[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wget
Subject:    wget ftp anonymous password
From:       Eduardo_Pérez_Ureta <eperez () dei ! inf ! uc3m ! es>
Date:       2001-04-26 15:19:24
[Download RAW message or body]

I've seen that wget sends the email of the user when doing ANONYMOUS ftp gets.
I see a lot of problems:
- Sending the user email if the user doesn't know that it's sent doesn't
  protect the user state of ANONYMOUS
- Sending the user email helps SPAM instead of stopping it. Many ftp sites
  use this information to send you unsolicited email.
- Sending the user email doesn't help ftp sites to know where the cracker came
  crackers are not stupid to send their email address.
- Sending the user email can be used to discriminate the user based on the country, \
company or person itself.

By all of these reasons I argue that wget to don't send the user email
by default.

Anyway Netscape Communicator sends mozilla@ as password by default, and it's
the most used anonymous ftp password worldwide so this change doesn't break
anything. And the user can send whatever email he likes by setting passwd
Why dou you send the email using anonymous ftp when you don't send it using
anonymous http ?

I've seen intranets with strict firewalls that only let anonymous ftp with
mozilla@ as password (password used by netscape communicator when doing ftp)
And I've heard of people having trouble downloading with wget/ftp.

I send you the bugfix. Maybe it's not perfect (I don't know if the xstrdup
it's needed) but it works.

Hopping that you see all of these problems I wait for your comments.

                Eduardo Pérez Ureta


["wget_nospam.diff" (text/plain)]

diff -ur wget-bad/src/ftp.c wget/src/ftp.c
--- wget-bad/src/ftp.c	Tue Apr 24 23:09:45 2001
+++ wget/src/ftp.c	Wed Apr 25 18:40:44 2001
@@ -134,7 +134,7 @@
   search_netrc (u->host, (const char **)&user, (const char **)&passwd, 1);
   user = user ? user : opt.ftp_acc;
   if (!opt.ftp_pass)
-    opt.ftp_pass = ftp_getaddress ();
+    opt.ftp_pass = xstrdup ("mozilla@");
   passwd = passwd ? passwd : opt.ftp_pass;
   assert (user && passwd);
 
diff -ur wget-bad/src/host.c wget/src/host.c
--- wget-bad/src/host.c	Fri Apr 13 03:39:23 2001
+++ wget/src/host.c	Wed Apr 25 18:36:08 2001
@@ -360,130 +360,6 @@
   return 0;
 }
 
-/* Return email address of the form username@FQDN suitable for
-   anonymous FTP passwords.  This process is error-prone, and the
-   escape hatch is the MY_HOST preprocessor constant, which can be
-   used to hard-code either your hostname or FQDN at compile-time.
-
-   If the FQDN cannot be determined, a warning is printed, and the
-   function returns a short `username@' form, accepted by most
-   anonymous servers.
-
-   The returned string is generated by malloc() and should be freed
-   using free().
-
-   If not even the username cannot be divined, it means things are
-   seriously fucked up, and Wget exits.  */
-char *
-ftp_getaddress (void)
-{
-  static char *address;
-
-  /* Do the drill only the first time, as it won't change.  */
-  if (!address)
-    {
-      char userid[32];		/* 9 should be enough for Unix, but
-				   I'd rather be on the safe side.  */
-      char *host, *fqdn;
-
-      if (!pwd_cuserid (userid))
-	{
-	  logprintf (LOG_ALWAYS, _("%s: Cannot determine user-id.\n"),
-		     exec_name);
-	  exit (1);
-	}
-#ifdef MY_HOST
-      STRDUP_ALLOCA (host, MY_HOST);
-#else /* not MY_HOST */
-#ifdef HAVE_UNAME
-      {
-	struct utsname ubuf;
-	if (uname (&ubuf) < 0)
-	  {
-	    logprintf (LOG_ALWAYS, _("%s: Warning: uname failed: %s\n"),
-		       exec_name, strerror (errno));
-	    fqdn = "";
-	    goto giveup;
-	  }
-	STRDUP_ALLOCA (host, ubuf.nodename);
-      }
-#else /* not HAVE_UNAME */
-#ifdef HAVE_GETHOSTNAME
-      host = alloca (256);
-      if (gethostname (host, 256) < 0)
-	{
-	  logprintf (LOG_ALWAYS, _("%s: Warning: gethostname failed\n"),
-		     exec_name);
-	  fqdn = "";
-	  goto giveup;
-	}
-#else /* not HAVE_GETHOSTNAME */
- #error Cannot determine host name.
-#endif /* not HAVE_GETHOSTNAME */
-#endif /* not HAVE_UNAME */
-#endif /* not MY_HOST */
-      /* If the address we got so far contains a period, don't bother
-         anymore.  */
-      if (strchr (host, '.'))
-	fqdn = host;
-      else
-	{
-	  /* #### I've seen the following scheme fail on at least one
-	     system!  Do we care?  */
-	  char *tmpstore;
-	  /* According to Richard Stevens, the correct way to find the
-	     FQDN is to (1) find the host name, (2) find its IP
-	     address using gethostbyname(), and (3) get the FQDN using
-	     gethostbyaddr().  So that's what we'll do.  Step one has
-	     been done above.  */
-	  /* (2) */
-	  struct hostent *hp = gethostbyname (host);
-	  if (!hp || !hp->h_addr_list)
-	    {
-	      logprintf (LOG_ALWAYS, _("\
-%s: Warning: cannot determine local IP address.\n"),
-			 exec_name);
-	      fqdn = "";
-	      goto giveup;
-	    }
-	  /* Copy the argument, so the call to gethostbyaddr doesn't
-	     clobber it -- just in case.  */
-	  tmpstore = (char *)alloca (hp->h_length);
-	  memcpy (tmpstore, *hp->h_addr_list, hp->h_length);
-	  /* (3) */
-	  hp = gethostbyaddr (tmpstore, hp->h_length, hp->h_addrtype);
-	  if (!hp || !hp->h_name)
-	    {
-	      logprintf (LOG_ALWAYS, _("\
-%s: Warning: cannot reverse-lookup local IP address.\n"),
-			 exec_name);
-	      fqdn = "";
-	      goto giveup;
-	    }
-	  if (!strchr (hp->h_name, '.'))
-	    {
-#if 0
-	      /* This gets ticked pretty often.  Karl Berry reports
-                 that there can be valid reasons for the local host
-                 name not to be an FQDN, so I've decided to remove the
-                 annoying warning.  */
- 	      logprintf (LOG_ALWAYS, _("\
-%s: Warning: reverse-lookup of local address did not yield FQDN!\n"),
-		       exec_name);
-#endif
-	      fqdn = "";
-	      goto giveup;
-	    }
-	  /* Once we're here, hp->h_name contains the correct FQDN.  */
-	  STRDUP_ALLOCA (fqdn, hp->h_name);
-	}
-    giveup:
-      address = (char *)xmalloc (strlen (userid) + 1 + strlen (fqdn) + 1);
-      sprintf (address, "%s@%s", userid, fqdn);
-    }
-  return address;
-}
-
 /* Print error messages for host errors.  */
 char *
 herrmsg (int error)
diff -ur wget-bad/src/host.h wget/src/host.h
--- wget-bad/src/host.h	Thu Dec  2 07:42:26 1999
+++ wget/src/host.h	Wed Apr 25 18:39:48 2001
@@ -34,8 +34,6 @@
 int accept_domain PARAMS ((struct urlinfo *));
 int sufmatch PARAMS ((const char **, const char *));
 
-char *ftp_getaddress PARAMS ((void));
-
 char *herrmsg PARAMS ((int));
 
 #endif /* HOST_H */
diff -ur wget-bad/src/init.c wget/src/init.c
--- wget-bad/src/init.c	Fri Apr 13 03:39:23 2001
+++ wget/src/init.c	Wed Apr 25 18:39:02 2001
@@ -228,7 +228,7 @@
   opt.reclevel = 5;
   opt.add_hostdir = 1;
   opt.ftp_acc = xstrdup ("anonymous");
-  /*opt.ftp_pass = xstrdup (ftp_getaddress ());*/
+  /*opt.ftp_pass = xstrdup ("mozilla@");*/
   opt.netrc = 1;
   opt.ftp_glob = 1;
   opt.htmlify = 1;
diff -ur wget-bad/src/main.c wget/src/main.c
--- wget-bad/src/main.c	Wed Apr 25 00:20:29 2001
+++ wget/src/main.c	Wed Apr 25 18:44:56 2001
@@ -251,7 +251,6 @@
     { "debug", no_argument, NULL, 'd' },
     { "delete-after", no_argument, NULL, 136 },
     { "dont-remove-listing", no_argument, NULL, 149 },
-    { "email-address", no_argument, NULL, 154 }, /* undocumented (debug) */
     { "follow-ftp", no_argument, NULL, 142 },
     { "force-directories", no_argument, NULL, 'x' },
     { "force-hier", no_argument, NULL, 'x' }, /* obsolete */
@@ -399,11 +398,6 @@
 	  break;
 	case 150:
 	  setval ("simplehostcheck", "on");
-	  break;
-	case 154:
-	  /* For debugging purposes.  */
-	  printf ("%s\n", ftp_getaddress ());
-	  exit (0);
 	  break;
 	case 155:
 	  setval ("bindaddress", optarg);


[prev in list] [next in list] [prev in thread] [next in thread]