Commit Graph

76 Commits

Author SHA1 Message Date
lukem b018fb8971 Don't declare "yylex()" static; AFAICT it shouldn't be, and it causes
build problems with the output of some versions of yacc.
2003-03-03 02:14:57 +00:00
lukem 2cc6fff994 Fix typos accidentally introduced in rev 1.70 as part of the large
number support.
(NetBSD yacc didn't barf on these, although Solaris and HP/UX's did...)
2003-03-03 01:52:13 +00:00
lukem 6c12b8f0d2 use LLT and STRTOLL() instead of off_t and strtoull() for parsing the
"larger than int" arguments from commands.  improves portability.
2003-02-24 12:57:06 +00:00
lukem 6d15ebd30b Fixes from Dmitry Sivachenko <demon@freebsd.org>:
- always set "curname" to something appropriate (even when logging is
  not in effect).
- fix usage for "PORT" command
2003-01-22 04:33:35 +00:00
lukem ee2d1afbb4 - convert to using libc's strsuftoll(3)
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out:  mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 14:39:59 +00:00
darrenr 672b9a1044 * enclose unknown command strings inside a pair of 's to clearly mark the
text as being the 'whole' part received.
* change a HELP reply from 214 to 504 when there is an error looking for
  help on a command.
2002-10-12 08:35:16 +00:00
lukem a4449882c6 - Change lexer to support numbers > 2^31-1 (stored in an off_t), and allow
RESTart to use the larger numbers.
  Fix from Maxim Konovalov <maxim@freebsd.org>
- Update version
- Minor whitespace changes
2002-07-02 02:18:01 +00:00
tv bfa5cd6608 We really, actually, positively want to apply the ftpd.conf "passive"
option to all possible *PSV commands.  Some ftp servers are simply not
capable of passive connections, hence the option....
2002-06-30 04:54:43 +00:00
lukem e6e31891a4 crank copyright 2002-06-15 03:40:28 +00:00
lukem bd1b663668 Implement "SITE UMASK" `enabled command' check with (modified)
check_write(), so that a user who has modify disabled gets an error
message rather than a hung connection.
Noted by M.J. Rutter <mjr19@cus.cam.ac.uk> in private email.
2002-06-15 03:36:47 +00:00
lukem 3a491eda3c - enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2
2001-12-01 10:25:29 +00:00
lukem 7e903ba2b0 crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
2001-04-25 01:46:25 +00:00
lukem 7ee956fdcc use own code instead of bother with glob() to do ~ expansion in pathname;
there's no need to support glob wildcards in this case when it's not expanded
here in the non-~ case
2001-04-17 01:37:04 +00:00
lukem 6443de4b8e limit the number of matches in a ~ pathname glob, and complain if more
than one path is matched.
2001-04-17 00:59:58 +00:00
lukem 748a2d7987 minor knf post aidan's oob rototill 2001-04-12 02:28:59 +00:00
itojun 11b51ed9c6 make checkportcmd address family independent, and correct IPv4 case. PR 12558. 2001-04-10 01:41:18 +00:00
aidan 7f74ad2bfd As threatened, handle OOB commands from within ftpcmd.y.
This involved changing the yacc syntax to be line-oriented, rather than
having it run against the entire input at once, and adding a flag to
struct tab, to indicate if or not it's acceptable for a command to occur
OOB.
2001-04-01 23:04:30 +00:00
lukem 5015048190 Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
  advertised to the client for PASV transfers. this may be useful in
  certain firewall/NAT environments.

  Feature requested in [bin/9606] by Scott Presnell.

* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
  `xferlog: '.  An example line from syslog (wrapped):
	Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
	2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c

  These messages can be converted to a wu-ftpd style xferlog file
  suitable for parsing with third-party tools with something like:
	grep 'xferlog: ' /var/log/xferlog | \
	    sed -e 's/^.*xferlog: //' >wuxferlog

  The format is the same as the wu-ftpd xferlog entries (with the leading
  syslog stuff), but different from the wu-ftpd syslogged xferlog entries
  because the latter is not as easy to convert into the standard xferlog
  file format.

  The choice to only syslog the xferlog messages rather than append to
  a /var/log/xferlog file was made because the latter doesn't work to
  well in the situation where the logfile is rotated and compressed and
  a long-running ftpd still has a file-descriptor to the now nonexistant
  xferlog file, and the log message will then get lost.

  Feature requested in [bin/11651] by Hubert Feyrer.


Fixes:

* In ftpd(8), clarify the -a and -c options.

* More clarifications in ftpd.conf(5).

* Ensure that all ftpd.conf commands set a parameter back to sane defaults
  if an argument of `none' or bad settings are given.

* Support the `chroot' directive for `REAL' users too (for consistency).

* For `GUEST' users, store the supplied password in pw->pw_passwd for use
  later in the xferlog.

* If show_chdir_messages() is given a code of -1, flush the cache of
  visited directories.  Invoke show_chdir_messages(-1) in end_login().

* Only syslog session stats if logging is requested.

* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().

* Use cprintf() instead of fprintf() where appropriate.

* Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 02:32:50 +00:00
lukem be437fb5c3 - move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
  latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
  support if this is to be used on NetBSD.
2000-11-30 02:59:11 +00:00
lukem a1d4e29274 - ensure all uses of AF_INET6 are wrapped in #ifdef INET6
- don't define `ALL' as a token twice in the grammar
2000-11-28 09:31:29 +00:00
lukem 999fd3d617 - new ftpd.conf directives:
maxfilesize	set the maximum size of uploaded files
	sanenames	if set, only permit uploaded filenames that contain
			characters from the set "-+,._A-Za-z0-9" and that
			don't start with `.'

- new/changed command line options:
	-e emailaddr	define email address for %E (see below)
	-P dataport	use dataport as the dataport (instead of ctrlport-1)
	-q		use pid files to count users	[default]
	-Q		don't use pid files to count users
	-u		write entries to utmp
	-U		don't write entries to utmp	[default]
	-w		write entries to wtmp		[default]
	-W		don't write entries to wtmp

	  NOTE:	-U used to mean `write utmp entries'. Its meaning has changed
		so that it's orthogonal with -q/-Q and -w/-W. This isn't
		considered a major problem, because using -U isn't going to
		enable something you don't want, but will disable something
		you did want (which is safer).

- new display file escape sequences:
	%E	email address
	%s	literal `s' if the previous %M or %N wasn't ``1''.
	%S	literal `S' if the previous %M or %N wasn't ``1''.

- expand the description of building ~ftp/incoming to cover the
  appropriate ftpd.conf(5) directives (which are defaults, but it pays
  to explicitly explain them)

- replace strsuftoi() with strsuftoll(), which returns a long long if
  supported, otherwise a long

- rework the way that check_modify and check_upload are done in the yacc
  parser; they're merged into a common check_write() function which is
  called explicitly

