History log of /openbsd-current/lib/libskey/skeylogin.c
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 1.65 23-Mar-2024 guenther

readdir_r(3) was never necessary and has been deprecated by POSIX.
Document that in the manpage and stop using it internally.

ok deraadt@ millert@ jmc@


Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE OPENBSD_7_5_BASE
# 1.64 15-Mar-2023 millert

Fix the length check when computing a fake challenge for users not
in the S/Key database. If the system hostname is longer than 126
characters this could result in NUL bytes being written past the
end of a stack buffer. There is no impact on systems with a hostname
126 characters or less. Found by Qualys. OK deraadt@


# 1.63 27-Dec-2022 jmc

spelling fixes; from paul tagliamonte
any changes not taken noted on tech, but chiefly here i did not take the
cancelation - cancellation changes;


Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
# 1.62 25-Jan-2019 millert

I am retiring my old email address; replace it with my OpenBSD one.


Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
# 1.61 17-Apr-2017 deraadt

use freezero()


Revision tags: OPENBSD_6_1_BASE
# 1.60 20-Mar-2017 tb

Generate the bogus challenge using arc4random_buf(3) instead of reading
directly from /var/db/host.random and falling back to ctime. Remove the
_SKEY_RAND_FILE_PATH_ since it's no longer needed.

ok millert, mestre


# 1.59 20-Mar-2017 tedu

use explicit_bzero. one from Ricardo Mestre plus two more.


Revision tags: OPENBSD_6_0_BASE
# 1.58 17-Mar-2016 krw

'miliseconds' -> 'milliseconds' in comments.

if_atu.c noted by Michal Mazurek.


Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
# 1.57 18-Apr-2015 deraadt

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert


Revision tags: OPENBSD_5_7_BASE
# 1.56 16-Jan-2015 deraadt

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther


Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
# 1.55 29-Nov-2013 deraadt

fairly simple unsigned char casts for ctype
ok krw


Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
# 1.54 20-Mar-2007 tedu

remove some bogus *p tests from charles longeau
ok deraadt millert


Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
# 1.53 10-Apr-2006 deraadt

minimal cleanups lint begs for


Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
# 1.52 05-Aug-2004 millert

Add skeychallenge2() which is like skeychallenge() but takes an
already open fd. Will be used to make separate challenge/response
invocations of login_skey keep the record locked. Also properly
escape minus signs in man page. OK henning@ jmc@


Revision tags: OPENBSD_3_5_BASE
# 1.51 21-Sep-2003 millert

convert tgetline() from select(2) -> poll(2)


Revision tags: OPENBSD_3_4_BASE
# 1.50 28-Apr-2003 millert

fix skeygetnext()


# 1.49 03-Apr-2003 millert

Use snprintf() and strlcpy() throughout.


Revision tags: OPENBSD_3_3_BASE
# 1.48 16-Nov-2002 millert

Zero out struct skey early in skeylookup() so callers can reliably check
for keyfile == NULL and not get a garbage value.


# 1.47 16-Nov-2002 millert

Add a missing check for NULL keyfile in skeychallenge() that
caused a user w/o an S/Key to just get "permission denied" from
login_skey instead of a fake challenge.


Revision tags: OPENBSD_3_2_BASE
# 1.46 22-Jun-2002 deraadt

use strtok_r() instead of strtok(); millert ok


# 1.45 24-May-2002 deraadt

enforce SKEY_MAX_CHALLENGE using snprintf()


# 1.44 17-May-2002 millert

Remove skeyzero(), it is no longer needed.


# 1.43 16-May-2002 millert

Check for disabled /etc/skey directory (mode 0000). This is needed
because some things (such as login) run as uid 0 and directory modes
won't restrict root.


# 1.42 16-May-2002 millert

Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory
where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root. They must now be setgid auth instead.


Revision tags: OPENBSD_3_1_BASE
# 1.41 16-Feb-2002 millert

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.


# 1.40 07-Dec-2001 millert

Check for keyfile == NULL in skey_unlock()


Revision tags: OPENBSD_3_0_BASE
# 1.39 23-Jun-2001 millert

skeyzero() never uses its 2nd arg so remove it. Since the only thing
that calls skeyzero() is skeyinit and I just updated the libskey
major I am not going to bump the major again here...


# 1.38 20-Jun-2001 millert

o Do per-record locking instead of whole file locking
o Use said locking to prevent a partial guess race as required by
RFC 2289. We now lock the record in skeylookup(), skeygetnext(),
and skeyverify().
o A little KNF
o Kill deprecated getskeyprompt() function
o Provide a function to unlock a record, skey_unlock()
o Timeout reading of the passphrase in skey_authenticate() and
skey_passcheck() since we have the record locked (uses select, not alarm).
o Convert old-style md4 entries (that lack an explicit hash) into
new-style ones with the hash specified if there is space on the line.


Revision tags: OPENBSD_2_9_BASE
# 1.37 04-Jan-2001 todd

grammar


# 1.36 20-Nov-2000 millert

Move fake prompt generation from skey_authenticate() to skeychallenge()
and getskeyprompt(). This means that when you get a challenge the
result parameter is always filled in, even if the use is not in the
skeykeys file.


Revision tags: OPENBSD_2_8_BASE
# 1.35 23-Jun-2000 markus

set mp->keyfile = NULL if stat fails


Revision tags: OPENBSD_2_7_BASE
# 1.34 06-Dec-1999 deraadt

fd leak


# 1.33 26-Nov-1999 deraadt

fix descriptor leaks and double fclose(); markus and I; ok from millert


Revision tags: OPENBSD_2_6_BASE
# 1.32 16-Aug-1999 millert

don't need sys/file.h now that we include fcntl.h


# 1.31 16-Aug-1999 millert

missing fcntl.h


Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
# 1.30 05-Jul-1998 millert

replace open + fstat with stat


# 1.29 05-Jul-1998 millert

if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This is much better than the old fake challenge.


# 1.28 03-Jul-1998 angelos

Change the random file path, add a sanity check on file size.


# 1.27 03-Jul-1998 angelos

Fix my fix to return sane values.


# 1.26 03-Jul-1998 millert

produce credible seeds for non-existent users.


# 1.25 03-Jul-1998 angelos

Fix some of my indentation badness.


# 1.24 03-Jul-1998 angelos

Remove user existance disclosure through "s/key" challenges.


Revision tags: OPENBSD_2_3_BASE
# 1.23 24-Feb-1998 millert

Allow superuser to disable skey by unlnking /etc/skeykeys.


Revision tags: OPENBSD_2_2_BASE
# 1.22 12-Sep-1997 millert

Don't let strncpy() get a negative length. Noted by Theo.


# 1.21 04-Sep-1997 millert

Don't unlock skeys file before closing it. The lock is released
when the file is closed anyway and explicately unlocking before
the file gets flushed defeats the purpose of locking in the first
place.


# 1.20 27-Jul-1997 millert

Remove debugging info, whoops.


# 1.19 27-Jul-1997 millert

- Do coarse locking on /etc/skeykeys. Fixes a race that could allow
a replay attempt to succeed.
- OpenBSD tags


# 1.18 27-Jul-1997 millert

Fix search and replace error introduced in version 1.16.


# 1.17 26-Jul-1997 millert

Convert upper -> lower case in seed for fake s/key propt.


# 1.16 26-Jul-1997 millert

- int -> long fixes
- restore priority correctly after setpriority (assumed start pri was 0)
- rfc-compliant challenge when faking it for those w/o a keyfile entry
on machines with short hostnames or non-alphanum hostnames.


# 1.15 23-Jul-1997 millert

Fix skeygetnext()


# 1.14 23-Jul-1997 millert

_PATH_SKEYKEYS now lives in <paths.h>
Add skeygetnext() for iterating over the key file.


# 1.13 23-Jul-1997 millert

Mode 0600 /etc/skeykeys


# 1.12 10-Jul-1997 millert

Need err.h for warnx proto.


Revision tags: OPENBSD_2_1_BASE
# 1.11 03-Nov-1996 millert

Add a bunch of length/size macros and use them.


# 1.10 22-Oct-1996 millert

Fake an s/key challenge if user doesn't have an entry. Stops info
gathering attack.


# 1.9 14-Oct-1996 millert

htoi now takes an int, not char.
Only skey_set_algorithm() for the record that matches target user.


Revision tags: OPENBSD_2_0_BASE
# 1.8 02-Oct-1996 millert

Fix a bug wrt handling of old md4 entries. Now don't save a type with md4
so we don't go over the record size and munge other entries. Don't export
symbols we don't need to in put.c.


# 1.7 30-Sep-1996 millert

__ARGS -> __P (why does everyone have to do this differently?)


# 1.6 29-Sep-1996 millert

check skey_set_algorithm() ret val + pedantry.


# 1.5 29-Sep-1996 millert

Towards RFC 1938 compliance. Also, now supports SHA (secure hash algorithm).


# 1.4 29-Sep-1996 millert

You can now cut and paste skey prompt in an xterm to get the key.
Also removed broken code.


# 1.3 27-Sep-1996 millert

Deal with both MD4 and MD5 s/key's


# 1.2 20-Dec-1995 deraadt

add ability to zero out entry; from millert@cs.colorado.edu; netbsd pr#1851
also add a prototype for skeyzero()


# 1.1 18-Oct-1995 deraadt

branches: 1.1.1;
Initial revision


# 1.64 15-Mar-2023 millert

Fix the length check when computing a fake challenge for users not
in the S/Key database. If the system hostname is longer than 126
characters this could result in NUL bytes being written past the
end of a stack buffer. There is no impact on systems with a hostname
126 characters or less. Found by Qualys. OK deraadt@


# 1.63 27-Dec-2022 jmc

spelling fixes; from paul tagliamonte
any changes not taken noted on tech, but chiefly here i did not take the
cancelation - cancellation changes;


Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
# 1.62 25-Jan-2019 millert

I am retiring my old email address; replace it with my OpenBSD one.


Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
# 1.61 17-Apr-2017 deraadt

use freezero()


Revision tags: OPENBSD_6_1_BASE
# 1.60 20-Mar-2017 tb

Generate the bogus challenge using arc4random_buf(3) instead of reading
directly from /var/db/host.random and falling back to ctime. Remove the
_SKEY_RAND_FILE_PATH_ since it's no longer needed.

ok millert, mestre


# 1.59 20-Mar-2017 tedu

use explicit_bzero. one from Ricardo Mestre plus two more.


Revision tags: OPENBSD_6_0_BASE
# 1.58 17-Mar-2016 krw

'miliseconds' -> 'milliseconds' in comments.

if_atu.c noted by Michal Mazurek.


Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
# 1.57 18-Apr-2015 deraadt

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert


Revision tags: OPENBSD_5_7_BASE
# 1.56 16-Jan-2015 deraadt

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther


Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
# 1.55 29-Nov-2013 deraadt

fairly simple unsigned char casts for ctype
ok krw


Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
# 1.54 20-Mar-2007 tedu

remove some bogus *p tests from charles longeau
ok deraadt millert


Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
# 1.53 10-Apr-2006 deraadt

minimal cleanups lint begs for


Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
# 1.52 05-Aug-2004 millert

Add skeychallenge2() which is like skeychallenge() but takes an
already open fd. Will be used to make separate challenge/response
invocations of login_skey keep the record locked. Also properly
escape minus signs in man page. OK henning@ jmc@


Revision tags: OPENBSD_3_5_BASE
# 1.51 21-Sep-2003 millert

convert tgetline() from select(2) -> poll(2)


Revision tags: OPENBSD_3_4_BASE
# 1.50 28-Apr-2003 millert

fix skeygetnext()


# 1.49 03-Apr-2003 millert

Use snprintf() and strlcpy() throughout.


Revision tags: OPENBSD_3_3_BASE
# 1.48 16-Nov-2002 millert

Zero out struct skey early in skeylookup() so callers can reliably check
for keyfile == NULL and not get a garbage value.


# 1.47 16-Nov-2002 millert

Add a missing check for NULL keyfile in skeychallenge() that
caused a user w/o an S/Key to just get "permission denied" from
login_skey instead of a fake challenge.


Revision tags: OPENBSD_3_2_BASE
# 1.46 22-Jun-2002 deraadt

use strtok_r() instead of strtok(); millert ok


# 1.45 24-May-2002 deraadt

enforce SKEY_MAX_CHALLENGE using snprintf()


# 1.44 17-May-2002 millert

Remove skeyzero(), it is no longer needed.


# 1.43 16-May-2002 millert

Check for disabled /etc/skey directory (mode 0000). This is needed
because some things (such as login) run as uid 0 and directory modes
won't restrict root.


# 1.42 16-May-2002 millert

Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory
where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root. They must now be setgid auth instead.


Revision tags: OPENBSD_3_1_BASE
# 1.41 16-Feb-2002 millert

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.


# 1.40 07-Dec-2001 millert

Check for keyfile == NULL in skey_unlock()


Revision tags: OPENBSD_3_0_BASE
# 1.39 23-Jun-2001 millert

skeyzero() never uses its 2nd arg so remove it. Since the only thing
that calls skeyzero() is skeyinit and I just updated the libskey
major I am not going to bump the major again here...


# 1.38 20-Jun-2001 millert

o Do per-record locking instead of whole file locking
o Use said locking to prevent a partial guess race as required by
RFC 2289. We now lock the record in skeylookup(), skeygetnext(),
and skeyverify().
o A little KNF
o Kill deprecated getskeyprompt() function
o Provide a function to unlock a record, skey_unlock()
o Timeout reading of the passphrase in skey_authenticate() and
skey_passcheck() since we have the record locked (uses select, not alarm).
o Convert old-style md4 entries (that lack an explicit hash) into
new-style ones with the hash specified if there is space on the line.


Revision tags: OPENBSD_2_9_BASE
# 1.37 04-Jan-2001 todd

grammar


# 1.36 20-Nov-2000 millert

Move fake prompt generation from skey_authenticate() to skeychallenge()
and getskeyprompt(). This means that when you get a challenge the
result parameter is always filled in, even if the use is not in the
skeykeys file.


Revision tags: OPENBSD_2_8_BASE
# 1.35 23-Jun-2000 markus

set mp->keyfile = NULL if stat fails


Revision tags: OPENBSD_2_7_BASE
# 1.34 06-Dec-1999 deraadt

fd leak


# 1.33 26-Nov-1999 deraadt

fix descriptor leaks and double fclose(); markus and I; ok from millert


Revision tags: OPENBSD_2_6_BASE
# 1.32 16-Aug-1999 millert

don't need sys/file.h now that we include fcntl.h


# 1.31 16-Aug-1999 millert

missing fcntl.h


Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
# 1.30 05-Jul-1998 millert

replace open + fstat with stat


# 1.29 05-Jul-1998 millert

if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This is much better than the old fake challenge.


# 1.28 03-Jul-1998 angelos

Change the random file path, add a sanity check on file size.


# 1.27 03-Jul-1998 angelos

Fix my fix to return sane values.


# 1.26 03-Jul-1998 millert

produce credible seeds for non-existent users.


# 1.25 03-Jul-1998 angelos

Fix some of my indentation badness.


# 1.24 03-Jul-1998 angelos

Remove user existance disclosure through "s/key" challenges.


Revision tags: OPENBSD_2_3_BASE
# 1.23 24-Feb-1998 millert

Allow superuser to disable skey by unlnking /etc/skeykeys.


Revision tags: OPENBSD_2_2_BASE
# 1.22 12-Sep-1997 millert

Don't let strncpy() get a negative length. Noted by Theo.


# 1.21 04-Sep-1997 millert

Don't unlock skeys file before closing it. The lock is released
when the file is closed anyway and explicately unlocking before
the file gets flushed defeats the purpose of locking in the first
place.


# 1.20 27-Jul-1997 millert

Remove debugging info, whoops.


# 1.19 27-Jul-1997 millert

- Do coarse locking on /etc/skeykeys. Fixes a race that could allow
a replay attempt to succeed.
- OpenBSD tags


# 1.18 27-Jul-1997 millert

Fix search and replace error introduced in version 1.16.


# 1.17 26-Jul-1997 millert

Convert upper -> lower case in seed for fake s/key propt.


# 1.16 26-Jul-1997 millert

- int -> long fixes
- restore priority correctly after setpriority (assumed start pri was 0)
- rfc-compliant challenge when faking it for those w/o a keyfile entry
on machines with short hostnames or non-alphanum hostnames.


