2000-07-26 17:53:33 +04:00
|
|
|
/* $NetBSD: ftpd.c,v 1.102 2000/07/26 13:53:34 lukem Exp $ */
|
1999-07-02 09:52:14 +04:00
|
|
|
|
|
|
|
/*
|
2000-01-08 14:09:56 +03:00
|
|
|
* Copyright (c) 1997-2000 The NetBSD Foundation, Inc.
|
1999-07-02 09:52:14 +04:00
|
|
|
* All rights reserved.
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
*
|
|
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
* by Luke Mewburn.
|
|
|
|
*
|
1999-07-02 09:52:14 +04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by the NetBSD
|
|
|
|
* Foundation, Inc. and its contributors.
|
|
|
|
* 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
|
|
* contributors may be used to endorse or promote products derived
|
|
|
|
* from this software without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
1999-07-02 09:52:14 +04:00
|
|
|
*/
|
1995-04-11 06:44:45 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
1994-06-29 05:49:37 +04:00
|
|
|
* Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
1993-03-21 12:45:37 +03:00
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by the University of
|
|
|
|
* California, Berkeley and its contributors.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
1999-05-17 19:14:53 +04:00
|
|
|
/*
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
* Copyright (C) 1997 and 1998 WIDE Project.
|
1999-05-17 19:14:53 +04:00
|
|
|
* All rights reserved.
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
*
|
1999-05-17 19:14:53 +04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
1999-05-17 19:14:53 +04:00
|
|
|
*/
|
|
|
|
|
1997-06-18 23:05:46 +04:00
|
|
|
#include <sys/cdefs.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
#ifndef lint
|
1997-06-18 23:05:46 +04:00
|
|
|
__COPYRIGHT(
|
1994-06-29 05:49:37 +04:00
|
|
|
"@(#) Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994\n\
|
1997-06-18 23:05:46 +04:00
|
|
|
The Regents of the University of California. All rights reserved.\n");
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif /* not lint */
|
|
|
|
|
|
|
|
#ifndef lint
|
1995-04-11 06:44:45 +04:00
|
|
|
#if 0
|
1997-03-29 00:55:41 +03:00
|
|
|
static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95";
|
1995-04-11 06:44:45 +04:00
|
|
|
#else
|
2000-07-26 17:53:33 +04:00
|
|
|
__RCSID("$NetBSD: ftpd.c,v 1.102 2000/07/26 13:53:34 lukem Exp $");
|
1995-04-11 06:44:45 +04:00
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif /* not lint */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* FTP server.
|
|
|
|
*/
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/wait.h>
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/in_systm.h>
|
|
|
|
#include <netinet/ip.h>
|
|
|
|
|
|
|
|
#define FTP_NAMES
|
|
|
|
#include <arpa/ftp.h>
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <arpa/telnet.h>
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <ctype.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
#include <dirent.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <err.h>
|
|
|
|
#include <errno.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
#include <fcntl.h>
|
1997-04-29 08:00:39 +04:00
|
|
|
#include <fnmatch.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <glob.h>
|
1999-12-21 15:56:15 +03:00
|
|
|
#include <grp.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <limits.h>
|
|
|
|
#include <netdb.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
#include <pwd.h>
|
|
|
|
#include <setjmp.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <signal.h>
|
2000-06-14 17:44:21 +04:00
|
|
|
#include <stdarg.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <syslog.h>
|
|
|
|
#include <time.h>
|
|
|
|
#include <unistd.h>
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
#include <util.h>
|
1999-12-18 08:51:34 +03:00
|
|
|
#include <utmp.h>
|
1997-06-18 23:05:46 +04:00
|
|
|
#ifdef SKEY
|
|
|
|
#include <skey.h>
|
|
|
|
#endif
|
1997-10-12 18:04:36 +04:00
|
|
|
#ifdef KERBEROS5
|
2000-02-14 06:26:06 +03:00
|
|
|
#include <com_err.h>
|
1999-08-25 20:23:52 +04:00
|
|
|
#include <krb5/krb5.h>
|
1997-10-12 18:04:36 +04:00
|
|
|
#endif
|
1994-06-29 05:49:37 +04:00
|
|
|
|
2000-01-13 01:39:27 +03:00
|
|
|
#define GLOBAL
|
1994-06-29 05:49:37 +04:00
|
|
|
#include "extern.h"
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
#include "pathnames.h"
|
1999-12-18 08:51:34 +03:00
|
|
|
#include "version.h"
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
int data;
|
2000-03-05 09:12:19 +03:00
|
|
|
jmp_buf urgcatch;
|
1993-03-21 12:45:37 +03:00
|
|
|
struct passwd *pw;
|
1998-06-26 21:41:38 +04:00
|
|
|
int sflag;
|
1993-03-21 12:45:37 +03:00
|
|
|
int stru; /* avoid C keyword */
|
|
|
|
int mode;
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
int doutmp; /* update utmp file */
|
2000-07-26 17:53:33 +04:00
|
|
|
int dowtmp; /* update wtmp file */
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
int dropprivs; /* if privileges should or have been dropped */
|
|
|
|
int mapped; /* IPv4 connection on AF_INET6 socket */
|
1993-03-21 12:45:37 +03:00
|
|
|
off_t file_size;
|
|
|
|
off_t byte_count;
|
1995-04-11 06:44:45 +04:00
|
|
|
static char ttyline[20];
|
1999-12-18 08:51:34 +03:00
|
|
|
static struct utmp utmp; /* for utmp */
|
1998-09-06 14:39:40 +04:00
|
|
|
|
1997-05-24 02:09:48 +04:00
|
|
|
static char *anondir = NULL;
|
1997-09-23 17:56:39 +04:00
|
|
|
static char confdir[MAXPATHLEN];
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
1997-10-12 18:04:36 +04:00
|
|
|
#if defined(KERBEROS) || defined(KERBEROS5)
|
2000-06-02 04:19:04 +04:00
|
|
|
int has_ccache = 0;
|
1995-04-11 06:44:45 +04:00
|
|
|
int notickets = 1;
|
|
|
|
char *krbtkfile_env = NULL;
|
2000-06-02 04:19:04 +04:00
|
|
|
char *tty = ttyline;
|
2000-06-02 18:47:19 +04:00
|
|
|
int login_krb5_forwardable_tgt = 0;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
#endif
|
1994-03-30 06:49:15 +04:00
|
|
|
|
1999-07-02 09:52:14 +04:00
|
|
|
int epsvall = 0;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Timeout intervals for retrying connections
|
|
|
|
* to hosts that don't accept PORT cmds. This
|
|
|
|
* is a kludge, but given the problems with TCP...
|
|
|
|
*/
|
|
|
|
#define SWAITMAX 90 /* wait at most 90 seconds */
|
|
|
|
#define SWAITINT 5 /* interval between retries */
|
|
|
|
|
|
|
|
int swaitmax = SWAITMAX;
|
|
|
|
int swaitint = SWAITINT;
|
|
|
|
|
2000-05-20 06:20:18 +04:00
|
|
|
static int bind_pasv_addr(void);
|
|
|
|
static int checkuser(const char *, const char *, int, int, char **);
|
|
|
|
static int checkaccess(const char *);
|
|
|
|
static void dolog(struct sockaddr *);
|
|
|
|
static void end_login(void);
|
|
|
|
static FILE *getdatasock(const char *);
|
|
|
|
static char *gunique(const char *);
|
|
|
|
static void lostconn(int);
|
|
|
|
static void myoob(int);
|
|
|
|
static int receive_data(FILE *, FILE *);
|
|
|
|
static int send_data(FILE *, FILE *, off_t, int);
|
|
|
|
static struct passwd *sgetpwnam(const char *);
|
|
|
|
|
|
|
|
int main(int, char *[]);
|
1997-06-18 23:05:46 +04:00
|
|
|
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS)
|
2000-05-20 06:20:18 +04:00
|
|
|
int klogin(struct passwd *, char *, char *, char *);
|
|
|
|
void kdestroy(void);
|
1997-06-21 08:38:54 +04:00
|
|
|
#endif
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS5)
|
|
|
|
int k5login(struct passwd *, char *, char *, char *);
|
|
|
|
void k5destroy(void);
|
|
|
|
#endif
|
1999-05-18 12:14:17 +04:00
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
int
|
2000-05-20 06:20:18 +04:00
|
|
|
main(int argc, char *argv[])
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-12-16 05:21:37 +03:00
|
|
|
int addrlen, ch, on = 1, tos, keepalive;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
#ifdef KERBEROS5
|
1999-12-16 05:21:37 +03:00
|
|
|
krb5_error_code kerror;
|
1997-10-12 18:04:36 +04:00
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-03-05 09:12:19 +03:00
|
|
|
connections = 1;
|
1993-03-21 12:45:37 +03:00
|
|
|
debug = 0;
|
1997-09-23 18:25:30 +04:00
|
|
|
logging = 0;
|
2000-03-05 09:12:19 +03:00
|
|
|
pdata = -1;
|
1998-06-26 21:41:38 +04:00
|
|
|
sflag = 0;
|
2000-07-26 17:53:33 +04:00
|
|
|
doutmp = 0; /* default: don't log to utmp */
|
|
|
|
dowtmp = 1; /* default: DO log to wtmp */
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
dropprivs = 0;
|
|
|
|
mapped = 0;
|
2000-03-05 09:12:19 +03:00
|
|
|
usedefault = 1;
|
1997-09-23 17:56:39 +04:00
|
|
|
(void)strcpy(confdir, _DEFAULT_CONFDIR);
|
1999-12-19 03:09:31 +03:00
|
|
|
hostname[0] = '\0';
|
2000-07-17 06:30:52 +04:00
|
|
|
homedir[0] = '\0';
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
gidcount = 0;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
version = FTPD_VERSION;
|
2000-07-26 17:53:33 +04:00
|
|
|
while ((ch = getopt(argc, argv, "a:c:C:dh:Hlrst:T:u:UvV:W")) != -1) {
|
1994-06-29 05:49:37 +04:00
|
|
|
switch (ch) {
|
1997-05-24 02:09:48 +04:00
|
|
|
case 'a':
|
|
|
|
anondir = optarg;
|
|
|
|
break;
|
|
|
|
|
1997-09-23 17:56:39 +04:00
|
|
|
case 'c':
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
(void)strlcpy(confdir, optarg, sizeof(confdir));
|
1997-09-23 17:56:39 +04:00
|
|
|
break;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
1997-09-23 18:25:30 +04:00
|
|
|
case 'C':
|
1999-12-21 15:56:15 +03:00
|
|
|
pw = sgetpwnam(optarg);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
exit(checkaccess(optarg) ? 0 : 1);
|
1997-09-23 18:25:30 +04:00
|
|
|
/* NOTREACHED */
|
1997-09-23 17:56:39 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
case 'd':
|
1997-05-24 02:09:48 +04:00
|
|
|
case 'v': /* deprecated */
|
1993-03-21 12:45:37 +03:00
|
|
|
debug = 1;
|
|
|
|
break;
|
|
|
|
|
1999-12-19 03:09:31 +03:00
|
|
|
case 'h':
|
|
|
|
strlcpy(hostname, optarg, sizeof(hostname));
|
|
|
|
break;
|
|
|
|
|
2000-07-15 07:45:19 +04:00
|
|
|
case 'H':
|
|
|
|
if (gethostname(hostname, sizeof(hostname)) == -1)
|
|
|
|
hostname[0] = '\0';
|
|
|
|
hostname[sizeof(hostname) - 1] = '\0';
|
|
|
|
break;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
case 'l':
|
1994-06-29 05:49:37 +04:00
|
|
|
logging++; /* > 1 == extra logging */
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
case 'r':
|
|
|
|
dropprivs = 1;
|
|
|
|
break;
|
|
|
|
|
1998-06-26 21:41:38 +04:00
|
|
|
case 's':
|
|
|
|
sflag = 1;
|
|
|
|
break;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
case 't':
|
|
|
|
case 'T':
|
|
|
|
case 'u':
|
1997-08-26 17:10:39 +04:00
|
|
|
warnx("-%c has been deprecated in favour of ftpd.conf",
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
ch);
|
1994-06-29 05:49:37 +04:00
|
|
|
break;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-12-18 08:51:34 +03:00
|
|
|
case 'U':
|
|
|
|
doutmp = 1;
|
|
|
|
break;
|
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
case 'V':
|
|
|
|
if (EMPTYSTR(optarg) || strcmp(optarg, "-") == 0)
|
|
|
|
version = NULL;
|
|
|
|
else
|
|
|
|
version = xstrdup(optarg);
|
|
|
|
break;
|
|
|
|
|
2000-07-26 17:53:33 +04:00
|
|
|
case 'W':
|
|
|
|
dowtmp = 0;
|
|
|
|
break;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
default:
|
1997-09-23 18:25:30 +04:00
|
|
|
if (optopt == 'a' || optopt == 'C')
|
|
|
|
exit(1);
|
1994-06-29 05:49:37 +04:00
|
|
|
warnx("unknown flag -%c ignored", optopt);
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
1997-09-23 18:25:30 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* LOG_NDELAY sets up the logging connection immediately,
|
|
|
|
* necessary for anonymous ftp's that chroot and can't do it later.
|
|
|
|
*/
|
1999-12-18 09:33:54 +03:00
|
|
|
openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
|
1999-07-02 09:52:14 +04:00
|
|
|
addrlen = sizeof(his_addr); /* xxx */
|
1997-09-23 18:25:30 +04:00
|
|
|
if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
|
|
|
|
syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
|
|
|
|
exit(1);
|
|
|
|
}
|
1999-07-27 19:41:49 +04:00
|
|
|
addrlen = sizeof(ctrl_addr);
|
|
|
|
if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) {
|
|
|
|
syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
|
|
|
|
exit(1);
|
|
|
|
}
|
1999-07-02 09:52:14 +04:00
|
|
|
if (his_addr.su_family == AF_INET6
|
|
|
|
&& IN6_IS_ADDR_V4MAPPED(&his_addr.su_sin6.sin6_addr)) {
|
1999-07-27 19:41:49 +04:00
|
|
|
#if 1
|
|
|
|
/*
|
|
|
|
* IPv4 control connection arrived to AF_INET6 socket.
|
|
|
|
* I hate to do this, but this is the easiest solution.
|
2000-05-30 09:31:31 +04:00
|
|
|
*
|
|
|
|
* The assumption is untrue on SIIT environment.
