summaryrefslogtreecommitdiff
path: root/lib/libskey
AgeCommit message (Collapse)Author
2003-06-26simple protosTheo de Raadt
2003-06-17Sync with share/misc/license.template and add missing DARPA creditTodd C. Miller
where applicable.
2003-06-03Use an ISC-tyle license for all my code; it is simpler and more permissive.Todd C. Miller
2003-06-02- section reorderJason McIntyre
- kill whitespace at EOL
2003-05-24- typos;Jason McIntyre
- new sentence, new line; - whitespace at EOL
2003-04-28fix skeygetnext()Todd C. Miller
2003-04-03Use snprintf() and strlcpy() throughout.Todd C. Miller
2003-03-19document the number of bytes required for btoa8Todd C. Miller
2003-01-23typos;Jason McIntyre
ok millert@
2002-12-03Crank all library major numbers. Needed due to the fact that weTodd C. Miller
now build libraries with propolice enabled. Without this, existing binaries (such as ports/packages) that link with any system library other than libc will fail with an undefined symbol of "___guard" (__guard on ELF). Pointed out by markus@ and discussed with deraadt@
2002-11-16Zero out struct skey early in skeylookup() so callers can reliably checkTodd C. Miller
for keyfile == NULL and not get a garbage value.
2002-11-16Add a missing check for NULL keyfile in skeychallenge() thatTodd C. Miller
caused a user w/o an S/Key to just get "permission denied" from login_skey instead of a fake challenge.
2002-06-22use strtok_r() instead of strtok(); millert okTheo de Raadt
2002-05-29strlcat boundsTheo de Raadt
2002-05-24replace strcpy with strlcpyTheo de Raadt
2002-05-24enforce SKEY_MAX_CHALLENGE using snprintf()Theo de Raadt
2002-05-24doc that skeychallenge() buffer is at least SKEY_MAX_CHALLENGE longTheo de Raadt
2002-05-17Remove skeyzero(), it is no longer needed.Todd C. Miller
2002-05-16Add skey(5)Todd C. Miller
2002-05-16Check for disabled /etc/skey directory (mode 0000). This is neededTodd C. Miller
because some things (such as login) run as uid 0 and directory modes won't restrict root.
2002-05-16Change S/Key stuff from using a flat file (/etc/skeykeys) to a directoryTodd C. Miller
where each user gets their own file, which is owned by that user. An old S/Key database may be converted by running "skeyinit -C" as root. Programs that need to access the S/Key database no longer need to be setuid root. They must now be setgid auth instead.
2002-04-30Initial cleanup:Mike Pechkin
o) remove extra space in the end of line; o) remove extra blank lines in the end of file; o) remove .Pp before .Ss; o) CAVEAT -> CAVEATS; o) fix usage of .Fa; o) <blank-line> -> .Pp; o) wrap long lines; millert@ ok
2002-02-16Part one of userland __P removal. Done with a simple regexp with some minor ↵Todd C. Miller
hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
2002-01-24Fix `necesary' typos; Alexander YurchenkoTodd C. Miller
Alas many of these were introduced by yours truly as necessary just doesn't look right to me for some reason ;-)
2001-12-07Check for keyfile == NULL in skey_unlock()Todd C. Miller
2001-11-14avoid stdio in a signal handler; millert okTheo de Raadt
2001-06-23sync skeyzero proto with recent changesTodd C. Miller
2001-06-23skeyzero() never uses its 2nd arg so remove it. Since the only thingTodd C. Miller
that calls skeyzero() is skeyinit and I just updated the libskey major I am not going to bump the major again here...
2001-06-23Document our S/Key library.Todd C. Miller
2001-06-23getskeyprompt() is goneTodd C. Miller
2001-06-23Get rid of f_HASH() and fold its functionality into keycrunch_HASH().Todd C. Miller
This means we now only need to add one new function when adding a new hash type. Somehow missed from last S/Key commit (changes are static to skeysubr.c).
2001-06-20major number bumpTodd C. Miller
2001-06-20We don't need an f() for each hash, just overload the per-hashTodd C. Miller
keycrunch() function to do this.
2001-06-20o Do per-record locking instead of whole file lockingTodd C. Miller
o Use said locking to prevent a partial guess race as required by RFC 2289. We now lock the record in skeylookup(), skeygetnext(), and skeyverify(). o A little KNF o Kill deprecated getskeyprompt() function o Provide a function to unlock a record, skey_unlock() o Timeout reading of the passphrase in skey_authenticate() and skey_passcheck() since we have the record locked (uses select, not alarm). o Convert old-style md4 entries (that lack an explicit hash) into new-style ones with the hash specified if there is space on the line.
2001-06-20o Add a length parameter to struct skey and rearrange some other structsTodd C. Miller
o Protect from duplicate inclusion and use __{BEGIN,END}_DECLS o Prototype new skey_unlock() function and remove proto for getskeyprompt() which has been removed.
2001-01-26SHA1 is a big endian algorithm but RFC2289 mandates that results beTodd C. Miller
stored in little endian form (like MD4/MD5). So, instead of having SHA1Final copy the result buffer, we do it ourselves with a loop stolen from RFC2289, Appendix A. Closes PR1650.
2001-01-04grammarTodd T. Fries
2000-11-20Move fake prompt generation from skey_authenticate() to skeychallenge()Todd C. Miller
and getskeyprompt(). This means that when you get a challenge the result parameter is always filled in, even if the use is not in the skeykeys file.
2000-06-23set mp->keyfile = NULL if stat failsMarkus Friedl
2000-03-02$OpenBSD$Todd T. Fries
1999-12-06fd leakTheo de Raadt
1999-11-26fix descriptor leaks and double fclose(); markus and I; ok from millertTheo de Raadt
1999-08-16don't need sys/file.h now that we include fcntl.hTodd C. Miller
1999-08-16missing fcntl.hTodd C. Miller
1999-07-15change /etc/host.random to /var/db/host.randomNiels Provos
1998-07-05replace open + fstat with statTodd C. Miller
1998-07-05if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This ↵Todd C. Miller
is much better than the old fake challenge.
1998-07-03Change the random file path, add a sanity check on file size.Angelos D. Keromytis
1998-07-03Fix my fix to return sane values.Angelos D. Keromytis
1998-07-03produce credible seeds for non-existent users.Todd C. Miller