bbs Unix username and password security fixes

This commit is contained in:
Michiel Broek 2001-10-18 20:46:06 +00:00
parent 99422c375d
commit cca22c4ad9
4 changed files with 15 additions and 18 deletions

View File

@ -4158,6 +4158,7 @@ v0.33.18 27-Jul-2001
The written door.sys file now has a : after the comport. The written door.sys file now has a : after the comport.
Executing doors in nosuid mode (as real user) is now possible. Executing doors in nosuid mode (as real user) is now possible.
The can be switched on using mbsetup. The can be switched on using mbsetup.
Fixed security problem in Unix username and password entry.
mbuseradd: mbuseradd:
Ported to work on FreeBSD. Ported to work on FreeBSD.

View File

@ -2,7 +2,7 @@
* *
* File ..................: bbs/funcs4.c * File ..................: bbs/funcs4.c
* Purpose ...............: Misc functions, also for some utils. * Purpose ...............: Misc functions, also for some utils.
* Last modification date : 08-Aug-2001 * Last modification date : 18-Oct-2001
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2001 * Copyright (C) 1997-2001
@ -202,7 +202,7 @@ void GetstrU(char *sStr, int iMaxlen)
putchar('\007'); putchar('\007');
} }
if (ch > 32 && ch < 127) { if (isalnum(ch)) {
if (iPos <= iMaxlen) { if (iPos <= iMaxlen) {
iPos++; iPos++;
sprintf(sStr, "%s%c", sStr, ch); sprintf(sStr, "%s%c", sStr, ch);

View File

@ -1,6 +1,7 @@
#ifndef _FUNCS4_H #ifndef _FUNCS4_H
#define _FUNCS4_H #define _FUNCS4_H
void UserSilent(int); /* Update users silent flag info */ void UserSilent(int); /* Update users silent flag info */
int CheckStatus(void); /* Check BBS open status */ int CheckStatus(void); /* Check BBS open status */
void GetstrU(char *, int); /* Get string, forbid spaces */ void GetstrU(char *, int); /* Get string, forbid spaces */

View File

@ -2,13 +2,13 @@
* *
* File ..................: bbs/pwcheck.c * File ..................: bbs/pwcheck.c
* Purpose ...............: Password checking routines * Purpose ...............: Password checking routines
* Last modification date : 08-Feb-1999 * Last modification date : 18-Oct-2001
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-1999 * Copyright (C) 1997-2001
* *
* Michiel Broek FIDO: 2:2801/16 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 Internet: mbroek@ux123.pttnwb.nl * Beekmansbos 10 Internet: mbroek@users.sourceforge.net
* 1971 BV IJmuiden * 1971 BV IJmuiden
* the Netherlands * the Netherlands
* *
@ -44,7 +44,7 @@
* Open up /dev/tty to get the password from the user * Open up /dev/tty to get the password from the user
* because this is done in raw mode, it makes life a bit * because this is done in raw mode, it makes life a bit
* more difficult. * more difficult.
* This function gets a password from a user, upto CFG.max_passlen set above * This function gets a password from a user, upto Max_passlen
*/ */
int Getpass(char *theword) int Getpass(char *theword)
{ {
@ -69,37 +69,32 @@ int Getpass(char *theword)
* Till the user presses ENTER or reaches the maximum length allowed * Till the user presses ENTER or reaches the maximum length allowed
*/ */
while ((c != 13) && (counter < Max_passlen )) { while ((c != 13) && (counter < Max_passlen )) {
fflush(stdout);
c = Readkey(); /* Reads a character from the raw device */ c = Readkey(); /* Reads a character from the raw device */
if (((c == 8) || (c == KEY_DEL) || (c == 127)) && (counter != 0 )) { /* If its a BACKSPACE */ if (((c == 8) || (c == KEY_DEL) || (c == 127)) && (counter != 0 )) { /* If its a BACKSPACE */
counter--; counter--;
password[counter] = '\0'; password[counter] = '\0';
printf("\x008 \x008"); printf("\x008 \x008");
fflush(stdout);
continue; continue;
} /* Backtrack to fix the BACKSPACE */ } /* Backtrack to fix the BACKSPACE */
if (((c == 8) || (c == KEY_DEL) || (c == 127)) && (counter == 0) ) { if (((c == 8) || (c == KEY_DEL) || (c == 127)) && (counter == 0) ) {
printf("\x007"); printf("\x007");
fflush(stdout);
continue; continue;
} /* Don't Backtrack as we are at the begining of the passwd field */ } /* Don't Backtrack as we are at the begining of the passwd field */
password[counter] = c; if (isalnum(c)) {
counter++; password[counter] = c;
counter++;
if (c > 32 && c < 127) { /* If its a normal character, display a . */
printf("%c", CFG.iPasswd_Char); printf("%c", CFG.iPasswd_Char);
fflush(stdout);
} }
} }
Unsetraw(); /* Go normal */ Unsetraw(); /* Go normal */
close(ttyfd); close(ttyfd);
if (counter == Max_passlen) password[counter] = '\0'; /* Make sure the string has a NULL at the end*/
password[counter] = '\0'; /* Make sure the string has a NULL at the end*/
else
password[counter-1] ='\0';
strcpy(theword,password); strcpy(theword,password);
return(0); return(0);