#
1.29 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.28 |
|
25-Jan-2019 |
millert |
I am retiring my old email address; replace it with my OpenBSD one.
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.27 |
|
02-Apr-2016 |
krw |
Another use for fcntl() and thus of the superfluous 3rd parameter is when sanitising standard fd's before calling daemon().
Use a tweaked version of the ssh(1) function in all three places found using fcntl() this way.
ok jca@ beck@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.26 |
|
01-Nov-2015 |
tim |
Pledge; OK millert@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.25 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.24 |
|
12-Nov-2008 |
sobrado |
Usage -> usage.
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.23 |
|
11-Dec-2006 |
deraadt |
rfc 3834 support: Auto-Submitted: auto-generated on lots of things; from Tamas TEVESZ; ok millert
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE
|
#
1.22 |
|
26-Oct-2005 |
millert |
3rd arg to F_GETFL fcntl doesn't need to be a pointer, 0 is fine.
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.21 |
|
06-Jul-2005 |
jmc |
- simplify SYNOPSIS - sync usage()
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.20 |
|
03-Jun-2003 |
millert |
Use an ISC-tyle license for all my code; it is simpler and more permissive.
|
#
1.19 |
|
06-May-2003 |
millert |
Don't call setusercontext() to change uid unless uid == 0; found by mpech@
|
#
1.18 |
|
06-May-2003 |
mpech |
While I'm here sync usage() w/ manual.
|
#
1.17 |
|
02-May-2003 |
millert |
o Don't close stdout in interactive mode; mpech@ Extra paranoia: o Close keyfile by hand each time in -a mode so we don't leak an fd to sendmail o If any of std{out,in,err} are not open, open /dev/null in their stead. o If stdout is not open and -i was specified, just exit since there is nowhere to print the info.
Thanks for mpech@ for his testing and bug finding ;-)
|
#
1.16 |
|
28-Apr-2003 |
millert |
Don't try to close key.keyfile in -a mode, skeygetnext() will have already done it and we are headed for exit anyway.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.15 |
|
14-Mar-2003 |
millert |
Replace strcpy() of a constant w/ strlcpy() for easy grepping; from Raymond M Schneider
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.14 |
|
29-May-2002 |
millert |
Don't call fclose() on a NULL file handle; from markus@ Also: Use ANSI function headers Use pid_t for pids Never do exit(-1)
|
#
1.13 |
|
16-May-2002 |
millert |
Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory where each user gets their own file, which is owned by that user.
An old S/Key database may be converted by running "skeyinit -C" as root.
Programs that need to access the S/Key database no longer need to be setuid root. They must now be setgid auth instead.
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.12 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.11 |
|
09-Jul-2001 |
deraadt |
correct type on last arg to execl(); nordin@cse.ogi.edu
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE
|
#
1.10 |
|
20-Sep-2000 |
pjanzen |
Change the message if the S/Key sequence has expired. millert@ ok
|
#
1.9 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE OPENBSD_2_6_BASE OPENBSD_2_7_BASE
|
#
1.8 |
|
21-Jun-1998 |
millert |
Remove the advertising clause in my old license, it impedes free use of the code as a large number of similar clauses makes it impossible to write an ad for a product using the code...
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
09-Sep-1997 |
millert |
use setlogin(2).
|
#
1.6 |
|
24-Jul-1997 |
millert |
Add -a (audit all users) flag and do our pipes.
|
#
1.5 |
|
23-Jul-1997 |
millert |
Use _PATH_SKEYKEYS and fix a typo.
|
#
1.4 |
|
23-Jul-1997 |
millert |
close keyfile nicely.
|
#
1.3 |
|
23-Jul-1997 |
millert |
Add a seteuid() just in case someone decides to make this setuid by some uid other than 0.
|
#
1.2 |
|
23-Jul-1997 |
millert |
copyright
|
#
1.1 |
|
23-Jul-1997 |
millert |
Replace skeyaudit.sh with a setuid binary (necessary for mode 0600 skeykeys)
|
#
1.28 |
|
25-Jan-2019 |
millert |
I am retiring my old email address; replace it with my OpenBSD one.
