bbs Unix username and password security fixes
This commit is contained in:
parent
99422c375d
commit
cca22c4ad9
@ -4158,6 +4158,7 @@ v0.33.18 27-Jul-2001
|
|||||||
The written door.sys file now has a : after the comport.
|
The written door.sys file now has a : after the comport.
|
||||||
Executing doors in nosuid mode (as real user) is now possible.
|
Executing doors in nosuid mode (as real user) is now possible.
|
||||||
The can be switched on using mbsetup.
|
The can be switched on using mbsetup.
|
||||||
|
Fixed security problem in Unix username and password entry.
|
||||||
|
|
||||||
mbuseradd:
|
mbuseradd:
|
||||||
Ported to work on FreeBSD.
|
Ported to work on FreeBSD.
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
*
|
*
|
||||||
* File ..................: bbs/funcs4.c
|
* File ..................: bbs/funcs4.c
|
||||||
* Purpose ...............: Misc functions, also for some utils.
|
* Purpose ...............: Misc functions, also for some utils.
|
||||||
* Last modification date : 08-Aug-2001
|
* Last modification date : 18-Oct-2001
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2001
|
* Copyright (C) 1997-2001
|
||||||
@ -202,7 +202,7 @@ void GetstrU(char *sStr, int iMaxlen)
|
|||||||
putchar('\007');
|
putchar('\007');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ch > 32 && ch < 127) {
|
if (isalnum(ch)) {
|
||||||
if (iPos <= iMaxlen) {
|
if (iPos <= iMaxlen) {
|
||||||
iPos++;
|
iPos++;
|
||||||
sprintf(sStr, "%s%c", sStr, ch);
|
sprintf(sStr, "%s%c", sStr, ch);
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
#ifndef _FUNCS4_H
|
#ifndef _FUNCS4_H
|
||||||
#define _FUNCS4_H
|
#define _FUNCS4_H
|
||||||
|
|
||||||
|
|
||||||
void UserSilent(int); /* Update users silent flag info */
|
void UserSilent(int); /* Update users silent flag info */
|
||||||
int CheckStatus(void); /* Check BBS open status */
|
int CheckStatus(void); /* Check BBS open status */
|
||||||
void GetstrU(char *, int); /* Get string, forbid spaces */
|
void GetstrU(char *, int); /* Get string, forbid spaces */
|
||||||
|
@ -2,13 +2,13 @@
|
|||||||
*
|
*
|
||||||
* File ..................: bbs/pwcheck.c
|
* File ..................: bbs/pwcheck.c
|
||||||
* Purpose ...............: Password checking routines
|
* Purpose ...............: Password checking routines
|
||||||
* Last modification date : 08-Feb-1999
|
* Last modification date : 18-Oct-2001
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-1999
|
* Copyright (C) 1997-2001
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:2801/16
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10 Internet: mbroek@ux123.pttnwb.nl
|
* Beekmansbos 10 Internet: mbroek@users.sourceforge.net
|
||||||
* 1971 BV IJmuiden
|
* 1971 BV IJmuiden
|
||||||
* the Netherlands
|
* the Netherlands
|
||||||
*
|
*
|
||||||
@ -44,7 +44,7 @@
|
|||||||
* Open up /dev/tty to get the password from the user
|
* Open up /dev/tty to get the password from the user
|
||||||
* because this is done in raw mode, it makes life a bit
|
* because this is done in raw mode, it makes life a bit
|
||||||
* more difficult.
|
* more difficult.
|
||||||
* This function gets a password from a user, upto CFG.max_passlen set above
|
* This function gets a password from a user, upto Max_passlen
|
||||||
*/
|
*/
|
||||||
int Getpass(char *theword)
|
int Getpass(char *theword)
|
||||||
{
|
{
|
||||||
@ -69,37 +69,32 @@ int Getpass(char *theword)
|
|||||||
* Till the user presses ENTER or reaches the maximum length allowed
|
* Till the user presses ENTER or reaches the maximum length allowed
|
||||||
*/
|
*/
|
||||||
while ((c != 13) && (counter < Max_passlen )) {
|
while ((c != 13) && (counter < Max_passlen )) {
|
||||||
|
|
||||||
|
fflush(stdout);
|
||||||
c = Readkey(); /* Reads a character from the raw device */
|
c = Readkey(); /* Reads a character from the raw device */
|
||||||
|
|
||||||
if (((c == 8) || (c == KEY_DEL) || (c == 127)) && (counter != 0 )) { /* If its a BACKSPACE */
|
if (((c == 8) || (c == KEY_DEL) || (c == 127)) && (counter != 0 )) { /* If its a BACKSPACE */
|
||||||
counter--;
|
counter--;
|
||||||
password[counter] = '\0';
|
password[counter] = '\0';
|
||||||
printf("\x008 \x008");
|
printf("\x008 \x008");
|
||||||
fflush(stdout);
|
|
||||||
continue;
|
continue;
|
||||||
} /* Backtrack to fix the BACKSPACE */
|
} /* Backtrack to fix the BACKSPACE */
|
||||||
|
|
||||||
if (((c == 8) || (c == KEY_DEL) || (c == 127)) && (counter == 0) ) {
|
if (((c == 8) || (c == KEY_DEL) || (c == 127)) && (counter == 0) ) {
|
||||||
printf("\x007");
|
printf("\x007");
|
||||||
fflush(stdout);
|
|
||||||
continue;
|
continue;
|
||||||
} /* Don't Backtrack as we are at the begining of the passwd field */
|
} /* Don't Backtrack as we are at the begining of the passwd field */
|
||||||
|
|
||||||
password[counter] = c;
|
if (isalnum(c)) {
|
||||||
counter++;
|
password[counter] = c;
|
||||||
|
counter++;
|
||||||
if (c > 32 && c < 127) { /* If its a normal character, display a . */
|
|
||||||
printf("%c", CFG.iPasswd_Char);
|
printf("%c", CFG.iPasswd_Char);
|
||||||
fflush(stdout);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Unsetraw(); /* Go normal */
|
Unsetraw(); /* Go normal */
|
||||||
close(ttyfd);
|
close(ttyfd);
|
||||||
|
|
||||||
if (counter == Max_passlen)
|
password[counter] = '\0'; /* Make sure the string has a NULL at the end*/
|
||||||
password[counter] = '\0'; /* Make sure the string has a NULL at the end*/
|
|
||||||
else
|
|
||||||
password[counter-1] ='\0';
|
|
||||||
strcpy(theword,password);
|
strcpy(theword,password);
|
||||||
|
|
||||||
return(0);
|
return(0);
|
||||||
|
Reference in New Issue
Block a user