2002-02-11 14:45:07 +03:00
|
|
|
/* $NetBSD: ftpd.c,v 1.138 2002/02/11 11:45:07 lukem Exp $ */
|
1999-07-02 09:52:14 +04:00
|
|
|
|
|
|
|
/*
|
2001-04-25 05:46:25 +04:00
|
|
|
* Copyright (c) 1997-2001 The NetBSD Foundation, Inc.
|
1999-07-02 09:52:14 +04:00
|
|
|
* All rights reserved.
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
*
|
|
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
* by Luke Mewburn.
|
|
|
|
*
|
1999-07-02 09:52:14 +04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by the NetBSD
|
|
|
|
* Foundation, Inc. and its contributors.
|
|
|
|
* 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
|
|
* contributors may be used to endorse or promote products derived
|
|
|
|
* from this software without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
1999-07-02 09:52:14 +04:00
|
|
|
*/
|
1995-04-11 06:44:45 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
1994-06-29 05:49:37 +04:00
|
|
|
* Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
1993-03-21 12:45:37 +03:00
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by the University of
|
|
|
|
* California, Berkeley and its contributors.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
1999-05-17 19:14:53 +04:00
|
|
|
/*
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
* Copyright (C) 1997 and 1998 WIDE Project.
|
1999-05-17 19:14:53 +04:00
|
|
|
* All rights reserved.
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
*
|
1999-05-17 19:14:53 +04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
1999-05-17 19:14:53 +04:00
|
|
|
*/
|
|
|
|
|
1997-06-18 23:05:46 +04:00
|
|
|
#include <sys/cdefs.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
#ifndef lint
|
1997-06-18 23:05:46 +04:00
|
|
|
__COPYRIGHT(
|
1994-06-29 05:49:37 +04:00
|
|
|
"@(#) Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994\n\
|
1997-06-18 23:05:46 +04:00
|
|
|
The Regents of the University of California. All rights reserved.\n");
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif /* not lint */
|
|
|
|
|
|
|
|
#ifndef lint
|
1995-04-11 06:44:45 +04:00
|
|
|
#if 0
|
1997-03-29 00:55:41 +03:00
|
|
|
static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95";
|
1995-04-11 06:44:45 +04:00
|
|
|
#else
|
2002-02-11 14:45:07 +03:00
|
|
|
__RCSID("$NetBSD: ftpd.c,v 1.138 2002/02/11 11:45:07 lukem Exp $");
|
1995-04-11 06:44:45 +04:00
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif /* not lint */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* FTP server.
|
|
|
|
*/
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/wait.h>
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/in_systm.h>
|
|
|
|
#include <netinet/ip.h>
|
|
|
|
|
|
|
|
#define FTP_NAMES
|
|
|
|
#include <arpa/ftp.h>
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <arpa/telnet.h>
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <ctype.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
#include <dirent.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <err.h>
|
|
|
|
#include <errno.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
#include <fcntl.h>
|
1997-04-29 08:00:39 +04:00
|
|
|
#include <fnmatch.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <glob.h>
|
1999-12-21 15:56:15 +03:00
|
|
|
#include <grp.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <limits.h>
|
|
|
|
#include <netdb.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
#include <pwd.h>
|
|
|
|
#include <setjmp.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <signal.h>
|
2000-06-14 17:44:21 +04:00
|
|
|
#include <stdarg.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <syslog.h>
|
|
|
|
#include <time.h>
|
2000-12-18 05:32:50 +03:00
|
|
|
#include <tzfile.h>
|
1994-06-29 05:49:37 +04:00
|
|
|
#include <unistd.h>
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
#include <util.h>
|
1999-12-18 08:51:34 +03:00
|
|
|
#include <utmp.h>
|
1997-06-18 23:05:46 +04:00
|
|
|
#ifdef SKEY
|
|
|
|
#include <skey.h>
|
|
|
|
#endif
|
1997-10-12 18:04:36 +04:00
|
|
|
#ifdef KERBEROS5
|
2000-02-14 06:26:06 +03:00
|
|
|
#include <com_err.h>
|
1999-08-25 20:23:52 +04:00
|
|
|
#include <krb5/krb5.h>
|
1997-10-12 18:04:36 +04:00
|
|
|
#endif
|
1994-06-29 05:49:37 +04:00
|
|
|
|
2000-01-13 01:39:27 +03:00
|
|
|
#define GLOBAL
|
1994-06-29 05:49:37 +04:00
|
|
|
#include "extern.h"
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
#include "pathnames.h"
|
1999-12-18 08:51:34 +03:00
|
|
|
#include "version.h"
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
int data;
|
2000-03-05 09:12:19 +03:00
|
|
|
jmp_buf urgcatch;
|
1998-06-26 21:41:38 +04:00
|
|
|
int sflag;
|
1993-03-21 12:45:37 +03:00
|
|
|
int stru; /* avoid C keyword */
|
|
|
|
int mode;
|
2000-11-16 16:15:13 +03:00
|
|
|
int dataport; /* use specific data port */
|
|
|
|
int dopidfile; /* maintain pid file */
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
int doutmp; /* update utmp file */
|
2000-07-26 17:53:33 +04:00
|
|
|
int dowtmp; /* update wtmp file */
|
2000-12-18 05:32:50 +03:00
|
|
|
int doxferlog; /* syslog wu-ftpd style xferlog entries */
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
int dropprivs; /* if privileges should or have been dropped */
|
|
|
|
int mapped; /* IPv4 connection on AF_INET6 socket */
|
1993-03-21 12:45:37 +03:00
|
|
|
off_t file_size;
|
|
|
|
off_t byte_count;
|
1995-04-11 06:44:45 +04:00
|
|
|
static char ttyline[20];
|
1999-12-18 08:51:34 +03:00
|
|
|
static struct utmp utmp; /* for utmp */
|
1998-09-06 14:39:40 +04:00
|
|
|
|
2000-11-16 16:15:13 +03:00
|
|
|
static const char *anondir = NULL;
|
2000-11-30 11:33:33 +03:00
|
|
|
static const char *confdir = _DEFAULT_CONFDIR;
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
1997-10-12 18:04:36 +04:00
|
|
|
#if defined(KERBEROS) || defined(KERBEROS5)
|
2000-06-02 04:19:04 +04:00
|
|
|
int has_ccache = 0;
|
1995-04-11 06:44:45 +04:00
|
|
|
int notickets = 1;
|
|
|
|
char *krbtkfile_env = NULL;
|
2000-06-02 04:19:04 +04:00
|
|
|
char *tty = ttyline;
|
2000-06-02 18:47:19 +04:00
|
|
|
int login_krb5_forwardable_tgt = 0;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
#endif
|
1994-03-30 06:49:15 +04:00
|
|
|
|
1999-07-02 09:52:14 +04:00
|
|
|
int epsvall = 0;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Timeout intervals for retrying connections
|
|
|
|
* to hosts that don't accept PORT cmds. This
|
|
|
|
* is a kludge, but given the problems with TCP...
|
|
|
|
*/
|
|
|
|
#define SWAITMAX 90 /* wait at most 90 seconds */
|
|
|
|
#define SWAITINT 5 /* interval between retries */
|
|
|
|
|
|
|
|
int swaitmax = SWAITMAX;
|
|
|
|
int swaitint = SWAITINT;
|
|
|
|
|
2000-05-20 06:20:18 +04:00
|
|
|
static int bind_pasv_addr(void);
|
|
|
|
static int checkuser(const char *, const char *, int, int, char **);
|
|
|
|
static int checkaccess(const char *);
|
2000-11-30 09:06:08 +03:00
|
|
|
static int checkpassword(const struct passwd *, const char *);
|
2000-05-20 06:20:18 +04:00
|
|
|
static void end_login(void);
|
|
|
|
static FILE *getdatasock(const char *);
|
|
|
|
static char *gunique(const char *);
|
2000-12-18 05:32:50 +03:00
|
|
|
static void logremotehost(struct sockinet *);
|
2000-05-20 06:20:18 +04:00
|
|
|
static void lostconn(int);
|
|
|
|
static void myoob(int);
|
|
|
|
static int receive_data(FILE *, FILE *);
|
|
|
|
static int send_data(FILE *, FILE *, off_t, int);
|
|
|
|
static struct passwd *sgetpwnam(const char *);
|
|
|
|
|
|
|
|
int main(int, char *[]);
|
1997-06-18 23:05:46 +04:00
|
|
|
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS)
|
2000-05-20 06:20:18 +04:00
|
|
|
int klogin(struct passwd *, char *, char *, char *);
|
|
|
|
void kdestroy(void);
|
1997-06-21 08:38:54 +04:00
|
|
|
#endif
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS5)
|
|
|
|
int k5login(struct passwd *, char *, char *, char *);
|
|
|
|
void k5destroy(void);
|
|
|
|
#endif
|
1999-05-18 12:14:17 +04:00
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
int
|
2000-05-20 06:20:18 +04:00
|
|
|
main(int argc, char *argv[])
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-12-16 05:21:37 +03:00
|
|
|
int addrlen, ch, on = 1, tos, keepalive;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
#ifdef KERBEROS5
|
1999-12-16 05:21:37 +03:00
|
|
|
krb5_error_code kerror;
|
1997-10-12 18:04:36 +04:00
|
|
|
#endif
|
2000-11-16 16:15:13 +03:00
|
|
|
char *p;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-03-05 09:12:19 +03:00
|
|
|
connections = 1;
|
1993-03-21 12:45:37 +03:00
|
|
|
debug = 0;
|
1997-09-23 18:25:30 +04:00
|
|
|
logging = 0;
|
2000-03-05 09:12:19 +03:00
|
|
|
pdata = -1;
|
1998-06-26 21:41:38 +04:00
|
|
|
sflag = 0;
|
2000-11-16 16:15:13 +03:00
|
|
|
dataport = 0;
|
|
|
|
dopidfile = 1; /* default: DO use a pid file to count users */
|
2000-12-18 05:32:50 +03:00
|
|
|
doutmp = 0; /* default: Do NOT log to utmp */
|
2000-07-26 17:53:33 +04:00
|
|
|
dowtmp = 1; /* default: DO log to wtmp */
|
2000-12-18 05:32:50 +03:00
|
|
|
doxferlog = 0; /* default: Do NOT syslog xferlog */
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
dropprivs = 0;
|
|
|
|
mapped = 0;
|
2000-03-05 09:12:19 +03:00
|
|
|
usedefault = 1;
|
2000-11-16 16:15:13 +03:00
|
|
|
emailaddr = NULL;
|
1999-12-19 03:09:31 +03:00
|
|
|
hostname[0] = '\0';
|
2000-07-17 06:30:52 +04:00
|
|
|
homedir[0] = '\0';
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
gidcount = 0;
|
2001-04-02 03:04:30 +04:00
|
|
|
is_oob = 0;
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
version = FTPD_VERSION;
|
2000-11-16 16:15:13 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* LOG_NDELAY sets up the logging connection immediately,
|
|
|
|
* necessary for anonymous ftp's that chroot and can't do it later.
|
|
|
|
*/
|
|
|
|
openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
|
|
|
|
|
2000-12-18 05:32:50 +03:00
|
|
|
while ((ch = getopt(argc, argv, "a:c:C:de:h:HlP:qQrst:T:uUvV:wWX"))
|
2000-11-16 16:15:13 +03:00
|
|
|
!= -1) {
|
1994-06-29 05:49:37 +04:00
|
|
|
switch (ch) {
|
1997-05-24 02:09:48 +04:00
|
|
|
case 'a':
|
|
|
|
anondir = optarg;
|
|
|
|
break;
|
|
|
|
|
1997-09-23 17:56:39 +04:00
|
|
|
case 'c':
|
2000-11-16 16:15:13 +03:00
|
|
|
confdir = optarg;
|
1997-09-23 17:56:39 +04:00
|
|
|
break;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
1997-09-23 18:25:30 +04:00
|
|
|
case 'C':
|
1999-12-21 15:56:15 +03:00
|
|
|
pw = sgetpwnam(optarg);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
exit(checkaccess(optarg) ? 0 : 1);
|
1997-09-23 18:25:30 +04:00
|
|
|
/* NOTREACHED */
|
1997-09-23 17:56:39 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
case 'd':
|
1997-05-24 02:09:48 +04:00
|
|
|
case 'v': /* deprecated */
|
1993-03-21 12:45:37 +03:00
|
|
|
debug = 1;
|
|
|
|
break;
|
|
|
|
|
2000-11-16 16:15:13 +03:00
|
|
|
case 'e':
|
|
|
|
emailaddr = optarg;
|
|
|
|
break;
|
|
|
|
|
1999-12-19 03:09:31 +03:00
|
|
|
case 'h':
|
|
|
|
strlcpy(hostname, optarg, sizeof(hostname));
|
|
|
|
break;
|
|
|
|
|
2000-07-15 07:45:19 +04:00
|
|
|
case 'H':
|
|
|
|
if (gethostname(hostname, sizeof(hostname)) == -1)
|
|
|
|
hostname[0] = '\0';
|
|
|
|
hostname[sizeof(hostname) - 1] = '\0';
|
|
|
|
break;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
case 'l':
|
1994-06-29 05:49:37 +04:00
|
|
|
logging++; /* > 1 == extra logging */
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
2000-11-16 16:15:13 +03:00
|
|
|
case 'P':
|
|
|
|
dataport = (int)strtol(optarg, &p, 10);
|
|
|
|
if (*p != '\0' || dataport < IPPORT_RESERVED ||
|
|
|
|
dataport > IPPORT_ANONMAX) {
|
|
|
|
syslog(LOG_WARNING, "Invalid dataport %s",
|
|
|
|
optarg);
|
|
|
|
dataport = 0;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'q':
|
|
|
|
dopidfile = 1;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'Q':
|
|
|
|
dopidfile = 0;
|
|
|
|
break;
|
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
case 'r':
|
|
|
|
dropprivs = 1;
|
|
|
|
break;
|
|
|
|
|
1998-06-26 21:41:38 +04:00
|
|
|
case 's':
|
|
|
|
sflag = 1;
|
|
|
|
break;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
case 't':
|
|
|
|
case 'T':
|
2001-01-10 03:20:49 +03:00
|
|
|
syslog(LOG_WARNING,
|
2000-11-16 16:15:13 +03:00
|
|
|
"-%c has been deprecated in favour of ftpd.conf",
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
ch);
|
1994-06-29 05:49:37 +04:00
|
|
|
break;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-11-16 16:15:13 +03:00
|
|
|
case 'u':
|
1999-12-18 08:51:34 +03:00
|
|
|
doutmp = 1;
|
|
|
|
break;
|
|
|
|
|
2000-11-16 16:15:13 +03:00
|
|
|
case 'U':
|
|
|
|
doutmp = 0;
|
|
|
|
break;
|
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
case 'V':
|
|
|
|
if (EMPTYSTR(optarg) || strcmp(optarg, "-") == 0)
|
|
|
|
version = NULL;
|
|
|
|
else
|
|
|
|
version = xstrdup(optarg);
|
|
|
|
break;
|
|
|
|
|
2000-11-16 16:15:13 +03:00
|
|
|
case 'w':
|
|
|
|
dowtmp = 1;
|
|
|
|
break;
|
|
|
|
|
2000-07-26 17:53:33 +04:00
|
|
|
case 'W':
|
|
|
|
dowtmp = 0;
|
|
|
|
break;
|
|
|
|
|
2000-12-18 05:32:50 +03:00
|
|
|
case 'X':
|
|
|
|
doxferlog = 1;
|
|
|
|
break;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
default:
|
1997-09-23 18:25:30 +04:00
|
|
|
if (optopt == 'a' || optopt == 'C')
|
|
|
|
exit(1);
|
2001-01-10 03:20:49 +03:00
|
|
|
syslog(LOG_WARNING, "unknown flag -%c ignored", optopt);
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2000-11-16 16:15:13 +03:00
|
|
|
if (EMPTYSTR(confdir))
|
|
|
|
confdir = _DEFAULT_CONFDIR;
|
1997-09-23 18:25:30 +04:00
|
|
|
|
2000-12-18 05:32:50 +03:00
|
|
|
memset((char *)&his_addr, 0, sizeof(his_addr));
|
2000-11-15 05:32:30 +03:00
|
|
|
addrlen = sizeof(his_addr.si_su);
|
|
|
|
if (getpeername(0, (struct sockaddr *)&his_addr.si_su, &addrlen) < 0) {
|
1997-09-23 18:25:30 +04:00
|
|
|
syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
|
|
|
|
exit(1);
|
|
|
|
}
|
2000-11-15 05:32:30 +03:00
|
|
|
his_addr.su_len = addrlen;
|
2000-12-18 05:32:50 +03:00
|
|
|
memset((char *)&ctrl_addr, 0, sizeof(ctrl_addr));
|
2000-11-15 05:32:30 +03:00
|
|
|
addrlen = sizeof(ctrl_addr.si_su);
|
1999-07-27 19:41:49 +04:00
|
|
|
if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) {
|
|
|
|
syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
|
|
|
|
exit(1);
|
|
|
|
}
|
2000-11-15 05:32:30 +03:00
|
|
|
ctrl_addr.su_len = addrlen;
|
2000-09-15 18:55:16 +04:00
|
|
|
#ifdef INET6
|
1999-07-02 09:52:14 +04:00
|
|
|
if (his_addr.su_family == AF_INET6
|
2000-11-15 05:32:30 +03:00
|
|
|
&& IN6_IS_ADDR_V4MAPPED(&his_addr.su_6addr)) {
|
1999-07-27 19:41:49 +04:00
|
|
|
#if 1
|
|
|
|
/*
|
|
|
|
* IPv4 control connection arrived to AF_INET6 socket.
|
|
|
|
* I hate to do this, but this is the easiest solution.
|
2000-05-30 09:31:31 +04:00
|
|
|
*
|
|
|
|
* The assumption is untrue on SIIT environment.
|
1999-07-27 19:41:49 +04:00
|
|
|
*/
|
2000-11-15 05:32:30 +03:00
|
|
|
struct sockinet tmp_addr;
|
1999-12-13 07:36:10 +03:00
|
|
|
const int off = sizeof(struct in6_addr) - sizeof(struct in_addr);
|
1999-07-27 19:41:49 +04:00
|
|
|
|
|
|
|
tmp_addr = his_addr;
|
|
|
|
memset(&his_addr, 0, sizeof(his_addr));
|
2000-11-15 05:32:30 +03:00
|
|
|
his_addr.su_family = AF_INET;
|
|
|
|
his_addr.su_len = sizeof(his_addr.si_su.su_sin);
|
|
|
|
memcpy(&his_addr.su_addr, &tmp_addr.su_6addr.s6_addr[off],
|
|
|
|
sizeof(his_addr.su_addr));
|
|
|
|
his_addr.su_port = tmp_addr.su_port;
|
1999-07-27 19:41:49 +04:00
|
|
|
|
|
|
|
tmp_addr = ctrl_addr;
|
|
|
|
memset(&ctrl_addr, 0, sizeof(ctrl_addr));
|
2000-11-15 05:32:30 +03:00
|
|
|
ctrl_addr.su_family = AF_INET;
|
|
|
|
ctrl_addr.su_len = sizeof(ctrl_addr.si_su.su_sin);
|
|
|
|
memcpy(&ctrl_addr.su_addr, &tmp_addr.su_6addr.s6_addr[off],
|
|
|
|
sizeof(ctrl_addr.su_addr));
|
|
|
|
ctrl_addr.su_port = tmp_addr.su_port;
|
1999-07-27 19:41:49 +04:00
|
|
|
#else
|
1999-07-02 09:52:14 +04:00
|
|
|
while (fgets(line, sizeof(line), fd) != NULL) {
|
|
|
|
if ((cp = strchr(line, '\n')) != NULL)
|
|
|
|
*cp = '\0';
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-530, "%s", line);
|
1999-07-02 09:52:14 +04:00
|
|
|
}
|
|
|
|
(void) fflush(stdout);
|
|
|
|
(void) fclose(fd);
|
|
|
|
reply(530,
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
"Connection from IPv4 mapped address is not supported.");
|
1999-07-02 09:52:14 +04:00
|
|
|
exit(0);
|
1999-07-27 19:41:49 +04:00
|
|
|
#endif
|
1999-12-13 19:30:37 +03:00
|
|
|
|
|
|
|
mapped = 1;
|
|
|
|
} else
|
2000-11-15 05:32:30 +03:00
|
|
|
#endif /* INET6 */
|
1999-12-13 19:30:37 +03:00
|
|
|
mapped = 0;
|
1997-09-23 18:25:30 +04:00
|
|
|
#ifdef IP_TOS
|
1999-12-13 19:30:37 +03:00
|
|
|
if (!mapped && his_addr.su_family == AF_INET) {
|
1999-07-02 09:52:14 +04:00
|
|
|
tos = IPTOS_LOWDELAY;
|
|
|
|
if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&tos,
|
|
|
|
sizeof(int)) < 0)
|
|
|
|
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
|
|
|
|
}
|
1997-09-23 18:25:30 +04:00
|
|
|
#endif
|
1999-12-19 03:09:31 +03:00
|
|
|
/* if the hostname hasn't been given, attempt to determine it */
|
|
|
|
if (hostname[0] == '\0') {
|
2000-11-15 05:32:30 +03:00
|
|
|
if (getnameinfo((struct sockaddr *)&ctrl_addr.si_su,
|
|
|
|
ctrl_addr.su_len, hostname, sizeof(hostname), NULL, 0, 0)
|
|
|
|
!= 0)
|
1999-12-19 03:09:31 +03:00
|
|
|
(void)gethostname(hostname, sizeof(hostname));
|
|
|
|
hostname[sizeof(hostname) - 1] = '\0';
|
|
|
|
}
|
1999-12-18 09:33:54 +03:00
|
|
|
|
1997-09-23 18:25:30 +04:00
|
|
|
/* set this here so klogin can use it... */
|
|
|
|
(void)snprintf(ttyline, sizeof(ttyline), "ftp%d", getpid());
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) freopen(_PATH_DEVNULL, "w", stderr);
|
|
|
|
(void) signal(SIGPIPE, lostconn);
|
|
|
|
(void) signal(SIGCHLD, SIG_IGN);
|
1999-12-18 08:51:34 +03:00
|
|
|
if (signal(SIGURG, myoob) == SIG_ERR)
|
2001-01-10 03:20:49 +03:00
|
|
|
syslog(LOG_WARNING, "signal: %m");
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/* Try to handle urgent data inline */
|
|
|
|
#ifdef SO_OOBINLINE
|
|
|
|
if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on)) < 0)
|
2001-01-10 03:20:49 +03:00
|
|
|
syslog(LOG_WARNING, "setsockopt: %m");
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif
|
1999-06-05 17:49:53 +04:00
|
|
|
/* Set keepalives on the socket to detect dropped connections. */
|
|
|
|
#ifdef SO_KEEPALIVE
|
|
|
|
keepalive = 1;
|
|
|
|
if (setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&keepalive,
|
|
|
|
sizeof(int)) < 0)
|
|
|
|
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
#ifdef F_SETOWN
|
|
|
|
if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
|
2001-01-10 03:20:49 +03:00
|
|
|
syslog(LOG_WARNING, "fcntl F_SETOWN: %m");
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif
|
2000-12-18 05:32:50 +03:00
|
|
|
logremotehost(&his_addr);
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Set up default state
|
|
|
|
*/
|
|
|
|
data = -1;
|
|
|
|
type = TYPE_A;
|
|
|
|
form = FORM_N;
|
|
|
|
stru = STRU_F;
|
|
|
|
mode = MODE_S;
|
|
|
|
tmpline[0] = '\0';
|
1998-09-06 14:39:40 +04:00
|
|
|
hasyyerrored = 0;
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1997-10-12 18:04:36 +04:00
|
|
|
#ifdef KERBEROS5
|
|
|
|
kerror = krb5_init_context(&kcontext);
|
|
|
|
if (kerror) {
|
2001-01-10 03:20:49 +03:00
|
|
|
syslog(LOG_ERR, "%s when initializing Kerberos context",
|
1997-10-12 18:04:36 +04:00
|
|
|
error_message(kerror));
|
|
|
|
exit(0);
|
|
|
|
}
|
1998-02-01 17:10:22 +03:00
|
|
|
#endif /* KERBEROS5 */
|
1997-10-12 18:04:36 +04:00
|
|
|
|
2000-01-08 14:09:56 +03:00
|
|
|
init_curclass();
|
|
|
|
curclass.timeout = 300; /* 5 minutes, as per login(1) */
|
|
|
|
curclass.type = CLASS_REAL;
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
/* If logins are disabled, print out the message. */
|
2000-07-17 06:30:52 +04:00
|
|
|
if (display_file(_PATH_NOLOGIN, 530)) {
|
1994-06-29 05:49:37 +04:00
|
|
|
reply(530, "System not available.");
|
|
|
|
exit(0);
|
|
|
|
}
|
2000-07-17 06:30:52 +04:00
|
|
|
(void)display_file(conffilename(_PATH_FTPWELCOME), 220);
|
1994-06-29 05:49:37 +04:00
|
|
|
/* reply(220,) must follow */
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (EMPTYSTR(version))
|
|
|
|
reply(220, "%s FTP server ready.", hostname);
|
|
|
|
else
|
|
|
|
reply(220, "%s FTP server (%s) ready.", hostname, version);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
1998-09-06 14:39:40 +04:00
|
|
|
(void) setjmp(errcatch);
|
2001-04-02 03:04:30 +04:00
|
|
|
ftp_loop();
|
1993-03-21 12:45:37 +03:00
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
static void
|
2000-05-20 06:20:18 +04:00
|
|
|
lostconn(int signo)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if (debug)
|
|
|
|
syslog(LOG_DEBUG, "lost connection");
|
1997-09-23 18:25:30 +04:00
|
|
|
dologout(1);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Save the result of a getpwnam. Used for USER command, since
|
|
|
|
* the data returned must not be clobbered by any other command
|
|
|
|
* (e.g., globbing).
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
static struct passwd *
|
2000-05-20 06:20:18 +04:00
|
|
|
sgetpwnam(const char *name)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
static struct passwd save;
|
1994-06-29 05:49:37 +04:00
|
|
|
struct passwd *p;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
if ((p = getpwnam(name)) == NULL)
|
|
|
|
return (p);
|
|
|
|
if (save.pw_name) {
|
1998-07-27 05:45:09 +04:00
|
|
|
free((char *)save.pw_name);
|
1999-12-18 08:51:34 +03:00
|
|
|
memset(save.pw_passwd, 0, strlen(save.pw_passwd));
|
1998-07-27 05:45:09 +04:00
|
|
|
free((char *)save.pw_passwd);
|
|
|
|
free((char *)save.pw_gecos);
|
|
|
|
free((char *)save.pw_dir);
|
|
|
|
free((char *)save.pw_shell);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
save = *p;
|
1998-09-07 12:11:20 +04:00
|
|
|
save.pw_name = xstrdup(p->pw_name);
|
|
|
|
save.pw_passwd = xstrdup(p->pw_passwd);
|
|
|
|
save.pw_gecos = xstrdup(p->pw_gecos);
|
|
|
|
save.pw_dir = xstrdup(p->pw_dir);
|
|
|
|
save.pw_shell = xstrdup(p->pw_shell);
|
1993-03-21 12:45:37 +03:00
|
|
|
return (&save);
|
|
|
|
}
|
|
|
|
|
2000-06-14 17:44:21 +04:00
|
|
|
static int login_attempts; /* number of failed login attempts */
|
2001-12-04 16:54:12 +03:00
|
|
|
static int askpasswd; /* had USER command, ask for PASSwd */
|
|
|
|
static int permitted; /* USER permitted */
|
2000-06-14 17:44:21 +04:00
|
|
|
static char curname[10]; /* current USER name */
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* USER command.
|
|
|
|
* Sets global passwd pointer pw if named account exists and is acceptable;
|
|
|
|
* sets askpasswd if a PASS command is expected. If logged in previously,
|
|
|
|
* need to reset state. If name is "ftp" or "anonymous", the name is not in
|
|
|
|
* _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return.
|
|
|
|
* If account doesn't exist, ask for passwd anyway. Otherwise, check user
|
|
|
|
* requesting login privileges. Disallow anyone who does not have a standard
|
|
|
|
* shell as returned by getusershell(). Disallow anyone mentioned in the file
|
|
|
|
* _PATH_FTPUSERS to allow people such as root and uucp to be avoided.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
user(const char *name)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
2001-12-04 16:54:12 +03:00
|
|
|
char *class;
|
|
|
|
|
|
|
|
class = NULL;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (logged_in) {
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
switch (curclass.type) {
|
|
|
|
case CLASS_GUEST:
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(530, "Can't change user from guest login.");
|
|
|
|
return;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
case CLASS_CHROOT:
|
1994-04-07 00:49:52 +04:00
|
|
|
reply(530, "Can't change user from chroot user.");
|
|
|
|
return;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
case CLASS_REAL:
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (dropprivs) {
|
|
|
|
reply(530, "Can't change user.");
|
|
|
|
return;
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
end_login();
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
abort();
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS)
|
1997-10-12 18:04:36 +04:00
|
|
|
kdestroy();
|
|
|
|
#endif
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS5)
|
|
|
|
k5destroy();
|
|
|
|
#endif
|
1997-10-12 18:04:36 +04:00
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.type = CLASS_REAL;
|
2001-12-04 16:54:12 +03:00
|
|
|
askpasswd = 0;
|
|
|
|
permitted = 0;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
|
1999-12-21 15:56:15 +03:00
|
|
|
/* need `pw' setup for checkaccess() and checkuser () */
|
|
|
|
if ((pw = sgetpwnam("ftp")) == NULL)
|
|
|
|
reply(530, "User %s unknown.", name);
|
2000-01-08 14:09:56 +03:00
|
|
|
else if (! checkaccess("ftp") || ! checkaccess("anonymous"))
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(530, "User %s access denied.", name);
|
1999-12-21 15:56:15 +03:00
|
|
|
else {
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.type = CLASS_GUEST;
|
1993-03-21 12:45:37 +03:00
|
|
|
askpasswd = 1;
|
1994-06-29 05:49:37 +04:00
|
|
|
reply(331,
|
|
|
|
"Guest login ok, type your name as password.");
|
1999-12-21 15:56:15 +03:00
|
|
|
}
|
2001-12-04 16:54:12 +03:00
|
|
|
if (!askpasswd) {
|
|
|
|
if (logging)
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"ANONYMOUS FTP LOGIN REFUSED FROM %s",
|
|
|
|
remotehost);
|
|
|
|
end_login();
|
|
|
|
goto cleanup_user;
|
|
|
|
}
|
|
|
|
name = "ftp";
|
|
|
|
} else
|
|
|
|
pw = sgetpwnam(name);
|
1997-09-23 17:56:39 +04:00
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
if (logging)
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
strlcpy(curname, name, sizeof(curname));
|
1997-10-12 17:18:56 +04:00
|
|
|
|
2001-12-04 16:54:12 +03:00
|
|
|
/* check user in /etc/ftpusers, and setup class */
|
|
|
|
permitted = checkuser(_PATH_FTPUSERS, curname, 1, 0, &class);
|
1994-05-24 10:52:17 +04:00
|
|
|
|
2001-12-04 16:54:12 +03:00
|
|
|
/* check user in /etc/ftpchroot */
|
|
|
|
if (checkuser(_PATH_FTPCHROOT, curname, 0, 0, NULL)) {
|
|
|
|
if (curclass.type == CLASS_GUEST) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"Can't change guest user to chroot class; remove entry in %s",
|
|
|
|
_PATH_FTPCHROOT);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
curclass.type = CLASS_CHROOT;
|
|
|
|
}
|
|
|
|
/* determine default class */
|
|
|
|
if (class == NULL) {
|
|
|
|
switch (curclass.type) {
|
|
|
|
case CLASS_GUEST:
|
|
|
|
class = xstrdup("guest");
|
|
|
|
break;
|
|
|
|
case CLASS_CHROOT:
|
|
|
|
class = xstrdup("chroot");
|
|
|
|
break;
|
|
|
|
case CLASS_REAL:
|
|
|
|
class = xstrdup("real");
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
syslog(LOG_ERR, "unknown curclass.type %d; aborting",
|
|
|
|
curclass.type);
|
|
|
|
abort();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* parse ftpd.conf, setting up various parameters */
|
|
|
|
parse_conf(class);
|
|
|
|
/* if not guest user, check for valid shell */
|
|
|
|
if (pw == NULL)
|
|
|
|
permitted = 0;
|
|
|
|
else {
|
|
|
|
const char *cp, *shell;
|
|
|
|
|
|
|
|
if ((shell = pw->pw_shell) == NULL || *shell == 0)
|
|
|
|
shell = _PATH_BSHELL;
|
|
|
|
while ((cp = getusershell()) != NULL)
|
|
|
|
if (strcmp(cp, shell) == 0)
|
|
|
|
break;
|
|
|
|
endusershell();
|
|
|
|
if (cp == NULL && curclass.type != CLASS_GUEST)
|
|
|
|
permitted = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* deny quickly (after USER not PASS) if requested */
|
|
|
|
if (CURCLASS_FLAGS_ISSET(denyquick) && !permitted) {
|
|
|
|
reply(530, "User %s may not use FTP.", curname);
|
|
|
|
if (logging)
|
|
|
|
syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",
|
|
|
|
remotehost, curname);
|
|
|
|
end_login();
|
|
|
|
goto cleanup_user;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* if haven't asked yet (i.e, not anon), ask now */
|
|
|
|
if (!askpasswd) {
|
|
|
|
askpasswd = 1;
|
|
|
|
#ifdef SKEY
|
|
|
|
if (skey_haskey(curname) == 0) {
|
|
|
|
const char *myskey;
|
|
|
|
|
|
|
|
myskey = skey_keyinfo(curname);
|
2001-12-06 05:00:06 +03:00
|
|
|
reply(331, "Password [ %s ] required for %s.",
|
2001-12-04 16:54:12 +03:00
|
|
|
myskey ? myskey : "error getting challenge",
|
|
|
|
curname);
|
|
|
|
} else
|
1994-05-24 10:52:17 +04:00
|
|
|
#endif
|
2001-12-04 16:54:12 +03:00
|
|
|
reply(331, "Password required for %s.", curname);
|
|
|
|
}
|
1994-05-24 10:52:17 +04:00
|
|
|
|
2001-12-04 16:54:12 +03:00
|
|
|
cleanup_user:
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Delay before reading passwd after first failed
|
|
|
|
* attempt to slow down passwd-guessing programs.
|
|
|
|
*/
|
|
|
|
if (login_attempts)
|
|
|
|
sleep((unsigned) login_attempts);
|
2001-12-04 16:54:12 +03:00
|
|
|
|
|
|
|
if (class)
|
|
|
|
free(class);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
1998-09-07 12:11:20 +04:00
|
|
|
* Determine whether something is to happen (allow access, chroot)
|
|
|
|
* for a user. Each line is a shell-style glob followed by
|
|
|
|
* `yes' or `no'.
|
1997-04-06 11:53:10 +04:00
|
|
|
*
|
2001-06-11 05:50:48 +04:00
|
|
|
* For backward compatibility, `allow' and `deny' are synonymns
|
1998-09-07 12:11:20 +04:00
|
|
|
* for `yes' and `no', respectively.
|
1997-04-29 08:00:39 +04:00
|
|
|
*
|
1998-09-07 12:11:20 +04:00
|
|
|
* Each glob is matched against the username in turn, and the first
|
|
|
|
* match found is used. If no match is found, the result is the
|
|
|
|
* argument `def'. If a match is found but without and explicit
|
|
|
|
* `yes'/`no', the result is the opposite of def.
|
1997-04-06 11:53:10 +04:00
|
|
|
*
|
1998-09-07 12:11:20 +04:00
|
|
|
* If the file doesn't exist at all, the result is the argument
|
|
|
|
* `nofile'
|
1997-04-06 11:53:10 +04:00
|
|
|
*
|
1998-09-07 12:11:20 +04:00
|
|
|
* Any line starting with `#' is considered a comment and ignored.
|
1997-04-06 11:53:10 +04:00
|
|
|
*
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
* Returns 0 if the user is denied, or 1 if they are allowed.
|
1999-12-21 15:56:15 +03:00
|
|
|
*
|
|
|
|
* NOTE: needs struct passwd *pw setup before use.
