Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/libexec/ftpd/ftpd.c

3798 lines
90 KiB
C
Raw Normal View History

* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
/* $NetBSD: ftpd.c,v 1.168 2005/08/24 15:51:41 ginsbach Exp $ */
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
/*
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
* Copyright (c) 1997-2004 The NetBSD Foundation, Inc.
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
* All rights reserved.
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
*
* This code is derived from software contributed to The NetBSD Foundation
* by Luke Mewburn.
*
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the NetBSD
* Foundation, Inc. and its contributors.
* 4. Neither the name of The NetBSD Foundation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
*/
clean up RCS Id's and a couple of stype nits. Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
1995-04-11 06:44:45 +04:00
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
* Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
* The Regents of the University of California. All rights reserved.
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
Move UCB-licensed code from 4-clause to 3-clause licence. Patches provided by Joel Baker in PR 22284, verified by myself.
2003-08-07 13:46:37 +04:00
* 3. Neither the name of the University nor the names of its contributors
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
/*
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
* Copyright (C) 1997 and 1998 WIDE Project.
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
* All rights reserved.
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
*
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
*/
- Pass gcc -Wall - Fix incorrect const poisoning - Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
1997-06-18 23:05:46 +04:00
#include <sys/cdefs.h>
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#ifndef lint
- Pass gcc -Wall - Fix incorrect const poisoning - Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
1997-06-18 23:05:46 +04:00
__COPYRIGHT(
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
"@(#) Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994\n\
- Pass gcc -Wall - Fix incorrect const poisoning - Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
1997-06-18 23:05:46 +04:00
The Regents of the University of California. All rights reserved.\n");
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#endif /* not lint */
#ifndef lint
clean up RCS Id's and a couple of stype nits. Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
1995-04-11 06:44:45 +04:00
#if 0
4.4lite2 update. (The one minor bugfix between 4.4lite and 4.4lite2 was already in our sources, thus just the sccsid line is changed.)
1997-03-29 00:55:41 +03:00
static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95";
clean up RCS Id's and a couple of stype nits. Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
1995-04-11 06:44:45 +04:00
#else
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
__RCSID("$NetBSD: ftpd.c,v 1.168 2005/08/24 15:51:41 ginsbach Exp $");
clean up RCS Id's and a couple of stype nits. Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
1995-04-11 06:44:45 +04:00
#endif
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#endif /* not lint */
/*
* FTP server.
*/
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/wait.h>
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
#include <sys/mman.h>
#include <sys/resource.h>
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#define FTP_NAMES
#include <arpa/ftp.h>
#include <arpa/inet.h>
#include <arpa/telnet.h>
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
#include <ctype.h>
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#include <dirent.h>
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
#include <err.h>
#include <errno.h>
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#include <fcntl.h>
/etc/ftpusers now matches globs against the username. mycroft suggested this.
1997-04-29 08:00:39 +04:00
#include <fnmatch.h>
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
#include <glob.h>
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
#include <grp.h>
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
#include <limits.h>
#include <netdb.h>
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#include <pwd.h>
Implement option "-D", for running ftpd in standalone mode (daemon). ftpd will listen on the default FTP port for incoming connections and fork a child for each connection. This is lower overhead than starting ftpd from inetd(8) and thus might be useful on busy servers to reduce load. Inspired by FreeBSD. Reviewed by lukem@.
2005-08-04 21:41:35 +04:00
#include <poll.h>
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
#include <signal.h>
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
#include <stdarg.h>
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
#include <syslog.h>
#include <time.h>
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
#include <tzfile.h>
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
#include <unistd.h>
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
#include <util.h>
Disable UTMPX support for now, because ftpd might chroot and we need to keep files open.
2002-08-20 17:55:58 +04:00
#ifdef SUPPORT_UTMP
* move version to separate header file * use .Dv and .Tn in the man pages as appropriate * KNF a bit The following were inspired by similar changes in openbsd, but may have additional improvements by me: * add more check_login tests to the parser rules * nuke a few memory leaks in the parser rules * clear passwords before free()ing them, for safety * don't display \r\n in setproctitle() output * add support for -U, which enables managing /var/run/utmp entries for connections. solves [bin/2217] by Jason Downs <downsj@teeny.org> * fix oob handling for STAT command * use SIG_ERR instead of -1
1999-12-18 08:51:34 +03:00
#include <utmp.h>
Disable UTMPX support for now, because ftpd might chroot and we need to keep files open.
2002-08-20 17:55:58 +04:00
#endif
#ifdef SUPPORT_UTMPX
#include <utmpx.h>
#endif
- Pass gcc -Wall - Fix incorrect const poisoning - Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
1997-06-18 23:05:46 +04:00
#ifdef SKEY
#include <skey.h>
#endif
Add some krb5 hooks, though it probably doesn't work yet.
1997-10-12 18:04:36 +04:00
#ifdef KERBEROS5
Move include/kerberosIV/com_err.h to include/com_err.h
2000-02-14 06:26:06 +03:00
#include <com_err.h>
Make this compile with krb5.
1999-08-25 20:23:52 +04:00
#include <krb5/krb5.h>
Add some krb5 hooks, though it probably doesn't work yet.
1997-10-12 18:04:36 +04:00
#endif
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef LOGIN_CAP
#include <login_cap.h>
#endif
#ifdef USE_PAM
#include <security/pam_appl.h>
#endif
* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp> * change the way global variables are defined and extern-ed to be more consistent.
2000-01-13 01:39:27 +03:00
#define GLOBAL
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
#include "extern.h"
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
#include "pathnames.h"
* move version to separate header file * use .Dv and .Tn in the man pages as appropriate * KNF a bit The following were inspired by similar changes in openbsd, but may have additional improvements by me: * add more check_login tests to the parser rules * nuke a few memory leaks in the parser rules * clear passwords before free()ing them, for safety * don't display \r\n in setproctitle() output * add support for -U, which enables managing /var/run/utmp entries for connections. solves [bin/2217] by Jason Downs <downsj@teeny.org> * fix oob handling for STAT command * use SIG_ERR instead of -1
1999-12-18 08:51:34 +03:00
#include "version.h"
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
volatile sig_atomic_t transflag;
volatile sig_atomic_t urgflag;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
int data;
Implement option "-D", for running ftpd in standalone mode (daemon). ftpd will listen on the default FTP port for incoming connections and fork a child for each connection. This is lower overhead than starting ftpd from inetd(8) and thus might be useful on busy servers to reduce load. Inspired by FreeBSD. Reviewed by lukem@.
2005-08-04 21:41:35 +04:00
int Dflag;
add "-s" flag (SecureID).
1998-06-26 21:41:38 +04:00
int sflag;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
int stru; /* avoid C keyword */
int mode;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
int dataport; /* use specific data port */
int dopidfile; /* maintain pid file */
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
int doutmp; /* update utmp file */
add support for -W; don't log to wtmp (orthogonal of -U which logs to utmp). inspired by similar option in wuftpd.
2000-07-26 17:53:33 +04:00
int dowtmp; /* update wtmp file */
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
int doxferlog; /* syslog/write wu-ftpd style xferlog entries */
int xferlogfd; /* fd to write wu-ftpd xferlog entries to */
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
int dropprivs; /* if privileges should or have been dropped */
int mapped; /* IPv4 connection on AF_INET6 socket */
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
off_t file_size;
off_t byte_count;
clean up RCS Id's and a couple of stype nits. Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
1995-04-11 06:44:45 +04:00
static char ttyline[20];
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef USE_PAM
static int auth_pam(struct passwd **, const char *);
pam_handle_t *pamh = NULL;
#endif
Disable UTMPX support for now, because ftpd might chroot and we need to keep files open.
2002-08-20 17:55:58 +04:00
#ifdef SUPPORT_UTMP
* move version to separate header file * use .Dv and .Tn in the man pages as appropriate * KNF a bit The following were inspired by similar changes in openbsd, but may have additional improvements by me: * add more check_login tests to the parser rules * nuke a few memory leaks in the parser rules * clear passwords before free()ing them, for safety * don't display \r\n in setproctitle() output * add support for -U, which enables managing /var/run/utmp entries for connections. solves [bin/2217] by Jason Downs <downsj@teeny.org> * fix oob handling for STAT command * use SIG_ERR instead of -1
1999-12-18 08:51:34 +03:00
static struct utmp utmp; /* for utmp */
Disable UTMPX support for now, because ftpd might chroot and we need to keep files open.
2002-08-20 17:55:58 +04:00
#endif
#ifdef SUPPORT_UTMPX
static struct utmpx utmpx; /* for utmpx */
#endif
* complete fix for `multiple replies returned for single parse error' problem; move `hasyyerrored' state flag out of yylex() so that check_{login,modify} can also set it. * check result of check_login for PORT command * set initial timeout before the "setjmp(); for(;;) yyparse()", otherwise an invalid command after login incorrectly sets the timeout to 5 minutes (rather than what was set in ftpd.conf) * replace (char *)0 with NULL * move yyerror() from ftpd.c to ftpcmd.y * remove need for -Dunix, by using the version string from ftpd.c (instead of `BSD-199506') * move all extern-ed vars into extern.h
1998-09-06 14:39:40 +04:00
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
static const char *anondir = NULL;
initialise confdir to _DEFAULT_CONFDIR again, so that -C works...
2000-11-30 11:33:33 +03:00
static const char *confdir = _DEFAULT_CONFDIR;
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
Use sysconf(_SC_LOGIN_NAME_MAX) to determine the length of login names, rather than assuming LOGIN_NAME_MAX. Based on patch from Garrett Wollman via David O'Brien (both at FreeBSD.org)
2003-12-10 04:18:56 +03:00
static char *curname; /* current USER name */
static size_t curname_len; /* length of curname (include NUL) */
Add some krb5 hooks, though it probably doesn't work yet.
1997-10-12 18:04:36 +04:00
#if defined(KERBEROS) || defined(KERBEROS5)
Make this build again with crypto-us, after recent changes to k{,5}login.c.
2000-06-02 04:19:04 +04:00
int has_ccache = 0;
clean up RCS Id's and a couple of stype nits. Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
1995-04-11 06:44:45 +04:00
int notickets = 1;
char *krbtkfile_env = NULL;
Make this build again with crypto-us, after recent changes to k{,5}login.c.
2000-06-02 04:19:04 +04:00
char *tty = ttyline;
make this compile with KERBEROS5 defined. Note: only one of KERBEROS or KERBEROS5 may be defined in this file...
2000-06-02 18:47:19 +04:00
int login_krb5_forwardable_tgt = 0;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
#endif
some changes to make Kerberos a bit easier to use. from Michael Graff <explorer@vorpal.com>, with some work by myself...
1994-03-30 06:49:15 +04:00
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
int epsvall = 0;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
* Timeout intervals for retrying connections
* to hosts that don't accept PORT cmds. This
* is a kludge, but given the problems with TCP...
*/
#define SWAITMAX 90 /* wait at most 90 seconds */
#define SWAITINT 5 /* interval between retries */
int swaitmax = SWAITMAX;
int swaitint = SWAITINT;
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
enum send_status {
SS_SUCCESS,
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
SS_ABORTED, /* transfer aborted */
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
SS_NO_TRANSFER, /* no transfer made yet */
SS_FILE_ERROR, /* file read error */
SS_DATA_ERROR /* data send error */
};
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
static int bind_pasv_addr(void);
static int checkuser(const char *, const char *, int, int, char **);
static int checkaccess(const char *);
- rename valid_passwd() -> checkpassword() - move check for expired accounts from pass() into checkpassword()
2000-11-30 09:06:08 +03:00
static int checkpassword(const struct passwd *, const char *);
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
static void end_login(void);
static FILE *getdatasock(const char *);
static char *gunique(const char *);
Don't write trash in ut_ss; either initialize it to 0, or put in the proper information.
2004-11-11 04:14:10 +03:00
static void login_utmp(const char *, const char *, const char *,
struct sockinet *);
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
static void logremotehost(struct sockinet *);
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
static void lostconn(int);
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
static void toolong(int);
static void sigquit(int);
static void sigurg(int);
static int handleoobcmd(void);
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
static int receive_data(FILE *, FILE *);
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
static int send_data(FILE *, FILE *, const struct stat *, int);
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
static struct passwd *sgetpwnam(const char *);
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
static int write_data(int, char *, size_t, off_t *, struct timeval *,
int);
static enum send_status
send_data_with_read(int, int, const struct stat *, int);
static enum send_status
send_data_with_mmap(int, int, const struct stat *, int);
static void logrusage(const struct rusage *, const struct rusage *);
Disable UTMPX support for now, because ftpd might chroot and we need to keep files open.
2002-08-20 17:55:58 +04:00
static void logout_utmp(void);
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
int main(int, char *[]);
- Pass gcc -Wall - Fix incorrect const poisoning - Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
1997-06-18 23:05:46 +04:00
make this compile with KERBEROS5 defined. Note: only one of KERBEROS or KERBEROS5 may be defined in this file...
2000-06-02 18:47:19 +04:00
#if defined(KERBEROS)
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
int klogin(struct passwd *, char *, char *, char *);
void kdestroy(void);
Need prototype for klogin() - probably ought to go in a header file, but klogin probably ought to go in a library first
1997-06-21 08:38:54 +04:00
#endif
make this compile with KERBEROS5 defined. Note: only one of KERBEROS or KERBEROS5 may be defined in this file...
2000-06-02 18:47:19 +04:00
#if defined(KERBEROS5)
int k5login(struct passwd *, char *, char *, char *);
void k5destroy(void);
#endif
* fix a problem in retrieve() where arguments to commands weren't working (this was broken in the last commit). problem noticed by simonb@ * don't display the stderr output of the internal ls. * modify usage of lreply so that generally only one `XXX-' code per `block' is displayed; the rest of the lines have four spaces instead. i find this easier to read. * fix a couple places where byte accounting wasn't correct
1999-05-18 12:14:17 +04:00
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
int
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
main(int argc, char *argv[])
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
* add support for `-h hostname', which defines the hostname to advertise as (useful for virtual ftp servers in conjunction with inetd.conf(5)'s ability to bind to a specific address). if this option is used, add `hostname' to the syslog messages. * improve documentation of command-line options * don't allow class names of `all' or `none' in ftpusers
1999-12-16 05:21:37 +03:00
int addrlen, ch, on = 1, tos, keepalive;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
#ifdef KERBEROS5
* add support for `-h hostname', which defines the hostname to advertise as (useful for virtual ftp servers in conjunction with inetd.conf(5)'s ability to bind to a specific address). if this option is used, add `hostname' to the syslog messages. * improve documentation of command-line options * don't allow class names of `all' or `none' in ftpusers
1999-12-16 05:21:37 +03:00
krb5_error_code kerror;
Add some krb5 hooks, though it probably doesn't work yet.
1997-10-12 18:04:36 +04:00
#endif
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
char *p;
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
const char *xferlogname = NULL;
audit use of strto* - beware of ERANGE, as well as typecast on result.
2002-11-16 06:10:34 +03:00
long l;
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
struct sigaction sa;
Implement option "-D", for running ftpd in standalone mode (daemon). ftpd will listen on the default FTP port for incoming connections and fork a child for each connection. This is lower overhead than starting ftpd from inetd(8) and thus might be useful on busy servers to reduce load. Inspired by FreeBSD. Reviewed by lukem@.
2005-08-04 21:41:35 +04:00
sa_family_t af = AF_UNSPEC;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
* don't bother with a version[] string, just use the macro as appropriate * clean some more of the GLOBAL stuff * fix unused var if -UHASSETPROCTITLE
2000-03-05 09:12:19 +03:00
connections = 1;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
debug = 0;
- add '-C user', which runs checkaccess(user) and exits with the result (0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers). from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods - getopt returns -1 not EOF - in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 18:25:30 +04:00
logging = 0;
* don't bother with a version[] string, just use the macro as appropriate * clean some more of the GLOBAL stuff * fix unused var if -UHASSETPROCTITLE
2000-03-05 09:12:19 +03:00
pdata = -1;
Implement option "-D", for running ftpd in standalone mode (daemon). ftpd will listen on the default FTP port for incoming connections and fork a child for each connection. This is lower overhead than starting ftpd from inetd(8) and thus might be useful on busy servers to reduce load. Inspired by FreeBSD. Reviewed by lukem@.
2005-08-04 21:41:35 +04:00
Dflag = 0;
add "-s" flag (SecureID).
1998-06-26 21:41:38 +04:00
sflag = 0;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
dataport = 0;
dopidfile = 1; /* default: DO use a pid file to count users */
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
doutmp = 0; /* default: Do NOT log to utmp */
add support for -W; don't log to wtmp (orthogonal of -U which logs to utmp). inspired by similar option in wuftpd.
2000-07-26 17:53:33 +04:00
dowtmp = 1; /* default: DO log to wtmp */
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
doxferlog = 0; /* default: Do NOT syslog xferlog */
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
xferlogfd = -1; /* default: Do NOT write xferlog file */
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
dropprivs = 0;
mapped = 0;
* don't bother with a version[] string, just use the macro as appropriate * clean some more of the GLOBAL stuff * fix unused var if -UHASSETPROCTITLE
2000-03-05 09:12:19 +03:00
usedefault = 1;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
emailaddr = NULL;
* add back support for `-h hostname'; it still may be useful to override the name advertised to the client, even if ftpd can determine it from the ip address that ftpd is bound to. requested by mrg. * remove -4/-6; they were effectively no-ops since itojun's change in 1.75. * crank version
1999-12-19 03:09:31 +03:00
hostname[0] = '\0';
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
homedir[0] = '\0';
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
gidcount = 0;
As threatened, handle OOB commands from within ftpcmd.y. This involved changing the yacc syntax to be line-oriented, rather than having it run against the entire input at once, and adding a flag to struct tab, to indicate if or not it's acceptable for a command to occur OOB.
2001-04-02 03:04:30 +04:00
is_oob = 0;
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
version = FTPD_VERSION;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
/*
* LOG_NDELAY sets up the logging connection immediately,
* necessary for anonymous ftp's that chroot and can't do it later.
*/
openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
Implement option "-D", for running ftpd in standalone mode (daemon). ftpd will listen on the default FTP port for incoming connections and fork a child for each connection. This is lower overhead than starting ftpd from inetd(8) and thus might be useful on busy servers to reduce load. Inspired by FreeBSD. Reviewed by lukem@.
2005-08-04 21:41:35 +04:00
while ((ch = getopt(argc, argv,
"46a:c:C:Dde:h:HlL:P:qQrst:T:uUvV:wWX")) != -1) {
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
switch (ch) {
Implement option "-D", for running ftpd in standalone mode (daemon). ftpd will listen on the default FTP port for incoming connections and fork a child for each connection. This is lower overhead than starting ftpd from inetd(8) and thus might be useful on busy servers to reduce load. Inspired by FreeBSD. Reviewed by lukem@.
2005-08-04 21:41:35 +04:00
case '4':
af = AF_INET;
break;
case '6':
af = AF_INET6;
break;
Allow setting the directory to which anonymous users chdir from the command line. Document -u option. A couple of minor cleanups.
1997-05-24 02:09:48 +04:00
case 'a':
anondir = optarg;
break;
implement '-c confdir', which allows the specification of an alternate directory to look for the various configuration files, overriding /etc. From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 17:56:39 +04:00
case 'c':
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
confdir = optarg;
implement '-c confdir', which allows the specification of an alternate directory to look for the various configuration files, overriding /etc. From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 17:56:39 +04:00
break;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
- add '-C user', which runs checkaccess(user) and exits with the result (0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers). from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods - getopt returns -1 not EOF - in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 18:25:30 +04:00
case 'C':
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
pw = sgetpwnam(optarg);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
exit(checkaccess(optarg) ? 0 : 1);
- add '-C user', which runs checkaccess(user) and exits with the result (0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers). from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods - getopt returns -1 not EOF - in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 18:25:30 +04:00
/* NOTREACHED */
implement '-c confdir', which allows the specification of an alternate directory to look for the various configuration files, overriding /etc. From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 17:56:39 +04:00
Implement option "-D", for running ftpd in standalone mode (daemon). ftpd will listen on the default FTP port for incoming connections and fork a child for each connection. This is lower overhead than starting ftpd from inetd(8) and thus might be useful on busy servers to reduce load. Inspired by FreeBSD. Reviewed by lukem@.
2005-08-04 21:41:35 +04:00
case 'D':
Dflag = 1;
break;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
case 'd':
Allow setting the directory to which anonymous users chdir from the command line. Document -u option. A couple of minor cleanups.
1997-05-24 02:09:48 +04:00
case 'v': /* deprecated */
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
debug = 1;
break;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
case 'e':
emailaddr = optarg;
break;
* add back support for `-h hostname'; it still may be useful to override the name advertised to the client, even if ftpd can determine it from the ip address that ftpd is bound to. requested by mrg. * remove -4/-6; they were effectively no-ops since itojun's change in 1.75. * crank version
1999-12-19 03:09:31 +03:00
case 'h':
strlcpy(hostname, optarg, sizeof(hostname));
break;
* add -H, which acts like -h `hostname`. (requested by kim@) * refer to draft-ietf-ftpext-mlst-11 instead of -10
2000-07-15 07:45:19 +04:00
case 'H':
if (gethostname(hostname, sizeof(hostname)) == -1)
hostname[0] = '\0';
hostname[sizeof(hostname) - 1] = '\0';
break;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
case 'l':
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
logging++; /* > 1 == extra logging */
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
break;
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
case 'L':
xferlogname = optarg;
break;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
case 'P':
audit use of strto* - beware of ERANGE, as well as typecast on result.
2002-11-16 06:10:34 +03:00
errno = 0;
p = NULL;
l = strtol(optarg, &p, 10);
if (errno || *optarg == '\0' || *p != '\0' ||
l < IPPORT_RESERVED ||
l > IPPORT_ANONMAX) {
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
syslog(LOG_WARNING, "Invalid dataport %s",
optarg);
dataport = 0;
}
audit use of strto* - beware of ERANGE, as well as typecast on result.
2002-11-16 06:10:34 +03:00
dataport = (int)l;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
break;
case 'q':
dopidfile = 1;
break;
case 'Q':
dopidfile = 0;
break;
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
case 'r':
dropprivs = 1;
break;
add "-s" flag (SecureID).
1998-06-26 21:41:38 +04:00
case 's':
sflag = 1;
break;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
case 't':
case 'T':
consistently use syslog priorities
2001-01-10 03:20:49 +03:00
syslog(LOG_WARNING,
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
"-%c has been deprecated in favour of ftpd.conf",
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
ch);
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
break;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
case 'u':
* move version to separate header file * use .Dv and .Tn in the man pages as appropriate * KNF a bit The following were inspired by similar changes in openbsd, but may have additional improvements by me: * add more check_login tests to the parser rules * nuke a few memory leaks in the parser rules * clear passwords before free()ing them, for safety * don't display \r\n in setproctitle() output * add support for -U, which enables managing /var/run/utmp entries for connections. solves [bin/2217] by Jason Downs <downsj@teeny.org> * fix oob handling for STAT command * use SIG_ERR instead of -1
1999-12-18 08:51:34 +03:00
doutmp = 1;
break;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
case 'U':
doutmp = 0;
break;
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
case 'V':
if (EMPTYSTR(optarg) || strcmp(optarg, "-") == 0)
version = NULL;
else
version = xstrdup(optarg);
break;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
case 'w':
dowtmp = 1;
break;
add support for -W; don't log to wtmp (orthogonal of -U which logs to utmp). inspired by similar option in wuftpd.
2000-07-26 17:53:33 +04:00
case 'W':
dowtmp = 0;
break;
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
case 'X':
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
doxferlog |= 1;
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
break;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
default:
- add '-C user', which runs checkaccess(user) and exits with the result (0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers). from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods - getopt returns -1 not EOF - in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 18:25:30 +04:00
if (optopt == 'a' || optopt == 'C')
exit(1);
consistently use syslog priorities
2001-01-10 03:20:49 +03:00
syslog(LOG_WARNING, "unknown flag -%c ignored", optopt);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
break;
}
}
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
if (EMPTYSTR(confdir))
confdir = _DEFAULT_CONFDIR;
- add '-C user', which runs checkaccess(user) and exits with the result (0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers). from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods - getopt returns -1 not EOF - in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 18:25:30 +04:00
cleanup utmp and utmpx support. - make them symmetric - add a function to open the wtmp file explicitly very early in the game
2005-06-23 08:20:41 +04:00
if (dowtmp) {
#ifdef SUPPORT_UTMPX
ftpd_initwtmpx();
#endif
#ifdef SUPPORT_UTMP
ftpd_initwtmp();
#endif
}
Use sysconf(_SC_LOGIN_NAME_MAX) to determine the length of login names, rather than assuming LOGIN_NAME_MAX. Based on patch from Garrett Wollman via David O'Brien (both at FreeBSD.org)
2003-12-10 04:18:56 +03:00
errno = 0;
l = sysconf(_SC_LOGIN_NAME_MAX);
if (l == -1 && errno != 0) {
syslog(LOG_ERR, "sysconf _SC_LOGIN_NAME_MAX: %m");
exit(1);
} else if (l <= 0) {
syslog(LOG_WARNING, "using conservative LOGIN_NAME_MAX value");
curname_len = _POSIX_LOGIN_NAME_MAX;
} else
curname_len = (size_t)l;
curname = malloc(curname_len);
if (curname == NULL) {
syslog(LOG_ERR, "malloc: %m");
exit(1);
}
curname[0] = '\0';
Implement option "-D", for running ftpd in standalone mode (daemon). ftpd will listen on the default FTP port for incoming connections and fork a child for each connection. This is lower overhead than starting ftpd from inetd(8) and thus might be useful on busy servers to reduce load. Inspired by FreeBSD. Reviewed by lukem@.
2005-08-04 21:41:35 +04:00
if (Dflag) {
int error, fd, i, n, *socks;
struct pollfd *fds;
struct addrinfo hints, *res, *res0;
if (daemon(1, 0) == -1) {
syslog(LOG_ERR, "failed to daemonize: %m");
exit(1);
}
(void)memset(&sa, 0, sizeof(sa));
sa.sa_handler = SIG_IGN;
sa.sa_flags = SA_NOCLDWAIT;
sigemptyset(&sa.sa_mask);
(void)sigaction(SIGCHLD, &sa, NULL);
(void)memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_PASSIVE;
hints.ai_family = af;
hints.ai_socktype = SOCK_STREAM;
error = getaddrinfo(NULL, "ftp", &hints, &res0);
if (error) {
syslog(LOG_ERR, "getaddrinfo: %s", gai_strerror(error));
exit(1);
}
for (n = 0, res = res0; res != NULL; res = res->ai_next)
n++;
if (n == 0) {
syslog(LOG_ERR, "no addresses available");
exit(1);
}
socks = malloc(n * sizeof(int));
fds = malloc(n * sizeof(struct pollfd));
if (socks == NULL || fds == NULL) {
syslog(LOG_ERR, "malloc: %m");
exit(1);
}
for (n = 0, res = res0; res != NULL; res = res->ai_next) {
socks[n] = socket(res->ai_family, res->ai_socktype,
res->ai_protocol);
if (socks[n] == -1)
continue;
(void)setsockopt(socks[n], SOL_SOCKET, SO_REUSEADDR,
&on, sizeof(on));
if (bind(socks[n], res->ai_addr, res->ai_addrlen)
== -1) {
(void)close(socks[n]);
continue;
}
if (listen(socks[n], 12) == -1) {
(void)close(socks[n]);
continue;
}
fds[n].fd = socks[n];
fds[n].events = POLLIN;
n++;
}
if (n == 0) {
syslog(LOG_ERR, "%m");
exit(1);
}
freeaddrinfo(res0);
if (pidfile(NULL) == -1)
syslog(LOG_ERR, "failed to write a pid file: %m");
for (;;) {
if (poll(fds, n, INFTIM) == -1) {
if (errno == EINTR)
continue;
syslog(LOG_ERR, "poll: %m");
exit(1);
}
for (i = 0; i < n; i++) {
if (fds[i].revents & POLLIN) {
fd = accept(fds[i].fd, NULL, NULL);
if (fd == -1) {
syslog(LOG_ERR, "accept: %m");
continue;
}
switch (fork()) {
case -1:
syslog(LOG_ERR, "fork: %m");
break;
case 0:
goto child;
/* NOTREACHED */
}
(void)close(fd);
}
}
}
child:
(void)dup2(fd, STDIN_FILENO);
(void)dup2(fd, STDOUT_FILENO);
(void)dup2(fd, STDERR_FILENO);
for (i = 0; i < n; i++)
(void)close(socks[i]);
}
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
memset((char *)&his_addr, 0, sizeof(his_addr));
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
addrlen = sizeof(his_addr.si_su);
if (getpeername(0, (struct sockaddr *)&his_addr.si_su, &addrlen) < 0) {
- add '-C user', which runs checkaccess(user) and exits with the result (0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers). from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods - getopt returns -1 not EOF - in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 18:25:30 +04:00
syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
exit(1);
}
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
his_addr.su_len = addrlen;
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
memset((char *)&ctrl_addr, 0, sizeof(ctrl_addr));
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
addrlen = sizeof(ctrl_addr.si_su);
handle IPv4 TCP control connection, toward AF_INET6 socket. this happens when you have the following line in inetd.conf, but not with tcp4 line: >>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-27 19:41:49 +04:00
if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) {
syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
exit(1);
}
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
ctrl_addr.su_len = addrlen;
Make this compile again without -DINET6 and without get{addr,name}info(3) This ftpd now compiles and runs on NetBSD/1.4.2 with: CPPFLAGS+= \ '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \ '-Dstrlcat=strncat' \ '-Dsl_add(a,b)=(sl_add(a,b),0)'
2000-09-15 18:55:16 +04:00
#ifdef INET6
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
if (his_addr.su_family == AF_INET6
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
&& IN6_IS_ADDR_V4MAPPED(&his_addr.su_6addr)) {
handle IPv4 TCP control connection, toward AF_INET6 socket. this happens when you have the following line in inetd.conf, but not with tcp4 line: >>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-27 19:41:49 +04:00
#if 1
/*
* IPv4 control connection arrived to AF_INET6 socket.
* I hate to do this, but this is the easiest solution.
add comment on IPv4 mapped address twist
2000-05-30 09:31:31 +04:00
*
* The assumption is untrue on SIIT environment.
handle IPv4 TCP control connection, toward AF_INET6 socket. this happens when you have the following line in inetd.conf, but not with tcp4 line: >>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-27 19:41:49 +04:00
*/
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
struct sockinet tmp_addr;
avoid use of s6_addr32, as it is non-standard. (sync with KAME)
1999-12-13 07:36:10 +03:00
const int off = sizeof(struct in6_addr) - sizeof(struct in_addr);
handle IPv4 TCP control connection, toward AF_INET6 socket. this happens when you have the following line in inetd.conf, but not with tcp4 line: >>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-27 19:41:49 +04:00
tmp_addr = his_addr;
memset(&his_addr, 0, sizeof(his_addr));
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
his_addr.su_family = AF_INET;
his_addr.su_len = sizeof(his_addr.si_su.su_sin);
memcpy(&his_addr.su_addr, &tmp_addr.su_6addr.s6_addr[off],
sizeof(his_addr.su_addr));
his_addr.su_port = tmp_addr.su_port;
handle IPv4 TCP control connection, toward AF_INET6 socket. this happens when you have the following line in inetd.conf, but not with tcp4 line: >>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-27 19:41:49 +04:00
tmp_addr = ctrl_addr;
memset(&ctrl_addr, 0, sizeof(ctrl_addr));
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
ctrl_addr.su_family = AF_INET;
ctrl_addr.su_len = sizeof(ctrl_addr.si_su.su_sin);
memcpy(&ctrl_addr.su_addr, &tmp_addr.su_6addr.s6_addr[off],
sizeof(ctrl_addr.su_addr));
ctrl_addr.su_port = tmp_addr.su_port;
handle IPv4 TCP control connection, toward AF_INET6 socket. this happens when you have the following line in inetd.conf, but not with tcp4 line: >>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-27 19:41:49 +04:00
#else
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
while (fgets(line, sizeof(line), fd) != NULL) {
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(-530, "%s", line);
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
}
(void) fflush(stdout);
(void) fclose(fd);
reply(530,
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
"Connection from IPv4 mapped address is not supported.");
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
exit(0);
handle IPv4 TCP control connection, toward AF_INET6 socket. this happens when you have the following line in inetd.conf, but not with tcp4 line: >>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-27 19:41:49 +04:00
#endif
do not perform setsockopt(IP_TOS) on mapped connections (IPv4 connection toward AF_INET6 socket).
1999-12-13 19:30:37 +03:00
mapped = 1;
} else
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
#endif /* INET6 */
do not perform setsockopt(IP_TOS) on mapped connections (IPv4 connection toward AF_INET6 socket).
1999-12-13 19:30:37 +03:00
mapped = 0;
- add '-C user', which runs checkaccess(user) and exits with the result (0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers). from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods - getopt returns -1 not EOF - in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 18:25:30 +04:00
#ifdef IP_TOS
do not perform setsockopt(IP_TOS) on mapped connections (IPv4 connection toward AF_INET6 socket).
1999-12-13 19:30:37 +03:00
if (!mapped && his_addr.su_family == AF_INET) {
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
tos = IPTOS_LOWDELAY;
if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&tos,
sizeof(int)) < 0)
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
- add '-C user', which runs checkaccess(user) and exits with the result (0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers). from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods - getopt returns -1 not EOF - in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 18:25:30 +04:00
#endif
* add back support for `-h hostname'; it still may be useful to override the name advertised to the client, even if ftpd can determine it from the ip address that ftpd is bound to. requested by mrg. * remove -4/-6; they were effectively no-ops since itojun's change in 1.75. * crank version
1999-12-19 03:09:31 +03:00
/* if the hostname hasn't been given, attempt to determine it */
if (hostname[0] == '\0') {
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
if (getnameinfo((struct sockaddr *)&ctrl_addr.si_su,
ctrl_addr.su_len, hostname, sizeof(hostname), NULL, 0, 0)
!= 0)
* add back support for `-h hostname'; it still may be useful to override the name advertised to the client, even if ftpd can determine it from the ip address that ftpd is bound to. requested by mrg. * remove -4/-6; they were effectively no-ops since itojun's change in 1.75. * crank version
1999-12-19 03:09:31 +03:00
(void)gethostname(hostname, sizeof(hostname));
hostname[sizeof(hostname) - 1] = '\0';
}
deprecate -h hostname in favour of automatic determination of local hostname. this is a much cleaner solution for supporting multihomed virtual servers. from Geoff C. Wing <gcw@pobox.com> in [bin/8137].
1999-12-18 09:33:54 +03:00
- add '-C user', which runs checkaccess(user) and exits with the result (0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers). from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods - getopt returns -1 not EOF - in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 18:25:30 +04:00
/* set this here so klogin can use it... */
(void)snprintf(ttyline, sizeof(ttyline), "ftp%d", getpid());
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
(void) freopen(_PATH_DEVNULL, "w", stderr);
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
memset(&sa, 0, sizeof(sa));
sa.sa_handler = SIG_DFL;
sa.sa_flags = SA_RESTART;
sigemptyset(&sa.sa_mask);
(void) sigaction(SIGCHLD, &sa, NULL);
sa.sa_handler = sigquit;
sa.sa_flags = SA_RESTART;
sigfillset(&sa.sa_mask); /* block all sigs in these handlers */
(void) sigaction(SIGHUP, &sa, NULL);
(void) sigaction(SIGINT, &sa, NULL);
(void) sigaction(SIGQUIT, &sa, NULL);
(void) sigaction(SIGTERM, &sa, NULL);
sa.sa_handler = lostconn;
(void) sigaction(SIGPIPE, &sa, NULL);
sa.sa_handler = toolong;
(void) sigaction(SIGALRM, &sa, NULL);
sa.sa_handler = sigurg;
(void) sigaction(SIGURG, &sa, NULL);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/* Try to handle urgent data inline */
#ifdef SO_OOBINLINE
if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on)) < 0)
consistently use syslog priorities
2001-01-10 03:20:49 +03:00
syslog(LOG_WARNING, "setsockopt: %m");
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#endif
Set keepalives on the sockets to force logouts on connections that have disappeared.
1999-06-05 17:49:53 +04:00
/* Set keepalives on the socket to detect dropped connections. */
#ifdef SO_KEEPALIVE
keepalive = 1;
if (setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&keepalive,
sizeof(int)) < 0)
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
#endif
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#ifdef F_SETOWN
if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
consistently use syslog priorities
2001-01-10 03:20:49 +03:00
syslog(LOG_WARNING, "fcntl F_SETOWN: %m");
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#endif
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
logremotehost(&his_addr);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
* Set up default state
*/
data = -1;
type = TYPE_A;
form = FORM_N;
stru = STRU_F;
mode = MODE_S;
tmpline[0] = '\0';
* complete fix for `multiple replies returned for single parse error' problem; move `hasyyerrored' state flag out of yylex() so that check_{login,modify} can also set it. * check result of check_login for PORT command * set initial timeout before the "setjmp(); for(;;) yyparse()", otherwise an invalid command after login incorrectly sets the timeout to 5 minutes (rather than what was set in ftpd.conf) * replace (char *)0 with NULL * move yyerror() from ftpd.c to ftpcmd.y * remove need for -Dunix, by using the version string from ftpd.c (instead of `BSD-199506') * move all extern-ed vars into extern.h
1998-09-06 14:39:40 +04:00
hasyyerrored = 0;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
Add some krb5 hooks, though it probably doesn't work yet.
1997-10-12 18:04:36 +04:00
#ifdef KERBEROS5
kerror = krb5_init_context(&kcontext);
if (kerror) {
consistently use syslog priorities
2001-01-10 03:20:49 +03:00
syslog(LOG_ERR, "%s when initializing Kerberos context",
Add some krb5 hooks, though it probably doesn't work yet.
1997-10-12 18:04:36 +04:00
error_message(kerror));
exit(0);
}
- #endif foo -> #endif /* foo */ - #if __STDC__ -> #ifdef __STDC__ - Don't allow expired accounts to login.
1998-02-01 17:10:22 +03:00
#endif /* KERBEROS5 */
Add some krb5 hooks, though it probably doesn't work yet.
1997-10-12 18:04:36 +04:00
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
init_curclass();
curclass.timeout = 300; /* 5 minutes, as per login(1) */
curclass.type = CLASS_REAL;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
/* If logins are disabled, print out the message. */
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
if (display_file(_PATH_NOLOGIN, 530)) {
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
reply(530, "System not available.");
exit(0);
}
change _PATH_FOO to _NAME_FOO where FOO is not a path. I'll discuss with luke what is the best way to fix this.
2004-12-11 21:37:26 +03:00
(void)display_file(conffilename(_NAME_FTPWELCOME), 220);
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
/* reply(220,) must follow */
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
if (EMPTYSTR(version))
reply(220, "%s FTP server ready.", hostname);
else
reply(220, "%s FTP server (%s) ready.", hostname, version);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
if (xferlogname != NULL) {
xferlogfd = open(xferlogname, O_WRONLY | O_APPEND | O_CREAT,
0660);
if (xferlogfd == -1)
syslog(LOG_WARNING, "open xferlog `%s': %m",
xferlogname);
else
doxferlog |= 2;
}
As threatened, handle OOB commands from within ftpcmd.y. This involved changing the yacc syntax to be line-oriented, rather than having it run against the entire input at once, and adding a flag to struct tab, to indicate if or not it's acceptable for a command to occur OOB.
2001-04-02 03:04:30 +04:00
ftp_loop();
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/* NOTREACHED */
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
static void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
lostconn(int signo)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (debug)
syslog(LOG_DEBUG, "lost connection");
- add '-C user', which runs checkaccess(user) and exits with the result (0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers). from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods - getopt returns -1 not EOF - in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 18:25:30 +04:00
dologout(1);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
static void
toolong(int signo)
{
/* XXXSIGRACE */
reply(421,
"Timeout (" LLF " seconds): closing control connection.",
(LLT)curclass.timeout);
if (logging)
syslog(LOG_INFO, "User %s timed out after " LLF " seconds",
(pw ? pw->pw_name : "unknown"), (LLT)curclass.timeout);
dologout(1);
}
static void
sigquit(int signo)
{
if (debug)
syslog(LOG_DEBUG, "got signal %d", signo);
dologout(1);
}
static void
sigurg(int signo)
{
urgflag = 1;
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
* Save the result of a getpwnam. Used for USER command, since
* the data returned must not be clobbered by any other command
* (e.g., globbing).
*/
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
static struct passwd *
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
sgetpwnam(const char *name)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
static struct passwd save;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
struct passwd *p;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if ((p = getpwnam(name)) == NULL)
return (p);
if (save.pw_name) {
const poisoning.
1998-07-27 05:45:09 +04:00
free((char *)save.pw_name);
* move version to separate header file * use .Dv and .Tn in the man pages as appropriate * KNF a bit The following were inspired by similar changes in openbsd, but may have additional improvements by me: * add more check_login tests to the parser rules * nuke a few memory leaks in the parser rules * clear passwords before free()ing them, for safety * don't display \r\n in setproctitle() output * add support for -U, which enables managing /var/run/utmp entries for connections. solves [bin/2217] by Jason Downs <downsj@teeny.org> * fix oob handling for STAT command * use SIG_ERR instead of -1
1999-12-18 08:51:34 +03:00
memset(save.pw_passwd, 0, strlen(save.pw_passwd));
const poisoning.
1998-07-27 05:45:09 +04:00
free((char *)save.pw_passwd);
free((char *)save.pw_gecos);
free((char *)save.pw_dir);
free((char *)save.pw_shell);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
save = *p;
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
save.pw_name = xstrdup(p->pw_name);
save.pw_passwd = xstrdup(p->pw_passwd);
save.pw_gecos = xstrdup(p->pw_gecos);
save.pw_dir = xstrdup(p->pw_dir);
save.pw_shell = xstrdup(p->pw_shell);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
return (&save);
}
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
static int login_attempts; /* number of failed login attempts */
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
static int askpasswd; /* had USER command, ask for PASSwd */
static int permitted; /* USER permitted */
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
* USER command.
* Sets global passwd pointer pw if named account exists and is acceptable;
* sets askpasswd if a PASS command is expected. If logged in previously,
* need to reset state. If name is "ftp" or "anonymous", the name is not in
change _PATH_FOO to _NAME_FOO where FOO is not a path. I'll discuss with luke what is the best way to fix this.
2004-12-11 21:37:26 +03:00
* _NAME_FTPUSERS, and ftp account exists, set guest and pw, then just return.
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
* If account doesn't exist, ask for passwd anyway. Otherwise, check user
* requesting login privileges. Disallow anyone who does not have a standard
* shell as returned by getusershell(). Disallow anyone mentioned in the file
change _PATH_FOO to _NAME_FOO where FOO is not a path. I'll discuss with luke what is the best way to fix this.
2004-12-11 21:37:26 +03:00
* _NAME_FTPUSERS to allow people such as root and uucp to be avoided.
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
*/
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
user(const char *name)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
char *class;
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef LOGIN_CAP
login_cap_t *lc = NULL;
#endif
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
class = NULL;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (logged_in) {
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
switch (curclass.type) {
case CLASS_GUEST:
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
reply(530, "Can't change user from guest login.");
return;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
case CLASS_CHROOT:
Jarle.F.Greipsland@idt.unit.no's changes to allow for password-protected chrooted ftp logins.
1994-04-07 00:49:52 +04:00
reply(530, "Can't change user from chroot user.");
return;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
case CLASS_REAL:
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
if (dropprivs) {
reply(530, "Can't change user.");
return;
}
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
end_login();
break;
default:
abort();
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
}
make this compile with KERBEROS5 defined. Note: only one of KERBEROS or KERBEROS5 may be defined in this file...
2000-06-02 18:47:19 +04:00
#if defined(KERBEROS)
Add some krb5 hooks, though it probably doesn't work yet.
1997-10-12 18:04:36 +04:00
kdestroy();
#endif
make this compile with KERBEROS5 defined. Note: only one of KERBEROS or KERBEROS5 may be defined in this file...
2000-06-02 18:47:19 +04:00
#if defined(KERBEROS5)
k5destroy();
#endif
Add some krb5 hooks, though it probably doesn't work yet.
1997-10-12 18:04:36 +04:00
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
curclass.type = CLASS_REAL;
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
askpasswd = 0;
permitted = 0;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
/* need `pw' setup for checkaccess() and checkuser () */
if ((pw = sgetpwnam("ftp")) == NULL)
reply(530, "User %s unknown.", name);
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
else if (! checkaccess("ftp") || ! checkaccess("anonymous"))
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
reply(530, "User %s access denied.", name);
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
else {
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
curclass.type = CLASS_GUEST;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
askpasswd = 1;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
reply(331,
"Guest login ok, type your name as password.");
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
}
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
if (!askpasswd) {
if (logging)
syslog(LOG_NOTICE,
"ANONYMOUS FTP LOGIN REFUSED FROM %s",
remotehost);
end_login();
goto cleanup_user;
}
name = "ftp";
} else
pw = sgetpwnam(name);
implement '-c confdir', which allows the specification of an alternate directory to look for the various configuration files, overriding /etc. From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 17:56:39 +04:00
Use sysconf(_SC_LOGIN_NAME_MAX) to determine the length of login names, rather than assuming LOGIN_NAME_MAX. Based on patch from Garrett Wollman via David O'Brien (both at FreeBSD.org)
2003-12-10 04:18:56 +03:00
strlcpy(curname, name, curname_len);
Format police. Also, try s/key before Kerberos.
1997-10-12 17:18:56 +04:00
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
/* check user in /etc/ftpusers, and setup class */
change _PATH_FOO to _NAME_FOO where FOO is not a path. I'll discuss with luke what is the best way to fix this.
2004-12-11 21:37:26 +03:00
permitted = checkuser(_NAME_FTPUSERS, curname, 1, 0, &class);
add skey support
1994-05-24 10:52:17 +04:00
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
/* check user in /etc/ftpchroot */
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
lc = login_getpwclass(pw);
if (checkuser(_NAME_FTPCHROOT, curname, 0, 0, NULL)
#ifdef LOGIN_CAP /* Allow login.conf configuration as well */
|| login_getcapbool(lc, "ftp-chroot", 0)
#endif
) {
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
if (curclass.type == CLASS_GUEST) {
syslog(LOG_NOTICE,
"Can't change guest user to chroot class; remove entry in %s",
change _PATH_FOO to _NAME_FOO where FOO is not a path. I'll discuss with luke what is the best way to fix this.
2004-12-11 21:37:26 +03:00
_NAME_FTPCHROOT);
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
exit(1);
}
curclass.type = CLASS_CHROOT;
}
/* determine default class */
if (class == NULL) {
switch (curclass.type) {
case CLASS_GUEST:
class = xstrdup("guest");
break;
case CLASS_CHROOT:
class = xstrdup("chroot");
break;
case CLASS_REAL:
class = xstrdup("real");
break;
default:
syslog(LOG_ERR, "unknown curclass.type %d; aborting",
curclass.type);
abort();
}
}
/* parse ftpd.conf, setting up various parameters */
parse_conf(class);
/* if not guest user, check for valid shell */
if (pw == NULL)
permitted = 0;
else {
const char *cp, *shell;
if ((shell = pw->pw_shell) == NULL || *shell == 0)
shell = _PATH_BSHELL;
while ((cp = getusershell()) != NULL)
if (strcmp(cp, shell) == 0)
break;
endusershell();
if (cp == NULL && curclass.type != CLASS_GUEST)
permitted = 0;
}
/* deny quickly (after USER not PASS) if requested */
if (CURCLASS_FLAGS_ISSET(denyquick) && !permitted) {
reply(530, "User %s may not use FTP.", curname);
if (logging)
syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",
remotehost, curname);
end_login();
goto cleanup_user;
}
/* if haven't asked yet (i.e, not anon), ask now */
if (!askpasswd) {
askpasswd = 1;
#ifdef SKEY
if (skey_haskey(curname) == 0) {
const char *myskey;
myskey = skey_keyinfo(curname);
Fix skey password challenge. Problem reported in [bin/14848] by John F. Woods.
2001-12-06 05:00:06 +03:00
reply(331, "Password [ %s ] required for %s.",
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
myskey ? myskey : "error getting challenge",
curname);
} else
add skey support
1994-05-24 10:52:17 +04:00
#endif
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
reply(331, "Password required for %s.", curname);
}
add skey support
1994-05-24 10:52:17 +04:00
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
cleanup_user:
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef LOGIN_CAP
login_close(lc);
#endif
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
* Delay before reading passwd after first failed
* attempt to slow down passwd-guessing programs.
*/
if (login_attempts)
sleep((unsigned) login_attempts);
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
if (class)
free(class);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
/*
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
* Determine whether something is to happen (allow access, chroot)
* for a user. Each line is a shell-style glob followed by
* `yes' or `no'.
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
*
Fix various misspellings of compatible/compatibility.
2001-06-11 05:50:48 +04:00
* For backward compatibility, `allow' and `deny' are synonymns
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
* for `yes' and `no', respectively.
/etc/ftpusers now matches globs against the username. mycroft suggested this.
1997-04-29 08:00:39 +04:00
*
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
* Each glob is matched against the username in turn, and the first
* match found is used. If no match is found, the result is the
* argument `def'. If a match is found but without and explicit
* `yes'/`no', the result is the opposite of def.
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
*
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
* If the file doesn't exist at all, the result is the argument
* `nofile'
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
*
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
* Any line starting with `#' is considered a comment and ignored.
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
*
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
* Returns 0 if the user is denied, or 1 if they are allowed.
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
*
* NOTE: needs struct passwd *pw setup before use.
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
*/
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
static int
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
checkuser(const char *fname, const char *name, int def, int nofile,
char **retclass)
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
{
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
FILE *fd;
int retval;
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
char *word, *perm, *class, *buf, *p;
* add support for `-h hostname', which defines the hostname to advertise as (useful for virtual ftp servers in conjunction with inetd.conf(5)'s ability to bind to a specific address). if this option is used, add `hostname' to the syslog messages. * improve documentation of command-line options * don't allow class names of `all' or `none' in ftpusers
1999-12-16 05:21:37 +03:00
size_t len, line;
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
retval = def;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (retclass != NULL)
*retclass = NULL;
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
if ((fd = fopen(conffilename(fname), "r")) == NULL)
return nofile;
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
* add support for `-h hostname', which defines the hostname to advertise as (useful for virtual ftp servers in conjunction with inetd.conf(5)'s ability to bind to a specific address). if this option is used, add `hostname' to the syslog messages. * improve documentation of command-line options * don't allow class names of `all' or `none' in ftpusers
1999-12-16 05:21:37 +03:00
line = 0;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
for (;
* add support for `-h hostname', which defines the hostname to advertise as (useful for virtual ftp servers in conjunction with inetd.conf(5)'s ability to bind to a specific address). if this option is used, add `hostname' to the syslog messages. * improve documentation of command-line options * don't allow class names of `all' or `none' in ftpusers
1999-12-16 05:21:37 +03:00
(buf = fparseln(fd, &len, &line, NULL, FPARSELN_UNESCCOMM |
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
FPARSELN_UNESCCONT | FPARSELN_UNESCESC)) != NULL;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
free(buf), buf = NULL) {
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
word = perm = class = NULL;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
p = buf;
if (len < 1)
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
continue;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (p[len - 1] == '\n')
p[--len] = '\0';
if (EMPTYSTR(p))
Avoid segmention fault if there is an empty line in "/etc/ftpusers". Problem noted by Emmanuel Dreyfus in PR bin/8504.
1999-09-30 22:12:34 +04:00
continue;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
NEXTWORD(p, word);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
NEXTWORD(p, perm);
NEXTWORD(p, class);
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
if (EMPTYSTR(word))
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
continue;
* add support for `-h hostname', which defines the hostname to advertise as (useful for virtual ftp servers in conjunction with inetd.conf(5)'s ability to bind to a specific address). if this option is used, add `hostname' to the syslog messages. * improve documentation of command-line options * don't allow class names of `all' or `none' in ftpusers
1999-12-16 05:21:37 +03:00
if (!EMPTYSTR(class)) {
if (strcasecmp(class, "all") == 0 ||
strcasecmp(class, "none") == 0) {
syslog(LOG_WARNING,
"%s line %d: illegal user-defined class `%s' - skipping entry",
fname, (int)line, class);
continue;
}
}
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
/* have a host specifier */
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
if ((p = strchr(word, '@')) != NULL) {
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
unsigned long net, mask, addr;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
int bits;
*p++ = '\0';
/* check against network or CIDR */
Add (unsigned char) cast to ctype functions
2004-11-06 00:45:36 +03:00
if (isdigit((unsigned char)*p) &&
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
(bits = inet_net_pton(AF_INET, p,
&net, sizeof(net))) != -1) {
net = ntohl(net);
mask = 0xffffffffU << (32 - bits);
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
addr = ntohl(his_addr.su_addr.s_addr);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if ((addr & mask) != net)
continue;
/* check against hostname glob */
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
} else if (fnmatch(p, remotehost, FNM_CASEFOLD) != 0)
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
continue;
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
}
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
/* have a group specifier */
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
if ((p = strchr(word, ':')) != NULL) {
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
gid_t *groups, *ng;
int gsize, i, found;
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
if (pw == NULL)
continue; /* no match for unknown user */
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
*p++ = '\0';
groups = NULL;
gsize = 16;
do {
ng = realloc(groups, gsize * sizeof(gid_t));
if (ng == NULL)
fatal(
"Local resource failure: realloc");
groups = ng;
} while (getgrouplist(pw->pw_name, pw->pw_gid,
groups, &gsize) == -1);
found = 0;
for (i = 0; i < gsize; i++) {
struct group *g;
if ((g = getgrgid(groups[i])) == NULL)
continue;
if (fnmatch(p, g->gr_name, 0) == 0) {
found = 1;
break;
}
}
free(groups);
if (!found)
continue;
}
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
/* check against username glob */
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
if (fnmatch(word, name, 0) != 0)
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
continue;
if (perm != NULL &&
((strcasecmp(perm, "allow") == 0) ||
(strcasecmp(perm, "yes") == 0)))
retval = 1;
else if (perm != NULL &&
((strcasecmp(perm, "deny") == 0) ||
(strcasecmp(perm, "no") == 0)))
retval = 0;
else
retval = !def;
if (!EMPTYSTR(class) && retclass != NULL)
*retclass = xstrdup(class);
free(buf);
break;
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
}
(void) fclose(fd);
/etc/ftpusers now matches globs against the username. mycroft suggested this.
1997-04-29 08:00:39 +04:00
return (retval);
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
}
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
/*
* Check if user is allowed by /etc/ftpusers
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
* returns 1 for yes, 0 for no
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
*
* NOTE: needs struct passwd *pw setup (for checkuser())
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
*/
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
static int
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
checkaccess(const char *name)
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
{
change _PATH_FOO to _NAME_FOO where FOO is not a path. I'll discuss with luke what is the best way to fix this.
2004-12-11 21:37:26 +03:00
return (checkuser(_NAME_FTPUSERS, name, 1, 0, NULL));
new features: * implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM. OPTS only works on NOOP (as a test). * extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry can take an optional trailing `yes' or `no' which indicates if chroot should be done (defaults to `yes'). based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769] cleanups/bugs: * reorder and reformat entries in yacc parser to match cmdtab[]. add a blank line between each rule. * add short hasopts and char *options to struct tab, to support OPTS. * deprecate upper(); use strcasecmp() instead of strcmp() * remove unnecessary for (;;) { } in yylex(); * replace copy() and sgetsave() with xstrdup() * fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 12:11:20 +04:00
}
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
utmpx support
2002-08-20 17:51:09 +04:00
static void
Don't write trash in ut_ss; either initialize it to 0, or put in the proper information.
2004-11-11 04:14:10 +03:00
login_utmp(const char *line, const char *name, const char *host,
struct sockinet *haddr)
utmpx support
2002-08-20 17:51:09 +04:00
{
#if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
struct timeval tv;
(void)gettimeofday(&tv, NULL);
#endif
#ifdef SUPPORT_UTMPX
if (doutmp) {
(void)memset(&utmpx, 0, sizeof(utmpx));
utmpx.ut_tv = tv;
utmpx.ut_pid = getpid();
utmpx.ut_id[0] = 'f';
utmpx.ut_id[1] = 't';
utmpx.ut_id[2] = 'p';
utmpx.ut_id[3] = '*';
utmpx.ut_type = USER_PROCESS;
revert previous. wtmp{,x} entries need not be \0-terminated, so strncpy is more proper.
2002-09-13 06:58:54 +04:00
(void)strncpy(utmpx.ut_name, name, sizeof(utmpx.ut_name));
(void)strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line));
(void)strncpy(utmpx.ut_host, host, sizeof(utmpx.ut_host));
Don't write trash in ut_ss; either initialize it to 0, or put in the proper information.
2004-11-11 04:14:10 +03:00
(void)memcpy(&utmpx.ut_ss, &haddr->si_su, haddr->su_len);
Add ftpd_loginx() and ftpd_logwtmpx() and use them to hold wtmpx file open while a session. Close bin/21692 by bqt@Krille.Update.UU.SE.
2003-06-30 07:06:06 +04:00
ftpd_loginx(&utmpx);
utmpx support
2002-08-20 17:51:09 +04:00
}
if (dowtmp)
Don't write trash in ut_ss; either initialize it to 0, or put in the proper information.
2004-11-11 04:14:10 +03:00
ftpd_logwtmpx(line, name, host, haddr, 0, USER_PROCESS);
utmpx support
2002-08-20 17:51:09 +04:00
#endif
#ifdef SUPPORT_UTMP
if (doutmp) {
(void)memset(&utmp, 0, sizeof(utmp));
(void)time(&utmp.ut_time);
revert previous. wtmp{,x} entries need not be \0-terminated, so strncpy is more proper.
2002-09-13 06:58:54 +04:00
(void)strncpy(utmp.ut_name, name, sizeof(utmp.ut_name));
(void)strncpy(utmp.ut_line, line, sizeof(utmp.ut_line));
(void)strncpy(utmp.ut_host, host, sizeof(utmp.ut_host));
rename local copies of login(), logout() and logwtmp() to ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively. (makes utmp support much easier in tnftpd). per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who forwarded patch from Michael Ranner <mranner@inode.at>.
2003-02-23 16:04:37 +03:00
ftpd_login(&utmp);
utmpx support
2002-08-20 17:51:09 +04:00
}
if (dowtmp)
rename local copies of login(), logout() and logwtmp() to ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively. (makes utmp support much easier in tnftpd). per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who forwarded patch from Michael Ranner <mranner@inode.at>.
2003-02-23 16:04:37 +03:00
ftpd_logwtmp(line, name, host);
utmpx support
2002-08-20 17:51:09 +04:00
#endif
}
static void
logout_utmp(void)
{
#ifdef SUPPORT_UTMPX
cleanup utmp and utmpx support. - make them symmetric - add a function to open the wtmp file explicitly very early in the game
2005-06-23 08:20:41 +04:00
int okwtmpx = dowtmp;
utmpx support
2002-08-20 17:51:09 +04:00
#endif
#ifdef SUPPORT_UTMP
cleanup utmp and utmpx support. - make them symmetric - add a function to open the wtmp file explicitly very early in the game
2005-06-23 08:20:41 +04:00
int okwtmp = dowtmp;
utmpx support
2002-08-20 17:51:09 +04:00
#endif
cleanup utmp and utmpx support. - make them symmetric - add a function to open the wtmp file explicitly very early in the game
2005-06-23 08:20:41 +04:00
if (logged_in) {
utmpx support
2002-08-20 17:51:09 +04:00
#ifdef SUPPORT_UTMPX
cleanup utmp and utmpx support. - make them symmetric - add a function to open the wtmp file explicitly very early in the game
2005-06-23 08:20:41 +04:00
if (doutmp)
okwtmpx &= ftpd_logoutx(ttyline, 0, DEAD_PROCESS);
if (okwtmpx)
ftpd_logwtmpx(ttyline, "", "", NULL, 0, DEAD_PROCESS);
utmpx support
2002-08-20 17:51:09 +04:00
#endif
#ifdef SUPPORT_UTMP
cleanup utmp and utmpx support. - make them symmetric - add a function to open the wtmp file explicitly very early in the game
2005-06-23 08:20:41 +04:00
if (doutmp)
okwtmp &= ftpd_logout(ttyline);
if (okwtmp)
rename local copies of login(), logout() and logwtmp() to ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively. (makes utmp support much easier in tnftpd). per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who forwarded patch from Michael Ranner <mranner@inode.at>.
2003-02-23 16:04:37 +03:00
ftpd_logwtmp(ttyline, "", "");
utmpx support
2002-08-20 17:51:09 +04:00
#endif
}
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
* Terminate login as previous user (if any), resetting state;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
* used when USER command is given or login fails.
*/
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
static void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
end_login(void)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef USE_PAM
int e;
#endif
utmpx support
2002-08-20 17:51:09 +04:00
logout_utmp();
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
show_chdir_messages(-1); /* flush chdir cache */
if (pw != NULL && pw->pw_passwd != NULL)
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
pw = NULL;
logged_in = 0;
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
askpasswd = 0;
permitted = 0;
suppress verbose messages from CWD and post-login if the first character of the anonymous password is `-'.
2000-01-13 03:04:31 +03:00
quietmessages = 0;
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
gidcount = 0;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
curclass.type = CLASS_REAL;
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
(void) seteuid((uid_t)0);
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef LOGIN_CAP
setusercontext(NULL, getpwuid(0), 0,
LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
#endif
#ifdef USE_PAM
if (pamh) {
if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
syslog(LOG_ERR, "pam_setcred: %s",
pam_strerror(pamh, e));
if ((e = pam_close_session(pamh,0)) != PAM_SUCCESS)
syslog(LOG_ERR, "pam_close_session: %s",
pam_strerror(pamh, e));
if ((e = pam_end(pamh, e)) != PAM_SUCCESS)
syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
pamh = NULL;
}
#endif
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
pass(const char *passwd)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
* move version to separate header file * use .Dv and .Tn in the man pages as appropriate * KNF a bit The following were inspired by similar changes in openbsd, but may have additional improvements by me: * add more check_login tests to the parser rules * nuke a few memory leaks in the parser rules * clear passwords before free()ing them, for safety * don't display \r\n in setproctitle() output * add support for -U, which enables managing /var/run/utmp entries for connections. solves [bin/2217] by Jason Downs <downsj@teeny.org> * fix oob handling for STAT command * use SIG_ERR instead of -1
1999-12-18 08:51:34 +03:00
int rval;
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
char root[MAXPATHLEN];
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef LOGIN_CAP
login_cap_t *lc = NULL;
#endif
#ifdef USE_PAM
int e;
#endif
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (logged_in || askpasswd == 0) {
reply(503, "Login with USER first.");
return;
}
askpasswd = 0;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (curclass.type != CLASS_GUEST) {
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
/* "ftp" is the only account allowed with no password */
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
if (pw == NULL) {
rval = 1; /* failure below */
goto skip;
}
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef USE_PAM
rval = auth_pam(&pw, passwd);
#ifdef notdef
/* If PAM fails, we proceed with other authentications */
if (rval >= 0) {
goto skip;
}
#else
/* If PAM fails, that's it */
goto skip;
#endif
#endif
make this compile with KERBEROS5 defined. Note: only one of KERBEROS or KERBEROS5 may be defined in this file...
2000-06-02 18:47:19 +04:00
#if defined(KERBEROS)
Cast away a const for now; const poisoning kerberos #0.
1999-05-20 01:44:29 +04:00
if (klogin(pw, "", hostname, (char *)passwd) == 0) {
Add some krb5 hooks, though it probably doesn't work yet.
1997-10-12 18:04:36 +04:00
rval = 0;
goto skip;
}
#endif
make this compile with KERBEROS5 defined. Note: only one of KERBEROS or KERBEROS5 may be defined in this file...
2000-06-02 18:47:19 +04:00
#if defined(KERBEROS5)
if (k5login(pw, "", hostname, (char *)passwd) == 0) {
rval = 0;
goto skip;
}
#endif
Actually, do Kerberos first, since we want to get a TGT if possible. Also, clean up some minor cruft.
1997-10-12 17:52:51 +04:00
#ifdef SKEY
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
if (skey_haskey(pw->pw_name) == 0) {
char *p;
int r;
p = xstrdup(passwd);
r = skey_passcheck(pw->pw_name, p);
free(p);
if (r != -1) {
rval = 0;
goto skip;
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
}
add skey support
1994-05-24 10:52:17 +04:00
#endif
- rename valid_passwd() -> checkpassword() - move check for expired accounts from pass() into checkpassword()
2000-11-30 09:06:08 +03:00
if (!sflag)
rval = checkpassword(pw, passwd);
else
rval = 1;
some changes to make Kerberos a bit easier to use. from Michael Graff <explorer@vorpal.com>, with some work by myself...
1994-03-30 06:49:15 +04:00
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
skip:
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
/*
* If rval > 0, the user failed the authentication check
* above. If rval == 0, either Kerberos or local
* authentication succeeded.
*/
some changes to make Kerberos a bit easier to use. from Michael Graff <explorer@vorpal.com>, with some work by myself...
1994-03-30 06:49:15 +04:00
if (rval) {
More format paranoia.
2000-07-08 22:24:28 +04:00
reply(530, "%s", rval == 2 ? "Password expired." :
- #endif foo -> #endif /* foo */ - #if __STDC__ -> #ifdef __STDC__ - Don't allow expired accounts to login.
1998-02-01 17:10:22 +03:00
"Login incorrect.");
* don't log failed usernames to ftp.notice; use authpriv.notice instead. closes [bin/1571] * don't quit if "PASV" is received without the user being logged in. closes [bin/2401], albiet with a modified test.
1997-05-29 14:31:48 +04:00
if (logging) {
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
syslog(LOG_NOTICE,
* don't log failed usernames to ftp.notice; use authpriv.notice instead. closes [bin/1571] * don't quit if "PASV" is received without the user being logged in. closes [bin/2401], albiet with a modified test.
1997-05-29 14:31:48 +04:00
"FTP LOGIN FAILED FROM %s", remotehost);
syslog(LOG_AUTHPRIV | LOG_NOTICE,
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
"FTP LOGIN FAILED FROM %s, %s",
remotehost, curname);
* don't log failed usernames to ftp.notice; use authpriv.notice instead. closes [bin/1571] * don't quit if "PASV" is received without the user being logged in. closes [bin/2401], albiet with a modified test.
1997-05-29 14:31:48 +04:00
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
pw = NULL;
if (login_attempts++ >= 5) {
syslog(LOG_NOTICE,
"repeated login failures from %s",
remotehost);
exit(0);
}
return;
}
}
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
/* password ok; check if anything else prevents login */
if (! permitted) {
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
reply(530, "User %s may not use FTP.", pw->pw_name);
if (logging)
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
remotehost, pw->pw_name);
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
goto bad;
Change the syntax of /etc/ftpusers to have both allow and deny information in the same file by following the username with `allow' or `deny'. Also, the user `*' can be used to set the default for users not listed in the file. This is entirely backward compatable with old /etc/ftpusers files. Also, do the /etc/ftpusers and the valid login shell checks after the password is verified, rather than before, so as not to give away whether or not a particular user ID is present on the system.
1997-04-06 11:53:10 +04:00
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
login_attempts = 0; /* this time successful */
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
if (setegid((gid_t)pw->pw_gid) < 0) {
reply(550, "Can't set gid.");
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
goto bad;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
}
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef LOGIN_CAP
if ((lc = login_getpwclass(pw)) != NULL) {
#ifdef notyet
char remote_ip[NI_MAXHOST];
if (getnameinfo((struct sockaddr *)&his_addr, his_addr.su_len,
remote_ip, sizeof(remote_ip) - 1, NULL, 0,
NI_NUMERICHOST))
*remote_ip = 0;
remote_ip[sizeof(remote_ip) - 1] = 0;
if (!auth_hostok(lc, remotehost, remote_ip)) {
syslog(LOG_INFO|LOG_AUTH,
"FTP LOGIN FAILED (HOST) as %s: permission denied.",
pw->pw_name);
reply(530, "Permission denied.");
pw = NULL;
return;
}
if (!auth_timeok(lc, time(NULL))) {
reply(530, "Login not available right now.");
pw = NULL;
return;
}
#endif
}
setsid();
setusercontext(lc, pw, 0,
LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
LOGIN_SETRESOURCES|LOGIN_SETUMASK);
#else
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
(void) initgroups(pw->pw_name, pw->pw_gid);
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
/* cache groups for cmds.c::matchgroup() */
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#endif
#ifdef USE_PAM
if (pamh) {
if ((e = pam_open_session(pamh, 0)) != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_open_session: %s",
pam_strerror(pamh, e));
} else if ((e = pam_setcred(pamh, PAM_ESTABLISH_CRED))
!= PAM_SUCCESS) {
syslog(LOG_ERR, "pam_setcred: %s",
pam_strerror(pamh, e));
}
}
#endif
Stop ftpd changing inetd's 'logname' Stop buffer overrun if {NGROUPS_MAX} is greater than the compile time NGROUPS_MAX. (approved by christos)
2003-02-19 21:26:48 +03:00
gidcount = getgroups(0, NULL);
if (gidlist)
free(gidlist);
gidlist = malloc(gidcount * sizeof *gidlist);
gidcount = getgroups(gidcount, gidlist);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
utmpx support
2002-08-20 17:51:09 +04:00
/* open utmp/wtmp before chroot */
Don't write trash in ut_ss; either initialize it to 0, or put in the proper information.
2004-11-11 04:14:10 +03:00
login_utmp(ttyline, pw->pw_name, remotehost, &his_addr);
* move version to separate header file * use .Dv and .Tn in the man pages as appropriate * KNF a bit The following were inspired by similar changes in openbsd, but may have additional improvements by me: * add more check_login tests to the parser rules * nuke a few memory leaks in the parser rules * clear passwords before free()ing them, for safety * don't display \r\n in setproctitle() output * add support for -U, which enables managing /var/run/utmp entries for connections. solves [bin/2217] by Jason Downs <downsj@teeny.org> * fix oob handling for STAT command * use SIG_ERR instead of -1
1999-12-18 08:51:34 +03:00
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
logged_in = 1;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
connections = 1;
if (dopidfile)
count_users();
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
if (curclass.limit != -1 && connections > curclass.limit) {
if (! EMPTYSTR(curclass.limitfile))
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
(void)display_file(conffilename(curclass.limitfile),
530);
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
reply(530,
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
"User %s access denied, connection limit of " LLF
" reached.",
pw->pw_name, (LLT)curclass.limit);
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
syslog(LOG_NOTICE,
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
"Maximum connection limit of " LLF
" for class %s reached, login refused for %s",
(LLT)curclass.limit, curclass.classname, pw->pw_name);
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
goto bad;
}
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
homedir[0] = '/';
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
switch (curclass.type) {
case CLASS_GUEST:
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
/*
* We MUST do a chdir() after the chroot. Otherwise
* the old current directory will be accessible as "."
* outside the new root!
*/
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
format_path(root,
curclass.chroot ? curclass.chroot :
anondir ? anondir :
pw->pw_dir);
format_path(homedir,
curclass.homedir ? curclass.homedir :
"/");
if (EMPTYSTR(homedir))
homedir[0] = '/';
if (EMPTYSTR(root) || chroot(root) < 0) {
syslog(LOG_NOTICE,
"GUEST user %s: can't chroot to %s: %m",
pw->pw_name, root);
goto bad_guest;
}
if (chdir(homedir) < 0) {
syslog(LOG_NOTICE,
"GUEST user %s: can't chdir to %s: %m",
pw->pw_name, homedir);
bad_guest:
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
reply(550, "Can't set guest privileges.");
goto bad;
}
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
break;
case CLASS_CHROOT:
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
format_path(root,
curclass.chroot ? curclass.chroot :
pw->pw_dir);
format_path(homedir,
curclass.homedir ? curclass.homedir :
"/");
if (EMPTYSTR(homedir))
homedir[0] = '/';
if (EMPTYSTR(root) || chroot(root) < 0) {
syslog(LOG_NOTICE,
"CHROOT user %s: can't chroot to %s: %m",
pw->pw_name, root);
goto bad_chroot;
}
if (chdir(homedir) < 0) {
syslog(LOG_NOTICE,
"CHROOT user %s: can't chdir to %s: %m",
pw->pw_name, homedir);
bad_chroot:
Jarle.F.Greipsland@idt.unit.no's changes to allow for password-protected chrooted ftp logins.
1994-04-07 00:49:52 +04:00
reply(550, "Can't change root.");
goto bad;
}
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
break;
case CLASS_REAL:
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
/* only chroot REAL if explictly requested */
if (! EMPTYSTR(curclass.chroot)) {
format_path(root, curclass.chroot);
if (EMPTYSTR(root) || chroot(root) < 0) {
syslog(LOG_NOTICE,
"REAL user %s: can't chroot to %s: %m",
pw->pw_name, root);
goto bad_chroot;
}
}
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
format_path(homedir,
curclass.homedir ? curclass.homedir :
pw->pw_dir);
if (EMPTYSTR(homedir) || chdir(homedir) < 0) {
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (chdir("/") < 0) {
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
syslog(LOG_NOTICE,
"REAL user %s: can't chdir to %s: %m",
pw->pw_name,
!EMPTYSTR(homedir) ? homedir : "/");
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
reply(530,
"User %s: can't change directory to %s.",
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
pw->pw_name,
!EMPTYSTR(homedir) ? homedir : "/");
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
goto bad;
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
} else {
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(-230,
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
"No directory! Logging in with home=/");
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
homedir[0] = '/';
}
}
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
break;
}
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifndef LOGIN_CAP
Stop ftpd changing inetd's 'logname' Stop buffer overrun if {NGROUPS_MAX} is greater than the compile time NGROUPS_MAX. (approved by christos)
2003-02-19 21:26:48 +03:00
setsid();
call setlogin() before dropping root privileges, so that process would have correct p_login value
2000-09-28 21:49:06 +04:00
setlogin(pw->pw_name);
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#endif
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
if (dropprivs ||
(curclass.type != CLASS_REAL &&
ntohs(ctrl_addr.su_port) > IPPORT_RESERVED + 1)) {
dropprivs++;
if (setgid((gid_t)pw->pw_gid) < 0) {
reply(550, "Can't set gid.");
goto bad;
}
if (setuid((uid_t)pw->pw_uid) < 0) {
reply(550, "Can't set uid.");
goto bad;
}
} else {
if (seteuid((uid_t)pw->pw_uid) < 0) {
reply(550, "Can't set uid.");
goto bad;
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
setenv("HOME", homedir, 1);
set $HOME to "/" for guest or chroot users, pw->pw_dir otherwise. fixes expansion of `~/...' pathnames.
1997-12-28 07:28:17 +03:00
suppress verbose messages from CWD and post-login if the first character of the anonymous password is `-'.
2000-01-13 03:04:31 +03:00
if (curclass.type == CLASS_GUEST && passwd[0] == '-')
quietmessages = 1;
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
/*
* Display a login message, if it exists.
* N.B. reply(230,) must follow the message.
*/
- Don't try and use the motd if it's empty. Problem reported in [bin/14751] by Kimmo Suominen - Display conffilename() version of limitfile and motd in status output
2001-11-28 02:42:40 +03:00
if (! EMPTYSTR(curclass.motd))
(void)display_file(conffilename(curclass.motd), 230);
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
show_chdir_messages(230);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (curclass.type == CLASS_GUEST) {
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
char *p;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
reply(230, "Guest login ok, access restrictions apply.");
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
2000-11-30 05:59:11 +03:00
#if HAVE_SETPROCTITLE
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
snprintf(proctitle, sizeof(proctitle),
a few changes from Mike Heffner <mheffner@vt.edu> in private email: - totally clear a glob buffer before use, because FreeBSD depends on some of the other fields being cleared (other than just gl_offs) - in strend(), ensure that the source string isn't too large - remove unnecessarily complicated sizing of proctitle, since snprintf() will truncate it anyway
2001-09-19 04:50:52 +04:00
"%s: anonymous/%s", remotehost, passwd);
setproctitle(), and for any other printf variants, it is not a good idea to pass variable directly like foo(x). use foo("%s", x) to avoid misuse. from: openbsd
2000-07-06 02:15:04 +04:00
setproctitle("%s", proctitle);
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
2000-11-30 05:59:11 +03:00
#endif /* HAVE_SETPROCTITLE */
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (logging)
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
syslog(LOG_INFO,
"ANONYMOUS FTP LOGIN FROM %s, %s (class: %s, type: %s)",
remotehost, passwd,
curclass.classname, CURCLASSTYPE);
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
/* store guest password reply into pw_passwd */
REASSIGN(pw->pw_passwd, xstrdup(passwd));
for (p = pw->pw_passwd; *p; p++)
Add (unsigned char) cast to ctype functions
2004-11-06 00:45:36 +03:00
if (!isgraph((unsigned char)*p))
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
*p = '_';
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
} else {
reply(230, "User %s logged in.", pw->pw_name);
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
2000-11-30 05:59:11 +03:00
#if HAVE_SETPROCTITLE
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
snprintf(proctitle, sizeof(proctitle),
"%s: %s", remotehost, pw->pw_name);
setproctitle(), and for any other printf variants, it is not a good idea to pass variable directly like foo(x). use foo("%s", x) to avoid misuse. from: openbsd
2000-07-06 02:15:04 +04:00
setproctitle("%s", proctitle);
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
2000-11-30 05:59:11 +03:00
#endif /* HAVE_SETPROCTITLE */
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (logging)
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
syslog(LOG_INFO,
"FTP LOGIN FROM %s as %s (class: %s, type: %s)",
remotehost, pw->pw_name,
curclass.classname, CURCLASSTYPE);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
(void) umask(curclass.umask);
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef LOGIN_CAP
login_close(lc);
#endif
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
return;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
bad:
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef LOGIN_CAP
login_close(lc);
#endif
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
/* Forget all about it... */
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
end_login();
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
retrieve(char *argv[], const char *name)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
FILE *fin, *dout;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
struct stat st;
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
int (*closefunc)(FILE *) = NULL;
Avoid conflict with reserved identifier "log".
2002-12-06 04:59:22 +03:00
int dolog, sendrv, closerv, stderrfd, isconversion, isdata, isls;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
struct timeval start, finish, td, *tdp;
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
struct rusage rusage_before, rusage_after;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
const char *dispname;
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
char *error;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
sendrv = closerv = stderrfd = -1;
Avoid conflict with reserved identifier "log".
2002-12-06 04:59:22 +03:00
isconversion = isdata = isls = dolog = 0;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
tdp = NULL;
dispname = name;
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
fin = dout = NULL;
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
error = NULL;
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
if (argv == NULL) { /* if not running a command ... */
Avoid conflict with reserved identifier "log".
2002-12-06 04:59:22 +03:00
dolog = 1;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
isdata = 1;
fin = fopen(name, "r");
closefunc = fclose;
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
if (fin == NULL) /* doesn't exist?; try a conversion */
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
argv = do_conversion(name);
if (argv != NULL) {
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
isconversion++;
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
syslog(LOG_DEBUG, "get command: '%s' on '%s'",
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
argv[0], name);
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
}
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
}
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
if (argv != NULL) {
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
char temp[MAXPATHLEN];
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
if (strcmp(argv[0], INTERNAL_LS) == 0) {
* fix a problem in retrieve() where arguments to commands weren't working (this was broken in the last commit). problem noticed by simonb@ * don't display the stderr output of the internal ls. * modify usage of lreply so that generally only one `XXX-' code per `block' is displayed; the rest of the lines have four spaces instead. i find this easier to read. * fix a couple places where byte accounting wasn't correct
1999-05-18 12:14:17 +04:00
isls = 1;
stderrfd = -1;
} else {
(void)snprintf(temp, sizeof(temp), "%s", TMPFILE);
stderrfd = mkstemp(temp);
if (stderrfd != -1)
(void)unlink(temp);
}
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
dispname = argv[0];
fin = ftpd_popen(argv, "r", stderrfd);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
closefunc = ftpd_pclose;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
st.st_size = -1;
st.st_blksize = BUFSIZ;
}
if (fin == NULL) {
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
if (errno != 0) {
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
perror_reply(550, dispname);
Avoid conflict with reserved identifier "log".
2002-12-06 04:59:22 +03:00
if (dolog)
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
logxfer("get", -1, name, NULL, NULL,
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
strerror(errno));
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
}
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
goto cleanupretrieve;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
byte_count = -1;
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
if (argv == NULL
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
&& (fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode))) {
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
error = "Not a plain file";
reply(550, "%s: %s.", dispname, error);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
goto done;
}
if (restart_point) {
if (type == TYPE_A) {
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
off_t i;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
int c;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
for (i = 0; i < restart_point; i++) {
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if ((c=getc(fin)) == EOF) {
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
error = strerror(errno);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
perror_reply(550, dispname);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
goto done;
}
if (c == '\n')
i++;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
}
Lseek(2) usage cleanup: the use of L_SET/L_INCR/L_XTND is deprecated, use SEEK_SET/SEEK_CUR/SEEK_END instead.
1997-08-25 23:31:43 +04:00
} else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
error = strerror(errno);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
perror_reply(550, dispname);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
goto done;
}
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
dout = dataconn(dispname, st.st_size, "w");
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (dout == NULL)
goto done;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
(void)getrusage(RUSAGE_SELF, &rusage_before);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void)gettimeofday(&start, NULL);
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
sendrv = send_data(fin, dout, &st, isdata);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void)gettimeofday(&finish, NULL);
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
(void)getrusage(RUSAGE_SELF, &rusage_after);
fix previous, and ensure that closedataconn() is only called after dataconn() and with a non-NULL file pointer. active transfers now work correctly again, passive transfers work, and the data stream is only closed after a PASV or EPSV if a successful connection was initiated with dataconn().
2002-02-01 07:35:30 +03:00
closedataconn(dout); /* close now to affect timing stats */
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
timersub(&finish, &start, &td);
tdp = &td;
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
done:
Avoid conflict with reserved identifier "log".
