summaryrefslogtreecommitdiffstats
path: root/crypto/telnet
diff options
context:
space:
mode:
authornsayer <nsayer@FreeBSD.org>2001-05-15 04:47:14 +0000
committernsayer <nsayer@FreeBSD.org>2001-05-15 04:47:14 +0000
commit2bdf180df8cc9444b255a01377516bec3cd373bd (patch)
treea67c5c3dde5e2cfce4983f707b972a6992665544 /crypto/telnet
parentd65d64c98705b1862b5b73b62d801063d2537e5e (diff)
downloadFreeBSD-src-2bdf180df8cc9444b255a01377516bec3cd373bd.zip
FreeBSD-src-2bdf180df8cc9444b255a01377516bec3cd373bd.tar.gz
If the uid of the attempted authentication is 0 and if the pty is
insecure, do not succeed. Copied from login.c. This functionality really should be a PAM module.
Diffstat (limited to 'crypto/telnet')
-rw-r--r--crypto/telnet/libtelnet/sra.c35
1 files changed, 34 insertions, 1 deletions
diff --git a/crypto/telnet/libtelnet/sra.c b/crypto/telnet/libtelnet/sra.c
index 9274f88..395f217 100644
--- a/crypto/telnet/libtelnet/sra.c
+++ b/crypto/telnet/libtelnet/sra.c
@@ -17,6 +17,8 @@
#include <security/pam_appl.h>
#endif
+#include <ttyent.h>
+
#include "auth.h"
#include "misc.h"
#include "encrypt.h"
@@ -28,6 +30,8 @@ DesData ck;
IdeaData ik;
extern int auth_debug_mode;
+extern char *line;
+
static sra_valid = 0;
static passwd_sent = 0;
@@ -451,6 +455,26 @@ syslog(LOG_WARNING,"%s\n",save.pw_dir);
return (&save);
}
+static int
+isroot(user)
+char *user;
+{
+ struct passwd *pw;
+
+ if ((pw=getpwnam(user))==NULL)
+ return 0;
+ return (!pw->pw_uid);
+}
+
+static int
+rootterm(ttyn)
+char *ttyn;
+{
+ struct ttyent *t;
+
+ return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
+}
+
#ifdef NOPAM
char *crypt();
@@ -461,6 +485,12 @@ char *pass;
register char *cp;
char *xpasswd, *salt;
+ if (isroot(name) && !rootterm(line))
+ {
+ crypt("AA","*"); /* Waste some time to simulate success */
+ return(0);
+ }
+
if (pw = sgetpwnam(name)) {
if (pw->pw_shell == NULL) {
pw = (struct passwd *) NULL;
@@ -585,7 +615,10 @@ int check_user(const char *name, const char *pass)
} else
syslog(LOG_ERR, "Couldn't get PAM_USER: %s",
pam_strerror(pamh, e));
- rval = 1;
+ if (isroot(user) && !rootterm(line))
+ rval = 0;
+ else
+ rval = 1;
break;
case PAM_AUTH_ERR:
OpenPOWER on IntegriCloud