Commit Graph

119 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
jnemeth 2e994af332 Display a message indicating who's password is being changed, as per
Jeremy Reed on tech-userlevel.
2007-05-06 09:19:44 +00:00
wiz 54cd24faa5 Get rid of more Kerberos 4 code. 2006-03-23 23:33:28 +00:00
hubertf 8c061da318 Xref pwhash(1),
pointed out by Stefan Schumacher at the Chemnitz Linuxdays
2006-03-07 01:52:09 +00:00
he 8e8728c45c Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications.  The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.
2005-03-04 20:41:08 +00:00
wiz a5924c4e9e YP password -> NIS password. Ok'd by thorpej. 2005-02-28 15:19:59 +00:00
wiz 8168d38f56 Remove COPTS+=-g. 2005-02-28 10:37:49 +00:00
wiz b34e537add infomration -> information. 2005-02-28 10:37:34 +00:00
thorpej feee050f0e user -> principal in the krb5 synopsis. 2005-02-28 02:02:43 +00:00
thorpej c80d0a6dc7 Fix a typo, and sort SEE ALSO correctly. 2005-02-28 02:01:35 +00:00
thorpej 4e63fd43ef Magor rework of passwd(1) for the PAM case. Add "-d <database>" option,
similar to Solaris's "-r <repository" or Mac OS X's "-i <infosystem>",
to select the password database (files, nis, krb5).  Otherwise, we default
to using whatever PAM decides.
2005-02-26 07:19:25 +00:00
thorpej 8c9dd4bba7 Add missing RCS ID. 2005-02-24 05:11:34 +00:00
wiz 823387f1c8 Drop some whitespace
XXX: -p not described.
2005-02-22 01:49:20 +00:00
christos 11e49612c8 Add a PAM passwd module.
XXX: This avoids the issue of supporting separate -l -y -k, but is the behavior
correct? Should passwd -p disable all other passwd methods? Should it become
the default if compiled in?
2005-02-22 01:08:43 +00:00
christos 5b5b914e5a adapt to pw_gensalt() changes. 2005-01-12 03:34:58 +00:00
christos 59bf3abf20 gc unused file. 2005-01-12 00:38:17 +00:00
christos 19917e71c5 use pw_gensalt() and don't dig into libcrypt. 2005-01-11 22:42:30 +00:00
dsl e2a58c7a44 Add (unsigned char) cast to ctype functions
A password containg 80...ff could be reported (incorrectly) as being
all lower case.
2004-10-30 21:05:53 +00:00
lha f911795b30 Switch to krb5_set_password that can handle the RFC3244 (and the older
change password protocol)
2004-10-05 14:12:56 +00:00
sjg 3a0c68edfd Add support for SHA1 hashed passwords.
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).

 * The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *
 * where:
 *      <tag>           is "sha1"
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
2004-07-02 00:05:23 +00:00
agc 89aaa1bb64 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22365, verified by myself.
2003-08-07 11:13:06 +00:00
itojun f4401cd869 upgrade openssl to 0.9.7b. (AES is now supported)
alter des.h to be friendly with openssl/des.h (you can include both in the
same file)
make libkrb to depend on libdes.  bump major.
massage various portioin of heimdal to be friendly with openssl 0.9.7b.
2003-07-24 14:16:30 +00:00
lukem 59efd8a9dd remove unnecessary rules 2003-07-22 12:34:40 +00:00
itojun 6d415bc4b0 use bounded string op 2003-07-14 11:54:06 +00:00
lha 508f668a25 Don't build a separate kpasswd program, passwd can handle Kerberos
password changing. Fixes last part of bin/14988.
2003-04-06 16:35:37 +00:00
lha 919a5f7ede Document when Kerberos will be used.
fixes part of bin/14988
2003-04-05 18:06:52 +00:00
itojun 5f2d0b666f error handling on strdup failure 2002-11-16 15:59:26 +00:00
itojun 9593086444 use strlcpy 2002-11-16 04:34:13 +00:00
itojun e91a21c27c add DPADD. 2002-10-23 01:25:35 +00:00
provos d15e0fa262 password hashing utility that allows des, md5 or bcrypt passwords to be
created in scripts;  tool originally from downsj@openbsd.org;
approved by perry.
2002-10-01 20:48:58 +00:00
grant be8ae688ae New sentence, new line. 2002-09-30 11:08:56 +00:00
itojun 3be26b82ef use arc4random 2002-05-28 11:19:17 +00:00
itojun c89c003ed2 support bcrypt password. can be chosen by "blowfish" keyword in passwd.conf.
from openbsd
2002-05-24 04:02:47 +00:00
thorpej 9c33b55e7c Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

	* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
	  of the infratsructure (libraries, support programs, etc.)

	* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
	  building of support for using the corresponding API
	  in various libraries/programs that can use it.

As discussed on tech-toolchain.
2002-03-22 18:10:19 +00:00
wiz aded0d2cce Whitespace cleanup. 2001-12-01 16:43:07 +00:00
ad 28a9c7f8da Slight change to previous: rebuild the insecure password db if the expiry
time has changed, not just been set.
2001-08-18 19:42:40 +00:00
ad 1e8e78ed07 Update for pw_mkdb() change: restrict updates to one user's records and/or
the secure database where appropriate.
2001-08-18 19:35:32 +00:00
simonb a378517ea4 80 column police. 2001-03-28 03:17:41 +00:00
cgd a8ec668ddf convert to use getprogname() 2001-02-19 23:03:42 +00:00
cgd c52d4f59e8 __progname not used here, so don't extern it 2001-02-13 00:14:58 +00:00
fvdl 176686cd4f In krb5_end, don't try to free the krb5 context if it's not yet
been initialized. Fixes coredump when passwd is called as 'yppasswd'.
2000-11-18 19:29:20 +00:00
simonb 9b22175a26 Remove INSTALLFLAGS=-fschg, as per change to usr.bin/ssh/ssh/Makefile. 2000-10-18 00:24:18 +00:00
ad ec40993b05 Back out previous. 2000-10-09 11:14:59 +00:00
ad 6be1fe9169 Fix warning message. 2000-10-09 11:14:17 +00:00
ad 0db0171979 Back out previous. 2000-10-09 11:14:16 +00:00
ad 7f700a8518 Document new behaviour WRT password expiry, and Xr login.conf. 2000-09-21 11:13:06 +00:00
ad f03c136f00 When not running as the super-user: if the user's password has expired or is
due to expire within _PASSWORD_WARNDAYS (or the setting from login.conf),
force the user to set a different password than the one they are currently
using. (Yes, it's actually worthwhile doing this.)
2000-09-21 11:11:49 +00:00
ad 5ab843adef - sizeof(), not constants.
- snprintf() will always terminate the output string.
- Spacing.
2000-09-18 16:00:41 +00:00
assar 6d7f2da1a1 remove -lvers, it's not used 2000-08-03 22:56:29 +00:00
ad 6b38e4b314 __RCSID(). 2000-08-03 08:25:41 +00:00