From owner-freebsd-security  Thu Nov 27 14:36:00 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA27843
          for security-outgoing; Thu, 27 Nov 1997 14:36:00 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from blubb.pdc.kth.se (blubb.pdc.kth.se [193.10.159.47])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id OAA27838
          for <freebsd-security@freebsd.org>; Thu, 27 Nov 1997 14:35:57 -0800 (PST)
          (envelope-from joda@pdc.kth.se)
Received: from joda by blubb.pdc.kth.se with local (Exim 1.71 #3)
	id 0xbCWb-0000gv-00; Thu, 27 Nov 1997 23:35:09 +0100
To: shimon@simon-shapiro.org
Cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, freebsd-security@freebsd.org,
        warpy <warpy@suburbia.com.au>,
        "Daniel O'Callaghan" <danny@panda.hilink.com.au>,
        Craig Spannring <cts@cdsnet.net>
Subject: Re: Possible problem with ftpd 6.00
References: <XFMail.971127122250.shimon@simon-shapiro.org>
X-Emacs: 19.34
Mime-Version: 1.0 (generated by SEMI MIME-Edit 0.77)
Content-Type: multipart/mixed;
 boundary="Multipart_Thu_Nov_27_23:35:08_1997-1"
Content-Transfer-Encoding: 7bit
From: joda@pdc.kth.se (Johan Danielsson)
Date: 27 Nov 1997 23:35:08 +0100
In-Reply-To: Simon Shapiro's message of Thu, 27 Nov 1997 12:22:50 -0800 (PST)
Message-ID: <xofhg8y7yoz.fsf@blubb.pdc.kth.se>
Lines: 44
X-Mailer: Gnus v5.4.52/Emacs 19.34
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

--Multipart_Thu_Nov_27_23:35:08_1997-1
Content-Type: text/plain; charset=US-ASCII

Simon Shapiro <shimon@simon-shapiro.org> writes:

> if ( strncmp(login, "ftp, MAX_LOGIN) && 
>      strncmp(login "anonymous", MAX_LOGIN) ) {
>   printf("Password; ")
> } else {
>   printf("Your E-Mail Address, please ");
> }

The problem is that the client can't know that it's the email address
it should send. I did something like the following, (from
ftp.c[login]), which makes it more obvious to the user.

/Johan


--Multipart_Thu_Nov_27_23:35:08_1997-1
Content-Type: text/plain; charset=US-ASCII

    if (n == CONTINUE) {
	if(auth_complete)
	    pass = myname;
	else if (pass == NULL) {
	    char prompt[128];
	    if(myname && 
	       (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){
		snprintf(defaultpass, sizeof(defaultpass), "%s@%s", myname, mydomain);
		snprintf(prompt, sizeof(prompt), "Password (%s): ", defaultpass);
	    }else{
		strcpy(defaultpass, "");
		snprintf(prompt, sizeof(prompt), "Password: ");
	    }
	    pass = defaultpass;
	    des_read_pw_string (tmp, sizeof(tmp), prompt, 0);
	    if(tmp[0])
		pass = tmp;
	}
	n = command("PASS %s", pass);
    }

--Multipart_Thu_Nov_27_23:35:08_1997-1--