+Tue Feb 24 21:34:34 1998 Tom Yu <tlyu@mit.edu>
+
+ * ftpcmd.y: Add production "nonguest" to catch things that
+ anonymous users aren't supposed to do. Replace "check_login" with
+ "nonguest" in a few places to prevent w4r3z d00dz from being
+ lame with world-writable incoming directories.
+
Sun Feb 22 19:37:07 1998 Tom Yu <tlyu@mit.edu>
* ftpd.c: Use krb5_seteuid() and krb5_setegid(). [krb5-libs/505]
%type <num> NUMBER
%type <num> form_code prot_code struct_code mode_code octal_number
-%type <num> check_login byte_size
+%type <num> check_login byte_size nonguest
%type <str> STRING
%type <str> password pathname username pathstring
= {
reply(200, "NOOP command successful.");
}
- | MKD check_login SP pathname CRLF
+ | MKD nonguest SP pathname CRLF
= {
if ($2 && $4 != NULL)
makedir((char *) $4);
if ($4 != NULL)
free((char *) $4);
}
- | RMD check_login SP pathname CRLF
+ | RMD nonguest SP pathname CRLF
= {
if ($2 && $4 != NULL)
removedir((char *) $4);
reply(200, "Current UMASK is %03o", oldmask);
}
}
- | SITE SP UMASK check_login SP octal_number CRLF
+ | SITE SP UMASK nonguest SP octal_number CRLF
= {
int oldmask;
}
}
}
- | SITE SP CHMOD check_login SP octal_number SP pathname CRLF
+ | SITE SP CHMOD nonguest SP octal_number SP pathname CRLF
= {
if ($4 && ($8 != NULL)) {
if ($6 > 0777)
}
;
+nonguest: check_login
+ = {
+ if (guest) {
+ reply(550, "Operation prohibited for anonymous users.");
+ $$ = 0;
+ }
+ else
+ $$ = 1;
+ }
+ ;
%%
struct tab cmdtab[] = { /* In order defined in RFC 765 */