opie-2.11/ 40755 4101 3565 0 6070255473 10614 5ustar cmetzipv6opie-2.11/misc/ 40755 4101 3565 0 6070043214 11533 5ustar cmetzipv6opie-2.11/misc/README100644 4101 3565 2137 6070043223 12513 0ustar cmetzipv6NRL OPIE Software Distribution, Release 2.05 Miscellaneous Files ============================================ =================== This directory contains assorted things that are even less supported than the rest of the OPIE distribution. If you find bugs in this software, unless you have a solid fixes for them, please do not send us bug reports. opieinfo.sh is the old shell-script version of opieinfo. It is now deprecated. README.MJR describes the functions implemented in deskey.c for DES key crunching. This has not been tested at all for Version 2 and probably will not work without modification. If someone does get this to work, please send us the changes made so that we can incorporate them into a future OPIE release. opieremind(8) is an administrative shell script derived from the keyaudit script in the Bellcore S/Key Version 1 distribution. It requires site-specific customization to operate properly. opieinit(1) is a shell script that emulates the behavior of the S/Key keyinit(1) program. It is designed to aid users in the transition to OPIE Version 2. opie-2.11/misc/deskeyc.c100644 4101 3565 4215 6070043223 13425 0ustar cmetzipv6#include #ifdef HASSTDLIB #include #else #include #endif #include #ifdef __MSDOS__ #include #else /* Assume BSD unix */ #include #include #endif #include "md4.h" #include "des.h" #include "skey.h" #if (defined(__MSDOS__) || defined(MPU8086) || defined(MPU8080) \ || defined(vax) || defined (MIPSEL) || defined(i386)) #define LITTLE_ENDIAN /* Low order bytes are first in memory */ #endif /* Almost all other machines are big-endian */ extern char *getenv(); /* Crunch a key: * DES decrypt the user's pad file and then crank it through MD4 and * collapse to 64 bits. This is defined as the user's starting key. * mjr@tis.com */ int deskeycrunch(result,seed,passwd) char *result; /* 8-byte result */ char *seed; /* Seed, any length */ char *passwd; /* Password, any length */ { MDstruct md; char *padfile; char desobuf[BUFSIZ]; char desibuf[BUFSIZ]; des_key_schedule ks; des_cblock kk; char iv[8]; FILE *desfd; int i; if((padfile = getenv("SKEYPADFILE")) == (char *)0) { fprintf(stderr,"No SKEYPADFILE in environment\n"); return(-1); } if((desfd = fopen(padfile,"r")) == (FILE *)0) { perror(padfile); return(-1); } des_string_to_key(passwd,kk); des_set_key(kk,ks); bzero(passwd,strlen(passwd)); bzero(kk,sizeof(kk)); bzero(iv,sizeof(iv)); /* decrypt our pad file and MD5 it */ MDbegin(&md); while((i = fread(desibuf,1,64,desfd)) >= 8) { if(i % 8 != 0) i = i - (i % 8); des_cbc_encrypt(desibuf,desobuf,i,ks,iv,DES_DECRYPT); MDupdate(&md,(unsigned char *)desobuf,8 * i); } fclose(desfd); if(i < 0) { perror("read"); return(-1); } /* Fold result from 128 to 64 bits */ md.buffer[0] ^= md.buffer[2]; md.buffer[1] ^= md.buffer[3]; #ifdef LITTLE_ENDIAN /* Only works on byte-addressed little-endian machines!! */ memcpy(result,(char *)md.buffer,8); #else /* Default (but slow) code that will convert to * little-endian byte ordering on any machine */ for(i=0;i<2;i++){ register long tmp; tmp = md.buffer[i]; *result++ = tmp; tmp >>= 8; *result++ = tmp; tmp >>= 8; *result++ = tmp; tmp >>= 8; *result++ = tmp; } #endif return 0; } opie-2.11/misc/opieinit100755 4101 3565 1323 6070043223 13375 0ustar cmetzipv6#!/bin/sh # opieinit: Backwards compatibility front-end for opiepasswd # # Portions of this software are Copyright 1995 by Randall Atkinson and Dan # McDonald, All Rights Reserved. All Rights under this copyright are assigned # to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and # License Agreement applies to this software. # # History: # # Fixed header for OPIE 2.01. # Written at NRL for OPIE 2.0. # CONSOLEMODE=1 WHO=""; for i in $*; do case $i in -v) opiepasswd -v; exit 1;; -s) CONSOLEMODE=0; exit 1;; -*) echo "usage: $0 [-h] [-v] [-s] [user_name]"; exit 1;; esac WHO="$i"; done echo "Reminder: Use opiepasswd instead of opieinit" exec opiepasswd $WHO opie-2.11/misc/opieremind100755 4101 3565 4433 6070043223 13715 0ustar cmetzipv6#!/bin/sh # opieinfo: Print a user's current OPIE sequence number and seed # # Portions of this software are Copyright 1995 by Randall Atkinson and Dan # McDonald, All Rights Reserved. All Rights under this copyright are assigned # to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and # License Agreement applies to this software. # # History: # # Header fixed for OPIE 2.01. # Modified at NRL for OPIE 2.0. # Written at Bellcore for the S/Key Version 1 software distribution # (reminder.sh) # # This script will look thru the opiekeys file for # people with sequence numbers less then LOWLIMIT # and send them e-mail remindes to use keyinit soon LOWLIMIT=15 if [ "$1" != "" ] then LOWLIMIT=$1 fi # a copy of notices will go to ADMIN ADMIN=root SUBJECT='Reminder: Run opiepasswd' HOST=`/usr/bin/hostname | cut -f1 -d.` # an opiekeys entry looks like # jsw 0076 la13079 ba20a75528de9d3a # the sequence number is the second entry # for i in `/usr/bin/awk '{print $1}' /etc/opiekeys` do SEQ=`/usr/bin/grep "^$i[ ]" /etc/opiekeys|/usr/bin/awk '{print $2}'` if [ $SEQ -lt $LOWLIMIT ] then KEY=`/usr/bin/grep "^$i[ ]" /etc/opiekeys|/usr/bin/awk '{print $3}'` if [ $SEQ -lt 5 ] then SUBJECT="IMPORTANT: Action REQUIRED!" fi /usr/ucb/Mail -s "$SUBJECT" $i $ADMIN << 'EOF' An automated reminder from the OPIE system: You are nearing the end of your current OPIE sequence for the account $i on $HOST. Your OPIE sequence number is now $SEQ. Each time you log into $HOST, the sequence number is lowered by one. When it reaches zero, you will no longer be able to use OPIE to log into the system. This very well could mean that you will be cut off until you talk to a system administrator. If you have access to an OPIE key generator, you should immediately go to a shell prompt on $HOST and use the command "opiepasswd -s" to reset your sequence number. Be sure to use a different key from your current one, which is $KEY, and you should also change your secret password. If you do not have access to an OPIE key generator and you are able to log into $HOST directly on the console or through a secure terminal or network (if you aren't sure, then it's not secure) you may use the command "opiepasswd" to generate a new key for you. Thanks, Your System Administrators EOF fi done opie-2.11/misc/readme.mjr100644 4101 3565 7461 6070043223 13607 0ustar cmetzipv6 The way S/key's algorithm works is to take a secret seed that you know (which can be any size, practically) and a second seed, which it hashes with MD4 'N' times to generate the Nth response, which is used to authenticate. The server knows the N+1th response and performs one more round of hashing to verify that the response you gave is the correct one. Very clever! Well, the problem is that if you're like most of us, your secret seed is going to be short -- 8 characters or so, and may or may not be in the dictionary. If I intercept your communications, I obtain: The sequence number (it's in the challenge) The public seed (ot18722 or whatever it is) Your response I can then perform a dictionary attack to see if your secret seed is in my dictionary, by performing a lot of hashing. This is one place where MD4/5 is a loser: it's a lot faster than DES. So my dictionary attack may be quite a bit faster. I have a version of the S/key client program "key" that I have modified (mostly for fun) to work a wee bit differently. Instead of using the value I give it as a "private seed" it uses it as a DES key to unlock an encrypted block of random data. The block can be any size. One kb is more than enough. That block is used as my private seed and everything else proceeds normally. Note that with the Ranum "key" program, everything is still completely interoperable with the existing OPIE code -- you just use opie.init -s to set the response value and it all just works from there. The disadvantage of my approach is that I can only generate keys on a machine where I have a copy of my DES-encrypted seed block. That's OK because you only *WANT* to generate keys on a machine you trust. You can forget a dictionary attack because you need to know the hash value of my block of random noise, which, presumably, you haven't got, and even if you had it, you haven't got the ability to decrypt it. (It is assumed that knowing when you have correctly decrypted a block of white noise is *hard*) This version adds a new option to "opie.c" to implement a "-d" flag, telling it to use a DES seed block. If the DES seed block is in use, it calls deskeycrunch() "deskeyc.c" to generate the hash seed, instead of the usual keycrunch(). deskeycrunch() checks for an environment variable "OPIEPADFILE" and uses that as the file name for the DES-encrypted seed block. It simply decrypts it and hashes it. If you gave the wrong DES password, you get an incorrect value -- there's no warning. Generating the DES-encrypted seed block is fairly simple. I did something like: setenv OPIEPADFILE ~/.opiepad cat /etc/termcap | compress | dd bs=1024 count=1 > /tmp/xx des -e < /tmp/xx > $OPIEPADFILE The password I give to encrypt the pad file need not be the same one I use to decrypt it, as long as I always use the same one to decrypt it, my protocol is secure. In fact, whenever I want to change keys there's really no need to replace my pad file -- it'll be decrypted completely differently if I alter the key the slightest. Let's say I want to use OPIE. I can simply initialize myself using my version, as follows: otter-> opie.init -s Updating mjr: Old key: ot5720000 Reminder you need the 6 english words from the opie command. Enter sequence count from 1 to 10000: 999 Enter new key [default ot5720001]: s/key 999 ot5720001 s/key access password: ^Z[1] + Stopped opie.init -s otter-> OPIEPADFILE=/etc/termcap otter-> export OPIEPADFILE otter-> ./key -d 999 ot5720001 Reminder - Do not use key while logged in via telnet or dial-in. Enter secret password: GUST BIRD WEAK EGG FUNK SHOE otter-> fg opie.init -s GUST BIRD WEAK EGG FUNK SHOE ID mjr OPIE is 999 ot5720001 GUST BIRD WEAK EGG FUNK SHOE otter-> I will give a shiny new quarter to anyone who can dictionary attack *that*. Marcus J. Ranum Senior Scientist Trusted Information Systems, Inc. opie-2.11/misc/opieinfo.sh100644 4101 3565 2303 6070043223 13772 0ustar cmetzipv6#!/bin/sh # opieinfo: Print a user's current OPIE sequence number and seed # # Portions of this software are Copyright 1995 by Randall Atkinson and Dan # McDonald, All Rights Reserved. All Rights under this copyright are assigned # to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and # License Agreement applies to this software. # # History: # # Modified at NRL for OPIE 2.05. Substitute @@KEY_FILE@@. # Modified at NRL for OPIE 2.01. Remove hard-coded paths for grep and # awk and let PATH take care of it. Substitute for Makefile # variables $(EXISTS) and $(KEY_FILE). Only compute $WHO if # there's a key file. Got rid of grep since awk can do the job # itself. # Modified at NRL for OPIE 2.0. # Written at Bellcore for the S/Key Version 1 software distribution # (keyinfo) # for i in $*; do case $i in -v) opiekey -v; # `basename $0`/opiekey -v; ? exit 1;; -*) echo "usage: $0 [-h] [-v] [user_name]"; exit 1;; esac done if [ @@EXISTS@@ @@KEY_FILE@@ ] then WHO=${1:-`@@WHOAMI@@`} awk '/^'$WHO'[ \t]/ {print $2-1,$3}' @@KEY_FILE@@ exit 0 else echo "Can't find key file." exit 1 fi opie-2.11/COPYRIGHT.NRL100644 4101 3565 6461 6070043271 12634 0ustar cmetzipv6# @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 COPYRIGHT NOTICE All of the documentation and software included in this software distribution from the US Naval Research Laboratory (NRL) are copyrighted by their respective developers. Portions of the software are derived from the Net/2 and 4.4 Berkeley Software Distributions (BSD) of the University of California at Berkeley and those portions are copyright by The Regents of the University of California. All Rights Reserved. The UC Berkeley Copyright and License agreement is binding on those portions of the software. In all cases, the NRL developers have retained the original UC Berkeley copyright and license notices in the respective files in accordance with the UC Berkeley copyrights and license. Portions of this software and documentation were developed at NRL by various people. Those developers have each copyrighted the portions that they developed at NRL and have assigned All Rights for those portions to NRL. Outside the USA, NRL has copyright on some of the software developed at NRL. The affected files all contain specific copyright notices and those notices must be retained in any derived work. NRL LICENSE NRL grants permission for redistribution and use in source and binary forms, with or without modification, of the software and documentation created at NRL provided that the following conditions are met: 1. All terms of the UC Berkeley copyright and license must be followed. 2. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 3. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 4. All advertising materials mentioning features or use of this software must display the following acknowledgements: This product includes software developed by the University of California, Berkeley and its contributors. This product includes software developed at the Information Technology Division, US Naval Research Laboratory. 5. Neither the name of the NRL nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The views and conclusions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of the US Naval Research Laboratory (NRL). ---------------------------------------------------------------------- opie-2.11/opielogin.c100644 4101 3565 75233 6070043277 13071 0ustar cmetzipv6/* opielogin.c: The infamous /bin/login Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Since we don't seem to use the result of opiechallenge() anymore, discard it. Changed BSD4_3 to HAVE_GETTTYNAM. Other symbol changes for autoconf. Removed obselete usage comment. Removed des_crypt.h. File renamed to opielogin.c. Added bletch for setpriority. Added slash between MAIL_DIR and name. Modified at NRL for OPIE 2.02. Flush stdio after printing login prompt. Fixed Solaris shadow password problem introduced in OPIE 2.01 (the shadow password structure is spwd, not spasswd). Modified at NRL for OPIE 2.01. Changed password lookup handling to use a static structure to avoid problems with drain- bamaged shadow password packages. Make sure to close syslog by function to avoid problems with drain bamaged syslog implementations. Log a few interesting errors. Modified at NRL for OPIE 2.0. Modified at Bellcore for the Bellcore S/Key Version 1 software distribution. Originally from BSD. */ /* * Portions of this software are * Copyright (c) 1980,1987 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ #ifndef lint char copyright[] = "@(#) Copyright (c) 1980 Regents of the University of California,\n\ All Rights Reserved.\n"; #endif /* not lint */ #ifndef lint static char sccsid[] = "@(#)login.c 5.20 (Berkeley) 10/1/87"; #endif /* not lint */ #include "opie_cfg.h" /* OPIE: defines symbols for filenames & pathnames */ #include #include #include #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H #if TIME_WITH_SYS_TIME # include # include #else /* TIME_WITH_SYS_TIME */ #if HAVE_SYS_TIME_H #include #else /* HAVE_SYS_TIME_H */ #include #endif /* HAVE_SYS_TIME_H */ #endif /* TIME_WITH_SYS_TIME */ #include #else /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ #if TM_IN_SYS_TIME #include #else /* TM_IN_SYS_TIME */ #include #endif /* TM_IN_SYS_TIME */ #endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ #include #include #include #include /* POSIX Password routines */ #include #include #include /* Basic POSIX macros and functions */ #include /* POSIX terminal I/O */ #include /* ANSI C string functions */ #include /* File I/O functions */ #include #include #include #include /* contains types needed for next include file */ #include /* Inet addr<-->ascii functions */ #include #ifdef QUOTA #include #endif struct utmp utmp; #if HAVE_GETTTYNAM #include /* non-portable routines used only a few places */ #include #endif /* HAVE_GETTTYNAM */ #include "opie.h" #ifndef DODISC /* Is the line discipline code even necessary? */ #define DODISC 0 #endif /* DODISC */ #if DOUTMPX /* On many System V systems, we include and use extended utmp -- utmpx because the ut_host member is present in utmpx but not utmp. The defines in opie_cfg.h should also help with portability. */ #include struct utmpx utmpx; #endif /* DOUTMPX */ void getutmpentry __ARGS((char *, struct UTMPX *)); void pututmpentry __ARGS((char *, struct UTMPX *)); #define TTYGID(gid) tty_gid(gid) /* gid that owns all ttys */ #define NMAX sizeof(UTMPX.ut_name) #define HMAX sizeof(UTMPX.ut_host) #if HAVE_LASTLOG_H #include #endif /* HAVE_LASTLOG_H */ int rflag = 0; int usererr = -1; int stopmotd; char rusername[NMAX + 1]; char name[NMAX + 1] = ""; char me[MAXHOSTNAMELEN]; char *rhost; char minusnam[16] = "-"; char *envinit[1]; /* now set by setenv calls */ char term[64] = "\0"; /* important to initialise to a NULL string */ char host[sizeof(UTMPX.ut_host)] = "\0"; struct passwd nouser; struct passwd thisuser; #if HAVE_SHADOW_H #include #endif /* HAVE_SHADOW_H */ #if DOTTYPROMPT char *ttyprompt; int first = 1; #endif /* DOTTYPROMPT */ #ifdef PERMSFILE extern char *home; #endif /* PERMSFILE */ struct termios attr, attrnoecho; extern int errno; static int ouroptind; static char *ouroptarg; #if HAVE_LASTLOG_H #ifndef _PATH_LASTLOG #define _PATH_LASTLOG "/var/adm/lastlog" #endif /* _PATH_LASTLOG */ char lastlog[] = _PATH_LASTLOG; #endif /* HAVE_LASTLOG_H */ /* * The "timeout" variable bounds the time given to login. * We initialize it here for safety and so that it can be * patched on machines where the default value is not appropriate. */ int timeout = 300; void getstr __ARGS((char *, int, char *)); void closelog __ARGS((void)); #if HAVE_CRYPT_H #include #endif /* HAVE_CRYPT_H */ #ifdef TIOCSWINSZ /* Windowing variable relating to JWINSIZE/TIOCSWINSZ/TIOCGWINSZ. This is available on BSDish systems and at least Solaris 2.x, but portability to other systems is questionable. Use within this source code module is protected by suitable defines. I'd be interested in hearing about a more portable approach. rja */ struct winsize win = {0, 0, 0, 0}; #endif /*------------------ BEGIN REAL CODE --------------------------------*/ /* We allow the malloc()s to potentially leak data out because we can only call this routine about four times in the lifetime of this process and the kernel will free all heap memory when we exit or exec. */ int lookupuser() { struct passwd *pwd; #if HAVE_SHADOW struct spwd *spwd; #endif /* HAVE_SHADOW */ memcpy(&thisuser, &nouser, sizeof(thisuser)); if (!(pwd = getpwnam(name))) return -1; thisuser.pw_uid = pwd->pw_uid; thisuser.pw_gid = pwd->pw_gid; if (!(thisuser.pw_name = malloc(strlen(pwd->pw_name) + 1))) goto lookupuserbad; strcpy(thisuser.pw_name, pwd->pw_name); if (!(thisuser.pw_dir = malloc(strlen(pwd->pw_dir) + 1))) goto lookupuserbad; strcpy(thisuser.pw_dir, pwd->pw_dir); if (!(thisuser.pw_shell = malloc(strlen(pwd->pw_shell) + 1))) goto lookupuserbad; strcpy(thisuser.pw_shell, pwd->pw_shell); #if HAVE_SHADOW if (!(spwd = getspnam(name))) goto lookupuserbad; pwd->pw_passwd = spwd->sp_pwdp; endspent(); #endif /* HAVE_SHADOW */ if (!(thisuser.pw_passwd = malloc(strlen(pwd->pw_passwd) + 1))) goto lookupuserbad; strcpy(thisuser.pw_passwd, pwd->pw_passwd); endpwent(); return ((thisuser.pw_passwd[0] == '*') || (thisuser.pw_passwd[0] == '#')); lookupuserbad: memcpy(&thisuser, &nouser, sizeof(thisuser)); return -1; } void getloginname() { register char *namep; char c, d; memset(name, 0, sizeof(name)); d = 0; while (name[0] == '\0') { namep = name; #if DOTTYPROMPT if (ttyprompt) { if (first) first--; else printf(ttyprompt); } else #endif /* DOTTYPROMPT */ printf("login: "); fflush(stdout); if (++d == 3) exit(0); while (1) { c = getchar(); if (feof(stdin) || (c == EOF)) { syslog(LOG_CRIT, "End-of-file on stdin!"); exit(0); } c = c & 0x7f; if (c == '\n' || c == '\r') break; if (c < 32) continue; if (c == ' ') c = '_'; if (namep < (name + sizeof(name))) *namep++ = c; } } } void timedout(i) int i; { /* input variable declared just to keep the compiler quiet */ printf("Login timed out after %d seconds\n", timeout); syslog(LOG_CRIT, "Login timed out after %d seconds!", timeout); exit(0); } void catch(i) int i; { /* the input variable is declared to keep the compiler quiet */ signal(SIGINT, SIG_IGN); stopmotd++; } void catchexit() { int i; tcsetattr(STDIN_FILENO, TCSANOW, &attr); putchar('\n'); closelog(); for (i = sysconf(_SC_OPEN_MAX); i > 2; i--) close(i); } int rootterm(ttyn) char *ttyn; { #if HAVE_GETTTYNAM /* The getttynam() call and the ttyent structure first appeared in 4.3 BSD and are not portable to System V systems such as Solaris 2.x. or modern versions of IRIX rja */ register struct ttyent *t; char *tty; tty = strrchr(ttyn, '/'); if (tty == NULL) tty = ttyn; else tty++; if ((t = getttynam(tty)) != NULL) return (t->ty_status & TTY_SECURE); return (1); /* when in doubt, allow root logins */ #elif HAVE_ETC_DEFAULT_LOGIN FILE *filno; char line[128]; char *next, *next2; /* SVR4 only permits two security modes for root logins: 1) only from CONSOLE, if the string "CONSOLE=/dev/console" exists and is not commented out with "#" characters, or 2) from anywhere. So we open /etc/default/login file grab the file contents one line at a time verify that the line being tested isn't commented out check for the substring "CONSOLE" and decide whether to permit this attempted root login/su. */ if ((filno = fopen("/etc/default/login", "r")) != NULL) { while (fgets(line, 128, filno) != NULL) { next = line; if ((line[0] != '#') && (next = strstr(line, "CONSOLE"))) { next += 7; /* get past the string "CONSOLE" */ while (*next && (*next == ' ') || (*next == '\t')) next++; if (*(next++) != '=') break; /* some weird character, get next line */ next2 = next; while (*next2 && (*next2 != '\t') && (*next2 != ' ') && (*next2 != '\n')) next2++; *next2 = 0; return !strcmp(ttyn, next); /* Allow the login if and only if the user's terminal line matches the setting for CONSOLE */ } } /* end while another line could be obtained */ } /* end if could open file */ return (1); /* when no CONSOLE line exists, root can login from anywhere */ #elif DOSECURETTY { FILE *f; char buffer[1024], *c; int rc = 0; if (!(f = fopen(SECURETTY, "r"))) return 1; if (c = strstr(ttyn, "/dev/")) ttyn += 5; if (c = strrchr(ttyn, '/')) ttyn = ++c; while (fgets(buffer, sizeof(buffer), f)) { if (c = strrchr(buffer, '\n')) *c = 0; if (!(c = strrchr(buffer, '/'))) c = buffer; else c++; if (!strcmp(c, ttyn)) rc = 1; }; fclose(f); return rc; } #else return (1); /* when in doubt, allow root logins */ #endif } int doremotelogin(host) char *host; { int rc; getstr(rusername, sizeof(rusername), "remuser"); getstr(name, sizeof(name), "locuser"); getstr(term, sizeof(term), "Terminal type"); if (getuid()) { memcpy(&thisuser, &nouser, sizeof(thisuser)); syslog(LOG_ERR, "getuid() failed"); return (-1); } if (lookupuser()) { syslog(LOG_ERR, "lookup failed for user %s", name); return (-1); } rc = ruserok(host, !thisuser.pw_uid, rusername, name); if (rc == -1) { syslog(LOG_ERR, "ruserok failed, host=%s, uid=%d, remote username=%s, local username=%s", host, thisuser.pw_uid, rusername, name); } return rc; } void getstr(buf, cnt, err) char *buf; int cnt; char *err; { char c; do { if (read(0, &c, 1) != 1) exit(1); if (--cnt < 0) { printf("%s too long\r\n", err); syslog(LOG_CRIT, "%s too long", err); exit(1); } *buf++ = c; } while ((c != 0) && (c != '~')); } struct speed_xlat { char *c; int i; } speeds[] = { #ifdef B0 { "0", B0 }, #endif /* B0 */ #ifdef B50 { "50", B50 }, #endif /* B50 */ #ifdef B75 { "75", B75 }, #endif /* B75 */ #ifdef B110 { "110", B110 }, #endif /* B110 */ #ifdef B134 { "134", B134 }, #endif /* B134 */ #ifdef B150 { "150", B150 }, #endif /* B150 */ #ifdef B200 { "200", B200 }, #endif /* B200 */ #ifdef B300 { "300", B300 }, #endif /* B300 */ #ifdef B600 { "600", B600 }, #endif /* B600 */ #ifdef B1200 { "1200", B1200 }, #endif /* B1200 */ #ifdef B1800 { "1800", B1800 }, #endif /* B1800 */ #ifdef B2400 { "2400", B2400 }, #endif /* B2400 */ #ifdef B4800 { "4800", B4800 }, #endif /* B4800 */ #ifdef B7200 { "7200", B7200 }, #endif /* B7200 */ #ifdef B9600 { "9600", B9600 }, #endif /* B9600 */ #ifdef B14400 { "14400", B14400 }, #endif /* B14400 */ #ifdef B19200 { "19200", B19200 }, #endif /* B19200 */ #ifdef B28800 { "28800", B28800 }, #endif /* B28800 */ #ifdef B38400 { "38400", B38400 }, #endif /* B38400 */ #ifdef B57600 { "57600", B57600 }, #endif /* B57600 */ #ifdef B115200 { "115200", B115200 }, #endif /* B115200 */ #ifdef B230400 { "230400", B230400 }, #endif /* 230400 */ { NULL, 0 } }; void doremoteterm(term) char *term; { register char *cp = strchr(term, '/'); char *speed; struct speed_xlat *x; if (cp) { *cp++ = '\0'; speed = cp; cp = strchr(speed, '/'); if (cp) *cp++ = '\0'; for (x = speeds; x->c != NULL; x++) if (strcmp(x->c, speed) == 0) { cfsetispeed(&attr, x->i); cfsetospeed(&attr, x->i); break; } } } int tty_gid(default_gid) int default_gid; { struct group *gr; int gid = default_gid; gr = getgrnam(TTYGRPNAME); if (gr != (struct group *) 0) gid = gr->gr_gid; endgrent(); return (gid); } int main(argc, argv) int argc; char *argv[]; { /* variables */ extern char **environ; register char *namep; struct opie opie; int invalid, quietlog; FILE *nlfd; char *tty, host[256]; int pflag = 0, hflag = 0, fflag = 0; int t, c; int i; char *p, *domain; char opieprompt[OPIE_CHALLENGE_MAX + 1]; int pwok, af_pwok; char *pp; char buf[256]; int fflags, orig_fflags; int uid; int opiepassed; /* initialisation */ host[0] = '\0'; opieprompt[0] = '\0'; if (p = getenv("TERM")) { #ifdef DEBUG fprintf(stderr, "Environment TERM=%s", p); #endif /* DEBUG */ strncpy(term, p, sizeof(term)); }; memset(&nouser, 0, sizeof(nouser)); nouser.pw_uid = -1; nouser.pw_gid = -1; nouser.pw_passwd = "#nope"; nouser.pw_name = nouser.pw_gecos = nouser.pw_dir = nouser.pw_shell = ""; #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H setpriority(PRIO_PROCESS, 0, 0); #endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ signal(SIGALRM, timedout); alarm(timeout); signal(SIGQUIT, SIG_IGN); signal(SIGINT, SIG_IGN); #if DOTTYPROMPT ttyprompt = (char *) getenv("TTYPROMPT"); #endif /* TTYPROMPT */ #ifdef QUOTA quota(Q_SETUID, 0, 0, 0); #endif gethostname(me, sizeof(me)); domain = strchr(me, '.'); #ifdef DEBUG { int foo; printf("my args are: (argc=%d)\n", foo = argc); while (--foo) printf("%d: %s\n", foo, argv[foo]); } #endif /* DEBUG */ /* Some OSs pass environment variables on the command line. All of them except for TERM get eaten. */ i = argc; while (--i) if (strchr(argv[i], '=')) { #ifdef DEBUG printf("eating %s\n", argv[i]); #endif /* DEBUG */ argc--; if (!strncmp(argv[i], "TERM=", 5)) { strncpy(term, &(argv[i][5]), sizeof(term)); term[sizeof(term) - 1] = 0; #ifdef DEBUG printf("passed TERM=%s, ouroptind = %d\n", term, i); #endif /* DEBUG */ } } /* Implement our own getopt()-like functionality, but do so in a much more strict manner to prevent security problems. */ for (ouroptind = 1; ouroptind < argc; ouroptind++) { i = 0; if (argv[ouroptind]) if (argv[ouroptind][0] == '-') if (i = argv[ouroptind][1]) if (!argv[ouroptind][2]) switch (i) { case 'd': if (++ouroptind == argc) exit(1); /* The '-d' option is apparently a performance hack to get around ttyname() being slow. The potential does exist for it to be used for malice, and it does not seem to be strictly necessary, so we will just eat it. */ break; case 'r': if (rflag || hflag || fflag) { printf("Other options not allowed with -r\n"); exit(1); } if (++ouroptind == argc) exit(1); ouroptarg = argv[ouroptind]; if (!ouroptarg) exit(1); rflag = 1; doremotelogin(ouroptarg); strncpy(host, ouroptarg, sizeof(host)); if ((domain != NULL) && (p = strchr(ouroptarg, '.')) && (strcmp(p, domain) == 0)) { *p = 0; } strncpy(host, ouroptarg, sizeof(host)); break; case 'h': if (getuid() == 0) { if (rflag || hflag || fflag) { printf("Other options not allowed with -h\n"); exit(1); } hflag = 1; if (++ouroptind == argc) exit(1); ouroptarg = argv[ouroptind]; if (!ouroptarg) exit(1); strncpy(host, ouroptarg, sizeof(host)); if ((domain != NULL) && (p = strchr(ouroptarg, '.')) && (strcmp(p, domain) == 0)) *p = 0; strncpy(host, ouroptarg, sizeof(host)); } break; case 'f': if (rflag) { printf("Only one of -r and -f allowed\n"); exit(1); } fflag = 1; if (++ouroptind == argc) exit(1); ouroptarg = argv[ouroptind]; if (!ouroptarg) exit(1); strncpy(name, ouroptarg, sizeof(name)); break; case 'p': pflag = 1; break; } else i = 0; if (!i) { ouroptarg = argv[ouroptind++]; strncpy(name, ouroptarg, sizeof(name)); break; } } for (t = sysconf(_SC_OPEN_MAX); t > 2; t--) close(t); #ifdef TIOCNXCL /* BSDism: not sure how to rewrite for POSIX. rja */ ioctl(0, TIOCNXCL, 0); /* set non-exclusive use of tty */ #endif /* get original termio attributes */ if (tcgetattr(STDIN_FILENO, &attr) != 0) return (-1); /* If talking to an rlogin process, propagate the terminal type and baud rate across the network. */ if (rflag) doremoteterm(term); /* Force termios portable control characters to the system default values as specified in termios.h. This should help the one-time password login feel the same as the vendor-supplied login. Common extensions are also set for completeness, but these are set within appropriate defines for portability. */ #define CONTROL(x) (x - 64); #ifdef VEOF #ifdef CEOF attr.c_cc[VEOF] = CEOF; #else /* CEOF */ attr.c_cc[VEOF] = CONTROL('D'); #endif /* CEOF */ #endif /* VEOF */ #ifdef VEOL #ifdef CEOL attr.c_cc[VEOL] = CEOL; #else /* CEOL */ attr.c_cc[VEOL] = CONTROL('J'); #endif /* CEOL */ #endif /* VEOL */ #ifdef VERASE #ifdef CERASE attr.c_cc[VERASE] = CERASE; #else /* CERASE */ attr.c_cc[VERASE] = CONTROL('H'); #endif /* CERASE */ #endif /* VERASE */ #ifdef VINTR #ifdef CINTR attr.c_cc[VINTR] = CINTR; #else /* CINTR */ attr.c_cc[VINTR] = CONTROL('C'); #endif /* CINTR */ #endif /* VINTR */ #ifdef VKILL #ifdef CKILL attr.c_cc[VKILL] = CKILL; #else /* CKILL */ attr.c_cc[VKILL] = CONTROL('U'); #endif /* CKILL */ #endif /* VKILL */ #ifdef VQUIT #ifdef CQUIT attr.c_cc[VQUIT] = CQUIT; #else /* CQUIT */ attr.c_cc[VQUIT] = CONTROL('\\'); #endif /* CQUIT */ #endif /* VQUIT */ #ifdef VSUSP #ifdef CSUSP attr.c_cc[VSUSP] = CSUSP; #else /* CSUSP */ attr.c_cc[VSUSP] = CONTROL('Z'); #endif /* CSUSP */ #endif /* VSUSP */ #ifdef VSTOP #ifdef CSTOP attr.c_cc[VSTOP] = CSTOP; #else /* CSTOP */ attr.c_cc[VSTOP] = CONTROL('S'); #endif /* CSTOP */ #endif /* VSTOP */ #ifdef VSTART #ifdef CSTART attr.c_cc[VSTART] = CSTART; #else /* CSTART */ attr.c_cc[VSTART] = CONTROL('Q'); #endif /* CSTART */ #endif /* VSTART */ #ifdef VDSUSP #ifdef CDSUSP attr.c_cc[VDSUSP] = CDSUSP; #else /* CDSUSP */ attr.c_cc[VDSUSP] = 0; #endif /* CDSUSP */ #endif /* VDSUSP */ #ifdef VEOL2 #ifdef CEOL2 attr.c_cc[VEOL2] = CEOL2; #else /* CEOL2 */ attr.c_cc[VEOL2] = 0; #endif /* CEOL2 */ #endif /* VEOL2 */ #ifdef VREPRINT #ifdef CRPRNT attr.c_cc[VREPRINT] = CRPRNT; #else /* CRPRNT */ attr.c_cc[VREPRINT] = 0; #endif /* CRPRNT */ #endif /* VREPRINT */ #ifdef VWERASE #ifdef CWERASE attr.c_cc[VWERASE] = CWERASE; #else /* CWERASE */ attr.c_cc[VWERASE] = 0; #endif /* CWERASE */ #endif /* VWERASE */ #ifdef VLNEXT #ifdef CLNEXT attr.c_cc[VLNEXT] = CLNEXT; #else /* CLNEXT */ attr.c_cc[VLNEXT] = 0; #endif /* CLNEXT */ #endif /* VLNEXT */ attr.c_lflag |= ICANON; /* enable canonical input processing */ attr.c_lflag &= ~ISIG; /* disable INTR, QUIT,& SUSP signals */ attr.c_lflag |= (ECHO | ECHOE); /* enable echo and erase */ #ifdef ONLCR /* POSIX does not specify any output processing flags, but the usage below is SVID compliant and is generally portable to modern versions of UNIX. */ attr.c_oflag |= ONLCR; /* map CR to CRNL on output */ #endif #ifdef ICRNL attr.c_iflag |= ICRNL; #endif /* ICRNL */ attr.c_oflag |= OPOST; attr.c_lflag |= ICANON; /* enable canonical input */ attr.c_lflag |= ECHO; attr.c_lflag |= ECHOE; /* enable ERASE character */ attr.c_lflag |= ECHOK; /* enable KILL to delete line */ attr.c_cflag |= HUPCL; /* hangup on close */ memcpy(&attrnoecho, &attr, sizeof(struct termios)); attrnoecho.c_lflag &= ~(ECHO | ECHOK | ECHOE); /* disable echoing */ /* Set revised termio attributes */ if (tcsetattr(STDIN_FILENO, TCSANOW, &attr) != 0) return (-1); atexit(catchexit); tty = ttyname(0); if (tty == (char *) 0 || *tty == '\0') tty = "UNKNOWN"; /* was: "/dev/tty??" */ #if HAVE_SETVBUF && defined(_IONBF) #if SETVBUF_REVERSED setvbuf(stdout, _IONBF, NULL, 0); setvbuf(stderr, _IONBF, NULL, 0); #else /* SETVBUF_REVERSED */ setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); #endif /* SETVBUF_REVERSED */ #endif /* HAVE_SETVBUF && defined(_IONBF) */ #ifdef DEBUG fprintf(stderr, "tty = %s\n", tty); #endif /* DEBUG */ openlog("login", LOG_ODELAY, LOG_AUTH); atexit(closelog); t = 0; invalid = TRUE; af_pwok = opieaccessfile(host); getutmpentry(tty, &UTMPX); if (name[0]) if (name[0] == '-') { fprintf(stderr, "User names can't start with '-'.\n"); syslog(LOG_AUTH, "Attempt to use invalid username: %s.", name); exit(1); } else invalid = lookupuser(); atexit(catchexit); do { /* If remote login take given name, otherwise prompt user for something. */ if (invalid && !name[0]) { getloginname(); invalid = lookupuser(); } #ifdef DEBUG printf("login name is -%s-, of length %d, [0] = %d\n", name, strlen(name), name[0]); #endif /* DEBUG */ if (fflag) { uid = getuid(); if (uid != 0 && uid != thisuser.pw_uid) fflag = 0; /* Disallow automatic login for root. */ if (thisuser.pw_uid == 0) fflag = 0; } if (feof(stdin)) exit(0); /* If no remote login authentication and a password exists for this user, prompt for and verify a password. */ if (!fflag && *thisuser.pw_passwd) { #ifdef DEBUG printf("login name is -%s-, of length %d, [0] = %d\n", name, strlen(name), name[0]); #endif /* DEBUG */ /* Attempt a one-time password challenge */ opiechallenge(&opie, name, opieprompt); if (!memcmp(&thisuser, &nouser, sizeof(thisuser))) if (host[0]) syslog(LOG_WARNING, "Invalid login attempt for %s on %s from %s.", name, tty, host); else syslog(LOG_WARNING, "Invalid login attempt for %s on %s.", name, tty); pwok = af_pwok && opiealways(thisuser.pw_dir); printf("%s\n", opieprompt); if (!pwok) printf("(OTP response required)\n"); printf("Password:"); fflush(stdout); /* Use blocking I/O for now */ orig_fflags = fcntl(STDIN_FILENO, F_GETFL, 0); memcpy(&fflags, &orig_fflags, sizeof(int)); fflags &= ~O_NONBLOCK; fcntl(STDIN_FILENO, F_SETFL, fflags); if (tcsetattr(STDIN_FILENO, TCSANOW, &attrnoecho)) return (-1); /* Read password */ fgets(buf, sizeof(buf), stdin); opiestrip_crlf(buf); if (feof(stdin)) invalid = TRUE; if (tcsetattr(STDIN_FILENO, TCSANOW, &attr)) return -1; if (strlen(buf) == 0) { /* Null line entered, so display appropriate prompt & flush current data. */ printf(" (echo on)\nPassword:"); fflush(stdout); fgets(buf, sizeof(buf), stdin); opiestrip_crlf(buf); if (feof(stdin)) invalid = TRUE; } else printf("\n"); /* Restore previous tty modes */ fcntl(STDIN_FILENO, F_SETFL, orig_fflags); /* Once opieverify() is called, this information is gone */ i = opiegetsequence(&opie); opiepassed = !opieverify(&opie, buf); #ifdef DEBUG fprintf(stderr, "opiepassed = %d\n", opiepassed); #endif /* DEBUG */ if (!invalid) { if (opiepassed) { /* OPIE authentication succeeded */ if (i < 5) { printf("Warning: Change your OTP secret pass phrase NOW!\n"); } else { if (i < 10) { printf("Warning: Change your OTP secret pass phrase.\n"); } } } else { /* Try regular password check, if allowed */ if (pwok) { pp = crypt(buf, thisuser.pw_passwd); invalid = strcmp(pp, thisuser.pw_passwd); } else invalid = TRUE; } } } /* If user not super-user, check for logins disabled. */ if (thisuser.pw_uid) { if (nlfd = fopen(NO_LOGINS_FILE, "r")) { while ((c = getc(nlfd)) != EOF) putchar(c); fflush(stdout); sleep(5); exit(0); } } /* If valid so far and root is logging in, see if root logins on this terminal are permitted. */ if (!invalid && !thisuser.pw_uid && !rootterm(tty)) { if (host[0]) syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s FROM %.*s", tty, HMAX, host); else syslog(LOG_CRIT, "ROOT LOGIN REFUSED ON %s", tty); invalid = TRUE; } /* If invalid, then log failure attempt data to appropriate system logfiles and close the connection. */ if (invalid) { printf("Login incorrect\n"); if (host[0]) syslog(LOG_ERR, "LOGIN FAILURE ON %s FROM %.*s, %.*s", tty, HMAX, host, sizeof(name), name); else syslog(LOG_ERR, "LOGIN FAILURE ON %s, %.*s", tty, sizeof(name), name); if (++t >= 5) exit(1); } if (*thisuser.pw_shell == '\0') thisuser.pw_shell = "/bin/sh"; if ((chdir(thisuser.pw_dir) < 0) && !invalid) { if (chdir("/") < 0) { printf("No directory!\n"); invalid = TRUE; } else { printf("No directory! %s\n", "Logging in with HOME=/"); strcpy(thisuser.pw_dir, "/"); } } /* Remote login invalid must have been because of a restriction of some sort, no extra chances. */ if (invalid) { if (!usererr) exit(1); name[0] = 0; } } while (invalid); /* Committed to login -- turn off timeout */ alarm(0); #ifdef QUOTA if (quota(Q_SETUID, thisuser.pw_uid, 0, 0) < 0 && errno != EINVAL) { if (errno == EUSERS) printf("%s.\n%s.\n", "Too many users logged on already", "Try again later"); else if (errno == EPROCLIM) printf("You have too many processes running.\n"); else perror("quota (Q_SETUID)"); sleep(5); exit(0); } #endif strncpy(UTMPX.ut_host, host, sizeof(UTMPX.ut_host)); strncpy(UTMPX.ut_name, name, sizeof(UTMPX.ut_name)); #ifdef USER_PROCESS UTMPX.ut_type = USER_PROCESS; #endif /* USER_PROCESS */ pututmpentry(tty, &UTMPX); quietlog = !access(QUIET_LOGIN_FILE, F_OK); #if HAVE_LASTLOG_H { int f; if ((f = open(lastlog, O_RDWR)) >= 0) { struct lastlog ll; lseek(f, (long)thisuser.pw_uid * sizeof(struct lastlog), 0); if ((sizeof(ll) == read(f, (char *) &ll, sizeof(ll))) && (ll.ll_time != 0) && (!quietlog)) { printf("Last login: %.*s ", 24 - 5, (char *) ctime(&ll.ll_time)); if (*ll.ll_host != '\0') printf("from %.*s\n", sizeof(ll.ll_host), ll.ll_host); else printf("on %.*s\n", sizeof(ll.ll_line), ll.ll_line); } lseek(f, (long)thisuser.pw_uid * sizeof(struct lastlog), 0); time(&ll.ll_time); strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); strncpy(ll.ll_host, host, sizeof(ll.ll_line)); write(f, (char *) &ll, sizeof ll); close(f); } } #endif /* HAVE_LASTLOG_H */ chown(tty, thisuser.pw_uid, TTYGID(thisuser.pw_gid)); #ifdef TIOCSWINSZ /* POSIX does not specify any interface to set/get window sizes, so this is not portable. It should work on most recent BSDish systems and the defines should protect it on older System Vish systems. It does work under Solaris 2.4, though it isn't clear how many other SVR4 systems support it. I'd be interested in hearing of a more portable approach. rja */ if (!hflag && !rflag) ioctl(0, TIOCSWINSZ, &win); /* set window size to 0,0,0,0 */ #endif chmod(tty, 0622); setgid(thisuser.pw_gid); initgroups(name, thisuser.pw_gid); #ifdef QUOTA quota(Q_DOWARN, thisuser.pw_uid, (dev_t) - 1, 0); #endif #ifdef PERMSFILE home = thisuser.pw_dir; permsfile(name, tty, thisuser.pw_uid, thisuser.pw_gid); fflush(stderr); #endif /* PERMSFILE */ setuid(thisuser.pw_uid); /* destroy environment unless user has asked to preserve it */ if (!pflag) environ = envinit; setenv("HOME", thisuser.pw_dir, 1); setenv("SHELL", thisuser.pw_shell, 1); if (!term[0]) { #if HAVE_GETTTYNAM /* * The getttynam() call and the ttyent structure first appeared in 4.3 BSD. * They are not portable to System V systems such as Solaris 2.x. * rja */ register struct ttyent *t; register char *c; if (c = strrchr(tty, '/')) c++; else c = tty; if (t = getttynam(c)) strncpy(term, t->ty_type, sizeof(term)); else #endif /* HAVE_GETTTYNAM */ strcpy(term, "unknown"); } setenv("USER", name, 1); setenv("LOGNAME", name, 1); setenv("PATH", DEFAULT_PATH, 0); if (term[0]) { #ifdef DEBUG printf("setting TERM=%s\n", term); #endif /* DEBUG */ setenv("TERM", term, 1); } if ((namep = strrchr(thisuser.pw_shell, '/')) == NULL) namep = thisuser.pw_shell; else namep++; strcat(minusnam, namep); if (tty[sizeof("tty") - 1] == 'd') syslog(LOG_INFO, "DIALUP %s, %s", tty, name); if (!thisuser.pw_uid) if (host[0]) syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s", tty, HMAX, host); else syslog(LOG_NOTICE, "ROOT LOGIN %s", tty); #if !HAVE_MOTD_IN_PROFILE if (!quietlog) { FILE *mf; register c; signal(SIGINT, catch); if ((mf = fopen(MOTD_FILE, "r")) != NULL) { while ((c = getc(mf)) != EOF && !stopmotd) putchar(c); fclose(mf); } signal(SIGINT, SIG_IGN); } #endif /* !HAVE_MOTD_IN_PROFILE */ #if !HAVE_MAILCHECK_IN_PROFILE if (!quietlog) { struct stat st; char buf[128]; int len; strncpy(buf, MAIL_DIR, sizeof(buf) - 2); buf[sizeof(buf) - 2] = 0; len = strlen(buf); if (*(buf + len - 1) != '/') { *(buf + len) = '/'; *(buf + len + 1) = 0; } strcat(buf, name); #if DEBUG fprintf(stderr, "statting %s\n", buf); #endif /* DEBUG */ if (!stat(buf, &st) && st.st_size) printf("You have %smail.\n", (st.st_mtime > st.st_atime) ? "new " : ""); } #endif /* !HAVE_MAILCHECK_IN_PROFILE */ signal(SIGALRM, SIG_DFL); signal(SIGQUIT, SIG_DFL); signal(SIGINT, SIG_DFL); signal(SIGTSTP, SIG_IGN); attr.c_lflag |= (ISIG | IEXTEN); catchexit(); execlp(thisuser.pw_shell, minusnam, 0); perror(thisuser.pw_shell); printf("No shell\n"); exit(0); } /* EOF login.c */ opie-2.11/INSTALL100644 4101 3565 30701 6070045763 11762 0ustar cmetzipv6NRL OPIE Software Distribution, Release 2.1 Installation Instructions =========================================== ========================= Did you read the README file? If not, please go do so, then come back here. There is information in the README file that you will probably need to know in order to build and use OPIE, and you are better off doing it before you try to compile and install it. Bleeding-Edge Installation ========================== A new feature in OPIE is support for installation using the FSF/GNU autoconf package. We have designed things such that you should be able to use either the autoconf installation or the manual, non-autoconf, installation without them interfering with each other. If you want a procedure for installing OPIE that is more careful, please skip to the section titled, "Installing OPIE the Right Way." If we haven't scared you off yet, try running the command: sh configure And then follow the instructions in the next section, using the name "autoconf" as your system target (i.e., "make autoconf-all" and "make autoconf-install" might be the commands you use). Please submit a bug report (see the README file) if you notice any problems installing OPIE using this procedure. It's still somewhat experimental for us. Quick Installation ================== If your system has been tested with OPIE, we have provided reasonable defaults for it that should work. If you would like to use our configuration defaults for OPIE and believe that there is nothing out of the ordinary about your system that would cause our defaults to be incorrect, you can use the quick installation procedure to get up and running with OPIE in a matter of a few minutes (your mileage may vary, of course, depending on your system performance). If you encounter any problems, please go through the real installation procedure before blaming the OPIE software. In order to use the quick installation method, you need to know two things: the System name for your system and the Target for what you want to do. You already know the System because you read the README file. This leaves you with the choice of a Target. The available Targets are: Name Action ----------------------------------------------------------------- client Builds the opiekey(1) client ONLY client-install Above, plus installs it, its aliases, and the associated man pages server Builds the server programs ONLY server-install Above, plus installs them and associated man pages all Builds everything install Above, plus installs them, opiekey's aliases, and the associated man pages Once you have these two pieces of information, your make command is "make -". Type this, cross your fingers, and you should have a working copy of NRL OPIE. Two examples of doing things this way are "make bsdos-install" and "make 44bsd-all". You can also use just "Make " as a shorthand if the Target is "all". Installing OPIE the Right Way ============================= For these instructions, we assume that you are on the system console. There is no secure way to install OPIE without being on the system console. In order to install OPIE, you will need to have access to an account with superuser (root) privileges as well as access to an account with normal user privileges. After unpacking the OPIE source distribution, make sure that the permissions of the directory that contains the distribution as well as all of the directories above it allow both of these accounts to access the distribution directory. These instructions also assume that the destination directory for the OPIE binaries that you set in the Makefile is in the PATH of the user used to test most of the system. It is usually a security risk to have local binary directories (for example, /usr/local/bin) in the PATH of a superuser-privileged account. This also assumes that you have not disabled certain network services such as telnet, FTP, and rlogin. If you have, please skip the appropriate steps. 0. Back up your system! If you don't have a backup and either the OPIE software or a mistake on your part results in your system being trashed, it's *your* fault and *your* problem! We don't expect this to ever happen, but if it does, you should have a backup handy so you can fix it. 1. Edit the Makefile and make the changes appropriate for your system. For platforms OPIE has been tested on, you should be able to simply uncomment the appropriate parameters. For others, you will need to supply your own values for many of the parameters. 2. Type "make realclean" to remove any previous build files, then type "make" to compile the OPIE software. 3. Get into a superuser (root) shell. 4. DO NOT EXIT THE SUPERUSER SHELL UNTIL INSTRUCTED TO DO SO. Doing so could leave you in a bad position should the OPIE software not work properly. 5. Type "./opiepasswd -c ", where the parameter specifies the name of the normal account you will use to test OPIE. Enter a temporary secret pass phrase that is at least ten characters long. opiepasswd will give you an output at the end something like: ID kebe OPIE key is 499 wi80161 TOG HIND BULB GIN FOLD CALF 6. Type "./opiekey 499 ", where the parameter is the seed given to you by opiepasswd (in this example, wi80161). Enter the same secret pass phrase you used for opiepasswd. Check to make sure that the six word response given to you by opiekey is the same as the one given to you by opiepasswd. If it is not, repeat (5) and (6) once more. If they continue to differ, the OPIE software is not working properly on your machine. 7. Type "make test". This will install the OPIE software into your local directories, but will not replace the system binaries login, su, and ftpd. If you encounter any errors, make sure to fix them before moving on. 8. Type "opiekey -n 7 499 ", where is the same as the one you used in (6). Remember this time to omit the "./" part. Make sure the output on the line for "499" is the same as what you got from opiepasswd and from (6). If you get an error telling you that opiekey cannot be found, make sure the place you specified for BINDIR in the Makefile (usually /usr/local/bin) is in your PATH. Write down the output from this program on the lines starting with 495, 496, 497, and 498 -- you will need it for later steps. 9. Type "./opiesu ", where is the same name you used in (5). 10. Type "./opiesu " again. It should now ask you for a password. Press the enter key once. It should say "(echo on)" and ask you for a password again. Enter the six words (and only the six words) on the line starting with 498 that you got from (8). If it says "Sorry", repeat this once. If it still says "Sorry", the OPIE software is not working properly on your machine. 11. Type "./opiesu -c ". It should now ask you for a password after admonishing you to never run it this way from remote. Enter the normal, system password for the user. If it tells you that you don't seem to be on the console or says "Sorry" even after repeating this step once more, then the OPIE software is not working on your system. 12. Type "opieinfo". You should get a response like: 497 wi80161 Check to make sure the second part matches the you've been using. 13. Type "./opielogin ", where is the username you have been using. It should now ask you for a password. Press the enter key once. It should say "(echo on)" and ask you for a password again. Enter the six words (and only the six words) on the line starting with 497 that you got from (8). If it responds with "Login incorrect", repeat this once. If it still says "Login incorrect", the OPIE software is not working properly on your machine. If it works, but displays your message of the day twice, you need to change the setting of MOTD to zero in the Makefile and start over. 14. Type "exit" four times. You should now be back to your original superuser shell. 15. Type "make install". This will install the OPIE replacements for login, su, and ftpd. The installation process will try to rename your old programs to their original names with an extension of ".opie.old". WARNING: IF FILES WITH THOSE NAMES ALREADY EXIST, THEN YOUR OLD PROGRAMS WILL NOT BE BACKED UP! 16. Type "ftp localhost". Enter the username you have been using at the prompt. Check to see that you receive a line that reads something like: 331 OTP response otp-md5 496 wi80161 required for kebe. If you do not see a line like this, then you either did not install the OPIE replacement program in the proper directory (in which case, you need to change the value in the Makefile and start over) or you are using an "enhanced" client program that will not allow users to see challenges, in which case you need to contact the author of your "enhanced" client for an updated version that fixes this deficiency. If you do see a line like this, then enter the six words on the line starting with 496 that you got from (8). Note that they will not echo. Type "lcd /tmp", then type "cd ", where is the directory where the OPIE software distribution is located. Type "dir" and make sure that you get a listing. Then type "get README". If you get any errors or don't get a listing, the OPIE software is not working properly on your machine. Type "quit". 17. Type "telnet localhost". When it asks for a login, enter the username that you have been using. Do the same thing as you did for (13), using the six words on the line starting with 495. 18. Type "exit". 19. Type "rlogin localhost -l username". Do the same thing as you did for (13), using the six words on the line starting with 494. 20. Type "exit". 21. Type "opiepasswd -c root". Enter a temporary secret pass phrase for the root account that is at least ten characters long. Make sure you don't forget it, but don't write it down. 22. Type "opiekey `opieinfo root`". Enter the secret pass phrase you used in (20). Write down the six words that it gives you. 23. Log out of the machine. (All the way out -- you can exit your superuser shell now) 24. Enter your user name at the appropriate prompt. 25. If you are given an OPIE challenge, make sure that it is not followed by "(OTP response required)". Enter the six words on the line starting with 493. Once you are logged in, log back out and enter your user name once again at the appropriate prompt. If you are not given an OPIE challenge, you need not worry -- some systems, especially those with graphical logins, will not support OPIE on the console. Since OPIE is not necessary on the console, this is not a problem. 26. Enter your normal password for the system (NOT your OPIE secret pass phrase). Check to make sure you can log in on the console correctly. 27. Type "su". You should be asked for an OPIE response. Enter the six words you got from (21). 28. Type "opiepasswd -c ". Enter a secret pass phrase for the superuser account. Make sure you don't forget this secret pass phrase, but don't write it down. 29. Type "opiepasswd -c ", where is the user name you used earlier. Enter a permanent secret pass phrase for that account. Again, make sure you don't forget the secret pass phrase, but don't write it down. 30. OPIE should now be installed and ready on your system. You should get all of your users to log in (on the console, if you can) and run "opiepasswd" to set a secret pass phrase for their accounts. If you encountered any problems, you may be able to run "make uninstall" to remove the OPIE software from your system and revert back to almost the way things were before. We make no claims as to this process actually working, however. You are best advised to do this by hand. Copyright ========= Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. opie-2.11/install-sh100644 4101 3565 11244 6070043274 12726 0ustar cmetzipv6#! /bin/sh # # install - install a program, script, or datafile # This comes from X11R5. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. # # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" tranformbasename="" transform_arg="" instcmd="$mvprog" chmodcmd="$chmodprog 0755" chowncmd="" chgrpcmd="" stripcmd="" rmcmd="$rmprog -f" mvcmd="$mvprog" src="" dst="" dir_arg="" while [ x"$1" != x ]; do case $1 in -c) instcmd="$cpprog" shift continue;; -d) dir_arg=true shift continue;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; -s) stripcmd="$stripprog" shift continue;; -t=*) transformarg=`echo $1 | sed 's/-t=//'` shift continue;; -b=*) transformbasename=`echo $1 | sed 's/-b=//'` shift continue;; *) if [ x"$src" = x ] then src=$1 else # this colon is to work around a 386BSD /bin/sh bug : dst=$1 fi shift continue;; esac done if [ x"$src" = x ] then echo "install: no input file specified" exit 1 else true fi if [ x"$dir_arg" != x ]; then dst=$src src="" if [ -d $dst ]; then instcmd=: else instcmd=mkdir fi else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] then true else echo "install: $src does not exist" exit 1 fi if [ x"$dst" = x ] then echo "install: no destination specified" exit 1 else true fi # If destination is a directory, append the input filename; if your system # does not like double slashes in filenames, you may need to add some logic if [ -d $dst ] then dst="$dst"/`basename $src` else true fi fi ## this sed command emulates the dirname command dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` # Make sure that the destination directory exists. # this part is taken from Noah Friedman's mkinstalldirs script # Skip lots of stat calls in the usual case. if [ ! -d "$dstdir" ]; then defaultIFS=' ' IFS="${IFS-${defaultIFS}}" oIFS="${IFS}" # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` IFS="${oIFS}" pathcomp='' while [ $# -ne 0 ] ; do pathcomp="${pathcomp}${1}" shift if [ ! -d "${pathcomp}" ] ; then $mkdirprog "${pathcomp}" else true fi pathcomp="${pathcomp}/" done fi if [ x"$dir_arg" != x ] then $doit $instcmd $dst && if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi else # If we're going to rename the final executable, determine the name now. if [ x"$transformarg" = x ] then dstfile=`basename $dst` else dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename if [ x"$dstfile" = x ] then dstfile=`basename $dst` else true fi # Make a temp file name in the proper directory. dsttmp=$dstdir/#inst.$$# # Move or copy the file name to the temp name $doit $instcmd $src $dsttmp && trap "rm -f ${dsttmp}" 0 && # and set any options; do chmod last to preserve setuid bits # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $instcmd $src $dsttmp" command. if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && $doit $mvcmd $dsttmp $dstdir/$dstfile fi && exit 0 opie-2.11/Makefile.source100644 4101 3565 50706 6070256471 13677 0ustar cmetzipv6## # Makefile.source and Makefile: Directions for building and installing OPIE. # # Portions of this software are Copyright 1995 by Randall Atkinson and Dan # McDonald, All Rights Reserved. All Rights under this copyright are assigned # to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and # License Agreement applies to this software. # # History: # # Modified at NRL for OPIE 2.11: Fixed fatal mistype of Autoconf. # Modified at NRL for OPIE 2.1: Changed targets to reflect source # file name changes. Changed explanation and flags for static # linking. Changed opieinfo target. Removed WHOAMI. Added # Autoconf targets. Changed if conditionals to use test # instead of [. Changed SU_DIR to SU to help autoconf. # Changed FTPDIR and FTPDNAME to FTPD to help autoconf. # Changed HP-UX to HP-UX9 and HP-UX10. Make uninstall # target depend on config. HPUX *is* no longer necessary, but # something does have to be there. Sub in Autoconf @CC@. # Modified at NRL for OPIE 2.04: Re-worded explanation of SU_STAR_CHECK. # Modified at NRL for OPIE 2.02: Added SU_STAR_CHECK flag. # Modified at NRL for OPIE 2.01: Test target makes opiesu and opielogin # setuid. install target clears that. uninstall target needs to # remove the opiekey symlinks. opieinfo target needs to # substitute for $(EXISTS). ifdefs target needs to check for # starting hash. $(LDFLAGS) and -o should be at the end of all # link commands to spoon-feed drain bamaged link editors. Added # A/UX defaults. # Modified heavily at NRL for OPIE 2.0. # Written at Bellcore for the S/Key Version 1 software distribution # (Makefile). #============================================================================ # CONFIGURATION PARAMETERS -- CHANGE THESE TO SUIT YOUR MACHINE # Shell to use for make(1) # It's usually a good idea to leave this as-is. On some systems, ksh or bash # may be necessary SHELL=/bin/sh # Where is chown(1)? # Solaris #CHOWN=/usr/bin/chown # AIX, HP-UX9, HP-UX10, Linux, A/UX #CHOWN=/bin/chown # BSD/OS, 4.4BSD, FreeBSD, NetBSD #CHOWN=/usr/sbin/chown # IRIX #CHOWN=/sbin/chown # SunOS #CHOWN=/usr/etc/chown # Autoconf #CHOWN=@CHOWN@ # What flag to test(1) will indicate existence? # # The '-e' flag is exactly what we want. Which makes it little surprise that # not all systems have it. We'll live with the '-f' flag, which will only # work with real files (i.e., it won't handle symlinks and wierder things # properly) # # BSD/OS, FreeBSD, NetBSD, Linux, 4.4BSD #EXISTS=-e # SunOS, IRIX, HP-UX9, HP-UX10, AIX, Solaris, A/UX #EXISTS=-f # Autoconf #EXISTS=@EXISTS@ # How should we call mkdir(1) to make directories if they aren't there? # # We want to call mkdir with the -p flag to make parent directories, # but many systems don't have this flag. # # BSD/OS, FreeBSD, NetBSD, Linux, SunOS, AIX, 4.4BSD #MKDIR=mkdir -p # IRIX, HP-UX9, HP-UX10, A/UX #MKDIR=mkdir # Autoconf #MKDIR=@MKDIR@ # OWNER is the username who should own the OPIE binaries. # GROUP is the groupname associated with the OPIE binaries. # OWNER=root GROUP=bin # Ranlib is only needed on BSD systems. # Using "true" happens to be a handy makefile hack for System V machines. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD #RANLIB=ranlib # Solaris, HP-UX9, HP-UX10, IRIX, A/UX #RANLIB=true # Autoconf RANLIB=@RANLIB@ # LOCALBIN is the place where user-installed binaries reside. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD, Solaris, HP-UX9, HP-UX10, IRIX, A/UX #LOCALBIN=/usr/local/bin #LOCALBIN=/usr/contrib/bin # Autoconf #LOCALBIN=@LOCALBIN@ # LOCALMAN is the place where user-installed manual pages reside. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD, Solaris, HP-UX9, HP-UX10, IRIX, A/UX #LOCALMAN=/usr/local/man #LOCALMAN=/usr/contrib/man #LOCALMAN=/usr/share/man #LOCALMAN=/usr/man/man # Autoconf #LOCALMAN=@LOCALMAN@ # Where is the su(1) program? # Solaris, SunOS, BSD/OS, 4.4BSD, Linux, FreeBSD, NetBSD #SU=/usr/bin/su # HP-UX9, HP-UX10, AIX, IRIX, A/UX #SU=/bin/su # Autoconf #SU=@SU@ # Is there another location to which opiesu should be copied? (i.e., /sbin) # Solaris, IRIX #ALT_SU=/sbin/su # Autoconf #ALT_SU=@ALT_SU@ # Where is the login(1) binary? # Solaris, SunOS, BSD/OS, 4.4BSD, FreeBSD, NetBSD #LOGIN=/usr/bin/login # HP-UX9, HP-UX10, AIX, Linux, A/UX #LOGIN=/bin/login # IRIX #LOGIN=/usr/lib/iaf/scheme # Autoconf #LOGIN=@LOGIN@ # What should the default PATH be? # Note that the supplied defaults vary slightly from that of some # of the operating systems. Also note that OPIE does not support some # systems' notion of a second default path for root -- if you are root, then # you need to use a shell configuration file to set up any special path # entries. # BSD/OS, 4.4BSD, HP-UX9, HP-UX10, Linux, Solaris, FreeBSD, NetBSD, A/UX #DEFAULT_PATH=/usr/bin:/bin # SunOS #DEFAULT_PATH=/usr/ucb:/usr/bin:/bin # IRIX #DEFAULT_PATH=/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11 # AIX #DEFAULT_PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin # Autoconf #DEFAULT_PATH=@DEFAULT_PATH@ # Where should the OPIE key database be stored? KEY_FILE=/etc/opiekeys # Should we support a trusted access file, and, if so, where should it go? # # Sites who have to choose between opening up this security hole and not # having OPIE at all will need to enable this option. It is highly recommended # that you do *not* enable this option and leave this line commented. #ACCESS_FILE="-DACCESS_FILE=\"/etc/opieaccess\"" # Where is the FTP daemon? # Solaris, Linux #FTPD=/usr/sbin/in.ftpd # SunOS #FTPD=/usr/etc/in.ftpd # IRIX #FTPD=/usr/etc/ftpd # BSD/OS, 4.4BSD, FreeBSD, NetBSD #FTPD=/usr/libexec/ftpd # HP-UX9, AIX, A/UX #FTPD=/etc/ftpd # HP-UX10 #FTPD=/usr/lbin/ftpd # Autoconf #FTPD=@FTPD@ # What flags should be passed to the linker? # # Some systems (e.g. Solaris) need to explicitly include network libraries # (e.g. nsl, socket). # # Also, on some systems, you may wish to build the OPIE programs statically # linked to prevent attacks based on the shared library system. (Solaris # requires some stub libraries that are not included here in order to be # able to do this). No system with shared libraries should need OPIE built # statically to be secure, but, then again, no system should have security # bugs, either. # # Solaris #LDFLAGS=-lnsl -lsocket # FreeBSD #LDFLAGS=-lcrypt # A/UX #LDFLAGS=-lposix # Systems with GCC #LDFLAGS=-static # Autoconf #LDFLAGS=@LIBS@ # Compile-time options for OPIE: # # * System type: # # -DSOLARIS=1 If your system is Solaris (implies SVR4=1) # -DSUNOS=1 If your system is SunOS (implies BSD4_3=1) # -DBSD=1 If your system is like BSD # -DBSD4_3=1 If your system is like 4.3BSD (implies BSD=1) # -DSYSV=1 If your system is like System V # -DSVR4=1 If your system is like System V Release 4 (-> SYSV=1) # -DIS_A_SYSV=1 If your system is like System V and -DSYSV=1 fails # -DIS_A_BSD=1 If your system is like BSD and -DBSD=1 fails # # * Haves and needs # -DHAVE_DIRENT=1 If your system has dirent-style directory routines # -DNEED_GETENV=1 If your system doesn't have getenv(3) # -DNEED_SETENV=1 If your system doesn't have setenv(3) # -DNEED_STRERROR=1 If your system doesn't have strerror(3) # -DNEED_GETUSERSHELL=1 If your system doesn't have getusershell(3) # and endusershell(3) # -DNEED_ATEXIT=1 If your system doesn't have atexit(3) # -DNEED_STRING=1 If your system doesn't have strchr(3) and strrchr(3) # but does have index(3) and rindex(3) # # * Vendor-compatible "features" # # -DDOUTMPX=1 If your system uses a utmpx file along with a utmp # -DDOSECURETTY=1 If you want to use an /etc/securetty file to control # which terminals root can log in from # -DPERMSFILE="" Change the permissions of certain devices on login, # as specified in # -DDOWHEEL=1 Implement the BSD "wheel group" su restriction # (only members of group 0 can su) # -DDOTITLE=1 Change the process info of ftpd so that ps listings # will show status information # -DDOMOTD=0 If your system's login program *doesn't* display # /etc/motd and check for mail (i.e., it is done in # shell scripts like /etc/profile and /etc/.login) # # * Miscellaneous # # -DDOANONYMOUS=1 If you want ftpd to support anonymous logins # whenever an "ftp" account exists in /etc/passwd. # # -DSYS_FCNTL_H=1 Use instead of . # -DMJR=1 Support Marcus J. Ranum's scheme to prevent # dictionary attacks. (see README.MJR) # IRIX #OPTIONS=-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1 # Solaris #OPTIONS=-DSOLARIS=1 -DDOMOTD=0 # SunOS #OPTIONS=-DSUNOS # BSD/OS, 4.4BSD, FreeBSD, NetBSD #OPTIONS=-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask # Linux #OPTIONS=-DDOSECURETTY=1 # HP-UX9, HP-UX10 #OPTIONS=-DSYSV=1 # AIX #OPTIONS=-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1 # A/UX #OPTIONS=-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE # Autoconf #OPTIONS=@DEFS@ # Which message-digest algorithm do you want to use? # # MD5 is the default and highly recommended because it is stronger. Sites # migrating from Bellcore S/Key v1 might want to use MD4 for compatibility # reasons. Support for MD4 will be removed in a future version of OPIE. MDX=5 #MDX=4 # Do you want to ask users to re-type their secret passwords when calculating # responses? # # Doing so will help eliminate errors due to mistypes at the cost of user # annoyance. #RETYPE=1 RETYPE=0 # Do you want to generate per-user lock files to serialize OPIE logins? # # Doing so will help prevent an attack based on a race condition at the # cost of user annoyance and opening up a denial-of-service attack. USER_LOCKING=1 #USER_LOCKING=0 # Do you want to use ANSI C prototypes when compiling? # # Some systems with not-really-ANSI compilers break with prototypes. PROTOTYPES=1 #PROTOTYPES=0 # Do you want su(8) to be able to switch to accounts that have been # disabled (via a pw_passwd field of '*' or '#')? # # The traditional behavior (SU_STAR_CHECK == 0) is that a su run by root # can switch to any account. Sites that want to prevent root from su'ing # to a disabled ("starred out") account should set SU_STAR_CHECK = 1 below. SU_STAR_CHECK=0 #SU_STAR_CHECK=1 # Which C compiler should we use? # # On many systems, GNU C (gcc) may be the best choice because that is what # we used for OPIE development. You need an ANSI C compiler to build OPIE. # Some K&R-with-extensions compilers (ie, SunOS, HP-UX) might work. Straight # K&R most likely will not. # # Solaris users: You need to use either GNU C or the unbundled SunPro C # compiler to build OPIE. The BSD compatible compiler in /usr/ucb/cc will # probably not work properly for the same reasons the SunOS one won't. # # SunOS and HP-UX users: The compiler shipped with your system is NOT ANSI # and probably will not compile OPIE correctly. Your best course of action # is to get and install GNU C. HP also makes an added-cost ANSI C compiler # for HP-UX systems. If you would like to try to install OPIE using the # compiler that comes with SunOS or HP-UX, uncommment the first line # below. If it doesn't work properly, don't say that we didn't warn you. # # If your /bin/cc groks ANSI C, then use it #CC=cc # SunOS, HP-UX9, HP-UX10, A/UX #CC=gcc # HP-UX with the optional ANSI C compiler #CC=cc -A # Autoconf #CC=@CC@ # The first line will build a normal version of OPIE. # # The second is for brave souls porting OPIE to a new system or trying to # debug it and should definitely NOT be used to build a production copy # of OPIE. # # The third uses a nifty heap debugger called "Electric Fence" DEBUG= #DEBUG=-DDEBUG -g #DEBUG=-DDEBUG -g -lefence # Which yacc program should we use? # If you don't know, just leave it alone. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD, Solaris, HP-UX9, HP-UX10, IRIX, A/UX #YACC=yacc # Autoconf #YACC=@YACC@ # Uncomment the lines below beginning with "DES" if you are using the MJR # variant. See README.MJR for more details. #DESINCLUDE= ../libdes #DESLIB= $(DESINCLUDE)/libdes.a #DESFLAGS= -I$(DESINCLUDE) # END OF NORMAL CONFIGURATION PARAMETERS -- DON'T TOUCH THINGS BELOW HERE #========================================================================= BACKUP=opie.old LIBOBJS=opiesubr.o opiesubr2.o md4c.o md5c.o put.o utmp.o accessfile.o CFLAGS=-DPROTOTYPES=$(PROTOTYPES) -DMDX=$(MDX) -DRETYPE=$(RETYPE) $(DEBUG) \ -DKEY_FILE=\"$(KEY_FILE)\" -DDEFAULT_PATH=\"$(DEFAULT_PATH)\" \ $(ACCESS_FILE) $(OPTIONS) -DOPTION_STRING=\""$(OPTIONS)"\" \ -DUSER_LOCKING=$(USER_LOCKING) -DSU_STAR_CHECK=$(SU_STAR_CHECK) config: @if test -z "$(OPTIONS)"; then echo "Did you read the README file?"; exit 1; fi @if test -z "$(EXISTS)"; then echo "Did you read the README file?"; exit 1; fi check: config @if test ! -x "$(CHOWN)"; then echo "Check your value for CHOWN."; exit 1; fi @if test ! -x "$(WHOAMI)"; then echo "Check your value for WHOAMI."; exit 1; fi @if test ! -d "$(LOCALBIN)"; then echo "Check your value for LOCALBIN."; exit 1; fi @if test ! -d "$(LOCALMAN)"; then echo "Check your value for LOCALMAN."; exit 1; fi @if test ! $(EXISTS) "$(SU)"; then echo "Check your value for SU."; exit 1; fi @if test ! -z "$(ALT_SU)"; then if test ! $(EXISTS) "$(ALT_SU)"; then echo "Check your value for ALT_SU."; exit 1; fi; fi @if test ! $(EXISTS) "$(LOGIN)"; then echo "Check your value for LOGIN."; exit 1; fi @if test ! -d "$(FTP_DIR)"; then echo "Check your value for FTP_DIR."; exit 1; fi @if test ! $(EXISTS) "$(FTPD_NAME)"; then echo "Check your value for FTPD_NAME."; exit 1; fi @if test ! -z "$(ACCESS_FILE)"; then echo "Remember that ACCESS_FILE opens up a security hole!"; fi ifdefs: egrep '^#*if*def' *.c *.h | cut -f2 -d: | sort | uniq client: config libopie.a opiekey client-install: config client @echo "Installing OPIE client software..." @echo "Copying OPIE key-related files" @if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi @cp opiekey $(LOCALBIN) @$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey @chgrp $(GROUP) $(LOCALBIN)/opiekey @echo "Changing file permissions" @chmod 0511 $(LOCALBIN)/opiekey @echo "Symlinking aliases to opiekey" @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/opie-md4 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/opie-md5 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/key @echo "Installing manual pages" @-for i in opie-md4 opie-md5 opie-des otp-md4 otp-md5; do ln -s opiekey.1 $(LOCALMAN)/man1/$$i.1; done @if test ! -d $(LOCALMAN)/man1; then $(MKDIR) $(LOCALMAN)/man1; chmod 755 $(LOCALMAN)/man1; fi; cp opiekey.1 $(LOCALMAN)/man1/opiekey.1; $(CHOWN) $(OWNER) $(LOCALMAN)/man1/opiekey.1; chgrp $(GROUP) $(LOCALMAN)/man1/opiekey.1; chmod 644 $(LOCALMAN)/man1/opiekey.1 server: config opielogin opiesu opiepasswd opieinfo opieftpd server-test: server @echo "Installing OPIE server software..." @echo "Copying OPIE user programs" @if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi @cp opiepasswd opieinfo $(LOCALBIN) @echo "Changing ownership" @$(CHOWN) $(OWNER) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo @chgrp $(GROUP) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo @echo "Changing file permissions" @chmod 0555 $(LOCALBIN)/opieinfo @chmod 4511 $(LOCALBIN)/opiepasswd @echo "Preparing opiesu and opielogin for testing" @$(CHOWN) $(OWNER) opiesu opielogin @chgrp $(GROUP) opiesu opielogin @chmod 4511 opiesu opielogin test: server-test server-install: server-test @echo "Clearing testing permissions on opiesu and opielogin" @chmod 0111 opiesu opielogin @echo "Installing OPIE system programs..." @if test ! $(EXISTS) $(LOGIN).$(BACKUP); then echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; mv $(LOGIN) $(LOGIN).$(BACKUP); echo "Clearing permissions on old $(LOGIN)"; chmod 0 $(LOGIN).$(BACKUP); fi @echo "Copying opielogin to $(LOGIN)" @cp opielogin $(LOGIN) @echo "Changing ownership of $(LOGIN)" @$(CHOWN) $(OWNER) $(LOGIN) @chgrp $(GROUP) $(LOGIN) @echo "Changing file permissions of $(LOGIN)" @chmod 4111 $(LOGIN) @if test ! $(EXISTS) $(SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(SU) $(SU).$(BACKUP); echo "Clearing permissions on old su"; chmod 0 $(SU).$(BACKUP); fi @-if test ! -z "$(ALT_SU)"; then if test ! $(EXISTS) $(ALT_SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(ALT_SU) $(ALT_SU).$(BACKUP); fi; echo "Copying opiesu to su"; cp opiesu $(ALT_SU); echo "Changing ownership"; $(CHOWN) $(OWNER) $(ALT_SU); chgrp $(GROUP) $(ALT_SU); echo "Changing file permissions"; chmod 4111 $(ALT_SU); echo "Clearning permissions on old su"; chmod 0 $(ALT_SU).$(BACKUP); fi @echo "Copying opiesu to su" @cp opiesu $(SU) @echo "Changing ownership of su" @$(CHOWN) $(OWNER) $(SU) @chgrp $(GROUP) $(SU) @echo "Changing file permissions of su" @chmod 4111 $(SU) @if test ! $(EXISTS) $(FTPD).$(BACKUP); then echo "Renaming existing ftp daemon to $(FTPD).$(BACKUP)"; mv $(FTPD) $(FTPD).$(BACKUP); echo "Clearing permissions on old ftp daemon"; chmod 0 $(FTPD).$(BACKUP); fi @echo "Copying OPIE ftp daemon" @cp opieftpd $(FTPD) @echo "Changing ownership of ftpd" @$(CHOWN) $(OWNER) $(FTPD) @chgrp $(GROUP) $(FTPD) @echo "Changing file permissions of ftpd" @chmod 0100 $(FTPD) @echo "Creating OPIE key file" @touch $(KEY_FILE) @echo "Changing permissions of OPIE key file" @chmod 0644 $(KEY_FILE) @echo "Changing ownership of OPIE key file" @$(CHOWN) $(OWNER) $(KEY_FILE) @chgrp $(GROUP) $(KEY_FILE) @-if test ! -z "$(ACCESS_FILE)"; then echo "Creating OPIE access file (don't say we didn't warn you)"; FILE=`echo $(ACCESS_FILE) | sed 's:^-DACCESS_FILE="\(.*\)":\1:'`; touch $$FILE; $(CHOWN) 0 $$FILE; chgrp 0 $$FILE; chmod 0444 $$FILE; fi; @echo "Installing manual pages" @if test ! -d $(LOCALMAN); then $(MKDIR) $(LOCALMAN); chmod 755 $(LOCALMAN); fi @for i in 1 4 5 8; do for j in *.$$i; do if test ! -d $(LOCALMAN)/man$$i; then $(MKDIR) $(LOCALMAN)/man$$i; chmod 755 $(LOCALMAN)/man$$i; fi; cp $$j $(LOCALMAN)/man$$i/$$j; $(CHOWN) $(OWNER) $(LOCALMAN)/man$$i/$$j; chgrp $(GROUP) $(LOCALMAN)/man$$i/$$j; chmod 644 $(LOCALMAN)/man$$i/$$j; done; done @echo "REMEMBER to run opiepasswd on your users immediately." install: client-install server-install uninstall: config @echo "Un-installing OPIE..." @echo "Removing symlinks" @-for i in opie-md4 opie-md5 otp-md4 otp-md5 key; do rm $(LOCALBIN)/$$i; done @echo "Removing OPIE programs" @-for i in opiekey opiepasswd opieinfo; do rm $(LOCALBIN)/$$i; done @echo "Removing OPIE manual pages" @-for i in 1 4 5 8; do for j in *.$$i; do rm $(LOCALMAN)/man$$i/$$j; done; done @-for i in $(SU) $(ALT_SU) $(LOGIN) $(FTPD); do FILE=`basename $$i`; if test ! $(EXISTS) $$i.$(BACKUP); then echo "No $$i.$(BACKUP)! Aborting."; exit 1; else echo "Removing $$FILE"; rm $$i || true; echo "Restoring old $$FILE"; mv $$i.$(BACKUP) $$i; fi; done @echo "Resetting permissions" @chmod 4111 $(SU) $(LOGIN) @chmod 0100 $(FTPD) @if test ! -z "$(ALT_SU)"; then chmod 4111 $(ALT_SU); fi @echo "OPIE is now un-installed." @echo "Please verify by hand that this process worked." all: client server libopie.a: $(LIBOBJS) ar r libopie.a $(LIBOBJS) $(RANLIB) libopie.a clean: -rm -f *.o opiekey opielogin opiepasswd opiesu opieftpd y.tab.c -rm -f libopie.a opie_build.h opieinfo options.h *core* -rm -f Makefile.munge configure.munger realclean: clean -rm -f *~ core* "\#*\#" -rm -f config.log config.status config.cache config.h opiekey: opiekey.o libopie.a $(CC) $(CFLAGS) opiekey.o md5c.o libopie.a $(LDFLAGS) \ -o opiekey opieftpd: opieftpd.o glob.o logwtmp.o popen.o y.tab.o getusershell.o libopie.a $(CC) $(CFLAGS) opieftpd.o glob.o logwtmp.o popen.o y.tab.o \ getusershell.o accessfile.o md5c.o libopie.a $(LDFLAGS) \ -o opieftpd opielogin: opielogin.o permsfile.o utmp.o setenv.o getenv.o libopie.a $(CC) $(CFLAGS) opielogin.o permsfile.o accessfile.o utmp.o \ setenv.o getenv.o md5c.o libopie.a $(LDFLAGS) \ -o opielogin # Add "($DESLIB)" after "libopie.a" above if using MJR's method. opiepasswd: opiepasswd.o libopie.a $(CC) $(CFLAGS) opiepasswd.o md5c.o libopie.a $(LDFLAGS) \ -o opiepasswd opiesu: opiesu.o libopie.a $(CC) $(CFLAGS) opiesu.o md5c.o libopie.a $(LDFLAGS) \ -o opiesu y.tab.c: ftpcmd.y $(YACC) ftpcmd.y opieinfo: opieinfo.o libopie.a $(CC) $(CFLAGS) opieinfo.o libopie.a $(LDFLAGS) \ -o opieinfo options.h: Makefile echo $(CFLAGS) | sed 's:-D::g' | sed 's:\"::g' | \ sed 's:^:#define OPTION_STRING ":' | sed 's:$$:":' > options.h # Chop, Chop opie-2.11/README100644 4101 3565 37255 6070261640 11616 0ustar cmetzipv6NRL OPIE Software Distribution, Release 2.11 Important Information ============================================ ===================== Introduction ============ "One-time Passwords In Everything" (OPIE) is a freely distributable software package mostly developed at and for the US Naval Research Laboratory (NRL). OPIE provides a one-time password system for UNIX-like operating systems. The system should be secure against the passive attacks now commonplace on the Internet (see RFC 1704 for more details). The system is vulnerable to active dictionary attacks, though these are not widespread at present and can be detected through proper use of system audit software. The NRL OPIE software is derived in part from and is fully interoperable with the Bell Communications Research (Bellcore) S/Key Release 1 software. Because Bellcore claims "S/Key" as a trademark for their software, NRL has been forced to use a different name (we picked "OPIE") for its software distribution. NRL OPIE includes the following additions/modifications to the original Bellcore S/Key(tm) Version 1 software: * Just about one-command installation for many common platforms. While we still recommend that you follow instructions and test things by hand, the more adventurous can install OPIE quickly. * A modified BSD FTP daemon that does OPIE. The small and simple BSD ftpd(8) was deliberately chosen over the wuarchive ftpd(8) because we didn't have the time needed to convince ourselves that the wuarchive ftpd(8) didn't have any security holes lurking in its many extra features. * By default, the "su" binary always gives you an OPIE challenge, even on the console. This was a hole for rlogin/telnet sessions in the original S/Key software. * MD5 support. MD5 is now the default algorithm, though MD4 is still supported by changing a parameter in the Makefile. This change was made because MD5 is widely believed to be cryptographically stronger than MD4 (see RFC 1321). * A more portable version of MD4 has been substituted for the original MD4. This should solve many of the endian problems. * Most of the system-dependencies have been moved to a new file "opie_cfg.h". * Configuration options have been moved to the Makefile. * Isolated system dependencies (e.g. BSDisms) with appropriate #ifdefs. * Revised the opiekey(1) program to simultaneously support MD4 and MD5, with the default algorithm being tunable using the MDX symbol in the Makefile. * More operating systems are supported by NRL OPIE as of Release 2, but older BSD systems that aren't close to being compliant with the POSIX standard are no longer supported. * Transition mechanisms are optional to prevent potential back doors. * On systems using the /etc/opieaccess transition mechanism, users can choose to require the use of OPIE to login to their accounts when it would otherwise be optional. * Bug fixes * Cosmetic changes * Changes to mostly conform with the draft Internet OTP standard. * Optional autoconf support Additional modifications from Marcus J. Ranum are included in this distribution but are commented out by default or are protected by "#ifdef MJR" (which is undefined by default). Ranum's changes are described in the README.MJR file included in this distribution. To enable those changes, add "-DMJR" to the CFLAGS in the Makefile. NRL has not tested the changes from Marcus Ranum, and they may need further modification on some systems. Please consult with him directly if you have questions about his modifications. A Glance at What's New ====================== 2.10 December 25, 1995. Optional autoconf support. opieinfo is now a normal program. Bugs fixed -- should work much better on SunOS, HP-UX, and AIX. System Requirements =================== In order to build and run properly, OPIE requires: * A UNIX-like operating system * An ANSI C compiler and run-time library * POSIX.1- and X/Open XPG-compliance (including termios) * The BSD sockets API * Approximately five megabytes of free disk space In practice, we believe that many systems who are close to meeting these requirements but aren't completely there (for example, SunOS with the native compiler) will also work. Systems who aren't anywhere near close (for example, DOS) are not likely to work without major adjustments to the OPIE code. Tested Configurations ===================== We have tested OPIE on the following platforms: Hardware Software Referred to as System -------- ---------------- -------------- --------- Sun SPARCStation 20 Solaris 2.4+SunPro C Solaris solaris Sun 4/300 SunOS 4.1.3+GNU C SunOS sunos Sun SPARCStation 2 4.4BSD-Encumbered 4.4BSD 44bsd 486/66 PC BSDI BSD/OS 1.1 & 2.0 BSD/OS bsdos 486/66 PC Slackware Linux 2.1 Linux linux SGI Indigo^2 IRIX 5.2 IRIX irix HP 9000/750 HP-UX 9.01+GCC HP-UX9 hpux9 HP 9000/755 HP-UX 10.0+GCC HP-UX10 hpux10 IBM RS/6000 550 AIX 3.2.5 AIX aix Additionally, we have received information from beta testers from which we believe OPIE to work on the following additional platforms: Hardware Software Referred to as System -------- ---------------- -------------- --------- 486 PC FreeBSD FreeBSD freebsd 486 PC NetBSD NetBSD netbsd Macintosh IIfx A/UX 3.0 A/UX aux Sun 3/50 SunOS 4.1 SunOS sunos If your system is close to one on this list, you can probably select the values in the Makefile identified by the "Referred to as" name as working defaults. If OPIE Doesn't Work ==================== If you have installed the OPIE software (either through "make test" in (7) above or "make install" in (14)), you can run "make uninstall" from the OPIE software distribution directory. This should remove the OPIE software and restore the original system programs, but it will not work properly (and can even result in the total loss of the old system programs -- beware!) if the installation procedure itself did not work properly. NRL OPIE is NOT supported software. We don't promise to support you or even to acknowledge your mail, but we are interested in bug reports and are reasonable folks. We also have an interest in seeing OPIE work on as many systems as we can. However, if your system doesn't meet the basic requirements for OPIE, this will probably require an unreasonable amount of effort. The best bug reports include a diagnosis of the problem and a fix. Your bug report can still be valuable if you can at least diagnose what the problem is. If you just tell us "it doesn't work," then we won't be able to do anything to help you. We've received a number of bug reports from people that look interesting, only to find when we try to follow up on them that the user either has an invalid return address or never bothered to respond to our followup. Please make sure that bug reports you send us have an electronic mail address that we can reply to somewhere in them (if necessary, just put it in the message body). If we send you a response and you are unable to invest the time to work with us to solve the problem, please tell us -- few things are more irritating than when someone sends us information about a bug that we'd like to fix and then is never heard from again. Bug reports should be sent by Internet electronic mail to . Please include the following information: * Your name and electronic mail address, in case we need more information. If you can provide multiple addresses, please do so in case we are unable to reply to the first one. * Your exact operating system vendor, name, and version number. Please be more specific than "UNIX" -- most vendors have a name for their particular flavor of UNIX. * The exact hardware the system was installed upon. * Which compiler and C runtime you used and its version number. For instance, some systems have been known to have the GNU libc installed as well as its native one, or to have a "BSD compatibility" environment. * A clear description of what you did and what bug then appeared. If your system has the script(1) command, please run a session under that to demonstrate the bug. Window-system cut-and-paste also works well. Sometimes, the exact output is critical to finding the bug. If you can provide any of the following things, it will greatly assist us in fixing the problem and improve the chances that we'll get back to you: * A diagnosis of what is causing the problem. * A test case that can repeatably demonstrate the problem. * A fix for the problem. Context or unified diffs are our greatly preferred format, as they can be patched directly into our current source tree. Thanks! Gotchas ======= While an almost universal "feature", most people remain unaware that an intruder can log into a system, then log in again by running the "login" command from a shell. Because the second login is from the local host, the utmp entry will not show a remote login host anymore. The OPIE replacement for /bin/login currently carries on this behavior for compatibility reasons. If you would like to prevent this from happening, you should change the permissions of /bin/login from 4511 to 0100, thus preventing unprivileged users from executing it. This fix should work on non-OPIE /bin/login programs as well. On 4.3BSDish systems, the supplied /bin/login replacement obtains the terminal type for the console comes from the console line in the /etc/ttys file. Several systems contain a default entry in this file that specifies the console terminal type as "unknown". This is probably not what you want. The OPIE FTP daemon responds with two 530 error messages if you have not yet logged in and execute a command that will also do a PORT request. This is a feature, not a bug, as the FTP client is really sending the server two commands (for instance, a PORT and a LIST if you tell your BSD FTP client to do a DIR command) and the server is responding to each of them with an error. The stock BSD FTP daemon doesn't check the PORT commands to see if you are logged in, so you would only get one error message. This change should not break any standards-compliant FTP client, but there are a number of brain-damaged GUI clients that have a track record for not dealing gracefully with any server other than the stock BSD one. The /etc/opieaccess transition mechanism is, by definition, a security hole in the OPIE software because an attacker could use it to circumvent the requirement for OPIE authentication. You should compile the software with support for this file disabled unless you absolutely cannot use the software without it because of your environment. If you do use this support for transition purposes, you should move people to OTP authentication as quickly as possible and rebuild and reinstall OPIE with this transition support disabled so that you won't have a lurking security hole. If this wasn't already clear, do not let your sequence number fall below about five. If your sequence number reaches zero, your OTP sequence can only be reset by the superuser. System administrators should make this caveat known to their users. On Solaris 2.x systems (and possibly others) running NIS+, users should run keylogin(1) manually after login because opielogin(1) does not do that automatically like the system login(1) program. There are reports that some versions of GNU C Compiler (GCC) (when installed on some systems) use their own termios(4) instead of the system's termios(4). This can cause problems. If you are having compilation problems that seem to relate to termios and you are using GCC, you should probably verify that it is using the system's termios(4) and not some internal-to-GCC termios(4). One report indicates that Sun's C compiler works fine with SunOS 4.1.3/4.1.4 on SPARC, but that some version of GCC on the same system has this termios(4) problem. We haven't reproduced these problems ourselves and hence aren't sure what is happening, but we pass this along for your information. (This may have something to do with the use of GNU libc) The autoconf support is still somewhat experimental. Some system dependencies are sufficiently obscure that they won't be picked up automatically by autoconf. Also, there are things we should have autoconf check for that we don't yet because doing so means increased hassle to support the manual configuration. We are currently planning to move to an autoconf-only configuration over the next few releases, but we are not going to commit to autoconf until we have some assurance through time that it isn't going to cause more problems than it fixes. If a user has a valid entry in the opiekeys database but has an asterisk in their traditional password entry, they will not be able to log in via opielogin, but opielogin will decrement their sequence number if a valid response is recieved. On some systems, the OPIE login program does not always display a "login:" prompt the first time. We think that this has something to do with the telnet daemon. Credits ======= First and foremost credit goes to Phil Karn, Neil M. Haller, and John S. Walden of Bellcore for creating the S/Key Version 1 software distribution and for making its source code freely available to the public. Without their work, OPIE would not exist. The first NRL OPIE distribution included modifications made primarily by Dan McDonald of the U.S. Naval Research Laboratory (NRL) during March 1994. The 2nd NRL OPIE distribution, which has a number of improvements in areas such as portability of software and ease of installation, is primarily the work of Ran Atkinson and Craig Metz . Other NRL contributors include Brian Adamson , Steve Batsell , Preston Mullen , Bao Phan , Jim Ramsey , and Georg Thomas . Besides making a number of valuable suggestions and pointing out a major bug in the software, some fixes to the FTP daemon were integrated from the wu-ftpd 2.4 fix kit by "Hobbit" . Last, but certainly not least, Wietse Venema helped keep us honest by pointing out several potential security holes in the beta test version of OPIE 2.0. For releases beyond OPIE 2.0, we would like to also thank Mowgli Assor , Lawrie Brown , Darren Hosking , Martijn Koster, John Perkins, , Werner Wiethege , and everyone else who reported bugs to opie-bugs and/or sent us patches. Without your help, we couldn't squash them. This work was sponsored by the Information Security Program Office (PD 71E), U.S. Space and Naval Warfare Systems Command, Crystal City, Virginia. Trademarks ========== S/Key is a trademark of Bell Communications Research (Bellcore). UNIX is a trademark of X/Open. NRL is a trademark of the U. S. Naval Research Laboratory. All other trademarks are trademarks of their respective owners. The term "OPIE" is in the public domain and hence cannot be legally trademarked by anyone. Copyrights ========== Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. Portions of this software are copyright 1980-1990 Regents of the University of California, all rights reserved. The Berkeley Software License Agreement specifies the terms and conditions for redistribution. Portions of this software are copyright 1990 Bell Communications Research (Bellcore), all rights reserved. opie-2.11/TODO100644 4101 3565 1770 6070043411 11371 0ustar cmetzipv6NRL OPIE Software Distribution, Release 2.01 Things Left To Do ============================================ ================= * Handle terminal/window sizes. Currently, OPIE doesn't do much of anything with them, and it is not clear that there is a particularly good or portable way to do it. * Add support for SHA. * On Solaris 2.4, even though md5c.o is part of libopie.a, it does not link in unless it is explicitly provided as an object-file module on the link line before libopie.a. Why this is so is uncertain and deserves further investigation. * Prompts should identify what kind of password (system, secret pass phrase, or one-time password) is being asked for. * Add a way to build and install just the key generator. * Follow the OTP Internet Draft and make appropriate modifications to be/stay compliant. * Make OPIE automatically handle NIS+/Secure RPC chores for the user. * And, of course, there's always finding and squashing those random bugs. opie-2.11/accessfile.c100644 4101 3565 6674 6070043272 13163 0ustar cmetzipv6/* accessfile.c: Handle trusted network access file and per-user overrides. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Written at Bellcore for the S/Key Version 1 software distribution (login.c). */ #include "opie_cfg.h" #include #include #include #include #include #include #include #include #include #ifdef ACCESS_FILE /* Turn host into an IP address and then look it up in the authorization * database to determine if ordinary password logins are OK */ int opieaccessfile(host) char *host; { long n; struct hostent *hp; FILE *fp; char buf[128], **lp; #ifdef DEBUG fprintf(stderr, "accessfile: host=%s\n", host); #endif /* DEBUG */ if (!host[0]) /* Local login, okay */ return (1); if (isaddr(host)) { n = inet_addr(host); return rdnets(n); } else { hp = gethostbyname(host); if (hp == NULL) { printf("Unknown host %s\n", host); return 0; } for (lp = hp->h_addr_list; *lp != NULL; lp++) { memcpy((char *) &n, *lp, sizeof(n)); if (rdnets(n)) return (1); } return (0); } } int rdnets(host) long host; { FILE *fp; char buf[128], *cp; long pattern, mask; int permit_it; fp = fopen(ACCESS_FILE, "r"); if (fp == NULL) return 0; while (fgets(buf, sizeof(buf), fp), !feof(fp)) { if (buf[0] == '#') continue; /* Comment */ cp = strtok(buf, " \t"); if (cp == NULL) continue; /* two choices permit of deny */ if (strncasecmp(cp, "permit", 4) == 0) { permit_it = 1; } else { if (strncasecmp(cp, "deny", 4) == 0) { permit_it = 0; } else { continue; /* ignore; it is not permit/deny */ } } cp = strtok(NULL, " \t"); if (cp == NULL) continue; /* Invalid line */ pattern = inet_addr(cp); cp = strtok(NULL, " \t"); if (cp == NULL) continue; /* Invalid line */ mask = inet_addr(cp); #ifdef DEBUG fprintf(stderr, "accessfile: %08x & %08x == %08x (%s)\n", host, mask, pattern, ((host & mask) == pattern) ? "true" : "false"); #endif /* DEBUG */ if ((host & mask) == pattern) { fclose(fp); return permit_it; } } fclose(fp); return 0; } /* Return TRUE if string appears to be an IP address in dotted decimal; * return FALSE otherwise (i.e., if string is a domain name) */ int isaddr(s) register char *s; { char c; if (s == NULL) return 1; /* Can't happen */ while ((c = *s++) != '\0') { if (c != '[' && c != ']' && !isdigit(c) && c != '.') return 0; } return 1; } #else /* ACCESS_FILE */ int opieaccessfile(host) char *host; { return !host[0]; } #endif /* ACCESS_FILE */ /* Returns the opposite of what you might expect */ /* Returns 1 on error (allow)... this might not be what you want */ int opiealways(homedir) char *homedir; { char *opiealwayspath; int i; if (!homedir) return 1; if (!(opiealwayspath = malloc(strlen(homedir) + sizeof(OPIE_ALWAYS_FILE) + 1))) return 1; strcpy(opiealwayspath, homedir); strcat(opiealwayspath, "/"); strcat(opiealwayspath, OPIE_ALWAYS_FILE); i = access(opiealwayspath, F_OK); free(opiealwayspath); return (i); }; opie-2.11/ftpcmd.y100644 4101 3565 65115 6070044561 12402 0ustar cmetzipv6/* ftpcmd.y: yacc parser for the FTP daemon. History: Modified at NRL for OPIE 2.1. Minor changes for autoconf. Modified at NRL for OPIE 2.01. Added forward declaration for sitetab[] -- fixes problems experienced by bison users. Merged in new PORT attack fixes from Hobbit. Modified at NRL for OPIE 2.0. Originally from BSD. */ /* * Copyright (c) 1985, 1988 Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)ftpcmd.y 5.24 (Berkeley) 2/25/91 */ /* * Grammar for FTP commands. * See RFC 959. */ %{ #ifndef lint static char sccsid[] = "@(#)ftpcmd.y 5.24 (Berkeley) 2/25/91"; #endif /* not lint */ #include #include #include #include #include #include #include #include #include #if TM_IN_SYS_TIME #include #else /* TM_IN_SYS_TIME */ #include #endif /* TM_IN_SYS_TIME */ #include #include #include #include #include #include #include "opie_cfg.h" extern struct sockaddr_in data_dest; extern struct sockaddr_in his_addr; extern int logged_in; extern struct passwd *pw; extern int guest; extern int logging; extern int type; extern int form; extern int debug; extern int timeout; extern int maxtimeout; extern int pdata; extern char hostname[], remotehost[]; extern char proctitle[]; extern char *globerr; extern int usedefault; extern int transflag; extern char tmpline[]; char **ftpglob(); void dologout __ARGS((int)); void upper __ARGS((char *)); void nack __ARGS((char *)); void opiefatal __ARGS((char *)); void pass __ARGS((char *)); int user __ARGS((char *)); void passive __ARGS((void)); void retrieve __ARGS((char *, char *)); void store __ARGS((char *, char *, int)); void send_file_list __ARGS((char *)); void statfilecmd __ARGS((char *)); void statcmd __ARGS((void)); void delete __ARGS((char *)); void renamecmd __ARGS((char *, char *)); void cwd __ARGS((char *)); void makedir __ARGS((char *)); void removedir __ARGS((char *)); void pwd __ARGS((void)); off_t restart_point; static int cmd_type; static int cmd_form; static int cmd_bytesz; static unsigned short cliport = 0; char cbuf[512]; char *fromname; struct tab { char *name; short token; short state; short implemented; /* 1 if command is implemented */ char *help; }; struct tab cmdtab[], sitetab[]; %} %token A B C E F I L N P R S T SP CRLF COMMA STRING NUMBER USER PASS ACCT REIN QUIT PORT PASV TYPE STRU MODE RETR STOR APPE MLFL MAIL MSND MSOM MSAM MRSQ MRCP ALLO REST RNFR RNTO ABOR DELE CWD LIST NLST SITE STAT HELP NOOP MKD RMD PWD CDUP STOU SMNT SYST SIZE MDTM UMASK IDLE CHMOD LEXERR %start cmd_list %% cmd_list: /* empty */ | cmd_list cmd = { fromname = (char *) 0; restart_point = (off_t) 0; } | cmd_list rcmd ; cmd: USER SP username CRLF = { user((char *) $3); free((char *) $3); } | PASS SP password CRLF = { pass((char *) $3); free((char *) $3); } /* | PORT SP host_port CRLF = { usedefault = 0; if (pdata >= 0) { (void) close(pdata); pdata = -1; } reply(200, "PORT command successful."); }*/ | PORT check_login SP host_port CRLF = { usedefault = 0; if (pdata >= 0) { (void) close(pdata); pdata = -1; } /* H* port fix, part B: admonish the twit. Also require login before PORT works */ if ($2) { if ((cliport > 1023) && (data_dest.sin_addr.s_addr > 0)) { reply(200, "PORT command successful."); } else { syslog (LOG_WARNING, "refused %s from %s", cbuf, remotehost); reply(500, "You've GOT to be joking."); } } } /* | PASV CRLF = { passive(); } */ | PASV check_login CRLF = { /* Require login for PASV, too. This actually fixes a bug -- telnet to an unfixed wu-ftpd and type PASV first off, and it crashes! */ if ($2) { passive(); } } | TYPE SP type_code CRLF = { switch (cmd_type) { case TYPE_A: if (cmd_form == FORM_N) { reply(200, "Type set to A."); type = cmd_type; form = cmd_form; } else reply(504, "Form must be N."); break; case TYPE_E: reply(504, "Type E not implemented."); break; case TYPE_I: reply(200, "Type set to I."); type = cmd_type; break; case TYPE_L: #if NBBY == 8 if (cmd_bytesz == 8) { reply(200, "Type set to L (byte size 8)."); type = cmd_type; } else reply(504, "Byte size must be 8."); #else /* NBBY == 8 */ UNIMPLEMENTED for NBBY != 8 #endif /* NBBY == 8 */ } } | STRU SP struct_code CRLF = { switch ($3) { case STRU_F: reply(200, "STRU F ok."); break; default: reply(504, "Unimplemented STRU type."); } } | MODE SP mode_code CRLF = { switch ($3) { case MODE_S: reply(200, "MODE S ok."); break; default: reply(502, "Unimplemented MODE type."); } } | ALLO SP NUMBER CRLF = { reply(202, "ALLO command ignored."); } | ALLO SP NUMBER SP R SP NUMBER CRLF = { reply(202, "ALLO command ignored."); } | RETR check_login SP pathname CRLF = { if ($2 && $4 != NULL) retrieve((char *) 0, (char *) $4); if ($4 != NULL) free((char *) $4); } | STOR check_login SP pathname CRLF = { if ($2 && $4 != NULL) store((char *) $4, "w", 0); if ($4 != NULL) free((char *) $4); } | APPE check_login SP pathname CRLF = { if ($2 && $4 != NULL) store((char *) $4, "a", 0); if ($4 != NULL) free((char *) $4); } | NLST check_login CRLF = { if ($2) send_file_list("."); } | NLST check_login SP STRING CRLF = { if ($2 && $4 != NULL) send_file_list((char *) $4); if ($4 != NULL) free((char *) $4); } | LIST check_login CRLF = { if ($2) retrieve(LS_COMMAND, ""); } | LIST check_login SP pathname CRLF = { if ($2 && $4 != NULL) { char buffer[sizeof(LS_COMMAND)+3]; strcpy(buffer, LS_COMMAND); strcat(buffer, " %s"); retrieve(buffer, (char *) $4); } if ($4 != NULL) free((char *) $4); } | STAT check_login SP pathname CRLF = { if ($2 && $4 != NULL) statfilecmd((char *) $4); if ($4 != NULL) free((char *) $4); } | STAT CRLF = { statcmd(); } | DELE check_login SP pathname CRLF = { if ($2 && $4 != NULL) delete((char *) $4); if ($4 != NULL) free((char *) $4); } | RNTO SP pathname CRLF = { if (fromname) { renamecmd(fromname, (char *) $3); free(fromname); fromname = (char *) 0; } else { reply(503, "Bad sequence of commands."); } free((char *) $3); } | ABOR CRLF = { reply(225, "ABOR command successful."); } | CWD check_login CRLF = { if ($2) cwd(pw->pw_dir); } | CWD check_login SP pathname CRLF = { if ($2 && $4 != NULL) cwd((char *) $4); if ($4 != NULL) free((char *) $4); } | HELP CRLF = { help(cmdtab, (char *) 0); } | HELP SP STRING CRLF = { register char *cp = (char *)$3; if (strncasecmp(cp, "SITE", 4) == 0) { cp = (char *)$3 + 4; if (*cp == ' ') cp++; if (*cp) help(sitetab, cp); else help(sitetab, (char *) 0); } else help(cmdtab, (char *) $3); } | NOOP CRLF = { reply(200, "NOOP command successful."); } | MKD check_login SP pathname CRLF = { if ($2 && $4 != NULL) makedir((char *) $4); if ($4 != NULL) free((char *) $4); } | RMD check_login SP pathname CRLF = { if ($2 && $4 != NULL) removedir((char *) $4); if ($4 != NULL) free((char *) $4); } | PWD check_login CRLF = { if ($2) pwd(); } | CDUP check_login CRLF = { if ($2) cwd(".."); } | SITE SP HELP CRLF = { help(sitetab, (char *) 0); } | SITE SP HELP SP STRING CRLF = { help(sitetab, (char *) $5); } | SITE SP UMASK check_login CRLF = { int oldmask; if ($4) { oldmask = umask(0); (void) umask(oldmask); reply(200, "Current UMASK is %03o", oldmask); } } | SITE SP UMASK check_login SP octal_number CRLF = { int oldmask; if ($4) { if (($6 == -1) || ($6 > 0777)) { reply(501, "Bad UMASK value"); } else { oldmask = umask($6); reply(200, "UMASK set to %03o (was %03o)", $6, oldmask); } } } | SITE SP CHMOD check_login SP octal_number SP pathname CRLF = { if ($4 && ($8 != NULL)) { if ($6 > 0777) reply(501, "CHMOD: Mode value must be between 0 and 0777"); else if (chmod((char *) $8, $6) < 0) perror_reply(550, (char *) $8); else reply(200, "CHMOD command successful."); } if ($8 != NULL) free((char *) $8); } | SITE SP IDLE CRLF = { reply(200, "Current IDLE time limit is %d seconds; max %d", timeout, maxtimeout); } | SITE SP IDLE SP NUMBER CRLF = { if ($5 < 30 || $5 > maxtimeout) { reply(501, "Maximum IDLE time must be between 30 and %d seconds", maxtimeout); } else { timeout = $5; (void) alarm((unsigned) timeout); reply(200, "Maximum IDLE time set to %d seconds", timeout); } } | STOU check_login SP pathname CRLF = { if ($2 && $4 != NULL) store((char *) $4, "w", 1); if ($4 != NULL) free((char *) $4); } | SYST CRLF = { #ifdef unix #ifdef BSD reply(215, "UNIX Type: L%d Version: BSD-%d", NBBY, BSD); #else /* BSD */ reply(215, "UNIX Type: L%d", NBBY); #endif /* BSD */ #else /* unix */ reply(215, "UNKNOWN Type: L%d", NBBY); #endif /* unix */ } /* * SIZE is not in RFC959, but Postel has blessed it and * it will be in the updated RFC. * * Return size of file in a format suitable for * using with RESTART (we just count bytes). */ | SIZE check_login SP pathname CRLF = { if ($2 && $4 != NULL) sizecmd((char *) $4); if ($4 != NULL) free((char *) $4); } /* * MDTM is not in RFC959, but Postel has blessed it and * it will be in the updated RFC. * * Return modification time of file as an ISO 3307 * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx * where xxx is the fractional second (of any precision, * not necessarily 3 digits) */ | MDTM check_login SP pathname CRLF = { if ($2 && $4 != NULL) { struct stat stbuf; if (stat((char *) $4, &stbuf) < 0) perror_reply(550, "%s", (char *) $4); else if ((stbuf.st_mode&S_IFMT) != S_IFREG) { reply(550, "%s: not a plain file.", (char *) $4); } else { register struct tm *t; struct tm *gmtime(); t = gmtime(&stbuf.st_mtime); reply(213, "19%02d%02d%02d%02d%02d%02d", t->tm_year, t->tm_mon+1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); } } if ($4 != NULL) free((char *) $4); } | QUIT CRLF = { reply(221, "Goodbye."); dologout(0); } | error CRLF = { yyerrok; } ; rcmd: RNFR check_login SP pathname CRLF = { char *renamefrom(); restart_point = (off_t) 0; if ($2 && $4) { fromname = renamefrom((char *) $4); if (fromname == (char *) 0 && $4) { free((char *) $4); } } } | REST SP byte_size CRLF = { long atol(); fromname = (char *) 0; restart_point = $3; reply(350, "Restarting at %ld. %s", restart_point, "Send STORE or RETRIEVE to initiate transfer."); } ; username: STRING ; password: /* empty */ = { *(char **)&($$) = (char *)calloc(1, sizeof(char)); } | STRING ; byte_size: NUMBER ; host_port: NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER = { register char *a, *p; a = (char *)&data_dest.sin_addr; a[0] = $1; a[1] = $3; a[2] = $5; a[3] = $7; /* H* port fix, part A-1: Check the args against the client addr */ p = (char *)&his_addr.sin_addr; if (memcmp (a, p, sizeof (data_dest.sin_addr))) memset (a, 0, sizeof (data_dest.sin_addr)); /* XXX */ p = (char *)&data_dest.sin_port; /* H* port fix, part A-2: only allow client ports in "user space" */ p[0] = 0; p[1] = 0; cliport = ($9 << 8) + $11; if (cliport > 1023) { p[0] = $9; p[1] = $11; } p[0] = $9; p[1] = $11; data_dest.sin_family = AF_INET; } ; form_code: N = { $$ = FORM_N; } | T = { $$ = FORM_T; } | C = { $$ = FORM_C; } ; type_code: A = { cmd_type = TYPE_A; cmd_form = FORM_N; } | A SP form_code = { cmd_type = TYPE_A; cmd_form = $3; } | E = { cmd_type = TYPE_E; cmd_form = FORM_N; } | E SP form_code = { cmd_type = TYPE_E; cmd_form = $3; } | I = { cmd_type = TYPE_I; } | L = { cmd_type = TYPE_L; cmd_bytesz = NBBY; } | L SP byte_size = { cmd_type = TYPE_L; cmd_bytesz = $3; } /* this is for a bug in the BBN ftp */ | L byte_size = { cmd_type = TYPE_L; cmd_bytesz = $2; } ; struct_code: F = { $$ = STRU_F; } | R = { $$ = STRU_R; } | P = { $$ = STRU_P; } ; mode_code: S = { $$ = MODE_S; } | B = { $$ = MODE_B; } | C = { $$ = MODE_C; } ; pathname: pathstring = { /* * Problem: this production is used for all pathname * processing, but only gives a 550 error reply. * This is a valid reply in some cases but not in others. */ if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) { *(char **)&($$) = *ftpglob((char *) $1); if (globerr != NULL) { reply(550, globerr); $$ = NULL; } free((char *) $1); } else $$ = $1; } ; pathstring: STRING ; octal_number: NUMBER = { register int ret, dec, multby, digit; /* * Convert a number that was read as decimal number * to what it would be if it had been read as octal. */ dec = $1; multby = 1; ret = 0; while (dec) { digit = dec%10; if (digit > 7) { ret = -1; break; } ret += digit * multby; multby *= 8; dec /= 10; } $$ = ret; } ; check_login: /* empty */ = { if (logged_in) $$ = 1; else { reply(530, "Please login with USER and PASS."); $$ = 0; } } ; %% extern jmp_buf