1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
SKEY + pw_expire patches
*** pop_pass.c.orig Fri May 24 22:26:25 1996
--- pop_pass.c Tue Dec 10 23:52:23 1996
***************
*** 482,497 ****
POP * p;
struct passwd * pw;
{
/* We don't accept connections from users with null passwords */
/* Compare the supplied password with the password file entry */
! if ((pw->pw_passwd == NULL) || (*pw->pw_passwd == '\0') ||
! strcmp(crypt(p->pop_parm[1], pw->pw_passwd), pw->pw_passwd)) {
! sleep(SLEEP_SECONDS);
! return (pop_msg(p,POP_FAILURE, pwerrmsg, p->user));
}
return(POP_SUCCESS);
}
#endif /* AUTH */
--- 482,530 ----
POP * p;
struct passwd * pw;
{
+ #ifdef SKEY
+ int pass_ok;
+ #endif
+ #if defined(BSD) && (BSD >= 199306)
+ /* Check password change and expire times before granting access */
+ time_t now = time((time_t *) NULL);
+
+ if ((pw->pw_change && now > pw->pw_change) ||
+ (pw->pw_expire && now > pw->pw_expire))
+ goto error;
+ #endif
+
/* We don't accept connections from users with null passwords */
+ if ((pw->pw_passwd == NULL) || (*pw->pw_passwd == '\0'))
+ goto error;
+
/* Compare the supplied password with the password file entry */
+ #ifdef SKEY
+ pass_ok = skeyaccess(p->user, NULL, p->client, p->ipaddr);
+ if (strcmp(skey_crypt(p->pop_parm[1], pw->pw_passwd, pw, pass_ok),
+ pw->pw_passwd)) {
+ static char buf[128];
+ struct skey skey;
! if (skeychallenge(&skey, p->user, buf))
! goto error;
! if (pass_ok)
! sleep(SLEEP_SECONDS);
! return (pop_msg(p,POP_FAILURE,
! "\"%s\" %s%s, password is incorrect.",
! p->user, buf,
! pass_ok ? "" : " (required)"));
}
+ #else
+ if (strcmp(crypt(p->pop_parm[1], pw->pw_passwd), pw->pw_passwd))
+ goto error;
+ #endif
return(POP_SUCCESS);
+
+ error:
+ sleep(SLEEP_SECONDS);
+ return (pop_msg(p,POP_FAILURE, pwerrmsg, p->user));
}
#endif /* AUTH */
*** pop_user.c.orig Sat Mar 29 07:30:36 1997
--- pop_user.c Wed Apr 23 07:03:37 1997
***************
*** 163,168 ****
--- 163,180 ----
}
#endif /* APOP */
+ #ifdef SKEY
+ {
+ static char buf[128];
+ struct skey skey;
+
+ if (!skeychallenge(&skey, p->user, buf))
+ return(pop_msg(p,POP_SUCCESS,"%s%s", buf,
+ skeyaccess(p->user, NULL, p->client, p->ipaddr) ?
+ "" : " (required)"));
+ }
+ #endif
+
/* Tell the user that the password is required */
return (pop_msg(p,POP_SUCCESS,"Password required for %s.",p->user));
}
*** popper.h.orig Fri Jul 25 21:42:08 1997
--- popper.h Tue Oct 7 20:26:58 1997
***************
*** 25,37 ****
# include <net/errno.h>
#endif
! #ifdef HAVE_PARAM_H
#include <sys/param.h>
- # if (defined(BSD) && (BSD >= 199103))
- # define HAVE_UNISTD_H
- # define HAVE_VPRINTF
- # define BIND43
- # endif
#endif
#ifdef BSDI
--- 25,32 ----
# include <net/errno.h>
#endif
! #ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#ifdef BSDI
***************
*** 304,309 ****
--- 299,307 ----
extern AUTH_DAT kdata;
#endif /* KERBEROS */
+ #if defined(SKEY)
+ #include <skey.h>
+ #endif
#if defined(AUTHFILE)
extern int checkauthfile();
#endif
|