summaryrefslogtreecommitdiff
path: root/networking
diff options
context:
space:
mode:
authorMorten Kvistgaard2014-08-05 21:57:18 +0200
committerDenys Vlasenko2014-08-05 21:57:18 +0200
commitfeac9b607dc68ea63992a46b3b8361f00f663cdc (patch)
treeed5bca82370298e195f5b5e3d84d40f9e7470a32 /networking
parent09a0e2223f68a266749043bf33c84faeb5cee8a0 (diff)
downloadbusybox-feac9b607dc68ea63992a46b3b8361f00f663cdc.zip
busybox-feac9b607dc68ea63992a46b3b8361f00f663cdc.tar.gz
ftpd: add optional support for authentication
function old new delta cmdio_get_cmd_and_arg - 237 +237 get_passwd - 97 +97 check_password - 82 +82 ftpd_main 2297 2178 -119 ask_and_check_password_extended 206 84 -122 ------------------------------------------------------------------------------ (add/remove: 3/0 grow/shrink: 0/2 up/down: 416/-241) Total: 175 bytes Signed-off-by: Morten Kvistgaard <MK@pch-engineering.dk> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking')
-rw-r--r--networking/Config.src7
-rw-r--r--networking/ftpd.c47
2 files changed, 31 insertions, 23 deletions
diff --git a/networking/Config.src b/networking/Config.src
index fbad7ec..e566469 100644
--- a/networking/Config.src
+++ b/networking/Config.src
@@ -134,6 +134,13 @@ config FEATURE_FTPD_ACCEPT_BROKEN_LIST
it increases the code size by ~40 bytes.
Most other ftp servers seem to behave similar to this.
+config FEATURE_FTP_AUTHENTICATION
+ bool "Enable authentication"
+ default y
+ depends on FTPD
+ help
+ Enable basic system login as seen in telnet etc.
+
config FTPGET
bool "ftpget"
default y
diff --git a/networking/ftpd.c b/networking/ftpd.c
index 2d2a3a4..9fcc3e9 100644
--- a/networking/ftpd.c
+++ b/networking/ftpd.c
@@ -1172,18 +1172,6 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
if (logmode)
applet_name = xasprintf("%s[%u]", applet_name, (int)getpid());
-#if !BB_MMU
- G.root_fd = -1;
-#endif
- argv += optind;
- if (argv[0]) {
-#if !BB_MMU
- G.root_fd = xopen("/", O_RDONLY | O_DIRECTORY);
- close_on_exec_on(G.root_fd);
-#endif
- xchroot(argv[0]);
- }
-
//umask(077); - admin can set umask before starting us
/* Signals. We'll always take -EPIPE rather than a rude signal, thanks */
@@ -1199,23 +1187,22 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
WRITE_OK(FTP_GREET);
signal(SIGALRM, timeout_handler);
-#ifdef IF_WE_WANT_TO_REQUIRE_LOGIN
+#if ENABLE_FEATURE_FTP_AUTHENTICATION
{
- smallint user_was_specified = 0;
+ struct passwd *pw = NULL;
+
while (1) {
uint32_t cmdval = cmdio_get_cmd_and_arg();
if (cmdval == const_USER) {
- if (G.ftp_arg == NULL || strcasecmp(G.ftp_arg, "anonymous") != 0)
- cmdio_write_raw(STR(FTP_LOGINERR)" Server is anonymous only\r\n");
- else {
- user_was_specified = 1;
- cmdio_write_raw(STR(FTP_GIVEPWORD)" Please specify the password\r\n");
- }
+ pw = getpwnam(G.ftp_arg);
+ cmdio_write_raw(STR(FTP_GIVEPWORD)" Please specify password\r\n");
} else if (cmdval == const_PASS) {
- if (user_was_specified)
- break;
- cmdio_write_raw(STR(FTP_NEEDUSER)" Login with USER\r\n");
+ if (check_password(pw, G.ftp_arg) > 0) {
+ break; /* login success */
+ }
+ cmdio_write_raw(STR(FTP_LOGINERR)" Login failed\r\n");
+ pw = NULL;
} else if (cmdval == const_QUIT) {
WRITE_OK(FTP_GOODBYE);
return 0;
@@ -1223,10 +1210,24 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
cmdio_write_raw(STR(FTP_LOGINERR)" Login with USER and PASS\r\n");
}
}
+ change_identity(pw);
}
WRITE_OK(FTP_LOGINOK);
#endif
+ /* Do this after auth, else /etc/passwd is not accessible */
+#if !BB_MMU
+ G.root_fd = -1;
+#endif
+ argv += optind;
+ if (argv[0]) {
+#if !BB_MMU
+ G.root_fd = xopen("/", O_RDONLY | O_DIRECTORY);
+ close_on_exec_on(G.root_fd);
+#endif
+ xchroot(argv[0]);
+ }
+
/* RFC-959 Section 5.1
* The following commands and options MUST be supported by every
* server-FTP and user-FTP, except in cases where the underlying