# 1.15 23-Jul-1997 millert

Fix skeygetnext()


# 1.14 23-Jul-1997 millert

_PATH_SKEYKEYS now lives in <paths.h>
Add skeygetnext() for iterating over the key file.


# 1.13 23-Jul-1997 millert

Mode 0600 /etc/skeykeys


# 1.12 10-Jul-1997 millert

Need err.h for warnx proto.


Revision tags: OPENBSD_2_1_BASE
# 1.11 03-Nov-1996 millert

Add a bunch of length/size macros and use them.


# 1.10 22-Oct-1996 millert

Fake an s/key challenge if user doesn't have an entry. Stops info
gathering attack.


# 1.9 14-Oct-1996 millert

htoi now takes an int, not char.
Only skey_set_algorithm() for the record that matches target user.


Revision tags: OPENBSD_2_0_BASE
# 1.8 02-Oct-1996 millert

Fix a bug wrt handling of old md4 entries. Now don't save a type with md4
so we don't go over the record size and munge other entries. Don't export
symbols we don't need to in put.c.


# 1.7 30-Sep-1996 millert

__ARGS -> __P (why does everyone have to do this differently?)


# 1.6 29-Sep-1996 millert

check skey_set_algorithm() ret val + pedantry.


# 1.5 29-Sep-1996 millert

Towards RFC 1938 compliance. Also, now supports SHA (secure hash algorithm).


# 1.4 29-Sep-1996 millert

You can now cut and paste skey prompt in an xterm to get the key.
Also removed broken code.


# 1.3 27-Sep-1996 millert

Deal with both MD4 and MD5 s/key's


# 1.2 20-Dec-1995 deraadt

add ability to zero out entry; from millert@cs.colorado.edu; netbsd pr#1851
also add a prototype for skeyzero()


# 1.1 18-Oct-1995 deraadt

branches: 1.1.1;
Initial revision


# 1.63 27-Dec-2022 jmc

spelling fixes; from paul tagliamonte
any changes not taken noted on tech, but chiefly here i did not take the
cancelation - cancellation changes;


Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
# 1.62 25-Jan-2019 millert

I am retiring my old email address; replace it with my OpenBSD one.


Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
# 1.61 17-Apr-2017 deraadt

use freezero()


Revision tags: OPENBSD_6_1_BASE
# 1.60 20-Mar-2017 tb

Generate the bogus challenge using arc4random_buf(3) instead of reading
directly from /var/db/host.random and falling back to ctime. Remove the
_SKEY_RAND_FILE_PATH_ since it's no longer needed.

ok millert, mestre


# 1.59 20-Mar-2017 tedu

use explicit_bzero. one from Ricardo Mestre plus two more.


Revision tags: OPENBSD_6_0_BASE
# 1.58 17-Mar-2016 krw

'miliseconds' -> 'milliseconds' in comments.

if_atu.c noted by Michal Mazurek.


Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
# 1.57 18-Apr-2015 deraadt

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert


Revision tags: OPENBSD_5_7_BASE
# 1.56 16-Jan-2015 deraadt

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther


Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
# 1.55 29-Nov-2013 deraadt

fairly simple unsigned char casts for ctype
ok krw


Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
# 1.54 20-Mar-2007 tedu

remove some bogus *p tests from charles longeau
ok deraadt millert


Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
# 1.53 10-Apr-2006 deraadt

minimal cleanups lint begs for


Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
# 1.52 05-Aug-2004 millert

Add skeychallenge2() which is like skeychallenge() but takes an
already open fd. Will be used to make separate challenge/response
invocations of login_skey keep the record locked. Also properly
escape minus signs in man page. OK henning@ jmc@


Revision tags: OPENBSD_3_5_BASE
# 1.51 21-Sep-2003 millert

convert tgetline() from select(2) -> poll(2)


Revision tags: OPENBSD_3_4_BASE
# 1.50 28-Apr-2003 millert

fix skeygetnext()


# 1.49 03-Apr-2003 millert

Use snprintf() and strlcpy() throughout.


Revision tags: OPENBSD_3_3_BASE
# 1.48 16-Nov-2002 millert

Zero out struct skey early in skeylookup() so callers can reliably check
for keyfile == NULL and not get a garbage value.


# 1.47 16-Nov-2002 millert

Add a missing check for NULL keyfile in skeychallenge() that
caused a user w/o an S/Key to just get "permission denied" from
login_skey instead of a fake challenge.


Revision tags: OPENBSD_3_2_BASE
# 1.46 22-Jun-2002 deraadt

use strtok_r() instead of strtok(); millert ok


# 1.45 24-May-2002 deraadt

enforce SKEY_MAX_CHALLENGE using snprintf()


# 1.44 17-May-2002 millert

Remove skeyzero(), it is no longer needed.


# 1.43 16-May-2002 millert

Check for disabled /etc/skey directory (mode 0000). This is needed
because some things (such as login) run as uid 0 and directory modes
won't restrict root.


# 1.42 16-May-2002 millert

Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory
where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root. They must now be setgid auth instead.


Revision tags: OPENBSD_3_1_BASE
# 1.41 16-Feb-2002 millert

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.


# 1.40 07-Dec-2001 millert

Check for keyfile == NULL in skey_unlock()


Revision tags: OPENBSD_3_0_BASE
# 1.39 23-Jun-2001 millert

skeyzero() never uses its 2nd arg so remove it. Since the only thing
that calls skeyzero() is skeyinit and I just updated the libskey
major I am not going to bump the major again here...


