Add basic login.conf (sans authentication) support.
This commit is contained in:
parent
ed4d0b8acd
commit
b071c689de
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=25101
@ -1,11 +1,11 @@
|
||||
# @(#)Makefile 8.2 (Berkeley) 4/4/94
|
||||
# $Id$
|
||||
# $Id: Makefile,v 1.19 1997/02/22 14:21:26 peter Exp $
|
||||
|
||||
PROG= ftpd
|
||||
MAN8= ftpd.8
|
||||
SRCS= ftpd.c ftpcmd.c logwtmp.c popen.c skey-stuff.c
|
||||
|
||||
CFLAGS+=-DSETPROCTITLE -DSKEY -Wall
|
||||
CFLAGS+=-DSETPROCTITLE -DSKEY -DLOGIN_CAP -Wall
|
||||
|
||||
LDADD= -lskey -lmd -lcrypt -lutil
|
||||
DPADD= ${LIBSKEY} ${LIBMD} ${LIBCRYPT} ${LIBUTIL}
|
||||
|
@ -30,7 +30,7 @@
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
|
||||
.\" $Id: ftpd.8,v 1.13 1997/02/22 14:21:27 peter Exp $
|
||||
.\" $Id: ftpd.8,v 1.14 1997/03/25 03:45:52 mpp Exp $
|
||||
.\"
|
||||
.Dd April 19, 1994
|
||||
.Dt FTPD 8
|
||||
@ -272,7 +272,11 @@ as for an
|
||||
.Dq anonymous
|
||||
or
|
||||
.Dq ftp
|
||||
account (see next item). However, the user must still supply a password.
|
||||
account (see next item).
|
||||
This facility may also be used by using the boolean "ftp-chroot"
|
||||
capability in
|
||||
.Xr login.conf 5 .
|
||||
However, the user must still supply a password.
|
||||
This feature is intended as a compromise between a fully anonymous account
|
||||
and a fully privileged account. The account should also be set up as for an
|
||||
anonymous account.
|
||||
@ -362,6 +366,7 @@ Log file for anonymous transfers.
|
||||
.Xr ftp 1 ,
|
||||
.Xr key 1 ,
|
||||
.Xr getusershell 3 ,
|
||||
.Xr login.conf 5 ,
|
||||
.Xr inetd 8 ,
|
||||
.Xr syslogd 8
|
||||
.Sh BUGS
|
||||
|
@ -30,7 +30,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: ftpd.c,v 1.33 1997/02/22 14:21:28 peter Exp $
|
||||
* $Id: ftpd.c,v 1.34 1997/03/28 15:48:09 imp Exp $
|
||||
*/
|
||||
|
||||
#if 0
|
||||
@ -85,6 +85,9 @@ static char sccsid[] = "@(#)ftpd.c 8.4 (Berkeley) 4/16/94";
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
#include <libutil.h>
|
||||
#ifdef LOGIN_CAP
|
||||
#include <login_cap.h>
|
||||
#endif
|
||||
|
||||
#ifdef SKEY
|
||||
#include <skey.h>
|
||||
@ -689,6 +692,10 @@ end_login()
|
||||
if (logged_in)
|
||||
logwtmp(ttyline, "", "");
|
||||
pw = NULL;
|
||||
#ifdef LOGIN_CAP
|
||||
setusercontext(NULL, getpwuid(0), (uid_t)0,
|
||||
LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
|
||||
#endif
|
||||
logged_in = 0;
|
||||
guest = 0;
|
||||
dochroot = 0;
|
||||
@ -700,6 +707,9 @@ pass(passwd)
|
||||
{
|
||||
int rval;
|
||||
FILE *fd;
|
||||
#ifdef LOGIN_CAP
|
||||
login_cap_t *lc = NULL;
|
||||
#endif
|
||||
static char homedir[MAXPATHLEN];
|
||||
|
||||
if (logged_in || askpasswd == 0) {
|
||||
@ -755,7 +765,34 @@ pass(passwd)
|
||||
reply(550, "Can't set gid.");
|
||||
return;
|
||||
}
|
||||
/* May be overridden by login.conf */
|
||||
(void) umask(defumask);
|
||||
#ifdef LOGIN_CAP
|
||||
if ((lc = login_getclass(pw)) != NULL) {
|
||||
char remote_ip[MAXHOSTNAMELEN];
|
||||
|
||||
strncpy(remote_ip, inet_ntoa(his_addr.sin_addr),
|
||||
sizeof(remote_ip) - 1);
|
||||
remote_ip[sizeof(remote_ip) - 1] = 0;
|
||||
if (!auth_hostok(lc, remotehost, remote_ip)) {
|
||||
syslog(LOG_INFO|LOG_AUTH,
|
||||
"FTP LOGIN FAILED (HOST) as %s: permission denied.",
|
||||
pw->pw_name);
|
||||
reply(530, "Permission denied.\n");
|
||||
pw = NULL;
|
||||
return;
|
||||
}
|
||||
if (!auth_timeok(lc, time(NULL))) {
|
||||
reply(530, "Login not available right now.\n");
|
||||
pw = NULL;
|
||||
return;
|
||||
}
|
||||
}
|
||||
setusercontext(lc, pw, (uid_t)0,
|
||||
LOGIN_SETGROUP|LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
|
||||
#else
|
||||
(void) initgroups(pw->pw_name, pw->pw_gid);
|
||||
#endif
|
||||
|
||||
/* open wtmp before chroot */
|
||||
logwtmp(ttyline, pw->pw_name, remotehost);
|
||||
@ -765,7 +802,11 @@ pass(passwd)
|
||||
if ((statfd = open(_PATH_FTPDSTATFILE, O_WRONLY|O_APPEND)) < 0)
|
||||
stats = 0;
|
||||
|
||||
dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name);
|
||||
dochroot =
|
||||
#ifdef LOGIN_CAP /* Allow login.conf configuration as well */
|
||||
login_getcapbool(lc, "ftp-chroot", 0) ||
|
||||
#endif
|
||||
checkuser(_PATH_FTPCHROOT, pw->pw_name);
|
||||
if (guest) {
|
||||
/*
|
||||
* We MUST do a chdir() after the chroot. Otherwise
|
||||
@ -844,10 +885,15 @@ pass(passwd)
|
||||
syslog(LOG_INFO, "FTP LOGIN FROM %s as %s",
|
||||
remotehost, pw->pw_name);
|
||||
}
|
||||
(void) umask(defumask);
|
||||
#ifdef LOGIN_CAP
|
||||
login_close(lc);
|
||||
#endif
|
||||
return;
|
||||
bad:
|
||||
/* Forget all about it... */
|
||||
#ifdef LOGIN_CAP
|
||||
login_close(lc);
|
||||
#endif
|
||||
end_login();
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user