bostic@OKEEFFE.BERKELEY.EDU (Keith Bostic) (11/19/88)
Subject: Fix for posted version of ftpd. Index: etc/ftpd 4.3BSD,4.3BSD-tahoe Description: The posted source code for ftpd had a stupid mistake in the code that logged anonymous logins into the wtmp file. Repeat-By: Login as anonymous ftp and look for your login in the wtmp file. Fix: Apply the attached diff -- but *ONLY* if you're running the source code for ftpd that was posted to this newsgroup a few days ago. *** /tmp/d00838 Fri Nov 18 10:24:16 1988 --- ftpd.c Mon Nov 14 18:49:23 1988 *************** *** 22,28 **** #endif /* not lint */ #ifndef lint ! static char sccsid[] = "@(#)ftpd.c 5.16 (Berkeley) 10/30/88"; #endif /* not lint */ /* --- 22,28 ---- #endif /* not lint */ #ifndef lint ! static char sccsid[] = "@(#)ftpd.c 5.17 (Berkeley) 11/1/88"; #endif /* not lint */ /* *************** *** 80,86 **** int timeout = 900; /* timeout after 15 minutes of inactivity */ int logging; int guest; - int wtmp; int type; int form; int stru; /* avoid C keyword */ --- 80,85 ---- *************** *** 179,185 **** /* * Set up default state */ - logged_in = 0; data = -1; type = TYPE_A; form = FORM_N; --- 178,183 ---- *************** *** 288,310 **** goto bad; } ! /* grab wtmp before chroot */ ! wtmp = open("/usr/adm/wtmp", O_WRONLY|O_APPEND); ! if (guest && chroot(pw->pw_dir) < 0) { ! reply(550, "Can't set guest privileges."); ! if (wtmp >= 0) { ! (void) close(wtmp); ! wtmp = -1; ! } ! goto bad; ! } ! if (!guest) ! reply(230, "User %s logged in.", pw->pw_name); ! else ! reply(230, "Guest login ok, access restrictions apply."); ! logged_in = 1; (void)sprintf(ttyline, "ftp%d", getpid()); logwtmp(ttyline, pw->pw_name, remotehost); seteuid(pw->pw_uid); home = pw->pw_dir; /* home dir for globbing */ return; --- 286,304 ---- goto bad; } ! /* open wtmp before chroot */ (void)sprintf(ttyline, "ftp%d", getpid()); logwtmp(ttyline, pw->pw_name, remotehost); + logged_in = 1; + + if (guest) { + if (chroot(pw->pw_dir) < 0) { + reply(550, "Can't set guest privileges."); + goto bad; + } + reply(230, "Guest login ok, access restrictions apply."); + } else + reply(230, "User %s logged in.", pw->pw_name); seteuid(pw->pw_uid); home = pw->pw_dir; /* home dir for globbing */ return;