2002-12-06 04:59:22 +03:00
if (dolog) {
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
logxfer("get", byte_count, name, NULL, tdp, error);
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
if (tdp != NULL)
logrusage(&rusage_before, &rusage_after);
}
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
closerv = (*closefunc)(fin);
if (sendrv == 0) {
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
FILE *errf;
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
struct stat sb;
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
if (!isls && argv != NULL && closerv != 0) {
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(-226,
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
"Command returned an exit status of %d",
closerv);
if (isconversion)
consistently use syslog priorities
2001-01-10 03:20:49 +03:00
syslog(LOG_WARNING,
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
"retrieve command: '%s' returned %d",
argv[0], closerv);
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
}
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
if (!isls && argv != NULL && stderrfd != -1 &&
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
(fstat(stderrfd, &sb) == 0) && sb.st_size > 0 &&
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
((errf = fdopen(stderrfd, "r")) != NULL)) {
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
char *cp, line[LINE_MAX];
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(-226, "Command error messages:");
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
rewind(errf);
while (fgets(line, sizeof(line), errf) != NULL) {
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, " %s", line);
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
}
(void) fflush(stdout);
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
(void) fclose(errf);
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
/* a reply(226,) must follow */
}
reply(226, "Transfer complete.");
}
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
cleanupretrieve:
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
if (stderrfd != -1)
(void)close(stderrfd);
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
if (isconversion)
free(argv);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
store(const char *name, const char *fmode, int unique)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
FILE *fout, *din;
struct stat st;
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
int (*closefunc)(FILE *);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
struct timeval start, finish, td, *tdp;
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
char *desc, *error;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
din = NULL;
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
desc = (*fmode == 'w') ? "put" : "append";
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
error = NULL;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (unique && stat(name, &st) == 0 &&
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
(name = gunique(name)) == NULL) {
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
logxfer(desc, -1, name, NULL, NULL,
"cannot create unique file");
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
goto cleanupstore;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (restart_point)
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
fmode = "r+";
fout = fopen(name, fmode);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
closefunc = fclose;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
tdp = NULL;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (fout == NULL) {
perror_reply(553, name);
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
logxfer(desc, -1, name, NULL, NULL, strerror(errno));
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
goto cleanupstore;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
byte_count = -1;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (restart_point) {
if (type == TYPE_A) {
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
off_t i;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
int c;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
for (i = 0; i < restart_point; i++) {
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if ((c=getc(fout)) == EOF) {
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
error = strerror(errno);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
perror_reply(550, name);
goto done;
}
if (c == '\n')
i++;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
* We must do this seek to "current" position
* because we are changing from reading to
* writing.
*/
* fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au> * move resetting of CFLAGS on powerpc to before optional CFLAGS settings * minor code & man page cleanups
1997-04-27 07:21:38 +04:00
if (fseek(fout, 0L, SEEK_CUR) < 0) {
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
error = strerror(errno);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
perror_reply(550, name);
goto done;
}
Lseek(2) usage cleanup: the use of L_SET/L_INCR/L_XTND is deprecated, use SEEK_SET/SEEK_CUR/SEEK_END instead.
1997-08-25 23:31:43 +04:00
} else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
error = strerror(errno);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
perror_reply(550, name);
goto done;
}
}
din = dataconn(name, (off_t)-1, "r");
if (din == NULL)
goto done;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void)gettimeofday(&start, NULL);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (receive_data(din, fout) == 0) {
if (unique)
reply(226, "Transfer complete (unique file name:%s).",
name);
else
reply(226, "Transfer complete.");
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void)gettimeofday(&finish, NULL);
fix previous, and ensure that closedataconn() is only called after dataconn() and with a non-NULL file pointer. active transfers now work correctly again, passive transfers work, and the data stream is only closed after a PASV or EPSV if a successful connection was initiated with dataconn().
2002-02-01 07:35:30 +03:00
closedataconn(din); /* close now to affect timing stats */
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
timersub(&finish, &start, &td);
tdp = &td;
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
done:
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
logxfer(desc, byte_count, name, NULL, tdp, error);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
(*closefunc)(fout);
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
cleanupstore:
fix previous, and ensure that closedataconn() is only called after dataconn() and with a non-NULL file pointer. active transfers now work correctly again, passive transfers work, and the data stream is only closed after a PASV or EPSV if a successful connection was initiated with dataconn().
2002-02-01 07:35:30 +03:00
;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
static FILE *
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
getdatasock(const char *fmode)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
int on, s, t, tries;
in_port_t port;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
on = 1;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (data >= 0)
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
return (fdopen(data, fmode));
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
if (! dropprivs)
(void) seteuid((uid_t)0);
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
s = socket(ctrl_addr.su_family, SOCK_STREAM, 0);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (s < 0)
goto bad;
if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
(char *) &on, sizeof(on)) < 0)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
goto bad;
Set keepalives on the sockets to force logouts on connections that have disappeared.
1999-06-05 17:49:53 +04:00
if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
(char *) &on, sizeof(on)) < 0)
goto bad;
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
/* anchor socket to avoid multi-homing problems */
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
data_source = ctrl_addr;
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
/*
* By default source port for PORT connctions is
* ctrlport-1 (see RFC959 section 5.2).
* However, if privs have been dropped and that
* would be < IPPORT_RESERVED, use a random port
* instead.
*/
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
if (dataport)
port = dataport;
else
port = ntohs(ctrl_addr.su_port) - 1;
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
if (dropprivs && port < IPPORT_RESERVED)
port = 0; /* use random port */
data_source.su_port = htons(port);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
for (tries = 1; ; tries++) {
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
if (bind(s, (struct sockaddr *)&data_source.si_su,
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
data_source.su_len) >= 0)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
break;
if (errno != EADDRINUSE || tries > 10)
goto bad;
sleep(tries);
}
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
if (! dropprivs)
(void) seteuid((uid_t)pw->pw_uid);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#ifdef IP_TOS
do not perform setsockopt(IP_TOS) on mapped connections (IPv4 connection toward AF_INET6 socket).
1999-12-13 19:30:37 +03:00
if (!mapped && ctrl_addr.su_family == AF_INET) {
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
on = IPTOS_THROUGHPUT;
if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&on,
sizeof(int)) < 0)
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#endif
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
return (fdopen(s, fmode));
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
bad:
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
/* Return the real value of errno (close may change it) */
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
t = errno;
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
if (! dropprivs)
(void) seteuid((uid_t)pw->pw_uid);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
(void) close(s);
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
errno = t;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
return (NULL);
}
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
FILE *
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
dataconn(const char *name, off_t size, const char *fmode)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
char sizebuf[32];
FILE *file;
Apply DoS fix as described by Crist J. Clark <crist.clark@attbi.com> on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository as libexec/ftpd/ftpd.c rev 1.133: The FTP daemon was vulnerable to a DoS where an attacker could bind() up port 20 for an extended period of time and thus lock out all other users from establishing PORT data connections. Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Bump version to 20030122.
2003-01-22 07:46:08 +03:00
int retry, tos, keepalive, conerrno;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
file_size = size;
byte_count = 0;
if (size != (off_t) -1)
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
(void)snprintf(sizebuf, sizeof(sizebuf), " (" LLF " byte%s)",
(LLT)size, PLURAL(size));
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
else
be safe with some buffers.
1997-07-21 09:13:10 +04:00
sizebuf[0] = '\0';
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (pdata >= 0) {
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
struct sockinet from;
int s, fromlen = sizeof(from.su_len);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
* initialise curclass.timeout to 900 in main(), so that operations that want to timeout using this value that are executed before the conf file is parsed will work. fixes ``stale ftpd stuck in connection phase'' * in PASV mode, wrap accept() in an alarm timeout. fixes ``stale ftpd because of client disappearing in pasv mode (usually browsers)'' * main() doesn't need envp argument
1997-11-29 02:32:30 +03:00
(void) alarm(curclass.timeout);
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
s = accept(pdata, (struct sockaddr *)&from.si_su, &fromlen);
* initialise curclass.timeout to 900 in main(), so that operations that want to timeout using this value that are executed before the conf file is parsed will work. fixes ``stale ftpd stuck in connection phase'' * in PASV mode, wrap accept() in an alarm timeout. fixes ``stale ftpd because of client disappearing in pasv mode (usually browsers)'' * main() doesn't need envp argument
1997-11-29 02:32:30 +03:00
(void) alarm(0);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (s < 0) {
reply(425, "Can't open data connection.");
(void) close(pdata);
pdata = -1;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
return (NULL);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
(void) close(pdata);
pdata = s;
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
switch (from.su_family) {
case AF_INET:
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#ifdef IP_TOS
do not perform setsockopt(IP_TOS) on mapped connections (IPv4 connection toward AF_INET6 socket).
1999-12-13 19:30:37 +03:00
if (!mapped) {
tos = IPTOS_THROUGHPUT;
(void) setsockopt(s, IPPROTO_IP, IP_TOS,
(char *)&tos, sizeof(int));
}
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
break;
Set keepalives on the sockets to force logouts on connections that have disappeared.
1999-06-05 17:49:53 +04:00
#endif
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
}
Set keepalives on the sockets to force logouts on connections that have disappeared.
1999-06-05 17:49:53 +04:00
/* Set keepalives on the socket to detect dropped conns. */
#ifdef SO_KEEPALIVE
keepalive = 1;
(void) setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
(char *)&keepalive, sizeof(int));
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#endif
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
reply(150, "Opening %s mode data connection for '%s'%s.",
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
return (fdopen(pdata, fmode));
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
if (data >= 0) {
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
reply(125, "Using existing data connection for '%s'%s.",
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
name, sizebuf);
usedefault = 1;
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
return (fdopen(data, fmode));
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
if (usedefault)
data_dest = his_addr;
usedefault = 1;
Apply DoS fix as described by Crist J. Clark <crist.clark@attbi.com> on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository as libexec/ftpd/ftpd.c rev 1.133: The FTP daemon was vulnerable to a DoS where an attacker could bind() up port 20 for an extended period of time and thus lock out all other users from establishing PORT data connections. Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Bump version to 20030122.
2003-01-22 07:46:08 +03:00
retry = conerrno = 0;
do {
file = getdatasock(fmode);
if (file == NULL) {
char hbuf[NI_MAXHOST];
char pbuf[NI_MAXSERV];
if (getnameinfo((struct sockaddr *)&data_source.si_su,
data_source.su_len, hbuf, sizeof(hbuf), pbuf,
sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV))
strlcpy(hbuf, "?", sizeof(hbuf));
reply(425, "Can't create data socket (%s,%s): %s.",
hbuf, pbuf, strerror(errno));
return (NULL);
}
data = fileno(file);
conerrno = 0;
if (connect(data, (struct sockaddr *)&data_dest.si_su,
data_dest.su_len) == 0)
break;
conerrno = errno;
(void) fclose(file);
data = -1;
if (conerrno == EADDRINUSE) {
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
sleep((unsigned) swaitint);
retry += swaitint;
Apply DoS fix as described by Crist J. Clark <crist.clark@attbi.com> on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository as libexec/ftpd/ftpd.c rev 1.133: The FTP daemon was vulnerable to a DoS where an attacker could bind() up port 20 for an extended period of time and thus lock out all other users from establishing PORT data connections. Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Bump version to 20030122.
2003-01-22 07:46:08 +03:00
} else {
break;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
Apply DoS fix as described by Crist J. Clark <crist.clark@attbi.com> on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository as libexec/ftpd/ftpd.c rev 1.133: The FTP daemon was vulnerable to a DoS where an attacker could bind() up port 20 for an extended period of time and thus lock out all other users from establishing PORT data connections. Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Bump version to 20030122.
2003-01-22 07:46:08 +03:00
} while (retry <= swaitmax);
if (conerrno != 0) {
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
perror_reply(425, "Can't build data connection");
return (NULL);
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
reply(150, "Opening %s mode data connection for '%s'%s.",
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
return (file);
}
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
void
closedataconn(FILE *fd)
{
in closedataconn(), only close the passive data fd if the main data descriptor was set by dataconn(). this fixes a problem for clients (such as lynx and netscape) that only sent PASV/EPSV after a transfer (RETR, LIST, STOR) started and returned 150. certain command sequences could return 550 (etc) before setting up the dataconn(), and would run into this bug. netbsd's ftp didn't hit this bug because it always sends PASV/EPSV before a new transfer command.
2002-01-21 14:25:20 +03:00
if (fd == NULL)
return;
(void)fclose(fd);
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
data = -1;
if (pdata >= 0)
(void)close(pdata);
pdata = -1;
}
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
int
write_data(int fd, char *buf, size_t size, off_t *bufrem,
struct timeval *then, int isdata)
{
struct timeval now, td;
ssize_t c;
while (size > 0) {
c = size;
if (curclass.writesize) {
if (curclass.writesize < c)
c = curclass.writesize;
}
if (curclass.rateget) {
if (*bufrem < c)
c = *bufrem;
}
(void) alarm(curclass.timeout);
c = write(fd, buf, c);
if (c <= 0)
return (1);
buf += c;
size -= c;
byte_count += c;
if (isdata) {
total_data_out += c;
total_data += c;
}
total_bytes_out += c;
total_bytes += c;
if (curclass.rateget) {
*bufrem -= c;
if (*bufrem == 0) {
(void)gettimeofday(&now, NULL);
timersub(&now, then, &td);
if (td.tv_sec == 0) {
usleep(1000000 - td.tv_usec);
(void)gettimeofday(then, NULL);
} else
*then = now;
*bufrem = curclass.rateget;
}
}
}
return (0);
}
static enum send_status
send_data_with_read(int filefd, int netfd, const struct stat *st, int isdata)
{
struct timeval then;
off_t bufrem;
size_t readsize;
char *buf;
int c, error;
if (curclass.readsize)
readsize = curclass.readsize;
else
readsize = (size_t)st->st_blksize;
if ((buf = malloc(readsize)) == NULL) {
perror_reply(451, "Local resource failure: malloc");
return (SS_NO_TRANSFER);
}
if (curclass.rateget) {
bufrem = curclass.rateget;
(void)gettimeofday(&then, NULL);
}
while (1) {
(void) alarm(curclass.timeout);
c = read(filefd, buf, readsize);
if (c == 0)
error = SS_SUCCESS;
else if (c < 0)
error = SS_FILE_ERROR;
else if (write_data(netfd, buf, c, &bufrem, &then, isdata))
error = SS_DATA_ERROR;
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
else if (urgflag && handleoobcmd())
error = SS_ABORTED;
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
else
continue;
free(buf);
return (error);
}
}
static enum send_status
send_data_with_mmap(int filefd, int netfd, const struct stat *st, int isdata)
{
struct timeval then;
off_t bufrem, filesize, off, origoff;
size_t mapsize, winsize;
int error, sendbufsize, sendlowat;
void *win;
if (curclass.sendbufsize) {
sendbufsize = curclass.sendbufsize;
if (setsockopt(netfd, SOL_SOCKET, SO_SNDBUF,
&sendbufsize, sizeof(int)) == -1)
syslog(LOG_WARNING, "setsockopt(SO_SNDBUF, %d): %m",
sendbufsize);
}
if (curclass.sendlowat) {
sendlowat = curclass.sendlowat;
if (setsockopt(netfd, SOL_SOCKET, SO_SNDLOWAT,
&sendlowat, sizeof(int)) == -1)
syslog(LOG_WARNING, "setsockopt(SO_SNDLOWAT, %d): %m",
sendlowat);
}
winsize = curclass.mmapsize;
filesize = st->st_size;
if (debug)
syslog(LOG_INFO, "mmapsize = %ld, writesize = %ld",
(long)winsize, (long)curclass.writesize);
if (winsize == 0)
goto try_read;
off = lseek(filefd, (off_t)0, SEEK_CUR);
if (off == -1)
goto try_read;
origoff = off;
if (curclass.rateget) {
bufrem = curclass.rateget;
(void)gettimeofday(&then, NULL);
}
while (1) {
mapsize = MIN(filesize - off, winsize);
if (mapsize == 0)
break;
win = mmap(NULL, mapsize, PROT_READ,
MAP_FILE|MAP_SHARED, filefd, off);
if (win == MAP_FAILED) {
if (off == origoff)
goto try_read;
return (SS_FILE_ERROR);
}
(void) madvise(win, mapsize, MADV_SEQUENTIAL);
error = write_data(netfd, win, mapsize, &bufrem, &then,
isdata);
(void) madvise(win, mapsize, MADV_DONTNEED);
munmap(win, mapsize);
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
if (urgflag && handleoobcmd())
return (SS_ABORTED);
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
if (error)
return (SS_DATA_ERROR);
off += mapsize;
}
return (SS_SUCCESS);
try_read:
return (send_data_with_read(filefd, netfd, st, isdata));
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
* Tranfer the contents of "instr" to "outstr" peer using the appropriate
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
* encapsulation of the data subject to Mode, Structure, and Type.
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
*
* NB: Form isn't handled.
*/
support displaying the stderr output from a LIST or a conversion to the user at the end of a transfer. this generates a file in /tmp, so anonymous requires a writable ~ftp/tmp, which you may not want to do (because it may allow people to unwanted upload files). XXX: a better method of storing the stderr output would be nice, but is a lot more effort to implement. this feature can at least be used temporarily whilst debugging why an ftp conversion doesn't work.
1998-06-08 11:13:13 +04:00
static int
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
send_data(FILE *instr, FILE *outstr, const struct stat *st, int isdata)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
int c, filefd, netfd, rval;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
urgflag = 0;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
transflag = 1;
rval = -1;
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
switch (type) {
case TYPE_A:
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
/* XXXLUKEM: rate limit ascii send (get) */
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void) alarm(curclass.timeout);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
while ((c = getc(instr)) != EOF) {
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
if (urgflag && handleoobcmd())
goto cleanup_send_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
byte_count++;
if (c == '\n') {
if (ferror(outstr))
goto data_err;
(void) putc('\r', outstr);
* fix a problem in retrieve() where arguments to commands weren't working (this was broken in the last commit). problem noticed by simonb@ * don't display the stderr output of the internal ls. * modify usage of lreply so that generally only one `XXX-' code per `block' is displayed; the rest of the lines have four spaces instead. i find this easier to read. * fix a couple places where byte accounting wasn't correct
1999-05-18 12:14:17 +04:00
if (isdata) {
total_data_out++;
total_data++;
}
total_bytes_out++;
total_bytes++;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
(void) putc(c, outstr);
* fix a problem in retrieve() where arguments to commands weren't working (this was broken in the last commit). problem noticed by simonb@ * don't display the stderr output of the internal ls. * modify usage of lreply so that generally only one `XXX-' code per `block' is displayed; the rest of the lines have four spaces instead. i find this easier to read. * fix a couple places where byte accounting wasn't correct
1999-05-18 12:14:17 +04:00
if (isdata) {
total_data_out++;
total_data++;
}
total_bytes_out++;
total_bytes++;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
if ((byte_count % 4096) == 0)
(void) alarm(curclass.timeout);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void) alarm(0);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
fflush(outstr);
if (ferror(instr))
goto file_err;
if (ferror(outstr))
goto data_err;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
rval = 0;
goto cleanup_send_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
case TYPE_I:
case TYPE_L:
filefd = fileno(instr);
* fix a problem in retrieve() where arguments to commands weren't working (this was broken in the last commit). problem noticed by simonb@ * don't display the stderr output of the internal ls. * modify usage of lreply so that generally only one `XXX-' code per `block' is displayed; the rest of the lines have four spaces instead. i find this easier to read. * fix a couple places where byte accounting wasn't correct
1999-05-18 12:14:17 +04:00
netfd = fileno(outstr);
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
switch (send_data_with_mmap(filefd, netfd, st, isdata)) {
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
case SS_SUCCESS:
break;
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
case SS_ABORTED:
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
case SS_NO_TRANSFER:
goto cleanup_send_data;
case SS_FILE_ERROR:
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
goto file_err;
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
case SS_DATA_ERROR:
goto data_err;
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
rval = 0;
goto cleanup_send_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
default:
reply(550, "Unimplemented TYPE %d in send_data", type);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
goto cleanup_send_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
data_err:
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void) alarm(0);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
perror_reply(426, "Data connection");
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
goto cleanup_send_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
file_err:
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void) alarm(0);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
perror_reply(551, "Error on input file");
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
goto cleanup_send_data;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
cleanup_send_data:
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void) alarm(0);
transflag = 0;
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
urgflag = 0;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
if (isdata) {
total_files_out++;
total_files++;
}
total_xfers_out++;
total_xfers++;
return (rval);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
/*
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
* Transfer data from peer to "outstr" using the appropriate encapulation of
* the data subject to Mode, Structure, and Type.
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
*
* N.B.: Form isn't handled.
*/
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
static int
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
receive_data(FILE *instr, FILE *outstr)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
int c, bare_lfs, netfd, filefd, rval;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
off_t byteswritten;
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
char *buf;
size_t readsize;
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
struct sigaction sa, sa_saved;
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
struct stat st;
- Pass gcc -Wall - Fix incorrect const poisoning - Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
1997-06-18 23:05:46 +04:00
#ifdef __GNUC__
(void) &bare_lfs;
#endif
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
memset(&sa, 0, sizeof(sa));
sigfillset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
sa.sa_handler = lostconn;
(void) sigaction(SIGALRM, &sa, &sa_saved);
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
bare_lfs = 0;
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
urgflag = 0;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
transflag = 1;
rval = -1;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
byteswritten = 0;
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
buf = NULL;
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
#define FILESIZECHECK(x) \
do { \
if (curclass.maxfilesize != -1 && \
(x) > curclass.maxfilesize) { \
errno = EFBIG; \
goto file_err; \
} \
} while (0)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
switch (type) {
case TYPE_I:
case TYPE_L:
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
netfd = fileno(instr);
filefd = fileno(outstr);
(void) alarm(curclass.timeout);
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
if (curclass.readsize)
readsize = curclass.readsize;
else if (fstat(filefd, &st))
readsize = (size_t)st.st_blksize;
else
readsize = BUFSIZ;
if ((buf = malloc(readsize)) == NULL) {
perror_reply(451, "Local resource failure: malloc");
goto cleanup_recv_data;
}
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (curclass.rateput) {
while (1) {
int d;
struct timeval then, now, td;
off_t bufrem;
(void)gettimeofday(&then, NULL);
errno = c = d = 0;
for (bufrem = curclass.rateput; bufrem > 0; ) {
if ((c = read(netfd, buf,
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
MIN(readsize, bufrem))) <= 0)
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
goto recvdone;
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
if (urgflag && handleoobcmd())
goto cleanup_recv_data;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
FILESIZECHECK(byte_count + c);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if ((d = write(filefd, buf, c)) != c)
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
goto file_err;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
(void) alarm(curclass.timeout);
bufrem -= c;
byte_count += c;
total_data_in += c;
total_data += c;
total_bytes_in += c;
total_bytes += c;
}
(void)gettimeofday(&now, NULL);
timersub(&now, &then, &td);
fix problems noted by <dogcow@redback.com> in [bin/10390] and private email: * fix RATE{GET,PUT} under some situations when the client is slower than the server (something i missed when migrating the rate limiting code i wrote in ftp(1) to ftpd(8)) * document what units RATE{GET,PUT} use
2000-06-20 11:39:46 +04:00
if (td.tv_sec == 0)
usleep(1000000 - td.tv_usec);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
}
} else {
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
while ((c = read(netfd, buf, readsize)) > 0) {
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
if (urgflag && handleoobcmd())
goto cleanup_recv_data;
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
FILESIZECHECK(byte_count + c);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (write(filefd, buf, c) != c)
goto file_err;
(void) alarm(curclass.timeout);
byte_count += c;
total_data_in += c;
total_data += c;
total_bytes_in += c;
total_bytes += c;
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
recvdone:
if (c < 0)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
goto data_err;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
rval = 0;
goto cleanup_recv_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
case TYPE_E:
reply(553, "TYPE E not implemented.");
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
goto cleanup_recv_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
case TYPE_A:
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void) alarm(curclass.timeout);
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
/* XXXLUKEM: rate limit ascii receive (put) */
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
while ((c = getc(instr)) != EOF) {
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
if (urgflag && handleoobcmd())
goto cleanup_recv_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
byte_count++;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
total_data_in++;
total_data++;
total_bytes_in++;
total_bytes++;
if ((byte_count % 4096) == 0)
(void) alarm(curclass.timeout);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (c == '\n')
bare_lfs++;
while (c == '\r') {
if (ferror(outstr))
goto data_err;
if ((c = getc(instr)) != '\n') {
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
byte_count++;
total_data_in++;
total_data++;
total_bytes_in++;
total_bytes++;
if ((byte_count % 4096) == 0)
(void) alarm(curclass.timeout);
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
byteswritten++;
FILESIZECHECK(byteswritten);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
(void) putc ('\r', outstr);
if (c == '\0' || c == EOF)
goto contin2;
}
}
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
byteswritten++;
FILESIZECHECK(byteswritten);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
(void) putc(c, outstr);
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
contin2: ;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void) alarm(0);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
fflush(outstr);
if (ferror(instr))
goto data_err;
if (ferror(outstr))
goto file_err;
if (bare_lfs) {
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(-226,
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
"WARNING! %d bare linefeeds received in ASCII mode",
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
bare_lfs);
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "File may not have transferred correctly.");
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
rval = 0;
goto cleanup_recv_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
default:
reply(550, "Unimplemented TYPE %d in receive_data", type);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
goto cleanup_recv_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
comment or delete text after CPP directives.
2001-01-16 05:50:27 +03:00
#undef FILESIZECHECK
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
data_err:
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void) alarm(0);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
perror_reply(426, "Data Connection");
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
goto cleanup_recv_data;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
file_err:
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void) alarm(0);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
perror_reply(452, "Error writing file");
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
goto cleanup_recv_data;
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
cleanup_recv_data:
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
(void) alarm(0);
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
(void) sigaction(SIGALRM, &sa_saved, NULL);
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
if (buf)
free(buf);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
transflag = 0;
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
urgflag = 0;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
total_files_in++;
total_files++;
total_xfers_in++;
total_xfers++;
return (rval);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
statcmd(void)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
struct sockinet *su = NULL;
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
2000-11-24 15:56:45 +03:00
static char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
u_char *a, *p;
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
int ispassive, af;
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
off_t otbi, otbo, otb;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
a = p = (u_char *)NULL;
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(-211, "%s FTP server status:", hostname);
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
2000-07-23 18:40:48 +04:00
reply(0, "Version: %s", EMPTYSTR(version) ? "<suppressed>" : version);
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
2000-11-24 15:56:45 +03:00
hbuf[0] = '\0';
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
if (!getnameinfo((struct sockaddr *)&his_addr.si_su, his_addr.su_len,
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
2000-11-24 15:56:45 +03:00
hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST)
&& strcmp(remotehost, hbuf) != 0)
reply(0, "Connected to %s (%s)", remotehost, hbuf);
Make this compile again without -DINET6 and without get{addr,name}info(3) This ftpd now compiles and runs on NetBSD/1.4.2 with: CPPFLAGS+= \ '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \ '-Dstrlcat=strncat' \ '-Dsl_add(a,b)=(sl_add(a,b),0)'
2000-09-15 18:55:16 +04:00
else
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Connected to %s", remotehost);
Make this compile again without -DINET6 and without get{addr,name}info(3) This ftpd now compiles and runs on NetBSD/1.4.2 with: CPPFLAGS+= \ '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \ '-Dstrlcat=strncat' \ '-Dsl_add(a,b)=(sl_add(a,b),0)'
2000-09-15 18:55:16 +04:00
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (logged_in) {
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (curclass.type == CLASS_GUEST)
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Logged in anonymously");
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
else
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Logged in as %s%s", pw->pw_name,
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
curclass.type == CLASS_CHROOT ? " (chroot)" : "");
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
} else if (askpasswd)
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Waiting for password");
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
else
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Waiting for user name");
cprintf(stdout, " TYPE: %s", typenames[type]);
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
if (type == TYPE_A || type == TYPE_E)
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
cprintf(stdout, ", FORM: %s", formnames[form]);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
if (type == TYPE_L) {
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#if NBBY == 8
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
cprintf(stdout, " %d", NBBY);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#else
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
/* XXX: `bytesize' needs to be defined in this case */
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
cprintf(stdout, " %d", bytesize);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#endif
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
}
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
cprintf(stdout, "; STRUcture: %s; transfer MODE: %s\r\n",
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
strunames[stru], modenames[mode]);
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
ispassive = 0;
if (data != -1) {
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
reply(0, "Data connection open");
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
su = NULL;
} else if (pdata != -1) {
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "in Passive mode");
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
if (curclass.advertise.su_len != 0)
su = &curclass.advertise;
else
su = &pasv_addr;
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
ispassive = 1;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
goto printaddr;
} else if (usedefault == 0) {
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
if (epsvall) {
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "EPSV only mode (EPSV ALL)");
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
goto epsvonly;
}
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
su = (struct sockinet *)&data_dest;
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
printaddr:
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
/* PASV/PORT */
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
if (su->su_family == AF_INET) {
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
a = (u_char *) &su->su_addr;
p = (u_char *) &su->su_port;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#define UC(b) (((int) b) & 0xff)
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "%s (%d,%d,%d,%d,%d,%d)",
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
ispassive ? "PASV" : "PORT" ,
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
UC(p[0]), UC(p[1]));
}
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
/* LPSV/LPRT */
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
{
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
int alen, i;
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
alen = 0;
switch (su->su_family) {
case AF_INET:
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
a = (u_char *) &su->su_addr;
p = (u_char *) &su->su_port;
alen = sizeof(su->su_addr);
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
af = 4;
break;
Make this compile again without -DINET6 and without get{addr,name}info(3) This ftpd now compiles and runs on NetBSD/1.4.2 with: CPPFLAGS+= \ '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \ '-Dstrlcat=strncat' \ '-Dsl_add(a,b)=(sl_add(a,b),0)'
2000-09-15 18:55:16 +04:00
#ifdef INET6
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
case AF_INET6:
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
a = (u_char *) &su->su_6addr;
p = (u_char *) &su->su_port;
alen = sizeof(su->su_6addr);
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
af = 6;
break;
Make this compile again without -DINET6 and without get{addr,name}info(3) This ftpd now compiles and runs on NetBSD/1.4.2 with: CPPFLAGS+= \ '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \ '-Dstrlcat=strncat' \ '-Dsl_add(a,b)=(sl_add(a,b),0)'
2000-09-15 18:55:16 +04:00
#endif
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
default:
af = 0;
break;
}
if (af) {
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
cprintf(stdout, " %s (%d,%d",
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
ispassive ? "LPSV" : "LPRT", af, alen);
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
for (i = 0; i < alen; i++)
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
cprintf(stdout, ",%d", UC(a[i]));
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
2000-11-24 15:56:45 +03:00
cprintf(stdout, ",%d,%d,%d)\r\n",
2, UC(p[0]), UC(p[1]));
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#undef UC
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
}
}
/* EPRT/EPSV */
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
epsvonly:
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
af = af2epsvproto(su->su_family);
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
2000-11-24 15:56:45 +03:00
hbuf[0] = '\0';
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
if (af > 0) {
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
2000-11-24 15:56:45 +03:00
struct sockinet tmp;
tmp = *su;
- ensure all uses of AF_INET6 are wrapped in #ifdef INET6 - don't define `ALL' as a token twice in the grammar
2000-11-28 12:31:29 +03:00
#ifdef INET6
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
2000-11-24 15:56:45 +03:00
if (tmp.su_family == AF_INET6)
tmp.su_scope_id = 0;
- ensure all uses of AF_INET6 are wrapped in #ifdef INET6 - don't define `ALL' as a token twice in the grammar
2000-11-28 12:31:29 +03:00
#endif
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
2000-11-24 15:56:45 +03:00
if (getnameinfo((struct sockaddr *)&tmp.si_su,
tmp.su_len, hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
NI_NUMERICHOST | NI_NUMERICSERV) == 0)
reply(0, "%s (|%d|%s|%s|)",
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
ispassive ? "EPSV" : "EPRT",
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
2000-11-24 15:56:45 +03:00
af, hbuf, sbuf);
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
} else
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "No data connection");
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
if (logged_in) {
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
reply(0,
"Data sent: " LLF " byte%s in " LLF " file%s",
(LLT)total_data_out, PLURAL(total_data_out),
(LLT)total_files_out, PLURAL(total_files_out));
reply(0,
"Data received: " LLF " byte%s in " LLF " file%s",
(LLT)total_data_in, PLURAL(total_data_in),
(LLT)total_files_in, PLURAL(total_files_in));
reply(0,
"Total data: " LLF " byte%s in " LLF " file%s",
(LLT)total_data, PLURAL(total_data),
(LLT)total_files, PLURAL(total_files));
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
}
otbi = total_bytes_in;
otbo = total_bytes_out;
otb = total_bytes;
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
reply(0, "Traffic sent: " LLF " byte%s in " LLF " transfer%s",
(LLT)otbo, PLURAL(otbo),
(LLT)total_xfers_out, PLURAL(total_xfers_out));
reply(0, "Traffic received: " LLF " byte%s in " LLF " transfer%s",
(LLT)otbi, PLURAL(otbi),
(LLT)total_xfers_in, PLURAL(total_xfers_in));
reply(0, "Total traffic: " LLF " byte%s in " LLF " transfer%s",
(LLT)otb, PLURAL(otb),
(LLT)total_xfers, PLURAL(total_xfers));
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
if (logged_in && !CURCLASS_FLAGS_ISSET(private)) {
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
struct ftpconv *cp;
More format paranoia.
2000-07-08 22:24:28 +04:00
reply(0, "%s", "");
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Class: %s, type: %s",
* add support for optional groupglob in ftpuser entry. the syntax is now: userglob[:groupglob][@host] [directive [class]] * append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 15:56:15 +03:00
curclass.classname, CURCLASSTYPE);
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Check PORT/LPRT commands: %sabled",
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
CURCLASS_FLAGS_ISSET(checkportcmd) ? "en" : "dis");
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
if (! EMPTYSTR(curclass.display))
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Display file: %s", curclass.display);
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
if (! EMPTYSTR(curclass.notify))
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Notify fileglob: %s", curclass.notify);
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
reply(0, "Idle timeout: " LLF ", maximum timeout: " LLF,
(LLT)curclass.timeout, (LLT)curclass.maxtimeout);
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Current connections: %d", connections);
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
if (curclass.limit == -1)
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Maximum connections: unlimited");
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
else
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
reply(0, "Maximum connections: " LLF,
(LLT)curclass.limit);
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
if (curclass.limitfile)
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
reply(0, "Connection limit exceeded message file: %s",
- Don't try and use the motd if it's empty. Problem reported in [bin/14751] by Kimmo Suominen - Display conffilename() version of limitfile and motd in status output
2001-11-28 02:42:40 +03:00
conffilename(curclass.limitfile));
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
if (! EMPTYSTR(curclass.chroot))
reply(0, "Chroot format: %s", curclass.chroot);
remove extraneous ": " from message
2001-12-12 11:13:33 +03:00
reply(0, "Deny bad ftpusers(5) quickly: %sabled",
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
2001-12-04 16:54:12 +03:00
CURCLASS_FLAGS_ISSET(denyquick) ? "en" : "dis");
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
if (! EMPTYSTR(curclass.homedir))
reply(0, "Homedir format: %s", curclass.homedir);
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
if (curclass.maxfilesize == -1)
reply(0, "Maximum file size: unlimited");
else
reply(0, "Maximum file size: " LLF,
(LLT)curclass.maxfilesize);
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
2000-07-17 06:30:52 +04:00
if (! EMPTYSTR(curclass.motd))
- Don't try and use the motd if it's empty. Problem reported in [bin/14751] by Kimmo Suominen - Display conffilename() version of limitfile and motd in status output
2001-11-28 02:42:40 +03:00
reply(0, "MotD file: %s", conffilename(curclass.motd));
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0,
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
"Modify commands (CHMOD, DELE, MKD, RMD, RNFR, UMASK): %sabled",
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
CURCLASS_FLAGS_ISSET(modify) ? "en" : "dis");
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Upload commands (APPE, STOR, STOU): %sabled",
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
CURCLASS_FLAGS_ISSET(upload) ? "en" : "dis");
reply(0, "Sanitize file names: %sabled",
CURCLASS_FLAGS_ISSET(sanenames) ? "en" : "dis");
reply(0, "PASV/LPSV/EPSV connections: %sabled",
CURCLASS_FLAGS_ISSET(passive) ? "en" : "dis");
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
if (curclass.advertise.su_len != 0) {
char buf[50]; /* big enough for IPv6 address */
const char *bp;
bp = inet_ntop(curclass.advertise.su_family,
(void *)&curclass.advertise.su_addr,
buf, sizeof(buf));
if (bp != NULL)
Alan Barrett informs me that "advertise" (instead of "advertize") is the norm even in American English.
2001-07-08 11:27:14 +04:00
reply(0, "PASV advertise address: %s", bp);
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
}
suppress verbose messages from CWD and post-login if the first character of the anonymous password is `-'.
2000-01-13 03:04:31 +03:00
if (curclass.portmin && curclass.portmax)
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
reply(0, "PASV port range: " LLF " - " LLF,
(LLT)curclass.portmin, (LLT)curclass.portmax);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (curclass.rateget)
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
reply(0, "Rate get limit: " LLF " bytes/sec",
(LLT)curclass.rateget);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
else
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Rate get limit: disabled");
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (curclass.rateput)
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
reply(0, "Rate put limit: " LLF " bytes/sec",
(LLT)curclass.rateput);
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
else
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Rate put limit: disabled");
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
if (curclass.mmapsize)
reply(0, "Mmap size: " LLF, (LLT)curclass.mmapsize);
else
reply(0, "Mmap size: disabled");
if (curclass.readsize)
reply(0, "Read size: " LLF, (LLT)curclass.readsize);
else
reply(0, "Read size: default");
if (curclass.writesize)
reply(0, "Write size: " LLF, (LLT)curclass.writesize);
else
reply(0, "Write size: default");
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
if (curclass.recvbufsize)
reply(0, "Receive buffer size: " LLF,
(LLT)curclass.recvbufsize);
else
reply(0, "Receive buffer size: default");
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
if (curclass.sendbufsize)
reply(0, "Send buffer size: " LLF,
(LLT)curclass.sendbufsize);
else
reply(0, "Send buffer size: default");
if (curclass.sendlowat)
reply(0, "Send low water mark: " LLF,
(LLT)curclass.sendlowat);
else
reply(0, "Send low water mark: default");
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Umask: %.04o", curclass.umask);
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
for (cp = curclass.conversions; cp != NULL; cp=cp->next) {
if (cp->suffix == NULL || cp->types == NULL ||
cp->command == NULL)
continue;
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
reply(0, "Conversion: %s [%s] disable: %s, command: %s",
* implement /etc/ftpd.conf, which adds support for the following features, controllable on a per class (which is one of: real, chroot, guest, all or none) basis: * on-the-fly execution of a command to build the file (a ``conversion''), providing support for "get dirname.tar" and the like. * displaying the contents of a file when a directory is entered for the first time. * maximum value for timeout (replaces -T). * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST. * notifying the user of the existance of a files matching a glob pattern when a directory is entered for the first time. * default value for timeout (replaces -t). * default umask (replaces -DGUEST_CMASK and -u). The conversion, display, and notify functionality was based on code by Simon Burge <simonb@telstra.com.au>. * clean up and re-order parts of the man page into subsections. * STAT displays the settings defined for the class of the current user. * bump version from 6.00 to 7.00, because of ftpd.conf. * deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and -t, -T and -u, as ftpd.conf allows finer control of these. * add "nostderr" argument to ftpd_popen(), because you don't want the stderr stream mixing with the stdout stream during a conversion, as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
cp->suffix, cp->types, cp->disable, cp->command);
}
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
reply(211, "End of status");
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
fatal(const char *s)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
reply(451, "Error in server: %s\n", s);
reply(221, "Closing connection due to server error.");
dologout(0);
/* NOTREACHED */
}
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
/*
* reply() --
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
* depending on the value of n, display fmt with a trailing CRLF and
* prefix of:
* n < -1 prefix the message with abs(n) + "-" (initial line)
* n == 0 prefix the message with 4 spaces (middle lines)
* n > 0 prefix the message with n + " " (final line)
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
*/
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
reply(int n, const char *fmt, ...)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
char msg[MAXPATHLEN * 2 + 100];
size_t b;
va_list ap;
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
b = 0;
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
if (n == 0)
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
b = snprintf(msg, sizeof(msg), " ");
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
else if (n < 0)
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
b = snprintf(msg, sizeof(msg), "%d-", -n);
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
else
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
b = snprintf(msg, sizeof(msg), "%d ", n);
va_start(ap, fmt);
vsnprintf(msg + b, sizeof(msg) - b, fmt, ap);
va_{start,end} audit: Make sure that each va_start has one and only one matching va_end, especially in error cases. If the va_list is used multiple times, do multiple va_starts/va_ends. If a function gets va_list as argument, don't let it use va_end (since it's the callers responsibility). Improved by comments from enami and christos -- thanks! Heimdal/krb4/KAME changes already fed back, rest to follow. Inspired by, but not not based on, OpenBSD.
2001-09-24 17:22:25 +04:00
va_end(ap);
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
cprintf(stdout, "%s\r\n", msg);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
(void)fflush(stdout);
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
if (debug)
syslog(LOG_DEBUG, "<--- %s", msg);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
static void
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
logremotehost(struct sockinet *who)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
modify dolog() to take a struct sockinet * instead of struct sockaddr *
2000-11-28 12:46:34 +03:00
if (getnameinfo((struct sockaddr *)&who->si_su,
who->su_len, remotehost, sizeof(remotehost), NULL, 0, 0))
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
2000-11-24 15:56:45 +03:00
strlcpy(remotehost, "?", sizeof(remotehost));
Make this compile again without -DINET6 and without get{addr,name}info(3) This ftpd now compiles and runs on NetBSD/1.4.2 with: CPPFLAGS+= \ '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \ '-Dstrlcat=strncat' \ '-Dsl_add(a,b)=(sl_add(a,b),0)'
2000-09-15 18:55:16 +04:00
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
2000-11-30 05:59:11 +03:00
#if HAVE_SETPROCTITLE
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
setproctitle(), and for any other printf variants, it is not a good idea to pass variable directly like foo(x). use foo("%s", x) to avoid misuse. from: openbsd
2000-07-06 02:15:04 +04:00
setproctitle("%s", proctitle);
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
2000-11-30 05:59:11 +03:00
#endif /* HAVE_SETPROCTITLE */
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
if (logging)
deprecate -h hostname in favour of automatic determination of local hostname. this is a much cleaner solution for supporting multihomed virtual servers. from Geoff C. Wing <gcw@pobox.com> in [bin/8137].
1999-12-18 09:33:54 +03:00
syslog(LOG_INFO, "connection from %s to %s",
remotehost, hostname);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
/*
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
* Record logout in wtmp file and exit with supplied status.
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
* NOTE: because this is called from signal handlers it cannot
* use stdio (or call other functions that use stdio).
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
*/
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
dologout(int status)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
set transflag to 0 in dologout, to prevent a SIGURG taking us back to the main loop.
1997-01-23 08:57:55 +03:00
/*
* Prevent reception of SIGURG from resulting in a resumption
* back to the main program loop.
*/
transflag = 0;
Disable UTMPX support for now, because ftpd might chroot and we need to keep files open.
2002-08-20 17:55:58 +04:00
logout_utmp();
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (logged_in) {
Format police. Also, try s/key before Kerberos.
1997-10-12 17:18:56 +04:00
#ifdef KERBEROS
some changes to make Kerberos a bit easier to use. from Michael Graff <explorer@vorpal.com>, with some work by myself...
1994-03-30 06:49:15 +04:00
if (!notickets && krbtkfile_env)
unlink(krbtkfile_env);
#endif
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
/* beware of flushing buffers after a SIGPIPE */
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
if (xferlogfd != -1)
close(xferlogfd);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
_exit(status);
}
minor knf post aidan's oob rototill
2001-04-12 06:28:59 +04:00
void
abor(void)
As threatened, handle OOB commands from within ftpcmd.y. This involved changing the yacc syntax to be line-oriented, rather than having it run against the entire input at once, and adding a flag to struct tab, to indicate if or not it's acceptable for a command to occur OOB.
2001-04-02 03:04:30 +04:00
{
minor knf post aidan's oob rototill
2001-04-12 06:28:59 +04:00
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
if (!transflag)
return;
As threatened, handle OOB commands from within ftpcmd.y. This involved changing the yacc syntax to be line-oriented, rather than having it run against the entire input at once, and adding a flag to struct tab, to indicate if or not it's acceptable for a command to occur OOB.
2001-04-02 03:04:30 +04:00
tmpline[0] = '\0';
is_oob = 0;
reply(426, "Transfer aborted. Data connection closed.");
reply(226, "Abort successful");
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
transflag = 0; /* flag that the transfer has aborted */
As threatened, handle OOB commands from within ftpcmd.y. This involved changing the yacc syntax to be line-oriented, rather than having it run against the entire input at once, and adding a flag to struct tab, to indicate if or not it's acceptable for a command to occur OOB.
2001-04-02 03:04:30 +04:00
}
minor knf post aidan's oob rototill
2001-04-12 06:28:59 +04:00
void
statxfer(void)
As threatened, handle OOB commands from within ftpcmd.y. This involved changing the yacc syntax to be line-oriented, rather than having it run against the entire input at once, and adding a flag to struct tab, to indicate if or not it's acceptable for a command to occur OOB.
2001-04-02 03:04:30 +04:00
{
minor knf post aidan's oob rototill
2001-04-12 06:28:59 +04:00
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
if (!transflag)
return;
As threatened, handle OOB commands from within ftpcmd.y. This involved changing the yacc syntax to be line-oriented, rather than having it run against the entire input at once, and adding a flag to struct tab, to indicate if or not it's acceptable for a command to occur OOB.
2001-04-02 03:04:30 +04:00
tmpline[0] = '\0';
is_oob = 0;
if (file_size != (off_t) -1)
reply(213,
"Status: " LLF " of " LLF " byte%s transferred",
(LLT)byte_count, (LLT)file_size,
PLURAL(byte_count));
else
reply(213, "Status: " LLF " byte%s transferred",
(LLT)byte_count, PLURAL(byte_count));
}
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
/*
* Call when urgflag != 0 to handle Out Of Band commands.
* Returns non zero if the OOB command aborted the transfer
* by setting transflag to 0. (c.f., "ABOR").
*/
static int
handleoobcmd()
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
char *cp;
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
if (!urgflag)
return (0);
urgflag = 0;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/* only process if transfer occurring */
if (!transflag)
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
return (0);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
cp = tmpline;
As threatened, handle OOB commands from within ftpcmd.y. This involved changing the yacc syntax to be line-oriented, rather than having it run against the entire input at once, and adding a flag to struct tab, to indicate if or not it's acceptable for a command to occur OOB.
2001-04-02 03:04:30 +04:00
if (getline(cp, sizeof(tmpline), stdin) == NULL) {
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
reply(221, "You could at least say goodbye.");
dologout(0);
}
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
/*
* Manually parse OOB commands, because we can't
* recursively call the yacc parser...
*/
if (strcasecmp(cp, "ABOR\r\n") == 0) {
abor();
} else if (strcasecmp(cp, "STAT\r\n") == 0) {
statxfer();
} else {
/* XXX: error with "500 unknown command" ? */
}
return (transflag == 0);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp> * change the way global variables are defined and extern-ed to be more consistent.
2000-01-13 01:39:27 +03:00
static int
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
bind_pasv_addr(void)
* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp> * change the way global variables are defined and extern-ed to be more consistent.
2000-01-13 01:39:27 +03:00
{
static int passiveport;
int port, len;
len = pasv_addr.su_len;
if (curclass.portmin == 0 && curclass.portmax == 0) {
pasv_addr.su_port = 0;
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
return (bind(pdata, (struct sockaddr *)&pasv_addr.si_su, len));
* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp> * change the way global variables are defined and extern-ed to be more consistent.
2000-01-13 01:39:27 +03:00
}
if (passiveport == 0) {
srand(getpid());
passiveport = rand() % (curclass.portmax - curclass.portmin)
+ curclass.portmin;
}
port = passiveport;
while (1) {
port++;
if (port > curclass.portmax)
port = curclass.portmin;
else if (port == passiveport) {
errno = EAGAIN;
return (-1);
}
pasv_addr.su_port = htons(port);
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
if (bind(pdata, (struct sockaddr *)&pasv_addr.si_su, len) == 0)
* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp> * change the way global variables are defined and extern-ed to be more consistent.
2000-01-13 01:39:27 +03:00
break;
if (errno != EADDRINUSE)
return (-1);
}
passiveport = port;
return (0);
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
* Note: a response of 425 is not mentioned as a possible response to
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
* the PASV command in RFC959. However, it has been blessed as
* a legitimate response by Jon Postel in a telephone conversation
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
* with Rick Adams on 25 Jan 89.
*/
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
passive(void)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
int len, recvbufsize;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
char *p, *a;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
close pdata when it is kept opened till call to {,long_}passive().
1999-12-09 14:18:05 +03:00
if (pdata >= 0)
close(pdata);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
pdata = socket(AF_INET, SOCK_STREAM, 0);
* don't log failed usernames to ftp.notice; use authpriv.notice instead. closes [bin/1571] * don't quit if "PASV" is received without the user being logged in. closes [bin/2401], albiet with a modified test.
1997-05-29 14:31:48 +04:00
if (pdata < 0 || !logged_in) {
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
perror_reply(425, "Can't open passive connection");
return;
}
pasv_addr = ctrl_addr;
* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp> * change the way global variables are defined and extern-ed to be more consistent.
2000-01-13 01:39:27 +03:00
if (bind_pasv_addr() < 0)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
goto pasv_error;
* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp> * change the way global variables are defined and extern-ed to be more consistent.
2000-01-13 01:39:27 +03:00
len = pasv_addr.su_len;
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
if (getsockname(pdata, (struct sockaddr *) &pasv_addr.si_su, &len) < 0)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
goto pasv_error;
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
pasv_addr.su_len = len;
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
2005-08-24 19:51:41 +04:00
if (curclass.recvbufsize) {
recvbufsize = curclass.recvbufsize;
if (setsockopt(pdata, SOL_SOCKET, SO_RCVBUF, &recvbufsize,
sizeof(int)) == -1)
syslog(LOG_WARNING, "setsockopt(SO_RCVBUF, %d): %m",
recvbufsize);
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (listen(pdata, 1) < 0)
goto pasv_error;
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
if (curclass.advertise.su_len != 0)
a = (char *) &curclass.advertise.su_addr;
else
a = (char *) &pasv_addr.su_addr;
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
p = (char *) &pasv_addr.su_port;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
#define UC(b) (((int) b) & 0xff)
reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
return;
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
pasv_error:
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
(void) close(pdata);
pdata = -1;
perror_reply(425, "Can't open passive connection");
return;
}
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
/*
* convert protocol identifier to/from AF
*/
int
lpsvproto2af(int proto)
{
switch (proto) {
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
case 4:
return AF_INET;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
#ifdef INET6
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
case 6:
return AF_INET6;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
#endif
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
default:
return -1;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
}
}
int
af2lpsvproto(int af)
{
switch (af) {
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
case AF_INET:
return 4;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
#ifdef INET6
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
case AF_INET6:
return 6;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
#endif
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
default:
return -1;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
}
}
int
epsvproto2af(int proto)
{
switch (proto) {
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
case 1:
return AF_INET;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
#ifdef INET6
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
case 2:
return AF_INET6;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
#endif
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
default:
return -1;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
}
}
int
af2epsvproto(int af)
{
switch (af) {
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
case AF_INET:
return 1;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
#ifdef INET6
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
case AF_INET6:
return 2;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
#endif
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
default:
return -1;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
}
}
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
/*
* 228 Entering Long Passive Mode (af, hal, h1, h2, h3,..., pal, p1, p2...)
* 229 Entering Extended Passive Mode (|||port|)
*/
void
long_passive(char *cmd, int pf)
{
int len;
* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp> * change the way global variables are defined and extern-ed to be more consistent.
2000-01-13 01:39:27 +03:00
char *p, *a;
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
if (!logged_in) {
syslog(LOG_NOTICE, "long passive but not logged in");
reply(503, "Login with USER first.");
return;
}
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
if (pf != PF_UNSPEC && ctrl_addr.su_family != pf) {
/*
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
* XXX: only EPRT/EPSV ready clients will understand this
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
*/
if (strcmp(cmd, "EPSV") != 0)
reply(501, "Network protocol mismatch"); /*XXX*/
else
epsv_protounsupp("Network protocol mismatch");
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
return;
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
}
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
close pdata when it is kept opened till call to {,long_}passive().
1999-12-09 14:18:05 +03:00
if (pdata >= 0)
close(pdata);
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
pdata = socket(ctrl_addr.su_family, SOCK_STREAM, 0);
if (pdata < 0) {
perror_reply(425, "Can't open passive connection");
return;
}
pasv_addr = ctrl_addr;
* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp> * change the way global variables are defined and extern-ed to be more consistent.
2000-01-13 01:39:27 +03:00
if (bind_pasv_addr() < 0)
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
goto pasv_error;
len = pasv_addr.su_len;
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
if (getsockname(pdata, (struct sockaddr *) &pasv_addr.si_su, &len) < 0)
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
goto pasv_error;
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
pasv_addr.su_len = len;
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
if (listen(pdata, 1) < 0)
goto pasv_error;
p = (char *) &pasv_addr.su_port;
#define UC(b) (((int) b) & 0xff)
if (strcmp(cmd, "LPSV") == 0) {
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
struct sockinet *advert;
if (curclass.advertise.su_len != 0)
advert = &curclass.advertise;
else
advert = &pasv_addr;
switch (advert->su_family) {
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
case AF_INET:
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
a = (char *) &advert->su_addr;
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
reply(228,
"Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d)",
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
4, 4, UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
2, UC(p[0]), UC(p[1]));
return;
Make this compile again without -DINET6 and without get{addr,name}info(3) This ftpd now compiles and runs on NetBSD/1.4.2 with: CPPFLAGS+= \ '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \ '-Dstrlcat=strncat' \ '-Dsl_add(a,b)=(sl_add(a,b),0)'
2000-09-15 18:55:16 +04:00
#ifdef INET6
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
case AF_INET6:
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
a = (char *) &advert->su_6addr;
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
reply(228,
"Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)",
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
6, 16,
UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
UC(a[4]), UC(a[5]), UC(a[6]), UC(a[7]),
UC(a[8]), UC(a[9]), UC(a[10]), UC(a[11]),
UC(a[12]), UC(a[13]), UC(a[14]), UC(a[15]),
2, UC(p[0]), UC(p[1]));
return;
Make this compile again without -DINET6 and without get{addr,name}info(3) This ftpd now compiles and runs on NetBSD/1.4.2 with: CPPFLAGS+= \ '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \ '-Dstrlcat=strncat' \ '-Dsl_add(a,b)=(sl_add(a,b),0)'
2000-09-15 18:55:16 +04:00
#endif
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
}
#undef UC
} else if (strcmp(cmd, "EPSV") == 0) {
switch (pasv_addr.su_family) {
case AF_INET:
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
#ifdef INET6
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
case AF_INET6:
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
#endif
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
reply(229, "Entering Extended Passive Mode (|||%d|)",
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
ntohs(pasv_addr.su_port));
dual-stack ftpd. run this from inetd, like: >>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 09:52:14 +04:00
return;
}
} else {
/* more proper error code? */
}
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
2000-05-21 03:34:55 +04:00
pasv_error:
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
(void) close(pdata);
pdata = -1;
perror_reply(425, "Can't open passive connection");
return;
}
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
int
extended_port(const char *arg)
{
char *tmp = NULL;
char *result[3];
char *p, *q;
char delim;
struct addrinfo hints;
struct addrinfo *res = NULL;
int i;
unsigned long proto;
tmp = xstrdup(arg);
p = tmp;
delim = p[0];
p++;
memset(result, 0, sizeof(result));
for (i = 0; i < 3; i++) {
q = strchr(p, delim);
if (!q || *q != delim)
goto parsefail;
*q++ = '\0';
result[i] = p;
p = q;
}
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
/* some more sanity checks */
audit use of strto* - beware of ERANGE, as well as typecast on result.
2002-11-16 06:10:34 +03:00
errno = 0;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
p = NULL;
(void)strtoul(result[2], &p, 10);
audit use of strto* - beware of ERANGE, as well as typecast on result.
2002-11-16 06:10:34 +03:00
if (errno || !*result[2] || *p)
correct result code on invalid port number against EPRT.
2000-11-13 18:11:57 +03:00
goto parsefail;
audit use of strto* - beware of ERANGE, as well as typecast on result.
2002-11-16 06:10:34 +03:00
errno = 0;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
p = NULL;
proto = strtoul(result[0], &p, 10);
audit use of strto* - beware of ERANGE, as well as typecast on result.
2002-11-16 06:10:34 +03:00
if (errno || !*result[0] || *p)
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
goto protounsupp;
memset(&hints, 0, sizeof(hints));
hints.ai_family = epsvproto2af((int)proto);
if (hints.ai_family < 0)
goto protounsupp;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_NUMERICHOST;
if (getaddrinfo(result[1], result[2], &hints, &res))
goto parsefail;
if (res->ai_next)
goto parsefail;
if (sizeof(data_dest) < res->ai_addrlen)
goto parsefail;
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
memcpy(&data_dest.si_su, res->ai_addr, res->ai_addrlen);
data_dest.su_len = res->ai_addrlen;
- ensure all uses of AF_INET6 are wrapped in #ifdef INET6 - don't define `ALL' as a token twice in the grammar
2000-11-28 12:31:29 +03:00
#ifdef INET6
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
if (his_addr.su_family == AF_INET6 &&
data_dest.su_family == AF_INET6) {
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
/* XXX: more sanity checks! */
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
data_dest.su_scope_id = his_addr.su_scope_id;
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
}
- ensure all uses of AF_INET6 are wrapped in #ifdef INET6 - don't define `ALL' as a token twice in the grammar
2000-11-28 12:31:29 +03:00
#endif
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
if (tmp != NULL)
free(tmp);
if (res)
freeaddrinfo(res);
return 0;
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
parsefail:
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
reply(500, "Invalid argument, rejected.");
usedefault = 1;
plug memory leak
2000-11-13 14:52:41 +03:00
if (tmp != NULL)
free(tmp);
if (res)
freeaddrinfo(res);
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
return -1;
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
protounsupp:
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
epsv_protounsupp("Protocol not supported");
usedefault = 1;
plug memory leak
2000-11-13 14:52:41 +03:00
if (tmp != NULL)
free(tmp);
if (res)
freeaddrinfo(res);
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
return -1;
}
/*
* 522 Protocol not supported (proto,...)
* as we assume address family for control and data connections are the same,
* we do not return the list of address families we support - instead, we
* return the address family of the control connection.
*/
void
epsv_protounsupp(const char *message)
{
int proto;
proto = af2epsvproto(ctrl_addr.su_family);
if (proto < 0)
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
2000-11-16 16:15:13 +03:00
reply(501, "%s", message); /* XXX */
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
2000-11-13 14:50:46 +03:00
else
reply(522, "%s, use (%d)", message, proto);
}
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
* Generate unique name for file with basename "local".
* The file named "local" is already known to exist.
* Generates failure reply on error.
be safe with some buffers.
1997-07-21 09:13:10 +04:00
*
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
2000-11-15 05:32:30 +03:00
* XXX: this function should under go changes similar to
* the mktemp(3)/mkstemp(3) changes.
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
*/
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
static char *
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
gunique(const char *local)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
static char new[MAXPATHLEN];
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
struct stat st;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
char *cp;
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
int count;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
cp = strrchr(local, '/');
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (cp)
*cp = '\0';
if (stat(cp ? local : ".", &st) < 0) {
perror_reply(553, cp ? local : ".");
* complete fix for `multiple replies returned for single parse error' problem; move `hasyyerrored' state flag out of yylex() so that check_{login,modify} can also set it. * check result of check_login for PORT command * set initial timeout before the "setjmp(); for(;;) yyparse()", otherwise an invalid command after login incorrectly sets the timeout to 5 minutes (rather than what was set in ftpd.conf) * replace (char *)0 with NULL * move yyerror() from ftpd.c to ftpcmd.y * remove need for -Dunix, by using the version string from ftpd.c (instead of `BSD-199506') * move all extern-ed vars into extern.h
1998-09-06 14:39:40 +04:00
return (NULL);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
if (cp)
*cp = '/';
for (count = 1; count < 100; count++) {
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
(void)snprintf(new, sizeof(new) - 1, "%s.%d", local, count);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (stat(new, &st) < 0)
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
return (new);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
reply(452, "Unique file name cannot be created.");
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
return (NULL);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
/*
* Format and send reply containing system error number.
*/
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
perror_reply(int code, const char *string)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
int save_errno;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
save_errno = errno;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
reply(code, "%s: %s.", string, strerror(errno));
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
errno = save_errno;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
static char *onefile[] = {
"",
0
};
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
void
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
send_file_list(const char *whichf)
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
{
struct stat st;
DIR *dirp = NULL;
struct dirent *dir;
FILE *dout = NULL;
Fix uninitialized variable "notglob" in send_file_list() that was causing transfers to fail due to an abort in free().
2003-02-24 22:26:49 +03:00
char **dirlist, *dirname, *p;
char *notglob = NULL;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
int simple = 0;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
int freeglob = 0;
glob_t gl;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
- Pass gcc -Wall - Fix incorrect const poisoning - Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
1997-06-18 23:05:46 +04:00
#ifdef __GNUC__
(void) &dout;
(void) &dirlist;
(void) &simple;
(void) &freeglob;
#endif
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
urgflag = 0;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
p = NULL;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
if (strpbrk(whichf, "~{[*?") != NULL) {
Use GLOB_LIMIT. Also fix a bug where gl_offs was not initialized and could contain trash.
2001-03-16 23:42:12 +03:00
int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE|GLOB_LIMIT;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
memset(&gl, 0, sizeof(gl));
freeglob = 1;
if (glob(whichf, flags, 0, &gl)) {
reply(550, "not found");
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
goto cleanup_send_file_list;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
} else if (gl.gl_pathc == 0) {
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
errno = ENOENT;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
perror_reply(550, whichf);
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
goto cleanup_send_file_list;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
dirlist = gl.gl_pathv;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
} else {
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
notglob = xstrdup(whichf);
onefile[0] = notglob;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
dirlist = onefile;
simple = 1;
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
/* XXX: } for vi sm */
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
* fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au> * move resetting of CFLAGS on powerpc to before optional CFLAGS settings * minor code & man page cleanups
1997-04-27 07:21:38 +04:00
while ((dirname = *dirlist++) != NULL) {
- ensure 257 reply codes from PWD and MKD are RFC959 compliant: 257 "dirname" some message (any "s in dirname should be doubled, per the RFC) - don't put an extra / in the output of NLST if the last char in the directory is a / - bump the version to 7.01 because of these fixes
1997-09-18 11:27:35 +04:00
int trailingslash = 0;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (stat(dirname, &st) < 0) {
/*
* If user typed "ls -l", etc, and the client
* used NLST, do what the user meant.
*/
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
/* XXX: nuke this support? */
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (dirname[0] == '-' && *dirlist == NULL &&
transflag == 0) {
* change ftpd_popen() to take char *argv[] instead of char *cmd. the string tokenisation must be performed by the caller (which is generally easy because it's almost always a static command). * change do_conversion() to return a char *argv[] instead of char *cmd. tokenisation of the command is done internally. * change retrieve() to take char *argv[] instead of char *cmd. (to take advantage of the above changes). fixes [bin/8173] * use fparseln() instead of fgetln() * store conversions in listed order (rather than reverse order) * use stringlists instead of handrolling code to manage an argv.
1999-12-07 08:30:53 +03:00
char *argv[] = { INTERNAL_LS, "", NULL };
argv[1] = dirname;
retrieve(argv, dirname);
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
goto cleanup_send_file_list;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
perror_reply(550, whichf);
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
goto cleanup_send_file_list;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
if (S_ISREG(st.st_mode)) {
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
/*
* XXXRFC:
* should we follow RFC959 and not work
* for non directories?
*/
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (dout == NULL) {
dout = dataconn("file list", (off_t)-1, "w");
if (dout == NULL)
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
goto cleanup_send_file_list;
transflag = 1;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
cprintf(dout, "%s%s\n", dirname,
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
type == TYPE_A ? "\r" : "");
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
continue;
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
} else if (!S_ISDIR(st.st_mode))
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
continue;
- ensure 257 reply codes from PWD and MKD are RFC959 compliant: 257 "dirname" some message (any "s in dirname should be doubled, per the RFC) - don't put an extra / in the output of NLST if the last char in the directory is a / - bump the version to 7.01 because of these fixes
1997-09-18 11:27:35 +04:00
if (dirname[strlen(dirname) - 1] == '/')
trailingslash++;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if ((dirp = opendir(dirname)) == NULL)
continue;
while ((dir = readdir(dirp)) != NULL) {
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
char nbuf[MAXPATHLEN];
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
if (urgflag && handleoobcmd())
goto cleanup_send_file_list;
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
2000-06-14 17:44:21 +04:00
if (ISDOTDIR(dir->d_name) || ISDOTDOTDIR(dir->d_name))
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
continue;
- ensure 257 reply codes from PWD and MKD are RFC959 compliant: 257 "dirname" some message (any "s in dirname should be doubled, per the RFC) - don't put an extra / in the output of NLST if the last char in the directory is a / - bump the version to 7.01 because of these fixes
1997-09-18 11:27:35 +04:00
(void)snprintf(nbuf, sizeof(nbuf), "%s%s%s", dirname,
trailingslash ? "" : "/", dir->d_name);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
/*
* don't depend upon buffer returned by fgetln() to remain. fix mainly from Tatoku Ogaito <tacha@tera.fukui-med.ac.jp> in [bin/3967] * fgetln() doesn't \0 terminate its string. look for the \n and replace it with \0 (if no \n, ignore the line - it's most likely corrupt) * more intensive checks on strdup() returns (not a current mem leak, but depended upon code elsewhere to cleanup - not good) * cleanup some syslog error messages
1997-08-14 06:06:15 +04:00
* We have to do a stat to ensure it's
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
* not a directory or special file.
*/
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
/*
* XXXRFC:
* should we follow RFC959 and filter out
* non files ? lukem - NO!, or not until
* our ftp client uses MLS{T,D} for completion.
*/
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (simple || (stat(nbuf, &st) == 0 &&
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
S_ISREG(st.st_mode))) {
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (dout == NULL) {
dout = dataconn("file list", (off_t)-1,
"w");
if (dout == NULL)
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
goto cleanup_send_file_list;
transflag = 1;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
p = nbuf;
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
if (nbuf[0] == '.' && nbuf[1] == '/')
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
p = &nbuf[2];
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
cprintf(dout, "%s%s\n", p,
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
type == TYPE_A ? "\r" : "");
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
}
(void) closedir(dirp);
}
if (dout == NULL)
reply(550, "No files found.");
else if (ferror(dout) != 0)
perror_reply(550, "Data connection");
else
reply(226, "Transfer complete.");
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
cleanup_send_file_list:
closedataconn(dout);
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 16:56:47 +04:00
transflag = 0;
urgflag = 0;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
total_xfers++;
total_xfers_out++;
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
if (notglob)
free(notglob);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
if (freeglob)
4.4-lite, plus our local changes
1994-06-29 05:49:37 +04:00
globfree(&gl);
initial import of 386bsd-0.1 sources
1993-03-21 12:45:37 +03:00
}
implement '-c confdir', which allows the specification of an alternate directory to look for the various configuration files, overriding /etc. From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 17:56:39 +04:00
char *
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
conffilename(const char *s)
implement '-c confdir', which allows the specification of an alternate directory to look for the various configuration files, overriding /etc. From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 17:56:39 +04:00
{
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
2000-01-08 14:09:56 +03:00
static char filename[MAXPATHLEN];
implement '-c confdir', which allows the specification of an alternate directory to look for the various configuration files, overriding /etc. From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 17:56:39 +04:00
* change format of /etc/ftpusers lines from userglob [allow|deny] to userglob[@host] [allow|deny [classname]] where class is a userdefined classname. - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a hostglob (e.g, `*.foo.com'), and the remote host is matched against that. - if classname is given, use that to match entries in ftpd.conf (defaults to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in /etc/ftpchroot, and `real' for everyone else. * implement new /etc/ftpd.conf directives: classtype classname type set type of classname to GUEST, CHROOT, or REAL motd classname file file to use instead of /etc/motd rateget classname rate set rateget throttle to rate rateput classname rate set rateput throttle to rate upload classname allow/deny uploads (STOU, STOR, APPE). if denied, also acts as `modify deny'. * implement new `SITE' commands: RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that * implement format_file(), which outputs a file to the user, parsing % escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file. * implement strsuftoi() (from ftp(1)), which parses a number and optional suffix (for use with rateget, etc) * don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since we don't need reserved ports (at wasn't getting them anyway). * update & reorder copyrights * use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
if (*s == '/')
strlcpy(filename, s, sizeof(filename));
else
(void)snprintf(filename, sizeof(filename), "%s/%s", confdir ,s);
return (filename);
implement '-c confdir', which allows the specification of an alternate directory to look for the various configuration files, overriding /etc. From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 17:56:39 +04:00
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
/*
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
* logxfer --
* if logging > 1, then based on the arguments, syslog a message:
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
* if bytes != -1 "<command> <file1> = <bytes> bytes"
* else if file2 != NULL "<command> <file1> <file2>"
* else "<command> <file1>"
* if elapsed != NULL, append "in xxx.yyy seconds"
* if error != NULL, append ": " + error
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
*
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 17:39:59 +03:00
* if doxferlog != 0, bytes != -1, and command is "get", "put",
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
* or "append", syslog and/or write a wu-ftpd style xferlog entry
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
*/
void
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
logxfer(const char *command, off_t bytes, const char *file1, const char *file2,
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
const struct timeval *elapsed, const char *error)
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
{
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
char buf[MAXPATHLEN * 2 + 100], realfile[MAXPATHLEN];
const char *r1, *r2;
char direction;
size_t len;
time_t now;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
if (logging <=1 && !doxferlog)
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
return;
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
r1 = r2 = NULL;
if ((r1 = realpath(file1, realfile)) == NULL)
r1 = file1;
if (file2 != NULL)
if ((r2 = realpath(file2, realfile)) == NULL)
r2 = file2;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
/*
* syslog command
*/
if (logging > 1) {
len = snprintf(buf, sizeof(buf), "%s %s", command, r1);
if (bytes != (off_t)-1)
len += snprintf(buf + len, sizeof(buf) - len,
" = " LLF " byte%s", (LLT) bytes, PLURAL(bytes));
else if (r2 != NULL)
len += snprintf(buf + len, sizeof(buf) - len,
" %s", r2);
if (elapsed != NULL)
len += snprintf(buf + len, sizeof(buf) - len,
" in %ld.%.03d seconds", elapsed->tv_sec,
(int)(elapsed->tv_usec / 1000));
if (error != NULL)
len += snprintf(buf + len, sizeof(buf) - len,
": %s", error);
syslog(LOG_INFO, "%s", buf);
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
}
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
/*
* syslog wu-ftpd style log entry, prefixed with "xferlog: "
*/
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
if (!doxferlog || bytes == -1)
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
return;
if (strcmp(command, "get") == 0)
direction = 'o';
else if (strcmp(command, "put") == 0 || strcmp(command, "append") == 0)
direction = 'i';
else
return;
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
time(&now);
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
len = snprintf(buf, sizeof(buf),
"%.24s %ld %s " LLF " %s %c %s %c %c %s FTP 0 * %c\n",
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
/*
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
* XXX: wu-ftpd puts ' (send)' or ' (recv)' in the syslog message, and removes
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
* the full date. This may be problematic for accurate log parsing,
* given that syslog messages don't contain the full date.
*/
ctime(&now),
elapsed == NULL ? 0 : elapsed->tv_sec + (elapsed->tv_usec > 0),
remotehost,
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
2002-02-11 14:45:07 +03:00
(LLT) bytes,
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 05:32:50 +03:00
r1,
type == TYPE_A ? 'a' : 'b',
"_", /* XXX: take conversions into account? */
direction,
curclass.type == CLASS_GUEST ? 'a' :
curclass.type == CLASS_CHROOT ? 'g' :
curclass.type == CLASS_REAL ? 'r' : '?',
curclass.type == CLASS_GUEST ? pw->pw_passwd : pw->pw_name,
error != NULL ? 'i' : 'c'
);
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
2003-02-26 15:27:04 +03:00
if ((doxferlog & 2) && xferlogfd != -1)
write(xferlogfd, buf, len);
if ((doxferlog & 1)) {
buf[len-1] = '\n'; /* strip \n from syslog message */
syslog(LOG_INFO, "xferlog: %s", buf);
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
}
Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached.
2002-05-30 04:24:47 +04:00
/*
* Log the resource usage.
*
* XXX: more resource usage to logging?
*/
void
logrusage(const struct rusage *rusage_before,
const struct rusage *rusage_after)
{
struct timeval usrtime, systime;
if (logging <= 1)
return;
timersub(&rusage_after->ru_utime, &rusage_before->ru_utime, &usrtime);
timersub(&rusage_after->ru_stime, &rusage_before->ru_stime, &systime);
syslog(LOG_INFO, "%ld.%.03du %ld.%.03ds %ld+%ldio %ldpf+%ldw",
usrtime.tv_sec, (int)(usrtime.tv_usec / 1000),
systime.tv_sec, (int)(systime.tv_usec / 1000),
rusage_after->ru_inblock - rusage_before->ru_inblock,
rusage_after->ru_oublock - rusage_before->ru_oublock,
rusage_after->ru_majflt - rusage_before->ru_majflt,
rusage_after->ru_nswap - rusage_before->ru_nswap);
}
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
2000-11-30 05:59:11 +03:00
/*
- rename valid_passwd() -> checkpassword() - move check for expired accounts from pass() into checkpassword()
2000-11-30 09:06:08 +03:00
* Determine if `password' is valid for user given in `pw'.
* Returns 2 if password expired, 1 if otherwise failed, 0 if ok
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
2000-11-30 05:59:11 +03:00
*/
int
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
checkpassword(const struct passwd *pwent, const char *password)
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
2000-11-30 05:59:11 +03:00
{
- rename valid_passwd() -> checkpassword() - move check for expired accounts from pass() into checkpassword()
2000-11-30 09:06:08 +03:00
char *orig, *new;
* Don't allow accounts with age expired passwords to login. Any account that is required to change their password will not be allowed FTP access. Inspired by similar functionality in other FTP daemons. (approved by lukem) * Crank version to 20041119 per lukem's request.
2004-11-19 19:03:58 +03:00
time_t change, expire, now;
- rename valid_passwd() -> checkpassword() - move check for expired accounts from pass() into checkpassword()
2000-11-30 09:06:08 +03:00
* Don't allow accounts with age expired passwords to login. Any account that is required to change their password will not be allowed FTP access. Inspired by similar functionality in other FTP daemons. (approved by lukem) * Crank version to 20041119 per lukem's request.
2004-11-19 19:03:58 +03:00
change = expire = 0;
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
if (pwent == NULL)
- rename valid_passwd() -> checkpassword() - move check for expired accounts from pass() into checkpassword()
2000-11-30 09:06:08 +03:00
return 1;
* Don't allow accounts with age expired passwords to login. Any account that is required to change their password will not be allowed FTP access. Inspired by similar functionality in other FTP daemons. (approved by lukem) * Crank version to 20041119 per lukem's request.
2004-11-19 19:03:58 +03:00
time(&now);
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
2001-12-01 13:25:29 +03:00
orig = pwent->pw_passwd; /* save existing password */
expire = pwent->pw_expire;
* Don't allow accounts with age expired passwords to login. Any account that is required to change their password will not be allowed FTP access. Inspired by similar functionality in other FTP daemons. (approved by lukem) * Crank version to 20041119 per lukem's request.
2004-11-19 19:03:58 +03:00
change = (pwent->pw_change == _PASSWORD_CHGNOW)? now : pwent->pw_change;
- rename valid_passwd() -> checkpassword() - move check for expired accounts from pass() into checkpassword()
2000-11-30 09:06:08 +03:00
if (orig[0] == '\0') /* don't allow empty passwords */
return 1;
new = crypt(password, orig); /* encrypt given password */
if (strcmp(new, orig) != 0) /* compare */
return 1;
Fix inverted test for expired passwords. Mea culpa.
2004-12-09 23:58:39 +03:00
if ((expire && now >= expire) || (change && now >= change))
- rename valid_passwd() -> checkpassword() - move check for expired accounts from pass() into checkpassword()
2000-11-30 09:06:08 +03:00
return 2; /* check if expired */
return 0; /* OK! */
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
2000-11-30 05:59:11 +03:00
}
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
char *
convert to ANSI C as per style guide
2000-05-20 06:20:18 +04:00
xstrdup(const char *s)
features/fixes: * implement xferstats. full stats are displayed for `STAT', and a summary is displayed upon exit (and syslogged). inspired by wu-ftpd. * wrap data xfers in {send,receive}_data with alarm() timeouts. this should remove the majority of the `hanging ftpd' problems that people were still seeing. inspired by wu-ftpd. * link with ../../bin/ls, so that bin/ls is not required under a chroot()ed area for `LIST' to work. based on [bin/4497] from "Soren S. Jorvang" <soren@t.dk> * migrate code from util.c into ftpd.c, so that it doesn't conflict with ls' util.c. * remove man page comment about ~ftp/bin/ls being necessary. * bump version to 7.2.0. * syslog xfer time with xfer stats. * if appropriate, syslog error message with command. internal code stuff: * change arguments of various functions from `char *' to `const char *'. * define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise. use macro appropriately * lreply(): a code of -1 means ``send line as is''. a code of 0 means ``send line with 4 space prefix''. don't print a space after the `-' for any other code. * logcmd(): add `const struct timeval *elapsed' and `const char *error' for more flexible error reporting
1999-05-17 19:14:53 +04:00
{
char *new = strdup(s);
if (new == NULL)
fatal("Local resource failure: malloc");
/* NOTREACHED */
return (new);
}
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
/*
* As per fprintf(), but increment total_bytes and total_bytes_out,
* by the appropriate amount.
*/
void
cprintf(FILE *fd, const char *fmt, ...)
{
off_t b;
va_list ap;
va_start(ap, fmt);
b = vfprintf(fd, fmt, ap);
va_{start,end} audit: Make sure that each va_start has one and only one matching va_end, especially in error cases. If the va_list is used multiple times, do multiple va_starts/va_ends. If a function gets va_list as argument, don't let it use va_end (since it's the callers responsibility). Improved by comments from enami and christos -- thanks! Heimdal/krb4/KAME changes already fed back, rest to follow. Inspired by, but not not based on, OpenBSD.
2001-09-24 17:22:25 +04:00
va_end(ap);
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
total_bytes += b;
total_bytes_out += b;
}
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
#ifdef USE_PAM
/*
* the following code is stolen from imap-uw PAM authentication module and
* login.c
*/
#define COPY_STRING(s) (s ? strdup(s) : NULL)
struct cred_t {
const char *uname; /* user name */
const char *pass; /* password */
};
typedef struct cred_t cred_t;
static int
auth_conv(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata)
{
int i;
cred_t *cred = (cred_t *) appdata;
struct pam_response *myreply;
myreply = calloc(num_msg, sizeof *myreply);
if (myreply == NULL)
return PAM_BUF_ERR;
for (i = 0; i < num_msg; i++) {
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_ON: /* assume want user name */
myreply[i].resp_retcode = PAM_SUCCESS;
myreply[i].resp = COPY_STRING(cred->uname);
/* PAM frees resp. */
break;
case PAM_PROMPT_ECHO_OFF: /* assume want password */
myreply[i].resp_retcode = PAM_SUCCESS;
myreply[i].resp = COPY_STRING(cred->pass);
/* PAM frees resp. */
break;
case PAM_TEXT_INFO:
case PAM_ERROR_MSG:
myreply[i].resp_retcode = PAM_SUCCESS;
myreply[i].resp = NULL;
break;
default: /* unknown message style */
free(myreply);
return PAM_CONV_ERR;
}
}
*resp = myreply;
return PAM_SUCCESS;
}
/*
* Attempt to authenticate the user using PAM. Returns 0 if the user is
* authenticated, or 1 if not authenticated. If some sort of PAM system
* error occurs (e.g., the "/etc/pam.conf" file is missing) then this
* function returns -1. This can be used as an indication that we should
* fall back to a different authentication mechanism.
*/
static int
auth_pam(struct passwd **ppw, const char *pwstr)
{
const char *tmpl_user;
const void *item;
int rval;
int e;
cred_t auth_cred = { (*ppw)->pw_name, pwstr };
struct pam_conv conv = { &auth_conv, &auth_cred };
e = pam_start("ftpd", (*ppw)->pw_name, &conv, &pamh);
if (e != PAM_SUCCESS) {
/*
* In OpenPAM, it's OK to pass NULL to pam_strerror()
* if context creation has failed in the first place.
*/
syslog(LOG_ERR, "pam_start: %s", pam_strerror(NULL, e));
return -1;
}
e = pam_set_item(pamh, PAM_RHOST, remotehost);
if (e != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s",
pam_strerror(pamh, e));
if ((e = pam_end(pamh, e)) != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
}
pamh = NULL;
return -1;
}
e = pam_authenticate(pamh, 0);
switch (e) {
case PAM_SUCCESS:
/*
* With PAM we support the concept of a "template"
* user. The user enters a login name which is
* authenticated by PAM, usually via a remote service
* such as RADIUS or TACACS+. If authentication
* succeeds, a different but related "template" name
* is used for setting the credentials, shell, and
* home directory. The name the user enters need only
* exist on the remote authentication server, but the
* template name must be present in the local password
* database.
*
* This is supported by two various mechanisms in the
* individual modules. However, from the application's
* point of view, the template user is always passed
* back as a changed value of the PAM_USER item.
*/
if ((e = pam_get_item(pamh, PAM_USER, &item)) ==
PAM_SUCCESS) {
tmpl_user = (const char *) item;
if (strcmp((*ppw)->pw_name, tmpl_user) != 0)
s/getpwnam/sgetpwnam/ Found by John Nemeth.
2005-04-10 12:21:36 +04:00
*ppw = sgetpwnam(tmpl_user);
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem).
2005-02-20 04:45:17 +03:00
} else
syslog(LOG_ERR, "Couldn't get PAM_USER: %s",
pam_strerror(pamh, e));
rval = 0;
break;
case PAM_AUTH_ERR:
case PAM_USER_UNKNOWN:
case PAM_MAXTRIES:
rval = 1;
break;
default:
syslog(LOG_ERR, "pam_authenticate: %s", pam_strerror(pamh, e));
rval = -1;
break;
}
if (rval == 0) {
e = pam_acct_mgmt(pamh, 0);
if (e != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_acct_mgmt: %s",
pam_strerror(pamh, e));
rval = 1;
}
}
if (rval != 0) {
if ((e = pam_end(pamh, e)) != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
}
pamh = NULL;
}
return rval;
}
#endif /* USE_PAM */