ftpd: change_identity() must be after chroot()

Otherwise chroot() doesn't work for non-root Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2015-03-31 21:46:26 +02:00 · 2015-03-31 21:46:26 +02:00 · 9472e8a86f
commit 9472e8a86f
parent 379e8e81af
1 changed files with 21 additions and 20 deletions
--- a/networking/ftpd.c
+++ b/networking/ftpd.c
@ -1116,6 +1116,9 @@ int ftpd_main(int argc, char **argv)
 int ftpd_main(int argc UNUSED_PARAM, char **argv)
 #endif
 {
+#if ENABLE_FEATURE_FTP_AUTHENTICATION
+	struct passwd *pw = NULL;
+#endif
 	unsigned abs_timeout;
 	unsigned verbose_S;
 	smallint opts;
@ -1193,29 +1196,23 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
 	signal(SIGALRM, timeout_handler);

 #if ENABLE_FEATURE_FTP_AUTHENTICATION
-	{
-		struct passwd *pw = NULL;
-
-		while (1) {
-			uint32_t cmdval = cmdio_get_cmd_and_arg();
-
+	while (1) {
+		uint32_t cmdval = cmdio_get_cmd_and_arg();
 			if (cmdval == const_USER) {
-				pw = getpwnam(G.ftp_arg);
-				cmdio_write_raw(STR(FTP_GIVEPWORD)" Please specify password\r\n");
-			} else if (cmdval == const_PASS) {
-				if (check_password(pw, G.ftp_arg) > 0) {
-					break;	/* login success */
-				}
-				cmdio_write_raw(STR(FTP_LOGINERR)" Login failed\r\n");
-				pw = NULL;
-			} else if (cmdval == const_QUIT) {
-				WRITE_OK(FTP_GOODBYE);
-				return 0;
-			} else {
-				cmdio_write_raw(STR(FTP_LOGINERR)" Login with USER and PASS\r\n");
+			pw = getpwnam(G.ftp_arg);
+			cmdio_write_raw(STR(FTP_GIVEPWORD)" Please specify password\r\n");
+		} else if (cmdval == const_PASS) {
+			if (check_password(pw, G.ftp_arg) > 0) {
+				break;	/* login success */
 			}
+			cmdio_write_raw(STR(FTP_LOGINERR)" Login failed\r\n");
+			pw = NULL;
+		} else if (cmdval == const_QUIT) {
+			WRITE_OK(FTP_GOODBYE);
+			return 0;
+		} else {
+			cmdio_write_raw(STR(FTP_LOGINERR)" Login with USER and PASS\r\n");
 		}
-		change_identity(pw);
 	}
 	WRITE_OK(FTP_LOGINOK);
 #endif
@ -1233,6 +1230,10 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
 		xchroot(argv[0]);
 	}

+#if ENABLE_FEATURE_FTP_AUTHENTICATION
+	change_identity(pw);
+#endif
+
 	/* RFC-959 Section 5.1
 	 * The following commands and options MUST be supported by every
 	 * server-FTP and user-FTP, except in cases where the underlying