From 28ed0fe08b4e7be4137d2cd330b6eb71da5ea394 Mon Sep 17 00:00:00 2001 From: "Andrey A. Chernov" Date: Thu, 17 Oct 1996 17:06:04 +0000 Subject: [PATCH] Don't ever ask for password if it is impossible to confirm it It happens if 1) regular passwords not allowed, 2) skey database not activated for given user. Under some rare circumstanes skey_challenge can return empty diagnostic or even previous buffer, fix it. --- libexec/ftpd/extern.h | 4 ++-- libexec/ftpd/ftpd.c | 15 +++++++++++++-- libexec/ftpd/skey-stuff.c | 12 +++++++----- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/libexec/ftpd/extern.h b/libexec/ftpd/extern.h index ff1cdfbf8589..bdfed868d8bb 100644 --- a/libexec/ftpd/extern.h +++ b/libexec/ftpd/extern.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)extern.h 8.2 (Berkeley) 4/4/94 - * $Id$ + * $Id: extern.h,v 1.4 1996/09/22 21:53:21 wosch Exp $ */ void blkfree __P((char **)); @@ -68,5 +68,5 @@ void user __P((char *)); void yyerror __P((char *)); int yyparse __P((void)); #if defined(SKEY) && defined(_PWD_H_) /* XXX evil */ -char *skey_challenge __P((char *, struct passwd *, int)); +char *skey_challenge __P((char *, struct passwd *, int, int *)); #endif diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 58378db9b340..42f49b0ecfd1 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: ftpd.c,v 1.22 1996/08/09 09:02:26 markm Exp $ + * $Id: ftpd.c,v 1.23 1996/08/09 22:22:30 julian Exp $ */ #if 0 @@ -182,6 +182,7 @@ char proctitle[LINE_MAX]; /* initial part of title */ #ifdef SKEY int pwok = 0; +int sflag; char addr_string[20]; /* XXX */ #endif @@ -627,7 +628,17 @@ user(name) strncpy(curname, name, sizeof(curname)-1); #ifdef SKEY pwok = skeyaccess(name, NULL, remotehost, addr_string); - reply(331, "%s", skey_challenge(name, pw, pwok)); + cp = skey_challenge(name, pw, pwok, &sflag); + if (!pwok && sflag) { + reply(530, cp); + if (logging) + syslog(LOG_NOTICE, + "FTP LOGIN REFUSED FROM %s, %s", + remotehost, name); + pw = (struct passwd *) NULL; + return; + } + reply(331, cp); #else reply(331, "Password required for %s.", name); #endif diff --git a/libexec/ftpd/skey-stuff.c b/libexec/ftpd/skey-stuff.c index 8dedc18e6f1c..06a227d7db3a 100644 --- a/libexec/ftpd/skey-stuff.c +++ b/libexec/ftpd/skey-stuff.c @@ -1,6 +1,6 @@ /* Author: Wietse Venema, Eindhoven University of Technology. * - * $Id$ + * $Id: skey-stuff.c,v 1.3 1996/09/22 21:53:34 wosch Exp $ */ #include @@ -10,18 +10,20 @@ /* skey_challenge - additional password prompt stuff */ -char *skey_challenge(name, pwd, pwok) +char *skey_challenge(name, pwd, pwok, sflag) char *name; struct passwd *pwd; int pwok; +int *sflag; { static char buf[128]; struct skey skey; + char *username = pwd ? pwd->pw_name : ":"; /* Display s/key challenge where appropriate. */ - if (pwd == 0 || skeychallenge(&skey, pwd->pw_name, buf) != 0) - sprintf(buf, "%s required for %s.", - pwok ? "Password" : "S/Key password", name); + *sflag = skeychallenge(&skey, username, buf); + sprintf(buf, "%s required for %s.", + pwok ? "Password" : "S/Key password", name); return (buf); }