| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: ftpd.c,v 1.177 2006/09/26 06:47:20 lukem Exp $ */ | | 1 | /* $NetBSD: ftpd.c,v 1.177.2.1 2008/09/18 18:10:30 bouyer Exp $ */ |
2 | | | 2 | |
3 | /* | | 3 | /* |
4 | * Copyright (c) 1997-2004 The NetBSD Foundation, Inc. | | 4 | * Copyright (c) 1997-2004 The NetBSD Foundation, Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * This code is derived from software contributed to The NetBSD Foundation | | 7 | * This code is derived from software contributed to The NetBSD Foundation |
8 | * by Luke Mewburn. | | 8 | * by Luke Mewburn. |
9 | * | | 9 | * |
10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
12 | * are met: | | 12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -95,27 +95,27 @@ | | | @@ -95,27 +95,27 @@ |
95 | */ | | 95 | */ |
96 | | | 96 | |
97 | #include <sys/cdefs.h> | | 97 | #include <sys/cdefs.h> |
98 | #ifndef lint | | 98 | #ifndef lint |
99 | __COPYRIGHT( | | 99 | __COPYRIGHT( |
100 | "@(#) Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994\n\ | | 100 | "@(#) Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994\n\ |
101 | The Regents of the University of California. All rights reserved.\n"); | | 101 | The Regents of the University of California. All rights reserved.\n"); |
102 | #endif /* not lint */ | | 102 | #endif /* not lint */ |
103 | | | 103 | |
104 | #ifndef lint | | 104 | #ifndef lint |
105 | #if 0 | | 105 | #if 0 |
106 | static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95"; | | 106 | static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95"; |
107 | #else | | 107 | #else |
108 | __RCSID("$NetBSD: ftpd.c,v 1.177 2006/09/26 06:47:20 lukem Exp $"); | | 108 | __RCSID("$NetBSD: ftpd.c,v 1.177.2.1 2008/09/18 18:10:30 bouyer Exp $"); |
109 | #endif | | 109 | #endif |
110 | #endif /* not lint */ | | 110 | #endif /* not lint */ |
111 | | | 111 | |
112 | /* | | 112 | /* |
113 | * FTP server. | | 113 | * FTP server. |
114 | */ | | 114 | */ |
115 | #include <sys/param.h> | | 115 | #include <sys/param.h> |
116 | #include <sys/stat.h> | | 116 | #include <sys/stat.h> |
117 | #include <sys/ioctl.h> | | 117 | #include <sys/ioctl.h> |
118 | #include <sys/socket.h> | | 118 | #include <sys/socket.h> |
119 | #include <sys/wait.h> | | 119 | #include <sys/wait.h> |
120 | #include <sys/mman.h> | | 120 | #include <sys/mman.h> |
121 | #include <sys/resource.h> | | 121 | #include <sys/resource.h> |
| @@ -3728,26 +3728,37 @@ auth_pam(struct passwd **ppw, const char | | | @@ -3728,26 +3728,37 @@ auth_pam(struct passwd **ppw, const char |
3728 | } | | 3728 | } |
3729 | | | 3729 | |
3730 | e = pam_set_item(pamh, PAM_RHOST, remotehost); | | 3730 | e = pam_set_item(pamh, PAM_RHOST, remotehost); |
3731 | if (e != PAM_SUCCESS) { | | 3731 | if (e != PAM_SUCCESS) { |
3732 | syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s", | | 3732 | syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s", |
3733 | pam_strerror(pamh, e)); | | 3733 | pam_strerror(pamh, e)); |
3734 | if ((e = pam_end(pamh, e)) != PAM_SUCCESS) { | | 3734 | if ((e = pam_end(pamh, e)) != PAM_SUCCESS) { |
3735 | syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); | | 3735 | syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); |
3736 | } | | 3736 | } |
3737 | pamh = NULL; | | 3737 | pamh = NULL; |
3738 | return -1; | | 3738 | return -1; |
3739 | } | | 3739 | } |
3740 | | | 3740 | |
| | | 3741 | e = pam_set_item(pamh, PAM_SOCKADDR, &his_addr); |
| | | 3742 | if (e != PAM_SUCCESS) { |
| | | 3743 | syslog(LOG_ERR, "pam_set_item(PAM_SOCKADDR): %s", |
| | | 3744 | pam_strerror(pamh, e)); |
| | | 3745 | if ((e = pam_end(pamh, e)) != PAM_SUCCESS) { |
| | | 3746 | syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); |
| | | 3747 | } |
| | | 3748 | pamh = NULL; |
| | | 3749 | return -1; |
| | | 3750 | } |
| | | 3751 | |
3741 | e = pam_authenticate(pamh, 0); | | 3752 | e = pam_authenticate(pamh, 0); |
3742 | switch (e) { | | 3753 | switch (e) { |
3743 | case PAM_SUCCESS: | | 3754 | case PAM_SUCCESS: |
3744 | /* | | 3755 | /* |
3745 | * With PAM we support the concept of a "template" | | 3756 | * With PAM we support the concept of a "template" |
3746 | * user. The user enters a login name which is | | 3757 | * user. The user enters a login name which is |
3747 | * authenticated by PAM, usually via a remote service | | 3758 | * authenticated by PAM, usually via a remote service |
3748 | * such as RADIUS or TACACS+. If authentication | | 3759 | * such as RADIUS or TACACS+. If authentication |
3749 | * succeeds, a different but related "template" name | | 3760 | * succeeds, a different but related "template" name |
3750 | * is used for setting the credentials, shell, and | | 3761 | * is used for setting the credentials, shell, and |
3751 | * home directory. The name the user enters need only | | 3762 | * home directory. The name the user enters need only |
3752 | * exist on the remote authentication server, but the | | 3763 | * exist on the remote authentication server, but the |
3753 | * template name must be present in the local password | | 3764 | * template name must be present in the local password |