summaryrefslogtreecommitdiff
path: root/libexec/ftp-proxy/ftp-proxy.c
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>2001-09-05 20:40:11 +0000
committerBob Beck <beck@cvs.openbsd.org>2001-09-05 20:40:11 +0000
commitea0c01f32219d002d5c6247f1abc217f053be30e (patch)
treeb4b1af9de1cec5057ce1520e983116ac74e88c78 /libexec/ftp-proxy/ftp-proxy.c
parent0421b692c03000b1269884e747ffa43b9f133d16 (diff)
-Make ftp-proxy drop privs to user "proxy" by default.
*WARNING* this means that it will die when it can't find user proxy if you are not running with a passwd database generated from current - Speling cleanup and missing va_end() noticed by <d.doroshenko@omnitel.net> - fix logging of getpwnam|getgrnam failures.
Diffstat (limited to 'libexec/ftp-proxy/ftp-proxy.c')
-rw-r--r--libexec/ftp-proxy/ftp-proxy.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/libexec/ftp-proxy/ftp-proxy.c b/libexec/ftp-proxy/ftp-proxy.c
index 887d23403a6..d815cd9a4d9 100644
--- a/libexec/ftp-proxy/ftp-proxy.c
+++ b/libexec/ftp-proxy/ftp-proxy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ftp-proxy.c,v 1.14 2001/08/28 19:57:29 beck Exp $ */
+/* $OpenBSD: ftp-proxy.c,v 1.15 2001/09/05 20:40:10 beck Exp $ */
/*
* Copyright (c) 1996-2001
@@ -141,7 +141,8 @@ char ClientName[NI_MAXHOST];
char RealServerName[NI_MAXHOST];
char OurName[NI_MAXHOST];
-char *User, *Group;
+char *User = "proxy";
+char *Group;
extern int Debug_Level;
extern int Use_Rdns;
@@ -202,7 +203,7 @@ drop_privs()
if (User != NULL) {
pw = getpwnam(User);
if (pw == NULL) {
- syslog(LOG_ERR, "can't find user %s (%m)", User);
+ syslog(LOG_ERR, "can't find user %s", User);
exit(EX_USAGE);
}
uid = pw->pw_uid;
@@ -212,7 +213,7 @@ drop_privs()
if (Group != NULL) {
gr = getgrnam(User);
if (gr == NULL) {
- syslog(LOG_ERR, "can't find group %s (%m)", Group);
+ syslog(LOG_ERR, "can't find group %s", Group);
exit(EX_USAGE);
}
gid = gr->gr_gid;
@@ -731,7 +732,7 @@ out:
/*
* If we aren't in NAT mode, deal with EPSV.
- * EPSV is a problem - Unliks PASV, the reply from the
+ * EPSV is a problem - Unlike PASV, the reply from the
* server contains *only* a port, we can't modify the reply
* to the client and get the client to connect to us without
* resorting to using a dynamic rdr rule we have to add in