diff options
author | pst <pst@FreeBSD.org> | 1994-05-27 07:50:08 +0000 |
---|---|---|
committer | pst <pst@FreeBSD.org> | 1994-05-27 07:50:08 +0000 |
commit | 0740fe303df45d0836157b8fae80be143e479f91 (patch) | |
tree | 1e6c4f2293c9495c04084411a5a782513bd9dc3f /lib/libskey | |
parent | 3180255093c5178e8ebc3e4bc27189af7833cdbc (diff) | |
download | FreeBSD-src-0740fe303df45d0836157b8fae80be143e479f91.zip FreeBSD-src-0740fe303df45d0836157b8fae80be143e479f91.tar.gz |
Clean up S/key library (libskey.a) so that filename access is via the
standard 4.4bsd pathnames mechanism.
Also document a potential security hole vs backwards compatibility tradeoff.
Diffstat (limited to 'lib/libskey')
-rw-r--r-- | lib/libskey/authfile.c | 13 | ||||
-rw-r--r-- | lib/libskey/pathnames.h | 5 |
2 files changed, 15 insertions, 3 deletions
diff --git a/lib/libskey/authfile.c b/lib/libskey/authfile.c index 32b920a..d93b846 100644 --- a/lib/libskey/authfile.c +++ b/lib/libskey/authfile.c @@ -21,6 +21,7 @@ #endif #include "skey.h" +#include "pathnames.h" static int isaddr(); static int rdnets(); @@ -113,9 +114,15 @@ unsigned long host; char *strtok(); int permit_it = 0; - fp = fopen("/etc/skey.access", "r"); - if (fp == NULL) - return 1; /* XXX */ + /* + * If auth file not found, be backwards compatible with standard login + * and allow hard coded passwords in from anywhere. Some may consider + * this a security hole, but backwards compatibility is more desirable + * than others. If you don't like it, change the return value to be zero. + */ + if ((fp = fopen(_PATH_SKEYACCESS, "r")) == NULL) + return 1; + while (fgets(buf, sizeof(buf), fp), !feof(fp)) { if (buf[0] == '#') continue; /* Comment */ diff --git a/lib/libskey/pathnames.h b/lib/libskey/pathnames.h new file mode 100644 index 0000000..43631f5 --- /dev/null +++ b/lib/libskey/pathnames.h @@ -0,0 +1,5 @@ +/* $Id$ (FreeBSD) */ + +#include <paths.h> + +#define _PATH_SKEYACCESS "/etc/skey.access" |