Clean up S/key library (libskey.a) so that filename access is via the

standard 4.4bsd pathnames mechanism. Also document a potential security hole vs backwards compatibility tradeoff.
1994-05-27 07:50:08 +00:00 · 1994-05-27 07:50:08 +00:00 · 0d92fee747
commit 0d92fee747
parent ee765d4857
2 changed files with 15 additions and 3 deletions
--- a/lib/libskey/authfile.c
+++ b/lib/libskey/authfile.c
@ -21,6 +21,7 @@
 #endif

 #include "skey.h"
+#include "pathnames.h"

 static int isaddr();
 static int rdnets();
@ -113,9 +114,15 @@ unsigned long host;
    char   *strtok();
    int     permit_it = 0;

-    fp = fopen("/etc/skey.access", "r");
-    if (fp == NULL)
-	return 1;				/* XXX */
+    /*
+     * If auth file not found, be backwards compatible with standard login
+     * and allow hard coded passwords in from anywhere.  Some may consider
+     * this a security hole,  but backwards compatibility is more desirable
+     * than others.  If you don't like it, change the return value to be zero.
+     */
+    if ((fp = fopen(_PATH_SKEYACCESS, "r")) == NULL)
+	return 1;
+
    while (fgets(buf, sizeof(buf), fp), !feof(fp)) {
 	if (buf[0] == '#')
 	    continue;				/* Comment */
--- a/lib/libskey/pathnames.h
+++ b/lib/libskey/pathnames.h
@ -0,0 +1,5 @@
+/* $Id$ (FreeBSD) */
+
+#include <paths.h>
+
+#define       _PATH_SKEYACCESS        "/etc/skey.access"