# 1.38 20-Jun-2001 millert

o Do per-record locking instead of whole file locking
o Use said locking to prevent a partial guess race as required by
RFC 2289. We now lock the record in skeylookup(), skeygetnext(),
and skeyverify().
o A little KNF
o Kill deprecated getskeyprompt() function
o Provide a function to unlock a record, skey_unlock()
o Timeout reading of the passphrase in skey_authenticate() and
skey_passcheck() since we have the record locked (uses select, not alarm).
o Convert old-style md4 entries (that lack an explicit hash) into
new-style ones with the hash specified if there is space on the line.


Revision tags: OPENBSD_2_9_BASE
# 1.37 04-Jan-2001 todd

grammar


# 1.36 20-Nov-2000 millert

Move fake prompt generation from skey_authenticate() to skeychallenge()
and getskeyprompt(). This means that when you get a challenge the
result parameter is always filled in, even if the use is not in the
skeykeys file.


Revision tags: OPENBSD_2_8_BASE
# 1.35 23-Jun-2000 markus

set mp->keyfile = NULL if stat fails


Revision tags: OPENBSD_2_7_BASE
# 1.34 06-Dec-1999 deraadt

fd leak


# 1.33 26-Nov-1999 deraadt

fix descriptor leaks and double fclose(); markus and I; ok from millert


Revision tags: OPENBSD_2_6_BASE
# 1.32 16-Aug-1999 millert

don't need sys/file.h now that we include fcntl.h


# 1.31 16-Aug-1999 millert

missing fcntl.h


Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
# 1.30 05-Jul-1998 millert

replace open + fstat with stat


# 1.29 05-Jul-1998 millert

if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This is much better than the old fake challenge.


# 1.28 03-Jul-1998 angelos

Change the random file path, add a sanity check on file size.


# 1.27 03-Jul-1998 angelos

Fix my fix to return sane values.


# 1.26 03-Jul-1998 millert

produce credible seeds for non-existent users.


# 1.25 03-Jul-1998 angelos

Fix some of my indentation badness.


# 1.24 03-Jul-1998 angelos

Remove user existance disclosure through "s/key" challenges.


Revision tags: OPENBSD_2_3_BASE
# 1.23 24-Feb-1998 millert

Allow superuser to disable skey by unlnking /etc/skeykeys.


Revision tags: OPENBSD_2_2_BASE
# 1.22 12-Sep-1997 millert

Don't let strncpy() get a negative length. Noted by Theo.


# 1.21 04-Sep-1997 millert

Don't unlock skeys file before closing it. The lock is released
when the file is closed anyway and explicately unlocking before
the file gets flushed defeats the purpose of locking in the first
place.


# 1.20 27-Jul-1997 millert

Remove debugging info, whoops.


# 1.19 27-Jul-1997 millert

- Do coarse locking on /etc/skeykeys. Fixes a race that could allow
a replay attempt to succeed.
- OpenBSD tags


# 1.18 27-Jul-1997 millert

Fix search and replace error introduced in version 1.16.


# 1.17 26-Jul-1997 millert

Convert upper -> lower case in seed for fake s/key propt.


# 1.16 26-Jul-1997 millert

- int -> long fixes
- restore priority correctly after setpriority (assumed start pri was 0)
- rfc-compliant challenge when faking it for those w/o a keyfile entry
on machines with short hostnames or non-alphanum hostnames.


# 1.15 23-Jul-1997 millert

Fix skeygetnext()


# 1.14 23-Jul-1997 millert

_PATH_SKEYKEYS now lives in <paths.h>
Add skeygetnext() for iterating over the key file.


# 1.13 23-Jul-1997 millert

Mode 0600 /etc/skeykeys


# 1.12 10-Jul-1997 millert

Need err.h for warnx proto.


Revision tags: OPENBSD_2_1_BASE
# 1.11 03-Nov-1996 millert

Add a bunch of length/size macros and use them.


# 1.10 22-Oct-1996 millert

Fake an s/key challenge if user doesn't have an entry. Stops info
gathering attack.


# 1.9 14-Oct-1996 millert

htoi now takes an int, not char.
Only skey_set_algorithm() for the record that matches target user.


Revision tags: OPENBSD_2_0_BASE
# 1.8 02-Oct-1996 millert

Fix a bug wrt handling of old md4 entries. Now don't save a type with md4
so we don't go over the record size and munge other entries. Don't export
symbols we don't need to in put.c.


# 1.7 30-Sep-1996 millert

__ARGS -> __P (why does everyone have to do this differently?)


# 1.6 29-Sep-1996 millert

check skey_set_algorithm() ret val + pedantry.


# 1.5 29-Sep-1996 millert

Towards RFC 1938 compliance. Also, now supports SHA (secure hash algorithm).


# 1.4 29-Sep-1996 millert

You can now cut and paste skey prompt in an xterm to get the key.
Also removed broken code.


# 1.3 27-Sep-1996 millert

Deal with both MD4 and MD5 s/key's


# 1.2 20-Dec-1995 deraadt

add ability to zero out entry; from millert@cs.colorado.edu; netbsd pr#1851
also add a prototype for skeyzero()


# 1.1 18-Oct-1995 deraadt

branches: 1.1.1;
Initial revision


# 1.62 25-Jan-2019 millert

I am retiring my old email address; replace it with my OpenBSD one.


Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
# 1.61 17-Apr-2017 deraadt

use freezero()


Revision tags: OPENBSD_6_1_BASE
# 1.60 20-Mar-2017 tb

Generate the bogus challenge using arc4random_buf(3) instead of reading
directly from /var/db/host.random and falling back to ctime. Remove the
_SKEY_RAND_FILE_PATH_ since it's no longer needed.

ok millert, mestre


# 1.59 20-Mar-2017 tedu

use explicit_bzero. one from Ricardo Mestre plus two more.


