ftpd authentication

Mon Sep 15 14:34:30 UTC 2014

Hello Denys,

I've studied the last patch you applied to ftpd.

The patch can be fixed if you reorder the "change_identity" to beneath the jail. 

Also the "change_identity" ought to conflict with the NOMMU jail break. However a carefully placed call to "getpwuid" seems to somehow solve this. (wtf?) I've tested it on Ubuntu + uClinux. 

An unrelated small issue: The ftpd is not listing hidden files like other ftp servers do. This' got to an error? (Solution is simple.)

I've attached a patch with the above.

Regards,
Morten Kvistgaard

> -----Original Message-----
> From: Denys Vlasenko [mailto:vda.linux at googlemail.com]
> Sent: 5. august 2014 22:00
> To: Morten Kvistgaard
> Cc: busybox at busybox.net
> Subject: Re: ftpd authentication
> 
> On Mon, Aug 4, 2014 at 12:38 PM, Morten Kvistgaard <MK at pch-
> engineering.dk> wrote:
> > I've attached a patch for adding basic authentication to the ftpd.
> >
> > This used to work with version 1.21.1. And walter harms tested it with
> 1.22.1. And it worked with trunk 3 months ago.
> >
> > It doesn't seem to work with the current trunk though?
> >
> > The difference lies with "getpwnam" I think. (It's returning NULL on
> > my Ubuntu.)
> 
> getpwnam will not be very happy in chroot.
> 
> I fixed that, and also added actual change of user identity, and refactored
> password check to not duplicate code.
> 
> Applied to git, please try it now.
> For example, I'm curious whether people who want _anon_ ftp are unhappy
> now....

--
This message has been scanned for viruses and dangerous content by CronLab
(www.cronlab.com), and is believed to be clean.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-fix-ftp-authentication-change_identity-ls-A.patch
Type: application/octet-stream
Size: 3517 bytes
Desc: 0001-fix-ftp-authentication-change_identity-ls-A.patch
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20140915/39780cd4/attachment.obj>