[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-280-g0c3f3
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-280-g0c3f38b |
|
Date: |
Thu, 02 May 2013 21:42:08 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via 0c3f38bbdabd5721bb2ccccce624a5592ababad5 (commit)
via 9e1ff87298b4626e59398a7b9c39ca1fb6eef124 (commit)
from 4aa58d1102e0b24a75420f906d87d5db42858118 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=0c3f38bbdabd5721bb2ccccce624a5592ababad5
commit 0c3f38bbdabd5721bb2ccccce624a5592ababad5
Author: Mats Erik Andersson <address@hidden>
Date: Wed May 1 23:37:47 2013 +0200
Small code clean-up.
diff --git a/ChangeLog b/ChangeLog
index a3e9272..4473fd4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2013-05-01 Mats Erik Andersson <address@hidden>
+
+ * libtelnet/enc_des.c: Convert K&R style declarations
+ to ISO C89. Do assignments before return statements.
+ (fb64_stream_iv, fb64_init, fb64_is, fb64_reply)
+ (fb64_stream_key, fb64_keyid): Declare as static.
+ (shishi_des_ecb_encrypt) [SHISHI]: Declare as static.
+ Declare all three string arguments using `unsigned char'.
+ When calling shishi_des(), cast third and sixth arguments
+ as `const char *'.
+ (fb64_start): Remove variable B. Change X to size_t.
+ (fb64_is): Remove B and X.
+ (fb64_reply): Remove B, P, and X.
+
2013-04-30 Mats Erik Andersson <address@hidden>
ftpd: Account expiration.
diff --git a/libtelnet/enc_des.c b/libtelnet/enc_des.c
index 695b532..614e7c9 100644
--- a/libtelnet/enc_des.c
+++ b/libtelnet/enc_des.c
@@ -73,8 +73,8 @@ extern int encrypt_debug_mode;
# define NO_RECV_IV 2
# define NO_KEYID 4
# define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID)
-# define SUCCESS 0
-# define FAILED -1
+# define SUCCESS 0
+# define FAILED -1
# include <string.h>
@@ -127,7 +127,7 @@ struct keyidlist
# define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2)))
-# define FB64_IV 1
+# define FB64_IV 1
# define FB64_IV_OK 2
# define FB64_IV_BAD 3
@@ -135,31 +135,31 @@ struct keyidlist
/* Callback from consumer. */
extern void printsub (char, unsigned char *, int);
-void fb64_stream_iv (Block, struct stinfo *);
-void fb64_init (struct fb *);
+static void fb64_stream_iv (Block, struct stinfo *);
+static void fb64_init (struct fb *);
static int fb64_start (struct fb *, int, int);
-int fb64_is (unsigned char *, int, struct fb *);
-int fb64_reply (unsigned char *, int, struct fb *);
+static int fb64_is (unsigned char *, int, struct fb *);
+static int fb64_reply (unsigned char *, int, struct fb *);
static void fb64_session (Session_Key *, int, struct fb *);
-void fb64_stream_key (Block, struct stinfo *);
-int fb64_keyid (int, unsigned char *, int *, struct fb *);
+static void fb64_stream_key (Block, struct stinfo *);
+static int fb64_keyid (int, unsigned char *, int *, struct fb *);
# ifdef SHISHI
-void
-shishi_des_ecb_encrypt (Shishi * h, const char key[8], const char *in,
- char *out)
+static void
+shishi_des_ecb_encrypt (Shishi * h, const unsigned char key[8],
+ const unsigned char *in, unsigned char *out)
{
char *tmp;
- shishi_des (h, 0, key, NULL, NULL, in, 8, &tmp);
+ shishi_des (h, 0, (const char *) key, NULL, NULL,
+ (const char *) in, 8, &tmp);
memcpy (out, tmp, 8);
free (tmp);
}
# endif
void
-cfb64_init (server)
- int server;
+cfb64_init (int server)
{
fb64_init (&fb[CFB]);
fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
@@ -169,8 +169,7 @@ cfb64_init (server)
# ifdef ENCTYPE_DES_OFB64
void
-ofb64_init (server)
- int server;
+ofb64_init (int server)
{
fb64_init (&fb[OFB]);
fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
@@ -179,9 +178,8 @@ ofb64_init (server)
}
# endif /* ENCTYPE_DES_OFB64 */
-void
-fb64_init (fbp)
- register struct fb *fbp;
+static void
+fb64_init (register struct fb *fbp)
{
memset ((void *) fbp, 0, sizeof (*fbp));
fbp->state[0] = fbp->state[1] = FAILED;
@@ -200,31 +198,23 @@ fb64_init (fbp)
* Kerberos) have to happen before we can continue.
