--- ftpd.c.orig	Tue Apr 10 16:06:31 2001
+++ ftpd.c	Tue Apr 10 16:52:55 2001
@@ -169,6 +169,7 @@
 
 int	data;
 jmp_buf	urgcatch;
+int	Bflag;
 int	sflag;
 int	stru;			/* avoid C keyword */
 int	mode;
@@ -181,6 +182,7 @@
 int	mapped;			/* IPv4 connection on AF_INET6 socket */
 off_t	file_size;
 off_t	byte_count;
+char	*class;
 static char ttyline[20];
 static struct utmp utmp;	/* for utmp */
 
@@ -246,6 +248,7 @@
 	debug = 0;
 	logging = 0;
 	pdata = -1;
+	Bflag = 0;
 	sflag = 0;
 	dataport = 0;
 	dopidfile = 1;		/* default: DO use a pid file to count users */
@@ -260,6 +263,7 @@
 	homedir[0] = '\0';
 	gidcount = 0;
 	version = FTPD_VERSION;
+	class = NULL;
 
 	/*
 	 * LOG_NDELAY sets up the logging connection immediately,
@@ -267,13 +271,17 @@
 	 */
 	openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
 
-	while ((ch = getopt(argc, argv, "a:c:C:de:h:HlP:qQrst:T:uUvV:wWX"))
+	while ((ch = getopt(argc, argv, "a:Bc:C:de:h:HlP:qQrst:T:uUvV:wWX"))
 	    != -1) {
 		switch (ch) {
 		case 'a':
 			anondir = optarg;
 			break;
 
+		case 'B':
+			Bflag = 1;
+			break;
+
 		case 'c':
 			confdir = optarg;
 			break;
@@ -624,6 +632,20 @@
 		return;
 	}
 
+/*
+ * If ran with -B, check whether user would be granted access
+ * under the ftpusers(5) restrictions BEFORE asking for password.
+ */
+	if (Bflag &&
+            ! checkuser(_PATH_FTPUSERS, name, 1, 0, &class)) {
+		reply(530, "User %s may not use FTP.", name);
+		if (logging)
+			syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",
+			    remotehost, name);
+		end_login();
+		return;
+	}
+
 	pw = sgetpwnam(name);
 	if (logging)
 		strlcpy(curname, name, sizeof(curname));
@@ -834,9 +856,8 @@
 {
 	int		 rval;
 	const char	*cp, *shell;
-	char		*class, root[MAXPATHLEN];
+	char		root[MAXPATHLEN];
 
-	class = NULL;
 	if (logged_in || askpasswd == 0) {
 		reply(503, "Login with USER first.");
 		return;
@@ -908,7 +929,8 @@
 	}
 
 			/* password ok; see if anything else prevents login */
-	if (! checkuser(_PATH_FTPUSERS, pw->pw_name, 1, 0, &class)) {
+	if (! Bflag &&
+            ! checkuser(_PATH_FTPUSERS, pw->pw_name, 1, 0, &class)) {
 		reply(530, "User %s may not use FTP.", pw->pw_name);
 		if (logging)
 			syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",