Remove conditional 'pwok' fallback for PAM which now

is implemented in pam_opie module

For non-PAM variant rewrite empty password checking code to do the right thing
and not disallow empty passwords in all cases.

1 files changed, 7 insertions, 9 deletions

diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index e421142..15dcd20 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -1252,23 +1252,21 @@ pass(passwd)
 #ifdef USE_PAM
 		rval = auth_pam(&pw, passwd);
 		opieunlock();   /* XXX */
-		if (rval == 0 || (!pwok && rval > 0))
+		if (rval >= 0)
 			goto skip;
-		xpasswd = crypt(passwd, pw->pw_passwd);
-#else /* !USE_PAM */
+#endif
 		if (opieverify(&opiedata, passwd) == 0)
 			xpasswd = pw->pw_passwd;
-		else if (pwok)
+		else if (pwok) {
 			xpasswd = crypt(passwd, pw->pw_passwd);
-		else {
+			if (passwd[0] == '\0' && pw->pw_passwd[0] != '\0')
+				xpasswd = ":";
+		} else {
 			rval = 1;
 			goto skip;
 		}
-#endif /* !USE_PAM */
 		rval = strcmp(pw->pw_passwd, xpasswd);
-		/* The strcmp does not catch null passwords! */
-		if (*pw->pw_passwd == '\0' ||
-		    (pw->pw_expire && time(NULL) >= pw->pw_expire))
+		if (pw->pw_expire && time(NULL) >= pw->pw_expire)
 			rval = 1;	/* failure */
 skip:
 		/*