
|
||||
|
||||
CFLAGS+=-I${.CURDIR} -I${OPIE_DIST} -I${DIST_DIR} \
|
||||
-DKEY_FILE=${KEYFILE}
|
||||
|
||||
ACCESSFILE?= \"/etc/opieaccess\"
|
||||
CFLAGS+= -DINSECURE_OVERRIDE -DPATH_ACCESS_FILE=${ACCESSFILE}
|
||||
|
||||
WARNS?= 0
|
||||
|
||||
LIBADD= md
|
||||
|
||||
MAN= ${OPIE_DIST}/opie.4 ${OPIE_DIST}/opiekeys.5 ${OPIE_DIST}/opieaccess.5
|
||||
|
||||
MLINKS= opie.4 skey.4
|
||||
|
||||
.include <bsd.lib.mk>
|
|
@ -1,18 +0,0 @@
|
|||
# $FreeBSD$
|
||||
# Autogenerated - do NOT edit!
|
||||
|
||||
DIRDEPS = \
|
||||
include \
|
||||
include/arpa \
|
||||
include/xlocale \
|
||||
lib/${CSU_DIR} \
|
||||
lib/libc \
|
||||
lib/libcompiler_rt \
|
||||
lib/libmd \
|
||||
|
||||
|
||||
.include <dirdeps.mk>
|
||||
|
||||
.if ${DEP_RELDIR} == ${_DEP_RELDIR}
|
||||
# local dependencies - needed for -jN in clean tree
|
||||
.endif
|
|
@ -1,381 +0,0 @@
|
|||
/* $FreeBSD$ */
|
||||
/* config.h. Generated automatically by configure. */
|
||||
/* config.h.in. Generated automatically from configure.in by autoheader. */
|
||||
|
||||
/* Define if on AIX 3.
|
||||
System headers sometimes define this.
|
||||
We just want to avoid a redefinition error message. */
|
||||
#ifndef _ALL_SOURCE
|
||||
/* #undef _ALL_SOURCE */
|
||||
#endif
|
||||
|
||||
/* Define if using alloca.c. */
|
||||
/* #undef C_ALLOCA */
|
||||
|
||||
/* Define to empty if the keyword does not work. */
|
||||
/* #undef const */
|
||||
|
||||
/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems.
|
||||
This function is required for alloca.c support on those systems. */
|
||||
/* #undef CRAY_STACKSEG_END */
|
||||
|
||||
/* Define if you have alloca, as a function or macro. */
|
||||
#define HAVE_ALLOCA 1
|
||||
|
||||
/* Define if you have <alloca.h> and it should be used (not on Ultrix). */
|
||||
/* #undef HAVE_ALLOCA_H */
|
||||
|
||||
/* Define if you have <sys/wait.h> that is POSIX.1 compatible. */
|
||||
#define HAVE_SYS_WAIT_H 1
|
||||
|
||||
/* Define if on MINIX. */
|
||||
/* #undef _MINIX */
|
||||
|
||||
/* Define if the system does not provide POSIX.1 features except
|
||||
with this defined. */
|
||||
/* #undef _POSIX_1_SOURCE */
|
||||
|
||||
/* Define if you need to in order for stat and other things to work. */
|
||||
/* #undef _POSIX_SOURCE */
|
||||
|
||||
/* Define as the return type of signal handlers (int or void). */
|
||||
#define RETSIGTYPE void
|
||||
|
||||
/* If using the C implementation of alloca, define if you know the
|
||||
direction of stack growth for your system; otherwise it will be
|
||||
automatically deduced at run-time.
|
||||
STACK_DIRECTION > 0 => grows toward higher addresses
|
||||
STACK_DIRECTION < 0 => grows toward lower addresses
|
||||
STACK_DIRECTION = 0 => direction of growth unknown
|
||||
*/
|
||||
/* #undef STACK_DIRECTION */
|
||||
|
||||
/* Define if you want the FTP daemon to support anonymous logins. */
|
||||
/* #undef DOANONYMOUS */
|
||||
|
||||
/* The default value of the PATH environment variable */
|
||||
#define DEFAULT_PATH "/usr/bin:/bin:/usr/sbin:/sbin"
|
||||
|
||||
/* Defined if the file /etc/default/login exists
|
||||
(and, presumably, should be looked at by login) */
|
||||
/* #undef HAVE_ETC_DEFAULT_LOGIN */
|
||||
|
||||
/* Defined to the name of a file that contains a list of files whose
|
||||
permissions and ownerships should be changed on login. */
|
||||
/* #undef HAVE_LOGIN_PERMFILE */
|
||||
|
||||
/* Defined to the name of a file that contains a list of environment
|
||||
values that should be set on login. */
|
||||
/* #undef HAVE_LOGIN_ENVFILE */
|
||||
|
||||
/* Defined if the file /etc/securetty exists
|
||||
(and, presumably, should be looked at by login) */
|
||||
/* #undef HAVE_SECURETTY */
|
||||
|
||||
/* Defined if the file /etc/shadow exists
|
||||
(and, presumably, should be looked at for shadow passwords) */
|
||||
/* #undef HAVE_ETC_SHADOW */
|
||||
|
||||
/* The path to the access file, if we're going to use it */
|
||||
/* #undef PATH_ACCESS_FILE */
|
||||
|
||||
/* The path to the mail spool, if we know it */
|
||||
#define PATH_MAIL "/var/mail"
|
||||
|
||||
/* The path to the utmp file, if we know it */
|
||||
#define PATH_UTMP_AC "/var/run/utmp"
|
||||
|
||||
/* The path to the wtmp file, if we know it */
|
||||
#define PATH_WTMP_AC "/var/log/wtmp"
|
||||
|
||||
/* The path to the wtmpx file, if we know it */
|
||||
/* #undef PATH_WTMPX_AC */
|
||||
|
||||
/* Defined if the system's profile (/etc/profile) displays
|
||||
the motd file */
|
||||
/* #undef HAVE_MOTD_IN_PROFILE */
|
||||
|
||||
/* Defined if the system's profile (/etc/profile) informs the
|
||||
user of new mail */
|
||||
/* #undef HAVE_MAILCHECK_IN_PROFILE */
|
||||
|
||||
/* Define if you have a nonstandard gettimeofday() that takes one argument
|
||||
instead of two. */
|
||||
/* #undef HAVE_ONE_ARG_GETTIMEOFDAY */
|
||||
|
||||
/* Define if the system has the getenv function */
|
||||
#define HAVE_GETENV 1
|
||||
|
||||
/* Define if the system has the setenv function */
|
||||
#define HAVE_SETENV 1
|
||||
|
||||
/* Define if the system has the /var/adm/sulog file */
|
||||
/* #undef HAVE_SULOG */
|
||||
|
||||
/* Define if the system has the unsetenv function */
|
||||
#define HAVE_UNSETENV 1
|
||||
|
||||
/* Define if the compiler can handle ANSI-style argument lists */
|
||||
#define HAVE_ANSIDECL 1
|
||||
|
||||
/* Define if the compiler can handle ANSI-style prototypes */
|
||||
#define HAVE_ANSIPROTO 1
|
||||
|
||||
/* Define if the system has an ANSI-style printf (returns int instead of char *) */
|
||||
#define HAVE_ANSISPRINTF 1
|
||||
|
||||
/* Define if the compiler can handle ANSI-style variable argument lists */
|
||||
#define HAVE_ANSISTDARG 1
|
||||
|
||||
/* Define if the compiler can handle void argument lists to functions */
|
||||
#define HAVE_VOIDARG 1
|
||||
|
||||
/* Define if the compiler can handle void return "values" from functions */
|
||||
#define HAVE_VOIDRET 1
|
||||
|
||||
/* Define if the compiler can handle void pointers to our liking */
|
||||
#define HAVE_VOIDPTR 1
|
||||
|
||||
/* Define if the /bin/ls command seems to support the -g flag */
|
||||
/* #undef HAVE_LS_G_FLAG */
|
||||
|
||||
/* Define if there is a ut_pid field in struct utmp */
|
||||
/* #undef HAVE_UT_PID */
|
||||
|
||||
/* Define if there is a ut_type field in struct utmp */
|
||||
/* #undef HAVE_UT_TYPE */
|
||||
|
||||
/* Define if there is a ut_name field in struct utmp */
|
||||
#define HAVE_UT_NAME 1
|
||||
|
||||
/* Define if there is a ut_host field in struct utmp */
|
||||
#define HAVE_UT_HOST 1
|
||||
|
||||
/* Define if the system has getutline() */
|
||||
/* #undef HAVE_GETUTLINE */
|
||||
|
||||
/* Defined if the system has SunOS C2 security shadow passwords */
|
||||
/* #undef HAVE_SUNOS_C2_SHADOW */
|
||||
|
||||
/* Defined if you want to disable utmp support */
|
||||
/* #undef DISABLE_UTMP */
|
||||
|
||||
/* Defined if you want to allow users to override the insecure checks */
|
||||
/* #undef INSECURE_OVERRIDE */
|
||||
|
||||
/* Defined to the default hash value, always defined */
|
||||
#define MDX 5
|
||||
|
||||
/* Defined if new-style prompts are to be used */
|
||||
#define NEW_PROMPTS 1
|
||||
|
||||
/* Defined to the path of the OPIE lock directory */
|
||||
#define OPIE_LOCK_DIR "/var/spool/opielocks"
|
||||
|
||||
/* Defined if users are to be asked to re-type secret pass phrases */
|
||||
/* #undef RETYPE */
|
||||
|
||||
/* Defined if su should not switch to disabled accounts */
|
||||
/* #undef SU_STAR_CHECK */
|
||||
|
||||
/* Don't turn it on! It allows intruder easily disable whole OPIE for user */
|
||||
/* Defined if user locking is to be used */
|
||||
/* #undef USER_LOCKING */
|
||||
|
||||
/* Define if you have the bcopy function. */
|
||||
/* #undef HAVE_BCOPY */
|
||||
|
||||
/* Define if you have the bzero function. */
|
||||
/* #undef HAVE_BZERO */
|
||||
