kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/mail/poppassd/files/patch-ab
Sergey Matveychuk e5330e2b9f Fix build on 5.x 
PR:		ports/70991
Submitted by:	maintainer
2004-08-26 17:11:08 +00:00

530 lines
15 KiB
Text
Raw Blame History

--- poppassd.c.orig Thu Aug 26 23:51:33 2004
+++ poppassd.c Thu Aug 26 23:53:03 2004
@@ -13,11 +13,11 @@
*
* Doesn't actually change any passwords itself. It simply listens for
* incoming requests, gathers the required information (user name, old
- * password, new password) and executes /bin/passwd, talking to it over
+ * password, new password) and executes /usr/bin/passwd, talking to it over
* a pseudo-terminal pair. The advantage of this is that we don't need
* to have any knowledge of either the password file format (which may
* include dbx files that need to be rebuilt) or of any file locking
- * protocol /bin/passwd and cohorts may use (and which isn't documented).
+ * protocol /usr/bin/passwd and cohorts may use (and which isn't documented).
*
* The current version has been tested at NU under SunOS release 4.1.2
* and 4.1.3, and under HP-UX 8.02 and 9.01. We have tested the server
@@ -29,7 +29,7 @@
* Note that unencrypted passwords are transmitted over the network. If
* this bothers you, think hard about whether you want to implement the
* password changing feature. On the other hand, it's no worse than what
- * happens when you run /bin/passwd while connected via telnet or rlogin.
+ * happens when you run /usr/bin/passwd while connected via telnet or rlogin.
* Well, maybe it is, since the use of a dedicated port makes it slightly
* easier for a network snooper to snarf passwords off the wire.
*
@@ -44,10 +44,10 @@
*
* The front-end code (which talks to the client) is directly
* descended from Leavitt's original version. The back-end pseudo-tty stuff
- * (which talks to /bin/password) is directly descended from Smith's
+ * (which talks to /usr/bin/password) is directly descended from Smith's
* version, with changes for SunOS and HP-UX by Norstad (with help from
* sample code in "Advanced Programming in the UNIX Environment"
- * by W. Richard Stevens). The code to report /bin/passwd error messages
+ * by W. Richard Stevens). The code to report /usr/bin/passwd error messages
* back to the client in the final 500 response, and a new version of the
* code to find the next free pty, is by Norstad.
*
@@ -125,12 +125,23 @@
#include <ctype.h>
#include <strings.h>
#include <errno.h>
-#include <varargs.h>
+#include <stdarg.h>
#include <pwd.h>
#include <string.h>
#include <termios.h>
#include <dirent.h>
+#include <libutil.h>
+/* prototypes to keep modern compilers happy */
+void ReadFromClient (char *line);
+void WriteToClient (char *fmt, ...);
+int chkPass (char *user, char *pass, struct passwd *pw);
+int dochild (int master, char *slavedev, char *user);
+int expect (int master, char **expected, char *buf);
+void getemess (int master, char **expected, char *buf);
+int match (char *str, char *pat);
+int talktochild (int master, char *user, char *oldpass, char *newpass, char *emess);
+void writestring (int fd, char *s);
/* Prompt strings expected from the "passwd" command. If you want
* to port this program to yet another flavor of UNIX, you may need to add
@@ -145,8 +156,11 @@
static char *P1[] =
{"Old password:",
"Changing password for *.\nOld password:",
+ "Changing local password for *.\nOld password:",
+ "Changing local password for *\nOld Password:",
"Changing password for * on *.\nOld password:",
"Changing NIS password for * on *.\nOld password:",
+ "Changing NIS password for *\nOld Password:",
"Changing password for *\n*'s Old password:",
""};
@@ -165,13 +179,14 @@
static char *P4[] =
{"\n",
+ "\npasswd: rebuilding the database...\npasswd: done\n",
+ "\npasswd: updating the database...\npasswd: done\n",
"NIS entry changed on *\n",
+ "\n\nNIS password has been changed on *.\n",
""};
-main (argc, argv)
-int argc;
-char *argv[];
+int main (int argc, char *argv[])
{
char line[BUFSIZE];
char user[BUFSIZE];
@@ -180,17 +195,14 @@
char emess[BUFSIZE];
char *slavedev;
struct passwd *pw, *getpwnam();
+ struct termios stermios;
int c, master;
pid_t pid, wpid;
int wstat;
*user = *oldpass = *newpass = 0;
- if (openlog ("poppassd", LOG_PID, LOG_LOCAL2) < 0)
- {
- WriteToClient ("500 Can't open syslog.");
- exit (1);
- }
+ openlog ("poppassd", LOG_PID, LOG_LOCAL2);
WriteToClient ("200 poppassd v%s hello, who are you?", VERSION);
ReadFromClient (line);
@@ -212,12 +224,16 @@
if ((pw = getpwnam (user)) == NULL)
{
- WriteToClient ("500 Unknown user, %s.", user);
+ syslog (LOG_ERR, "Unknown user, %s", user);
+ sleep (5);
+ WriteToClient ("500 Old password is incorrect.");
exit(1);
}
if (chkPass (user, oldpass, pw) == FAILURE)
{
+ syslog (LOG_ERR, "Incorrect password from %s", user);
+ sleep (5);
WriteToClient ("500 Old password is incorrect.");
exit(1);
}
@@ -232,215 +248,118 @@
WriteToClient ("500 New password required.");
exit(1);
}
- /* get pty to talk to password program */
- if ((master = findpty (&slavedev)) < 0)
- {
- syslog (LOG_ERR, "can't find pty");
- WriteToClient("500 Server busy - try again later.");
- exit (1);
- }
-
- /* fork child process to talk to password program */
- if ((pid = fork()) < 0) /* Error, can't fork */
- {
- syslog (LOG_ERR, "can't fork for passwd: %m");
- WriteToClient ("500 Server error (can't fork passwd), get help!");
- exit (1);
- }
- if (pid) /* Parent */
- {
- sleep (1); /* Make sure child is ready. Is this really needed? */
- if (talktochild (master, user, oldpass, newpass, emess) == FAILURE)
- {
- syslog (LOG_ERR, "failed attempt by %s", user);
- if (*emess == '\0') {
- WriteToClient ("500 Unable to change password." );
- } else {
- WriteToClient ("500 %s", emess);
- }
- exit(1);
- }
-
- if ((wpid = waitpid (pid, &wstat, 0)) < 0)
- {
- syslog (LOG_ERR, "wait for /bin/passwd child failed: %m");
- WriteToClient ("500 Server error (wait failed), get help!");
- exit (1);
- }
-
- if (pid != wpid)
- {
- syslog (LOG_ERR, "wrong child (/bin/passwd waited for!");
- WriteToClient ("500 Server error (wrong child), get help!");
- exit (1);
- }
-
- if (WIFEXITED (wstat) == 0)
- {
- syslog (LOG_ERR, "child (/bin/passwd) killed?");
- WriteToClient ("500 Server error (funny wstat), get help!");
- exit (1);
- }
-
- if (WEXITSTATUS (wstat) != 0)
- {
- syslog (LOG_ERR, "child (/bin/passwd) exited abnormally");
- WriteToClient ("500 Server error (abnormal exit), get help!");
- exit (1);
- }
-
- syslog (LOG_ERR, "password changed for %s", user);
- WriteToClient ("200 Password changed, thank-you.");
-
- ReadFromClient (line);
- if (strncmp(line, "quit", 4) != 0) {
- WriteToClient("500 Quit required.");
+ /* we need a pty to run passwd on but we have to make sure it is set up
+ as we like it - no echo, canonical input processing, no map NL to CR/NL
+ on outputs - otherwise our expect function will be confused */
+ (void)memset((void *)&stermios, 0, sizeof(stermios));
+ stermios.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
+ stermios.c_lflag |= ICANON;
+ stermios.c_oflag &= ~(ONLCR);
+
+ /* get a pty and fork */
+ switch(pid = forkpty(&master, NULL, &stermios, NULL)) {
+ case -1:
+ /* failure - can't get pty, can't fork etc */
+ WriteToClient("500 Server Error - Contact Your Administrator");
+ exit(1);
+ break;
+ case 0:
+ /* slave/child */
+ /* Set login name */
+ if (setlogin(user) < 0) {
+ syslog(LOG_ERR, "setlogin failed: %m");
+ WriteToClient("500 Server Error - Contact Your Administrator");
+ return(0);
+ }
+ setuid (pw->pw_uid);
+ setgid (pw->pw_gid);
+ dochild (master, NULL, user);
+ break;
+ default:
+ /* master/parent */
+ sleep (1); /* Make sure child is ready. Is this really needed? */
+ if (talktochild (master, user, oldpass, newpass, emess) == FAILURE)
+ {
+ syslog (LOG_ERR, "failed attempt by %s", user);
+ if (*emess == '\0') {
+ WriteToClient ("500 Unable to change password." );
+ } else {
+ WriteToClient ("500 %s", emess);
+ }
+ exit(1);
+ }
+
+ break;
+ }
+
+ if ((wpid = waitpid (pid, &wstat, 0)) < 0)
+ {
+ syslog (LOG_ERR, "wait for /usr/bin/passwd child failed: %m");
+ WriteToClient ("500 Server error (wait failed), get help!");
+ exit (1);
+ }
+
+ if (pid != wpid)
+ {
+ syslog (LOG_ERR, "wrong child (/usr/bin/passwd) waited for!");
+ WriteToClient ("500 Server error (wrong child), get help!");
+ exit (1);
+ }
+
+ if (WIFEXITED (wstat) == 0)
+ {
+ syslog (LOG_ERR, "child (/usr/bin/passwd) killed?");
+ WriteToClient ("500 Server error (funny wstat), get help!");
+ exit (1);
+ }
+
+ if (WEXITSTATUS (wstat) != 0)
+ {
+ syslog (LOG_ERR, "child (/usr/bin/passwd) exited abnormally");
+ WriteToClient ("500 Server error (abnormal exit), get help!");
+ exit (1);
+ }
+
+ syslog (LOG_ERR, "password changed for %s", user);
+ WriteToClient ("200 Password changed, thank-you.");
+
+ ReadFromClient (line);
+ if (strncmp(line, "quit", 4) != 0) {
+ WriteToClient("500 Quit required.");
exit (1);
- }
+ }
- WriteToClient("200 Bye.");
- exit (0);
- }
- else /* Child */
- {
- /*
- * Become the user trying who's password is being changed. We're
- * about to exec /bin/passwd with is setuid root anyway, but this
- * way it looks to the child completely like it's being run by
- * the normal user, which makes it do its own password verification
- * before doing any thing. In theory, we've already verified the
- * password, but this extra level of checking doesn't hurt. Besides,
- * the way I do it here, if somebody manages to change somebody
- * else's password, you can complain to your vendor about security
- * holes, not to me!
- */
- setuid (pw->pw_uid);
- setgid (pw->pw_gid);
- dochild (master, slavedev, user);
- }
+ WriteToClient("200 Bye.");
+ exit (0);
}
/*
* dochild
*
- * Do child stuff - set up slave pty and execl /bin/passwd.
+ * Do child stuff - set up slave pty and execl /usr/bin/passwd.
*
* Code adapted from "Advanced Programming in the UNIX Environment"
* by W. Richard Stevens.
*
*/
-dochild (master, slavedev, user)
-int master;
-char *slavedev, *user;
+int dochild (int master, char *slavedev, char *user)
{
- int slave;
- struct termios stermios;
+ /* Fork /usr/bin/passwd. */
- /* Start new session - gets rid of controlling terminal. */
-
- if (setsid() < 0) {
- syslog(LOG_ERR, "setsid failed: %m");
- return(0);
- }
-
- /* Open slave pty and acquire as new controlling terminal. */
-
- if ((slave = open(slavedev, O_RDWR)) < 0) {
- syslog(LOG_ERR, "can't open slave pty: %m");
- return(0);
- }
-
- /* Close master. */
-
- close(master);
-
- /* Make slave stdin/out/err of child. */
-
- if (dup2(slave, STDIN_FILENO) != STDIN_FILENO) {
- syslog(LOG_ERR, "dup2 error to stdin: %m");
- return(0);
- }
- if (dup2(slave, STDOUT_FILENO) != STDOUT_FILENO) {
- syslog(LOG_ERR, "dup2 error to stdout: %m");
- return(0);
- }
- if (dup2(slave, STDERR_FILENO) != STDERR_FILENO) {
- syslog(LOG_ERR, "dup2 error to stderr: %m");
- return(0);
- }
- if (slave > 2) close(slave);
-
- /* Set proper terminal attributes - no echo, canonical input processing,
- no map NL to CR/NL on output. */
-
- if (tcgetattr(0, &stermios) < 0) {
- syslog(LOG_ERR, "tcgetattr error: %m");
- return(0);
- }
- stermios.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
- stermios.c_lflag |= ICANON;
- stermios.c_oflag &= ~(ONLCR);
- if (tcsetattr(0, TCSANOW, &stermios) < 0) {
- syslog(LOG_ERR, "tcsetattr error: %m");
- return(0);
- }
-
- /* Fork /bin/passwd. */
-
- if (execl("/bin/passwd", "passwd", user, (char*)0) < 0) {
- syslog(LOG_ERR, "can't exec /bin/passwd: %m");
+ if (execl("/usr/bin/passwd", "passwd", user, (char*)0) < 0) {
+ syslog(LOG_ERR, "can't exec /usr/bin/passwd: %m");
return(0);
}
}
-
-/*
- * findpty()
- *
- * Finds the first available pseudo-terminal master/slave pair. The master
- * side is opened and a fd returned as the function value. A pointer to the
- * name of the slave side (i.e. "/dev/ttyp0") is returned in the argument,
- * which should be a char**. The name itself is stored in a static buffer.
- *
- * A negative value is returned on any sort of error.
- *
- * Modified by Norstad to remove assumptions about number of pty's allocated
- * on this UNIX box.
- */
-findpty (slave)
-char **slave;
-{
- int master;
- static char *line = "/dev/ptyXX";
- DIR *dirp;
- struct dirent *dp;
-
- dirp = opendir("/dev");
- while ((dp = readdir(dirp)) != NULL) {
- if (strncmp(dp->d_name, "pty", 3) == 0 && strlen(dp->d_name) == 5) {
- line[8] = dp->d_name[3];
- line[9] = dp->d_name[4];
- if ((master = open(line, O_RDWR)) >= 0) {
- line[5] = 't';
- *slave = line;
- closedir(dirp);
- return (master);
- }
- }
- }
- closedir(dirp);
- return (-1);
-}
-
/*
* writestring()
*
* Write a string in a single write() system call.
*/
-writestring (fd, s)
-char *s;
+void writestring (int fd, char *s)
{
int l;
@@ -458,9 +377,7 @@
* FAILURE if any errors are encountered (in which case, it can be assumed
* that the password wasn't changed).
*/
-talktochild (master, user, oldpass, newpass, emess)
-int master;
-char *user, *oldpass, *newpass, *emess;
+int talktochild (int master, char *user, char *oldpass, char *newpass, char *emess)
{
char buf[BUFSIZE];
char pswd[BUFSIZE+1];
@@ -485,9 +402,11 @@
}
writestring(master, pswd);
-
+ sleep(2);
if (!expect(master, P4, buf)) return FAILURE;
+ close(master);
+
return SUCCESS;
}
@@ -507,9 +426,7 @@
* the pattern.
* 2 if the string matches the full pattern.
*/
-match (str, pat)
-char *str;
-char *pat;
+int match (char *str, char *pat)
{
int result;
@@ -542,10 +459,7 @@
* is not an initial segment of or exact match for at least one of
* the expected strings, the function returns FAILURE.
*/
-expect (master, expected, buf)
-int master;
-char **expected;
-char *buf;
+int expect (int master, char **expected, char *buf)
{
int n, m;
char **s;
@@ -596,10 +510,7 @@
* returning just the error message text. Newlines in the error message
* text are replaced by spaces.
*/
-getemess (master, expected, buf)
-int master;
-char **expected;
-char *buf;
+void getemess (int master, char **expected, char *buf)
{
int n, m;
char **s;
@@ -630,21 +541,18 @@
}
}
-WriteToClient (fmt, va_alist)
-char *fmt;
-va_dcl
+void WriteToClient (char *fmt, ...)
{
va_list ap;
- va_start (ap);
+ va_start (ap, fmt);
vfprintf (stdout, fmt, ap);
fputs ("\r\n", stdout );
fflush (stdout);
va_end (ap);
}
-ReadFromClient (line)
-char *line;
+void ReadFromClient (char *line)
{
char *sp;
int i;
@@ -659,10 +567,7 @@
for (sp = line; isalpha(*sp); sp++) *sp = tolower(*sp);
}
-int chkPass (user, pass, pw)
-char *user;
-char *pass;
-struct passwd *pw;
+int chkPass (char *user, char *pass, struct passwd *pw)
{
/* Compare the supplied password with the password file entry */
if (strcmp (crypt (pass, pw->pw_passwd), pw->pw_passwd) != 0)
Reference in a new issue View git blame Copy permalink