--- src/ftpd.c.orig Tue Oct 2 22:21:17 2001 +++ src/ftpd.c Tue Oct 2 22:21:17 2001 @@ -447,7 +447,6 @@ #ifdef OPIE #include int pwok = 0; -int af_pwok = 0; struct opie opiestate; #endif @@ -1219,10 +1218,6 @@ exit(0); } -#ifdef OPIE - af_pwok = opieaccessfile(remotehost); -#endif - #ifdef HAVE_LIBRESOLV /* check permitted access based on remote host DNS information */ if (!check_reverse_dns()) { @@ -1662,9 +1657,9 @@ /* Display s/key challenge where appropriate. */ if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf)) - sprintf(buf, "Password required for %s.", name); + snprintf(buf, 128, "Password required for %s.", name); else - sprintf(buf, "%s %s for %s.", sbuf, + snprintf(buf, 128, "%s %s for %s.", sbuf, pwok ? "allowed" : "required", name); return (buf); } @@ -2105,16 +2100,17 @@ #ifdef OPIE { char prompt[OPIE_CHALLENGE_MAX + 1]; - opiechallenge(&opiestate, name, prompt); - if (askpasswd == -1) { - syslog(LOG_WARNING, "Invalid FTP user name %s attempted from %s", name, remotehost); - pwok = 0; + if (opiechallenge(&opiestate, name, prompt) == 0) { + pwok = (pw != NULL) && + opieaccessfile(remotehost) && + opiealways(pw->pw_dir); + reply(331, "Response to %s %s for %s.", + prompt, pwok ? "requested" : "required", name); + } else { + pwok = 1; + reply(331, "Password required for %s.", name); } - else - pwok = af_pwok && opiealways(pw->pw_dir); - reply(331, "Response to %s %s for %s.", - prompt, pwok ? "requested" : "required", name); } #else reply(331, "Password required for %s.", name); @@ -2593,8 +2589,8 @@ if (pw == NULL) salt = "xx"; else -#ifndef OPIE salt = pw->pw_passwd; +#ifndef OPIE #ifdef SECUREOSF if ((pr = getprpwnam(pw->pw_name)) != NULL) { if (pr->uflg.fg_newcrypt) @@ -2627,9 +2623,15 @@ xpasswd = crypt(passwd, salt); #endif /* SKEY */ #else /* OPIE */ - if (!opieverify(&opiestate, passwd)) - rval = 0; - xpasswd = crypt(passwd, pw->pw_passwd); + if (pw != NULL) { + if (opieverify(&opiestate, passwd) == 0) + xpasswd = pw->pw_passwd; + else if (pwok) + xpasswd = crypt(passwd, salt); + else + pw = NULL; + } + pwok = 0; #endif /* OPIE */ #ifdef ULTRIX_AUTH if ((numfails = ultrix_check_pass(passwd, xpasswd)) >= 0) {