|
1999-07-27 19:41:49 +04:00
|
|
|
*/
|
|
|
|
union sockunion tmp_addr;
|
1999-12-13 07:36:10 +03:00
|
|
|
const int off = sizeof(struct in6_addr) - sizeof(struct in_addr);
|
1999-07-27 19:41:49 +04:00
|
|
|
|
|
|
|
tmp_addr = his_addr;
|
|
|
|
memset(&his_addr, 0, sizeof(his_addr));
|
|
|
|
his_addr.su_sin.sin_family = AF_INET;
|
|
|
|
his_addr.su_sin.sin_len = sizeof(his_addr.su_sin);
|
|
|
|
memcpy(&his_addr.su_sin.sin_addr,
|
1999-12-13 07:36:10 +03:00
|
|
|
&tmp_addr.su_sin6.sin6_addr.s6_addr[off],
|
1999-07-27 19:41:49 +04:00
|
|
|
sizeof(his_addr.su_sin.sin_addr));
|
|
|
|
his_addr.su_sin.sin_port = tmp_addr.su_sin6.sin6_port;
|
|
|
|
|
|
|
|
tmp_addr = ctrl_addr;
|
|
|
|
memset(&ctrl_addr, 0, sizeof(ctrl_addr));
|
|
|
|
ctrl_addr.su_sin.sin_family = AF_INET;
|
|
|
|
ctrl_addr.su_sin.sin_len = sizeof(ctrl_addr.su_sin);
|
|
|
|
memcpy(&ctrl_addr.su_sin.sin_addr,
|
1999-12-13 07:36:10 +03:00
|
|
|
&tmp_addr.su_sin6.sin6_addr.s6_addr[off],
|
1999-07-27 19:41:49 +04:00
|
|
|
sizeof(ctrl_addr.su_sin.sin_addr));
|
|
|
|
ctrl_addr.su_sin.sin_port = tmp_addr.su_sin6.sin6_port;
|
|
|
|
#else
|
1999-07-02 09:52:14 +04:00
|
|
|
while (fgets(line, sizeof(line), fd) != NULL) {
|
|
|
|
if ((cp = strchr(line, '\n')) != NULL)
|
|
|
|
*cp = '\0';
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-530, "%s", line);
|
1999-07-02 09:52:14 +04:00
|
|
|
}
|
|
|
|
(void) fflush(stdout);
|
|
|
|
(void) fclose(fd);
|
|
|
|
reply(530,
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
"Connection from IPv4 mapped address is not supported.");
|
1999-07-02 09:52:14 +04:00
|
|
|
exit(0);
|
1999-07-27 19:41:49 +04:00
|
|
|
#endif
|
1999-12-13 19:30:37 +03:00
|
|
|
|
|
|
|
mapped = 1;
|
|
|
|
} else
|
|
|
|
mapped = 0;
|
1997-09-23 18:25:30 +04:00
|
|
|
#ifdef IP_TOS
|
1999-12-13 19:30:37 +03:00
|
|
|
if (!mapped && his_addr.su_family == AF_INET) {
|
1999-07-02 09:52:14 +04:00
|
|
|
tos = IPTOS_LOWDELAY;
|
|
|
|
if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&tos,
|
|
|
|
sizeof(int)) < 0)
|
|
|
|
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
|
|
|
|
}
|
1997-09-23 18:25:30 +04:00
|
|
|
#endif
|
1999-12-19 03:09:31 +03:00
|
|
|
/* if the hostname hasn't been given, attempt to determine it */
|
|
|
|
if (hostname[0] == '\0') {
|
|
|
|
if (getnameinfo((struct sockaddr *)&ctrl_addr, ctrl_addr.su_len,
|
|
|
|
hostname, sizeof(hostname), NULL, 0, 0) != 0)
|
|
|
|
(void)gethostname(hostname, sizeof(hostname));
|
|
|
|
hostname[sizeof(hostname) - 1] = '\0';
|
|
|
|
}
|
1999-12-18 09:33:54 +03:00
|
|
|
|
1997-09-23 18:25:30 +04:00
|
|
|
/* set this here so klogin can use it... */
|
|
|
|
(void)snprintf(ttyline, sizeof(ttyline), "ftp%d", getpid());
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) freopen(_PATH_DEVNULL, "w", stderr);
|
|
|
|
(void) signal(SIGPIPE, lostconn);
|
|
|
|
(void) signal(SIGCHLD, SIG_IGN);
|
1999-12-18 08:51:34 +03:00
|
|
|
if (signal(SIGURG, myoob) == SIG_ERR)
|
1993-03-21 12:45:37 +03:00
|
|
|
syslog(LOG_ERR, "signal: %m");
|
|
|
|
|
|
|
|
/* Try to handle urgent data inline */
|
|
|
|
#ifdef SO_OOBINLINE
|
|
|
|
if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on)) < 0)
|
|
|
|
syslog(LOG_ERR, "setsockopt: %m");
|
|
|
|
#endif
|
1999-06-05 17:49:53 +04:00
|
|
|
/* Set keepalives on the socket to detect dropped connections. */
|
|
|
|
#ifdef SO_KEEPALIVE
|
|
|
|
keepalive = 1;
|
|
|
|
if (setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&keepalive,
|
|
|
|
sizeof(int)) < 0)
|
|
|
|
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
#ifdef F_SETOWN
|
|
|
|
if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
|
|
|
|
syslog(LOG_ERR, "fcntl F_SETOWN: %m");
|
|
|
|
#endif
|
1999-07-02 09:52:14 +04:00
|
|
|
dolog((struct sockaddr *)&his_addr);
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Set up default state
|
|
|
|
*/
|
|
|
|
data = -1;
|
|
|
|
type = TYPE_A;
|
|
|
|
form = FORM_N;
|
|
|
|
stru = STRU_F;
|
|
|
|
mode = MODE_S;
|
|
|
|
tmpline[0] = '\0';
|
1998-09-06 14:39:40 +04:00
|
|
|
hasyyerrored = 0;
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1997-10-12 18:04:36 +04:00
|
|
|
#ifdef KERBEROS5
|
|
|
|
kerror = krb5_init_context(&kcontext);
|
|
|
|
if (kerror) {
|
|
|
|
syslog(LOG_NOTICE, "%s when initializing Kerberos context",
|
|
|
|
error_message(kerror));
|
|
|
|
exit(0);
|
|
|
|
}
|
1998-02-01 17:10:22 +03:00
|
|
|
#endif /* KERBEROS5 */
|
1997-10-12 18:04:36 +04:00
|
|
|
|
2000-01-08 14:09:56 +03:00
|
|
|
init_curclass();
|
|
|
|
curclass.timeout = 300; /* 5 minutes, as per login(1) */
|
|
|
|
curclass.type = CLASS_REAL;
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
/* If logins are disabled, print out the message. */
|
2000-07-17 06:30:52 +04:00
|
|
|
if (display_file(_PATH_NOLOGIN, 530)) {
|
1994-06-29 05:49:37 +04:00
|
|
|
reply(530, "System not available.");
|
|
|
|
exit(0);
|
|
|
|
}
|
2000-07-17 06:30:52 +04:00
|
|
|
(void)display_file(conffilename(_PATH_FTPWELCOME), 220);
|
1994-06-29 05:49:37 +04:00
|
|
|
/* reply(220,) must follow */
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (EMPTYSTR(version))
|
|
|
|
reply(220, "%s FTP server ready.", hostname);
|
|
|
|
else
|
|
|
|
reply(220, "%s FTP server (%s) ready.", hostname, version);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
1998-09-06 14:39:40 +04:00
|
|
|
(void) setjmp(errcatch);
|
1993-03-21 12:45:37 +03:00
|
|
|
for (;;)
|
|
|
|
(void) yyparse();
|
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
static void
|
2000-05-20 06:20:18 +04:00
|
|
|
lostconn(int signo)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if (debug)
|
|
|
|
syslog(LOG_DEBUG, "lost connection");
|
1997-09-23 18:25:30 +04:00
|
|
|
dologout(1);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Save the result of a getpwnam. Used for USER command, since
|
|
|
|
* the data returned must not be clobbered by any other command
|
|
|
|
* (e.g., globbing).
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
static struct passwd *
|
2000-05-20 06:20:18 +04:00
|
|
|
sgetpwnam(const char *name)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
static struct passwd save;
|
1994-06-29 05:49:37 +04:00
|
|
|
struct passwd *p;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
if ((p = getpwnam(name)) == NULL)
|
|
|
|
return (p);
|
|
|
|
if (save.pw_name) {
|
1998-07-27 05:45:09 +04:00
|
|
|
free((char *)save.pw_name);
|
1999-12-18 08:51:34 +03:00
|
|
|
memset(save.pw_passwd, 0, strlen(save.pw_passwd));
|
1998-07-27 05:45:09 +04:00
|
|
|
free((char *)save.pw_passwd);
|
|
|
|
free((char *)save.pw_gecos);
|
|
|
|
free((char *)save.pw_dir);
|
|
|
|
free((char *)save.pw_shell);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
save = *p;
|
1998-09-07 12:11:20 +04:00
|
|
|
save.pw_name = xstrdup(p->pw_name);
|
|
|
|
save.pw_passwd = xstrdup(p->pw_passwd);
|
|
|
|
save.pw_gecos = xstrdup(p->pw_gecos);
|
|
|
|
save.pw_dir = xstrdup(p->pw_dir);
|
|
|
|
save.pw_shell = xstrdup(p->pw_shell);
|
1993-03-21 12:45:37 +03:00
|
|
|
return (&save);
|
|
|
|
}
|
|
|
|
|
2000-06-14 17:44:21 +04:00
|
|
|
static int login_attempts; /* number of failed login attempts */
|
|
|
|
static int askpasswd; /* had user command, ask for passwd */
|
|
|
|
static char curname[10]; /* current USER name */
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* USER command.
|
|
|
|
* Sets global passwd pointer pw if named account exists and is acceptable;
|
|
|
|
* sets askpasswd if a PASS command is expected. If logged in previously,
|
|
|
|
* need to reset state. If name is "ftp" or "anonymous", the name is not in
|
|
|
|
* _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return.
|
|
|
|
* If account doesn't exist, ask for passwd anyway. Otherwise, check user
|
|
|
|
* requesting login privileges. Disallow anyone who does not have a standard
|
|
|
|
* shell as returned by getusershell(). Disallow anyone mentioned in the file
|
|
|
|
* _PATH_FTPUSERS to allow people such as root and uucp to be avoided.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
user(const char *name)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
if (logged_in) {
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
switch (curclass.type) {
|
|
|
|
case CLASS_GUEST:
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(530, "Can't change user from guest login.");
|
|
|
|
return;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
case CLASS_CHROOT:
|
1994-04-07 00:49:52 +04:00
|
|
|
reply(530, "Can't change user from chroot user.");
|
|
|
|
return;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
case CLASS_REAL:
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (dropprivs) {
|
|
|
|
reply(530, "Can't change user.");
|
|
|
|
return;
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
end_login();
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
abort();
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS)
|
1997-10-12 18:04:36 +04:00
|
|
|
kdestroy();
|
|
|
|
#endif
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS5)
|
|
|
|
k5destroy();
|
|
|
|
#endif
|
1997-10-12 18:04:36 +04:00
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.type = CLASS_REAL;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
|
1999-12-21 15:56:15 +03:00
|
|
|
/* need `pw' setup for checkaccess() and checkuser () */
|
|
|
|
if ((pw = sgetpwnam("ftp")) == NULL)
|
|
|
|
reply(530, "User %s unknown.", name);
|
2000-01-08 14:09:56 +03:00
|
|
|
else if (! checkaccess("ftp") || ! checkaccess("anonymous"))
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(530, "User %s access denied.", name);
|
1999-12-21 15:56:15 +03:00
|
|
|
else {
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.type = CLASS_GUEST;
|
1993-03-21 12:45:37 +03:00
|
|
|
askpasswd = 1;
|
1994-06-29 05:49:37 +04:00
|
|
|
reply(331,
|
|
|
|
"Guest login ok, type your name as password.");
|
1999-12-21 15:56:15 +03:00
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
if (!askpasswd && logging)
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"ANONYMOUS FTP LOGIN REFUSED FROM %s", remotehost);
|
1993-03-21 12:45:37 +03:00
|
|
|
return;
|
|
|
|
}
|
1997-09-23 17:56:39 +04:00
|
|
|
|
1997-04-06 11:53:10 +04:00
|
|
|
pw = sgetpwnam(name);
|
1994-06-29 05:49:37 +04:00
|
|
|
if (logging)
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
strlcpy(curname, name, sizeof(curname));
|
1997-10-12 17:18:56 +04:00
|
|
|
|
1994-05-24 10:52:17 +04:00
|
|
|
#ifdef SKEY
|
1997-10-12 17:18:56 +04:00
|
|
|
if (skey_haskey(name) == 0) {
|
|
|
|
char *myskey;
|
1994-05-24 10:52:17 +04:00
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
myskey = skey_keyinfo(name);
|
1997-10-12 17:18:56 +04:00
|
|
|
reply(331, "Password [%s] required for %s.",
|
1994-06-29 05:49:37 +04:00
|
|
|
myskey ? myskey : "error getting challenge", name);
|
1994-05-24 10:52:17 +04:00
|
|
|
} else
|
|
|
|
#endif
|
|
|
|
reply(331, "Password required for %s.", name);
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
askpasswd = 1;
|
|
|
|
/*
|
|
|
|
* Delay before reading passwd after first failed
|
|
|
|
* attempt to slow down passwd-guessing programs.
|
|
|
|
*/
|
|
|
|
if (login_attempts)
|
|
|
|
sleep((unsigned) login_attempts);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
1998-09-07 12:11:20 +04:00
|
|
|
* Determine whether something is to happen (allow access, chroot)
|
|
|
|
* for a user. Each line is a shell-style glob followed by
|
|
|
|
* `yes' or `no'.
|
1997-04-06 11:53:10 +04:00
|
|
|
*
|
1998-09-07 12:11:20 +04:00
|
|
|
* For backward compatability, `allow' and `deny' are synonymns
|
|
|
|
* for `yes' and `no', respectively.
|
1997-04-29 08:00:39 +04:00
|
|
|
*
|
1998-09-07 12:11:20 +04:00
|
|
|
* Each glob is matched against the username in turn, and the first
|
|
|
|
* match found is used. If no match is found, the result is the
|
|
|
|
* argument `def'. If a match is found but without and explicit
|
|
|
|
* `yes'/`no', the result is the opposite of def.
|
1997-04-06 11:53:10 +04:00
|
|
|
*
|
1998-09-07 12:11:20 +04:00
|
|
|
* If the file doesn't exist at all, the result is the argument
|
|
|
|
* `nofile'
|
1997-04-06 11:53:10 +04:00
|
|
|
*
|
1998-09-07 12:11:20 +04:00
|
|
|
* Any line starting with `#' is considered a comment and ignored.
|
1997-04-06 11:53:10 +04:00
|
|
|
*
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
* Returns 0 if the user is denied, or 1 if they are allowed.
|
1999-12-21 15:56:15 +03:00
|
|
|
*
|
|
|
|
* NOTE: needs struct passwd *pw setup before use.
|
1997-04-06 11:53:10 +04:00
|
|
|
*/
|
1998-09-07 12:11:20 +04:00
|
|
|
int
|
2000-05-20 06:20:18 +04:00
|
|
|
checkuser(const char *fname, const char *name, int def, int nofile,
|
|
|
|
char **retclass)
|
1997-04-06 11:53:10 +04:00
|
|
|
{
|
1998-09-07 12:11:20 +04:00
|
|
|
FILE *fd;
|
|
|
|
int retval;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
char *glob, *perm, *class, *buf, *p;
|
1999-12-16 05:21:37 +03:00
|
|
|
size_t len, line;
|
1997-04-06 11:53:10 +04:00
|
|
|
|
1998-09-07 12:11:20 +04:00
|
|
|
retval = def;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (retclass != NULL)
|
|
|
|
*retclass = NULL;
|
1998-09-07 12:11:20 +04:00
|
|
|
if ((fd = fopen(conffilename(fname), "r")) == NULL)
|
|
|
|
return nofile;
|
1997-04-06 11:53:10 +04:00
|
|
|
|
1999-12-16 05:21:37 +03:00
|
|
|
line = 0;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
for (;
|
1999-12-16 05:21:37 +03:00
|
|
|
(buf = fparseln(fd, &len, &line, NULL, FPARSELN_UNESCCOMM |
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
FPARSELN_UNESCCONT | FPARSELN_UNESCESC)) != NULL;
|
|
|
|
free(buf), buf = NULL) {
|
|
|
|
glob = perm = class = NULL;
|
|
|
|
p = buf;
|
|
|
|
if (len < 1)
|
1997-04-06 11:53:10 +04:00
|
|
|
continue;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (p[len - 1] == '\n')
|
|
|
|
p[--len] = '\0';
|
|
|
|
if (EMPTYSTR(p))
|
1999-09-30 22:12:34 +04:00
|
|
|
continue;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
|
|
|
NEXTWORD(p, glob);
|
|
|
|
NEXTWORD(p, perm);
|
|
|
|
NEXTWORD(p, class);
|
|
|
|
if (EMPTYSTR(glob))
|
|
|
|
continue;
|
1999-12-16 05:21:37 +03:00
|
|
|
if (!EMPTYSTR(class)) {
|
|
|
|
if (strcasecmp(class, "all") == 0 ||
|
|
|
|
strcasecmp(class, "none") == 0) {
|
|
|
|
syslog(LOG_WARNING,
|
|
|
|
"%s line %d: illegal user-defined class `%s' - skipping entry",
|
|
|
|
fname, (int)line, class);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
|
|
|
/* have a host specifier */
|
|
|
|
if ((p = strchr(glob, '@')) != NULL) {
|
|
|
|
u_int32_t net, mask, addr;
|
|
|
|
int bits;
|
|
|
|
|
|
|
|
*p++ = '\0';
|
|
|
|
/* check against network or CIDR */
|
|
|
|
if (isdigit(*p) &&
|
|
|
|
(bits = inet_net_pton(AF_INET, p,
|
|
|
|
&net, sizeof(net))) != -1) {
|
|
|
|
net = ntohl(net);
|
|
|
|
mask = 0xffffffffU << (32 - bits);
|
|
|
|
addr = ntohl(his_addr.su_sin.sin_addr.s_addr);
|
|
|
|
if ((addr & mask) != net)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* check against hostname glob */
|
|
|
|
} else if (fnmatch(p, remotehost, 0) != 0)
|
|
|
|
continue;
|
1997-04-06 11:53:10 +04:00
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
1999-12-21 15:56:15 +03:00
|
|
|
/* have a group specifier */
|
|
|
|
if ((p = strchr(glob, ':')) != NULL) {
|
|
|
|
gid_t *groups, *ng;
|
|
|
|
int gsize, i, found;
|
|
|
|
|
|
|
|
*p++ = '\0';
|
|
|
|
groups = NULL;
|
|
|
|
gsize = 16;
|
|
|
|
do {
|
|
|
|
ng = realloc(groups, gsize * sizeof(gid_t));
|
|
|
|
if (ng == NULL)
|
|
|
|
fatal(
|
|
|
|
"Local resource failure: realloc");
|
|
|
|
groups = ng;
|
|
|
|
} while (getgrouplist(pw->pw_name, pw->pw_gid,
|
|
|
|
groups, &gsize) == -1);
|
|
|
|
found = 0;
|
|
|
|
for (i = 0; i < gsize; i++) {
|
|
|
|
struct group *g;
|
|
|
|
|
|
|
|
if ((g = getgrgid(groups[i])) == NULL)
|
|
|
|
continue;
|
|
|
|
if (fnmatch(p, g->gr_name, 0) == 0) {
|
|
|
|
found = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
free(groups);
|
|
|
|
if (!found)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
/* check against username glob */
|
|
|
|
if (fnmatch(glob, name, 0) != 0)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (perm != NULL &&
|
|
|
|
((strcasecmp(perm, "allow") == 0) ||
|
|
|
|
(strcasecmp(perm, "yes") == 0)))
|
|
|
|
retval = 1;
|
|
|
|
else if (perm != NULL &&
|
|
|
|
((strcasecmp(perm, "deny") == 0) ||
|
|
|
|
(strcasecmp(perm, "no") == 0)))
|
|
|
|
retval = 0;
|
|
|
|
else
|
|
|
|
retval = !def;
|
|
|
|
if (!EMPTYSTR(class) && retclass != NULL)
|
|
|
|
*retclass = xstrdup(class);
|
|
|
|
free(buf);
|
|
|
|
break;
|
1997-04-06 11:53:10 +04:00
|
|
|
}
|
|
|
|
(void) fclose(fd);
|
1997-04-29 08:00:39 +04:00
|
|
|
return (retval);
|
1997-04-06 11:53:10 +04:00
|
|
|
}
|
1998-09-07 12:11:20 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if user is allowed by /etc/ftpusers
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
* returns 1 for yes, 0 for no
|
1999-12-21 15:56:15 +03:00
|
|
|
*
|
|
|
|
* NOTE: needs struct passwd *pw setup (for checkuser())
|
1998-09-07 12:11:20 +04:00
|
|
|
*/
|
|
|
|
int
|
2000-05-20 06:20:18 +04:00
|
|
|
checkaccess(const char *name)
|
1998-09-07 12:11:20 +04:00
|
|
|
{
|
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
return (checkuser(_PATH_FTPUSERS, name, 1, 0, NULL));
|
1998-09-07 12:11:20 +04:00
|
|
|
}
|
1997-04-06 11:53:10 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Terminate login as previous user, if any, resetting state;
|
|
|
|
* used when USER command is given or login fails.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
static void
|
2000-05-20 06:20:18 +04:00
|
|
|
end_login(void)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
|
1999-12-18 08:51:34 +03:00
|
|
|
if (logged_in) {
|
2000-07-26 17:53:33 +04:00
|
|
|
if (dowtmp)
|
|
|
|
logwtmp(ttyline, "", "");
|
1999-12-18 08:51:34 +03:00
|
|
|
if (doutmp)
|
|
|
|
logout(utmp.ut_line);
|
|
|
|
}
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* reset login state */
|
|
|
|
(void) seteuid((uid_t)0);
|
1993-03-21 12:45:37 +03:00
|
|
|
pw = NULL;
|
|
|
|
logged_in = 0;
|
2000-01-13 03:04:31 +03:00
|
|
|
quietmessages = 0;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
gidcount = 0;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.type = CLASS_REAL;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
pass(const char *passwd)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-12-18 08:51:34 +03:00
|
|
|
int rval;
|
2000-07-17 06:30:52 +04:00
|
|
|
const char *cp, *shell;
|
|
|
|
char *class, root[MAXPATHLEN];
|
1993-03-21 12:45:37 +03:00
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
class = NULL;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (logged_in || askpasswd == 0) {
|
|
|
|
reply(503, "Login with USER first.");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
askpasswd = 0;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.type != CLASS_GUEST) {
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* "ftp" is the only account allowed with no password */
|
1994-06-29 05:49:37 +04:00
|
|
|
if (pw == NULL) {
|
|
|
|
rval = 1; /* failure below */
|
|
|
|
goto skip;
|
|
|
|
}
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS)
|
1999-05-20 01:44:29 +04:00
|
|
|
if (klogin(pw, "", hostname, (char *)passwd) == 0) {
|
1997-10-12 18:04:36 +04:00
|
|
|
rval = 0;
|
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
#endif
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS5)
|
|
|
|
if (k5login(pw, "", hostname, (char *)passwd) == 0) {
|
|
|
|
rval = 0;
|
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
#endif
|
1997-10-12 17:52:51 +04:00
|
|
|
#ifdef SKEY
|
1999-05-17 19:14:53 +04:00
|
|
|
if (skey_haskey(pw->pw_name) == 0) {
|
|
|
|
char *p;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
p = xstrdup(passwd);
|
|
|
|
r = skey_passcheck(pw->pw_name, p);
|
|
|
|
free(p);
|
|
|
|
if (r != -1) {
|
|
|
|
rval = 0;
|
|
|
|
goto skip;
|
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1994-05-24 10:52:17 +04:00
|
|
|
#endif
|
1998-06-26 21:41:38 +04:00
|
|
|
if (!sflag && *pw->pw_passwd != '\0' &&
|
1997-10-12 17:52:51 +04:00
|
|
|
!strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd)) {
|
|
|
|
rval = 0;
|
1994-06-29 05:49:37 +04:00
|
|
|
goto skip;
|
1994-05-24 10:52:17 +04:00
|
|
|
}
|
1997-10-12 17:52:51 +04:00
|
|
|
rval = 1;
|
1994-03-30 06:49:15 +04:00
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
skip:
|
1998-02-24 02:10:34 +03:00
|
|
|
if (pw != NULL && pw->pw_expire && time(NULL) >= pw->pw_expire)
|
1998-02-01 17:10:22 +03:00
|
|
|
rval = 2;
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If rval > 0, the user failed the authentication check
|
|
|
|
* above. If rval == 0, either Kerberos or local
|
|
|
|
* authentication succeeded.
|
|
|
|
*/
|
1994-03-30 06:49:15 +04:00
|
|
|
if (rval) {
|
2000-07-08 22:24:28 +04:00
|
|
|
reply(530, "%s", rval == 2 ? "Password expired." :
|
1998-02-01 17:10:22 +03:00
|
|
|
"Login incorrect.");
|
1997-05-29 14:31:48 +04:00
|
|
|
if (logging) {
|
1994-06-29 05:49:37 +04:00
|
|
|
syslog(LOG_NOTICE,
|
1997-05-29 14:31:48 +04:00
|
|
|
"FTP LOGIN FAILED FROM %s", remotehost);
|
|
|
|
syslog(LOG_AUTHPRIV | LOG_NOTICE,
|
1994-06-29 05:49:37 +04:00
|
|
|
"FTP LOGIN FAILED FROM %s, %s",
|
|
|
|
remotehost, curname);
|
1997-05-29 14:31:48 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
pw = NULL;
|
|
|
|
if (login_attempts++ >= 5) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"repeated login failures from %s",
|
|
|
|
remotehost);
|
|
|
|
exit(0);
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
1997-04-06 11:53:10 +04:00
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* password ok; see if anything else prevents login */
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (! checkuser(_PATH_FTPUSERS, pw->pw_name, 1, 0, &class)) {
|
1997-04-06 11:53:10 +04:00
|
|
|
reply(530, "User %s may not use FTP.", pw->pw_name);
|
|
|
|
if (logging)
|
|
|
|
syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",
|
|
|
|
remotehost, pw->pw_name);
|
2000-01-08 14:09:56 +03:00
|
|
|
goto bad;
|
1997-04-06 11:53:10 +04:00
|
|
|
}
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* if not guest user, check for valid shell */
|
1997-04-06 11:53:10 +04:00
|
|
|
if ((shell = pw->pw_shell) == NULL || *shell == 0)
|
|
|
|
shell = _PATH_BSHELL;
|
|
|
|
while ((cp = getusershell()) != NULL)
|
|
|
|
if (strcmp(cp, shell) == 0)
|
|
|
|
break;
|
|
|
|
endusershell();
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (cp == NULL && curclass.type != CLASS_GUEST) {
|
1997-04-06 11:53:10 +04:00
|
|
|
reply(530, "User %s may not use FTP.", pw->pw_name);
|
|
|
|
if (logging)
|
1999-05-17 19:14:53 +04:00
|
|
|
syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",
|
1997-04-06 11:53:10 +04:00
|
|
|
remotehost, pw->pw_name);
|
2000-01-08 14:09:56 +03:00
|
|
|
goto bad;
|
1997-04-06 11:53:10 +04:00
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
login_attempts = 0; /* this time successful */
|
1994-06-29 05:49:37 +04:00
|
|
|
if (setegid((gid_t)pw->pw_gid) < 0) {
|
|
|
|
reply(550, "Can't set gid.");
|
2000-01-08 14:09:56 +03:00
|
|
|
goto bad;
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) initgroups(pw->pw_name, pw->pw_gid);
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* cache groups for cmds.c::matchgroup() */
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
gidcount = getgroups(sizeof(gidlist), gidlist);
|
1993-03-21 12:45:37 +03:00
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* open wtmp before chroot */
|
2000-07-26 17:53:33 +04:00
|
|
|
if (dowtmp)
|
|
|
|
logwtmp(ttyline, pw->pw_name, remotehost);
|
1999-12-18 08:51:34 +03:00
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* open utmp before chroot */
|
1999-12-18 08:51:34 +03:00
|
|
|
if (doutmp) {
|
|
|
|
memset((void *)&utmp, 0, sizeof(utmp));
|
|
|
|
(void)time(&utmp.ut_time);
|
|
|
|
(void)strncpy(utmp.ut_name, pw->pw_name, sizeof(utmp.ut_name));
|
|
|
|
(void)strncpy(utmp.ut_host, remotehost, sizeof(utmp.ut_host));
|
|
|
|
(void)strncpy(utmp.ut_line, ttyline, sizeof(utmp.ut_line));
|
|
|
|
login(&utmp);
|
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
logged_in = 1;
|
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
/* check user in /etc/ftpchroot */
|
|
|
|
if (checkuser(_PATH_FTPCHROOT, pw->pw_name, 0, 0, NULL)) {
|
|
|
|
if (curclass.type == CLASS_GUEST) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"Can't change guest user to chroot class; remove entry in %s",
|
|
|
|
_PATH_FTPCHROOT);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
curclass.type = CLASS_CHROOT;
|
|
|
|
}
|
|
|
|
if (class == NULL) {
|
|
|
|
switch (curclass.type) {
|
|
|
|
case CLASS_GUEST:
|
|
|
|
class = xstrdup("guest");
|
|
|
|
break;
|
|
|
|
case CLASS_CHROOT:
|
|
|
|
class = xstrdup("chroot");
|
|
|
|
break;
|
|
|
|
case CLASS_REAL:
|
|
|
|
class = xstrdup("real");
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
abort();
|
|
|
|
}
|
|
|
|
}
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* parse ftpd.conf, setting up various parameters */
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
parse_conf(class);
|
2000-01-08 14:09:56 +03:00
|
|
|
count_users();
|
|
|
|
if (curclass.limit != -1 && connections > curclass.limit) {
|
|
|
|
if (! EMPTYSTR(curclass.limitfile))
|
2000-07-17 06:30:52 +04:00
|
|
|
(void)display_file(conffilename(curclass.limitfile),
|
|
|
|
530);
|
2000-01-08 14:09:56 +03:00
|
|
|
reply(530,
|
2000-01-08 14:14:36 +03:00
|
|
|
"User %s access denied, connection limit of %d reached.",
|
2000-01-08 14:09:56 +03:00
|
|
|
pw->pw_name, curclass.limit);
|
|
|
|
syslog(LOG_NOTICE,
|
2000-07-17 06:30:52 +04:00
|
|
|
"Maximum connection limit of %d for class %s reached, login refused for %s",
|
|
|
|
curclass.limit, curclass.classname, pw->pw_name);
|
2000-01-08 14:09:56 +03:00
|
|
|
goto bad;
|
|
|
|
}
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
2000-07-17 06:30:52 +04:00
|
|
|
homedir[0] = '/';
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
switch (curclass.type) {
|
|
|
|
case CLASS_GUEST:
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/*
|
|
|
|
* We MUST do a chdir() after the chroot. Otherwise
|
|
|
|
* the old current directory will be accessible as "."
|
|
|
|
* outside the new root!
|
|
|
|
*/
|
2000-07-17 06:30:52 +04:00
|
|
|
format_path(root,
|
|
|
|
curclass.chroot ? curclass.chroot :
|
|
|
|
anondir ? anondir :
|
|
|
|
pw->pw_dir);
|
|
|
|
format_path(homedir,
|
|
|
|
curclass.homedir ? curclass.homedir :
|
|
|
|
"/");
|
|
|
|
if (EMPTYSTR(homedir))
|
|
|
|
homedir[0] = '/';
|
|
|
|
if (EMPTYSTR(root) || chroot(root) < 0) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"GUEST user %s: can't chroot to %s: %m",
|
|
|
|
pw->pw_name, root);
|
|
|
|
goto bad_guest;
|
|
|
|
}
|
|
|
|
if (chdir(homedir) < 0) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"GUEST user %s: can't chdir to %s: %m",
|
|
|
|
pw->pw_name, homedir);
|
|
|
|
bad_guest:
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(550, "Can't set guest privileges.");
|
|
|
|
goto bad;
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
break;
|
|
|
|
case CLASS_CHROOT:
|
2000-07-17 06:30:52 +04:00
|
|
|
format_path(root,
|
|
|
|
curclass.chroot ? curclass.chroot :
|
|
|
|
pw->pw_dir);
|
|
|
|
format_path(homedir,
|
|
|
|
curclass.homedir ? curclass.homedir :
|
|
|
|
"/");
|
|
|
|
if (EMPTYSTR(homedir))
|
|
|
|
homedir[0] = '/';
|
|
|
|
if (EMPTYSTR(root) || chroot(root) < 0) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"CHROOT user %s: can't chroot to %s: %m",
|
|
|
|
pw->pw_name, root);
|
|
|
|
goto bad_chroot;
|
|
|
|
}
|
|
|
|
if (chdir(homedir) < 0) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"CHROOT user %s: can't chdir to %s: %m",
|
|
|
|
pw->pw_name, homedir);
|
|
|
|
bad_chroot:
|
1994-04-07 00:49:52 +04:00
|
|
|
reply(550, "Can't change root.");
|
|
|
|
goto bad;
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
break;
|
|
|
|
case CLASS_REAL:
|
2000-07-17 06:30:52 +04:00
|
|
|
format_path(homedir,
|
|
|
|
curclass.homedir ? curclass.homedir :
|
|
|
|
pw->pw_dir);
|
|
|
|
if (EMPTYSTR(homedir) || chdir(homedir) < 0) {
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (chdir("/") < 0) {
|
2000-07-17 06:30:52 +04:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"REAL user %s: can't chdir to %s: %m",
|
|
|
|
pw->pw_name,
|
|
|
|
!EMPTYSTR(homedir) ? homedir : "/");
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
reply(530,
|
|
|
|
"User %s: can't change directory to %s.",
|
2000-07-17 06:30:52 +04:00
|
|
|
pw->pw_name,
|
|
|
|
!EMPTYSTR(homedir) ? homedir : "/");
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
goto bad;
|
2000-07-17 06:30:52 +04:00
|
|
|
} else {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-230,
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
"No directory! Logging in with home=/");
|
2000-07-17 06:30:52 +04:00
|
|
|
homedir[0] = '/';
|
|
|
|
}
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
break;
|
|
|
|
}
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (dropprivs ||
|
|
|
|
(curclass.type != CLASS_REAL &&
|
|
|
|
ntohs(ctrl_addr.su_port) > IPPORT_RESERVED + 1)) {
|
|
|
|
dropprivs++;
|
|
|
|
if (setgid((gid_t)pw->pw_gid) < 0) {
|
|
|
|
reply(550, "Can't set gid.");
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
if (setuid((uid_t)pw->pw_uid) < 0) {
|
|
|
|
reply(550, "Can't set uid.");
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (seteuid((uid_t)pw->pw_uid) < 0) {
|
|
|
|
reply(550, "Can't set uid.");
|
|
|
|
goto bad;
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
2000-07-17 06:30:52 +04:00
|
|
|
setenv("HOME", homedir, 1);
|
1997-12-28 07:28:17 +03:00
|
|
|
|
2000-01-13 03:04:31 +03:00
|
|
|
if (curclass.type == CLASS_GUEST && passwd[0] == '-')
|
|
|
|
quietmessages = 1;
|
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/*
|
|
|
|
* Display a login message, if it exists.
|
|
|
|
* N.B. reply(230,) must follow the message.
|
|
|
|
*/
|
2000-07-17 06:30:52 +04:00
|
|
|
(void)display_file(conffilename(curclass.motd), 230);
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
show_chdir_messages(230);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.type == CLASS_GUEST) {
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(230, "Guest login ok, access restrictions apply.");
|
1994-04-14 07:15:37 +04:00
|
|
|
#ifdef HASSETPROCTITLE
|
1994-06-29 05:49:37 +04:00
|
|
|
snprintf(proctitle, sizeof(proctitle),
|
|
|
|
"%s: anonymous/%.*s", remotehost,
|
1997-06-18 23:05:46 +04:00
|
|
|
(int) (sizeof(proctitle) - sizeof(remotehost) -
|
|
|
|
sizeof(": anonymous/")), passwd);
|
2000-07-06 02:15:04 +04:00
|
|
|
setproctitle("%s", proctitle);
|
1994-04-14 07:15:37 +04:00
|
|
|
#endif /* HASSETPROCTITLE */
|
1993-03-21 12:45:37 +03:00
|
|
|
if (logging)
|
1999-12-21 15:56:15 +03:00
|
|
|
syslog(LOG_INFO,
|
|
|
|
"ANONYMOUS FTP LOGIN FROM %s, %s (class: %s, type: %s)",
|
|
|
|
remotehost, passwd,
|
|
|
|
curclass.classname, CURCLASSTYPE);
|
1993-03-21 12:45:37 +03:00
|
|
|
} else {
|
|
|
|
reply(230, "User %s logged in.", pw->pw_name);
|
1994-04-14 07:15:37 +04:00
|
|
|
#ifdef HASSETPROCTITLE
|
1994-06-29 05:49:37 +04:00
|
|
|
snprintf(proctitle, sizeof(proctitle),
|
|
|
|
"%s: %s", remotehost, pw->pw_name);
|
2000-07-06 02:15:04 +04:00
|
|
|
setproctitle("%s", proctitle);
|
1994-04-14 07:15:37 +04:00
|
|
|
#endif /* HASSETPROCTITLE */
|
1993-03-21 12:45:37 +03:00
|
|
|
if (logging)
|
1999-12-21 15:56:15 +03:00
|
|
|
syslog(LOG_INFO,
|
|
|
|
"FTP LOGIN FROM %s as %s (class: %s, type: %s)",
|
|
|
|
remotehost, pw->pw_name,
|
|
|
|
curclass.classname, CURCLASSTYPE);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
(void) umask(curclass.umask);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
goto cleanuppass;
|
|
|
|
bad:
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* Forget all about it... */
|
1993-03-21 12:45:37 +03:00
|
|
|
end_login();
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
cleanuppass:
|
|
|
|
if (class)
|
|
|
|
free(class);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
retrieve(char *argv[], const char *name)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
FILE *fin, *dout;
|
1993-03-21 12:45:37 +03:00
|
|
|
struct stat st;
|
2000-05-20 06:20:18 +04:00
|
|
|
int (*closefunc)(FILE *) = NULL;
|
1999-05-18 12:14:17 +04:00
|
|
|
int log, sendrv, closerv, stderrfd, isconversion, isdata, isls;
|
1999-05-17 19:14:53 +04:00
|
|
|
struct timeval start, finish, td, *tdp;
|
|
|
|
const char *dispname;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1998-06-08 11:13:13 +04:00
|
|
|
sendrv = closerv = stderrfd = -1;
|
1999-05-18 12:14:17 +04:00
|
|
|
isconversion = isdata = isls = log = 0;
|
1999-05-17 19:14:53 +04:00
|
|
|
tdp = NULL;
|
|
|
|
dispname = name;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
fin = dout = NULL;
|
1999-12-07 08:30:53 +03:00
|
|
|
if (argv == NULL) {
|
1999-05-17 19:14:53 +04:00
|
|
|
log = 1;
|
|
|
|
isdata = 1;
|
|
|
|
fin = fopen(name, "r");
|
|
|
|
closefunc = fclose;
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
if (fin == NULL)
|
1999-12-07 08:30:53 +03:00
|
|
|
argv = do_conversion(name);
|
|
|
|
if (argv != NULL) {
|
1998-06-08 11:13:13 +04:00
|
|
|
isconversion++;
|
1999-12-07 08:30:53 +03:00
|
|
|
syslog(LOG_INFO, "get command: '%s' on '%s'",
|
|
|
|
argv[0], name);
|
1998-06-08 11:13:13 +04:00
|
|
|
}
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
}
|
1999-12-07 08:30:53 +03:00
|
|
|
if (argv != NULL) {
|
2000-01-08 14:09:56 +03:00
|
|
|
char temp[MAXPATHLEN];
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-12-07 08:30:53 +03:00
|
|
|
if (strcmp(argv[0], INTERNAL_LS) == 0) {
|
1999-05-18 12:14:17 +04:00
|
|
|
isls = 1;
|
|
|
|
stderrfd = -1;
|
|
|
|
} else {
|
|
|
|
(void)snprintf(temp, sizeof(temp), "%s", TMPFILE);
|
|
|
|
stderrfd = mkstemp(temp);
|
|
|
|
if (stderrfd != -1)
|
|
|
|
(void)unlink(temp);
|
|
|
|
}
|
1999-12-07 08:30:53 +03:00
|
|
|
dispname = argv[0];
|
|
|
|
fin = ftpd_popen(argv, "r", stderrfd);
|
1999-05-17 19:14:53 +04:00
|
|
|
closefunc = ftpd_pclose;
|
1993-03-21 12:45:37 +03:00
|
|
|
st.st_size = -1;
|
|
|
|
st.st_blksize = BUFSIZ;
|
|
|
|
}
|
|
|
|
if (fin == NULL) {
|
1994-06-29 05:49:37 +04:00
|
|
|
if (errno != 0) {
|
1999-05-17 19:14:53 +04:00
|
|
|
perror_reply(550, dispname);
|
|
|
|
if (log)
|
|
|
|
logcmd("get", -1, name, NULL, NULL,
|
|
|
|
strerror(errno));
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1999-12-07 08:30:53 +03:00
|
|
|
goto cleanupretrieve;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
byte_count = -1;
|
1999-12-07 08:30:53 +03:00
|
|
|
if (argv == NULL
|
1998-06-08 11:13:13 +04:00
|
|
|
&& (fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode))) {
|
1999-05-17 19:14:53 +04:00
|
|
|
reply(550, "%s: not a plain file.", dispname);
|
1993-03-21 12:45:37 +03:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
if (restart_point) {
|
|
|
|
if (type == TYPE_A) {
|
1998-06-08 11:13:13 +04:00
|
|
|
off_t i;
|
1994-06-29 05:49:37 +04:00
|
|
|
int c;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1998-06-08 11:13:13 +04:00
|
|
|
for (i = 0; i < restart_point; i++) {
|
1993-03-21 12:45:37 +03:00
|
|
|
if ((c=getc(fin)) == EOF) {
|
1999-05-17 19:14:53 +04:00
|
|
|
perror_reply(550, dispname);
|
1993-03-21 12:45:37 +03:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
if (c == '\n')
|
|
|
|
i++;
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1997-08-25 23:31:43 +04:00
|
|
|
} else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
|
1999-05-17 19:14:53 +04:00
|
|
|
perror_reply(550, dispname);
|
1993-03-21 12:45:37 +03:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
dout = dataconn(dispname, st.st_size, "w");
|
1993-03-21 12:45:37 +03:00
|
|
|
if (dout == NULL)
|
|
|
|
goto done;
|
1999-05-17 19:14:53 +04:00
|
|
|
|
|
|
|
(void)gettimeofday(&start, NULL);
|
|
|
|
sendrv = send_data(fin, dout, st.st_blksize, isdata);
|
|
|
|
(void)gettimeofday(&finish, NULL);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
(void) fclose(dout); /* close now to affect timing stats */
|
|
|
|
dout = NULL;
|
1999-05-17 19:14:53 +04:00
|
|
|
timersub(&finish, &start, &td);
|
|
|
|
tdp = &td;
|
2000-05-21 03:34:55 +04:00
|
|
|
done:
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
if (log)
|
1999-05-17 19:14:53 +04:00
|
|
|
logcmd("get", byte_count, name, NULL, tdp, NULL);
|
1998-06-08 11:13:13 +04:00
|
|
|
closerv = (*closefunc)(fin);
|
|
|
|
if (sendrv == 0) {
|
|
|
|
FILE *err;
|
|
|
|
struct stat sb;
|
|
|
|
|
1999-12-07 08:30:53 +03:00
|
|
|
if (!isls && argv != NULL && closerv != 0) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-226,
|
1998-06-08 11:13:13 +04:00
|
|
|
"Command returned an exit status of %d",
|
|
|
|
closerv);
|
|
|
|
if (isconversion)
|
|
|
|
syslog(LOG_INFO,
|
1999-12-07 08:30:53 +03:00
|
|
|
"retrieve command: '%s' returned %d",
|
|
|
|
argv[0], closerv);
|
1998-06-08 11:13:13 +04:00
|
|
|
}
|
1999-12-07 08:30:53 +03:00
|
|
|
if (!isls && argv != NULL && stderrfd != -1 &&
|
1998-06-08 11:13:13 +04:00
|
|
|
(fstat(stderrfd, &sb) == 0) && sb.st_size > 0 &&
|
|
|
|
((err = fdopen(stderrfd, "r")) != NULL)) {
|
|
|
|
char *cp, line[LINE_MAX];
|
|
|
|
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-226, "Command error messages:");
|
1998-06-08 11:13:13 +04:00
|
|
|
rewind(err);
|
|
|
|
while (fgets(line, sizeof(line), err) != NULL) {
|
|
|
|
if ((cp = strchr(line, '\n')) != NULL)
|
|
|
|
*cp = '\0';
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, " %s", line);
|
1998-06-08 11:13:13 +04:00
|
|
|
}
|
|
|
|
(void) fflush(stdout);
|
|
|
|
(void) fclose(err);
|
|
|
|
/* a reply(226,) must follow */
|
|
|
|
}
|
|
|
|
reply(226, "Transfer complete.");
|
|
|
|
}
|
1999-12-07 08:30:53 +03:00
|
|
|
cleanupretrieve:
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
closedataconn(dout);
|
1998-06-08 11:13:13 +04:00
|
|
|
if (stderrfd != -1)
|
|
|
|
(void)close(stderrfd);
|
1999-12-07 08:30:53 +03:00
|
|
|
if (isconversion)
|
|
|
|
free(argv);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
store(const char *name, const char *mode, int unique)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
FILE *fout, *din;
|
|
|
|
struct stat st;
|
2000-05-20 06:20:18 +04:00
|
|
|
int (*closefunc)(FILE *);
|
1999-05-17 19:14:53 +04:00
|
|
|
struct timeval start, finish, td, *tdp;
|
|
|
|
char *desc;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
din = NULL;
|
1999-05-17 19:14:53 +04:00
|
|
|
desc = (*mode == 'w') ? "put" : "append";
|
1993-03-21 12:45:37 +03:00
|
|
|
if (unique && stat(name, &st) == 0 &&
|
1994-06-29 05:49:37 +04:00
|
|
|
(name = gunique(name)) == NULL) {
|
1999-05-17 19:14:53 +04:00
|
|
|
logcmd(desc, -1, name, NULL, NULL, "cannot create unique file");
|
2000-05-21 03:34:55 +04:00
|
|
|
goto cleanupstore;
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
if (restart_point)
|
1994-06-29 05:49:37 +04:00
|
|
|
mode = "r+";
|
1993-03-21 12:45:37 +03:00
|
|
|
fout = fopen(name, mode);
|
|
|
|
closefunc = fclose;
|
1999-05-17 19:14:53 +04:00
|
|
|
tdp = NULL;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (fout == NULL) {
|
|
|
|
perror_reply(553, name);
|
1999-05-17 19:14:53 +04:00
|
|
|
logcmd(desc, -1, name, NULL, NULL, strerror(errno));
|
2000-05-21 03:34:55 +04:00
|
|
|
goto cleanupstore;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
byte_count = -1;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (restart_point) {
|
|
|
|
if (type == TYPE_A) {
|
1998-06-08 11:13:13 +04:00
|
|
|
off_t i;
|
1994-06-29 05:49:37 +04:00
|
|
|
int c;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1998-06-08 11:13:13 +04:00
|
|
|
for (i = 0; i < restart_point; i++) {
|
1993-03-21 12:45:37 +03:00
|
|
|
if ((c=getc(fout)) == EOF) {
|
|
|
|
perror_reply(550, name);
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
if (c == '\n')
|
|
|
|
i++;
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* We must do this seek to "current" position
|
|
|
|
* because we are changing from reading to
|
|
|
|
* writing.
|
|
|
|
*/
|
1997-04-27 07:21:38 +04:00
|
|
|
if (fseek(fout, 0L, SEEK_CUR) < 0) {
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(550, name);
|
|
|
|
goto done;
|
|
|
|
}
|
1997-08-25 23:31:43 +04:00
|
|
|
} else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(550, name);
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
din = dataconn(name, (off_t)-1, "r");
|
|
|
|
if (din == NULL)
|
|
|
|
goto done;
|
1999-05-17 19:14:53 +04:00
|
|
|
(void)gettimeofday(&start, NULL);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (receive_data(din, fout) == 0) {
|
|
|
|
if (unique)
|
|
|
|
reply(226, "Transfer complete (unique file name:%s).",
|
|
|
|
name);
|
|
|
|
else
|
|
|
|
reply(226, "Transfer complete.");
|
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
(void)gettimeofday(&finish, NULL);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
(void) fclose(din); /* close now to affect timing stats */
|
|
|
|
din = NULL;
|
1999-05-17 19:14:53 +04:00
|
|
|
timersub(&finish, &start, &td);
|
|
|
|
tdp = &td;
|
2000-05-21 03:34:55 +04:00
|
|
|
done:
|
1999-05-17 19:14:53 +04:00
|
|
|
logcmd(desc, byte_count, name, NULL, tdp, NULL);
|
1993-03-21 12:45:37 +03:00
|
|
|
(*closefunc)(fout);
|
2000-05-21 03:34:55 +04:00
|
|
|
cleanupstore:
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
closedataconn(din);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
static FILE *
|
2000-05-20 06:20:18 +04:00
|
|
|
getdatasock(const char *mode)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
int on, s, t, tries;
|
|
|
|
in_port_t port;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
on = 1;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (data >= 0)
|
|
|
|
return (fdopen(data, mode));
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (! dropprivs)
|
|
|
|
(void) seteuid((uid_t)0);
|
1999-07-02 09:52:14 +04:00
|
|
|
s = socket(ctrl_addr.su_family, SOCK_STREAM, 0);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (s < 0)
|
|
|
|
goto bad;
|
|
|
|
if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
|
1994-06-29 05:49:37 +04:00
|
|
|
(char *) &on, sizeof(on)) < 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
goto bad;
|
1999-06-05 17:49:53 +04:00
|
|
|
if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
|
|
|
|
(char *) &on, sizeof(on)) < 0)
|
|
|
|
goto bad;
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* anchor socket to avoid multi-homing problems */
|
1999-07-02 09:52:14 +04:00
|
|
|
data_source = ctrl_addr;
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/*
|
|
|
|
* By default source port for PORT connctions is
|
|
|
|
* ctrlport-1 (see RFC959 section 5.2).
|
|
|
|
* However, if privs have been dropped and that
|
|
|
|
* would be < IPPORT_RESERVED, use a random port
|
|
|
|
* instead.
|
|
|
|
*/
|
|
|
|
port = ntohs(ctrl_addr.su_port) - 1;
|
|
|
|
if (dropprivs && port < IPPORT_RESERVED)
|
|
|
|
port = 0; /* use random port */
|
|
|
|
data_source.su_port = htons(port);
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
for (tries = 1; ; tries++) {
|
|
|
|
if (bind(s, (struct sockaddr *)&data_source,
|
1999-07-02 09:52:14 +04:00
|
|
|
data_source.su_len) >= 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
if (errno != EADDRINUSE || tries > 10)
|
|
|
|
goto bad;
|
|
|
|
sleep(tries);
|
|
|
|
}
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (! dropprivs)
|
|
|
|
(void) seteuid((uid_t)pw->pw_uid);
|
1993-03-21 12:45:37 +03:00
|
|
|
#ifdef IP_TOS
|
1999-12-13 19:30:37 +03:00
|
|
|
if (!mapped && ctrl_addr.su_family == AF_INET) {
|
1999-07-02 09:52:14 +04:00
|
|
|
on = IPTOS_THROUGHPUT;
|
|
|
|
if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&on,
|
|
|
|
sizeof(int)) < 0)
|
|
|
|
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif
|
|
|
|
return (fdopen(s, mode));
|
2000-05-21 03:34:55 +04:00
|
|
|
bad:
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* Return the real value of errno (close may change it) */
|
1994-06-29 05:49:37 +04:00
|
|
|
t = errno;
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (! dropprivs)
|
|
|
|
(void) seteuid((uid_t)pw->pw_uid);
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) close(s);
|
1994-06-29 05:49:37 +04:00
|
|
|
errno = t;
|
1993-03-21 12:45:37 +03:00
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
2000-06-14 17:44:21 +04:00
|
|
|
FILE *
|
2000-05-20 06:20:18 +04:00
|
|
|
dataconn(const char *name, off_t size, const char *mode)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
char sizebuf[32];
|
|
|
|
FILE *file;
|
1999-06-05 17:49:53 +04:00
|
|
|
int retry = 0, tos, keepalive;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
file_size = size;
|
|
|
|
byte_count = 0;
|
|
|
|
if (size != (off_t) -1)
|
1999-05-17 19:14:53 +04:00
|
|
|
(void)snprintf(sizebuf, sizeof(sizebuf), " (%qd byte%s)",
|
1999-05-25 01:57:19 +04:00
|
|
|
(qdfmt_t)size, PLURAL(size));
|
1993-03-21 12:45:37 +03:00
|
|
|
else
|
1997-07-21 09:13:10 +04:00
|
|
|
sizebuf[0] = '\0';
|
1993-03-21 12:45:37 +03:00
|
|
|
if (pdata >= 0) {
|
1999-07-02 09:52:14 +04:00
|
|
|
union sockunion from;
|
1999-07-27 19:41:49 +04:00
|
|
|
int s, fromlen = sizeof(from);
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1997-11-29 02:32:30 +03:00
|
|
|
(void) alarm(curclass.timeout);
|
1993-03-21 12:45:37 +03:00
|
|
|
s = accept(pdata, (struct sockaddr *)&from, &fromlen);
|
1997-11-29 02:32:30 +03:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (s < 0) {
|
|
|
|
reply(425, "Can't open data connection.");
|
|
|
|
(void) close(pdata);
|
|
|
|
pdata = -1;
|
1994-06-29 05:49:37 +04:00
|
|
|
return (NULL);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
(void) close(pdata);
|
|
|
|
pdata = s;
|
1999-07-02 09:52:14 +04:00
|
|
|
switch (from.su_family) {
|
|
|
|
case AF_INET:
|
1993-03-21 12:45:37 +03:00
|
|
|
#ifdef IP_TOS
|
1999-12-13 19:30:37 +03:00
|
|
|
if (!mapped) {
|
|
|
|
tos = IPTOS_THROUGHPUT;
|
|
|
|
(void) setsockopt(s, IPPROTO_IP, IP_TOS,
|
|
|
|
(char *)&tos, sizeof(int));
|
|
|
|
}
|
1999-07-02 09:52:14 +04:00
|
|
|
break;
|
1999-06-05 17:49:53 +04:00
|
|
|
#endif
|
1999-07-02 09:52:14 +04:00
|
|
|
}
|
1999-06-05 17:49:53 +04:00
|
|
|
/* Set keepalives on the socket to detect dropped conns. */
|
|
|
|
#ifdef SO_KEEPALIVE
|
|
|
|
keepalive = 1;
|
|
|
|
(void) setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
|
|
|
|
(char *)&keepalive, sizeof(int));
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif
|
1994-06-29 05:49:37 +04:00
|
|
|
reply(150, "Opening %s mode data connection for '%s'%s.",
|
1993-03-21 12:45:37 +03:00
|
|
|
type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
|
1994-06-29 05:49:37 +04:00
|
|
|
return (fdopen(pdata, mode));
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
if (data >= 0) {
|
1994-06-29 05:49:37 +04:00
|
|
|
reply(125, "Using existing data connection for '%s'%s.",
|
1993-03-21 12:45:37 +03:00
|
|
|
name, sizebuf);
|
|
|
|
usedefault = 1;
|
|
|
|
return (fdopen(data, mode));
|
|
|
|
}
|
|
|
|
if (usedefault)
|
|
|
|
data_dest = his_addr;
|
|
|
|
usedefault = 1;
|
|
|
|
file = getdatasock(mode);
|
|
|
|
if (file == NULL) {
|
1999-07-02 09:52:14 +04:00
|
|
|
char hbuf[INET6_ADDRSTRLEN];
|
|
|
|
char pbuf[10];
|
|
|
|
getnameinfo((struct sockaddr *)&data_source, data_source.su_len,
|
|
|
|
hbuf, sizeof(hbuf), pbuf, sizeof(pbuf),
|
|
|
|
NI_NUMERICHOST | NI_NUMERICSERV);
|
|
|
|
reply(425, "Can't create data socket (%s,%s): %s.",
|
|
|
|
hbuf, pbuf, strerror(errno));
|
1993-03-21 12:45:37 +03:00
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
data = fileno(file);
|
|
|
|
while (connect(data, (struct sockaddr *)&data_dest,
|
1999-07-02 09:52:14 +04:00
|
|
|
data_dest.su_len) < 0) {
|
1993-03-21 12:45:37 +03:00
|
|
|
if (errno == EADDRINUSE && retry < swaitmax) {
|
|
|
|
sleep((unsigned) swaitint);
|
|
|
|
retry += swaitint;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
perror_reply(425, "Can't build data connection");
|
|
|
|
(void) fclose(file);
|
|
|
|
data = -1;
|
|
|
|
return (NULL);
|
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
reply(150, "Opening %s mode data connection for '%s'%s.",
|
1993-03-21 12:45:37 +03:00
|
|
|
type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
|
|
|
|
return (file);
|
|
|
|
}
|
|
|
|
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
void
|
|
|
|
closedataconn(FILE *fd)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (fd != NULL)
|
|
|
|
(void)fclose(fd);
|
|
|
|
data = -1;
|
|
|
|
if (pdata >= 0)
|
|
|
|
(void)close(pdata);
|
|
|
|
pdata = -1;
|
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
1994-06-29 05:49:37 +04:00
|
|
|
* Tranfer the contents of "instr" to "outstr" peer using the appropriate
|
|
|
|
* encapsulation of the data subject * to Mode, Structure, and Type.
|
1993-03-21 12:45:37 +03:00
|
|
|
*
|
|
|
|
* NB: Form isn't handled.
|
|
|
|
*/
|
1998-06-08 11:13:13 +04:00
|
|
|
static int
|
2000-05-20 06:20:18 +04:00
|
|
|
send_data(FILE *instr, FILE *outstr, off_t blksize, int isdata)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
int c, filefd, netfd, rval;
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
char *buf;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-05-17 19:14:53 +04:00
|
|
|
transflag = 1;
|
|
|
|
rval = -1;
|
|
|
|
buf = NULL;
|
|
|
|
if (setjmp(urgcatch))
|
|
|
|
goto cleanup_send_data;
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
switch (type) {
|
|
|
|
|
|
|
|
case TYPE_A:
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
/* XXXX: rate limit ascii send (get) */
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(curclass.timeout);
|
1993-03-21 12:45:37 +03:00
|
|
|
while ((c = getc(instr)) != EOF) {
|
|
|
|
byte_count++;
|
|
|
|
if (c == '\n') {
|
|
|
|
if (ferror(outstr))
|
|
|
|
goto data_err;
|
|
|
|
(void) putc('\r', outstr);
|
1999-05-18 12:14:17 +04:00
|
|
|
if (isdata) {
|
|
|
|
total_data_out++;
|
|
|
|
total_data++;
|
|
|
|
}
|
|
|
|
total_bytes_out++;
|
|
|
|
total_bytes++;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
(void) putc(c, outstr);
|
1999-05-18 12:14:17 +04:00
|
|
|
if (isdata) {
|
|
|
|
total_data_out++;
|
|
|
|
total_data++;
|
|
|
|
}
|
|
|
|
total_bytes_out++;
|
|
|
|
total_bytes++;
|
1999-05-17 19:14:53 +04:00
|
|
|
if ((byte_count % 4096) == 0)
|
|
|
|
(void) alarm(curclass.timeout);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
fflush(outstr);
|
|
|
|
if (ferror(instr))
|
|
|
|
goto file_err;
|
|
|
|
if (ferror(outstr))
|
|
|
|
goto data_err;
|
1999-05-17 19:14:53 +04:00
|
|
|
rval = 0;
|
|
|
|
goto cleanup_send_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
case TYPE_I:
|
|
|
|
case TYPE_L:
|
1999-05-17 19:14:53 +04:00
|
|
|
if ((buf = malloc((size_t)blksize)) == NULL) {
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(451, "Local resource failure: malloc");
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_send_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
filefd = fileno(instr);
|
1999-05-18 12:14:17 +04:00
|
|
|
netfd = fileno(outstr);
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(curclass.timeout);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.rateget) {
|
|
|
|
while (1) {
|
|
|
|
int d;
|
|
|
|
struct timeval then, now, td;
|
|
|
|
off_t bufrem;
|
|
|
|
char *bufp;
|
|
|
|
|
|
|
|
(void)gettimeofday(&then, NULL);
|
|
|
|
errno = c = d = 0;
|
|
|
|
bufrem = curclass.rateget;
|
|
|
|
while (bufrem > 0) {
|
|
|
|
if ((c = read(filefd, buf,
|
|
|
|
MIN(blksize, bufrem))) <= 0)
|
|
|
|
goto senddone;
|
|
|
|
(void) alarm(curclass.timeout);
|
|
|
|
bufrem -= c;
|
|
|
|
byte_count += c;
|
|
|
|
if (isdata) {
|
|
|
|
total_data_out += c;
|
|
|
|
total_data += c;
|
|
|
|
}
|
|
|
|
total_bytes_out += c;
|
|
|
|
total_bytes += c;
|
|
|
|
for (bufp = buf; c > 0;
|
|
|
|
c -= d, bufp += d)
|
|
|
|
if ((d =
|
|
|
|
write(netfd, bufp, c)) <= 0)
|
|
|
|
break;
|
|
|
|
if (d < 0)
|
|
|
|
goto data_err;
|
|
|
|
}
|
|
|
|
(void)gettimeofday(&now, NULL);
|
|
|
|
timersub(&now, &then, &td);
|
2000-06-20 11:39:46 +04:00
|
|
|
if (td.tv_sec == 0)
|
|
|
|
usleep(1000000 - td.tv_usec);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
while ((c = read(filefd, buf, (size_t)blksize)) > 0) {
|
|
|
|
if (write(netfd, buf, c) != c)
|
|
|
|
goto data_err;
|
|
|
|
(void) alarm(curclass.timeout);
|
|
|
|
byte_count += c;
|
|
|
|
if (isdata) {
|
|
|
|
total_data_out += c;
|
|
|
|
total_data += c;
|
|
|
|
}
|
|
|
|
total_bytes_out += c;
|
|
|
|
total_bytes += c;
|
1999-05-17 19:14:53 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
senddone:
|
|
|
|
if (c < 0)
|
1999-05-17 19:14:53 +04:00
|
|
|
goto file_err;
|
|
|
|
rval = 0;
|
|
|
|
goto cleanup_send_data;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
default:
|
|
|
|
reply(550, "Unimplemented TYPE %d in send_data", type);
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_send_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
data_err:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(426, "Data connection");
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_send_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
file_err:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(551, "Error on input file");
|
1999-05-17 19:14:53 +04:00
|
|
|
/* FALLTHROUGH */
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
cleanup_send_data:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
|
|
|
transflag = 0;
|
|
|
|
if (buf)
|
|
|
|
free(buf);
|
|
|
|
if (isdata) {
|
|
|
|
total_files_out++;
|
|
|
|
total_files++;
|
|
|
|
}
|
|
|
|
total_xfers_out++;
|
|
|
|
total_xfers++;
|
|
|
|
return (rval);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
1994-06-29 05:49:37 +04:00
|
|
|
* Transfer data from peer to "outstr" using the appropriate encapulation of
|
|
|
|
* the data subject to Mode, Structure, and Type.
|
1993-03-21 12:45:37 +03:00
|
|
|
*
|
|
|
|
* N.B.: Form isn't handled.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
static int
|
2000-05-20 06:20:18 +04:00
|
|
|
receive_data(FILE *instr, FILE *outstr)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
int c, bare_lfs, netfd, filefd, rval;
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
char buf[BUFSIZ];
|
1997-06-18 23:05:46 +04:00
|
|
|
#ifdef __GNUC__
|
|
|
|
(void) &bare_lfs;
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
bare_lfs = 0;
|
1999-05-17 19:14:53 +04:00
|
|
|
transflag = 1;
|
|
|
|
rval = -1;
|
|
|
|
if (setjmp(urgcatch))
|
|
|
|
goto cleanup_recv_data;
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
switch (type) {
|
|
|
|
|
|
|
|
case TYPE_I:
|
|
|
|
case TYPE_L:
|
1999-05-17 19:14:53 +04:00
|
|
|
netfd = fileno(instr);
|
|
|
|
filefd = fileno(outstr);
|
|
|
|
(void) alarm(curclass.timeout);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.rateput) {
|
|
|
|
while (1) {
|
|
|
|
int d;
|
|
|
|
struct timeval then, now, td;
|
|
|
|
off_t bufrem;
|
|
|
|
|
|
|
|
(void)gettimeofday(&then, NULL);
|
|
|
|
errno = c = d = 0;
|
|
|
|
for (bufrem = curclass.rateput; bufrem > 0; ) {
|
|
|
|
if ((c = read(netfd, buf,
|
|
|
|
MIN(sizeof(buf), bufrem))) <= 0)
|
|
|
|
goto recvdone;
|
|
|
|
if ((d = write(filefd, buf, c)) != c)
|
|
|
|
goto recvdone;
|
|
|
|
(void) alarm(curclass.timeout);
|
|
|
|
bufrem -= c;
|
|
|
|
byte_count += c;
|
|
|
|
total_data_in += c;
|
|
|
|
total_data += c;
|
|
|
|
total_bytes_in += c;
|
|
|
|
total_bytes += c;
|
|
|
|
}
|
|
|
|
(void)gettimeofday(&now, NULL);
|
|
|
|
timersub(&now, &then, &td);
|
2000-06-20 11:39:46 +04:00
|
|
|
if (td.tv_sec == 0)
|
|
|
|
usleep(1000000 - td.tv_usec);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
while ((c = read(netfd, buf, sizeof(buf))) > 0) {
|
|
|
|
if (write(filefd, buf, c) != c)
|
|
|
|
goto file_err;
|
|
|
|
(void) alarm(curclass.timeout);
|
|
|
|
byte_count += c;
|
|
|
|
total_data_in += c;
|
|
|
|
total_data += c;
|
|
|
|
total_bytes_in += c;
|
|
|
|
total_bytes += c;
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
recvdone:
|
|
|
|
if (c < 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
goto data_err;
|
1999-05-17 19:14:53 +04:00
|
|
|
rval = 0;
|
|
|
|
goto cleanup_recv_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
case TYPE_E:
|
|
|
|
reply(553, "TYPE E not implemented.");
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_recv_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
case TYPE_A:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(curclass.timeout);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
/* XXXX: rate limit ascii receive (put) */
|
1993-03-21 12:45:37 +03:00
|
|
|
while ((c = getc(instr)) != EOF) {
|
|
|
|
byte_count++;
|
1999-05-17 19:14:53 +04:00
|
|
|
total_data_in++;
|
|
|
|
total_data++;
|
|
|
|
total_bytes_in++;
|
|
|
|
total_bytes++;
|
|
|
|
if ((byte_count % 4096) == 0)
|
|
|
|
(void) alarm(curclass.timeout);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (c == '\n')
|
|
|
|
bare_lfs++;
|
|
|
|
while (c == '\r') {
|
|
|
|
if (ferror(outstr))
|
|
|
|
goto data_err;
|
|
|
|
if ((c = getc(instr)) != '\n') {
|
1999-05-17 19:14:53 +04:00
|
|
|
byte_count++;
|
|
|
|
total_data_in++;
|
|
|
|
total_data++;
|
|
|
|
total_bytes_in++;
|
|
|
|
total_bytes++;
|
|
|
|
if ((byte_count % 4096) == 0)
|
|
|
|
(void) alarm(curclass.timeout);
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) putc ('\r', outstr);
|
|
|
|
if (c == '\0' || c == EOF)
|
|
|
|
goto contin2;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(void) putc(c, outstr);
|
|
|
|
contin2: ;
|
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
fflush(outstr);
|
|
|
|
if (ferror(instr))
|
|
|
|
goto data_err;
|
|
|
|
if (ferror(outstr))
|
|
|
|
goto file_err;
|
|
|
|
if (bare_lfs) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-226,
|
1999-05-17 19:14:53 +04:00
|
|
|
"WARNING! %d bare linefeeds received in ASCII mode",
|
1994-06-29 05:49:37 +04:00
|
|
|
bare_lfs);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "File may not have transferred correctly.");
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
rval = 0;
|
|
|
|
goto cleanup_recv_data;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
default:
|
|
|
|
reply(550, "Unimplemented TYPE %d in receive_data", type);
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_recv_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
data_err:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(426, "Data Connection");
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_recv_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
file_err:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(452, "Error writing file");
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_recv_data;
|
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
cleanup_recv_data:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
|
|
|
transflag = 0;
|
|
|
|
total_files_in++;
|
|
|
|
total_files++;
|
|
|
|
total_xfers_in++;
|
|
|
|
total_xfers++;
|
|
|
|
return (rval);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
statcmd(void)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-07-02 09:52:14 +04:00
|
|
|
union sockunion *su = NULL;
|
|
|
|
static char ntop_buf[INET6_ADDRSTRLEN];
|
|
|
|
u_char *a, *p;
|
2000-05-21 03:34:55 +04:00
|
|
|
int ispassive, af;
|
2000-06-14 17:44:21 +04:00
|
|
|
off_t otbi, otbo, otb;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-07-02 09:52:14 +04:00
|
|
|
a = p = (u_char *)NULL;
|
|
|
|
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-211, "%s FTP server status:", hostname);
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
reply(0, "Version: %s", EMPTYSTR(version) ? "<suppressed>" : version);
|
1999-07-02 09:52:14 +04:00
|
|
|
ntop_buf[0] = '\0';
|
|
|
|
if (!getnameinfo((struct sockaddr *)&his_addr, his_addr.su_len,
|
|
|
|
ntop_buf, sizeof(ntop_buf), NULL, 0, NI_NUMERICHOST)
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
&& strcmp(remotehost, ntop_buf) != 0) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Connected to %s (%s)", remotehost, ntop_buf);
|
1999-07-02 09:52:14 +04:00
|
|
|
} else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Connected to %s", remotehost);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (logged_in) {
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.type == CLASS_GUEST)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Logged in anonymously");
|
1993-03-21 12:45:37 +03:00
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Logged in as %s%s", pw->pw_name,
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.type == CLASS_CHROOT ? " (chroot)" : "");
|
1993-03-21 12:45:37 +03:00
|
|
|
} else if (askpasswd)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Waiting for password");
|
1993-03-21 12:45:37 +03:00
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Waiting for user name");
|
|
|
|
cprintf(stdout, " TYPE: %s", typenames[type]);
|
2000-06-14 17:44:21 +04:00
|
|
|
if (type == TYPE_A || type == TYPE_E)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, ", FORM: %s", formnames[form]);
|
1999-05-17 19:14:53 +04:00
|
|
|
if (type == TYPE_L) {
|
1993-03-21 12:45:37 +03:00
|
|
|
#if NBBY == 8
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, " %d", NBBY);
|
1993-03-21 12:45:37 +03:00
|
|
|
#else
|
1999-05-17 19:14:53 +04:00
|
|
|
/* XXX: `bytesize' needs to be defined in this case */
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, " %d", bytesize);
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif
|
1999-05-17 19:14:53 +04:00
|
|
|
}
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, "; STRUcture: %s; transfer MODE: %s\r\n",
|
1993-03-21 12:45:37 +03:00
|
|
|
strunames[stru], modenames[mode]);
|
1999-07-02 09:52:14 +04:00
|
|
|
ispassive = 0;
|
|
|
|
if (data != -1) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Data connection open");
|
1999-07-02 09:52:14 +04:00
|
|
|
su = NULL;
|
|
|
|
} else if (pdata != -1) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "in Passive mode");
|
1999-07-02 09:52:14 +04:00
|
|
|
su = (union sockunion *)&pasv_addr;
|
|
|
|
ispassive = 1;
|
1993-03-21 12:45:37 +03:00
|
|
|
goto printaddr;
|
|
|
|
} else if (usedefault == 0) {
|
1999-07-02 09:52:14 +04:00
|
|
|
if (epsvall) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "EPSV only mode (EPSV ALL)");
|
1999-07-02 09:52:14 +04:00
|
|
|
goto epsvonly;
|
|
|
|
}
|
|
|
|
su = (union sockunion *)&data_dest;
|
2000-05-21 03:34:55 +04:00
|
|
|
printaddr:
|
2000-06-14 17:44:21 +04:00
|
|
|
/* PASV/PORT */
|
1999-07-02 09:52:14 +04:00
|
|
|
if (su->su_family == AF_INET) {
|
|
|
|
a = (u_char *) &su->su_sin.sin_addr;
|
|
|
|
p = (u_char *) &su->su_sin.sin_port;
|
1993-03-21 12:45:37 +03:00
|
|
|
#define UC(b) (((int) b) & 0xff)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "%s (%d,%d,%d,%d,%d,%d)",
|
2000-06-14 17:44:21 +04:00
|
|
|
ispassive ? "PASV" : "PORT" ,
|
1999-07-02 09:52:14 +04:00
|
|
|
UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
|
|
|
|
UC(p[0]), UC(p[1]));
|
|
|
|
}
|
|
|
|
|
2000-06-14 17:44:21 +04:00
|
|
|
/* LPSV/LPRT */
|
1999-07-02 09:52:14 +04:00
|
|
|
{
|
|
|
|
int alen, af, i;
|
|
|
|
|
|
|
|
alen = 0;
|
|
|
|
switch (su->su_family) {
|
|
|
|
case AF_INET:
|
|
|
|
a = (u_char *) &su->su_sin.sin_addr;
|
|
|
|
p = (u_char *) &su->su_sin.sin_port;
|
|
|
|
alen = sizeof(su->su_sin.sin_addr);
|
|
|
|
af = 4;
|
|
|
|
break;
|
|
|
|
case AF_INET6:
|
|
|
|
a = (u_char *) &su->su_sin6.sin6_addr;
|
|
|
|
p = (u_char *) &su->su_sin6.sin6_port;
|
|
|
|
alen = sizeof(su->su_sin6.sin6_addr);
|
|
|
|
af = 6;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
af = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (af) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, " %s (%d,%d",
|
2000-06-14 17:44:21 +04:00
|
|
|
ispassive ? "LPSV" : "LPRT", af, alen);
|
1999-07-02 09:52:14 +04:00
|
|
|
for (i = 0; i < alen; i++)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, ",%d", UC(a[i]));
|
|
|
|
cprintf(stdout, ",%d,%d,%d)", 2, UC(p[0]), UC(p[1]));
|
1993-03-21 12:45:37 +03:00
|
|
|
#undef UC
|
1999-07-02 09:52:14 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* EPRT/EPSV */
|
2000-05-21 03:34:55 +04:00
|
|
|
epsvonly:
|
1999-07-02 09:52:14 +04:00
|
|
|
switch (su->su_family) {
|
|
|
|
case AF_INET:
|
|
|
|
af = 1;
|
|
|
|
break;
|
|
|
|
case AF_INET6:
|
|
|
|
af = 2;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
af = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (af) {
|
|
|
|
if (getnameinfo((struct sockaddr *)su, su->su_len,
|
2000-06-14 17:44:21 +04:00
|
|
|
ntop_buf, sizeof(ntop_buf), NULL, 0,
|
1999-07-02 09:52:14 +04:00
|
|
|
NI_NUMERICHOST) == 0) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "%s (|%d|%s|%d|)",
|
2000-06-14 17:44:21 +04:00
|
|
|
ispassive ? "EPSV" : "EPRT",
|
|
|
|
af, ntop_buf, ntohs(su->su_port));
|
1999-07-02 09:52:14 +04:00
|
|
|
}
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
} else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "No data connection");
|
1999-05-17 19:14:53 +04:00
|
|
|
|
|
|
|
if (logged_in) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Data sent: %qd byte%s in %qd file%s",
|
1999-05-25 01:57:19 +04:00
|
|
|
(qdfmt_t)total_data_out, PLURAL(total_data_out),
|
|
|
|
(qdfmt_t)total_files_out, PLURAL(total_files_out));
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Data received: %qd byte%s in %qd file%s",
|
1999-05-25 01:57:19 +04:00
|
|
|
(qdfmt_t)total_data_in, PLURAL(total_data_in),
|
|
|
|
(qdfmt_t)total_files_in, PLURAL(total_files_in));
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Total data: %qd byte%s in %qd file%s",
|
1999-05-25 01:57:19 +04:00
|
|
|
(qdfmt_t)total_data, PLURAL(total_data),
|
|
|
|
(qdfmt_t)total_files, PLURAL(total_files));
|
1999-05-17 19:14:53 +04:00
|
|
|
}
|
|
|
|
otbi = total_bytes_in;
|
|
|
|
otbo = total_bytes_out;
|
|
|
|
otb = total_bytes;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Traffic sent: %qd byte%s in %qd transfer%s",
|
1999-05-25 01:57:19 +04:00
|
|
|
(qdfmt_t)otbo, PLURAL(otbo),
|
|
|
|
(qdfmt_t)total_xfers_out, PLURAL(total_xfers_out));
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Traffic received: %qd byte%s in %qd transfer%s",
|
1999-05-25 01:57:19 +04:00
|
|
|
(qdfmt_t)otbi, PLURAL(otbi),
|
|
|
|
(qdfmt_t)total_xfers_in, PLURAL(total_xfers_in));
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Total traffic: %qd byte%s in %qd transfer%s",
|
1999-05-25 01:57:19 +04:00
|
|
|
(qdfmt_t)otb, PLURAL(otb),
|
|
|
|
(qdfmt_t)total_xfers, PLURAL(total_xfers));
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
|
|
|
if (logged_in) {
|
|
|
|
struct ftpconv *cp;
|
|
|
|
|
2000-07-08 22:24:28 +04:00
|
|
|
reply(0, "%s", "");
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Class: %s, type: %s",
|
1999-12-21 15:56:15 +03:00
|
|
|
curclass.classname, CURCLASSTYPE);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Check PORT/LPRT commands: %sabled",
|
1997-11-11 15:42:24 +03:00
|
|
|
curclass.checkportcmd ? "en" : "dis");
|
2000-07-17 06:30:52 +04:00
|
|
|
if (! EMPTYSTR(curclass.display))
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Display file: %s", curclass.display);
|
2000-07-17 06:30:52 +04:00
|
|
|
if (! EMPTYSTR(curclass.notify))
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Notify fileglob: %s", curclass.notify);
|
|
|
|
reply(0, "Idle timeout: %d, maximum timeout: %d",
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
curclass.timeout, curclass.maxtimeout);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Current connections: %d", connections);
