Fix for redhat-4.0-axp wu-ftpd

Zarmfab Software Development (fabsoft@fabsoft2.zarm.uni-bremen.de)
Thu, 21 Nov 1996 16:47:29 +0100

This is my solution to get the wu-ftpd from redhat-4.0-axp to work with
anonymous access.

First the shared libraries are missing in ~ftp/lib,
if anonftp-2.3-1.axp.rpm is installed.

I don't know what is really needed there, but at my machine the
directory now looks like:

root:~>ls -l ~ftp/lib/
total 1931
-rwxr-xr-x 1 root root 233450 Nov 21 14:29 ld.so.1*
-rwxr-xr-x 1 root root 1642348 Nov 21 14:29 libc-1.93.so*
lrwxrwxrwx 1 root root 12 Nov 21 12:15 libc.so.6 -> libc-1.93.so*
-rwxr-xr-x 1 root root 58695 Sep 9 01:01 libnss_files-1.93.so*
lrwxrwxrwx 1 root root 20 Nov 21 14:43 libnss_files.so.1 -> libnss_files-1.93.so*
lrwxrwxrwx 1 root root 19 Nov 21 12:14 libtermcap.so.2 -> libtermcap.so.2.0.8*
-rwxr-xr-x 1 root root 30201 Nov 21 14:29 libtermcap.so.2.0.8*

Well, that's easy, now comes the harder part:

The source file ftpd.c has a bug, that shows up if the server is configured to
use rfc822 password checking with warning, what is the case if the anonftp
package is installed.
If somebody logs in as anonymous and does not supply the 'recommended'
password, e.g, simply types <enter> at the password-prompt, the server hangs.

It looks like the bug is introduced by the pam-patch contained in the source-rpm.
the function pass_anonymous does not return a value in most cases, what it
really should, because the return value is used by the caller.

The following patch must be applied to the already prepared source package and fixes this.

-x-x-x-x-x- snip snip -x-x-x-x-x-x-
--- ftpd.c.bad Thu Nov 21 14:57:09 1996
+++ ftpd.c Thu Nov 21 14:55:49 1996
@@ -1425,7 +1425,7 @@
remotehost, remoteaddr);
exit(0);
}
- return;
+ return 0;
}

if (!valid) {
@@ -1433,21 +1433,22 @@
lreply(230,
"Next time please use your e-mail address as your password");
lreply(230, " for example: %s@%s",
- authenticated ? authuser : "joe", remotehost);
+ authenticated ? authuser : "Stan_Laurel", remotehost);
+
}
}

if (!*passwd) {
strcpy(guestpw, "[none_given]");
- return;
- }
-
- cnt = sizeof(guestpw) - 2;
- for (pwin = passwd, pwout = guestpw; *pwin && cnt--; pwin++)
+ } else {
+ cnt = sizeof(guestpw) - 2;
+ for (pwin = passwd, pwout = guestpw; *pwin && cnt--; pwin++)
if (!isgraph(*pwin))
*pwout++ = '_';
else
*pwout++ = *pwin;
+ }
+ return 1;
}

int
-x-x-x-x-x-x snip snip -x-x-x-x-x-x-

I don't know how to build Source rpm's, so i only can describe how i built the daemon. 8-(
You first have to install the SRPM wu-ftpd-2.4.2b11-8.src.rpm.
Then, prepare the source:
$ cd /usr/src/redhat/SPECS
$ rpm -bp wu-ftpd-2.4.2.spec
apply the patch:
$ cd /usr/src/redhat/BUILD/wu-ftpd-2.4.2-beta-11/src
$ patch < /....path_to...patch

Then compile the source without reinstalling

$ rpm -bc --short-circuit /usr/src/redhat/SPECS/wu-ftpd-2.4.2.spec

when building is finished, install ( as root ):

$ rpm -bi --short-circuit /usr/src/redhat/SPECS/wu-ftpd-2.4.2.spec

You may test the server with ftp localhost, give ftp as username and
no password, the daemon shold now respond with:
230-The response '' is not valid
230-Next time please use your e-mail address as your password
230- for example: Stan_Laurel@loopback
230 Guest login ok, access restrictions apply.

Good luck, Martin

-- 
Martin Cornelius, ZARMFAB software development, University of Bremen
phone: 49-421-218-4807    FAX: 49-421-218-3889
email: fabsoft@zarm.uni-bremen.de
paper-mail: Hochschulring / Am Fallturm, 28359 BREMEN, Germany

--
To unsubscribe: send e-mail to axp-list-request@redhat.com with
'unsubscribe' as the subject.  Do not send it to axp-list@redhat.com



Feedback | Store | News | Support | Product Errata | About Us | Linux Info | Search | JumpWords
No Frames | Show Frames

Copyright © 1995-1997 Red Hat Software. Legal notices