aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid E. O'Brien <obrien@FreeBSD.org>2003-01-07 17:31:23 +0000
committerDavid E. O'Brien <obrien@FreeBSD.org>2003-01-07 17:31:23 +0000
commit259ebc0c95046302e870729dc1e84d1a3327e7aa (patch)
tree32fd3e6092ee0de9aa414cfd3969ce5227cee12e
parentd8116fff7982a23035333090020937cab8c5e4bf (diff)
downloadsrc-259ebc0c95046302e870729dc1e84d1a3327e7aa.tar.gz
src-259ebc0c95046302e870729dc1e84d1a3327e7aa.zip
Add support for OPIE and PAM.
Submitted by: mikeh (reworked by me)
Notes
Notes: svn path=/head/; revision=108886
-rw-r--r--contrib/lukemftpd/src/ftpd.c77
1 files changed, 77 insertions, 0 deletions
diff --git a/contrib/lukemftpd/src/ftpd.c b/contrib/lukemftpd/src/ftpd.c
index de19ccc4328e..a709c9c50b1b 100644
--- a/contrib/lukemftpd/src/ftpd.c
+++ b/contrib/lukemftpd/src/ftpd.c
@@ -112,6 +112,7 @@ static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95";
__RCSID("$NetBSD: ftpd.c,v 1.147 2002/11/29 14:40:00 lukem Exp $");
#endif
#endif /* not lint */
+__FBSDID("$FreeBSD$");
/*
* FTP server.
@@ -227,6 +228,21 @@ enum send_status {
SS_DATA_ERROR /* data send error */
};
+
+#ifdef USE_OPIE
+#include <opie.h>
+static struct opie opiedata;
+static char opieprompt[OPIE_CHALLENGE_MAX+1];
+static int pwok;
+#endif
+
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+pam_handle_t *pamh = NULL;
+#include "pamize.h"
+#endif
+
+
static int bind_pasv_addr(void);
static int checkuser(const char *, const char *, int, int, char **);
static int checkaccess(const char *);
@@ -745,6 +761,18 @@ user(const char *name)
curname);
} else
#endif
+
+#ifdef USE_OPIE
+ if (opiechallenge(&opiedata, (char *)curname, opieprompt) ==
+ 0) {
+ pwok = (pw != NULL) &&
+ opieaccessfile(remotehost) &&
+ opiealways(pw->pw_dir);
+ reply(331, "Response to %s %s for %s.",
+ opieprompt, pwok ? "requested" : "required",
+ curname);
+ } else
+#endif
reply(331, "Password required for %s.", curname);
}
@@ -987,6 +1015,9 @@ logout_utmp(void)
static void
end_login(void)
{
+#ifdef USE_PAM
+ int e;
+#endif
logout_utmp();
show_chdir_messages(-1); /* flush chdir cache */
if (pw != NULL && pw->pw_passwd != NULL)
@@ -999,11 +1030,23 @@ end_login(void)
gidcount = 0;
curclass.type = CLASS_REAL;
(void) seteuid((uid_t)0);
+#ifdef USE_PAM
+ if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
+ syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, e));
+ if ((e = pam_close_session(pamh,0)) != PAM_SUCCESS)
+ syslog(LOG_ERR, "pam_close_session: %s", pam_strerror(pamh, e));
+ if ((e = pam_end(pamh, e)) != PAM_SUCCESS)
+ syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
+ pamh = NULL;
+#endif
}
void
pass(const char *passwd)
{
+#ifdef USE_PAM
+ int e;
+#endif
int rval;
char root[MAXPATHLEN];
@@ -1044,6 +1087,27 @@ pass(const char *passwd)
}
}
#endif
+
+#ifdef USE_PAM
+ rval = auth_pam(&pw, passwd);
+ if (rval >= 0) {
+#ifdef USE_OPIE
+ opieunlock();
+#endif
+ goto skip;
+ }
+#endif
+#ifdef USE_OPIE
+ if (opieverify(&opiedata, (char *)passwd) == 0) {
+ /* OPIE says ok, check expire time */
+ if (pw->pw_expire && time(NULL) >= pw->pw_expire)
+ rval = 2;
+ else
+ rval = 0;
+ goto skip;
+ }
+#endif
+
if (!sflag)
rval = checkpassword(pw, passwd);
else
@@ -1095,6 +1159,19 @@ pass(const char *passwd)
/* cache groups for cmds.c::matchgroup() */
gidcount = getgroups(sizeof(gidlist), gidlist);
+#ifdef USE_PAM
+ if (pamh) {
+ if ((e = pam_open_session(pamh, 0)) != PAM_SUCCESS) {
+ syslog(LOG_ERR, "pam_open_session: %s",
+ pam_strerror(pamh, e));
+ } else if ((e = pam_setcred(pamh, PAM_ESTABLISH_CRED)) !=
+ PAM_SUCCESS) {
+ syslog(LOG_ERR, "pam_setcred: %s",
+ pam_strerror(pamh, e));
+ }
+ }
+#endif
+
/* open utmp/wtmp before chroot */
login_utmp(ttyline, pw->pw_name, remotehost);