File opie-2.4.diff of Package opie
--- opie-2.4/Makefile.in
+++ opie-2.4/Makefile.in
@@ -98,7 +98,7 @@
# of OPIE.
#
# The third is the above using nifty heap debugger called "Electric Fence".
-DEBUG=-O
+#DEBUG=-O
#DEBUG=-DDEBUG=1 -g
#DEBUG=-DDEBUG=1 -g -lefence
@@ -115,14 +115,13 @@
LOCALBIN=@LOCALBIN@
LOCALMAN=@LOCALMAN@
SU=@SU@
-ALT_SU=@ALT_SU@
LOGIN=@LOGIN@
LOCK_DIR=@LOCK_DIR@
OPIEAUTO=@OPIEAUTO@
BACKUP=opie.old
-CFLAGS=$(DEBUG) -Ilibmissing
+CFLAGS+=$(DEBUG) -Ilibmissing
LFLAGS=-Llibopie -Llibmissing -lopie $(LIBS) -lmissing -lopie
LDEPS=libmissing/libmissing.a libopie/libopie.a
@@ -139,15 +138,27 @@
@echo "Copying OPIE key-related files"
@if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi
@cp opiekey $(OPIEAUTO) $(LOCALBIN)
+ @cp opiesu $(OPIEAUTO) $(LOCALBIN)
+ @cp opielogin $(OPIEAUTO) $(LOCALBIN)
+ @cp opieftpd $(OPIEAUTO) $(LOCALBIN)
+ @cp opiegen $(OPIEAUTO) $(LOCALBIN)
@$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey
+ @$(CHOWN) $(OWNER) $(LOCALBIN)/opiesu
+ @$(CHOWN) $(OWNER) $(LOCALBIN)/opielogin
+ @$(CHOWN) $(OWNER) $(LOCALBIN)/opieftpd
+ @$(CHOWN) $(OWNER) $(LOCALBIN)/opiegen
@if test ! -z "$(OPIEAUTO)"; then $(CHOWN) $(OWNER) $(LOCALBIN)/opieauto; fi
@chgrp $(GROUP) $(LOCALBIN)/opiekey
@echo "Changing file permissions"
- @chmod 0511 $(LOCALBIN)/opiekey
+ @chmod 0755 $(LOCALBIN)/opiekey
+ @chmod 0755 $(LOCALBIN)/opieftpd
+ @chmod 0755 $(LOCALBIN)/opiegen
+ @chmod 0755 $(LOCALBIN)/opielogin
+ @chmod 4755 $(LOCALBIN)/opiesu
@if test ! -z "$(OPIEAUTO)"; then chmod 0511 $(LOCALBIN)/opieauto; fi
@echo "Symlinking aliases to opiekey"
- @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4
- @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5
+ @-ln -s opiekey $(LOCALBIN)/otp-md4
+ @-ln -s opiekey $(LOCALBIN)/otp-md5
@echo "Installing manual pages"
@-for i in otp-md4 otp-md5; do ln -s opiekey.1 $(LOCALMAN)/man1/$$i.1; done
@if test ! -d $(LOCALMAN)/man1; then $(MKDIR) $(LOCALMAN)/man1; chmod 755 $(LOCALMAN)/man1; fi; cp opiekey.1 $(LOCALMAN)/man1/opiekey.1; $(CHOWN) $(OWNER) $(LOCALMAN)/man1/opiekey.1; chgrp $(GROUP) $(LOCALMAN)/man1/opiekey.1; chmod 644 $(LOCALMAN)/man1/opiekey.1
@@ -163,81 +174,14 @@
@$(CHOWN) $(OWNER) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo
@chgrp $(GROUP) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo
@echo "Changing file permissions"
- @chmod 0555 $(LOCALBIN)/opieinfo
- @chmod 4511 $(LOCALBIN)/opiepasswd
+ @chmod 0755 $(LOCALBIN)/opieinfo
+ @chmod 4755 $(LOCALBIN)/opiepasswd
+
@echo "Installing OPIE system programs..."
