YAMF2.2: Allow @group entries in /etc/ftpusers & /etc/ftpchroot to deny

and allow chroot access to entire groups.

1 files changed, 21 insertions, 5 deletions

diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 8c6578a..65e5b97 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: ftpd.c,v 1.35 1997/04/23 04:56:39 davidn Exp $
+ *	$Id: ftpd.c,v 1.36 1997/04/26 12:12:10 davidn Exp $
  */
 
 #if 0
@@ -76,6 +76,7 @@ static char sccsid[] = "@(#)ftpd.c	8.4 (Berkeley) 4/16/94";
 #include <limits.h>
 #include <netdb.h>
 #include <pwd.h>
+#include <grp.h>
 #include <setjmp.h>
 #include <signal.h>
 #include <stdio.h>
@@ -670,15 +671,30 @@ checkuser(fname, name)
 	char *p, line[BUFSIZ];
 
 	if ((fd = fopen(fname, "r")) != NULL) {
-		while (fgets(line, sizeof(line), fd) != NULL)
+		while (!found && fgets(line, sizeof(line), fd) != NULL)
 			if ((p = strchr(line, '\n')) != NULL) {
 				*p = '\0';
 				if (line[0] == '#')
 					continue;
-				if (strcmp(line, name) == 0) {
-					found = 1;
-					break;
+				/*
+				 * if first chr is '@', check group membership
+				 */
+				if (line[0] == '@') {
+					int i = 0;
+					struct group *grp;
+
+					if ((grp = getgrnam(line+1)) == NULL)
+						continue;
+					while (!found && grp->gr_mem[i])
+						found = strcmp(name,
+							grp->gr_mem[i++])
+							== 0;
 				}
+				/*
+				 * Otherwise, just check for username match
+				 */
+				else
+					found = strcmp(line, name) == 0;
 			}
 		(void) fclose(fd);
 	}