When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

I am retiring my old email address; replace it with my OpenBSD one.

Another use for fcntl() and thus of the superfluous 3rd parameter
is when sanitising standard fd's before calling daemon().

Use a tweaked version of the ssh(1) function in all three places
found using fcntl() this way.

ok jca@ beck@

Pledge; OK millert@

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Usage -> usage.

rfc 3834 support: Auto-Submitted: auto-generated on lots of things; from Tamas TEVESZ; ok millert

3rd arg to F_GETFL fcntl doesn't need to be a pointer, 0 is fine.

- simplify SYNOPSIS
- sync usage()

Use an ISC-tyle license for all my code; it is simpler and more permissive.

Don't call setusercontext() to change uid unless uid == 0; found by mpech@

While I'm here sync usage() w/ manual.

o Don't close stdout in interactive mode; mpech@
Extra paranoia:
o Close keyfile by hand each time in -a mode so we don't leak an fd
to sendmail
o If any of std{out,in,err} are not open, open /dev/null in their stead.
o If stdout is not open and -i was specified, just exit since there
is nowhere to print the info.

Thanks for mpech@ for his testing and bug finding ;-)

Don't try to close key.keyfile in -a mode, skeygetnext() will have
already done it and we are headed for exit anyway.

Replace strcpy() of a constant w/ strlcpy() for easy grepping;
from Raymond M Schneider

Don't call fclose() on a NULL file handle; from markus@
Also:
Use ANSI function headers
Use pid_t for pids
Never do exit(-1)

Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory
where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root. They must now be setgid auth instead.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

correct type on last arg to execl(); nordin@cse.ogi.edu

Change the message if the S/Key sequence has expired. millert@ ok

Add calls to setusercontext() and login_get*(). We basically call
setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the "daemon" login class.

Remove the advertising clause in my old license, it impedes free use
of the code as a large number of similar clauses makes it impossible
to write an ad for a product using the code...

use setlogin(2).

Add -a (audit all users) flag and do our pipes.

Use _PATH_SKEYKEYS and fix a typo.

close keyfile nicely.

Add a seteuid() just in case someone decides to make this setuid
by some uid other than 0.

copyright

Replace skeyaudit.sh with a setuid binary (necessary for mode 0600 skeykeys)

I am retiring my old email address; replace it with my OpenBSD one.

Another use for fcntl() and thus of the superfluous 3rd parameter
is when sanitising standard fd's before calling daemon().

Use a tweaked version of the ssh(1) function in all three places
found using fcntl() this way.

ok jca@ beck@

Pledge; OK millert@

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Usage -> usage.

rfc 3834 support: Auto-Submitted: auto-generated on lots of things; from Tamas TEVESZ; ok millert

3rd arg to F_GETFL fcntl doesn't need to be a pointer, 0 is fine.

- simplify SYNOPSIS
- sync usage()

Use an ISC-tyle license for all my code; it is simpler and more permissive.

Don't call setusercontext() to change uid unless uid == 0; found by mpech@

While I'm here sync usage() w/ manual.

o Don't close stdout in interactive mode; mpech@
Extra paranoia:
o Close keyfile by hand each time in -a mode so we don't leak an fd
to sendmail
o If any of std{out,in,err} are not open, open /dev/null in their stead.
o If stdout is not open and -i was specified, just exit since there
is nowhere to print the info.

Thanks for mpech@ for his testing and bug finding ;-)

Don't try to close key.keyfile in -a mode, skeygetnext() will have
already done it and we are headed for exit anyway.

Replace strcpy() of a constant w/ strlcpy() for easy grepping;
from Raymond M Schneider

Don't call fclose() on a NULL file handle; from markus@
Also:
Use ANSI function headers
Use pid_t for pids
Never do exit(-1)

Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory
where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root. They must now be setgid auth instead.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

correct type on last arg to execl(); nordin@cse.ogi.edu

Change the message if the S/Key sequence has expired. millert@ ok

Add calls to setusercontext() and login_get*(). We basically call
setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the "daemon" login class.

Remove the advertising clause in my old license, it impedes free use
of the code as a large number of similar clauses makes it impossible
to write an ad for a product using the code...

use setlogin(2).

Add -a (audit all users) flag and do our pipes.

Use _PATH_SKEYKEYS and fix a typo.

close keyfile nicely.

Add a seteuid() just in case someone decides to make this setuid
by some uid other than 0.

copyright

Replace skeyaudit.sh with a setuid binary (necessary for mode 0600 skeykeys)

Another use for fcntl() and thus of the superfluous 3rd parameter
is when sanitising standard fd's before calling daemon().

Use a tweaked version of the ssh(1) function in all three places
found using fcntl() this way.

ok jca@ beck@

Pledge; OK millert@

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Usage -> usage.

rfc 3834 support: Auto-Submitted: auto-generated on lots of things; from Tamas TEVESZ; ok millert

3rd arg to F_GETFL fcntl doesn't need to be a pointer, 0 is fine.

- simplify SYNOPSIS
- sync usage()

Use an ISC-tyle license for all my code; it is simpler and more permissive.

Don't call setusercontext() to change uid unless uid == 0; found by mpech@

While I'm here sync usage() w/ manual.

o Don't close stdout in interactive mode; mpech@
Extra paranoia:
o Close keyfile by hand each time in -a mode so we don't leak an fd
to sendmail
o If any of std{out,in,err} are not open, open /dev/null in their stead.
o If stdout is not open and -i was specified, just exit since there
is nowhere to print the info.

Thanks for mpech@ for his testing and bug finding ;-)

Don't try to close key.keyfile in -a mode, skeygetnext() will have
already done it and we are headed for exit anyway.

Replace strcpy() of a constant w/ strlcpy() for easy grepping;
from Raymond M Schneider

Don't call fclose() on a NULL file handle; from markus@
Also:
Use ANSI function headers
Use pid_t for pids
Never do exit(-1)

Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory
where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root. They must now be setgid auth instead.

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

correct type on last arg to execl(); nordin@cse.ogi.edu

Change the message if the S/Key sequence has expired. millert@ ok

Add calls to setusercontext() and login_get*(). We basically call
setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the "daemon" login class.

Remove the advertising clause in my old license, it impedes free use
of the code as a large number of similar clauses makes it impossible
to write an ad for a product using the code...

use setlogin(2).

Add -a (audit all users) flag and do our pipes.

Use _PATH_SKEYKEYS and fix a typo.

close keyfile nicely.

Add a seteuid() just in case someone decides to make this setuid
by some uid other than 0.

copyright

Replace skeyaudit.sh with a setuid binary (necessary for mode 0600 skeykeys)