Revision tags: OPENBSD_6_0_BASE
# 1.58 17-Mar-2016 krw

'miliseconds' -> 'milliseconds' in comments.

if_atu.c noted by Michal Mazurek.


Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
# 1.57 18-Apr-2015 deraadt

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert


Revision tags: OPENBSD_5_7_BASE
# 1.56 16-Jan-2015 deraadt

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther


Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
# 1.55 29-Nov-2013 deraadt

fairly simple unsigned char casts for ctype
ok krw


Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
# 1.54 20-Mar-2007 tedu

remove some bogus *p tests from charles longeau
ok deraadt millert


Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
# 1.53 10-Apr-2006 deraadt

minimal cleanups lint begs for


Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
# 1.52 05-Aug-2004 millert

Add skeychallenge2() which is like skeychallenge() but takes an
already open fd. Will be used to make separate challenge/response
invocations of login_skey keep the record locked. Also properly
escape minus signs in man page. OK henning@ jmc@


Revision tags: OPENBSD_3_5_BASE
# 1.51 21-Sep-2003 millert

convert tgetline() from select(2) -> poll(2)


Revision tags: OPENBSD_3_4_BASE
# 1.50 28-Apr-2003 millert

fix skeygetnext()


# 1.49 03-Apr-2003 millert

Use snprintf() and strlcpy() throughout.


Revision tags: OPENBSD_3_3_BASE
# 1.48 16-Nov-2002 millert

Zero out struct skey early in skeylookup() so callers can reliably check
for keyfile == NULL and not get a garbage value.


# 1.47 16-Nov-2002 millert

Add a missing check for NULL keyfile in skeychallenge() that
caused a user w/o an S/Key to just get "permission denied" from
login_skey instead of a fake challenge.


Revision tags: OPENBSD_3_2_BASE
# 1.46 22-Jun-2002 deraadt

use strtok_r() instead of strtok(); millert ok


# 1.45 24-May-2002 deraadt

enforce SKEY_MAX_CHALLENGE using snprintf()


# 1.44 17-May-2002 millert

Remove skeyzero(), it is no longer needed.


# 1.43 16-May-2002 millert

Check for disabled /etc/skey directory (mode 0000). This is needed
because some things (such as login) run as uid 0 and directory modes
won't restrict root.


# 1.42 16-May-2002 millert

Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory
where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root. They must now be setgid auth instead.


Revision tags: OPENBSD_3_1_BASE
# 1.41 16-Feb-2002 millert

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.


# 1.40 07-Dec-2001 millert

Check for keyfile == NULL in skey_unlock()


Revision tags: OPENBSD_3_0_BASE
# 1.39 23-Jun-2001 millert

skeyzero() never uses its 2nd arg so remove it. Since the only thing
that calls skeyzero() is skeyinit and I just updated the libskey
major I am not going to bump the major again here...


# 1.38 20-Jun-2001 millert

o Do per-record locking instead of whole file locking
o Use said locking to prevent a partial guess race as required by
RFC 2289. We now lock the record in skeylookup(), skeygetnext(),
and skeyverify().
o A little KNF
o Kill deprecated getskeyprompt() function
o Provide a function to unlock a record, skey_unlock()
o Timeout reading of the passphrase in skey_authenticate() and
skey_passcheck() since we have the record locked (uses select, not alarm).
o Convert old-style md4 entries (that lack an explicit hash) into
new-style ones with the hash specified if there is space on the line.


Revision tags: OPENBSD_2_9_BASE
# 1.37 04-Jan-2001 todd

grammar


# 1.36 20-Nov-2000 millert

Move fake prompt generation from skey_authenticate() to skeychallenge()
and getskeyprompt(). This means that when you get a challenge the
result parameter is always filled in, even if the use is not in the
skeykeys file.


Revision tags: OPENBSD_2_8_BASE
# 1.35 23-Jun-2000 markus

set mp->keyfile = NULL if stat fails


Revision tags: OPENBSD_2_7_BASE
# 1.34 06-Dec-1999 deraadt

fd leak


# 1.33 26-Nov-1999 deraadt

fix descriptor leaks and double fclose(); markus and I; ok from millert


Revision tags: OPENBSD_2_6_BASE
# 1.32 16-Aug-1999 millert

don't need sys/file.h now that we include fcntl.h


# 1.31 16-Aug-1999 millert

missing fcntl.h


Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
# 1.30 05-Jul-1998 millert

replace open + fstat with stat


# 1.29 05-Jul-1998 millert

if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This is much better than the old fake challenge.


# 1.28 03-Jul-1998 angelos

Change the random file path, add a sanity check on file size.


# 1.27 03-Jul-1998 angelos

Fix my fix to return sane values.


# 1.26 03-Jul-1998 millert

produce credible seeds for non-existent users.


# 1.25 03-Jul-1998 angelos

Fix some of my indentation badness.


# 1.24 03-Jul-1998 angelos

Remove user existance disclosure through "s/key" challenges.


Revision tags: OPENBSD_2_3_BASE
# 1.23 24-Feb-1998 millert

Allow superuser to disable skey by unlnking /etc/skeykeys.


Revision tags: OPENBSD_2_2_BASE
# 1.22 12-Sep-1997 millert

Don't let strncpy() get a negative length. Noted by Theo.


# 1.21 04-Sep-1997 millert

Don't unlock skeys file before closing it. The lock is released
when the file is closed anyway and explicately unlocking before
the file gets flushed defeats the purpose of locking in the first
place.


# 1.20 27-Jul-1997 millert

Remove debugging info, whoops.


