summaryrefslogtreecommitdiff
path: root/libexec/login_skey
AgeCommit message (Collapse)Author
2004-09-18ARGSUSED signal handlerTheo de Raadt
2004-08-30Use CMSG_SPACE when allocating space for the control message.Todd C. Miller
Fixes fd passing problems on sparc and sparc64. OK henning@
2004-08-11Rename confusing variable for readability's sake. No actual code changes.Todd C. Miller
2004-08-08spacingTheo de Raadt
2004-08-05Add support for passing an fd to the user's S/Key record back andTodd C. Miller
forth between login_skey and the invoking process. This allows us to keep the record locked between an invocation of login_skey that receives the challenge and another that verifies the response, preventing an interloper from sniffing the challenge and beating the legitimate user to the response.
2004-03-10More checking for a NULL return value from getpass(). otto@ OKTodd C. Miller
2003-06-17Sync with share/misc/license.template and add missing DARPA creditTodd C. Miller
where applicable.
2003-06-03Use an ISC-tyle license for all my code; it is simpler and more permissive.Todd C. Miller
2002-09-06ansi; ok millert pvalchevTheo de Raadt
2002-08-28o) start new sentence on a new line;Mike Pechkin
o) don't use .Nm w/o argument in .SYNOPSIS; I waste time, when fixing already cleaned pages. :( one man ok@
2002-07-14Rewrite with more (and correct!) info, based on login_passwd.8.Todd C. Miller
Thanks to Jose Nazario for pointing out some inaccuracies which prompted me to do this.
2002-06-28minor indent cleanupTheo de Raadt
2002-06-02minor KNFTheo de Raadt
2002-05-29a few more strlcatTheo de Raadt
2002-05-16No longer needs to be setuid root.Todd C. Miller
2002-03-13login(8) -> login(1)Marco S Hyman
2002-02-16Part one of userland __P removal. Done with a simple regexp with some minor ↵Todd C. Miller
hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
2001-12-07Catch SIGINT, SIGQUIT and SIGTSTP but ignore during the databaseTodd C. Miller
update. We have to be careful and drop our lock if we are suspended and then regain the lock on resume. This is necessary because the user must not be allowed to keep a record locked for a long period of time to avoid a DoS. We must be sure to re-lock when we resume because otherwise an attacker could suspend us until a user starts to login and then resume and then race the user for login using the challenge response from the user.
2001-12-06Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it preventsTodd C. Miller
getpass()/readpassphrase() from being able to restore the tty mode on keyboard interrupt. Along with the recent readpassphrase.c commit this means that if you ^C things that use login scripts (like su(1)) with a non-CBREAK shell your tty mode will be restored nicely. TODO: The various login scripts need to install handlers to avoid leaving turd files or otherwise ending in a bad state. It would also be nice to send BI_REJECT to the back channel.
2001-10-24getopt(3) returns -1 when out of args, not EOF.Mike Pechkin
millert@ ok
2001-07-08Remove extraneous .Pp after .ShTodd C. Miller
2001-06-25Remove instance stuff now that su uses an explicit option to specifyTodd C. Miller
the invoking user.
2001-06-20Add an alarm to implement as timeout on the locked record.Todd C. Miller
2000-12-12skey login script; authenticates the user via S/KeyTodd C. Miller
will be used when BSD authentication is enabled