*/
int
-cfb64_start (dir, server)
- int dir;
- int server;
+cfb64_start (int dir, int server)
{
return (fb64_start (&fb[CFB], dir, server));
}
# ifdef ENCTYPE_DES_OFB64
int
-ofb64_start (dir, server)
- int dir;
- int server;
+ofb64_start (int dir, int server)
{
return (fb64_start (&fb[OFB], dir, server));
}
# endif /* ENCTYPE_DES_OFB64 */
static int
-fb64_start (fbp, dir, server)
- struct fb *fbp;
- int dir;
- int server;
+fb64_start (struct fb *fbp, int dir, int server)
{
- Block b;
- int x;
+ size_t x;
unsigned char *p;
register int state;
@@ -285,7 +275,10 @@ fb64_start (fbp, dir, server)
default:
return (FAILED);
}
- return (fbp->state[dir - 1] = state);
+
+ fbp->state[dir - 1] = state;
+
+ return (state);
}
/*
@@ -295,32 +288,23 @@ fb64_start (fbp, dir, server)
* 1: successful, negotiation not done yet.
*/
int
-cfb64_is (data, cnt)
- unsigned char *data;
- int cnt;
+cfb64_is (unsigned char *data, int cnt)
{
return (fb64_is (data, cnt, &fb[CFB]));
}
# ifdef ENCTYPE_DES_OFB64
int
-ofb64_is (data, cnt)
- unsigned char *data;
- int cnt;
+ofb64_is (unsigned char *data, int cnt)
{
return (fb64_is (data, cnt, &fb[OFB]));
}
# endif /* ENCTYPE_DES_OFB64 */
-int
-fb64_is (data, cnt, fbp)
- unsigned char *data;
- int cnt;
- struct fb *fbp;
+static int
+fb64_is (unsigned char *data, int cnt, struct fb *fbp)
{
- int x;
unsigned char *p;
- Block b;
register int state = fbp->state[DIR_DECRYPT - 1];
if (cnt-- < 1)
@@ -382,7 +366,10 @@ fb64_is (data, cnt, fbp)
break;
}
- return (fbp->state[DIR_DECRYPT - 1] = state);
+
+ fbp->state[DIR_DECRYPT - 1] = state;
+
+ return (state);
}
/*
@@ -392,33 +379,23 @@ fb64_is (data, cnt, fbp)
* 1: successful, negotiation not done yet.
*/
int
-cfb64_reply (data, cnt)
- unsigned char *data;
- int cnt;
+cfb64_reply (unsigned char *data, int cnt)
{
return (fb64_reply (data, cnt, &fb[CFB]));
}
# ifdef ENCTYPE_DES_OFB64
int
-ofb64_reply (data, cnt)
- unsigned char *data;
- int cnt;
+ofb64_reply (unsigned char *data, int cnt)
{
return (fb64_reply (data, cnt, &fb[OFB]));
}
# endif /* ENCTYPE_DES_OFB64 */
-int
-fb64_reply (data, cnt, fbp)
- unsigned char *data;
- int cnt;
- struct fb *fbp;
+static int
+fb64_reply (unsigned char *data, int cnt, struct fb *fbp)
{
- int x;
- unsigned char *p;
- Block b;
register int state = fbp->state[DIR_ENCRYPT - 1];
if (cnt-- < 1)
@@ -452,32 +429,28 @@ fb64_reply (data, cnt, fbp)
state = FAILED;
break;
}
- return (fbp->state[DIR_ENCRYPT - 1] = state);
+
+ fbp->state[DIR_ENCRYPT - 1] = state;
+
+ return (state);
}
void
-cfb64_session (key, server)
- Session_Key *key;
- int server;
+cfb64_session (Session_Key *key, int server)
{
fb64_session (key, server, &fb[CFB]);
}
# ifdef ENCTYPE_DES_OFB64
void
-ofb64_session (key, server)
- Session_Key *key;
- int server;
+ofb64_session (Session_Key *key, int server)
{
fb64_session (key, server, &fb[OFB]);
}
# endif /* ENCTYPE_DES_OFB64 */
static void
-fb64_session (key, server, fbp)
- Session_Key *key;
- int server;
- struct fb *fbp;
+fb64_session (Session_Key *key, int server, struct fb *fbp)
{
if (!key || key->type != SK_DES)
@@ -486,8 +459,9 @@ fb64_session (key, server, fbp)
if (encrypt_debug_mode)
printf ("Can't set krbdes's session key (%d != %d)\r\n",
key ? key->type : -1, SK_DES);
- return;
+ return; /* XXX: Causes a segfault. */
}
+
memmove ((void *) fbp->krbdes_key, (void *) key->data, sizeof (Block));
fb64_stream_key (fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT - 1]);
@@ -504,8 +478,8 @@ fb64_session (key, server, fbp)
des_key_sched (fbp->krbdes_key, fbp->krbdes_sched);
# endif
/*
- * Now look to see if krbdes_start() was was waiting for
- * the key to show up. If so, go ahead an call it now
+ * Now look to see if krbdes_start() was waiting for
+ * the key to show up. If so, go ahead and call it now
* that we have the key.
*/
if (fbp->need_start)
@@ -520,28 +494,21 @@ fb64_session (key, server, fbp)
* 0, then mark the state as SUCCESS.
*/
int
-cfb64_keyid (dir, kp, lenp)
- int dir, *lenp;
- unsigned char *kp;
+cfb64_keyid (int dir, unsigned char *kp, int *lenp)
{
return (fb64_keyid (dir, kp, lenp, &fb[CFB]));
}
# ifdef ENCTYPE_DES_OFB64
int
-ofb64_keyid (dir, kp, lenp)
- int dir, *lenp;
- unsigned char *kp;
+ofb64_keyid (int dir, unsigned char *kp, int *lenp)
{
return (fb64_keyid (dir, kp, lenp, &fb[OFB]));
}
# endif /* ENCTYPE_DES_OFB64 */
-int
-fb64_keyid (dir, kp, lenp, fbp)
- int dir, *lenp;
- unsigned char *kp;
- struct fb *fbp;
+static int
+fb64_keyid (int dir, unsigned char *kp, int *lenp, struct fb *fbp)
{
register int state = fbp->state[dir - 1];
@@ -556,13 +523,15 @@ fb64_keyid (dir, kp, lenp, fbp)
state &= ~NO_KEYID;
- return (fbp->state[dir - 1] = state);
+ fbp->state[dir - 1] = state;
+
+ return (state);
}
-void
-fb64_printsub (data, cnt, buf, buflen, type)
- unsigned char *data, *buf, *type;
- int cnt, buflen;
+static void
+fb64_printsub (unsigned char *data, int cnt,
+ unsigned char *buf, int buflen,
+ const char *type)
{
char lbuf[32];
register int i;
@@ -605,27 +574,23 @@ fb64_printsub (data, cnt, buf, buflen, type)
}
void
-cfb64_printsub (data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
+cfb64_printsub (unsigned char *data, int cnt,
+ unsigned char *buf, int buflen)
{
fb64_printsub (data, cnt, buf, buflen, "CFB64");
}
# ifdef ENCTYPE_DES_OFB64
void
-ofb64_printsub (data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
+ofb64_printsub (unsigned char *data, int cnt,
+ unsigned char *buf, int buflen)
{
fb64_printsub (data, cnt, buf, buflen, "OFB64");
}
# endif /* ENCTYPE_DES_OFB64 */
-void
-fb64_stream_iv (seed, stp)
- Block seed;
- register struct stinfo *stp;
+static void
+fb64_stream_iv (Block seed, register struct stinfo *stp)
{
memmove ((void *) stp->str_iv, (void *) seed, sizeof (Block));
@@ -638,10 +603,8 @@ fb64_stream_iv (seed, stp)
stp->str_index = sizeof (Block);
}
-void
-fb64_stream_key (key, stp)
- Block key;
- register struct stinfo *stp;
+static void
+fb64_stream_key (Block key, register struct stinfo *stp)
{
memmove ((void *) stp->str_ikey, (void *) key, sizeof (Block));
# ifndef SHISHI
@@ -675,9 +638,7 @@ fb64_stream_key (key, stp)
*/
void
-cfb64_encrypt (s, c)
- register unsigned char *s;
- int c;
+cfb64_encrypt (register unsigned char *s, int c)
{
register struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT - 1];
register int index;
@@ -707,8 +668,7 @@ cfb64_encrypt (s, c)
}
int
-cfb64_decrypt (data)
- int data;
+cfb64_decrypt (int data)
{
register struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT - 1];
int index;
@@ -742,6 +702,7 @@ cfb64_decrypt (data)
/* On decryption we store (data) which is cypher. */
stp->str_output[index] = data;
+
return (data ^ stp->str_feed[index]);
}
@@ -766,9 +727,7 @@ cfb64_decrypt (data)
*/
# ifdef ENCTYPE_DES_OFB64
void
-ofb64_encrypt (s, c)
- register unsigned char *s;
- int c;
+ofb64_encrypt (register unsigned char *s, int c)
{
register struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT - 1];
register int index;
@@ -795,8 +754,7 @@ ofb64_encrypt (s, c)
}
int
-ofb64_decrypt (data)
- int data;
+ofb64_decrypt (int data)
{
register struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT - 1];
int index;
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9e1ff87298b4626e59398a7b9c39ca1fb6eef124
commit 9e1ff87298b4626e59398a7b9c39ca1fb6eef124
Author: Mats Erik Andersson <address@hidden>
Date: Tue Apr 30 23:58:17 2013 +0200
ftpd: Account expiration.
diff --git a/ChangeLog b/ChangeLog
index 0665618..a3e9272 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,25 @@
+2013-04-30 Mats Erik Andersson <address@hidden>
+
+ ftpd: Account expiration.
+ Better explanation, make it work also for BSD.
+
+ * configure.ac (HAVE_STRUCT_PASSWD_PW_EXPIRE)
+ (HAVE_STRUCT_PASSWD_PW_CHANGE): Check if `struct passwd'
+ has members pw_expire and pw_change.
+
+ * ftpd/extern.h (struct credentials): New member `expired'.
+ (AUTH_EXPIRED_NOT, AUTH_EXPIRED_ACCT, AUTH_EXPIRED_PASS):
+ New macros.
+ * ftpd/ftpd.c (pass) <failed authentication>:
+ If `cred.message' is empty, check `cred.expired' for
+ further reasons of failure.
+ * ftpd/auth.c (auth_user): Reset `pcred->expired'.
+ (sgetcred): [HAVE_GETSPNAM && HAVE_SHADOW_H]:
+ Separate account and password expiration into distinct
+ checks, updating `pcred->expired'. Use shadow password
+ only in absence of all expiration.
+ [HAVE_STRUCT_PASSWD_PW_EXPIRE]: New code block.
+
2013-04-26 Mats Erik Andersson <address@hidden>
rcp: Make encryption portable.
diff --git a/configure.ac b/configure.ac
index 9b49f4f..4fe029c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -653,6 +653,11 @@ IU_CHECK_MEMBERS([struct sockaddr_storage.ss_len], , ,
#include <sys/socket.h>
#include <netinet/in.h> ])
+IU_CHECK_MEMBERS([struct passwd.pw_expire, struct passwd.pw_change],
+ [], [],
+ [ #include <sys/types.h>
+ #include <pwd.h>])
+
if test "$ac_cv_header_utmp_h" = yes; then
AC_CHECK_TYPES(struct lastlog, , , [#include <utmp.h>])
IU_CHECK_MEMBERS([struct utmp.ut_type, struct utmp.ut_pid,
diff --git a/ftpd/auth.c b/ftpd/auth.c
index 8773a59..d7a55ef 100644
--- a/ftpd/auth.c
+++ b/ftpd/auth.c
@@ -50,6 +50,7 @@ auth_user (const char *name, struct credentials *pcred)
int err = 0; /* Never remove initialisation! */
pcred->guest = 0;
+ pcred->expired = AUTH_EXPIRED_NOT;
switch (pcred->auth_type)
{
@@ -223,19 +224,55 @@ sgetcred (const char *name, struct credentials *pcred)
long today;
now = time ((time_t *) 0);
today = now / (60 * 60 * 24);
- if ((spw->sp_expire > 0 && spw->sp_expire < today)
- || (spw->sp_max > 0 && spw->sp_lstchg > 0
- && (spw->sp_lstchg + spw->sp_max < today)))
+
+ if (spw->sp_expire > 0 && spw->sp_expire < today)
+ {
+ p->pw_passwd = NULL;
+ pcred->expired |= AUTH_EXPIRED_ACCT;
+ }
+ if (spw->sp_max > 0 && spw->sp_lstchg > 0
+ && (spw->sp_lstchg + spw->sp_max < today))
{
- /*reply (530, "Login expired."); */
p->pw_passwd = NULL;
+ pcred->expired |= AUTH_EXPIRED_PASS;
}
- else
+
+ if (pcred->expired == AUTH_EXPIRED_NOT)
p->pw_passwd = spw->sp_pwdp;
}
endspent ();
}
-#endif
+#elif defined HAVE_STRUCT_PASSWD_PW_EXPIRE /* !HAVE_SHADOW_H */
+ /* BSD systems provide pw_expire as epoch time,
+ * and the password is exposed in pw_passwd for
+ * a caller with euid 0.
