From 752f9b3d1c86d34a2d9e99a3eee960bd9e922e17 Mon Sep 17 00:00:00 2001 From: guido Date: Thu, 12 Oct 2000 10:21:05 +0000 Subject: Fix broken PAM with SKEY behaviour: the skey.access file checks were broken because the code failed to set PAM_RHOST. --- libexec/ftpd/ftpd.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'libexec/ftpd') diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 0035051..c7c545b 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -207,7 +207,6 @@ char proctitle[LINE_MAX]; /* initial part of title */ #ifdef SKEY int pwok = 0; -char addr_string[INET6_ADDRSTRLEN]; /* XXX */ #endif #define LOGCMD(cmd, file) \ @@ -502,11 +501,6 @@ main(argc, argv, envp) if (signal(SIGURG, myoob) == SIG_ERR) syslog(LOG_ERR, "signal: %m"); -#ifdef SKEY - getnameinfo((struct sockaddr *)&his_addr, his_addr.su_len, - addr_string, sizeof(addr_string) - 1, NULL, 0, - NI_NUMERICHOST|NI_WITHSCOPEID); -#endif addrlen = sizeof(ctrl_addr); if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) { syslog(LOG_ERR, "getsockname (%s): %m",argv[0]); @@ -949,7 +943,7 @@ user(name) if (logging) strncpy(curname, name, sizeof(curname)-1); #ifdef SKEY - pwok = skeyaccess(name, NULL, remotehost, addr_string); + pwok = skeyaccess(name, NULL, remotehost, remotehost); reply(331, "%s", skey_challenge(name, pw, pwok)); #else reply(331, "Password required for %s.", name); @@ -1110,6 +1104,13 @@ auth_pam(struct passwd **ppw, const char *pass) return -1; } + e = pam_set_item(pamh, PAM_RHOST, remotehost); + if (e != PAM_SUCCESS) { + syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s", + pam_strerror(pamh, e)); + return -1; + } + e = pam_authenticate(pamh, 0); switch (e) { case PAM_SUCCESS: -- cgit v1.1