mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-10-21 20:38:45 +00:00
Code Issues Releases Activity

Implement alternative strategy: if it impossible to confirm password, ask for

Browse Source 
it anycase, but not tell that S/key password required
It looks like non-s/key system from outside

Additionly tell that s/key required if it is so for normal case
This commit is contained in:
Andrey A. Chernov 1996-10-18 17:15:19 +00:00
parent 16068c7ca4
commit 1e0f2d19d1
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=4039
2 changed files with 78 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
ftp/wu-ftpd+ipv6/files/patch-ad
View File

@ -1,5 +1,5 @@
*** src/ftpd.c.orig Thu Apr 14 01:17:18 1994
--- src/ftpd.c Thu Oct 17 21:27:32 1996
*** src/ftpd.c.orig Wed Apr 13 23:17:18 1994
--- src/ftpd.c Tue May 30 00:17:25 1995
***************
*** 139,146 ****
*freopen(const char *, const char *, FILE *);
@ -21,14 +21,13 @@
***************
*** 237,242 ****
--- 237,248 ----
--- 237,247 ----
#endif /* SETPROCTITLE */
+ #ifdef SKEY
+ #include <skey.h>
+ int pwok = 0;
+ int sflag;
+ #endif
+
#ifdef KERBEROS
@ -36,7 +35,7 @@
void end_krb();
***************
*** 252,257 ****
--- 258,269 ----
--- 257,269 ----
char ls_short[50];
struct aclmember *entry = NULL;
@ -46,6 +45,7 @@
+ void dologout(int);
+ void perror_reply(int, char *);
+
+ void
main(int argc, char **argv, char **envp)
{
int addrlen,
@ -62,23 +62,13 @@
register char *cp;
***************
*** 878,884 ****
--- 892,913 ----
--- 892,903 ----
} else
acl_setfunctions();
+ #ifdef SKEY
+ pwok = skeyaccess(name, NULL, remotehost, remoteaddr);
+ cp = skey_challenge(name, pw, pwok, &sflag);
+ if (!pwok && sflag) {
+ reply(530, cp);
+ if (logging)
+ syslog(LOG_NOTICE,
+ "FTP LOGIN REFUSED (s/key password not exist) FROM %s [%s], %s",
+ remotehost, remoteaddr, name);
+ pw = (struct passwd *) NULL;
+ return;
+ }
+ reply(331, cp);
+ reply(331, "%s", skey_challenge(name, pw, pwok));
+ #else
reply(331, "Password required for %s.", name);
+ #endif
@ -87,7 +77,7 @@
* passwd-guessing programs. */
***************
*** 887,892 ****
--- 916,922 ----
--- 906,912 ----
}
/* Check if a user is in the file _PATH_FTPUSERS */
@ -97,7 +87,7 @@
register FILE *fd;
***************
*** 911,916 ****
--- 941,947 ----
--- 931,937 ----
/* Terminate login as previous user, if any, resetting state; used when USER
* command is given or login fails. */
@ -107,7 +97,7 @@
***************
*** 965,970 ****
--- 996,1002 ----
--- 986,992 ----
return 0;
}
@ -117,7 +107,7 @@
char *xpasswd,
***************
*** 1007,1014 ****
--- 1039,1051 ----
--- 1029,1041 ----
#ifdef KERBEROS
xpasswd = crypt16(passwd, salt);
#else
@ -140,7 +130,7 @@
logwtmp(ttyline, pw->pw_name, remotehost);
logged_in = 1;
--- 1132,1142 ----
--- 1122,1132 ----
(void) initgroups(pw->pw_name, pw->pw_gid);
/* open wtmp before chroot */
@ -162,7 +152,7 @@
setproctitle("%s", proctitle);
#endif /* SETPROCTITLE */
if (logging)
--- 1231,1238 ----
--- 1221,1228 ----
reply(230, "Guest login ok, access restrictions apply.");
#ifdef SETPROCTITLE
sprintf(proctitle, "%s: anonymous/%.*s", remotehost,
@ -173,7 +163,7 @@
if (logging)
***************
*** 1235,1240 ****
--- 1276,1282 ----
--- 1266,1272 ----
return (buf);
}
@ -183,7 +173,7 @@
FILE *fin,
***************
*** 1422,1428 ****
--- 1464,1474 ----
--- 1454,1464 ----
for (loop = 0; namebuf[loop]; loop++)
if (isspace(namebuf[loop]) || iscntrl(namebuf[loop]))
namebuf[loop] = '_';
@ -197,7 +187,7 @@
remotehost,
***************
*** 1445,1450 ****
--- 1491,1497 ----
--- 1481,1487 ----
(*closefunc) (fin);
}
@ -214,7 +204,7 @@
ctime(&curtime),
xfertime,
remotehost,
--- 1657,1667 ----
--- 1647,1657 ----
for (loop = 0; namebuf[loop]; loop++)
if (isspace(namebuf[loop]) || iscntrl(namebuf[loop]))
namebuf[loop] = '_';
@ -235,7 +225,7 @@
else
(void) strcpy(sizebuf, "");
if (pdata >= 0) {
--- 1750,1760 ----
--- 1740,1750 ----
file_size = size;
byte_count = 0;
if (size != (off_t) - 1)
@ -258,7 +248,7 @@
(void) close(pdata);
pdata = -1;
return (NULL);
--- 1762,1784 ----
--- 1752,1774 ----
int s,
fromlen = sizeof(from);
@ -284,7 +274,7 @@
return (NULL);
***************
*** 1764,1769 ****
--- 1833,1839 ----
--- 1823,1829 ----
* encapsulation of the data subject to Mode, Structure, and Type.
