oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Full OTP support.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@979 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1996-11-16 17:52:53 +00:00
parent f902292bd3
commit fadac636c7
1 changed files with 138 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
appl/ftp/ftpd/ftpd.c
View File

@@ -130,10 +130,6 @@ RCSID("$Id$");
#include <kafs.h> #include <kafs.h>
#include "roken.h" #include "roken.h"
#if defined(SKEY)
#include <skey.h>
#endif
#include <otp.h> #include <otp.h>
void yyparse(); void yyparse();
@@ -183,8 +179,12 @@ char hostname[MaxHostNameLen];
char remotehost[MaxHostNameLen]; char remotehost[MaxHostNameLen];
static char ttyline[20]; static char ttyline[20];
/* Default level for security, 0 allow any kind of connection, 1 only /* Default level for security:
authorized and anonymous connections, 2 only authorized */ * 0 allow any kind of connection
* 1 only OTP, authorized and anonymous connections
* 2 only authorized and anonymous connections,
* 3 only authorized
*/
static int auth_level = 1; static int auth_level = 1;
/* /*
@@ -498,10 +498,6 @@ sgetpwnam(char *name)
static int login_attempts; /* number of failed login attempts */ static int login_attempts; /* number of failed login attempts */
static int askpasswd; /* had user command, ask for passwd */ static int askpasswd; /* had user command, ask for passwd */
static char curname[10]; /* current USER name */ static char curname[10]; /* current USER name */
#ifdef SKEY
static struct skey sk;
static int permit_passwd;
#endif /* SKEY */
OtpContext otp_ctx; OtpContext otp_ctx;
/* /*
@@ -580,24 +576,6 @@ user(char *name)
if(auth_ok()) if(auth_ok())
ct->userok(name); ct->userok(name);
else { else {
#if 0
#ifdef SKEY
char ss[256];
permit_passwd = skeyaccess(k_getpwnam (name), NULL,
remotehost, NULL);
if (skeychallenge (&sk, name, ss) == 0) {
reply (331, "Password [%s] for %s required.",
ss, name);
askpasswd = 1;
} else if (permit_passwd)
#endif
{
reply(331, "Password required for %s.", name);
askpasswd = 1;
}
#endif
char ss[256]; char ss[256];
if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) { if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) {
@@ -607,10 +585,15 @@ user(char *name)
} else if (auth_level == 0) { } else if (auth_level == 0) {
reply(331, "Password required for %s.", name); reply(331, "Password required for %s.", name);
askpasswd = 1; askpasswd = 1;
} else } else {
char *s;
if (s = otp_error (&otp_ctx))
lreply(530, "OTP: %s", s);
reply(530, reply(530,
"Only authorized, anonymous and OTP " "Only authorized, anonymous and OTP "
"login allowed."); "login allowed.");
}
} }
/* /*
@@ -761,20 +744,10 @@ pass(char *passwd)
return; return;
} }
askpasswd = 0; askpasswd = 0;
rval = 1;
if (!guest) { /* "ftp" is only account allowed no password */ if (!guest) { /* "ftp" is only account allowed no password */
if (pw == NULL) if (pw == NULL)
rval = 1; /* failure below */ rval = 1; /* failure below */
#if 0
#ifdef SKEY
if (skeyverify (&sk, passwd) == 0) {
rval = 0;
goto skip;
} else if(!permit_passwd) {
rval = 1;
goto skip;
}
#endif
#endif
else if (otp_verify_user (&otp_ctx, passwd) == 0) { else if (otp_verify_user (&otp_ctx, passwd) == 0) {
rval = 0; rval = 0;
} else if(auth_level == 0) { } else if(auth_level == 0) {
@@ -784,6 +757,11 @@ pass(char *passwd)
passwd, 1, NULL); passwd, 1, NULL);
if (rval != 0 ) if (rval != 0 )
rval = unix_verify_user(pw->pw_name, passwd); rval = unix_verify_user(pw->pw_name, passwd);
} else {
char *s;
if (s = otp_error(&otp_ctx))
lreply(530, "OTP: %s", s);
} }
memset (passwd, 0, strlen(passwd)); memset (passwd, 0, strlen(passwd));
@@ -1801,7 +1779,6 @@ gunique(char *local)
void void
perror_reply(int code, char *string) perror_reply(int code, char *string)
{ {
reply(code, "%s: %s.", string, strerror(errno)); reply(code, "%s: %s.", string, strerror(errno));
} }