diff options
| author | markm <markm@FreeBSD.org> | 2001-07-09 17:46:24 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2001-07-09 17:46:24 +0000 |
| commit | 3b3e6201e7f71b617087cadf40ad1f638ba77d1f (patch) | |
| tree | 477fe2b2a756a2b0c8048bc2becc1e93d8a56984 /libexec/ftpd/ftpd.c | |
| parent | 1c3a14b4014991f063e1c18ff82727fd89591c3b (diff) | |
| download | FreeBSD-src-3b3e6201e7f71b617087cadf40ad1f638ba77d1f.zip FreeBSD-src-3b3e6201e7f71b617087cadf40ad1f638ba77d1f.tar.gz | |
Remove S/Key. PAM can do its job. Well, not quite - there is an issue
with the conversation function and challenges which needs to be
revisited, so in the interim a hack is introduced to provide
an OPIE challenge (which is random if OPIE does not apply)
at all non-anonymnous logins.
Diffstat (limited to 'libexec/ftpd/ftpd.c')
| -rw-r--r-- | libexec/ftpd/ftpd.c | 34 |
1 files changed, 11 insertions, 23 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index bd57cee..be02623 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -78,6 +78,9 @@ static const char rcsid[] = #include <netdb.h> #include <pwd.h> #include <grp.h> +#ifdef USE_PAM +#include <opie.h> /* XXX */ +#endif #include <setjmp.h> #include <signal.h> #include <stdio.h> @@ -91,10 +94,6 @@ static const char rcsid[] = #include <login_cap.h> #endif -#ifdef SKEY -#include <skey.h> -#endif - #ifdef USE_PAM #include <security/pam_appl.h> #endif @@ -185,6 +184,10 @@ char *tty = ttyline; /* for klogin */ #ifdef USE_PAM static int auth_pam __P((struct passwd**, const char*)); pam_handle_t *pamh = NULL; + +/* Kluge because the conversation mechanism has not been threshed out */ +static struct opie opiedata; +static char opieprompt[OPIE_CHALLENGE_MAX+1]; #endif char *pid_file = NULL; @@ -215,10 +218,6 @@ char *LastArgv = NULL; /* end of argv */ char proctitle[LINE_MAX]; /* initial part of title */ #endif /* SETPROCTITLE */ -#ifdef SKEY -int pwok = 0; -#endif - #define LOGCMD(cmd, file) \ if (logging > 1) \ syslog(LOG_INFO,"%s %s%s", cmd, \ @@ -960,9 +959,10 @@ user(name) } if (logging) strncpy(curname, name, sizeof(curname)-1); -#ifdef SKEY - pwok = skeyaccess(name, NULL, remotehost, remotehost); - reply(331, "%s", skey_challenge(name, pw, pwok)); +#ifdef USE_PAM + /* XXX Kluge! The conversation mechanism needs to be fixed. */ + opiechallenge(&opiedata, name, opieprompt); + reply(331, "[ %s ] Password required for %s.", opieprompt, name); #else reply(331, "Password required for %s.", name); #endif @@ -1236,16 +1236,7 @@ pass(passwd) if (rval >= 0) goto skip; #endif -#ifdef SKEY - if (pwok) - rval = strcmp(pw->pw_passwd, - crypt(passwd, pw->pw_passwd)); - if (rval) - rval = strcmp(pw->pw_passwd, - skey_crypt(passwd, pw->pw_passwd, pw, pwok)); -#else rval = strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd)); -#endif /* The strcmp does not catch null passwords! */ if (*pw->pw_passwd == '\0' || (pw->pw_expire && time(NULL) >= pw->pw_expire)) @@ -1272,9 +1263,6 @@ skip: return; } } -#ifdef SKEY - pwok = 0; -#endif login_attempts = 0; /* this time successful */ if (setegid((gid_t)pw->pw_gid) < 0) { reply(550, "Can't set gid."); |
