Don't ever ask for password if it is impossible to confirm it
It happens if 1) regular passwords not allowed, 2) skey database not activated for given user. Under some rare circumstanes skey_challenge can return empty diagnostic or even previous buffer, fix it.
This commit is contained in:
parent
6903b42cd8
commit
28ed0fe08b
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=18989
@ -31,7 +31,7 @@
|
|||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* @(#)extern.h 8.2 (Berkeley) 4/4/94
|
* @(#)extern.h 8.2 (Berkeley) 4/4/94
|
||||||
* $Id$
|
* $Id: extern.h,v 1.4 1996/09/22 21:53:21 wosch Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
void blkfree __P((char **));
|
void blkfree __P((char **));
|
||||||
@ -68,5 +68,5 @@ void user __P((char *));
|
|||||||
void yyerror __P((char *));
|
void yyerror __P((char *));
|
||||||
int yyparse __P((void));
|
int yyparse __P((void));
|
||||||
#if defined(SKEY) && defined(_PWD_H_) /* XXX evil */
|
#if defined(SKEY) && defined(_PWD_H_) /* XXX evil */
|
||||||
char *skey_challenge __P((char *, struct passwd *, int));
|
char *skey_challenge __P((char *, struct passwd *, int, int *));
|
||||||
#endif
|
#endif
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $Id: ftpd.c,v 1.22 1996/08/09 09:02:26 markm Exp $
|
* $Id: ftpd.c,v 1.23 1996/08/09 22:22:30 julian Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
@ -182,6 +182,7 @@ char proctitle[LINE_MAX]; /* initial part of title */
|
|||||||
|
|
||||||
#ifdef SKEY
|
#ifdef SKEY
|
||||||
int pwok = 0;
|
int pwok = 0;
|
||||||
|
int sflag;
|
||||||
char addr_string[20]; /* XXX */
|
char addr_string[20]; /* XXX */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -627,7 +628,17 @@ user(name)
|
|||||||
strncpy(curname, name, sizeof(curname)-1);
|
strncpy(curname, name, sizeof(curname)-1);
|
||||||
#ifdef SKEY
|
#ifdef SKEY
|
||||||
pwok = skeyaccess(name, NULL, remotehost, addr_string);
|
pwok = skeyaccess(name, NULL, remotehost, addr_string);
|
||||||
reply(331, "%s", skey_challenge(name, pw, pwok));
|
cp = skey_challenge(name, pw, pwok, &sflag);
|
||||||
|
if (!pwok && sflag) {
|
||||||
|
reply(530, cp);
|
||||||
|
if (logging)
|
||||||
|
syslog(LOG_NOTICE,
|
||||||
|
"FTP LOGIN REFUSED FROM %s, %s",
|
||||||
|
remotehost, name);
|
||||||
|
pw = (struct passwd *) NULL;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
reply(331, cp);
|
||||||
#else
|
#else
|
||||||
reply(331, "Password required for %s.", name);
|
reply(331, "Password required for %s.", name);
|
||||||
#endif
|
#endif
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/* Author: Wietse Venema, Eindhoven University of Technology.
|
/* Author: Wietse Venema, Eindhoven University of Technology.
|
||||||
*
|
*
|
||||||
* $Id$
|
* $Id: skey-stuff.c,v 1.3 1996/09/22 21:53:34 wosch Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
@ -10,18 +10,20 @@
|
|||||||
|
|
||||||
/* skey_challenge - additional password prompt stuff */
|
/* skey_challenge - additional password prompt stuff */
|
||||||
|
|
||||||
char *skey_challenge(name, pwd, pwok)
|
char *skey_challenge(name, pwd, pwok, sflag)
|
||||||
char *name;
|
char *name;
|
||||||
struct passwd *pwd;
|
struct passwd *pwd;
|
||||||
int pwok;
|
int pwok;
|
||||||
|
int *sflag;
|
||||||
{
|
{
|
||||||
static char buf[128];
|
static char buf[128];
|
||||||
struct skey skey;
|
struct skey skey;
|
||||||
|
char *username = pwd ? pwd->pw_name : ":";
|
||||||
|
|
||||||
/* Display s/key challenge where appropriate. */
|
/* Display s/key challenge where appropriate. */
|
||||||
|
|
||||||
if (pwd == 0 || skeychallenge(&skey, pwd->pw_name, buf) != 0)
|
*sflag = skeychallenge(&skey, username, buf);
|
||||||
sprintf(buf, "%s required for %s.",
|
sprintf(buf, "%s required for %s.",
|
||||||
pwok ? "Password" : "S/Key password", name);
|
pwok ? "Password" : "S/Key password", name);
|
||||||
return (buf);
|
return (buf);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user