From 74f0d6362b462850ed69a24c0f9969ad43fe1cf0 Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Sat, 15 Jun 1996 09:46:58 +0000
Subject: [PATCH] Add S/Key support.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@585 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/ftp/ftpd/ftpd.c | 45 ++++++++++++++++++++++++++++----------------
 1 file changed, 29 insertions(+), 16 deletions(-)

diff --git a/appl/ftp/ftpd/ftpd.c b/appl/ftp/ftpd/ftpd.c
index e495fbfd4..c2b326d4c 100644
--- a/appl/ftp/ftpd/ftpd.c
+++ b/appl/ftp/ftpd/ftpd.c
@@ -89,7 +89,9 @@ RCSID("$Id$");
 #include <kafs.h>
 #include "roken.h"
 
-#undef SKEY
+#if defined(SKEY)
+#include <skey.h>
+#endif
 
 void yyparse();
 
@@ -485,6 +487,10 @@ sgetpwnam(char *name)
 static int login_attempts;	/* number of failed login attempts */
 static int askpasswd;		/* had user command, ask for passwd */
 static char curname[10];	/* current USER name */
+#ifdef SKEY
+static struct skey sk;
+static int permit_passwd;
+#endif /* SKEY */
 
 /*
  * USER command.
@@ -558,21 +564,26 @@ user(char *name)
 	}
 	if (logging)
 		strncpy(curname, name, sizeof(curname)-1);
+	if(auth_ok())
+		ct->userok(name);
+	else {
 #ifdef SKEY
-	if (!skey_haskey(name)) {
-		char *myskey, *skey_keyinfo (char *name);
+		char ss[256];
 
-		myskey = skey_keyinfo(name);
-		reply(331, "Password [%s] for %s required.",
-		    myskey ? myskey : "error getting challenge", name);
-	} else
+		permit_passwd = skeyaccess(k_getpwnam (name), NULL,
+					   remotehost, NULL);
+
+		if (skeychallenge (&sk, name, ss) == 0) {
+			reply (331, "Password [%s] for %s required.",
+			       ss, name);
+			askpasswd = 1;
+		} else if (permit_passwd)
 #endif
-	     if(auth_ok())
-		  ct->userok(name);
-	     else{
-		  reply(331, "Password required for %s.", name);
-		  askpasswd = 1;
-	     }
+		{
+			reply(331, "Password required for %s.", name);
+			askpasswd = 1;
+		}
+	}
 	/*
 	 * Delay before reading passwd after first failed
 	 * attempt to slow down passwd-guessing programs.
@@ -727,12 +738,14 @@ pass(char *passwd)
 		}
 		rval = klogin(pw->pw_name, passwd);
 		if (rval == 0)
-		    goto skip;
+			goto skip;
 #ifdef SKEY
-		if (skey_haskey(pw->pw_name) == 0 &&
-		   (skey_passcheck(pw->pw_name, passwd) != -1)) {
+		if (skeyverify (&sk, passwd) == 0) {
 			rval = 0;
 			goto skip;
+		} else if(!permit_passwd) {
+			rval = 1;
+			goto skip;
 		}
 #endif
 		/* the strcmp does not catch null passwords! */