Commit Graph

353 Commits

Author SHA1 Message Date
itojun
0a52851e32 we can assume presense of getaddrinfo.
use NI_MAXHOST for the hostname buffer used with getnameinfo.
2000-11-15 04:07:07 +00:00
lukem
f62aa6c8ac changes to improve portability:
* replace union sockunion {} with struct sockinet {}, and modify the code
  accordingly. this is possibly more portable, as it doesn't rely upon
  the structure alignment within the union for our own stuff.  uses local
  su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4)
  (XXX: haven't tested the ipv6 stuff)
* always use getaddrinfo() and getnameinfo() instead of maintaining two code
  paths. (lukemftpd will provide replacements for these on older systems)
* use lockf() instead of open(.., O_EXLOCK) to lock the pid file
* minor KNF
* clean up long long support: create helper #defines and use as appropriate:
        #define		NO_LONG_LONG	! NO_LONG_LONG
        -------		------------	--------------
        LLF		"%ld"		"%lld"
        LLFP(x)		"%" x "ld"	"%" x "lld"
        LLT		long		long long
        ULLF		"%lu"		"%llu"
        ULLFP(x)	"%" x "lu"	"%" x "llu"
        ULLT		unsigned long	unsigned long long
        STRTOLL(x,y,z)	strtol(x,y,z)	strtoll(x,y,z)
2000-11-15 02:32:30 +00:00
itojun
b55bfbac42 correct result code on invalid port number against EPRT. 2000-11-13 15:11:57 +00:00
itojun
d9ff63c241 plug memory leak 2000-11-13 11:52:41 +00:00
itojun
1e256e9927 - improve RFC2428 conformance.
return 522 on unknown protocol identifier on EPRT.
- clarify EPSV/EPRT/LPSV/LPRT behavior.
- repair memory leak and lack of boundary check on EPRT.
- make sure we do not resolve DNS on EPRT.
sync with kame.
2000-11-13 11:50:46 +00:00
lukem
674d9fad57 slight cleanup of line syntax 2000-11-07 07:01:54 +00:00
lukem
c96b945602 slight rework 2000-11-07 06:58:08 +00:00
lukem
1ae178427f reorganise slightly to make it more obvious what the actual syntax of
a configuration line is.
2000-11-07 06:51:13 +00:00
jdolecek
ca98463029 call setlogin() before dropping root privileges, so that process
would have correct p_login value
2000-09-28 17:49:06 +00:00
christos
0dec1c64f5 Make this compile again without -DINET6 and without get{addr,name}info(3)
This ftpd now compiles and runs on NetBSD/1.4.2 with:

CPPFLAGS+= \
    '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \
    '-Dstrlcat=strncat' \
    '-Dsl_add(a,b)=(sl_add(a,b),0)'
2000-09-15 14:55:16 +00:00
martin
a140a79b5c Fixed s/key compile bug. 2000-07-29 08:20:02 +00:00
lukem
acd8ab456a wtmp is in /var/log not /var/run ... 2000-07-28 12:54:01 +00:00
lukem
8a5b724529 add support for -W; don't log to wtmp (orthogonal of -U which logs to utmp).
inspired by similar option in wuftpd.
2000-07-26 13:53:33 +00:00
lukem
0b392afc69 document /var/run/[uw]tmp, /var/run/ftpd.pids-CLASS 2000-07-26 13:45:52 +00:00
lukem
d85f3bb159 * make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
  box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
  if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
  > IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
  file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
  ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
  merge). if root privs have been dropped, and this would be a port <
  IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
  but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
  in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
  for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
2000-07-23 14:40:48 +00:00
lukem
e3a2c5cc44 * add two new ftpd.conf(5) directives:
chroot	specify dir to chroot to for GUEST and CHROOT users, to
		override -a anondir or the user's homedir.
	homedir	specify dir to change to upon login; also used for ~ expansion
		and $HOME for subprocesses)
  both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
  into dst.
* rename format_file() to display_file()
2000-07-17 02:30:52 +00:00
lukem
4b70eef93f * add -H, which acts like -h hostname. (requested by kim@)
* refer to draft-ietf-ftpext-mlst-11 instead of -10
2000-07-15 03:45:19 +00:00
lukem
551a7c78c6 base64_encode(): separate out the special case for the last 2 bytes, and
be a bit safer with signed chars. per discussion with kre.
2000-07-10 22:41:17 +00:00
lukem
9968cfa298 - base64_encode(): fix garbled output due to fencepost error. output now
appears to match that of 'mimencode' (from metamail).
  problem noted by kre@munnari.oz.au.
- fact_unique(): encode a combined dev_t+ino_t chunk rather than separate bits
2000-07-09 14:26:34 +00:00
lukem
e2851fe6dc setproctitle(), and for any other printf variants, it is not a good idea
to pass variable directly like foo(x).  use foo("%s", x) to avoid misuse.
from: openbsd
2000-07-09 14:18:08 +00:00
sommerfeld
eac5778e83 More -Wformat cleanups. 2000-07-09 02:24:30 +00:00
sommerfeld
6f0015c48f More format paranoia. 2000-07-08 18:24:28 +00:00
itojun
d7dc7d22d1 setproctitle(), and for any other printf variants, it is not a good idea
to pass variable directly like foo(x).  use foo("%s", x) to avoid misuse.
from: openbsd
2000-07-05 22:15:04 +00:00
matt
9bf906d2e1 Make things builds with GCC 2.96 2000-07-03 03:34:25 +00:00
lukem
327792f9ed fix problems noted by <dogcow@redback.com> in [bin/10390] and private email:
* fix RATE{GET,PUT} under some situations when the client is slower than
  the server (something i missed when migrating the rate limiting code
  i wrote in ftp(1) to ftpd(8))
* document what units RATE{GET,PUT} use
2000-06-20 07:39:46 +00:00
thorpej
e7d6b96938 Merge a bunch of things from crypto-us and crypto-intl into basesrc,
adding support for Heimdal/KTH Kerberos where easy to do so.  Eliminate
bsd.crypto.mk.

There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
2000-06-20 06:00:24 +00:00
lukem
13067569df rewrite method of traversing facttab[]; use size of list to terminate
not NULL terminated entry (since we need to know the size of other
reasons...)
2000-06-19 17:08:05 +00:00
lukem
73f082e2ea various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()

other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
  hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
  code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
  deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
  reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
  lreply(-2, ) or lreply(-1, ).
  now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
  of data connection (my ftp client now supports MLSD :-)
2000-06-19 15:15:03 +00:00
explorer
f8eb6433b2 include <krb5/krb5.h> before including extern.h, so krb5_context is defined 2000-06-16 23:17:41 +00:00
itojun
1e949e404d correct LPSV/LPRT display on STAT command.
(did not crank the version since the change is on the same day)
2000-06-14 13:55:15 +00:00
lukem
a26448af43 major overhaul (just before netbsd 1.5 :-):
* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
  we already supported SIZE and MDTM. add the appropriate FEAT output lines.

* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c

* make dataconn(), feat(), lookup(), opts() and sizecmd() public

* modify struct tab so that it has a `flags' instead of `implemented' element,
  and remove the `hasopts' element.  If flags == 1, the command is implemented.
  if flags == 2, the command is implemented and takes options

* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")

* modify lreply() so that lreply(-2, ...) just outputs the given info without
  a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;

* enhance statcmd(). still needs work in the LPRT status stuff.

* crank version
2000-06-14 13:44:21 +00:00
explorer
6a07b80d26 make this compile with KERBEROS5 defined. Note: only one of KERBEROS or KERBEROS5 may be defined in this file... 2000-06-02 14:47:19 +00:00
fredb
5c0f4694d6 Make this build again with crypto-us, after recent changes to k{,5}login.c. 2000-06-02 00:19:04 +00:00
lukem
8f1cd9886e Clarify the meaning of `directive', as requested in [security/10229]
by Klaus Klein <kleink@uni-trier.de>
2000-05-30 23:53:37 +00:00
itojun
bcae82da01 add comment on IPv4 mapped address twist 2000-05-30 05:31:31 +00:00
lukem
18be3cd981 - Always close(pdata) if it was a valid filedescriptor before setting it to -1.
Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>,
  (part of which already had been solved by itojun a while ago), and provided
  patch covered most of the fixes needed. (Thanks Takahiro!)
- Consistently indent goto labels by one space.
2000-05-20 23:34:55 +00:00
lukem
dcc88422ad convert to ANSI C as per style guide 2000-05-20 02:20:18 +00:00
itojun
6047a12c7b move IPv6 considerations into BUGS section 2000-05-16 00:59:12 +00:00
lukem
c8c9e77cbf only define _DEFAULT_CONFDIR if not set. (allows compile-time override) 2000-03-06 21:42:26 +00:00
lukem
f318090c60 * don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
2000-03-05 06:12:19 +00:00
aidan
492312b9ed Move include/kerberosIV/com_err.h to include/com_err.h 2000-02-14 03:26:06 +00:00
lukem
ab88a15086 suppress verbose messages from CWD and post-login if the first
character of the anonymous password is `-'.
2000-01-13 00:04:31 +00:00
lukem
c8493e9499 * add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
  from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
  consistent.
2000-01-12 22:39:27 +00:00
lukem
559037c273 fix problem where ftpd.conf lines would match everything if there was
no template defined. noted by Vebjorn Ljosa <ljosa@initio.no>
2000-01-10 08:03:50 +00:00
lukem
7e80378800 * new ftpd.conf directive:
template class [refclass]
  following directives for refclass will apply to class as well.
  this makes setting up a `template' class with many default settings
  easy, whilst allowing for class-specific overrides
* prevent crash when the optional limitfile wasn't given to limit
* document count_users()
* document default setting of limit in ftpd.conf(5)
* crank version
2000-01-09 10:08:45 +00:00
lukem
61ee60248e reference usr/share/examples/ftpd/ftpusers 2000-01-08 13:36:28 +00:00
lukem
584b0757f6 missing "." on reply 2000-01-08 11:14:36 +00:00
lukem
16e886121d features:
* add connection limits (`limit' keyword in ftpd.conf)
* move initialisation of curclass from parse_conf() to new function
  init_curclass()
* implement count_users(), which determines the number of users in a given
  class. a file - /var/run/ftpd.pids-<class> - is used to store a list
  of pids in use (effectively an array of pid_t's), and its size is reduced
  as necessary.
* new % modifiers in format_file:
	%c	class
	%M	maximum connection count
	%N	current connection count
* always end_login()s, even for refused connections

bugs fixed:
* remove \n from %T output
* fix some inconsistencies in the man pages
* ensure that both `ftp' *and* `anonymous' are allowed in ftpusers.
  (this was accidently broken in a recent commit to be ``or'' not ``and'')
* use MAXPATHLEN not MAXPATHLEN+1
* crank copyright date on modified files
* crank version
2000-01-08 11:09:56 +00:00
lukem
d56fffdd70 * document all classtype defaults
* xref /usr/share/examples/ftpd/ftpd.conf
1999-12-26 09:42:18 +00:00
lukem
019b95b641 crank version 1999-12-21 12:57:45 +00:00
lukem
5c024702df * add support for optional groupglob in ftpuser entry. the syntax is now:
userglob[:groupglob][@host] [directive [class]]
* append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
1999-12-21 12:56:15 +00:00
lukem
80ca00b8cd trivial simplification 1999-12-21 12:52:18 +00:00
lukem
7543b77a8e * add back support for `-h hostname'; it still may be useful to override
the name advertised to the client, even if ftpd can determine it from
  the ip address that ftpd is bound to. requested by mrg.
* remove -4/-6; they were effectively no-ops since itojun's change in 1.75.
* crank version
1999-12-19 00:09:31 +00:00
lukem
6eff1df26e deprecate -h hostname in favour of automatic determination of local hostname.
this is a much cleaner solution for supporting multihomed virtual servers.
from Geoff C. Wing <gcw@pobox.com> in [bin/8137].
1999-12-18 06:33:54 +00:00
lukem
8aad99ce9d * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit

The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
  connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
1999-12-18 05:51:34 +00:00
lukem
b5972a49fe install ftpusers(5) as ftpchroot(5). more cleanups 1999-12-16 07:05:18 +00:00
lukem
6a0bdfee15 crank version 1999-12-16 07:01:23 +00:00
lukem
4f181f8249 cleanup 1999-12-16 06:56:49 +00:00
lukem
e11b8f48c5 * add support for `-h hostname', which defines the hostname to advertise
as (useful for virtual ftp servers in conjunction with inetd.conf(5)'s
  ability to bind to a specific address).
  if this option is used, add `hostname' to the syslog messages.
* improve documentation of command-line options
* don't allow class names of `all' or `none' in ftpusers
1999-12-16 02:21:37 +00:00
lukem
6be4a7c9bd separate ftpd.conf(5) and ftpusers(5) out from ftpd(8).
xxx: still needs a bit of work
1999-12-16 01:16:04 +00:00
itojun
0ad375dcca do not perform setsockopt(IP_TOS) on mapped connections (IPv4 connection
toward AF_INET6 socket).
1999-12-13 16:30:37 +00:00
itojun
6beb13746b avoid use of s6_addr32, as it is non-standard.
(sync with KAME)
1999-12-13 04:36:10 +00:00
lukem
21d03121d3 * change format of /etc/ftpusers lines from
userglob [allow|deny]
  to
	userglob[@host] [allow|deny  [classname]]
  where class is a userdefined classname.
  - if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
    hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
  - if classname is given, use that to match entries in ftpd.conf (defaults
    to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
    /etc/ftpchroot, and `real' for everyone else.

* implement new /etc/ftpd.conf directives:
    classtype classname type	set type of classname to GUEST, CHROOT, or REAL
    motd classname file		file to use instead of /etc/motd
    rateget classname rate	set rateget throttle to rate
    rateput classname rate	set rateput throttle to rate
    upload classname		allow/deny uploads (STOU, STOR, APPE). if
				denied, also acts as `modify deny'.

* implement new `SITE' commands:
    RATEGET	as per /etc/ftpd.conf rateget, but cannot exceed that
    RATEPUT	as per /etc/ftpd.conf rateput, but cannot exceed that

* implement format_file(), which outputs a file to the user, parsing %
  escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.

* implement strsuftoi() (from ftp(1)), which parses a number and
  optional suffix (for use with rateget, etc)

* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
  we don't need reserved ports (at wasn't getting them anyway).

* update & reorder copyrights

* use strlcpy() as appropriate
1999-12-12 14:05:54 +00:00
itojun
5d10f3e8c1 close pdata when it is kept opened till call to {,long_}passive(). 1999-12-09 11:18:05 +00:00
lukem
397e2cfc53 * change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
  generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
  tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
  (to take advantage of the above changes).  fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
1999-12-07 05:30:53 +00:00
lukem
d51504eeb3 check return val of sl_init() and sl_add() 1999-11-28 04:38:41 +00:00
tron
e93ada44ca Don't use undefined C expression. Patch supplied by David A. Holland
in PR bin/8534.
1999-10-04 17:36:52 +00:00
tron
85154d3f2a Avoid segmention fault if there is an empty line in "/etc/ftpusers".
Problem noted by Emmanuel Dreyfus in PR bin/8504.
1999-09-30 18:12:34 +00:00
simonb
1484ad8872 In the command table, remove a trailing comma and make white space
consistant.
1999-09-06 06:01:44 +00:00
itojun
b59b162709 ftpd(8): Copy sin6_scope_id from control connection to active data
connection destination, hoping this to help ftpd's behavior with
scoped IPv6 addresses.
I'm not sure if it is the right way, but it is the best way available to us.
LPRT or EPRT command gives no information about which interface (or scope)
to be used for new data connection.

ftp(1): On data connection establishment, warn if scoped address is used.
If peer (ftp daemon) does not handle scoped address, data connection
may not work right.

This seems to be sort of protocol spec hole, not implementation issue.
1999-09-01 05:03:41 +00:00
christos
cee9ac24ad more kerberos5 fixes 1999-08-25 20:07:33 +00:00
christos
a4c5e0c550 Make this compile with krb5. 1999-08-25 16:23:52 +00:00
hubertf
0baca35ee5 Document setup of "ftp-only" non-anonymous accounts.
Suggested by Thilo Manske <Thilo.Manske@HEH.Uni-Oldenburg.DE>,
approved by Luke Mewburn <lukem@netbsd.org>
1999-08-02 00:44:59 +00:00
itojun
542bd3ceb5 handle IPv4 TCP control connection, toward AF_INET6 socket.
this happens when you have the following line in inetd.conf,
but not with tcp4 line:
>>>ftp  stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-27 15:41:49 +00:00
mrg
51a96a002f optionally include CRYPTOPATH Makefile.frag files. 1999-07-20 09:35:18 +00:00
thorpej
a3281f7249 Use bsd.crypto.mk. 1999-07-12 22:04:09 +00:00
itojun
12fc4fc055 more sanity check on LPRT. 1999-07-11 20:09:23 +00:00
itojun
e983200c64 make LPRT on IPv4 work.
make LPSV on IPv6 work.
1999-07-11 20:03:41 +00:00
itojun
3496d3aba4 close data socket when new EPRT command comes. 1999-07-02 07:11:36 +00:00
itojun
2005cef66b typo fix: s/LPSV/LPRT/ 1999-07-02 05:54:21 +00:00
itojun
c9b3e3ad3d dual-stack ftpd. run this from inetd, like:
>>ftp  stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
1999-07-02 05:52:14 +00:00
danw
ac6b97b984 Remove the .ifdef to compile without optimization on powerpc since the
bug that it was working around doesn't seem to exist in egcs
1999-06-26 20:01:55 +00:00
briggs
9db1bcb042 Set keepalives on the sockets to force logouts on connections that have
disappeared.
1999-06-05 13:49:53 +00:00
lukem
9daa8df4fa move stuff around, so the `thank you' message is counted in the
syslogged bytecount.
1999-05-26 13:30:10 +00:00
ross
f0923ed12e * Cast %q[ud] arguments to fix ILP32/LP64 off_t variation.
* Fix bug in 213 reply: correct ordering of format string args.
1999-05-24 21:57:19 +00:00
ross
7486995102 Define types for ILP32/LP64-harmonized %q[du] arguments. 1999-05-24 21:54:42 +00:00
ross
0d2425a0c8 LP64ize %q use. 1999-05-24 21:18:03 +00:00
thorpej
93c1a6ec55 Cast away a const for now; const poisoning kerberos #0. 1999-05-19 21:44:29 +00:00
lukem
4b2b2847cc * fix a problem in retrieve() where arguments to commands weren't working
(this was broken in the last commit). problem noticed by simonb@
* don't display the stderr output of the internal ls.
* modify usage of lreply so that generally only one `XXX-' code per
  `block' is displayed; the rest of the lines have four spaces instead.
  i find this easier to read.
* fix a couple places where byte accounting wasn't correct
1999-05-18 08:14:17 +00:00
lukem
25cf35a4f3 features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
  summary is displayed upon exit (and syslogged).  inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
  should remove the majority of the `hanging ftpd' problems that
  people were still seeing.  inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
  chroot()ed area for `LIST' to work.  based on [bin/4497] from
  "Soren S.  Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
  with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.

internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
  use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
  means ``send line with 4 space prefix''. don't print a space after
  the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
  for more flexible error reporting
1999-05-17 15:14:53 +00:00
garbled
f124765044 More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages.  Many more to
come.
1999-03-22 18:25:43 +00:00
explorer
b2f939ac51 Make this build with KERBEROS5 defined. 1999-02-24 16:45:13 +00:00
scottr
8481f548e2 Remove the crypto-related bits until such time as we have a fully-
integrated source tree.  Export-controlled versions of these are now
built during the domestic build process.
1999-02-18 21:22:51 +00:00
lukem
00007d07d6 * actually commit the changes which add support for recognising RFC 2228
commands (even if we don't do anything with them)
* in logcmd(), syslog why realpath() failed (if it did).
1999-02-05 21:40:49 +00:00
lukem
32214ab926 rcsid police 1999-01-03 02:22:05 +00:00
nathanw
f315107074 Fix compile warning on alpha (%qd and off_t lossage). 1999-01-02 17:54:21 +00:00
lukem
c984c19121 * replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
  that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
  former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
  in every file.
1998-12-28 04:54:00 +00:00
hubertf
b3ab3ca1cd Fix typo, per PR 6457 by Geoff C. Wing <gcw@pobox.com> 1998-11-18 13:32:17 +00:00
msaitoh
4a3d3570f1 s/a a/a/ 1998-11-17 16:00:28 +00:00
kleink
9e9281f60f Need <signal.h> for sig_atomic_t. 1998-09-12 20:47:33 +00:00
kleink
f3d497d9f4 Make the external declaration of `transflag' match its definition; from R. C.
Dowdeswell <elric@mabelode.imrryr.org> in PR bin/6141.
1998-09-12 20:46:45 +00:00
lukem
b36247790b bump version from 7.03 to 7.1.0 (new commands available) 1998-09-07 08:17:39 +00:00
lukem
701e7ebd99 remove nack() - missed in previous work 1998-09-07 08:15:25 +00:00
lukem
29ed71b169 new features:
* implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM.
  OPTS only works on NOOP (as a test).
* extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry
  can take an optional trailing `yes' or `no' which indicates if
  chroot should be done (defaults to `yes').
  based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769]

cleanups/bugs:
* reorder and reformat entries in yacc parser to match cmdtab[].
  add a blank line between each rule.
* add short hasopts and char *options to struct tab, to support OPTS.
* deprecate upper(); use strcasecmp() instead of strcmp()
* remove unnecessary for (;;) { } in yylex();
* replace copy() and sgetsave() with xstrdup()
* fix a couple of `hasyyerrored = 1' that were accidently removed.
1998-09-07 08:11:20 +00:00
lukem
0e5bdd5185 * complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
  check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
  otherwise an invalid command after login incorrectly sets the timeout
  to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
  (instead of `BSD-199506')
* move all extern-ed vars into extern.h
1998-09-06 10:39:40 +00:00
lukem
cf3263f735 * implement NOARGS state, for commands which don't take any arguments.
fixes long standing ftpd bug where two replies would be returned
  to the client if a command was flagged as accepting `ARGS' but the
  parser didn't know how to cope. obvious symptom of this would be
  ftp client is always one error message `behind' the server.
* consistently refer to the RFC as `RFC 959' not `RFC959' or `RFC-959',
  and replace refs to RFC 765 with RFC 959.
* change order of commands in cmdtab[] to: RFC 959, BSD extras, and obsolete.
* whitespace police, deprecate register, replace malloc/strcpy with strdup
1998-09-05 17:33:00 +00:00
lukem
873a0c8bea replace malloc/strcpy with strdup 1998-09-05 17:00:01 +00:00
mycroft
a5fbe304ec const poisoning. 1998-07-27 01:55:23 +00:00
mycroft
6de775c2ad const poisoning. 1998-07-27 01:45:09 +00:00
mycroft
0db548a927 const poisoning. 1998-07-26 14:57:56 +00:00
lukem
74b52f1ba3 remove Extraneous .El call which caused formatting problem 1998-07-13 09:18:14 +00:00
mrg
2beab49a06 - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
1998-07-06 06:45:41 +00:00
tv
e3ab20461f Add the ability to disable passive connects in ftpd.conf (breaks RFC1123,
STD3, but needed in some firewall environments).
1998-06-30 20:18:52 +00:00
msaitoh
10171df916 add "-s" flag (like telnetd and login) 1998-06-26 18:12:00 +00:00
msaitoh
a5471c1dd8 add "-s" flag (SecureID). 1998-06-26 17:41:38 +00:00
kleink
e62a515e87 GLOB_QUOTE is gone; per POSIX, backslash quoting of special characters being
enabled is the default behaviour.
1998-06-21 12:16:35 +00:00
kleink
fc5d36f8e4 GLOB_QUOTE is dead; per POSIX, backslash quoting of special characters being
enabled is the default behaviour.
1998-06-19 22:58:04 +00:00
lukem
fc90756956 Implement a new manual page category ``SECURITY CONSIDERATIONS''
(suggested by mycroft)
1998-06-08 12:41:41 +00:00
lukem
9c9d43e6b5 support displaying the stderr output from a LIST or a conversion to
the user at the end of a transfer.
this generates a file in /tmp, so anonymous requires a
writable ~ftp/tmp, which you may not want to do (because it may
allow people to unwanted upload files).

