Honour skey.access(5) by allowing UNIX passwords when skeyaccess(3)
has set pwok to a non-zero value. Previously, the fact that skey.access(5) allowed UNIX passwords for this connection attempt was ignored, even in the NOPAM case. This only addresses the NOPAM case; when libpam is used, the problem will persist. PR: 20333
This commit is contained in:
Sheldon Hearn
parent
ed7cf099c6
commit
028f24cffa
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=64103
@ -1188,11 +1188,14 @@ pass(passwd)
|
||||
goto skip;
|
||||
#endif
|
||||
#ifdef SKEY
|
||||
rval = strcmp(skey_crypt(passwd, pw->pw_passwd, pw, pwok),
|
||||
pw->pw_passwd);
|
||||
pwok = 0;
|
||||
if (pwok)
|
||||
rval = strcmp(pw->pw_passwd,
|
||||
crypt(passwd, pw->pw_passwd));
|
||||
if (rval)
|
||||
rval = strcmp(pw->pw_passwd,
|
||||
skey_crypt(passwd, pw->pw_passwd, pw, pwok));
|
||||
#else
|
||||
rval = strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd);
|
||||
rval = strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd));
|
||||
#endif
|
||||
/* The strcmp does not catch null passwords! */
|
||||
if (*pw->pw_passwd == '\0' ||
|
||||
@ -1220,6 +1223,9 @@ pass(passwd)
|
||||
return;
|
||||
}
|
||||
}
|
||||
#ifdef SKEY
|
||||
pwok = 0;
|
||||
#endif
|
||||
login_attempts = 0; /* this time successful */
|
||||
if (setegid((gid_t)pw->pw_gid) < 0) {
|
||||
reply(550, "Can't set gid.");
|
||||
|
||||
Loading…
Reference in New Issue
Block a user