diff options
| author | Matthew Hancher <mdh@mit.edu> | 1998-08-07 05:02:20 +0000 |
|---|---|---|
| committer | Matthew Hancher <mdh@mit.edu> | 1998-08-07 05:02:20 +0000 |
| commit | 6dc9d6b578538967d6d090f8b29a1e7cd2b6a3ec (patch) | |
| tree | c5f1fde2572a24290fc106130351926bf2a4b7ec /src | |
| parent | d2b8a8c59aa918440eb6104525ac261a0c2b403a (diff) | |
| download | krb5-6dc9d6b578538967d6d090f8b29a1e7cd2b6a3ec.tar.gz krb5-6dc9d6b578538967d6d090f8b29a1e7cd2b6a3ec.tar.xz krb5-6dc9d6b578538967d6d090f8b29a1e7cd2b6a3ec.zip | |
Fri Aug 7 00:56:30 1998 Matthew D Hancher <mdh@mit.edu>
* ftpd.c: (pass): Make daemon not lose for homedirs on
root-squashing filesystems.
(auth_data): Fix that godawful "error: No error" message
when gss_acquire_cred() fails.
(user): Fix getusershell() code so it works more than once.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10785 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/appl/gssftp/ftpd/ChangeLog | 8 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/ftpd.c | 45 |
2 files changed, 38 insertions, 15 deletions
diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index c35c8f8d3..34ff78eda 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,11 @@ +Fri Aug 7 00:56:30 1998 Matthew D Hancher <mdh@mit.edu> + + * ftpd.c: (pass): Make daemon not lose for homedirs on + root-squashing filesystems. + (auth_data): Fix that godawful "error: No error" message + when gss_acquire_cred() fails. + (user): Fix getusershell() code so it works more than once. + 1998-07-11 <hartmans@fundsxpress.com> * ftpd.c (data;): do not declare h_errno; breaks on AIX and diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 3d027e9ac..58c63ec01 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -612,10 +612,11 @@ user(name) if ((shell = pw->pw_shell) == NULL || *shell == 0) shell = "/bin/sh"; #ifdef HAVE_GETUSERSHELL + setusershell(); while ((cp = getusershell()) != NULL) if (strcmp(cp, shell) == 0) break; - /* endusershell(); */ /* this breaks on solaris 2.4 */ + endusershell(); #else cp = shell; #endif @@ -845,26 +846,34 @@ pass(passwd) logged_in = 1; if (guest) { + if (chroot(pw->pw_dir) < 0) { + reply(550, "Can't set guest priveleges."); + goto bad; + } + } + if (krb5_seteuid((uid_t)pw->pw_uid) < 0) { + reply(550, "Can't set uid."); + goto bad; + } + if (guest) { /* * We MUST do a chdir() after the chroot. Otherwise * the old current directory will be accessible as "." * outside the new root! */ - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { + if (chdir("/") < 0) { reply(550, "Can't set guest privileges."); goto bad; } - } else if (chdir(pw->pw_dir) < 0) { - if (chdir("/") < 0) { - reply(530, "User %s: can't change directory to %s.", - pw->pw_name, pw->pw_dir); - goto bad; - } else - lreply(230, "No directory! Logging in with home=/"); - } - if (krb5_seteuid((uid_t)pw->pw_uid) < 0) { - reply(550, "Can't set uid."); - goto bad; + } else { + if (chdir(pw->pw_dir) < 0) { + if (chdir("/") < 0) { + reply(530, "User %s: can't change directory to %s.", + pw->pw_name, pw->pw_dir); + goto bad; + } else + lreply(230, "No directory! Logging in with home=/"); + } } if (guest) { reply(230, "Guest login ok, access restrictions apply."); @@ -2040,8 +2049,14 @@ char *data; return 0; } } else { - reply_gss_error(501, stat_maj, stat_min, - "acquiring credentials"); + /* Kludge to make sure the right error gets reported, so we don't * + * get those nasty "error: no error" messages. */ + if(stat_maj != GSS_S_COMPLETE) + reply_gss_error(501, stat_maj, stat_min, + "acquiring credentials"); + else + reply_gss_error(501, acquire_maj, acquire_min, + "acquiring credentials"); syslog(LOG_ERR, "gssapi error acquiring credentials"); return 0; } |