| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-04-28 | fix skeygetnext() | Todd C. Miller | |
| 2003-04-03 | Use snprintf() and strlcpy() throughout. | Todd C. Miller | |
| 2003-03-19 | document the number of bytes required for btoa8 | Todd C. Miller | |
| 2003-01-23 | typos; | Jason McIntyre | |
| ok millert@ | |||
| 2002-12-03 | Crank all library major numbers. Needed due to the fact that we | Todd C. Miller | |
| now build libraries with propolice enabled. Without this, existing binaries (such as ports/packages) that link with any system library other than libc will fail with an undefined symbol of "___guard" (__guard on ELF). Pointed out by markus@ and discussed with deraadt@ | |||
| 2002-11-16 | Zero out struct skey early in skeylookup() so callers can reliably check | Todd C. Miller | |
| for keyfile == NULL and not get a garbage value. | |||
| 2002-11-16 | Add a missing check for NULL keyfile in skeychallenge() that | Todd C. Miller | |
| caused a user w/o an S/Key to just get "permission denied" from login_skey instead of a fake challenge. | |||
| 2002-06-22 | use strtok_r() instead of strtok(); millert ok | Theo de Raadt | |
| 2002-05-29 | strlcat bounds | Theo de Raadt | |
| 2002-05-24 | replace strcpy with strlcpy | Theo de Raadt | |
| 2002-05-24 | enforce SKEY_MAX_CHALLENGE using snprintf() | Theo de Raadt | |
| 2002-05-24 | doc that skeychallenge() buffer is at least SKEY_MAX_CHALLENGE long | Theo de Raadt | |
| 2002-05-17 | Remove skeyzero(), it is no longer needed. | Todd C. Miller | |
| 2002-05-16 | Add skey(5) | Todd C. Miller | |
| 2002-05-16 | Check for disabled /etc/skey directory (mode 0000). This is needed | Todd C. Miller | |
| because some things (such as login) run as uid 0 and directory modes won't restrict root. | |||
| 2002-05-16 | Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory | Todd C. Miller | |
| where each user gets their own file, which is owned by that user. An old S/Key database may be converted by running "skeyinit -C" as root. Programs that need to access the S/Key database no longer need to be setuid root. They must now be setgid auth instead. | |||
| 2002-04-30 | Initial cleanup: | Mike Pechkin | |
| o) remove extra space in the end of line; o) remove extra blank lines in the end of file; o) remove .Pp before .Ss; o) CAVEAT -> CAVEATS; o) fix usage of .Fa; o) <blank-line> -> .Pp; o) wrap long lines; millert@ ok | |||
| 2002-02-16 | Part one of userland __P removal. Done with a simple regexp with some minor ↵ | Todd C. Miller | |
| hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically. | |||
| 2002-01-24 | Fix `necesary' typos; Alexander Yurchenko | Todd C. Miller | |
| Alas many of these were introduced by yours truly as necessary just doesn't look right to me for some reason ;-) | |||
| 2001-12-07 | Check for keyfile == NULL in skey_unlock() | Todd C. Miller | |
| 2001-11-14 | avoid stdio in a signal handler; millert ok | Theo de Raadt | |
| 2001-06-23 | sync skeyzero proto with recent changes | Todd C. Miller | |
| 2001-06-23 | skeyzero() never uses its 2nd arg so remove it. Since the only thing | Todd C. Miller | |
| that calls skeyzero() is skeyinit and I just updated the libskey major I am not going to bump the major again here... | |||
| 2001-06-23 | Document our S/Key library. | Todd C. Miller | |
| 2001-06-23 | getskeyprompt() is gone | Todd C. Miller | |
| 2001-06-23 | Get rid of f_HASH() and fold its functionality into keycrunch_HASH(). | Todd C. Miller | |
| This means we now only need to add one new function when adding a new hash type. Somehow missed from last S/Key commit (changes are static to skeysubr.c). | |||
| 2001-06-20 | major number bump | Todd C. Miller | |
| 2001-06-20 | We don't need an f() for each hash, just overload the per-hash | Todd C. Miller | |
| keycrunch() function to do this. | |||
| 2001-06-20 | o Do per-record locking instead of whole file locking | Todd C. Miller | |
| o Use said locking to prevent a partial guess race as required by RFC 2289. We now lock the record in skeylookup(), skeygetnext(), and skeyverify(). o A little KNF o Kill deprecated getskeyprompt() function o Provide a function to unlock a record, skey_unlock() o Timeout reading of the passphrase in skey_authenticate() and skey_passcheck() since we have the record locked (uses select, not alarm). o Convert old-style md4 entries (that lack an explicit hash) into new-style ones with the hash specified if there is space on the line. | |||
| 2001-06-20 | o Add a length parameter to struct skey and rearrange some other structs | Todd C. Miller | |
| o Protect from duplicate inclusion and use __{BEGIN,END}_DECLS o Prototype new skey_unlock() function and remove proto for getskeyprompt() which has been removed. | |||
| 2001-01-26 | SHA1 is a big endian algorithm but RFC2289 mandates that results be | Todd C. Miller | |
| stored in little endian form (like MD4/MD5). So, instead of having SHA1Final copy the result buffer, we do it ourselves with a loop stolen from RFC2289, Appendix A. Closes PR1650. | |||
| 2001-01-04 | grammar | Todd T. Fries | |
| 2000-11-20 | Move fake prompt generation from skey_authenticate() to skeychallenge() | Todd C. Miller | |
| and getskeyprompt(). This means that when you get a challenge the result parameter is always filled in, even if the use is not in the skeykeys file. | |||
| 2000-06-23 | set mp->keyfile = NULL if stat fails | Markus Friedl | |
| 2000-03-02 | $OpenBSD$ | Todd T. Fries | |
| 1999-12-06 | fd leak | Theo de Raadt | |
| 1999-11-26 | fix descriptor leaks and double fclose(); markus and I; ok from millert | Theo de Raadt | |
| 1999-08-16 | don't need sys/file.h now that we include fcntl.h | Todd C. Miller | |
| 1999-08-16 | missing fcntl.h | Todd C. Miller | |
| 1999-07-15 | change /etc/host.random to /var/db/host.random | Niels Provos | |
| 1998-07-05 | replace open + fstat with stat | Todd C. Miller | |
| 1998-07-05 | if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This ↵ | Todd C. Miller | |
| is much better than the old fake challenge. | |||
| 1998-07-03 | Change the random file path, add a sanity check on file size. | Angelos D. Keromytis | |
| 1998-07-03 | Fix my fix to return sane values. | Angelos D. Keromytis | |
| 1998-07-03 | produce credible seeds for non-existent users. | Todd C. Miller | |
| 1998-07-03 | Fix some of my indentation badness. | Angelos D. Keromytis | |
| 1998-07-03 | Remove user existance disclosure through "s/key" challenges. | Angelos D. Keromytis | |
| 1998-02-24 | Allow superuser to disable skey by unlnking /etc/skeykeys. | Todd C. Miller | |
| 1997-09-12 | Don't let strncpy() get a negative length. Noted by Theo. | Todd C. Miller | |
| 1997-09-04 | Don't unlock skeys file before closing it. The lock is released | Todd C. Miller | |
| when the file is closed anyway and explicately unlocking before the file gets flushed defeats the purpose of locking in the first place. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |