| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | I am retiring my old email address; replace it with my OpenBSD one. |   millert | 2019-01-25 | 1 | -2/+2 |
| | | |||||
| * | use freezero() |   deraadt | 2017-04-17 | 1 | -3/+2 |
| | | |||||
| * | Generate the bogus challenge using arc4random_buf(3) instead of reading |   tb | 2017-03-20 | 1 | -33/+7 |
| | | | | | | | | directly from /var/db/host.random and falling back to ctime. Remove the _SKEY_RAND_FILE_PATH_ since it's no longer needed. ok millert, mestre | ||||
| * | use explicit_bzero. one from Ricardo Mestre plus two more. |   tedu | 2017-03-20 | 1 | -4/+4 |
| | | |||||
| * | 'miliseconds' -> 'milliseconds' in comments. |   krw | 2016-03-17 | 1 | -2/+2 |
| | | | | | if_atu.c noted by Michal Mazurek. | ||||
| * | Convert many atoi() calls to strtonum(), adding range checks and failure | deraadt | 2015-04-18 | 1 | -2/+5 |
| | | | | | | handling along the way. Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert | ||||
| * | Move to the <limits.h> universe. | deraadt | 2015-01-16 | 1 | -2/+2 |
| | | | | | review by millert, binary checking process with doug, concept with guenther | ||||
| * | fairly simple unsigned char casts for ctype | deraadt | 2013-11-29 | 1 | -6/+7 |
| | | | | | ok krw | ||||
| * | remove some bogus *p tests from charles longeau | tedu | 2007-03-20 | 1 | -2/+2 |
| | | | | | ok deraadt millert | ||||
| * | minimal cleanups lint begs for | deraadt | 2006-04-10 | 1 | -23/+21 |
| | | |||||
| * | Add skeychallenge2() which is like skeychallenge() but takes an | millert | 2004-08-05 | 1 | -22/+29 |
| | | | | | | | already open fd. Will be used to make separate challenge/response invocations of login_skey keep the record locked. Also properly escape minus signs in man page. OK henning@ jmc@ | ||||
| * | convert tgetline() from select(2) -> poll(2) | millert | 2003-09-21 | 1 | -23/+12 |
| | | |||||
| * | fix skeygetnext() | millert | 2003-04-28 | 1 | -8/+23 |
| | | |||||
| * | Use snprintf() and strlcpy() throughout. | millert | 2003-04-03 | 1 | -34/+13 |
| | | |||||
| * | Zero out struct skey early in skeylookup() so callers can reliably check | millert | 2002-11-16 | 1 | -3/+3 |
| | | | | | for keyfile == NULL and not get a garbage value. | ||||
| * | Add a missing check for NULL keyfile in skeychallenge() that | millert | 2002-11-16 | 1 | -3/+5 |
| | | | | | | caused a user w/o an S/Key to just get "permission denied" from login_skey instead of a fake challenge. | ||||
| * | use strtok_r() instead of strtok(); millert ok | deraadt | 2002-06-22 | 1 | -13/+13 |
| | | |||||
| * | enforce SKEY_MAX_CHALLENGE using snprintf() | deraadt | 2002-05-24 | 1 | -12/+9 |
| | | |||||
| * | Remove skeyzero(), it is no longer needed. | millert | 2002-05-17 | 1 | -28/+1 |
| | | |||||
| * | Check for disabled /etc/skey directory (mode 0000). This is needed | millert | 2002-05-16 | 1 | -3/+11 |
| | | | | | | because some things (such as login) run as uid 0 and directory modes won't restrict root. | ||||
| * | Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory | millert | 2002-05-16 | 1 | -352/+225 |
| | | | | | | | | | | where each user gets their own file, which is owned by that user. An old S/Key database may be converted by running "skeyinit -C" as root. Programs that need to access the S/Key database no longer need to be setuid root. They must now be setgid auth instead. | ||||
| * | Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically. | millert | 2002-02-16 | 1 | -3/+3 |
| | | |||||
| * | Check for keyfile == NULL in skey_unlock() | millert | 2001-12-07 | 1 | -2/+2 |
| | | |||||
| * | skeyzero() never uses its 2nd arg so remove it. Since the only thing | millert | 2001-06-23 | 1 | -3/+3 |
| | | | | | | that calls skeyzero() is skeyinit and I just updated the libskey major I am not going to bump the major again here... | ||||
| * | o Do per-record locking instead of whole file locking | millert | 2001-06-20 | 1 | -102/+258 |
