mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
Clean up S/key library (libskey.a) so that filename access is via the
standard 4.4bsd pathnames mechanism. Also document a potential security hole vs backwards compatibility tradeoff.
This commit is contained in:
parent
ee765d4857
commit
0d92fee747
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=1577
@ -21,6 +21,7 @@
|
||||
#endif
|
||||
|
||||
#include "skey.h"
|
||||
#include "pathnames.h"
|
||||
|
||||
static int isaddr();
|
||||
static int rdnets();
|
||||
@ -113,9 +114,15 @@ unsigned long host;
|
||||
char *strtok();
|
||||
int permit_it = 0;
|
||||
|
||||
fp = fopen("/etc/skey.access", "r");
|
||||
if (fp == NULL)
|
||||
return 1; /* XXX */
|
||||
/*
|
||||
* If auth file not found, be backwards compatible with standard login
|
||||
* and allow hard coded passwords in from anywhere. Some may consider
|
||||
* this a security hole, but backwards compatibility is more desirable
|
||||
* than others. If you don't like it, change the return value to be zero.
|
||||
*/
|
||||
if ((fp = fopen(_PATH_SKEYACCESS, "r")) == NULL)
|
||||
return 1;
|
||||
|
||||
while (fgets(buf, sizeof(buf), fp), !feof(fp)) {
|
||||
if (buf[0] == '#')
|
||||
continue; /* Comment */
|
||||
|
5
lib/libskey/pathnames.h
Normal file
5
lib/libskey/pathnames.h
Normal file
@ -0,0 +1,5 @@
|
||||
/* $Id$ (FreeBSD) */
|
||||
|
||||
#include <paths.h>
|
||||
|
||||
#define _PATH_SKEYACCESS "/etc/skey.access"
|
Loading…
Reference in New Issue
Block a user