XXX:	a better method of storing the stderr output would be nice, but
	is a lot more effort to implement. this feature can at least be
	used temporarily whilst debugging why an ftp conversion doesn't
	work.
1998-06-08 07:13:13 +00:00
mouse
7ccec6ac9f Show/log the strerror(errno) string when getcwd fails 1998-06-03 13:21:42 +00:00
hubertf
dde092b47d Fix some problems with failed getcwd commands, reported in PR bin/5531
by Saitoh Masanobu <msaitoh@spa.is.uec.ac.jp>.
1998-06-03 09:21:45 +00:00
lukem
77c4126096 use TM_YEAR_BASE (not 1900) - not that we expect it to change in any case :) 1998-05-21 00:09:32 +00:00
fair
5ce6614a4f fix bad .Xr references 1998-04-29 08:33:11 +00:00
fair
dc026e0515 Change occurrences of "UNIX" to .Ux or .At as appropriate. 1998-04-28 06:00:51 +00:00
lukem
6c4ddbba34 fix disabling of optimization on powerpc (set COPTS *after* <bsd.prog.mk>...) 1998-04-13 14:24:02 +00:00
tv
482063559a .y.c <sys.mk> rule fixes. Don't create a y.tab.h file unless asked for,
and use smarter creation of the header file.
1998-04-09 00:32:31 +00:00
kleink
cd7d0f550d Need <time.h> for time() prototype. 1998-04-01 14:35:23 +00:00
kleink
223dbe1123 Need <time.h> for time(), localtime() and ctime() prototypes. 1998-04-01 14:31:59 +00:00
cjs
39926e4051 Send back an error message rather than dumping core when an invalid
username is entered. The latter, while effective, does not appear to
me to be an appropriate response.
1998-02-23 23:10:34 +00:00
cjs
0fb549738e Disable RNFR command for guest users so that they can't rename (and thus
also overwrite!) files.
1998-02-13 17:15:53 +00:00
christos
23d3afbb8c - #endif foo -> #endif /* foo */
- #if __STDC__ -> #ifdef __STDC__
- Don't allow expired accounts to login.
1998-02-01 14:10:22 +00:00
mrg
c3d9fda2c3 expand on the checkportcmd option. 1998-01-23 00:56:55 +00:00
lukem
1e03f65c0d clarify /etc/ftpwelcome is shown *before* login 1997-12-31 02:43:54 +00:00
lukem
53f6552a12 set $HOME to "/" for guest or chroot users, pw->pw_dir otherwise.
fixes expansion of `~/...' pathnames.
1997-12-28 04:28:17 +00:00
lukem
9f8ad690b4 use 300 seconds (as per login(1)) for initial timeout, rather than 900 secs 1997-11-28 23:42:36 +00:00
lukem
0e2d417ded * initialise curclass.timeout to 900 in main(), so that operations that
want to timeout using this value that are executed before the conf file
  is parsed will work. fixes ``stale ftpd stuck in connection phase''
* in PASV mode, wrap accept() in an alarm timeout. fixes ``stale ftpd because
  of client disappearing in pasv mode (usually browsers)''
* main() doesn't need envp argument
1997-11-28 23:32:30 +00:00
lukem
b181ccb476 log debug stuff using LOG_DEBUG not LOG_INFO 1997-11-16 12:04:21 +00:00
lukem
83955f6abd * change checkportcmd syntax to checkportcmd class [off]' (as per modify')
* display current setting of checkportcmd in STAT
* ensure that curclass.checkportcmd is initialised to 0
* document default setting of checkportcmd in ftpd(8)
* cleanup code a bit, putting code for "checkportcmd" in alphabetical order
1997-11-11 12:42:24 +00:00
mrg
c8fbce69fd increment version. 1997-11-11 06:32:17 +00:00
mrg
6666673d8e oops, missed this bit in previous change. 1997-11-11 06:17:22 +00:00
mrg