|
1997-04-06 11:53:10 +04:00
|
|
|
*/
|
2000-12-18 05:32:50 +03:00
|
|
|
static int
|
2000-05-20 06:20:18 +04:00
|
|
|
checkuser(const char *fname, const char *name, int def, int nofile,
|
|
|
|
char **retclass)
|
1997-04-06 11:53:10 +04:00
|
|
|
{
|
1998-09-07 12:11:20 +04:00
|
|
|
FILE *fd;
|
|
|
|
int retval;
|
2001-12-01 13:25:29 +03:00
|
|
|
char *word, *perm, *class, *buf, *p;
|
1999-12-16 05:21:37 +03:00
|
|
|
size_t len, line;
|
1997-04-06 11:53:10 +04:00
|
|
|
|
1998-09-07 12:11:20 +04:00
|
|
|
retval = def;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (retclass != NULL)
|
|
|
|
*retclass = NULL;
|
1998-09-07 12:11:20 +04:00
|
|
|
if ((fd = fopen(conffilename(fname), "r")) == NULL)
|
|
|
|
return nofile;
|
1997-04-06 11:53:10 +04:00
|
|
|
|
1999-12-16 05:21:37 +03:00
|
|
|
line = 0;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
for (;
|
1999-12-16 05:21:37 +03:00
|
|
|
(buf = fparseln(fd, &len, &line, NULL, FPARSELN_UNESCCOMM |
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
FPARSELN_UNESCCONT | FPARSELN_UNESCESC)) != NULL;
|
|
|
|
free(buf), buf = NULL) {
|
2001-12-01 13:25:29 +03:00
|
|
|
word = perm = class = NULL;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
p = buf;
|
|
|
|
if (len < 1)
|
1997-04-06 11:53:10 +04:00
|
|
|
continue;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (p[len - 1] == '\n')
|
|
|
|
p[--len] = '\0';
|
|
|
|
if (EMPTYSTR(p))
|
1999-09-30 22:12:34 +04:00
|
|
|
continue;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
2001-12-01 13:25:29 +03:00
|
|
|
NEXTWORD(p, word);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
NEXTWORD(p, perm);
|
|
|
|
NEXTWORD(p, class);
|
2001-12-01 13:25:29 +03:00
|
|
|
if (EMPTYSTR(word))
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
continue;
|
1999-12-16 05:21:37 +03:00
|
|
|
if (!EMPTYSTR(class)) {
|
|
|
|
if (strcasecmp(class, "all") == 0 ||
|
|
|
|
strcasecmp(class, "none") == 0) {
|
|
|
|
syslog(LOG_WARNING,
|
|
|
|
"%s line %d: illegal user-defined class `%s' - skipping entry",
|
|
|
|
fname, (int)line, class);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
|
|
|
/* have a host specifier */
|
2001-12-01 13:25:29 +03:00
|
|
|
if ((p = strchr(word, '@')) != NULL) {
|
2000-11-15 05:32:30 +03:00
|
|
|
unsigned long net, mask, addr;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
int bits;
|
|
|
|
|
|
|
|
*p++ = '\0';
|
|
|
|
/* check against network or CIDR */
|
|
|
|
if (isdigit(*p) &&
|
|
|
|
(bits = inet_net_pton(AF_INET, p,
|
|
|
|
&net, sizeof(net))) != -1) {
|
|
|
|
net = ntohl(net);
|
|
|
|
mask = 0xffffffffU << (32 - bits);
|
2000-11-15 05:32:30 +03:00
|
|
|
addr = ntohl(his_addr.su_addr.s_addr);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if ((addr & mask) != net)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* check against hostname glob */
|
2001-12-01 13:25:29 +03:00
|
|
|
} else if (fnmatch(p, remotehost, FNM_CASEFOLD) != 0)
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
continue;
|
1997-04-06 11:53:10 +04:00
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
1999-12-21 15:56:15 +03:00
|
|
|
/* have a group specifier */
|
2001-12-01 13:25:29 +03:00
|
|
|
if ((p = strchr(word, ':')) != NULL) {
|
1999-12-21 15:56:15 +03:00
|
|
|
gid_t *groups, *ng;
|
|
|
|
int gsize, i, found;
|
|
|
|
|
2001-12-04 16:54:12 +03:00
|
|
|
if (pw == NULL)
|
|
|
|
continue; /* no match for unknown user */
|
1999-12-21 15:56:15 +03:00
|
|
|
*p++ = '\0';
|
|
|
|
groups = NULL;
|
|
|
|
gsize = 16;
|
|
|
|
do {
|
|
|
|
ng = realloc(groups, gsize * sizeof(gid_t));
|
|
|
|
if (ng == NULL)
|
|
|
|
fatal(
|
|
|
|
"Local resource failure: realloc");
|
|
|
|
groups = ng;
|
|
|
|
} while (getgrouplist(pw->pw_name, pw->pw_gid,
|
|
|
|
groups, &gsize) == -1);
|
|
|
|
found = 0;
|
|
|
|
for (i = 0; i < gsize; i++) {
|
|
|
|
struct group *g;
|
|
|
|
|
|
|
|
if ((g = getgrgid(groups[i])) == NULL)
|
|
|
|
continue;
|
|
|
|
if (fnmatch(p, g->gr_name, 0) == 0) {
|
|
|
|
found = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
free(groups);
|
|
|
|
if (!found)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
/* check against username glob */
|
2001-12-01 13:25:29 +03:00
|
|
|
if (fnmatch(word, name, 0) != 0)
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
continue;
|
|
|
|
|
|
|
|
if (perm != NULL &&
|
|
|
|
((strcasecmp(perm, "allow") == 0) ||
|
|
|
|
(strcasecmp(perm, "yes") == 0)))
|
|
|
|
retval = 1;
|
|
|
|
else if (perm != NULL &&
|
|
|
|
((strcasecmp(perm, "deny") == 0) ||
|
|
|
|
(strcasecmp(perm, "no") == 0)))
|
|
|
|
retval = 0;
|
|
|
|
else
|
|
|
|
retval = !def;
|
|
|
|
if (!EMPTYSTR(class) && retclass != NULL)
|
|
|
|
*retclass = xstrdup(class);
|
|
|
|
free(buf);
|
|
|
|
break;
|
1997-04-06 11:53:10 +04:00
|
|
|
}
|
|
|
|
(void) fclose(fd);
|
1997-04-29 08:00:39 +04:00
|
|
|
return (retval);
|
1997-04-06 11:53:10 +04:00
|
|
|
}
|
1998-09-07 12:11:20 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if user is allowed by /etc/ftpusers
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
* returns 1 for yes, 0 for no
|
1999-12-21 15:56:15 +03:00
|
|
|
*
|
|
|
|
* NOTE: needs struct passwd *pw setup (for checkuser())
|
1998-09-07 12:11:20 +04:00
|
|
|
*/
|
2000-12-18 05:32:50 +03:00
|
|
|
static int
|
2000-05-20 06:20:18 +04:00
|
|
|
checkaccess(const char *name)
|
1998-09-07 12:11:20 +04:00
|
|
|
{
|
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
return (checkuser(_PATH_FTPUSERS, name, 1, 0, NULL));
|
1998-09-07 12:11:20 +04:00
|
|
|
}
|
1997-04-06 11:53:10 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
2000-12-18 05:32:50 +03:00
|
|
|
* Terminate login as previous user (if any), resetting state;
|
1993-03-21 12:45:37 +03:00
|
|
|
* used when USER command is given or login fails.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
static void
|
2000-05-20 06:20:18 +04:00
|
|
|
end_login(void)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
|
1999-12-18 08:51:34 +03:00
|
|
|
if (logged_in) {
|
2000-07-26 17:53:33 +04:00
|
|
|
if (dowtmp)
|
|
|
|
logwtmp(ttyline, "", "");
|
1999-12-18 08:51:34 +03:00
|
|
|
if (doutmp)
|
|
|
|
logout(utmp.ut_line);
|
|
|
|
}
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* reset login state */
|
2000-12-18 05:32:50 +03:00
|
|
|
show_chdir_messages(-1); /* flush chdir cache */
|
|
|
|
if (pw != NULL && pw->pw_passwd != NULL)
|
|
|
|
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
|
1993-03-21 12:45:37 +03:00
|
|
|
pw = NULL;
|
|
|
|
logged_in = 0;
|
2001-12-04 16:54:12 +03:00
|
|
|
askpasswd = 0;
|
|
|
|
permitted = 0;
|
2000-01-13 03:04:31 +03:00
|
|
|
quietmessages = 0;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
gidcount = 0;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.type = CLASS_REAL;
|
2000-12-18 05:32:50 +03:00
|
|
|
(void) seteuid((uid_t)0);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
pass(const char *passwd)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-12-18 08:51:34 +03:00
|
|
|
int rval;
|
2001-12-04 16:54:12 +03:00
|
|
|
char root[MAXPATHLEN];
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
if (logged_in || askpasswd == 0) {
|
|
|
|
reply(503, "Login with USER first.");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
askpasswd = 0;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.type != CLASS_GUEST) {
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* "ftp" is the only account allowed with no password */
|
1994-06-29 05:49:37 +04:00
|
|
|
if (pw == NULL) {
|
|
|
|
rval = 1; /* failure below */
|
|
|
|
goto skip;
|
|
|
|
}
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS)
|
1999-05-20 01:44:29 +04:00
|
|
|
if (klogin(pw, "", hostname, (char *)passwd) == 0) {
|
1997-10-12 18:04:36 +04:00
|
|
|
rval = 0;
|
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
#endif
|
2000-06-02 18:47:19 +04:00
|
|
|
#if defined(KERBEROS5)
|
|
|
|
if (k5login(pw, "", hostname, (char *)passwd) == 0) {
|
|
|
|
rval = 0;
|
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
#endif
|
1997-10-12 17:52:51 +04:00
|
|
|
#ifdef SKEY
|
1999-05-17 19:14:53 +04:00
|
|
|
if (skey_haskey(pw->pw_name) == 0) {
|
|
|
|
char *p;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
p = xstrdup(passwd);
|
|
|
|
r = skey_passcheck(pw->pw_name, p);
|
|
|
|
free(p);
|
|
|
|
if (r != -1) {
|
|
|
|
rval = 0;
|
|
|
|
goto skip;
|
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1994-05-24 10:52:17 +04:00
|
|
|
#endif
|
2000-11-30 09:06:08 +03:00
|
|
|
if (!sflag)
|
|
|
|
rval = checkpassword(pw, passwd);
|
|
|
|
else
|
|
|
|
rval = 1;
|
1994-03-30 06:49:15 +04:00
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
skip:
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If rval > 0, the user failed the authentication check
|
|
|
|
* above. If rval == 0, either Kerberos or local
|
|
|
|
* authentication succeeded.
|
|
|
|
*/
|
1994-03-30 06:49:15 +04:00
|
|
|
if (rval) {
|
2000-07-08 22:24:28 +04:00
|
|
|
reply(530, "%s", rval == 2 ? "Password expired." :
|
1998-02-01 17:10:22 +03:00
|
|
|
"Login incorrect.");
|
1997-05-29 14:31:48 +04:00
|
|
|
if (logging) {
|
1994-06-29 05:49:37 +04:00
|
|
|
syslog(LOG_NOTICE,
|
1997-05-29 14:31:48 +04:00
|
|
|
"FTP LOGIN FAILED FROM %s", remotehost);
|
|
|
|
syslog(LOG_AUTHPRIV | LOG_NOTICE,
|
1994-06-29 05:49:37 +04:00
|
|
|
"FTP LOGIN FAILED FROM %s, %s",
|
|
|
|
remotehost, curname);
|
1997-05-29 14:31:48 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
pw = NULL;
|
|
|
|
if (login_attempts++ >= 5) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"repeated login failures from %s",
|
|
|
|
remotehost);
|
|
|
|
exit(0);
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
1997-04-06 11:53:10 +04:00
|
|
|
|
2001-12-04 16:54:12 +03:00
|
|
|
/* password ok; check if anything else prevents login */
|
|
|
|
if (! permitted) {
|
1997-04-06 11:53:10 +04:00
|
|
|
reply(530, "User %s may not use FTP.", pw->pw_name);
|
|
|
|
if (logging)
|
1999-05-17 19:14:53 +04:00
|
|
|
syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",
|
1997-04-06 11:53:10 +04:00
|
|
|
remotehost, pw->pw_name);
|
2000-01-08 14:09:56 +03:00
|
|
|
goto bad;
|
1997-04-06 11:53:10 +04:00
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
login_attempts = 0; /* this time successful */
|
1994-06-29 05:49:37 +04:00
|
|
|
if (setegid((gid_t)pw->pw_gid) < 0) {
|
|
|
|
reply(550, "Can't set gid.");
|
2000-01-08 14:09:56 +03:00
|
|
|
goto bad;
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) initgroups(pw->pw_name, pw->pw_gid);
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* cache groups for cmds.c::matchgroup() */
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
gidcount = getgroups(sizeof(gidlist), gidlist);
|
1993-03-21 12:45:37 +03:00
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* open wtmp before chroot */
|
2000-07-26 17:53:33 +04:00
|
|
|
if (dowtmp)
|
|
|
|
logwtmp(ttyline, pw->pw_name, remotehost);
|
1999-12-18 08:51:34 +03:00
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* open utmp before chroot */
|
1999-12-18 08:51:34 +03:00
|
|
|
if (doutmp) {
|
|
|
|
memset((void *)&utmp, 0, sizeof(utmp));
|
|
|
|
(void)time(&utmp.ut_time);
|
|
|
|
(void)strncpy(utmp.ut_name, pw->pw_name, sizeof(utmp.ut_name));
|
|
|
|
(void)strncpy(utmp.ut_host, remotehost, sizeof(utmp.ut_host));
|
|
|
|
(void)strncpy(utmp.ut_line, ttyline, sizeof(utmp.ut_line));
|
|
|
|
login(&utmp);
|
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
logged_in = 1;
|
|
|
|
|
2000-11-16 16:15:13 +03:00
|
|
|
connections = 1;
|
|
|
|
if (dopidfile)
|
|
|
|
count_users();
|
2000-01-08 14:09:56 +03:00
|
|
|
if (curclass.limit != -1 && connections > curclass.limit) {
|
|
|
|
if (! EMPTYSTR(curclass.limitfile))
|
2000-07-17 06:30:52 +04:00
|
|
|
(void)display_file(conffilename(curclass.limitfile),
|
|
|
|
530);
|
2000-01-08 14:09:56 +03:00
|
|
|
reply(530,
|
2000-01-08 14:14:36 +03:00
|
|
|
"User %s access denied, connection limit of %d reached.",
|
2000-01-08 14:09:56 +03:00
|
|
|
pw->pw_name, curclass.limit);
|
|
|
|
syslog(LOG_NOTICE,
|
2000-07-17 06:30:52 +04:00
|
|
|
"Maximum connection limit of %d for class %s reached, login refused for %s",
|
|
|
|
curclass.limit, curclass.classname, pw->pw_name);
|
2000-01-08 14:09:56 +03:00
|
|
|
goto bad;
|
|
|
|
}
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
2000-07-17 06:30:52 +04:00
|
|
|
homedir[0] = '/';
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
switch (curclass.type) {
|
|
|
|
case CLASS_GUEST:
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/*
|
|
|
|
* We MUST do a chdir() after the chroot. Otherwise
|
|
|
|
* the old current directory will be accessible as "."
|
|
|
|
* outside the new root!
|
|
|
|
*/
|
2000-07-17 06:30:52 +04:00
|
|
|
format_path(root,
|
|
|
|
curclass.chroot ? curclass.chroot :
|
|
|
|
anondir ? anondir :
|
|
|
|
pw->pw_dir);
|
|
|
|
format_path(homedir,
|
|
|
|
curclass.homedir ? curclass.homedir :
|
|
|
|
"/");
|
|
|
|
if (EMPTYSTR(homedir))
|
|
|
|
homedir[0] = '/';
|
|
|
|
if (EMPTYSTR(root) || chroot(root) < 0) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"GUEST user %s: can't chroot to %s: %m",
|
|
|
|
pw->pw_name, root);
|
|
|
|
goto bad_guest;
|
|
|
|
}
|
|
|
|
if (chdir(homedir) < 0) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"GUEST user %s: can't chdir to %s: %m",
|
|
|
|
pw->pw_name, homedir);
|
|
|
|
bad_guest:
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(550, "Can't set guest privileges.");
|
|
|
|
goto bad;
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
break;
|
|
|
|
case CLASS_CHROOT:
|
2000-07-17 06:30:52 +04:00
|
|
|
format_path(root,
|
|
|
|
curclass.chroot ? curclass.chroot :
|
|
|
|
pw->pw_dir);
|
|
|
|
format_path(homedir,
|
|
|
|
curclass.homedir ? curclass.homedir :
|
|
|
|
"/");
|
|
|
|
if (EMPTYSTR(homedir))
|
|
|
|
homedir[0] = '/';
|
|
|
|
if (EMPTYSTR(root) || chroot(root) < 0) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"CHROOT user %s: can't chroot to %s: %m",
|
|
|
|
pw->pw_name, root);
|
|
|
|
goto bad_chroot;
|
|
|
|
}
|
|
|
|
if (chdir(homedir) < 0) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"CHROOT user %s: can't chdir to %s: %m",
|
|
|
|
pw->pw_name, homedir);
|
|
|
|
bad_chroot:
|
1994-04-07 00:49:52 +04:00
|
|
|
reply(550, "Can't change root.");
|
|
|
|
goto bad;
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
break;
|
|
|
|
case CLASS_REAL:
|
2000-12-18 05:32:50 +03:00
|
|
|
/* only chroot REAL if explictly requested */
|
|
|
|
if (! EMPTYSTR(curclass.chroot)) {
|
|
|
|
format_path(root, curclass.chroot);
|
|
|
|
if (EMPTYSTR(root) || chroot(root) < 0) {
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"REAL user %s: can't chroot to %s: %m",
|
|
|
|
pw->pw_name, root);
|
|
|
|
goto bad_chroot;
|
|
|
|
}
|
|
|
|
}
|
2000-07-17 06:30:52 +04:00
|
|
|
format_path(homedir,
|
|
|
|
curclass.homedir ? curclass.homedir :
|
|
|
|
pw->pw_dir);
|
|
|
|
if (EMPTYSTR(homedir) || chdir(homedir) < 0) {
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (chdir("/") < 0) {
|
2000-07-17 06:30:52 +04:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"REAL user %s: can't chdir to %s: %m",
|
|
|
|
pw->pw_name,
|
|
|
|
!EMPTYSTR(homedir) ? homedir : "/");
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
reply(530,
|
|
|
|
"User %s: can't change directory to %s.",
|
2000-07-17 06:30:52 +04:00
|
|
|
pw->pw_name,
|
|
|
|
!EMPTYSTR(homedir) ? homedir : "/");
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
goto bad;
|
2000-07-17 06:30:52 +04:00
|
|
|
} else {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-230,
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
"No directory! Logging in with home=/");
|
2000-07-17 06:30:52 +04:00
|
|
|
homedir[0] = '/';
|
|
|
|
}
|
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
break;
|
|
|
|
}
|
2000-09-28 21:49:06 +04:00
|
|
|
setlogin(pw->pw_name);
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (dropprivs ||
|
|
|
|
(curclass.type != CLASS_REAL &&
|
|
|
|
ntohs(ctrl_addr.su_port) > IPPORT_RESERVED + 1)) {
|
|
|
|
dropprivs++;
|
|
|
|
if (setgid((gid_t)pw->pw_gid) < 0) {
|
|
|
|
reply(550, "Can't set gid.");
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
if (setuid((uid_t)pw->pw_uid) < 0) {
|
|
|
|
reply(550, "Can't set uid.");
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (seteuid((uid_t)pw->pw_uid) < 0) {
|
|
|
|
reply(550, "Can't set uid.");
|
|
|
|
goto bad;
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
2000-07-17 06:30:52 +04:00
|
|
|
setenv("HOME", homedir, 1);
|
1997-12-28 07:28:17 +03:00
|
|
|
|
2000-01-13 03:04:31 +03:00
|
|
|
if (curclass.type == CLASS_GUEST && passwd[0] == '-')
|
|
|
|
quietmessages = 1;
|
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/*
|
|
|
|
* Display a login message, if it exists.
|
|
|
|
* N.B. reply(230,) must follow the message.
