Date: Tue, 1 Aug 2000 06:30:06 -0700 (PDT) From: Sheldon Hearn <sheldonh@uunet.co.za> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/20333: ftp login fails on unix password when s/key active but not required Message-ID: <200008011330.GAA20323@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/20333; it has been noted by GNATS. From: Sheldon Hearn <sheldonh@uunet.co.za> To: pscott@the-frontier.org Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/20333: ftp login fails on unix password when s/key active but not required Date: Tue, 01 Aug 2000 15:21:51 +0200 On Mon, 31 Jul 2000 22:38:01 MST, pscott@the-frontier.org wrote: > If a userid has an s/key, but s/key is not required for login, ftp > should allow a unix password, but it does not; only the s/key password > works. You are correct. However, this appears to be the result of two problems. Firstly, ftpd relies on libpam, for which the pam_skey module doesn't appear to handle the return value of skeyaccess(3) correctly. And secondly, ftpd.c itself appears to make the same mistake. The first problem isn't trivial for me to fix. The second is. :-) The following patch to ftpd.c fixes this for the NOPAM case, but there's still breakage in the libpam skey module. You should be able to apply this patch to ftpd.c and then build ftpd with cd /usr/src/libexec/ftpd make -DNOPAM make install clean Ciao, Sheldon. PS: I run a pretty heavily modified ftpd, so you may need to apply the patch by hand. Certainly, the line numbers for the hunk are bogus. Index: ftpd.c =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.64 diff -u -d -r1.64 ftpd.c --- ftpd.c 2000/06/26 05:36:09 1.64 +++ ftpd.c 2000/08/01 12:54:47 @@ -1187,12 +1209,13 @@ if (rval >= 0) goto skip; #endif + rval = strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd)); #ifdef SKEY - rval = strcmp(skey_crypt(passwd, pw->pw_passwd, pw, pwok), - pw->pw_passwd); - pwok = 0; -#else - rval = strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd); + if (rval) { + rval = strcmp(pw->pw_passwd, + skey_crypt(passwd, pw->pw_passwd, pw, pwok)); + pwok = 0; + } #endif /* The strcmp does not catch null passwords! */ if (*pw->pw_passwd == '\0' || To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008011330.GAA20323>