Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 29 Aug 2001 12:58:44 +0200
From:      Joerg Wunsch <j@ida.interface-business.de>
To:        audit@freebsd.org
Cc:        ache@freebsd.org, security@freebsd.org
Subject:   -a in opiekey(1) doesn't work
Message-ID:  <20010829125844.E60434@ida.interface-business.de>
next in thread | raw e-mail | index | archive | help 
Dunno who's the best person to tell this.  The -a option to opiekey(1)
is supposed to suppress password checking, but closer inspection of
the code reveals that the value of `aflag' is properly set when the
option is provided, but then never used again.  This prevents opiekey
from becoming a full replacement of the old skey program for users who
used to have too short secret passwords.

We should either remove it completely if we think providing this
option is a bad idea from the beginning, or make it work as
advertised.  The patch below implements the latter.  (Btw., the check
against (flags & 2) isn't useful either since flags is passed from the
caller as either 0 or 1, hard-coded.  We could set flag 2 when aflag
is set, but that'd mean to modify 6 calls to opiereadpass() instead of
a single line of change as suggested below.)

Index: contrib/opie/opiekey.c
===================================================================
RCS file: /home/ncvs/src/contrib/opie/opiekey.c,v
retrieving revision 1.1.1.2.6.1
diff -u -r1.1.1.2.6.1 opiekey.c
--- contrib/opie/opiekey.c	2000/06/09 07:14:56	1.1.1.2.6.1
+++ contrib/opie/opiekey.c	2001/08/29 10:02:02
@@ -116,7 +116,7 @@
     }
     memset(verify, 0, sizeof(verify));
   }
-  if (!(flags & 2) && opiepasscheck(secret)) {
+  if (!(flags & 2) && !aflag && opiepasscheck(secret)) {
     memset(secret, 0, sizeof(secret));
     fprintf(stderr, "Secret pass phrases must be between %d and %d characters long.\n", OPIE_SECRET_MIN, OPIE_SECRET_MAX);
     exit(1);


-- 
J"org Wunsch					       Unix support engineer
joerg_wunsch@interface-systems.de        http://www.interface-systems.de/~j/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010829125844.E60434>