From 54d3e6cd146b36fe94f6e2bbe46b1604e6801b8f Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 25 Feb 1998 02:36:21 +0000 Subject: [PATCH] * ftpcmd.y: Add production "nonguest" to catch things that anonymous users aren't supposed to do. Replace "check_login" with "nonguest" in a few places to prevent w4r3z d00dz from being lame with world-writable incoming directories. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10473 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gssftp/ftpd/ChangeLog | 7 +++++++ src/appl/gssftp/ftpd/ftpcmd.y | 20 +++++++++++++++----- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 9f088a37d..c9a30e597 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,10 @@ +Tue Feb 24 21:34:34 1998 Tom Yu + + * ftpcmd.y: Add production "nonguest" to catch things that + anonymous users aren't supposed to do. Replace "check_login" with + "nonguest" in a few places to prevent w4r3z d00dz from being + lame with world-writable incoming directories. + Sun Feb 22 19:37:07 1998 Tom Yu * ftpd.c: Use krb5_seteuid() and krb5_setegid(). [krb5-libs/505] diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index c014f35b2..0da118894 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -182,7 +182,7 @@ struct tab sitetab[]; %type NUMBER %type form_code prot_code struct_code mode_code octal_number -%type check_login byte_size +%type check_login byte_size nonguest %type STRING %type password pathname username pathstring @@ -441,14 +441,14 @@ cmd: USER SP username CRLF = { reply(200, "NOOP command successful."); } - | MKD check_login SP pathname CRLF + | MKD nonguest SP pathname CRLF = { if ($2 && $4 != NULL) makedir((char *) $4); if ($4 != NULL) free((char *) $4); } - | RMD check_login SP pathname CRLF + | RMD nonguest SP pathname CRLF = { if ($2 && $4 != NULL) removedir((char *) $4); @@ -483,7 +483,7 @@ cmd: USER SP username CRLF reply(200, "Current UMASK is %03o", oldmask); } } - | SITE SP UMASK check_login SP octal_number CRLF + | SITE SP UMASK nonguest SP octal_number CRLF = { int oldmask; @@ -498,7 +498,7 @@ cmd: USER SP username CRLF } } } - | SITE SP CHMOD check_login SP octal_number SP pathname CRLF + | SITE SP CHMOD nonguest SP octal_number SP pathname CRLF = { if ($4 && ($8 != NULL)) { if ($6 > 0777) @@ -828,6 +828,16 @@ check_login: /* empty */ } ; +nonguest: check_login + = { + if (guest) { + reply(550, "Operation prohibited for anonymous users."); + $$ = 0; + } + else + $$ = 1; + } + ; %% struct tab cmdtab[] = { /* In order defined in RFC 765 */ -- 2.26.2