diff options
-rw-r--r-- | libexec/uucpd/uucpd.c | 53 |
1 files changed, 29 insertions, 24 deletions
diff --git a/libexec/uucpd/uucpd.c b/libexec/uucpd/uucpd.c index 266831d..06ba9fa 100644 --- a/libexec/uucpd/uucpd.c +++ b/libexec/uucpd/uucpd.c @@ -33,7 +33,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id$ + * $Id: uucpd.c,v 1.9 1997/02/22 14:22:39 peter Exp $ */ #ifndef lint @@ -69,8 +69,15 @@ static char sccsid[] = "@(#)uucpd.c 8.1 (Berkeley) 6/4/93"; #include <string.h> #include <utmp.h> #include <syslog.h> +#include <sys/param.h> #include "pathnames.h" +#if (MAXLOGNAME-1) > UT_NAMESIZE +#define LOGNAMESIZE UT_NAMESIZE +#else +#define LOGNAMESIZE (MAXLOGNAME-1) +#endif + #define SCPYN(a, b) strncpy(a, b, sizeof (a)) struct sockaddr_in hisctladdr; @@ -129,24 +136,13 @@ void badlogin(char *name, struct sockaddr_in *sin) exit(1); } -void login_incorrect(char *name, struct sockaddr_in *sinp) -{ - char passwd[64]; - - printf("Password: "); fflush(stdout); - if (readline(passwd, sizeof passwd, 1) < 0) { - syslog(LOG_WARNING, "passwd read: %m"); - _exit(1); - } - badlogin(name, sinp); -} - void doit(struct sockaddr_in *sinp) { char user[64], passwd[64]; char *xpasswd, *crypt(); struct passwd *pw; pid_t s; + int pwdok =0; alarm(60); printf("login: "); fflush(stdout); @@ -154,23 +150,32 @@ void doit(struct sockaddr_in *sinp) syslog(LOG_WARNING, "login read: %m"); _exit(1); } - /* truncate username to 8 characters */ - user[8] = '\0'; + /* truncate username to LOGNAMESIZE characters */ + user[LOGNAMESIZE] = '\0'; pw = getpwnam(user); - if (pw == NULL) - login_incorrect(user, sinp); - if (strcmp(pw->pw_shell, _PATH_UUCICO)) - login_incorrect(user, sinp); - if (pw->pw_expire && time(NULL) >= pw->pw_expire) - login_incorrect(user, sinp); - if (pw->pw_passwd && *pw->pw_passwd != '\0') { + /* + * Fail after password if: + * 1. Invalid user + * 2. Shell is not uucico + * 3. Account has expired + * 4. Password is incorrect + */ + if (pw != NULL && strcmp(pw->pw_shell, _PATH_UUCICO) == 0 && + pw->pw_expire && time(NULL) >= pw->pw_expire) + pwdok = 1; + /* always ask for passwords to deter account guessing */ + if (!pwdok || (pw->pw_passwd && *pw->pw_passwd != '\0')) { printf("Password: "); fflush(stdout); if (readline(passwd, sizeof passwd, 1) < 0) { syslog(LOG_WARNING, "passwd read: %m"); _exit(1); } - xpasswd = crypt(passwd, pw->pw_passwd); - if (strcmp(xpasswd, pw->pw_passwd)) + if (pwdok) { + xpasswd = crypt(passwd, pw->pw_passwd); + if (strcmp(xpasswd, pw->pw_passwd)) + pwdok = 0; + } + if (!pwdok) badlogin(user, sinp); } alarm(0); |