From jack@germanium.xtalwind.net  Tue Jun  9 12:36:07 1998
Received: from germanium.xtalwind.net (germanium.xtalwind.net [205.160.242.5])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA16932
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 9 Jun 1998 12:35:58 -0700 (PDT)
          (envelope-from jack@germanium.xtalwind.net)
Received: (from jack@localhost)
	by germanium.xtalwind.net (8.9.0/8.9.0) id PAA10693;
	Tue, 9 Jun 1998 15:35:41 -0400 (EDT)
Message-Id: <199806091935.PAA10693@germanium.xtalwind.net>
Date: Tue, 9 Jun 1998 15:35:41 -0400 (EDT)
From: jack@germanium.xtalwind.net
Reply-To: jack@germanium.xtalwind.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: Ftpd allows access to only one directory tree for anonymous users
X-Send-Pr-Version: 3.2

>Number:         6901
>Category:       misc
>Synopsis:       [patch] Ftpd allows access to only one directory tree for anonymous users
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun  9 12:40:00 PDT 1998
>Closed-Date:    Fri Jun 12 08:44:25 PDT 1998
>Last-Modified:  Fri Jun 12 08:45:22 PDT 1998
>Originator:     
>Release:        FreeBSD 2.2.6-RELEASE i386
>Organization:
>Environment:


>Description:

	User names `anonymous' and `ftp' logging into virtual hosts
	are chrooted to the same directory tree as users anonymously
	logging into the host machine.

>How-To-Repeat:

	Set up virtual FTP hosting and log into a virtual host as anonymous
	or ftp.

>Fix:
	
	Allow a `home' directory for virtual hosts to be specified in
	/etc/ftphosts


*** ftpd.c.orig	Wed Dec 24 14:13:47 1997
--- ftpd.c	Tue Jun  9 10:40:13 1998
***************
*** 163,168 ****
--- 163,169 ----
  	char		*statfile;
  	char		*welcome;
  	char		*loginmsg;
+ 	char		*chrootdir;
  } *thishost, *firsthost;
  
  #endif
***************
*** 651,657 ****
  			hrp->hostname = strdup(cp);
  			/* ok, now we now peel off the rest */
  			i = 0;
! 			while (i < 4 && (cp = strtok(NULL, " \t")) != NULL) {
  				if (*cp != '-' && (cp = strdup(cp)) != NULL) {
  					switch (i) {
  					case 0:	/* anon user permissions */
--- 652,658 ----
  			hrp->hostname = strdup(cp);
  			/* ok, now we now peel off the rest */
  			i = 0;
! 			while (i < 5 && (cp = strtok(NULL, " \t")) != NULL) {
  				if (*cp != '-' && (cp = strdup(cp)) != NULL) {
  					switch (i) {
  					case 0:	/* anon user permissions */
***************
*** 666,671 ****
--- 667,675 ----
  					case 3: /* login message */
  						hrp->loginmsg = cp;
  						break;
+ 					case 4: /* virtual host ftp directory */
+ 						hrp->chrootdir = cp;
+ 						break;
  					}
  				}
  				++i;
***************
*** 781,787 ****
  		    checkuser(_PATH_FTPUSERS, "anonymous"))
  			reply(530, "User %s access denied.", name);
  #ifdef VIRTUAL_HOSTING
! 		else if ((pw = sgetpwnam(thishost->anonuser)) != NULL) {
  #else
  		else if ((pw = sgetpwnam("ftp")) != NULL) {
  #endif
--- 785,792 ----
  		    checkuser(_PATH_FTPUSERS, "anonymous"))
  			reply(530, "User %s access denied.", name);
  #ifdef VIRTUAL_HOSTING
! 		else if (((pw = sgetpwnam(thishost->anonuser)) != NULL)
! 					|| strcmp(name, "ftp") == 0) {
  #else
  		else if ((pw = sgetpwnam("ftp")) != NULL) {
  #endif
***************
*** 1016,1022 ****
  		 * the old current directory will be accessible as "."
  		 * outside the new root!
  		 */
! 		if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
  			reply(550, "Can't set guest privileges.");
  			goto bad;
  		}
--- 1021,1028 ----
  		 * the old current directory will be accessible as "."
  		 * outside the new root!
  		 */
! 		if (chroot(thishost->chrootdir ? thishost->chrootdir : pw->pw_dir) < 0
! 			 || chdir("/") < 0) {
  			reply(550, "Can't set guest privileges.");
  			goto bad;
  		}
*** ftpd.8.orig	Thu Mar  5 07:24:20 1998
--- ftpd.8	Tue Jun  9 10:40:33 1998
***************
*** 375,382 ****
  Contains a user record in the system password file.
  As with normal anonymous ftp, this user's access uid, gid and group
  memberships determine file access to the anonymous ftp area.
! The anonymous ftp area (to which any user is chrooted on login)
  is determined by the home directory defined for the account.
  User id and group for any ftp account may be the same as for the
  standard ftp user.
  .It statfile
--- 375,384 ----
  Contains a user record in the system password file.
  As with normal anonymous ftp, this user's access uid, gid and group
  memberships determine file access to the anonymous ftp area.
! The anonymous ftp area (to which this user is chrooted on login)
  is determined by the home directory defined for the account.
+ Anonymous or ftp logins are chrooted to the directory specified by
+ rootdir.
  User id and group for any ftp account may be the same as for the
  standard ftp user.
  .It statfile
***************
*** 392,402 ****
  This file is displayed after the user logs in.
  It defaults to
  .Pa /etc/ftpmotd .
  .El
  .Pp
  Defining a virtual host for the primary IP address or hostname
  changes the default for ftp logins to that address.
! The 'user', 'statfile', 'welcome' and 'motd' fields may be left
  blank, or a single hypen '-' used to indicate that the default
  value is to be used.
  .Pp
--- 394,408 ----
  This file is displayed after the user logs in.
  It defaults to
  .Pa /etc/ftpmotd .
+ .It rootdir
+ Chroot directory for anonymous or ftp logins to this host.
+ It defaults to
+ .Pa ~/ftp .
  .El
  .Pp
  Defining a virtual host for the primary IP address or hostname
  changes the default for ftp logins to that address.
! The 'user', 'statfile', 'welcome', 'motd' and 'rootdir' fields may be left
  blank, or a single hypen '-' used to indicate that the default
  value is to be used.
  .Pp
>Release-Note:
>Audit-Trail:

From: Bill Fenner <fenner@parc.xerox.com>
To: jack@germanium.xtalwind.net
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: misc/6901: Ftpd allows access to only one directory tree for anonymous users 
Date: Tue, 9 Jun 1998 15:36:50 PDT

 Can't you do this with an unmodified ftpd with the "user" field of
 /etc/ftphosts?  The ftpd man page says:
 
            user      Contains a user record in the system password file.  ...
                      The anonymous ftp area ... is determined by the home
 		     directory defined for the account.  ...
 
   Bill

From: jack <jack@germanium.xtalwind.net>
To: Bill Fenner <fenner@parc.xerox.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: misc/6901: Ftpd allows access to only one directory tree for anonymous users 
Date: Tue, 9 Jun 1998 23:13:21 -0400 (EDT)

 On Tue, 9 Jun 1998, Bill Fenner wrote:
 
 > Can't you do this with an unmodified ftpd with the "user" field of
 > /etc/ftphosts?  The ftpd man page says:
 > 
 >            user      Contains a user record in the system password file.  ...
 >                      The anonymous ftp area ... is determined by the home
 > 		     directory defined for the account.  ...
 
 Not unless `ftp.virtualhost.com' instructs all its would be
 anonymous users to log is using whatever name is specified as
 user for that host in /etc/ftphosts.
 
 As it is now a user doing an anonymous login to
 `ftp.virtualhost.com' ends up in the same directory as one
 logging in as anonymous to `ftp.realhost.com'. 
 
 It works fine for the the specified user name, but for the
 virtual domain holder to make their wares available via anonymous
 ftp those files must reside in the real host's ~ftp.  And, either
 that domain holder needs write access to that directory (can you
 say NT?) or the sysadmin has to maintain it for them.  (That be
 me and I don't need the extra work :) 
 
 
 
 --------------------------------------------------------------------------
 Jack O'Neill                    Systems Administrator / Systems Analyst
 jack@germanium.xtalwind.net     Crystal Wind Communications, Inc.
           Finger jack@germanium.xtalwind.net for my PGP key.
    PGP Key fingerprint = F6 C4 E6 D4 2F 15 A7 67   FD 09 E9 3C 5F CC EB CD
                enriched, vcard, HTML messages > /dev/null
        Mail from netcom.com blocked until they stop relaying SPAM
 --------------------------------------------------------------------------
 
 
 
State-Changed-From-To: open->suspended 
State-Changed-By: phk 
State-Changed-When: Wed Jun 10 05:46:13 PDT 1998 
State-Changed-Why:  
awiting committer 

From: Bill Fenner <fenner@parc.xerox.com>
To: jack <jack@germanium.xtalwind.net>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: misc/6901: Ftpd allows access to only one directory tree for anonymous users 
Date: Wed, 10 Jun 1998 08:26:51 PDT

 In message <Pine.BSF.3.96.980609224932.13464A-100000@germanium.xtalwind.net>you
  write:
 >Not unless `ftp.virtualhost.com' instructs all its would be
 >anonymous users to log is using whatever name is specified as
 >user for that host in /etc/ftphosts.
 
 No; you log on using "ftp" or "anonymous".  Since you don't seem to
 believe either the man page or the code, how about an example:
 
 % grep ftp /etc/passwd
 ftp:*:14:5:Anonymous FTP Admin:/var/ftp/default:/nonexistent
 ftp2:*:14:5:Anonymous FTP Admin for 2nd address:/var/ftp/virtual1:/nonexistent
 % cat /etc/ftphosts
 10.0.0.1        ftp2
 % cat /var/ftp/default/etc/ftpmotd
 This is the default ftpd when you ftp to the non-virtual host.
 % cat /var/ftp/virtual1/etc/ftpmotd
 This is the ftp area that you get when you ftp to 10.0.0.1 .
 % ftp fenestro
 Connected to fenestro.parc.xerox.com.
 220 fenestro.parc.xerox.com FTP server (Version 6.00) ready.
 Name (fenestro:fenner): ftp
 331 Guest login ok, send your email address as password.
 Password:
 230- This is the default ftpd when you ftp to the non-virtual host.
 230 Guest login ok, access restrictions apply.
 Remote system type is UNIX.
 Using binary mode to transfer files.
 ftp> ls pub
 200 PORT command successful.
 150 Opening ASCII mode data connection for '/bin/ls'.
 total 0
 -rw-rw-r--  1 root  operator  0 Jun 10 15:19 README.default
 226 Transfer complete.
 ftp> quit
 221 Goodbye.
 % ftp 10.0.0.1
 Connected to 10.0.0.1.
 220 10.0.0.1 FTP server (Version 6.00) ready.
 Name (10.0.0.1:fenner): ftp
 331 Guest login ok, send your email address as password.
 Password:
 230- This is the ftp area that you get when you ftp to 10.0.0.1 .
 230 Guest login ok, access restrictions apply.
 Remote system type is UNIX.
 Using binary mode to transfer files.
 ftp> ls pub
 200 PORT command successful.
 150 Opening ASCII mode data connection for '/bin/ls'.
 total 0
 -rw-rw-r--  1 root  operator  0 Jun 10 15:18 README.10.0.0.1
 226 Transfer complete.
 ftp> quit
 221 Goodbye.
 
 >As it is now a user doing an anonymous login to
 >`ftp.virtualhost.com' ends up in the same directory as one
 >logging in as anonymous to `ftp.realhost.com'. 
 
 Not if you have an ftphosts file with a different user with a different
 home directory for the virtual domain.
 
   Bill
State-Changed-From-To: suspended->closed 
State-Changed-By: fenner 
State-Changed-When: Fri Jun 12 08:44:25 PDT 1998 
State-Changed-Why:  
This can be done with an unmodified ftpd and the "user" field in 
/etc/ftphosts. 
>Unformatted:
