* ftpcmd.y: Add production "nonguest" to catch things that

	anonymous users aren't supposed to do.  Replace "check_login" with
	"nonguest" in a few places to prevent w4r3z d00dz from being
	lame with world-writable incoming directories.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10473 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog
index 9f088a37d9e763237f7dd98248f6231a9be77dce..c9a30e597902fd3e0ad6673b8f57deac80094061 100644 (file)
--- a/src/appl/gssftp/ftpd/ChangeLog
+++ b/src/appl/gssftp/ftpd/ChangeLog
@@ -1,3 +1,10 @@
+Tue Feb 24 21:34:34 1998  Tom Yu  <tlyu@mit.edu>
+
+       * ftpcmd.y: Add production "nonguest" to catch things that
+       anonymous users aren't supposed to do.  Replace "check_login" with
+       "nonguest" in a few places to prevent w4r3z d00dz from being
+       lame with world-writable incoming directories.
+
 Sun Feb 22 19:37:07 1998  Tom Yu  <tlyu@mit.edu>
 
        * ftpd.c: Use krb5_seteuid() and krb5_setegid(). [krb5-libs/505]

diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y
index c014f35b2619d7c2ad5ecf4c5b160dbe62e1d8cd..0da1188941ef5d6dac3f3f2352abcf92c8c86691 100644 (file)
--- a/src/appl/gssftp/ftpd/ftpcmd.y
+++ b/src/appl/gssftp/ftpd/ftpcmd.y
@@ -182,7 +182,7 @@ struct tab sitetab[];
 
 %type <num> NUMBER
 %type <num> form_code prot_code struct_code mode_code octal_number
-%type <num> check_login byte_size
+%type <num> check_login byte_size nonguest
 
 %type <str> STRING
 %type <str> password pathname username pathstring
@@ -441,14 +441,14 @@ cmd:              USER SP username CRLF
                = {
                        reply(200, "NOOP command successful.");
                }
-       |       MKD check_login SP pathname CRLF
+       |       MKD nonguest SP pathname CRLF
                = {
                        if ($2 && $4 != NULL)
                                makedir((char *) $4);
                        if ($4 != NULL)
                                free((char *) $4);
                }
-       |       RMD check_login SP pathname CRLF
+       |       RMD nonguest SP pathname CRLF
                = {
                        if ($2 && $4 != NULL)
                                removedir((char *) $4);
@@ -483,7 +483,7 @@ cmd:                USER SP username CRLF
                                reply(200, "Current UMASK is %03o", oldmask);
                        }
                }
-       |       SITE SP UMASK check_login SP octal_number CRLF
+       |       SITE SP UMASK nonguest SP octal_number CRLF
                = {
                        int oldmask;
 
@@ -498,7 +498,7 @@ cmd:                USER SP username CRLF
                                }
                        }
                }
-       |       SITE SP CHMOD check_login SP octal_number SP pathname CRLF
+       |       SITE SP CHMOD nonguest SP octal_number SP pathname CRLF
                = {
                        if ($4 && ($8 != NULL)) {
                                if ($6 > 0777)
@@ -828,6 +828,16 @@ check_login:       /* empty */
        }
        ;
 
+nonguest: check_login
+       = {
+               if (guest) {
+                       reply(550, "Operation prohibited for anonymous users.");
+                       $$ = 0;
+               }
+               else
+                       $$ = 1;
+       }
+       ;
 %%
 
 struct tab cmdtab[] = {                /* In order defined in RFC 765 */