kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/ftp/wu-ftpd/files/patch-aa
Andrey A. Chernov 46895a7253 Add SIGTERM to the list, needs wtmp cleanup too 
Feature safe:   yes
2010-06-29 12:28:54 +00:00

148 lines
3.8 KiB
Text
Raw Blame History

--- src/ftpd.c.orig 2010-06-29 16:24:04.000000000 +0400
+++ src/ftpd.c 2010-06-29 16:26:15.000000000 +0400
@@ -447,7 +447,6 @@
#ifdef OPIE
#include <opie.h>
int pwok = 0;
-int af_pwok = 0;
struct opie opiestate;
#endif
@@ -785,6 +784,12 @@
sigemptyset(&block_sigmask);
#endif
#ifndef SIG_DEBUG
+#ifdef SIGTERM
+ (void) signal(SIGTERM, randomsig);
+#ifdef NEED_SIGFIX
+ sigaddset(&block_sigmask, SIGTERM);
+#endif
+#endif
#ifdef SIGHUP
(void) signal(SIGHUP, randomsig);
#ifdef NEED_SIGFIX
@@ -1219,10 +1224,6 @@
exit(0);
}
-#ifdef OPIE
- af_pwok = opieaccessfile(remotehost);
-#endif
-
#ifdef HAVE_LIBRESOLV
/* check permitted access based on remote host DNS information */
if (!check_reverse_dns()) {
@@ -1387,8 +1388,7 @@
chdir("/");
signal(SIGIOT, SIG_DFL);
signal(SIGILL, SIG_DFL);
- exit(1);
- /* dologout(-1); *//* NOTREACHED */
+ dologout(-1); /* NOTREACHED */
}
SIGNAL_TYPE lostconn(int sig)
@@ -1662,9 +1662,9 @@
/* Display s/key challenge where appropriate. */
if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
- sprintf(buf, "Password required for %s.", name);
+ snprintf(buf, sizeof(buf)-1, "Password required for %s.", name);
else
- sprintf(buf, "%s %s for %s.", sbuf,
+ snprintf(buf, sizeof(buf)-1, "%s %s for %s.", sbuf,
pwok ? "allowed" : "required", name);
return (buf);
}
@@ -2105,16 +2105,17 @@
#ifdef OPIE
{
char prompt[OPIE_CHALLENGE_MAX + 1];
- opiechallenge(&opiestate, name, prompt);
- if (askpasswd == -1) {
- syslog(LOG_WARNING, "Invalid FTP user name %s attempted from %s", name, remotehost);
- pwok = 0;
+ if (opiechallenge(&opiestate, name, prompt) == 0) {
+ pwok = (pw != NULL) &&
+ opieaccessfile(remotehost) &&
+ opiealways(pw->pw_dir);
+ reply(331, "Response to %s %s for %s.",
+ prompt, pwok ? "requested" : "required", name);
+ } else {
+ pwok = 1;
+ reply(331, "Password required for %s.", name);
}
- else
- pwok = af_pwok && opiealways(pw->pw_dir);
- reply(331, "Response to %s %s for %s.",
- prompt, pwok ? "requested" : "required", name);
}
#else
reply(331, "Password required for %s.", name);
@@ -2593,8 +2594,8 @@
if (pw == NULL)
salt = "xx";
else
-#ifndef OPIE
salt = pw->pw_passwd;
+#ifndef OPIE
#ifdef SECUREOSF
if ((pr = getprpwnam(pw->pw_name)) != NULL) {
if (pr->uflg.fg_newcrypt)
@@ -2627,9 +2628,15 @@
xpasswd = crypt(passwd, salt);
#endif /* SKEY */
#else /* OPIE */
- if (!opieverify(&opiestate, passwd))
- rval = 0;
- xpasswd = crypt(passwd, pw->pw_passwd);
+ if (pw != NULL) {
+ if (opieverify(&opiestate, passwd) == 0)
+ xpasswd = pw->pw_passwd;
+ else if (pwok)
+ xpasswd = crypt(passwd, salt);
+ else
+ pw = NULL;
+ }
+ pwok = 0;
#endif /* OPIE */
#ifdef ULTRIX_AUTH
if ((numfails = ultrix_check_pass(passwd, xpasswd)) >= 0) {
@@ -3189,7 +3196,7 @@
pw->pw_name, pw->pw_dir);
goto bad;
#else
- if (chdir("/") < 0) {
+ if (restricted_user || chdir("/") < 0) {
#ifdef VERBOSE_ERROR_LOGING
syslog(LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for %s, %s",
remoteident, pw->pw_name);
@@ -3508,7 +3515,7 @@
{
char *a;
a = (char *) malloc(len + 1);
- memset(a, ' ', len-1);
+ memset(a, ' ', len);
a[len] = 0;
if (strlen(s) <= len)
memcpy(a, s, strlen(s));
@@ -7469,6 +7476,8 @@
in++;
if (*in == '/')
in++;
+ else
+ out++;
}
else if ((in[0] == '.') && (in[1] == '.') && ((in[2] == '/') || (in[2] == '\0'))) {
if (out == path) {
@@ -7497,6 +7506,9 @@
}
else {
do
+ if ((in[0] == '*') && (in[1] == '*'))
+ in++;
+ else
*out++ = *in++;
while ((*in != '\0') && (*in != '/'));
if (*in == '/')
Reference in a new issue View git blame Copy permalink