-Make ftp-proxy drop privs to user "proxy" by default.

   *WARNING* this means that it will die when it can't find user proxy
   if you are not running with a passwd database generated from current
- Speling cleanup and missing va_end() noticed by  <d.doroshenko@omnitel.net>
- fix logging of getpwnam|getgrnam failures.

3 files changed, 15 insertions, 12 deletions

diff --git a/libexec/ftp-proxy/ftp-proxy.8 b/libexec/ftp-proxy/ftp-proxy.8
index 92577df23ce..4906e6c6d45 100644
--- a/libexec/ftp-proxy/ftp-proxy.8
+++ b/libexec/ftp-proxy/ftp-proxy.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ftp-proxy.8,v 1.6 2001/08/22 17:22:00 beck Exp $
+.\"	$OpenBSD: ftp-proxy.8,v 1.7 2001/09/05 20:40:10 beck Exp $
 .\"
 .\" Copyright (c) 1996-2001
 .\"	Obtuse Systems Corporation, All rights reserved.
@@ -61,17 +61,18 @@ The proxy will allow connections to log in to other sites as the user
 "ftp" or "anonymous" only.
 Any attempt to log in as another user will be blocked by the proxy.
 .It Fl g Ar groupname
-specify the named group to drop group priviledges to, after doing pf lookups
+specify the named group to drop group privileges to, after doing pf lookups
 which require root.
 By default
 .Nm ftp-proxy
-uses the default group of the user it drops priviledge to.
+uses the default group of the user it drops privilege to.
 .It Fl u Ar username
-specify the named user to drop priviledge to, after doing pf lookups
-which require root priviledge.
+specify the named user to drop privilege to, after doing pf lookups
+which require root privilege.
 By default
 .Nm ftp-proxy
-does not drop priviledge and runs as root.
+drops privilege to the user
+.Em proxy .
 .Pp 
 Running as root means that the source of data connections the proxy makes
 for PORT and EPRT will be the RFC mandated port 20.
diff --git a/libexec/ftp-proxy/ftp-proxy.c b/libexec/ftp-proxy/ftp-proxy.c
index 887d23403a6..d815cd9a4d9 100644
--- a/libexec/ftp-proxy/ftp-proxy.c
+++ b/libexec/ftp-proxy/ftp-proxy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ftp-proxy.c,v 1.14 2001/08/28 19:57:29 beck Exp $ */
+/*	$OpenBSD: ftp-proxy.c,v 1.15 2001/09/05 20:40:10 beck Exp $ */
 
 /*
  * Copyright (c) 1996-2001
@@ -141,7 +141,8 @@ char ClientName[NI_MAXHOST];
 char RealServerName[NI_MAXHOST];
 char OurName[NI_MAXHOST];
 
-char *User, *Group;
+char *User = "proxy";
+char *Group;
 
 extern int Debug_Level;
 extern int Use_Rdns;
@@ -202,7 +203,7 @@ drop_privs()
 	if (User != NULL) {
 		pw = getpwnam(User);
 		if (pw == NULL) {
-			syslog(LOG_ERR, "can't find user %s (%m)", User);
+			syslog(LOG_ERR, "can't find user %s", User);
 			exit(EX_USAGE);
 		}
 		uid = pw->pw_uid;
@@ -212,7 +213,7 @@ drop_privs()
 	if (Group != NULL) {
 		gr = getgrnam(User);
 		if (gr == NULL) {
-			syslog(LOG_ERR, "can't find group %s (%m)", Group);
+			syslog(LOG_ERR, "can't find group %s", Group);
 			exit(EX_USAGE);
 		}
 		gid = gr->gr_gid;
@@ -731,7 +732,7 @@ out:
 
 		/*
 		 * If we aren't in NAT mode, deal with EPSV.
-		 * EPSV is a problem - Unliks PASV, the reply from the
+		 * EPSV is a problem - Unlike PASV, the reply from the
 		 * server contains *only* a port, we can't modify the reply
 		 * to the client and get the client to connect to us without
 		 * resorting to using a dynamic rdr rule we have to add in
diff --git a/libexec/ftp-proxy/util.c b/libexec/ftp-proxy/util.c
index 976150cb5b7..8c55b1d9c6d 100644
--- a/libexec/ftp-proxy/util.c
+++ b/libexec/ftp-proxy/util.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: util.c,v 1.4 2001/09/05 12:42:31 dhartmei Exp $ */
+/*	$OpenBSD: util.c,v 1.5 2001/09/05 20:40:10 beck Exp $ */
 
 /*
  * Copyright (c) 1996-2001
@@ -69,6 +69,7 @@ debuglog(int debug_level, const char *fmt, ...)
 
 	if (Debug_Level >= debug_level)
 		vsyslog(LOG_DEBUG, fmt, ap);
+	va_end(ap);
 }
 
 int