From owner-freebsd-bugs@FreeBSD.ORG Fri Aug 9 07:20:01 2013 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 6D7D6A81 for ; Fri, 9 Aug 2013 07:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4C9722316 for ; Fri, 9 Aug 2013 07:20:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r797K1a4016285 for ; Fri, 9 Aug 2013 07:20:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r797K1cw016284; Fri, 9 Aug 2013 07:20:01 GMT (envelope-from gnats) Resent-Date: Fri, 9 Aug 2013 07:20:01 GMT Resent-Message-Id: <201308090720.r797K1cw016284@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Eugene Grosbein Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id A6C3194F for ; Fri, 9 Aug 2013 07:17:09 +0000 (UTC) (envelope-from eugen@k-45-monitor.sd.rdtc.ru) Received: from k-45-monitor.sd.rdtc.ru (k-45-monitor.sd.rdtc.ru [62.231.191.161]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E609622F1 for ; Fri, 9 Aug 2013 07:17:07 +0000 (UTC) Received: from k-45-monitor.sd.rdtc.ru (localhost [127.0.0.1]) by k-45-monitor.sd.rdtc.ru (8.14.7/8.14.7) with ESMTP id r796podP096969; Fri, 9 Aug 2013 13:51:50 +0700 (NOVT) (envelope-from eugen@k-45-monitor.sd.rdtc.ru) Received: (from eugen@localhost) by k-45-monitor.sd.rdtc.ru (8.14.7/8.14.7/Submit) id r796pmX9096968; Fri, 9 Aug 2013 13:51:48 +0700 (NOVT) (envelope-from eugen) Message-Id: <201308090651.r796pmX9096968@k-45-monitor.sd.rdtc.ru> Date: Fri, 9 Aug 2013 13:51:48 +0700 (NOVT) From: Eugene Grosbein To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.114 Subject: bin/181157: [ftpd] [patch] New login.conf(5) capability "ftp-chdir" for ftpd(8) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Aug 2013 07:20:01 -0000 >Number: 181157 >Category: bin >Synopsis: [ftpd] [patch] New login.conf(5) capability "ftp-chdir" for ftpd(8) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Aug 09 07:20:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Eugene Grosbein >Release: FreeBSD 9.2-BETA2 amd64 >Organization: RDTC JSC >Environment: System: FreeBSD k-45-monitor 9.2-BETA2 FreeBSD 9.2-BETA2 #10 r253755M: Mon Jul 29 12:39:55 NOVT 2013 root@k-45-monitor:/usr/obj/usr/local/src/sys/K-45-MONITOR amd64 >Description: ftpd(8) allows us to have chrooted users having initial working directory distinct from its home directory with "/home/user/./subdir" syntax in the passwd(5) file. This way changes notion of user's home directory for all other system utilities and may be undesirable. Let's make it possible for ftpd(8) to change user's initial working directory without messing with its home directory. The following patch introduces new string "ftp-chdir" capability in login.conf(5). For users having this capability ftpd(8) will change current directory to it instead of user's home directory upon successful authorization (and chroot(8), if needed). Thus, user's home directory may be kept intact in passwd(5), without "/./" hack. >How-To-Repeat: See above. >Fix: --- libexec/ftpd/ftpd.8.orig 2013-06-18 14:52:20.000000000 +0700 +++ libexec/ftpd/ftpd.8 2013-08-09 13:35:24.000000000 +0700 @@ -472,6 +472,13 @@ can fill the drive with unwanted files. .El .Pp +Initial working directory may be automatically changed from user's +home directory to another one with the string "ftp-chdir" capability +in login.conf(5), unless user's home directory pathname contains the +.Pa /./ +separator, as described above (that setting has higher priority). +For chrooted users, "ftp-chdir" points to the directory below new root. +.Pp If the system has multiple IP addresses, .Nm supports the idea of virtual hosts, which provides the ability to --- libexec/ftpd/ftpd.c.orig 2013-06-18 14:52:20.000000000 +0700 +++ libexec/ftpd/ftpd.c 2013-08-08 14:25:12.000000000 +0700 @@ -1553,7 +1553,11 @@ skip: * the old current directory will be accessible as "." * outside the new root! */ +#ifdef LOGIN_CAP + homedir = (char *) login_getcapstr(lc, "ftp-chdir", "/", "/"); +#else homedir = "/"; +#endif } /* * Finally, do chroot() --- lib/libutil/login.conf.5.orig 2013-08-09 13:36:01.000000000 +0700 +++ lib/libutil/login.conf.5 2013-08-09 13:37:33.000000000 +0700 @@ -225,6 +225,9 @@ See .Xr ftpd 8 for details. +.It "ftp-chdir string Initial working directory for FTP user. See +.Xr ftpd 8 +for details. .It "label string Default MAC policy; see .Xr maclabel 7 . .It "lang string Set $LANG environment variable to the specified value. >Release-Note: >Audit-Trail: >Unformatted: