[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-305-gc1b5e82

[Mats Erik Andersson]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  c1b5e820f76e3b1c9cf1039d5cc00ce2cc23813a (commit)
       via  f35b338eaf36d01dce656b16f17198b8cb5e41b6 (commit)
      from  342261ea9ef24419288f044188ab8301c71b859e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=c1b5e820f76e3b1c9cf1039d5cc00ce2cc23813a


commit c1b5e820f76e3b1c9cf1039d5cc00ce2cc23813a
Author: Mats Erik Andersson <address@hidden>
Date:   Wed Jun 12 23:45:04 2013 +0200

    ftpd: Group name matching.

diff --git a/ChangeLog b/ChangeLog
index 3454a14..2bf8b5d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2013-06-12  Mats Erik Andersson  <address@hidden>
+
+       ftpd: Group name matching.
+       Support group membership matching in the files
+       `/etc/ftpusers' and `/etc/ftpchroot'.
+
+       * bootstrap.conf (gnulib_modules): Add mgetgroups.
+       * ftpd/conf.c: Include <stdlib.h>, <pwd.h>, <grp.h>,
+       and <mgetgroups.h>.
+       (checkuser): New variables NGROUPS, GROUPS, PWD.
+       New code blocks for extracting and matching against
+       group names given on input line.
+
+       * doc/inetutils.texi <ftpd invocation>:
+       New section on the file format of `/etc/ftpusers'.
+
 2013-06-11  Mats Erik Andersson  <address@hidden>
 
        * paths (PATH_NOLOGIN): Change default value to
diff --git a/NEWS b/NEWS
index ffa031e..4512cc1 100644
--- a/NEWS
+++ b/NEWS
@@ -81,7 +81,15 @@ and Sun-PAM as service `ftp'.  Observe that the latter
 two implementations only affect non-anonymous access,
 since `pam_ftp.so' exists for Linux-PAM only, so the
 standard checks are enforced on `ftp/anonymous' as usual.
-Server now accepts commands LPRT and LPSV.
+The server now accepts the commands LPRT and LPSV.
+
+The parsing of `/etc/ftpusers' and `/etc/ftpchroot' now
+allows the specification of group names, simply by
+preceding the identifier with an at-sign `@'.
+An isolated `@' acts as a wildcard and matches every
+user name.  In addition, the parser is more forgiving
+of spaces and tabs, thus achieving better portability
+of these two files when compared with other systems.
 
 * inetd
 
diff --git a/bootstrap.conf b/bootstrap.conf
index dfed69b..9f39f07 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -67,6 +67,7 @@ ioctl
 maintainer-makefile
 malloc-gnu
 mempcpy
+mgetgroups
 minmax
 mkstemp
 obstack
diff --git a/doc/inetutils.texi b/doc/inetutils.texi
index 24b4650..f546cd0 100644
--- a/doc/inetutils.texi
+++ b/doc/inetutils.texi
@@ -3831,6 +3831,42 @@ If present, the contents are displayed and all further
 access is refused.
 @end table
 
address@hidden File format of ftpusers and ftpchroot.
address@hidden file format}
+
+The files @file{/etc/ftpusers} and @file{/etc/ftpchroot}
+share a common file format.
+For better conformity with other implementations,
+each line is understood as consisting of fields separated
+by spaces, or by horizontal tabulators.
+Only the first non-empty field is examined at present.
+Both files are used for matching against a user name,
+desiring to use the FTP service.
+
+Whenever the first printable character is a hash @samp{#},
+the input line is taken as a comment, and is ignored.
+Lines lacking non-empty fields are likewise ignored.
+
+A field consisting of a single at-sign @samp{@@},
+is treated as a wildcard and matches every input.
+
+A field commencing with an at-sign @samp{@@} and then
+continuing with an identifier, is understood as giving
+the name of a group.
+Should this name exist in @file{/etc/groups}, and the
+user name be a member of this same group, then the user
+name matches.
+
+In all other cases, the field is taken as the identifier
+of a user, with which the requesting user is compared
+for verbatim match.
+
+It is worthwhile to observe from the above cases,
+that a single @samp{@@} on a line by itself in
address@hidden/etc/ftpchroot}, will enforce chrooting
+upon every user allowed to access the FTP service.
+This gives a Draconian, protective configuration.
+
 @node tftpd invocation
 @chapter @command{tftpd}: TFTP server
 @cindex tftpd
diff --git a/ftpd/conf.c b/ftpd/conf.c
index 1824e0d..b3848c0 100644
--- a/ftpd/conf.c
+++ b/ftpd/conf.c
@@ -19,9 +19,13 @@
 
 #include <config.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <errno.h>
 #include <string.h>
 #include <ctype.h>
+#include <pwd.h>
+#include <grp.h>
+#include <mgetgroups.h>
 #include "extern.h"
 
 #ifndef LINE_MAX
@@ -58,8 +62,10 @@ int
 checkuser (const char *filename, const char *name)
 {
   FILE *fp;
-  int found = 0;
+  int found = 0, ngroups = 0;
   char *p, line[BUFSIZ];
+  gid_t *groups = NULL;;
+  struct passwd *pwd = NULL;
 
   fp = fopen (filename, "r");
   if (fp != NULL)
@@ -80,6 +86,55 @@ checkuser (const char *filename, const char *name)
          if (*p == '#' || *p == 0)
            continue;
 
+         /* Wildcard entry, a single '@'.  */
+         if (p[0] == '@' && (p[1] == 0 || isblank (p[1])))
+           {
+             found = 1;
+             break;
+           }
+
+         /* Group entries begin with '@' and are non-trivial.  */
+         if (p[0] == '@' && p[1] && !isblank (p[1]))
+           {
+             /* The group list is generated only if needed,
+              * and only once.
+              */
+             if (!groups)
+               {
+                 pwd = getpwnam (name);
+                 if (pwd)
+                   ngroups = mgetgroups (name, pwd->pw_gid, &groups);
+               }
+
+             /* Check for group membership.  */
+             if ((ngroups > 0) && groups && pwd)
+               {
+                 struct group *grp;
+                 char *gname;
+
+                 /* Identify valid group name.  */
+                 gname = ++p;
+                 while (*p && (isalnum (*p) || *p == '_' || *p == '-'))
+                   p++;
+
+                 *p = '\0';    /* Group name ends here.  */
+
+                 grp = getgrnam (gname);
+                 if (grp)
+                   {
+                     int j;
+
+                     for (j = 0; j < ngroups; j++)
+                       if (groups[j] == grp->gr_gid)
+                         {
+                           found = 1;
+                           break;
+                         }
+                   }
+               }
+             continue; /* No match, or failure.  */
+           }
+
          /* User name ends at the first blank character.  */
          if (strncmp (p, name, strlen (name)) == 0
              && (p[strlen (name)] == 0
@@ -89,6 +144,7 @@ checkuser (const char *filename, const char *name)
              break;
            }
        }
+      free (groups);
       fclose (fp);
     }
   return (found);

http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=f35b338eaf36d01dce656b16f17198b8cb5e41b6


commit f35b338eaf36d01dce656b16f17198b8cb5e41b6
Author: Mats Erik Andersson <address@hidden>
Date:   Tue Jun 11 23:21:05 2013 +0200

    Portable value for PATH_NOLOGIN.

diff --git a/ChangeLog b/ChangeLog
index 93f2ffc..3454a14 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2013-06-11  Mats Erik Andersson  <address@hidden>
 
+       * paths (PATH_NOLOGIN): Change default value to
+       `/etc/nologin' for best portability.
+       * README: Add some observations on hard-coded
+       file locations.
+
+2013-06-11  Mats Erik Andersson  <address@hidden>
+
        ftpd: Erroneous access check.
        The result of a user name match in PATH_FTPUSERS
        is never applied.
diff --git a/README b/README
index 920183f..fad1633 100644
--- a/README
+++ b/README
@@ -12,6 +12,7 @@ distribution, and rules to find values for them.  To change a 
path
 PATH_FOO, you may either tell configure, by using
 `--with-path-foo=VALUE' (where VALUE may contain references to make
 variables such as `$(bindir)'), or edit the `paths' file.
+See further below for some important cases.
 
 If you wish to build only the clients or only the servers, you may
 wish to use the --disable-servers or --disable-clients options when
@@ -30,9 +31,9 @@ also does not have a complete list of whois servers; feel 
free to send
 information about additional whois servers to the bug reporting
 address.
 
-Notes:
+Notes on setuid-executables:
 
-1) All of the r* client commands, 'rcp', 'rlogin', 'rsh', used to
+ - All of the r* client commands, 'rcp', 'rlogin', 'rsh', used to
    need to be installed as setuid root to work correctly, since
    they use privileged ports for communication.  However, some
    modern operating systems now offer capabilities that avoid
@@ -40,11 +41,47 @@ Notes:
    our present code.  CAP_NET_BIND_SERVICE and PRIV_NET_PRIVADDR
    are relevant for the above three programs.
 
-2) Similarly, 'ping', 'ping6', and 'traceroute', used to depend
+ - Similarly, 'ping', 'ping6', and 'traceroute', used to depend
    on setuid installation, but also these are now content with
    capabilities like CAP_NET_RAW, PRIV_NET_ICMPACCESS, and
    PRIV_NET_RAWACCESS.
 
+Notes on hard-coded file locations:
+
+ - Some of the buildable executables depend critically on
+   hard-coded file locations for correct execution.  The most
+   important, where care is needed, are highlighted below.
+
+ - `ftpd' needs access to several configuration files, in order
+   that all use cases be covered.  Both of PATH_FTPCHROOT and
+   PATH_FTPWELCOME are normally positioned correctly in sysconfdir
+   by default, whereas PATH_FTPUSERS usually is desired to state
+   `/etc/ftpusers', but not all systems manage this.  Particular
+   care should be given to PATH_FTPLOGINMESG, since it defaults
+   to `/etc/motd', which cannot be claimed as universally ideal.
+   A sensible counter measure could be
+
+     ./configure --with-path-ftploginmesg='$(sysconfdir)/ftpmotd'
+
+   This would, however, complicate matter for chrooted users,
+   so a minor variation on the default could be preferable:
+
+     ./configure --with-path-ftploginmesg=/etc/ftpmotd
+
+   Finally, the fall-back value `/etc/nologin' for PATH_NOLOGIN
+   is in effect for every systems lacking <paths.h>, but this
+   sets the most plausible location in any case.
+
+ - `rcp' relies on PATH_RSH for proper hand-over.  Use the
+   configuration switch `--with-path-rsh=VALUE' for overriding
+   the detected value.  It should point to the intended location
+   of `rsh', particularly when built with Kerberos support.
+
+ - Similarily, `rsh' needs PATH_RLOGIN to locate `rlogin' for
+   correct delegation.  The switch `--with-path-rlogin=VALUE'
+   may come handy to ensure that `rsh' as well as `rlogin'
+   offer identical Kerberos support.
+
 Some known deficiencies:
 
  - Non-Shishi Kerberos support does not build.  Patches welcome.
diff --git a/paths b/paths
index 70c0f57..88cca1a 100644
--- a/paths
+++ b/paths
@@ -94,7 +94,7 @@ PATH_LOGCONF  $(sysconfdir)/syslog.conf
 PATH_LOGCONFD  $(sysconfdir)/syslog.d
 PATH_LOGIN     x $(bindir)/login search:login
 PATH_LOGPID    $(localstatedir)/run/syslog.pid
-PATH_NOLOGIN   $(sysconfdir)/nologin
+PATH_NOLOGIN   /etc/nologin
 PATH_RLOGIN    x $(bindir)/rlogin
 PATH_RSH       x $(bindir)/rsh
 PATH_TMP       d /tmp/

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog          |   23 ++++++++++++++++++++
 NEWS               |   10 ++++++++-
 README             |   43 +++++++++++++++++++++++++++++++++++--
 bootstrap.conf     |    1 +
 doc/inetutils.texi |   36 ++++++++++++++++++++++++++++++++
 ftpd/conf.c        |   58 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 paths              |    2 +-
 7 files changed, 167 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
GNU Inetutils