# 1.19 27-Jul-1997 millert

- Do coarse locking on /etc/skeykeys. Fixes a race that could allow
a replay attempt to succeed.
- OpenBSD tags


# 1.18 27-Jul-1997 millert

Fix search and replace error introduced in version 1.16.


# 1.17 26-Jul-1997 millert

Convert upper -> lower case in seed for fake s/key propt.


# 1.16 26-Jul-1997 millert

- int -> long fixes
- restore priority correctly after setpriority (assumed start pri was 0)
- rfc-compliant challenge when faking it for those w/o a keyfile entry
on machines with short hostnames or non-alphanum hostnames.


# 1.15 23-Jul-1997 millert

Fix skeygetnext()


# 1.14 23-Jul-1997 millert

_PATH_SKEYKEYS now lives in <paths.h>
Add skeygetnext() for iterating over the key file.


# 1.13 23-Jul-1997 millert

Mode 0600 /etc/skeykeys


# 1.12 10-Jul-1997 millert

Need err.h for warnx proto.


Revision tags: OPENBSD_2_1_BASE
# 1.11 03-Nov-1996 millert

Add a bunch of length/size macros and use them.


# 1.10 22-Oct-1996 millert

Fake an s/key challenge if user doesn't have an entry. Stops info
gathering attack.


# 1.9 14-Oct-1996 millert

htoi now takes an int, not char.
Only skey_set_algorithm() for the record that matches target user.


Revision tags: OPENBSD_2_0_BASE
# 1.8 02-Oct-1996 millert

Fix a bug wrt handling of old md4 entries. Now don't save a type with md4
so we don't go over the record size and munge other entries. Don't export
symbols we don't need to in put.c.


# 1.7 30-Sep-1996 millert

__ARGS -> __P (why does everyone have to do this differently?)


# 1.6 29-Sep-1996 millert

check skey_set_algorithm() ret val + pedantry.


# 1.5 29-Sep-1996 millert

Towards RFC 1938 compliance. Also, now supports SHA (secure hash algorithm).


# 1.4 29-Sep-1996 millert

You can now cut and paste skey prompt in an xterm to get the key.
Also removed broken code.


# 1.3 27-Sep-1996 millert

Deal with both MD4 and MD5 s/key's


# 1.2 20-Dec-1995 deraadt

add ability to zero out entry; from millert@cs.colorado.edu; netbsd pr#1851
also add a prototype for skeyzero()


# 1.1 18-Oct-1995 deraadt

branches: 1.1.1;
Initial revision


Revision tags: OPENBSD_6_2_BASE
# 1.61 17-Apr-2017 deraadt

use freezero()


Revision tags: OPENBSD_6_1_BASE
# 1.60 20-Mar-2017 tb

Generate the bogus challenge using arc4random_buf(3) instead of reading
directly from /var/db/host.random and falling back to ctime. Remove the
_SKEY_RAND_FILE_PATH_ since it's no longer needed.

ok millert, mestre


# 1.59 20-Mar-2017 tedu

use explicit_bzero. one from Ricardo Mestre plus two more.


Revision tags: OPENBSD_6_0_BASE
# 1.58 17-Mar-2016 krw

'miliseconds' -> 'milliseconds' in comments.

if_atu.c noted by Michal Mazurek.


Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
# 1.57 18-Apr-2015 deraadt

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert


Revision tags: OPENBSD_5_7_BASE
# 1.56 16-Jan-2015 deraadt

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther


Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
# 1.55 29-Nov-2013 deraadt

fairly simple unsigned char casts for ctype
ok krw


Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
# 1.54 20-Mar-2007 tedu

remove some bogus *p tests from charles longeau
ok deraadt millert


Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
# 1.53 10-Apr-2006 deraadt

minimal cleanups lint begs for


Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
# 1.52 05-Aug-2004 millert

Add skeychallenge2() which is like skeychallenge() but takes an
already open fd. Will be used to make separate challenge/response
invocations of login_skey keep the record locked. Also properly
escape minus signs in man page. OK henning@ jmc@


Revision tags: OPENBSD_3_5_BASE
# 1.51 21-Sep-2003 millert

convert tgetline() from select(2) -> poll(2)


Revision tags: OPENBSD_3_4_BASE
# 1.50 28-Apr-2003 millert

fix skeygetnext()


# 1.49 03-Apr-2003 millert

Use snprintf() and strlcpy() throughout.


Revision tags: OPENBSD_3_3_BASE
# 1.48 16-Nov-2002 millert

Zero out struct skey early in skeylookup() so callers can reliably check
for keyfile == NULL and not get a garbage value.


# 1.47 16-Nov-2002 millert

Add a missing check for NULL keyfile in skeychallenge() that
caused a user w/o an S/Key to just get "permission denied" from
login_skey instead of a fake challenge.


Revision tags: OPENBSD_3_2_BASE
# 1.46 22-Jun-2002 deraadt

use strtok_r() instead of strtok(); millert ok


# 1.45 24-May-2002 deraadt

enforce SKEY_MAX_CHALLENGE using snprintf()


# 1.44 17-May-2002 millert

Remove skeyzero(), it is no longer needed.


# 1.43 16-May-2002 millert

Check for disabled /etc/skey directory (mode 0000). This is needed
because some things (such as login) run as uid 0 and directory modes
won't restrict root.


# 1.42 16-May-2002 millert

Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory
where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root. They must now be setgid auth instead.


Revision tags: OPENBSD_3_1_BASE
# 1.41 16-Feb-2002 millert

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.


# 1.40 07-Dec-2001 millert

Check for keyfile == NULL in skey_unlock()


Revision tags: OPENBSD_3_0_BASE
# 1.39 23-Jun-2001 millert

skeyzero() never uses its 2nd arg so remove it. Since the only thing
that calls skeyzero() is skeyinit and I just updated the libskey
major I am not going to bump the major again here...


# 1.38 20-Jun-2001 millert

o Do per-record locking instead of whole file locking
o Use said locking to prevent a partial guess race as required by
RFC 2289. We now lock the record in skeylookup(), skeygetnext(),
and skeyverify().
o A little KNF
o Kill deprecated getskeyprompt() function
o Provide a function to unlock a record, skey_unlock()
o Timeout reading of the passphrase in skey_authenticate() and
skey_passcheck() since we have the record locked (uses select, not alarm).
o Convert old-style md4 entries (that lack an explicit hash) into
new-style ones with the hash specified if there is space on the line.


Revision tags: OPENBSD_2_9_BASE
# 1.37 04-Jan-2001 todd

grammar


# 1.36 20-Nov-2000 millert

Move fake prompt generation from skey_authenticate() to skeychallenge()
and getskeyprompt(). This means that when you get a challenge the
result parameter is always filled in, even if the use is not in the
skeykeys file.


Revision tags: OPENBSD_2_8_BASE
# 1.35 23-Jun-2000 markus

set mp->keyfile = NULL if stat fails


Revision tags: OPENBSD_2_7_BASE
# 1.34 06-Dec-1999 deraadt

fd leak


# 1.33 26-Nov-1999 deraadt

fix descriptor leaks and double fclose(); markus and I; ok from millert


Revision tags: OPENBSD_2_6_BASE
# 1.32 16-Aug-1999 millert

don't need sys/file.h now that we include fcntl.h


# 1.31 16-Aug-1999 millert

missing fcntl.h


Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
# 1.30 05-Jul-1998 millert

replace open + fstat with stat


# 1.29 05-Jul-1998 millert

if there is no /etc/host.random, hash on the ctime of /dev/mem or /. This is much better than the old fake challenge.


# 1.28 03-Jul-1998 angelos

Change the random file path, add a sanity check on file size.


# 1.27 03-Jul-1998 angelos

Fix my fix to return sane values.


# 1.26 03-Jul-1998 millert

produce credible seeds for non-existent users.


# 1.25 03-Jul-1998 angelos

Fix some of my indentation badness.


# 1.24 03-Jul-1998 angelos

Remove user existance disclosure through "s/key" challenges.


Revision tags: OPENBSD_2_3_BASE
# 1.23 24-Feb-1998 millert

Allow superuser to disable skey by unlnking /etc/skeykeys.


Revision tags: OPENBSD_2_2_BASE
# 1.22 12-Sep-1997 millert

Don't let strncpy() get a negative length. Noted by Theo.


# 1.21 04-Sep-1997 millert

Don't unlock skeys file before closing it. The lock is released
when the file is closed anyway and explicately unlocking before
the file gets flushed defeats the purpose of locking in the first
place.


# 1.20 27-Jul-1997 millert

Remove debugging info, whoops.


# 1.19 27-Jul-1997 millert

- Do coarse locking on /etc/skeykeys. Fixes a race that could allow
a replay attempt to succeed.
- OpenBSD tags


# 1.18 27-Jul-1997 millert

Fix search and replace error introduced in version 1.16.


# 1.17 26-Jul-1997 millert

Convert upper -> lower case in seed for fake s/key propt.


# 1.16 26-Jul-1997 millert

- int -> long fixes
- restore priority correctly after setpriority (assumed start pri was 0)
- rfc-compliant challenge when faking it for those w/o a keyfile entry
on machines with short hostnames or non-alphanum hostnames.


# 1.15 23-Jul-1997 millert

Fix skeygetnext()


# 1.14 23-Jul-1997 millert

_PATH_SKEYKEYS now lives in <paths.h>
Add skeygetnext() for iterating over the key file.


# 1.13 23-Jul-1997 millert

Mode 0600 /etc/skeykeys


# 1.12 10-Jul-1997 millert

Need err.h for warnx proto.


Revision tags: OPENBSD_2_1_BASE
# 1.11 03-Nov-1996 millert

Add a bunch of length/size macros and use them.


# 1.10 22-Oct-1996 millert

Fake an s/key challenge if user doesn't have an entry. Stops info
gathering attack.


# 1.9 14-Oct-1996 millert

htoi now takes an int, not char.
Only skey_set_algorithm() for the record that matches target user.


Revision tags: OPENBSD_2_0_BASE
# 1.8 02-Oct-1996 millert

Fix a bug wrt handling of old md4 entries. Now don't save a type with md4
so we don't go over the record size and munge other entries. Don't export
symbols we don't need to in put.c.


# 1.7 30-Sep-1996 millert

__ARGS -> __P (why does everyone have to do this differently?)


# 1.6 29-Sep-1996 millert

check skey_set_algorithm() ret val + pedantry.


# 1.5 29-Sep-1996 millert

Towards RFC 1938 compliance. Also, now supports SHA (secure hash algorithm).


# 1.4 29-Sep-1996 millert

You can now cut and paste skey prompt in an xterm to get the key.
Also removed broken code.


# 1.3 27-Sep-1996 millert

Deal with both MD4 and MD5 s/key's


# 1.2 20-Dec-1995 deraadt

add ability to zero out entry; from millert@cs.colorado.edu; netbsd pr#1851
also add a prototype for skeyzero()


# 1.1 18-Oct-1995 deraadt

branches: 1.1.1;
Initial revision