*
* NB: Form isn't handled. */
@ -294,7 +284,7 @@
register int c,
***************
*** 1839,1844 ****
--- 1909,1915 ----
--- 1899,1905 ----
* the data subject to Mode, Structure, and Type.
*
* N.B.: Form isn't handled. */
@ -304,7 +294,7 @@
register int c;
***************
*** 1915,1920 ****
--- 1986,1992 ----
--- 1976,1982 ----
return (-1);
}
@ -314,7 +304,7 @@
char line[BUFSIZ];
***************
*** 1948,1953 ****
--- 2020,2026 ----
--- 2010,2016 ----
reply(211, "End of Status");
}
@ -324,7 +314,7 @@
struct sockaddr_in *sin;
***************
*** 2001,2006 ****
--- 2074,2080 ----
--- 2064,2070 ----
reply(211, "End of status");
}
@ -334,7 +324,7 @@
reply(451, "Error in server: %s\n", s);
***************
*** 2095,2100 ****
--- 2169,2175 ----
--- 2159,2165 ----
#else
/* VARARGS2 */
@ -344,7 +334,7 @@
if (autospout != NULL) {
***************
*** 2129,2134 ****
--- 2204,2210 ----
--- 2194,2200 ----
}
/* VARARGS2 */
@ -354,7 +344,7 @@
if (!dolreplies)
***************
*** 2144,2160 ****
--- 2220,2239 ----
--- 2210,2229 ----
}
#endif
@ -377,7 +367,7 @@
char *cp;
***************
*** 2164,2169 ****
--- 2243,2249 ----
--- 2233,2239 ----
reply(500, "'%s': command not understood.", cbuf);
}
@ -387,7 +377,7 @@
struct stat st;
***************
*** 2208,2213 ****
--- 2288,2294 ----
--- 2278,2284 ----
ack("DELE");
}
@ -397,7 +387,7 @@
struct aclmember *entry = NULL;
***************
*** 2248,2253 ****
--- 2329,2335 ----
--- 2319,2325 ----
}
}
@ -416,7 +406,7 @@
int valid = 0;
/*
--- 2356,2365 ----
--- 2346,2355 ----
reply(257, "MKD command successful.");
}
@ -429,7 +419,7 @@
/*
***************
*** 2298,2303 ****
--- 2381,2387 ----
--- 2371,2377 ----
ack("RMD");
}
@ -446,7 +436,7 @@
else
reply(257, "\"%s\" is current directory.", path);
}
--- 2396,2403 ----
--- 2386,2393 ----
#else
if (getwd(path) == (char *) NULL)
#endif
@ -457,7 +447,7 @@
}
***************
*** 2342,2347 ****
--- 2427,2433 ----
--- 2417,2423 ----
return (name);
}
@ -467,7 +457,7 @@
***************
*** 2357,2362 ****
--- 2443,2449 ----
--- 2433,2439 ----
ack("RNTO");
}
@ -477,7 +467,7 @@
struct hostent *hp;
***************
*** 2412,2417 ****
--- 2499,2505 ----
--- 2489,2495 ----
}
/* Record logout in wtmp file and exit with supplied status. */
@ -487,7 +477,7 @@
if (logged_in) {
***************
*** 2459,2464 ****
--- 2547,2553 ----
--- 2537,2543 ----
* PASV command in RFC959. However, it has been blessed as a legitimate
* response by Jon Postel in a telephone conversation with Rick Adams on 25
* Jan 89. */
@ -497,7 +487,7 @@
int len;
***************
*** 2530,2535 ****
--- 2619,2625 ----
--- 2609,2615 ----
}
/* Format and send reply containing system error number. */
@ -507,7 +497,7 @@
reply(code, "%s: %s.", string, strerror(errno));
***************
*** 2538,2543 ****
--- 2628,2634 ----
--- 2618,2624 ----
static char *onefile[] =
{"", 0};

88
ftp/wu-ftpd/files/patch-ad
View File

@ -1,5 +1,5 @@
*** src/ftpd.c.orig Thu Apr 14 01:17:18 1994
--- src/ftpd.c Thu Oct 17 21:27:32 1996
*** src/ftpd.c.orig Wed Apr 13 23:17:18 1994
--- src/ftpd.c Tue May 30 00:17:25 1995
***************
*** 139,146 ****
*freopen(const char *, const char *, FILE *);
@ -21,14 +21,13 @@
***************
*** 237,242 ****
--- 237,248 ----
--- 237,247 ----
#endif /* SETPROCTITLE */
+ #ifdef SKEY
+ #include <skey.h>
+ int pwok = 0;
+ int sflag;
+ #endif
+
#ifdef KERBEROS
@ -36,7 +35,7 @@
void end_krb();
***************
*** 252,257 ****
--- 258,269 ----
--- 257,269 ----
char ls_short[50];
struct aclmember *entry = NULL;
@ -46,6 +45,7 @@
+ void dologout(int);
+ void perror_reply(int, char *);
+
+ void
main(int argc, char **argv, char **envp)
{
int addrlen,
@ -62,23 +62,13 @@
register char *cp;
***************
*** 878,884 ****
--- 892,913 ----
--- 892,903 ----
} else
acl_setfunctions();
+ #ifdef SKEY
+ pwok = skeyaccess(name, NULL, remotehost, remoteaddr);
+ cp = skey_challenge(name, pw, pwok, &sflag);
+ if (!pwok && sflag) {
+ reply(530, cp);
+ if (logging)
+ syslog(LOG_NOTICE,
+ "FTP LOGIN REFUSED (s/key password not exist) FROM %s [%s], %s",
+ remotehost, remoteaddr, name);
+ pw = (struct passwd *) NULL;
+ return;
+ }
+ reply(331, cp);
+ reply(331, "%s", skey_challenge(name, pw, pwok));
+ #else
reply(331, "Password required for %s.", name);
+ #endif
@ -87,7 +77,7 @@
* passwd-guessing programs. */
***************
*** 887,892 ****
--- 916,922 ----
--- 906,912 ----
}
/* Check if a user is in the file _PATH_FTPUSERS */
@ -97,7 +87,7 @@
register FILE *fd;
***************
*** 911,916 ****
--- 941,947 ----
--- 931,937 ----
/* Terminate login as previous user, if any, resetting state; used when USER
* command is given or login fails. */
@ -107,7 +97,7 @@
***************
*** 965,970 ****
--- 996,1002 ----
--- 986,992 ----
return 0;
}
@ -117,7 +107,7 @@
char *xpasswd,
***************
*** 1007,1014 ****
--- 1039,1051 ----
--- 1029,1041 ----
#ifdef KERBEROS
xpasswd = crypt16(passwd, salt);
#else
@ -140,7 +130,7 @@
logwtmp(ttyline, pw->pw_name, remotehost);
logged_in = 1;
--- 1132,1142 ----
--- 1122,1132 ----
(void) initgroups(pw->pw_name, pw->pw_gid);
/* open wtmp before chroot */
@ -162,7 +152,7 @@
setproctitle("%s", proctitle);
#endif /* SETPROCTITLE */
if (logging)
--- 1231,1238 ----
--- 1221,1228 ----
reply(230, "Guest login ok, access restrictions apply.");
#ifdef SETPROCTITLE
sprintf(proctitle, "%s: anonymous/%.*s", remotehost,
@ -173,7 +163,7 @@
if (logging)
***************
*** 1235,1240 ****
--- 1276,1282 ----
--- 1266,1272 ----
return (buf);
}
@ -183,7 +173,7 @@
FILE *fin,
***************
*** 1422,1428 ****
--- 1464,1474 ----
--- 1454,1464 ----
for (loop = 0; namebuf[loop]; loop++)
if (isspace(namebuf[loop]) || iscntrl(namebuf[loop]))
namebuf[loop] = '_';
@ -197,7 +187,7 @@
remotehost,
***************
*** 1445,1450 ****
--- 1491,1497 ----
--- 1481,1487 ----
(*closefunc) (fin);
}
@ -214,7 +204,7 @@
ctime(&curtime),
xfertime,
remotehost,
--- 1657,1667 ----
--- 1647,1657 ----
for (loop = 0; namebuf[loop]; loop++)
if (isspace(namebuf[loop]) || iscntrl(namebuf[loop]))
namebuf[loop] = '_';
@ -235,7 +225,7 @@
else
(void) strcpy(sizebuf, "");
if (pdata >= 0) {
--- 1750,1760 ----
--- 1740,1750 ----
file_size = size;
byte_count = 0;
if (size != (off_t) - 1)
@ -258,7 +248,7 @@
(void) close(pdata);
pdata = -1;
return (NULL);
--- 1762,1784 ----
--- 1752,1774 ----
int s,
fromlen = sizeof(from);
@ -284,7 +274,7 @@
return (NULL);
***************
*** 1764,1769 ****
--- 1833,1839 ----
--- 1823,1829 ----
* encapsulation of the data subject to Mode, Structure, and Type.
*
* NB: Form isn't handled. */
@ -294,7 +284,7 @@
register int c,
***************
*** 1839,1844 ****
--- 1909,1915 ----
--- 1899,1905 ----
* the data subject to Mode, Structure, and Type.
*
* N.B.: Form isn't handled. */
@ -304,7 +294,7 @@
register int c;
***************
*** 1915,1920 ****
--- 1986,1992 ----
--- 1976,1982 ----
return (-1);
}
@ -314,7 +304,7 @@
char line[BUFSIZ];
***************
*** 1948,1953 ****
--- 2020,2026 ----
--- 2010,2016 ----
reply(211, "End of Status");
}
@ -324,7 +314,7 @@
struct sockaddr_in *sin;
***************
*** 2001,2006 ****
--- 2074,2080 ----
--- 2064,2070 ----
reply(211, "End of status");
}
@ -334,7 +324,7 @@
reply(451, "Error in server: %s\n", s);
***************
*** 2095,2100 ****
--- 2169,2175 ----
--- 2159,2165 ----
#else
/* VARARGS2 */
@ -344,7 +334,7 @@
if (autospout != NULL) {
***************
*** 2129,2134 ****
--- 2204,2210 ----
--- 2194,2200 ----
}
/* VARARGS2 */
@ -354,7 +344,7 @@
if (!dolreplies)
***************
*** 2144,2160 ****
--- 2220,2239 ----
--- 2210,2229 ----
}
#endif
@ -377,7 +367,7 @@
char *cp;
***************
*** 2164,2169 ****
--- 2243,2249 ----
--- 2233,2239 ----
reply(500, "'%s': command not understood.", cbuf);
}
@ -387,7 +377,7 @@
struct stat st;
***************
*** 2208,2213 ****
--- 2288,2294 ----
--- 2278,2284 ----
ack("DELE");
}
@ -397,7 +387,7 @@
struct aclmember *entry = NULL;
***************
*** 2248,2253 ****
--- 2329,2335 ----
--- 2319,2325 ----
}
}
@ -416,7 +406,7 @@
int valid = 0;
/*
--- 2356,2365 ----
--- 2346,2355 ----
reply(257, "MKD command successful.");
}
@ -429,7 +419,7 @@
/*
***************
*** 2298,2303 ****
--- 2381,2387 ----
--- 2371,2377 ----
ack("RMD");
}
@ -446,7 +436,7 @@
else
reply(257, "\"%s\" is current directory.", path);
}
--- 2396,2403 ----
--- 2386,2393 ----
#else
if (getwd(path) == (char *) NULL)
#endif
@ -457,7 +447,7 @@
}
***************
*** 2342,2347 ****
--- 2427,2433 ----
--- 2417,2423 ----
return (name);
}
@ -467,7 +457,7 @@
***************
*** 2357,2362 ****
--- 2443,2449 ----
--- 2433,2439 ----
ack("RNTO");
}
@ -477,7 +467,7 @@
struct hostent *hp;
***************
*** 2412,2417 ****
--- 2499,2505 ----
--- 2489,2495 ----
}
/* Record logout in wtmp file and exit with supplied status. */
@ -487,7 +477,7 @@
if (logged_in) {
***************
*** 2459,2464 ****
--- 2547,2553 ----
--- 2537,2543 ----
* PASV command in RFC959. However, it has been blessed as a legitimate
* response by Jon Postel in a telephone conversation with Rick Adams on 25
* Jan 89. */
@ -497,7 +487,7 @@
int len;
***************
*** 2530,2535 ****
--- 2619,2625 ----
--- 2609,2615 ----
}
/* Format and send reply containing system error number. */
@ -507,7 +497,7 @@
reply(code, "%s: %s.", string, strerror(errno));
***************
*** 2538,2543 ****
--- 2628,2634 ----
--- 2618,2624 ----
static char *onefile[] =
{"", 0};