readdir_r(3) was never necessary and has been deprecated by POSIX.
Document that in the manpage and stop using it internally.

ok deraadt@ millert@ jmc@

Fix the length check when computing a fake challenge for users not
in the S/Key database. If the system hostname is longer than 126
characters this could result in NUL bytes being written past the
e

Fix the length check when computing a fake challenge for users not
in the S/Key database. If the system hostname is longer than 126
characters this could result in NUL bytes being written past the
end of a stack buffer. There is no impact on systems with a hostname
126 characters or less. Found by Qualys. OK deraadt@

show more ...

spelling fixes; from paul tagliamonte
any changes not taken noted on tech, but chiefly here i did not take the
cancelation - cancellation changes;

I am retiring my old email address; replace it with my OpenBSD one.

use freezero()

Generate the bogus challenge using arc4random_buf(3) instead of reading
directly from /var/db/host.random and falling back to ctime. Remove the
_SKEY_RAND_FILE_PATH_ since it's no longer needed.

ok

Generate the bogus challenge using arc4random_buf(3) instead of reading
directly from /var/db/host.random and falling back to ctime. Remove the
_SKEY_RAND_FILE_PATH_ since it's no longer needed.

ok millert, mestre

show more ...

use explicit_bzero. one from Ricardo Mestre plus two more.

'miliseconds' -> 'milliseconds' in comments.

if_atu.c noted by Michal Mazurek.

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther

fairly simple unsigned char casts for ctype
ok krw

remove some bogus *p tests from charles longeau
ok deraadt millert

minimal cleanups lint begs for

Add skeychallenge2() which is like skeychallenge() but takes an
already open fd. Will be used to make separate challenge/response
invocations of login_skey keep the record locked. Also properly
esc

Add skeychallenge2() which is like skeychallenge() but takes an
already open fd. Will be used to make separate challenge/response
invocations of login_skey keep the record locked. Also properly
escape minus signs in man page. OK henning@ jmc@

show more ...

convert tgetline() from select(2) -> poll(2)

fix skeygetnext()

Use snprintf() and strlcpy() throughout.

Zero out struct skey early in skeylookup() so callers can reliably check
for keyfile == NULL and not get a garbage value.

Add a missing check for NULL keyfile in skeychallenge() that
caused a user w/o an S/Key to just get "permission denied" from
login_skey instead of a fake challenge.

use strtok_r() instead of strtok(); millert ok

enforce SKEY_MAX_CHALLENGE using snprintf()

Remove skeyzero(), it is no longer needed.

Check for disabled /etc/skey directory (mode 0000). This is needed
because some things (such as login) run as uid 0 and directory modes
won't restrict root.

Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory
where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit

Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory
where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root. They must now be setgid auth instead.

show more ...

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be don

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

show more ...