mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-20 04:02:27 +00:00
Code Issues Releases Activity
df869e5883
freebsd-ports/ftp/wu-ftpd/files/patch-aa
Andrey A. Chernov fc23b5141f fix for restricted-uid'/restricted-gid' directive may be bypassed 
Submitted by:   Matt Zimmerman <mdz@debian.org>
2004-03-08 13:39:20 +00:00

98 lines
2.6 KiB
Plaintext
Raw Blame History

--- src/ftpd.c.orig Mon Mar 8 07:24:50 2004
+++ src/ftpd.c Mon Mar 8 07:24:50 2004
@@ -447,7 +447,6 @@
#ifdef OPIE
#include <opie.h>
int pwok = 0;
-int af_pwok = 0;
struct opie opiestate;
#endif
@@ -1219,10 +1218,6 @@
exit(0);
}
-#ifdef OPIE
- af_pwok = opieaccessfile(remotehost);
-#endif
-
#ifdef HAVE_LIBRESOLV
/* check permitted access based on remote host DNS information */
if (!check_reverse_dns()) {
@@ -1662,9 +1657,9 @@
/* Display s/key challenge where appropriate. */
if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
- sprintf(buf, "Password required for %s.", name);
+ snprintf(buf, 128, "Password required for %s.", name);
else
- sprintf(buf, "%s %s for %s.", sbuf,
+ snprintf(buf, 128, "%s %s for %s.", sbuf,
pwok ? "allowed" : "required", name);
return (buf);
}
@@ -2105,16 +2100,17 @@
#ifdef OPIE
{
char prompt[OPIE_CHALLENGE_MAX + 1];
- opiechallenge(&opiestate, name, prompt);
- if (askpasswd == -1) {
- syslog(LOG_WARNING, "Invalid FTP user name %s attempted from %s", name, remotehost);
- pwok = 0;
+ if (opiechallenge(&opiestate, name, prompt) == 0) {
+ pwok = (pw != NULL) &&
+ opieaccessfile(remotehost) &&
+ opiealways(pw->pw_dir);
+ reply(331, "Response to %s %s for %s.",
+ prompt, pwok ? "requested" : "required", name);
+ } else {
+ pwok = 1;
+ reply(331, "Password required for %s.", name);
}
- else
- pwok = af_pwok && opiealways(pw->pw_dir);
- reply(331, "Response to %s %s for %s.",
- prompt, pwok ? "requested" : "required", name);
}
#else
reply(331, "Password required for %s.", name);
@@ -2593,8 +2589,8 @@
if (pw == NULL)
salt = "xx";
else
-#ifndef OPIE
salt = pw->pw_passwd;
+#ifndef OPIE
#ifdef SECUREOSF
if ((pr = getprpwnam(pw->pw_name)) != NULL) {
if (pr->uflg.fg_newcrypt)
@@ -2627,9 +2623,15 @@
xpasswd = crypt(passwd, salt);
#endif /* SKEY */
#else /* OPIE */
- if (!opieverify(&opiestate, passwd))
- rval = 0;
- xpasswd = crypt(passwd, pw->pw_passwd);
+ if (pw != NULL) {
+ if (opieverify(&opiestate, passwd) == 0)
+ xpasswd = pw->pw_passwd;
+ else if (pwok)
+ xpasswd = crypt(passwd, salt);
+ else
+ pw = NULL;
+ }
+ pwok = 0;
#endif /* OPIE */
#ifdef ULTRIX_AUTH
if ((numfails = ultrix_check_pass(passwd, xpasswd)) >= 0) {
@@ -3189,7 +3191,7 @@
pw->pw_name, pw->pw_dir);
goto bad;
#else
- if (chdir("/") < 0) {
+ if (restricted_user || chdir("/") < 0) {
#ifdef VERBOSE_ERROR_LOGING
syslog(LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for %s, %s",
remoteident, pw->pw_name);
Reference in New Issue View Git Blame Copy Permalink