125 lines
3.2 KiB
Text
125 lines
3.2 KiB
Text
--- src/ftpd.c.orig 2010-05-27 01:19:29.000000000 +0400
|
|
+++ src/ftpd.c 2010-05-27 01:19:56.000000000 +0400
|
|
@@ -447,7 +447,6 @@
|
|
#ifdef OPIE
|
|
#include <opie.h>
|
|
int pwok = 0;
|
|
-int af_pwok = 0;
|
|
struct opie opiestate;
|
|
#endif
|
|
|
|
@@ -1219,10 +1218,6 @@
|
|
exit(0);
|
|
}
|
|
|
|
-#ifdef OPIE
|
|
- af_pwok = opieaccessfile(remotehost);
|
|
-#endif
|
|
-
|
|
#ifdef HAVE_LIBRESOLV
|
|
/* check permitted access based on remote host DNS information */
|
|
if (!check_reverse_dns()) {
|
|
@@ -1662,9 +1657,9 @@
|
|
/* Display s/key challenge where appropriate. */
|
|
|
|
if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
|
|
- sprintf(buf, "Password required for %s.", name);
|
|
+ snprintf(buf, sizeof(buf)-1, "Password required for %s.", name);
|
|
else
|
|
- sprintf(buf, "%s %s for %s.", sbuf,
|
|
+ snprintf(buf, sizeof(buf)-1, "%s %s for %s.", sbuf,
|
|
pwok ? "allowed" : "required", name);
|
|
return (buf);
|
|
}
|
|
@@ -2105,16 +2100,17 @@
|
|
#ifdef OPIE
|
|
{
|
|
char prompt[OPIE_CHALLENGE_MAX + 1];
|
|
- opiechallenge(&opiestate, name, prompt);
|
|
|
|
- if (askpasswd == -1) {
|
|
- syslog(LOG_WARNING, "Invalid FTP user name %s attempted from %s", name, remotehost);
|
|
- pwok = 0;
|
|
+ if (opiechallenge(&opiestate, name, prompt) == 0) {
|
|
+ pwok = (pw != NULL) &&
|
|
+ opieaccessfile(remotehost) &&
|
|
+ opiealways(pw->pw_dir);
|
|
+ reply(331, "Response to %s %s for %s.",
|
|
+ prompt, pwok ? "requested" : "required", name);
|
|
+ } else {
|
|
+ pwok = 1;
|
|
+ reply(331, "Password required for %s.", name);
|
|
}
|
|
- else
|
|
- pwok = af_pwok && opiealways(pw->pw_dir);
|
|
- reply(331, "Response to %s %s for %s.",
|
|
- prompt, pwok ? "requested" : "required", name);
|
|
}
|
|
#else
|
|
reply(331, "Password required for %s.", name);
|
|
@@ -2593,8 +2589,8 @@
|
|
if (pw == NULL)
|
|
salt = "xx";
|
|
else
|
|
-#ifndef OPIE
|
|
salt = pw->pw_passwd;
|
|
+#ifndef OPIE
|
|
#ifdef SECUREOSF
|
|
if ((pr = getprpwnam(pw->pw_name)) != NULL) {
|
|
if (pr->uflg.fg_newcrypt)
|
|
@@ -2627,9 +2623,15 @@
|
|
xpasswd = crypt(passwd, salt);
|
|
#endif /* SKEY */
|
|
#else /* OPIE */
|
|
- if (!opieverify(&opiestate, passwd))
|
|
- rval = 0;
|
|
- xpasswd = crypt(passwd, pw->pw_passwd);
|
|
+ if (pw != NULL) {
|
|
+ if (opieverify(&opiestate, passwd) == 0)
|
|
+ xpasswd = pw->pw_passwd;
|
|
+ else if (pwok)
|
|
+ xpasswd = crypt(passwd, salt);
|
|
+ else
|
|
+ pw = NULL;
|
|
+ }
|
|
+ pwok = 0;
|
|
#endif /* OPIE */
|
|
#ifdef ULTRIX_AUTH
|
|
if ((numfails = ultrix_check_pass(passwd, xpasswd)) >= 0) {
|
|
@@ -3189,7 +3191,7 @@
|
|
pw->pw_name, pw->pw_dir);
|
|
goto bad;
|
|
#else
|
|
- if (chdir("/") < 0) {
|
|
+ if (restricted_user || chdir("/") < 0) {
|
|
#ifdef VERBOSE_ERROR_LOGING
|
|
syslog(LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for %s, %s",
|
|
remoteident, pw->pw_name);
|
|
@@ -3508,7 +3510,7 @@
|
|
{
|
|
char *a;
|
|
a = (char *) malloc(len + 1);
|
|
- memset(a, ' ', len-1);
|
|
+ memset(a, ' ', len);
|
|
a[len] = 0;
|
|
if (strlen(s) <= len)
|
|
memcpy(a, s, strlen(s));
|
|
@@ -7469,6 +7471,8 @@
|
|
in++;
|
|
if (*in == '/')
|
|
in++;
|
|
+ else
|
|
+ out++;
|
|
}
|
|
else if ((in[0] == '.') && (in[1] == '.') && ((in[2] == '/') || (in[2] == '\0'))) {
|
|
if (out == path) {
|
|
@@ -7497,6 +7501,9 @@
|
|
}
|
|
else {
|
|
do
|
|
+ if ((in[0] == '*') && (in[1] == '*'))
|
|
+ in++;
|
|
+ else
|
|
*out++ = *in++;
|
|
while ((*in != '\0') && (*in != '/'));
|
|
if (*in == '/')
|