diff options
author | ache <ache@FreeBSD.org> | 1996-10-19 01:15:19 +0800 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 1996-10-19 01:15:19 +0800 |
commit | fce685f83d3658fe6d0f5d4bbd3df7a25383cd5d (patch) | |
tree | 74cb9053867af8e23d96a4feabd8d66487a27921 | |
parent | 4c9d432a70549261f64e17ac5c50e17264d9400c (diff) | |
download | freebsd-ports-graphics-fce685f83d3658fe6d0f5d4bbd3df7a25383cd5d.tar.gz freebsd-ports-graphics-fce685f83d3658fe6d0f5d4bbd3df7a25383cd5d.tar.zst freebsd-ports-graphics-fce685f83d3658fe6d0f5d4bbd3df7a25383cd5d.zip |
Implement alternative strategy: if it impossible to confirm password, ask for
it anycase, but not tell that S/key password required
It looks like non-s/key system from outside
Additionly tell that s/key required if it is so for normal case
-rw-r--r-- | ftp/wu-ftpd+ipv6/files/patch-ad | 88 | ||||
-rw-r--r-- | ftp/wu-ftpd/files/patch-ad | 88 |
2 files changed, 78 insertions, 98 deletions
diff --git a/ftp/wu-ftpd+ipv6/files/patch-ad b/ftp/wu-ftpd+ipv6/files/patch-ad index 132e500da65..d6ddda015e1 100644 --- a/ftp/wu-ftpd+ipv6/files/patch-ad +++ b/ftp/wu-ftpd+ipv6/files/patch-ad @@ -1,5 +1,5 @@ -*** src/ftpd.c.orig Thu Apr 14 01:17:18 1994 ---- src/ftpd.c Thu Oct 17 21:27:32 1996 +*** src/ftpd.c.orig Wed Apr 13 23:17:18 1994 +--- src/ftpd.c Tue May 30 00:17:25 1995 *************** *** 139,146 **** *freopen(const char *, const char *, FILE *); @@ -21,14 +21,13 @@ *************** *** 237,242 **** ---- 237,248 ---- +--- 237,247 ---- #endif /* SETPROCTITLE */ + #ifdef SKEY + #include <skey.h> + int pwok = 0; -+ int sflag; + #endif + #ifdef KERBEROS @@ -36,7 +35,7 @@ void end_krb(); *************** *** 252,257 **** ---- 258,269 ---- +--- 257,269 ---- char ls_short[50]; struct aclmember *entry = NULL; @@ -46,6 +45,7 @@ + void dologout(int); + void perror_reply(int, char *); + ++ void main(int argc, char **argv, char **envp) { int addrlen, @@ -62,23 +62,13 @@ register char *cp; *************** *** 878,884 **** ---- 892,913 ---- +--- 892,903 ---- } else acl_setfunctions(); + #ifdef SKEY + pwok = skeyaccess(name, NULL, remotehost, remoteaddr); -+ cp = skey_challenge(name, pw, pwok, &sflag); -+ if (!pwok && sflag) { -+ reply(530, cp); -+ if (logging) -+ syslog(LOG_NOTICE, -+ "FTP LOGIN REFUSED (s/key password not exist) FROM %s [%s], %s", -+ remotehost, remoteaddr, name); -+ pw = (struct passwd *) NULL; -+ return; -+ } -+ reply(331, cp); ++ reply(331, "%s", skey_challenge(name, pw, pwok)); + #else reply(331, "Password required for %s.", name); + #endif @@ -87,7 +77,7 @@ * passwd-guessing programs. */ *************** *** 887,892 **** ---- 916,922 ---- +--- 906,912 ---- } /* Check if a user is in the file _PATH_FTPUSERS */ @@ -97,7 +87,7 @@ register FILE *fd; *************** *** 911,916 **** ---- 941,947 ---- +--- 931,937 ---- /* Terminate login as previous user, if any, resetting state; used when USER * command is given or login fails. */ @@ -107,7 +97,7 @@ *************** *** 965,970 **** ---- 996,1002 ---- +--- 986,992 ---- return 0; } @@ -117,7 +107,7 @@ char *xpasswd, *************** *** 1007,1014 **** ---- 1039,1051 ---- +--- 1029,1041 ---- #ifdef KERBEROS xpasswd = crypt16(passwd, salt); #else @@ -140,7 +130,7 @@ logwtmp(ttyline, pw->pw_name, remotehost); logged_in = 1; ---- 1132,1142 ---- +--- 1122,1132 ---- (void) initgroups(pw->pw_name, pw->pw_gid); /* open wtmp before chroot */ @@ -162,7 +152,7 @@ setproctitle("%s", proctitle); #endif /* SETPROCTITLE */ if (logging) ---- 1231,1238 ---- +--- 1221,1228 ---- reply(230, "Guest login ok, access restrictions apply."); #ifdef SETPROCTITLE sprintf(proctitle, "%s: anonymous/%.*s", remotehost, @@ -173,7 +163,7 @@ if (logging) *************** *** 1235,1240 **** ---- 1276,1282 ---- +--- 1266,1272 ---- return (buf); } @@ -183,7 +173,7 @@ FILE *fin, *************** *** 1422,1428 **** ---- 1464,1474 ---- +--- 1454,1464 ---- for (loop = 0; namebuf[loop]; loop++) if (isspace(namebuf[loop]) || iscntrl(namebuf[loop])) namebuf[loop] = '_'; @@ -197,7 +187,7 @@ remotehost, *************** *** 1445,1450 **** ---- 1491,1497 ---- +--- 1481,1487 ---- (*closefunc) (fin); } @@ -214,7 +204,7 @@ ctime(&curtime), xfertime, remotehost, ---- 1657,1667 ---- +--- 1647,1657 ---- for (loop = 0; namebuf[loop]; loop++) if (isspace(namebuf[loop]) || iscntrl(namebuf[loop])) namebuf[loop] = '_'; @@ -235,7 +225,7 @@ else (void) strcpy(sizebuf, ""); if (pdata >= 0) { ---- 1750,1760 ---- +--- 1740,1750 ---- file_size = size; byte_count = 0; if (size != (off_t) - 1) @@ -258,7 +248,7 @@ (void) close(pdata); pdata = -1; return (NULL); ---- 1762,1784 ---- +--- 1752,1774 ---- int s, fromlen = sizeof(from); @@ -284,7 +274,7 @@ return (NULL); *************** *** 1764,1769 **** ---- 1833,1839 ---- +--- 1823,1829 ---- * encapsulation of the data subject to Mode, Structure, and Type. * * NB: Form isn't handled. */ @@ -294,7 +284,7 @@ register int c, *************** *** 1839,1844 **** ---- 1909,1915 ---- +--- 1899,1905 ---- * the data subject to Mode, Structure, and Type. * * N.B.: Form isn't handled. */ @@ -304,7 +294,7 @@ register int c; *************** *** 1915,1920 **** ---- 1986,1992 ---- +--- 1976,1982 ---- return (-1); } @@ -314,7 +304,7 @@ char line[BUFSIZ]; *************** *** 1948,1953 **** ---- 2020,2026 ---- +--- 2010,2016 ---- reply(211, "End of Status"); } @@ -324,7 +314,7 @@ struct sockaddr_in *sin; *************** *** 2001,2006 **** ---- 2074,2080 ---- +--- 2064,2070 ---- reply(211, "End of status"); } @@ -334,7 +324,7 @@ reply(451, "Error in server: %s\n", s); *************** *** 2095,2100 **** ---- 2169,2175 ---- +--- 2159,2165 ---- #else /* VARARGS2 */ @@ -344,7 +334,7 @@ if (autospout != NULL) { *************** *** 2129,2134 **** ---- 2204,2210 ---- +--- 2194,2200 ---- } /* VARARGS2 */ @@ -354,7 +344,7 @@ if (!dolreplies) *************** *** 2144,2160 **** ---- 2220,2239 ---- +--- 2210,2229 ---- } #endif @@ -377,7 +367,7 @@ char *cp; *************** *** 2164,2169 **** ---- 2243,2249 ---- +--- 2233,2239 ---- reply(500, "'%s': command not understood.", cbuf); } @@ -387,7 +377,7 @@ struct stat st; *************** *** 2208,2213 **** ---- 2288,2294 ---- +--- 2278,2284 ---- ack("DELE"); } @@ -397,7 +387,7 @@ struct aclmember *entry = NULL; *************** *** 2248,2253 **** ---- 2329,2335 ---- +--- 2319,2325 ---- } } @@ -416,7 +406,7 @@ int valid = 0; /* ---- 2356,2365 ---- +--- 2346,2355 ---- reply(257, "MKD command successful."); } @@ -429,7 +419,7 @@ /* *************** *** 2298,2303 **** ---- 2381,2387 ---- +--- 2371,2377 ---- ack("RMD"); } @@ -446,7 +436,7 @@ else reply(257, "\"%s\" is current directory.", path); } ---- 2396,2403 ---- +--- 2386,2393 ---- #else if (getwd(path) == (char *) NULL) #endif @@ -457,7 +447,7 @@ } *************** *** 2342,2347 **** ---- 2427,2433 ---- +--- 2417,2423 ---- return (name); } @@ -467,7 +457,7 @@ *************** *** 2357,2362 **** ---- 2443,2449 ---- +--- 2433,2439 ---- ack("RNTO"); } @@ -477,7 +467,7 @@ struct hostent *hp; *************** *** 2412,2417 **** ---- 2499,2505 ---- +--- 2489,2495 ---- } /* Record logout in wtmp file and exit with supplied status. */ @@ -487,7 +477,7 @@ if (logged_in) { *************** *** 2459,2464 **** ---- 2547,2553 ---- +--- 2537,2543 ---- * PASV command in RFC959. However, it has been blessed as a legitimate * response by Jon Postel in a telephone conversation with Rick Adams on 25 * Jan 89. */ @@ -497,7 +487,7 @@ int len; *************** *** 2530,2535 **** ---- 2619,2625 ---- +--- 2609,2615 ---- } /* Format and send reply containing system error number. */ @@ -507,7 +497,7 @@ reply(code, "%s: %s.", string, strerror(errno)); *************** *** 2538,2543 **** ---- 2628,2634 ---- +--- 2618,2624 ---- static char *onefile[] = {"", 0}; diff --git a/ftp/wu-ftpd/files/patch-ad b/ftp/wu-ftpd/files/patch-ad index 132e500da65..d6ddda015e1 100644 --- a/ftp/wu-ftpd/files/patch-ad +++ b/ftp/wu-ftpd/files/patch-ad @@ -1,5 +1,5 @@ -*** src/ftpd.c.orig Thu Apr 14 01:17:18 1994 ---- src/ftpd.c Thu Oct 17 21:27:32 1996 +*** src/ftpd.c.orig Wed Apr 13 23:17:18 1994 +--- src/ftpd.c Tue May 30 00:17:25 1995 *************** *** 139,146 **** *freopen(const char *, const char *, FILE *); @@ -21,14 +21,13 @@ *************** *** 237,242 **** ---- 237,248 ---- +--- 237,247 ---- #endif /* SETPROCTITLE */ + #ifdef SKEY + #include <skey.h> + int pwok = 0; -+ int sflag; + #endif + #ifdef KERBEROS @@ -36,7 +35,7 @@ void end_krb(); *************** *** 252,257 **** ---- 258,269 ---- +--- 257,269 ---- char ls_short[50]; struct aclmember *entry = NULL; @@ -46,6 +45,7 @@ + void dologout(int); + void perror_reply(int, char *); + ++ void main(int argc, char **argv, char **envp) { int addrlen, @@ -62,23 +62,13 @@ register char *cp; *************** *** 878,884 **** ---- 892,913 ---- +--- 892,903 ---- } else acl_setfunctions(); + #ifdef SKEY + pwok = skeyaccess(name, NULL, remotehost, remoteaddr); -+ cp = skey_challenge(name, pw, pwok, &sflag); -+ if (!pwok && sflag) { -+ reply(530, cp); -+ if (logging) -+ syslog(LOG_NOTICE, -+ "FTP LOGIN REFUSED (s/key password not exist) FROM %s [%s], %s", -+ remotehost, remoteaddr, name); -+ pw = (struct passwd *) NULL; -+ return; -+ } -+ reply(331, cp); ++ reply(331, "%s", skey_challenge(name, pw, pwok)); + #else reply(331, "Password required for %s.", name); + #endif @@ -87,7 +77,7 @@ * passwd-guessing programs. */ *************** *** 887,892 **** ---- 916,922 ---- +--- 906,912 ---- } /* Check if a user is in the file _PATH_FTPUSERS */ @@ -97,7 +87,7 @@ register FILE *fd; *************** *** 911,916 **** ---- 941,947 ---- +--- 931,937 ---- /* Terminate login as previous user, if any, resetting state; used when USER * command is given or login fails. */ @@ -107,7 +97,7 @@ *************** *** 965,970 **** ---- 996,1002 ---- +--- 986,992 ---- return 0; } @@ -117,7 +107,7 @@ char *xpasswd, *************** *** 1007,1014 **** ---- 1039,1051 ---- +--- 1029,1041 ---- #ifdef KERBEROS xpasswd = crypt16(passwd, salt); #else @@ -140,7 +130,7 @@ logwtmp(ttyline, pw->pw_name, remotehost); logged_in = 1; ---- 1132,1142 ---- +--- 1122,1132 ---- (void) initgroups(pw->pw_name, pw->pw_gid); /* open wtmp before chroot */ @@ -162,7 +152,7 @@ setproctitle("%s", proctitle); #endif /* SETPROCTITLE */ if (logging) ---- 1231,1238 ---- +--- 1221,1228 ---- reply(230, "Guest login ok, access restrictions apply."); #ifdef SETPROCTITLE sprintf(proctitle, "%s: anonymous/%.*s", remotehost, @@ -173,7 +163,7 @@ if (logging) *************** *** 1235,1240 **** ---- 1276,1282 ---- +--- 1266,1272 ---- return (buf); } @@ -183,7 +173,7 @@ FILE *fin, *************** *** 1422,1428 **** ---- 1464,1474 ---- +--- 1454,1464 ---- for (loop = 0; namebuf[loop]; loop++) if (isspace(namebuf[loop]) || iscntrl(namebuf[loop])) namebuf[loop] = '_'; @@ -197,7 +187,7 @@ remotehost, *************** *** 1445,1450 **** ---- 1491,1497 ---- +--- 1481,1487 ---- (*closefunc) (fin); } @@ -214,7 +204,7 @@ ctime(&curtime), xfertime, remotehost, ---- 1657,1667 ---- +--- 1647,1657 ---- for (loop = 0; namebuf[loop]; loop++) if (isspace(namebuf[loop]) || iscntrl(namebuf[loop])) namebuf[loop] = '_'; @@ -235,7 +225,7 @@ else (void) strcpy(sizebuf, ""); if (pdata >= 0) { ---- 1750,1760 ---- +--- 1740,1750 ---- file_size = size; byte_count = 0; if (size != (off_t) - 1) @@ -258,7 +248,7 @@ (void) close(pdata); pdata = -1; return (NULL); ---- 1762,1784 ---- +--- 1752,1774 ---- int s, fromlen = sizeof(from); @@ -284,7 +274,7 @@ return (NULL); *************** *** 1764,1769 **** ---- 1833,1839 ---- +--- 1823,1829 ---- * encapsulation of the data subject to Mode, Structure, and Type. * * NB: Form isn't handled. */ @@ -294,7 +284,7 @@ register int c, *************** *** 1839,1844 **** ---- 1909,1915 ---- +--- 1899,1905 ---- * the data subject to Mode, Structure, and Type. * * N.B.: Form isn't handled. */ @@ -304,7 +294,7 @@ register int c; *************** *** 1915,1920 **** ---- 1986,1992 ---- +--- 1976,1982 ---- return (-1); } @@ -314,7 +304,7 @@ char line[BUFSIZ]; *************** *** 1948,1953 **** ---- 2020,2026 ---- +--- 2010,2016 ---- reply(211, "End of Status"); } @@ -324,7 +314,7 @@ struct sockaddr_in *sin; *************** *** 2001,2006 **** ---- 2074,2080 ---- +--- 2064,2070 ---- reply(211, "End of status"); } @@ -334,7 +324,7 @@ reply(451, "Error in server: %s\n", s); *************** *** 2095,2100 **** ---- 2169,2175 ---- +--- 2159,2165 ---- #else /* VARARGS2 */ @@ -344,7 +334,7 @@ if (autospout != NULL) { *************** *** 2129,2134 **** ---- 2204,2210 ---- +--- 2194,2200 ---- } /* VARARGS2 */ @@ -354,7 +344,7 @@ if (!dolreplies) *************** *** 2144,2160 **** ---- 2220,2239 ---- +--- 2210,2229 ---- } #endif @@ -377,7 +367,7 @@ char *cp; *************** *** 2164,2169 **** ---- 2243,2249 ---- +--- 2233,2239 ---- reply(500, "'%s': command not understood.", cbuf); } @@ -387,7 +377,7 @@ struct stat st; *************** *** 2208,2213 **** ---- 2288,2294 ---- +--- 2278,2284 ---- ack("DELE"); } @@ -397,7 +387,7 @@ struct aclmember *entry = NULL; *************** *** 2248,2253 **** ---- 2329,2335 ---- +--- 2319,2325 ---- } } @@ -416,7 +406,7 @@ int valid = 0; /* ---- 2356,2365 ---- +--- 2346,2355 ---- reply(257, "MKD command successful."); } @@ -429,7 +419,7 @@ /* *************** *** 2298,2303 **** ---- 2381,2387 ---- +--- 2371,2377 ---- ack("RMD"); } @@ -446,7 +436,7 @@ else reply(257, "\"%s\" is current directory.", path); } ---- 2396,2403 ---- +--- 2386,2393 ---- #else if (getwd(path) == (char *) NULL) #endif @@ -457,7 +447,7 @@ } *************** *** 2342,2347 **** ---- 2427,2433 ---- +--- 2417,2423 ---- return (name); } @@ -467,7 +457,7 @@ *************** *** 2357,2362 **** ---- 2443,2449 ---- +--- 2433,2439 ---- ack("RNTO"); } @@ -477,7 +467,7 @@ struct hostent *hp; *************** *** 2412,2417 **** ---- 2499,2505 ---- +--- 2489,2495 ---- } /* Record logout in wtmp file and exit with supplied status. */ @@ -487,7 +477,7 @@ if (logged_in) { *************** *** 2459,2464 **** ---- 2547,2553 ---- +--- 2537,2543 ---- * PASV command in RFC959. However, it has been blessed as a legitimate * response by Jon Postel in a telephone conversation with Rick Adams on 25 * Jan 89. */ @@ -497,7 +487,7 @@ int len; *************** *** 2530,2535 **** ---- 2619,2625 ---- +--- 2609,2615 ---- } /* Format and send reply containing system error number. */ @@ -507,7 +497,7 @@ reply(code, "%s: %s.", string, strerror(errno)); *************** *** 2538,2543 **** ---- 2628,2634 ---- +--- 2618,2624 ---- static char *onefile[] = {"", 0}; |