errcatch; #define CMD 0 /* beginning of command */ #define ARGS 1 /* expect miscellaneous arguments */ #define STR1 2 /* expect SP followed by STRING */ #define STR2 3 /* expect STRING */ #define OSTR 4 /* optional SP then STRING */ #define ZSTR1 5 /* SP then optional STRING */ #define ZSTR2 6 /* optional STRING after SP */ #define SITECMD 7 /* SITE command */ #define NSTR 8 /* Number followed by a string */ struct tab cmdtab[] = { /* In order defined in RFC 765 */ { "USER", USER, STR1, 1, " username" }, { "PASS", PASS, ZSTR1, 1, " password" }, { "ACCT", ACCT, STR1, 0, "(specify account)" }, { "SMNT", SMNT, ARGS, 0, "(structure mount)" }, { "REIN", REIN, ARGS, 0, "(reinitialize server state)" }, { "QUIT", QUIT, ARGS, 1, "(terminate service)", }, { "PORT", PORT, ARGS, 1, " b0, b1, b2, b3, b4" }, { "PASV", PASV, ARGS, 1, "(set server in passive mode)" }, { "TYPE", TYPE, ARGS, 1, " [ A | E | I | L ]" }, { "STRU", STRU, ARGS, 1, "(specify file structure)" }, { "MODE", MODE, ARGS, 1, "(specify transfer mode)" }, { "RETR", RETR, STR1, 1, " file-name" }, { "STOR", STOR, STR1, 1, " file-name" }, { "APPE", APPE, STR1, 1, " file-name" }, { "MLFL", MLFL, OSTR, 0, "(mail file)" }, { "MAIL", MAIL, OSTR, 0, "(mail to user)" }, { "MSND", MSND, OSTR, 0, "(mail send to terminal)" }, { "MSOM", MSOM, OSTR, 0, "(mail send to terminal or mailbox)" }, { "MSAM", MSAM, OSTR, 0, "(mail send to terminal and mailbox)" }, { "MRSQ", MRSQ, OSTR, 0, "(mail recipient scheme question)" }, { "MRCP", MRCP, STR1, 0, "(mail recipient)" }, { "ALLO", ALLO, ARGS, 1, "allocate storage (vacuously)" }, { "REST", REST, ARGS, 1, "(restart command)" }, { "RNFR", RNFR, STR1, 1, " file-name" }, { "RNTO", RNTO, STR1, 1, " file-name" }, { "ABOR", ABOR, ARGS, 1, "(abort operation)" }, { "DELE", DELE, STR1, 1, " file-name" }, { "CWD", CWD, OSTR, 1, "[ directory-name ]" }, { "XCWD", CWD, OSTR, 1, "[ directory-name ]" }, { "LIST", LIST, OSTR, 1, "[ path-name ]" }, { "NLST", NLST, OSTR, 1, "[ path-name ]" }, { "SITE", SITE, SITECMD, 1, "site-cmd [ arguments ]" }, { "SYST", SYST, ARGS, 1, "(get type of operating system)" }, { "STAT", STAT, OSTR, 1, "[ path-name ]" }, { "HELP", HELP, OSTR, 1, "[ ]" }, { "NOOP", NOOP, ARGS, 1, "" }, { "MKD", MKD, STR1, 1, " path-name" }, { "XMKD", MKD, STR1, 1, " path-name" }, { "RMD", RMD, STR1, 1, " path-name" }, { "XRMD", RMD, STR1, 1, " path-name" }, { "PWD", PWD, ARGS, 1, "(return current directory)" }, { "XPWD", PWD, ARGS, 1, "(return current directory)" }, { "CDUP", CDUP, ARGS, 1, "(change to parent directory)" }, { "XCUP", CDUP, ARGS, 1, "(change to parent directory)" }, { "STOU", STOU, STR1, 1, " file-name" }, { "SIZE", SIZE, OSTR, 1, " path-name" }, { "MDTM", MDTM, OSTR, 1, " path-name" }, { NULL, 0, 0, 0, 0 } }; struct tab sitetab[] = { { "UMASK", UMASK, ARGS, 1, "[ umask ]" }, { "IDLE", IDLE, ARGS, 1, "[ maximum-idle-time ]" }, { "CHMOD", CHMOD, NSTR, 1, " mode file-name" }, { "HELP", HELP, OSTR, 1, "[ ]" }, { NULL, 0, 0, 0, 0 } }; struct tab * lookup(p, cmd) register struct tab *p; char *cmd; { for (; p->name != NULL; p++) if (strcmp(cmd, p->name) == 0) return (p); return (0); } #include /* * getline - a hacked up version of fgets to ignore TELNET escape codes. */ char *getline(s, n, iop) char *s; int n; FILE *iop; { register c; register char *cs; cs = s; /* tmpline may contain saved command from urgent mode interruption */ for (c = 0; tmpline[c] != '\0' && --n > 0; ++c) { *cs++ = tmpline[c]; if (tmpline[c] == '\n') { *cs++ = '\0'; if (debug) syslog(LOG_DEBUG, "command: %s", s); tmpline[0] = '\0'; return(s); } if (c == 0) tmpline[0] = '\0'; } while ((c = getc(iop)) != EOF) { c &= 0377; if (c == IAC) { if ((c = getc(iop)) != EOF) { c &= 0377; switch (c) { case WILL: case WONT: c = getc(iop); printf("%c%c%c", IAC, DONT, 0377&c); (void) fflush(stdout); continue; case DO: case DONT: c = getc(iop); printf("%c%c%c", IAC, WONT, 0377&c); (void) fflush(stdout); continue; case IAC: break; default: continue; /* ignore command */ } } } *cs++ = c; if (--n <= 0 || c == '\n') break; } if (c == EOF && cs == s) return (NULL); *cs++ = '\0'; if (debug) syslog(LOG_DEBUG, "command: %s", s); return (s); } static void toolong(input) int input; /* input declared only to keep compiler quiet */ { time_t now; reply(421, "Timeout (%d seconds): closing control connection.", timeout); (void) time(&now); if (logging) { syslog(LOG_INFO, "User %s timed out after %d seconds at %s", (pw ? pw -> pw_name : "unknown"), timeout, ctime(&now)); } dologout(1); } int yylex() { static int cpos, state; register char *cp, *cp2; register struct tab *p; int n; char c, *copy(); for (;;) { switch (state) { case CMD: (void) signal(SIGALRM, toolong); (void) alarm((unsigned) timeout); if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) { reply(221, "You could at least say goodbye."); dologout(0); } (void) alarm(0); #ifdef SETPROCTITLE if (strncasecmp(cbuf, "PASS", 4) != NULL) setproctitle("%s: %s", proctitle, cbuf); #endif /* SETPROCTITLE */ if ((cp = strchr(cbuf, '\r'))) { *cp++ = '\n'; *cp = '\0'; } if ((cp = strpbrk(cbuf, " \n"))) cpos = cp - cbuf; if (cpos == 0) cpos = 4; c = cbuf[cpos]; cbuf[cpos] = '\0'; upper(cbuf); p = lookup(cmdtab, cbuf); cbuf[cpos] = c; if (p != 0) { if (p->implemented == 0) { nack(p->name); longjmp(errcatch,0); /* NOTREACHED */ } state = p->state; *(char **)&yylval = p->name; return (p->token); } break; case SITECMD: if (cbuf[cpos] == ' ') { cpos++; return (SP); } cp = &cbuf[cpos]; if ((cp2 = strpbrk(cp, " \n"))) cpos = cp2 - cbuf; c = cbuf[cpos]; cbuf[cpos] = '\0'; upper(cp); p = lookup(sitetab, cp); cbuf[cpos] = c; if (p != 0) { if (p->implemented == 0) { state = CMD; nack(p->name); longjmp(errcatch,0); /* NOTREACHED */ } state = p->state; *(char **)&yylval = p->name; return (p->token); } state = CMD; break; case OSTR: if (cbuf[cpos] == '\n') { state = CMD; return (CRLF); } /* FALLTHROUGH */ case STR1: case ZSTR1: dostr1: if (cbuf[cpos] == ' ') { cpos++; state = state == OSTR ? STR2 : ++state; return (SP); } break; case ZSTR2: if (cbuf[cpos] == '\n') { state = CMD; return (CRLF); } /* FALLTHROUGH */ case STR2: cp = &cbuf[cpos]; n = strlen(cp); cpos += n - 1; /* * Make sure the string is nonempty and \n terminated. */ if (n > 1 && cbuf[cpos] == '\n') { cbuf[cpos] = '\0'; *(char **)&yylval = copy(cp); cbuf[cpos] = '\n'; state = ARGS; return (STRING); } break; case NSTR: if (cbuf[cpos] == ' ') { cpos++; return (SP); } if (isdigit(cbuf[cpos])) { cp = &cbuf[cpos]; while (isdigit(cbuf[++cpos])) ; c = cbuf[cpos]; cbuf[cpos] = '\0'; yylval = atoi(cp); cbuf[cpos] = c; state = STR1; return (NUMBER); } state = STR1; goto dostr1; case ARGS: if (isdigit(cbuf[cpos])) { cp = &cbuf[cpos]; while (isdigit(cbuf[++cpos])) ; c = cbuf[cpos]; cbuf[cpos] = '\0'; yylval = atoi(cp); cbuf[cpos] = c; return (NUMBER); } switch (cbuf[cpos++]) { case '\n': state = CMD; return (CRLF); case ' ': return (SP); case ',': return (COMMA); case 'A': case 'a': return (A); case 'B': case 'b': return (B); case 'C': case 'c': return (C); case 'E': case 'e': return (E); case 'F': case 'f': return (F); case 'I': case 'i': return (I); case 'L': case 'l': return (L); case 'N': case 'n': return (N); case 'P': case 'p': return (P); case 'R': case 'r': return (R); case 'S': case 's': return (S); case 'T': case 't': return (T); } break; default: opiefatal("Unknown state in scanner."); } yyerror((char *) 0); state = CMD; longjmp(errcatch,0); } } void upper(s) char *s; { while (*s != '\0') { if (islower(*s)) *s = toupper(*s); s++; } } char *copy(s) char *s; { char *p; p = malloc((unsigned) strlen(s) + 1); if (p == NULL) opiefatal("Ran out of memory."); (void) strcpy(p, s); return (p); } void help(ctab, s) struct tab *ctab; char *s; { register struct tab *c; register int width, NCMDS; char *type; if (ctab == sitetab) type = "SITE "; else type = ""; width = 0, NCMDS = 0; for (c = ctab; c->name != NULL; c++) { int len = strlen(c->name); if (len > width) width = len; NCMDS++; } width = (width + 8) &~ 7; if (s == 0) { register int i, j, w; int columns, lines; lreply(214, "The following %scommands are recognized %s.", type, "(* =>'s unimplemented)"); columns = 76 / width; if (columns == 0) columns = 1; lines = (NCMDS + columns - 1) / columns; for (i = 0; i < lines; i++) { printf(" "); for (j = 0; j < columns; j++) { c = ctab + j * lines + i; printf("%s%c", c->name, c->implemented ? ' ' : '*'); if (c + lines >= &ctab[NCMDS]) break; w = strlen(c->name) + 1; while (w < width) { putchar(' '); w++; } } printf("\r\n"); } (void) fflush(stdout); reply(214, "Direct comments to ftp-bugs@%s.", hostname); return; } upper(s); c = lookup(ctab, s); if (c == (struct tab *)0) { reply(502, "Unknown command %s.", s); return; } if (c->implemented) reply(214, "Syntax: %s%s %s", type, c->name, c->help); else reply(214, "%s%-*s\t%s; unimplemented.", type, width, c->name, c->help); } void sizecmd(filename) char *filename; { switch (type) { case TYPE_L: case TYPE_I: { struct stat stbuf; if (stat(filename, &stbuf) < 0 || (stbuf.st_mode&S_IFMT) != S_IFREG) reply(550, "%s: not a plain file.", filename); else reply(213, "%lu", stbuf.st_size); break;} case TYPE_A: { FILE *fin; register int c; register long count; struct stat stbuf; fin = fopen(filename, "r"); if (fin == NULL) { perror_reply(550, filename); return; } if (fstat(fileno(fin), &stbuf) < 0 || (stbuf.st_mode&S_IFMT) != S_IFREG) { reply(550, "%s: not a plain file.", filename); (void) fclose(fin); return; } count = 0; while((c=getc(fin)) != EOF) { if (c == '\n') /* will get expanded to \r\n */ count++; count++; } (void) fclose(fin); reply(213, "%ld", count); break;} default: reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]); } } opie-2.11/getenv.c100644 4101 3565 4611 6070043273 12340 0ustar cmetzipv6/* getenv.c: the getenv() function Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Originally from BSD. */ /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that the above copyright notice and this paragraph are * duplicated in all such forms and that any documentation, * advertising materials, and other materials related to such * distribution and use acknowledge that the software was developed * by the University of California, Berkeley. The name of the * University may not be used to endorse or promote products derived * from this software without specific prior written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)getenv.c 5.5 (Berkeley) 6/27/88"; #endif /* LIBC_SCCS and not lint */ #include #include "opie_cfg.h" #ifdef NEED_GETENV /* * getenv -- * Returns ptr to value associated with name, if any, else NULL. */ char * getenv(name) char *name; { int offset; char *_findenv(); return (_findenv(name, &offset)); } #endif /* NEED_GETENV */ #if defined(NEED_GETENV) || defined(NEED_SETENV) /* * _findenv -- * Returns pointer to value associated with name, if any, else NULL. * Sets offset to be the offset of the name/value combination in the * environmental array, for use by setenv(3) and unsetenv(3). * Explicitly removes '=' in argument name. * * This routine *should* be a static; don't use it. */ char * _findenv(name, offset) register char *name; int *offset; { extern char **environ; register int len; register char **P, *C; for (C = name, len = 0; *C && *C != '='; ++C, ++len); for (P = environ; *P; ++P) if (!strncmp(*P, name, len)) if (*(C = *P + len) == '=') { *offset = P - environ; return (++C); } return (NULL); } #endif /* defined(NEED_GETENV) || defined(NEED_SETENV) */ opie-2.11/getusershell.c100644 4101 3565 2405 6070043273 13555 0ustar cmetzipv6/* getusershell.c: minimal implementation of the getusershell() and endusershell() library routines for systems that don't have them. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Remove trailing newlines from /etc/shells entries. Fixed infinite loop. Fixed a bug where second invocation on would fail. Written at NRL for OPIE 2.0. */ #include "opie_cfg.h" #if NEED_GETUSERSHELL #include static FILE *fh = NULL; static char *internal[] = {"/bin/sh", "/bin/csh", NULL}; static int i = 0; static char buffer[1024]; char *getusershell() { char *c; if (!fh) fh = fopen("/etc/shells", "r"); if (fh) { if (fgets(buffer, sizeof(buffer), fh)) { if (c = strchr(buffer, '\n')) *c = 0; return buffer; } else { fclose(fh); return NULL; } } else { if (internal[i]) return internal[i++]; else return NULL; } } endusershell() { if (fh) { fclose(fh); fh = NULL; } i = 0; } #endif /* NEED_GETUSERSHELL */ opie-2.11/glob.c100644 4101 3565 30073 6070043273 12014 0ustar cmetzipv6/* glob.c: The csh et al glob pattern matching routines. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Originally from BSD. */ /* * Copyright (c) 1980 Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static char sccsid[] = "@(#)glob.c 5.9 (Berkeley) 2/25/91"; #endif /* not lint */ /* * C-shell glob for random programs. */ #include "opie_cfg.h" #include #include #include #include #include #include #include #include /* #include */ #ifndef NCARGS #define NCARGS 600 #endif /* NCARGS */ #define QUOTE 0200 #define TRIM 0177 #define eq(a,b) (strcmp((a),(b)) == (0)) #define GAVSIZ (NCARGS/6) #define isdir(d) (((d.st_mode) & S_IFMT) == S_IFDIR) static char **gargv; /* Pointer to the (stack) arglist */ static int gargc; /* Number args in gargv */ static int gnleft; static short gflag; static int tglob(); char **ftpglob(); char *globerr; char *home; extern int errno; char *strspl(); static char *strend(); char **copyblk(); static int globcnt; char *globchars = "`{[*?"; static char *gpath, *gpathp, *lastgpathp; static int globbed; static char *entp; static char **sortbas; static int amatch __ARGS((char *p, char *s)); static int execbrc __ARGS((register char *p, register char *s)); int any __ARGS((int, char *)); void opiefatal __ARGS((char *)); char **copyblk __ARGS((char **)); static int match(s, p) char *s, *p; { register int c; register char *sentp; char sglobbed = globbed; if (*s == '.' && *p != '.') return (0); sentp = entp; entp = s; c = amatch(s, p); entp = sentp; globbed = sglobbed; return (c); } static int Gmatch(s, p) register char *s, *p; { register int scc; int ok, lc; int c, cc; for (;;) { scc = *s++ & TRIM; switch (c = *p++) { case '[': ok = 0; lc = 077777; while (cc = *p++) { if (cc == ']') { if (ok) break; return (0); } if (cc == '-') { if (lc <= scc && scc <= *p++) ok++; } else if (scc == (lc = cc)) ok++; } if (cc == 0) if (ok) p--; else return 0; continue; case '*': if (!*p) return (1); for (s--; *s; s++) if (Gmatch(s, p)) return (1); return (0); case 0: return (scc == 0); default: if ((c & TRIM) != scc) return (0); continue; case '?': if (scc == 0) return (0); continue; } } } static void Gcat(s1, s2) register char *s1, *s2; { register int len = strlen(s1) + strlen(s2) + 1; if (len >= gnleft || gargc >= GAVSIZ - 1) globerr = "Arguments too long"; else { gargc++; gnleft -= len; gargv[gargc] = 0; gargv[gargc - 1] = strspl(s1, s2); } } static void addpath(c) char c; { if (gpathp >= lastgpathp) globerr = "Pathname too long"; else { *gpathp++ = c; *gpathp = 0; } } static void rscan(t, f) register char **t; int (*f) (); { register char *p, c; while (p = *t++) { if (f == tglob) if (*p == '~') gflag |= 2; else if (eq(p, "{") || eq(p, "{}")) continue; while (c = *p++) (*f) (c); } } static int tglob(c) register char c; { if (any(c, globchars)) gflag |= c == '{' ? 2 : 1; return (c); } int letter(c) register char c; { return (c >= 'a' && c <= 'z' || c >= 'A' && c <= 'Z' || c == '_'); } int digit(c) register char c; { return (c >= '0' && c <= '9'); } int any(c, s) int c; char *s; { while (*s) if (*s++ == c) return (1); return (0); } int blklen(av) register char **av; { register int i = 0; while (*av++) i++; return (i); } char ** blkcpy(oav, bv) char **oav; register char **bv; { register char **av = oav; while (*av++ = *bv++) continue; return (oav); } void blkfree(av0) char **av0; { register char **av = av0; while (*av) free(*av++); } char *strspl(cp, dp) register char *cp, *dp; { register char *ep = (char *) malloc((unsigned) (strlen(cp) + strlen(dp) + 1)); if (ep == (char *) 0) opiefatal("Out of memory"); strcpy(ep, cp); strcat(ep, dp); return (ep); } char **copyblk(v) char **v; { register char **nv = (char **) malloc((unsigned) ((blklen(v) + 1) * sizeof(char **))); if (nv == (char **) 0) opiefatal("Out of memory"); return (blkcpy(nv, v)); } static char * strend(cp) register char *cp; { while (*cp) cp++; return (cp); } /* * Extract a home directory from the password file * The argument points to a buffer where the name of the * user whose home directory is sought is currently. * We write the home directory of the user back there. */ int gethdir(home) char *home; { register struct passwd *pp = getpwnam(home); if (!pp || home + strlen(pp->pw_dir) >= lastgpathp) return (1); strcpy(home, pp->pw_dir); return (0); } static void ginit(agargv) char **agargv; { agargv[0] = 0; gargv = agargv; sortbas = agargv; gargc = 0; gnleft = NCARGS - 4; } static void sort() { register char **p1, **p2, *c; char **Gvp = &gargv[gargc]; p1 = sortbas; while (p1 < Gvp - 1) { p2 = p1; while (++p2 < Gvp) if (strcmp(*p1, *p2) > 0) c = *p1, *p1 = *p2, *p2 = c; p1++; } sortbas = Gvp; } static void matchdir(pattern) char *pattern; { struct stat stb; register struct dirent *dp; DIR *dirp; dirp = opendir(*gpath == '\0' ? "." : gpath); if (dirp == NULL) { if (globbed) return; goto patherr2; } #if !defined(linux) if (fstat(dirp->dd_fd, &stb) < 0) goto patherr1; if (!isdir(stb)) { errno = ENOTDIR; goto patherr1; } #endif /* !defined(linux) */ while ((dp = readdir(dirp)) != NULL) { if (dp->d_ino == 0) continue; if (match(dp->d_name, pattern)) { Gcat(gpath, dp->d_name); globcnt++; } } closedir(dirp); return; patherr1: closedir(dirp); patherr2: globerr = "Bad directory components"; } static void expand(as) char *as; { register char *cs; register char *sgpathp, *oldcs; struct stat stb; sgpathp = gpathp; cs = as; if (*cs == '~' && gpathp == gpath) { addpath('~'); for (cs++; letter(*cs) || digit(*cs) || *cs == '-';) addpath(*cs++); if (!*cs || *cs == '/') { if (gpathp != gpath + 1) { *gpathp = 0; if (gethdir(gpath + 1)) globerr = "Unknown user name after ~"; strcpy(gpath, gpath + 1); } else strcpy(gpath, home); gpathp = strend(gpath); } } while (!any(*cs, globchars)) { if (*cs == 0) { if (!globbed) Gcat(gpath, ""); else if (stat(gpath, &stb) >= 0) { Gcat(gpath, ""); globcnt++; } goto endit; } addpath(*cs++); } oldcs = cs; while (cs > as && *cs != '/') cs--, gpathp--; if (*cs == '/') cs++, gpathp++; *gpathp = 0; if (*oldcs == '{') { execbrc(cs, ((char *) 0)); return; } matchdir(cs); endit: gpathp = sgpathp; *gpathp = 0; } static int execbrc(p, s) char *p, *s; { char restbuf[BUFSIZ + 2]; register char *pe, *pm, *pl; int brclev = 0; char *lm, savec, *sgpathp; for (lm = restbuf; *p != '{'; *lm++ = *p++) continue; for (pe = ++p; *pe; pe++) switch (*pe) { case '{': brclev++; continue; case '}': if (brclev == 0) goto pend; brclev--; continue; case '[': for (pe++; *pe && *pe != ']'; pe++) continue; continue; } pend: brclev = 0; for (pl = pm = p; pm <= pe; pm++) switch (*pm & (QUOTE | TRIM)) { case '{': brclev++; continue; case '}': if (brclev) { brclev--; continue; } goto doit; case ',' | QUOTE: case ',': if (brclev) continue; doit: savec = *pm; *pm = 0; strcpy(lm, pl); strcat(restbuf, pe + 1); *pm = savec; if (s == 0) { sgpathp = gpathp; expand(restbuf); gpathp = sgpathp; *gpathp = 0; } else if (amatch(s, restbuf)) return (1); sort(); pl = pm + 1; if (brclev) return (0); continue; case '[': for (pm++; *pm && *pm != ']'; pm++) continue; if (!*pm) pm--; continue; } if (brclev) goto doit; return (0); } static void acollect(as) register char *as; { register int ogargc = gargc; gpathp = gpath; *gpathp = 0; globbed = 0; expand(as); if (gargc != ogargc) sort(); } static void collect(as) register char *as; { if (eq(as, "{") || eq(as, "{}")) { Gcat(as, ""); sort(); } else acollect(as); } static int amatch(s, p) register char *s, *p; { register int scc; int ok, lc; char *sgpathp; struct stat stb; int c, cc; globbed = 1; for (;;) { scc = *s++ & TRIM; switch (c = *p++) { case '{': return (execbrc(p - 1, s - 1)); case '[': ok = 0; lc = 077777; while (cc = *p++) { if (cc == ']') { if (ok) break; return (0); } if (cc == '-') { if (lc <= scc && scc <= *p++) ok++; } else if (scc == (lc = cc)) ok++; } if (cc == 0) if (ok) p--; else return 0; continue; case '*': if (!*p) return (1); if (*p == '/') { p++; goto slash; } s--; do { if (amatch(s, p)) return (1); } while (*s++); return (0); case 0: return (scc == 0); default: if (c != scc) return (0); continue; case '?': if (scc == 0) return (0); continue; case '/': if (scc) return (0); slash: s = entp; sgpathp = gpathp; while (*s) addpath(*s++); addpath('/'); if (stat(gpath, &stb) == 0 && isdir(stb)) if (*p == 0) { Gcat(gpath, ""); globcnt++; } else expand(p); gpathp = sgpathp; *gpathp = 0; return (0); } } } char ** ftpglob(v) register char *v; { char agpath[BUFSIZ]; char *agargv[GAVSIZ]; char *vv[2]; vv[0] = v; vv[1] = 0; gflag = 0; rscan(vv, tglob); if (gflag == 0) { vv[0] = strspl(v, ""); return (copyblk(vv)); } globerr = 0; gpath = agpath; gpathp = gpath; *gpathp = 0; lastgpathp = &gpath[sizeof agpath - 2]; ginit(agargv); globcnt = 0; collect(v); if (globcnt == 0 && (gflag & 1)) { blkfree(gargv), gargv = 0; return (0); } else return (gargv = copyblk(gargv)); } opie-2.11/global.h100644 4101 3565 2334 6070043274 12316 0ustar cmetzipv6/* global.h: MD4/MD5 reference code types and constants. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Originally from RSADSI MD4/MD5 reference code. */ /* PROTOTYPES should be set to one if and only if the compiler supports function argument prototyping. The following makes PROTOTYPES default to 0 if it has not already been defined with C compiler flags. */ #ifndef PROTOTYPES #define PROTOTYPES 0 #endif /* POINTER defines a generic pointer type */ typedef unsigned char *POINTER; /* UINT2 defines a two byte word */ typedef unsigned short int UINT2; /* UINT4 defines a four byte word */ typedef unsigned long int UINT4; /* PROTO_LIST is defined depending on how PROTOTYPES is defined above. If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it returns an empty list. */ #if PROTOTYPES #define PROTO_LIST(list) list #else #define PROTO_LIST(list) () #endif #ifndef index #define index strchr #endif #ifndef rindex #define rindex strrchr #endif opie-2.11/logwtmp.c100644 4101 3565 10275 6070043274 12565 0ustar cmetzipv6/* logwtmp.c: Put an entry in the wtmp file. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Set process type for HPUX. Modified at NRL for OPIE 2.0. Originally from BSD. */ /* * Copyright (c) 1988 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #ifndef lint static char sccsid[] = "@(#)logwtmp.c 5.7 (Berkeley) 2/25/91"; #endif /* not lint */ #include "opie_cfg.h" #include #include #include #include #include #include #include static int fd = -1; #if DOUTMPX static int fdx = -1; /* SYSV has utmp AND utmpx rather than an enhanced utmp */ /* Also see the defines in opie_cfg.h */ #include #endif /* DOUTMPX */ #ifndef _PATH_WTMP #define _PATH_WTMP "/usr/adm/wtmp" #endif #ifndef _PATH_WTMPX #define _PATH_WTMPX "/usr/adm/wtmpx" #endif /* _PATH_UTMPX */ /* * Modified version of logwtmp that holds wtmp file open * after first call, for use with ftp (which may chroot * after login, but before logout). */ void logwtmp(line, name, host) char *line, *name, *host; { struct utmp ut; #if DOUTMPX struct utmpx utx; #endif /* DOUTMPX */ struct stat buf; time_t time(); memset(&ut, 0, sizeof(struct utmp)); if (fd < 0 && (fd = open(_PATH_WTMP, O_WRONLY | O_APPEND, 0)) < 0) return; if (fstat(fd, &buf) == 0) { #ifdef hpux ut.ut_type = USER_PROCESS; ut.ut_pid = getpid(); #endif /* hpux */ strncpy(ut.ut_line, line, sizeof(ut.ut_line)); strncpy(ut.ut_name, name, sizeof(ut.ut_name)); #if !DOUTMPX strncpy(ut.ut_host, host, sizeof(ut.ut_host)); #endif /* !DOUTMPX */ time(&ut.ut_time); if (write(fd, (char *) &ut, sizeof(struct utmp)) != sizeof(struct utmp)) ftruncate(fd, buf.st_size); } #if DOUTMPX memset(&utx, 0, sizeof(struct utmpx)); if (fdx < 0 && (fdx = open(WTMPX_FILE, O_WRONLY | O_APPEND, 0)) < 0) return; if (fstat(fdx, &buf) == 0) { strncpy(utx.ut_line, line, sizeof(utx.ut_line)); strncpy(utx.ut_name, name, sizeof(utx.ut_name)); strncpy(utx.ut_host, host, sizeof(utx.ut_host)); gettimeofday(&utx.ut_tv); if (write(fdx, (char *) &utx, sizeof(struct utmpx)) != sizeof(struct utmpx)) ftruncate(fdx, buf.st_size); } #endif /* DOUTMPX */ } opie-2.11/md4.h100644 4101 3565 3303 6070043274 11537 0ustar cmetzipv6/* md4.h: "RSA Data Security, Inc. MD4 Message-Digest Algorithm" (header file for MD4C.C) Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Originally from RSADSI reference code. */ /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD4 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD4 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. */ /* MD4 context. */ struct MD4_CTX { UINT4 state[4]; /* state (ABCD) */ UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ unsigned char buffer[64]; /* input buffer */ }; void MD4Init __ARGS((struct MD4_CTX *)); void MD4Update __ARGS((struct MD4_CTX *, unsigned char *, unsigned int)); void MD4Final __ARGS((unsigned char[16], struct MD4_CTX *)); opie-2.11/md4c.c100644 4101 3565 21335 6070043274 11722 0ustar cmetzipv6/* md4c.c: "RSA Data Security, Inc. MD4 Message-Digest Algorithm" Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Originally from RSADSI reference code. */ /* Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD4 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD4 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. */ #include "opie_cfg.h" #include "global.h" #include "md4.h" /* Constants for MD4Transform routine. */ #define S11 3 #define S12 7 #define S13 11 #define S14 19 #define S21 3 #define S22 5 #define S23 9 #define S24 13 #define S31 3 #define S32 9 #define S33 11 #define S34 15 static void MD4Transform __ARGS((UINT4[4], unsigned char[64])); static void Encode __ARGS((unsigned char *, UINT4 *, unsigned int)); static void Decode __ARGS((UINT4 *, unsigned char *, unsigned int)); static void MD4_memcpy __ARGS((POINTER, POINTER, unsigned int)); static void MD4_memset __ARGS((POINTER, int, unsigned int)); static unsigned char PADDING[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; /* F, G and H are basic MD4 functions. */ #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) #define H(x, y, z) ((x) ^ (y) ^ (z)) /* ROTATE_LEFT rotates x left n bits. */ #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) /* FF, GG and HH are transformations for rounds 1, 2 and 3 */ /* Rotation is separate from addition to prevent recomputation */ #define FF(a, b, c, d, x, s) { \ (a) += F ((b), (c), (d)) + (x); \ (a) = ROTATE_LEFT ((a), (s)); \ } #define GG(a, b, c, d, x, s) { \ (a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \ (a) = ROTATE_LEFT ((a), (s)); \ } #define HH(a, b, c, d, x, s) { \ (a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \ (a) = ROTATE_LEFT ((a), (s)); \ } /* MD4 initialization. Begins an MD4 operation, writing a new context. */ void MD4Init(context) struct MD4_CTX *context; /* context */ { context->count[0] = context->count[1] = 0; /* Load magic initialization constants. */ context->state[0] = 0x67452301; context->state[1] = 0xefcdab89; context->state[2] = 0x98badcfe; context->state[3] = 0x10325476; } /* MD4 block update operation. Continues an MD4 message-digest operation, processing another message block, and updating the context. */ void MD4Update(context, input, inputLen) struct MD4_CTX *context; /* context */ unsigned char *input; /* input block */ unsigned int inputLen; /* length of input block */ { unsigned int i, index, partLen; /* Compute number of bytes mod 64 */ index = (unsigned int) ((context->count[0] >> 3) & 0x3F); /* Update number of bits */ if ((context->count[0] += ((UINT4) inputLen << 3)) < ((UINT4) inputLen << 3)) context->count[1]++; context->count[1] += ((UINT4) inputLen >> 29); partLen = 64 - index; /* Transform as many times as possible. */ if (inputLen >= partLen) { MD4_memcpy ((POINTER) & context->buffer[index], (POINTER) input, partLen); MD4Transform(context->state, context->buffer); for (i = partLen; i + 63 < inputLen; i += 64) MD4Transform(context->state, &input[i]); index = 0; } else i = 0; /* Buffer remaining input */ MD4_memcpy ((POINTER) & context->buffer[index], (POINTER) & input[i], inputLen - i); } /* MD4 finalization. Ends an MD4 message-digest operation, writing the the message digest and zeroizing the context. */ void MD4Final(digest, context) unsigned char digest[16]; /* message digest */ struct MD4_CTX *context; /* context */ { unsigned char bits[8]; unsigned int index, padLen; /* Save number of bits */ Encode(bits, context->count, 8); /* Pad out to 56 mod 64. */ index = (unsigned int) ((context->count[0] >> 3) & 0x3f); padLen = (index < 56) ? (56 - index) : (120 - index); MD4Update(context, PADDING, padLen); /* Append length (before padding) */ MD4Update(context, bits, 8); /* Store state in digest */ Encode(digest, context->state, 16); /* Zeroize sensitive information. */ MD4_memset((POINTER) context, 0, sizeof(*context)); } /* MD4 basic transformation. Transforms state based on block. */ static void MD4Transform(state, block) UINT4 state[4]; unsigned char block[64]; { UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; Decode(x, block, 64); /* Round 1 */ FF(a, b, c, d, x[0], S11); /* 1 */ FF(d, a, b, c, x[1], S12); /* 2 */ FF(c, d, a, b, x[2], S13); /* 3 */ FF(b, c, d, a, x[3], S14); /* 4 */ FF(a, b, c, d, x[4], S11); /* 5 */ FF(d, a, b, c, x[5], S12); /* 6 */ FF(c, d, a, b, x[6], S13); /* 7 */ FF(b, c, d, a, x[7], S14); /* 8 */ FF(a, b, c, d, x[8], S11); /* 9 */ FF(d, a, b, c, x[9], S12); /* 10 */ FF(c, d, a, b, x[10], S13); /* 11 */ FF(b, c, d, a, x[11], S14); /* 12 */ FF(a, b, c, d, x[12], S11); /* 13 */ FF(d, a, b, c, x[13], S12); /* 14 */ FF(c, d, a, b, x[14], S13); /* 15 */ FF(b, c, d, a, x[15], S14); /* 16 */ /* Round 2 */ GG(a, b, c, d, x[0], S21); /* 17 */ GG(d, a, b, c, x[4], S22); /* 18 */ GG(c, d, a, b, x[8], S23); /* 19 */ GG(b, c, d, a, x[12], S24); /* 20 */ GG(a, b, c, d, x[1], S21); /* 21 */ GG(d, a, b, c, x[5], S22); /* 22 */ GG(c, d, a, b, x[9], S23); /* 23 */ GG(b, c, d, a, x[13], S24); /* 24 */ GG(a, b, c, d, x[2], S21); /* 25 */ GG(d, a, b, c, x[6], S22); /* 26 */ GG(c, d, a, b, x[10], S23); /* 27 */ GG(b, c, d, a, x[14], S24); /* 28 */ GG(a, b, c, d, x[3], S21); /* 29 */ GG(d, a, b, c, x[7], S22); /* 30 */ GG(c, d, a, b, x[11], S23); /* 31 */ GG(b, c, d, a, x[15], S24); /* 32 */ /* Round 3 */ HH(a, b, c, d, x[0], S31); /* 33 */ HH(d, a, b, c, x[8], S32); /* 34 */ HH(c, d, a, b, x[4], S33); /* 35 */ HH(b, c, d, a, x[12], S34); /* 36 */ HH(a, b, c, d, x[2], S31); /* 37 */ HH(d, a, b, c, x[10], S32); /* 38 */ HH(c, d, a, b, x[6], S33); /* 39 */ HH(b, c, d, a, x[14], S34); /* 40 */ HH(a, b, c, d, x[1], S31); /* 41 */ HH(d, a, b, c, x[9], S32); /* 42 */ HH(c, d, a, b, x[5], S33); /* 43 */ HH(b, c, d, a, x[13], S34); /* 44 */ HH(a, b, c, d, x[3], S31); /* 45 */ HH(d, a, b, c, x[11], S32); /* 46 */ HH(c, d, a, b, x[7], S33); /* 47 */ HH(b, c, d, a, x[15], S34); /* 48 */ state[0] += a; state[1] += b; state[2] += c; state[3] += d; /* Zeroize sensitive information. */ MD4_memset((POINTER) x, 0, sizeof(x)); } /* Encodes input (UINT4) into output (unsigned char). Assumes len is a multiple of 4. */ static void Encode(output, input, len) unsigned char *output; UINT4 *input; unsigned int len; { unsigned int i, j; for (i = 0, j = 0; j < len; i++, j += 4) { output[j] = (unsigned char) (input[i] & 0xff); output[j + 1] = (unsigned char) ((input[i] >> 8) & 0xff); output[j + 2] = (unsigned char) ((input[i] >> 16) & 0xff); output[j + 3] = (unsigned char) ((input[i] >> 24) & 0xff); } } /* Decodes input (unsigned char) into output (UINT4). Assumes len is a multiple of 4. */ static void Decode(output, input, len) UINT4 *output; unsigned char *input; unsigned int len; { unsigned int i, j; for (i = 0, j = 0; j < len; i++, j += 4) output[i] = ((UINT4) input[j]) | (((UINT4) input[j + 1]) << 8) | (((UINT4) input[j + 2]) << 16) | (((UINT4) input[j + 3]) << 24); } /* Note: Replace "for loop" with standard memcpy if possible. */ static void MD4_memcpy(output, input, len) POINTER output; POINTER input; unsigned int len; { unsigned int i; for (i = 0; i < len; i++) output[i] = input[i]; } /* Note: Replace "for loop" with standard memset if possible. */ static void MD4_memset(output, value, len) POINTER output; int value; unsigned int len; { unsigned int i; for (i = 0; i < len; i++) ((char *) output)[i] = (char) value; } opie-2.11/md5.h100644 4101 3565 3472 6070043274 11547 0ustar cmetzipv6/* md5.h: "RSA Data Security, Inc. MD5 Message-Digest Algorithm" (header file for MD5C.C) Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Originally from RSADSI reference code. */ /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. */ /* Hack by Dan McD. */ #ifndef __alpha #define UINT4 unsigned long #else /* __alpha */ #define UINT4 unsigned int #endif /* __alpha */ /* MD5 context. */ struct MD5_CTX { UINT4 state[4]; /* state (ABCD) */ UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ unsigned char buffer[64]; /* input buffer */ }; void MD5Init __ARGS((struct MD5_CTX *)); void MD5Update __ARGS((struct MD5_CTX *, unsigned char *, unsigned int)); void MD5Final __ARGS((unsigned char[16], struct MD5_CTX *)); opie-2.11/md5c.c100644 4101 3565 25062 6070043275 11725 0ustar cmetzipv6/* md5c.c: "RSA Data Security, Inc. MD5 Message-Digest Algorithm" "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Minor autoconf mods. Modified at NRL for OPIE 2.0. Originally from RSADSI reference code. */ /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. */ #include "opie_cfg.h" #include "global.h" #include "md5.h" /* Constants for MD5Transform routine. */ #define S11 7 #define S12 12 #define S13 17 #define S14 22 #define S21 5 #define S22 9 #define S23 14 #define S24 20 #define S31 4 #define S32 11 #define S33 16 #define S34 23 #define S41 6 #define S42 10 #define S43 15 #define S44 21 #if HAVE_MEMSET || defined(memset) #define MD5_memset memset #else /* HAVE_MEMSET || defined(memset) */ static void MD5_memset(output, value, len) POINTER output; int value; unsigned int len; { unsigned int i; for (i = 0; i < len; i++) ((char *) output)[i] = (char) value; } #endif /* HAVE_MEMSET || defined(memset) */ #if HAVE_MEMCPY || defined(memcpy) #define MD5_memcpy memcpy #else /* HAVE_MEMCPY || defined(memcpy) */ static void MD5_memcpy(output, input, len) POINTER output; POINTER input; unsigned int len; { unsigned int i; for (i = 0; i < len; i++) output[i] = input[i]; } #endif /* HAVE_MEMCPY || defined(memcpy) */ static void MD5Transform __ARGS((UINT4[4], unsigned char[64])); static void EEncode __ARGS((unsigned char *, UINT4 *, unsigned int)); static void EDecode __ARGS((UINT4 *, unsigned char *, unsigned int)); static unsigned char PADDING[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; /* * Encodes input (UINT4) into output (unsigned char). * Assumes len is a multiple of 4. */ static void EEncode(output, input, len) unsigned char *output; UINT4 *input; unsigned int len; { unsigned int i, j; for (i = 0, j = 0; j < len; i++, j += 4) { output[j] = (unsigned char) (input[i] & 0xff); output[j + 1] = (unsigned char) ((input[i] >> 8) & 0xff); output[j + 2] = (unsigned char) ((input[i] >> 16) & 0xff); output[j + 3] = (unsigned char) ((input[i] >> 24) & 0xff); } } /* * Decodes input (unsigned char) into output (UINT4). * Assumes len is a multiple of 4. */ static void EDecode(output, input, len) UINT4 *output; unsigned char *input; unsigned int len; { unsigned int i, j; for (i = 0, j = 0; j < len; i++, j += 4) output[i] = ((UINT4) input[j]) | (((UINT4) input[j + 1]) << 8) | (((UINT4) input[j + 2]) << 16) | (((UINT4) input[j + 3]) << 24); } /* F, G, H and I are basic MD5 functions. */ #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) #define G(x, y, z) (((x) & (z)) | ((y) & (~z))) #define H(x, y, z) ((x) ^ (y) ^ (z)) #define I(x, y, z) ((y) ^ ((x) | (~z))) /* ROTATE_LEFT rotates x left n bits. */ #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. Rotation is separate from addition to prevent recomputation. */ #define FF(a, b, c, d, x, s, ac) { \ (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define GG(a, b, c, d, x, s, ac) { \ (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define HH(a, b, c, d, x, s, ac) { \ (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define II(a, b, c, d, x, s, ac) { \ (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } /* MD5 initialization. Begins an MD5 operation, writing a new context. */ void MD5Init(context) struct MD5_CTX *context; /* context */ { context->count[0] = context->count[1] = 0; /* Load magic initialization constants. */ context->state[0] = 0x67452301; context->state[1] = 0xefcdab89; context->state[2] = 0x98badcfe; context->state[3] = 0x10325476; } /* * MD5 block update operation. Continues an MD5 message-digest * operation, processing another message block, and updating the * context. */ void MD5Update(context, input, inputLen) struct MD5_CTX *context; /* context */ unsigned char *input; /* input block */ unsigned int inputLen; /* length of input block */ { unsigned int i, index, partLen; /* Compute number of bytes mod 64 */ index = (unsigned int) ((context->count[0] >> 3) & 0x3F); /* Update number of bits */ if ((context->count[0] += ((UINT4) inputLen << 3)) < ((UINT4) inputLen << 3)) context->count[1]++; context->count[1] += ((UINT4) inputLen >> 29); partLen = 64 - index; /* Transform as many times as possible. */ if (inputLen >= partLen) { MD5_memcpy((POINTER)&context->buffer[index], (POINTER)input, partLen); MD5Transform(context->state, context->buffer); for (i = partLen; i + 63 < inputLen; i += 64) MD5Transform(context->state, &input[i]); index = 0; } else i = 0; /* Buffer remaining input */ MD5_memcpy((POINTER) & context->buffer[index], (POINTER) & input[i], inputLen - i); } /* MD5 finalization. Ends an MD5 message-digest operation, writing the the message digest and zeroizing the context. */ void MD5Final(digest, context) unsigned char digest[16]; /* message digest */ struct MD5_CTX *context; /* context */ { unsigned char bits[8]; unsigned int index, padLen; /* Save number of bits */ EEncode(bits, context->count, 8); /* Pad out to 56 mod 64. */ index = (unsigned int) ((context->count[0] >> 3) & 0x3f); padLen = (index < 56) ? (56 - index) : (120 - index); MD5Update(context, PADDING, padLen); /* Append length (before padding) */ MD5Update(context, bits, 8); /* Store state in digest */ EEncode(digest, context->state, 16); /* Zeroize sensitive information. */ MD5_memset((POINTER) context, 0, sizeof(*context)); } /* MD5 basic transformation. Transforms state based on block. */ static void MD5Transform(state, block) UINT4 state[4]; unsigned char block[64]; { UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; EDecode(x, block, 64); /* Round 1 */ FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */ FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */ FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */ FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */ FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */ FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */ FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */ FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */ FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */ FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */ FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ /* Round 2 */ GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */ GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */ GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */ GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */ GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */ GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */ GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */ GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */ GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */ GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */ GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ /* Round 3 */ HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */ HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */ HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */ HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */ HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */ HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */ HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */ HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */ HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */ HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */ /* Round 4 */ II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */ II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */ II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */ II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */ II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */ II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */ II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */ II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */ II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */ II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */ state[0] += a; state[1] += b; state[2] += c; state[3] += d; /* Zeroize sensitive information. */ MD5_memset((POINTER) x, 0, sizeof(x)); } opie-2.11/mkmf100755 4101 3565 4663 6070255212 11571 0ustar cmetzipv6#!/usr/local/bin/perl # mkmf: Munge Makefile.source into Makefile with System targets set up # # Portions of this software are Copyright 1995 by Randall Atkinson and Dan # McDonald, All Rights Reserved. All Rights under this copyright are assigned # to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and # License Agreement applies to this software. # # History: # # Modified at NRL for OPIE 2.1. Added Autoconf target. # Modified at NRL for OPIE 2.01. Added A/UX target. # Written at NRL for OPIE 2.0. # @targets = ( "Solaris", "SunOS", "4.4BSD", "BSD/OS", "Linux", "IRIX", "HP-UX9", "HP-UX10", "AIX", "FreeBSD", "NetBSD", "A/UX" ); @files = ( "Makefile", "Makefile.in" ); foreach $i (@files) { open(MAKEFILE, ">$i"); print MAKEFILE "#!/usr/bin/make\n#\n# This file is a product of Makefile.source being run through the mkmf\n# Perl script to generate all of the System-Target format make targets\n# automatically and is ready to be hacked to suit your needs. If you make\n# modifications to the OPIE Makefiles as a programmer, please modify the\n# Makefile.source file instead of this one.\n#\n##\n"; $copyit = 1; open(MAKEFILE_SOURCE, ") { /^#!\/usr\/bin\/make/ && do { $copyit = 0; }; /^##/ && do { $copyit = 1; }; /^# Chop, Chop/ && do { $copyit = 0; }; if ($copyit && !/##/) { print MAKEFILE $_; }; }; close(MAKEFILE_SOURCE); print "Building $i. Targets:\n\n"; foreach $i (@targets) { $target = $i; $target =~ s:\/::g; $target =~ s:\-::g; $target =~ s:\.::g; $target =~ tr/[A-Z]/[a-z]/; print "$i $target\n"; $pluck = 0; @targetvars = (); open(MAKEFILE_SOURCE, ") { if ($pluck) { chop($_); /^#([A-Z_]+)=([@A-Za-z0-9\-_\ :\/=\.]+)$/ && do { @targetvars = (@targetvars, "$1=\"$2\""); }; $pluck = 0; } else { /^# / && do { /$i/ && do { $pluck = 1; }; }; }; }; close(MAKEFILE_SOURCE); print MAKEFILE "\n$target: $target-all\n"; print MAKEFILE "\n$target-: $target-all\n"; foreach $k ("all", "test", "install", "uninstall", "client", "client-install", "server", "server-install") { print MAKEFILE "\n"; print MAKEFILE "$target-$k:\n\tmake"; foreach $j (@targetvars) { print MAKEFILE " $j"; }; print MAKEFILE " $k\n\n"; close(MAKEFILE_SOURCE); }; }; @targets = (@targets, "Autoconf"); print "\n"; }; opie-2.11/opie.4100644 4101 3565 34521 6070043275 11752 0ustar cmetzipv6.\" opie.4: Overview of the OPIE software. .\" .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and .\" License Agreement applies to this software. .\" .\" History: .\" .\" Modified at NRL for OPIE 2.01. Updated UNIX trademark credit. .\" Definition of "seed" written by Neil Haller of Bellcore .\" Written at NRL for OPIE 2.0. .\" .TH OPIE 4 "January 10, 1995" .SH NAME .B OPIE \- One-time Passwords In Everything .SH DESCRIPTION .LP OPIE is a package derived from the Bellcore S/Key Version 1 distribution that helps to secure a system against replay attacks (see below). It does so using a secure hash function and a challenge/response system. It provides replacements for the .IR login (1), .IR su (1), and .IR ftpd (8) programs that use OPIE authentication as well as demonstrate how a program might be adapted to use OPIE authentication. OPIE was developed at and for the United States Naval Research Laboratory (NRL). OPIE is derived in part from Berkeley Standard Distribution UNIX and the Bellcore S/Key Version 1 distribution. .LP From the average user's perspective, OPIE is a nuisance that prevents their account from being broken into. The first time a user wishes to use OPIE, (s)he needs to use the .IR opiepasswd (1) command to put an entry for them into the OPIE database. The user can then use OPIE to authenticate themselves with any program that supports it. If no other clients are being used, this means they can use OPIE to .I telnet, .I rlogin, or .I ftp into the system, log in on a terminal port (like a modem), or switch to another user's account. When they would normally be asked for a password, they will get a challenge from the server. They then need to copy that challenge (or re-type, if they don't have the ability to copy and paste through something like a window system) to their calculator program, enter their password, then copy (or re-type) the response from the calculator as their password. While this will seem cumbersome at first, with some practice, it becomes easy. .SH TERMS .TP .I user name The name that the system knows you as. For example, "jdoe". .TP .I secret password A password, usually selected by the user, that is needed to gain access to the system. For example, "SEc1_rt". .TP .I challenge A packet of information output by a system when it wishes to authenticate a user. In OPIE, this is a three-item group consisting of a hash identifier, a sequence number, and a seed, all surrounded by square brackets. This information is needed by the OPIE calculator to generate a proper response. For example, "[otp-md5 95 wi14321]". .TP .I response A packet of information generated from a challenge that is used by a system to authenticate a user. In OPIE, this is a group of six words that is generated by the calculator given the challenge and the secret password. For example, "PUP SOFT ROSE BIAS FLAG END". .TP .I seed A piece of information that is used in conjunction with the secret password and sequence numer to compute the response. Its purpose is to allow the same secret password to be used for multiple sequences, by changing the seed, or for authentication to multiple machines by using different seeds. .TP .I sequence number A counter used to keep track of key iterations. In OPIE, each time a successful response is received by the system, the sequence number is decremented. For example, "95". .TP .I hash identifier A piece of text that identifies the actual algorithm that needs to be used to generate a proper response. In OPIE, the only two valid hash identifiers are "otp-md4", which selects MD4 hashing, and "otp-md5", which selects MD5. .SH REPLAY ATTACKS When you use a network terminal program like .IR telnet (1) or even use a modem to log into a computer system, you need a user name and a secret password. Anyone who can provide those to the system is recognized as you because, in theory, only you would have your secret password. Unfortunately, it is now easy to listen in on many computer communications media. From modem communication to many networks, your password is not usually safe over remote links. If a cracker can listen in when you send your password, (s)he then has a copy of your password that can be used at any time in the future to access your account. On more than one occasion, major sites on the Internet have been broken into exactly this way. .LP All an attacker has to do is capture your password once and then replay it to the server when it's asked for. Even if the password is communicated between machines in encoded or encrypted form, as long as a cracker can get in by simply replaying a previously captured communication, you are at risk. Up until very recently, Novell NetWare was vulnerable this way. A cracker couldn't find out what your password actually is, but (s)he didn't need to -- all that was necessary to get into your account was to capture the encrypted password and send that back to the server when asked for it. .SH ONE-TIME PASSWORDS One solution to the problem of replay attacks is to keep changing the way that a password is being encoded so that what is sent over the link to another system can only be used once. If you can do that, then a cracker can replay it as many times as (s)he wants -- it's just not going to get them anywhere. It's important, however, to make sure you encode the password in such a way that the cracker can't use the encoded version to figure out what the password is or what a future encoded password will be. Otherwise, while still an improvement over no encoding or a fixed encoding, you can still be broken into. .SH THE S/KEY ALGORITHM A solution to this whole problem was invented by Lamport in 1981. This technique was implemented by Haller, Karn, and Walden at Bellcore. They They created a free software package called "S/Key" that used an algorithm called a cryptographic checksum. A cryptographic checksum is a strong one-way function such that, knowing the result of such a function, an attacker still cannot feasably determine the input. Further, unlike cyclic redundancy checksums (CRCs), cryptographic checksums have few inputs that result in the same output. .LP In S/Key, what changes is the number of times the password is run through the secure hash. The password is run through the secure hash once, then the output of the hash is run through the secure hash again, that output is run through the secure hash again, and so on until the number of times the password has been run through the secure hash is equal to the desired sequence number. This is much slower than just, say, putting the sequence number in before the password and running that through the secure hash once, but it gains you one significant benefit. The server machine you are trying to connect to has to have some way to determine whether the output of that whole mess is right. If it stores it either without any encoding or with a normal encoding, a cracker could still get at your password. But if it stores it with a secure hash, then how does it account for the response changing every time because the sequence number is changing? Also what if you can never get to the machine any way that can't be listened in on? How do you change your password without sending it over the link? .LP The clever solution devised by Lamport is to keep in mind that the sequence number is always decrementing by one and that, in the S/Key system, simply by running any response with a sequence number N through the secure hash, you can get the response with a sequence number N+1, but you can't go the other way. At any given time, call the sequence number of the last valid response that the system got N+1 and the sequence number of the response you are giving it N. If the password that generated the response for N is the same as the one for N+1, then you should be able to run the response for N through the secure hash one more time, for a total of N+1 times, and get the same response as you got back for N+1. Once you compare the two and find that they are the same, you subtract one from N so that, now, the key for N that you just verified becomes the new key for N+1 that you can store away to use the next time you need to verify a key. This also means that if you need to change your password but don't have a secure way to access your machine, all the system really needs to have to verify your password is a valid response for one more than the sequence number you want to start with. .LP Just for good measure, each side of all of this uses a seed in conjunction with your password when it actually generates and verifies the responses. This helps to jumble things up a little bit more, just in case. Otherwise, someone with a lot of time and disk space on their hands could generate all the responses for a lot of frequent passwords and defeat the system. .LP This is not, by any means, the best explanation of how the S/Key algorithm works or some of the more minor details. For that, you should go to some of the papers now published on the topic. It is simply a quick-and-dirty introduction to what's going on under the hood. .SH OPIE COMPONENTS Included in the OPIE distribution are three OPIE client programs: .IR opielogin (1), .IR opiesu (1), and .IR opieftpd (8). These three programs are modified versions of the freely available 4.3BSD Net/2 versions of .IR login (1), .IR su (1), and .IR ftpd (8), respectively. Although most of the modifications actually done to them are so that they will work on as many machines as possible, they also have been modified to support OPIE for authentication. As you will see from the source, it is not very difficult to add support for OPIE to other programs. .LP There are also three programs in the OPIE distribution that are specific to the OPIE system: .IR opiepasswd (1), which allows a user to set and change their OPIE password, .IR opieinfo (1), which allows a user to find out what their current sequence number and seed are, and .IR opiekey(1), which is an OPIE key calculator. .LP ADDING OPIE TO OTHER PROGRAMS Adding OPIE authentication to programs other than the ones included as clients in the OPIE distribution isn't very difficult. First, you will need to make sure that the program includes somewhere. Then, below the other includes such as , but before variable declarations, you need to include "opie.h". You need to add a variable of type "struct opie" to your program, you need to make sure that the buffer that you use to get a password from the user is big enough to hold OPIE_RESPONSE_MAX+1 characters, and you need to have a buffer in which to store the challenge string that is big enough to hold OPIE_PROMPT_MAX+1 characters. .LP When you are ready to output the challenge string and know the user's name, you would use a call to opiechallenge. Later, to verify the response received, you would use a call to opieverify. For example: .sp 0 .sp 0 #include .sp 0 . .sp 0 . .sp 0 #include "opie.h" .sp 0 . .sp 0 . .sp 0 char *user_name; .sp 0 /* Always remember the trailing null! */ .sp 0 char password[OPIE_RESPONSE_MAX+1]; .sp 0 . .sp 0 . .sp 0 struct opie opiedata; .sp 0 char opieprompt[OPIE_PROMPT_MAX+1]; .sp 0 . .sp 0 . .sp 0 opiechallenge(&opiedata, user_name, &opieprompt); .sp 0 . .sp 0 . .sp 0 if (opieverify(&opiedata, password)) { .sp 0 printf("Login incorrect"); .sp 0 .SH TERMINAL SECURITY AND OPIE When using OPIE, you need to be careful not to allow your password to be communicated over an insecure channel where someone might be able to listen in and capture it. OPIE can protect you against people who might get your password from snooping on the line, but only if you make sure that the password itself never gets sent over the line. The important thing is to always run the OPIE calculator on whichever machine you are actually using - never on a machine you are connected to by network or by dialup. .LP You need to be careful about the X Window System, because it changes things quite a bit. For instance, if you run an xterm (or your favorite equivalent) on another machine and display it on your machine, you should not run an OPIE calculator in that window. When you type in your secret password, it still gets transmitted over the network to go to the machine the xterm is running on. People with machines such as X terminals that can only run the calculator over the network are in an especially precarious position because they really have no choice. Also, with the X Window System, as with some other window system (NeWS as an example), it is sometimes possible for people to read your keystrokes and capture your password even if you are running the OPIE calculator on your local machine. You should always use the best security mechanism available on your system to protect your X server, be it XDM-AUTHORIZATION-1, XDM-MAGIC-COOKIE-1, or host access control. *Never* just allow any machine to connect to your server because, by doing so, you are allowing any machine to read any of your windows or your keystrokes without you knowing it. .SH SEE ALSO .BR opie (4), .BR opiekeys (5), .BR opieaccess (5), .BR opiekey (1), .BR opieinfo (1), .BR opiepasswd (1), .BR opielogin (1), .BR opieftpd (8) .sp Lamport, L. "Password Authentication with Insecure Communication", Communications of the ACM 24.11 (November 1981), pp. 770-772. .sp Haller, N. "The S/KEY One-Time Password System", Proceedings of the ISOC Symposium on Network and Distributed System Security, February 1994, San Diego, CA. .sp Haller, N. and Atkinson, R, "On Internet Authentication", RFC-1704, DDN Network Information Center, October 1994. .sp Rivest, R. "The MD5 Message Digest Algorithm", RFC-1321, DDN Network Information Center, April 1992. .sp Rivest, R. "The MD4 Message Digest Algorithm", RFC-1320, DDN Network Information Center, April 1992. .SH AUTHOR Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. DES key crunching contributed by Marcus J. Ranum of TIS. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). UNIX is a trademark of X/Open. .SH CONTACT NRL OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: .sp skey-users-request@thumper.bellcore.com .sp For comments or bug reports relating to NRL OPIE, send email to: .sp opie-bugs@itd.nrl.navy.mil opie-2.11/opie.h100644 4101 3565 7562 6070043275 12023 0ustar cmetzipv6/* opie.h: Data structures and values for the OPIE authentication system that a program might need. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Written at Bellcore for the S/Key Version 1 software distribution (skey.h). */ #ifndef __ARGS #if !defined(ANSIPROTO) && (defined(__TURBOC__) || defined(__STDC__) || defined(LATTICE)) #define ANSIPROTO 1 #endif #ifndef __ARGS #ifdef ANSIPROTO #define __ARGS(x) x #else #define __ARGS(x) () #endif #endif #endif /* __ARGS */ /* Server library's internal state block. Code outside libopie.a should treat this as an opaque data block and should not ever manipulate this structure in any way. Its format is subject to change in future versions of OPIE. */ struct opie { FILE *keyfile; char buf[256]; char *logname; int n; char *seed; char *val; long recstart; /* needed so reread of buffer is efficient */ }; void opiehash __ARGS((char *x, unsigned algorithm)); int keycrunch __ARGS((unsigned algorithm, char *result, char *seed, char *passwd)); char *btoe __ARGS((char *engout, char *c)); char *put8 __ARGS((char *out, char *s)); int etob __ARGS((char *out, char *e)); void strip_crlf __ARGS((char *buf)); int opiechallenge __ARGS((struct opie * mp, char *name, char *ss)); int opielookup __ARGS((struct opie * mp, char *name)); int opieverify __ARGS((struct opie * mp, char *response)); char *readpass __ARGS((char *buf, int n)); int opieaccessfile __ARGS((char *)); int opiealways __ARGS((char *)); void opieversion __ARGS((void)); int opieinsecure __ARGS((void)); int opiekeycrunch __ARGS((unsigned, char *, char *, char *)); char *opiereadpass __ARGS((char *, int)); int opiepasscheck __ARGS((char *)); char *opiebtoe __ARGS((char *, char *)); int opieetob __ARGS((char *, char *)); void opiesevenbit __ARGS((char *)); int opiegetsequence __ARGS((struct opie *)); void opiestrip_crlf __ARGS((char *)); int opiebtoa8 __ARGS((char *, char *)); int opieatob8 __ARGS((char *, char *)); void opiebackspace __ARGS((char *)); /* Minimum length of a secret password */ #ifndef OPIE_PASS_MIN #define OPIE_PASS_MIN 10 #endif /* OPIE_PASS_MIN */ /* Maximum length of a secret password */ #ifndef OPIE_PASS_MAX #define OPIE_PASS_MAX 127 #endif /* OPIE_PASS_MAX */ /* Minimum length of a seed */ #ifndef OPIE_SEED_MIN #define OPIE_SEED_MIN 5 #endif /* OPIE_SEED_MIN */ /* Maximum length of a seed */ #ifndef OPIE_SEED_MAX #define OPIE_SEED_MAX 32 #endif /* OPIE_SEED_MAX */ /* Maximum length of a challenge (otp-md? 9999 seed) */ #ifndef OPIE_CHALLENGE_MAX #define OPIE_CHALLENGE_MAX (7+1+4+1+OPIE_SEED_MAX) #endif /* OPIE_CHALLENGE_MAX */ /* Maximum length of a response (six words up to four chars each w/spaces) */ #ifndef OPIE_RESPONSE_MAX #define OPIE_RESPONSE_MAX (6*4+5) #endif /* OPIE_RESPONSE_MAX */ /* Maximum length of a principal (read: user name) */ #ifndef OPIE_PRINCIPAL_MAX #define OPIE_PRINCIPAL_MAX 32 #endif /* OPIE_PRINCIPAL_MAX */ /* Maximum length of a request (principal + options) */ #ifndef OPIE_REQUEST_MAX #define OPIE_REQUEST_MAX 64 #endif /* OPIE_REQUEST_MAX */ /* Maximum number of requests */ #ifndef OPIE_NREQUEST_MAX #define OPIE_NREQUEST_MAX 4 #endif /* OPIE_NREQUEST_MAX */ /* How many characters from the host name to use in the seed? */ #define NAMELEN 2 /* This buffer should be only NAMELEN+1 chars long. However, we found that 4.4BSD croaks with ENOMEM if the buffer passwd is shorter than the current hostname, a quite different behavior than <= 4.3, which worked like a strncpy. The BSD man page for gethostname() is just vague enough that this isn't a bug. */ #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 32 #endif /* MAXHOSTNAMELEN */ opie-2.11/opie_cfg.h100644 4101 3565 4611 6070253762 12636 0ustar cmetzipv6/* opie_cfg.h: Various configuration-type pieces of information for OPIE. Or, at least, the common portion of it. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modifed at NRL for OPIE 2.1. Fixed sigprocmask declaration. Gutted for autoconf. Split up for autoconf. Written at NRL for OPIE 2.0. */ #define VERSION "2.11 Release" #define DATE "Wednesday, December 27, 1995" #if HAVE_CONFIG_H #include "config.h" #include "opie_auto.h" #else /* HAVE_CONFIG_H */ #include "opie_manual.h" #endif /* HAVE_CONFIG_H */ /* If the user didn't specify, default to MD5 */ #ifndef MDX #define MDX 5 #endif /* MDX */ #ifndef DOUTMPX #define DOUTMPX 0 #endif /* DOUTMPX */ #ifndef UTMPX #if DOUTMPX #define UTMPX utmpx #else /* DOUTMPX */ #define UTMPX utmp #endif /* DOUTMPX */ #endif /* UTMPX */ #define FALSE 0 #define TRUE -1 #ifndef _PATH_BSHELL #define _PATH_BSHELL "/bin/sh" #endif #ifndef _PATH_DEVNULL #define _PATH_DEVNULL "/dev/null" #endif #ifndef _PATH_FTPUSERS #define _PATH_FTPUSERS "/etc/ftpusers" #endif #ifndef TTYGRPNAME #define TTYGRPNAME "tty" /* name of group to own ttys */ #endif #ifndef NO_LOGINS_FILE #define NO_LOGINS_FILE "/etc/nologin" #endif #ifndef QUIET_LOGIN_FILE #define QUIET_LOGIN_FILE ".hushlogin" #endif #ifndef OPIE_ALWAYS_FILE #define OPIE_ALWAYS_FILE ".opiealways" #endif #ifndef OPIE_LOCK_PREFIX #define OPIE_LOCK_PREFIX "/tmp/opie-lock." #endif #ifndef OPIE_LOCK_TIMEOUT #define OPIE_LOCK_TIMEOUT (30*60) #endif #ifndef KEY_FILE #define KEY_FILE "/etc/opiekeys" #endif #ifndef MOTD_FILE #define MOTD_FILE "/etc/motd" #endif #ifndef SECURETTY #define SECURETTY "/etc/securetty" #endif /* SECURETTY */ #if defined(__TURBOC__) || defined(__STDC__) || defined(LATTICE) #define ANSIPROTO 1 #endif #ifndef __ARGS #ifdef ANSIPROTO #define __ARGS(x) x #else #define __ARGS(x) () #endif #endif #ifndef NBBY #define NBBY 8 /* Reasonable for modern systems */ #endif /* NBBY */ #ifndef LOGIN_PATH #define LOGIN_PATH "/usr/ucb:/bin:/usr/bin" #endif /* LOGIN_PATH */ #ifndef DOANONYMOUS #define DOANONYMOUS 0 #endif /* DOANONYMOUS */ #if NEED_ATEXIT #define atexit(x) #endif /* NEED_ATEXIT */ opie-2.11/opieaccess.5100644 4101 3565 6315 6070043276 13116 0ustar cmetzipv6.\" opieaccess.5: Manual page describing the /etc/opieaccess file. .\" .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and .\" License Agreement applies to this software. .\" .\" History: .\" .\" Written at NRL for OPIE 2.0. .\" .ll 6i .pl 10.5i .\" @(#)opieaccess.5 2.0 (NRL) 1/10/95 .\" .lt 6.0i .TH OPIEACCESS 5 "January 10, 1995" .AT 3 .SH NAME [/etc/]opieaccess \- OPIE database of trusted networks .SH DESCRIPTION The .I opieaccess file contains a list of networks that are considered trusted by the system as far as security against passive attacks is concerned. Users from networks so trusted will be able to log in using OPIE responses, but not be required to do so, while users from networks that are not trusted will always be required to use OPIE responses (the default behavior). This trust allows a site to have a more gentle migration to OPIE by allowing it to be non-mandatory for "inside" networks while allowing users to choose whether they with to use OPIE to protect their passwords or not. .sp The entire notion of trust implemented in the .I opieaccess file is a major security hole because it opens your system back up to the same passive attacks that the OPIE system is designed to protect you against. The .I opieaccess support in this version of OPIE exists solely because we believe that it is better to have it so that users who don't want their accounts broken into can use OPIE than to have them prevented from doing so by users who don't want to use OPIE. In any environment, it should be considered a transition tool and not a permanent fixture. When it is not being used as a transition tool, a version of OPIE that has been built without support for the .I opieaccess file should be built to prevent the possibility of an attacker using this file as a means to circumvent the OPIE software. .sp The .I opieaccess file consists of lines containing three fields separated by spaces (tabs are properly interpreted, but spaces should be used instead) as follows: .PP .nf .ta \w' 'u Field Description action "permit" or "deny" non-OPIE logins address Address of the network to match mask Mask of the network to match .fi Subnets can be controlled by using the appropriate address and mask. Individual hosts can be controlled by using the appropriate address and a mask of 255.255.255.255. If no rules are matched, the default is to deny non-0PIE logins. .SH SEE ALSO .BR opie (4), .BR opiekeys (5), .BR opiepasswd (1), .BR opieinfo (1), .BR opiesu (1), .BR opielogin (1), .BR opieftpd (8) .SH AUTHOR Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. DES key crunching contributed by Marcus J. Ranum of TIS. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). .SH CONTACT NRL OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: .sp skey-users-request@thumper.bellcore.com .sp For comments or bug reports relating to NRL OPIE, send email to: .sp opie-bugs@itd.nrl.navy.mil opie-2.11/opieftpd.8100644 4101 3565 20717 6070043276 12637 0ustar cmetzipv6.\" opieftpd.8: Manual page describing the FTP daemon. .\" .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and .\" License Agreement applies to this software. .\" .\" History: .\" .\" Modified at NRL for OPIE 2.0. .\" Originally from BSD. .\" .\" NOTE: .\" .\" This manual page uses the BSD >= Net/2 "mandoc" macros and may not .\" format properly on all systems. .\" .\" Copyright (c) 1985, 1988, 1991 The Regents of the University of California. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by the University of .\" California, Berkeley and its contributors. .\" 4. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" @(#)opieopieftpd.8 6.9 (Berkeley) 3/16/91 .\" .TH OPIEFTPD 8 "10 January 1995" .SH NAME opieftpd \- File Transfer Protocol server that uses OPIE authentication .SH SYNOPSIS .B opieftpd [\-d] [\-l] [\-t .I timeout ] [\-T .I maxtimeout ] .SH DESCRIPTION .I opieftpd is the Internet File Transfer Protocol server process. The server uses the TCP protocol and listens at the port specified in the ftp service specification; see .IR services (5). .SH OPTIONS .TP .B \-d Debugging information is written to the system logs. .TP .B \-l Each .IR ftp (1) session is logged in the system logs. .TP .B \-t The inactivity timeout period is set to .I timeout seconds (the default is 15 minutes). .TP .B \-T A client may also request a different timeout period; the maximum period allowed may be set to .I maxtimeout seconds with the .B \-T option. The default limit is 2 hours. .SH COMMANDS The ftp server currently supports the following ftp requests; case is not distinguished: .PP .nf .ta \w'Request 'u Request Description ABOR abort previous command ACCT specify account (ignored) ALLO allocate storage (vacuously) APPE append to a file CDUP change to parent of current working directory CWD change working directory DELE delete a file HELP give help information LIST give a list of files in a directory MKD make a directory MDTM show last modification time of file MODE specify data transfer mode NLST give name list of files in directory NOOP do nothing PASS specify password PASV prepare for server-to-server transfer PORT specify data connection port PWD print the current working directory QUIT terminate session REST restart incomplete transfer RETR retrieve a file RMD remove a directory RNFR specify rename-from file name RNTO specify rename-to file name SITE non-standard commands (see next section) SIZE return size of file STAT return status of server STOR store a file STOU store a file with a unique name STRU specify data transfer structure SYST show operating system type of server system TYPE specify data transfer type USER specify user name XCUP change to parent of current working directory (deprecated) XCWD change working directory (deprecated) XMKD make a directory (deprecated) XPWD print the current working directory (deprecated) XRMD remove a directory (deprecated) .fi The following non-standard or UNIX-specific commands are supported by the SITE request: .PP .nf .ta \w'Request 'u Request Description UMASK change umask (e.g. SITE UMASK 002) IDLE set idle-timer (e.g. SITE IDLE 60) CHMOD change mode of a file (e.g. SITE CHMOD 755 file) HELP give help information (e.g. SITE HELP) .fi .sp The remaining ftp requests specified in Internet RFC-959 are recognized, but not implemented. .sp MDTM and SIZE are not specified in RFC-959, but will appear in the next updated FTP RFC. The ftp server will abort an active file transfer only when the ABOR command is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet "Synch" signal in the command Telnet stream, as described in Internet RFC-959. If a STAT command is received during a data transfer, preceded by a Telnet IP and Synch, transfer status will be returned. .I opieftpd interprets file names according to the globbing conventions used by .IR csh (1). This allows users to utilize the metacharacters \&*?[]{}~. .sp .I opieftpd authenticates users according to three rules: .sp The user name must be in the password data base, .I /etc/passwd, and not have a null password. In this case, a password must be provided by the client before any file operations may be performed. .sp The user name must not appear in the file .I /etc/ftpusers. .sp The user must have a standard shell returned by .IR getusershell (3). .sp If the user name is .I anonymous or .I ftp, an anonymous ftp account must be present in the password file (user .I ftp ). In this case, the user is allowed to log in by specifying any password (by convention, this is given as the client host's name). In the last case, .I opieftpd takes special measures to restrict the client's access privileges. The server performs a .IR chroot (2) command to the home directory of the .I ftp user. In order that system security is not breached, it is recommended that the .I ftp subtree be constructed with care; the following rules are recommended: .sp .TP .B ~ftp Make the home directory owned by .I ftp and unwritable by anyone. .TP .B ~ftp/bin Make this directory owned by the super-user and unwritable by anyone. The program .IR ls (1) must be present to support the LIST command. This program should have mode 111. .TP .B ~ftp/etc Make this directory owned by the super-user and unwritable by anyone. The files .IR passwd (5) and .IR group (5) must be present for the .IR ls (1) command to be able to produce owner names rather than numbers. The password field in .I passwd is not used, and should not contain real encrypted passwords. These files should be mode 444. .TP .B ~ftp/pub Make this directory mode 777 and owned by .I ftp. Users should then place files which are to be accessible via the anonymous account in this directory. .SH SEE ALSO .BR ftpd (8), .BR ftp (1), .BR opie (4), .BR opiekey (1), .BR opiepasswd (1), .BR opieinfo (1), .BR opiesu (1), .BR opieftpd (8), .BR opiekeys (5), .BR opieaccess (5) .SH BUGS The anonymous account is inherently dangerous and should avoided when possible. In .I opieftpd, it is a compile-time option that should be disabled if it is not being used. The server must run as the super-user to create sockets with privileged port numbers. It maintains an effective user id of the logged in user, reverting to the super-user only when binding addresses to sockets. The possible security holes have been scrutinized, but are possibly incomplete. .SH HISTORY The .I ftpd command appeared in 4.2BSD. .SH AUTHOR Originally written for BSD, .I ftpd was modified at NRL by Randall Atkinson, Dan McDonald, and Craig Metz to support OTP authentication. .SH CONTACT NRL OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: .sp skey-users-request@thumper.bellcore.com .sp For comments or bug reports relating to NRL OPIE, send email to: .sp opie-bugs@itd.nrl.navy.mil opie-2.11/opieinfo.1100644 4101 3565 4562 6070043276 12606 0ustar cmetzipv6.\" opieinfo.1: Manual page for the opieinfo(1) program. .\" .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and .\" License Agreement applies to this software. .\" .\" History: .\" .\" Modified at NRL for OPIE 2.0. .\" Written at Bellcore for the S/Key Version 1 software distribution .\" (keyinfo.1). .\" .ll 6i .pl 10.5i .lt 6.0i .TH OPIEINFO 1 "January 10, 1995" .AT 3 .SH NAME opieinfo \- Extract sequence number and seed for future OPIE challenges. .SH SYNOPSIS .B opieinfo [\-v] [\-h] [ .I user_name ] .SH DESCRIPTION .I opieinfo takes an optional user name and writes the current sequence number and seed found in the OPIE key database for either the current user or the user specified. opiekey is compatible with the .IR keyinfo (1) program from Bellcore's S/Key Version 1 except that specification of a remote system name is not permitted. .sp .I opieinfo can be used to generate a listing of your future OPIE responses if you are going to be without an OPIE calculator and still need to log into the system. To do so, you would run something like: .sp .B opiekey \-n 42 `opieinfo` .SH OPTIONS .TP .B \-v Display the version number and compile-time options, then exit. .TP .B \-h Display a brief help message and exit. .TP .B The name of a user whose key information you wish to display. The default is the user running opieinfo. .SH EXAMPLE .sp 0 wintermute$ opieinfo .sp 0 495 wi01309 .sp 0 wintermute$ .LP .SH FILES .TP /etc/opiekeys -- database of key information for the OPIE system. .SH SEE ALSO .BR opie (4), .BR opiekey (1), .BR opiepasswd (1), .BR opiesu (1), .BR opielogin (1), .BR opieftpd (8), .BR opiekeys (5) .BR opieaccess (5) .SH AUTHOR Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. DES key crunching contributed by Marcus J. Ranum of TIS. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). .SH CONTACT NRL OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: .sp skey-users-request@thumper.bellcore.com .sp For comments or bug reports relating to NRL OPIE, send email to: .sp opie-bugs@itd.nrl.navy.mil opie-2.11/Makefile100644 4101 3565 145652 6070256474 12430 0ustar cmetzipv6#!/usr/bin/make # # This file is a product of Makefile.source being run through the mkmf # Perl script to generate all of the System-Target format make targets # automatically and is ready to be hacked to suit your needs. If you make # modifications to the OPIE Makefiles as a programmer, please modify the # Makefile.source file instead of this one. # ## # Makefile.source and Makefile: Directions for building and installing OPIE. # # Portions of this software are Copyright 1995 by Randall Atkinson and Dan # McDonald, All Rights Reserved. All Rights under this copyright are assigned # to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and # License Agreement applies to this software. # # History: # # Modified at NRL for OPIE 2.11: Fixed fatal mistype of Autoconf. # Modified at NRL for OPIE 2.1: Changed targets to reflect source # file name changes. Changed explanation and flags for static # linking. Changed opieinfo target. Removed WHOAMI. Added # Autoconf targets. Changed if conditionals to use test # instead of [. Changed SU_DIR to SU to help autoconf. # Changed FTPDIR and FTPDNAME to FTPD to help autoconf. # Changed HP-UX to HP-UX9 and HP-UX10. Make uninstall # target depend on config. HPUX *is* no longer necessary, but # something does have to be there. Sub in Autoconf @CC@. # Modified at NRL for OPIE 2.04: Re-worded explanation of SU_STAR_CHECK. # Modified at NRL for OPIE 2.02: Added SU_STAR_CHECK flag. # Modified at NRL for OPIE 2.01: Test target makes opiesu and opielogin # setuid. install target clears that. uninstall target needs to # remove the opiekey symlinks. opieinfo target needs to # substitute for $(EXISTS). ifdefs target needs to check for # starting hash. $(LDFLAGS) and -o should be at the end of all # link commands to spoon-feed drain bamaged link editors. Added # A/UX defaults. # Modified heavily at NRL for OPIE 2.0. # Written at Bellcore for the S/Key Version 1 software distribution # (Makefile). #============================================================================ # CONFIGURATION PARAMETERS -- CHANGE THESE TO SUIT YOUR MACHINE # Shell to use for make(1) # It's usually a good idea to leave this as-is. On some systems, ksh or bash # may be necessary SHELL=/bin/sh # Where is chown(1)? # Solaris #CHOWN=/usr/bin/chown # AIX, HP-UX9, HP-UX10, Linux, A/UX #CHOWN=/bin/chown # BSD/OS, 4.4BSD, FreeBSD, NetBSD #CHOWN=/usr/sbin/chown # IRIX #CHOWN=/sbin/chown # SunOS #CHOWN=/usr/etc/chown # Autoconf #CHOWN=@CHOWN@ # What flag to test(1) will indicate existence? # # The '-e' flag is exactly what we want. Which makes it little surprise that # not all systems have it. We'll live with the '-f' flag, which will only # work with real files (i.e., it won't handle symlinks and wierder things # properly) # # BSD/OS, FreeBSD, NetBSD, Linux, 4.4BSD #EXISTS=-e # SunOS, IRIX, HP-UX9, HP-UX10, AIX, Solaris, A/UX #EXISTS=-f # Autoconf #EXISTS=@EXISTS@ # How should we call mkdir(1) to make directories if they aren't there? # # We want to call mkdir with the -p flag to make parent directories, # but many systems don't have this flag. # # BSD/OS, FreeBSD, NetBSD, Linux, SunOS, AIX, 4.4BSD #MKDIR=mkdir -p # IRIX, HP-UX9, HP-UX10, A/UX #MKDIR=mkdir # Autoconf #MKDIR=@MKDIR@ # OWNER is the username who should own the OPIE binaries. # GROUP is the groupname associated with the OPIE binaries. # OWNER=root GROUP=bin # Ranlib is only needed on BSD systems. # Using "true" happens to be a handy makefile hack for System V machines. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD #RANLIB=ranlib # Solaris, HP-UX9, HP-UX10, IRIX, A/UX #RANLIB=true # Autoconf RANLIB=@RANLIB@ # LOCALBIN is the place where user-installed binaries reside. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD, Solaris, HP-UX9, HP-UX10, IRIX, A/UX #LOCALBIN=/usr/local/bin #LOCALBIN=/usr/contrib/bin # Autoconf #LOCALBIN=@LOCALBIN@ # LOCALMAN is the place where user-installed manual pages reside. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD, Solaris, HP-UX9, HP-UX10, IRIX, A/UX #LOCALMAN=/usr/local/man #LOCALMAN=/usr/contrib/man #LOCALMAN=/usr/share/man #LOCALMAN=/usr/man/man # Autoconf #LOCALMAN=@LOCALMAN@ # Where is the su(1) program? # Solaris, SunOS, BSD/OS, 4.4BSD, Linux, FreeBSD, NetBSD #SU=/usr/bin/su # HP-UX9, HP-UX10, AIX, IRIX, A/UX #SU=/bin/su # Autoconf #SU=@SU@ # Is there another location to which opiesu should be copied? (i.e., /sbin) # Solaris, IRIX #ALT_SU=/sbin/su # Autoconf #ALT_SU=@ALT_SU@ # Where is the login(1) binary? # Solaris, SunOS, BSD/OS, 4.4BSD, FreeBSD, NetBSD #LOGIN=/usr/bin/login # HP-UX9, HP-UX10, AIX, Linux, A/UX #LOGIN=/bin/login # IRIX #LOGIN=/usr/lib/iaf/scheme # Autoconf #LOGIN=@LOGIN@ # What should the default PATH be? # Note that the supplied defaults vary slightly from that of some # of the operating systems. Also note that OPIE does not support some # systems' notion of a second default path for root -- if you are root, then # you need to use a shell configuration file to set up any special path # entries. # BSD/OS, 4.4BSD, HP-UX9, HP-UX10, Linux, Solaris, FreeBSD, NetBSD, A/UX #DEFAULT_PATH=/usr/bin:/bin # SunOS #DEFAULT_PATH=/usr/ucb:/usr/bin:/bin # IRIX #DEFAULT_PATH=/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11 # AIX #DEFAULT_PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin # Autoconf #DEFAULT_PATH=@DEFAULT_PATH@ # Where should the OPIE key database be stored? KEY_FILE=/etc/opiekeys # Should we support a trusted access file, and, if so, where should it go? # # Sites who have to choose between opening up this security hole and not # having OPIE at all will need to enable this option. It is highly recommended # that you do *not* enable this option and leave this line commented. #ACCESS_FILE="-DACCESS_FILE=\"/etc/opieaccess\"" # Where is the FTP daemon? # Solaris, Linux #FTPD=/usr/sbin/in.ftpd # SunOS #FTPD=/usr/etc/in.ftpd # IRIX #FTPD=/usr/etc/ftpd # BSD/OS, 4.4BSD, FreeBSD, NetBSD #FTPD=/usr/libexec/ftpd # HP-UX9, AIX, A/UX #FTPD=/etc/ftpd # HP-UX10 #FTPD=/usr/lbin/ftpd # Autoconf #FTPD=@FTPD@ # What flags should be passed to the linker? # # Some systems (e.g. Solaris) need to explicitly include network libraries # (e.g. nsl, socket). # # Also, on some systems, you may wish to build the OPIE programs statically # linked to prevent attacks based on the shared library system. (Solaris # requires some stub libraries that are not included here in order to be # able to do this). No system with shared libraries should need OPIE built # statically to be secure, but, then again, no system should have security # bugs, either. # # Solaris #LDFLAGS=-lnsl -lsocket # FreeBSD #LDFLAGS=-lcrypt # A/UX #LDFLAGS=-lposix # Systems with GCC #LDFLAGS=-static # Autoconf #LDFLAGS=@LIBS@ # Compile-time options for OPIE: # # * System type: # # -DSOLARIS=1 If your system is Solaris (implies SVR4=1) # -DSUNOS=1 If your system is SunOS (implies BSD4_3=1) # -DBSD=1 If your system is like BSD # -DBSD4_3=1 If your system is like 4.3BSD (implies BSD=1) # -DSYSV=1 If your system is like System V # -DSVR4=1 If your system is like System V Release 4 (-> SYSV=1) # -DIS_A_SYSV=1 If your system is like System V and -DSYSV=1 fails # -DIS_A_BSD=1 If your system is like BSD and -DBSD=1 fails # # * Haves and needs # -DHAVE_DIRENT=1 If your system has dirent-style directory routines # -DNEED_GETENV=1 If your system doesn't have getenv(3) # -DNEED_SETENV=1 If your system doesn't have setenv(3) # -DNEED_STRERROR=1 If your system doesn't have strerror(3) # -DNEED_GETUSERSHELL=1 If your system doesn't have getusershell(3) # and endusershell(3) # -DNEED_ATEXIT=1 If your system doesn't have atexit(3) # -DNEED_STRING=1 If your system doesn't have strchr(3) and strrchr(3) # but does have index(3) and rindex(3) # # * Vendor-compatible "features" # # -DDOUTMPX=1 If your system uses a utmpx file along with a utmp # -DDOSECURETTY=1 If you want to use an /etc/securetty file to control # which terminals root can log in from # -DPERMSFILE="" Change the permissions of certain devices on login, # as specified in # -DDOWHEEL=1 Implement the BSD "wheel group" su restriction # (only members of group 0 can su) # -DDOTITLE=1 Change the process info of ftpd so that ps listings # will show status information # -DDOMOTD=0 If your system's login program *doesn't* display # /etc/motd and check for mail (i.e., it is done in # shell scripts like /etc/profile and /etc/.login) # # * Miscellaneous # # -DDOANONYMOUS=1 If you want ftpd to support anonymous logins # whenever an "ftp" account exists in /etc/passwd. # # -DSYS_FCNTL_H=1 Use instead of . # -DMJR=1 Support Marcus J. Ranum's scheme to prevent # dictionary attacks. (see README.MJR) # IRIX #OPTIONS=-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1 # Solaris #OPTIONS=-DSOLARIS=1 -DDOMOTD=0 # SunOS #OPTIONS=-DSUNOS # BSD/OS, 4.4BSD, FreeBSD, NetBSD #OPTIONS=-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask # Linux #OPTIONS=-DDOSECURETTY=1 # HP-UX9, HP-UX10 #OPTIONS=-DSYSV=1 # AIX #OPTIONS=-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1 # A/UX #OPTIONS=-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE # Autoconf #OPTIONS=@DEFS@ # Which message-digest algorithm do you want to use? # # MD5 is the default and highly recommended because it is stronger. Sites # migrating from Bellcore S/Key v1 might want to use MD4 for compatibility # reasons. Support for MD4 will be removed in a future version of OPIE. MDX=5 #MDX=4 # Do you want to ask users to re-type their secret passwords when calculating # responses? # # Doing so will help eliminate errors due to mistypes at the cost of user # annoyance. #RETYPE=1 RETYPE=0 # Do you want to generate per-user lock files to serialize OPIE logins? # # Doing so will help prevent an attack based on a race condition at the # cost of user annoyance and opening up a denial-of-service attack. USER_LOCKING=1 #USER_LOCKING=0 # Do you want to use ANSI C prototypes when compiling? # # Some systems with not-really-ANSI compilers break with prototypes. PROTOTYPES=1 #PROTOTYPES=0 # Do you want su(8) to be able to switch to accounts that have been # disabled (via a pw_passwd field of '*' or '#')? # # The traditional behavior (SU_STAR_CHECK == 0) is that a su run by root # can switch to any account. Sites that want to prevent root from su'ing # to a disabled ("starred out") account should set SU_STAR_CHECK = 1 below. SU_STAR_CHECK=0 #SU_STAR_CHECK=1 # Which C compiler should we use? # # On many systems, GNU C (gcc) may be the best choice because that is what # we used for OPIE development. You need an ANSI C compiler to build OPIE. # Some K&R-with-extensions compilers (ie, SunOS, HP-UX) might work. Straight # K&R most likely will not. # # Solaris users: You need to use either GNU C or the unbundled SunPro C # compiler to build OPIE. The BSD compatible compiler in /usr/ucb/cc will # probably not work properly for the same reasons the SunOS one won't. # # SunOS and HP-UX users: The compiler shipped with your system is NOT ANSI # and probably will not compile OPIE correctly. Your best course of action # is to get and install GNU C. HP also makes an added-cost ANSI C compiler # for HP-UX systems. If you would like to try to install OPIE using the # compiler that comes with SunOS or HP-UX, uncommment the first line # below. If it doesn't work properly, don't say that we didn't warn you. # # If your /bin/cc groks ANSI C, then use it #CC=cc # SunOS, HP-UX9, HP-UX10, A/UX #CC=gcc # HP-UX with the optional ANSI C compiler #CC=cc -A # Autoconf #CC=@CC@ # The first line will build a normal version of OPIE. # # The second is for brave souls porting OPIE to a new system or trying to # debug it and should definitely NOT be used to build a production copy # of OPIE. # # The third uses a nifty heap debugger called "Electric Fence" DEBUG= #DEBUG=-DDEBUG -g #DEBUG=-DDEBUG -g -lefence # Which yacc program should we use? # If you don't know, just leave it alone. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD, Solaris, HP-UX9, HP-UX10, IRIX, A/UX #YACC=yacc # Autoconf #YACC=@YACC@ # Uncomment the lines below beginning with "DES" if you are using the MJR # variant. See README.MJR for more details. #DESINCLUDE= ../libdes #DESLIB= $(DESINCLUDE)/libdes.a #DESFLAGS= -I$(DESINCLUDE) # END OF NORMAL CONFIGURATION PARAMETERS -- DON'T TOUCH THINGS BELOW HERE #========================================================================= BACKUP=opie.old LIBOBJS=opiesubr.o opiesubr2.o md4c.o md5c.o put.o utmp.o accessfile.o CFLAGS=-DPROTOTYPES=$(PROTOTYPES) -DMDX=$(MDX) -DRETYPE=$(RETYPE) $(DEBUG) \ -DKEY_FILE=\"$(KEY_FILE)\" -DDEFAULT_PATH=\"$(DEFAULT_PATH)\" \ $(ACCESS_FILE) $(OPTIONS) -DOPTION_STRING=\""$(OPTIONS)"\" \ -DUSER_LOCKING=$(USER_LOCKING) -DSU_STAR_CHECK=$(SU_STAR_CHECK) config: @if test -z "$(OPTIONS)"; then echo "Did you read the README file?"; exit 1; fi @if test -z "$(EXISTS)"; then echo "Did you read the README file?"; exit 1; fi check: config @if test ! -x "$(CHOWN)"; then echo "Check your value for CHOWN."; exit 1; fi @if test ! -x "$(WHOAMI)"; then echo "Check your value for WHOAMI."; exit 1; fi @if test ! -d "$(LOCALBIN)"; then echo "Check your value for LOCALBIN."; exit 1; fi @if test ! -d "$(LOCALMAN)"; then echo "Check your value for LOCALMAN."; exit 1; fi @if test ! $(EXISTS) "$(SU)"; then echo "Check your value for SU."; exit 1; fi @if test ! -z "$(ALT_SU)"; then if test ! $(EXISTS) "$(ALT_SU)"; then echo "Check your value for ALT_SU."; exit 1; fi; fi @if test ! $(EXISTS) "$(LOGIN)"; then echo "Check your value for LOGIN."; exit 1; fi @if test ! -d "$(FTP_DIR)"; then echo "Check your value for FTP_DIR."; exit 1; fi @if test ! $(EXISTS) "$(FTPD_NAME)"; then echo "Check your value for FTPD_NAME."; exit 1; fi @if test ! -z "$(ACCESS_FILE)"; then echo "Remember that ACCESS_FILE opens up a security hole!"; fi ifdefs: egrep '^#*if*def' *.c *.h | cut -f2 -d: | sort | uniq client: config libopie.a opiekey client-install: config client @echo "Installing OPIE client software..." @echo "Copying OPIE key-related files" @if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi @cp opiekey $(LOCALBIN) @$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey @chgrp $(GROUP) $(LOCALBIN)/opiekey @echo "Changing file permissions" @chmod 0511 $(LOCALBIN)/opiekey @echo "Symlinking aliases to opiekey" @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/opie-md4 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/opie-md5 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/key @echo "Installing manual pages" @-for i in opie-md4 opie-md5 opie-des otp-md4 otp-md5; do ln -s opiekey.1 $(LOCALMAN)/man1/$$i.1; done @if test ! -d $(LOCALMAN)/man1; then $(MKDIR) $(LOCALMAN)/man1; chmod 755 $(LOCALMAN)/man1; fi; cp opiekey.1 $(LOCALMAN)/man1/opiekey.1; $(CHOWN) $(OWNER) $(LOCALMAN)/man1/opiekey.1; chgrp $(GROUP) $(LOCALMAN)/man1/opiekey.1; chmod 644 $(LOCALMAN)/man1/opiekey.1 server: config opielogin opiesu opiepasswd opieinfo opieftpd server-test: server @echo "Installing OPIE server software..." @echo "Copying OPIE user programs" @if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi @cp opiepasswd opieinfo $(LOCALBIN) @echo "Changing ownership" @$(CHOWN) $(OWNER) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo @chgrp $(GROUP) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo @echo "Changing file permissions" @chmod 0555 $(LOCALBIN)/opieinfo @chmod 4511 $(LOCALBIN)/opiepasswd @echo "Preparing opiesu and opielogin for testing" @$(CHOWN) $(OWNER) opiesu opielogin @chgrp $(GROUP) opiesu opielogin @chmod 4511 opiesu opielogin test: server-test server-install: server-test @echo "Clearing testing permissions on opiesu and opielogin" @chmod 0111 opiesu opielogin @echo "Installing OPIE system programs..." @if test ! $(EXISTS) $(LOGIN).$(BACKUP); then echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; mv $(LOGIN) $(LOGIN).$(BACKUP); echo "Clearing permissions on old $(LOGIN)"; chmod 0 $(LOGIN).$(BACKUP); fi @echo "Copying opielogin to $(LOGIN)" @cp opielogin $(LOGIN) @echo "Changing ownership of $(LOGIN)" @$(CHOWN) $(OWNER) $(LOGIN) @chgrp $(GROUP) $(LOGIN) @echo "Changing file permissions of $(LOGIN)" @chmod 4111 $(LOGIN) @if test ! $(EXISTS) $(SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(SU) $(SU).$(BACKUP); echo "Clearing permissions on old su"; chmod 0 $(SU).$(BACKUP); fi @-if test ! -z "$(ALT_SU)"; then if test ! $(EXISTS) $(ALT_SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(ALT_SU) $(ALT_SU).$(BACKUP); fi; echo "Copying opiesu to su"; cp opiesu $(ALT_SU); echo "Changing ownership"; $(CHOWN) $(OWNER) $(ALT_SU); chgrp $(GROUP) $(ALT_SU); echo "Changing file permissions"; chmod 4111 $(ALT_SU); echo "Clearning permissions on old su"; chmod 0 $(ALT_SU).$(BACKUP); fi @echo "Copying opiesu to su" @cp opiesu $(SU) @echo "Changing ownership of su" @$(CHOWN) $(OWNER) $(SU) @chgrp $(GROUP) $(SU) @echo "Changing file permissions of su" @chmod 4111 $(SU) @if test ! $(EXISTS) $(FTPD).$(BACKUP); then echo "Renaming existing ftp daemon to $(FTPD).$(BACKUP)"; mv $(FTPD) $(FTPD).$(BACKUP); echo "Clearing permissions on old ftp daemon"; chmod 0 $(FTPD).$(BACKUP); fi @echo "Copying OPIE ftp daemon" @cp opieftpd $(FTPD) @echo "Changing ownership of ftpd" @$(CHOWN) $(OWNER) $(FTPD) @chgrp $(GROUP) $(FTPD) @echo "Changing file permissions of ftpd" @chmod 0100 $(FTPD) @echo "Creating OPIE key file" @touch $(KEY_FILE) @echo "Changing permissions of OPIE key file" @chmod 0644 $(KEY_FILE) @echo "Changing ownership of OPIE key file" @$(CHOWN) $(OWNER) $(KEY_FILE) @chgrp $(GROUP) $(KEY_FILE) @-if test ! -z "$(ACCESS_FILE)"; then echo "Creating OPIE access file (don't say we didn't warn you)"; FILE=`echo $(ACCESS_FILE) | sed 's:^-DACCESS_FILE="\(.*\)":\1:'`; touch $$FILE; $(CHOWN) 0 $$FILE; chgrp 0 $$FILE; chmod 0444 $$FILE; fi; @echo "Installing manual pages" @if test ! -d $(LOCALMAN); then $(MKDIR) $(LOCALMAN); chmod 755 $(LOCALMAN); fi @for i in 1 4 5 8; do for j in *.$$i; do if test ! -d $(LOCALMAN)/man$$i; then $(MKDIR) $(LOCALMAN)/man$$i; chmod 755 $(LOCALMAN)/man$$i; fi; cp $$j $(LOCALMAN)/man$$i/$$j; $(CHOWN) $(OWNER) $(LOCALMAN)/man$$i/$$j; chgrp $(GROUP) $(LOCALMAN)/man$$i/$$j; chmod 644 $(LOCALMAN)/man$$i/$$j; done; done @echo "REMEMBER to run opiepasswd on your users immediately." install: client-install server-install uninstall: config @echo "Un-installing OPIE..." @echo "Removing symlinks" @-for i in opie-md4 opie-md5 otp-md4 otp-md5 key; do rm $(LOCALBIN)/$$i; done @echo "Removing OPIE programs" @-for i in opiekey opiepasswd opieinfo; do rm $(LOCALBIN)/$$i; done @echo "Removing OPIE manual pages" @-for i in 1 4 5 8; do for j in *.$$i; do rm $(LOCALMAN)/man$$i/$$j; done; done @-for i in $(SU) $(ALT_SU) $(LOGIN) $(FTPD); do FILE=`basename $$i`; if test ! $(EXISTS) $$i.$(BACKUP); then echo "No $$i.$(BACKUP)! Aborting."; exit 1; else echo "Removing $$FILE"; rm $$i || true; echo "Restoring old $$FILE"; mv $$i.$(BACKUP) $$i; fi; done @echo "Resetting permissions" @chmod 4111 $(SU) $(LOGIN) @chmod 0100 $(FTPD) @if test ! -z "$(ALT_SU)"; then chmod 4111 $(ALT_SU); fi @echo "OPIE is now un-installed." @echo "Please verify by hand that this process worked." all: client server libopie.a: $(LIBOBJS) ar r libopie.a $(LIBOBJS) $(RANLIB) libopie.a clean: -rm -f *.o opiekey opielogin opiepasswd opiesu opieftpd y.tab.c -rm -f libopie.a opie_build.h opieinfo options.h *core* -rm -f Makefile.munge configure.munger realclean: clean -rm -f *~ core* "\#*\#" -rm -f config.log config.status config.cache config.h opiekey: opiekey.o libopie.a $(CC) $(CFLAGS) opiekey.o md5c.o libopie.a $(LDFLAGS) \ -o opiekey opieftpd: opieftpd.o glob.o logwtmp.o popen.o y.tab.o getusershell.o libopie.a $(CC) $(CFLAGS) opieftpd.o glob.o logwtmp.o popen.o y.tab.o \ getusershell.o accessfile.o md5c.o libopie.a $(LDFLAGS) \ -o opieftpd opielogin: opielogin.o permsfile.o utmp.o setenv.o getenv.o libopie.a $(CC) $(CFLAGS) opielogin.o permsfile.o accessfile.o utmp.o \ setenv.o getenv.o md5c.o libopie.a $(LDFLAGS) \ -o opielogin # Add "($DESLIB)" after "libopie.a" above if using MJR's method. opiepasswd: opiepasswd.o libopie.a $(CC) $(CFLAGS) opiepasswd.o md5c.o libopie.a $(LDFLAGS) \ -o opiepasswd opiesu: opiesu.o libopie.a $(CC) $(CFLAGS) opiesu.o md5c.o libopie.a $(LDFLAGS) \ -o opiesu y.tab.c: ftpcmd.y $(YACC) ftpcmd.y opieinfo: opieinfo.o libopie.a $(CC) $(CFLAGS) opieinfo.o libopie.a $(LDFLAGS) \ -o opieinfo options.h: Makefile echo $(CFLAGS) | sed 's:-D::g' | sed 's:\"::g' | \ sed 's:^:#define OPTION_STRING ":' | sed 's:$$:":' > options.h solaris: solaris-all solaris-: solaris-all solaris-all: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" all solaris-test: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" test solaris-install: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" install solaris-uninstall: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" uninstall solaris-client: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" client solaris-client-install: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" client-install solaris-server: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" server solaris-server-install: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" server-install sunos: sunos-all sunos-: sunos-all sunos-all: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" all sunos-test: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" test sunos-install: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" install sunos-uninstall: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" uninstall sunos-client: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" client sunos-client-install: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" client-install sunos-server: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" server sunos-server-install: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" server-install 44bsd: 44bsd-all 44bsd-: 44bsd-all 44bsd-all: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" all 44bsd-test: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" test 44bsd-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" install 44bsd-uninstall: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" uninstall 44bsd-client: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client 44bsd-client-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client-install 44bsd-server: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server 44bsd-server-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server-install bsdos: bsdos-all bsdos-: bsdos-all bsdos-all: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" all bsdos-test: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" test bsdos-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" install bsdos-uninstall: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" uninstall bsdos-client: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client bsdos-client-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client-install bsdos-server: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server bsdos-server-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server-install linux: linux-all linux-: linux-all linux-all: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" all linux-test: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" test linux-install: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" install linux-uninstall: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" uninstall linux-client: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" client linux-client-install: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" client-install linux-server: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" server linux-server-install: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" server-install irix: irix-all irix-: irix-all irix-all: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" all irix-test: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" test irix-install: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" install irix-uninstall: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" uninstall irix-client: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" client irix-client-install: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" client-install irix-server: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" server irix-server-install: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" server-install hpux9: hpux9-all hpux9-: hpux9-all hpux9-all: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" all hpux9-test: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" test hpux9-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" install hpux9-uninstall: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" uninstall hpux9-client: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" client hpux9-client-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" client-install hpux9-server: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" server hpux9-server-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" server-install hpux10: hpux10-all hpux10-: hpux10-all hpux10-all: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" all hpux10-test: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" test hpux10-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" install hpux10-uninstall: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" uninstall hpux10-client: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" client hpux10-client-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" client-install hpux10-server: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" server hpux10-server-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" server-install aix: aix-all aix-: aix-all aix-all: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" all aix-test: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" test aix-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" install aix-uninstall: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" uninstall aix-client: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" client aix-client-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" client-install aix-server: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" server aix-server-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" server-install freebsd: freebsd-all freebsd-: freebsd-all freebsd-all: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" all freebsd-test: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" test freebsd-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" install freebsd-uninstall: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" uninstall freebsd-client: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client freebsd-client-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client-install freebsd-server: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server freebsd-server-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server-install netbsd: netbsd-all netbsd-: netbsd-all netbsd-all: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" all netbsd-test: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" test netbsd-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" install netbsd-uninstall: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" uninstall netbsd-client: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client netbsd-client-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client-install netbsd-server: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server netbsd-server-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server-install aux: aux-all aux-: aux-all aux-all: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" all aux-test: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" test aux-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" install aux-uninstall: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" uninstall aux-client: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" client aux-client-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" client-install aux-server: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" server aux-server-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" server-install opie-2.11/opiekey.1100644 4101 3565 7251 6070043276 12441 0ustar cmetzipv6.\" opiekey.1: Manual page for the opiekey(1) program. .\" .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and .\" License Agreement applies to this software. .\" .\" History: .\" .\" Modified at NRL for OPIE 2.0. .\" Written at Bellcore for the S/Key Version 1 software distribution .\" (key.1). .\" .ll 6i .pl 10.5i .lt 6.0i .TH OPIEKEY 1 "January 10, 1995" .AT 3 .SH NAME opiekey, opie-md4, opie-md5, otp-md4, otp-md5 \- Programs for computing responses to OTP challenges. .SH SYNOPSIS .B opiekey | .B opie-des | .B opie-md4 | .B opie-md5 | .B otp-md4 | .B otp-md5 [\-v] [\-h] [\-4|\-5] .sp 0 [\-d] [\-a] [\-n .I count ] .I sequence_number seed .sp 0 .SH DESCRIPTION .I opiekey takes the optional count of the number of responses to print along with a (maximum) sequence number and seed as command line args. It prompts for the user's secret password twice and produces an OPIE response as six words. The second password entry can be circumvented by entering only an end of line. .sp .I opiekey is downward compatible with the .IR key (1) program from the Bellcore S/Key Version 1 distribution and several of its variants. .SH OPTIONS .TP .B \-v Display the version number and compile-time options, then exit. .TP .B \-h Display a brief help message and exit. .TP .B \-4, \-5 selects MD4 or MD5, respectively, as the response generation algorithm. The default for opie-md4 and otp-md4 is MD4 and the default for opie-md5 and opie-md5 is MD5. The default for opie-des and opiekey depends on compile-time configuration, but should be MD5. MD4 is compatible with the Bellcore S/Key Version 1 distribution. .TP .B \-d selects DES-based key munging, if opiekey was built with this optional support. The default is not to use DES key munging. .TP .B \-a allows you to input an arbitrary secret pass phrase, instead of running checks against it. Arbitrary currently does not include '\0' or '\n' characters. This can be used for backwards compatibility with key generators that do not check passwords. .TP .B \-n the number of one time access passwords to print. The default is one. .TP .SH EXAMPLE .sp 0 wintermute$ opiekey \-5 \-n 5 495 wi01309 .sp 0 Using MD5 algorithm to compute response. .sp 0 Reminder: Don't use opiekey from telnet or dial-in sessions. .sp 0 Enter secret password: .sp 0 Again secret password: .sp 0 491: HOST VET FOWL SEEK IOWA YAP .sp 0 492: JOB ARTS WERE FEAT TILE IBIS .sp 0 493: TRUE BRED JOEL USER HALT EBEN .sp 0 494: HOOD WED MOLT PAN FED RUBY .sp 0 495: SUB YAW BILE GLEE OWE NOR .sp 0 wintermute$ .LP .SH BUGS .BR opiekey(1) can lull a user into revealing his/her password when remotely logged in, thus defeating the purpose of OPIE. This is especially a problem with xterm. .BR opiekey(1) implements simple checks to reduce the risk of a user making this mistake. Better checks are needed. .LP .SH SEE ALSO .BR opie (4), .BR opiepasswd (1), .BR opieinfo (1), .BR opiesu (1), .BR opielogin (1), .BR opieftpd (8), .BR opiekeys (5), .BR opieaccess (5) .SH AUTHOR Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. DES key crunching contributed by Marcus J. Ranum of TIS. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). .SH CONTACT NRL OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: .sp skey-users-request@thumper.bellcore.com .sp For comments or bug reports relating to NRL OPIE, send email to: .sp opie-bugs@itd.nrl.navy.mil opie-2.11/opiekey.c100644 4101 3565 10353 6070043277 12541 0ustar cmetzipv6/* opiekey.c: Stand-alone program for computing responses to OTP challenges. Takes a sequence number and seed (presumably from an OPIE challenge) as command line arguments, prompts for the user's secret password, and outputs a response. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Written at Bellcore for the S/Key Version 1 software distribution (skey.c). */ #include "opie_cfg.h" #include #include #include #include "opie.h" #ifdef __MSDOS__ #include #endif #if HAVE_FCNTL_H #include #endif /* HAVE_FCNTL_H */ extern char *optarg; extern int optind, opterr; /******** Begin real source code ***************/ void usage(s) char *s; { fprintf(stderr, "usage: %s [-v] [-h] [-4 | -5] [-d] [-a] [-n count] sequence_number seed\n", s); exit(1); } int main(argc, argv) int argc; char *argv[]; { /* variable declarations */ unsigned algorithm = MDX; /* default algorithm per Makefile's MDX symbol */ int keynum = 0; int i = 0; int count = 1; char passwd[OPIE_PASS_MAX + 1]; char key[8]; char *seed; char buf[33]; char *slash; int aflag = 0; #ifdef MJR int desmode = 0; #define MJROPT "d" #else /* MJR */ #define MJROPT #endif /* MJR */ if (slash = strchr(argv[0], '/')) slash++; else slash = argv[0]; #ifdef MJR if (strstr(slash, "des")) desmode = 1; #endif /* MJR */ if (!strcmp(slash, "key") || strstr(slash, "md4")) algorithm = 4; if (strstr(slash, "md5")) algorithm = 5; while ((i = getopt(argc, argv, MJROPT "hvn:45a")) != EOF) { switch (i) { case 'v': opieversion(); #ifdef MJR case 'd': desmode = 1; break; #endif case 'n': count = atoi(optarg); break; case '4': /* use MD4 algorithm */ algorithm = 4; break; case '5': /* use MD5 algorithm */ algorithm = 5; break; case 'a': aflag = 1; break; default: usage(argv[0]); } } if ((argc - optind) < 2) usage(argv[0]); fprintf(stderr, "Using MD%d algorithm to compute response.\n", algorithm); /* get sequence number, which is next-to-last parameter */ keynum = atoi(argv[optind]); if (keynum < 1) { fprintf(stderr, "Sequence number %s is not positive.\n", argv[optind]); exit(1); } /* get seed string, which is last parameter */ seed = argv[optind + 1]; fprintf(stderr, "Reminder: Don't use opiekey from telnet or dial-in sessions.\n"); if (opieinsecure()) { fprintf(stderr, "Sorry, but you don't seem to be on the console or a secure terminal.\n"); exit(1); } /* Get user's secret password */ fprintf(stderr, "Enter secret pass phrase: "); opiereadpass(passwd, sizeof(passwd)); #if RETYPE { char verify[OPIE_PASS_MAX + 1]; fprintf(stderr, "Again secret pass phrase: "); opiereadpass(verify, sizeof(verify)); if (verify[0] && strncmp(verify, passwd, sizeof(passwd))) { fprintf(stderr, "They don't match. Try again.\n"); exit(1); } } #endif /* RETYPE */ if ((!aflag) && opiepasscheck(passwd)) { fprintf(stderr, "Secret pass phrases must be between %d and %d characters long.\n", OPIE_PASS_MIN, OPIE_PASS_MAX); exit(1); }; #ifdef MJR /* Crunch seed and secret password into starting key using DES */ if (desmode ? deskeycrunch(key, seed, passwd) : opiekeycrunch(algorithm, key, seed, passwd) != 0) { fprintf(stderr, "%s: DES key crunch failed\n", argv[0]); return 1; } #else /* Crunch seed and secret password into starting key normally */ if (opiekeycrunch(algorithm, key, seed, passwd) != 0) { fprintf(stderr, "%s: key crunch failed\n", argv[0]); return 1; } #endif if (count == 1) { while (keynum-- != 0) opiehash(key, algorithm); printf("%s\n", opiebtoe(buf, key)); } else { for (i = 0; i <= (keynum - count); i++) opiehash(key, algorithm); for (; i <= keynum; i++) { printf("%d: %-29s\n", i, opiebtoe(buf, key)); opiehash(key, algorithm); } } return 0; } opie-2.11/opiekeys.5100644 4101 3565 3703 6070043277 12627 0ustar cmetzipv6.\" opieaccess.5: Manual page describing the /etc/opiekeys file. .\" .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and .\" License Agreement applies to this software. .\" .\" History: .\" .\" Written at NRL for OPIE 2.0. .\" .ll 6i .pl 10.5i .\" @(#)opiekeys.1 2.0 (NRL) 1/10/95 .\" .lt 6.0i .TH OPIEKEYS 1 "January 10, 1995" .AT 3 .SH NAME [/etc/]opiekeys \- OPIE database of user key information .SH DESCRIPTION The .I opiekeys file contains user information used by the OPIE software to authenticate users. The .I opiekeys file is backwards compatible with the S/Key .I /etc/skeykeys database file, but only if the hashing algorithm (MD4 and MD5) is the same between S/Key and OPIE (i.e., MD5 OPIE cannot use MD4 S/Key keys). The .I opiekeys file consists of six fields separated by spaces (tabs are properly interpreted, but spaces should be used instead) as follows: .PP .nf .ta \w' 'u Field Description name User's login name. sequence User's sequence number. seed User's seed. key User's last response (hex). date Last change date. time Last change time. .fi .SH SEE ALSO .BR opie (4), .BR opiekeys (5), .BR opiepasswd (1), .BR opieinfo (1), .BR opiesu (1), .BR opielogin (1), .BR opieftpd (8) .SH AUTHOR Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. DES key crunching contributed by Marcus J. Ranum of TIS. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). .SH CONTACT NRL OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: .sp skey-users-request@thumper.bellcore.com .sp For comments or bug reports relating to NRL OPIE, send email to: .sp opie-bugs@itd.nrl.navy.mil opie-2.11/opielogin.1100644 4101 3565 5707 6070043277 12766 0ustar cmetzipv6.\" opielogin.1: Manual page for the opielogin(1) program. .\" .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and .\" License Agreement applies to this software. .\" .\" History: .\" .\" Modified at NRL for OPIE 2.0. .\" Option descriptions added from BSD. .\" Written at Bellcore for the S/Key Version 1 software distribution .\" (keylogin.1). .\" .ll 6i .pl 10.5i .lt 6.0i .TH OPIELOGIN 1 "January 10, 1995" .AT 3 .SH NAME opielogin \- Replacement for login(1) that issues OPIE challenges. .SH SYNOPSIS .B opielogin [ -p ] [ -r .I hostname | -h .I hostname | -f .I username .sp 0 | .I username ] .SH DESCRIPTION .I opielogin provides a replacement for the .IR login (1) program that provides OPIE challenges to users and accepts OPIE responses. It is downward compatible with the .IR keylogin(1) program from the Bellcore S/Key Version 1 distribution, which, in turn, is downward compatible with the .IR login(1) program from the 4.3BSD Net/2 distribution. .SH OPTIONS .TP .B \-p By default, login discards any previous environment. The \-p option disables this behavior. .TP .B \-r Process remote login from .I hostname. .TP .B \-h The -h option specifies the host from which the connection was received. It is used by various daemons such as telnetd(8). This option may only be used by the super\-user. .TP .B \-f The -f option is used when a user name is specified to indicate that proper authentication has already been done and that no password need be requested. This option may only be used by the super\-user or when an already logged in user is logging in as themselves. .TP .I username The user name to log in as. .SH EXAMPLE .sp 0 wintermute$ opielogin .sp 0 login: kebe .sp 0 otp-md5 499 wi43143 .sp 0 Password: (echo on) .sp 0 Password:SLY BLOB TOUR POP BRED EDDY .sp 0 .sp 0 Welcome to wintermute. .sp 0 .sp 0 wintermute$ .LP .SH FILES .TP /etc/opiekeys -- database of information for the OPIE system. .TP /etc/opieaccess -- list of safe and unsafe networks and masks to go with them. .TP $HOME/.opiealways -- presence makes OPIE for logins mandatory for the user. .SH SEE ALSO .BR login (1), .BR opie (4), .BR opiekey (1), .BR opiepasswd (1), .BR opieinfo (1), .BR opiesu (1), .BR opieftpd (8), .BR opiekeys (5), .BR opieaccess (5) .SH AUTHOR Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. DES key crunching contributed by Marcus J. Ranum of TIS. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). .SH CONTACT NRL OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: .sp skey-users-request@thumper.bellcore.com .sp For comments or bug reports relating to NRL OPIE, send email to: .sp opie-bugs@itd.nrl.navy.mil opie-2.11/setenv.c100644 4101 3565 6464 6070043301 12354 0ustar cmetzipv6/* setenv.c: the setenv() and unsetenv() functions Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Originally from BSD. */ /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that the above copyright notice and this paragraph are * duplicated in all such forms and that any documentation, * advertising materials, and other materials related to such * distribution and use acknowledge that the software was developed * by the University of California, Berkeley. The name of the * University may not be used to endorse or promote products derived * from this software without specific prior written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)setenv.c 5.2 (Berkeley) 6/27/88"; #endif /* LIBC_SCCS and not lint */ #include #include #include #include "opie_cfg.h" #ifdef NEED_SETENV char *_findenv __ARGS((char *, int *)); /* * setenv -- * Set the value of the environmental variable "name" to be * "value". If rewrite is set, replace any current value. */ setenv(name, value, rewrite) char *name, *value; int rewrite; { extern char **environ; static int alloced; /* if allocated space before */ register char *C; int l_value, offset; if (*value == '=') /* no `=' in value */ ++value; l_value = strlen(value); if ((C = _findenv(name, &offset))) { /* find if already exists */ if (!rewrite) return (0); if (strlen(C) >= l_value) { /* old larger; copy over */ while (*C++ = *value++); return (0); } } else { /* create new slot */ register int cnt; register char **P; for (P = environ, cnt = 0; *P; ++P, ++cnt); if (alloced) { /* just increase size */ environ = (char **) realloc((char *) environ, (u_int) (sizeof(char *) * (cnt + 2))); if (!environ) return (-1); } else { /* get new space */ alloced = 1; /* copy old entries into it */ P = (char **) malloc((u_int) (sizeof(char *) * (cnt + 2))); if (!P) return (-1); strncpy(P, environ, cnt * sizeof(char *)); environ = P; } environ[cnt + 1] = NULL; offset = cnt; } for (C = name; *C && *C != '='; ++C); /* no `=' in name */ if (!(environ[offset] = /* name + `=' + value */ malloc((u_int) ((int) (C - name) + l_value + 2)))) return (-1); for (C = environ[offset]; (*C = *name++) && *C != '='; ++C); for (*C++ = '='; *C++ = *value++;); return (0); } /* * unsetenv(name) -- * Delete environmental variable "name". */ void unsetenv(name) char *name; { extern char **environ; register char **P; int offset; while (_findenv(name, &offset)) /* if set multiple times */ for (P = &environ[offset];; ++P) if (!(*P = *(P + 1))) break; } #endif /* NEED_SETENV */ opie-2.11/opiepasswd.1100644 4101 3565 7007 6070043277 13152 0ustar cmetzipv6.\" opiepasswd.1: Manual page for the opiepasswd(1) program. .\" .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and .\" License Agreement applies to this software. .\" .\" History: .\" .\" Modified at NRL for OPIE 2.0. .\" Written at Bellcore for the S/Key Version 1 software distribution .\" (keyinit.1). .\" .ll 6i .pl 10.5i .lt 6.0i .TH OPIEPASSWD 1 "January 10, 1995" .AT 3 .SH NAME opiepasswd \- Change or set a user's password for the OPIE authentication system. .SH SYNOPSIS .B opiepasswd [\-v] [\-h] [\-c] [\-n .I inital_sequence_number ] [\-s .I seed ] [ .I user_name ] .SH DESCRIPTION .I opiepasswd will initialize the system information to allow one to use OPIE to login. .I opiepasswd is downward compatible with the keyinit(1) program from the Bellcore S/Key Version 1 distribution. .SH OPTIONS .TP .TP .B \-v Display the version number and compile-time options, then exit. .TP .B \-h Display a brief help message and exit. .TP .B \-c Set console mode where the user is expected to have secure access to the system. In console mode, you will be asked to input your password directly instead of having to use an OPIE calculator. If you do not have secure access to the system (i.e., you are not on the system's console), you are volunteering your password to attackers by using this mode. .TP .B \-n Manually specify the initial sequence number. The default is 499. .TP .B \-s Specify a non-random seed. The default is to generate a "random" seed using the first two characters of the host name and five pseudo-random digits. .SH EXAMPLE Using .I opiepasswd from the console: .LP .sp 0 wintermute$ opiepasswd \-c .sp 0 Updating kebe: .sp 0 Reminder \- Only use this method from the console; NEVER from remote. If you .sp 0 are using telnet, xterm, or a dial\-in, type ^C now or exit with no password. .sp 0 Then run opiepasswd without the \-c parameter. .sp 0 Using MD5 to compute responses. .sp 0 Old secret password: .sp 0 New secret password: .sp 0 New secret password (again): .sp 0 .sp 0 ID kebe OPIE key is 499 be93564 .sp 0 CITE JAN GORY BELA GET ABED .sp 0 wintermute$ .LP Using .I opiepasswd from remote: .LP .sp 0 wintermute$ opiepasswd .sp 0 Updating kebe: .sp 0 Reminder: You need the response from your OPIE calculator. .sp 0 Old secret password: .sp 0 otp-md5 482 wi93563 .sp 0 Response: FIRM BERN THEE DUCK MANN AWAY .sp 0 New secret password: .sp 0 otp-md5 499 wi93564 .sp 0 Response: SKY FAN BUG HUFF GUS BEAT .sp 0 .sp 0 ID kebe OPIE key is 499 wi93564 .sp 0 SKY FAN BUG HUFF GUS BEAT .sp 0 wintermute$ .LP .SH FILES .TP /etc/opiekeys -- database of key information for the OPIE system. .SH SEE ALSO .BR passwd (1), .BR opie (4), .BR opiekey (1), .BR opieinfo (1), .BR opiesu (1), .BR opielogin (1), .BR opieftpd (8), .BR opiekeys (5), .BR opieaccess (5) .SH AUTHOR Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. DES key crunching contributed by Marcus J. Ranum of TIS. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). .SH CONTACT NRL OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: .sp skey-users-request@thumper.bellcore.com .sp For comments or bug reports relating to NRL OPIE, send email to: .sp opie-bugs@itd.nrl.navy.mil opie-2.11/opiepasswd.c100644 4101 3565 20550 6070043277 13252 0ustar cmetzipv6/* opiepasswd.c: Add/change an OTP password in the key database. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Minor autoconf changes. Modified heavily at NRL for OPIE 2.0. Written at Bellcore for the S/Key Version 1 software distribution (skeyinit.c). */ /* The implications of this program needing to run setuid are not entirely clear. We believe it to be safe, but more proactive measures need to be taken to reduce the risks of being setuid (such as discarding priveleges as quickly as possible. More thought needs to be given to this at some future date. */ #include "opie_cfg.h" #include #include #include #include #if TM_IN_SYS_TIME #include #else /* TM_IN_SYS_TIME */ #include #endif /* TM_IN_SYS_TIME */ #include #include #include #include #include "opie.h" extern int optind; extern char *optarg; /* We really shouldn't be messing with this variable, but we have to in order to get the proper locking behavior. Programs other than opiepasswd should not mess with this variable. */ extern char *opielockfilename; void usage(myname) char *myname; { fprintf(stderr, "usage: %s [-v] [-h] [-c] [-n initial_sequence_number]\n [-s seed] [username]\n", myname); exit(1); } int main(argc, argv) int argc; char *argv[]; { struct opie opie; int rval, n = 499, nn, i, consolemode = 0; char seed[18]; char tmp[OPIE_RESPONSE_MAX + 2]; /* extra space for \n */ char key[8], key2[8]; struct passwd *ppuser, *pp; char passwd[OPIE_PASS_MAX + 1], passwd2[OPIE_PASS_MAX + 1]; char defaultseed[17]; time_t now; struct tm *tm; char tbuf[30], buf[MAXHOSTNAMELEN]; char lastc; int l; int recstart = 0; FILE *keyfile; char *savelockfilename; memset(seed, 0, sizeof(seed)); memset(tmp, 0, sizeof(tmp)); memset(key, 0, sizeof(key)); memset(key2, 0, sizeof(key2)); time(&now); srand(now); now = rand(); if (gethostname(buf, sizeof(buf)) < 0) { perror("gethostname"); buf[0] = 'k'; buf[1] = 'e'; } buf[NAMELEN] = 0; sprintf(defaultseed, "%s%04d", buf, (now % 9998) + 1); if (!(pp = ppuser = getpwuid(getuid()))) { fprintf(stderr, "Who are you?"); return 1; } while ((i = getopt(argc, argv, "hvcn:s:")) != EOF) { switch (i) { case 'v': opieversion(); case 'c': consolemode = 1; break; case 'n': nn = atoi(optarg); if (!(nn > 0 && nn < 10000)) { printf("Sequence numbers must be > 0 and < 10000\n"); exit(1); } n = nn; break; case 's': nn = strlen(optarg); if ((nn > OPIE_SEED_MAX) || (nn < OPIE_SEED_MIN)) { printf("Seeds must be between %d and %d characters long.\n", OPIE_SEED_MIN, OPIE_SEED_MAX); exit(1); } strncpy(seed, optarg, sizeof(seed)); seed[sizeof(seed) - 1] = 0; break; default: usage(argv[0]); } } if (argc - optind >= 1) { if (strcmp(argv[optind], pp->pw_name)) { if (getuid()) { printf("Only root can change others' passwords.\n"); return (1); } if ((pp = getpwnam(argv[optind])) == NULL) { printf("%s: user unknown.\n", argv[optind]); return 1; } } } rval = opiechallenge(&opie, pp->pw_name, tmp); switch (rval) { case 0: /* This code is bad. It messes with the internal state block. */ printf("Updating %s:\n", pp->pw_name); /* If they have a seed that ends in 0-8 just add one */ l = strlen(opie.seed); if (l > 0) { lastc = opie.seed[l - 1]; if (isdigit(lastc) && lastc != '9') { strcpy(defaultseed, opie.seed); defaultseed[l - 1] = lastc + 1; } if (isdigit(lastc) && lastc == '9' && l < 16) { strcpy(defaultseed, opie.seed); defaultseed[l - 1] = '0'; defaultseed[l] = '0'; defaultseed[l + 1] = '\0'; } } recstart = opie.recstart; keyfile = fopen(KEY_FILE, "r+"); if (keyfile) { if (fseek(keyfile, recstart, SEEK_SET)) { fclose(keyfile); keyfile = NULL; } } break; case 1: printf("Adding %s:\n", pp->pw_name); keyfile = fopen(KEY_FILE, "a"); break; case -1: perror("Error opening key database"); return 1; } if (!keyfile) { fprintf(stderr, "Error updating key database.\n"); return 1; }; if (!consolemode) { printf("Reminder: You need the response from your OPIE calculator.\n"); if (!seed[0]) strcpy(seed, defaultseed); if (!rval && getuid()) { printf("Old secret pass phrase:\n\t%s\n\tResponse: ", tmp); fgets(tmp, sizeof(tmp), stdin); opiestrip_crlf(tmp); opiebackspace(tmp); /* We don't want opieverify() removing our lock -- we want the atexit() handler to do it for us instead. */ savelockfilename = opielockfilename; opielockfilename = NULL; nn = opieverify(&opie, tmp); opielockfilename = savelockfilename; if (nn) { fprintf(stderr, "Sorry.\n", i); exit(1); } } printf("New secret pass phrase:"); for (i = 0;; i++) { if (i >= 2) exit(1); printf("\n\totp-md%d %d %s\n\tResponse: ", MDX, n, seed); fgets(tmp, sizeof(tmp), stdin); opiestrip_crlf(tmp); opiebackspace(tmp); if (tmp[0] == '?') { printf("Enter the response from your OTP calculator: \n"); continue; } if (tmp[0] == '\0') { fprintf(stderr, "Secret pass phrase unchanged.\n"); exit(1); } if ((opieetob(key, tmp) == 1) || opieatob8(key, tmp)) break; /* Valid format */ printf("Invalid format, try again with 6 English words.\n"); } } else { /* Get user's secret password */ fprintf(stderr, "Reminder - Only use this method from the console; NEVER from remote. If you\n"); fprintf(stderr, "are using telnet, xterm, or a dial-in, type ^C now or exit with no password.\n"); fprintf(stderr, "Then run opiepasswd without the -c parameter.\n"); if (opieinsecure()) { fprintf(stderr, "Sorry, but you don't seem to be on the console or a secure terminal.\n"); exit(1); }; printf("Using MD%d to compute responses.\n", MDX); if (!rval && getuid()) { printf("Enter old secret pass phrase: "); opiereadpass(passwd, sizeof(passwd)); if (passwd[0] == '\0') { fprintf(stderr, "Secret pass phrase unchanged.\n"); exit(1); } if (opiekeycrunch(MDX, key, opie.seed, passwd) != 0) { fprintf(stderr, "%s: key crunch failed -- secret pass phrase unchanged\n", argv[0]); exit(1); } nn = opie.n - 1; while (nn-- != 0) opiehash(key, MDX); opiebtoe(buf, key); savelockfilename = opielockfilename; opielockfilename = NULL; nn = opieverify(&opie, buf); opielockfilename = savelockfilename; if (nn) { fprintf(stderr, "Sorry.\n", i); exit(1); } } for (i = 0;; i++) { if (i >= 2) exit(1); printf("Enter new secret pass phrase: "); opiereadpass(passwd, sizeof(passwd)); if (!passwd[0] || feof(stdin)) { fprintf(stderr, "Secret pass phrase unchanged.\n"); exit(1); } printf("Again new secret pass phrase: "); opiereadpass(passwd2, sizeof(passwd2)); if (feof(stdin)) { fprintf(stderr, "Secret pass phrase unchanged.\n"); exit(1); } if (!passwd[0] || !strcmp(passwd, passwd2)) break; fprintf(stderr, "Sorry, no match.\n"); } if (opiepasscheck(passwd)) { fprintf(stderr, "Secret pass phrases must be between %d and %d characters long.\n", OPIE_PASS_MIN, OPIE_PASS_MAX); exit(1); }; if (!seed[0]) strcpy(seed, defaultseed); /* Crunch seed and password into starting key */ if (opiekeycrunch(MDX, key, seed, passwd) != 0) { fprintf(stderr, "%s: key crunch failed\n", argv[0]); return (1); } nn = n; while (nn-- != 0) opiehash(key, MDX); } time(&now); tm = localtime(&now); strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); opiebtoa8(tmp, key); fprintf(keyfile, "%s %04d %-16s %s %-21s\n", pp->pw_name, n, seed, tmp, tbuf); fclose(keyfile); printf("\nID %s OTP key is %d %s\n", pp->pw_name, n, seed); printf("%s\n", opiebtoe(buf, key)); return 0; } opie-2.11/opiesu.1100644 4101 3565 5332 6070043300 12262 0ustar cmetzipv6.\" opiesu.c: Manual page for the opiesu(1) program. .\" .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and .\" License Agreement applies to this software. .\" .\" History: .\" .\" Modified at NRL for OPIE 2.0. .\" Documentation for the "-f" option from BSD. .\" Written at Bellcore for the S/Key Version 1 software distribution .\" (keysu.1). .\" .ll 6i .pl 10.5i .lt 6.0i .TH OPIESU 1 "January 10, 1995" .AT 3 .SH NAME opiesu \- Replacement su(1) program that uses OPIE challenges .SH SYNOPSIS .B opiesu [ \-f ] [ \-c ] [ .I user_name ] .SH DESCRIPTION .I opiesu is a replacement for the su(1) program that issues OPIE challenges and uses OPIE responses. It is downward compatible with keysu(1) from the Bellcore S/Key Version 1 distribution and the su(1) program from the 4.3BSD Net/2 distribution. .sp Unlike other OPIE programs, .I opiesu always requires an OPIE response and will not accept a normal password. .SH OPTIONS .TP .B \-f If the invoked shell is csh(1), this option prevents it from reading the ``.cshrc'' file. (The [f] option may be passed as a shell argument after the login name, so this option is redundant and obsolescent.) .TP .B \-c Set console mode where the user is expected to have secure access to the system. In console mode, you will be asked to input your password directly instead of having to use an OPIE calculator. If you do not have secure access to the system (i.e., you are not on the system's console), you are volunteering your password to attackers by using this mode. .TP .I user_name The name of the user to become. The default is root. .SH EXAMPLE .sp 0 wintermute$ opiesu kebe .sp 0 otp-md5 498 wi910502 .sp 0 (OTP response required) .sp 0 kebe's password: (echo on) .sp 0 kebe's password: RARE GLEN HUGH BOYD NECK MOLL .sp 0 wintermute# .LP .SH FILES .TP /etc/opiekeys database of information for OPIE system. .LP .SH SEE ALSO .BR su (1), .BR opie (4), .BR opiekey (1), .BR opieinfo (1), .BR opiesu (1), .BR opielogin (1), .BR opieftpd (8), .BR opiekeys (5), .BR opieaccess (5) .SH AUTHOR Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. DES key crunching contributed by Marcus J. Ranum of TIS. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). .SH CONTACT NRL OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: .sp skey-users-request@thumper.bellcore.com .sp For comments or bug reports relating to NRL OPIE, send email to: .sp opie-bugs@itd.nrl.navy.mil opie-2.11/opiesubr.c100644 4101 3565 20721 6070043300 12707 0ustar cmetzipv6/* opiesubr.c: OTP support subroutines. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.01: opiereadpass() -- Before messing with terminal attributes, make sure that we're actually on a terminal in order to be more pipe-friendly. Modified at NRL for OPIE 2.0. Changes include making the code more generic by changing it to support both MD4 and MD5 with the default set at compile time using the MDX symbol and cleaned includes and code to be POSIX compliant and hence portable to more systems. Modified at NRL to support MD5 as an alternative to MD4 for OPIE 1.0. Written at Bellcore for the S/Key Version 1 software distribution (skeysubr.c). */ #include "opie_cfg.h" #include #include #include /* ANSI C standard library */ #ifdef __MSDOS__ #include #else /* must be UNIX */ #include /* POSIX file control function headers */ #include /* POSIX Terminal I/O functions */ #include /* POSIX standard definitions */ #endif #include #if DOUTMPX #include #endif /* DOUTMPX */ void getutmpentry __ARGS((char *, struct UTMPX *)); #include "global.h" #include "md5.h" #include "md4.h" #include "opie.h" /* Crunch a key: * concatenate the seed and the password, run through MD4 or MD5 and * collapse to 64 bits. This is defined as the user's starting key. */ int opiekeycrunch(algorithm, result, seed, passwd) unsigned algorithm; /* which algorithm to use: 4==MD4, 5==MD5 */ char *result; /* 8-byte result */ char *seed; /* Seed, any length */ char *passwd; /* Password, any length */ { char *buf; struct MD5_CTX md5; struct MD4_CTX md4; unsigned long results[4]; unsigned int buflen; /* NOTE - we need to bound seed and password before this point. "any length" can bite us... */ buflen = strlen(seed) + strlen(passwd); if ((buf = malloc(buflen + 1)) == NULL) return -1; strcpy(buf, seed); strcat(buf, passwd); /* Crunch the key through MD[45] */ opiesevenbit(buf); if (4 == algorithm) { MD4Init(&md4); MD4Update(&md4, (unsigned char *) buf, buflen); MD4Final((unsigned char *) results, &md4); } else { MD5Init(&md5); MD5Update(&md5, (unsigned char *) buf, buflen); MD5Final((unsigned char *) results, &md5); } free(buf); results[0] ^= results[2]; results[1] ^= results[3]; memcpy(result, (char *) results, 8); return 0; } /* * The one-way function f(x). * Takes 8 bytes and returns 8 bytes in place. * The value of "algorithm" determines whether MD4 or MD5 is used, * where (algorithm==5) implies MD5 and (algorithm==4) implies MD4. */ void opiehash(x, algorithm) char *x; unsigned algorithm; { struct MD5_CTX md5; struct MD4_CTX md4; unsigned long results[4]; if (4 == algorithm) { MD4Init(&md4); MD4Update(&md4, (unsigned char *) x, 8); MD4Final((unsigned char *) results, &md4); } else { /* default algorithm is MD5 */ MD5Init(&md5); MD5Update(&md5, (unsigned char *) x, 8); MD5Final((unsigned char *) results, &md5); } /* Fold 128 to 64 bits */ results[0] ^= results[2]; results[1] ^= results[3]; /* Only works on byte-addressed little-endian machines!! */ memcpy(x, (char *) results, 8); } /* Strip trailing cr/lf from a line of text */ void opiestrip_crlf(buf) char *buf; { char *cp; if ((cp = strchr(buf, '\r')) != NULL) *cp = '\0'; if ((cp = strchr(buf, '\n')) != NULL) *cp = '\0'; } /************************/ #ifdef __MSDOS__ char *opiereadpass(buf, n) char *buf; int n; { int i; char *cp; for (cp = buf, i = 0; i < n; i++) if ((*cp++ = bdos(7, 0, 0)) == '\r') break; *cp = '\0'; printf("\n"); opiestrip_crlf(buf); return buf; } #else /* assume POSIX compliant OS */ char *opiereadpass(buf, n) char *buf; int n; { struct termios attr, orig_attr; int bytes_read = 0; /* This section was heavily rewritten by rja following the model of code samples circa page 151 of the POSIX Programmer's Guide by Donald Lewine, ISBN 0-937175-73-0. That book is Copyright 1991 by O'Reilly & Associates, Inc. All Rights Reserved. I recommend the book to anyone trying to write portable software. rja */ /* Flush any pending output */ fflush(stdout); /* Get original terminal attributes */ if (isatty(STDIN_FILENO)) { if (tcgetattr(STDIN_FILENO, &orig_attr) != 0) return ((char *) -1); /* copy terminal settings into attr */ memcpy(&attr, &orig_attr, sizeof(struct termios)); /* Turn off echoing */ attr.c_lflag &= ~(ECHO); /* should also disable raw and cbreak */ attr.c_lflag |= ISTRIP; /* strip input to 7 bits */ if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr) != 0) return ((char *) -1); } /* get input, avoiding use of fgets() for security reasons */ bytes_read = read(STDIN_FILENO, buf, n); buf[n - 1] = 0; opiestrip_crlf(buf); /* Restore previous tty modes */ if (isatty(STDIN_FILENO)) if (tcsetattr(STDIN_FILENO, TCSANOW, &orig_attr) != 0) return ((char *) -1); /* After the secret key is taken from the keyboard, the line feed is written to standard error instead of standard output. That means that anyone using the program from a terminal won't notice, but capturing standard output will get the key words without a newline in front of them. */ fprintf(stderr, "\n"); fflush(stderr); return buf; /* probably should return buffer length as well */ } #endif /* remove backspaced-over charaters from the string */ void opiebackspace(buf) char *buf; { char bs = '\b'; char del = 127; char *cp = buf; char *out = buf; while (*cp) { if ((*cp == bs) || (*cp == del)) { if (out == buf) { cp++; continue; } else { cp++; out--; } } else { *out++ = *cp++; } } *out = '\0'; } void opiesevenbit(s) char *s; { /* make sure there are only 7 bit code in the line */ while (*s) { *s = 0x7f & (*s); s++; } } void opieversion() { printf("\nNRL OPIE %s (%s)\n\nCompile-time options:\n%s\n\n", VERSION, DATE, OPTION_STRING); exit(0); } int opieinsecure() { #ifndef NO_INSECURE_CHECK char *display_name; char *s; char *term_name; char hostname[MAXHOSTNAMELEN]; int insecure = 0; struct UTMPX utmp; display_name = (char *) getenv("DISPLAY"); term_name = (char *) getenv("TERM"); if (display_name != NULL) { insecure = 1; if (s = strchr(display_name, ':')) if (s == display_name) insecure = 0; else { *s = 0; if (!strcmp("unix", display_name)) insecure = 0; else { if (!gethostname(hostname, sizeof(hostname))) { if (!strcmp(hostname, display_name)) insecure = 0; else { if (s = strchr(display_name, '.')) { *s = 0; if (!strcmp(hostname, display_name)) insecure = 0; } /* endif display_name is '.' */ } /* endif hostname != display_name */ } /* endif was able to get hostname */ } /* endif display_name == UNIX */ } /* endif display_name == ":" */ if (insecure) return (1); } /* If no DISPLAY variable exists and TERM=xterm, then we probably have an xterm executing on a remote system with an rlogin or telnet to our system. If it were a local xterm, then the DISPLAY environment variable would have to exist. rja */ if ((display_name == NULL) && (term_name != NULL) && (0 == strcmp("xterm", term_name))) { return (1); } memset(&utmp, 0, sizeof(utmp)); getutmpentry(ttyname(0), &utmp); if (utmp.ut_host[0]) { insecure = 1; if (s = strchr(utmp.ut_host, ':')) { if (s = &(utmp.ut_host[0])) insecure = 0; else { *s = 0; if (display_name) if (!strcmp(utmp.ut_host, display_name)) insecure = 0; } } } if (insecure) return (1); #endif /* NO_INSECURE_CHECK */ return 0; } /* Applies "good password" rules to the secret pass phrase. We currently implement the following: Passwords must be at least OPIE_PASS_MIN (10) characters long. Passwords must be at most OPIE_PASS_MAX (127) characters long. N.B.: Passing NULL pointers to this function is a bad idea. */ int opiepasscheck(passphrase) char *passphrase; { int len = strlen(passphrase); if (len < OPIE_PASS_MIN) return 1; if (len > OPIE_PASS_MAX) return 1; return 0; } opie-2.11/permsfile.c100644 4101 3565 6567 6070043300 13041 0ustar cmetzipv6/* permsfile.c: implement SunOS /etc/fbtab and Solaris /etc/logindevperm functionality to set device permissions on login Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Written at NRL for OPIE 2.0. */ #include "opie_cfg.h" #ifdef PERMSFILE #include #include #include #include /* Line buffer size (one more than max line length) */ #define BUFSIZE 128 /* Maximum number of list items in a field */ #define LISTSIZE 10 static char buf[BUFSIZE], buf2[8]; char **ftpglob __ARGS((char *)); void opiefatal(x) char *x; { fprintf(stderr, x); exit(1); } #include "glob.c" static getalist(string, list) char **string; char **list; { char *s = *string; int i = 0; while (*s && (*s != '\n') && (*s != ' ') && (*s != '\t')) if ((*s == ':') || (*s == ',')) { *(s++) = 0; list[i++] = *string; *string = s; if (i == LISTSIZE) return i; } else s++; if ((int) (s) - (int) (*string)) { *s = 0; list[i++] = *string; } *string = ++s; return i; } static doaline(line, name, ttyn, uid, gid) char *line, *name, *ttyn; uid_t uid; gid_t gid; { char *ptr, *ptr2; int i, j, k; int applies, llen; char *listbuf[LISTSIZE], **globlist; if (ptr = strchr(buf, '#')) *ptr = 0; /* Skip whitespace */ for (ptr = buf; *ptr && ((*ptr == ' ') || (*ptr == '\t')); ptr++); if (!*ptr) return; /* (Optional) Field 1: user name(s) */ if ((*ptr != '/') && (*ptr != '~')) { llen = getalist(&ptr, listbuf); for (applies = i = 0; (i < llen) && !applies; i++) if (!strcmp(listbuf[i], name)) applies++; while (*ptr && ((*ptr == ' ') || (*ptr == '\t'))) ptr++; if (!applies || !*ptr) return; } /* Field 2: terminal(s) */ llen = getalist(&ptr, listbuf); for (applies = i = 0; (i < llen) && !applies; i++) if (!strcmp(listbuf[i], ttyn)) applies++; while (*ptr && ((*ptr == ' ') || (*ptr == '\t'))) ptr++; if (!applies || !*ptr) return; /* Field 3: mode */ for (applies = 0; *ptr && (*ptr >= '0') && (*ptr <= '7'); applies = (applies << 3) | (*(ptr++) - '0')); while (*ptr && ((*ptr == ' ') || (*ptr == '\t'))) ptr++; if (!*ptr) return; /* Field 4: devices (the fun part...) */ llen = getalist(&ptr, listbuf); for (i = 0; i < llen; i++) { globlist = ftpglob(listbuf[i]); while (*globlist) { #ifdef DEBUG fprintf(stderr, "setting %s to %d/%d %o\n", *globlist, uid, gid, applies); #endif /* DEBUG */ if (chown(*globlist, uid, gid) < 0) if (errno != ENOENT) perror("lchown"); if (chmod(*(globlist++), applies) < 0) if (errno != ENOENT) perror("chmod"); } } } permsfile(name, ttyn, uid, gid) char *name, *ttyn; uid_t uid; gid_t gid; { char **foo; char *ptr; FILE *fh; int i, j, k; if (!(fh = fopen(PERMSFILE, "r"))) { syslog(LOG_ERR, "Can't open %s!", PERMSFILE); fprintf(stderr, "Warning: Can't set device permissions.\n"); return; } do { if (feof(fh)) return; if (fgets(buf, BUFSIZE, fh) == NULL) return; buf[BUFSIZE] = 0; doaline(buf, name, ttyn, uid, gid); } while (1); } #endif /* PERMSFILE */ opie-2.11/popen.c100644 4101 3565 14704 6070043300 12204 0ustar cmetzipv6/* popen.c: A "safe" pipe open routine. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Optimized for only one pipe at a time. Added minimal version of sigprocmask(). Moved some pid_t dancing to the config headers. Modified at NRL for OPIE 2.0. Originally from BSD. */ /* * Copyright (c) 1988 The Regents of the University of California. * All rights reserved. * * This code is derived from software written by Ken Arnold and * published in UNIX Review, Vol. 6, No. 8. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #ifndef lint static char sccsid[] = "@(#)popen.c 5.9 (Berkeley) 2/25/91"; #endif /* not lint */ #include "opie_cfg.h" #include #include #if HAVE_SIGNAL_H #include #endif /* HAVE_SIGNAL_H */ #if HAVE_SYS_SIGNAL_H #include #endif /* HAVE_SYS_SIGNAL_H */ #include #include #include #include char **ftpglob __ARGS((register char *)); char **copyblk __ARGS((char **)); void blkfree __ARGS((char **)); #if !HAVE_SIGPROCMASK #ifndef sigset_t #define sigset_t int #endif /* sigset_t */ int oursigprocmask(how, set, oset) int how; sigset_t *set; sigset_t *oset; { int old, new; if (set && (set != (sigset_t *)SIG_IGN) && (set != (sigset_t *)SIG_ERR)) new = *set; else new = 0; switch(how) { case SIG_BLOCK: old = sigblock(new); if (oset && (oset != (sigset_t *)SIG_IGN) && (oset != (sigset_t *)SIG_ERR)) *oset = old; return 0; case SIG_SETMASK: old = sigsetmask(new); if (oset && (oset != (sigset_t *)SIG_IGN) && (oset != (sigset_t *)SIG_ERR)) *oset = old; return 0; case SIG_UNBLOCK: default: return 0; } } #endif /* !HAVE_SIGPROCMASK */ /* * Special version of popen which avoids call to shell. This insures noone * may create a pipe to a hidden program as a side effect of a list or dir * command. */ static pid_t child_pid = -1; static int pipe_fd; FILE *ftpd_popen(program, type) char *program, *type; { register char *cp; FILE *iop; int argc, gargc, pdes[2]; char **pop, *argv[100], *gargv[1000], *vv[2]; if (*type != 'r' && *type != 'w' || type[1]) return (NULL); if (pipe(pdes) < 0) return (NULL); /* break up string into pieces */ for (argc = 0, cp = program;; cp = NULL) if (!(argv[argc++] = strtok(cp, " \t\n"))) break; /* glob each piece */ gargv[0] = argv[0]; for (gargc = argc = 1; argv[argc]; argc++) { if (!(pop = (char **) ftpglob(argv[argc]))) { /* globbing failed */ vv[0] = argv[argc]; vv[1] = NULL; pop = (char **) copyblk(vv); } argv[argc] = (char *) pop; /* save to free later */ while (*pop && gargc < 1000) gargv[gargc++] = *pop++; } gargv[gargc] = NULL; iop = NULL; switch (child_pid = vfork()) { case -1: /* error */ close(pdes[0]); close(pdes[1]); goto pfree; /* NOTREACHED */ case 0: /* child */ if (*type == 'r') { if (pdes[1] != 1) { dup2(pdes[1], 1); dup2(pdes[1], 2); /* stderr, too! */ close(pdes[1]); } close(pdes[0]); } else { if (pdes[0] != 0) { dup2(pdes[0], 0); close(pdes[0]); } close(pdes[1]); } execv(gargv[0], gargv); _exit(1); } /* parent; assume fdopen can't fail... */ if (*type == 'r') { iop = fdopen(pipe_fd = pdes[0], type); close(pdes[1]); } else { iop = fdopen(pipe_fd = pdes[1], type); close(pdes[0]); } pfree: for (argc = 1; argv[argc] != NULL; argc++) { blkfree((char **) argv[argc]); free((char *) argv[argc]); } return (iop); } #if !HAVE_SIGEMPTYSET && !defined(sigemptyset) #define sigemptyset(x) memset(x, 0, sizeof(*x)) #endif /* !HAVE_SIGEMPTYSET */ #if !HAVE_SIGADDSET && !defined(sigaddset) #define sigaddset(x, y) *x |= sigmask(y) #endif /* !HAVE_SIGADDSET */ int ftpd_pclose(iop) FILE *iop; { register int fdes; int status; pid_t pid; sigset_t omask, mask; sigemptyset(&mask); sigaddset(&mask, SIGINT); sigaddset(&mask, SIGQUIT); sigaddset(&mask, SIGHUP); /* pclose returns -1 if stream is not associated with a `popened' command, or, if already `pclosed'. */ if ((child_pid < 0) || (fileno(iop) != pipe_fd)) return (-1); fclose(iop); sigprocmask(SIG_BLOCK, &mask, &omask); while ((pid = wait(&status)) != child_pid && (pid != -1)); sigprocmask(SIG_SETMASK, &omask, NULL); child_pid = -1; pipe_fd = -1; #ifdef WEXITSTATUS /* this is the fully POSIX compliant implementation */ return (pid == -1 ? -1 : WEXITSTATUS(status)); #else return (pid == -1 ? -1 : status.w_status); #endif } opie-2.11/put.c100644 4101 3565 60605 6070043300 11674 0ustar cmetzipv6/* put.c: Conversion to/from the six-English-word representation of a 64-bit OTP. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.0. Written at Bellcore for the S/Key Version 1 software distribution. */ #include "opie_cfg.h" #include #include #include #include #include #include "opie.h" static unsigned long extract __ARGS((char *s, int start, int length)); static void insert __ARGS((char *s, int x, int start, int length)); static int wsrch __ARGS((char *w, int low, int high)); /* Dictionary for integer-word translations */ static char Wp[2048][4] = { "A", "ABE", "ACE", "ACT", "AD", "ADA", "ADD", "AGO", "AID", "AIM", "AIR", "ALL", "ALP", "AM", "AMY", "AN", "ANA", "AND", "ANN", "ANT", "ANY", "APE", "APS", "APT", "ARC", "ARE", "ARK", "ARM", "ART", "AS", "ASH", "ASK", "AT", "ATE", "AUG", "AUK", "AVE", "AWE", "AWK", "AWL", "AWN", "AX", "AYE", "BAD", "BAG", "BAH", "BAM", "BAN", "BAR", "BAT", "BAY", "BE", "BED", "BEE", "BEG", "BEN", "BET", "BEY", "BIB", "BID", "BIG", "BIN", "BIT", "BOB", "BOG", "BON", "BOO", "BOP", "BOW", "BOY", "BUB", "BUD", "BUG", "BUM", "BUN", "BUS", "BUT", "BUY", "BY", "BYE", "CAB", "CAL", "CAM", "CAN", "CAP", "CAR", "CAT", "CAW", "COD", "COG", "COL", "CON", "COO", "COP", "COT", "COW", "COY", "CRY", "CUB", "CUE", "CUP", "CUR", "CUT", "DAB", "DAD", "DAM", "DAN", "DAR", "DAY", "DEE", "DEL", "DEN", "DES", "DEW", "DID", "DIE", "DIG", "DIN", "DIP", "DO", "DOE", "DOG", "DON", "DOT", "DOW", "DRY", "DUB", "DUD", "DUE", "DUG", "DUN", "EAR", "EAT", "ED", "EEL", "EGG", "EGO", "ELI", "ELK", "ELM", "ELY", "EM", "END", "EST", "ETC", "EVA", "EVE", "EWE", "EYE", "FAD", "FAN", "FAR", "FAT", "FAY", "FED", "FEE", "FEW", "FIB", "FIG", "FIN", "FIR", "FIT", "FLO", "FLY", "FOE", "FOG", "FOR", "FRY", "FUM", "FUN", "FUR", "GAB", "GAD", "GAG", "GAL", "GAM", "GAP", "GAS", "GAY", "GEE", "GEL", "GEM", "GET", "GIG", "GIL", "GIN", "GO", "GOT", "GUM", "GUN", "GUS", "GUT", "GUY", "GYM", "GYP", "HA", "HAD", "HAL", "HAM", "HAN", "HAP", "HAS", "HAT", "HAW", "HAY", "HE", "HEM", "HEN", "HER", "HEW", "HEY", "HI", "HID", "HIM", "HIP", "HIS", "HIT", "HO", "HOB", "HOC", "HOE", "HOG", "HOP", "HOT", "HOW", "HUB", "HUE", "HUG", "HUH", "HUM", "HUT", "I", "ICY", "IDA", "IF", "IKE", "ILL", "INK", "INN", "IO", "ION", "IQ", "IRA", "IRE", "IRK", "IS", "IT", "ITS", "IVY", "JAB", "JAG", "JAM", "JAN", "JAR", "JAW", "JAY", "JET", "JIG", "JIM", "JO", "JOB", "JOE", "JOG", "JOT", "JOY", "JUG", "JUT", "KAY", "KEG", "KEN", "KEY", "KID", "KIM", "KIN", "KIT", "LA", "LAB", "LAC", "LAD", "LAG", "LAM", "LAP", "LAW", "LAY", "LEA", "LED", "LEE", "LEG", "LEN", "LEO", "LET", "LEW", "LID", "LIE", "LIN", "LIP", "LIT", "LO", "LOB", "LOG", "LOP", "LOS", "LOT", "LOU", "LOW", "LOY", "LUG", "LYE", "MA", "MAC", "MAD", "MAE", "MAN", "MAO", "MAP", "MAT", "MAW", "MAY", "ME", "MEG", "MEL", "MEN", "MET", "MEW", "MID", "MIN", "MIT", "MOB", "MOD", "MOE", "MOO", "MOP", "MOS", "MOT", "MOW", "MUD", "MUG", "MUM", "MY", "NAB", "NAG", "NAN", "NAP", "NAT", "NAY", "NE", "NED", "NEE", "NET", "NEW", "NIB", "NIL", "NIP", "NIT", "NO", "NOB", "NOD", "NON", "NOR", "NOT", "NOV", "NOW", "NU", "NUN", "NUT", "O", "OAF", "OAK", "OAR", "OAT", "ODD", "ODE", "OF", "OFF", "OFT", "OH", "OIL", "OK", "OLD", "ON", "ONE", "OR", "ORB", "ORE", "ORR", "OS", "OTT", "OUR", "OUT", "OVA", "OW", "OWE", "OWL", "OWN", "OX", "PA", "PAD", "PAL", "PAM", "PAN", "PAP", "PAR", "PAT", "PAW", "PAY", "PEA", "PEG", "PEN", "PEP", "PER", "PET", "PEW", "PHI", "PI", "PIE", "PIN", "PIT", "PLY", "PO", "POD", "POE", "POP", "POT", "POW", "PRO", "PRY", "PUB", "PUG", "PUN", "PUP", "PUT", "QUO", "RAG", "RAM", "RAN", "RAP", "RAT", "RAW", "RAY", "REB", "RED", "REP", "RET", "RIB", "RID", "RIG", "RIM", "RIO", "RIP", "ROB", "ROD", "ROE", "RON", "ROT", "ROW", "ROY", "RUB", "RUE", "RUG", "RUM", "RUN", "RYE", "SAC", "SAD", "SAG", "SAL", "SAM", "SAN", "SAP", "SAT", "SAW", "SAY", "SEA", "SEC", "SEE", "SEN", "SET", "SEW", "SHE", "SHY", "SIN", "SIP", "SIR", "SIS", "SIT", "SKI", "SKY", "SLY", "SO", "SOB", "SOD", "SON", "SOP", "SOW", "SOY", "SPA", "SPY", "SUB", "SUD", "SUE", "SUM", "SUN", "SUP", "TAB", "TAD", "TAG", "TAN", "TAP", "TAR", "TEA", "TED", "TEE", "TEN", "THE", "THY", "TIC", "TIE", "TIM", "TIN", "TIP", "TO", "TOE", "TOG", "TOM", "TON", "TOO", "TOP", "TOW", "TOY", "TRY", "TUB", "TUG", "TUM", "TUN", "TWO", "UN", "UP", "US", "USE", "VAN", "VAT", "VET", "VIE", "WAD", "WAG", "WAR", "WAS", "WAY", "WE", "WEB", "WED", "WEE", "WET", "WHO", "WHY", "WIN", "WIT", "WOK", "WON", "WOO", "WOW", "WRY", "WU", "YAM", "YAP", "YAW", "YE", "YEA", "YES", "YET", "YOU", "ABED", "ABEL", "ABET", "ABLE", "ABUT", "ACHE", "ACID", "ACME", "ACRE", "ACTA", "ACTS", "ADAM", "ADDS", "ADEN", "AFAR", "AFRO", "AGEE", "AHEM", "AHOY", "AIDA", "AIDE", "AIDS", "AIRY", "AJAR", "AKIN", "ALAN", "ALEC", "ALGA", "ALIA", "ALLY", "ALMA", "ALOE", "ALSO", "ALTO", "ALUM", "ALVA", "AMEN", "AMES", "AMID", "AMMO", "AMOK", "AMOS", "AMRA", "ANDY", "ANEW", "ANNA", "ANNE", "ANTE", "ANTI", "AQUA", "ARAB", "ARCH", "AREA", "ARGO", "ARID", "ARMY", "ARTS", "ARTY", "ASIA", "ASKS", "ATOM", "AUNT", "AURA", "AUTO", "AVER", "AVID", "AVIS", "AVON", "AVOW", "AWAY", "AWRY", "BABE", "BABY", "BACH", "BACK", "BADE", "BAIL", "BAIT", "BAKE", "BALD", "BALE", "BALI", "BALK", "BALL", "BALM", "BAND", "BANE", "BANG", "BANK", "BARB", "BARD", "BARE", "BARK", "BARN", "BARR", "BASE", "BASH", "BASK", "BASS", "BATE", "BATH", "BAWD", "BAWL", "BEAD", "BEAK", "BEAM", "BEAN", "BEAR", "BEAT", "BEAU", "BECK", "BEEF", "BEEN", "BEER", "BEET", "BELA", "BELL", "BELT", "BEND", "BENT", "BERG", "BERN", "BERT", "BESS", "BEST", "BETA", "BETH", "BHOY", "BIAS", "BIDE", "BIEN", "BILE", "BILK", "BILL", "BIND", "BING", "BIRD", "BITE", "BITS", "BLAB", "BLAT", "BLED", "BLEW", "BLOB", "BLOC", "BLOT", "BLOW", "BLUE", "BLUM", "BLUR", "BOAR", "BOAT", "BOCA", "BOCK", "BODE", "BODY", "BOGY", "BOHR", "BOIL", "BOLD", "BOLO", "BOLT", "BOMB", "BONA", "BOND", "BONE", "BONG", "BONN", "BONY", "BOOK", "BOOM", "BOON", "BOOT", "BORE", "BORG", "BORN", "BOSE", "BOSS", "BOTH", "BOUT", "BOWL", "BOYD", "BRAD", "BRAE", "BRAG", "BRAN", "BRAY", "BRED", "BREW", "BRIG", "BRIM", "BROW", "BUCK", "BUDD", "BUFF", "BULB", "BULK", "BULL", "BUNK", "BUNT", "BUOY", "BURG", "BURL", "BURN", "BURR", "BURT", "BURY", "BUSH", "BUSS", "BUST", "BUSY", "BYTE", "CADY", "CAFE", "CAGE", "CAIN", "CAKE", "CALF", "CALL", "CALM", "CAME", "CANE", "CANT", "CARD", "CARE", "CARL", "CARR", "CART", "CASE", "CASH", "CASK", "CAST", "CAVE", "CEIL", "CELL", "CENT", "CERN", "CHAD", "CHAR", "CHAT", "CHAW", "CHEF", "CHEN", "CHEW", "CHIC", "CHIN", "CHOU", "CHOW", "CHUB", "CHUG", "CHUM", "CITE", "CITY", "CLAD", "CLAM", "CLAN", "CLAW", "CLAY", "CLOD", "CLOG", "CLOT", "CLUB", "CLUE", "COAL", "COAT", "COCA", "COCK", "COCO", "CODA", "CODE", "CODY", "COED", "COIL", "COIN", "COKE", "COLA", "COLD", "COLT", "COMA", "COMB", "COME", "COOK", "COOL", "COON", "COOT", "CORD", "CORE", "CORK", "CORN", "COST", "COVE", "COWL", "CRAB", "CRAG", "CRAM", "CRAY", "CREW", "CRIB", "CROW", "CRUD", "CUBA", "CUBE", "CUFF", "CULL", "CULT", "CUNY", "CURB", "CURD", "CURE", "CURL", "CURT", "CUTS", "DADE", "DALE", "DAME", "DANA", "DANE", "DANG", "DANK", "DARE", "DARK", "DARN", "DART", "DASH", "DATA", "DATE", "DAVE", "DAVY", "DAWN", "DAYS", "DEAD", "DEAF", "DEAL", "DEAN", "DEAR", "DEBT", "DECK", "DEED", "DEEM", "DEER", "DEFT", "DEFY", "DELL", "DENT", "DENY", "DESK", "DIAL", "DICE", "DIED", "DIET", "DIME", "DINE", "DING", "DINT", "DIRE", "DIRT", "DISC", "DISH", "DISK", "DIVE", "DOCK", "DOES", "DOLE", "DOLL", "DOLT", "DOME", "DONE", "DOOM", "DOOR", "DORA", "DOSE", "DOTE", "DOUG", "DOUR", "DOVE", "DOWN", "DRAB", "DRAG", "DRAM", "DRAW", "DREW", "DRUB", "DRUG", "DRUM", "DUAL", "DUCK", "DUCT", "DUEL", "DUET", "DUKE", "DULL", "DUMB", "DUNE", "DUNK", "DUSK", "DUST", "DUTY", "EACH", "EARL", "EARN", "EASE", "EAST", "EASY", "EBEN", "ECHO", "EDDY", "EDEN", "EDGE", "EDGY", "EDIT", "EDNA", "EGAN", "ELAN", "ELBA", "ELLA", "ELSE", "EMIL", "EMIT", "EMMA", "ENDS", "ERIC", "EROS", "EVEN", "EVER", "EVIL", "EYED", "FACE", "FACT", "FADE", "FAIL", "FAIN", "FAIR", "FAKE", "FALL", "FAME", "FANG", "FARM", "FAST", "FATE", "FAWN", "FEAR", "FEAT", "FEED", "FEEL", "FEET", "FELL", "FELT", "FEND", "FERN", "FEST", "FEUD", "FIEF", "FIGS", "FILE", "FILL", "FILM", "FIND", "FINE", "FINK", "FIRE", "FIRM", "FISH", "FISK", "FIST", "FITS", "FIVE", "FLAG", "FLAK", "FLAM", "FLAT", "FLAW", "FLEA", "FLED", "FLEW", "FLIT", "FLOC", "FLOG", "FLOW", "FLUB", "FLUE", "FOAL", "FOAM", "FOGY", "FOIL", "FOLD", "FOLK", "FOND", "FONT", "FOOD", "FOOL", "FOOT", "FORD", "FORE", "FORK", "FORM", "FORT", "FOSS", "FOUL", "FOUR", "FOWL", "FRAU", "FRAY", "FRED", "FREE", "FRET", "FREY", "FROG", "FROM", "FUEL", "FULL", "FUME", "FUND", "FUNK", "FURY", "FUSE", "FUSS", "GAFF", "GAGE", "GAIL", "GAIN", "GAIT", "GALA", "GALE", "GALL", "GALT", "GAME", "GANG", "GARB", "GARY", "GASH", "GATE", "GAUL", "GAUR", "GAVE", "GAWK", "GEAR", "GELD", "GENE", "GENT", "GERM", "GETS", "GIBE", "GIFT", "GILD", "GILL", "GILT", "GINA", "GIRD", "GIRL", "GIST", "GIVE", "GLAD", "GLEE", "GLEN", "GLIB", "GLOB", "GLOM", "GLOW", "GLUE", "GLUM", "GLUT", "GOAD", "GOAL", "GOAT", "GOER", "GOES", "GOLD", "GOLF", "GONE", "GONG", "GOOD", "GOOF", "GORE", "GORY", "GOSH", "GOUT", "GOWN", "GRAB", "GRAD", "GRAY", "GREG", "GREW", "GREY", "GRID", "GRIM", "GRIN", "GRIT", "GROW", "GRUB", "GULF", "GULL", "GUNK", "GURU", "GUSH", "GUST", "GWEN", "GWYN", "HAAG", "HAAS", "HACK", "HAIL", "HAIR", "HALE", "HALF", "HALL", "HALO", "HALT", "HAND", "HANG", "HANK", "HANS", "HARD", "HARK", "HARM", "HART", "HASH", "HAST", "HATE", "HATH", "HAUL", "HAVE", "HAWK", "HAYS", "HEAD", "HEAL", "HEAR", "HEAT", "HEBE", "HECK", "HEED", "HEEL", "HEFT", "HELD", "HELL", "HELM", "HERB", "HERD", "HERE", "HERO", "HERS", "HESS", "HEWN", "HICK", "HIDE", "HIGH", "HIKE", "HILL", "HILT", "HIND", "HINT", "HIRE", "HISS", "HIVE", "HOBO", "HOCK", "HOFF", "HOLD", "HOLE", "HOLM", "HOLT", "HOME", "HONE", "HONK", "HOOD", "HOOF", "HOOK", "HOOT", "HORN", "HOSE", "HOST", "HOUR", "HOVE", "HOWE", "HOWL", "HOYT", "HUCK", "HUED", "HUFF", "HUGE", "HUGH", "HUGO", "HULK", "HULL", "HUNK", "HUNT", "HURD", "HURL", "HURT", "HUSH", "HYDE", "HYMN", "IBIS", "ICON", "IDEA", "IDLE", "IFFY", "INCA", "INCH", "INTO", "IONS", "IOTA", "IOWA", "IRIS", "IRMA", "IRON", "ISLE", "ITCH", "ITEM", "IVAN", "JACK", "JADE", "JAIL", "JAKE", "JANE", "JAVA", "JEAN", "JEFF", "JERK", "JESS", "JEST", "JIBE", "JILL", "JILT", "JIVE", "JOAN", "JOBS", "JOCK", "JOEL", "JOEY", "JOHN", "JOIN", "JOKE", "JOLT", "JOVE", "JUDD", "JUDE", "JUDO", "JUDY", "JUJU", "JUKE", "JULY", "JUNE", "JUNK", "JUNO", "JURY", "JUST", "JUTE", "KAHN", "KALE", "KANE", "KANT", "KARL", "KATE", "KEEL", "KEEN", "KENO", "KENT", "KERN", "KERR", "KEYS", "KICK", "KILL", "KIND", "KING", "KIRK", "KISS", "KITE", "KLAN", "KNEE", "KNEW", "KNIT", "KNOB", "KNOT", "KNOW", "KOCH", "KONG", "KUDO", "KURD", "KURT", "KYLE", "LACE", "LACK", "LACY", "LADY", "LAID", "LAIN", "LAIR", "LAKE", "LAMB", "LAME", "LAND", "LANE", "LANG", "LARD", "LARK", "LASS", "LAST", "LATE", "LAUD", "LAVA", "LAWN", "LAWS", "LAYS", "LEAD", "LEAF", "LEAK", "LEAN", "LEAR", "LEEK", "LEER", "LEFT", "LEND", "LENS", "LENT", "LEON", "LESK", "LESS", "LEST", "LETS", "LIAR", "LICE", "LICK", "LIED", "LIEN", "LIES", "LIEU", "LIFE", "LIFT", "LIKE", "LILA", "LILT", "LILY", "LIMA", "LIMB", "LIME", "LIND", "LINE", "LINK", "LINT", "LION", "LISA", "LIST", "LIVE", "LOAD", "LOAF", "LOAM", "LOAN", "LOCK", "LOFT", "LOGE", "LOIS", "LOLA", "LONE", "LONG", "LOOK", "LOON", "LOOT", "LORD", "LORE", "LOSE", "LOSS", "LOST", "LOUD", "LOVE", "LOWE", "LUCK", "LUCY", "LUGE", "LUKE", "LULU", "LUND", "LUNG", "LURA", "LURE", "LURK", "LUSH", "LUST", "LYLE", "LYNN", "LYON", "LYRA", "MACE", "MADE", "MAGI", "MAID", "MAIL", "MAIN", "MAKE", "MALE", "MALI", "MALL", "MALT", "MANA", "MANN", "MANY", "MARC", "MARE", "MARK", "MARS", "MART", "MARY", "MASH", "MASK", "MASS", "MAST", "MATE", "MATH", "MAUL", "MAYO", "MEAD", "MEAL", "MEAN", "MEAT", "MEEK", "MEET", "MELD", "MELT", "MEMO", "MEND", "MENU", "MERT", "MESH", "MESS", "MICE", "MIKE", "MILD", "MILE", "MILK", "MILL", "MILT", "MIMI", "MIND", "MINE", "MINI", "MINK", "MINT", "MIRE", "MISS", "MIST", "MITE", "MITT", "MOAN", "MOAT", "MOCK", "MODE", "MOLD", "MOLE", "MOLL", "MOLT", "MONA", "MONK", "MONT", "MOOD", "MOON", "MOOR", "MOOT", "MORE", "MORN", "MORT", "MOSS", "MOST", "MOTH", "MOVE", "MUCH", "MUCK", "MUDD", "MUFF", "MULE", "MULL", "MURK", "MUSH", "MUST", "MUTE", "MUTT", "MYRA", "MYTH", "NAGY", "NAIL", "NAIR", "NAME", "NARY", "NASH", "NAVE", "NAVY", "NEAL", "NEAR", "NEAT", "NECK", "NEED", "NEIL", "NELL", "NEON", "NERO", "NESS", "NEST", "NEWS", "NEWT", "NIBS", "NICE", "NICK", "NILE", "NINA", "NINE", "NOAH", "NODE", "NOEL", "NOLL", "NONE", "NOOK", "NOON", "NORM", "NOSE", "NOTE", "NOUN", "NOVA", "NUDE", "NULL", "NUMB", "OATH", "OBEY", "OBOE", "ODIN", "OHIO", "OILY", "OINT", "OKAY", "OLAF", "OLDY", "OLGA", "OLIN", "OMAN", "OMEN", "OMIT", "ONCE", "ONES", "ONLY", "ONTO", "ONUS", "ORAL", "ORGY", "OSLO", "OTIS", "OTTO", "OUCH", "OUST", "OUTS", "OVAL", "OVEN", "OVER", "OWLY", "OWNS", "QUAD", "QUIT", "QUOD", "RACE", "RACK", "RACY", "RAFT", "RAGE", "RAID", "RAIL", "RAIN", "RAKE", "RANK", "RANT", "RARE", "RASH", "RATE", "RAVE", "RAYS", "READ", "REAL", "REAM", "REAR", "RECK", "REED", "REEF", "REEK", "REEL", "REID", "REIN", "RENA", "REND", "RENT", "REST", "RICE", "RICH", "RICK", "RIDE", "RIFT", "RILL", "RIME", "RING", "RINK", "RISE", "RISK", "RITE", "ROAD", "ROAM", "ROAR", "ROBE", "ROCK", "RODE", "ROIL", "ROLL", "ROME", "ROOD", "ROOF", "ROOK", "ROOM", "ROOT", "ROSA", "ROSE", "ROSS", "ROSY", "ROTH", "ROUT", "ROVE", "ROWE", "ROWS", "RUBE", "RUBY", "RUDE", "RUDY", "RUIN", "RULE", "RUNG", "RUNS", "RUNT", "RUSE", "RUSH", "RUSK", "RUSS", "RUST", "RUTH", "SACK", "SAFE", "SAGE", "SAID", "SAIL", "SALE", "SALK", "SALT", "SAME", "SAND", "SANE", "SANG", "SANK", "SARA", "SAUL", "SAVE", "SAYS", "SCAN", "SCAR", "SCAT", "SCOT", "SEAL", "SEAM", "SEAR", "SEAT", "SEED", "SEEK", "SEEM", "SEEN", "SEES", "SELF", "SELL", "SEND", "SENT", "SETS", "SEWN", "SHAG", "SHAM", "SHAW", "SHAY", "SHED", "SHIM", "SHIN", "SHOD", "SHOE", "SHOT", "SHOW", "SHUN", "SHUT", "SICK", "SIDE", "SIFT", "SIGH", "SIGN", "SILK", "SILL", "SILO", "SILT", "SINE", "SING", "SINK", "SIRE", "SITE", "SITS", "SITU", "SKAT", "SKEW", "SKID", "SKIM", "SKIN", "SKIT", "SLAB", "SLAM", "SLAT", "SLAY", "SLED", "SLEW", "SLID", "SLIM", "SLIT", "SLOB", "SLOG", "SLOT", "SLOW", "SLUG", "SLUM", "SLUR", "SMOG", "SMUG", "SNAG", "SNOB", "SNOW", "SNUB", "SNUG", "SOAK", "SOAR", "SOCK", "SODA", "SOFA", "SOFT", "SOIL", "SOLD", "SOME", "SONG", "SOON", "SOOT", "SORE", "SORT", "SOUL", "SOUR", "SOWN", "STAB", "STAG", "STAN", "STAR", "STAY", "STEM", "STEW", "STIR", "STOW", "STUB", "STUN", "SUCH", "SUDS", "SUIT", "SULK", "SUMS", "SUNG", "SUNK", "SURE", "SURF", "SWAB", "SWAG", "SWAM", "SWAN", "SWAT", "SWAY", "SWIM", "SWUM", "TACK", "TACT", "TAIL", "TAKE", "TALE", "TALK", "TALL", "TANK", "TASK", "TATE", "TAUT", "TEAL", "TEAM", "TEAR", "TECH", "TEEM", "TEEN", "TEET", "TELL", "TEND", "TENT", "TERM", "TERN", "TESS", "TEST", "THAN", "THAT", "THEE", "THEM", "THEN", "THEY", "THIN", "THIS", "THUD", "THUG", "TICK", "TIDE", "TIDY", "TIED", "TIER", "TILE", "TILL", "TILT", "TIME", "TINA", "TINE", "TINT", "TINY", "TIRE", "TOAD", "TOGO", "TOIL", "TOLD", "TOLL", "TONE", "TONG", "TONY", "TOOK", "TOOL", "TOOT", "TORE", "TORN", "TOTE", "TOUR", "TOUT", "TOWN", "TRAG", "TRAM", "TRAY", "TREE", "TREK", "TRIG", "TRIM", "TRIO", "TROD", "TROT", "TROY", "TRUE", "TUBA", "TUBE", "TUCK", "TUFT", "TUNA", "TUNE", "TUNG", "TURF", "TURN", "TUSK", "TWIG", "TWIN", "TWIT", "ULAN", "UNIT", "URGE", "USED", "USER", "USES", "UTAH", "VAIL", "VAIN", "VALE", "VARY", "VASE", "VAST", "VEAL", "VEDA", "VEIL", "VEIN", "VEND", "VENT", "VERB", "VERY", "VETO", "VICE", "VIEW", "VINE", "VISE", "VOID", "VOLT", "VOTE", "WACK", "WADE", "WAGE", "WAIL", "WAIT", "WAKE", "WALE", "WALK", "WALL", "WALT", "WAND", "WANE", "WANG", "WANT", "WARD", "WARM", "WARN", "WART", "WASH", "WAST", "WATS", "WATT", "WAVE", "WAVY", "WAYS", "WEAK", "WEAL", "WEAN", "WEAR", "WEED", "WEEK", "WEIR", "WELD", "WELL", "WELT", "WENT", "WERE", "WERT", "WEST", "WHAM", "WHAT", "WHEE", "WHEN", "WHET", "WHOA", "WHOM", "WICK", "WIFE", "WILD", "WILL", "WIND", "WINE", "WING", "WINK", "WINO", "WIRE", "WISE", "WISH", "WITH", "WOLF", "WONT", "WOOD", "WOOL", "WORD", "WORE", "WORK", "WORM", "WORN", "WOVE", "WRIT", "WYNN", "YALE", "YANG", "YANK", "YARD", "YARN", "YAWL", "YAWN", "YEAH", "YEAR", "YELL", "YOGA", "YOKE" }; /* Encode 8 bytes in 'c' as a string of English words. */ char *opiebtoe(engout, c) char *c, *engout; { char cp[9]; /* add in room for the parity 2 bits */ int p, i; engout[0] = '\0'; memcpy(cp, c, 8); /* compute parity */ for (p = 0, i = 0; i < 64; i += 2) p += extract(cp, i, 2); cp[8] = (char) p << 6; strncat(engout, &Wp[extract(cp, 0, 11)][0], 4); strcat(engout, " "); strncat(engout, &Wp[extract(cp, 11, 11)][0], 4); strcat(engout, " "); strncat(engout, &Wp[extract(cp, 22, 11)][0], 4); strcat(engout, " "); strncat(engout, &Wp[extract(cp, 33, 11)][0], 4); strcat(engout, " "); strncat(engout, &Wp[extract(cp, 44, 11)][0], 4); strcat(engout, " "); strncat(engout, &Wp[extract(cp, 55, 11)][0], 4); #ifdef DEBUG fprintf(stderr, "engout is %s\n", engout); #endif return (engout); } /* convert English to binary * returns 1 OK - all good words and parity is OK * 0 word not in data base * -1 badly formed in put ie > 4 char word * -2 words OK but parity is wrong */ int opieetob(out, e) char *out; char *e; { char *word, *c, *input, b[9]; int i, p, v, l, low, high, rval = -1; if (e == NULL) return -1; if ((i = strlen(e)) > 64) i = 64; if (!