hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2025-01-11 17:04:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Honour skey.access(5) by allowing UNIX passwords when skeyaccess(3)

Browse Source 
has set pwok to a non-zero value.

Previously, the fact that skey.access(5) allowed UNIX passwords for
this connection attempt was ignored, even in the NOPAM case.

This only addresses the NOPAM case; when libpam is used, the problem
will persist.

PR:		20333
This commit is contained in:
Sheldon Hearn 2000-08-01 13:58:55 +00:00
parent ed7cf099c6
commit 028f24cffa
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=64103
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libexec/ftpd/ftpd.c
View File

@ -1188,11 +1188,14 @@ pass(passwd)
goto skip;
#endif
#ifdef SKEY
rval = strcmp(skey_crypt(passwd, pw->pw_passwd, pw, pwok),
pw->pw_passwd);
pwok = 0;
if (pwok)
rval = strcmp(pw->pw_passwd,
crypt(passwd, pw->pw_passwd));
if (rval)
rval = strcmp(pw->pw_passwd,
skey_crypt(passwd, pw->pw_passwd, pw, pwok));
#else
rval = strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd);
rval = strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd));
#endif
/* The strcmp does not catch null passwords! */
if (*pw->pw_passwd == '\0' ||
@ -1220,6 +1223,9 @@ skip:
return;
}
}
#ifdef SKEY
pwok = 0;
#endif
login_attempts = 0; /* this time successful */
if (setegid((gid_t)pw->pw_gid) < 0) {
reply(550, "Can't set gid.");