| | | | | | | | | | | | | | | o Use said locking to prevent a partial guess race as required by RFC 2289. We now lock the record in skeylookup(), skeygetnext(), and skeyverify(). o A little KNF o Kill deprecated getskeyprompt() function o Provide a function to unlock a record, skey_unlock() o Timeout reading of the passphrase in skey_authenticate() and skey_passcheck() since we have the record locked (uses select, not alarm). o Convert old-style md4 entries (that lack an explicit hash) into new-style ones with the hash specified if there is space on the line. | ||||
| * | grammar |   todd | 2001-01-04 | 1 | -2/+2 |
| | | |||||
| * | Move fake prompt generation from skey_authenticate() to skeychallenge() | millert | 2000-11-20 | 1 | -129/+142 |
| | | | | | | | and getskeyprompt(). This means that when you get a challenge the result parameter is always filled in, even if the use is not in the skeykeys file. | ||||
| * | set mp->keyfile = NULL if stat fails |   markus | 2000-06-23 | 1 | -1/+2 |
| | | |||||
| * | fd leak | deraadt | 1999-12-06 | 1 | -1/+4 |
| | | |||||
| * | fix descriptor leaks and double fclose(); markus and I; ok from millert | deraadt | 1999-11-26 | 1 | -5/+23 |
| | | |||||
| * | don't need sys/file.h now that we include fcntl.h | millert | 1999-08-16 | 1 | -2/+1 |
| | | |||||
| * | missing fcntl.h | millert | 1999-08-16 | 1 | -1/+2 |
| | | |||||
| * | replace open + fstat with stat | millert | 1998-07-05 | 1 | -5/+2 |
| | | |||||
| * | if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This is much better than the old fake challenge. | millert | 1998-07-05 | 1 | -84/+94 |
| | | |||||
| * | Change the random file path, add a sanity check on file size. |   angelos | 1998-07-03 | 1 | -1/+2 |
| | | |||||
| * | Fix my fix to return sane values. | angelos | 1998-07-03 | 1 | -9/+10 |
| | | |||||
| * | produce credible seeds for non-existent users. | millert | 1998-07-03 | 1 | -3/+3 |
| | | |||||
| * | Fix some of my indentation badness. | angelos | 1998-07-03 | 1 | -12/+12 |
| | | |||||
| * | Remove user existance disclosure through "s/key" challenges. | angelos | 1998-07-03 | 1 | -21/+110 |
| | | |||||
| * | Allow superuser to disable skey by unlnking /etc/skeykeys. | millert | 1998-02-24 | 1 | -21/+11 |
| | | |||||
| * | Don't let strncpy() get a negative length. Noted by Theo. | millert | 1997-09-12 | 1 | -2/+2 |
| | | |||||
| * | Don't unlock skeys file before closing it. The lock is released | millert | 1997-09-04 | 1 | -4/+1 |
| | | | | | | | when the file is closed anyway and explicately unlocking before the file gets flushed defeats the purpose of locking in the first place. | ||||
| * | Remove debugging info, whoops. | millert | 1997-07-27 | 1 | -2/+1 |
| | | |||||
| * | - Do coarse locking on /etc/skeykeys. Fixes a race that could allow | millert | 1997-07-27 | 1 | -12/+23 |
| | | | | | | a replay attempt to succeed. - OpenBSD tags | ||||
| * | Fix search and replace error introduced in version 1.16. | millert | 1997-07-27 | 1 | -19/+19 |
| | | |||||
| * | Convert upper -> lower case in seed for fake s/key propt. | millert | 1997-07-26 | 1 | -2/+3 |
| | | |||||
| * | - int -> long fixes | millert | 1997-07-26 | 1 | -38/+48 |
| | | | | | | | - restore priority correctly after setpriority (assumed start pri was 0) - rfc-compliant challenge when faking it for those w/o a keyfile entry on machines with short hostnames or non-alphanum hostnames. | ||||
| * | Fix skeygetnext() | millert | 1997-07-23 | 1 | -17/+4 |
| | | |||||
| * | _PATH_SKEYKEYS now lives in <paths.h> | millert | 1997-07-23 | 1 | -17/+86 |
| | | | | | Add skeygetnext() for iterating over the key file. | ||||
| * | Mode 0600 /etc/skeykeys | millert | 1997-07-23 | 1 | -2/+4 |
| | | |||||
 |
index : wireguard-openbsd | |
| WireGuard implementation for the OpenBSD kernel | Matt Dunwoodie |
| summaryrefslogtreecommitdiffstats |