add user name and password?

[oz123]

Some (bad) clients can't work with FTP without user:pass combination.
But sometimes we must use them. Is there a change that this can be added to uftpd?

[troglobit]

Any user:pass combo is allowed, e.g. anonymous:a@b, but there is no per-user specific authentication. I have no personal interest in adding this to uftpd, since the major reason for its existence is to serve FTP read-only on a LAN.

However, if someone has a good idea and is willing to implement/debug/test it thoroughly I will consider the PR.

[oz123]

Maybe q as hione can add simple pam support (with compile option)?

[troglobit]

It's very tricky to get right, even if you use libpam, and opens up for a lot of potential security bugs. Having a compile time option (configure) to disable/enable is only one strong requirement from my side.

I'd prefer not to do it at all and instead recommend folks to use vsftpd for such use-cases, but like I said, if someone has a good PR I'll consider it.

[oz123]

It's been a terrible long time, but I am feeling more comfortable with C. So I might give it a shot soon.
If someone feels like tackling this, here is where I would start:

uftpd/src/ftpcmd.c

Line 262 in 011d652

static int check_user_pass(ctrl_t *ctrl)

One could implement httaccess file for access, it's a well known format and IMHO easier to use than libpam.
90% of the code for this can be taken from apache2 own code for managing the file. Specifically, look at how the flag -v works:

https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/support/htpasswd.c?view=markup