Don't trucate username to 8 characters.

1 files changed, 29 insertions, 24 deletions

diff --git a/libexec/uucpd/uucpd.c b/libexec/uucpd/uucpd.c
index 266831d..06ba9fa 100644
--- a/libexec/uucpd/uucpd.c
+++ b/libexec/uucpd/uucpd.c
@@ -33,7 +33,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id$
+ *	$Id: uucpd.c,v 1.9 1997/02/22 14:22:39 peter Exp $
  */
 
 #ifndef lint
@@ -69,8 +69,15 @@ static char sccsid[] = "@(#)uucpd.c	8.1 (Berkeley) 6/4/93";
 #include <string.h>
 #include <utmp.h>
 #include <syslog.h>
+#include <sys/param.h>
 #include "pathnames.h"
 
+#if (MAXLOGNAME-1) > UT_NAMESIZE
+#define LOGNAMESIZE UT_NAMESIZE
+#else
+#define LOGNAMESIZE (MAXLOGNAME-1)
+#endif
+
 #define	SCPYN(a, b)	strncpy(a, b, sizeof (a))
 
 struct	sockaddr_in hisctladdr;
@@ -129,24 +136,13 @@ void badlogin(char *name, struct sockaddr_in *sin)
 	exit(1);
 }
 
-void login_incorrect(char *name, struct sockaddr_in *sinp)
-{
-	char passwd[64];
-
-	printf("Password: "); fflush(stdout);
-	if (readline(passwd, sizeof passwd, 1) < 0) {
-		syslog(LOG_WARNING, "passwd read: %m");
-		_exit(1);
-	}
-	badlogin(name, sinp);
-}
-
 void doit(struct sockaddr_in *sinp)
 {
 	char user[64], passwd[64];
 	char *xpasswd, *crypt();
 	struct passwd *pw;
 	pid_t s;
+	int pwdok =0;
 
 	alarm(60);
 	printf("login: "); fflush(stdout);
@@ -154,23 +150,32 @@ void doit(struct sockaddr_in *sinp)
 		syslog(LOG_WARNING, "login read: %m");
 		_exit(1);
 	}
-	/* truncate username to 8 characters */
-	user[8] = '\0';
+	/* truncate username to LOGNAMESIZE characters */
+	user[LOGNAMESIZE] = '\0';
 	pw = getpwnam(user);
-	if (pw == NULL)
-		login_incorrect(user, sinp);
-	if (strcmp(pw->pw_shell, _PATH_UUCICO))
-		login_incorrect(user, sinp);
-	if (pw->pw_expire && time(NULL) >= pw->pw_expire)
-		login_incorrect(user, sinp);
-	if (pw->pw_passwd && *pw->pw_passwd != '\0') {
+	/*
+	 * Fail after password if:
+	 * 1. Invalid user
+	 * 2. Shell is not uucico
+	 * 3. Account has expired
+	 * 4. Password is incorrect
+	 */
+	if (pw != NULL && strcmp(pw->pw_shell, _PATH_UUCICO) == 0 &&
+	    pw->pw_expire && time(NULL) >= pw->pw_expire)
+		pwdok = 1;
+	/* always ask for passwords to deter account guessing */
+	if (!pwdok || (pw->pw_passwd && *pw->pw_passwd != '\0')) {
 		printf("Password: "); fflush(stdout);
 		if (readline(passwd, sizeof passwd, 1) < 0) {
 			syslog(LOG_WARNING, "passwd read: %m");
 			_exit(1);
 		}
-		xpasswd = crypt(passwd, pw->pw_passwd);
-		if (strcmp(xpasswd, pw->pw_passwd))
+		if (pwdok) {
+			xpasswd = crypt(passwd, pw->pw_passwd);
+			if (strcmp(xpasswd, pw->pw_passwd))
+				pwdok = 0;
+		}
+		if (!pwdok)
 			badlogin(user, sinp);
 	}
 	alarm(0);