[3258] in Kerberos-V5-bugs
krb5-appl/1003: ftpd continues with 232 after 230-No directory
daemon@ATHENA.MIT.EDU (donn@u.washington.edu)
Fri Oct 5 15:04:04 2001
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, donn@u.washington.edu
Message-Id: <200110051903.f95J3XA60982@melville.u.washington.edu>
Date: Fri, 5 Oct 2001 12:03:33 -0700
From: donn@u.washington.edu
Reply-To: donn@u.washington.edu
To: krb5-bugs@mit.edu
>Number: 1003
>Category: krb5-appl
>Synopsis: ftpd continues with 232 after 230-No directory
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Oct 5 15:04:00 EDT 2001
>Last-Modified:
>Originator: Donn Cave
>Organization:
University Computing Services
University of Washington
>Release: krb5-1.2.2
>Environment:
Any
System: AIX melville 2 4 00600210C000
>Description:
login() issues a line "230-No directory!..." when chdir to
the user's home directory fails. It leaves the continuation
of that line up to the caller, and in the case of a GSS
authenticated login, the code comes out "232". Ftp clients,
including MIT krb5, need the same code before the continuation
is finished, so they're stuck.
>How-To-Repeat:
Rename your home directory, ftp in with Kerberos 5 credentials.
>Fix:
Pass code into login(), when it's different than what login()
would normally use. Following context diff is relative to
krb5-1.2.2 + buffer overflow patches.
-----------------
*** appl/gssftp/ftpd/ftpd.c.orig2 Wed Aug 8 13:27:43 2001
--- appl/gssftp/ftpd/ftpd.c Fri Oct 5 11:49:31 2001
***************
*** 818,824 ****
syslog(authorized ? LOG_INFO : LOG_ERR, "%s", buf);
if (result == 232)
! login(NULL);
return;
}
--- 818,824 ----
syslog(authorized ? LOG_INFO : LOG_ERR, "%s", buf);
if (result == 232)
! login(NULL, result);
return;
}
***************
*** 1086,1096 ****
}
login_attempts = 0; /* this time successful */
! login(passwd);
return;
}
! login(passwd)
char *passwd;
{
if (have_creds) {
--- 1086,1096 ----
}
login_attempts = 0; /* this time successful */
! login(passwd, 0);
return;
}
! login(passwd, logincode)
char *passwd;
{
if (have_creds) {
***************
*** 1149,1156 ****
reply(530, "User %s: can't change directory to %s.",
pw->pw_name, pw->pw_dir);
goto bad;
! } else
! lreply(230, "No directory! Logging in with home=/");
}
}
if (guest) {
--- 1149,1159 ----
reply(530, "User %s: can't change directory to %s.",
pw->pw_name, pw->pw_dir);
goto bad;
! } else {
! if (!logincode)
! logincode = 230;
! lreply(logincode, "No directory! Logging in with home=/");
! }
}
}
if (guest) {
>Audit-Trail:
>Unformatted:
