Don't ever ask for password if it is impossible to confirm it

It happens if 1) regular passwords not allowed, 2) skey database not activated for given user. Under some rare circumstanes skey_challenge can return empty diagnostic or even previous buffer, fix it.
svn path=/head/; revision=18989
1996-10-17 17:06:04 +00:00 · 1996-10-17 17:06:04 +00:00 · 28ed0fe08b · 2020-12-20 02:59:44 +00:00
commit 28ed0fe08b
parent 6903b42cd8
3 changed files with 22 additions and 9 deletions
--- a/libexec/ftpd/extern.h
+++ b/libexec/ftpd/extern.h
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)extern.h	8.2 (Berkeley) 4/4/94
- *	$Id$
+ *	$Id: extern.h,v 1.4 1996/09/22 21:53:21 wosch Exp $
 */

 void	blkfree __P((char **));
@ -68,5 +68,5 @@ void	user __P((char *));
 void	yyerror __P((char *));
 int	yyparse __P((void));
 #if defined(SKEY) && defined(_PWD_H_) /* XXX evil */
-char   *skey_challenge __P((char *, struct passwd *, int));
+char   *skey_challenge __P((char *, struct passwd *, int, int *));
 #endif
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@ -30,7 +30,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *	$Id: ftpd.c,v 1.22 1996/08/09 09:02:26 markm Exp $
+ *	$Id: ftpd.c,v 1.23 1996/08/09 22:22:30 julian Exp $
 */

 #if 0
@ -182,6 +182,7 @@ char	proctitle[LINE_MAX];	/* initial part of title */

 #ifdef SKEY
 int	pwok = 0;
+int     sflag;
 char	addr_string[20];	/* XXX */
 #endif

@ -627,7 +628,17 @@ user(name)
 		strncpy(curname, name, sizeof(curname)-1);
 #ifdef SKEY
 	pwok = skeyaccess(name, NULL, remotehost, addr_string);
-	reply(331, "%s", skey_challenge(name, pw, pwok));
+	cp = skey_challenge(name, pw, pwok, &sflag);
+	if (!pwok && sflag) {
+		reply(530, cp);
+		if (logging)
+			syslog(LOG_NOTICE,
+			    "FTP LOGIN REFUSED FROM %s, %s",
+			    remotehost, name);
+		pw = (struct passwd *) NULL;
+		return;
+	}
+	reply(331, cp);
 #else
 	reply(331, "Password required for %s.", name);
 #endif
--- a/libexec/ftpd/skey-stuff.c
+++ b/libexec/ftpd/skey-stuff.c
@ -1,6 +1,6 @@
 /* Author: Wietse Venema, Eindhoven University of Technology. 
 *
- *	$Id$
+ *	$Id: skey-stuff.c,v 1.3 1996/09/22 21:53:34 wosch Exp $
 */

 #include <stdio.h>
@ -10,18 +10,20 @@

 /* skey_challenge - additional password prompt stuff */

-char   *skey_challenge(name, pwd, pwok)
+char   *skey_challenge(name, pwd, pwok, sflag)
 char   *name;
 struct passwd *pwd;
 int     pwok;
+int    *sflag;
 {
    static char buf[128];
    struct skey skey;
+    char *username = pwd ? pwd->pw_name : ":";

    /* Display s/key challenge where appropriate. */

-    if (pwd == 0 || skeychallenge(&skey, pwd->pw_name, buf) != 0)
-	sprintf(buf, "%s required for %s.",
-		pwok ? "Password" : "S/Key password", name);
+    *sflag = skeychallenge(&skey, username, buf);
+    sprintf(buf, "%s required for %s.",
+	pwok ? "Password" : "S/Key password", name);
    return (buf);
 }