--- src/ftpd.c.orig	Tue Apr  5 03:22:01 2005
+++ src/ftpd.c	Tue Apr  5 04:10:13 2005
@@ -447,7 +447,6 @@
 #ifdef OPIE
 #include <opie.h>
 int pwok = 0;
-int af_pwok = 0;
 struct opie opiestate;
 #endif
 
@@ -1219,10 +1218,6 @@
 	exit(0);
     }
 
-#ifdef OPIE
-    af_pwok = opieaccessfile(remotehost);
-#endif
-
 #ifdef HAVE_LIBRESOLV
     /* check permitted access based on remote host DNS information */
     if (!check_reverse_dns()) {
@@ -1662,9 +1657,9 @@
     /* Display s/key challenge where appropriate. */
 
     if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
-	sprintf(buf, "Password required for %s.", name);
+	snprintf(buf, sizeof(buf)-1, "Password required for %s.", name);
     else
-	sprintf(buf, "%s %s for %s.", sbuf,
+	snprintf(buf, sizeof(buf)-1, "%s %s for %s.", sbuf,
 		pwok ? "allowed" : "required", name);
     return (buf);
 }
@@ -2105,16 +2100,17 @@
 #ifdef OPIE
 	{
 	    char prompt[OPIE_CHALLENGE_MAX + 1];
-	    opiechallenge(&opiestate, name, prompt);
 
-	    if (askpasswd == -1) {
-		syslog(LOG_WARNING, "Invalid FTP user name %s attempted from %s", name, remotehost);
-		pwok = 0;
+	    if (opiechallenge(&opiestate, name, prompt) == 0) {
+		pwok = (pw != NULL) &&
+		       opieaccessfile(remotehost) &&
+		       opiealways(pw->pw_dir);
+		reply(331, "Response to %s %s for %s.",
+		      prompt, pwok ? "requested" : "required", name);
+	    } else {
+		pwok = 1;
+		reply(331, "Password required for %s.", name);
 	    }
-	    else
-		pwok = af_pwok && opiealways(pw->pw_dir);
-	    reply(331, "Response to %s %s for %s.",
-		  prompt, pwok ? "requested" : "required", name);
 	}
 #else
 	reply(331, "Password required for %s.", name);
@@ -2593,8 +2589,8 @@
 	    if (pw == NULL)
 		salt = "xx";
 	    else
-#ifndef OPIE
 		salt = pw->pw_passwd;
+#ifndef OPIE
 #ifdef SECUREOSF
 	    if ((pr = getprpwnam(pw->pw_name)) != NULL) {
 		if (pr->uflg.fg_newcrypt)
@@ -2627,9 +2623,15 @@
 	    xpasswd = crypt(passwd, salt);
 #endif /* SKEY */
 #else /* OPIE */
-	    if (!opieverify(&opiestate, passwd))
-		rval = 0;
-	    xpasswd = crypt(passwd, pw->pw_passwd);
+	    if (pw != NULL) {
+		if (opieverify(&opiestate, passwd) == 0)
+		    xpasswd = pw->pw_passwd;
+		else if (pwok)
+		    xpasswd = crypt(passwd, salt);
+		else
+		    pw = NULL;
+	    }
+	    pwok = 0;
 #endif /* OPIE */
 #ifdef ULTRIX_AUTH
 	    if ((numfails = ultrix_check_pass(passwd, xpasswd)) >= 0) {
@@ -3189,7 +3191,7 @@
 		  pw->pw_name, pw->pw_dir);
 	    goto bad;
 #else
-	    if (chdir("/") < 0) {
+	    if (restricted_user || chdir("/") < 0) {
 #ifdef VERBOSE_ERROR_LOGING
 		syslog(LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for %s, %s",
 		       remoteident, pw->pw_name);
@@ -7469,6 +7471,8 @@
 	    in++;
 	    if (*in == '/')
 		in++;
+	    else
+		out++;
 	}
 	else if ((in[0] == '.') && (in[1] == '.') && ((in[2] == '/') || (in[2] == '\0'))) {
 	    if (out == path) {
@@ -7497,6 +7501,9 @@
 	}
 	else {
 	    do
+	      if ((in[0] == '*') && (in[1] == '*'))
+		in++;
+	      else
 		*out++ = *in++;
 	    while ((*in != '\0') && (*in != '/'));
 	    if (*in == '/')