wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	Check auth_mkvalue(3) return value for NULL (malloc failure).	millert	2021-01-02	1	-3/+2
\| \| \| \| \|	For constant strings we don't actually need to use auth_mkvalue(3). Problem reported by Ross L Richardson.
*	Fix handling of passwd entries with an empty password.	millert	2020-05-15	1	-4/+5
\| \| \| \| \| \|	Initialize "pass" to the empty string instead of NULL, otherwise crypt_checkpass() will dereference NULL. From Yuichiro Naito via yasuoka@. OK deraadt@
*	Merge two missed fixes from login.c to login_passwd.c.	millert	2019-12-24	1	-4/+5
\| \| \| \| \| \|	- use the correct length when checking for "-v lastchance=yes" - don't try to zero pass if it is NULL From miod@
*	Replace modular version with origin BSDi version with our updates.	millert	2019-12-21	4	-252/+133
\| \| \| \| \| \|	In 2001 login_passwd was made modular so we could use the same source for passwd and kerberos auth. Now that we no longer have kerberos integrated we can simplify login_passwd. OK deraadt@
*	Return BI_SILENT not BI_AUTH if the challenge service is requested.	millert	2019-12-14	1	-2/+2
\| \| \| \| \|	This bug was introduced in the login_passwd rewrite back in 2001. From Tom Longshine.
*	I am retiring my old email address; replace it with my OpenBSD one.	millert	2019-01-25	1	-3/+3
\|
*	Remove the hopefully last remnants of kerberos in there: arg_login,	ajacoutot	2018-09-30	1	-12/+1
\| \| \| \| \| \|	arg_notickets and invokinguser. ok kn@ millert@
*	Call pledge(2) earlier before opening the auth channel and readpassphrase()	reyk	2018-06-13	3	-8/+15
\| \| \| \| \| \| \| \| \| \| \|	Before this change, only the password validation was pledged, now it also includes some more code including the "Password:" prompt. To pledge the code earlier, the getpwnam_shadow() had to be moved up - it works under "getpw" but it does not return the actual password hash under pledge. This also works with yp(ldap). OK deraadt@ tb@ brynet@
*	Remove #ifdef PASSWD, it was always enabled and is a leftover from krb5 days.	reyk	2018-06-13	3	-11/+5
\| \| \| \| \| \|	No other uses of -DPASSWD were found in the tree. OK deraadt@ tb@ brynet@
*	set password to return of readpassphrase(), not always the buffer.	tedu	2016-09-03	1	-3/+2
\|
*	convert to use readpassphrase() instead of DEPRECATED/getpass()	gsoares	2016-09-03	2	-4/+6
\| \| \| \|	OK millert@
*	krb5 bits should rest in peace	gsoares	2016-09-02	2	-9/+2
\| \| \| \|	OK deraadt
*	remove unneeded casts	tedu	2016-08-16	1	-2/+2
\|
*	Call syslog() if login_* pledge fails; OK deraadt@	millert	2015-11-19	1	-3/+5
\|
*	use _shadow getpw functions. these utilities obviously deal with hashes.	tedu	2015-11-18	1	-2/+2
\|
*	Don't compile pwd_gensalt, it's not needed since we use crypt_checkpass.	ajacoutot	2015-10-24	2	-5/+3
\| \| \| \|	ok tedu@
*	pledge "stdio rpath" is good enough for these mainline BSD auth login	deraadt	2015-10-14	1	-1/+5
\| \| \| \| \| \|	programs. (I am very surprised pledge ended up working for programs like this) ok semarie millert
*	Use explicit_bzero() instead of memset() for zeroing out secrets.	millert	2015-10-05	2	-4/+4
\| \| \| \|	OK deraadt@
*	add some missing .Cm macros and drop some redundant .Bk while here	schwarze	2015-09-11	1	-8/+8
\|
*	Replace <sys/param.h> with <limits.h> and other less dirty headers where	deraadt	2015-01-16	2	-4/+4
\| \| \| \| \| \| \| \| \|	possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
*	use crypt_checkpass function to make things simple	tedu	2014-09-16	1	-22/+7
\|
*	add a krb5-noverify option for login.conf that disables verification	dlg	2012-06-01	2	-4/+4