(input = malloc(i+1))) return -1; strncpy(input, e, i); input[i] = 0; memset(b, 0, sizeof(b)); memset(out, 0, 8); for (i = 0, p = 0, word = c = input; i < 6; i++, p += 11) { while (*c && !isalpha(*c)) c++; word = c; while (*c) { if (islower(*c)) *c = toupper(*c); if (*c == '1') *c = 'L'; if (*c == '0') *c = 'O'; if (*c == '5') *c = 'S'; if (!isalpha(*c)) break; c++; } if ((!*c) && (i != 5)) goto opiebtoeret; *c = 0; c++; if (c == word) goto opiebtoeret; l = strlen(word); if (l > 4 || l < 1) goto opiebtoeret; if (l < 4) { low = 0; high = 570; } else { low = 571; high = 2047; } if ((v = wsrch(word, low, high)) < 0) { rval = 0; goto opiebtoeret; } insert(b, v, p, 11); } /* now check the parity of what we got */ for (p = 0, i = 0; i < 64; i += 2) p += extract(b, i, 2); if ((p & 3) != extract(b, 64, 2)) { rval = -2; goto opiebtoeret; } memcpy(out, b, 8); rval = 1; opiebtoeret: free(input); return rval; } /* Internal subroutines for word encoding/decoding */ /* Dictionary binary search */ static int wsrch(w, low, high) char *w; int low, high; { int i, j; for (;;) { i = (low + high) / 2; if ((j = strncmp(w, Wp[i], 4)) == 0) return i; /* Found it */ if (high == low + 1) { /* Avoid effects of integer truncation in /2 */ if (strncmp(w, Wp[high], 4) == 0) return high; else return -1; } if (low >= high) return -1; /* I don't *think* this can happen... */ if (j < 0) high = i; /* Search lower half */ else low = i; /* Search upper half */ } } static void insert(s, x, start, length) char *s; int x; int start, length; { unsigned char cl; unsigned char cc; unsigned char cr; unsigned long y; int shift; assert(length <= 11); assert(start >= 0); assert(length >= 0); assert(start + length <= 66); shift = ((8 - ((start + length) % 8)) % 8); y = (long) x << shift; cl = (y >> 16) & 0xff; cc = (y >> 8) & 0xff; cr = y & 0xff; if (shift + length > 16) { s[start / 8] |= cl; s[start / 8 + 1] |= cc; s[start / 8 + 2] |= cr; } else if (shift + length > 8) { s[start / 8] |= cc; s[start / 8 + 1] |= cr; } else { s[start / 8] |= cr; } } /* Extract 'length' bits from the char array 's' starting with bit 'start' */ static unsigned long extract(s, start, length) char *s; int start, length; { unsigned char cl; unsigned char cc; unsigned char cr; unsigned long x; assert(length <= 11); assert(start >= 0); assert(length >= 0); assert(start + length <= 66); cl = s[start / 8]; cc = s[start / 8 + 1]; cr = s[start / 8 + 2]; x = ((long) (cl << 8 | cc) << 8 | cr); x = x >> (24 - (length + (start % 8))); x = (x & (0xffff >> (16 - length))); return (x); } opie-2.11/utmp.c100644 4101 3565 17142 6070043301 12050 0ustar cmetzipv6/* utmp.c: routines to work with utmp and wtmp logs in their numerous incarnations. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Added HPUX PTY fixes. Written at NRL for OPIE 2.0. */ #include "opie_cfg.h" #include #include #include #include #include #include #include "opie.h" #if DOUTMPX #include #endif /* DOUTMPX */ #ifndef _PATH_UTMP #ifdef UTMP_FILE #define _PATH_UTMP UTMP_FILE #else /* UTMP_FILE */ #define _PATH_UTMP "/etc/utmp" #endif /* UTMP_FILE */ #endif #ifndef _PATH_UTMPX #define _PATH_UTMPX "/etc/utmpx" #endif /* _PATH_UTMPX */ #ifndef _PATH_WTMP #ifdef WTMP_FILE #define _PATH_WTMP WTMP_FILE #else /* WTMP_FILE */ #define _PATH_WTMP "/usr/adm/wtmp" #endif /* WTMP_FILE */ #endif #ifndef _PATH_WTMPX #define _PATH_WTMPX "/usr/adm/wtmpx" #endif /* _PATH_UTMPX */ #ifndef DOOURUTMP #define DOOURUTMP 1 #endif /* DOOURUTMP */ void getutmpentry(line, utmp) char *line; struct UTMPX *utmp; { struct UTMPX utmp2; #if DOOURUTMP int i = 0, j = 0, f; #else /* DOOURUTMP */ struct UTMPX *utmp3; #endif /* DOOURUTMP */ char *line2; #ifdef hpux char line3[9]; strcpy(line3, "pty/\0\0\0\0\0"); #endif /* hpux */ line2 = line; if (!strncmp(line, "/dev/", 5)) line2 += 5; #ifdef hpux strcpy(line3 + 4, line2); #endif /* hpux */ #if DOOURUTMP #if DOUTMPX if ((f = open(_PATH_UTMPX, O_RDONLY)) < 0) { #else /* DOUTMPX */ if ((f = open(_PATH_UTMP, O_RDONLY)) < 0) { #endif /* DOUTMPX */ perror("getutmp"); return; } do { j = read(f, (char *) &utmp2, sizeof(struct UTMPX)); if ((j == sizeof(struct UTMPX)) && (!strncmp(utmp2.ut_line, line, sizeof(utmp2.ut_line)) || !strncmp(utmp2.ut_line, line2, sizeof(utmp2.ut_line)))) { close(f); memcpy(utmp, &utmp2, sizeof(struct UTMPX)); #ifdef DEBUG fprintf(stderr, "getutmpentry: Found it!\n"); #endif /* DEBUG */ return; } i++; } while (j == sizeof(struct UTMPX)); close(f); #ifdef DEBUG fprintf(stderr, "getutmpentry: No matches\n"); #endif /* DEBUG */ #else /* DOOURUTMP */ memset(&utmp2, 0, sizeof(utmp2)); strncpy(&(utmp2.ut_line), line, sizeof(utmp2.ut_line) - 1); utmp2.ut_line[sizeof(utmp2.ut_line) - 1] = 0; #if DOUTMPX if (utmp3 = getutxline(utmp2)) #else /* DOUTMPX */ if (utmp3 = getutline(utmp2)) #endif /* DOUTMPX */ goto found; strncpy(&(utmp2.ut_line), line2, sizeof(utmp2.ut_line) - 1); utmp2.ut_line[sizeof(utmp2.ut_line) - 1] = 0; #if DOUTMPX if (utmp3 = getutxline(utmp2)) #else /* DOUTMPX */ if (utmp3 = getutline(utmp2)) #endif /* DOUTMPX */ goto found; #ifdef hpux strncpy(&(utmp2.ut_line), line3, sizeof(utmp2.ut_line) - 1); utmp2.ut_line[sizeof(utmp2.ut_line) - 1] = 0; #if DOUTMPX if (utmp3 = getutxline(utmp2)) #else /* DOUTMPX */ if (utmp3 = getutline(utmp2)) #endif /* DOUTMPX */ goto found; #endif /* hpux */ #ifdef DEBUG fprintf(stderr, "getutmpentry: No matches\n"); #endif /* DEBUG */ return; found: memcpy(utmp, utmp2, sizeof(utmp)); #ifdef DEBUG fprintf(stderr, "getutmpentry: Found it!\n"); #endif /* DEBUG */ #endif /* DOOURUTMP */ } #if DOUTMPX void pututmpentry(line, utmpx) char *line; struct utmpx *utmpx; #else /* DOUTMPX */ void pututmpentry(line, utmp) char *line; struct utmp *utmp; #endif /* DOUTMPX */ { struct utmp utmp2, utmp3; int i, j, f; char *line2; #if DOUTMPX struct utmpx utmp2x, utmp3x; struct utmp *utmp = (struct utmp *) malloc(sizeof(struct utmp)); if (!utmp) return; #endif /* DOUTMPX */ line2 = line; if (!strncmp(line, "/dev/", 5)) { line2 += 5; strncpy(UTMPX->ut_line, line2, sizeof(UTMPX->ut_line)); } #if DOUTMPX if ((f = open(_PATH_UTMPX, O_RDWR)) < 0) { perror("getutmp"); goto l1; } gettimeofday(&utmpx->ut_tv); i = 0; #if HAVETTYSLOT if ((i = ttyslot()) < 0) i = lseek(f, 0, 2) / sizeof(struct utmpx); lseek(f, (i * sizeof(struct utmpx)), 0); write(f, (char *) utmpx, sizeof(struct utmpx)); #else /* HAVETTYSLOT */ do { j = read(f, (char *) &utmp2x, sizeof(struct utmpx)); if ((j == sizeof(struct utmpx)) && (!strncmp(utmp2x.ut_line, line, sizeof(utmp2x.ut_line)) || !strncmp(utmp2x.ut_line, line2, #ifdef hpux sizeof(utmp2x.ut_line)) || !strncmp(utmp2x.ut_line, line3, #endif /* hpux */ sizeof(utmp2x.ut_line))) #ifdef LOGIN_PROCESS && (utmp2x.ut_type == LOGIN_PROCESS) #endif /* LOGIN_PROCESS */ ) { #ifdef DEBUG fprintf(stderr, "Using utmpx slot %d.\n", i); #endif /* DEBUG */ lseek(f, (i * sizeof(struct utmpx)), 0); write(f, (char *) utmpx, sizeof(struct utmpx)); goto l1; } i++; } while (j == sizeof(struct utmpx)); #endif /* HAVETTYSLOT */ write(f, (char *) utmpx, sizeof(struct utmpx)); l1: close(f); strncpy(utmp->ut_name, utmpx->ut_name, sizeof(utmp->ut_name)); strncpy(utmp->ut_id, utmpx->ut_id, sizeof(utmp->ut_id)); strncpy(utmp->ut_line, utmpx->ut_line, sizeof(utmp->ut_line)); utmp->ut_pid = utmpx->ut_pid; utmp->ut_type = utmpx->ut_type; memcpy(&utmp->ut_exit, &utmpx->ut_exit, sizeof(utmp->ut_exit)); #endif /* DOUTMPX */ if ((f = open(_PATH_UTMP, O_RDWR)) < 0) { perror("getutmp"); goto l2; } time(&utmp->ut_time); #if HAVETTYSLOT #if !DOUTMPX if ((i = ttyslot()) < 0) i = lseek(f, 0, 2) / sizeof(struct utmp); #endif lseek(f, (i * sizeof(struct utmp)), 0); write(f, (char *) utmp, sizeof(struct utmp)); #else /* HAVETTYSLOT */ i = 0; do { j = read(f, (char *) &utmp2, sizeof(struct utmp)); if ((j == sizeof(struct utmp)) && (!strncmp(utmp2.ut_line, line, sizeof(utmp2.ut_line)) || !strncmp(utmp2.ut_line, line2, sizeof(utmp2.ut_line))) #ifdef LOGIN_PROCESS && (utmp2.ut_type == LOGIN_PROCESS) #endif /* LOGIN_PROCESS */ ) { #ifdef DEBUG fprintf(stderr, "Using utmp slot %d.\n", i); #endif /* DEBUG */ lseek(f, (i * sizeof(struct utmp)), 0); write(f, (char *) utmp, sizeof(struct utmp)); goto l2; } i++; } while (j == sizeof(struct utmp)); write(f, (char *) utmp, sizeof(struct utmp)); #endif /* HAVETTYSLOT */ l2: close(f); #if DOUTMPX if ((f = open(_PATH_WTMPX, O_RDWR)) < 0) { perror("getutmp"); goto l3; } if ((i = lseek(f, 0, 2)) < 0) goto l3; i -= (i % sizeof(struct utmpx)) + sizeof(struct utmpx); do { lseek(f, i, 0); j = read(f, (char *) &utmp3x, sizeof(struct utmpx)); if ((j == sizeof(struct utmpx)) && !memcmp(&utmp3x, &utmp2x, sizeof(struct utmpx))) { lseek(f, i, 0); write(f, (char *) utmpx, sizeof(struct utmpx)); goto l3; } i -= sizeof(struct utmpx); } while (j == sizeof(struct utmpx)); lseek(f, 0, 2); write(f, (char *) utmpx, sizeof(struct utmpx)); l3: close(f); #endif /* DOUTMPX */ if ((f = open(_PATH_WTMP, O_RDWR)) < 0) { perror("getutmp"); goto l4; } if ((i = lseek(f, 0, 2)) < 0) goto l4; i -= (i % sizeof(struct utmp)) + sizeof(struct utmp); do { lseek(f, i, 0); j = read(f, (char *) &utmp3, sizeof(struct utmp)); if ((j == sizeof(struct utmp)) && !memcmp(&utmp3, &utmp2, sizeof(struct utmp))) { lseek(f, i, 0); write(f, (char *) utmp, sizeof(struct utmp)); goto l4; } i -= sizeof(struct utmp); } while (j == sizeof(struct utmp)); lseek(f, 0, 2); write(f, (char *) utmp, sizeof(struct utmp)); l4: close(f); #if DOUTMPX free(utmp); #endif /* DOUTMPX */ return; } opie-2.11/opiesubr2.c100644 4101 3565 31433 6070043300 12773 0ustar cmetzipv6/* opielogin.c: "Login" code for OTP. Not to be confused with /bin/login. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Made some changes for autoconf. Modified at NRL for OPIE 2.0. Written at Bellcore for the S/Key Version 1 software distribution (skeylogin.c). */ #include "opie_cfg.h" #include #include #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H #if TIME_WITH_SYS_TIME # include # include #else /* TIME_WITH_SYS_TIME */ #if HAVE_SYS_TIME_H #include #else /* HAVE_SYS_TIME_H */ #include #endif /* HAVE_SYS_TIME_H */ #endif /* TIME_WITH_SYS_TIME */ #include #else /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ #if TM_IN_SYS_TIME #include #else /* TM_IN_SYS_TIME */ #include #endif /* TM_IN_SYS_TIME */ #endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ #ifdef QUOTA #include #endif #include #include #include #include #include #include #include #include #include #include #include "opie.h" char *opielockfilename = NULL; static int opieunlock __ARGS((void)); /** begin real code ***/ static char *opieskipspace(cp) register char *cp; { while (*cp == ' ' || *cp == '\t') cp++; if (*cp == '\0') return NULL; else return cp; } /* Convert 8-byte binary array to hex-ascii string */ int opiebtoa8(out, in) char *out, *in; { register int i; if (in == NULL || out == NULL) return -1; for (i = 0; i < 8; i++) { sprintf(out, "%02x", *in++ & 0xff); out += 2; } return 0; } /* Convert hex digit to binary integer */ static int opiehtoi(c) register char c; { if ('0' <= c && c <= '9') return c - '0'; if ('a' <= c && c <= 'f') return 10 + c - 'a'; if ('A' <= c && c <= 'F') return 10 + c - 'A'; return -1; } /* atexit() handler for opielock() */ static void opieunlockaeh() { if (opielockfilename) opieunlock(); } /* Serialize (we hope) authentication of user to prevent race conditions. Creates a lock file with a name of OPIE_LOCK_PREFIX with the user name appended. This file contains the pid of the lock's owner and a time() stamp. We use the former to check for dead owners and the latter to provide an upper bound on the lock duration. If there are any problems, we assume the lock is bogus. The value of this locking and its security implications are still not completely clear and require further study. One could conceivably hack this facility to provide locking of user accounts after several authentication failures. Return -1 on low-level error, 0 if ok, 1 on locking failure. */ static int opielock(name) char *name; { #ifdef USER_LOCKING int fh, waits = 0, rval = -1, pid, t, i; char buffer[128], buffer2[128], *c, *c2; if (!(opielockfilename = malloc(sizeof(OPIE_LOCK_PREFIX) + strlen(name)))) return -1; strcpy(opielockfilename, OPIE_LOCK_PREFIX); strcat(opielockfilename, name); fh = 0; while (!fh) if ((fh = open(opielockfilename, O_WRONLY | O_CREAT | O_EXCL, 0600)) <= 0) { if ((fh = open(opielockfilename, O_RDWR, 0600)) <= 0) goto lockret; if ((i = read(fh, buffer, sizeof(buffer))) <= 0) goto lockret; buffer[sizeof(buffer) - 1] = 0; buffer[i - 1] = 0; if (!(c = strchr(buffer, '\n'))) break; *(c++) = 0; if (!(c2 = strchr(c, '\n'))) break; *(c2++) = 0; if (!(pid = atoi(buffer))) break; if (!(t = atoi(c))) break; if ((time(NULL) + OPIE_LOCK_TIMEOUT) < t) break; if (kill(pid, 0)) break; close(fh); fh = 0; sleep(1); if (waits++ > 3) { rval = 1; goto lockret; }; }; sprintf(buffer, "%d\n%d\n", getpid(), time(NULL)); i = strlen(buffer) + 1; if (lseek(fh, 0, SEEK_SET)) { close(fh); unlink(opielockfilename); fh = 0; goto lockret; }; if (write(fh, buffer, i) != i) { close(fh); unlink(opielockfilename); fh = 0; goto lockret; }; close(fh); if (!(fh = open(opielockfilename, O_RDWR, 0600))) { unlink(opielockfilename); goto lockret; }; if (read(fh, buffer2, i) != i) { close(fh); unlink(opielockfilename); fh = 0; goto lockret; }; close(fh); if (memcmp(buffer, buffer2, i)) { unlink(opielockfilename); goto lockret; }; rval = 0; atexit(opieunlockaeh); lockret: if (fh) close(fh); return rval; #else /* USER_LOCKING */ return 0; #endif /* USER_LOCKING */ } /* Just remove the lock, right? Well, not exactly -- we need to make sure it's ours. */ static int opieunlock() { #ifdef USER_LOCKING int fh, rval = -1, pid, t, i; char buffer[128], *c; if (!opielockfilename) return -1; if (!(fh = open(opielockfilename, O_RDWR, 0600))) goto unlockret; if (!(i = read(fh, buffer, sizeof(buffer)))) goto unlockret; buffer[sizeof(buffer) - 1] = 0; buffer[i - 1] = 0; if (!(c = strchr(buffer, '\n'))) goto unlockret; *(c++) = 0; if (!(pid = atoi(buffer))) goto unlockret; if ((pid != getpid()) && (time(NULL) + OPIE_LOCK_TIMEOUT <= t) && (!kill(pid, 0))) { rval = 1; goto unlockret1; } rval = 0; unlockret: unlink(opielockfilename); unlockret1: if (fh) close(fh); free(opielockfilename); opielockfilename = NULL; return rval; #else /* USER_LOCKING */ return 0; #endif /* USER_LOCKING */ } /* Generate a random challenge */ /* This could grow into quite a monster, really. Random is good enough for most situations; it is certainly better than a fixed string */ static void opierandomchallenge(prompt) char *prompt; { time_t now; char buf[MAXHOSTNAMELEN]; time(&now); srand(now); now = rand(); if (gethostname(buf, sizeof(buf)) < 0) { buf[0] = 'k'; buf[1] = 'e'; } #ifdef DEBUG fprintf(stderr, "hostname is %s\n", buf); #endif /* DEBUG */ buf[NAMELEN] = 0; sprintf(prompt, "otp-md%d %d %s%04d", MDX, (rand() % 499) + 1, buf, (now % 9998) + 1); } /* Return an OTP challenge string for user 'name'. The return values are: 0 = All good -1 = Low-level error (file, memory, I/O, etc.) 1 = High-level error (user not found or locked) This function MUST eventually be followed by an opieverify() to release the user lock and file handles. This function will give you a blanked-out state block if it returns a nonzero status. Even though it returns a non-zero status and a blank state block, you still MUST call opieverify() to clear the lock and any internal state (the latter condition is not actually used yet). */ int opiechallenge(mp, name, ss) struct opie *mp; char *name; char *ss; { int rval = -1; memset(mp, 0, sizeof(*mp)); rval = opielookup(mp, name); if (!rval) rval = opielock(name); if (rval) { opierandomchallenge(ss); memset(mp, 0, sizeof(*mp)); } else sprintf(ss, "otp-md%d %d %s", MDX, mp->n - 1, mp->seed); return rval; } /* Find an entry in the One-time Password database. * Return codes: * -1: error in opening database * 0: entry found, file R/W pointer positioned at beginning of record * 1: entry not found, file CLOSED * 2: entry found, file R/O pointer positioned at beginning of record (i.e., could not get write access) */ int opielookup(mp, name) struct opie *mp; char *name; { int found; int len; long recstart; char *cp; struct stat statbuf; int rval = 0; /* See if the KEY_FILE exists, and create it if not */ if (stat(KEY_FILE, &statbuf) == -1 && errno == ENOENT) { mp->keyfile = fopen(KEY_FILE, "w+"); } else { /* Otherwise open normally for update, if we can */ if (!(mp->keyfile = fopen(KEY_FILE, "r+")) && (errno == EACCES)) { mp->keyfile = fopen(KEY_FILE, "r"); rval = 2; } } if (mp->keyfile == NULL) return -1; /* Look up user name in database */ len = strlen(name); if (len > OPIE_PRINCIPAL_MAX) len = OPIE_PRINCIPAL_MAX; /* Added 8/2/91 - nmh */ found = 0; while (!feof(mp->keyfile)) { recstart = ftell(mp->keyfile); mp->recstart = recstart; if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) break; opiestrip_crlf(mp->buf); if (mp->buf[0] == '#') continue; /* Must be comment line */ if ((mp->logname = strtok(mp->buf, " \t")) == NULL) continue; if ((cp = strtok(NULL, " \t")) == NULL) continue; mp->n = atoi(cp); if ((mp->seed = strtok(NULL, " \t")) == NULL) continue; if ((mp->val = strtok(NULL, " \t")) == NULL) continue; if (strlen(mp->logname) == len && strncmp(mp->logname, name, len) == 0) { found = 1; break; } } if (found) { fseek(mp->keyfile, recstart, 0); return rval; } else { fclose(mp->keyfile); mp->keyfile = NULL; return 1; }; } /* Verify response to an opie challenge. Return codes: -1: Error of some sort; database unchanged 0: Verify successful, database updated 1: Verify failed, database unchanged The database file is always closed by this call. This function MUST be called exactly once in a pair with calls to opiechallenge() in order to set and clear locks properly. This function always clears the internal state block. N.B. that the Bellcore S/Key Version 1 software distribution looks inside the internal state block to find the current sequence number and do appropriate warnings. This interface should not be used with OPIE and will not be supported in the future. Use opiegetsequence() instead. */ int opieverify(mp, response) struct opie *mp; char *response; { char key[8]; char fkey[8]; char filekey[8]; time_t now; struct tm *tm; char tbuf[27]; int rval = -1; char *cp; if (!mp->keyfile) goto invalid; time(&now); tm = localtime(&now); strftime(tbuf, sizeof(tbuf), " %b %d,%Y %T", tm); if (response == NULL) goto invalid; opiestrip_crlf(response); /* Convert response to binary */ if ((opieetob(key, response) != 1) && (opieatob8(key, response) != 0)) goto invalid; /* Compute fkey = opiehash(key, algorithm) */ memcpy(fkey, key, sizeof(key)); opiehash(fkey, MDX); /* In order to make the window of update as short as possible we must do the comparison here and if OK write it back otherwise the same password can be used twice to get in to the system. */ #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H setpriority(PRIO_PROCESS, 0, -4); /* present only in BSD */ #endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ #if HAVE_FPURGE if (fpurge(mp->keyfile)) goto invalid; #endif /* HAVE_FPURGE */ /* reread the file record NOW */ if (fseek(mp->keyfile, mp->recstart, 0)) goto invalid; if (fgets(mp->buf, sizeof(mp->buf), mp->keyfile) != mp->buf) goto invalid; opiestrip_crlf(mp->buf); if (!(mp->logname = strtok(mp->buf, " \t"))) goto invalid; { int n; if (!(cp = strtok(NULL, " \t"))) goto invalid; if (!(n = atoi(cp))) goto invalid; if (mp->n != n) { rval = 1; goto invalid; } } if (!(mp->seed = strtok(NULL, " \t"))) goto invalid; if (!(mp->val = strtok(NULL, " \t"))) goto invalid; /* And convert file value to hex for comparison */ opieatob8(filekey, mp->val); /* Do actual comparison */ if (memcmp(filekey, fkey, 8) != 0) { rval = 1; goto invalid; } /* Update key in database by overwriting entire record. Note that we must write exactly the same number of bytes as in the original record (note fixed width field for N). */ opiebtoa8(mp->val, key); mp->n--; fseek(mp->keyfile, mp->recstart, 0); fprintf(mp->keyfile, "%s %04d %-16s %s %-21s\n", mp->logname, mp->n, mp->seed, mp->val, tbuf); rval = 0; invalid: if (mp->keyfile) fclose(mp->keyfile); #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H setpriority(PRIO_PROCESS, 0, 0); #endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ opieunlock(); memset(mp, 0, sizeof(*mp)); return rval; } int opiegetsequence(stateblock) struct opie *stateblock; { return stateblock->n; } /* Convert 8-byte hex-ascii string to binary array * Returns 0 on success, -1 on error */ int opieatob8(out, in) char *out, *in; { register int i; register int val; if (in == NULL || out == NULL) return -1; for (i = 0; i < 8; i++) { if ((in = opieskipspace(in)) == NULL) return -1; if ((val = opiehtoi(*in++)) == -1) return -1; *out = val << 4; if ((in = opieskipspace(in)) == NULL) return -1; if ((val = opiehtoi(*in++)) == -1) return -1; *out++ |= val; } return 0; } opie-2.11/opiesu.c100644 4101 3565 27101 6070043300 12362 0ustar cmetzipv6/* opiesu.c: main body of code for the su(1m) program Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Added struct group declaration. Added Solaris(+others?) sulog capability. Symbol changes for autoconf. Removed des_crypt.h. File renamed to opiesu.c. Symbol+misc changes for autoconf. Added bletch for setpriority. Modified at NRL for OPIE 2.02. Added SU_STAR_CHECK (turning a bug into a feature ;). Fixed Solaris shadow password problem introduced in OPIE 2.01 (the shadow password structure is spwd, not spasswd). Modified at NRL for OPIE 2.01. Changed password lookup handling to use a static structure to avoid problems with drain- bamaged shadow password packages. Always log failures. Make sure to close syslog by function to avoid problems with drain bamaged syslog implementations. Log a few interesting errors. Modified at NRL for OPIE 2.0. Modified at Bellcore for the S/Key Version 1 software distribution. Originally from BSD. */ /* * Copyright (c) 1980 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ #ifndef lint char copyright[] = "@(#) Copyright (c) 1980 Regents of the University of California.\n\ All rights reserved.\n"; #endif /* not lint */ #ifndef lint static char sccsid[] = "@(#)su.c 5.5 (Berkeley) 1/18/87"; #endif /* not lint */ #include "opie_cfg.h" #include #include #include #include #include #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H #if TIME_WITH_SYS_TIME # include # include #else /* TIME_WITH_SYS_TIME */ #if HAVE_SYS_TIME_H #include #else /* HAVE_SYS_TIME_H */ #include #endif /* HAVE_SYS_TIME_H */ #endif /* TIME_WITH_SYS_TIME */ #include #else /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ #if TM_IN_SYS_TIME #include #else /* TM_IN_SYS_TIME */ #include #endif /* TM_IN_SYS_TIME */ #endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ #include #include #include #include #include #include "opie.h" char userbuf[16] = "USER="; char homebuf[128] = "HOME="; char shellbuf[128] = "SHELL="; char pathbuf[128] = "PATH="; char *cleanenv[] = {userbuf, homebuf, shellbuf, pathbuf, 0, 0}; char *user = "root"; char *shell = "/bin/sh"; int fulllogin; int fastlogin; extern char **environ; struct passwd thisuser, nouser; #if HAVE_SHADOW_H #include #endif /* HAVE_SHADOW_H */ #if HAVE_CRYPT_H #include #endif /* HAVE_CRYPT_H */ void closelog __ARGS((void)); /* We allow the malloc()s to potentially leak data out because we can only call this routine about four times in the lifetime of this process and the kernel will free all heap memory when we exit or exec. */ int lookupuser(name) char *name; { struct passwd *pwd; #if HAVE_SHADOW struct spwd *spwd; #endif /* HAVE_SHADOW */ memcpy(&thisuser, &nouser, sizeof(thisuser)); if (!(pwd = getpwnam(name))) return -1; thisuser.pw_uid = pwd->pw_uid; thisuser.pw_gid = pwd->pw_gid; if (!(thisuser.pw_name = malloc(strlen(pwd->pw_name) + 1))) goto lookupuserbad; strcpy(thisuser.pw_name, pwd->pw_name); if (!(thisuser.pw_dir = malloc(strlen(pwd->pw_dir) + 1))) goto lookupuserbad; strcpy(thisuser.pw_dir, pwd->pw_dir); if (!(thisuser.pw_shell = malloc(strlen(pwd->pw_shell) + 1))) goto lookupuserbad; strcpy(thisuser.pw_shell, pwd->pw_shell); #if HAVE_SHADOW if (!(spwd = getspnam(name))) goto lookupuserbad; pwd->pw_passwd = spwd->sp_pwdp; endspent(); #endif /* HAVE_SHADOW */ if (!(thisuser.pw_passwd = malloc(strlen(pwd->pw_passwd) + 1))) goto lookupuserbad; strcpy(thisuser.pw_passwd, pwd->pw_passwd); endpwent(); #if SU_STAR_CHECK return ((thisuser.pw_passwd[0] == '*') || (thisuser.pw_passwd[0] == '#')); #else /* SU_STAR_CHECK */ return 0; #endif /* SU_STAR_CHECK */ lookupuserbad: memcpy(&thisuser, &nouser, sizeof(thisuser)); return -1; } void lsetenv(ename, eval, buf) char *ename, *eval, *buf; { register char *cp, *dp; register char **ep = environ; /* this assumes an environment variable "ename" already exists */ while (dp = *ep++) { for (cp = ename; *cp == *dp && *cp; cp++, dp++) continue; if (*cp == 0 && (*dp == '=' || *dp == 0)) { strcat(buf, eval); *--ep = buf; return; } } } #if DOSULOG int sulog(status, who) int status; char *who; { char *from; char *ttynam; struct tm *tm; FILE *f; if (who) from = who; else from = Getlogin(); if (!strncmp(ttynam = ttyname(2), "/dev/", 5)) ttynam += 5; tm = localtime(NULL); if (!(f = fopen("/var/adm/sulog", "a"))) { fprintf(stderr, "Can't update su log!\n"); exit(1); } fprintf(f, "SU %02d/%02d %02d:%02d %c %s %s-%s\n", tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min, result ? '+' : '-', ttynam, from, user); fclose(f); } #endif /* DOSULOG */ int main(argc, argv) int argc; char *argv[]; { struct termios attr, orig_attr; char buf[1000]; register char *p; struct opie opie; int i; char pbuf[256]; char opieprompt[80]; int fflags, orig_fflags, console = 0; #define Getlogin() (((p = getlogin()) && *p) ? p : buf) for (i = sysconf(_SC_OPEN_MAX); i > 2; i--) close(i); strcat(pathbuf, DEFAULT_PATH); again: if (argc > 1 && strcmp(argv[1], "-f") == 0) { fastlogin++; argc--, argv++; goto again; } if (argc > 1 && strcmp(argv[1], "-c") == 0) { console++; argc--, argv++; goto again; } if (argc > 1 && strcmp(argv[1], "-") == 0) { fulllogin++; argc--; argv++; goto again; } if (argc > 1 && argv[1][0] != '-') { user = argv[1]; argc--; argv++; } openlog("su", LOG_ODELAY, LOG_AUTH); atexit(closelog); { struct passwd *pwd; if ((pwd = getpwuid(getuid())) == NULL) { syslog(LOG_CRIT, "'%s' failed for unknown uid %d on %s", argv[0], getuid(), ttyname(2)); #ifdef DOSULOG sulog(0, "unknown"); #endif /* DOSULOG */ exit(1); } strcpy(buf, pwd->pw_name); } if (lookupuser(user)) { syslog(LOG_CRIT, "'%s' failed for %s on %s", argv[0], Getlogin(), ttyname(2)); #ifdef DOSULOG sulog(0, NULL); #endif /* DOSULOG */ fprintf(stderr, "Unknown user: %s\n", user); exit(1); } /* Implement the BSD "wheel group" su restriction. */ #if DOWHEEL /* Only allow those in group zero to su to root? */ if (thisuser.pw_uid == 0) { struct group *gr; if ((gr = getgrgid(0)) != NULL) { for (i = 0; gr->gr_mem[i] != NULL; i++) if (strcmp(buf, gr->gr_mem[i]) == 0) goto userok; fprintf(stderr, "You do not have permission to su %s\n", user); exit(1); } userok: ; #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H setpriority(PRIO_PROCESS, 0, -2); #endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ } #endif /* DOWHEEL */ if (!thisuser.pw_passwd[0] || getuid() == 0) goto ok; if (console) { if (!opiealways(thisuser.pw_dir)) { fprintf(stderr, "That account requires OTP responses.\n"); exit(1); }; /* Get user's secret password */ fprintf(stderr, "Reminder - Only use this method from the console; NEVER from remote. If you\n"); fprintf(stderr, "are using telnet, xterm, or a dial-in, type ^C now or exit with no password.\n"); fprintf(stderr, "Then run su without the -c parameter.\n"); if (opieinsecure()) { fprintf(stderr, "Sorry, but you don't seem to be on the console or a secure terminal.\n"); exit(1); }; } else { /* Attempt an OTP challenge */ i = opiechallenge(&opie, user, opieprompt); printf("%s\n", opieprompt); printf("(OTP response required)\n"); }; printf("%s's password: ", thisuser.pw_name); fflush(stdout); /* Set normal line editing */ orig_fflags = fcntl(STDIN_FILENO, F_GETFL, 0); memcpy(&fflags, &orig_fflags, sizeof(int)); fflags &= ~O_NONBLOCK; fcntl(STDIN_FILENO, F_SETFL, fflags); /* get original terminal attributes and save them */ if (tcgetattr(STDIN_FILENO, &orig_attr) != 0) return (-1); memcpy(&attr, &orig_attr, sizeof(struct termios)); /* enable ERASE and KILL */ #define CONTROL(x) (x - 64) #ifdef VKILL #ifdef CKILL attr.c_cc[VKILL] = CKILL; #else /* CKILL */ attr.c_cc[VKILL] = CONTROL('U'); #endif /* CKILL */ #endif /* VKILL */ #ifdef VERASE #ifdef CERASE attr.c_cc[VERASE] = CERASE; #else /* CERASE */ attr.c_cc[VERASE] = CONTROL('H'); #endif /* CERASE */ #endif /* VERASE */ /* Turn off echoing */ attr.c_lflag &= ICANON; attr.c_lflag |= ISIG; attr.c_lflag &= ~ECHO; /* push the new terminal configuration */ if (tcsetattr(STDIN_FILENO, TCSANOW, &attr) != 0) return (-1); /* Read password */ fgets(pbuf, sizeof(pbuf), stdin); opiestrip_crlf(pbuf); if (strlen(pbuf) == 0 && !console) { /* Null line entered; turn echoing back on and read again */ printf(" (echo on)\n%s's password: ", thisuser.pw_name); fflush(stdout); /* enable echoing & push the new terminal configuration */ attr.c_lflag |= (ECHO | ECHOE); if (tcsetattr(STDIN_FILENO, TCSANOW, &attr) != 0) return (-1); fgets(pbuf, sizeof(pbuf), stdin); opiestrip_crlf(pbuf); } else { printf("\n"); } /* Restore previous tty modes */ fcntl(fileno(stdin), F_SETFL, fflags); if (tcsetattr(STDIN_FILENO, TCSANOW, &orig_attr) != 0) return (-1); if (console) { /* Try regular password check, if allowed */ if (!strcmp(crypt(pbuf, thisuser.pw_passwd), thisuser.pw_passwd)) goto ok; } else { int i = opiegetsequence(&opie); if (!opieverify(&opie, pbuf)) { /* OPIE authentication succeeded */ if (i < 5) fprintf(stderr, "Warning: Change %s's OTP secret pass phrase NOW!\n", user); else if (i < 10) fprintf(stderr, "Warning: Change %s's OTP secret pass phrase soon.\n", user); goto ok; }; }; fprintf(stderr, "Sorry\n"); syslog(LOG_CRIT, "'%s' failed for %s on %s", argv[0], Getlogin(), ttyname(2)); #ifdef DOSULOG sulog(0, NULL); #endif /* DOSULOG */ exit(2); ok: syslog(LOG_NOTICE, "'%s' by %s on %s", argv[0], Getlogin(), ttyname(2)); #ifdef DOSULOG sulog(1, NULL); #endif /* DOSULOG */ if (setgid(thisuser.pw_gid) < 0) { perror("su: setgid"); exit(3); } if (initgroups(user, thisuser.pw_gid)) { fprintf(stderr, "su: initgroups failed\n"); exit(4); } if (setuid(thisuser.pw_uid) < 0) { perror("su: setuid"); exit(5); } if (thisuser.pw_shell && *thisuser.pw_shell) shell = thisuser.pw_shell; if (fulllogin) { cleanenv[4] = getenv("TERM"); environ = cleanenv; } if (fulllogin || strcmp(user, "root") != 0) lsetenv("USER", thisuser.pw_name, userbuf); lsetenv("SHELL", shell, shellbuf); lsetenv("HOME", thisuser.pw_dir, homebuf); #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H setpriority(PRIO_PROCESS, 0, 0); #endif /* HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H */ if (fastlogin) { *argv-- = "-f"; *argv = "su"; } else if (fulllogin) { if (chdir(thisuser.pw_dir) < 0) { fprintf(stderr, "No directory\n"); exit(6); } *argv = "-su"; } else { *argv = "su"; } closelog(); for (i = sysconf(_SC_OPEN_MAX); i > 2; i--) close(i); execv(shell, argv); fprintf(stderr, "No shell\n"); exit(7); } opie-2.11/configure.in100644 4101 3565 13125 6070046776 13250 0ustar cmetzipv6dnl configure.in: Input for Autoconf dnl dnl Portions of this software are Copyright 1995 by Randall Atkinson and Dan dnl McDonald, All Rights Reserved. All Rights under this copyright are assigned dnl to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and dnl License Agreement applies to this software. dnl dnl History: dnl dnl Created at NRL for OPIE 2.1. AC_INIT(README) AC_CONFIG_HEADER(config.h) dnl Checks for programs. AC_PROG_CC AC_PROG_CPP AC_PROG_LN_S AC_PROG_RANLIB AC_PROG_YACC AC_AIX AC_ISC_POSIX AC_MINIX dnl We'd put PATH in these checks, but it turns out that autoconf doesn't dnl work as documented when it comes to the colon separator... AC_PATH_PROG(CHOWN, chown, /bin/chown, /usr/bin /bin /usr/sbin /sbin /usr/etc /etc) AC_PATH_PROG(SU, su, /bin/su, /usr/bin /bin) AC_PATH_PROG(ALT_SU, su,, /usr/sbin /sbin) AC_PATH_PROG(SCHEME, scheme,, /usr/lib/iaf/scheme) AC_PATH_PROG(LOGIN, login, /bin/login, /usr/bin /bin) if test ! -z "$SCHEME"; then LOGIN="$SCHEME"; fi AC_PATH_PROG(FTPD, ftpd,, /usr/libexec /usr/etc /etc /usr/sbin /sbin /usr/lbin) AC_PATH_PROG(INFTPD, in.ftpd,, /usr/libexec /usr/etc /etc /usr/sbin /sbin /usr/lbin) if test -z "$FTPD" then if test ! -z "$INFTPD" then FTPD="$INFTPD" fi fi AC_MSG_CHECKING(for default PATH entries) DEFAULT_PATH="" save_IFS="$IFS" IFS=" " for i in /usr/bin /bin /usr/ucb /usr/sbin /usr/bsd /sbin /usr/bin/X11 /etc /usr/local/X11/bin /usr/X11R6/bin /your-system-is-broken do IFS=":" for j in $PATH do if test "$i" = "$j" then if test -d "$i" then if test -z "$DEFAULT_PATH" then DEFAULT_PATH="$i" else DEFAULT_PATH="$DEFAULT_PATH:$i" fi fi fi done IFS=" " done AC_SUBST(DEFAULT_PATH) AC_MSG_RESULT($DEFAULT_PATH) AC_MSG_CHECKING(for test -e flag) if sh config.testeflag then result=yes EXISTS="-e" else result=no EXISTS="-f" fi AC_SUBST(EXISTS) AC_MSG_RESULT($result) AC_MSG_CHECKING(for mkdir -p flag) if test -d config.tmpdir then rmdir config.tmpdir/foo/bar >/dev/null 2>/dev/null rmdir config.tmpdir/foo >/dev/null 2>/dev/null rmdir config.tmpdir >/dev/null 2>/dev/null fi result=no if mkdir -p config.tmpdir/foo/bar >/dev/null 2>/dev/null then if test -d config.tmpdir then if test -d config.tmpdir/foo then if test -d config.tmpdir/foo/bar then result=yes rmdir config.tmpdir/foo/bar >/dev/null 2>/dev/null fi rmdir config.tmpdir/foo >/dev/null 2>/dev/null fi rmdir config.tmpdir >/dev/null 2>/dev/null fi fi if test "$result" = yes then MKDIR="mkdir -p" else MKDIR="mkdir" fi AC_SUBST(MKDIR) AC_MSG_RESULT($result) dnl Checks for various system characteristics AC_MSG_CHECKING(for /etc/default/login) if test $EXISTS /etc/default/login then result=yes AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) else result=no fi AC_MSG_RESULT($result) AC_MSG_CHECKING(for /etc/securetty) if test $EXISTS /etc/securetty then result=yes AC_DEFINE(HAVE_ETC_SECURETTY) else result=no fi AC_MSG_RESULT($result) AC_MSG_CHECKING(for /etc/logindevperm) if test $EXISTS /etc/logindevperm then result=yes AC_DEFINE(HAVE_ETC_LOGINDEVPERM) else result=no fi AC_MSG_RESULT($result) AC_MSG_CHECKING(for /etc/fbtab) if test $EXISTS /etc/fbtab then result=yes AC_DEFINE(HAVE_ETC_FBTAB) else result=no fi AC_MSG_RESULT($result) AC_MSG_CHECKING(mail spool location) mail_spool="" for i in /var/mail /usr/mail /var/spool/mail /usr/spool/mail do if test -d $i then mail_spool="$i" fi done if test -z "$mail_spool" then result="not found" else result="$mail_spool" AC_DEFINE_UNQUOTED(PATH_MAIL, "$mail_spool") fi AC_MSG_RESULT($result) AC_MSG_CHECKING(whether the system profile displays the motd) result=no if test $EXISTS /etc/profile then if grep motd /etc/profile >/dev/null 2>/dev/null then result=yes fi fi if test "$result" = yes then AC_DEFINE(HAVE_MOTD_IN_PROFILE) fi AC_MSG_RESULT($result) AC_MSG_CHECKING(whether the system profile checks for mail) result=no if test $EXISTS /etc/profile then if grep 'mail\.' /etc/profile >/dev/null 2>/dev/null then result=yes fi fi if test "$result" = yes then AC_DEFINE(HAVE_MAILCHECK_IN_PROFILE) fi AC_MSG_RESULT($result) dnl Checks for libraries. AC_CHECK_LIB(crypt, crypt) AC_CHECK_LIB(nsl, gethostname) AC_CHECK_LIB(posix, main) AC_CHECK_LIB(socket, socket) dnl If you don't have GCC and you need to pull alloca from libPW.a, dnl try uncommenting this block. It's not ready for prime time, though. dnl if test "$CC" != gcc; dnl then dnl rm y.tab.c 2>/dev/null >/dev/null dnl $YACC ftpcmd.y dnl if grep alloca y.tab.c 2>/dev/null >/dev/null dnl then dnl AC_CHECK_LIB(PW, alloca) dnl fi dnl rm y.tab.c 2>/dev/null >/dev/null dnl fi dnl Checks for header files. AC_HEADER_DIRENT AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(crypt.h fcntl.h limits.h termios.h termio.h sgtty.h sys/file.h sys/ioctl.h sys/time.h syslog.h unistd.h paths.h shadow.h signal.h sys/signal.h lastlog.h) dnl Checks for typedefs, structures, and compiler characteristics. dnl AC_TYPE_UID_T dnl AC_TYPE_OFF_T dnl AC_TYPE_PID_T dnl AC_STRUCT_ST_BLKSIZE dnl AC_STRUCT_TM dnl Checks for library functions. dnl AC_PROG_GCC_TRADITIONAL AC_FUNC_MEMCMP AC_TYPE_SIGNAL AC_FUNC_VFORK AC_CHECK_FUNCS(gethostname gettimeofday getusershell mkdir rmdir socket strerror strftime strstr setpriority getutxline seteuid setegid setresuid setresgid atexit on_exit strchr index strrchr rindex getcwd getwd sigsuspend sigpause sigblock sigmask getttynam sysconf getdtablesize setvbuf setenv getenv unsetenv memcpy memset bcopy bzero sigemptyset sigaddset sigprocmask getspent endspent) # Munge out LOCALBIN and LOCALMAN in canonical (no bletch) form AC_OUTPUT(configure.munger Makefile.munge:Makefile.in) sh configure.munger opie-2.11/opie_manual.h100644 4101 3565 15367 6070256306 13403 0ustar cmetzipv6/* opie_conf.h.source: Various configuration-type pieces of information for OPIE. This version is designed to work with the older configuration system. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.11. Added HAVE_SYS_TIME_H to IS_A_BSD. Removed version defines. Modified at NRL for OPIE 2.1. Fixed sigprocmask declaration. Gutted for autoconf. Split up for autoconf. Lots of changes for autoconf-style symbols. Removed trailing slashes from MAIL_DIR. Written at NRL for OPIE 2.0. */ #ifdef SOLARIS #ifndef SVR4 #define SVR4 1 #endif /* SVR4 */ #ifndef NEED_SETENV #define NEED_SETENV 1 #endif /* NEED_SETENV */ #ifndef DOUTMPX #define DOUTMPX 1 #endif /* DOUTMPX */ #ifndef HAVE_CRYPT_H #define HAVE_CRYPT_H 1 #endif /* HAVE_CRYPT_H */ #ifndef HAVE_SHADOW_H #define HAVE_SHADOW_H 1 #endif /* HAVE_SHADOW_H */ #ifndef HAVE_SIGPROCMASK #define HAVE_SIGPROCMASK 1 #endif /* HAVE_SIGPROCMASK */ #ifndef HAVE_SIGEMPTYSET #define HAVE_SIGEMPTYSET 1 #endif /* HAVE_SIGEMPTYSET */ #ifndef HAVE_SIGADDSET #define HAVE_SIGADDSET 1 #endif /* HAVE_SIGADDSET */ #ifndef HAVE_SHADOW #define HAVE_SHADOW 1 #endif /* HAVE_SHADOW */ #ifndef DOTTYPROMPT #define DOTTYPROMPT 1 #endif /* DOTTYPROMPT */ #endif /* SOLARIS */ #ifdef linux #ifndef IS_A_SYSV #define IS_A_SYSV 1 #endif /* IS_A_SYSV */ #endif /* linux */ #ifdef hpux #ifndef IS_A_SYSV #define IS_A_SYSV 1 #endif /* IS_A_SYSV */ #ifndef NEED_SETENV #define NEED_SETENV 1 #endif /* NEED_SETENV */ #define seteuid(x) setresuid(-1, x, -1) #define setegid(x) setresgid(-1, x, -1) #ifndef _PATH_WTMP #define _PATH_WTMP "/etc/wtmp" #endif /* _PATH_WTMP */ #ifndef DOSECURETTY #define DOSECURETTY 1 #endif /* DOSECURETTY */ #ifndef HAVE_SIGPROCMASK #define HAVE_SIGPROCMASK 1 #endif /* HAVE_SIGPROCMASK */ #ifndef HAVE_SIGEMPTYSET #define HAVE_SIGEMPTYSET 1 #endif /* HAVE_SIGEMPTYSET */ #ifndef HAVE_SIGADDSET #define HAVE_SIGADDSET 1 #endif /* HAVE_SIGADDSET */ #endif /* hpux */ #ifdef SUNOS #ifndef BSD4_3 #define BSD4_3 1 #endif /* BSD4_3 */ #ifndef HAVE_DIRENT #define HAVE_DIRENT 1 #endif /* HAVE_DIRENT */ #ifndef NEED_SETENV #define NEED_SETENV 1 #endif /* NEED_SETENV */ #ifndef NEED_STRERROR #define NEED_STRERROR 1 #endif /* NEED_STRERROR */ #ifndef atexit #define atexit on_exit #endif /* atexit */ #ifndef HAVE_DES_CRYPT_H #define HAVE_DES_CRYPT_H 1 #endif /* HAVE_DES_CRYPT_H */ #ifndef HAVE_LASTLOG_H #define HAVE_LASTLOG_H 1 #endif /* HAVE_LASTLOG_H */ #ifndef HAVE_TIME_H #define HAVE_TIME_H 1 #endif /* HAVE_TIME_H */ #endif /* SUNOS */ /* SVR4 -> IS_A_SYSV */ #ifdef SVR4 #ifndef IS_A_SYSV #define IS_A_SYSV 1 #endif /* IS_A_SYSV */ #ifndef HAVE_ETC_DEFAULT_LOGIN #define HAVE_ETC_DEFAULT_LOGIN 1 #endif /* HAVE_ETC_DEFAULT_LOGIN */ #endif /* SVR4 */ /* BSD4_3 -> OPIE_BSD */ #ifdef BSD4_3 #ifndef IS_A_BSD #define IS_A_BSD 1 #endif /* IS_A_BSD */ #endif /* BSD4_3 */ #if !defined(SYSV) && !defined(IS_A_SYSV) && defined(BSD) #ifndef IS_A_BSD #define IS_A_BSD 1 #endif /* IS_A_BSD */ #endif /* !defined(SYSV) && !defined(IS_A_SYSV) && defined(BSD) */ #if !defined(BSD) && !defined(IS_A_BSD) && defined(SYSV) #ifndef IS_A_SYSV #define IS_A_SYSV 1 #endif /* IS_A_SYSV */ #endif /* !defined(BSD) && !defined(IS_A_BSD) && defined(SYSV) */ #if defined(IS_A_BSD) && defined(IS_A_SYSV) You cannot be both IS_A_BSD and IS_A_SYSV at the same time. #endif /* defined(IS_A_BSD) && defined(IS_A_SYSV) */ #if !defined(IS_A_BSD) && !defined(IS_A_SYSV) You must specify the kind of system you are on(See the Makefile). #endif /* !defined(IS_A_BSD) && !defined(IS_A_SYSV) */ /* If the user didn't specify, figure out what file to use for perm setting */ #ifndef PERMSFILE #if defined(SOLARIS) || defined(linux) #define PERMSFILE "/etc/logindevperm" #endif /* SOLARIS */ #ifdef SUNOS #define PERMSFILE "/etc/fbtab" #endif /* SUNOS */ /* Otherwise, leave out PERMSFILE support (can we say BLOAT?) */ #endif /* PERMSFILE */ #ifdef IS_A_BSD /* backwards compatibility for older BSD systems */ #ifndef HAVE_SETPRIORITY #define HAVE_SETPRIORITY 1 #endif /* HAVE_SETPRIORITY */ #ifndef HAVE_SYS_RESOURCE_H #define HAVE_SYS_RESOURCE_H 1 #endif /* HAVE_SYS_RESOURCE_H */ #ifndef HAVE_SYS_TIME_H #define HAVE_SYS_TIME_H 1 #endif /* HAVE_SYS_TIME_H */ #ifndef HAVE_FCNTL_H #define HAVE_FCNTL_H 1 #endif /* HAVE_FCNTL_H */ #ifndef pid_t #define pid_t int #endif /* pid_t */ #ifndef COMPAT_43 #define COMPAT_43 1 #endif /* COMPAT_43 */ #ifndef USE_OLD_TTY #define USE_OLD_TTY 1 #endif /* USE_OLD_TTY */ #ifdef NEED_STRING #ifndef strchr #define strchr(s,c) index((s),(c)) #endif #ifndef strrchr #define strrchr(s,c) rindex((s),(c)) #endif #endif /* NEED_STRING */ #ifndef SUNOS /* These really shouldn't need to be defined for any system that is reasonably POSIX... */ #ifndef getcwd #define getcwd(buf,t) getwd((buf)) #endif #endif /* !SUNOS */ #ifndef sysconf /* sysconf first appeared in POSIX */ #define sysconf(_SC_OPEN_MAX) getdtablesize() #endif /* BSDs sometimes don't print the group w/o -g */ #ifndef LS_COMMAND #define LS_COMMAND "/bin/ls -lgA" #endif /* LS_COMAND */ /* BSD traditionally keeps incoming mail in /usr/spool/mail */ #define MAIL_DIR "/usr/spool/mail" #endif #ifdef IS_A_SYSV /* All modern SYSV systems have the dirent directory entry structure */ #ifndef HAVE_DIRENT #define HAVE_DIRENT 1 #endif /* HAVE_DIRENT */ /* SYSV traditionally keeps incoming mail in /usr/mail */ #ifndef MAIL_DIR #define MAIL_DIR "/usr/mail" #endif /* MAIL_DIR */ #ifndef sigmask /* sigmask() is a handy BSD macro that is not POSIX or SYSV */ #define sigmask(m) (1 << ((m)-1)) #endif #ifndef vfork #define vfork fork /* System Vs generally don't do vfork */ #endif /* SysVs sometimes don't print the owner w/ -g */ #ifndef LS_COMMAND #define LS_COMMAND "/bin/ls -lA" #endif /* LS_COMAND */ #endif #ifndef HAVETTYSLOT #ifdef IS_A_BSD #define HAVETTYSLOT 1 /* BSD man pages say it appeared in V7 */ #endif /* IS_A_BSD */ #ifdef IS_A_SYSV #define HAVETTYSLOT 0 /* But some System Vs appear to have "fixed" it */ #endif /* IS_A_SYSV */ #endif /* HAVETTYSLOT */ #if !HAVE_DIRENT #define dirent direct #endif /* !HAVE_DIRENT */ #if !defined(HAVE_GETTTYNAM) && defined(BSD4_3) #define HAVE_GETTTYNAM 1 #endif /* HAVE_GETTTYNAM */ #ifndef HAVE_ST_BLKSIZE #define HAVE_ST_BLKSIZE 1 #endif /* HAVE_ST_BLKSIZE */ #ifndef HAVE_SIGNAL_H #define HAVE_SIGNAL_H 1 #endif /* HAVE_SIGNAL_H */ #ifndef DOMOTD #define DOMOTD 1 #endif /* DOMOTD */ #if DOMOTD #define HAVE_MOTD_IN_PROFILE 0 #define HAVE_MAILCHECK_IN_PROFILE 0 #else /* DOMOTD */ #define HAVE_MOTD_IN_PROFILE 1 #define HAVE_MAILCHECK_IN_PROFILE 1 #endif /* DOMOTD */ opie-2.11/opie_auto.h100644 4101 3565 10767 6070256263 13077 0ustar cmetzipv6/* opie_conf.h.in: Various configuration-type pieces of information for OPIE. This version is designed to work with GNU autoconf. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.11. Removed version defines. Modified at NRL for OPIE 2.1. Fixed sigprocmask declaration. Gutted for autoconf. Split up for autoconf. Written at NRL for OPIE 2.0. */ /* This file should make the reader painfully aware of the need to rename some symbols */ /* System characteristics */ #if HAVE_ETC_SECURETTY #ifndef DOSECURETTY #define DOSECURETTY 1 #endif /* DOSECURETTY */ #endif /* HAVE_ETC_SECURETTY */ /* Missing functions */ #if !HAVE_SETENV #ifndef NEED_SETENV #define NEED_SETENV 1 #endif /* NEED_SETENV */ #endif /* !HAVE_SETENV */ #if !HAVE_PUTENV #ifndef NEED_PUTENV #define NEED_PUTENV 1 #endif /* NEED_PUTENV */ #endif /* !HAVE_PUTENV */ #if !HAVE_STRERROR #ifndef NEED_STRERROR #define NEED_STRERROR 1 #endif /* NEED_STRERROR */ #endif /* !HAVE_STRERROR */ #if HAVE_GETUTXLINE #ifndef DOUTMPX #define DOUTMPX 1 #endif /* DOUTMPX */ #define UTMPX utmpx #else /* HAVE_GETUTXLINE */ #define UTMPX utmp #endif /* HAVE_GETUTXLINE */ #if !HAVE_SETEUID && HAVE_SETRESUID #define seteuid(x) setresuid(-1, x, -1) #endif /* !HAVE_SETEUID && HAVE_SETRESUID */ #if !HAVE_SETEGID && HAVE_SETRESGID #define setegid(x) setresgid(-1, x, -1) #endif /* !HAVE_SETEGID && HAVE_SETRESGID */ /* Adapted from the Autoconf hypertext info pages */ #if HAVE_DIRENT_H #include #else /* HAVE_DIRENT_H */ #define dirent direct #if HAVE_SYS_NDIR_H #include #endif /* HAVE_SYS_NDIR_H */ #if HAVE_SYS_DIR_H #include #endif /* HAVE_SYS_DIR_H */ #if HAVE_NDIR_H #include #endif /* HAVE_NDIR_H */ #endif /* HAVE_DIRENT_H */ #if !HAVE_ATEXIT #if HAVE_ON_EXIT #define atexit on_exit #else /* HAVE_ON_EXIT */ #define atexit(x) #endif /* HAVE_ON_EXIT */ #endif /* !HAVE_ATEXIT */ #if HAVE_ETC_LOGINDEVPERM #ifndef PERMSFILE #define PERMSFILE "/etc/logindevperm" #endif /* PERMSFILE */ #endif /* HAVE_ETC_LOGINDEVPERM */ #if HAVE_ETC_FBTAB #ifndef PERMSFILE #define PERMSFILE "/etc/fbtab" #endif /* PERMSFILE */ #endif /* HAVE_ETC_FBTAB */ #if !HAVE_STRCHR && HAVE_INDEX #define strchr(s,c) index((s),(c)) #endif /* !HAVE_STRCHR && HAVE_INDEX */ #if !HAVE_STRRCHR && HAVE_RINDEX #define strrchr(s,c) rindex((s),(c)) #endif /* !HAVE_STRRCHR && HAVE_RINDEX */ #if !HAVE_GETCWD && HAVE_GETWD #define getcwd(buf,t) getwd((buf)) #endif /* !HAVE_GETCWD && HAVE_GETWD */ #if !HAVE_SIGPROCMASK #define sigprocmask oursigprocmask #define DOOURSIGPROCMASK 1 #endif #if !HAVE_SYSCONF && HAVE_GETDTABLESIZE #define sysconf(_SC_OPEN_MAX) getdtablesize() #endif /* !HAVE_SYSCONF && HAVE_GETDTABLESIZE */ /* BSDs sometimes don't print the group w/o -g */ #ifndef LS_COMMAND #define LS_COMMAND "/bin/ls -lgA" #endif /* LS_COMAND */ #ifndef LS_COMMAND #define LS_COMMAND "/bin/ls -lA" #endif /* LS_COMAND */ #ifndef MAIL_DIR #ifdef PATH_MAIL #define MAIL_DIR PATH_MAIL #else /* PATH_MAIL */ #ifdef _PATH_MAIL #define MAIL_DIR _PATH_MAIL #else /* _PATH_MAIL */ #define MAIL_DIR "/usr/spool/mail" #endif /* _PATH_MAIL */ #endif /* PATH_MAIL */ #endif /* MAIL_DIR */ #if !defined(sigmask) && !HAVE_SIGMASK /* sigmask() is a handy BSD macro that is not POSIX or SYSV */ #define sigmask(m) (1 << ((m)-1)) #endif /* Not sure how I'll do this yet... */ #define HAVETTYSLOT 0 #if 0 #ifndef HAVETTYSLOT #ifdef IS_A_BSD #define HAVETTYSLOT 1 /* BSD man pages say it appeared in V7 */ #endif /* IS_A_BSD */ #ifdef IS_A_SYSV #define HAVETTYSLOT 0 /* But some System Vs appear to have "fixed" it */ #endif /* IS_A_SYSV */ #endif /* HAVETTYSLOT */ #endif /* 0 */ #if !HAVE_MEMCPY && HAVE_BCOPY #define memcpy(dst, src, len) bcopy(src, dst, len) #endif /* !HAVE_MEMCPY && HAVE_BCOPY */ #if !HAVE_MEMSET && HAVE_BZERO #define memset(b, 0, len) bzero(b, len) #endif /* !HAVE_MEMCPY && HAVE_BCOPY */ #if HAVE_SHADOW_H && HAVE_GETSPENT && HAVE_ENDSPENT #define HAVE_SHADOW 1 #endif /* HAVE_SHADOW_H && HAVE_GETSPENT && HAVE_ENDSPENT */ #if !HAVE_GETUSERSHELL && !defined(NEED_GETUSERSHELL) #define NEED_GETUSERSHELL 1 #endif /* !HAVE_GETUSERSHELL && !defined(NEED_GETUSERSHELL) */ #if !HAVE_ENDUSERSHELL && !defined(NEED_ENDUSERSHELL) #define NEED_ENDUSERSHELL 1 #endif /* !HAVE_ENDUSERSHELL && !defined(NEED_ENDUSERSHELL) */ opie-2.11/configure100754 4101 3565 173151 6070047002 12652 0ustar cmetzipv6#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated automatically using autoconf version 2.7 # Copyright (C) 1992, 1993, 1994 Free Software Foundation, Inc. # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. # Defaults: ac_help= ac_default_prefix=/usr/local # Any additions from configure.in: # Initialize some variables set by options. # The variables have the same names as the options, with # dashes changed to underlines. build=NONE cache_file=./config.cache exec_prefix=NONE host=NONE no_create= nonopt=NONE no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= target=NONE verbose= x_includes=NONE x_libraries=NONE bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datadir='${prefix}/share' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' libdir='${exec_prefix}/lib' includedir='${prefix}/include' oldincludedir='/usr/include' infodir='${prefix}/info' mandir='${prefix}/man' # Initialize some other variables. subdirs= MFLAGS= MAKEFLAGS= ac_prev= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" ac_prev= continue fi case "$ac_option" in -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) ac_optarg= ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case "$ac_option" in -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir="$ac_optarg" ;; -build | --build | --buil | --bui | --bu) ac_prev=build ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build="$ac_optarg" ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file="$ac_optarg" ;; -datadir | --datadir | --datadi | --datad | --data | --dat | --da) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ | --da=*) datadir="$ac_optarg" ;; -disable-* | --disable-*) ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } fi ac_feature=`echo $ac_feature| sed 's/-/_/g'` eval "enable_${ac_feature}=no" ;; -enable-* | --enable-*) ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } fi ac_feature=`echo $ac_feature| sed 's/-/_/g'` case "$ac_option" in *=*) ;; *) ac_optarg=yes ;; esac eval "enable_${ac_feature}='$ac_optarg'" ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix="$ac_optarg" ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he) # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat << EOF Usage: configure [options] [host] Options: [defaults in brackets after descriptions] Configuration: --cache-file=FILE cache test results in FILE --help print this message --no-create do not create output files --quiet, --silent do not print \`checking...' messages --version print the version of autoconf that created configure Directory and file names: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [same as prefix] --bindir=DIR user executables in DIR [EPREFIX/bin] --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] --libexecdir=DIR program executables in DIR [EPREFIX/libexec] --datadir=DIR read-only architecture-independent data in DIR [PREFIX/share] --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data in DIR [PREFIX/com] --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] --libdir=DIR object code libraries in DIR [EPREFIX/lib] --includedir=DIR C header files in DIR [PREFIX/include] --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] --infodir=DIR info documentation in DIR [PREFIX/info] --mandir=DIR man documentation in DIR [PREFIX/man] --srcdir=DIR find the sources in DIR [configure dir or ..] --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names EOF cat << EOF Host type: --build=BUILD configure for building on BUILD [BUILD=HOST] --host=HOST configure for HOST [guessed] --target=TARGET configure for TARGET [TARGET=HOST] Features and packages: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --x-includes=DIR X include files are in DIR --x-libraries=DIR X library files are in DIR EOF if test -n "$ac_help"; then echo "--enable and --with options recognized:$ac_help" fi exit 0 ;; -host | --host | --hos | --ho) ac_prev=host ;; -host=* | --host=* | --hos=* | --ho=*) host="$ac_optarg" ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir="$ac_optarg" ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir="$ac_optarg" ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir="$ac_optarg" ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir="$ac_optarg" ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst \ | --locals | --local | --loca | --loc | --lo) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* \ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) localstatedir="$ac_optarg" ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir="$ac_optarg" ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir="$ac_optarg" ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix="$ac_optarg" ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix="$ac_optarg" ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix="$ac_optarg" ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name="$ac_optarg" ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir="$ac_optarg" ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir="$ac_optarg" ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site="$ac_optarg" ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir="$ac_optarg" ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir="$ac_optarg" ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target="$ac_optarg" ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers) echo "configure generated by autoconf version 2.7" exit 0 ;; -with-* | --with-*) ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } fi ac_package=`echo $ac_package| sed 's/-/_/g'` case "$ac_option" in *=*) ;; *) ac_optarg=yes ;; esac eval "with_${ac_package}='$ac_optarg'" ;; -without-* | --without-*) ac_package=`echo $ac_option|sed -e 's/-*without-//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } fi ac_package=`echo $ac_package| sed 's/-/_/g'` eval "with_${ac_package}=no" ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes="$ac_optarg" ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries="$ac_optarg" ;; -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } ;; *) if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then echo "configure: warning: $ac_option: invalid host type" 1>&2 fi if test "x$nonopt" != xNONE; then { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } fi nonopt="$ac_option" ;; esac done if test -n "$ac_prev"; then { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } fi trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 # File descriptor usage: # 0 standard input # 1 file creation # 2 errors and warnings # 3 some systems may open it to /dev/tty # 4 used on the Kubota Titan # 6 checking for... messages and results # 5 compiler messages saved in config.log if test "$silent" = yes; then exec 6>/dev/null else exec 6>&1 fi exec 5>./config.log echo "\ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. " 1>&5 # Strip out --no-create and --no-recursion so they do not pile up. # Also quote any args containing shell metacharacters. ac_configure_args= for ac_arg do case "$ac_arg" in -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c) ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) ac_configure_args="$ac_configure_args '$ac_arg'" ;; *) ac_configure_args="$ac_configure_args $ac_arg" ;; esac done # NLS nuisances. # Only set LANG and LC_ALL to C if already set. # These must not be set unconditionally because not all systems understand # e.g. LANG=C (notably SCO). if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi if test "${LANG+set}" = set; then LANG=C; export LANG; fi # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -rf conftest* confdefs.h # AIX cpp loses on an empty file, so make sure it contains at least a newline. echo > confdefs.h # A filename unique to this package, relative to the directory that # configure is in, which we can look for to find out if srcdir is correct. ac_unique_file=README # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then its parent. ac_prog=$0 ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. srcdir=$ac_confdir if test ! -r $srcdir/$ac_unique_file; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r $srcdir/$ac_unique_file; then if test "$ac_srcdir_defaulted" = yes; then { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } else { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } fi fi srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` # Prefer explicitly selected file to automatically selected ones. if test -z "$CONFIG_SITE"; then if test "x$prefix" != xNONE; then CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" else CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi fi for ac_site_file in $CONFIG_SITE; do if test -r "$ac_site_file"; then echo "loading site script $ac_site_file" . "$ac_site_file" fi done if test -r "$cache_file"; then echo "loading cache $cache_file" . $cache_file else echo "creating cache $cache_file" > $cache_file fi ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='echo $CPP $CPPFLAGS 1>&5; $CPP $CPPFLAGS' ac_compile='echo ${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5; ${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5 2>&5' ac_link='echo ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5; ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5 2>&5' if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then ac_n= ac_c=' ' ac_t=' ' else ac_n=-n ac_c= ac_t= fi else ac_n= ac_c='\c' ac_t= fi # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_CC="gcc" break fi done IFS="$ac_save_ifs" test -z "$ac_cv_prog_CC" && ac_cv_prog_CC="cc" fi fi CC="$ac_cv_prog_CC" if test -n "$CC"; then echo "$ac_t""$CC" 1>&6 else echo "$ac_t""no" 1>&6 fi echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.c <&5 | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no fi fi echo "$ac_t""$ac_cv_prog_gcc" 1>&6 if test $ac_cv_prog_gcc = yes; then GCC=yes if test "${CFLAGS+set}" != set; then echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_prog_gcc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else echo 'void f(){}' > conftest.c if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then ac_cv_prog_gcc_g=yes else ac_cv_prog_gcc_g=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_prog_gcc_g" 1>&6 if test $ac_cv_prog_gcc_g = yes; then CFLAGS="-g -O" else CFLAGS="-O" fi fi else GCC= test "${CFLAGS+set}" = set || CFLAGS="-g" fi echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else # This must be in double quotes, not single quotes, because CPP may get # substituted into the Makefile and "${CC-cc}" will confuse make. CPP="${CC-cc} -E" # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : else echo "$ac_err" >&5 rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : else echo "$ac_err" >&5 rm -rf conftest* CPP=/lib/cpp fi rm -f conftest* fi rm -f conftest* ac_cv_prog_CPP="$CPP" fi CPP="$ac_cv_prog_CPP" else ac_cv_prog_CPP="$CPP" fi echo "$ac_t""$CPP" 1>&6 echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else rm -f conftestdata if ln -s X conftestdata 2>/dev/null then rm -f conftestdata ac_cv_prog_LN_S="ln -s" else ac_cv_prog_LN_S=ln fi fi LN_S="$ac_cv_prog_LN_S" if test "$ac_cv_prog_LN_S" = "ln -s"; then echo "$ac_t""yes" 1>&6 else echo "$ac_t""no" 1>&6 fi # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_RANLIB="ranlib" break fi done IFS="$ac_save_ifs" test -z "$ac_cv_prog_RANLIB" && ac_cv_prog_RANLIB=":" fi fi RANLIB="$ac_cv_prog_RANLIB" if test -n "$RANLIB"; then echo "$ac_t""$RANLIB" 1>&6 else echo "$ac_t""no" 1>&6 fi for ac_prog in 'bison -y' byacc do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_YACC="$ac_prog" break fi done IFS="$ac_save_ifs" fi fi YACC="$ac_cv_prog_YACC" if test -n "$YACC"; then echo "$ac_t""$YACC" 1>&6 else echo "$ac_t""no" 1>&6 fi test -n "$YACC" && break done test -n "$YACC" || YACC="yacc" echo $ac_n "checking for AIX""... $ac_c" 1>&6 cat > conftest.