Age | Commit message (Collapse) | Author |
|
ok millert@
|
|
now build libraries with propolice enabled. Without this, existing
binaries (such as ports/packages) that link with any system library
other than libc will fail with an undefined symbol of "___guard"
(__guard on ELF).
Pointed out by markus@ and discussed with deraadt@
|
|
for keyfile == NULL and not get a garbage value.
|
|
caused a user w/o an S/Key to just get "permission denied" from
login_skey instead of a fake challenge.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
because some things (such as login) run as uid 0 and directory modes
won't restrict root.
|
|
where each user gets their own file, which is owned by that user.
An old S/Key database may be converted by running "skeyinit -C" as root.
Programs that need to access the S/Key database no longer need to be
setuid root. They must now be setgid auth instead.
|
|
o) remove extra space in the end of line;
o) remove extra blank lines in the end of file;
o) remove .Pp before .Ss;
o) CAVEAT -> CAVEATS;
o) fix usage of .Fa;
o) <blank-line> -> .Pp;
o) wrap long lines;
millert@ ok
|
|
hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
|
Alas many of these were introduced by yours truly as necessary
just doesn't look right to me for some reason ;-)
|
|
|
|
|
|
|
|
that calls skeyzero() is skeyinit and I just updated the libskey
major I am not going to bump the major again here...
|
|
|
|
|
|
This means we now only need to add one new function when adding a
new hash type.
Somehow missed from last S/Key commit (changes are static to skeysubr.c).
|
|
|
|
keycrunch() function to do this.
|
|
o Use said locking to prevent a partial guess race as required by
RFC 2289. We now lock the record in skeylookup(), skeygetnext(),
and skeyverify().
o A little KNF
o Kill deprecated getskeyprompt() function
o Provide a function to unlock a record, skey_unlock()
o Timeout reading of the passphrase in skey_authenticate() and
skey_passcheck() since we have the record locked (uses select, not alarm).
o Convert old-style md4 entries (that lack an explicit hash) into
new-style ones with the hash specified if there is space on the line.
|
|
o Protect from duplicate inclusion and use __{BEGIN,END}_DECLS
o Prototype new skey_unlock() function and remove proto for getskeyprompt()
which has been removed.
|
|
stored in little endian form (like MD4/MD5). So, instead of having
SHA1Final copy the result buffer, we do it ourselves with a loop
stolen from RFC2289, Appendix A. Closes PR1650.
|
|
|
|
and getskeyprompt(). This means that when you get a challenge the
result parameter is always filled in, even if the use is not in the
skeykeys file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
is much better than the old fake challenge.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
when the file is closed anyway and explicately unlocking before
the file gets flushed defeats the purpose of locking in the first
place.
|
|
before. A new general rule has been formed:
When you change a library to *use* a new API of another library
(which may there only have given need to a minor number crank), you
must crank the *major*.
The specific scenario that was seen this time was:
I libc 16 started without the SHA interface
II libskey 0 did obviously not use it
III installation of libc 16 and libskey 0
IV software installed that uses libskey
V libc 16 got SHA added, minor number update
VI libskey 0 was changed to use it
VII libc was cranked to 17 for other reasons
VIII installation of libc 17 and newer libskey 0
IX use of the software installed in IV fails!
This is due to the fact that the libskey using software searches for the most
current libskey 0, which uses the SHA interface, and the most current libc 16
which was the old one installed in III, which does not provide SHA, and thus
gets two incompatible libraries linked with it. Crash!
One could argue that people should install all library versions that is made
available, but that is really not feasible. One have to recognize that people
may build their systems at arbitrary points in time and then go on to install
software they know work at their lib revision levels. A later build should
not break this software, that may only be available in binary versions.
|
|
|
|
|