|
|
|
|
*/
|
2001-11-28 02:42:40 +03:00
|
|
|
if (! EMPTYSTR(curclass.motd))
|
|
|
|
(void)display_file(conffilename(curclass.motd), 230);
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
show_chdir_messages(230);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.type == CLASS_GUEST) {
|
2000-12-18 05:32:50 +03:00
|
|
|
char *p;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(230, "Guest login ok, access restrictions apply.");
|
2000-11-30 05:59:11 +03:00
|
|
|
#if HAVE_SETPROCTITLE
|
1994-06-29 05:49:37 +04:00
|
|
|
snprintf(proctitle, sizeof(proctitle),
|
2001-09-19 04:50:52 +04:00
|
|
|
"%s: anonymous/%s", remotehost, passwd);
|
2000-07-06 02:15:04 +04:00
|
|
|
setproctitle("%s", proctitle);
|
2000-11-30 05:59:11 +03:00
|
|
|
#endif /* HAVE_SETPROCTITLE */
|
1993-03-21 12:45:37 +03:00
|
|
|
if (logging)
|
1999-12-21 15:56:15 +03:00
|
|
|
syslog(LOG_INFO,
|
|
|
|
"ANONYMOUS FTP LOGIN FROM %s, %s (class: %s, type: %s)",
|
|
|
|
remotehost, passwd,
|
|
|
|
curclass.classname, CURCLASSTYPE);
|
2000-12-18 05:32:50 +03:00
|
|
|
/* store guest password reply into pw_passwd */
|
|
|
|
REASSIGN(pw->pw_passwd, xstrdup(passwd));
|
|
|
|
for (p = pw->pw_passwd; *p; p++)
|
|
|
|
if (!isgraph(*p))
|
|
|
|
*p = '_';
|
1993-03-21 12:45:37 +03:00
|
|
|
} else {
|
|
|
|
reply(230, "User %s logged in.", pw->pw_name);
|
2000-11-30 05:59:11 +03:00
|
|
|
#if HAVE_SETPROCTITLE
|
1994-06-29 05:49:37 +04:00
|
|
|
snprintf(proctitle, sizeof(proctitle),
|
|
|
|
"%s: %s", remotehost, pw->pw_name);
|
2000-07-06 02:15:04 +04:00
|
|
|
setproctitle("%s", proctitle);
|
2000-11-30 05:59:11 +03:00
|
|
|
#endif /* HAVE_SETPROCTITLE */
|
1993-03-21 12:45:37 +03:00
|
|
|
if (logging)
|
1999-12-21 15:56:15 +03:00
|
|
|
syslog(LOG_INFO,
|
|
|
|
"FTP LOGIN FROM %s as %s (class: %s, type: %s)",
|
|
|
|
remotehost, pw->pw_name,
|
|
|
|
curclass.classname, CURCLASSTYPE);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
(void) umask(curclass.umask);
|
2001-12-04 16:54:12 +03:00
|
|
|
return;
|
2000-11-16 16:15:13 +03:00
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
bad:
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* Forget all about it... */
|
1993-03-21 12:45:37 +03:00
|
|
|
end_login();
|
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
retrieve(char *argv[], const char *name)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
FILE *fin, *dout;
|
1993-03-21 12:45:37 +03:00
|
|
|
struct stat st;
|
2000-05-20 06:20:18 +04:00
|
|
|
int (*closefunc)(FILE *) = NULL;
|
1999-05-18 12:14:17 +04:00
|
|
|
int log, sendrv, closerv, stderrfd, isconversion, isdata, isls;
|
1999-05-17 19:14:53 +04:00
|
|
|
struct timeval start, finish, td, *tdp;
|
|
|
|
const char *dispname;
|
2002-02-11 14:45:07 +03:00
|
|
|
char *error;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1998-06-08 11:13:13 +04:00
|
|
|
sendrv = closerv = stderrfd = -1;
|
1999-05-18 12:14:17 +04:00
|
|
|
isconversion = isdata = isls = log = 0;
|
1999-05-17 19:14:53 +04:00
|
|
|
tdp = NULL;
|
|
|
|
dispname = name;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
fin = dout = NULL;
|
2002-02-11 14:45:07 +03:00
|
|
|
error = NULL;
|
2000-12-18 05:32:50 +03:00
|
|
|
if (argv == NULL) { /* if not running a command ... */
|
1999-05-17 19:14:53 +04:00
|
|
|
log = 1;
|
|
|
|
isdata = 1;
|
|
|
|
fin = fopen(name, "r");
|
|
|
|
closefunc = fclose;
|
2000-12-18 05:32:50 +03:00
|
|
|
if (fin == NULL) /* doesn't exist?; try a conversion */
|
1999-12-07 08:30:53 +03:00
|
|
|
argv = do_conversion(name);
|
|
|
|
if (argv != NULL) {
|
1998-06-08 11:13:13 +04:00
|
|
|
isconversion++;
|
2000-12-18 05:32:50 +03:00
|
|
|
syslog(LOG_DEBUG, "get command: '%s' on '%s'",
|
1999-12-07 08:30:53 +03:00
|
|
|
argv[0], name);
|
1998-06-08 11:13:13 +04:00
|
|
|
}
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
}
|
1999-12-07 08:30:53 +03:00
|
|
|
if (argv != NULL) {
|
2000-01-08 14:09:56 +03:00
|
|
|
char temp[MAXPATHLEN];
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-12-07 08:30:53 +03:00
|
|
|
if (strcmp(argv[0], INTERNAL_LS) == 0) {
|
1999-05-18 12:14:17 +04:00
|
|
|
isls = 1;
|
|
|
|
stderrfd = -1;
|
|
|
|
} else {
|
|
|
|
(void)snprintf(temp, sizeof(temp), "%s", TMPFILE);
|
|
|
|
stderrfd = mkstemp(temp);
|
|
|
|
if (stderrfd != -1)
|
|
|
|
(void)unlink(temp);
|
|
|
|
}
|
1999-12-07 08:30:53 +03:00
|
|
|
dispname = argv[0];
|
|
|
|
fin = ftpd_popen(argv, "r", stderrfd);
|
1999-05-17 19:14:53 +04:00
|
|
|
closefunc = ftpd_pclose;
|
1993-03-21 12:45:37 +03:00
|
|
|
st.st_size = -1;
|
|
|
|
st.st_blksize = BUFSIZ;
|
|
|
|
}
|
|
|
|
if (fin == NULL) {
|
1994-06-29 05:49:37 +04:00
|
|
|
if (errno != 0) {
|
1999-05-17 19:14:53 +04:00
|
|
|
perror_reply(550, dispname);
|
|
|
|
if (log)
|
2000-12-18 05:32:50 +03:00
|
|
|
logxfer("get", -1, name, NULL, NULL,
|
1999-05-17 19:14:53 +04:00
|
|
|
strerror(errno));
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1999-12-07 08:30:53 +03:00
|
|
|
goto cleanupretrieve;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
byte_count = -1;
|
1999-12-07 08:30:53 +03:00
|
|
|
if (argv == NULL
|
1998-06-08 11:13:13 +04:00
|
|
|
&& (fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode))) {
|
2002-02-11 14:45:07 +03:00
|
|
|
error = "Not a plain file";
|
|
|
|
reply(550, "%s: %s.", dispname, error);
|
1993-03-21 12:45:37 +03:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
if (restart_point) {
|
|
|
|
if (type == TYPE_A) {
|
1998-06-08 11:13:13 +04:00
|
|
|
off_t i;
|
1994-06-29 05:49:37 +04:00
|
|
|
int c;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1998-06-08 11:13:13 +04:00
|
|
|
for (i = 0; i < restart_point; i++) {
|
1993-03-21 12:45:37 +03:00
|
|
|
if ((c=getc(fin)) == EOF) {
|
2002-02-11 14:45:07 +03:00
|
|
|
error = strerror(errno);
|
1999-05-17 19:14:53 +04:00
|
|
|
perror_reply(550, dispname);
|
1993-03-21 12:45:37 +03:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
if (c == '\n')
|
|
|
|
i++;
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1997-08-25 23:31:43 +04:00
|
|
|
} else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
|
2002-02-11 14:45:07 +03:00
|
|
|
error = strerror(errno);
|
1999-05-17 19:14:53 +04:00
|
|
|
perror_reply(550, dispname);
|
1993-03-21 12:45:37 +03:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
dout = dataconn(dispname, st.st_size, "w");
|
1993-03-21 12:45:37 +03:00
|
|
|
if (dout == NULL)
|
|
|
|
goto done;
|
1999-05-17 19:14:53 +04:00
|
|
|
|
|
|
|
(void)gettimeofday(&start, NULL);
|
|
|
|
sendrv = send_data(fin, dout, st.st_blksize, isdata);
|
|
|
|
(void)gettimeofday(&finish, NULL);
|
2002-02-01 07:35:30 +03:00
|
|
|
closedataconn(dout); /* close now to affect timing stats */
|
1999-05-17 19:14:53 +04:00
|
|
|
timersub(&finish, &start, &td);
|
|
|
|
tdp = &td;
|
2000-05-21 03:34:55 +04:00
|
|
|
done:
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
if (log)
|
2002-02-11 14:45:07 +03:00
|
|
|
logxfer("get", byte_count, name, NULL, tdp, error);
|
1998-06-08 11:13:13 +04:00
|
|
|
closerv = (*closefunc)(fin);
|
|
|
|
if (sendrv == 0) {
|
2001-12-01 13:25:29 +03:00
|
|
|
FILE *errf;
|
1998-06-08 11:13:13 +04:00
|
|
|
struct stat sb;
|
|
|
|
|
1999-12-07 08:30:53 +03:00
|
|
|
if (!isls && argv != NULL && closerv != 0) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-226,
|
1998-06-08 11:13:13 +04:00
|
|
|
"Command returned an exit status of %d",
|
|
|
|
closerv);
|
|
|
|
if (isconversion)
|
2001-01-10 03:20:49 +03:00
|
|
|
syslog(LOG_WARNING,
|
1999-12-07 08:30:53 +03:00
|
|
|
"retrieve command: '%s' returned %d",
|
|
|
|
argv[0], closerv);
|
1998-06-08 11:13:13 +04:00
|
|
|
}
|
1999-12-07 08:30:53 +03:00
|
|
|
if (!isls && argv != NULL && stderrfd != -1 &&
|
1998-06-08 11:13:13 +04:00
|
|
|
(fstat(stderrfd, &sb) == 0) && sb.st_size > 0 &&
|
2001-12-01 13:25:29 +03:00
|
|
|
((errf = fdopen(stderrfd, "r")) != NULL)) {
|
1998-06-08 11:13:13 +04:00
|
|
|
char *cp, line[LINE_MAX];
|
|
|
|
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-226, "Command error messages:");
|
2001-12-01 13:25:29 +03:00
|
|
|
rewind(errf);
|
|
|
|
while (fgets(line, sizeof(line), errf) != NULL) {
|
1998-06-08 11:13:13 +04:00
|
|
|
if ((cp = strchr(line, '\n')) != NULL)
|
|
|
|
*cp = '\0';
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, " %s", line);
|
1998-06-08 11:13:13 +04:00
|
|
|
}
|
|
|
|
(void) fflush(stdout);
|
2001-12-01 13:25:29 +03:00
|
|
|
(void) fclose(errf);
|
1998-06-08 11:13:13 +04:00
|
|
|
/* a reply(226,) must follow */
|
|
|
|
}
|
|
|
|
reply(226, "Transfer complete.");
|
|
|
|
}
|
1999-12-07 08:30:53 +03:00
|
|
|
cleanupretrieve:
|
1998-06-08 11:13:13 +04:00
|
|
|
if (stderrfd != -1)
|
|
|
|
(void)close(stderrfd);
|
1999-12-07 08:30:53 +03:00
|
|
|
if (isconversion)
|
|
|
|
free(argv);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2001-12-01 13:25:29 +03:00
|
|
|
store(const char *name, const char *fmode, int unique)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
FILE *fout, *din;
|
|
|
|
struct stat st;
|
2000-05-20 06:20:18 +04:00
|
|
|
int (*closefunc)(FILE *);
|
1999-05-17 19:14:53 +04:00
|
|
|
struct timeval start, finish, td, *tdp;
|
2002-02-11 14:45:07 +03:00
|
|
|
char *desc, *error;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
din = NULL;
|
2001-12-01 13:25:29 +03:00
|
|
|
desc = (*fmode == 'w') ? "put" : "append";
|
2002-02-11 14:45:07 +03:00
|
|
|
error = NULL;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (unique && stat(name, &st) == 0 &&
|
1994-06-29 05:49:37 +04:00
|
|
|
(name = gunique(name)) == NULL) {
|
2000-12-18 05:32:50 +03:00
|
|
|
logxfer(desc, -1, name, NULL, NULL,
|
|
|
|
"cannot create unique file");
|
2000-05-21 03:34:55 +04:00
|
|
|
goto cleanupstore;
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
if (restart_point)
|
2001-12-01 13:25:29 +03:00
|
|
|
fmode = "r+";
|
|
|
|
fout = fopen(name, fmode);
|
1993-03-21 12:45:37 +03:00
|
|
|
closefunc = fclose;
|
1999-05-17 19:14:53 +04:00
|
|
|
tdp = NULL;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (fout == NULL) {
|
|
|
|
perror_reply(553, name);
|
2000-12-18 05:32:50 +03:00
|
|
|
logxfer(desc, -1, name, NULL, NULL, strerror(errno));
|
2000-05-21 03:34:55 +04:00
|
|
|
goto cleanupstore;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
byte_count = -1;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (restart_point) {
|
|
|
|
if (type == TYPE_A) {
|
1998-06-08 11:13:13 +04:00
|
|
|
off_t i;
|
1994-06-29 05:49:37 +04:00
|
|
|
int c;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1998-06-08 11:13:13 +04:00
|
|
|
for (i = 0; i < restart_point; i++) {
|
1993-03-21 12:45:37 +03:00
|
|
|
if ((c=getc(fout)) == EOF) {
|
2002-02-11 14:45:07 +03:00
|
|
|
error = strerror(errno);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(550, name);
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
if (c == '\n')
|
|
|
|
i++;
|
1994-06-29 05:49:37 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* We must do this seek to "current" position
|
|
|
|
* because we are changing from reading to
|
|
|
|
* writing.
|
|
|
|
*/
|
1997-04-27 07:21:38 +04:00
|
|
|
if (fseek(fout, 0L, SEEK_CUR) < 0) {
|
2002-02-11 14:45:07 +03:00
|
|
|
error = strerror(errno);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(550, name);
|
|
|
|
goto done;
|
|
|
|
}
|
1997-08-25 23:31:43 +04:00
|
|
|
} else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
|
2002-02-11 14:45:07 +03:00
|
|
|
error = strerror(errno);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(550, name);
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
din = dataconn(name, (off_t)-1, "r");
|
|
|
|
if (din == NULL)
|
|
|
|
goto done;
|
1999-05-17 19:14:53 +04:00
|
|
|
(void)gettimeofday(&start, NULL);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (receive_data(din, fout) == 0) {
|
|
|
|
if (unique)
|
|
|
|
reply(226, "Transfer complete (unique file name:%s).",
|
|
|
|
name);
|
|
|
|
else
|
|
|
|
reply(226, "Transfer complete.");
|
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
(void)gettimeofday(&finish, NULL);
|
2002-02-01 07:35:30 +03:00
|
|
|
closedataconn(din); /* close now to affect timing stats */
|
1999-05-17 19:14:53 +04:00
|
|
|
timersub(&finish, &start, &td);
|
|
|
|
tdp = &td;
|
2000-05-21 03:34:55 +04:00
|
|
|
done:
|
2002-02-11 14:45:07 +03:00
|
|
|
logxfer(desc, byte_count, name, NULL, tdp, error);
|
1993-03-21 12:45:37 +03:00
|
|
|
(*closefunc)(fout);
|
2000-05-21 03:34:55 +04:00
|
|
|
cleanupstore:
|
2002-02-01 07:35:30 +03:00
|
|
|
;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
static FILE *
|
2001-12-01 13:25:29 +03:00
|
|
|
getdatasock(const char *fmode)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
int on, s, t, tries;
|
|
|
|
in_port_t port;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
on = 1;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (data >= 0)
|
2001-12-01 13:25:29 +03:00
|
|
|
return (fdopen(data, fmode));
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (! dropprivs)
|
|
|
|
(void) seteuid((uid_t)0);
|
1999-07-02 09:52:14 +04:00
|
|
|
s = socket(ctrl_addr.su_family, SOCK_STREAM, 0);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (s < 0)
|
|
|
|
goto bad;
|
|
|
|
if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
|
1994-06-29 05:49:37 +04:00
|
|
|
(char *) &on, sizeof(on)) < 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
goto bad;
|
1999-06-05 17:49:53 +04:00
|
|
|
if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
|
|
|
|
(char *) &on, sizeof(on)) < 0)
|
|
|
|
goto bad;
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* anchor socket to avoid multi-homing problems */
|
1999-07-02 09:52:14 +04:00
|
|
|
data_source = ctrl_addr;
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/*
|
|
|
|
* By default source port for PORT connctions is
|
|
|
|
* ctrlport-1 (see RFC959 section 5.2).
|
|
|
|
* However, if privs have been dropped and that
|
|
|
|
* would be < IPPORT_RESERVED, use a random port
|
|
|
|
* instead.
|
|
|
|
*/
|
2000-11-16 16:15:13 +03:00
|
|
|
if (dataport)
|
|
|
|
port = dataport;
|
|
|
|
else
|
|
|
|
port = ntohs(ctrl_addr.su_port) - 1;
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (dropprivs && port < IPPORT_RESERVED)
|
|
|
|
port = 0; /* use random port */
|
|
|
|
data_source.su_port = htons(port);
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
for (tries = 1; ; tries++) {
|
2000-11-15 05:32:30 +03:00
|
|
|
if (bind(s, (struct sockaddr *)&data_source.si_su,
|
1999-07-02 09:52:14 +04:00
|
|
|
data_source.su_len) >= 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
if (errno != EADDRINUSE || tries > 10)
|
|
|
|
goto bad;
|
|
|
|
sleep(tries);
|
|
|
|
}
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (! dropprivs)
|
|
|
|
(void) seteuid((uid_t)pw->pw_uid);
|
1993-03-21 12:45:37 +03:00
|
|
|
#ifdef IP_TOS
|
1999-12-13 19:30:37 +03:00
|
|
|
if (!mapped && ctrl_addr.su_family == AF_INET) {
|
1999-07-02 09:52:14 +04:00
|
|
|
on = IPTOS_THROUGHPUT;
|
|
|
|
if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&on,
|
|
|
|
sizeof(int)) < 0)
|
|
|
|
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif
|
2001-12-01 13:25:29 +03:00
|
|
|
return (fdopen(s, fmode));
|
2000-05-21 03:34:55 +04:00
|
|
|
bad:
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
/* Return the real value of errno (close may change it) */
|
1994-06-29 05:49:37 +04:00
|
|
|
t = errno;
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
if (! dropprivs)
|
|
|
|
(void) seteuid((uid_t)pw->pw_uid);
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) close(s);
|
1994-06-29 05:49:37 +04:00
|
|
|
errno = t;
|
1993-03-21 12:45:37 +03:00
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
2000-06-14 17:44:21 +04:00
|
|
|
FILE *
|
2001-12-01 13:25:29 +03:00
|
|
|
dataconn(const char *name, off_t size, const char *fmode)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
char sizebuf[32];
|
|
|
|
FILE *file;
|
1999-06-05 17:49:53 +04:00
|
|
|
int retry = 0, tos, keepalive;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
file_size = size;
|
|
|
|
byte_count = 0;
|
|
|
|
if (size != (off_t) -1)
|
2000-11-15 05:32:30 +03:00
|
|
|
(void)snprintf(sizebuf, sizeof(sizebuf), " (" LLF " byte%s)",
|
|
|
|
(LLT)size, PLURAL(size));
|
1993-03-21 12:45:37 +03:00
|
|
|
else
|
1997-07-21 09:13:10 +04:00
|
|
|
sizebuf[0] = '\0';
|
1993-03-21 12:45:37 +03:00
|
|
|
if (pdata >= 0) {
|
2000-11-15 05:32:30 +03:00
|
|
|
struct sockinet from;
|
|
|
|
int s, fromlen = sizeof(from.su_len);
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1997-11-29 02:32:30 +03:00
|
|
|
(void) alarm(curclass.timeout);
|
2000-11-15 05:32:30 +03:00
|
|
|
s = accept(pdata, (struct sockaddr *)&from.si_su, &fromlen);
|
1997-11-29 02:32:30 +03:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (s < 0) {
|
|
|
|
reply(425, "Can't open data connection.");
|
|
|
|
(void) close(pdata);
|
|
|
|
pdata = -1;
|
1994-06-29 05:49:37 +04:00
|
|
|
return (NULL);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
(void) close(pdata);
|
|
|
|
pdata = s;
|
1999-07-02 09:52:14 +04:00
|
|
|
switch (from.su_family) {
|
|
|
|
case AF_INET:
|
1993-03-21 12:45:37 +03:00
|
|
|
#ifdef IP_TOS
|
1999-12-13 19:30:37 +03:00
|
|
|
if (!mapped) {
|
|
|
|
tos = IPTOS_THROUGHPUT;
|
|
|
|
(void) setsockopt(s, IPPROTO_IP, IP_TOS,
|
|
|
|
(char *)&tos, sizeof(int));
|
|
|
|
}
|
1999-07-02 09:52:14 +04:00
|
|
|
break;
|
1999-06-05 17:49:53 +04:00
|
|
|
#endif
|
1999-07-02 09:52:14 +04:00
|
|
|
}
|
1999-06-05 17:49:53 +04:00
|
|
|
/* Set keepalives on the socket to detect dropped conns. */
|
|
|
|
#ifdef SO_KEEPALIVE
|
|
|
|
keepalive = 1;
|
|
|
|
(void) setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
|
|
|
|
(char *)&keepalive, sizeof(int));
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif
|
1994-06-29 05:49:37 +04:00
|
|
|
reply(150, "Opening %s mode data connection for '%s'%s.",
|
1993-03-21 12:45:37 +03:00
|
|
|
type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
|
2001-12-01 13:25:29 +03:00
|
|
|
return (fdopen(pdata, fmode));
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
if (data >= 0) {
|
1994-06-29 05:49:37 +04:00
|
|
|
reply(125, "Using existing data connection for '%s'%s.",
|
1993-03-21 12:45:37 +03:00
|
|
|
name, sizebuf);
|
|
|
|
usedefault = 1;
|
2001-12-01 13:25:29 +03:00
|
|
|
return (fdopen(data, fmode));
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
if (usedefault)
|
|
|
|
data_dest = his_addr;
|
|
|
|
usedefault = 1;
|
2001-12-01 13:25:29 +03:00
|
|
|
file = getdatasock(fmode);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (file == NULL) {
|
2000-11-15 07:07:07 +03:00
|
|
|
char hbuf[NI_MAXHOST];
|
2000-11-24 15:56:45 +03:00
|
|
|
char pbuf[NI_MAXSERV];
|
2000-11-15 05:32:30 +03:00
|
|
|
|
2000-11-24 15:56:45 +03:00
|
|
|
if (getnameinfo((struct sockaddr *)&data_source.si_su,
|
2000-11-15 05:32:30 +03:00
|
|
|
data_source.su_len, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf),
|
2000-11-24 15:56:45 +03:00
|
|
|
NI_NUMERICHOST | NI_NUMERICSERV))
|
|
|
|
strlcpy(hbuf, "?", sizeof(hbuf));
|
1999-07-02 09:52:14 +04:00
|
|
|
reply(425, "Can't create data socket (%s,%s): %s.",
|
|
|
|
hbuf, pbuf, strerror(errno));
|
1993-03-21 12:45:37 +03:00
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
data = fileno(file);
|
2000-11-15 05:32:30 +03:00
|
|
|
while (connect(data, (struct sockaddr *)&data_dest.si_su,
|
1999-07-02 09:52:14 +04:00
|
|
|
data_dest.su_len) < 0) {
|
1993-03-21 12:45:37 +03:00
|
|
|
if (errno == EADDRINUSE && retry < swaitmax) {
|
|
|
|
sleep((unsigned) swaitint);
|
|
|
|
retry += swaitint;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
perror_reply(425, "Can't build data connection");
|
|
|
|
(void) fclose(file);
|
|
|
|
data = -1;
|
|
|
|
return (NULL);
|
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
reply(150, "Opening %s mode data connection for '%s'%s.",
|
1993-03-21 12:45:37 +03:00
|
|
|
type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
|
|
|
|
return (file);
|
|
|
|
}
|
|
|
|
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
void
|
|
|
|
closedataconn(FILE *fd)
|
|
|
|
{
|
|
|
|
|
2002-01-21 14:25:20 +03:00
|
|
|
if (fd == NULL)
|
|
|
|
return;
|
|
|
|
(void)fclose(fd);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
data = -1;
|
|
|
|
if (pdata >= 0)
|
|
|
|
(void)close(pdata);
|
|
|
|
pdata = -1;
|
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
1994-06-29 05:49:37 +04:00
|
|
|
* Tranfer the contents of "instr" to "outstr" peer using the appropriate
|
|
|
|
* encapsulation of the data subject * to Mode, Structure, and Type.
|
1993-03-21 12:45:37 +03:00
|
|
|
*
|
|
|
|
* NB: Form isn't handled.
|
|
|
|
*/
|
1998-06-08 11:13:13 +04:00
|
|
|
static int
|
2000-05-20 06:20:18 +04:00
|
|
|
send_data(FILE *instr, FILE *outstr, off_t blksize, int isdata)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
int c, filefd, netfd, rval;
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
char *buf;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-05-17 19:14:53 +04:00
|
|
|
transflag = 1;
|
|
|
|
rval = -1;
|
|
|
|
buf = NULL;
|
|
|
|
if (setjmp(urgcatch))
|
|
|
|
goto cleanup_send_data;
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
switch (type) {
|
|
|
|
|
|
|
|
case TYPE_A:
|
2000-11-15 05:32:30 +03:00
|
|
|
/* XXXLUKEM: rate limit ascii send (get) */
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(curclass.timeout);
|
1993-03-21 12:45:37 +03:00
|
|
|
while ((c = getc(instr)) != EOF) {
|
|
|
|
byte_count++;
|
|
|
|
if (c == '\n') {
|
|
|
|
if (ferror(outstr))
|
|
|
|
goto data_err;
|
|
|
|
(void) putc('\r', outstr);
|
1999-05-18 12:14:17 +04:00
|
|
|
if (isdata) {
|
|
|
|
total_data_out++;
|
|
|
|
total_data++;
|
|
|
|
}
|
|
|
|
total_bytes_out++;
|
|
|
|
total_bytes++;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
(void) putc(c, outstr);
|
1999-05-18 12:14:17 +04:00
|
|
|
if (isdata) {
|
|
|
|
total_data_out++;
|
|
|
|
total_data++;
|
|
|
|
}
|
|
|
|
total_bytes_out++;
|
|
|
|
total_bytes++;
|
1999-05-17 19:14:53 +04:00
|
|
|
if ((byte_count % 4096) == 0)
|
|
|
|
(void) alarm(curclass.timeout);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
fflush(outstr);
|
|
|
|
if (ferror(instr))
|
|
|
|
goto file_err;
|
|
|
|
if (ferror(outstr))
|
|
|
|
goto data_err;
|
1999-05-17 19:14:53 +04:00
|
|
|
rval = 0;
|
|
|
|
goto cleanup_send_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
case TYPE_I:
|
|
|
|
case TYPE_L:
|
1999-05-17 19:14:53 +04:00
|
|
|
if ((buf = malloc((size_t)blksize)) == NULL) {
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(451, "Local resource failure: malloc");
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_send_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
filefd = fileno(instr);
|
1999-05-18 12:14:17 +04:00
|
|
|
netfd = fileno(outstr);
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(curclass.timeout);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.rateget) {
|
|
|
|
while (1) {
|
|
|
|
int d;
|
|
|
|
struct timeval then, now, td;
|
|
|
|
off_t bufrem;
|
|
|
|
char *bufp;
|
|
|
|
|
|
|
|
(void)gettimeofday(&then, NULL);
|
|
|
|
errno = c = d = 0;
|
|
|
|
bufrem = curclass.rateget;
|
|
|
|
while (bufrem > 0) {
|
|
|
|
if ((c = read(filefd, buf,
|
|
|
|
MIN(blksize, bufrem))) <= 0)
|
|
|
|
goto senddone;
|
|
|
|
(void) alarm(curclass.timeout);
|
|
|
|
bufrem -= c;
|
|
|
|
byte_count += c;
|
|
|
|
if (isdata) {
|
|
|
|
total_data_out += c;
|
|
|
|
total_data += c;
|
|
|
|
}
|
|
|
|
total_bytes_out += c;
|
|
|
|
total_bytes += c;
|
|
|
|
for (bufp = buf; c > 0;
|
|
|
|
c -= d, bufp += d)
|
|
|
|
if ((d =
|
|
|
|
write(netfd, bufp, c)) <= 0)
|
|
|
|
break;
|
|
|
|
if (d < 0)
|
|
|
|
goto data_err;
|
|
|
|
}
|
|
|
|
(void)gettimeofday(&now, NULL);
|
|
|
|
timersub(&now, &then, &td);
|
2000-06-20 11:39:46 +04:00
|
|
|
if (td.tv_sec == 0)
|
|
|
|
usleep(1000000 - td.tv_usec);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
while ((c = read(filefd, buf, (size_t)blksize)) > 0) {
|
|
|
|
if (write(netfd, buf, c) != c)
|
|
|
|
goto data_err;
|
|
|
|
(void) alarm(curclass.timeout);
|
|
|
|
byte_count += c;
|
|
|
|
if (isdata) {
|
|
|
|
total_data_out += c;
|
|
|
|
total_data += c;
|
|
|
|
}
|
|
|
|
total_bytes_out += c;
|
|
|
|
total_bytes += c;
|
1999-05-17 19:14:53 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
senddone:
|
|
|
|
if (c < 0)
|
1999-05-17 19:14:53 +04:00
|
|
|
goto file_err;
|
|
|
|
rval = 0;
|
|
|
|
goto cleanup_send_data;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
default:
|
|
|
|
reply(550, "Unimplemented TYPE %d in send_data", type);
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_send_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
data_err:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(426, "Data connection");
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_send_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
file_err:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(551, "Error on input file");
|
1999-05-17 19:14:53 +04:00
|
|
|
/* FALLTHROUGH */
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
cleanup_send_data:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
|
|
|
transflag = 0;
|
|
|
|
if (buf)
|
|
|
|
free(buf);
|
|
|
|
if (isdata) {
|
|
|
|
total_files_out++;
|
|
|
|
total_files++;
|
|
|
|
}
|
|
|
|
total_xfers_out++;
|
|
|
|
total_xfers++;
|
|
|
|
return (rval);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
1994-06-29 05:49:37 +04:00
|
|
|
* Transfer data from peer to "outstr" using the appropriate encapulation of
|
|
|
|
* the data subject to Mode, Structure, and Type.
|
1993-03-21 12:45:37 +03:00
|
|
|
*
|
|
|
|
* N.B.: Form isn't handled.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
static int
|
2000-05-20 06:20:18 +04:00
|
|
|
receive_data(FILE *instr, FILE *outstr)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
int c, bare_lfs, netfd, filefd, rval;
|
2000-11-16 16:15:13 +03:00
|
|
|
off_t byteswritten;
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
char buf[BUFSIZ];
|
1997-06-18 23:05:46 +04:00
|
|
|
#ifdef __GNUC__
|
|
|
|
(void) &bare_lfs;
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
bare_lfs = 0;
|
1999-05-17 19:14:53 +04:00
|
|
|
transflag = 1;
|
|
|
|
rval = -1;
|
2000-11-16 16:15:13 +03:00
|
|
|
byteswritten = 0;
|
1999-05-17 19:14:53 +04:00
|
|
|
if (setjmp(urgcatch))
|
|
|
|
goto cleanup_recv_data;
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
2000-11-16 16:15:13 +03:00
|
|
|
#define FILESIZECHECK(x) \
|
|
|
|
do { \
|
|
|
|
if (curclass.maxfilesize != -1 && \
|
|
|
|
(x) > curclass.maxfilesize) { \
|
|
|
|
errno = EFBIG; \
|
|
|
|
goto file_err; \
|
|
|
|
} \
|
|
|
|
} while (0)
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
switch (type) {
|
|
|
|
|
|
|
|
case TYPE_I:
|
|
|
|
case TYPE_L:
|
1999-05-17 19:14:53 +04:00
|
|
|
netfd = fileno(instr);
|
|
|
|
filefd = fileno(outstr);
|
|
|
|
(void) alarm(curclass.timeout);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.rateput) {
|
|
|
|
while (1) {
|
|
|
|
int d;
|
|
|
|
struct timeval then, now, td;
|
|
|
|
off_t bufrem;
|
|
|
|
|
|
|
|
(void)gettimeofday(&then, NULL);
|
|
|
|
errno = c = d = 0;
|
|
|
|
for (bufrem = curclass.rateput; bufrem > 0; ) {
|
|
|
|
if ((c = read(netfd, buf,
|
|
|
|
MIN(sizeof(buf), bufrem))) <= 0)
|
|
|
|
goto recvdone;
|
2000-11-16 16:15:13 +03:00
|
|
|
FILESIZECHECK(byte_count + c);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if ((d = write(filefd, buf, c)) != c)
|
2000-11-16 16:15:13 +03:00
|
|
|
goto file_err;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
(void) alarm(curclass.timeout);
|
|
|
|
bufrem -= c;
|
|
|
|
byte_count += c;
|
|
|
|
total_data_in += c;
|
|
|
|
total_data += c;
|
|
|
|
total_bytes_in += c;
|
|
|
|
total_bytes += c;
|
|
|
|
}
|
|
|
|
(void)gettimeofday(&now, NULL);
|
|
|
|
timersub(&now, &then, &td);
|
2000-06-20 11:39:46 +04:00
|
|
|
if (td.tv_sec == 0)
|
|
|
|
usleep(1000000 - td.tv_usec);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
while ((c = read(netfd, buf, sizeof(buf))) > 0) {
|
2000-11-16 16:15:13 +03:00
|
|
|
FILESIZECHECK(byte_count + c);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (write(filefd, buf, c) != c)
|
|
|
|
goto file_err;
|
|
|
|
(void) alarm(curclass.timeout);
|
|
|
|
byte_count += c;
|
|
|
|
total_data_in += c;
|
|
|
|
total_data += c;
|
|
|
|
total_bytes_in += c;
|
|
|
|
total_bytes += c;
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
recvdone:
|
|
|
|
if (c < 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
goto data_err;
|
1999-05-17 19:14:53 +04:00
|
|
|
rval = 0;
|
|
|
|
goto cleanup_recv_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
case TYPE_E:
|
|
|
|
reply(553, "TYPE E not implemented.");
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_recv_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
case TYPE_A:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(curclass.timeout);
|
2000-11-15 05:32:30 +03:00
|
|
|
/* XXXLUKEM: rate limit ascii receive (put) */
|
1993-03-21 12:45:37 +03:00
|
|
|
while ((c = getc(instr)) != EOF) {
|
|
|
|
byte_count++;
|
1999-05-17 19:14:53 +04:00
|
|
|
total_data_in++;
|
|
|
|
total_data++;
|
|
|
|
total_bytes_in++;
|
|
|
|
total_bytes++;
|
|
|
|
if ((byte_count % 4096) == 0)
|
|
|
|
(void) alarm(curclass.timeout);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (c == '\n')
|
|
|
|
bare_lfs++;
|
|
|
|
while (c == '\r') {
|
|
|
|
if (ferror(outstr))
|
|
|
|
goto data_err;
|
|
|
|
if ((c = getc(instr)) != '\n') {
|
1999-05-17 19:14:53 +04:00
|
|
|
byte_count++;
|
|
|
|
total_data_in++;
|
|
|
|
total_data++;
|
|
|
|
total_bytes_in++;
|
|
|
|
total_bytes++;
|
|
|
|
if ((byte_count % 4096) == 0)
|
|
|
|
(void) alarm(curclass.timeout);
|
2000-11-16 16:15:13 +03:00
|
|
|
byteswritten++;
|
|
|
|
FILESIZECHECK(byteswritten);
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) putc ('\r', outstr);
|
|
|
|
if (c == '\0' || c == EOF)
|
|
|
|
goto contin2;
|
|
|
|
}
|
|
|
|
}
|
2000-11-16 16:15:13 +03:00
|
|
|
byteswritten++;
|
|
|
|
FILESIZECHECK(byteswritten);
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) putc(c, outstr);
|
2000-11-16 16:15:13 +03:00
|
|
|
contin2: ;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
fflush(outstr);
|
|
|
|
if (ferror(instr))
|
|
|
|
goto data_err;
|
|
|
|
if (ferror(outstr))
|
|
|
|
goto file_err;
|
|
|
|
if (bare_lfs) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-226,
|
1999-05-17 19:14:53 +04:00
|
|
|
"WARNING! %d bare linefeeds received in ASCII mode",
|
1994-06-29 05:49:37 +04:00
|
|
|
bare_lfs);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "File may not have transferred correctly.");
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
rval = 0;
|
|
|
|
goto cleanup_recv_data;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
default:
|
|
|
|
reply(550, "Unimplemented TYPE %d in receive_data", type);
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_recv_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
2001-01-16 05:50:27 +03:00
|
|
|
#undef FILESIZECHECK
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
data_err:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(426, "Data Connection");
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_recv_data;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
file_err:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(452, "Error writing file");
|
1999-05-17 19:14:53 +04:00
|
|
|
goto cleanup_recv_data;
|
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
cleanup_recv_data:
|
1999-05-17 19:14:53 +04:00
|
|
|
(void) alarm(0);
|
|
|
|
transflag = 0;
|
|
|
|
total_files_in++;
|
|
|
|
total_files++;
|
|
|
|
total_xfers_in++;
|
|
|
|
total_xfers++;
|
|
|
|
return (rval);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
statcmd(void)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
2000-11-15 05:32:30 +03:00
|
|
|
struct sockinet *su = NULL;
|
2000-11-24 15:56:45 +03:00
|
|
|
static char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
|
1999-07-02 09:52:14 +04:00
|
|
|
u_char *a, *p;
|
2000-05-21 03:34:55 +04:00
|
|
|
int ispassive, af;
|
2000-06-14 17:44:21 +04:00
|
|
|
off_t otbi, otbo, otb;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-07-02 09:52:14 +04:00
|
|
|
a = p = (u_char *)NULL;
|
|
|
|
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(-211, "%s FTP server status:", hostname);
|
* make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 18:40:48 +04:00
|
|
|
reply(0, "Version: %s", EMPTYSTR(version) ? "<suppressed>" : version);
|
2000-11-24 15:56:45 +03:00
|
|
|
hbuf[0] = '\0';
|
2000-11-15 05:32:30 +03:00
|
|
|
if (!getnameinfo((struct sockaddr *)&his_addr.si_su, his_addr.su_len,
|
2000-11-24 15:56:45 +03:00
|
|
|
hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST)
|
|
|
|
&& strcmp(remotehost, hbuf) != 0)
|
|
|
|
reply(0, "Connected to %s (%s)", remotehost, hbuf);
|
2000-09-15 18:55:16 +04:00
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Connected to %s", remotehost);
|
2000-09-15 18:55:16 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if (logged_in) {
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.type == CLASS_GUEST)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Logged in anonymously");
|
1993-03-21 12:45:37 +03:00
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Logged in as %s%s", pw->pw_name,
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
curclass.type == CLASS_CHROOT ? " (chroot)" : "");
|
1993-03-21 12:45:37 +03:00
|
|
|
} else if (askpasswd)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Waiting for password");
|
1993-03-21 12:45:37 +03:00
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Waiting for user name");
|
|
|
|
cprintf(stdout, " TYPE: %s", typenames[type]);
|
2000-06-14 17:44:21 +04:00
|
|
|
if (type == TYPE_A || type == TYPE_E)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, ", FORM: %s", formnames[form]);
|
1999-05-17 19:14:53 +04:00
|
|
|
if (type == TYPE_L) {
|
1993-03-21 12:45:37 +03:00
|
|
|
#if NBBY == 8
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, " %d", NBBY);
|
1993-03-21 12:45:37 +03:00
|
|
|
#else
|
1999-05-17 19:14:53 +04:00
|
|
|
/* XXX: `bytesize' needs to be defined in this case */
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, " %d", bytesize);
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif
|
1999-05-17 19:14:53 +04:00
|
|
|
}
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, "; STRUcture: %s; transfer MODE: %s\r\n",
|
1993-03-21 12:45:37 +03:00
|
|
|
strunames[stru], modenames[mode]);
|
1999-07-02 09:52:14 +04:00
|
|
|
ispassive = 0;
|
|
|
|
if (data != -1) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Data connection open");
|
1999-07-02 09:52:14 +04:00
|
|
|
su = NULL;
|
|
|
|
} else if (pdata != -1) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "in Passive mode");
|
2000-12-18 05:32:50 +03:00
|
|
|
if (curclass.advertise.su_len != 0)
|
|
|
|
su = &curclass.advertise;
|
|
|
|
else
|
|
|
|
su = &pasv_addr;
|
1999-07-02 09:52:14 +04:00
|
|
|
ispassive = 1;
|
1993-03-21 12:45:37 +03:00
|
|
|
goto printaddr;
|
|
|
|
} else if (usedefault == 0) {
|
1999-07-02 09:52:14 +04:00
|
|
|
if (epsvall) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "EPSV only mode (EPSV ALL)");
|
1999-07-02 09:52:14 +04:00
|
|
|
goto epsvonly;
|
|
|
|
}
|
2000-11-15 05:32:30 +03:00
|
|
|
su = (struct sockinet *)&data_dest;
|
2000-05-21 03:34:55 +04:00
|
|
|
printaddr:
|
2000-06-14 17:44:21 +04:00
|
|
|
/* PASV/PORT */
|
1999-07-02 09:52:14 +04:00
|
|
|
if (su->su_family == AF_INET) {
|
2000-11-15 05:32:30 +03:00
|
|
|
a = (u_char *) &su->su_addr;
|
|
|
|
p = (u_char *) &su->su_port;
|
1993-03-21 12:45:37 +03:00
|
|
|
#define UC(b) (((int) b) & 0xff)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "%s (%d,%d,%d,%d,%d,%d)",
|
2000-06-14 17:44:21 +04:00
|
|
|
ispassive ? "PASV" : "PORT" ,
|
1999-07-02 09:52:14 +04:00
|
|
|
UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
|
|
|
|
UC(p[0]), UC(p[1]));
|
|
|
|
}
|
|
|
|
|
2000-06-14 17:44:21 +04:00
|
|
|
/* LPSV/LPRT */
|
1999-07-02 09:52:14 +04:00
|
|
|
{
|
2001-12-01 13:25:29 +03:00
|
|
|
int alen, i;
|
1999-07-02 09:52:14 +04:00
|
|
|
|
|
|
|
alen = 0;
|
|
|
|
switch (su->su_family) {
|
|
|
|
case AF_INET:
|
2000-11-15 05:32:30 +03:00
|
|
|
a = (u_char *) &su->su_addr;
|
|
|
|
p = (u_char *) &su->su_port;
|
|
|
|
alen = sizeof(su->su_addr);
|
1999-07-02 09:52:14 +04:00
|
|
|
af = 4;
|
|
|
|
break;
|
2000-09-15 18:55:16 +04:00
|
|
|
#ifdef INET6
|
1999-07-02 09:52:14 +04:00
|
|
|
case AF_INET6:
|
2000-11-15 05:32:30 +03:00
|
|
|
a = (u_char *) &su->su_6addr;
|
|
|
|
p = (u_char *) &su->su_port;
|
|
|
|
alen = sizeof(su->su_6addr);
|
1999-07-02 09:52:14 +04:00
|
|
|
af = 6;
|
|
|
|
break;
|
2000-09-15 18:55:16 +04:00
|
|
|
#endif
|
1999-07-02 09:52:14 +04:00
|
|
|
default:
|
|
|
|
af = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (af) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, " %s (%d,%d",
|
2000-06-14 17:44:21 +04:00
|
|
|
ispassive ? "LPSV" : "LPRT", af, alen);
|
1999-07-02 09:52:14 +04:00
|
|
|
for (i = 0; i < alen; i++)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, ",%d", UC(a[i]));
|
2000-11-24 15:56:45 +03:00
|
|
|
cprintf(stdout, ",%d,%d,%d)\r\n",
|
|
|
|
2, UC(p[0]), UC(p[1]));
|
1993-03-21 12:45:37 +03:00
|
|
|
#undef UC
|
1999-07-02 09:52:14 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* EPRT/EPSV */
|
2000-05-21 03:34:55 +04:00
|
|
|
epsvonly:
|
2000-11-15 05:32:30 +03:00
|
|
|
af = af2epsvproto(su->su_family);
|
2000-11-24 15:56:45 +03:00
|
|
|
hbuf[0] = '\0';
|
2000-11-15 05:32:30 +03:00
|
|
|
if (af > 0) {
|
2000-11-24 15:56:45 +03:00
|
|
|
struct sockinet tmp;
|
|
|
|
|
|
|
|
tmp = *su;
|
2000-11-28 12:31:29 +03:00
|
|
|
#ifdef INET6
|
2000-11-24 15:56:45 +03:00
|
|
|
if (tmp.su_family == AF_INET6)
|
|
|
|
tmp.su_scope_id = 0;
|
2000-11-28 12:31:29 +03:00
|
|
|
#endif
|
2000-11-24 15:56:45 +03:00
|
|
|
if (getnameinfo((struct sockaddr *)&tmp.si_su,
|
|
|
|
tmp.su_len, hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
|
|
|
|
NI_NUMERICHOST | NI_NUMERICSERV) == 0)
|
|
|
|
reply(0, "%s (|%d|%s|%s|)",
|
2000-06-14 17:44:21 +04:00
|
|
|
ispassive ? "EPSV" : "EPRT",
|
2000-11-24 15:56:45 +03:00
|
|
|
af, hbuf, sbuf);
|
1999-07-02 09:52:14 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
} else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "No data connection");
|
1999-05-17 19:14:53 +04:00
|
|
|
|
|
|
|
if (logged_in) {
|
2000-11-15 05:32:30 +03:00
|
|
|
reply(0,
|
|
|
|
"Data sent: " LLF " byte%s in " LLF " file%s",
|
|
|
|
(LLT)total_data_out, PLURAL(total_data_out),
|
|
|
|
(LLT)total_files_out, PLURAL(total_files_out));
|
|
|
|
reply(0,
|
|
|
|
"Data received: " LLF " byte%s in " LLF " file%s",
|
|
|
|
(LLT)total_data_in, PLURAL(total_data_in),
|
|
|
|
(LLT)total_files_in, PLURAL(total_files_in));
|
|
|
|
reply(0,
|
|
|
|
"Total data: " LLF " byte%s in " LLF " file%s",
|
|
|
|
(LLT)total_data, PLURAL(total_data),
|
|
|
|
(LLT)total_files, PLURAL(total_files));
|
1999-05-17 19:14:53 +04:00
|
|
|
}
|
|
|
|
otbi = total_bytes_in;
|
|
|
|
otbo = total_bytes_out;
|
|
|
|
otb = total_bytes;
|
2000-11-15 05:32:30 +03:00
|
|
|
reply(0, "Traffic sent: " LLF " byte%s in " LLF " transfer%s",
|
|
|
|
(LLT)otbo, PLURAL(otbo),
|
|
|
|
(LLT)total_xfers_out, PLURAL(total_xfers_out));
|
|
|
|
reply(0, "Traffic received: " LLF " byte%s in " LLF " transfer%s",
|
|
|
|
(LLT)otbi, PLURAL(otbi),
|
|
|
|
(LLT)total_xfers_in, PLURAL(total_xfers_in));
|
|
|
|
reply(0, "Total traffic: " LLF " byte%s in " LLF " transfer%s",
|
|
|
|
(LLT)otb, PLURAL(otb),
|
|
|
|
(LLT)total_xfers, PLURAL(total_xfers));
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
|
2001-12-04 16:54:12 +03:00
|
|
|
if (logged_in && !CURCLASS_FLAGS_ISSET(private)) {
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
struct ftpconv *cp;
|
|
|
|
|
2000-07-08 22:24:28 +04:00
|
|
|
reply(0, "%s", "");
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Class: %s, type: %s",
|
1999-12-21 15:56:15 +03:00
|
|
|
curclass.classname, CURCLASSTYPE);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Check PORT/LPRT commands: %sabled",
|
2000-11-16 16:15:13 +03:00
|
|
|
CURCLASS_FLAGS_ISSET(checkportcmd) ? "en" : "dis");
|
2000-07-17 06:30:52 +04:00
|
|
|
if (! EMPTYSTR(curclass.display))
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Display file: %s", curclass.display);
|
2000-07-17 06:30:52 +04:00
|
|
|
if (! EMPTYSTR(curclass.notify))
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Notify fileglob: %s", curclass.notify);
|
|
|
|
reply(0, "Idle timeout: %d, maximum timeout: %d",
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
curclass.timeout, curclass.maxtimeout);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Current connections: %d", connections);
|
2000-01-08 14:09:56 +03:00
|
|
|
if (curclass.limit == -1)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Maximum connections: unlimited");
|
2000-01-08 14:09:56 +03:00
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Maximum connections: %d", curclass.limit);
|
2000-01-08 14:09:56 +03:00
|
|
|
if (curclass.limitfile)
|
2000-11-16 16:15:13 +03:00
|
|
|
reply(0, "Connection limit exceeded message file: %s",
|
2001-11-28 02:42:40 +03:00
|
|
|
conffilename(curclass.limitfile));
|
2000-07-17 06:30:52 +04:00
|
|
|
if (! EMPTYSTR(curclass.chroot))
|
|
|
|
reply(0, "Chroot format: %s", curclass.chroot);
|
2001-12-12 11:13:33 +03:00
|
|
|
reply(0, "Deny bad ftpusers(5) quickly: %sabled",
|
2001-12-04 16:54:12 +03:00
|
|
|
CURCLASS_FLAGS_ISSET(denyquick) ? "en" : "dis");
|
2000-07-17 06:30:52 +04:00
|
|
|
if (! EMPTYSTR(curclass.homedir))
|
|
|
|
reply(0, "Homedir format: %s", curclass.homedir);
|
2000-11-16 16:15:13 +03:00
|
|
|
if (curclass.maxfilesize == -1)
|
|
|
|
reply(0, "Maximum file size: unlimited");
|
|
|
|
else
|
|
|
|
reply(0, "Maximum file size: " LLF,
|
|
|
|
(LLT)curclass.maxfilesize);
|
2000-07-17 06:30:52 +04:00
|
|
|
if (! EMPTYSTR(curclass.motd))
|
2001-11-28 02:42:40 +03:00
|
|
|
reply(0, "MotD file: %s", conffilename(curclass.motd));
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0,
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
"Modify commands (CHMOD, DELE, MKD, RMD, RNFR, UMASK): %sabled",
|
2000-11-16 16:15:13 +03:00
|
|
|
CURCLASS_FLAGS_ISSET(modify) ? "en" : "dis");
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Upload commands (APPE, STOR, STOU): %sabled",
|
2000-11-16 16:15:13 +03:00
|
|
|
CURCLASS_FLAGS_ISSET(upload) ? "en" : "dis");
|
|
|
|
reply(0, "Sanitize file names: %sabled",
|
|
|
|
CURCLASS_FLAGS_ISSET(sanenames) ? "en" : "dis");
|
|
|
|
reply(0, "PASV/LPSV/EPSV connections: %sabled",
|
|
|
|
CURCLASS_FLAGS_ISSET(passive) ? "en" : "dis");
|
2000-12-18 05:32:50 +03:00
|
|
|
if (curclass.advertise.su_len != 0) {
|
|
|
|
char buf[50]; /* big enough for IPv6 address */
|
|
|
|
const char *bp;
|
|
|
|
|
|
|
|
bp = inet_ntop(curclass.advertise.su_family,
|
|
|
|
(void *)&curclass.advertise.su_addr,
|
|
|
|
buf, sizeof(buf));
|
|
|
|
if (bp != NULL)
|
2001-07-08 11:27:14 +04:00
|
|
|
reply(0, "PASV advertise address: %s", bp);
|
2000-12-18 05:32:50 +03:00
|
|
|
}
|
2000-01-13 03:04:31 +03:00
|
|
|
if (curclass.portmin && curclass.portmax)
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "PASV port range: %d - %d",
|
2000-01-13 03:04:31 +03:00
|
|
|
curclass.portmin, curclass.portmax);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.rateget)
|
2000-11-16 16:15:13 +03:00
|
|
|
reply(0, "Rate get limit: " LLF " bytes/sec",
|
|
|
|
(LLT)curclass.rateget);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Rate get limit: disabled");
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (curclass.rateput)
|
2000-11-16 16:15:13 +03:00
|
|
|
reply(0, "Rate put limit: " LLF " bytes/sec",
|
|
|
|
(LLT)curclass.rateput);
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
else
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Rate put limit: disabled");
|
|
|
|
reply(0, "Umask: %.04o", curclass.umask);
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
for (cp = curclass.conversions; cp != NULL; cp=cp->next) {
|
|
|
|
if (cp->suffix == NULL || cp->types == NULL ||
|
|
|
|
cp->command == NULL)
|
|
|
|
continue;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
reply(0, "Conversion: %s [%s] disable: %s, command: %s",
|
* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
1997-06-14 12:43:26 +04:00
|
|
|
cp->suffix, cp->types, cp->disable, cp->command);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(211, "End of status");
|
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
fatal(const char *s)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(451, "Error in server: %s\n", s);
|
|
|
|
reply(221, "Closing connection due to server error.");
|
|
|
|
dologout(0);
|
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
|
2000-06-14 17:44:21 +04:00
|
|
|
/*
|
|
|
|
* reply() --
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
* depending on the value of n, display fmt with a trailing CRLF and
|
|
|
|
* prefix of:
|
|
|
|
* n < -1 prefix the message with abs(n) + "-" (initial line)
|
|
|
|
* n == 0 prefix the message with 4 spaces (middle lines)
|
|
|
|
* n > 0 prefix the message with n + " " (final line)
|
2000-06-14 17:44:21 +04:00
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
|
|
|
reply(int n, const char *fmt, ...)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-05-17 19:14:53 +04:00
|
|
|
off_t b;
|
1994-06-29 05:49:37 +04:00
|
|
|
va_list ap;
|
2000-05-20 06:20:18 +04:00
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
va_start(ap, fmt);
|
1999-05-17 19:14:53 +04:00
|
|
|
b = 0;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
if (n == 0)
|
|
|
|
cprintf(stdout, " ");
|
|
|
|
else if (n < 0)
|
|
|
|
cprintf(stdout, "%d-", -n);
|
|
|
|
else
|
|
|
|
cprintf(stdout, "%d ", n);
|
|
|
|
b = vprintf(fmt, ap);
|
2001-09-24 17:22:25 +04:00
|
|
|
va_end(ap);
|
1999-05-17 19:14:53 +04:00
|
|
|
total_bytes += b;
|
|
|
|
total_bytes_out += b;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cprintf(stdout, "\r\n");
|
1993-03-21 12:45:37 +03:00
|
|
|
(void)fflush(stdout);
|
|
|
|
if (debug) {
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
syslog(LOG_DEBUG, "<--- %d%c", abs(n), (n < 0) ? '-' : ' ');
|
2001-09-24 17:22:25 +04:00
|
|
|
va_start(ap, fmt);
|
1994-06-29 05:49:37 +04:00
|
|
|
vsyslog(LOG_DEBUG, fmt, ap);
|
2001-09-24 17:22:25 +04:00
|
|
|
va_end(ap);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
static void
|
2000-12-18 05:32:50 +03:00
|
|
|
logremotehost(struct sockinet *who)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
2000-11-15 05:32:30 +03:00
|
|
|
|
2000-11-28 12:46:34 +03:00
|
|
|
if (getnameinfo((struct sockaddr *)&who->si_su,
|
|
|
|
who->su_len, remotehost, sizeof(remotehost), NULL, 0, 0))
|
2000-11-24 15:56:45 +03:00
|
|
|
strlcpy(remotehost, "?", sizeof(remotehost));
|
2000-09-15 18:55:16 +04:00
|
|
|
|
2000-11-30 05:59:11 +03:00
|
|
|
#if HAVE_SETPROCTITLE
|
1994-06-29 05:49:37 +04:00
|
|
|
snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
|
2000-07-06 02:15:04 +04:00
|
|
|
setproctitle("%s", proctitle);
|
2000-11-30 05:59:11 +03:00
|
|
|
#endif /* HAVE_SETPROCTITLE */
|
1994-06-29 05:49:37 +04:00
|
|
|
if (logging)
|
1999-12-18 09:33:54 +03:00
|
|
|
syslog(LOG_INFO, "connection from %s to %s",
|
|
|
|
remotehost, hostname);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2000-12-18 05:32:50 +03:00
|
|
|
* Record logout in wtmp file and exit with supplied status.
|
1993-03-21 12:45:37 +03:00
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
dologout(int status)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1997-01-23 08:57:55 +03:00
|
|
|
/*
|
|
|
|
* Prevent reception of SIGURG from resulting in a resumption
|
|
|
|
* back to the main program loop.
|
|
|
|
*/
|
|
|
|
transflag = 0;
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if (logged_in) {
|
2000-07-26 17:53:33 +04:00
|
|
|
if (dowtmp)
|
|
|
|
logwtmp(ttyline, "", "");
|
1999-12-18 08:51:34 +03:00
|
|
|
if (doutmp)
|
|
|
|
logout(utmp.ut_line);
|
1997-10-12 17:18:56 +04:00
|
|
|
#ifdef KERBEROS
|
1994-03-30 06:49:15 +04:00
|
|
|
if (!notickets && krbtkfile_env)
|
|
|
|
unlink(krbtkfile_env);
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
/* beware of flushing buffers after a SIGPIPE */
|
|
|
|
_exit(status);
|
|
|
|
}
|
|
|
|
|
2001-04-12 06:28:59 +04:00
|
|
|
void
|
|
|
|
abor(void)
|
2001-04-02 03:04:30 +04:00
|
|
|
{
|
2001-04-12 06:28:59 +04:00
|
|
|
|
2001-04-02 03:04:30 +04:00
|
|
|
tmpline[0] = '\0';
|
|
|
|
is_oob = 0;
|
|
|
|
reply(426, "Transfer aborted. Data connection closed.");
|
|
|
|
reply(226, "Abort successful");
|
|
|
|
longjmp(urgcatch, 1);
|
|
|
|
}
|
|
|
|
|
2001-04-12 06:28:59 +04:00
|
|
|
void
|
|
|
|
statxfer(void)
|
2001-04-02 03:04:30 +04:00
|
|
|
{
|
2001-04-12 06:28:59 +04:00
|
|
|
|
2001-04-02 03:04:30 +04:00
|
|
|
tmpline[0] = '\0';
|
|
|
|
is_oob = 0;
|
|
|
|
if (file_size != (off_t) -1)
|
|
|
|
reply(213,
|
|
|
|
"Status: " LLF " of " LLF " byte%s transferred",
|
|
|
|
(LLT)byte_count, (LLT)file_size,
|
|
|
|
PLURAL(byte_count));
|
|
|
|
else
|
|
|
|
reply(213, "Status: " LLF " byte%s transferred",
|
|
|
|
(LLT)byte_count, PLURAL(byte_count));
|
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
static void
|
2000-05-20 06:20:18 +04:00
|
|
|
myoob(int signo)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
char *cp;
|
|
|
|
|
|
|
|
/* only process if transfer occurring */
|
|
|
|
if (!transflag)
|
|
|
|
return;
|
|
|
|
cp = tmpline;
|
2001-04-02 03:04:30 +04:00
|
|
|
if (getline(cp, sizeof(tmpline), stdin) == NULL) {
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(221, "You could at least say goodbye.");
|
|
|
|
dologout(0);
|
|
|
|
}
|
2001-04-02 03:04:30 +04:00
|
|
|
is_oob = 1;
|
|
|
|
ftp_handle_line(cp);
|
|
|
|
is_oob = 0;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
2000-01-13 01:39:27 +03:00
|
|
|
static int
|
2000-05-20 06:20:18 +04:00
|
|
|
bind_pasv_addr(void)
|
2000-01-13 01:39:27 +03:00
|
|
|
{
|
|
|
|
static int passiveport;
|
|
|
|
int port, len;
|
|
|
|
|
|
|
|
len = pasv_addr.su_len;
|
|
|
|
if (curclass.portmin == 0 && curclass.portmax == 0) {
|
|
|
|
pasv_addr.su_port = 0;
|
2000-11-15 05:32:30 +03:00
|
|
|
return (bind(pdata, (struct sockaddr *)&pasv_addr.si_su, len));
|
2000-01-13 01:39:27 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (passiveport == 0) {
|
|
|
|
srand(getpid());
|
|
|
|
passiveport = rand() % (curclass.portmax - curclass.portmin)
|
|
|
|
+ curclass.portmin;
|
|
|
|
}
|
|
|
|
|
|
|
|
port = passiveport;
|
|
|
|
while (1) {
|
|
|
|
port++;
|
|
|
|
if (port > curclass.portmax)
|
|
|
|
port = curclass.portmin;
|
|
|
|
else if (port == passiveport) {
|
|
|
|
errno = EAGAIN;
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
pasv_addr.su_port = htons(port);
|
2000-11-15 05:32:30 +03:00
|
|
|
if (bind(pdata, (struct sockaddr *)&pasv_addr.si_su, len) == 0)
|
2000-01-13 01:39:27 +03:00
|
|
|
break;
|
|
|
|
if (errno != EADDRINUSE)
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
passiveport = port;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Note: a response of 425 is not mentioned as a possible response to
|
1994-06-29 05:49:37 +04:00
|
|
|
* the PASV command in RFC959. However, it has been blessed as
|
|
|
|
* a legitimate response by Jon Postel in a telephone conversation
|
1993-03-21 12:45:37 +03:00
|
|
|
* with Rick Adams on 25 Jan 89.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
passive(void)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
int len;
|
1994-06-29 05:49:37 +04:00
|
|
|
char *p, *a;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-12-09 14:18:05 +03:00
|
|
|
if (pdata >= 0)
|
|
|
|
close(pdata);
|
1993-03-21 12:45:37 +03:00
|
|
|
pdata = socket(AF_INET, SOCK_STREAM, 0);
|
1997-05-29 14:31:48 +04:00
|
|
|
if (pdata < 0 || !logged_in) {
|
1993-03-21 12:45:37 +03:00
|
|
|
perror_reply(425, "Can't open passive connection");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
pasv_addr = ctrl_addr;
|
2000-01-13 01:39:27 +03:00
|
|
|
|
|
|
|
if (bind_pasv_addr() < 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
goto pasv_error;
|
2000-01-13 01:39:27 +03:00
|
|
|
len = pasv_addr.su_len;
|
2000-11-15 05:32:30 +03:00
|
|
|
if (getsockname(pdata, (struct sockaddr *) &pasv_addr.si_su, &len) < 0)
|
1993-03-21 12:45:37 +03:00
|
|
|
goto pasv_error;
|
2000-11-15 05:32:30 +03:00
|
|
|
pasv_addr.su_len = len;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (listen(pdata, 1) < 0)
|
|
|
|
goto pasv_error;
|
2000-12-18 05:32:50 +03:00
|
|
|
if (curclass.advertise.su_len != 0)
|
|
|
|
a = (char *) &curclass.advertise.su_addr;
|
|
|
|
else
|
|
|
|
a = (char *) &pasv_addr.su_addr;
|
1999-07-02 09:52:14 +04:00
|
|
|
p = (char *) &pasv_addr.su_port;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
#define UC(b) (((int) b) & 0xff)
|
|
|
|
|
|
|
|
reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
|
|
|
|
UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
|
|
|
|
return;
|
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
pasv_error:
|
1999-07-02 09:52:14 +04:00
|
|
|
(void) close(pdata);
|
|
|
|
pdata = -1;
|
|
|
|
perror_reply(425, "Can't open passive connection");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2000-11-13 14:50:46 +03:00
|
|
|
/*
|
|
|
|
* convert protocol identifier to/from AF
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
lpsvproto2af(int proto)
|
|
|
|
{
|
|
|
|
|
|
|
|
switch (proto) {
|
2000-11-15 05:32:30 +03:00
|
|
|
case 4:
|
|
|
|
return AF_INET;
|
2000-11-13 14:50:46 +03:00
|
|
|
#ifdef INET6
|
2000-11-15 05:32:30 +03:00
|
|
|
case 6:
|
|
|
|
return AF_INET6;
|
2000-11-13 14:50:46 +03:00
|
|
|
#endif
|
2000-11-15 05:32:30 +03:00
|
|
|
default:
|
|
|
|
return -1;
|
2000-11-13 14:50:46 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
af2lpsvproto(int af)
|
|
|
|
{
|
|
|
|
|
|
|
|
switch (af) {
|
2000-11-15 05:32:30 +03:00
|
|
|
case AF_INET:
|
|
|
|
return 4;
|
2000-11-13 14:50:46 +03:00
|
|
|
#ifdef INET6
|
2000-11-15 05:32:30 +03:00
|
|
|
case AF_INET6:
|
|
|
|
return 6;
|
2000-11-13 14:50:46 +03:00
|
|
|
#endif
|
2000-11-15 05:32:30 +03:00
|
|
|
default:
|
|
|
|
return -1;
|
2000-11-13 14:50:46 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
epsvproto2af(int proto)
|
|
|
|
{
|
|
|
|
|
|
|
|
switch (proto) {
|
2000-11-15 05:32:30 +03:00
|
|
|
case 1:
|
|
|
|
return AF_INET;
|
2000-11-13 14:50:46 +03:00
|
|
|
#ifdef INET6
|
2000-11-15 05:32:30 +03:00
|
|
|
case 2:
|
|
|
|
return AF_INET6;
|
2000-11-13 14:50:46 +03:00
|
|
|
#endif
|
2000-11-15 05:32:30 +03:00
|
|
|
default:
|
|
|
|
return -1;
|
2000-11-13 14:50:46 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
af2epsvproto(int af)
|
|
|
|
{
|
|
|
|
|
|
|
|
switch (af) {
|
2000-11-15 05:32:30 +03:00
|
|
|
case AF_INET:
|
|
|
|
return 1;
|
2000-11-13 14:50:46 +03:00
|
|
|
#ifdef INET6
|
2000-11-15 05:32:30 +03:00
|
|
|
case AF_INET6:
|
|
|
|
return 2;
|
2000-11-13 14:50:46 +03:00
|
|
|
#endif
|
2000-11-15 05:32:30 +03:00
|
|
|
default:
|
|
|
|
return -1;
|
2000-11-13 14:50:46 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1999-07-02 09:52:14 +04:00
|
|
|
/*
|
|
|
|
* 228 Entering Long Passive Mode (af, hal, h1, h2, h3,..., pal, p1, p2...)
|
|
|
|
* 229 Entering Extended Passive Mode (|||port|)
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
long_passive(char *cmd, int pf)
|
|
|
|
{
|
|
|
|
int len;
|
2000-01-13 01:39:27 +03:00
|
|
|
char *p, *a;
|
1999-07-02 09:52:14 +04:00
|
|
|
|
|
|
|
if (!logged_in) {
|
|
|
|
syslog(LOG_NOTICE, "long passive but not logged in");
|
|
|
|
reply(503, "Login with USER first.");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2000-11-13 14:50:46 +03:00
|
|
|
if (pf != PF_UNSPEC && ctrl_addr.su_family != pf) {
|
|
|
|
/*
|
2000-11-16 16:15:13 +03:00
|
|
|
* XXX: only EPRT/EPSV ready clients will understand this
|
2000-11-13 14:50:46 +03:00
|
|
|
*/
|
|
|
|
if (strcmp(cmd, "EPSV") != 0)
|
|
|
|
reply(501, "Network protocol mismatch"); /*XXX*/
|
|
|
|
else
|
|
|
|
epsv_protounsupp("Network protocol mismatch");
|
1999-07-02 09:52:14 +04:00
|
|
|
|
2000-11-13 14:50:46 +03:00
|
|
|
return;
|
1999-07-02 09:52:14 +04:00
|
|
|
}
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
|
1999-12-09 14:18:05 +03:00
|
|
|
if (pdata >= 0)
|
|
|
|
close(pdata);
|
1999-07-02 09:52:14 +04:00
|
|
|
pdata = socket(ctrl_addr.su_family, SOCK_STREAM, 0);
|
|
|
|
if (pdata < 0) {
|
|
|
|
perror_reply(425, "Can't open passive connection");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
pasv_addr = ctrl_addr;
|
2000-01-13 01:39:27 +03:00
|
|
|
if (bind_pasv_addr() < 0)
|
1999-07-02 09:52:14 +04:00
|
|
|
goto pasv_error;
|
|
|
|
len = pasv_addr.su_len;
|
2000-11-15 05:32:30 +03:00
|
|
|
if (getsockname(pdata, (struct sockaddr *) &pasv_addr.si_su, &len) < 0)
|
1999-07-02 09:52:14 +04:00
|
|
|
goto pasv_error;
|
2000-11-15 05:32:30 +03:00
|
|
|
pasv_addr.su_len = len;
|
1999-07-02 09:52:14 +04:00
|
|
|
if (listen(pdata, 1) < 0)
|
|
|
|
goto pasv_error;
|
|
|
|
p = (char *) &pasv_addr.su_port;
|
|
|
|
|
|
|
|
#define UC(b) (((int) b) & 0xff)
|
|
|
|
|
|
|
|
if (strcmp(cmd, "LPSV") == 0) {
|
2000-12-18 05:32:50 +03:00
|
|
|
struct sockinet *advert;
|
|
|
|
|
|
|
|
if (curclass.advertise.su_len != 0)
|
|
|
|
advert = &curclass.advertise;
|
|
|
|
else
|
|
|
|
advert = &pasv_addr;
|
|
|
|
switch (advert->su_family) {
|
1999-07-02 09:52:14 +04:00
|
|
|
case AF_INET:
|
2000-12-18 05:32:50 +03:00
|
|
|
a = (char *) &advert->su_addr;
|
2000-11-15 05:32:30 +03:00
|
|
|
reply(228,
|
|
|
|
"Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d)",
|
1999-07-02 09:52:14 +04:00
|
|
|
4, 4, UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
|
|
|
|
2, UC(p[0]), UC(p[1]));
|
|
|
|
return;
|
2000-09-15 18:55:16 +04:00
|
|
|
#ifdef INET6
|
1999-07-02 09:52:14 +04:00
|
|
|
case AF_INET6:
|
2000-12-18 05:32:50 +03:00
|
|
|
a = (char *) &advert->su_6addr;
|
2000-11-15 05:32:30 +03:00
|
|
|
reply(228,
|
|
|
|
"Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)",
|
1999-07-02 09:52:14 +04:00
|
|
|
6, 16,
|
|
|
|
UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
|
|
|
|
UC(a[4]), UC(a[5]), UC(a[6]), UC(a[7]),
|
|
|
|
UC(a[8]), UC(a[9]), UC(a[10]), UC(a[11]),
|
|
|
|
UC(a[12]), UC(a[13]), UC(a[14]), UC(a[15]),
|
|
|
|
2, UC(p[0]), UC(p[1]));
|
|
|
|
return;
|
2000-09-15 18:55:16 +04:00
|
|
|
#endif
|
1999-07-02 09:52:14 +04:00
|
|
|
}
|
|
|
|
#undef UC
|
|
|
|
} else if (strcmp(cmd, "EPSV") == 0) {
|
|
|
|
switch (pasv_addr.su_family) {
|
|
|
|
case AF_INET:
|
2000-11-15 05:32:30 +03:00
|
|
|
#ifdef INET6
|
1999-07-02 09:52:14 +04:00
|
|
|
case AF_INET6:
|
2000-11-15 05:32:30 +03:00
|
|
|
#endif
|
1999-07-02 09:52:14 +04:00
|
|
|
reply(229, "Entering Extended Passive Mode (|||%d|)",
|
2000-11-15 05:32:30 +03:00
|
|
|
ntohs(pasv_addr.su_port));
|
1999-07-02 09:52:14 +04:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* more proper error code? */
|
|
|
|
}
|
|
|
|
|
2000-05-21 03:34:55 +04:00
|
|
|
pasv_error:
|
1993-03-21 12:45:37 +03:00
|
|
|
(void) close(pdata);
|
|
|
|
pdata = -1;
|
|
|
|
perror_reply(425, "Can't open passive connection");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2000-11-13 14:50:46 +03:00
|
|
|
int
|
|
|
|
extended_port(const char *arg)
|
|
|
|
{
|
|
|
|
char *tmp = NULL;
|
|
|
|
char *result[3];
|
|
|
|
char *p, *q;
|
|
|
|
char delim;
|
|
|
|
struct addrinfo hints;
|
|
|
|
struct addrinfo *res = NULL;
|
|
|
|
int i;
|
|
|
|
unsigned long proto;
|
|
|
|
|
|
|
|
tmp = xstrdup(arg);
|
|
|
|
p = tmp;
|
|
|
|
delim = p[0];
|
|
|
|
p++;
|
|
|
|
memset(result, 0, sizeof(result));
|
|
|
|
for (i = 0; i < 3; i++) {
|
|
|
|
q = strchr(p, delim);
|
|
|
|
if (!q || *q != delim)
|
|
|
|
goto parsefail;
|
|
|
|
*q++ = '\0';
|
|
|
|
result[i] = p;
|
|
|
|
p = q;
|
|
|
|
}
|
|
|
|
|
2000-11-16 16:15:13 +03:00
|
|
|
/* some more sanity checks */
|
2000-11-13 14:50:46 +03:00
|
|
|
p = NULL;
|
|
|
|
(void)strtoul(result[2], &p, 10);
|
|
|
|
if (!*result[2] || *p)
|
2000-11-13 18:11:57 +03:00
|
|
|
goto parsefail;
|
2000-11-13 14:50:46 +03:00
|
|
|
p = NULL;
|
|
|
|
proto = strtoul(result[0], &p, 10);
|
|
|
|
if (!*result[0] || *p)
|
|
|
|
goto protounsupp;
|
|
|
|
|
|
|
|
memset(&hints, 0, sizeof(hints));
|
|
|
|
hints.ai_family = epsvproto2af((int)proto);
|
|
|
|
if (hints.ai_family < 0)
|
|
|
|
goto protounsupp;
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
hints.ai_flags = AI_NUMERICHOST;
|
|
|
|
if (getaddrinfo(result[1], result[2], &hints, &res))
|
|
|
|
goto parsefail;
|
|
|
|
if (res->ai_next)
|
|
|
|
goto parsefail;
|
|
|
|
if (sizeof(data_dest) < res->ai_addrlen)
|
|
|
|
goto parsefail;
|
2000-12-18 05:32:50 +03:00
|
|
|
memcpy(&data_dest.si_su, res->ai_addr, res->ai_addrlen);
|
|
|
|
data_dest.su_len = res->ai_addrlen;
|
2000-11-28 12:31:29 +03:00
|
|
|
#ifdef INET6
|
2000-11-13 14:50:46 +03:00
|
|
|
if (his_addr.su_family == AF_INET6 &&
|
|
|
|
data_dest.su_family == AF_INET6) {
|
2000-11-16 16:15:13 +03:00
|
|
|
/* XXX: more sanity checks! */
|
2000-11-15 05:32:30 +03:00
|
|
|
data_dest.su_scope_id = his_addr.su_scope_id;
|
2000-11-13 14:50:46 +03:00
|
|
|
}
|
2000-11-28 12:31:29 +03:00
|
|
|
#endif
|
2000-11-13 14:50:46 +03:00
|
|
|
|
|
|
|
if (tmp != NULL)
|
|
|
|
free(tmp);
|
|
|
|
if (res)
|
|
|
|
freeaddrinfo(res);
|
|
|
|
return 0;
|
|
|
|
|
2000-11-15 05:32:30 +03:00
|
|
|
parsefail:
|
2000-11-13 14:50:46 +03:00
|
|
|
reply(500, "Invalid argument, rejected.");
|
|
|
|
usedefault = 1;
|
2000-11-13 14:52:41 +03:00
|
|
|
if (tmp != NULL)
|
|
|
|
free(tmp);
|
|
|
|
if (res)
|
|
|
|
freeaddrinfo(res);
|
2000-11-13 14:50:46 +03:00
|
|
|
return -1;
|
|
|
|
|
2000-11-15 05:32:30 +03:00
|
|
|
protounsupp:
|
2000-11-13 14:50:46 +03:00
|
|
|
epsv_protounsupp("Protocol not supported");
|
|
|
|
usedefault = 1;
|
2000-11-13 14:52:41 +03:00
|
|
|
if (tmp != NULL)
|
|
|
|
free(tmp);
|
|
|
|
if (res)
|
|
|
|
freeaddrinfo(res);
|
2000-11-13 14:50:46 +03:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* 522 Protocol not supported (proto,...)
|
|
|
|
* as we assume address family for control and data connections are the same,
|
|
|
|
* we do not return the list of address families we support - instead, we
|
|
|
|
* return the address family of the control connection.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
epsv_protounsupp(const char *message)
|
|
|
|
{
|
|
|
|
int proto;
|
|
|
|
|
|
|
|
proto = af2epsvproto(ctrl_addr.su_family);
|
|
|
|
if (proto < 0)
|
2000-11-16 16:15:13 +03:00
|
|
|
reply(501, "%s", message); /* XXX */
|
2000-11-13 14:50:46 +03:00
|
|
|
else
|
|
|
|
reply(522, "%s, use (%d)", message, proto);
|
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Generate unique name for file with basename "local".
|
|
|
|
* The file named "local" is already known to exist.
|
|
|
|
* Generates failure reply on error.
|
1997-07-21 09:13:10 +04:00
|
|
|
*
|
2000-11-15 05:32:30 +03:00
|
|
|
* XXX: this function should under go changes similar to
|
|
|
|
* the mktemp(3)/mkstemp(3) changes.
|
1993-03-21 12:45:37 +03:00
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
static char *
|
2000-05-20 06:20:18 +04:00
|
|
|
gunique(const char *local)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
2000-01-08 14:09:56 +03:00
|
|
|
static char new[MAXPATHLEN];
|
1993-03-21 12:45:37 +03:00
|
|
|
struct stat st;
|
1994-06-29 05:49:37 +04:00
|
|
|
char *cp;
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
int count;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
cp = strrchr(local, '/');
|
1993-03-21 12:45:37 +03:00
|
|
|
if (cp)
|
|
|
|
*cp = '\0';
|
|
|
|
if (stat(cp ? local : ".", &st) < 0) {
|
|
|
|
perror_reply(553, cp ? local : ".");
|
1998-09-06 14:39:40 +04:00
|
|
|
return (NULL);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
if (cp)
|
|
|
|
*cp = '/';
|
|
|
|
for (count = 1; count < 100; count++) {
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
(void)snprintf(new, sizeof(new) - 1, "%s.%d", local, count);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (stat(new, &st) < 0)
|
1994-06-29 05:49:37 +04:00
|
|
|
return (new);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
reply(452, "Unique file name cannot be created.");
|
1994-06-29 05:49:37 +04:00
|
|
|
return (NULL);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Format and send reply containing system error number.
|
|
|
|
*/
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
perror_reply(int code, const char *string)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1999-05-17 19:14:53 +04:00
|
|
|
int save_errno;
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1999-05-17 19:14:53 +04:00
|
|
|
save_errno = errno;
|
1993-03-21 12:45:37 +03:00
|
|
|
reply(code, "%s: %s.", string, strerror(errno));
|
1999-05-17 19:14:53 +04:00
|
|
|
errno = save_errno;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static char *onefile[] = {
|
|
|
|
"",
|
|
|
|
0
|
|
|
|
};
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
void
|
2000-05-20 06:20:18 +04:00
|
|
|
send_file_list(const char *whichf)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
struct stat st;
|
|
|
|
DIR *dirp = NULL;
|
|
|
|
struct dirent *dir;
|
|
|
|
FILE *dout = NULL;
|
2001-12-01 13:25:29 +03:00
|
|
|
char **dirlist, *dirname, *notglob, *p;
|
1993-03-21 12:45:37 +03:00
|
|
|
int simple = 0;
|
1994-06-29 05:49:37 +04:00
|
|
|
int freeglob = 0;
|
|
|
|
glob_t gl;
|
1999-05-17 19:14:53 +04:00
|
|
|
|
1997-06-18 23:05:46 +04:00
|
|
|
#ifdef __GNUC__
|
|
|
|
(void) &dout;
|
|
|
|
(void) &dirlist;
|
|
|
|
(void) &simple;
|
|
|
|
(void) &freeglob;
|
|
|
|
#endif
|
1994-06-29 05:49:37 +04:00
|
|
|
|
1999-05-17 19:14:53 +04:00
|
|
|
p = NULL;
|
1994-06-29 05:49:37 +04:00
|
|
|
if (strpbrk(whichf, "~{[*?") != NULL) {
|
2001-03-16 23:42:12 +03:00
|
|
|
int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE|GLOB_LIMIT;
|
1994-06-29 05:49:37 +04:00
|
|
|
|
|
|
|
memset(&gl, 0, sizeof(gl));
|
|
|
|
freeglob = 1;
|
|
|
|
if (glob(whichf, flags, 0, &gl)) {
|
|
|
|
reply(550, "not found");
|
|
|
|
goto out;
|
|
|
|
} else if (gl.gl_pathc == 0) {
|
1993-03-21 12:45:37 +03:00
|
|
|
errno = ENOENT;
|
1994-06-29 05:49:37 +04:00
|
|
|
perror_reply(550, whichf);
|
|
|
|
goto out;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
dirlist = gl.gl_pathv;
|
1993-03-21 12:45:37 +03:00
|
|
|
} else {
|
2001-12-01 13:25:29 +03:00
|
|
|
notglob = xstrdup(whichf);
|
|
|
|
onefile[0] = notglob;
|
1993-03-21 12:45:37 +03:00
|
|
|
dirlist = onefile;
|
|
|
|
simple = 1;
|
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
/* XXX: } for vi sm */
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
if (setjmp(urgcatch)) {
|
|
|
|
transflag = 0;
|
1994-06-29 05:49:37 +04:00
|
|
|
goto out;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1997-04-27 07:21:38 +04:00
|
|
|
while ((dirname = *dirlist++) != NULL) {
|
1997-09-18 11:27:35 +04:00
|
|
|
int trailingslash = 0;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if (stat(dirname, &st) < 0) {
|
|
|
|
/*
|
|
|
|
* If user typed "ls -l", etc, and the client
|
|
|
|
* used NLST, do what the user meant.
|
|
|
|
*/
|
1999-12-07 08:30:53 +03:00
|
|
|
/* XXX: nuke this support? */
|
1993-03-21 12:45:37 +03:00
|
|
|
if (dirname[0] == '-' && *dirlist == NULL &&
|
|
|
|
transflag == 0) {
|
1999-12-07 08:30:53 +03:00
|
|
|
char *argv[] = { INTERNAL_LS, "", NULL };
|
|
|
|
|
|
|
|
argv[1] = dirname;
|
|
|
|
retrieve(argv, dirname);
|
1994-06-29 05:49:37 +04:00
|
|
|
goto out;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1994-06-29 05:49:37 +04:00
|
|
|
perror_reply(550, whichf);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
goto cleanup_send_file_list;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
1994-06-29 05:49:37 +04:00
|
|
|
if (S_ISREG(st.st_mode)) {
|
2000-12-18 05:32:50 +03:00
|
|
|
/*
|
|
|
|
* XXXRFC:
|
|
|
|
* should we follow RFC959 and not work
|
|
|
|
* for non directories?
|
|
|
|
*/
|
1993-03-21 12:45:37 +03:00
|
|
|
if (dout == NULL) {
|
|
|
|
dout = dataconn("file list", (off_t)-1, "w");
|
|
|
|
if (dout == NULL)
|
1994-06-29 05:49:37 +04:00
|
|
|
goto out;
|
1993-03-21 12:45:37 +03:00
|
|
|
transflag++;
|
|
|
|
}
|
2000-12-18 05:32:50 +03:00
|
|
|
cprintf(dout, "%s%s\n", dirname,
|
1999-05-17 19:14:53 +04:00
|
|
|
type == TYPE_A ? "\r" : "");
|
1993-03-21 12:45:37 +03:00
|
|
|
continue;
|
1994-06-29 05:49:37 +04:00
|
|
|
} else if (!S_ISDIR(st.st_mode))
|
1993-03-21 12:45:37 +03:00
|
|
|
continue;
|
|
|
|
|
1997-09-18 11:27:35 +04:00
|
|
|
if (dirname[strlen(dirname) - 1] == '/')
|
|
|
|
trailingslash++;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
if ((dirp = opendir(dirname)) == NULL)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
while ((dir = readdir(dirp)) != NULL) {
|
2000-01-08 14:09:56 +03:00
|
|
|
char nbuf[MAXPATHLEN];
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2000-06-14 17:44:21 +04:00
|
|
|
if (ISDOTDIR(dir->d_name) || ISDOTDOTDIR(dir->d_name))
|
1993-03-21 12:45:37 +03:00
|
|
|
continue;
|
|
|
|
|
1997-09-18 11:27:35 +04:00
|
|
|
(void)snprintf(nbuf, sizeof(nbuf), "%s%s%s", dirname,
|
|
|
|
trailingslash ? "" : "/", dir->d_name);
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/*
|
1997-08-14 06:06:15 +04:00
|
|
|
* We have to do a stat to ensure it's
|
1993-03-21 12:45:37 +03:00
|
|
|
* not a directory or special file.
|
|
|
|
*/
|
2000-12-18 05:32:50 +03:00
|
|
|
/*
|
|
|
|
* XXXRFC:
|
|
|
|
* should we follow RFC959 and filter out
|
|
|
|
* non files ? lukem - NO!, or not until
|
|
|
|
* our ftp client uses MLS{T,D} for completion.
|
|
|
|
*/
|
1993-03-21 12:45:37 +03:00
|
|
|
if (simple || (stat(nbuf, &st) == 0 &&
|
1994-06-29 05:49:37 +04:00
|
|
|
S_ISREG(st.st_mode))) {
|
1993-03-21 12:45:37 +03:00
|
|
|
if (dout == NULL) {
|
|
|
|
dout = dataconn("file list", (off_t)-1,
|
|
|
|
"w");
|
|
|
|
if (dout == NULL)
|
1994-06-29 05:49:37 +04:00
|
|
|
goto out;
|
1993-03-21 12:45:37 +03:00
|
|
|
transflag++;
|
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
p = nbuf;
|
1993-03-21 12:45:37 +03:00
|
|
|
if (nbuf[0] == '.' && nbuf[1] == '/')
|
1999-05-17 19:14:53 +04:00
|
|
|
p = &nbuf[2];
|
2000-12-18 05:32:50 +03:00
|
|
|
cprintf(dout, "%s%s\n", p,
|
1999-05-17 19:14:53 +04:00
|
|
|
type == TYPE_A ? "\r" : "");
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
(void) closedir(dirp);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (dout == NULL)
|
|
|
|
reply(550, "No files found.");
|
|
|
|
else if (ferror(dout) != 0)
|
|
|
|
perror_reply(550, "Data connection");
|
|
|
|
else
|
|
|
|
reply(226, "Transfer complete.");
|
|
|
|
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
cleanup_send_file_list:
|
1993-03-21 12:45:37 +03:00
|
|
|
transflag = 0;
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
closedataconn(dout);
|
2000-05-21 03:34:55 +04:00
|
|
|
out:
|
1999-05-17 19:14:53 +04:00
|
|
|
total_xfers++;
|
|
|
|
total_xfers_out++;
|
2001-12-01 13:25:29 +03:00
|
|
|
if (notglob)
|
|
|
|
free(notglob);
|
1999-05-17 19:14:53 +04:00
|
|
|
if (freeglob)
|
1994-06-29 05:49:37 +04:00
|
|
|
globfree(&gl);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1997-09-23 17:56:39 +04:00
|
|
|
|
|
|
|
char *
|
2000-05-20 06:20:18 +04:00
|
|
|
conffilename(const char *s)
|
1997-09-23 17:56:39 +04:00
|
|
|
{
|
2000-01-08 14:09:56 +03:00
|
|
|
static char filename[MAXPATHLEN];
|
1997-09-23 17:56:39 +04:00
|
|
|
|
* change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
1999-12-12 17:05:54 +03:00
|
|
|
if (*s == '/')
|
|
|
|
strlcpy(filename, s, sizeof(filename));
|
|
|
|
else
|
|
|
|
(void)snprintf(filename, sizeof(filename), "%s/%s", confdir ,s);
|
|
|
|
return (filename);
|
1997-09-23 17:56:39 +04:00
|
|
|
}
|
1999-05-17 19:14:53 +04:00
|
|
|
|
|
|
|
/*
|
2000-12-18 05:32:50 +03:00
|
|
|
* logxfer --
|
|
|
|
* if logging > 1, then based on the arguments, syslog a message:
|
1999-05-17 19:14:53 +04:00
|
|
|
* if bytes != -1 "<command> <file1> = <bytes> bytes"
|
|
|
|
* else if file2 != NULL "<command> <file1> <file2>"
|
|
|
|
* else "<command> <file1>"
|
|
|
|
* if elapsed != NULL, append "in xxx.yyy seconds"
|
|
|
|
* if error != NULL, append ": " + error
|
2000-12-18 05:32:50 +03:00
|
|
|
*
|
2002-02-11 14:45:07 +03:00
|
|
|
* if doxferlog != 0, bytes != -1, and command is "get", "put",
|
|
|
|
* or "append", syslog a wu-ftpd style xferlog entry
|
1999-05-17 19:14:53 +04:00
|
|
|
*/
|
|
|
|
void
|
2000-12-18 05:32:50 +03:00
|
|
|
logxfer(const char *command, off_t bytes, const char *file1, const char *file2,
|
2000-05-20 06:20:18 +04:00
|
|
|
const struct timeval *elapsed, const char *error)
|
1999-05-17 19:14:53 +04:00
|
|
|
{
|
2000-12-18 05:32:50 +03:00
|
|
|
char buf[MAXPATHLEN * 2 + 100], realfile[MAXPATHLEN];
|
|
|
|
const char *r1, *r2;
|
|
|
|
char direction;
|
|
|
|
size_t len;
|
|
|
|
time_t now;
|
1999-05-17 19:14:53 +04:00
|
|
|
|
2000-12-18 05:32:50 +03:00
|
|
|
if (logging <=1 && !doxferlog)
|
1999-05-17 19:14:53 +04:00
|
|
|
return;
|
|
|
|
|
2000-12-18 05:32:50 +03:00
|
|
|
r1 = r2 = NULL;
|
|
|
|
if ((r1 = realpath(file1, realfile)) == NULL)
|
|
|
|
r1 = file1;
|
|
|
|
if (file2 != NULL)
|
|
|
|
if ((r2 = realpath(file2, realfile)) == NULL)
|
|
|
|
r2 = file2;
|
1999-05-17 19:14:53 +04:00
|
|
|
|
2000-12-18 05:32:50 +03:00
|
|
|
/*
|
|
|
|
* syslog command
|
|
|
|
*/
|
|
|
|
if (logging > 1) {
|
|
|
|
len = snprintf(buf, sizeof(buf), "%s %s", command, r1);
|
|
|
|
if (bytes != (off_t)-1)
|
|
|
|
len += snprintf(buf + len, sizeof(buf) - len,
|
|
|
|
" = " LLF " byte%s", (LLT) bytes, PLURAL(bytes));
|
|
|
|
else if (r2 != NULL)
|
|
|
|
len += snprintf(buf + len, sizeof(buf) - len,
|
|
|
|
" %s", r2);
|
|
|
|
if (elapsed != NULL)
|
|
|
|
len += snprintf(buf + len, sizeof(buf) - len,
|
|
|
|
" in %ld.%.03d seconds", elapsed->tv_sec,
|
|
|
|
(int)(elapsed->tv_usec / 1000));
|
|
|
|
if (error != NULL)
|
|
|
|
len += snprintf(buf + len, sizeof(buf) - len,
|
|
|
|
": %s", error);
|
|
|
|
syslog(LOG_INFO, "%s", buf);
|
1999-05-17 19:14:53 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2000-12-18 05:32:50 +03:00
|
|
|
/*
|
|
|
|
* syslog wu-ftpd style log entry, prefixed with "xferlog: "
|
|
|
|
*/
|
2002-02-11 14:45:07 +03:00
|
|
|
if (!doxferlog || bytes == -1)
|
2000-12-18 05:32:50 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
if (strcmp(command, "get") == 0)
|
|
|
|
direction = 'o';
|
|
|
|
else if (strcmp(command, "put") == 0 || strcmp(command, "append") == 0)
|
|
|
|
direction = 'i';
|
|
|
|
else
|
|
|
|
return;
|
1999-05-17 19:14:53 +04:00
|
|
|
|
2000-12-18 05:32:50 +03:00
|
|
|
time(&now);
|
|
|
|
syslog(LOG_INFO,
|
|
|
|
"xferlog%s: %.24s %ld %s " LLF " %s %c %s %c %c %s FTP 0 * %c",
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX: wu-ftpd puts (send) or (recv) in the syslog message, and removes
|
|
|
|
* the full date. This may be problematic for accurate log parsing,
|
|
|
|
* given that syslog messages don't contain the full date.
|
|
|
|
*/
|
|
|
|
#if 1 /* lukem's method; easier to convert to actual xferlog file */
|
|
|
|
"",
|
|
|
|
ctime(&now),
|
|
|
|
#else /* wu-ftpd's syslog method, with an extra unneeded space */
|
|
|
|
(direction == 'i') ? " (recv)" : " (send)",
|
|
|
|
"",
|
|
|
|
#endif
|
|
|
|
elapsed == NULL ? 0 : elapsed->tv_sec + (elapsed->tv_usec > 0),
|
|
|
|
remotehost,
|
2002-02-11 14:45:07 +03:00
|
|
|
(LLT) bytes,
|
2000-12-18 05:32:50 +03:00
|
|
|
r1,
|
|
|
|
type == TYPE_A ? 'a' : 'b',
|
|
|
|
"_", /* XXX: take conversions into account? */
|
|
|
|
direction,
|
|
|
|
|
|
|
|
curclass.type == CLASS_GUEST ? 'a' :
|
|
|
|
curclass.type == CLASS_CHROOT ? 'g' :
|
|
|
|
curclass.type == CLASS_REAL ? 'r' : '?',
|
|
|
|
|
|
|
|
curclass.type == CLASS_GUEST ? pw->pw_passwd : pw->pw_name,
|
|
|
|
error != NULL ? 'i' : 'c'
|
|
|
|
);
|
1999-05-17 19:14:53 +04:00
|
|
|
}
|
|
|
|
|
2000-11-30 05:59:11 +03:00
|
|
|
/*
|
2000-11-30 09:06:08 +03:00
|
|
|
* Determine if `password' is valid for user given in `pw'.
|
|
|
|
* Returns 2 if password expired, 1 if otherwise failed, 0 if ok
|
2000-11-30 05:59:11 +03:00
|
|
|
*/
|
|
|
|
int
|
2001-12-01 13:25:29 +03:00
|
|
|
checkpassword(const struct passwd *pwent, const char *password)
|
2000-11-30 05:59:11 +03:00
|
|
|
{
|
2000-11-30 09:06:08 +03:00
|
|
|
char *orig, *new;
|
|
|
|
time_t expire;
|
|
|
|
|
|
|
|
expire = 0;
|
2001-12-01 13:25:29 +03:00
|
|
|
if (pwent == NULL)
|
2000-11-30 09:06:08 +03:00
|
|
|
return 1;
|
|
|
|
|
2001-12-01 13:25:29 +03:00
|
|
|
orig = pwent->pw_passwd; /* save existing password */
|
|
|
|
expire = pwent->pw_expire;
|
2000-11-30 09:06:08 +03:00
|
|
|
|
|
|
|
if (orig[0] == '\0') /* don't allow empty passwords */
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
new = crypt(password, orig); /* encrypt given password */
|
|
|
|
if (strcmp(new, orig) != 0) /* compare */
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
if (expire && time(NULL) >= expire)
|
|
|
|
return 2; /* check if expired */
|
|
|
|
|
|
|
|
return 0; /* OK! */
|
2000-11-30 05:59:11 +03:00
|
|
|
}
|
|
|
|
|
1999-05-17 19:14:53 +04:00
|
|
|
char *
|
2000-05-20 06:20:18 +04:00
|
|
|
xstrdup(const char *s)
|
1999-05-17 19:14:53 +04:00
|
|
|
{
|
|
|
|
char *new = strdup(s);
|
|
|
|
|
|
|
|
if (new == NULL)
|
|
|
|
fatal("Local resource failure: malloc");
|
|
|
|
/* NOTREACHED */
|
|
|
|
return (new);
|
|
|
|
}
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* As per fprintf(), but increment total_bytes and total_bytes_out,
|
|
|
|
* by the appropriate amount.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
cprintf(FILE *fd, const char *fmt, ...)
|
|
|
|
{
|
|
|
|
off_t b;
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
|
|
|
b = vfprintf(fd, fmt, ap);
|
2001-09-24 17:22:25 +04:00
|
|
|
va_end(ap);
|
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
2000-06-19 19:15:03 +04:00
|
|
|
total_bytes += b;
|
|
|
|
total_bytes_out += b;
|
|
|
|
}
|