From craig@olyun.gank.org  Fri Feb 13 19:49:29 2004
Return-Path: <craig@olyun.gank.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7B5A416A4CE
	for <freebsd-gnats-submit@freebsd.org>; Fri, 13 Feb 2004 19:49:29 -0800 (PST)
Received: from ion.gank.org (ion.gank.org [69.55.238.164])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 58C7F43D1D
	for <freebsd-gnats-submit@freebsd.org>; Fri, 13 Feb 2004 19:49:29 -0800 (PST)
	(envelope-from craig@olyun.gank.org)
Received: from localhost (ion.gank.org [69.55.238.164])
	by ion.gank.org (mail) with ESMTP
	id 367592B2F9; Fri, 13 Feb 2004 21:49:29 -0600 (CST)
Received: from ion.gank.org ([69.55.238.164])
 by localhost (ion.gank.org [69.55.238.164]) (amavisd-new, port 10024)
 with LMTP id 10059-07; Fri, 13 Feb 2004 21:49:28 -0600 (CST)
Received: by ion.gank.org (mail, from userid 1001)
	id 1CE4B2B4E1; Fri, 13 Feb 2004 21:49:28 -0600 (CST)
Message-Id: <20040214034928.1CE4B2B4E1@ion.gank.org>
Date: Fri, 13 Feb 2004 21:49:28 -0600 (CST)
From: Craig Boston <craig@olyun.gank.org>
Reply-To: Craig Boston <craig@olyun.gank.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: libexec/ftpd patch (broken clients & "anonymous" account)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         62811
>Category:       bin
>Synopsis:       libexec/ftpd patch (broken clients & "anonymous" account)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    yar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 13 19:50:14 PST 2004
>Closed-Date:    Wed Jul 28 08:40:48 GMT 2004
>Last-Modified:  Wed Jul 28 08:40:48 GMT 2004
>Originator:     Craig Boston
>Release:        FreeBSD 5.2-RELEASE i386
>Organization:
>Environment:
System: FreeBSD darth-laptop 5.2-RELEASE FreeBSD 5.2-RELEASE #0: Sun Jan 18 22:04:41 CST 2004 root@darth-laptop:/mnt/compile/obj/mnt/compile/src/sys/DARTH-LAPTOP i386

>Description:
	The attached patch adds a -G option to libexec/ftpd, which disables
	special treatment of the "anonymous" and "ftp" user names.  This
	has two main applications:

	1) Some popular graphical FTP clients (Internet Explorer and Mozilla,
	   to name two), try anomymous automatically and misbehave if a 530
	   error is sent back in response to the USER command.  As a result,
	   if anonymous FTP is disabled, they pop up an unhelpful error
	   message rather than prompting for login.  With this patch enabled,
	   these clients act as expected.
	2) It also allows for normal user accounts named "anonymous" or "ftp"
	   to be accessed with a password.

	Arguably, (1) is a bug in the browser, however this behavior
	persists across multiple versions and is not likely to be changed
	soon.  Several "other" FTP servers work around this problem,
	so not having an option to do so puts us at a disadvantage from
	the end-user's perspective.

	A quick review of the relevant RFCs didn't turn up any conflicts.
	As far as I can tell, the special handling for these users is not
	part of the official specification, and as such should be optional.
>How-To-Repeat:
>Fix:

--- ftpd-noguest.patch begins here ---
Index: ftpd.8
===================================================================
--- ftpd.8	(revision 1949)
+++ ftpd.8	(working copy)
@@ -100,6 +100,12 @@
 .It Fl E
 Disable the EPSV command.
 This is useful for servers behind older firewalls.
+.It Fl G
+Disable special treatment of the
+.Dq anonymous
+and
+.Dq ftp
+user names, enabling them to be used as normal accounts.
 .It Fl h
 Disable printing host-specific information, such as the
 server software version or hostname, in server messages.
Index: ftpd.c
===================================================================
--- ftpd.c	(revision 1949)
+++ ftpd.c	(working copy)
@@ -138,6 +138,7 @@
 int	usedefault = 1;		/* for data transfers */
 int	pdata = -1;		/* for passive mode */
 int	readonly=0;		/* Server is in readonly mode.	*/
+int	noguest=0;		/* Don't treat 'anonymous' user as special */
 int	noepsv=0;		/* EPSV command is disabled.	*/
 int	noretr=0;		/* RETR command is disabled.	*/
 int	noguestretr=0;		/* RETR command is disabled for anon users. */
@@ -300,7 +301,7 @@
 
 
 	while ((ch = getopt(argc, argv,
-	                    "46a:AdDEhlmMoOp:P:rRSt:T:u:UvW")) != -1) {
+	                    "46a:AdDEGhlmMoOp:P:rRSt:T:u:UvW")) != -1) {
 		switch (ch) {
 		case '4':
 			family = (family == AF_INET6) ? AF_UNSPEC : AF_INET;
@@ -330,6 +331,10 @@
 			noepsv = 1;
 			break;
 
+		case 'G':
+			noguest = 1;
+			break;
+
 		case 'h':
 			hostinfo = 0;
 			break;
@@ -987,7 +992,8 @@
 	}
 
 	guest = 0;
-	if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
+	if (!noguest &&
+	   (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0)) {
 		if (checkuser(_PATH_FTPUSERS, "ftp", 0, NULL) ||
 		    checkuser(_PATH_FTPUSERS, "anonymous", 0, NULL))
 			reply(530, "User %s access denied.", name);
--- ftpd-noguest.patch ends here ---

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Mon Feb 16 03:27:46 PST 2004 
Responsible-Changed-Why:  
Assign to our ftpd maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=62811 

From: Yar Tikhiy <yar@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, craig@olyun.gank.org
Cc:  
Subject: Re: bin/62811: libexec/ftpd patch (broken clients & "anonymous" account)
Date: Wed, 18 Feb 2004 14:05:34 +0300

 Hi Craig,
 
 Could we avoid adding a new option to ftpd(8)?  I believe that using
 such well-known usernames as "ftp" or "anonymous" on a host with
 FTP access enabled is a poor idea in the first place--it's like
 having an ordinary user named "postmaster" on a mail host.
 
 As for the MSIE/Mozilla compatibility issue, your patch doesn't
 seem to resolve it.  Here's an example of conversation between
 patched ftpd(8) and MSIE 6 or Mozilla 1.6 which followed the request
 for the URL "ftp://foo/":
 
 	connection from PC (158.250.X.X)
 	<--- 220
 	foo.bar.msu.su FTP server (Version 6.00LS) ready.
 	command: USER anonymous
 	<--- 331
 	Password required for anonymous.
 	command: PASS  ???
 	<--- 530
 	Login incorrect.
 	FTP LOGIN FAILED FROM PC
 	<--- 221
 	You could at least say goodbye.
 
 MSIE showed its infamous "Server not found or DNS error" message
 subsequently, while Mozilla displayed an alert window reading "530
 Login incorrect."  Neither prompted for a username and password.
 
 -- 
 Yar

From: Craig Boston <craig@olyun.gank.org>
To: Yar Tikhiy <yar@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/62811: libexec/ftpd patch (broken clients & "anonymous" account)
Date: Sun, 29 Feb 2004 23:35:59 -0600

 Hi,
 
 Sorry, I've been away for a week and extremely busy catching up with 
 everything...
 
 On Wednesday 18 February 2004 05:05 am, Yar Tikhiy wrote:
 > Could we avoid adding a new option to ftpd(8)?
 
 I would prefer not to add a new option if at all possible.  However, I've yet 
 to find a solution that makes all FTP clients happy...
 
 > I believe that using  such well-known usernames as "ftp" or "anonymous" on a 
 > host with FTP access enabled is a poor idea in the first place--it's like
 > having an ordinary user named "postmaster" on a mail host. 
 
 Yes, there is probably very little legitimate reason to use "ftp" or 
 "anonymous" as a normal account.  It just seems a little odd to me that it 
 isn't even a possibility (maybe some bizarre edge case or legacy system 
 somewhere needs it, for instance).  Most *NIX programs have a philisophy of 
 "if the user really wants to shoot him/herself in the foot, don't get in the 
 way."
 
 The postmaster example is a bit different, as that requirement is codified in 
 RFC 2821.  So far I haven't been able to find a standard (other than the 
 de-facto one, of course) requiring anonymous logins to be treated specially 
 on FTP.
 
 Of course, it's not really my call, so if you feel this isn't appropriate or 
 useful to anyone else I'll be content to keep it as a local patch.
 
 > MSIE showed its infamous "Server not found or DNS error" message
 > subsequently, while Mozilla displayed an alert window reading "530
 > Login incorrect."  Neither prompted for a username and password.
 
 Hmm, that's strange...  Both MSIE 5.5 and 6 prompted me for a username and 
 password combo right after the "221 You could at least say goodbye".  The IE6 
 version I tested was 6.0.3790.0 (the one included with Windows 2003 Server).
 
 Mozilla turns out to be an entirely different animal.  A quick look through 
 the source seems to indicate that the only way to get it to prompt for BOTH 
 username and password is if the initial "USER" command gets a response other 
 than 2xx, 3xx, or 5xx.  The only one that seems to fit that is "421 Service 
 not available".  A test verified that Mozilla does indeed prompt in that case 
 (though IE didn't like it one bit).  The RFC lists 421 as a possible response 
 for USER, but I have to say that I agree that 530 is a more appropriate 
 answer.
 
 I think part of the problem is that there isn't an easy way to distunguish 
 between anonymous access being disabled or a too-many-users error.  IMHO, the 
 right thing for an ftp client or browser to do for an error during the login 
 process would be to show both the error message and allow the user to specify 
 username/pw.
 
 In the meantime I think I'll bring up the issue on one of the Mozilla lists 
 and see what they think.
 
 Thanks for your time,
 Craig

From: Yar Tikhiy <yar@FreeBSD.org>
To: Craig Boston <craig@olyun.gank.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/62811: libexec/ftpd patch (broken clients & "anonymous" account)
Date: Mon, 1 Mar 2004 21:54:51 +0300

 On Sun, Feb 29, 2004 at 11:35:59PM -0600, Craig Boston wrote:
 > 
 > > I believe that using  such well-known usernames as "ftp" or "anonymous" on a 
 > > host with FTP access enabled is a poor idea in the first place--it's like
 > > having an ordinary user named "postmaster" on a mail host. 
 > 
 > Yes, there is probably very little legitimate reason to use "ftp" or 
 > "anonymous" as a normal account.  It just seems a little odd to me that it 
 > isn't even a possibility (maybe some bizarre edge case or legacy system 
 > somewhere needs it, for instance).  Most *NIX programs have a philisophy of 
 > "if the user really wants to shoot him/herself in the foot, don't get in the 
 > way."
 
 I'm afraid time shouldn't be spent to create a currently missing
 opportunity for a user to shoot himself in the foot ;-)
 While always handling "ftp" or "anonymous" as a special case indeed
 looks odd a bit, this oddity is way too minor to make effort to
 eliminate it just on principle.
 
 > Of course, it's not really my call, so if you feel this isn't appropriate or 
 > useful to anyone else I'll be content to keep it as a local patch.
 
 I hope you'll pardon me if I say I do feel so :-)
 
 > > MSIE showed its infamous "Server not found or DNS error" message
 > > subsequently, while Mozilla displayed an alert window reading "530
 > > Login incorrect."  Neither prompted for a username and password.
 > 
 > Hmm, that's strange...  Both MSIE 5.5 and 6 prompted me for a username and 
 > password combo right after the "221 You could at least say goodbye".  The IE6 
 > version I tested was 6.0.3790.0 (the one included with Windows 2003 Server).
 
 Mine was 6.0.2800.1106, but I don't understand those numbers well.
 
 -- 
 Yar
State-Changed-From-To: open->closed 
State-Changed-By: yar 
State-Changed-When: Wed Jul 28 08:38:36 GMT 2004 
State-Changed-Why:  
Originator timeout.  We have been unable to negotiate the 
exact conditions under which the bug may manifest itself. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=62811 
>Unformatted:
