#
1.18 |
|
12-Jul-2021 |
beck |
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.17 |
|
31-Oct-2018 |
mestre |
htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in batch mode and 2 arguments are used we know we have to access argv[0] with rwc permissions and also to rwc a temporary file in /tmp so we can unveil(2) both argv[0] and /tmp with rwc permissions. In order to avoid adding "unveil" to pledge(2), just call it after getopt(3).
Remaining code paths already have fs access disabled via pledge(2).
OK florian@ deraadt@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.16 |
|
07-Jun-2017 |
awolk |
htpasswd: use crypt_newhash instead of the bcrypt API
man bcrypt states: These functions are deprecated in favor of crypt_checkpass(3) and crypt_newhash(3).
hence with this change we move htpasswd to the new API, while here also change the rounds from a hardcoded 8 to automatic selection based on system performance.
OK florian@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.15 |
|
05-Nov-2015 |
florian |
Make our initial pledge stricter once we figured out in which mode we are running. In batch mode we are only reading from stdin and writing to stdout. If no file is specified we are reading from stdin, writing to stdout and need to control the tty for readpassphrase. OK deraadt@ on an earlier version some time ago.
|
#
1.14 |
|
16-Oct-2015 |
millert |
Implement real "flock" request and add it to userland programs that use pledge and file locking. OK deraadt@
|
#
1.13 |
|
09-Oct-2015 |
deraadt |
Change all tame callers to namechange to pledge(2).
|
#
1.12 |
|
07-Oct-2015 |
deraadt |
tame "stdio rpath wpath cpath tmppath tty". "tty" is the important part here, permitting use of readpassphrase()
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.11 |
|
08-Feb-2015 |
deraadt |
in getopt() blocks, stop incrementing flag variable which are supposed to just be 0/1 ok miod florian
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.10 |
|
24-Mar-2014 |
florian |
sf@ pointed out that the -B flag is already in use by apache's htpasswd (since version 2.4); change it to -I. The -B flag was not in use for a long time so this change should not cause too much trouble. OK sf@, jmc@ no objections from sthen@ "kein problem damit" benno@
|
#
1.9 |
|
20-Mar-2014 |
florian |
Various fixes from Tiago Cunha tcunha _AT_ gmx _DOT_ com: - const for file and tok - remove \n from err(3) - typo in error message - s/err/errx/ for functions that do not set errno - s/fprintf(stderr,...)/warnx/
Thanks!
OK sthen, benno
|
#
1.8 |
|
19-Mar-2014 |
florian |
missing -B in second usage line pointed out by jmc@, thanks!
|
#
1.7 |
|
18-Mar-2014 |
florian |
Batch mode; read exactly one line "login:unencrypted-password" from stdin. OK benno man page tweak and OK sthen
|
#
1.6 |
|
17-Mar-2014 |
florian |
Stop nagging after 5 non-bcrypt hashes OK benno
|
#
1.5 |
|
17-Mar-2014 |
florian |
flock password file OK benno
|
#
1.4 |
|
17-Mar-2014 |
benno |
move ftruncate down, lessen the chance that the file it might be left empty. while there, fix an error msg. ok florian
|
#
1.3 |
|
17-Mar-2014 |
florian |
No need for \t in usage(), pointed out by sthen and should have been in the initial commit. Sorry about that.
|
#
1.2 |
|
17-Mar-2014 |
florian |
The correct idiom is of course the umask song and dance. Brain-fart by me. pointed out by deraadt OK benno
|
#
1.1 |
|
17-Mar-2014 |
florian |
Re-implement htpasswd from scratch. There is so much bad advice on the internet that it's better to have a known tool in base. Intentionally not switch compatible with the old htpasswd. The only switch really needed would be for batch mode, but that was inherently insecure in the old htpasswd. Batch mode will be coming shortly. OK sthen, tedu, benno
|
#
1.17 |
|
31-Oct-2018 |
mestre |
htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in batch mode and 2 arguments are used we know we have to access argv[0] with rwc permissions and also to rwc a temporary file in /tmp so we can unveil(2) both argv[0] and /tmp with rwc permissions. In order to avoid adding "unveil" to pledge(2), just call it after getopt(3).
Remaining code paths already have fs access disabled via pledge(2).
OK florian@ deraadt@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.16 |
|
07-Jun-2017 |
awolk |
htpasswd: use crypt_newhash instead of the bcrypt API
man bcrypt states: These functions are deprecated in favor of crypt_checkpass(3) and crypt_newhash(3).
hence with this change we move htpasswd to the new API, while here also change the rounds from a hardcoded 8 to automatic selection based on system performance.
OK florian@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.15 |
|
05-Nov-2015 |
florian |
Make our initial pledge stricter once we figured out in which mode we are running. In batch mode we are only reading from stdin and writing to stdout. If no file is specified we are reading from stdin, writing to stdout and need to control the tty for readpassphrase. OK deraadt@ on an earlier version some time ago.
|
#
1.14 |
|
16-Oct-2015 |
millert |
Implement real "flock" request and add it to userland programs that use pledge and file locking. OK deraadt@
|
#
1.13 |
|
09-Oct-2015 |
deraadt |
Change all tame callers to namechange to pledge(2).
|
#
1.12 |
|
07-Oct-2015 |
deraadt |
tame "stdio rpath wpath cpath tmppath tty". "tty" is the important part here, permitting use of readpassphrase()
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.11 |
|
08-Feb-2015 |
deraadt |
in getopt() blocks, stop incrementing flag variable which are supposed to just be 0/1 ok miod florian
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.10 |
|
24-Mar-2014 |
florian |
sf@ pointed out that the -B flag is already in use by apache's htpasswd (since version 2.4); change it to -I. The -B flag was not in use for a long time so this change should not cause too much trouble. OK sf@, jmc@ no objections from sthen@ "kein problem damit" benno@
|
#
1.9 |
|
20-Mar-2014 |
florian |
Various fixes from Tiago Cunha tcunha _AT_ gmx _DOT_ com: - const for file and tok - remove \n from err(3) - typo in error message - s/err/errx/ for functions that do not set errno - s/fprintf(stderr,...)/warnx/
Thanks!
