X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=cmds.c;h=08095378529aee15ad159caa62543cd32b854119;hb=6f01ac2a8ec1e4e781bdf344496e7a88e1ce07de;hp=9e1edcaa80827177bb1aade3446fe9c013390dd7;hpb=66307dc43142bd5233b2af5dfe0eaf190657bc24;p=betaftpd

diff --git a/cmds.c b/cmds.c
index 9e1edca..0809537 100644
--- a/cmds.c
+++ b/cmds.c
@@ -2,7 +2,7 @@
     Copyright (C) 1999-2000 Steinar H. Gunderson
 
     This program is is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License, version 2 if the
+    it under the terms of the GNU General Public License, version 2 of the
     License as published by the Free Software Foundation.
 
     This program is distributed in the hope that it will be useful,
@@ -25,6 +25,10 @@
 #include <stropts.h>
 #endif
 
+#if HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+ 
 #if HAVE_SYS_CONF_H
 #include <sys/conf.h>
 #endif
@@ -305,6 +309,7 @@ int cmd_pass(struct conn * const c)
 		c->auth = 0;
 	} else {
 		c->uid = p->pw_uid;
+		c->gid = p->pw_gid;
 		strncpy(c->curr_dir, p->pw_dir, 254);
 		c->curr_dir[254] = 0;
 	}
@@ -324,7 +329,7 @@ int cmd_pass(struct conn * const c)
 		) {
 			c->auth = 0;
 		} else {
-			c->auth = 3;
+			c->auth = 4;
 		}
 	}
 #endif /* !WANT_NONROOT */
@@ -340,6 +345,7 @@ int cmd_pass(struct conn * const c)
 		chdir(c->curr_dir);
 		dump_file(c, 230, "welcome.msg");
 #endif
+		/* Have a different message for anonymous users? */
 		numeric(c, 230, "User logged in.");
 	}
 	return 1;
@@ -406,9 +412,11 @@ int cmd_port(struct conn * const c)
 #if !WANT_NONROOT
 		/* need root privilegies for a short while */
 		seteuid(getuid());
+		setegid(getgid());
 #endif
 		bind(sock, (struct sockaddr *)&sin, sizeof(sin));
 #if !WANT_NONROOT
+		setegid(c->gid);
 		seteuid(c->uid);
 #endif
 
@@ -901,7 +909,7 @@ char conn_state[5][27] = {
 	"Waiting for e-mail address",
 	"Waiting for password",
 	"Logged in",
-	"Waiting for password",		/* actually non-existant user */
+	"Logged in",		/* non-anonymous */
 };
 
 char ftran_state[6][42] = {
@@ -1551,7 +1559,7 @@ int cmd_rein(struct conn * const c)
  *		down without clearing any sockets etc. In other words:
  *		Don't use it on a production site.
  */
-void cmd_exit(struct conn * const c)
+int cmd_exit(struct conn * const c)
 {
 	while (first_conn->next_conn)
 		destroy_conn(first_conn->next_conn);
@@ -1601,9 +1609,11 @@ void parse_command(struct conn *c)
 
 #if !WANT_NONROOT
 				if (h->do_setuid) {
+					setegid(c->gid);
 					seteuid(c->uid);
 				} else {
-					seteuid(0);
+					seteuid(getuid());
+					setegid(getgid());
 				}
 #endif
 
@@ -1621,7 +1631,10 @@ void parse_command(struct conn *c)
 				if (h->callback(c)) {
 					c->recv_buf[cmlen] = schar;
 #if !WANT_NONROOT
-					if (h->do_setuid) seteuid(getuid());
+					if (h->do_setuid) {
+						seteuid(getuid());
+						setegid(getgid());
+					}
 #endif
 					remove_bytes(c, cmlen);
 				}
@@ -1832,7 +1845,7 @@ int prepare_for_listing(struct conn * const c, char ** const ptr,
 			case 'F':
 				lo->classify = 1;
 				break;
-			case ' ':
+			case '\0':
 				fptr = optr + 1;
 				*(optr--) = 0;
 				break;
@@ -1843,7 +1856,7 @@ int prepare_for_listing(struct conn * const c, char ** const ptr,
 	} else {
 		fptr = c->recv_buf;
 	}
-	
+
 	/* then we chdir to the dir in fptr (if any) */
 	tmp = fptr ? strrchr(fptr, '/') : NULL;
 	if (tmp != NULL) {