Bug and Fix for wu-ftpd-2.4.2b11-8

Zarmfab Software Development (fabsoft@fabsoft2.zarm.uni-bremen.de)
Fri, 22 Nov 1996 16:06:47 +0100

Playing around with the ftpd-config files i found another bug in
the wu-ftpd-2.4.2b11-8.rpm.

Access restrictions given in /etc/ftpaccess do never apply to REAL users.
I think this is also introduced by the pam - patch, and shows up in
the axp and in the i386 version ( i have no sparc ;-( ).

This is my patch to fix this ( including my first patch posted yesterday ).

--- ftpd.bad Fri Nov 22 13:43:13 1996
+++ ftpd.c Fri Nov 22 13:45:18 1996
@@ -1124,6 +1124,15 @@
if (use_accessfile) /* see above. _H*/
guest = acl_guestgroup(pw);

+ if (access_ok(530) < 1) {
+ reply(530, "User %s access denied....", name);
+ syslog(LOG_NOTICE, "FTP LOGIN REFUSED (access denied) FROM %s [%s], %s",
+ remotehost, remoteaddr, name);
+ return;
+ } else
+ if (use_accessfile) /* see above. _H*/
+ acl_setfunctions();
+
#ifdef USE_PAM
/* Validate the user authentication with PAM */
pam_user (name);
@@ -1425,7 +1434,7 @@
remotehost, remoteaddr);
exit(0);
}
- return;
+ return 0;
}

if (!valid) {
@@ -1433,21 +1442,22 @@
lreply(230,
"Next time please use your e-mail address as your password");
lreply(230, " for example: %s@%s",
- authenticated ? authuser : "joe", remotehost);
+ authenticated ? authuser : "Stan_Laurel", remotehost);
+
}
}

if (!*passwd) {
strcpy(guestpw, "[none_given]");
- return;
- }
-
- cnt = sizeof(guestpw) - 2;
- for (pwin = passwd, pwout = guestpw; *pwin && cnt--; pwin++)
+ } else {
+ cnt = sizeof(guestpw) - 2;
+ for (pwin = passwd, pwout = guestpw; *pwin && cnt--; pwin++)
if (!isgraph(*pwin))
*pwout++ = '_';
else
*pwout++ = *pwin;
+ }
+ return 1;
}

int

-- 
Martin Cornelius, ZARMFAB software development, University of Bremen
phone: 49-421-218-4807    FAX: 49-421-218-3889
email: fabsoft@zarm.uni-bremen.de
paper-mail: Hochschulring / Am Fallturm, 28359 BREMEN, Germany

--
To unsubscribe: send e-mail to axp-list-request@redhat.com with
'unsubscribe' as the subject.  Do not send it to axp-list@redhat.com



Feedback | Store | News | Support | Product Errata | About Us | Linux Info | Search | JumpWords
No Frames | Show Frames

Copyright © 1995-1997 Red Hat Software. Legal notices