|
||||
/* Define if you have the endspent function. */
|
||||
/* #undef HAVE_ENDSPENT */
|
||||
|
||||
/* Define if you have the fpurge function. */
|
||||
#define HAVE_FPURGE 1
|
||||
|
||||
/* Define if you have the getdtablesize function. */
|
||||
/* #undef HAVE_GETDTABLESIZE */
|
||||
|
||||
/* Define if you have the getgroups function. */
|
||||
#define HAVE_GETGROUPS 1
|
||||
|
||||
/* Define if you have the gethostname function. */
|
||||
/* #undef HAVE_GETHOSTNAME */
|
||||
|
||||
/* Define if you have the getspnam function. */
|
||||
/* #undef HAVE_GETSPNAM */
|
||||
|
||||
/* Define if you have the gettimeofday function. */
|
||||
#define HAVE_GETTIMEOFDAY 1
|
||||
|
||||
/* Define if you have the getttynam function. */
|
||||
#define HAVE_GETTTYNAM 1
|
||||
|
||||
/* Define if you have the getusershell function. */
|
||||
#define HAVE_GETUSERSHELL 1
|
||||
|
||||
/* Define if you have the getutxline function. */
|
||||
#define HAVE_GETUTXLINE 1
|
||||
|
||||
/* Define if you have the getwd function. */
|
||||
/* #undef HAVE_GETWD */
|
||||
|
||||
/* Define if you have the index function. */
|
||||
/* #undef HAVE_INDEX */
|
||||
|
||||
/* Define if you have the lstat function. */
|
||||
#define HAVE_LSTAT 1
|
||||
|
||||
/* Define if you have the on_exit function. */
|
||||
/* #undef HAVE_ON_EXIT */
|
||||
|
||||
/* Define if you have the pututxline function. */
|
||||
#define HAVE_PUTUTXLINE 1
|
||||
|
||||
/* Define if you have the rindex function. */
|
||||
/* #undef HAVE_RINDEX */
|
||||
|
||||
/* Define if you have the setgroups function. */
|
||||
#define HAVE_SETGROUPS 1
|
||||
|
||||
/* Define if you have the setlogin function. */
|
||||
#define HAVE_SETLOGIN 1
|
||||
|
||||
/* Define if you have the setpriority function. */
|
||||
#define HAVE_SETPRIORITY 1
|
||||
|
||||
/* Define if you have the setregid function. */
|
||||
/* #undef HAVE_SETREGID */
|
||||
|
||||
/* Define if you have the setresgid function. */
|
||||
/* #undef HAVE_SETRESGID */
|
||||
|
||||
/* Define if you have the setresuid function. */
|
||||
/* #undef HAVE_SETRESUID */
|
||||
|
||||
/* Define if you have the setreuid function. */
|
||||
/* #undef HAVE_SETREUID */
|
||||
|
||||
/* Define if you have the setvbuf function. */
|
||||
#define HAVE_SETVBUF 1
|
||||
|
||||
/* Define if you have the sigaddset function. */
|
||||
#define HAVE_SIGADDSET 1
|
||||
|
||||
/* Define if you have the sigblock function. */
|
||||
/* #undef HAVE_SIGBLOCK */
|
||||
|
||||
/* Define if you have the sigemptyset function. */
|
||||
#define HAVE_SIGEMPTYSET 1
|
||||
|
||||
/* Define if you have the sigsetmask function. */
|
||||
/* #undef HAVE_SIGSETMASK */
|
||||
|
||||
/* Define if you have the socket function. */
|
||||
#define HAVE_SOCKET 1
|
||||
|
||||
/* Define if you have the strerror function. */
|
||||
#define HAVE_STRERROR 1
|
||||
|
||||
/* Define if you have the strftime function. */
|
||||
#define HAVE_STRFTIME 1
|
||||
|
||||
/* Define if you have the strncasecmp function. */
|
||||
#define HAVE_STRNCASECMP 1
|
||||
|
||||
/* Define if you have the strstr function. */
|
||||
#define HAVE_STRSTR 1
|
||||
|
||||
/* Define if you have the ttyslot function. */
|
||||
#define HAVE_TTYSLOT 1
|
||||
|
||||
/* Define if you have the usleep function. */
|
||||
#define HAVE_USLEEP 1
|
||||
|
||||
/* Define if you have the <crypt.h> header file. */
|
||||
/* #undef HAVE_CRYPT_H */
|
||||
|
||||
/* Define if you have the <dirent.h> header file. */
|
||||
#define HAVE_DIRENT_H 1
|
||||
|
||||
/* Define if you have the <fcntl.h> header file. */
|
||||
#define HAVE_FCNTL_H 1
|
||||
|
||||
/* Define if you have the <lastlog.h> header file. */
|
||||
/* #undef HAVE_LASTLOG_H */
|
||||
|
||||
/* Define if you have the <limits.h> header file. */
|
||||
#define HAVE_LIMITS_H 1
|
||||
|
||||
/* Define if you have the <ndir.h> header file. */
|
||||
/* #undef HAVE_NDIR_H */
|
||||
|
||||
/* Define if you have the <paths.h> header file. */
|
||||
#define HAVE_PATHS_H 1
|
||||
|
||||
/* Define if you have the <pwd.h> header file. */
|
||||
#define HAVE_PWD_H 1
|
||||
|
||||
/* Define if you have the <shadow.h> header file. */
|
||||
/* #undef HAVE_SHADOW_H */
|
||||
|
||||
/* Define if you have the <signal.h> header file. */
|
||||
#define HAVE_SIGNAL_H 1
|
||||
|
||||
/* Define if you have the <stdlib.h> header file. */
|
||||
#define HAVE_STDLIB_H 1
|
||||
|
||||
/* Define if you have the <string.h> header file. */
|
||||
#define HAVE_STRING_H 1
|
||||
|
||||
/* Define if you have the <sys/dir.h> header file. */
|
||||
/* #undef HAVE_SYS_DIR_H */
|
||||
|
||||
/* Define if you have the <sys/file.h> header file. */
|
||||
#define HAVE_SYS_FILE_H 1
|
||||
|
||||
/* Define if you have the <sys/ioctl.h> header file. */
|
||||
#define HAVE_SYS_IOCTL_H 1
|
||||
|
||||
/* Define if you have the <sys/ndir.h> header file. */
|
||||
/* #undef HAVE_SYS_NDIR_H */
|
||||
|
||||
/* Define if you have the <sys/param.h> header file. */
|
||||
#define HAVE_SYS_PARAM_H 1
|
||||
|
||||
/* Define if you have the <sys/select.h> header file. */
|
||||
#define HAVE_SYS_SELECT_H 1
|
||||
|
||||
/* Define if you have the <sys/signal.h> header file. */
|
||||
#define HAVE_SYS_SIGNAL_H 1
|
||||
|
||||
/* Define if you have the <sys/time.h> header file. */
|
||||
#define HAVE_SYS_TIME_H 1
|
||||
|
||||
/* Define if you have the <sys/utsname.h> header file. */
|
||||
#define HAVE_SYS_UTSNAME_H 1
|
||||
|
||||
/* Define if you have the <syslog.h> header file. */
|
||||
#define HAVE_SYSLOG_H 1
|
||||
|
||||
/* Define if you have the <termios.h> header file. */
|
||||
#define HAVE_TERMIOS_H 1
|
||||
|
||||
/* Define if you have the <unistd.h> header file. */
|
||||
#define HAVE_UNISTD_H 1
|
||||
|
||||
/* Define if you have the <utmpx.h> header file. */
|
||||
#define HAVE_UTMPX_H 1
|
||||
|
||||
/* Define if you have the crypt library (-lcrypt). */
|
||||
#define HAVE_LIBCRYPT 1
|
||||
|
||||
/* Define if you have the nsl library (-lnsl). */
|
||||
/* #undef HAVE_LIBNSL */
|
||||
|
||||
/* Define if you have the posix library (-lposix). */
|
||||
/* #undef HAVE_LIBPOSIX */
|
||||
|
||||
/* Define if you have the socket library (-lsocket). */
|
||||
/* #undef HAVE_LIBSOCKET */
|
|
@ -1,13 +0,0 @@
|
|||
# $FreeBSD$
|
||||
#
|
||||
# This file controls whether UNIX passwords are to be permitted. Rules
|
||||
# are matched in order, and the search terminates when the first matching
|
||||
# rule has been found. Default action is "deny". See opieaccess(5) for
|
||||
# more information.
|
||||
#
|
||||
# Each rule has the form:
|
||||
#
|
||||
# permit address netmask
|
||||
# deny address netmask
|
||||
#
|
||||
#permit 127.0.0.1 255.255.255.255
|
|
@ -1,98 +0,0 @@
|
|||
/*
|
||||
* This file contains routines modified from OpenBSD. Parts are contributed
|
||||
* by Todd Miller <millert@openbsd.org>, Theo De Raadt <deraadt@openbsd.org>
|
||||
* and possibly others.
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <stdio.h>
|
||||
#include <opie.h>
|
||||
|
||||
/*
|
||||
* opie_haopie()
|
||||
*
|
||||
* Returns: 1 user doesnt exist, -1 file error, 0 user exists.
|
||||
*
|
||||
*/
|
||||
int
|
||||
opie_haskey(username)
|
||||
char *username;
|
||||
{
|
||||
struct opie opie;
|
||||
|
||||
return opielookup(&opie, username);
|
||||
}
|
||||
|
||||
/*
|
||||
* opie_keyinfo()
|
||||
*
|
||||
* Returns the current sequence number and
|
||||
* seed for the passed user.
|
||||
*
|
||||
*/
|
||||
char *
|
||||
opie_keyinfo(username)
|
||||
char *username;
|
||||
{
|
||||
int i;
|
||||
static char str[OPIE_CHALLENGE_MAX];
|
||||
struct opie opie;
|
||||
|
||||
i = opiechallenge(&opie, username, str);
|
||||
if (i == -1)
|
||||
return(0);
|
||||
|
||||
return(str);
|
||||
}
|
||||
|
||||
/*
|
||||
* opie_passverify()
|
||||
*
|
||||
* Check to see if answer is the correct one to the current
|
||||
* challenge.
