[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-tech
Subject: Re: proposed ftpd patch to modify -A operation on invalid userids
From: Josh Grosse <josh () jggimi ! homeip ! net>
Date: 2008-09-24 0:53:31
Message-ID: 20080924005331.GA148 () jggimi ! homeip ! net
[Download RAW message or body]
On Mon, Sep 22, 2008 at 02:26:55PM -0400, Josh Grosse wrote:
> On Mon, 22 Sep 2008 14:00:47 -0400, Todd C. Miller wrote
>
> > I wonder if it wouldn't be better to simpling include "access denied"
> > in the 530 response. I don't particularly like that solution either,
> > though.
Revised patch. I have changed the message, as Todd suggested, to match
other "access denied" 530 messages. I have also replaced the end_login();
with dologout(0); -- this is a cleaner, more logically valid disconnection,
used in several spots in libexec/ftpd/ftpd.c. It leaves no "Please login
with USER and PASS" 530 message, which is possible with end_login(); logic.
Index: ftpd.8
===================================================================
RCS file: /cvs/src/libexec/ftpd/ftpd.8,v
retrieving revision 1.65
diff -u -r1.65 ftpd.8
--- ftpd.8 31 May 2007 19:19:39 -0000 1.65
+++ ftpd.8 19 Sep 2008 21:02:04 -0000
@@ -77,7 +77,8 @@
or users in a login class with the
.Dq ftp-chroot
variable set (see below).
-Other connection attempts are refused.
+Other connection attempts are refused and the control connection
+is disconnected.
.It Fl D
With this option set,
.Nm
Index: ftpd.c
===================================================================
RCS file: /cvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.184
diff -u -r1.184 ftpd.c
--- ftpd.c 12 Sep 2008 16:12:08 -0000 1.184
+++ ftpd.c 24 Sep 2008 00:40:50 -0000
@@ -824,8 +824,11 @@
dochroot = (lc && login_getcapbool(lc, "ftp-chroot", 0)) ||
checkuser(_PATH_FTPCHROOT, name);
if (anon_only && !dochroot) {
- if (anon_ok)
- reply(530, "Sorry, only anonymous ftp allowed.");
+ if (anon_ok) {
+ reply(530, "User %s access denied.", name);
+ dologout(0);
+ /* NOTREACHED */
+ }
else
reply(530, "User %s access denied.", name);
return;
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic