--- libexec/ftpd/ftpd.orig	Wed Dec 24 08:07:22 2003
+++ libexec/ftpd/ftpd.c	Wed Dec 24 08:14:42 2003
@@ -994,6 +994,9 @@
 static int login_attempts;	/* number of failed login attempts */
 static int askpasswd;		/* had user command, ask for passwd */
 static char curname[MAXLOGNAME];	/* current USER name */
+#ifdef	LOGIN_CAP
+static login_cap_t *lc; /* login_cap for current user */
+#endif
 
 /*
  * USER command.
@@ -1057,7 +1060,14 @@
 				break;
 		endusershell();
 
-		if (cp == NULL || checkuser(_PATH_FTPUSERS, name, 1, NULL)) {
+#ifdef LOGIN_CAP
+		lc = login_getpwclass(pw);
+#endif
+		if (cp == NULL || checkuser(_PATH_FTPUSERS, name, 1, NULL) 
+#ifdef LOGIN_CAP
+				|| lc == NULL  || !login_getcapbool(lc,"ftp-enabled",0)
+#endif
+		) {
 			reply(530, "User %s access denied.", name);
 			if (logging)
 				syslog(LOG_NOTICE,
@@ -1333,9 +1343,6 @@
 {
 	int rval;
 	FILE *fd;
-#ifdef	LOGIN_CAP
-	login_cap_t *lc = NULL;
-#endif
 	char *chrootdir;
 	char *residue = NULL;
 
@@ -1405,7 +1412,7 @@
 	/* May be overridden by login.conf */
 	(void) umask(defumask);
 #ifdef	LOGIN_CAP
-	if ((lc = login_getpwclass(pw)) != NULL) {
+	if (lc != NULL) {
 		char	remote_ip[MAXHOSTNAMELEN];
 
 		getnameinfo((struct sockaddr *)&his_addr, his_addr.su_len,