|
||||
*
|
||||
* Returns: 0 success, -1 failure
|
||||
*
|
||||
*/
|
||||
int
|
||||
opie_passverify(username, passwd)
|
||||
char *username;
|
||||
char *passwd;
|
||||
{
|
||||
int i;
|
||||
struct opie opie;
|
||||
|
||||
i = opielookup(&opie, username);
|
||||
if (i == -1 || i == 1)
|
||||
return(-1);
|
||||
|
||||
if (opieverify(&opie, passwd) == 0)
|
||||
return(opie.opie_n);
|
||||
|
||||
return(-1);
|
||||
}
|
||||
|
||||
#define OPIE_HASH_DEFAULT 1
|
||||
|
||||
/* Current hash type (index into opie_hash_types array) */
|
||||
static int opie_hash_type = OPIE_HASH_DEFAULT;
|
||||
|
||||
struct opie_algorithm_table {
|
||||
const char *name;
|
||||
};
|
||||
|
||||
static struct opie_algorithm_table opie_algorithm_table[] = {
|
||||
"md4", "md5"
|
||||
};
|
||||
|
||||
/* Get current hash type */
|
||||
const char *
|
||||
opie_get_algorithm()
|
||||
{
|
||||
return(opie_algorithm_table[opie_hash_type].name);
|
||||
}
|
||||
|
||||
|
|
@ -17,8 +17,6 @@ MODULES += pam_ksu
|
|||
MODULES += pam_lastlog
|
||||
MODULES += pam_login_access
|
||||
MODULES += pam_nologin
|
||||
MODULES += pam_opie
|
||||
MODULES += pam_opieaccess
|
||||
MODULES += pam_passwdqc
|
||||
MODULES += pam_permit
|
||||
.if ${MK_RADIUS_SUPPORT} != "no"
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
# Copyright 2000 James Bloom
|
||||
# All rights reserved.
|
||||
# Based upon code Copyright 1998 Juniper Networks, Inc.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
#
|
||||
# $FreeBSD$
|
||||
|
||||
PACKAGE= runtime
|
||||
|
||||
LIB= pam_opie
|
||||
SRCS= pam_opie.c
|
||||
MAN= pam_opie.8
|
||||
|
||||
LIBADD+= opie
|
||||
|
||||
.include <bsd.lib.mk>
|
|
@ -1,19 +0,0 @@
|
|||
# $FreeBSD$
|
||||
# Autogenerated - do NOT edit!
|
||||
|
||||
DIRDEPS = \
|
||||
gnu/lib/csu \
|
||||
include \
|
||||
include/xlocale \
|
||||
lib/${CSU_DIR} \
|
||||
lib/libc \
|
||||
lib/libcompiler_rt \
|
||||
lib/libopie \
|
||||
lib/libpam/libpam \
|
||||
|
||||
|
||||
.include <dirdeps.mk>
|
||||
|
||||
.if ${DEP_RELDIR} == ${_DEP_RELDIR}
|
||||
# local dependencies - needed for -jN in clean tree
|
||||
.endif
|
|
@ -1,127 +0,0 @@
|
|||
.\" Copyright (c) 2001 Mark R V Murray
|
||||
.\" All rights reserved.
|
||||
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Portions of this software were developed for the FreeBSD Project by
|
||||
.\" ThinkSec AS and NAI Labs, the Security Research Division of Network
|
||||
.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
|
||||
.\" ("CBOSS"), as part of the DARPA CHATS research program.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\" 3. The name of the author may not be used to endorse or promote
|
||||
.\" products derived from this software without specific prior written
|
||||
.\" permission.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd September 15, 2022
|
||||
.Dt PAM_OPIE 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm pam_opie
|
||||
.Nd OPIE PAM module
|
||||
.Sh SYNOPSIS
|
||||
.Op Ar service-name
|
||||
.Ar module-type
|
||||
.Ar control-flag
|
||||
.Pa pam_opie
|
||||
.Op Ar options
|
||||
.Sh DEPRECATION NOTICE
|
||||
OPIE is deprecated, and may not be available in
|
||||
.Fx 14.0
|
||||
and later.
|
||||
.Sh DESCRIPTION
|
||||
The OPIE authentication service module for PAM,
|
||||
.Nm
|
||||
provides functionality for only one PAM category:
|
||||
that of authentication.
|
||||
In terms of the
|
||||
.Ar module-type
|
||||
parameter, this is the
|
||||
.Dq Li auth
|
||||
feature.
|
||||
It also provides a null function for session management.
|
||||
.Pp
|
||||
Note that this module does not enforce
|
||||
.Xr opieaccess 5
|
||||
checks.
|
||||
There is a separate module,
|
||||
.Xr pam_opieaccess 8 ,
|
||||
for this purpose.
|
||||
.Ss OPIE Authentication Module
|
||||
The OPIE authentication component
|
||||
provides functions to verify the identity of a user
|
||||
.Pq Fn pam_sm_authenticate ,
|
||||
which obtains the relevant
|
||||
.Xr opie 4
|
||||
credentials.
|
||||
It provides the user with an OPIE challenge,
|
||||
and verifies that this is correct with
|
||||
.Xr opiechallenge 3 .
|
||||
.Pp
|
||||
The following options may be passed to the authentication module:
|
||||
.Bl -tag -width ".Cm auth_as_self"
|
||||
.It Cm debug
|
||||
.Xr syslog 3
|
||||
debugging information at
|
||||
.Dv LOG_DEBUG
|
||||
level.
|
||||
.It Cm auth_as_self
|
||||
This option will require the user
|
||||
to authenticate himself as the user
|
||||
given by
|
||||
.Xr getlogin 2 ,
|
||||
not as the account they are attempting to access.
|
||||
This is primarily for services like
|
||||
.Xr su 1 ,
|
||||
where the user's ability to retype
|
||||
their own password
|
||||
might be deemed sufficient.
|
||||
.It Cm no_fake_prompts
|
||||
Do not generate fake challenges for users who do not have an OPIE key.
|
||||
Note that this can leak information to a hypothetical attacker about
|
||||
who uses OPIE and who does not, but it can be useful on systems where
|
||||
some users want to use OPIE but most do not.
|
||||
.El
|
||||
.Pp
|
||||
Note that
|
||||
.Nm
|
||||
ignores the standard options
|
||||
.Cm try_first_pass
|
||||
and
|
||||
.Cm use_first_pass ,
|
||||
since a challenge must be generated before the user can submit a valid
|
||||
response.
|
||||
.Sh FILES
|
||||
.Bl -tag -width ".Pa /etc/opiekeys" -compact
|
||||
.It Pa /etc/opiekeys
|
||||
default OPIE password database.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr passwd 1 ,
|
||||
.Xr getlogin 2 ,
|
||||
.Xr opiechallenge 3 ,
|
||||
.Xr syslog 3 ,
|
||||
.Xr opie 4 ,
|
||||
.Xr pam.conf 5 ,
|
||||
.Xr pam 3
|
|
@ -1,157 +0,0 @@
|
|||
/*-
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*
|
||||
* Copyright 2000 James Bloom
|
||||
* All rights reserved.
|
||||
* Based upon code Copyright 1998 Juniper Networks, Inc.
|
||||
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Portions of this software were developed for the FreeBSD Project by
|
||||
* ThinkSec AS and NAI Labs, the Security Research Division of Network
|
||||
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
|
||||
* ("CBOSS"), as part of the DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <opie.h>
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#define PAM_SM_AUTH
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
#include <security/pam_modules.h>
|
||||
#include <security/pam_mod_misc.h>
|
||||
|
||||
#define PAM_OPT_NO_FAKE_PROMPTS "no_fake_prompts"
|
||||
|
||||
PAM_EXTERN int
|
||||
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
|
||||
int argc __unused, const char *argv[] __unused)
|
||||
{
|
||||
struct opie opie;
|
||||
struct passwd *pwd;
|
||||
int retval, i;
|
||||
const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "};
|
||||
char challenge[OPIE_CHALLENGE_MAX + 1];
|
||||
char principal[OPIE_PRINCIPAL_MAX];
|
||||
const char *user;
|
||||
char *response;
|
||||
int style;
|
||||
|
||||
user = NULL;
|
||||
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
|
||||
if ((pwd = getpwnam(getlogin())) == NULL)
|
||||
return (PAM_AUTH_ERR);
|
||||
user = pwd->pw_name;
|
||||
}
|
||||
else {
|
||||
retval = pam_get_user(pamh, &user, NULL);
|
||||
if (retval != PAM_SUCCESS)
|
||||
return (retval);
|
||||
}
|
||||
|
||||
PAM_LOG("Got user: %s", user);
|
||||
|
||||
/*
|
||||
* Watch out: libopie feels entitled to truncate the user name
|
||||
* passed to it if it's longer than OPIE_PRINCIPAL_MAX, which is
|
||||
* not uncommon in Windows environments.
|
||||
*/
|
||||
if (strlen(user) >= sizeof(principal))
|
||||
return (PAM_AUTH_ERR);
|
||||
strlcpy(principal, user, sizeof(principal));
|
||||
|
||||
/*
|
||||
* Don't call the OPIE atexit() handler when our program exits,
|
||||
* since the module has been unloaded and we will SEGV.
|
||||
*/
|
||||
opiedisableaeh();
|
||||
|
||||
/*
|
||||
* If the no_fake_prompts option was given, and the user
|
||||
* doesn't have an OPIE key, just fail rather than present the
|
||||
* user with a bogus OPIE challenge.
|
||||
*/
|
||||
if (opiechallenge(&opie, principal, challenge) != 0 &&
|
||||
openpam_get_option(pamh, PAM_OPT_NO_FAKE_PROMPTS))
|
||||
return (PAM_AUTH_ERR);
|
||||
|
||||
/*
|
||||
* It doesn't make sense to use a password that has already been
|
||||
* typed in, since we haven't presented the challenge to the user
|
||||
* yet, so clear the stored password.