\| \| \| \| \| \| \| \|	of the server against a local host keytab file when you're authing users with login_krb5. useful for when you need to auth users but dealing with the domain admins is painful... ok sthen@ jj@ millert@
*	improve synopsis markup of login_* utilities; use a more standard	sobrado	2012-02-01	1	-4/+4
\| \| \| \| \| \| \| \| \|	phrasing when listing flags; add missing arguments to flags in the DESCRIPTION section of the manual page. use of .Li (literal text) macros and standard wording suggested by jmc@ ok jmc@
*	convert to new .Dd format;	jmc	2007-05-31	1	-2/+2
\|
*	a FALLTHROUGH and one size_t cast	deraadt	2006-04-02	1	-2/+3
\|
*	Foil potential timing attacks by using the correct password hash	millert	2006-03-09	3	-8/+17
\| \| \| \| \| \|	instead of "xx". In practice this means bcrypt() will be used for non-existent users instead of DES crypt(). Adapted from a patch by Peter Philipp. OK deraadt@
*	drop some krb4 stuff	biorn	2005-04-14	2	-8/+2
\| \| \| \|	ok beck@
*	login_passwd needs to be setuid root after all for "secure" YP maps.	millert	2004-05-12	1	-3/+3
\|
*	More checking for a NULL return value from getpass(). otto@ OK	millert	2004-03-10	2	-3/+6
\|
*	spaces	deraadt	2003-07-29	1	-2/+2
\|
*	Sync with share/misc/license.template and add missing DARPA credit	millert	2003-06-17	1	-8/+8
\| \| \| \|	where applicable.
*	Use an ISC-tyle license for all my code; it is simpler and more permissive.	millert	2003-06-03	1	-22/+11
\|
*	login_passwd is now setgid _shadow instead of setuid root.	millert	2003-03-28	1	-3/+3
\|
*	incorrect string length matching; ianm@cit.uws.edu.au	deraadt	2003-03-17	1	-7/+7
\|
*	ansi; ok millert pvalchev	deraadt	2002-09-06	1	-2/+1
\|
*	o) start new sentence on a new line;	mpech	2002-08-28	1	-2/+2
\| \| \| \| \| \| \|	o) don't use .Nm w/o argument in .SYNOPSIS; I waste time, when fixing already cleaned pages. :( one man ok@
*	minor KNF	deraadt	2002-06-02	1	-4/+4
\|
*	Only accept the empty string for users with no password.	millert	2002-03-19	1	-10/+13
\| \| \| \|	Previously, any password was accepted (that's how crypt() behaves).
*	Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents	millert	2001-12-06	1	-3/+1
\| \| \| \| \| \| \| \| \| \| \| \|	getpass()/readpassphrase() from being able to restore the tty mode on keyboard interrupt. Along with the recent readpassphrase.c commit this means that if you ^C things that use login scripts (like su(1)) with a non-CBREAK shell your tty mode will be restored nicely. TODO: The various login scripts need to install handlers to avoid leaving turd files or otherwise ending in a bad state. It would also be nice to send BI_REJECT to the back channel.
*	o) fix bogus .Xr usage;	mpech	2001-11-13	1	-2/+3
\| \| \| \| \| \| \| \|	o) start new sentence on a new line; o) don't use .Xr instead of .Pa tag; o) minimal -mdoc design fixes; millert@ ok;
*	some KNF	millert	2001-08-12	1	-6/+6
\|
*	o wheel and lastchance are -v args (variable), not -s (service)	millert	2001-08-09	1	-22/+25
\| \| \| \| \|	o an unknown service is a fatal error o some KNF
*	Remove extraneous .Pp after .Sh	millert	2001-07-08	1	-2/+1
\|
*	ugly	deraadt	2001-06-29	1	-10/+9
\|
*	Cleanup and unify login_passwd, login_krb4, login_krb4-or-pwd, login_krb5 and	hin	2001-06-26	4	-141/+266
\| \| \| \|	login_krb5-or-pwd.
*	Remove instance stuff now that su uses an explicit option to specify	millert	2001-06-25	1	-14/+2
\| \| \| \|	the invoking user.
*	Don't do the root instance handling stuff; su no longer does it.	hin	2001-06-25	1	-17/+3
\|
*	passwd login script; authenticates the user via passwd/yp	millert	2000-12-12	3	-0/+323
	will be used when BSD authentication is enabled