OK sthen, benno
|
#
1.8 |
|
19-Mar-2014 |
florian |
missing -B in second usage line pointed out by jmc@, thanks!
|
#
1.7 |
|
18-Mar-2014 |
florian |
Batch mode; read exactly one line "login:unencrypted-password" from stdin. OK benno man page tweak and OK sthen
|
#
1.6 |
|
17-Mar-2014 |
florian |
Stop nagging after 5 non-bcrypt hashes OK benno
|
#
1.5 |
|
17-Mar-2014 |
florian |
flock password file OK benno
|
#
1.4 |
|
17-Mar-2014 |
benno |
move ftruncate down, lessen the chance that the file it might be left empty. while there, fix an error msg. ok florian
|
#
1.3 |
|
17-Mar-2014 |
florian |
No need for \t in usage(), pointed out by sthen and should have been in the initial commit. Sorry about that.
|
#
1.2 |
|
17-Mar-2014 |
florian |
The correct idiom is of course the umask song and dance. Brain-fart by me. pointed out by deraadt OK benno
|
#
1.1 |
|
17-Mar-2014 |
florian |
Re-implement htpasswd from scratch. There is so much bad advice on the internet that it's better to have a known tool in base. Intentionally not switch compatible with the old htpasswd. The only switch really needed would be for batch mode, but that was inherently insecure in the old htpasswd. Batch mode will be coming shortly. OK sthen, tedu, benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.16 |
|
07-Jun-2017 |
awolk |
htpasswd: use crypt_newhash instead of the bcrypt API
man bcrypt states: These functions are deprecated in favor of crypt_checkpass(3) and crypt_newhash(3).
hence with this change we move htpasswd to the new API, while here also change the rounds from a hardcoded 8 to automatic selection based on system performance.
OK florian@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.15 |
|
05-Nov-2015 |
florian |
Make our initial pledge stricter once we figured out in which mode we are running. In batch mode we are only reading from stdin and writing to stdout. If no file is specified we are reading from stdin, writing to stdout and need to control the tty for readpassphrase. OK deraadt@ on an earlier version some time ago.
|
#
1.14 |
|
16-Oct-2015 |
millert |
Implement real "flock" request and add it to userland programs that use pledge and file locking. OK deraadt@
|
#
1.13 |
|
09-Oct-2015 |
deraadt |
Change all tame callers to namechange to pledge(2).
|
#
1.12 |
|
07-Oct-2015 |
deraadt |
tame "stdio rpath wpath cpath tmppath tty". "tty" is the important part here, permitting use of readpassphrase()
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.11 |
|
08-Feb-2015 |
deraadt |
in getopt() blocks, stop incrementing flag variable which are supposed to just be 0/1 ok miod florian
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.10 |
|
24-Mar-2014 |
florian |
sf@ pointed out that the -B flag is already in use by apache's htpasswd (since version 2.4); change it to -I. The -B flag was not in use for a long time so this change should not cause too much trouble. OK sf@, jmc@ no objections from sthen@ "kein problem damit" benno@
|
#
1.9 |
|
20-Mar-2014 |
florian |
Various fixes from Tiago Cunha tcunha _AT_ gmx _DOT_ com: - const for file and tok - remove \n from err(3) - typo in error message - s/err/errx/ for functions that do not set errno - s/fprintf(stderr,...)/warnx/
Thanks!
OK sthen, benno
|
#
1.8 |
|
19-Mar-2014 |
florian |
missing -B in second usage line pointed out by jmc@, thanks!
|
#
1.7 |
|
18-Mar-2014 |
florian |
Batch mode; read exactly one line "login:unencrypted-password" from stdin. OK benno man page tweak and OK sthen
|
#
1.6 |
|
17-Mar-2014 |
florian |
Stop nagging after 5 non-bcrypt hashes OK benno
|
#
1.5 |
|
17-Mar-2014 |
florian |
flock password file OK benno
|
#
1.4 |
|
17-Mar-2014 |
benno |
move ftruncate down, lessen the chance that the file it might be left empty. while there, fix an error msg. ok florian
|
#
1.3 |
|
17-Mar-2014 |
florian |
No need for \t in usage(), pointed out by sthen and should have been in the initial commit. Sorry about that.
|
#
1.2 |
|
17-Mar-2014 |
florian |
The correct idiom is of course the umask song and dance. Brain-fart by me. pointed out by deraadt OK benno
|
#
1.1 |
|
17-Mar-2014 |
florian |
Re-implement htpasswd from scratch. There is so much bad advice on the internet that it's better to have a known tool in base. Intentionally not switch compatible with the old htpasswd. The only switch really needed would be for batch mode, but that was inherently insecure in the old htpasswd. Batch mode will be coming shortly. OK sthen, tedu, benno
|