#
1.18 |
|
23-Oct-2021 |
mestre |
ensure that sensitive data is zeroed out from mem.
ok beck@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.17 |
|
26-Apr-2018 |
guenther |
Use <fcntl.h> instead of <sys/file.h> for open() and friends. Delete a bunch of unnecessary #includes and sort to match style(9) while doing the above cleanup.
ok deraadt@ krw@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.16 |
|
03-Sep-2016 |
gsoares |
convert to use readpassphrase() instead of DEPRECATED/getpass() OK millert@
|
#
1.15 |
|
16-Aug-2016 |
tedu |
remove unneeded casts
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.14 |
|
26-Apr-2016 |
mestre |
Add missing "tty" promise to the pledge(2) call
This is needed since getpass(3) calls readpassphrase(3) which in turn tries to open(2) a tty in O_RDWR mode
Problem reported by Kevin Chadwick <m8il1ists ! gmail.com>
Cluebat stick provided by deraadt@, OK millert@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.13 |
|
19-Nov-2015 |
millert |
Call syslog() if login_* pledge fails; OK deraadt@
|
#
1.12 |
|
22-Oct-2015 |
tedu |
use crypt_checkpass("password", NULL) to fake a login instead of bcrypt
|
#
1.11 |
|
14-Oct-2015 |
deraadt |
pledge "stdio rpath" is good enough for these mainline BSD auth login programs. (I am very surprised pledge ended up working for programs like this) ok semarie millert
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.10 |
|
03-Nov-2014 |
tedu |
reduce dependency on passwd. just call bcrypt_newhash to do the dummy work.
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.9 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.8 |
|
02-Apr-2006 |
deraadt |
some extern and goo
|
#
1.7 |
|
09-Mar-2006 |
millert |
Foil potential timing attacks by using the correct password hash instead of "xx". In practice this means bcrypt() will be used for non-existent users instead of DES crypt(). Adapted from a patch by Peter Philipp. OK deraadt@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.6 |
|
06-Sep-2002 |
deraadt |
ansi; ok millert pvalchev
|
#
1.5 |
|
28-Jun-2002 |
deraadt |
minor indent cleanup
|
#
1.4 |
|
02-Jun-2002 |
deraadt |
minor KNF
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.3 |
|
06-Dec-2001 |
millert |
Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents getpass()/readpassphrase() from being able to restore the tty mode on keyboard interrupt. Along with the recent readpassphrase.c commit this means that if you ^C things that use login scripts (like su(1)) with a non-CBREAK shell your tty mode will be restored nicely.
TODO: The various login scripts need to install handlers to avoid leaving turd files or otherwise ending in a bad state. It would also be nice to send BI_REJECT to the back channel.
|
#
1.2 |
|
24-Oct-2001 |
mpech |
getopt(3) returns -1 when out of args, not EOF.
millert@ ok
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.1 |
|
12-Dec-2000 |
millert |
reject login script; rejects attempted authentication will be used when BSD authentication is enabled
|
#
1.17 |
|
26-Apr-2018 |
guenther |
Use <fcntl.h> instead of <sys/file.h> for open() and friends. Delete a bunch of unnecessary #includes and sort to match style(9) while doing the above cleanup.
ok deraadt@ krw@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.16 |
|
03-Sep-2016 |
gsoares |
convert to use readpassphrase() instead of DEPRECATED/getpass() OK millert@
|
#
1.15 |
|
16-Aug-2016 |
tedu |
remove unneeded casts
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.14 |
|
26-Apr-2016 |
mestre |
Add missing "tty" promise to the pledge(2) call
This is needed since getpass(3) calls readpassphrase(3) which in turn tries to open(2) a tty in O_RDWR mode
Problem reported by Kevin Chadwick <m8il1ists ! gmail.com>
Cluebat stick provided by deraadt@, OK millert@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.13 |
|
19-Nov-2015 |
millert |
Call syslog() if login_* pledge fails; OK deraadt@
|
#
1.12 |
|
22-Oct-2015 |
tedu |
use crypt_checkpass("password", NULL) to fake a login instead of bcrypt
|
#
1.11 |
|
14-Oct-2015 |
deraadt |
pledge "stdio rpath" is good enough for these mainline BSD auth login programs. (I am very surprised pledge ended up working for programs like this) ok semarie millert
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.10 |
|
03-Nov-2014 |
tedu |
reduce dependency on passwd. just call bcrypt_newhash to do the dummy work.
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.9 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.8 |
|
02-Apr-2006 |
deraadt |
some extern and goo
|
#
1.7 |
|
09-Mar-2006 |
millert |
Foil potential timing attacks by using the correct password hash instead of "xx". In practice this means bcrypt() will be used for non-existent users instead of DES crypt(). Adapted from a patch by Peter Philipp. OK deraadt@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.6 |
|
06-Sep-2002 |
deraadt |
ansi; ok millert pvalchev
|
#
1.5 |
|
28-Jun-2002 |
deraadt |
minor indent cleanup
|
#
1.4 |
|
02-Jun-2002 |
deraadt |
minor KNF
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.3 |
|
06-Dec-2001 |
millert |
Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents getpass()/readpassphrase() from being able to restore the tty mode on keyboard interrupt. Along with the recent readpassphrase.c commit this means that if you ^C things that use login scripts (like su(1)) with a non-CBREAK shell your tty mode will be restored nicely.
TODO: The various login scripts need to install handlers to avoid leaving turd files or otherwise ending in a bad state. It would also be nice to send BI_REJECT to the back channel.
|
#
1.2 |
|
24-Oct-2001 |
mpech |
getopt(3) returns -1 when out of args, not EOF.
millert@ ok
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.1 |
|
12-Dec-2000 |
millert |
reject login script; rejects attempted authentication will be used when BSD authentication is enabled
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.16 |
|
03-Sep-2016 |
gsoares |
convert to use readpassphrase() instead of DEPRECATED/getpass() OK millert@
|
#
1.15 |
|
16-Aug-2016 |
tedu |
remove unneeded casts
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.14 |
|
26-Apr-2016 |
mestre |
Add missing "tty" promise to the pledge(2) call
This is needed since getpass(3) calls readpassphrase(3) which in turn tries to open(2) a tty in O_RDWR mode
Problem reported by Kevin Chadwick <m8il1ists ! gmail.com>
Cluebat stick provided by deraadt@, OK millert@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.13 |
|
19-Nov-2015 |
millert |
Call syslog() if login_* pledge fails; OK deraadt@
|
#
1.12 |
|
22-Oct-2015 |
tedu |
use crypt_checkpass("password", NULL) to fake a login instead of bcrypt
|
#
1.11 |
|
14-Oct-2015 |
deraadt |
pledge "stdio rpath" is good enough for these mainline BSD auth login programs. (I am very surprised pledge ended up working for programs like this) ok semarie millert
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.10 |
|
03-Nov-2014 |
tedu |
reduce dependency on passwd. just call bcrypt_newhash to do the dummy work.
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.9 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.8 |
|
02-Apr-2006 |
deraadt |
some extern and goo
|
#
1.7 |
|
09-Mar-2006 |
millert |
Foil potential timing attacks by using the correct password hash instead of "xx". In practice this means bcrypt() will be used for non-existent users instead of DES crypt(). Adapted from a patch by Peter Philipp. OK deraadt@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.6 |
|
06-Sep-2002 |
deraadt |
ansi; ok millert pvalchev
|
#
1.5 |
|
28-Jun-2002 |
deraadt |
minor indent cleanup
|
#
1.4 |
|
02-Jun-2002 |
deraadt |
minor KNF
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.3 |
|
06-Dec-2001 |
millert |
Do not set handler for SIGINT and SIGQUIT to SIG_IGN since it prevents getpass()/readpassphrase() from being able to restore the tty mode on keyboard interrupt. Along with the recent readpassphrase.c commit this means that if you ^C things that use login scripts (like su(1)) with a non-CBREAK shell your tty mode will be restored nicely.
TODO: The various login scripts need to install handlers to avoid leaving turd files or otherwise ending in a bad state. It would also be nice to send BI_REJECT to the back channel.
|
#
1.2 |
|
24-Oct-2001 |
mpech |
getopt(3) returns -1 when out of args, not EOF.
millert@ ok
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.1 |
|
12-Dec-2000 |
millert |
reject login script; rejects attempted authentication will be used when BSD authentication is enabled
|