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.27 |
|
02-Apr-2016 |
krw |
Another use for fcntl() and thus of the superfluous 3rd parameter is when sanitising standard fd's before calling daemon().
Use a tweaked version of the ssh(1) function in all three places found using fcntl() this way.
ok jca@ beck@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.26 |
|
01-Nov-2015 |
tim |
Pledge; OK millert@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.25 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.24 |
|
12-Nov-2008 |
sobrado |
Usage -> usage.
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.23 |
|
11-Dec-2006 |
deraadt |
rfc 3834 support: Auto-Submitted: auto-generated on lots of things; from Tamas TEVESZ; ok millert
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE
|
#
1.22 |
|
26-Oct-2005 |
millert |
3rd arg to F_GETFL fcntl doesn't need to be a pointer, 0 is fine.
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.21 |
|
06-Jul-2005 |
jmc |
- simplify SYNOPSIS - sync usage()
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.20 |
|
03-Jun-2003 |
millert |
Use an ISC-tyle license for all my code; it is simpler and more permissive.
|
#
1.19 |
|
06-May-2003 |
millert |
Don't call setusercontext() to change uid unless uid == 0; found by mpech@
|
#
1.18 |
|
06-May-2003 |
mpech |
While I'm here sync usage() w/ manual.
|
#
1.17 |
|
02-May-2003 |
millert |
o Don't close stdout in interactive mode; mpech@ Extra paranoia: o Close keyfile by hand each time in -a mode so we don't leak an fd to sendmail o If any of std{out,in,err} are not open, open /dev/null in their stead. o If stdout is not open and -i was specified, just exit since there is nowhere to print the info.
Thanks for mpech@ for his testing and bug finding ;-)
|
#
1.16 |
|
28-Apr-2003 |
millert |
Don't try to close key.keyfile in -a mode, skeygetnext() will have already done it and we are headed for exit anyway.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.15 |
|
14-Mar-2003 |
millert |
Replace strcpy() of a constant w/ strlcpy() for easy grepping; from Raymond M Schneider
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.14 |
|
29-May-2002 |
millert |
Don't call fclose() on a NULL file handle; from markus@ Also: Use ANSI function headers Use pid_t for pids Never do exit(-1)
|
#
1.13 |
|
16-May-2002 |
millert |
Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory where each user gets their own file, which is owned by that user.
An old S/Key database may be converted by running "skeyinit -C" as root.
Programs that need to access the S/Key database no longer need to be setuid root. They must now be setgid auth instead.
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.12 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.11 |
|
09-Jul-2001 |
deraadt |
correct type on last arg to execl(); nordin@cse.ogi.edu
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE
|
#
1.10 |
|
20-Sep-2000 |
pjanzen |
Change the message if the S/Key sequence has expired. millert@ ok
|
#
1.9 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE OPENBSD_2_6_BASE OPENBSD_2_7_BASE
|
#
1.8 |
|
21-Jun-1998 |
millert |
Remove the advertising clause in my old license, it impedes free use of the code as a large number of similar clauses makes it impossible to write an ad for a product using the code...
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
09-Sep-1997 |
millert |
use setlogin(2).
|
#
1.6 |
|
24-Jul-1997 |
millert |
Add -a (audit all users) flag and do our pipes.
|
#
1.5 |
|
23-Jul-1997 |
millert |
Use _PATH_SKEYKEYS and fix a typo.
|
#
1.4 |
|
23-Jul-1997 |
millert |
close keyfile nicely.
|
#
1.3 |
|
23-Jul-1997 |
millert |
Add a seteuid() just in case someone decides to make this setuid by some uid other than 0.
|
#
1.2 |
|
23-Jul-1997 |
millert |
copyright
|
#
1.1 |
|
23-Jul-1997 |
millert |
Replace skeyaudit.sh with a setuid binary (necessary for mode 0600 skeykeys)
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.27 |
|
02-Apr-2016 |
krw |
Another use for fcntl() and thus of the superfluous 3rd parameter is when sanitising standard fd's before calling daemon().
Use a tweaked version of the ssh(1) function in all three places found using fcntl() this way.
ok jca@ beck@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.26 |
|
01-Nov-2015 |
tim |
Pledge; OK millert@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.25 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.24 |
|
12-Nov-2008 |
sobrado |
Usage -> usage.
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.23 |
|
11-Dec-2006 |
deraadt |
rfc 3834 support: Auto-Submitted: auto-generated on lots of things; from Tamas TEVESZ; ok millert
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE
|
#
1.22 |
|
26-Oct-2005 |
millert |
3rd arg to F_GETFL fcntl doesn't need to be a pointer, 0 is fine.
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.21 |
|
06-Jul-2005 |
jmc |
- simplify SYNOPSIS - sync usage()
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.20 |
|
03-Jun-2003 |
millert |
Use an ISC-tyle license for all my code; it is simpler and more permissive.
|
#
1.19 |
|
06-May-2003 |
millert |
Don't call setusercontext() to change uid unless uid == 0; found by mpech@
|
#
1.18 |
|
06-May-2003 |
mpech |
While I'm here sync usage() w/ manual.
|
#
1.17 |
|
02-May-2003 |
millert |
o Don't close stdout in interactive mode; mpech@ Extra paranoia: o Close keyfile by hand each time in -a mode so we don't leak an fd to sendmail o If any of std{out,in,err} are not open, open /dev/null in their stead. o If stdout is not open and -i was specified, just exit since there is nowhere to print the info.
Thanks for mpech@ for his testing and bug finding ;-)
|
#
1.16 |
|
28-Apr-2003 |
millert |
Don't try to close key.keyfile in -a mode, skeygetnext() will have already done it and we are headed for exit anyway.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.15 |
|
14-Mar-2003 |
millert |
Replace strcpy() of a constant w/ strlcpy() for easy grepping; from Raymond M Schneider
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.14 |
|
29-May-2002 |
millert |
Don't call fclose() on a NULL file handle; from markus@ Also: Use ANSI function headers Use pid_t for pids Never do exit(-1)
|
#
1.13 |
|
16-May-2002 |
millert |
Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory where each user gets their own file, which is owned by that user.
An old S/Key database may be converted by running "skeyinit -C" as root.
Programs that need to access the S/Key database no longer need to be setuid root. They must now be setgid auth instead.
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.12 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.11 |
|
09-Jul-2001 |
deraadt |
correct type on last arg to execl(); nordin@cse.ogi.edu
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE
|
#
1.10 |
|
20-Sep-2000 |
pjanzen |
Change the message if the S/Key sequence has expired. millert@ ok
|
#
1.9 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE OPENBSD_2_6_BASE OPENBSD_2_7_BASE
|
#
1.8 |
|
21-Jun-1998 |
millert |
Remove the advertising clause in my old license, it impedes free use of the code as a large number of similar clauses makes it impossible to write an ad for a product using the code...
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
09-Sep-1997 |
millert |
use setlogin(2).
|
#
1.6 |
|
24-Jul-1997 |
millert |
Add -a (audit all users) flag and do our pipes.
|
#
1.5 |
|
23-Jul-1997 |
millert |
Use _PATH_SKEYKEYS and fix a typo.
|
#
1.4 |
|
23-Jul-1997 |
millert |
close keyfile nicely.
|
#
1.3 |
|
23-Jul-1997 |
millert |
Add a seteuid() just in case someone decides to make this setuid by some uid other than 0.
|
#
1.2 |
|
23-Jul-1997 |
millert |
copyright
|
#
1.1 |
|
23-Jul-1997 |
millert |
Replace skeyaudit.sh with a setuid binary (necessary for mode 0600 skeykeys)
|