- @if test ! -z $(LOGIN); \
- then \
- if test ! $(EXISTS) $(LOGIN).$(BACKUP); \
- then \
- echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; \
- mv $(LOGIN) $(LOGIN).$(BACKUP); \
- echo "Clearing permissions on $(LOGIN)"; \
- chmod 0 $(LOGIN).$(BACKUP); \
- fi; \
- echo "Copying OPIE login to $(LOGIN)"; \
- cp opielogin $(LOGIN); \
- echo "Changing ownership of $(LOGIN)"; \
- $(CHOWN) $(OWNER) $(LOGIN); \
- chgrp $(GROUP) $(LOGIN); \
- echo "Changing file permissions of $(LOGIN)"; \
- chmod 4111 $(LOGIN); \
- fi
- @if test ! -z $(SU); \
- then \
- if test ! $(EXISTS) $(SU).$(BACKUP); \
- then \
- echo "Renaming existing $(SU) to $(SU).$(BACKUP)"; \
- mv $(SU) $(SU).$(BACKUP); \
- echo "Clearing permissions on $(SU)"; \
- chmod 0 $(SU).$(BACKUP); \
- fi; \
- echo "Copying OPIE su to $(SU)"; \
- cp opiesu $(SU); \
- echo "Changing ownership of $(SU)"; \
- $(CHOWN) $(OWNER) $(SU); \
- chgrp $(GROUP) $(SU); \
- echo "Changing file permissions of $(SU)"; \
- chmod 4111 $(SU); \
- fi
- @if test ! -z $(ALT_SU); \
- then \
- if test ! $(EXISTS) $(ALT_SU).$(BACKUP); \
- then \
- echo "Renaming existing $(ALT_SU) to $(ALT_SU).$(BACKUP)"; \
- mv $(ALT_SU) $(ALT_SU).$(BACKUP); \
- echo "Clearing permissions on $(ALT_SU)"; \
- chmod 0 $(ALT_SU).$(BACKUP); \
- fi; \
- echo "Copying OPIE su to $(ALT_SU)"; \
- cp opiesu $(ALT_SU); \
- echo "Changing ownership of $(ALT_SU)"; \
- $(CHOWN) $(OWNER) $(ALT_SU); \
- chgrp $(GROUP) $(ALT_SU); \
- echo "Changing file permissions of $(ALT_SU)"; \
- chmod 4111 $(ALT_SU); \
- fi
- @if test ! -z $(FTPD); \
- then \
- if test ! $(EXISTS) $(FTPD).$(BACKUP); \
- then \
- echo "Renaming existing $(FTPD) to $(FTPD).$(BACKUP)"; \
- mv $(FTPD) $(FTPD).$(BACKUP); \
- echo "Clearing permissions on $(FTPD).$(BACKUP)"; \
- chmod 0 $(FTPD).$(BACKUP); \
- fi; \
- echo "Copying OPIE ftp daemon to $(FTPD)"; \
- cp opieftpd $(FTPD); \
- echo "Changing ownership of $(FTPD)"; \
- $(CHOWN) $(OWNER) $(FTPD); \
- chgrp $(GROUP) $(FTPD); \
- echo "Changing file permissions of $(FTPD)"; \
- chmod 0100 $(FTPD); \
- fi
@echo "Making sure OPIE database file exists";
@touch $(KEY_FILE)
@echo "Changing permissions of OPIE database file"
- @chmod 0644 $(KEY_FILE)
+ @chmod 0600 $(KEY_FILE)
@echo "Changing ownership of OPIE database file"
@$(CHOWN) $(OWNER) $(KEY_FILE)
@chgrp $(GROUP) $(KEY_FILE)
@@ -262,7 +206,7 @@
@echo "Restoring old binaries"
@-for i in $(SU) $(ALT_SU) $(LOGIN) $(FTPD); do FILE=`basename $$i`; if test ! $(EXISTS) $$i.$(BACKUP); then echo "No $$i.$(BACKUP)! Aborting."; exit 1; else echo "Removing $$FILE"; rm $$i || true; echo "Restoring old $$FILE"; mv $$i.$(BACKUP) $$i; fi; done
@echo "Resetting permissions"
- @chmod 4111 $(SU) $(LOGIN)
+ @chmod 4755 $(SU) $(LOGIN)
@chmod 0100 $(FTPD)
@if test ! -z "$(ALT_SU)"; then chmod 4111 $(ALT_SU); fi
@echo "OPIE is now un-installed."
