From 6dc9d6b578538967d6d090f8b29a1e7cd2b6a3ec Mon Sep 17 00:00:00 2001 From: Matthew Hancher Date: Fri, 7 Aug 1998 05:02:20 +0000 Subject: [PATCH] Fri Aug 7 00:56:30 1998 Matthew D Hancher * ftpd.c: (pass): Make daemon not lose for homedirs on root-squashing filesystems. (auth_data): Fix that godawful "error: No error" message when gss_acquire_cred() fails. (user): Fix getusershell() code so it works more than once. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10785 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gssftp/ftpd/ChangeLog | 8 ++++++ src/appl/gssftp/ftpd/ftpd.c | 45 ++++++++++++++++++++++------------ 2 files changed, 38 insertions(+), 15 deletions(-) diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index c35c8f8d3..34ff78eda 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,11 @@ +Fri Aug 7 00:56:30 1998 Matthew D Hancher + + * ftpd.c: (pass): Make daemon not lose for homedirs on + root-squashing filesystems. + (auth_data): Fix that godawful "error: No error" message + when gss_acquire_cred() fails. + (user): Fix getusershell() code so it works more than once. + 1998-07-11 * ftpd.c (data;): do not declare h_errno; breaks on AIX and diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 3d027e9ac..58c63ec01 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -612,10 +612,11 @@ user(name) if ((shell = pw->pw_shell) == NULL || *shell == 0) shell = "/bin/sh"; #ifdef HAVE_GETUSERSHELL + setusershell(); while ((cp = getusershell()) != NULL) if (strcmp(cp, shell) == 0) break; - /* endusershell(); */ /* this breaks on solaris 2.4 */ + endusershell(); #else cp = shell; #endif @@ -844,27 +845,35 @@ pass(passwd) ftp_logwtmp(ttyline, pw->pw_name, remotehost); logged_in = 1; + if (guest) { + if (chroot(pw->pw_dir) < 0) { + reply(550, "Can't set guest priveleges."); + goto bad; + } + } + if (krb5_seteuid((uid_t)pw->pw_uid) < 0) { + reply(550, "Can't set uid."); + goto bad; + } if (guest) { /* * We MUST do a chdir() after the chroot. Otherwise * the old current directory will be accessible as "." * outside the new root! */ - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { + if (chdir("/") < 0) { reply(550, "Can't set guest privileges."); goto bad; } - } else if (chdir(pw->pw_dir) < 0) { - if (chdir("/") < 0) { - reply(530, "User %s: can't change directory to %s.", - pw->pw_name, pw->pw_dir); - goto bad; - } else - lreply(230, "No directory! Logging in with home=/"); - } - if (krb5_seteuid((uid_t)pw->pw_uid) < 0) { - reply(550, "Can't set uid."); - goto bad; + } else { + if (chdir(pw->pw_dir) < 0) { + if (chdir("/") < 0) { + reply(530, "User %s: can't change directory to %s.", + pw->pw_name, pw->pw_dir); + goto bad; + } else + lreply(230, "No directory! Logging in with home=/"); + } } if (guest) { reply(230, "Guest login ok, access restrictions apply."); @@ -2040,8 +2049,14 @@ char *data; return 0; } } else { - reply_gss_error(501, stat_maj, stat_min, - "acquiring credentials"); + /* Kludge to make sure the right error gets reported, so we don't * + * get those nasty "error: no error" messages. */ + if(stat_maj != GSS_S_COMPLETE) + reply_gss_error(501, stat_maj, stat_min, + "acquiring credentials"); + else + reply_gss_error(501, acquire_maj, acquire_min, + "acquiring credentials"); syslog(LOG_ERR, "gssapi error acquiring credentials"); return 0; } -- 2.26.2