|
||||
*/
|
||||
pam_set_item(pamh, PAM_AUTHTOK, NULL);
|
||||
|
||||
style = PAM_PROMPT_ECHO_OFF;
|
||||
for (i = 0; i < 2; i++) {
|
||||
retval = pam_prompt(pamh, style, &response,
|
||||
promptstr[i], challenge);
|
||||
if (retval != PAM_SUCCESS) {
|
||||
opieunlock();
|
||||
return (retval);
|
||||
}
|
||||
|
||||
PAM_LOG("Completed challenge %d: %s", i, response);
|
||||
|
||||
if (response[0] != '\0')
|
||||
break;
|
||||
|
||||
/* Second time round, echo the password */
|
||||
style = PAM_PROMPT_ECHO_ON;
|
||||
}
|
||||
|
||||
pam_set_item(pamh, PAM_AUTHTOK, response);
|
||||
|
||||
/*
|
||||
* Opieverify is supposed to return -1 only if an error occurs.
|
||||
* But it returns -1 even if the response string isn't in the form
|
||||
* it expects. Thus we can't log an error and can only check for
|
||||
* success or lack thereof.
|
||||
*/
|
||||
retval = opieverify(&opie, response);
|
||||
free(response);
|
||||
return (retval == 0 ? PAM_SUCCESS : PAM_AUTH_ERR);
|
||||
}
|
||||
|
||||
PAM_EXTERN int
|
||||
pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
|
||||
int argc __unused, const char *argv[] __unused)
|
||||
{
|
||||
|
||||
return (PAM_SUCCESS);
|
||||
}
|
||||
|
||||
PAM_MODULE_ENTRY("pam_opie");
|
|
@ -1,11 +0,0 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PACKAGE= runtime
|
||||
|
||||
LIB= pam_opieaccess
|
||||
SRCS= ${LIB}.c
|
||||
MAN= pam_opieaccess.8
|
||||
|
||||
LIBADD+= opie
|
||||
|
||||
.include <bsd.lib.mk>
|
|
@ -1,18 +0,0 @@
|
|||
# $FreeBSD$
|
||||
# Autogenerated - do NOT edit!
|
||||
|
||||
DIRDEPS = \
|
||||
gnu/lib/csu \
|
||||
include \
|
||||
lib/${CSU_DIR} \
|
||||
lib/libc \
|
||||
lib/libcompiler_rt \
|
||||
lib/libopie \
|
||||
lib/libpam/libpam \
|
||||
|
||||
|
||||
.include <dirdeps.mk>
|
||||
|
||||
.if ${DEP_RELDIR} == ${_DEP_RELDIR}
|
||||
# local dependencies - needed for -jN in clean tree
|
||||
.endif
|
|
@ -1,146 +0,0 @@
|
|||
.\" Copyright (c) 2001 Mark R V Murray
|
||||
.\" All rights reserved.
|
||||
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Portions of this software were developed for the FreeBSD Project by
|
||||
.\" ThinkSec AS and NAI Labs, the Security Research Division of Network
|
||||
.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
|
||||
.\" ("CBOSS"), as part of the DARPA CHATS research program.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\" 3. The name of the author may not be used to endorse or promote
|
||||
.\" products derived from this software without specific prior written
|
||||
.\" permission.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd September 15, 2022
|
||||
.Dt PAM_OPIEACCESS 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm pam_opieaccess
|
||||
.Nd OPIEAccess PAM module
|
||||
.Sh SYNOPSIS
|
||||
.Op Ar service-name
|
||||
.Ar module-type
|
||||
.Ar control-flag
|
||||
.Pa pam_opieaccess
|
||||
.Op Ar options
|
||||
.Sh DEPRECATION NOTICE
|
||||
OPIE is deprecated, and may not be available in
|
||||
.Fx 14.0
|
||||
and later.
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Nm
|
||||
module is used in conjunction with the
|
||||
.Xr pam_opie 8
|
||||
PAM module to ascertain that authentication can proceed by other means
|
||||
(such as the
|
||||
.Xr pam_unix 8
|
||||
module) even if OPIE authentication failed.
|
||||
To properly use this module,
|
||||
.Xr pam_opie 8
|
||||
should be marked
|
||||
.Dq Li sufficient ,
|
||||
and
|
||||
.Nm
|
||||
should be listed right below it and marked
|
||||
.Dq Li requisite .
|
||||
.Pp
|
||||
The
|
||||
.Nm
|
||||
module provides functionality for only one PAM category:
|
||||
authentication.
|
||||
In terms of the
|
||||
.Ar module-type
|
||||
parameter, this is the
|
||||
.Dq Li auth
|
||||
feature.
|
||||
It also provides null functions for the remaining module types.
|
||||
.Ss OPIEAccess Authentication Module
|
||||
The authentication component
|
||||
.Pq Fn pam_sm_authenticate ,
|
||||
returns
|
||||
.Dv PAM_SUCCESS
|
||||
in two cases:
|
||||
.Bl -enum
|
||||
.It
|
||||
The user does not have OPIE enabled.
|
||||
.It
|
||||
The user has OPIE enabled, and the remote host is listed as a trusted
|
||||
host in
|
||||
.Pa /etc/opieaccess ,
|
||||
and the user does not have a file named
|
||||
.Pa \&.opiealways
|
||||
in his home directory.