- merge all ftpclass `flag variables' into a single bitfield-based flag element

- move various common bits of parse_conf() into a couple of macros

- clean up some comments
2000-11-16 13:15:13 +00:00
lukem f62aa6c8ac changes to improve portability:
* replace union sockunion {} with struct sockinet {}, and modify the code
  accordingly. this is possibly more portable, as it doesn't rely upon
  the structure alignment within the union for our own stuff.  uses local
  su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4)
  (XXX: haven't tested the ipv6 stuff)
* always use getaddrinfo() and getnameinfo() instead of maintaining two code
  paths. (lukemftpd will provide replacements for these on older systems)
* use lockf() instead of open(.., O_EXLOCK) to lock the pid file
* minor KNF
* clean up long long support: create helper #defines and use as appropriate:
        #define		NO_LONG_LONG	! NO_LONG_LONG
        -------		------------	--------------
        LLF		"%ld"		"%lld"
        LLFP(x)		"%" x "ld"	"%" x "lld"
        LLT		long		long long
        ULLF		"%lu"		"%llu"
        ULLFP(x)	"%" x "lu"	"%" x "llu"
        ULLT		unsigned long	unsigned long long
        STRTOLL(x,y,z)	strtol(x,y,z)	strtoll(x,y,z)
2000-11-15 02:32:30 +00:00
itojun 1e256e9927 - improve RFC2428 conformance.
return 522 on unknown protocol identifier on EPRT.
- clarify EPSV/EPRT/LPSV/LPRT behavior.
- repair memory leak and lack of boundary check on EPRT.
- make sure we do not resolve DNS on EPRT.
sync with kame.
2000-11-13 11:50:46 +00:00
christos 0dec1c64f5 Make this compile again without -DINET6 and without get{addr,name}info(3)
This ftpd now compiles and runs on NetBSD/1.4.2 with:

CPPFLAGS+= \
    '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \
    '-Dstrlcat=strncat' \
    '-Dsl_add(a,b)=(sl_add(a,b),0)'
2000-09-15 14:55:16 +00:00
lukem d85f3bb159 * make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
  box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
  if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
  > IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
  file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
  ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
  merge). if root privs have been dropped, and this would be a port <
  IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
  but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
  in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
  for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 14:40:48 +00:00
lukem e3a2c5cc44 * add two new ftpd.conf(5) directives:
chroot	specify dir to chroot to for GUEST and CHROOT users, to
		override -a anondir or the user's homedir.
	homedir	specify dir to change to upon login; also used for ~ expansion
		and $HOME for subprocesses)
  both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
  into dst.
* rename format_file() to display_file()
2000-07-17 02:30:52 +00:00
lukem 4b70eef93f * add -H, which acts like -h `hostname`. (requested by kim@)
* refer to draft-ietf-ftpext-mlst-11 instead of -10
2000-07-15 03:45:19 +00:00
sommerfeld 6f0015c48f More format paranoia. 2000-07-08 18:24:28 +00:00
lukem 73f082e2ea various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()

other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
  hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
  code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
  deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
  reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
  lreply(-2, ) or lreply(-1, ).
  now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
  of data connection (my ftp client now supports MLSD :-)
2000-06-19 15:15:03 +00:00
lukem a26448af43 major overhaul (just before netbsd 1.5 :-):
* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
  we already supported SIZE and MDTM. add the appropriate FEAT output lines.

* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c

* make dataconn(), feat(), lookup(), opts() and sizecmd() public

* modify struct tab so that it has a `flags' instead of `implemented' element,
  and remove the `hasopts' element.  If flags == 1, the command is implemented.
  if flags == 2, the command is implemented and takes options

* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")

* modify lreply() so that lreply(-2, ...) just outputs the given info without
  a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;

* enhance statcmd(). still needs work in the LPRT status stuff.

* crank version
2000-06-14 13:44:21 +00:00
lukem dcc88422ad convert to ANSI C as per style guide 2000-05-20 02:20:18 +00:00
lukem f318090c60 * don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
2000-03-05 06:12:19 +00:00
lukem c8493e9499 * add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
  from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
  consistent.
2000-01-12 22:39:27 +00:00
lukem 80ca00b8cd trivial simplification 1999-12-21 12:52:18 +00:00
lukem 8aad99ce9d * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit

The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
  connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
1999-12-18 05:51:34 +00:00
lukem 21d03121d3 * change format of /etc/ftpusers lines from
userglob [allow|deny]
  to
	userglob[@host] [allow|deny  [classname]]
  where class is a userdefined classname.
  - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
    hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
  - if classname is given, use that to match entries in ftpd.conf (defaults
    to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
    /etc/ftpchroot, and `real' for everyone else.

