summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--libexec/uucpd/uucpd.c53
1 files changed, 29 insertions, 24 deletions
diff --git a/libexec/uucpd/uucpd.c b/libexec/uucpd/uucpd.c
index 266831d..06ba9fa 100644
--- a/libexec/uucpd/uucpd.c
+++ b/libexec/uucpd/uucpd.c
@@ -33,7 +33,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id$
+ * $Id: uucpd.c,v 1.9 1997/02/22 14:22:39 peter Exp $
*/
#ifndef lint
@@ -69,8 +69,15 @@ static char sccsid[] = "@(#)uucpd.c 8.1 (Berkeley) 6/4/93";
#include <string.h>
#include <utmp.h>
#include <syslog.h>
+#include <sys/param.h>
#include "pathnames.h"
+#if (MAXLOGNAME-1) > UT_NAMESIZE
+#define LOGNAMESIZE UT_NAMESIZE
+#else
+#define LOGNAMESIZE (MAXLOGNAME-1)
+#endif
+
#define SCPYN(a, b) strncpy(a, b, sizeof (a))
struct sockaddr_in hisctladdr;
@@ -129,24 +136,13 @@ void badlogin(char *name, struct sockaddr_in *sin)
exit(1);
}
-void login_incorrect(char *name, struct sockaddr_in *sinp)
-{
- char passwd[64];
-
- printf("Password: "); fflush(stdout);
- if (readline(passwd, sizeof passwd, 1) < 0) {
- syslog(LOG_WARNING, "passwd read: %m");
- _exit(1);
- }
- badlogin(name, sinp);
-}
-
void doit(struct sockaddr_in *sinp)
{
char user[64], passwd[64];
char *xpasswd, *crypt();
struct passwd *pw;
pid_t s;
+ int pwdok =0;
alarm(60);
printf("login: "); fflush(stdout);
@@ -154,23 +150,32 @@ void doit(struct sockaddr_in *sinp)
syslog(LOG_WARNING, "login read: %m");
_exit(1);
}
- /* truncate username to 8 characters */
- user[8] = '\0';
+ /* truncate username to LOGNAMESIZE characters */
+ user[LOGNAMESIZE] = '\0';
pw = getpwnam(user);
- if (pw == NULL)
- login_incorrect(user, sinp);
- if (strcmp(pw->pw_shell, _PATH_UUCICO))
- login_incorrect(user, sinp);
- if (pw->pw_expire && time(NULL) >= pw->pw_expire)
- login_incorrect(user, sinp);
- if (pw->pw_passwd && *pw->pw_passwd != '\0') {
+ /*
+ * Fail after password if:
+ * 1. Invalid user
+ * 2. Shell is not uucico
+ * 3. Account has expired
+ * 4. Password is incorrect
+ */
+ if (pw != NULL && strcmp(pw->pw_shell, _PATH_UUCICO) == 0 &&
+ pw->pw_expire && time(NULL) >= pw->pw_expire)
+ pwdok = 1;
+ /* always ask for passwords to deter account guessing */
+ if (!pwdok || (pw->pw_passwd && *pw->pw_passwd != '\0')) {
printf("Password: "); fflush(stdout);
if (readline(passwd, sizeof passwd, 1) < 0) {
syslog(LOG_WARNING, "passwd read: %m");
_exit(1);
}
- xpasswd = crypt(passwd, pw->pw_passwd);
- if (strcmp(xpasswd, pw->pw_passwd))
+ if (pwdok) {
+ xpasswd = crypt(passwd, pw->pw_passwd);
+ if (strcmp(xpasswd, pw->pw_passwd))
+ pwdok = 0;
+ }
+ if (!pwdok)
badlogin(user, sinp);
}
alarm(0);
OpenPOWER on IntegriCloud