From donn@u.washington.edu Fri Oct 5 15:03:35 2001 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id PAA12438 for ; Fri, 5 Oct 2001 15:03:35 -0400 (EDT) Received: from melville.u.washington.edu (melville.u.washington.edu [128.95.135.35]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id PAA01757 for ; Fri, 5 Oct 2001 15:03:34 -0400 (EDT) Received: (from donn@localhost) by melville.u.washington.edu (8.11.6+UW01.08/8.11.6+UW01.08) id f95J3XA60982; Fri, 5 Oct 2001 12:03:33 -0700 Message-Id: <200110051903.f95J3XA60982@melville.u.washington.edu> Date: Fri, 5 Oct 2001 12:03:33 -0700 From: donn@u.washington.edu Reply-To: donn@u.washington.edu To: krb5-bugs@mit.edu Subject: ftpd continues with 232 after 230-No directory X-Send-Pr-Version: 3.99 >Number: 1003 >Category: krb5-appl >Synopsis: ftpd continues with 232 after 230-No directory >Confidential: no >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Fri Oct 5 15:04:00 EDT 2001 >Last-Modified: >Originator: Donn Cave >Organization: University Computing Services University of Washington >Release: krb5-1.2.2 >Environment: Any System: AIX melville 2 4 00600210C000 >Description: login() issues a line "230-No directory!..." when chdir to the user's home directory fails. It leaves the continuation of that line up to the caller, and in the case of a GSS authenticated login, the code comes out "232". Ftp clients, including MIT krb5, need the same code before the continuation is finished, so they're stuck. >How-To-Repeat: Rename your home directory, ftp in with Kerberos 5 credentials. >Fix: Pass code into login(), when it's different than what login() would normally use. Following context diff is relative to krb5-1.2.2 + buffer overflow patches. ----------------- *** appl/gssftp/ftpd/ftpd.c.orig2 Wed Aug 8 13:27:43 2001 --- appl/gssftp/ftpd/ftpd.c Fri Oct 5 11:49:31 2001 *************** *** 818,824 **** syslog(authorized ? LOG_INFO : LOG_ERR, "%s", buf); if (result == 232) ! login(NULL); return; } --- 818,824 ---- syslog(authorized ? LOG_INFO : LOG_ERR, "%s", buf); if (result == 232) ! login(NULL, result); return; } *************** *** 1086,1096 **** } login_attempts = 0; /* this time successful */ ! login(passwd); return; } ! login(passwd) char *passwd; { if (have_creds) { --- 1086,1096 ---- } login_attempts = 0; /* this time successful */ ! login(passwd, 0); return; } ! login(passwd, logincode) char *passwd; { if (have_creds) { *************** *** 1149,1156 **** reply(530, "User %s: can't change directory to %s.", pw->pw_name, pw->pw_dir); goto bad; ! } else ! lreply(230, "No directory! Logging in with home=/"); } } if (guest) { --- 1149,1159 ---- reply(530, "User %s: can't change directory to %s.", pw->pw_name, pw->pw_dir); goto bad; ! } else { ! if (!logincode) ! logincode = 230; ! lreply(logincode, "No directory! Logging in with home=/"); ! } } } if (guest) { >Audit-Trail: >Unformatted: