diff options
author | sheldonh <sheldonh@FreeBSD.org> | 2000-08-01 13:58:55 +0000 |
---|---|---|
committer | sheldonh <sheldonh@FreeBSD.org> | 2000-08-01 13:58:55 +0000 |
commit | 449e2ec6a64038b4888586dd02fd07473cea2135 (patch) | |
tree | 523861429d2ed91872e555dc1f81a35896ac761b /libexec | |
parent | 1b4cdf40dc8a65f87735c161d44d74339adbedd4 (diff) | |
download | FreeBSD-src-449e2ec6a64038b4888586dd02fd07473cea2135.zip FreeBSD-src-449e2ec6a64038b4888586dd02fd07473cea2135.tar.gz |
Honour skey.access(5) by allowing UNIX passwords when skeyaccess(3)
has set pwok to a non-zero value.
Previously, the fact that skey.access(5) allowed UNIX passwords for
this connection attempt was ignored, even in the NOPAM case.
This only addresses the NOPAM case; when libpam is used, the problem
will persist.
PR: 20333
Diffstat (limited to 'libexec')
-rw-r--r-- | libexec/ftpd/ftpd.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 6c65028..0471c22 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -1188,11 +1188,14 @@ pass(passwd) goto skip; #endif #ifdef SKEY - rval = strcmp(skey_crypt(passwd, pw->pw_passwd, pw, pwok), - pw->pw_passwd); - pwok = 0; + if (pwok) + rval = strcmp(pw->pw_passwd, + crypt(passwd, pw->pw_passwd)); + if (rval) + rval = strcmp(pw->pw_passwd, + skey_crypt(passwd, pw->pw_passwd, pw, pwok)); #else - rval = strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd); + rval = strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd)); #endif /* The strcmp does not catch null passwords! */ if (*pw->pw_passwd == '\0' || @@ -1220,6 +1223,9 @@ skip: return; } } +#ifdef SKEY + pwok = 0; +#endif login_attempts = 0; /* this time successful */ if (setegid((gid_t)pw->pw_gid) < 0) { reply(550, "Can't set gid."); |