$ac_ext <&5 | egrep "yes" >/dev/null 2>&1; then rm -rf conftest* echo "$ac_t""yes" 1>&6; cat >> confdefs.h <<\EOF #define _ALL_SOURCE 1 EOF else rm -rf conftest* echo "$ac_t""no" 1>&6 fi rm -f conftest* echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 if test -d /etc/conf/kconfig.d && grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 then echo "$ac_t""yes" 1>&6 ISC=yes # If later tests want to check for ISC. cat >> confdefs.h <<\EOF #define _POSIX_SOURCE 1 EOF if test "$GCC" = yes; then CC="$CC -posix" else CC="$CC -Xp" fi else echo "$ac_t""no" 1>&6 ISC= fi ac_safe=`echo "minix/config.h" | tr './\055' '___'` echo $ac_n "checking for minix/config.h""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" else echo "$ac_err" >&5 rm -rf conftest* eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 MINIX=yes else echo "$ac_t""no" 1>&6 MINIX= fi if test "$MINIX" = yes; then cat >> confdefs.h <<\EOF #define _POSIX_SOURCE 1 EOF cat >> confdefs.h <<\EOF #define _POSIX_1_SOURCE 2 EOF cat >> confdefs.h <<\EOF #define _MINIX 1 EOF fi # Extract the first word of "chown", so it can be a program name with args. set dummy chown; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_path_CHOWN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else case "$CHOWN" in /*) ac_cv_path_CHOWN="$CHOWN" # Let the user override the test with a path. ;; *) IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in /usr/bin /bin /usr/sbin /sbin /usr/etc /etc; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_CHOWN="$ac_dir/$ac_word" break fi done IFS="$ac_save_ifs" test -z "$ac_cv_path_CHOWN" && ac_cv_path_CHOWN="/bin/chown" ;; esac fi CHOWN="$ac_cv_path_CHOWN" if test -n "$CHOWN"; then echo "$ac_t""$CHOWN" 1>&6 else echo "$ac_t""no" 1>&6 fi # Extract the first word of "su", so it can be a program name with args. set dummy su; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_path_SU'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else case "$SU" in /*) ac_cv_path_SU="$SU" # Let the user override the test with a path. ;; *) IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in /usr/bin /bin; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_SU="$ac_dir/$ac_word" break fi done IFS="$ac_save_ifs" test -z "$ac_cv_path_SU" && ac_cv_path_SU="/bin/su" ;; esac fi SU="$ac_cv_path_SU" if test -n "$SU"; then echo "$ac_t""$SU" 1>&6 else echo "$ac_t""no" 1>&6 fi # Extract the first word of "su", so it can be a program name with args. set dummy su; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_path_ALT_SU'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else case "$ALT_SU" in /*) ac_cv_path_ALT_SU="$ALT_SU" # Let the user override the test with a path. ;; *) IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in /usr/sbin /sbin; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_ALT_SU="$ac_dir/$ac_word" break fi done IFS="$ac_save_ifs" ;; esac fi ALT_SU="$ac_cv_path_ALT_SU" if test -n "$ALT_SU"; then echo "$ac_t""$ALT_SU" 1>&6 else echo "$ac_t""no" 1>&6 fi # Extract the first word of "scheme", so it can be a program name with args. set dummy scheme; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_path_SCHEME'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else case "$SCHEME" in /*) ac_cv_path_SCHEME="$SCHEME" # Let the user override the test with a path. ;; *) IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in /usr/lib/iaf/scheme; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_SCHEME="$ac_dir/$ac_word" break fi done IFS="$ac_save_ifs" ;; esac fi SCHEME="$ac_cv_path_SCHEME" if test -n "$SCHEME"; then echo "$ac_t""$SCHEME" 1>&6 else echo "$ac_t""no" 1>&6 fi # Extract the first word of "login", so it can be a program name with args. set dummy login; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_path_LOGIN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else case "$LOGIN" in /*) ac_cv_path_LOGIN="$LOGIN" # Let the user override the test with a path. ;; *) IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in /usr/bin /bin; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_LOGIN="$ac_dir/$ac_word" break fi done IFS="$ac_save_ifs" test -z "$ac_cv_path_LOGIN" && ac_cv_path_LOGIN="/bin/login" ;; esac fi LOGIN="$ac_cv_path_LOGIN" if test -n "$LOGIN"; then echo "$ac_t""$LOGIN" 1>&6 else echo "$ac_t""no" 1>&6 fi if test ! -z "$SCHEME"; then LOGIN="$SCHEME"; fi # Extract the first word of "ftpd", so it can be a program name with args. set dummy ftpd; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_path_FTPD'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else case "$FTPD" in /*) ac_cv_path_FTPD="$FTPD" # Let the user override the test with a path. ;; *) IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in /usr/libexec /usr/etc /etc /usr/sbin /sbin /usr/lbin; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_FTPD="$ac_dir/$ac_word" break fi done IFS="$ac_save_ifs" ;; esac fi FTPD="$ac_cv_path_FTPD" if test -n "$FTPD"; then echo "$ac_t""$FTPD" 1>&6 else echo "$ac_t""no" 1>&6 fi # Extract the first word of "in.ftpd", so it can be a program name with args. set dummy in.ftpd; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_path_INFTPD'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else case "$INFTPD" in /*) ac_cv_path_INFTPD="$INFTPD" # Let the user override the test with a path. ;; *) IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in /usr/libexec /usr/etc /etc /usr/sbin /sbin /usr/lbin; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_INFTPD="$ac_dir/$ac_word" break fi done IFS="$ac_save_ifs" ;; esac fi INFTPD="$ac_cv_path_INFTPD" if test -n "$INFTPD"; then echo "$ac_t""$INFTPD" 1>&6 else echo "$ac_t""no" 1>&6 fi if test -z "$FTPD" then if test ! -z "$INFTPD" then FTPD="$INFTPD" fi fi echo $ac_n "checking for default PATH entries""... $ac_c" 1>&6 DEFAULT_PATH="" save_IFS="$IFS" IFS=" " for i in /usr/bin /bin /usr/ucb /usr/sbin /usr/bsd /sbin /usr/bin/X11 /etc /usr/local/X11/bin /usr/X11R6/bin /your-system-is-broken do IFS=":" for j in $PATH do if test "$i" = "$j" then if test -d "$i" then if test -z "$DEFAULT_PATH" then DEFAULT_PATH="$i" else DEFAULT_PATH="$DEFAULT_PATH:$i" fi fi fi done IFS=" " done echo "$ac_t""$DEFAULT_PATH" 1>&6 echo $ac_n "checking for test -e flag""... $ac_c" 1>&6 if sh config.testeflag then result=yes EXISTS="-e" else result=no EXISTS="-f" fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for mkdir -p flag""... $ac_c" 1>&6 if test -d config.tmpdir then rmdir config.tmpdir/foo/bar >/dev/null 2>/dev/null rmdir config.tmpdir/foo >/dev/null 2>/dev/null rmdir config.tmpdir >/dev/null 2>/dev/null fi result=no if mkdir -p config.tmpdir/foo/bar >/dev/null 2>/dev/null then if test -d config.tmpdir then if test -d config.tmpdir/foo then if test -d config.tmpdir/foo/bar then result=yes rmdir config.tmpdir/foo/bar >/dev/null 2>/dev/null fi rmdir config.tmpdir/foo >/dev/null 2>/dev/null fi rmdir config.tmpdir >/dev/null 2>/dev/null fi fi if test "$result" = yes then MKDIR="mkdir -p" else MKDIR="mkdir" fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for /etc/default/login""... $ac_c" 1>&6 if test $EXISTS /etc/default/login then result=yes cat >> confdefs.h <<\EOF #define HAVE_ETC_DEFAULT_LOGIN 1 EOF else result=no fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for /etc/securetty""... $ac_c" 1>&6 if test $EXISTS /etc/securetty then result=yes cat >> confdefs.h <<\EOF #define HAVE_ETC_SECURETTY 1 EOF else result=no fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for /etc/logindevperm""... $ac_c" 1>&6 if test $EXISTS /etc/logindevperm then result=yes cat >> confdefs.h <<\EOF #define HAVE_ETC_LOGINDEVPERM 1 EOF else result=no fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for /etc/fbtab""... $ac_c" 1>&6 if test $EXISTS /etc/fbtab then result=yes cat >> confdefs.h <<\EOF #define HAVE_ETC_FBTAB 1 EOF else result=no fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking mail spool location""... $ac_c" 1>&6 mail_spool="" for i in /var/mail /usr/mail /var/spool/mail /usr/spool/mail do if test -d $i then mail_spool="$i" fi done if test -z "$mail_spool" then result="not found" else result="$mail_spool" cat >> confdefs.h <&6 echo $ac_n "checking whether the system profile displays the motd""... $ac_c" 1>&6 result=no if test $EXISTS /etc/profile then if grep motd /etc/profile >/dev/null 2>/dev/null then result=yes fi fi if test "$result" = yes then cat >> confdefs.h <<\EOF #define HAVE_MOTD_IN_PROFILE 1 EOF fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking whether the system profile checks for mail""... $ac_c" 1>&6 result=no if test $EXISTS /etc/profile then if grep 'mail\.' /etc/profile >/dev/null 2>/dev/null then result=yes fi fi if test "$result" = yes then cat >> confdefs.h <<\EOF #define HAVE_MAILCHECK_IN_PROFILE 1 EOF fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for -lcrypt""... $ac_c" 1>&6 ac_lib_var=`echo crypt | tr '.-/+' '___p'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&6 ac_tr_lib=HAVE_LIB`echo crypt | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi echo $ac_n "checking for -lnsl""... $ac_c" 1>&6 ac_lib_var=`echo nsl | tr '.-/+' '___p'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&6 ac_tr_lib=HAVE_LIB`echo nsl | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi echo $ac_n "checking for -lposix""... $ac_c" 1>&6 ac_lib_var=`echo posix | tr '.-/+' '___p'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lposix $LIBS" cat > conftest.$ac_ext <&6 ac_tr_lib=HAVE_LIB`echo posix | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi echo $ac_n "checking for -lsocket""... $ac_c" 1>&6 ac_lib_var=`echo socket | tr '.-/+' '___p'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&6 ac_tr_lib=HAVE_LIB`echo socket | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi ac_header_dirent=no for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h do ac_safe=`echo "$ac_hdr" | tr './\055' '___'` echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include <$ac_hdr> int main() { return 0; } int t() { DIR *dirp = 0; ; return 0; } EOF if eval $ac_compile; then rm -rf conftest* eval "ac_cv_header_dirent_$ac_safe=yes" else rm -rf conftest* eval "ac_cv_header_dirent_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_dirent_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_hdr=HAVE_`echo $ac_hdr | tr 'abcdedfghijklmnopqrstuvwxyz./\055' 'ABCDEDFGHIJKLMNOPQRSTUVWXYZ___'` cat >> confdefs.h <&6 fi done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then echo $ac_n "checking for -ldir""... $ac_c" 1>&6 ac_lib_var=`echo dir | tr '.-/+' '___p'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-ldir $LIBS" cat > conftest.$ac_ext <&6 LIBS="$LIBS -ldir" else echo "$ac_t""no" 1>&6 fi else echo $ac_n "checking for -lx""... $ac_c" 1>&6 ac_lib_var=`echo x | tr '.-/+' '___p'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lx $LIBS" cat > conftest.$ac_ext <&6 LIBS="$LIBS -lx" else echo "$ac_t""no" 1>&6 fi fi echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include #ifndef WEXITSTATUS #define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) #endif #ifndef WIFEXITED #define WIFEXITED(stat_val) (((stat_val) & 255) == 0) #endif int main() { return 0; } int t() { int s; wait (&s); s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } EOF if eval $ac_compile; then rm -rf conftest* ac_cv_header_sys_wait_h=yes else rm -rf conftest* ac_cv_header_sys_wait_h=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_header_sys_wait_h" 1>&6 if test $ac_cv_header_sys_wait_h = yes; then cat >> confdefs.h <<\EOF #define HAVE_SYS_WAIT_H 1 EOF fi for ac_hdr in crypt.h fcntl.h limits.h termios.h termio.h sgtty.h sys/file.h sys/ioctl.h sys/time.h syslog.h unistd.h paths.h shadow.h signal.h sys/signal.h lastlog.h do ac_safe=`echo "$ac_hdr" | tr './\055' '___'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" else echo "$ac_err" >&5 rm -rf conftest* eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_hdr=HAVE_`echo $ac_hdr | tr 'abcdefghijklmnopqrstuvwxyz./\055' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ___'` cat >> confdefs.h <&6 fi done # If we cannot run a trivial program, we must be cross compiling. echo $ac_n "checking whether cross-compiling""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_c_cross'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then ac_cv_c_cross=yes else cat > conftest.$ac_ext </dev/null; then ac_cv_c_cross=no else ac_cv_c_cross=yes fi fi rm -fr conftest* fi echo "$ac_t""$ac_cv_c_cross" 1>&6 cross_compiling=$ac_cv_c_cross echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_func_memcmp'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then ac_cv_func_memcmp=no else cat > conftest.$ac_ext </dev/null; then ac_cv_func_memcmp=yes else ac_cv_func_memcmp=no fi fi rm -fr conftest* fi echo "$ac_t""$ac_cv_func_memcmp" 1>&6 test $ac_cv_func_memcmp = no && LIBOBJS="$LIBOBJS memcmp.o" echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include #ifdef signal #undef signal #endif #ifdef __cplusplus extern "C" void (*signal (int, void (*)(int)))(int); #else void (*signal ()) (); #endif int main() { return 0; } int t() { int i; ; return 0; } EOF if eval $ac_compile; then rm -rf conftest* ac_cv_type_signal=void else rm -rf conftest* ac_cv_type_signal=int fi rm -f conftest* fi echo "$ac_t""$ac_cv_type_signal" 1>&6 cat >> confdefs.h <&6 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include #include #include EOF eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* ac_cv_header_stdc=yes else echo "$ac_err" >&5 rm -rf conftest* ac_cv_header_stdc=no fi rm -f conftest* if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "memchr" >/dev/null 2>&1; then : else rm -rf conftest* ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "free" >/dev/null 2>&1; then : else rm -rf conftest* ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') #define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } EOF eval $ac_link if test -s conftest && (./conftest; exit) 2>/dev/null; then : else ac_cv_header_stdc=no fi fi rm -fr conftest* fi fi echo "$ac_t""$ac_cv_header_stdc" 1>&6 if test $ac_cv_header_stdc = yes; then cat >> confdefs.h <<\EOF #define STDC_HEADERS 1 EOF fi echo $ac_n "checking for pid_t""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS #include #endif EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "pid_t" >/dev/null 2>&1; then rm -rf conftest* ac_cv_type_pid_t=yes else rm -rf conftest* ac_cv_type_pid_t=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_type_pid_t" 1>&6 if test $ac_cv_type_pid_t = no; then cat >> confdefs.h <<\EOF #define pid_t int EOF fi ac_safe=`echo "vfork.h" | tr './\055' '___'` echo $ac_n "checking for vfork.h""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" else echo "$ac_err" >&5 rm -rf conftest* eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF #define HAVE_VFORK_H 1 EOF else echo "$ac_t""no" 1>&6 fi echo $ac_n "checking for working vfork""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_func_vfork'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then echo $ac_n "checking for vfork""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_func_vfork'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ char vfork(); int main() { return 0; } int t() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_vfork) || defined (__stub___vfork) choke me #else vfork(); #endif ; return 0; } EOF if eval $ac_link; then rm -rf conftest* eval "ac_cv_func_vfork=yes" else rm -rf conftest* eval "ac_cv_func_vfork=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'vfork`\" = yes"; then echo "$ac_t""yes" 1>&6 : else echo "$ac_t""no" 1>&6 fi else cat > conftest.$ac_ext < #include #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_VFORK_H #include #endif /* On some sparc systems, changes by the child to local and incoming argument registers are propagated back to the parent. The compiler is told about this with #include , but some compilers (e.g. gcc -O) don't grok . Test for this by using a static variable whose address is put into a register that is clobbered by the vfork. */ static #ifdef __cplusplus sparc_address_test (int arg) #else sparc_address_test (arg) int arg; #endif { static pid_t child; if (!child) { child = vfork (); if (child < 0) perror ("vfork"); if (!child) { arg = getpid(); write(-1, "", 0); _exit (arg); } } } main() { pid_t parent = getpid (); pid_t child; sparc_address_test (); child = vfork (); if (child == 0) { /* Here is another test for sparc vfork register problems. This test uses lots of local variables, at least as many local variables as main has allocated so far including compiler temporaries. 4 locals are enough for gcc 1.40.3 on a Solaris 4.1.3 sparc, but we use 8 to be safe. A buggy compiler should reuse the register of parent for one of the local variables, since it will think that parent can't possibly be used any more in this routine. Assigning to the local variable will thus munge parent in the parent process. */ pid_t p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(), p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid(); /* Convince the compiler that p..p7 are live; otherwise, it might use the same hardware register for all 8 local variables. */ if (p != p1 || p != p2 || p != p3 || p != p4 || p != p5 || p != p6 || p != p7) _exit(1); /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent from child file descriptors. If the child closes a descriptor before it execs or exits, this munges the parent's descriptor as well. Test for this by closing stdout in the child. */ _exit(close(fileno(stdout)) != 0); } else { int status; struct stat st; while (wait(&status) != child) ; exit( /* Was there some problem with vforking? */ child < 0 /* Did the child fail? (This shouldn't happen.) */ || status /* Did the vfork/compiler bug occur? */ || parent != getpid() /* Did the file descriptor bug occur? */ || fstat(fileno(stdout), &st) != 0 ); } } EOF eval $ac_link if test -s conftest && (./conftest; exit) 2>/dev/null; then ac_cv_func_vfork=yes else ac_cv_func_vfork=no fi fi rm -fr conftest* fi echo "$ac_t""$ac_cv_func_vfork" 1>&6 if test $ac_cv_func_vfork = no; then cat >> confdefs.h <<\EOF #define vfork fork EOF fi for ac_func in gethostname gettimeofday getusershell mkdir rmdir socket strerror strftime strstr setpriority getutxline seteuid setegid setresuid setresgid atexit on_exit strchr index strrchr rindex getcwd getwd sigsuspend sigpause sigblock sigmask getttynam sysconf getdtablesize setvbuf setenv getenv unsetenv memcpy memset bcopy bzero sigemptyset sigaddset sigprocmask getspent endspent do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ char $ac_func(); int main() { return 0; } int t() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF if eval $ac_link; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi done # Munge out LOCALBIN and LOCALMAN in canonical (no bletch) form trap '' 1 2 15 cat > confcache <<\EOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs. It is not useful on other systems. # If it contains results you don't want to keep, you may remove or edit it. # # By default, configure uses ./config.cache as the cache file, # creating it if it does not exist already. You can give configure # the --cache-file=FILE option to use a different cache file; that is # what configure does when it calls configure scripts in # subdirectories, so they share the cache. # Giving --cache-file=/dev/null disables caching, for debugging configure. # config.status only pays attention to the cache file if you give it the # --recheck option to rerun configure. # EOF # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. (set) 2>&1 | sed -n "s/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=\${\1='\2'}/p" \ >> confcache if cmp -s $cache_file confcache; then : else if test -w $cache_file; then echo "updating cache $cache_file" cat confcache > $cache_file else echo "not updating unwritable cache $cache_file" fi fi rm -f confcache trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' # Any assignment to VPATH causes Sun make to only execute # the first set of double-colon rules, so remove it if not needed. # If there is a colon in the path, we need to keep it. if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' fi trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 DEFS=-DHAVE_CONFIG_H # Without the "./", some shells look in PATH for config.status. : ${CONFIG_STATUS=./config.status} echo creating $CONFIG_STATUS rm -f $CONFIG_STATUS cat > $CONFIG_STATUS </dev/null | sed 1q`: # # $0 $ac_configure_args # # Compiler output produced by configure, useful for debugging # configure, is in ./config.log if it exists. ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" for ac_option do case "\$ac_option" in -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; -version | --version | --versio | --versi | --vers | --ver | --ve | --v) echo "$CONFIG_STATUS generated by autoconf version 2.7" exit 0 ;; -help | --help | --hel | --he | --h) echo "\$ac_cs_usage"; exit 0 ;; *) echo "\$ac_cs_usage"; exit 1 ;; esac done ac_given_srcdir=$srcdir trap 'rm -fr `echo "configure.munger Makefile.munge:Makefile.in config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 EOF cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF $ac_vpsub $extrasub s%@CFLAGS@%$CFLAGS%g s%@CPPFLAGS@%$CPPFLAGS%g s%@CXXFLAGS@%$CXXFLAGS%g s%@DEFS@%$DEFS%g s%@LDFLAGS@%$LDFLAGS%g s%@LIBS@%$LIBS%g s%@exec_prefix@%$exec_prefix%g s%@prefix@%$prefix%g s%@program_transform_name@%$program_transform_name%g s%@bindir@%$bindir%g s%@sbindir@%$sbindir%g s%@libexecdir@%$libexecdir%g s%@datadir@%$datadir%g s%@sysconfdir@%$sysconfdir%g s%@sharedstatedir@%$sharedstatedir%g s%@localstatedir@%$localstatedir%g s%@libdir@%$libdir%g s%@includedir@%$includedir%g s%@oldincludedir@%$oldincludedir%g s%@infodir@%$infodir%g s%@mandir@%$mandir%g s%@CC@%$CC%g s%@CPP@%$CPP%g s%@LN_S@%$LN_S%g s%@RANLIB@%$RANLIB%g s%@YACC@%$YACC%g s%@CHOWN@%$CHOWN%g s%@SU@%$SU%g s%@ALT_SU@%$ALT_SU%g s%@SCHEME@%$SCHEME%g s%@LOGIN@%$LOGIN%g s%@FTPD@%$FTPD%g s%@INFTPD@%$INFTPD%g s%@DEFAULT_PATH@%$DEFAULT_PATH%g s%@EXISTS@%$EXISTS%g s%@MKDIR@%$MKDIR%g s%@LIBOBJS@%$LIBOBJS%g CEOF EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then # Support "outfile[:infile]", defaulting infile="outfile.in". case "$ac_file" in *:*) ac_file_in=`echo "$ac_file"|sed 's%.*:%%'` ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; *) ac_file_in="${ac_file}.in" ;; esac # Adjust relative srcdir, etc. for subdirectories. # Remove last slash and all that follows it. Not all systems have dirname. ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then # The file is in a subdirectory. test ! -d "$ac_dir" && mkdir "$ac_dir" ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" # A "../" for each directory in $ac_dir_suffix. ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` else ac_dir_suffix= ac_dots= fi case "$ac_given_srcdir" in .) srcdir=. if test -z "$ac_dots"; then top_srcdir=. else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; *) # Relative path. srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" top_srcdir="$ac_dots$ac_given_srcdir" ;; esac echo creating "$ac_file" rm -f "$ac_file" configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." case "$ac_file" in *Makefile*) ac_comsub="1i\\ # $configure_input" ;; *) ac_comsub= ;; esac sed -e "$ac_comsub s%@configure_input@%$configure_input%g s%@srcdir@%$srcdir%g s%@top_srcdir@%$top_srcdir%g " -f conftest.subs $ac_given_srcdir/$ac_file_in > $ac_file fi; done rm -f conftest.subs # These sed commands are passed to sed as "A NAME B NAME C VALUE D", where # NAME is the cpp macro being defined and VALUE is the value it is being given. # # ac_d sets the value in "#define NAME VALUE" lines. ac_dA='s%^\([ ]*\)#\([ ]*define[ ][ ]*\)' ac_dB='\([ ][ ]*\)[^ ]*%\1#\2' ac_dC='\3' ac_dD='%g' # ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE". ac_uA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' ac_uB='\([ ]\)%\1#\2define\3' ac_uC=' ' ac_uD='\4%g' # ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE". ac_eA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' ac_eB='$%\1#\2define\3' ac_eC=' ' ac_eD='%g' CONFIG_HEADERS=${CONFIG_HEADERS-"config.h"} for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then # Support "outfile[:infile]", defaulting infile="outfile.in". case "$ac_file" in *:*) ac_file_in=`echo "$ac_file"|sed 's%.*:%%'` ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; *) ac_file_in="${ac_file}.in" ;; esac echo creating $ac_file rm -f conftest.frag conftest.in conftest.out cp $ac_given_srcdir/$ac_file_in conftest.in EOF # Transform confdefs.h into a sed script conftest.vals that substitutes # the proper values into config.h.in to produce config.h. And first: # Protect against being on the right side of a sed subst in config.status. # Protect against being in an unquoted here document in config.status. rm -f conftest.vals cat > conftest.hdr <<\EOF s/[\\&%]/\\&/g s%[\\$`]%\\&%g s%#define \([A-Za-z_][A-Za-z0-9_]*\) \(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp s%ac_d%ac_u%gp s%ac_u%ac_e%gp EOF sed -n -f conftest.hdr confdefs.h > conftest.vals rm -f conftest.hdr # This sed command replaces #undef with comments. This is necessary, for # example, in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. cat >> conftest.vals <<\EOF s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */% EOF # Break up conftest.vals because some shells have a limit on # the size of here documents, and old seds have small limits too. # Maximum number of lines to put in a single here document. ac_max_here_lines=12 rm -f conftest.tail while : do ac_lines=`grep -c . conftest.vals` # grep -c gives empty output for an empty file on some AIX systems. if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi # Write a limited-size here document to conftest.frag. echo ' cat > conftest.frag <> $CONFIG_STATUS sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS echo 'CEOF sed -f conftest.frag conftest.in > conftest.out rm -f conftest.in mv conftest.out conftest.in ' >> $CONFIG_STATUS sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail rm -f conftest.vals mv conftest.tail conftest.vals done rm -f conftest.vals cat >> $CONFIG_STATUS <<\EOF rm -f conftest.frag conftest.h echo "/* $ac_file. Generated automatically by configure. */" > conftest.h cat conftest.in >> conftest.h rm -f conftest.in if cmp -s $ac_file conftest.h 2>/dev/null; then echo "$ac_file is unchanged" rm -f conftest.h else rm -f $ac_file mv conftest.h $ac_file fi fi; done exit 0 EOF chmod +x $CONFIG_STATUS rm -fr confdefs* $ac_clean_files test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 sh configure.munger opie-2.11/Makefile.in100644 4101 3565 152171 6070256475 13030 0ustar cmetzipv6#!/usr/bin/make # # This file is a product of Makefile.source being run through the mkmf # Perl script to generate all of the System-Target format make targets # automatically and is ready to be hacked to suit your needs. If you make # modifications to the OPIE Makefiles as a programmer, please modify the # Makefile.source file instead of this one. # ## # Makefile.source and Makefile: Directions for building and installing OPIE. # # Portions of this software are Copyright 1995 by Randall Atkinson and Dan # McDonald, All Rights Reserved. All Rights under this copyright are assigned # to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and # License Agreement applies to this software. # # History: # # Modified at NRL for OPIE 2.11: Fixed fatal mistype of Autoconf. # Modified at NRL for OPIE 2.1: Changed targets to reflect source # file name changes. Changed explanation and flags for static # linking. Changed opieinfo target. Removed WHOAMI. Added # Autoconf targets. Changed if conditionals to use test # instead of [. Changed SU_DIR to SU to help autoconf. # Changed FTPDIR and FTPDNAME to FTPD to help autoconf. # Changed HP-UX to HP-UX9 and HP-UX10. Make uninstall # target depend on config. HPUX *is* no longer necessary, but # something does have to be there. Sub in Autoconf @CC@. # Modified at NRL for OPIE 2.04: Re-worded explanation of SU_STAR_CHECK. # Modified at NRL for OPIE 2.02: Added SU_STAR_CHECK flag. # Modified at NRL for OPIE 2.01: Test target makes opiesu and opielogin # setuid. install target clears that. uninstall target needs to # remove the opiekey symlinks. opieinfo target needs to # substitute for $(EXISTS). ifdefs target needs to check for # starting hash. $(LDFLAGS) and -o should be at the end of all # link commands to spoon-feed drain bamaged link editors. Added # A/UX defaults. # Modified heavily at NRL for OPIE 2.0. # Written at Bellcore for the S/Key Version 1 software distribution # (Makefile). #============================================================================ # CONFIGURATION PARAMETERS -- CHANGE THESE TO SUIT YOUR MACHINE # Shell to use for make(1) # It's usually a good idea to leave this as-is. On some systems, ksh or bash # may be necessary SHELL=/bin/sh # Where is chown(1)? # Solaris #CHOWN=/usr/bin/chown # AIX, HP-UX9, HP-UX10, Linux, A/UX #CHOWN=/bin/chown # BSD/OS, 4.4BSD, FreeBSD, NetBSD #CHOWN=/usr/sbin/chown # IRIX #CHOWN=/sbin/chown # SunOS #CHOWN=/usr/etc/chown # Autoconf #CHOWN=@CHOWN@ # What flag to test(1) will indicate existence? # # The '-e' flag is exactly what we want. Which makes it little surprise that # not all systems have it. We'll live with the '-f' flag, which will only # work with real files (i.e., it won't handle symlinks and wierder things # properly) # # BSD/OS, FreeBSD, NetBSD, Linux, 4.4BSD #EXISTS=-e # SunOS, IRIX, HP-UX9, HP-UX10, AIX, Solaris, A/UX #EXISTS=-f # Autoconf #EXISTS=@EXISTS@ # How should we call mkdir(1) to make directories if they aren't there? # # We want to call mkdir with the -p flag to make parent directories, # but many systems don't have this flag. # # BSD/OS, FreeBSD, NetBSD, Linux, SunOS, AIX, 4.4BSD #MKDIR=mkdir -p # IRIX, HP-UX9, HP-UX10, A/UX #MKDIR=mkdir # Autoconf #MKDIR=@MKDIR@ # OWNER is the username who should own the OPIE binaries. # GROUP is the groupname associated with the OPIE binaries. # OWNER=root GROUP=bin # Ranlib is only needed on BSD systems. # Using "true" happens to be a handy makefile hack for System V machines. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD #RANLIB=ranlib # Solaris, HP-UX9, HP-UX10, IRIX, A/UX #RANLIB=true # Autoconf RANLIB=@RANLIB@ # LOCALBIN is the place where user-installed binaries reside. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD, Solaris, HP-UX9, HP-UX10, IRIX, A/UX #LOCALBIN=/usr/local/bin #LOCALBIN=/usr/contrib/bin # Autoconf #LOCALBIN=@LOCALBIN@ # LOCALMAN is the place where user-installed manual pages reside. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD, Solaris, HP-UX9, HP-UX10, IRIX, A/UX #LOCALMAN=/usr/local/man #LOCALMAN=/usr/contrib/man #LOCALMAN=/usr/share/man #LOCALMAN=/usr/man/man # Autoconf #LOCALMAN=@LOCALMAN@ # Where is the su(1) program? # Solaris, SunOS, BSD/OS, 4.4BSD, Linux, FreeBSD, NetBSD #SU=/usr/bin/su # HP-UX9, HP-UX10, AIX, IRIX, A/UX #SU=/bin/su # Autoconf #SU=@SU@ # Is there another location to which opiesu should be copied? (i.e., /sbin) # Solaris, IRIX #ALT_SU=/sbin/su # Autoconf #ALT_SU=@ALT_SU@ # Where is the login(1) binary? # Solaris, SunOS, BSD/OS, 4.4BSD, FreeBSD, NetBSD #LOGIN=/usr/bin/login # HP-UX9, HP-UX10, AIX, Linux, A/UX #LOGIN=/bin/login # IRIX #LOGIN=/usr/lib/iaf/scheme # Autoconf #LOGIN=@LOGIN@ # What should the default PATH be? # Note that the supplied defaults vary slightly from that of some # of the operating systems. Also note that OPIE does not support some # systems' notion of a second default path for root -- if you are root, then # you need to use a shell configuration file to set up any special path # entries. # BSD/OS, 4.4BSD, HP-UX9, HP-UX10, Linux, Solaris, FreeBSD, NetBSD, A/UX #DEFAULT_PATH=/usr/bin:/bin # SunOS #DEFAULT_PATH=/usr/ucb:/usr/bin:/bin # IRIX #DEFAULT_PATH=/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11 # AIX #DEFAULT_PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin # Autoconf #DEFAULT_PATH=@DEFAULT_PATH@ # Where should the OPIE key database be stored? KEY_FILE=/etc/opiekeys # Should we support a trusted access file, and, if so, where should it go? # # Sites who have to choose between opening up this security hole and not # having OPIE at all will need to enable this option. It is highly recommended # that you do *not* enable this option and leave this line commented. #ACCESS_FILE="-DACCESS_FILE=\"/etc/opieaccess\"" # Where is the FTP daemon? # Solaris, Linux #FTPD=/usr/sbin/in.ftpd # SunOS #FTPD=/usr/etc/in.ftpd # IRIX #FTPD=/usr/etc/ftpd # BSD/OS, 4.4BSD, FreeBSD, NetBSD #FTPD=/usr/libexec/ftpd # HP-UX9, AIX, A/UX #FTPD=/etc/ftpd # HP-UX10 #FTPD=/usr/lbin/ftpd # Autoconf #FTPD=@FTPD@ # What flags should be passed to the linker? # # Some systems (e.g. Solaris) need to explicitly include network libraries # (e.g. nsl, socket). # # Also, on some systems, you may wish to build the OPIE programs statically # linked to prevent attacks based on the shared library system. (Solaris # requires some stub libraries that are not included here in order to be # able to do this). No system with shared libraries should need OPIE built # statically to be secure, but, then again, no system should have security # bugs, either. # # Solaris #LDFLAGS=-lnsl -lsocket # FreeBSD #LDFLAGS=-lcrypt # A/UX #LDFLAGS=-lposix # Systems with GCC #LDFLAGS=-static # Autoconf #LDFLAGS=@LIBS@ # Compile-time options for OPIE: # # * System type: # # -DSOLARIS=1 If your system is Solaris (implies SVR4=1) # -DSUNOS=1 If your system is SunOS (implies BSD4_3=1) # -DBSD=1 If your system is like BSD # -DBSD4_3=1 If your system is like 4.3BSD (implies BSD=1) # -DSYSV=1 If your system is like System V # -DSVR4=1 If your system is like System V Release 4 (-> SYSV=1) # -DIS_A_SYSV=1 If your system is like System V and -DSYSV=1 fails # -DIS_A_BSD=1 If your system is like BSD and -DBSD=1 fails # # * Haves and needs # -DHAVE_DIRENT=1 If your system has dirent-style directory routines # -DNEED_GETENV=1 If your system doesn't have getenv(3) # -DNEED_SETENV=1 If your system doesn't have setenv(3) # -DNEED_STRERROR=1 If your system doesn't have strerror(3) # -DNEED_GETUSERSHELL=1 If your system doesn't have getusershell(3) # and endusershell(3) # -DNEED_ATEXIT=1 If your system doesn't have atexit(3) # -DNEED_STRING=1 If your system doesn't have strchr(3) and strrchr(3) # but does have index(3) and rindex(3) # # * Vendor-compatible "features" # # -DDOUTMPX=1 If your system uses a utmpx file along with a utmp # -DDOSECURETTY=1 If you want to use an /etc/securetty file to control # which terminals root can log in from # -DPERMSFILE="" Change the permissions of certain devices on login, # as specified in # -DDOWHEEL=1 Implement the BSD "wheel group" su restriction # (only members of group 0 can su) # -DDOTITLE=1 Change the process info of ftpd so that ps listings # will show status information # -DDOMOTD=0 If your system's login program *doesn't* display # /etc/motd and check for mail (i.e., it is done in # shell scripts like /etc/profile and /etc/.login) # # * Miscellaneous # # -DDOANONYMOUS=1 If you want ftpd to support anonymous logins # whenever an "ftp" account exists in /etc/passwd. # # -DSYS_FCNTL_H=1 Use instead of . # -DMJR=1 Support Marcus J. Ranum's scheme to prevent # dictionary attacks. (see README.MJR) # IRIX #OPTIONS=-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1 # Solaris #OPTIONS=-DSOLARIS=1 -DDOMOTD=0 # SunOS #OPTIONS=-DSUNOS # BSD/OS, 4.4BSD, FreeBSD, NetBSD #OPTIONS=-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask # Linux #OPTIONS=-DDOSECURETTY=1 # HP-UX9, HP-UX10 #OPTIONS=-DSYSV=1 # AIX #OPTIONS=-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1 # A/UX #OPTIONS=-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE # Autoconf #OPTIONS=@DEFS@ # Which message-digest algorithm do you want to use? # # MD5 is the default and highly recommended because it is stronger. Sites # migrating from Bellcore S/Key v1 might want to use MD4 for compatibility # reasons. Support for MD4 will be removed in a future version of OPIE. MDX=5 #MDX=4 # Do you want to ask users to re-type their secret passwords when calculating # responses? # # Doing so will help eliminate errors due to mistypes at the cost of user # annoyance. #RETYPE=1 RETYPE=0 # Do you want to generate per-user lock files to serialize OPIE logins? # # Doing so will help prevent an attack based on a race condition at the # cost of user annoyance and opening up a denial-of-service attack. USER_LOCKING=1 #USER_LOCKING=0 # Do you want to use ANSI C prototypes when compiling? # # Some systems with not-really-ANSI compilers break with prototypes. PROTOTYPES=1 #PROTOTYPES=0 # Do you want su(8) to be able to switch to accounts that have been # disabled (via a pw_passwd field of '*' or '#')? # # The traditional behavior (SU_STAR_CHECK == 0) is that a su run by root # can switch to any account. Sites that want to prevent root from su'ing # to a disabled ("starred out") account should set SU_STAR_CHECK = 1 below. SU_STAR_CHECK=0 #SU_STAR_CHECK=1 # Which C compiler should we use? # # On many systems, GNU C (gcc) may be the best choice because that is what # we used for OPIE development. You need an ANSI C compiler to build OPIE. # Some K&R-with-extensions compilers (ie, SunOS, HP-UX) might work. Straight # K&R most likely will not. # # Solaris users: You need to use either GNU C or the unbundled SunPro C # compiler to build OPIE. The BSD compatible compiler in /usr/ucb/cc will # probably not work properly for the same reasons the SunOS one won't. # # SunOS and HP-UX users: The compiler shipped with your system is NOT ANSI # and probably will not compile OPIE correctly. Your best course of action # is to get and install GNU C. HP also makes an added-cost ANSI C compiler # for HP-UX systems. If you would like to try to install OPIE using the # compiler that comes with SunOS or HP-UX, uncommment the first line # below. If it doesn't work properly, don't say that we didn't warn you. # # If your /bin/cc groks ANSI C, then use it #CC=cc # SunOS, HP-UX9, HP-UX10, A/UX #CC=gcc # HP-UX with the optional ANSI C compiler #CC=cc -A # Autoconf #CC=@CC@ # The first line will build a normal version of OPIE. # # The second is for brave souls porting OPIE to a new system or trying to # debug it and should definitely NOT be used to build a production copy # of OPIE. # # The third uses a nifty heap debugger called "Electric Fence" DEBUG= #DEBUG=-DDEBUG -g #DEBUG=-DDEBUG -g -lefence # Which yacc program should we use? # If you don't know, just leave it alone. # AIX, SunOS, 4.4BSD, BSD/OS, Linux, FreeBSD, NetBSD, Solaris, HP-UX9, HP-UX10, IRIX, A/UX #YACC=yacc # Autoconf #YACC=@YACC@ # Uncomment the lines below beginning with "DES" if you are using the MJR # variant. See README.MJR for more details. #DESINCLUDE= ../libdes #DESLIB= $(DESINCLUDE)/libdes.a #DESFLAGS= -I$(DESINCLUDE) # END OF NORMAL CONFIGURATION PARAMETERS -- DON'T TOUCH THINGS BELOW HERE #========================================================================= BACKUP=opie.old LIBOBJS=opiesubr.o opiesubr2.o md4c.o md5c.o put.o utmp.o accessfile.o CFLAGS=-DPROTOTYPES=$(PROTOTYPES) -DMDX=$(MDX) -DRETYPE=$(RETYPE) $(DEBUG) \ -DKEY_FILE=\"$(KEY_FILE)\" -DDEFAULT_PATH=\"$(DEFAULT_PATH)\" \ $(ACCESS_FILE) $(OPTIONS) -DOPTION_STRING=\""$(OPTIONS)"\" \ -DUSER_LOCKING=$(USER_LOCKING) -DSU_STAR_CHECK=$(SU_STAR_CHECK) config: @if test -z "$(OPTIONS)"; then echo "Did you read the README file?"; exit 1; fi @if test -z "$(EXISTS)"; then echo "Did you read the README file?"; exit 1; fi check: config @if test ! -x "$(CHOWN)"; then echo "Check your value for CHOWN."; exit 1; fi @if test ! -x "$(WHOAMI)"; then echo "Check your value for WHOAMI."; exit 1; fi @if test ! -d "$(LOCALBIN)"; then echo "Check your value for LOCALBIN."; exit 1; fi @if test ! -d "$(LOCALMAN)"; then echo "Check your value for LOCALMAN."; exit 1; fi @if test ! $(EXISTS) "$(SU)"; then echo "Check your value for SU."; exit 1; fi @if test ! -z "$(ALT_SU)"; then if test ! $(EXISTS) "$(ALT_SU)"; then echo "Check your value for ALT_SU."; exit 1; fi; fi @if test ! $(EXISTS) "$(LOGIN)"; then echo "Check your value for LOGIN."; exit 1; fi @if test ! -d "$(FTP_DIR)"; then echo "Check your value for FTP_DIR."; exit 1; fi @if test ! $(EXISTS) "$(FTPD_NAME)"; then echo "Check your value for FTPD_NAME."; exit 1; fi @if test ! -z "$(ACCESS_FILE)"; then echo "Remember that ACCESS_FILE opens up a security hole!"; fi ifdefs: egrep '^#*if*def' *.c *.h | cut -f2 -d: | sort | uniq client: config libopie.a opiekey client-install: config client @echo "Installing OPIE client software..." @echo "Copying OPIE key-related files" @if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi @cp opiekey $(LOCALBIN) @$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey @chgrp $(GROUP) $(LOCALBIN)/opiekey @echo "Changing file permissions" @chmod 0511 $(LOCALBIN)/opiekey @echo "Symlinking aliases to opiekey" @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/opie-md4 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/opie-md5 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/key @echo "Installing manual pages" @-for i in opie-md4 opie-md5 opie-des otp-md4 otp-md5; do ln -s opiekey.1 $(LOCALMAN)/man1/$$i.1; done @if test ! -d $(LOCALMAN)/man1; then $(MKDIR) $(LOCALMAN)/man1; chmod 755 $(LOCALMAN)/man1; fi; cp opiekey.1 $(LOCALMAN)/man1/opiekey.1; $(CHOWN) $(OWNER) $(LOCALMAN)/man1/opiekey.1; chgrp $(GROUP) $(LOCALMAN)/man1/opiekey.1; chmod 644 $(LOCALMAN)/man1/opiekey.1 server: config opielogin opiesu opiepasswd opieinfo opieftpd server-test: server @echo "Installing OPIE server software..." @echo "Copying OPIE user programs" @if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi @cp opiepasswd opieinfo $(LOCALBIN) @echo "Changing ownership" @$(CHOWN) $(OWNER) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo @chgrp $(GROUP) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo @echo "Changing file permissions" @chmod 0555 $(LOCALBIN)/opieinfo @chmod 4511 $(LOCALBIN)/opiepasswd @echo "Preparing opiesu and opielogin for testing" @$(CHOWN) $(OWNER) opiesu opielogin @chgrp $(GROUP) opiesu opielogin @chmod 4511 opiesu opielogin test: server-test server-install: server-test @echo "Clearing testing permissions on opiesu and opielogin" @chmod 0111 opiesu opielogin @echo "Installing OPIE system programs..." @if test ! $(EXISTS) $(LOGIN).$(BACKUP); then echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; mv $(LOGIN) $(LOGIN).$(BACKUP); echo "Clearing permissions on old $(LOGIN)"; chmod 0 $(LOGIN).$(BACKUP); fi @echo "Copying opielogin to $(LOGIN)" @cp opielogin $(LOGIN) @echo "Changing ownership of $(LOGIN)" @$(CHOWN) $(OWNER) $(LOGIN) @chgrp $(GROUP) $(LOGIN) @echo "Changing file permissions of $(LOGIN)" @chmod 4111 $(LOGIN) @if test ! $(EXISTS) $(SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(SU) $(SU).$(BACKUP); echo "Clearing permissions on old su"; chmod 0 $(SU).$(BACKUP); fi @-if test ! -z "$(ALT_SU)"; then if test ! $(EXISTS) $(ALT_SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(ALT_SU) $(ALT_SU).$(BACKUP); fi; echo "Copying opiesu to su"; cp opiesu $(ALT_SU); echo "Changing ownership"; $(CHOWN) $(OWNER) $(ALT_SU); chgrp $(GROUP) $(ALT_SU); echo "Changing file permissions"; chmod 4111 $(ALT_SU); echo "Clearning permissions on old su"; chmod 0 $(ALT_SU).$(BACKUP); fi @echo "Copying opiesu to su" @cp opiesu $(SU) @echo "Changing ownership of su" @$(CHOWN) $(OWNER) $(SU) @chgrp $(GROUP) $(SU) @echo "Changing file permissions of su" @chmod 4111 $(SU) @if test ! $(EXISTS) $(FTPD).$(BACKUP); then echo "Renaming existing ftp daemon to $(FTPD).$(BACKUP)"; mv $(FTPD) $(FTPD).$(BACKUP); echo "Clearing permissions on old ftp daemon"; chmod 0 $(FTPD).$(BACKUP); fi @echo "Copying OPIE ftp daemon" @cp opieftpd $(FTPD) @echo "Changing ownership of ftpd" @$(CHOWN) $(OWNER) $(FTPD) @chgrp $(GROUP) $(FTPD) @echo "Changing file permissions of ftpd" @chmod 0100 $(FTPD) @echo "Creating OPIE key file" @touch $(KEY_FILE) @echo "Changing permissions of OPIE key file" @chmod 0644 $(KEY_FILE) @echo "Changing ownership of OPIE key file" @$(CHOWN) $(OWNER) $(KEY_FILE) @chgrp $(GROUP) $(KEY_FILE) @-if test ! -z "$(ACCESS_FILE)"; then echo "Creating OPIE access file (don't say we didn't warn you)"; FILE=`echo $(ACCESS_FILE) | sed 's:^-DACCESS_FILE="\(.*\)":\1:'`; touch $$FILE; $(CHOWN) 0 $$FILE; chgrp 0 $$FILE; chmod 0444 $$FILE; fi; @echo "Installing manual pages" @if test ! -d $(LOCALMAN); then $(MKDIR) $(LOCALMAN); chmod 755 $(LOCALMAN); fi @for i in 1 4 5 8; do for j in *.$$i; do if test ! -d $(LOCALMAN)/man$$i; then $(MKDIR) $(LOCALMAN)/man$$i; chmod 755 $(LOCALMAN)/man$$i; fi; cp $$j $(LOCALMAN)/man$$i/$$j; $(CHOWN) $(OWNER) $(LOCALMAN)/man$$i/$$j; chgrp $(GROUP) $(LOCALMAN)/man$$i/$$j; chmod 644 $(LOCALMAN)/man$$i/$$j; done; done @echo "REMEMBER to run opiepasswd on your users immediately." install: client-install server-install uninstall: config @echo "Un-installing OPIE..." @echo "Removing symlinks" @-for i in opie-md4 opie-md5 otp-md4 otp-md5 key; do rm $(LOCALBIN)/$$i; done @echo "Removing OPIE programs" @-for i in opiekey opiepasswd opieinfo; do rm $(LOCALBIN)/$$i; done @echo "Removing OPIE manual pages" @-for i in 1 4 5 8; do for j in *.$$i; do rm $(LOCALMAN)/man$$i/$$j; done; done @-for i in $(SU) $(ALT_SU) $(LOGIN) $(FTPD); do FILE=`basename $$i`; if test ! $(EXISTS) $$i.$(BACKUP); then echo "No $$i.$(BACKUP)! Aborting."; exit 1; else echo "Removing $$FILE"; rm $$i || true; echo "Restoring old $$FILE"; mv $$i.$(BACKUP) $$i; fi; done @echo "Resetting permissions" @chmod 4111 $(SU) $(LOGIN) @chmod 0100 $(FTPD) @if test ! -z "$(ALT_SU)"; then chmod 4111 $(ALT_SU); fi @echo "OPIE is now un-installed." @echo "Please verify by hand that this process worked." all: client server libopie.a: $(LIBOBJS) ar r libopie.a $(LIBOBJS) $(RANLIB) libopie.a clean: -rm -f *.o opiekey opielogin opiepasswd opiesu opieftpd y.tab.c -rm -f libopie.a opie_build.h opieinfo options.h *core* -rm -f Makefile.munge configure.munger realclean: clean -rm -f *~ core* "\#*\#" -rm -f config.log config.status config.cache config.h opiekey: opiekey.o libopie.a $(CC) $(CFLAGS) opiekey.o md5c.o libopie.a $(LDFLAGS) \ -o opiekey opieftpd: opieftpd.o glob.o logwtmp.o popen.o y.tab.o getusershell.o libopie.a $(CC) $(CFLAGS) opieftpd.o glob.o logwtmp.o popen.o y.tab.o \ getusershell.o accessfile.o md5c.o libopie.a $(LDFLAGS) \ -o opieftpd opielogin: opielogin.o permsfile.o utmp.o setenv.o getenv.o libopie.a $(CC) $(CFLAGS) opielogin.o permsfile.o accessfile.o utmp.o \ setenv.o getenv.o md5c.o libopie.a $(LDFLAGS) \ -o opielogin # Add "($DESLIB)" after "libopie.a" above if using MJR's method. opiepasswd: opiepasswd.o libopie.a $(CC) $(CFLAGS) opiepasswd.o md5c.o libopie.a $(LDFLAGS) \ -o opiepasswd opiesu: opiesu.o libopie.a $(CC) $(CFLAGS) opiesu.o md5c.o libopie.a $(LDFLAGS) \ -o opiesu y.tab.c: ftpcmd.y $(YACC) ftpcmd.y opieinfo: opieinfo.o libopie.a $(CC) $(CFLAGS) opieinfo.o libopie.a $(LDFLAGS) \ -o opieinfo options.h: Makefile echo $(CFLAGS) | sed 's:-D::g' | sed 's:\"::g' | \ sed 's:^:#define OPTION_STRING ":' | sed 's:$$:":' > options.h solaris: solaris-all solaris-: solaris-all solaris-all: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" all solaris-test: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" test solaris-install: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" install solaris-uninstall: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" uninstall solaris-client: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" client solaris-client-install: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" client-install solaris-server: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" server solaris-server-install: make CHOWN="/usr/bin/chown" EXISTS="-f" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" LDFLAGS="-lnsl -lsocket" OPTIONS="-DSOLARIS=1 -DDOMOTD=0" YACC="yacc" server-install sunos: sunos-all sunos-: sunos-all sunos-all: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" all sunos-test: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" test sunos-install: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" install sunos-uninstall: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" uninstall sunos-client: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" client sunos-client-install: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" client-install sunos-server: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" server sunos-server-install: make CHOWN="/usr/etc/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/ucb:/usr/bin:/bin" FTPD="/usr/etc/in.ftpd" OPTIONS="-DSUNOS" CC="gcc" YACC="yacc" server-install 44bsd: 44bsd-all 44bsd-: 44bsd-all 44bsd-all: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" all 44bsd-test: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" test 44bsd-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" install 44bsd-uninstall: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" uninstall 44bsd-client: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client 44bsd-client-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client-install 44bsd-server: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server 44bsd-server-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server-install bsdos: bsdos-all bsdos-: bsdos-all bsdos-all: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" all bsdos-test: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" test bsdos-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" install bsdos-uninstall: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" uninstall bsdos-client: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client bsdos-client-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client-install bsdos-server: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server bsdos-server-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server-install linux: linux-all linux-: linux-all linux-all: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" all linux-test: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" test linux-install: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" install linux-uninstall: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" uninstall linux-client: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" client linux-client-install: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" client-install linux-server: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" server linux-server-install: make CHOWN="/bin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/sbin/in.ftpd" OPTIONS="-DDOSECURETTY=1" YACC="yacc" server-install irix: irix-all irix-: irix-all irix-all: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" all irix-test: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" test irix-install: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" install irix-uninstall: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" uninstall irix-client: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" client irix-client-install: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" client-install irix-server: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" server irix-server-install: make CHOWN="/sbin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" ALT_SU="/sbin/su" LOGIN="/usr/lib/iaf/scheme" DEFAULT_PATH="/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11" FTPD="/usr/etc/ftpd" OPTIONS="-DSVR4=1 -DNEED_GETUSERSHELL=1 -DNEED_SETENV=1 -DDOMOTD=0 -DDOUTMPX=1" YACC="yacc" server-install hpux9: hpux9-all hpux9-: hpux9-all hpux9-all: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" all hpux9-test: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" test hpux9-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" install hpux9-uninstall: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" uninstall hpux9-client: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" client hpux9-client-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" client-install hpux9-server: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" server hpux9-server-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" server-install hpux10: hpux10-all hpux10-: hpux10-all hpux10-all: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" all hpux10-test: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" test hpux10-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" install hpux10-uninstall: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" uninstall hpux10-client: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" client hpux10-client-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" client-install hpux10-server: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" server hpux10-server-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/lbin/ftpd" OPTIONS="-DSYSV=1" CC="gcc" YACC="yacc" server-install aix: aix-all aix-: aix-all aix-all: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" all aix-test: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" test aix-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" install aix-uninstall: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" uninstall aix-client: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" client aix-client-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" client-install aix-server: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" server aix-server-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin" FTPD="/etc/ftpd" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DFCNTL_NOT_SYS=1 -DNEED_GETUSERSHELL=1" YACC="yacc" server-install freebsd: freebsd-all freebsd-: freebsd-all freebsd-all: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" all freebsd-test: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" test freebsd-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" install freebsd-uninstall: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" uninstall freebsd-client: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client freebsd-client-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client-install freebsd-server: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server freebsd-server-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" LDFLAGS="-lcrypt" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server-install netbsd: netbsd-all netbsd-: netbsd-all netbsd-all: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" all netbsd-test: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" test netbsd-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" install netbsd-uninstall: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" uninstall netbsd-client: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client netbsd-client-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" client-install netbsd-server: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server netbsd-server-install: make CHOWN="/usr/sbin/chown" EXISTS="-e" MKDIR="mkdir -p" RANLIB="ranlib" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/usr/bin/su" LOGIN="/usr/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/usr/libexec/ftpd" OPTIONS="-DBSD4_3 -DHAVE_DIRENT -Dsigprocmask=sigprocmask" YACC="yacc" server-install aux: aux-all aux-: aux-all aux-all: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" all aux-test: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" test aux-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" install aux-uninstall: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" uninstall aux-client: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" client aux-client-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" client-install aux-server: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" server aux-server-install: make CHOWN="/bin/chown" EXISTS="-f" MKDIR="mkdir" RANLIB="true" LOCALBIN="/usr/local/bin" LOCALMAN="/usr/local/man" SU="/bin/su" LOGIN="/bin/login" DEFAULT_PATH="/usr/bin:/bin" FTPD="/etc/ftpd" LDFLAGS="-lposix" OPTIONS="-DSYSV=1 -DNEED_SETENV=1 -DNEED_STRERROR=1 -DNEED_ATEXIT=1 -DDOMOTD=0 -D_POSIX_SOURCE" CC="gcc" YACC="yacc" server-install autoconf: autoconf-all autoconf-: autoconf-all autoconf-all: make CHOWN="@CHOWN@" EXISTS="@EXISTS@" MKDIR="@MKDIR@" LOCALBIN="@LOCALBIN@" LOCALMAN="@LOCALMAN@" SU="@SU@" ALT_SU="@ALT_SU@" LOGIN="@LOGIN@" DEFAULT_PATH="@DEFAULT_PATH@" FTPD="@FTPD@" LDFLAGS="@LIBS@" OPTIONS="@DEFS@" CC="@CC@" YACC="@YACC@" all autoconf-test: make CHOWN="@CHOWN@" EXISTS="@EXISTS@" MKDIR="@MKDIR@" LOCALBIN="@LOCALBIN@" LOCALMAN="@LOCALMAN@" SU="@SU@" ALT_SU="@ALT_SU@" LOGIN="@LOGIN@" DEFAULT_PATH="@DEFAULT_PATH@" FTPD="@FTPD@" LDFLAGS="@LIBS@" OPTIONS="@DEFS@" CC="@CC@" YACC="@YACC@" test autoconf-install: make CHOWN="@CHOWN@" EXISTS="@EXISTS@" MKDIR="@MKDIR@" LOCALBIN="@LOCALBIN@" LOCALMAN="@LOCALMAN@" SU="@SU@" ALT_SU="@ALT_SU@" LOGIN="@LOGIN@" DEFAULT_PATH="@DEFAULT_PATH@" FTPD="@FTPD@" LDFLAGS="@LIBS@" OPTIONS="@DEFS@" CC="@CC@" YACC="@YACC@" install autoconf-uninstall: make CHOWN="@CHOWN@" EXISTS="@EXISTS@" MKDIR="@MKDIR@" LOCALBIN="@LOCALBIN@" LOCALMAN="@LOCALMAN@" SU="@SU@" ALT_SU="@ALT_SU@" LOGIN="@LOGIN@" DEFAULT_PATH="@DEFAULT_PATH@" FTPD="@FTPD@" LDFLAGS="@LIBS@" OPTIONS="@DEFS@" CC="@CC@" YACC="@YACC@" uninstall autoconf-client: make CHOWN="@CHOWN@" EXISTS="@EXISTS@" MKDIR="@MKDIR@" LOCALBIN="@LOCALBIN@" LOCALMAN="@LOCALMAN@" SU="@SU@" ALT_SU="@ALT_SU@" LOGIN="@LOGIN@" DEFAULT_PATH="@DEFAULT_PATH@" FTPD="@FTPD@" LDFLAGS="@LIBS@" OPTIONS="@DEFS@" CC="@CC@" YACC="@YACC@" client autoconf-client-install: make CHOWN="@CHOWN@" EXISTS="@EXISTS@" MKDIR="@MKDIR@" LOCALBIN="@LOCALBIN@" LOCALMAN="@LOCALMAN@" SU="@SU@" ALT_SU="@ALT_SU@" LOGIN="@LOGIN@" DEFAULT_PATH="@DEFAULT_PATH@" FTPD="@FTPD@" LDFLAGS="@LIBS@" OPTIONS="@DEFS@" CC="@CC@" YACC="@YACC@" client-install autoconf-server: make CHOWN="@CHOWN@" EXISTS="@EXISTS@" MKDIR="@MKDIR@" LOCALBIN="@LOCALBIN@" LOCALMAN="@LOCALMAN@" SU="@SU@" ALT_SU="@ALT_SU@" LOGIN="@LOGIN@" DEFAULT_PATH="@DEFAULT_PATH@" FTPD="@FTPD@" LDFLAGS="@LIBS@" OPTIONS="@DEFS@" CC="@CC@" YACC="@YACC@" server autoconf-server-install: make CHOWN="@CHOWN@" EXISTS="@EXISTS@" MKDIR="@MKDIR@" LOCALBIN="@LOCALBIN@" LOCALMAN="@LOCALMAN@" SU="@SU@" ALT_SU="@ALT_SU@" LOGIN="@LOGIN@" DEFAULT_PATH="@DEFAULT_PATH@" FTPD="@FTPD@" LDFLAGS="@LIBS@" OPTIONS="@DEFS@" CC="@CC@" YACC="@YACC@" server-install opie-2.11/configure.munger.in100644 4101 3565 631 6070043273 14467 0ustar cmetzipv6prefix=@prefix@ exec_prefix=@exec_prefix@ bindir=@bindir@ mandir=@mandir@ LOCALBIN=$bindir LOCALMAN=$mandir echo "" echo "Binaries are going to be installed into $LOCALBIN," echo "Manual pages are going to be installed into $LOCALMAN." echo "" echo "creating Makefile" cat Makefile.munge | sed s:@LOCALMAN@:$LOCALMAN:g | sed s:@LOCALBIN@:$LOCALBIN:g > Makefile echo "" echo "Have you read the README file?" opie-2.11/acconfig.h100644 4101 3565 1572 6070043272 12630 0ustar cmetzipv6/* Define if the closedir function returns void instead of int. */ #undef CLOSEDIR_VOID /* Defined if the file /etc/default/login exists (and, presumably, should be looked at by login */ #undef HAVE_ETC_DEFAULT_LOGIN /* Defined if the file /etc/fbtab exists (and, presumably, should be looked at by login */ #undef HAVE_ETC_FBTAB /* Defined if the file /etc/logindevperm exists (and, presumably, should be looked at by login */ #undef HAVE_ETC_LOGINDEVPERM /* Defined if the file /etc/securetty exists (and, presumably, should be looked at by login */ #undef HAVE_ETC_SECURETTY /* The path to the mail spool, if we know it */ #undef PATH_MAIL /* Defined if the system's profile (/etc/profile) displays the motd file */ #undef HAVE_MOTD_IN_PROFILE /* Defined if the system's profile (/etc/profile) informs the user of new mail */ #undef HAVE_MAILCHECK_IN_PROFILE opie-2.11/opieftpd.c100644 4101 3565 111511 6070043276 12723 0ustar cmetzipv6/* ftpd.c: Main program for an FTP daemon. Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Added declaration of envp. Discard result of opiechallenge (allows access control to work). Added patches for AIX. Symbol changes for autoconf. Modified at NRL for OPIE 2.01. Changed password lookup handling to avoid problems with drain-bamaged shadow password packages. Properly handle internal state for anonymous FTP. Unlock user accounts properly if login fails because of /etc/shells. Make sure to close syslog by function to avoid problems with drain bamaged syslog implementations. Modified at NRL for OPIE 2.0. Originally from BSD Net/2. */ /* * Copyright (c) 1985, 1988, 1990 Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint char copyright[] = "@(#) Copyright (c) 1985, 1988, 1990 Regents of the University of California.\n\ All rights reserved.\n"; #endif /* not lint */ #ifndef lint static char sccsid[] = "@(#)ftpd.c 5.40 (Berkeley) 7/2/91"; #endif /* not lint */ #include "opie_cfg.h" /* OPIE: various configurable definitions */ /* * FTP server. */ #include #include #include #include #include #ifdef SYS_FCNTL_H #include #else #include #endif /* SYS_FCNTL_H */ #include #include #include #include #define FTP_NAMES #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "opie.h" /* OPIE: general header */ #if HAVE_SHADOW_H #include #endif /* HAVE_SHADOW_H */ #if HAVE_CRYPT_H #include #endif /* HAVE_CRYPT_H */ #ifdef _AIX #include #include #endif /* _AIX */ #ifdef IP_TOS #ifndef IPTOS_THROUGHPUT #undef IP_TOS #endif /* !IPTOS_THROUGHPUT */ #ifndef IPTOS_LOWDELAY #undef IP_TOS #endif /* !IPTOS_LOWDELAY */ #endif /* IP_TOS */ #if NEED_STRERROR extern char *sys_errlist[]; /* If this prototype gives you trouble, try this one instead: */ /* extern const char *sys_errlist[]; */ #define strerror(x) (sys_errlist[x]) #endif /* NEED_STRERROR */ extern int errno; extern char *home; /* pointer to home directory for glob */ extern FILE *ftpd_popen(), *fopen(), *freopen(); extern int ftpd_pclose(), fclose(); extern char cbuf[]; extern off_t restart_point; struct sockaddr_in ctrl_addr; struct sockaddr_in data_source; struct sockaddr_in data_dest; struct sockaddr_in his_addr; struct sockaddr_in pasv_addr; int data; jmp_buf errcatch, urgcatch; int logged_in; struct passwd *pw; int debug; int timeout = 900; /* timeout after 15 minutes of inactivity */ int maxtimeout = 7200; /* don't allow idle time to be set beyond 2 hours */ int logging = 1; /* By default, do full logging. */ #if DOANONYMOUS int guest; #endif /* DOANONYMOUS */ int type; int form; int stru; /* avoid C keyword */ int mode; int usedefault = 1; /* for data transfers */ int pdata = -1; /* for passive mode */ int transflag; off_t file_size; off_t byte_count; #if (!defined(CMASK) || CMASK == 0) #undef CMASK #define CMASK 027 #endif int defumask = CMASK; /* default umask value */ char tmpline[7]; char hostname[MAXHOSTNAMELEN]; char remotehost[MAXHOSTNAMELEN]; /* * Timeout intervals for retrying connections * to hosts that don't accept PORT cmds. This * is a kludge, but given the problems with TCP... */ #define SWAITMAX 90 /* wait at most 90 seconds */ #define SWAITINT 5 /* interval between retries */ int swaitmax = SWAITMAX; int swaitint = SWAITINT; void lostconn(), myoob(); FILE *getdatasock(), *dataconn(); void closelog __ARGS((void)); #if DOTITLE char **Argv = NULL; /* pointer to argument vector */ char *LastArgv = NULL; /* end of argv */ char proctitle[BUFSIZ]; /* initial part of title */ #endif /* DOTITLE */ int af_pwok = 0, pwok = 0; struct opie opiestate; void perror_reply __ARGS((int, char *)); void end_login __ARGS((void)); void dologout __ARGS((int)); char *getline __ARGS((char *, int, FILE *)); void upper __ARGS((char *)); int checkuser __ARGS((char *)); /* void reply __ARGS((int, char *, int, int, int, int, int, int)); */ /* void lreply __ARGS((int, char *, int, int, int, int, int, int)); */ int logwtmp __ARGS((char *, char *, char *)); int receive_data __ARGS((FILE *, FILE *)); void send_data __ARGS((FILE *, FILE *, off_t)); void lostconn(input) int input; /* input variable declared just to keep compiler quiet */ { if (debug) syslog(LOG_DEBUG, "lost connection"); dologout(-1); } static char ttyline[20]; /* * Helper function for sgetpwnam(). */ char *sgetsave(s) char *s; { char *new = malloc((unsigned) strlen(s) + 1); if (new == NULL) { perror_reply(421, "Local resource failure: malloc"); dologout(1); /* NOTREACHED */ } strcpy(new, s); return (new); } /* * Save the result of a getpwnam. Used for USER command, since * the data returned must not be clobbered by any other command * (e.g., globbing). */ struct passwd *sgetpwnam(name) char *name; { static struct passwd save; register struct passwd *p; char *sgetsave(); #if HAVE_SHADOW struct spwd *spwd; #endif /* HAVE_SHADOW */ if ((p = getpwnam(name)) == NULL) return (p); #if HAVE_SHADOW if ((spwd = getspnam(name)) == NULL) return NULL; endspent(); p->pw_passwd = spwd->sp_pwdp; #endif /* HAVE_SHADOW */ endpwent(); if (save.pw_name) { free(save.pw_name); free(save.pw_passwd); free(save.pw_gecos); free(save.pw_dir); free(save.pw_shell); } save = *p; save.pw_name = sgetsave(p->pw_name); save.pw_passwd = sgetsave(p->pw_passwd); save.pw_gecos = sgetsave(p->pw_gecos); save.pw_dir = sgetsave(p->pw_dir); save.pw_shell = sgetsave(p->pw_shell); return (&save); } int login_attempts; /* number of failed login attempts */ int askpasswd; /* had user command, ask for passwd */ /* * USER command. * Sets global passwd pointer pw if named account exists and is acceptable; * sets askpasswd if a PASS command is expected. If logged in previously, * need to reset state. If name is "ftp" or "anonymous", the name is not in * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return. * If account doesn't exist, ask for passwd anyway. Otherwise, check user * requesting login privileges. Disallow anyone who does not have a standard * shell as returned by getusershell(). Disallow anyone mentioned in the file * _PATH_FTPUSERS to allow people such as root and uucp to be avoided. */ int user(name) char *name; { register char *cp; char *shell; char *getusershell(); if (logged_in) { #if DOANONYMOUS if (guest) { reply(530, "Can't change user from guest login."); return -1; } #endif /* DOANONMOUS */ end_login(); } askpasswd = 1; #if DOANONYMOUS guest = 0; if (!strcmp(name, "ftp") || !strcmp(name, "anonymous")) if (!checkuser("ftp") && !checkuser("anonymous")) if ((pw = sgetpwnam("ftp")) != NULL) { guest = 1; askpasswd = 1; reply(331, "Guest login ok, send ident as password."); syslog(LOG_INFO, "Anonymous FTP connection made from host %s.", remotehost); return 0; } #endif /* DOANONYMOUS */ if (pw = sgetpwnam(name)) { if ((shell = pw->pw_shell) == NULL || *shell == 0) shell = _PATH_BSHELL; while ((cp = getusershell()) != NULL) if (!strcmp(cp, shell)) break; endusershell(); if (cp == NULL || checkuser(name) || ((pw->pw_passwd[0] == '*') || (pw->pw_passwd[0] == '#'))) { pw = (struct passwd *) NULL; askpasswd = -1; } } { char prompt[OPIE_CHALLENGE_MAX + 1]; opiechallenge(&opiestate, name, prompt); if (askpasswd == -1) { syslog(LOG_WARNING, "Invalid FTP user name %s attempted from %s.", name, remotehost); pwok = 0; } else pwok = af_pwok && opiealways(pw->pw_dir); reply(331, "OTP response %s %s for %s.", prompt, pwok ? "requested" : "required", name); } /* Delay before reading passwd after first failed attempt to slow down passwd-guessing programs. */ if (login_attempts) sleep((unsigned) login_attempts); return 0; } /* * Check if a user is in the file _PATH_FTPUSERS */ int checkuser(name) char *name; { register FILE *fd; register char *p; char line[BUFSIZ]; if ((fd = fopen(_PATH_FTPUSERS, "r")) != NULL) { while (fgets(line, sizeof(line), fd) != NULL) if ((p = strchr(line, '\n')) != NULL) { *p = '\0'; if (line[0] == '#') continue; if (strcmp(line, name) == 0) return (1); } fclose(fd); } return (0); } /* * Terminate login as previous user, if any, resetting state; * used when USER command is given or login fails. */ void end_login() { if (seteuid((uid_t) 0)) syslog(LOG_ERR, "Can't set euid"); if (logged_in) logwtmp(ttyline, "", ""); pw = NULL; logged_in = 0; #if DOANONYMOUS guest = 0; #endif /* DOANONYMOUS */ } void pass(passwd) char *passwd; { int legit = askpasswd + 1, i; if (logged_in || askpasswd == 0) { reply(503, "Login with USER first."); return; } askpasswd = 0; #if DOANONYMOUS if (!guest) { /* "ftp" is only account allowed no password */ #endif /* DOANONYMOUS */ i = opieverify(&opiestate, passwd); if (legit && i && pwok) i = strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd); if (!legit || i) { reply(530, "Login incorrect."); pw = NULL; if (login_attempts++ >= 5) { syslog(LOG_WARNING, "Repeated login failures for user %s from %s", pw->pw_name, remotehost); exit(0); } return; } #if DOANONYMOUS } #endif /* DOANONYMOUS */ login_attempts = 0; /* this time successful */ setegid((gid_t) pw->pw_gid); initgroups(pw->pw_name, pw->pw_gid); /* open wtmp before chroot */ sprintf(ttyline, "ftp%d", getpid()); logwtmp(ttyline, pw->pw_name, remotehost); logged_in = 1; #if DOANONYMOUS if (guest) { /* We MUST do a chdir() after the chroot. Otherwise the old current directory will be accessible as "." outside the new root! */ if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { reply(550, "Can't set guest privileges."); goto bad; } } else #endif /* DOANONYMOUS */ if (chdir(pw->pw_dir) < 0) { if (chdir("/") < 0) { reply(530, "User %s: can't change directory to %s.", pw->pw_name, pw->pw_dir); goto bad; } else lreply(230, "No directory! Logging in with home=/"); } /* This patch was contributed by an OPIE user. We don't know what it does, exactly. It may or may not work. */ #ifdef _AIX { priv_t priv; priv.pv_priv[0] = 0; priv.pv_priv[1] = 0; setgroups(NULL, NULL); if (setpriv(PRIV_SET|PRIV_INHERITED|PRIV_EFFECTIVE|PRIV_BEQUEATH, &priv, sizeof(priv_t)) < 0 || setgidx(ID_REAL|ID_EFFECTIVE, (gid_t)pw->pw_gid) < 0 || setuidx(ID_REAL|ID_EFFECTIVE, (uid_t)pw->pw_uid) < 0 || seteuid((uid_t)pw->pw_uid) < 0) { reply(550, "Can't set uid (_AIX3)."); goto bad; } } #else /* _AIX */ if (seteuid((uid_t) pw->pw_uid) < 0) { reply(550, "Can't set uid."); goto bad; } #endif /* _AIX */ #if DOANONYMOUS if (guest) { reply(230, "Guest login ok, access restrictions apply."); #if DOTITLE sprintf(proctitle, "%s: anonymous/%.*s", remotehost, sizeof(proctitle) - sizeof(remotehost) - sizeof(": anonymous/"), passwd); setproctitle(proctitle); #endif /* DOTITLE */ if (logging) syslog(LOG_NOTICE, "ANONYMOUS FTP login from %s with ID %s", remotehost, passwd); } else #endif /* DOANONYMOUS */ { reply(230, "User %s logged in.", pw->pw_name); #if DOTITLE sprintf(proctitle, "%s: %s", remotehost, pw->pw_name); setproctitle(proctitle); #endif /* DOTITLE */ if (logging) syslog(LOG_NOTICE, "FTP login from %s with user name %s", remotehost, pw->pw_name); } home = pw->pw_dir; /* home dir for globbing */ umask(defumask); return; bad: /* Forget all about it... */ end_login(); } void retrieve(cmd, name) char *cmd, *name; { FILE *fin, *dout; struct stat st; int (*closefunc) (); if (cmd == 0) { fin = fopen(name, "r"), closefunc = fclose; st.st_size = 0; } else { char line[BUFSIZ]; sprintf(line, cmd, name), name = line; fin = ftpd_popen(line, "r"), closefunc = ftpd_pclose; st.st_size = -1; #if HAVE_ST_BLKSIZE st.st_blksize = BUFSIZ; #endif /* HAVE_ST_BLKSIZE */ } if (fin == NULL) { if (errno != 0) perror_reply(550, name); return; } if (cmd == 0 && (fstat(fileno(fin), &st) < 0 || (st.st_mode & S_IFMT) != S_IFREG)) { reply(550, "%s: not a plain file.", name); goto done; } if (restart_point) { if (type == TYPE_A) { register int i, n, c; n = restart_point; i = 0; while (i++ < n) { if ((c = getc(fin)) == EOF) { perror_reply(550, name); goto done; } if (c == '\n') i++; } } else if (lseek(fileno(fin), restart_point, SEEK_SET /* L_SET */ ) < 0) { perror_reply(550, name); goto done; } } dout = dataconn(name, st.st_size, "w"); if (dout == NULL) goto done; #if HAVE_ST_BLKSIZE send_data(fin, dout, st.st_blksize); #else /* HAVE_ST_BLKSIZE */ send_data(fin, dout, BUFSIZ); #endif /* HAVE_ST_BLKSIZE */ fclose(dout); data = -1; pdata = -1; done: (*closefunc) (fin); } void store(name, mode, unique) char *name, *mode; int unique; { FILE *fout, *din; struct stat st; int (*closefunc) (); char *gunique(); if (unique && stat(name, &st) == 0 && (name = gunique(name)) == NULL) return; if (restart_point) mode = "r+w"; fout = fopen(name, mode); closefunc = fclose; if (fout == NULL) { perror_reply(553, name); return; } if (restart_point) { if (type == TYPE_A) { register int i, n, c; n = restart_point; i = 0; while (i++ < n) { if ((c = getc(fout)) == EOF) { perror_reply(550, name); goto done; } if (c == '\n') i++; } /* We must do this seek to "current" position because we are changing from reading to writing. */ if (fseek(fout, 0L, SEEK_CUR /* L_INCR */ ) < 0) { perror_reply(550, name); goto done; } } else if (lseek(fileno(fout), restart_point, SEEK_SET /* L_SET */ ) < 0) { perror_reply(550, name); goto done; } } din = dataconn(name, (off_t) - 1, "r"); if (din == NULL) goto done; if (receive_data(din, fout) == 0) { if (unique) reply(226, "Transfer complete (unique file name:%s).", name); else reply(226, "Transfer complete."); } fclose(din); data = -1; pdata = -1; done: (*closefunc) (fout); } FILE *getdatasock(mode) char *mode; { int s, on = 1, tries; if (data >= 0) return (fdopen(data, mode)); if (seteuid((uid_t) 0)) syslog(LOG_ERR, "Can't set euid"); s = socket(AF_INET, SOCK_STREAM, 0); if (s < 0) goto bad; if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)) < 0) goto bad; /* anchor socket to avoid multi-homing problems */ data_source.sin_family = AF_INET; data_source.sin_addr = ctrl_addr.sin_addr; for (tries = 1;; tries++) { if (bind(s, (struct sockaddr *) & data_source, sizeof(data_source)) >= 0) break; if (errno != EADDRINUSE || tries > 10) goto bad; sleep(tries); } if (seteuid((uid_t) pw->pw_uid)) syslog(LOG_ERR, "Can't set euid"); #ifdef IP_TOS on = IPTOS_THROUGHPUT; if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *) &on, sizeof(int)) < 0) syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); #endif return (fdopen(s, mode)); bad: if (seteuid((uid_t) pw->pw_uid)) syslog(LOG_ERR, "Can't set euid"); close(s); return (NULL); } FILE *dataconn(name, size, mode) char *name; off_t size; char *mode; { char sizebuf[32]; FILE *file; int retry = 0, tos; file_size = size; byte_count = 0; if (size != (off_t) - 1) sprintf(sizebuf, " (%ld bytes)", size); else strcpy(sizebuf, ""); if (pdata >= 0) { struct sockaddr_in from; int s, fromlen = sizeof(from); s = accept(pdata, (struct sockaddr *) & from, &fromlen); if (s < 0) { reply(425, "Can't open data connection."); close(pdata); pdata = -1; return (NULL); } close(pdata); pdata = s; #ifdef IP_TOS tos = IPTOS_LOWDELAY; setsockopt(s, IPPROTO_IP, IP_TOS, (char *) &tos, sizeof(int)); #endif reply(150, "Opening %s mode data connection for %s%s.", type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); return (fdopen(pdata, mode)); } if (data >= 0) { reply(125, "Using existing data connection for %s%s.", name, sizebuf); usedefault = 1; return (fdopen(data, mode)); } if (usedefault) data_dest = his_addr; usedefault = 1; file = getdatasock(mode); if (file == NULL) { reply(425, "Can't create data socket (%s,%d): %s.", inet_ntoa(data_source.sin_addr), ntohs(data_source.sin_port), strerror(errno)); return (NULL); } data = fileno(file); while (connect(data, (struct sockaddr *) & data_dest, sizeof(data_dest)) < 0) { if (errno == EADDRINUSE && retry < swaitmax) { sleep((unsigned) swaitint); retry += swaitint; continue; } perror_reply(425, "Can't build data connection"); fclose(file); data = -1; return (NULL); } reply(150, "Opening %s mode data connection for %s%s.", type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); return (file); } /* * Tranfer the contents of "instr" to * "outstr" peer using the appropriate * encapsulation of the data subject * to Mode, Structure, and Type. * * NB: Form isn't handled. */ void send_data(instr, outstr, blksize) FILE *instr, *outstr; off_t blksize; { register int c, cnt; register char *buf; int netfd, filefd; transflag++; if (setjmp(urgcatch)) { transflag = 0; return; } switch (type) { case TYPE_A: while ((c = getc(instr)) != EOF) { byte_count++; if (c == '\n') { if (ferror(outstr)) goto data_err; putc('\r', outstr); } putc(c, outstr); } fflush(outstr); transflag = 0; if (ferror(instr)) goto file_err; if (ferror(outstr)) goto data_err; reply(226, "Transfer complete."); return; case TYPE_I: case TYPE_L: if ((buf = malloc((u_int) blksize)) == NULL) { transflag = 0; perror_reply(451, "Local resource failure: malloc"); return; } netfd = fileno(outstr); filefd = fileno(instr); while ((cnt = read(filefd, buf, (u_int) blksize)) > 0 && write(netfd, buf, cnt) == cnt) byte_count += cnt; transflag = 0; free(buf); if (cnt != 0) { if (cnt < 0) goto file_err; goto data_err; } reply(226, "Transfer complete."); return; default: transflag = 0; reply(550, "Unimplemented TYPE %d in send_data", type); return; } data_err: transflag = 0; perror_reply(426, "Data connection"); return; file_err: transflag = 0; perror_reply(551, "Error on input file"); } /* * Transfer data from peer to * "outstr" using the appropriate * encapulation of the data subject * to Mode, Structure, and Type. * * N.B.: Form isn't handled. */ int receive_data(instr, outstr) FILE *instr, *outstr; { register int c; int cnt, bare_lfs = 0; char buf[BUFSIZ]; transflag++; if (setjmp(urgcatch)) { transflag = 0; return (-1); } switch (type) { case TYPE_I: case TYPE_L: while ((cnt = read(fileno(instr), buf, sizeof buf)) > 0) { if (write(fileno(outstr), buf, cnt) != cnt) goto file_err; byte_count += cnt; } if (cnt < 0) goto data_err; transflag = 0; return (0); case TYPE_E: reply(553, "TYPE E not implemented."); transflag = 0; return (-1); case TYPE_A: while ((c = getc(instr)) != EOF) { byte_count++; if (c == '\n') bare_lfs++; while (c == '\r') { if (ferror(outstr)) goto data_err; if ((c = getc(instr)) != '\n') { putc('\r', outstr); if (c == '\0' || c == EOF) goto contin2; } } putc(c, outstr); contin2:; } fflush(outstr); if (ferror(instr)) goto data_err; if (ferror(outstr)) goto file_err; transflag = 0; if (bare_lfs) { lreply(230, "WARNING! %d bare linefeeds received in ASCII mode", bare_lfs); printf(" File may not have transferred correctly.\r\n"); } return (0); default: reply(550, "Unimplemented TYPE %d in receive_data", type); transflag = 0; return (-1); } data_err: transflag = 0; perror_reply(426, "Data Connection"); return (-1); file_err: transflag = 0; perror_reply(452, "Error writing file"); return (-1); } void statfilecmd(filename) char *filename; { char line[BUFSIZ]; FILE *fin; int c; sprintf(line, "%s %s", LS_COMMAND, filename); fin = ftpd_popen(line, "r"); lreply(211, "status of %s:", filename); while ((c = getc(fin)) != EOF) { if (c == '\n') { if (ferror(stdout)) { perror_reply(421, "control connection"); ftpd_pclose(fin); dologout(1); /* NOTREACHED */ } if (ferror(fin)) { perror_reply(551, filename); ftpd_pclose(fin); return; } putc('\r', stdout); } putc(c, stdout); } ftpd_pclose(fin); reply(211, "End of Status"); } void statcmd() { /* COMMENTED OUT STUFF BECAUSE THINGS BROKE ON SUNOS. */ struct sockaddr_in *sin; u_char *a, *p; lreply(211, "%s FTP server status:", hostname); printf(" \r\n"); printf(" Connected to %s", remotehost); if (!isdigit(remotehost[0])) printf(" (%s)", inet_ntoa(his_addr.sin_addr)); printf("\r\n"); if (logged_in) { #if DOANONYMOUS if (guest) printf(" Logged in anonymously\r\n"); else #endif /* DOANONYMOUS */ printf(" Logged in as %s\r\n", pw->pw_name); } else if (askpasswd) printf(" Waiting for password\r\n"); else printf(" Waiting for user name\r\n"); /* printf(" TYPE: %s", typenames[type]); */ if (type == TYPE_A || type == TYPE_E) /* printf(", FORM: %s", formnames[form]) */ ; #ifndef NBBY #define NBBY 8 /* Reasonable for modern UNIX systems */ #endif /* NBBY */ if (type == TYPE_L) printf(" %d", NBBY); /* printf("; STRUcture: %s; transfer MODE: %s\r\n", strunames[stru], modenames[mode]); */ if (data != -1) printf(" Data connection open\r\n"); else if (pdata != -1) { printf(" in Passive mode"); sin = &pasv_addr; goto printaddr; } else if (usedefault == 0) { printf(" PORT"); sin = &data_dest; printaddr: a = (u_char *) & sin->sin_addr; p = (u_char *) & sin->sin_port; #define UC(b) (((int) b) & 0xff) printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); #undef UC } else printf(" No data connection\r\n"); reply(211, "End of status"); } void opiefatal(s) char *s; { reply(451, "Error in server: %s\n", s); reply(221, "Closing connection due to server error."); dologout(0); /* NOTREACHED */ } /* VARARGS2 */ reply(n, fmt, p0, p1, p2, p3, p4, p5) int n; char *fmt; { printf("%d ", n); printf(fmt, p0, p1, p2, p3, p4, p5); printf("\r\n"); fflush(stdout); if (debug) { syslog(LOG_DEBUG, "<--- %d ", n); syslog(LOG_DEBUG, fmt, p0, p1, p2, p3, p4, p5); } } /* VARARGS2 */ lreply(n, fmt, p0, p1, p2, p3, p4, p5) int n; char *fmt; { printf("%d- ", n); printf(fmt, p0, p1, p2, p3, p4, p5); printf("\r\n"); fflush(stdout); if (debug) { syslog(LOG_DEBUG, "<--- %d- ", n); syslog(LOG_DEBUG, fmt, p0, p1, p2, p3, p4, p5); } } void ack(s) char *s; { reply(250, "%s command successful.", s); } void nack(s) char *s; { reply(502, "%s command not implemented.", s); } /* ARGSUSED */ void yyerror(s) char *s; { char *cp; if (cp = strchr(cbuf, '\n')) *cp = '\0'; reply(500, "'%s': command not understood.", cbuf); } void delete(name) char *name; { struct stat st; if (stat(name, &st) < 0) { perror_reply(550, name); return; } if ((st.st_mode & S_IFMT) == S_IFDIR) { if (rmdir(name) < 0) { perror_reply(550, name); return; } goto done; } if (unlink(name) < 0) { perror_reply(550, name); return; } done: ack("DELE"); } void cwd(path) char *path; { if (chdir(path) < 0) perror_reply(550, path); else ack("CWD"); } void makedir(name) char *name; { if (mkdir(name, 0777) < 0) perror_reply(550, name); else reply(257, "MKD command successful."); } void removedir(name) char *name; { if (rmdir(name) < 0) perror_reply(550, name); else ack("RMD"); } void pwd() { char path[MAXPATHLEN + 1]; if (getcwd(path, MAXPATHLEN) == (char *) NULL) reply(550, "%s.", path); else reply(257, "\"%s\" is current directory.", path); } char *renamefrom(name) char *name; { struct stat st; if (stat(name, &st) < 0) { perror_reply(550, name); return ((char *) 0); } reply(350, "File exists, ready for destination name"); return (name); } void renamecmd(from, to) char *from, *to; { if (rename(from, to) < 0) perror_reply(550, "rename"); else ack("RNTO"); } void dolog(sin) struct sockaddr_in *sin; { struct hostent *hp = gethostbyaddr((char *) &sin->sin_addr, sizeof(struct in_addr), AF_INET); time_t t, time(); extern char *ctime(); if (hp) strncpy(remotehost, hp->h_name, sizeof(remotehost)); else strncpy(remotehost, inet_ntoa(sin->sin_addr), sizeof(remotehost)); #if DOTITLE sprintf(proctitle, "%s: connected", remotehost); setproctitle(proctitle); #endif /* DOTITLE */ if (logging) { t = time((time_t *) 0); syslog(LOG_INFO, "connection from %s at %s", remotehost, ctime(&t)); } } /* * Record logout in wtmp file * and exit with supplied status. */ void dologout(status) int status; { if (logged_in) { if (seteuid((uid_t) 0)) syslog(LOG_ERR, "Can't set euid"); logwtmp(ttyline, "", ""); } /* beware of flushing buffers after a SIGPIPE */ _exit(status); } void myoob(input) int input; /* input variable declared only to keep compiler quiet */ { char *cp; /* only process if transfer occurring */ if (!transflag) return; cp = tmpline; if (getline(cp, 7, stdin) == NULL) { reply(221, "You could at least say goodbye."); dologout(0); } upper(cp); if (strcmp(cp, "ABOR\r\n") == 0) { tmpline[0] = '\0'; reply(426, "Transfer aborted. Data connection closed."); reply(226, "Abort successful"); longjmp(urgcatch, 1); } if (strcmp(cp, "STAT\r\n") == 0) { if (file_size != (off_t) - 1) reply(213, "Status: %lu of %lu bytes transferred", byte_count, file_size); else reply(213, "Status: %lu bytes transferred", byte_count); } } /* * Note: a response of 425 is not mentioned as a possible response to * the PASV command in RFC959. However, it has been blessed as * a legitimate response by Jon Postel in a telephone conversation * with Rick Adams on 25 Jan 89. */ void passive() { int len; register char *p, *a; pdata = socket(AF_INET, SOCK_STREAM, 0); if (pdata < 0) { perror_reply(425, "Can't open passive connection"); return; } pasv_addr = ctrl_addr; pasv_addr.sin_port = 0; if (seteuid((uid_t) 0)) syslog(LOG_ERR, "Can't set euid"); if (bind(pdata, (struct sockaddr *) & pasv_addr, sizeof(pasv_addr)) < 0) { seteuid((uid_t) pw->pw_uid); goto pasv_error; } if (seteuid((uid_t) pw->pw_uid)) syslog(LOG_ERR, "Can't set euid"); len = sizeof(pasv_addr); if (getsockname(pdata, (struct sockaddr *) & pasv_addr, &len) < 0) goto pasv_error; if (listen(pdata, 1) < 0) goto pasv_error; a = (char *) &pasv_addr.sin_addr; p = (char *) &pasv_addr.sin_port; #define UC(b) (((int) b) & 0xff) reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); return; pasv_error: close(pdata); pdata = -1; perror_reply(425, "Can't open passive connection"); return; } /* * Generate unique name for file with basename "local". * The file named "local" is already known to exist. * Generates failure reply on error. */ char * gunique(local) char *local; { static char new[MAXPATHLEN]; struct stat st; char *cp = strrchr(local, '/'); int count = 0; if (cp) *cp = '\0'; if (stat(cp ? local : ".", &st) < 0) { perror_reply(553, cp ? local : "."); return ((char *) 0); } if (cp) *cp = '/'; strcpy(new, local); cp = new + strlen(new); *cp++ = '.'; for (count = 1; count < 100; count++) { sprintf(cp, "%d", count); if (stat(new, &st) < 0) return (new); } reply(452, "Unique file name cannot be created."); return ((char *) 0); } /* * Format and send reply containing system error number. */ void perror_reply(code, string) int code; char *string; { reply(code, "%s: %s.", string, strerror(errno)); } static char *onefile[] = { "", 0 }; void send_file_list(whichfiles) char *whichfiles; { struct stat st; DIR *dirp = NULL; struct dirent *dir; FILE *dout = NULL; register char **dirlist, *dirname; int simple = 0; char *strpbrk(); if (strpbrk(whichfiles, "~{[*?") != NULL) { extern char **ftpglob(), *globerr; globerr = NULL; dirlist = ftpglob(whichfiles); if (globerr != NULL) { reply(550, globerr); return; } else if (dirlist == NULL) { errno = ENOENT; perror_reply(550, whichfiles); return; } } else { onefile[0] = whichfiles; dirlist = onefile; simple = 1; } if (setjmp(urgcatch)) { transflag = 0; return; } while (dirname = *dirlist++) { if (stat(dirname, &st) < 0) { /* If user typed "ls -l", etc, and the client used NLST, do what the user meant. */ if (dirname[0] == '-' && *dirlist == NULL && transflag == 0) { retrieve("/bin/ls %s", dirname); return; } perror_reply(550, whichfiles); if (dout != NULL) { fclose(dout); transflag = 0; data = -1; pdata = -1; } return; } if ((st.st_mode & S_IFMT) == S_IFREG) { if (dout == NULL) { dout = dataconn("file list", (off_t) - 1, "w"); if (dout == NULL) return; transflag++; } fprintf(dout, "%s%s\n", dirname, type == TYPE_A ? "\r" : ""); byte_count += strlen(dirname) + 1; continue; } else if ((st.st_mode & S_IFMT) != S_IFDIR) continue; if ((dirp = opendir(dirname)) == NULL) continue; while ((dir = readdir(dirp)) != NULL) { char nbuf[MAXPATHLEN]; if (dir->d_name[0] == '.' && (strlen(dir->d_name) == 1)) continue; if (dir->d_name[0] == '.' && dir->d_name[1] == '.' && (strlen(dir->d_name) == 2)) continue; sprintf(nbuf, "%s/%s", dirname, dir->d_name); /* We have to do a stat to insure it's not a directory or special file. */ if (simple || (stat(nbuf, &st) == 0 && (st.st_mode & S_IFMT) == S_IFREG)) { if (dout == NULL) { dout = dataconn("file list", (off_t) - 1, "w"); if (dout == NULL) return; transflag++; } if (nbuf[0] == '.' && nbuf[1] == '/') fprintf(dout, "%s%s\n", &nbuf[2], type == TYPE_A ? "\r" : ""); else fprintf(dout, "%s%s\n", nbuf, type == TYPE_A ? "\r" : ""); byte_count += strlen(nbuf) + 1; } } closedir(dirp); } if (dout == NULL) reply(550, "No files found."); else if (ferror(dout) != 0) perror_reply(550, "Data connection"); else reply(226, "Transfer complete."); transflag = 0; if (dout != NULL) fclose(dout); data = -1; pdata = -1; } #if DOTITLE /* * clobber argv so ps will show what we're doing. * (stolen from sendmail) * warning, since this is usually started from inetd.conf, it * often doesn't have much of an environment or arglist to overwrite. */ /*VARARGS1 */ setproctitle(fmt, a, b, c) char *fmt; { register char *p, *bp, ch; register int i; char buf[BUFSIZ]; sprintf(buf, fmt, a, b, c); /* make ps print our process name */ p = Argv[0]; *p++ = '-'; i = strlen(buf); if (i > LastArgv - p - 2) { i = LastArgv - p - 2; buf[i] = '\0'; } bp = buf; while (ch = *bp++) if (ch != '\n' && ch != '\r') *p++ = ch; while (p < LastArgv) *p++ = ' '; } #endif /* DOTITLE */ int main(argc, argv, envp) int argc; char *argv[]; char *envp[]; { int addrlen, on = 1, tos; char *cp; { int i; for (i = sysconf(_SC_OPEN_MAX); i > 2; i--) close(i); } /* LOG_NDELAY sets up the logging connection immediately, necessary for anonymous ftp's that chroot and can't do it later. */ openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); atexit(closelog); addrlen = sizeof(his_addr); if (getpeername(0, (struct sockaddr *) & his_addr, &addrlen) < 0) { syslog(LOG_ERR, "getpeername (%s): %m", argv[0]); exit(1); } addrlen = sizeof(ctrl_addr); if (getsockname(0, (struct sockaddr *) & ctrl_addr, &addrlen) < 0) { syslog(LOG_ERR, "getsockname (%s): %m", argv[0]); exit(1); } #ifdef IP_TOS tos = IPTOS_LOWDELAY; if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *) &tos, sizeof(int)) < 0) syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); #endif data_source.sin_port = htons(ntohs(ctrl_addr.sin_port) - 1); debug = 0; #if DOTITLE /* Save start and extent of argv for setproctitle. */ Argv = argv; while (*envp) envp++; LastArgv = envp[-1] + strlen(envp[-1]); #endif /* DOTITLE */ argc--, argv++; while (argc > 0 && *argv[0] == '-') { for (cp = &argv[0][1]; *cp; cp++) switch (*cp) { case 'v': debug = 1; break; case 'd': debug = 1; break; case 'l': logging = 1; break; case 't': timeout = atoi(++cp); if (maxtimeout < timeout) maxtimeout = timeout; goto nextopt; case 'T': maxtimeout = atoi(++cp); if (timeout > maxtimeout) timeout = maxtimeout; goto nextopt; case 'u': { int val = 0; while (*++cp && *cp >= '0' && *cp <= '9') val = val * 8 + *cp - '0'; if (*cp) fprintf(stderr, "ftpd: Bad value for -u\n"); else defumask = val; goto nextopt; } default: fprintf(stderr, "ftpd: Unknown flag -%c ignored.\n", *cp); break; } nextopt: argc--, argv++; } freopen(_PATH_DEVNULL, "w", stderr); signal(SIGPIPE, lostconn); signal(SIGCHLD, SIG_IGN); if ((int) signal(SIGURG, myoob) < 0) syslog(LOG_ERR, "signal: %m"); /* Try to handle urgent data inline */ #ifdef SO_OOBINLINE if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (char *) &on, sizeof(on)) < 0) syslog(LOG_ERR, "setsockopt: %m"); #endif #ifdef F_SETOWN if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1) syslog(LOG_ERR, "fcntl F_SETOWN: %m"); #endif dolog(&his_addr); /* Set up default state */ data = -1; type = TYPE_A; form = FORM_N; stru = STRU_F; mode = MODE_S; tmpline[0] = '\0'; af_pwok = opieaccessfile(remotehost); gethostname(hostname, sizeof(hostname)); reply(220, "%s FTP server ready.", hostname); setjmp(errcatch); for (;;) yyparse(); /* NOTREACHED */ return 0; } opie-2.11/config.h.in100644 4101 3565 14731 6070043272 12752 0ustar cmetzipv6/* config.h.in. Generated automatically from configure.in by autoheader. */ /* Define if on AIX 3. System headers sometimes define this. We just want to avoid a redefinition error message. */ #ifndef _ALL_SOURCE #undef _ALL_SOURCE #endif /* Define if you have that is POSIX.1 compatible. */ #undef HAVE_SYS_WAIT_H /* Define if you have . */ #undef HAVE_VFORK_H /* Define if on MINIX. */ #undef _MINIX /* Define to `int' if doesn't define. */ #undef pid_t /* Define if the system does not provide POSIX.1 features except with this defined. */ #undef _POSIX_1_SOURCE /* Define if you need to in order for stat and other things to work. */ #undef _POSIX_SOURCE /* Define as the return type of signal handlers (int or void). */ #undef RETSIGTYPE /* Define if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define vfork as fork if vfork does not work. */ #undef vfork /* Defined if the file /etc/default/login exists (and, presumably, should be looked at by login */ #undef HAVE_ETC_DEFAULT_LOGIN /* Defined if the file /etc/fbtab exists (and, presumably, should be looked at by login */ #undef HAVE_ETC_FBTAB /* Defined if the file /etc/logindevperm exists (and, presumably, should be looked at by login */ #undef HAVE_ETC_LOGINDEVPERM /* Defined if the file /etc/securetty exists (and, presumably, should be looked at by login */ #undef HAVE_ETC_SECURETTY /* The path to the mail spool, if we know it */ #undef PATH_MAIL /* Defined if the system's profile (/etc/profile) displays the motd file */ #undef HAVE_MOTD_IN_PROFILE /* Defined if the system's profile (/etc/profile) informs the user of new mail */ #undef HAVE_MAILCHECK_IN_PROFILE /* Define if you have the atexit function. */ #undef HAVE_ATEXIT /* Define if you have the bcopy function. */ #undef HAVE_BCOPY /* Define if you have the bzero function. */ #undef HAVE_BZERO /* Define if you have the endspent function. */ #undef HAVE_ENDSPENT /* Define if you have the getcwd function. */ #undef HAVE_GETCWD /* Define if you have the getdtablesize function. */ #undef HAVE_GETDTABLESIZE /* Define if you have the getenv function. */ #undef HAVE_GETENV /* Define if you have the gethostname function. */ #undef HAVE_GETHOSTNAME /* Define if you have the getspent function. */ #undef HAVE_GETSPENT /* Define if you have the gettimeofday function. */ #undef HAVE_GETTIMEOFDAY /* Define if you have the getttynam function. */ #undef HAVE_GETTTYNAM /* Define if you have the getusershell function. */ #undef HAVE_GETUSERSHELL /* Define if you have the getutxline function. */ #undef HAVE_GETUTXLINE /* Define if you have the getwd function. */ #undef HAVE_GETWD /* Define if you have the index function. */ #undef HAVE_INDEX /* Define if you have the memcpy function. */ #undef HAVE_MEMCPY /* Define if you have the memset function. */ #undef HAVE_MEMSET /* Define if you have the mkdir function. */ #undef HAVE_MKDIR /* Define if you have the on_exit function. */ #undef HAVE_ON_EXIT /* Define if you have the rindex function. */ #undef HAVE_RINDEX /* Define if you have the rmdir function. */ #undef HAVE_RMDIR /* Define if you have the setegid function. */ #undef HAVE_SETEGID /* Define if you have the setenv function. */ #undef HAVE_SETENV /* Define if you have the seteuid function. */ #undef HAVE_SETEUID /* Define if you have the setpriority function. */ #undef HAVE_SETPRIORITY /* Define if you have the setresgid function. */ #undef HAVE_SETRESGID /* Define if you have the setresuid function. */ #undef HAVE_SETRESUID /* Define if you have the setvbuf function. */ #undef HAVE_SETVBUF /* Define if you have the sigaddset function. */ #undef HAVE_SIGADDSET /* Define if you have the sigblock function. */ #undef HAVE_SIGBLOCK /* Define if you have the sigemptyset function. */ #undef HAVE_SIGEMPTYSET /* Define if you have the sigmask function. */ #undef HAVE_SIGMASK /* Define if you have the sigpause function. */ #undef HAVE_SIGPAUSE /* Define if you have the sigprocmask function. */ #undef HAVE_SIGPROCMASK /* Define if you have the sigsuspend function. */ #undef HAVE_SIGSUSPEND /* Define if you have the socket function. */ #undef HAVE_SOCKET /* Define if you have the strchr function. */ #undef HAVE_STRCHR /* Define if you have the strerror function. */ #undef HAVE_STRERROR /* Define if you have the strftime function. */ #undef HAVE_STRFTIME /* Define if you have the strrchr function. */ #undef HAVE_STRRCHR /* Define if you have the strstr function. */ #undef HAVE_STRSTR /* Define if you have the sysconf function. */ #undef HAVE_SYSCONF /* Define if you have the unsetenv function. */ #undef HAVE_UNSETENV /* Define if you have the header file. */ #undef HAVE_CRYPT_H /* Define if you have the header file. */ #undef HAVE_DIRENT_H /* Define if you have the header file. */ #undef HAVE_FCNTL_H /* Define if you have the header file. */ #undef HAVE_LASTLOG_H /* Define if you have the header file. */ #undef HAVE_LIMITS_H /* Define if you have the header file. */ #undef HAVE_NDIR_H /* Define if you have the header file. */ #undef HAVE_PATHS_H /* Define if you have the header file. */ #undef HAVE_SGTTY_H /* Define if you have the header file. */ #undef HAVE_SHADOW_H /* Define if you have the header file. */ #undef HAVE_SIGNAL_H /* Define if you have the header file. */ #undef HAVE_SYS_DIR_H /* Define if you have the header file. */ #undef HAVE_SYS_FILE_H /* Define if you have the header file. */ #undef HAVE_SYS_IOCTL_H /* Define if you have the header file. */ #undef HAVE_SYS_NDIR_H /* Define if you have the header file. */ #undef HAVE_SYS_SIGNAL_H /* Define if you have the header file. */ #undef HAVE_SYS_TIME_H /* Define if you have the header file. */ #undef HAVE_SYSLOG_H /* Define if you have the header file. */ #undef HAVE_TERMIO_H /* Define if you have the header file. */ #undef HAVE_TERMIOS_H /* Define if you have the header file. */ #undef HAVE_UNISTD_H /* Define if you have the crypt library (-lcrypt). */ #undef HAVE_LIBCRYPT /* Define if you have the nsl library (-lnsl). */ #undef HAVE_LIBNSL /* Define if you have the posix library (-lposix). */ #undef HAVE_LIBPOSIX /* Define if you have the socket library (-lsocket). */ #undef HAVE_LIBSOCKET opie-2.11/config.testeflag100644 4101 3565 242 6070043272 14024 0ustar cmetzipv6#! /bin/sh if test -e README >/dev/null 2>/dev/null then if test -e a.non-existant-file >/dev/null 2>/dev/null then exit 1 else exit 0 fi else exit 1 fi opie-2.11/opieinfo.c100644 4101 3565 3610 6070043276 12661 0ustar cmetzipv6/* opieinfo: Print a user's current OPIE sequence number and seed Portions of this software are Copyright 1995 by Randall Atkinson and Dan McDonald, All Rights Reserved. All Rights under this copyright are assigned to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and License Agreement applies to this software. History: Modified at NRL for OPIE 2.1. Substitute @@KEY_FILE@@. Re-write in C. Modified at NRL for OPIE 2.01. Remove hard-coded paths for grep and awk and let PATH take care of it. Substitute for Makefile variables $(EXISTS) and $(KEY_FILE). Only compute $WHO if there's a key file. Got rid of grep since awk can do the job itself. Modified at NRL for OPIE 2.0. Written at Bellcore for the S/Key Version 1 software distribution (keyinfo) */ #include #include #include #include "opie.h" #include "opie_cfg.h" /* extern char *optarg; */ extern int errno, optind; char *getusername() { struct passwd *p = getpwuid(getuid()); if (!p) return getlogin(); return p->pw_name; } main(argc, argv) int argc; char *argv[]; { FILE *f; char *username; struct opie opie; int i; while ((i = getopt(argc, argv, "hv")) != EOF) { switch (i) { case 'v': opieversion(); case 'h': default: fprintf(stderr, "usage: %s [-h] [-v] [user_name]\n", argv[0]); exit(0); } } if (optind < argc) username = argv[optind]; else username = getusername(); #if DEBUG fprintf(stderr, "Looking up %s... ", username); #endif /* DEBUG */ if ((i = opielookup(&opie, username)) && (i != 2)) { if (i < 0) fprintf(stderr, "Error opening database! (errno = %d)\n", errno); else fprintf(stderr, "%s not found in database.\n", username); exit(1); } printf("%d %s\n", opie.n - 1, opie.seed); return 0; }