- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
- 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER
command instead of the PASS command. whilst this might provide some
info leakage of accounts names if you have some `real' or `chroot'
users enabled and not others, it does prevent accidental entering of
such passwords if you have all such users denied. This option is
strongly recommended on anonymous-only servers.
Functionality requested by Rob Windsor in [bin/12602]
- 'private'; don't display class related information in the output of STAT.
For paranoid admins.
* Add ftpd.conf(5) directive `advertise'; change the address that is
advertised to the client for PASV transfers. this may be useful in
certain firewall/NAT environments.
Feature requested in [bin/9606] by Scott Presnell.
* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
`xferlog: '. An example line from syslog (wrapped):
Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c
These messages can be converted to a wu-ftpd style xferlog file
suitable for parsing with third-party tools with something like:
grep 'xferlog: ' /var/log/xferlog | \
sed -e 's/^.*xferlog: //' >wuxferlog
The format is the same as the wu-ftpd xferlog entries (with the leading
syslog stuff), but different from the wu-ftpd syslogged xferlog entries
because the latter is not as easy to convert into the standard xferlog
file format.
The choice to only syslog the xferlog messages rather than append to
a /var/log/xferlog file was made because the latter doesn't work to
well in the situation where the logfile is rotated and compressed and
a long-running ftpd still has a file-descriptor to the now nonexistant
xferlog file, and the log message will then get lost.
Feature requested in [bin/11651] by Hubert Feyrer.
Fixes:
* In ftpd(8), clarify the -a and -c options.
* More clarifications in ftpd.conf(5).
* Ensure that all ftpd.conf commands set a parameter back to sane defaults
if an argument of `none' or bad settings are given.
* Support the `chroot' directive for `REAL' users too (for consistency).
* For `GUEST' users, store the supplied password in pw->pw_passwd for use
later in the xferlog.
* If show_chdir_messages() is given a code of -1, flush the cache of
visited directories. Invoke show_chdir_messages(-1) in end_login().
* Only syslog session stats if logging is requested.
* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().
* Use cprintf() instead of fprintf() where appropriate.
* Minor KNF, and make a couple of functions static that were declared static.
maxfilesize set the maximum size of uploaded files
sanenames if set, only permit uploaded filenames that contain
characters from the set "-+,._A-Za-z0-9" and that
don't start with `.'
- new/changed command line options:
-e emailaddr define email address for %E (see below)
-P dataport use dataport as the dataport (instead of ctrlport-1)
-q use pid files to count users [default]
-Q don't use pid files to count users
-u write entries to utmp
-U don't write entries to utmp [default]
-w write entries to wtmp [default]
-W don't write entries to wtmp
NOTE: -U used to mean `write utmp entries'. Its meaning has changed
so that it's orthogonal with -q/-Q and -w/-W. This isn't
considered a major problem, because using -U isn't going to
enable something you don't want, but will disable something
you did want (which is safer).
- new display file escape sequences:
%E email address
%s literal `s' if the previous %M or %N wasn't ``1''.
%S literal `S' if the previous %M or %N wasn't ``1''.
- expand the description of building ~ftp/incoming to cover the
appropriate ftpd.conf(5) directives (which are defaults, but it pays
to explicitly explain them)
- replace strsuftoi() with strsuftoll(), which returns a long long if
supported, otherwise a long
- rework the way that check_modify and check_upload are done in the yacc
parser; they're merged into a common check_write() function which is
called explicitly
- merge all ftpclass `flag variables' into a single bitfield-based flag element
- move various common bits of parse_conf() into a couple of macros
- clean up some comments
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
chroot specify dir to chroot to for GUEST and CHROOT users, to
override -a anondir or the user's homedir.
homedir specify dir to change to upon login; also used for ~ expansion
and $HOME for subprocesses)
both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
into dst.
* rename format_file() to display_file()
* fix RATE{GET,PUT} under some situations when the client is slower than
the server (something i missed when migrating the rate limiting code
i wrote in ftp(1) to ftpd(8))
* document what units RATE{GET,PUT} use
of the port range used by passive connections. based on work in [bin/9158]
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
consistent.
template class [refclass]
following directives for refclass will apply to class as well.
this makes setting up a `template' class with many default settings
easy, whilst allowing for class-specific overrides
* prevent crash when the optional limitfile wasn't given to limit
* document count_users()
* document default setting of limit in ftpd.conf(5)
* crank version
* add connection limits (`limit' keyword in ftpd.conf)
* move initialisation of curclass from parse_conf() to new function
init_curclass()
* implement count_users(), which determines the number of users in a given
class. a file - /var/run/ftpd.pids-<class> - is used to store a list
of pids in use (effectively an array of pid_t's), and its size is reduced
as necessary.
* new % modifiers in format_file:
%c class
%M maximum connection count
%N current connection count
* always end_login()s, even for refused connections
bugs fixed:
* remove \n from %T output
* fix some inconsistencies in the man pages
* ensure that both `ftp' *and* `anonymous' are allowed in ftpusers.
(this was accidently broken in a recent commit to be ``or'' not ``and'')
* use MAXPATHLEN not MAXPATHLEN+1
* crank copyright date on modified files
* crank version
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit
The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1