--- opie-2.4/libopie/Makefile.in
+++ opie-2.4/libopie/Makefile.in
@@ -17,7 +17,7 @@
OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o logwtmp.o # sha.o
CC=@CC@
-CFLAGS=$(CFL) -I.. -I../libmissing
+CFLAGS=$(CFL) -fPIC -I.. -I../libmissing
TARGET=libopie.a
all: $(TARGET)
--- opie-2.4/libopie/readpass.c
+++ opie-2.4/libopie/readpass.c
@@ -14,6 +14,8 @@
History:
+ Modified opiereadpass() and fixing off by one. S-
+
Modified by cmetz for OPIE 2.31. Use usleep() to delay after setting
the terminal attributes; this might help certain buggy
systems.
@@ -81,6 +83,9 @@
char kill[4];
char eof[4];
+ if (len < 2) /* AUDIT: useless otherwise */
+ return NULL;
+
memset(erase, 0, sizeof(erase));
memset(kill, 0, sizeof(kill));
memset(eof, 0, sizeof(eof));
@@ -217,7 +222,8 @@
#endif /* unix */
{
- char *c = buf, *end = buf + len, *e;
+ char *c = buf, *end = buf + len-1, *e;/* AUDIT: fixing off by one */
+
#ifdef __OS2__
KBDKEYINFO keyInfo;
#endif /* __OS2__ */
--- opie-2.4/libopie/readrec.c
+++ opie-2.4/libopie/readrec.c
@@ -8,6 +8,7 @@
History:
+ Replaced strcpy() S-
Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and
response values are valid.
Modified by cmetz for OPIE 2.31. Removed active attack protection
@@ -142,7 +143,7 @@
if (strlen(opie->opie_principal) > OPIE_PRINCIPAL_MAX)
(opie->opie_principal)[OPIE_PRINCIPAL_MAX] = 0;
- strcpy(principal, opie->opie_principal);
+ snprintf(principal,sizeof(principal),"%s",opie->opie_principal);/* AUDIT: replaced strcpy()*/
do {
if ((opie->opie_recstart = ftell(f)) < 0)
--- opie-2.4/opieinfo.c
+++ opie-2.4/opieinfo.c
@@ -33,6 +33,7 @@
#include "opie_cfg.h"
#include <stdio.h>
+#include <errno.h>
#if HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
--- opie-2.4/opiepasswd.c
+++ opie-2.4/opiepasswd.c
@@ -14,6 +14,8 @@
History:
+ Replaced strcpy() S-
+
Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
Use opiestrncpy().
Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of
@@ -207,7 +209,7 @@
}
} else {
if (!rval)
- strcpy(seed, opie.opie_seed);
+ snprintf(seed, sizeof(seed), "%s", opie.opie_seed);/* AUDIT: replaced strcpy() */
if (opienewseed(seed) < 0) {
fprintf(stderr, "Error updating seed.\n");
--- opie-2.4/opiesu.c
+++ opie-2.4/opiesu.c
@@ -201,7 +201,7 @@
for (cp = ename; *cp == *dp && *cp; cp++, dp++)
continue;
if (*cp == 0 && (*dp == '=' || *dp == 0)) {
- strcat(buf, eval);
+ snprintf(buf, sizeof(buf), "%s%s",buf, eval); /* XXX: what to do? */
*--ep = buf;
return;
}
@@ -469,8 +469,8 @@
}
if (thisuser.pw_shell && *thisuser.pw_shell)
shell = thisuser.pw_shell;
- if (fulllogin) {
- if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) - 1 < sizeof(termbuf))) {
+ if (fulllogin) {
+ if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) + 1 < sizeof(termbuf))) {
strcat(termbuf, p);
cleanenv[4] = termbuf;
}
--- opie-2.4/opielogin.c.xx 2005-01-24 16:55:48.546071784 +0100
+++ opie-2.4/opielogin.c 2005-01-24 16:55:50.669018940 +0100
@@ -1451,7 +1451,7 @@
attr.c_lflag |= (ISIG | IEXTEN);
catchexit();
- execlp(thisuser.pw_shell, minusnam, 0);
+ execlp(thisuser.pw_shell, minusnam, NULL);
perror(thisuser.pw_shell);
printf("No shell\n");
exit(0);