diff options
author | ache <ache@FreeBSD.org> | 2002-01-01 13:14:25 +0000 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 2002-01-01 13:14:25 +0000 |
commit | 50483c2302ed15dcc984d929601032d92932371e (patch) | |
tree | a1ec3e899ae96b448d3c1964c36f7a9d322f3081 | |
parent | c274493a60aa879c8bbb0396f474efe7ac5e90a6 (diff) | |
download | FreeBSD-src-50483c2302ed15dcc984d929601032d92932371e.zip FreeBSD-src-50483c2302ed15dcc984d929601032d92932371e.tar.gz |
Fix OPIE auth
-rw-r--r-- | libexec/ftpd/ftpd.c | 45 |
1 files changed, 30 insertions, 15 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index c78b2c1..e421142 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -78,9 +78,7 @@ static const char rcsid[] = #include <netdb.h> #include <pwd.h> #include <grp.h> -#ifdef USE_PAM -#include <opie.h> /* XXX */ -#endif +#include <opie.h> #include <setjmp.h> #include <signal.h> #include <stdio.h> @@ -187,11 +185,11 @@ char *tty = ttyline; /* for klogin */ #ifdef USE_PAM static int auth_pam __P((struct passwd**, const char*)); pam_handle_t *pamh = NULL; +#endif -/* Kluge because the conversation mechanism has not been threshed out */ static struct opie opiedata; static char opieprompt[OPIE_CHALLENGE_MAX+1]; -#endif +static int pwok; char *pid_file = NULL; @@ -970,16 +968,21 @@ user(name) } if (logging) strncpy(curname, name, sizeof(curname)-1); + + pwok = 0; #ifdef USE_PAM /* XXX Kluge! The conversation mechanism needs to be fixed. */ - if (opiechallenge(&opiedata, name, opieprompt) == 0) - reply(331, "Response to %s required for %s.", - opieprompt, name); - else - reply(331, "Password required for %s.", name); -#else - reply(331, "Password required for %s.", name); #endif + if (opiechallenge(&opiedata, name, opieprompt) == 0) { + pwok = (pw != NULL) && + opieaccessfile(remotehost) && + opiealways(pw->pw_dir); + reply(331, "Response to %s %s for %s.", + opieprompt, pwok ? "requested" : "required", name); + } else { + pwok = 1; + reply(331, "Password required for %s.", name); + } askpasswd = 1; /* * Delay before reading passwd after first failed @@ -1234,6 +1237,7 @@ pass(passwd) #ifdef USE_PAM int e; #endif + char *xpasswd; if (logged_in || askpasswd == 0) { reply(503, "Login with USER first."); @@ -1247,10 +1251,21 @@ pass(passwd) } #ifdef USE_PAM rval = auth_pam(&pw, passwd); - if (rval >= 0) + opieunlock(); /* XXX */ + if (rval == 0 || (!pwok && rval > 0)) goto skip; -#endif - rval = strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd)); + xpasswd = crypt(passwd, pw->pw_passwd); +#else /* !USE_PAM */ + if (opieverify(&opiedata, passwd) == 0) + xpasswd = pw->pw_passwd; + else if (pwok) + xpasswd = crypt(passwd, pw->pw_passwd); + else { + rval = 1; + goto skip; + } +#endif /* !USE_PAM */ + rval = strcmp(pw->pw_passwd, xpasswd); /* The strcmp does not catch null passwords! */ if (*pw->pw_passwd == '\0' || (pw->pw_expire && time(NULL) >= pw->pw_expire)) |