From owner-freebsd-bugs Tue Aug 1 6:30: 8 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 1427637B531 for ; Tue, 1 Aug 2000 06:30:06 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id GAA20323; Tue, 1 Aug 2000 06:30:06 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Tue, 1 Aug 2000 06:30:06 -0700 (PDT) Message-Id: <200008011330.GAA20323@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Sheldon Hearn Subject: Re: misc/20333: ftp login fails on unix password when s/key active but not required Reply-To: Sheldon Hearn Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR misc/20333; it has been noted by GNATS. From: Sheldon Hearn To: pscott@the-frontier.org Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/20333: ftp login fails on unix password when s/key active but not required Date: Tue, 01 Aug 2000 15:21:51 +0200 On Mon, 31 Jul 2000 22:38:01 MST, pscott@the-frontier.org wrote: > If a userid has an s/key, but s/key is not required for login, ftp > should allow a unix password, but it does not; only the s/key password > works. You are correct. However, this appears to be the result of two problems. Firstly, ftpd relies on libpam, for which the pam_skey module doesn't appear to handle the return value of skeyaccess(3) correctly. And secondly, ftpd.c itself appears to make the same mistake. The first problem isn't trivial for me to fix. The second is. :-) The following patch to ftpd.c fixes this for the NOPAM case, but there's still breakage in the libpam skey module. You should be able to apply this patch to ftpd.c and then build ftpd with cd /usr/src/libexec/ftpd make -DNOPAM make install clean Ciao, Sheldon. PS: I run a pretty heavily modified ftpd, so you may need to apply the patch by hand. Certainly, the line numbers for the hunk are bogus. Index: ftpd.c =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.64 diff -u -d -r1.64 ftpd.c --- ftpd.c 2000/06/26 05:36:09 1.64 +++ ftpd.c 2000/08/01 12:54:47 @@ -1187,12 +1209,13 @@ if (rval >= 0) goto skip; #endif + rval = strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd)); #ifdef SKEY - rval = strcmp(skey_crypt(passwd, pw->pw_passwd, pw, pwok), - pw->pw_passwd); - pwok = 0; -#else - rval = strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd); + if (rval) { + rval = strcmp(pw->pw_passwd, + skey_crypt(passwd, pw->pw_passwd, pw, pwok)); + pwok = 0; + } #endif /* The strcmp does not catch null passwords! */ if (*pw->pw_passwd == '\0' || To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message