|
2000-01-08 14:09:56 +03:00
|
|
|
if (curclass.limit == -1)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Maximum connections: unlimited");
|
2000-01-08 14:09:56 +03:00
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Maximum connections: %d", curclass.limit);
|
2000-01-08 14:09:56 +03:00
|
|
|
if (curclass.limitfile)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Connection limit exceeded file: %s",
|
2000-01-08 14:09:56 +03:00
|
|
|
curclass.limitfile);
|
2000-07-17 06:30:52 +04:00
|
|
|
if (! EMPTYSTR(curclass.chroot))
|
|
|
|
reply(0, "Chroot format: %s", curclass.chroot);
|
|
|
|
if (! EMPTYSTR(curclass.homedir))
|
|
|
|
reply(0, "Homedir format: %s", curclass.homedir);
|
|
|
|
if (! EMPTYSTR(curclass.motd))
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "MotD file: %s", curclass.motd);
|
|
|
|
reply(0,
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
"Modify commands (CHMOD, DELE, MKD, RMD, RNFR, UMASK): %sabled",
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
curclass.modify ? "en" : "dis");
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Upload commands (APPE, STOR, STOU): %sabled",
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.upload ? "en" : "dis");
|
2000-01-13 03:04:31 +03:00
|
|
|
if (curclass.portmin && curclass.portmax)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "PASV port range: %d - %d",
|
2000-01-13 03:04:31 +03:00
|
|
|
curclass.portmin, curclass.portmax);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.rateget)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Rate get limit: %d bytes/sec",
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.rateget);
|
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Rate get limit: disabled");
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.rateput)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Rate put limit: %d bytes/sec",
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.rateput);
|
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Rate put limit: disabled");
|
|
|
|
reply(0, "Umask: %.04o", curclass.umask);
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
for (cp = curclass.conversions; cp != NULL; cp=cp->next) {
|
|
|
|
if (cp->suffix == NULL || cp->types == NULL ||
|
|
|
|
cp->command == NULL)
|
|
|
|
continue;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Conversion: %s [%s] disable: %s, command: %s",
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
cp->suffix, cp->types, cp->disable, cp->command);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(211, "End of status");
|
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
fatal(const char *s)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(451, "Error in server: %s\n", s);
|
|
|
|
reply(221, "Closing connection due to server error.");
|
|
|
|
dologout(0);
|
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
|
2000-06-14 17:44:21 +04:00
|
|
|
/*
|
|
|
|
* reply() --
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
* depending on the value of n, display fmt with a trailing CRLF and
|
|
|
|
* prefix of:
|
|
|
|
* n < -1 prefix the message with abs(n) + "-" (initial line)
|
|
|
|
* n == 0 prefix the message with 4 spaces (middle lines)
|
|
|
|
* n > 0 prefix the message with n + " " (final line)
|
2000-06-14 17:44:21 +04:00
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
|
|
|
reply(int n, const char *fmt, ...)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-05-17 19:14:53 +04:00
|
|
|
off_t b;
|
1994-06-29 05:49:37 +04:00
|
|
|
va_list ap;
|
2000-05-20 06:20:18 +04:00
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
va_start(ap, fmt);
|
1999-05-17 19:14:53 +04:00
|
|
|
b = 0;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
if (n == 0)
|
|
|
|
cprintf(stdout, " ");
|
|
|
|
else if (n < 0)
|
|
|
|
cprintf(stdout, "%d-", -n);
|
|
|
|
else
|
|
|
|
cprintf(stdout, "%d ", n);
|
|
|
|
b = vprintf(fmt, ap);
|
1999-05-17 19:14:53 +04:00
|
|
|
total_bytes += b;
|
|
|
|
total_bytes_out += b;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, "\r\n");
|
1993-03-21 12:45:37 +03:00
|
|
|
(void)fflush(stdout);
|
|
|
|
if (debug) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
syslog(LOG_DEBUG, "<--- %d%c", abs(n), (n < 0) ? '-' : ' ');
|
1994-06-29 05:49:37 +04:00
|
|
|
vsyslog(LOG_DEBUG, fmt, ap);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
static void
|
2000-05-20 06:20:18 +04:00
|
|
|
dolog(struct sockaddr *who)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-12-18 09:33:54 +03:00
|
|
|
getnameinfo(who, who->sa_len, remotehost, sizeof(remotehost), NULL,0,0);
|
1994-04-14 07:15:37 +04:00
|
|
|
#ifdef HASSETPROCTITLE
|
1994-06-29 05:49:37 +04:00
|
|
|
snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
|
2000-07-06 02:15:04 +04:00
|
|
|
setproctitle("%s", proctitle);
|
1994-04-14 07:15:37 +04:00
|
|
|
#endif /* HASSETPROCTITLE */
|
1994-06-29 05:49:37 +04:00
|
|
|
if (logging)
|
1999-12-18 09:33:54 +03:00
|
|
|
syslog(LOG_INFO, "connection from %s to %s",
|
|
|
|
remotehost, hostname);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Record logout in wtmp file
|
|
|
|
* and exit with supplied status.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
dologout(int status)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1997-01-23 08:57:55 +03:00
|
|
|
/*
|
|
|
|
* Prevent reception of SIGURG from resulting in a resumption
|
|
|
|
* back to the main program loop.
|
|
|
|
*/
|
|
|
|
transflag = 0;
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if (logged_in) {
|
2000-07-26 17:53:33 +04:00
|
|
|
if (dowtmp)
|
|
|
|
logwtmp(ttyline, "", "");
|
1999-12-18 08:51:34 +03:00
|
|
|
if (doutmp)
|
|
|
|
logout(utmp.ut_line);
|
1997-10-12 17:18:56 +04:00
|
|
|
#ifdef KERBEROS
|
1994-03-30 06:49:15 +04:00
|
|
|
if (!notickets && krbtkfile_env)
|
|
|
|
unlink(krbtkfile_env);
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
/* beware of flushing buffers after a SIGPIPE */
|
|
|
|
_exit(status);
|
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
static void
|
2000-05-20 06:20:18 +04:00
|
|
|
myoob(int signo)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
char *cp;
|
|
|
|
|
|
|
|
/* only process if transfer occurring */
|
|
|
|
if (!transflag)
|
|
|
|
return;
|
|
|
|
cp = tmpline;
|
|
|
|
if (getline(cp, 7, stdin) == NULL) {
|
|
|
|
reply(221, "You could at least say goodbye.");
|
|
|
|
dologout(0);
|
|
|
|
}
|
1998-09-07 12:11:20 +04:00
|
|
|
if (strcasecmp(cp, "ABOR\r\n") == 0) {
|
1993-03-21 12:45:37 +03:00
|
|
|
tmpline[0] = '\0';
|
|
|
|
reply(426, "Transfer aborted. Data connection closed.");
|
|
|
|
reply(226, "Abort successful");
|
|
|
|
longjmp(urgcatch, 1);
|
|
|
|
}
|
1998-09-07 12:11:20 +04:00
|
|
|
if (strcasecmp(cp, "STAT\r\n") == 0) {
|
1999-12-18 08:51:34 +03:00
|
|
|
tmpline[0] = '\0';
|
1993-03-21 12:45:37 +03:00
|
|
|
if (file_size != (off_t) -1)
|
1999-05-17 19:14:53 +04:00
|
|
|
reply(213, "Status: %qd of %qd byte%s transferred",
|
1999-05-25 01:57:19 +04:00
|
|
|
(qdfmt_t)byte_count, (qdfmt_t)file_size,
|
|
|
|
PLURAL(byte_count));
|
1993-03-21 12:45:37 +03:00
|
|
|
else
|
1999-05-17 19:14:53 +04:00
|
|
|
reply(213, "Status: %qd byte%s transferred",
|
1999-05-25 01:57:19 +04:00
|
|
|
(qdfmt_t)byte_count, PLURAL(byte_count));
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-01-13 01:39:27 +03:00
|
|
|
static int
|
2000-05-20 06:20:18 +04:00
|
|
|
bind_pasv_addr(void)
|
2000-01-13 01:39:27 +03:00
|
|
|
{
|
|
|
|
static int passiveport;
|
|
|
|
int port, len;
|
|
|
|
|
|
|
|
len = pasv_addr.su_len;
|
|
|
|
if (curclass.portmin == 0 && curclass.portmax == 0) {
|
|
|
|
pasv_addr.su_port = 0;
|
|
|
|
return (bind(pdata, (struct sockaddr *)&pasv_addr, len));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (passiveport == 0) {
|
|
|
|
srand(getpid());
|
|
|
|
passiveport = rand() % (curclass.portmax - curclass.portmin)
|
|
|
|
+ curclass.portmin;
|
|
|
|
}
|
|
|
|
|
|
|
|
port = passiveport;
|
|
|
|
while (1) {
|
|
|
|
port++;
|
|
|
|
if (port > curclass.portmax)
|
|
|
|
port = curclass.portmin;
|
|
|
|
else if (port == passiveport) {
|
|
|
|
errno = EAGAIN;
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
pasv_addr.su_port = htons(port);
|
|
|
|
if (bind(pdata, (struct sockaddr *)&pasv_addr, len) == 0)
|
|
|
|
break;
|
|
|
|
if (errno != EADDRINUSE)
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
passiveport = port;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Note: a response of 425 is not mentioned as a possible response to
|
1994-06-29 05:49:37 +04:00
|
|
|
* the PASV command in RFC959. However, it has been blessed as
|
|
|
|
* a legitimate response by Jon Postel in a telephone conversation
|
1993-03-21 12:45:37 +03:00
|
|
|
* with Rick Adams on 25 Jan 89.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
passive(void)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
int len;
|
1994-06-29 05:49:37 +04:00
|
|
|
char *p, *a;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-12-09 14:18:05 +03:00
|
|
|
if (pdata >= 0)
|
|
|
|
close(pdata);
|
1993-03-21 12:45:37 +03:00
|
|
|
pdata = socket(AF_INET, SOCK_STREAM, 0);
|
1997-05-29 14:31:48 +04:00
|
|
|
if (pdata < 0 || !logged_in) {
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(425, "Can't open passive connection");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
pasv_addr = ctrl_addr;
|
2000-01-13 01:39:27 +03:00
|
|
|
|
|
|
|
if (bind_pasv_addr() < 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
goto pasv_error;
|
2000-01-13 01:39:27 +03:00
|
|
|
len = pasv_addr.su_len;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
|
|
|
|
goto pasv_error;
|
|
|
|
if (listen(pdata, 1) < 0)
|
|
|
|
goto pasv_error;
|
1999-07-02 09:52:14 +04:00
|
|
|
a = (char *) &pasv_addr.su_sin.sin_addr;
|
|
|
|
p = (char *) &pasv_addr.su_port;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
#define UC(b) (((int) b) & 0xff)
|
|
|
|
|
|
|
|
reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
|
|
|
|
UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
|
|
|
|
return;
|
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
pasv_error:
|
1999-07-02 09:52:14 +04:00
|
|
|
(void) close(pdata);
|
|
|
|
pdata = -1;
|
|
|
|
perror_reply(425, "Can't open passive connection");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* 228 Entering Long Passive Mode (af, hal, h1, h2, h3,..., pal, p1, p2...)
|
|
|
|
* 229 Entering Extended Passive Mode (|||port|)
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
long_passive(char *cmd, int pf)
|
|
|
|
{
|
|
|
|
int len;
|
2000-01-13 01:39:27 +03:00
|
|
|
char *p, *a;
|
1999-07-02 09:52:14 +04:00
|
|
|
|
|
|
|
if (!logged_in) {
|
|
|
|
syslog(LOG_NOTICE, "long passive but not logged in");
|
|
|
|
reply(503, "Login with USER first.");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pf != PF_UNSPEC) {
|
|
|
|
if (ctrl_addr.su_family != pf) {
|
|
|
|
switch (ctrl_addr.su_family) {
|
|
|
|
case AF_INET:
|
|
|
|
pf = 1;
|
|
|
|
break;
|
|
|
|
case AF_INET6:
|
|
|
|
pf = 2;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
pf = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* XXX
|
|
|
|
* only EPRT/EPSV ready clients will understand this
|
|
|
|
*/
|
|
|
|
if (strcmp(cmd, "EPSV") == 0 && pf) {
|
|
|
|
reply(522, "Network protocol mismatch, "
|
|
|
|
"use (%d)", pf);
|
|
|
|
} else
|
|
|
|
reply(501, "Network protocol mismatch"); /*XXX*/
|
|
|
|
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
1999-12-09 14:18:05 +03:00
|
|
|
if (pdata >= 0)
|
|
|
|
close(pdata);
|
1999-07-02 09:52:14 +04:00
|
|
|
pdata = socket(ctrl_addr.su_family, SOCK_STREAM, 0);
|
|
|
|
if (pdata < 0) {
|
|
|
|
perror_reply(425, "Can't open passive connection");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
pasv_addr = ctrl_addr;
|
2000-01-13 01:39:27 +03:00
|
|
|
if (bind_pasv_addr() < 0)
|
1999-07-02 09:52:14 +04:00
|
|
|
goto pasv_error;
|
|
|
|
len = pasv_addr.su_len;
|
|
|
|
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
|
|
|
|
goto pasv_error;
|
|
|
|
if (listen(pdata, 1) < 0)
|
|
|
|
goto pasv_error;
|
|
|
|
p = (char *) &pasv_addr.su_port;
|
|
|
|
|
|
|
|
#define UC(b) (((int) b) & 0xff)
|
|
|
|
|
|
|
|
if (strcmp(cmd, "LPSV") == 0) {
|
|
|
|
switch (pasv_addr.su_family) {
|
|
|
|
case AF_INET:
|
|
|
|
a = (char *) &pasv_addr.su_sin.sin_addr;
|
|
|
|
reply(228, "Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d)",
|
|
|
|
4, 4, UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
|
|
|
|
2, UC(p[0]), UC(p[1]));
|
|
|
|
return;
|
|
|
|
case AF_INET6:
|
|
|
|
a = (char *) &pasv_addr.su_sin6.sin6_addr;
|
|
|
|
reply(228, "Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)",
|
|
|
|
6, 16,
|
|
|
|
UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
|
|
|
|
UC(a[4]), UC(a[5]), UC(a[6]), UC(a[7]),
|
|
|
|
UC(a[8]), UC(a[9]), UC(a[10]), UC(a[11]),
|
|
|
|
UC(a[12]), UC(a[13]), UC(a[14]), UC(a[15]),
|
|
|
|
2, UC(p[0]), UC(p[1]));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#undef UC
|
|
|
|
} else if (strcmp(cmd, "EPSV") == 0) {
|
|
|
|
switch (pasv_addr.su_family) {
|
|
|
|
case AF_INET:
|
|
|
|
case AF_INET6:
|
|
|
|
reply(229, "Entering Extended Passive Mode (|||%d|)",
|
|
|
|
ntohs(pasv_addr.su_port));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* more proper error code? */
|
|
|
|
}
|
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
pasv_error:
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) close(pdata);
|
|
|
|
pdata = -1;
|
|
|
|
perror_reply(425, "Can't open passive connection");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Generate unique name for file with basename "local".
|
|
|
|
* The file named "local" is already known to exist.
|
|
|
|
* Generates failure reply on error.
|
1997-07-21 09:13:10 +04:00
|
|
|
*
|
|
|
|
* XXX this function should under go changes similar to
|
|
|
|
* the mktemp(3)/mkstemp(3) changes.
|
1993-03-21 12:45:37 +03:00
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
static char *
|
2000-05-20 06:20:18 +04:00
|
|
|
gunique(const char *local)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
2000-01-08 14:09:56 +03:00
|
|
|
static char new[MAXPATHLEN];
|
1993-03-21 12:45:37 +03:00
|
|
|
struct stat st;
|
1994-06-29 05:49:37 +04:00
|
|
|
char *cp;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
int count;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
cp = strrchr(local, '/');
|
1993-03-21 12:45:37 +03:00
|
|
|
if (cp)
|
|
|
|
*cp = '\0';
|
|
|
|
if (stat(cp ? local : ".", &st) < 0) {
|
|
|
|
perror_reply(553, cp ? local : ".");
|
1998-09-06 14:39:40 +04:00
|
|
|
return (NULL);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
if (cp)
|
|
|
|
*cp = '/';
|
|
|
|
for (count = 1; count < 100; count++) {
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
(void)snprintf(new, sizeof(new) - 1, "%s.%d", local, count);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (stat(new, &st) < 0)
|
1994-06-29 05:49:37 +04:00
|
|
|
return (new);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
reply(452, "Unique file name cannot be created.");
|
1994-06-29 05:49:37 +04:00
|
|
|
return (NULL);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Format and send reply containing system error number.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
perror_reply(int code, const char *string)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-05-17 19:14:53 +04:00
|
|
|
int save_errno;
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1999-05-17 19:14:53 +04:00
|
|
|
save_errno = errno;
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(code, "%s: %s.", string, strerror(errno));
|
1999-05-17 19:14:53 +04:00
|
|
|
errno = save_errno;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static char *onefile[] = {
|
|
|
|
"",
|
|
|
|
0
|
|
|
|
};
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
send_file_list(const char *whichf)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
struct stat st;
|
|
|
|
DIR *dirp = NULL;
|
|
|
|
struct dirent *dir;
|
|
|
|
FILE *dout = NULL;
|
1999-05-17 19:14:53 +04:00
|
|
|
char **dirlist, *dirname, *p;
|
1993-03-21 12:45:37 +03:00
|
|
|
int simple = 0;
|
1994-06-29 05:49:37 +04:00
|
|
|
int freeglob = 0;
|
|
|
|
glob_t gl;
|
1999-05-17 19:14:53 +04:00
|
|
|
off_t b;
|
|
|
|
|
1997-06-18 23:05:46 +04:00
|
|
|
#ifdef __GNUC__
|
|
|
|
(void) &dout;
|
|
|
|
(void) &dirlist;
|
|
|
|
(void) &simple;
|
|
|
|
(void) &freeglob;
|
|
|
|
#endif
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1999-05-17 19:14:53 +04:00
|
|
|
p = NULL;
|
1994-06-29 05:49:37 +04:00
|
|
|
if (strpbrk(whichf, "~{[*?") != NULL) {
|
1998-06-20 02:58:04 +04:00
|
|
|
int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE;
|
1994-06-29 05:49:37 +04:00
|
|
|
|
|
|
|
memset(&gl, 0, sizeof(gl));
|
|
|
|
freeglob = 1;
|
|
|
|
if (glob(whichf, flags, 0, &gl)) {
|
|
|
|
reply(550, "not found");
|
|
|
|
goto out;
|
|
|
|
} else if (gl.gl_pathc == 0) {
|
1993-03-21 12:45:37 +03:00
|
|
|
errno = ENOENT;
|
1994-06-29 05:49:37 +04:00
|
|
|
perror_reply(550, whichf);
|
|
|
|
goto out;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
dirlist = gl.gl_pathv;
|
1993-03-21 12:45:37 +03:00
|
|
|
} else {
|
1999-05-17 19:14:53 +04:00
|
|
|
p = xstrdup(whichf);
|
|
|
|
onefile[0] = p;
|
1993-03-21 12:45:37 +03:00
|
|
|
dirlist = onefile;
|
|
|
|
simple = 1;
|
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
/* XXX: } for vi sm */
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
if (setjmp(urgcatch)) {
|
|
|
|
transflag = 0;
|
1994-06-29 05:49:37 +04:00
|
|
|
goto out;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1997-04-27 07:21:38 +04:00
|
|
|
while ((dirname = *dirlist++) != NULL) {
|
1997-09-18 11:27:35 +04:00
|
|
|
int trailingslash = 0;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if (stat(dirname, &st) < 0) {
|
|
|
|
/*
|
|
|
|
* If user typed "ls -l", etc, and the client
|
|
|
|
* used NLST, do what the user meant.
|
|
|
|
*/
|
1999-12-07 08:30:53 +03:00
|
|
|
/* XXX: nuke this support? */
|
1993-03-21 12:45:37 +03:00
|
|
|
if (dirname[0] == '-' && *dirlist == NULL &&
|
|
|
|
transflag == 0) {
|
1999-12-07 08:30:53 +03:00
|
|
|
char *argv[] = { INTERNAL_LS, "", NULL };
|
|
|
|
|
|
|
|
argv[1] = dirname;
|
|
|
|
retrieve(argv, dirname);
|
1994-06-29 05:49:37 +04:00
|
|
|
goto out;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
perror_reply(550, whichf);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
goto cleanup_send_file_list;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
if (S_ISREG(st.st_mode)) {
|
1993-03-21 12:45:37 +03:00
|
|
|
if (dout == NULL) {
|
|
|
|
dout = dataconn("file list", (off_t)-1, "w");
|
|
|
|
if (dout == NULL)
|
1994-06-29 05:49:37 +04:00
|
|
|
goto out;
|
1993-03-21 12:45:37 +03:00
|
|
|
transflag++;
|
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
b = fprintf(dout, "%s%s\n", dirname,
|
|
|
|
type == TYPE_A ? "\r" : "");
|
|
|
|
total_bytes += b;
|
|
|
|
total_bytes_out += b;
|
1993-03-21 12:45:37 +03:00
|
|
|
byte_count += strlen(dirname) + 1;
|
|
|
|
continue;
|
1994-06-29 05:49:37 +04:00
|
|
|
} else if (!S_ISDIR(st.st_mode))
|
1993-03-21 12:45:37 +03:00
|
|
|
continue;
|
|
|
|
|
1997-09-18 11:27:35 +04:00
|
|
|
if (dirname[strlen(dirname) - 1] == '/')
|
|
|
|
trailingslash++;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if ((dirp = opendir(dirname)) == NULL)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
while ((dir = readdir(dirp)) != NULL) {
|
2000-01-08 14:09:56 +03:00
|
|
|
char nbuf[MAXPATHLEN];
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-06-14 17:44:21 +04:00
|
|
|
if (ISDOTDIR(dir->d_name) || ISDOTDOTDIR(dir->d_name))
|
1993-03-21 12:45:37 +03:00
|
|
|
continue;
|
|
|
|
|
1997-09-18 11:27:35 +04:00
|
|
|
(void)snprintf(nbuf, sizeof(nbuf), "%s%s%s", dirname,
|
|
|
|
trailingslash ? "" : "/", dir->d_name);
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/*
|
1997-08-14 06:06:15 +04:00
|
|
|
* We have to do a stat to ensure it's
|
1993-03-21 12:45:37 +03:00
|
|
|
* not a directory or special file.
|
|
|
|
*/
|
1999-12-07 08:30:53 +03:00
|
|
|
/* XXX: follow RFC959 and filter out non files ? */
|
1993-03-21 12:45:37 +03:00
|
|
|
if (simple || (stat(nbuf, &st) == 0 &&
|
1994-06-29 05:49:37 +04:00
|
|
|
S_ISREG(st.st_mode))) {
|
1999-05-17 19:14:53 +04:00
|
|
|
char *p;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if (dout == NULL) {
|
|
|
|
dout = dataconn("file list", (off_t)-1,
|
|
|
|
"w");
|
|
|
|
if (dout == NULL)
|
1994-06-29 05:49:37 +04:00
|
|
|
goto out;
|
1993-03-21 12:45:37 +03:00
|
|
|
transflag++;
|
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
p = nbuf;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (nbuf[0] == '.' && nbuf[1] == '/')
|
1999-05-17 19:14:53 +04:00
|
|
|
p = &nbuf[2];
|
|
|
|
b = fprintf(dout, "%s%s\n", p,
|
|
|
|
type == TYPE_A ? "\r" : "");
|
|
|
|
total_bytes += b;
|
|
|
|
total_bytes_out += b;
|
1993-03-21 12:45:37 +03:00
|
|
|
byte_count += strlen(nbuf) + 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(void) closedir(dirp);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (dout == NULL)
|
|
|
|
reply(550, "No files found.");
|
|
|
|
else if (ferror(dout) != 0)
|
|
|
|
perror_reply(550, "Data connection");
|
|
|
|
else
|
|
|
|
reply(226, "Transfer complete.");
|
|
|
|
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cleanup_send_file_list:
|
1993-03-21 12:45:37 +03:00
|
|
|
transflag = 0;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
closedataconn(dout);
|
2000-05-21 03:34:55 +04:00
|
|
|
out:
|
1999-05-17 19:14:53 +04:00
|
|
|
total_xfers++;
|
|
|
|
total_xfers_out++;
|
|
|
|
if (p)
|
|
|
|
free(p);
|
|
|
|
if (freeglob)
|
1994-06-29 05:49:37 +04:00
|
|
|
globfree(&gl);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1997-09-23 17:56:39 +04:00
|
|
|
|
|
|
|
char *
|
2000-05-20 06:20:18 +04:00
|
|
|
conffilename(const char *s)
|
1997-09-23 17:56:39 +04:00
|
|
|
{
|
2000-01-08 14:09:56 +03:00
|
|
|
static char filename[MAXPATHLEN];
|
1997-09-23 17:56:39 +04:00
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (*s == '/')
|
|
|
|
strlcpy(filename, s, sizeof(filename));
|
|
|
|
else
|
|
|
|
(void)snprintf(filename, sizeof(filename), "%s/%s", confdir ,s);
|
|
|
|
return (filename);
|
1997-09-23 17:56:39 +04:00
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* logcmd --
|
|
|
|
* based on the arguments, syslog a message:
|
|
|
|
* if bytes != -1 "<command> <file1> = <bytes> bytes"
|
|
|
|
* else if file2 != NULL "<command> <file1> <file2>"
|
|
|
|
* else "<command> <file1>"
|
|
|
|
* if elapsed != NULL, append "in xxx.yyy seconds"
|
|
|
|
* if error != NULL, append ": " + error
|
|
|
|
*/
|
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
logcmd(const char *command, off_t bytes, const char *file1, const char *file2,
|
|
|
|
const struct timeval *elapsed, const char *error)
|
1999-05-17 19:14:53 +04:00
|
|
|
{
|
2000-01-08 14:09:56 +03:00
|
|
|
char buf[MAXPATHLEN * 2 + 100], realfile[MAXPATHLEN];
|
1999-05-17 19:14:53 +04:00
|
|
|
const char *p;
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
if (logging <=1)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if ((p = realpath(file1, realfile)) == NULL) {
|
1999-05-18 12:14:17 +04:00
|
|
|
#if 0 /* XXX: too noisy */
|
1999-05-17 19:14:53 +04:00
|
|
|
syslog(LOG_WARNING, "realpath `%s' failed: %s",
|
|
|
|
realfile, strerror(errno));
|
|
|
|
#endif
|
|
|
|
p = file1;
|
|
|
|
}
|
|
|
|
len = snprintf(buf, sizeof(buf), "%s %s", command, p);
|
|
|
|
|
|
|
|
if (bytes != (off_t)-1) {
|
|
|
|
len += snprintf(buf + len, sizeof(buf) - len,
|
1999-05-25 01:57:19 +04:00
|
|
|
" = %qd byte%s", (qdfmt_t) bytes, PLURAL(bytes));
|
1999-05-17 19:14:53 +04:00
|
|
|
} else if (file2 != NULL) {
|
|
|
|
if ((p = realpath(file2, realfile)) == NULL) {
|
1999-05-18 12:14:17 +04:00
|
|
|
#if 0 /* XXX: too noisy */
|
1999-05-17 19:14:53 +04:00
|
|
|
syslog(LOG_WARNING, "realpath `%s' failed: %s",
|
|
|
|
realfile, strerror(errno));
|
|
|
|
#endif
|
|
|
|
p = file2;
|
|
|
|
}
|
|
|
|
len += snprintf(buf + len, sizeof(buf) - len, " %s", p);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (elapsed != NULL) {
|
|
|
|
len += snprintf(buf + len, sizeof(buf) - len,
|
|
|
|
" in %ld.%.03d seconds", elapsed->tv_sec,
|
|
|
|
(int)(elapsed->tv_usec / 1000));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (error != NULL)
|
|
|
|
len += snprintf(buf + len, sizeof(buf) - len, ": %s", error);
|
|
|
|
|
|
|
|
syslog(LOG_INFO, "%s", buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
2000-05-20 06:20:18 +04:00
|
|
|
xstrdup(const char *s)
|
1999-05-17 19:14:53 +04:00
|
|
|
{
|
|
|
|
char *new = strdup(s);
|
|
|
|
|
|
|
|
if (new == NULL)
|
|
|
|
fatal("Local resource failure: malloc");
|
|
|
|
/* NOTREACHED */
|
|
|
|
return (new);
|
|
|
|
}
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* As per fprintf(), but increment total_bytes and total_bytes_out,
|
|
|
|
* by the appropriate amount.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
cprintf(FILE *fd, const char *fmt, ...)
|
|
|
|
{
|
|
|
|
off_t b;
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
|
|
|
b = vfprintf(fd, fmt, ap);
|
|
|
|
total_bytes += b;
|
|
|
|
total_bytes_out += b;
|
|
|
|
}
|