|
||||
.El
|
||||
.Pp
|
||||
Otherwise, it returns
|
||||
.Dv PAM_AUTH_ERR .
|
||||
.Pp
|
||||
The following options may be passed to the authentication module:
|
||||
.Bl -tag -width ".Cm allow_local"
|
||||
.It Cm allow_local
|
||||
Normally, local logins are subjected to the same restrictions as
|
||||
remote logins from
|
||||
.Dq localhost .
|
||||
This option causes
|
||||
.Nm
|
||||
to always allow local logins.
|
||||
.It Cm debug
|
||||
.Xr syslog 3
|
||||
debugging information at
|
||||
.Dv LOG_DEBUG
|
||||
level.
|
||||
.It Cm no_warn
|
||||
suppress warning messages to the user.
|
||||
These messages include reasons why the user's authentication attempt
|
||||
was declined.
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width ".Pa $HOME/.opiealways"
|
||||
.It Pa /etc/opieaccess
|
||||
List of trusted hosts or networks.
|
||||
See
|
||||
.Xr opieaccess 5
|
||||
for a description of its syntax.
|
||||
.It Pa $HOME/.opiealways
|
||||
The presence of this file makes OPIE mandatory for the user.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr opie 4 ,
|
||||
.Xr opieaccess 5 ,
|
||||
.Xr pam.conf 5 ,
|
||||
.Xr pam 3 ,
|
||||
.Xr pam_opie 8
|
||||
.Sh AUTHORS
|
||||
The
|
||||
.Nm
|
||||
module and this manual page were developed for the
|
||||
.Fx
|
||||
Project by
|
||||
ThinkSec AS and NAI Labs, the Security Research Division of Network
|
||||
Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035
|
||||
.Pq Dq CBOSS ,
|
||||
as part of the DARPA CHATS research program.
|
|
@ -1,97 +0,0 @@
|
|||
/*-
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*
|
||||
* Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
* NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||
* DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
#define _BSD_SOURCE
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <opie.h>
|
||||
#include <pwd.h>
|
||||
#include <unistd.h>
|
||||
#include <syslog.h>
|
||||
|
||||
#define PAM_SM_AUTH
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
#include <security/pam_modules.h>
|
||||
#include <security/pam_mod_misc.h>
|
||||
|
||||
PAM_EXTERN int
|
||||
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
|
||||
int argc __unused, const char *argv[] __unused)
|
||||
{
|
||||
struct opie opie;
|
||||
struct passwd *pwent;
|
||||
const void *luser, *rhost;
|
||||
int r;
|
||||
|
||||
r = pam_get_item(pamh, PAM_USER, &luser);
|
||||
if (r != PAM_SUCCESS)
|
||||
return (r);
|
||||
if (luser == NULL)
|
||||
return (PAM_SERVICE_ERR);
|
||||
|
||||
pwent = getpwnam(luser);
|
||||
if (pwent == NULL || opielookup(&opie, __DECONST(char *, luser)) != 0)
|
||||
return (PAM_SUCCESS);
|
||||
|
||||
r = pam_get_item(pamh, PAM_RHOST, &rhost);
|
||||
if (r != PAM_SUCCESS)
|
||||
return (r);
|
||||
if (rhost == NULL || *(const char *)rhost == '\0')
|
||||
rhost = openpam_get_option(pamh, "allow_local") ?
|
||||
"" : "localhost";
|
||||
|
||||
if (opieaccessfile(__DECONST(char *, rhost)) != 0 &&
|
||||
opiealways(pwent->pw_dir) != 0)
|
||||
return (PAM_SUCCESS);
|
||||
|
||||
PAM_VERBOSE_ERROR("Refused; remote host is not in opieaccess");
|
||||
|
||||
return (PAM_AUTH_ERR);
|
||||
}
|
||||
|
||||
PAM_EXTERN int
|
||||
pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
|
||||
int argc __unused, const char *argv[] __unused)
|
||||
{
|
||||
|
||||
return (PAM_SUCCESS);
|
||||
}
|
||||
|
||||
PAM_MODULE_ENTRY("pam_opieaccess");
|
|
@ -5,8 +5,6 @@
|
|||
#
|
||||
|
||||
# auth
|
||||
auth sufficient pam_opie.so no_warn no_fake_prompts
|
||||
auth requisite pam_opieaccess.so no_warn allow_local
|
||||
#auth sufficient pam_krb5.so no_warn
|
||||
#auth sufficient pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
|
|
@ -5,8 +5,6 @@
|
|||
#
|
||||
|
||||
# auth
|
||||
auth sufficient pam_opie.so no_warn no_fake_prompts
|
||||
auth requisite pam_opieaccess.so no_warn allow_local
|
||||
#auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#auth sufficient pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
|
|
@ -5,8 +5,6 @@
|
|||
#
|
||||
|
||||
# auth
|
||||
auth sufficient pam_opie.so no_warn no_fake_prompts
|
||||
auth requisite pam_opieaccess.so no_warn allow_local
|
||||
#auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#auth sufficient pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue