Date: Wed, 29 Aug 2001 12:58:44 +0200 From: Joerg Wunsch <j@ida.interface-business.de> To: audit@freebsd.org Cc: ache@freebsd.org, security@freebsd.org Subject: -a in opiekey(1) doesn't work Message-ID: <20010829125844.E60434@ida.interface-business.de>
next in thread | raw e-mail | index | archive | help
Dunno who's the best person to tell this. The -a option to opiekey(1) is supposed to suppress password checking, but closer inspection of the code reveals that the value of `aflag' is properly set when the option is provided, but then never used again. This prevents opiekey from becoming a full replacement of the old skey program for users who used to have too short secret passwords. We should either remove it completely if we think providing this option is a bad idea from the beginning, or make it work as advertised. The patch below implements the latter. (Btw., the check against (flags & 2) isn't useful either since flags is passed from the caller as either 0 or 1, hard-coded. We could set flag 2 when aflag is set, but that'd mean to modify 6 calls to opiereadpass() instead of a single line of change as suggested below.) Index: contrib/opie/opiekey.c =================================================================== RCS file: /home/ncvs/src/contrib/opie/opiekey.c,v retrieving revision 1.1.1.2.6.1 diff -u -r1.1.1.2.6.1 opiekey.c --- contrib/opie/opiekey.c 2000/06/09 07:14:56 1.1.1.2.6.1 +++ contrib/opie/opiekey.c 2001/08/29 10:02:02 @@ -116,7 +116,7 @@ } memset(verify, 0, sizeof(verify)); } - if (!(flags & 2) && opiepasscheck(secret)) { + if (!(flags & 2) && !aflag && opiepasscheck(secret)) { memset(secret, 0, sizeof(secret)); fprintf(stderr, "Secret pass phrases must be between %d and %d characters long.\n", OPIE_SECRET_MIN, OPIE_SECRET_MAX); exit(1); -- J"org Wunsch Unix support engineer joerg_wunsch@interface-systems.de http://www.interface-systems.de/~j/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010829125844.E60434>