| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-08-05 | Add skeychallenge2() which is like skeychallenge() but takes an | Todd C. Miller | |
| already open fd. Will be used to make separate challenge/response invocations of login_skey keep the record locked. Also properly escape minus signs in man page. OK henning@ jmc@ | |||
| 2003-09-21 | convert tgetline() from select(2) -> poll(2) | Todd C. Miller | |
| 2003-04-28 | fix skeygetnext() | Todd C. Miller | |
| 2003-04-03 | Use snprintf() and strlcpy() throughout. | Todd C. Miller | |
| 2002-11-16 | Zero out struct skey early in skeylookup() so callers can reliably check | Todd C. Miller | |
| for keyfile == NULL and not get a garbage value. | |||
| 2002-11-16 | Add a missing check for NULL keyfile in skeychallenge() that | Todd C. Miller | |
| caused a user w/o an S/Key to just get "permission denied" from login_skey instead of a fake challenge. | |||
| 2002-06-22 | use strtok_r() instead of strtok(); millert ok | Theo de Raadt | |
| 2002-05-24 | enforce SKEY_MAX_CHALLENGE using snprintf() | Theo de Raadt | |
| 2002-05-17 | Remove skeyzero(), it is no longer needed. | Todd C. Miller | |
| 2002-05-16 | Check for disabled /etc/skey directory (mode 0000). This is needed | Todd C. Miller | |
| because some things (such as login) run as uid 0 and directory modes won't restrict root. | |||
| 2002-05-16 | Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory | Todd C. Miller | |
| where each user gets their own file, which is owned by that user. An old S/Key database may be converted by running "skeyinit -C" as root. Programs that need to access the S/Key database no longer need to be setuid root. They must now be setgid auth instead. | |||
| 2002-02-16 | Part one of userland __P removal. Done with a simple regexp with some minor ↵ | Todd C. Miller | |
| hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically. | |||
| 2001-12-07 | Check for keyfile == NULL in skey_unlock() | Todd C. Miller | |
| 2001-06-23 | skeyzero() never uses its 2nd arg so remove it. Since the only thing | Todd C. Miller | |
| that calls skeyzero() is skeyinit and I just updated the libskey major I am not going to bump the major again here... | |||
| 2001-06-20 | o Do per-record locking instead of whole file locking | Todd C. Miller | |
| o Use said locking to prevent a partial guess race as required by RFC 2289. We now lock the record in skeylookup(), skeygetnext(), and skeyverify(). o A little KNF o Kill deprecated getskeyprompt() function o Provide a function to unlock a record, skey_unlock() o Timeout reading of the passphrase in skey_authenticate() and skey_passcheck() since we have the record locked (uses select, not alarm). o Convert old-style md4 entries (that lack an explicit hash) into new-style ones with the hash specified if there is space on the line. | |||
| 2001-01-04 | grammar | Todd T. Fries | |
| 2000-11-20 | Move fake prompt generation from skey_authenticate() to skeychallenge() | Todd C. Miller | |
| and getskeyprompt(). This means that when you get a challenge the result parameter is always filled in, even if the use is not in the skeykeys file. | |||
| 2000-06-23 | set mp->keyfile = NULL if stat fails | Markus Friedl | |
| 1999-12-06 | fd leak | Theo de Raadt | |
| 1999-11-26 | fix descriptor leaks and double fclose(); markus and I; ok from millert | Theo de Raadt | |
| 1999-08-16 | don't need sys/file.h now that we include fcntl.h | Todd C. Miller | |
| 1999-08-16 | missing fcntl.h | Todd C. Miller | |
| 1998-07-05 | replace open + fstat with stat | Todd C. Miller | |
| 1998-07-05 | if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This ↵ | Todd C. Miller | |
| is much better than the old fake challenge. | |||
| 1998-07-03 | Change the random file path, add a sanity check on file size. | Angelos D. Keromytis | |
| 1998-07-03 | Fix my fix to return sane values. | Angelos D. Keromytis | |
| 1998-07-03 | produce credible seeds for non-existent users. | Todd C. Miller | |
| 1998-07-03 | Fix some of my indentation badness. | Angelos D. Keromytis | |
| 1998-07-03 | Remove user existance disclosure through "s/key" challenges. | Angelos D. Keromytis | |
| 1998-02-24 | Allow superuser to disable skey by unlnking /etc/skeykeys. | Todd C. Miller | |
| 1997-09-12 | Don't let strncpy() get a negative length. Noted by Theo. | Todd C. Miller | |
| 1997-09-04 | Don't unlock skeys file before closing it. The lock is released | Todd C. Miller | |
| when the file is closed anyway and explicately unlocking before the file gets flushed defeats the purpose of locking in the first place. | |||
| 1997-07-27 | Remove debugging info, whoops. | Todd C. Miller | |
| 1997-07-27 | - Do coarse locking on /etc/skeykeys. Fixes a race that could allow | Todd C. Miller | |
| a replay attempt to succeed. - OpenBSD tags | |||
| 1997-07-27 | Fix search and replace error introduced in version 1.16. | Todd C. Miller | |
| 1997-07-26 | Convert upper -> lower case in seed for fake s/key propt. | Todd C. Miller | |
| 1997-07-26 | - int -> long fixes | Todd C. Miller | |
| - restore priority correctly after setpriority (assumed start pri was 0) - rfc-compliant challenge when faking it for those w/o a keyfile entry on machines with short hostnames or non-alphanum hostnames. | |||
| 1997-07-23 | Fix skeygetnext() | Todd C. Miller | |
| 1997-07-23 | _PATH_SKEYKEYS now lives in <paths.h> | Todd C. Miller | |
| Add skeygetnext() for iterating over the key file. | |||
| 1997-07-23 | Mode 0600 /etc/skeykeys | Todd C. Miller | |
| 1997-07-10 | Need err.h for warnx proto. | Todd C. Miller | |
| 1996-11-03 | Add a bunch of length/size macros and use them. | Todd C. Miller | |
| 1996-10-22 | Fake an s/key challenge if user doesn't have an entry. Stops info | Todd C. Miller | |
| gathering attack. | |||
| 1996-10-14 | htoi now takes an int, not char. | Todd C. Miller | |
| Only skey_set_algorithm() for the record that matches target user. | |||
| 1996-10-02 | Fix a bug wrt handling of old md4 entries. Now don't save a type with md4 | Todd C. Miller | |
| so we don't go over the record size and munge other entries. Don't export symbols we don't need to in put.c. | |||
| 1996-09-30 | __ARGS -> __P (why does everyone have to do this differently?) | Todd C. Miller | |
| 1996-09-29 | check skey_set_algorithm() ret val + pedantry. | Todd C. Miller | |
| 1996-09-29 | Towards RFC 1938 compliance. Also, now supports SHA (secure hash algorithm). | Todd C. Miller | |
| 1996-09-29 | You can now cut and paste skey prompt in an xterm to get the key. | Todd C. Miller | |
| Also removed broken code. | |||
| 1996-09-27 | Deal with both MD4 and MD5 s/key's | Todd C. Miller | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |