| #
1.21 |
|
26-Apr-2018 |
guenther |
Use <fcntl.h> instead of <sys/file.h> for open() and friends.
Delete a bunch of unnecessary #includes and sort to match style(9)
while doing the above cleanup.
ok deraadt@ krw@
|
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
|
| #
1.20 |
|
26-Nov-2015 |
deraadt |
Delete YP password related code. As a result, these can also be
pledged. Keep an eye out for regressions, because they could be
uncomfortable.
ok beck semarie
|
| #
1.19 |
|
25-Oct-2015 |
ajacoutot |
No need to declare pwd_gensalt; it's unused and gone.
ok tedu@
|
| #
1.18 |
|
22-Oct-2015 |
tedu |
use crypt_checkpass instead of doing things the hard way with crypt.
|
| #
1.17 |
|
05-Oct-2015 |
millert |
Use explicit_bzero() instead of memset() for zeroing out secrets.
OK deraadt@
|
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
|
| #
1.16 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
|
| #
1.15 |
|
09-Mar-2006 |
millert |
Foil potential timing attacks by using the correct password hash
instead of "xx". In practice this means bcrypt() will be used for
non-existent users instead of DES crypt().
Adapted from a patch by Peter Philipp. OK deraadt@
|
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
|
| #
1.14 |
|
14-Apr-2005 |
biorn |
drop some krb4 stuff
ok beck@
|
|
Revision tags: OPENBSD_3_7_BASE
|
|
| #
1.13 |
|
28-Sep-2004 |
deraadt |
pass lint
|
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
|
| #
1.12 |
|
10-Mar-2004 |
millert |
More checking for a NULL return value from getpass(). otto@ OK
|
|
Revision tags: OPENBSD_3_4_BASE
|
|
| #
1.11 |
|
12-Aug-2003 |
hin |
Cleanup obsolete kerberos 4 stuff.
ok millert@
|
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
|
| #
1.10 |
|
06-Sep-2002 |
deraadt |
ansi; ok millert pvalchev
|
| #
1.9 |
|
28-Jun-2002 |
deraadt |
minor indent cleanup
|
| #
1.8 |
|
02-Jun-2002 |
deraadt |
minor KNF
|
| #
1.7 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
|
Revision tags: OPENBSD_3_1_BASE
|
|
| #
1.6 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
| #
1.5 |
|
06-Jan-2002 |
millert |
Don't let root change it's password via login_l?chpass(8).
At some point in the future, passwd(1) may call these auth methods
at which time we will need a flag to allow root to do a password
change and also to allow account w/o a password to be given one.
|
| #
1.4 |
|
07-Dec-2001 |
millert |
o Use writev() to send status on the backchannel instead of fdopen()ing
fd 3 and using stdio.
o Add SIGINT/SIGQUIT signal handler for yp_chpass() now that getpass()
is interuptible.
o Block SIGINT/SIGQUIT in krb_chpass() until it is made to clean up
after itself properly.
|
| #
1.3 |
|
06-Dec-2001 |
millert |
Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents
getpass()/readpassphrase() from being able to restore the tty mode
on keyboard interrupt. Along with the recent readpassphrase.c commit
this means that if you ^C things that use login scripts (like su(1))
with a non-CBREAK shell your tty mode will be restored nicely.
TODO:
The various login scripts need to install handlers to avoid leaving
turd files or otherwise ending in a bad state. It would also be
nice to send BI_REJECT to the back channel.
|
| #
1.2 |
|
24-Oct-2001 |
mpech |
getopt(3) returns -1 when out of args, not EOF.
millert@ ok
|
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
|
| #
1.1 |
|
12-Dec-2000 |
millert |
chpass login script; changes local, yp, or kerberos password
will be used when BSD authentication is enabled
|
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
|
| #
1.20 |
|
26-Nov-2015 |
deraadt |
Delete YP password related code. As a result, these can also be
pledged. Keep an eye out for regressions, because they could be
uncomfortable.
ok beck semarie
|
| #
1.19 |
|
25-Oct-2015 |
ajacoutot |
No need to declare pwd_gensalt; it's unused and gone.
ok tedu@
|
| #
1.18 |
|
22-Oct-2015 |
tedu |
use crypt_checkpass instead of doing things the hard way with crypt.
|
| #
1.17 |
|
05-Oct-2015 |
millert |
Use explicit_bzero() instead of memset() for zeroing out secrets.
OK deraadt@
|
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
|
| #
1.16 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
|
| #
1.15 |
|
09-Mar-2006 |
millert |
Foil potential timing attacks by using the correct password hash
instead of "xx". In practice this means bcrypt() will be used for
non-existent users instead of DES crypt().
Adapted from a patch by Peter Philipp. OK deraadt@
|
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
|
| #
1.14 |
|
14-Apr-2005 |
biorn |
drop some krb4 stuff
ok beck@
|
|
Revision tags: OPENBSD_3_7_BASE
|
|
| #
1.13 |
|
28-Sep-2004 |
deraadt |
pass lint
|
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
|
| #
1.12 |
|
10-Mar-2004 |
millert |
More checking for a NULL return value from getpass(). otto@ OK
|
|
Revision tags: OPENBSD_3_4_BASE
|
|
| #
1.11 |
|
12-Aug-2003 |
hin |
Cleanup obsolete kerberos 4 stuff.
ok millert@
|
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
|
| #
1.10 |
|
06-Sep-2002 |
deraadt |
ansi; ok millert pvalchev
|
| #
1.9 |
|
28-Jun-2002 |
deraadt |
minor indent cleanup
|
| #
1.8 |
|
02-Jun-2002 |
deraadt |
minor KNF
|
| #
1.7 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
|
Revision tags: OPENBSD_3_1_BASE
|
|
| #
1.6 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
| #
1.5 |
|
06-Jan-2002 |
millert |
Don't let root change it's password via login_l?chpass(8).
At some point in the future, passwd(1) may call these auth methods
at which time we will need a flag to allow root to do a password
change and also to allow account w/o a password to be given one.
|
| #
1.4 |
|
07-Dec-2001 |
millert |
o Use writev() to send status on the backchannel instead of fdopen()ing
fd 3 and using stdio.
o Add SIGINT/SIGQUIT signal handler for yp_chpass() now that getpass()
is interuptible.
o Block SIGINT/SIGQUIT in krb_chpass() until it is made to clean up
after itself properly.
|
| #
1.3 |
|
06-Dec-2001 |
millert |
Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents
getpass()/readpassphrase() from being able to restore the tty mode
on keyboard interrupt. Along with the recent readpassphrase.c commit
this means that if you ^C things that use login scripts (like su(1))
with a non-CBREAK shell your tty mode will be restored nicely.
TODO:
The various login scripts need to install handlers to avoid leaving
turd files or otherwise ending in a bad state. It would also be
nice to send BI_REJECT to the back channel.
|
| #
1.2 |
|
24-Oct-2001 |
mpech |
getopt(3) returns -1 when out of args, not EOF.
millert@ ok
|
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
|
| #
1.1 |
|
12-Dec-2000 |
millert |
chpass login script; changes local, yp, or kerberos password
will be used when BSD authentication is enabled
|