Clean up S/key library (libskey.a) so that filename access is via the

standard 4.4bsd pathnames mechanism.

Also document a potential security hole vs backwards compatibility tradeoff.

2 files changed, 15 insertions, 3 deletions

diff --git a/lib/libskey/authfile.c b/lib/libskey/authfile.c
index 32b920a..d93b846 100644
--- a/lib/libskey/authfile.c
+++ b/lib/libskey/authfile.c
@@ -21,6 +21,7 @@
 #endif
 
 #include "skey.h"
+#include "pathnames.h"
 
 static int isaddr();
 static int rdnets();
@@ -113,9 +114,15 @@ unsigned long host;
     char   *strtok();
     int     permit_it = 0;
 
-    fp = fopen("/etc/skey.access", "r");
-    if (fp == NULL)
-	return 1;				/* XXX */
+    /*
+     * If auth file not found, be backwards compatible with standard login
+     * and allow hard coded passwords in from anywhere.  Some may consider
+     * this a security hole,  but backwards compatibility is more desirable
+     * than others.  If you don't like it, change the return value to be zero.
+     */
+    if ((fp = fopen(_PATH_SKEYACCESS, "r")) == NULL)
+	return 1;
+
     while (fgets(buf, sizeof(buf), fp), !feof(fp)) {
 	if (buf[0] == '#')
 	    continue;				/* Comment */
diff --git a/lib/libskey/pathnames.h b/lib/libskey/pathnames.h
new file mode 100644
index 0000000..43631f5
--- /dev/null
+++ b/lib/libskey/pathnames.h
@@ -0,0 +1,5 @@
+/* $Id$ (FreeBSD) */
+
+#include <paths.h>
+
+#define       _PATH_SKEYACCESS        "/etc/skey.access"