bin/62811: libexec/ftpd patch (broken clients & "anonymous" account)

[Craig Boston]

>Number:         62811
>Category:       bin
>Synopsis:       libexec/ftpd patch (broken clients & "anonymous" account)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 13 19:50:14 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Craig Boston
>Release:        FreeBSD 5.2-RELEASE i386
>Organization:
>Environment:
System: FreeBSD darth-laptop 5.2-RELEASE FreeBSD 5.2-RELEASE #0: Sun Jan 18 22:04:41 CST 2004 root at darth-laptop:/mnt/compile/obj/mnt/compile/src/sys/DARTH-LAPTOP i386

>Description:
	The attached patch adds a -G option to libexec/ftpd, which disables
	special treatment of the "anonymous" and "ftp" user names.  This
	has two main applications:

	1) Some popular graphical FTP clients (Internet Explorer and Mozilla,
	   to name two), try anomymous automatically and misbehave if a 530
	   error is sent back in response to the USER command.  As a result,
	   if anonymous FTP is disabled, they pop up an unhelpful error
	   message rather than prompting for login.  With this patch enabled,
	   these clients act as expected.
	2) It also allows for normal user accounts named "anonymous" or "ftp"
	   to be accessed with a password.

	Arguably, (1) is a bug in the browser, however this behavior
	persists across multiple versions and is not likely to be changed
	soon.  Several "other" FTP servers work around this problem,
	so not having an option to do so puts us at a disadvantage from
	the end-user's perspective.

	A quick review of the relevant RFCs didn't turn up any conflicts.
	As far as I can tell, the special handling for these users is not
	part of the official specification, and as such should be optional.
>How-To-Repeat:
>Fix:

--- ftpd-noguest.patch begins here ---
Index: ftpd.8
===================================================================
--- ftpd.8	(revision 1949)
+++ ftpd.8	(working copy)
@@ -100,6 +100,12 @@
 .It Fl E
 Disable the EPSV command.
 This is useful for servers behind older firewalls.
+.It Fl G
+Disable special treatment of the
+.Dq anonymous
+and
+.Dq ftp
+user names, enabling them to be used as normal accounts.
 .It Fl h
 Disable printing host-specific information, such as the
 server software version or hostname, in server messages.
Index: ftpd.c
===================================================================
--- ftpd.c	(revision 1949)
+++ ftpd.c	(working copy)
@@ -138,6 +138,7 @@
 int	usedefault = 1;		/* for data transfers */
 int	pdata = -1;		/* for passive mode */
 int	readonly=0;		/* Server is in readonly mode.	*/
+int	noguest=0;		/* Don't treat 'anonymous' user as special */
 int	noepsv=0;		/* EPSV command is disabled.	*/
 int	noretr=0;		/* RETR command is disabled.	*/
 int	noguestretr=0;		/* RETR command is disabled for anon users. */
@@ -300,7 +301,7 @@
 
 
 	while ((ch = getopt(argc, argv,
-	                    "46a:AdDEhlmMoOp:P:rRSt:T:u:UvW")) != -1) {
+	                    "46a:AdDEGhlmMoOp:P:rRSt:T:u:UvW")) != -1) {
 		switch (ch) {
 		case '4':
 			family = (family == AF_INET6) ? AF_UNSPEC : AF_INET;
@@ -330,6 +331,10 @@
 			noepsv = 1;
 			break;
 
+		case 'G':
+			noguest = 1;
+			break;
+
 		case 'h':
 			hostinfo = 0;
 			break;
@@ -987,7 +992,8 @@
 	}
 
 	guest = 0;
-	if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
+	if (!noguest &&
+	   (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0)) {
 		if (checkuser(_PATH_FTPUSERS, "ftp", 0, NULL) ||
 		    checkuser(_PATH_FTPUSERS, "anonymous", 0, NULL))
 			reply(530, "User %s access denied.", name);
--- ftpd-noguest.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted: