Don't ever ask for password if it is impossible to confirm it

It happens if 1) regular passwords not allowed, 2) skey database
not activated for given user.
Under some rare circumstanes skey_challenge can return empty
diagnostic or even previous buffer, fix it.

3 files changed, 22 insertions, 9 deletions

diff --git a/libexec/ftpd/extern.h b/libexec/ftpd/extern.h
index ff1cdfb..bdfed86 100644
--- a/libexec/ftpd/extern.h
+++ b/libexec/ftpd/extern.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)extern.h	8.2 (Berkeley) 4/4/94
- *	$Id$
+ *	$Id: extern.h,v 1.4 1996/09/22 21:53:21 wosch Exp $
  */
 
 void	blkfree __P((char **));
@@ -68,5 +68,5 @@ void	user __P((char *));
 void	yyerror __P((char *));
 int	yyparse __P((void));
 #if defined(SKEY) && defined(_PWD_H_) /* XXX evil */
-char   *skey_challenge __P((char *, struct passwd *, int));
+char   *skey_challenge __P((char *, struct passwd *, int, int *));
 #endif
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 58378db..42f49b0 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: ftpd.c,v 1.22 1996/08/09 09:02:26 markm Exp $
+ *	$Id: ftpd.c,v 1.23 1996/08/09 22:22:30 julian Exp $
  */
 
 #if 0
@@ -182,6 +182,7 @@ char	proctitle[LINE_MAX];	/* initial part of title */
 
 #ifdef SKEY
 int	pwok = 0;
+int     sflag;
 char	addr_string[20];	/* XXX */
 #endif
 
@@ -627,7 +628,17 @@ user(name)
 		strncpy(curname, name, sizeof(curname)-1);
 #ifdef SKEY
 	pwok = skeyaccess(name, NULL, remotehost, addr_string);
-	reply(331, "%s", skey_challenge(name, pw, pwok));
+	cp = skey_challenge(name, pw, pwok, &sflag);
+	if (!pwok && sflag) {
+		reply(530, cp);
+		if (logging)
+			syslog(LOG_NOTICE,
+			    "FTP LOGIN REFUSED FROM %s, %s",
+			    remotehost, name);
+		pw = (struct passwd *) NULL;
+		return;
+	}
+	reply(331, cp);
 #else
 	reply(331, "Password required for %s.", name);
 #endif
diff --git a/libexec/ftpd/skey-stuff.c b/libexec/ftpd/skey-stuff.c
index 8dedc18..06a227d 100644
--- a/libexec/ftpd/skey-stuff.c
+++ b/libexec/ftpd/skey-stuff.c
@@ -1,6 +1,6 @@
 /* Author: Wietse Venema, Eindhoven University of Technology. 
  *
- *	$Id$
+ *	$Id: skey-stuff.c,v 1.3 1996/09/22 21:53:34 wosch Exp $
  */
 
 #include <stdio.h>
@@ -10,18 +10,20 @@
 
 /* skey_challenge - additional password prompt stuff */
 
-char   *skey_challenge(name, pwd, pwok)
+char   *skey_challenge(name, pwd, pwok, sflag)
 char   *name;
 struct passwd *pwd;
 int     pwok;
+int    *sflag;
 {
     static char buf[128];
     struct skey skey;
+    char *username = pwd ? pwd->pw_name : ":";
 
     /* Display s/key challenge where appropriate. */
 
-    if (pwd == 0 || skeychallenge(&skey, pwd->pw_name, buf) != 0)
-	sprintf(buf, "%s required for %s.",
-		pwok ? "Password" : "S/Key password", name);
+    *sflag = skeychallenge(&skey, username, buf);
+    sprintf(buf, "%s required for %s.",
+	pwok ? "Password" : "S/Key password", name);
     return (buf);
 }