Date: Tue, 1 Aug 2000 06:30:06 -0700 (PDT) From: Sheldon Hearn <sheldonh@uunet.co.za> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/20333: ftp login fails on unix password when s/key active but not required Message-ID: <200008011330.GAA20323@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/20333; it has been noted by GNATS.
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: pscott@the-frontier.org
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/20333: ftp login fails on unix password when s/key active but not required
Date: Tue, 01 Aug 2000 15:21:51 +0200
On Mon, 31 Jul 2000 22:38:01 MST, pscott@the-frontier.org wrote:
> If a userid has an s/key, but s/key is not required for login, ftp
> should allow a unix password, but it does not; only the s/key password
> works.
You are correct.
However, this appears to be the result of two problems. Firstly, ftpd
relies on libpam, for which the pam_skey module doesn't appear to handle
the return value of skeyaccess(3) correctly. And secondly, ftpd.c
itself appears to make the same mistake.
The first problem isn't trivial for me to fix. The second is. :-)
The following patch to ftpd.c fixes this for the NOPAM case, but there's
still breakage in the libpam skey module.
You should be able to apply this patch to ftpd.c and then build ftpd
with
cd /usr/src/libexec/ftpd
make -DNOPAM
make install clean
Ciao,
Sheldon.
PS: I run a pretty heavily modified ftpd, so you may need to apply the
patch by hand. Certainly, the line numbers for the hunk are bogus.
Index: ftpd.c
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.64
diff -u -d -r1.64 ftpd.c
--- ftpd.c 2000/06/26 05:36:09 1.64
+++ ftpd.c 2000/08/01 12:54:47
@@ -1187,12 +1209,13 @@
if (rval >= 0)
goto skip;
#endif
+ rval = strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd));
#ifdef SKEY
- rval = strcmp(skey_crypt(passwd, pw->pw_passwd, pw, pwok),
- pw->pw_passwd);
- pwok = 0;
-#else
- rval = strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd);
+ if (rval) {
+ rval = strcmp(pw->pw_passwd,
+ skey_crypt(passwd, pw->pw_passwd, pw, pwok));
+ pwok = 0;
+ }
#endif
/* The strcmp does not catch null passwords! */
if (*pw->pw_passwd == '\0' ||
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008011330.GAA20323>