mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-08 23:06:56 +00:00
f5ade91fb7
Submitted by: andrew@ugh.net.au The previous port of poppassd worked fine under 2.1.x but broke under 2.2.x. Ron Bickers <rbickers@intercenter.net> sent me some changes which should allow it to work under 2.2.x and these changes are incorporated in this version. The port seems to still work under 2.1.x.
221 lines
7.2 KiB
Plaintext
221 lines
7.2 KiB
Plaintext
--- poppassd.c.orig Mon Mar 31 16:00:34 1997
|
|
+++ poppassd.c Mon Mar 31 16:03:16 1997
|
|
@@ -13,11 +13,11 @@
|
|
*
|
|
* Doesn't actually change any passwords itself. It simply listens for
|
|
* incoming requests, gathers the required information (user name, old
|
|
- * password, new password) and executes /bin/passwd, talking to it over
|
|
+ * password, new password) and executes /usr/bin/passwd, talking to it over
|
|
* a pseudo-terminal pair. The advantage of this is that we don't need
|
|
* to have any knowledge of either the password file format (which may
|
|
* include dbx files that need to be rebuilt) or of any file locking
|
|
- * protocol /bin/passwd and cohorts may use (and which isn't documented).
|
|
+ * protocol /usr/bin/passwd and cohorts may use (and which isn't documented).
|
|
*
|
|
* The current version has been tested at NU under SunOS release 4.1.2
|
|
* and 4.1.3, and under HP-UX 8.02 and 9.01. We have tested the server
|
|
@@ -29,7 +29,7 @@
|
|
* Note that unencrypted passwords are transmitted over the network. If
|
|
* this bothers you, think hard about whether you want to implement the
|
|
* password changing feature. On the other hand, it's no worse than what
|
|
- * happens when you run /bin/passwd while connected via telnet or rlogin.
|
|
+ * happens when you run /usr/bin/passwd while connected via telnet or rlogin.
|
|
* Well, maybe it is, since the use of a dedicated port makes it slightly
|
|
* easier for a network snooper to snarf passwords off the wire.
|
|
*
|
|
@@ -47,7 +47,7 @@
|
|
* (which talks to /bin/password) is directly descended from Smith's
|
|
* version, with changes for SunOS and HP-UX by Norstad (with help from
|
|
* sample code in "Advanced Programming in the UNIX Environment"
|
|
- * by W. Richard Stevens). The code to report /bin/passwd error messages
|
|
+ * by W. Richard Stevens). The code to report /usr/bin/passwd error messages
|
|
* back to the client in the final 500 response, and a new version of the
|
|
* code to find the next free pty, is by Norstad.
|
|
*
|
|
@@ -145,8 +145,9 @@
|
|
static char *P1[] =
|
|
{"Old password:",
|
|
"Changing password for *.\nOld password:",
|
|
+ "Changing local password for *.\nOld password:",
|
|
"Changing password for * on *.\nOld password:",
|
|
- "Changing NIS password for * on *.\nOld password:",
|
|
+ "Changing NIS password for * on *.\nOld Password: ",
|
|
"Changing password for *\n*'s Old password:",
|
|
""};
|
|
|
|
@@ -165,7 +166,9 @@
|
|
|
|
static char *P4[] =
|
|
{"\n",
|
|
+ "\npasswd: rebuilding the database...\npasswd: done\n",
|
|
"NIS entry changed on *\n",
|
|
+ "\n\nNIS password has been changed on *.\n",
|
|
""};
|
|
|
|
|
|
@@ -186,11 +189,7 @@
|
|
|
|
*user = *oldpass = *newpass = 0;
|
|
|
|
- if (openlog ("poppassd", LOG_PID, LOG_LOCAL2) < 0)
|
|
- {
|
|
- WriteToClient ("500 Can't open syslog.");
|
|
- exit (1);
|
|
- }
|
|
+ openlog("poppassd", LOG_PID, LOG_LOCAL2);
|
|
|
|
WriteToClient ("200 poppassd v%s hello, who are you?", VERSION);
|
|
ReadFromClient (line);
|
|
@@ -218,6 +217,7 @@
|
|
|
|
if (chkPass (user, oldpass, pw) == FAILURE)
|
|
{
|
|
+ syslog(LOG_ERR, "Incorrect password from %s", user);
|
|
WriteToClient ("500 Old password is incorrect.");
|
|
exit(1);
|
|
}
|
|
@@ -264,28 +264,28 @@
|
|
|
|
if ((wpid = waitpid (pid, &wstat, 0)) < 0)
|
|
{
|
|
- syslog (LOG_ERR, "wait for /bin/passwd child failed: %m");
|
|
+ syslog (LOG_ERR, "wait for /usr/bin/passwd child failed: %m");
|
|
WriteToClient ("500 Server error (wait failed), get help!");
|
|
exit (1);
|
|
}
|
|
|
|
if (pid != wpid)
|
|
{
|
|
- syslog (LOG_ERR, "wrong child (/bin/passwd waited for!");
|
|
+ syslog (LOG_ERR, "wrong child (/usr/bin/passwd) waited for!");
|
|
WriteToClient ("500 Server error (wrong child), get help!");
|
|
exit (1);
|
|
}
|
|
|
|
if (WIFEXITED (wstat) == 0)
|
|
{
|
|
- syslog (LOG_ERR, "child (/bin/passwd) killed?");
|
|
+ syslog (LOG_ERR, "child (/usr/bin/passwd) killed?");
|
|
WriteToClient ("500 Server error (funny wstat), get help!");
|
|
exit (1);
|
|
}
|
|
|
|
if (WEXITSTATUS (wstat) != 0)
|
|
{
|
|
- syslog (LOG_ERR, "child (/bin/passwd) exited abnormally");
|
|
+ syslog (LOG_ERR, "child (/usr/bin/passwd) exited abnormally");
|
|
WriteToClient ("500 Server error (abnormal exit), get help!");
|
|
exit (1);
|
|
}
|
|
@@ -304,17 +304,19 @@
|
|
}
|
|
else /* Child */
|
|
{
|
|
- /*
|
|
- * Become the user trying who's password is being changed. We're
|
|
- * about to exec /bin/passwd with is setuid root anyway, but this
|
|
- * way it looks to the child completely like it's being run by
|
|
- * the normal user, which makes it do its own password verification
|
|
- * before doing any thing. In theory, we've already verified the
|
|
- * password, but this extra level of checking doesn't hurt. Besides,
|
|
- * the way I do it here, if somebody manages to change somebody
|
|
- * else's password, you can complain to your vendor about security
|
|
- * holes, not to me!
|
|
- */
|
|
+ /* Start new session - gets rid of controlling terminal. */
|
|
+
|
|
+ if (setsid() < 0) {
|
|
+ syslog(LOG_ERR, "setsid failed: %m");
|
|
+ return(0);
|
|
+ }
|
|
+
|
|
+ /* Set login name */
|
|
+
|
|
+ if (setlogin(user) < 0) {
|
|
+ syslog(LOG_ERR, "setlogin failed: %m");
|
|
+ return(0);
|
|
+ }
|
|
setuid (pw->pw_uid);
|
|
setgid (pw->pw_gid);
|
|
dochild (master, slavedev, user);
|
|
@@ -324,7 +326,7 @@
|
|
/*
|
|
* dochild
|
|
*
|
|
- * Do child stuff - set up slave pty and execl /bin/passwd.
|
|
+ * Do child stuff - set up slave pty and execl /usr/bin/passwd.
|
|
*
|
|
* Code adapted from "Advanced Programming in the UNIX Environment"
|
|
* by W. Richard Stevens.
|
|
@@ -338,13 +340,6 @@
|
|
int slave;
|
|
struct termios stermios;
|
|
|
|
- /* Start new session - gets rid of controlling terminal. */
|
|
-
|
|
- if (setsid() < 0) {
|
|
- syslog(LOG_ERR, "setsid failed: %m");
|
|
- return(0);
|
|
- }
|
|
-
|
|
/* Open slave pty and acquire as new controlling terminal. */
|
|
|
|
if ((slave = open(slavedev, O_RDWR)) < 0) {
|
|
@@ -387,10 +382,10 @@
|
|
return(0);
|
|
}
|
|
|
|
- /* Fork /bin/passwd. */
|
|
+ /* Fork /usr/bin/passwd. */
|
|
|
|
- if (execl("/bin/passwd", "passwd", user, (char*)0) < 0) {
|
|
- syslog(LOG_ERR, "can't exec /bin/passwd: %m");
|
|
+ if (execl("/usr/bin/passwd", "passwd", user, (char*)0) < 0) {
|
|
+ syslog(LOG_ERR, "can't exec /usr/bin/passwd: %m");
|
|
return(0);
|
|
}
|
|
}
|
|
@@ -408,15 +403,20 @@
|
|
*
|
|
* Modified by Norstad to remove assumptions about number of pty's allocated
|
|
* on this UNIX box.
|
|
+ *
|
|
+ * Modified by Stephen Melvin to allocate local space for static character
|
|
+ * array, rather than local space to pointer to constant string, which is
|
|
+ * not kosher and was crashing FreeBSD 1.1.5.1.
|
|
*/
|
|
findpty (slave)
|
|
char **slave;
|
|
{
|
|
int master;
|
|
- static char *line = "/dev/ptyXX";
|
|
+ static char line[11];
|
|
DIR *dirp;
|
|
struct dirent *dp;
|
|
|
|
+ strcpy(line,"/dev/ptyXX");
|
|
dirp = opendir("/dev");
|
|
while ((dp = readdir(dirp)) != NULL) {
|
|
if (strncmp(dp->d_name, "pty", 3) == 0 && strlen(dp->d_name) == 5) {
|
|
@@ -485,9 +485,11 @@
|
|
}
|
|
|
|
writestring(master, pswd);
|
|
-
|
|
+ sleep(2);
|
|
if (!expect(master, P4, buf)) return FAILURE;
|
|
|
|
+ close(master);
|
|
+
|
|
return SUCCESS;
|
|
}
|
|
|
|
@@ -566,6 +568,7 @@
|
|
}
|
|
n += m;
|
|
buf[n] = 0;
|
|
+/* syslog(LOG_ERR, "read from child: %s",buf); */
|
|
initialSegment = 0;
|
|
for (s = expected; **s != 0; s++) {
|
|
result = match(buf, *s);
|