diff options
author | des <des@FreeBSD.org> | 2002-01-19 18:29:50 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2002-01-19 18:29:50 +0000 |
commit | 6f44d9644f580c480b97e8c64ced8a7be849944e (patch) | |
tree | fa0385d3ac26279ddb36eebeb49d8cc7457f1031 | |
parent | af75944084ffa33cf32b566956585177f41b5ad3 (diff) | |
download | FreeBSD-src-6f44d9644f580c480b97e8c64ced8a7be849944e.zip FreeBSD-src-6f44d9644f580c480b97e8c64ced8a7be849944e.tar.gz |
Really back out ache's commits. These files are now precisely as they were
twentyfour hours ago, except for RCS ids.
-rw-r--r-- | etc/pam.d/ftpd | 6 | ||||
-rw-r--r-- | etc/pam.d/login | 3 | ||||
-rw-r--r-- | etc/pam.d/su | 2 | ||||
-rw-r--r-- | libexec/ftpd/ftpd.c | 19 |
4 files changed, 17 insertions, 13 deletions
diff --git a/etc/pam.d/ftpd b/etc/pam.d/ftpd index d32016e..471b67b 100644 --- a/etc/pam.d/ftpd +++ b/etc/pam.d/ftpd @@ -9,8 +9,10 @@ auth required pam_nologin.so no_warn #auth sufficient pam_kerberosIV.so no_warn #auth sufficient pam_krb5.so no_warn #auth sufficient pam_ssh.so no_warn try_first_pass -#auth sufficient pam_opie.so no_warn -auth required pam_unix.so no_warn try_first_pass +# Uncomment either pam_opie or pam_unix, but not both of them. +# pam_unix can't be simple chained with pam_opie, ftpd provides proper fallback +auth required pam_opie.so no_warn +#auth required pam_unix.so no_warn try_first_pass # account #account required pam_kerberosIV.so diff --git a/etc/pam.d/login b/etc/pam.d/login index cecaf13..ab7046b 100644 --- a/etc/pam.d/login +++ b/etc/pam.d/login @@ -6,10 +6,10 @@ # auth auth required pam_nologin.so no_warn +#auth sufficient pam_opie.so no_warn #auth sufficient pam_kerberosIV.so no_warn try_first_pass #auth sufficient pam_krb5.so no_warn try_first_pass #auth required pam_ssh.so no_warn try_first_pass -#auth sufficient pam_opie.so no_warn auth required pam_unix.so no_warn try_first_pass # account @@ -24,6 +24,7 @@ account required pam_unix.so session required pam_unix.so # password +#password sufficient pam_opie.so no_warn #password sufficient pam_kerberosIV.so no_warn try_first_pass #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/su b/etc/pam.d/su index e7f6192..8e3a9bc 100644 --- a/etc/pam.d/su +++ b/etc/pam.d/su @@ -9,8 +9,8 @@ auth sufficient pam_rootok.so no_warn auth requisite pam_wheel.so no_warn auth_as_self noroot_ok #auth sufficient pam_kerberosIV.so no_warn #auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self +#auth required pam_opie.so no_warn #auth required pam_ssh.so no_warn try_first_pass -#auth sufficient pam_opie.so no_warn auth required pam_unix.so no_warn try_first_pass nullok #auth sufficient pam_rootok.so no_warn ##auth sufficient pam_kerberosIV.so no_warn diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 287436a..e421142 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -1251,23 +1251,24 @@ pass(passwd) } #ifdef USE_PAM rval = auth_pam(&pw, passwd); - if (rval >= 0) { - opieunlock(); + opieunlock(); /* XXX */ + if (rval == 0 || (!pwok && rval > 0)) goto skip; - } -#endif + xpasswd = crypt(passwd, pw->pw_passwd); +#else /* !USE_PAM */ if (opieverify(&opiedata, passwd) == 0) xpasswd = pw->pw_passwd; - else if (pwok) { + else if (pwok) xpasswd = crypt(passwd, pw->pw_passwd); - if (passwd[0] == '\0' && pw->pw_passwd[0] != '\0') - xpasswd = ":"; - } else { + else { rval = 1; goto skip; } +#endif /* !USE_PAM */ rval = strcmp(pw->pw_passwd, xpasswd); - if (pw->pw_expire && time(NULL) >= pw->pw_expire) + /* The strcmp does not catch null passwords! */ + if (*pw->pw_passwd == '\0' || + (pw->pw_expire && time(NULL) >= pw->pw_expire)) rval = 1; /* failure */ skip: /* |