Commit Graph

69 Commits

Author SHA1 Message Date
ross dc5571b22e Generate <>& symbolically. I'm avoiding .../dist/... directories for now. 2002-02-08 01:21:55 +00:00
wiz d62151d8f4 Drop some unnecessary .Pps, sort SEE ALSO, whitespace nits. 2002-01-15 02:20:37 +00:00
lukem 6120411e0e set "upload guest on" in incoming example, even though it is the default 2001-10-13 13:50:18 +00:00
lukem 8262a6ac5a Expand description of shells(5) requirement.
Per PR [misc/13814] from Alexander Sorg.
2001-08-31 00:05:31 +00:00
lukem fe60c5801d Alan Barrett informs me that "advertise" (instead of "advertize") is
the norm even in American English.
2001-07-08 07:27:14 +00:00
lukem afa0abb87f s/tise/tize/ in docco, add "advertize" as synonym for "advertise" 2001-06-26 19:30:44 +00:00
lukem 5015048190 Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
  advertised to the client for PASV transfers. this may be useful in
  certain firewall/NAT environments.

  Feature requested in [bin/9606] by Scott Presnell.

* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
  `xferlog: '.  An example line from syslog (wrapped):
	Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
	2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c

  These messages can be converted to a wu-ftpd style xferlog file
  suitable for parsing with third-party tools with something like:
	grep 'xferlog: ' /var/log/xferlog | \
	    sed -e 's/^.*xferlog: //' >wuxferlog

  The format is the same as the wu-ftpd xferlog entries (with the leading
  syslog stuff), but different from the wu-ftpd syslogged xferlog entries
  because the latter is not as easy to convert into the standard xferlog
  file format.

  The choice to only syslog the xferlog messages rather than append to
  a /var/log/xferlog file was made because the latter doesn't work to
  well in the situation where the logfile is rotated and compressed and
  a long-running ftpd still has a file-descriptor to the now nonexistant
  xferlog file, and the log message will then get lost.

  Feature requested in [bin/11651] by Hubert Feyrer.


Fixes:

* In ftpd(8), clarify the -a and -c options.

* More clarifications in ftpd.conf(5).

* Ensure that all ftpd.conf commands set a parameter back to sane defaults
  if an argument of `none' or bad settings are given.

* Support the `chroot' directive for `REAL' users too (for consistency).

* For `GUEST' users, store the supplied password in pw->pw_passwd for use
  later in the xferlog.

* If show_chdir_messages() is given a code of -1, flush the cache of
  visited directories.  Invoke show_chdir_messages(-1) in end_login().

* Only syslog session stats if logging is requested.

* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().

* Use cprintf() instead of fprintf() where appropriate.

* Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 02:32:50 +00:00
lukem af83a0d7c4 fix typo 2000-12-01 07:59:47 +00:00
lukem 999fd3d617 - new ftpd.conf directives:
maxfilesize	set the maximum size of uploaded files
	sanenames	if set, only permit uploaded filenames that contain
			characters from the set "-+,._A-Za-z0-9" and that
			don't start with `.'

- new/changed command line options:
	-e emailaddr	define email address for %E (see below)
	-P dataport	use dataport as the dataport (instead of ctrlport-1)
	-q		use pid files to count users	[default]
	-Q		don't use pid files to count users
	-u		write entries to utmp
	-U		don't write entries to utmp	[default]
	-w		write entries to wtmp		[default]
	-W		don't write entries to wtmp

	  NOTE:	-U used to mean `write utmp entries'. Its meaning has changed
		so that it's orthogonal with -q/-Q and -w/-W. This isn't
		considered a major problem, because using -U isn't going to
		enable something you don't want, but will disable something
		you did want (which is safer).

- new display file escape sequences:
	%E	email address
	%s	literal `s' if the previous %M or %N wasn't ``1''.
	%S	literal `S' if the previous %M or %N wasn't ``1''.

- expand the description of building ~ftp/incoming to cover the
  appropriate ftpd.conf(5) directives (which are defaults, but it pays
  to explicitly explain them)

- replace strsuftoi() with strsuftoll(), which returns a long long if
  supported, otherwise a long

- rework the way that check_modify and check_upload are done in the yacc
  parser; they're merged into a common check_write() function which is
  called explicitly

- merge all ftpclass `flag variables' into a single bitfield-based flag element

- move various common bits of parse_conf() into a couple of macros

- clean up some comments
2000-11-16 13:15:13 +00:00
lukem acd8ab456a wtmp is in /var/log not /var/run ... 2000-07-28 12:54:01 +00:00
lukem 8a5b724529 add support for -W; don't log to wtmp (orthogonal of -U which logs to utmp).
inspired by similar option in wuftpd.
2000-07-26 13:53:33 +00:00
lukem 0b392afc69 document /var/run/[uw]tmp, /var/run/ftpd.pids-CLASS 2000-07-26 13:45:52 +00:00
lukem d85f3bb159 * make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
  box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
  if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
  > IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
  file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
  ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
  merge). if root privs have been dropped, and this would be a port <
  IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
  but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
  in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
  for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 14:40:48 +00:00
lukem e3a2c5cc44 * add two new ftpd.conf(5) directives:
chroot	specify dir to chroot to for GUEST and CHROOT users, to
		override -a anondir or the user's homedir.
	homedir	specify dir to change to upon login; also used for ~ expansion
		and $HOME for subprocesses)
  both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
  into dst.
* rename format_file() to display_file()
2000-07-17 02:30:52 +00:00
lukem 4b70eef93f * add -H, which acts like -h `hostname`. (requested by kim@)
* refer to draft-ietf-ftpext-mlst-11 instead of -10
2000-07-15 03:45:19 +00:00
lukem 327792f9ed fix problems noted by <dogcow@redback.com> in [bin/10390] and private email:
* fix RATE{GET,PUT} under some situations when the client is slower than
  the server (something i missed when migrating the rate limiting code
  i wrote in ftp(1) to ftpd(8))
* document what units RATE{GET,PUT} use
2000-06-20 07:39:46 +00:00
lukem 73f082e2ea various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()

other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
  hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
  code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
  deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
  reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
  lreply(-2, ) or lreply(-1, ).
  now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
  of data connection (my ftp client now supports MLSD :-)
2000-06-19 15:15:03 +00:00
lukem a26448af43 major overhaul (just before netbsd 1.5 :-):
* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
  we already supported SIZE and MDTM. add the appropriate FEAT output lines.

* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c

* make dataconn(), feat(), lookup(), opts() and sizecmd() public

* modify struct tab so that it has a `flags' instead of `implemented' element,
  and remove the `hasopts' element.  If flags == 1, the command is implemented.
  if flags == 2, the command is implemented and takes options

* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")

* modify lreply() so that lreply(-2, ...) just outputs the given info without
  a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;

* enhance statcmd(). still needs work in the LPRT status stuff.

* crank version
2000-06-14 13:44:21 +00:00
itojun 6047a12c7b move IPv6 considerations into BUGS section 2000-05-16 00:59:12 +00:00
lukem ab88a15086 suppress verbose messages from CWD and post-login if the first
character of the anonymous password is `-'.
2000-01-13 00:04:31 +00:00
lukem 16e886121d features:
* add connection limits (`limit' keyword in ftpd.conf)
* move initialisation of curclass from parse_conf() to new function
  init_curclass()
* implement count_users(), which determines the number of users in a given
  class. a file - /var/run/ftpd.pids-<class> - is used to store a list
  of pids in use (effectively an array of pid_t's), and its size is reduced
  as necessary.
* new % modifiers in format_file:
	%c	class
	%M	maximum connection count
	%N	current connection count
* always end_login()s, even for refused connections

bugs fixed:
* remove \n from %T output
* fix some inconsistencies in the man pages
* ensure that both `ftp' *and* `anonymous' are allowed in ftpusers.
  (this was accidently broken in a recent commit to be ``or'' not ``and'')
* use MAXPATHLEN not MAXPATHLEN+1
* crank copyright date on modified files
* crank version
2000-01-08 11:09:56 +00:00
lukem 7543b77a8e * add back support for `-h hostname'; it still may be useful to override
the name advertised to the client, even if ftpd can determine it from
  the ip address that ftpd is bound to. requested by mrg.
* remove -4/-6; they were effectively no-ops since itojun's change in 1.75.
* crank version
1999-12-19 00:09:31 +00:00
lukem 6eff1df26e deprecate -h hostname in favour of automatic determination of local hostname.
this is a much cleaner solution for supporting multihomed virtual servers.
from Geoff C. Wing <gcw@pobox.com> in [bin/8137].
1999-12-18 06:33:54 +00:00
lukem 8aad99ce9d * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit

The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
  connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
1999-12-18 05:51:34 +00:00
lukem b5972a49fe install ftpusers(5) as ftpchroot(5). more cleanups 1999-12-16 07:05:18 +00:00
lukem e11b8f48c5 * add support for `-h hostname', which defines the hostname to advertise
as (useful for virtual ftp servers in conjunction with inetd.conf(5)'s
  ability to bind to a specific address).
  if this option is used, add `hostname' to the syslog messages.
* improve documentation of command-line options
* don't allow class names of `all' or `none' in ftpusers
1999-12-16 02:21:37 +00:00
lukem 6be4a7c9bd separate ftpd.conf(5) and ftpusers(5) out from ftpd(8).
xxx: still needs a bit of work
1999-12-16 01:16:04 +00:00
lukem 21d03121d3 * change format of /etc/ftpusers lines from
userglob [allow|deny]
  to
	userglob[@host] [allow|deny  [classname]]
  where class is a userdefined classname.
  - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
    hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
  - if classname is given, use that to match entries in ftpd.conf (defaults
    to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
    /etc/ftpchroot, and `real' for everyone else.

* implement new /etc/ftpd.conf directives:
    classtype classname type	set type of classname to GUEST, CHROOT, or REAL
    motd classname file		file to use instead of /etc/motd
    rateget classname rate	set rateget throttle to rate
    rateput classname rate	set rateput throttle to rate
    upload classname		allow/deny uploads (STOU, STOR, APPE). if
				denied, also acts as `modify deny'.

* implement new `SITE' commands:
    RATEGET	as per /etc/ftpd.conf rateget, but cannot exceed that
    RATEPUT	as per /etc/ftpd.conf rateput, but cannot exceed that

* implement format_file(), which outputs a file to the user, parsing %
  escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.

* implement strsuftoi() (from ftp(1)), which parses a number and
  optional suffix (for use with rateget, etc)

* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
  we don't need reserved ports (at wasn't getting them anyway).

* update & reorder copyrights

* use strlcpy() as appropriate
1999-12-12 14:05:54 +00:00
hubertf 0baca35ee5 Document setup of "ftp-only" non-anonymous accounts.
Suggested by Thilo Manske <Thilo.Manske@HEH.Uni-Oldenburg.DE>,
approved by Luke Mewburn <lukem@netbsd.org>
1999-08-02 00:44:59 +00:00
itojun 542bd3ceb5 handle IPv4 TCP control connection, toward AF_INET6 socket.
this happens when you have the following line in inetd.conf,
but not with tcp4 line:
>>>ftp  stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-27 15:41:49 +00:00
itojun e983200c64 make LPRT on IPv4 work.
make LPSV on IPv6 work.
1999-07-11 20:03:41 +00:00
itojun 2005cef66b typo fix: s/LPSV/LPRT/ 1999-07-02 05:54:21 +00:00
itojun c9b3e3ad3d dual-stack ftpd. run this from inetd, like:
>>ftp  stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 05:52:14 +00:00
lukem 25cf35a4f3 features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
  summary is displayed upon exit (and syslogged).  inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
  should remove the majority of the `hanging ftpd' problems that
  people were still seeing.  inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
  chroot()ed area for `LIST' to work.  based on [bin/4497] from
  "Soren S.  Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
  with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.

internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
  use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
  means ``send line with 4 space prefix''. don't print a space after
  the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
  for more flexible error reporting
1999-05-17 15:14:53 +00:00
garbled f124765044 More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages.  Many more to
come.
1999-03-22 18:25:43 +00:00
lukem 00007d07d6 * actually commit the changes which add support for recognising RFC 2228
commands (even if we don't do anything with them)
* in logcmd(), syslog why realpath() failed (if it did).
1999-02-05 21:40:49 +00:00
hubertf b3ab3ca1cd Fix typo, per PR 6457 by Geoff C. Wing <gcw@pobox.com> 1998-11-18 13:32:17 +00:00
msaitoh 4a3d3570f1 s/a a/a/ 1998-11-17 16:00:28 +00:00
lukem 29ed71b169 new features:
* implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM.
  OPTS only works on NOOP (as a test).
* extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry
  can take an optional trailing `yes' or `no' which indicates if
  chroot should be done (defaults to `yes').
  based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769]

cleanups/bugs:
* reorder and reformat entries in yacc parser to match cmdtab[].
  add a blank line between each rule.
* add short hasopts and char *options to struct tab, to support OPTS.
* deprecate upper(); use strcasecmp() instead of strcmp()
* remove unnecessary for (;;) { } in yylex();
* replace copy() and sgetsave() with xstrdup()
* fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 08:11:20 +00:00
lukem cf3263f735 * implement NOARGS state, for commands which don't take any arguments.
fixes long standing ftpd bug where two replies would be returned
  to the client if a command was flagged as accepting `ARGS' but the
  parser didn't know how to cope. obvious symptom of this would be
  ftp client is always one error message `behind' the server.
* consistently refer to the RFC as `RFC 959' not `RFC959' or `RFC-959',
  and replace refs to RFC 765 with RFC 959.
* change order of commands in cmdtab[] to: RFC 959, BSD extras, and obsolete.
* whitespace police, deprecate register, replace malloc/strcpy with strdup
1998-09-05 17:33:00 +00:00
lukem 74b52f1ba3 remove Extraneous .El call which caused formatting problem 1998-07-13 09:18:14 +00:00
tv e3ab20461f Add the ability to disable passive connects in ftpd.conf (breaks RFC1123,
STD3, but needed in some firewall environments).
1998-06-30 20:18:52 +00:00
msaitoh 10171df916 add "-s" flag (like telnetd and login) 1998-06-26 18:12:00 +00:00
lukem fc90756956 Implement a new manual page category ``SECURITY CONSIDERATIONS''
(suggested by mycroft)
1998-06-08 12:41:41 +00:00
lukem 9c9d43e6b5 support displaying the stderr output from a LIST or a conversion to
the user at the end of a transfer.
this generates a file in /tmp, so anonymous requires a
writable ~ftp/tmp, which you may not want to do (because it may
allow people to unwanted upload files).

XXX:	a better method of storing the stderr output would be nice, but
	is a lot more effort to implement. this feature can at least be
	used temporarily whilst debugging why an ftp conversion doesn't
	work.
1998-06-08 07:13:13 +00:00
fair 5ce6614a4f fix bad .Xr references 1998-04-29 08:33:11 +00:00
fair dc026e0515 Change occurrences of "UNIX" to .Ux or .At as appropriate. 1998-04-28 06:00:51 +00:00
cjs 0fb549738e Disable RNFR command for guest users so that they can't rename (and thus
also overwrite!) files.
1998-02-13 17:15:53 +00:00
mrg c3d9fda2c3 expand on the checkportcmd option. 1998-01-23 00:56:55 +00:00
lukem 1e03f65c0d clarify /etc/ftpwelcome is shown *before* login 1997-12-31 02:43:54 +00:00