+ *
+ * NetBSD allows -1 for 'pw_change', meaning that immediate
+ * change is required. Let us deny access in that case..
+ */
+ if (p->pw_expire > 0
+# ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
+ || p->pw_change
+# endif
+ )
+ {
+ time_t now = time ((time_t *) 0);
+
+ if (p->pw_expire > 0 && difftime (p->pw_expire, now) < 0)
+ {
+ p->pw_passwd = NULL;
+ pcred->expired |= AUTH_EXPIRED_ACCT;
+ }
+# ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
+ if (p->pw_change && difftime (p->pw_change, now) < 0)
+ {
+ p->pw_passwd = NULL;
+ pcred->expired |= AUTH_EXPIRED_PASS;
+ }
+# endif
+ }
+#endif /* !HAVE_STRUCT_PASSWD_PW_EXPIRE */
+
pcred->uid = p->pw_uid;
pcred->gid = p->pw_gid;
pcred->name = sgetsave (p->pw_name);
diff --git a/ftpd/extern.h b/ftpd/extern.h
index aa52530..a379fe7 100644
--- a/ftpd/extern.h
+++ b/ftpd/extern.h
@@ -140,6 +140,10 @@ struct credentials
int guest;
int dochroot;
int logged_in;
+#define AUTH_EXPIRED_NOT 0
+#define AUTH_EXPIRED_ACCT 1
+#define AUTH_EXPIRED_PASS 2
+ int expired;
#define AUTH_TYPE_PASSWD 0
#define AUTH_TYPE_PAM 1
#define AUTH_TYPE_KERBEROS 2
@@ -148,7 +152,10 @@ struct credentials
int auth_type;
};
+/* Exported from ftpd.c */
extern struct credentials cred;
+
+/* Exported from auth.c */
extern int sgetcred (const char *, struct credentials *);
extern int auth_user (const char *, struct credentials *);
extern int auth_pass (const char *, struct credentials *);
diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
index b333004..1a1eac0 100644
--- a/ftpd/ftpd.c
+++ b/ftpd/ftpd.c
@@ -854,7 +854,7 @@ end_login (struct credentials *pcred)
free (pcred->homedir);
free (pcred->rootdir);
free (pcred->shell);
- if (pcred->pass) /* ??? */
+ if (pcred->pass) /* Properly erase old password. */
{
memset (pcred->pass, 0, strlen (pcred->pass));
free (pcred->pass);
@@ -881,15 +881,20 @@ pass (const char *passwd)
/* Try to authenticate the user. Failed if != 0. */
if (auth_pass (passwd, &cred) != 0)
{
- /* Any particular reasons. */
+ /* Any particular reason? */
if (cred.message)
{
reply (530, "%s", cred.message);
free (cred.message);
cred.message = NULL;
}
+ else if (cred.expired & AUTH_EXPIRED_ACCT)
+ reply (530, "Account is expired.");
+ else if (cred.expired & AUTH_EXPIRED_PASS)
+ reply (530, "Password has expired.");
else
reply (530, "Login incorrect.");
+
if (logging)
syslog (LOG_NOTICE, "FTP LOGIN FAILED FROM %s, %s",
cred.remotehost, curname);
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 36 ++++++++++
configure.ac | 5 ++
ftpd/auth.c | 49 ++++++++++++--
ftpd/extern.h | 7 ++
ftpd/ftpd.c | 9 ++-
libtelnet/enc_des.c | 188 ++++++++++++++++++++-------------------------------
6 files changed, 171 insertions(+), 123 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-280-g0c3f38b,
Mats Erik Andersson <=