* implement new /etc/ftpd.conf directives:
    classtype classname type	set type of classname to GUEST, CHROOT, or REAL
    motd classname file		file to use instead of /etc/motd
    rateget classname rate	set rateget throttle to rate
    rateput classname rate	set rateput throttle to rate
    upload classname		allow/deny uploads (STOU, STOR, APPE). if
				denied, also acts as `modify deny'.

* implement new `SITE' commands:
    RATEGET	as per /etc/ftpd.conf rateget, but cannot exceed that
    RATEPUT	as per /etc/ftpd.conf rateput, but cannot exceed that

* implement format_file(), which outputs a file to the user, parsing %
  escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.

* implement strsuftoi() (from ftp(1)), which parses a number and
  optional suffix (for use with rateget, etc)

* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
  we don't need reserved ports (at wasn't getting them anyway).

* update & reorder copyrights

* use strlcpy() as appropriate
1999-12-12 14:05:54 +00:00
lukem 397e2cfc53 * change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
  generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
  tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
  (to take advantage of the above changes).  fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
1999-12-07 05:30:53 +00:00
tron e93ada44ca Don't use undefined C expression. Patch supplied by David A. Holland
in PR bin/8534.
1999-10-04 17:36:52 +00:00
simonb 1484ad8872 In the command table, remove a trailing comma and make white space
consistant.
1999-09-06 06:01:44 +00:00
itojun b59b162709 ftpd(8): Copy sin6_scope_id from control connection to active data
connection destination, hoping this to help ftpd's behavior with
scoped IPv6 addresses.
I'm not sure if it is the right way, but it is the best way available to us.
LPRT or EPRT command gives no information about which interface (or scope)
to be used for new data connection.

ftp(1): On data connection establishment, warn if scoped address is used.
If peer (ftp daemon) does not handle scoped address, data connection
may not work right.

This seems to be sort of protocol spec hole, not implementation issue.
1999-09-01 05:03:41 +00:00
christos a4c5e0c550 Make this compile with krb5. 1999-08-25 16:23:52 +00:00
itojun 12fc4fc055 more sanity check on LPRT. 1999-07-11 20:09:23 +00:00
itojun e983200c64 make LPRT on IPv4 work.
make LPSV on IPv6 work.
1999-07-11 20:03:41 +00:00
itojun 3496d3aba4 close data socket when new EPRT command comes. 1999-07-02 07:11:36 +00:00
itojun c9b3e3ad3d dual-stack ftpd. run this from inetd, like:
>>ftp  stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 05:52:14 +00:00
lukem 9daa8df4fa move stuff around, so the `thank you' message is counted in the
syslogged bytecount.
1999-05-26 13:30:10 +00:00
ross f0923ed12e * Cast %q[ud] arguments to fix ILP32/LP64 off_t variation.
* Fix bug in 213 reply: correct ordering of format string args.
1999-05-24 21:57:19 +00:00
ross 0d2425a0c8 LP64ize %q use. 1999-05-24 21:18:03 +00:00
lukem 4b2b2847cc * fix a problem in retrieve() where arguments to commands weren't working
(this was broken in the last commit). problem noticed by simonb@
* don't display the stderr output of the internal ls.
* modify usage of lreply so that generally only one `XXX-' code per
  `block' is displayed; the rest of the lines have four spaces instead.
  i find this easier to read.
* fix a couple places where byte accounting wasn't correct
1999-05-18 08:14:17 +00:00
lukem 25cf35a4f3 features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
  summary is displayed upon exit (and syslogged).  inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
  should remove the majority of the `hanging ftpd' problems that
  people were still seeing.  inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
  chroot()ed area for `LIST' to work.  based on [bin/4497] from
  "Soren S.  Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
  with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.

internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
  use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
  means ``send line with 4 space prefix''. don't print a space after
  the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
  for more flexible error reporting
1999-05-17 15:14:53 +00:00