From 0d92fee7472ed106b626ef417949182e5e627f9f Mon Sep 17 00:00:00 2001
From: Paul Traina <pst@FreeBSD.org>
Date: Fri, 27 May 1994 07:50:08 +0000
Subject: [PATCH] Clean up S/key library (libskey.a) so that filename access is
 via the standard 4.4bsd pathnames mechanism.

Also document a potential security hole vs backwards compatibility tradeoff.
---
 lib/libskey/authfile.c  | 13 ++++++++++---
 lib/libskey/pathnames.h |  5 +++++
 2 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 lib/libskey/pathnames.h

diff --git a/lib/libskey/authfile.c b/lib/libskey/authfile.c
index 32b920a727db..d93b846e7f3d 100644
--- a/lib/libskey/authfile.c
+++ b/lib/libskey/authfile.c
@@ -21,6 +21,7 @@
 #endif
 
 #include "skey.h"
+#include "pathnames.h"
 
 static int isaddr();
 static int rdnets();
@@ -113,9 +114,15 @@ unsigned long host;
     char   *strtok();
     int     permit_it = 0;
 
-    fp = fopen("/etc/skey.access", "r");
-    if (fp == NULL)
-	return 1;				/* XXX */
+    /*
+     * If auth file not found, be backwards compatible with standard login
+     * and allow hard coded passwords in from anywhere.  Some may consider
+     * this a security hole,  but backwards compatibility is more desirable
+     * than others.  If you don't like it, change the return value to be zero.
+     */
+    if ((fp = fopen(_PATH_SKEYACCESS, "r")) == NULL)
+	return 1;
+
     while (fgets(buf, sizeof(buf), fp), !feof(fp)) {
 	if (buf[0] == '#')
 	    continue;				/* Comment */
diff --git a/lib/libskey/pathnames.h b/lib/libskey/pathnames.h
new file mode 100644
index 000000000000..43631f5133c3
--- /dev/null
+++ b/lib/libskey/pathnames.h
@@ -0,0 +1,5 @@
+/* $Id$ (FreeBSD) */
+
+#include <paths.h>
+
+#define       _PATH_SKEYACCESS        "/etc/skey.access"