8e2c08b183 add a "checkportcmd <class>" option that stops ftp bounce attacks. 1997-11-11 05:48:03 +00:00
mycroft
1336137028 Use remove(3) rather than stat(2)ing the file, yadda yadda.
Simpler, and DTRT for symlinks.
1997-10-19 18:16:19 +00:00
mycroft
3ff72472fe Use S_IS*(), not S_IF*. 1997-10-19 18:15:23 +00:00
mycroft
30c6e0cebf SRCS must be defined *before* bsd.prog.mk is included... 1997-10-12 14:06:21 +00:00
mycroft
307211b0f5 Add some krb5 hooks, though it probably doesn't work yet. 1997-10-12 14:04:36 +00:00
mycroft
76a39e6e7c Actually, do Kerberos first, since we want to get a TGT if possible.
Also, clean up some minor cruft.
1997-10-12 13:52:51 +00:00
mycroft
4bf23f1a50 Format police.
Also, try s/key before Kerberos.
1997-10-12 13:18:56 +00:00
mycroft
085fe346f1 Oops; fix typo. 1997-10-12 13:09:11 +00:00
mycroft
5566d4c1f1 Conditionalize s/key support. 1997-10-12 13:08:41 +00:00
mrg
2268d2dfb3 merge lite-2 Makefiles (rcsids), and turn on WARNS for all of libexec. 1997-10-08 09:07:11 +00:00
lukem
96ad830ee2 - add '-C user', which runs checkaccess(user) and exits with the result
(0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers).
  from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods
- getopt returns -1 not EOF
- in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 14:25:30 +00:00
lukem
550665a814 implement '-c confdir', which allows the specification of an alternate
directory to look for the various configuration files, overriding /etc.
From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 13:56:39 +00:00
cjs
74762c9036 Mention that if the user's shell is null, it's assumed to be /bin/sh.
(Pointed out by Jim Bernard <jbernard@tater.mines.edu>.)
1997-09-21 22:59:03 +00:00
lukem
67d65f4970 - ensure 257 reply codes from PWD and MKD are RFC959 compliant:
257 "dirname" some message
  (any "s in dirname should be doubled, per the RFC)
- don't put an extra / in the output of NLST if the last char in the
  directory is a /
- bump the version to 7.01 because of these fixes
1997-09-18 07:27:35 +00:00
lukem
05efcc80e4 fix grammo 1997-08-26 13:10:39 +00:00
kleink
66105c37fc Lseek(2) usage cleanup: the use of L_SET/L_INCR/L_XTND is deprecated,
use SEEK_SET/SEEK_CUR/SEEK_END instead.
1997-08-25 19:31:43 +00:00
lukem
0bba8ce38d * don't depend upon buffer returned by fgetln() to remain. fix mainly
from Tatoku Ogaito <tacha@tera.fukui-med.ac.jp> in [bin/3967]
* fgetln() doesn't \0 terminate its string. look for the \n and replace
  it with \0 (if no \n, ignore the line - it's most likely corrupt)
* more intensive checks on strdup() returns (not a current mem leak,
  but depended upon code elsewhere to cleanup - not good)
* cleanup some syslog error messages
1997-08-14 02:06:15 +00:00
jtc
a158249541 Fix files using old TNF copyright notice 1997-07-31 00:08:03 +00:00
mrg
04b009a915 be safe with some buffers. 1997-07-21 05:13:10 +00:00
christos
a838817b21 Add WARNS=1 1997-07-01 20:49:59 +00:00
hannken
c9ccc894a4 Add missing braces. `check_modify' returns 0 without a reply. See PR #3779. 1997-06-24 08:49:27 +00:00
christos
c22375d4d3 missed some warnings. 1997-06-22 22:33:12 +00:00
cjs
fedfe5c4d3 %qd wants long long. Thus, if you're going to turn on warnings for
printf format strings, you've got to make sure you cast quantities
passed to %qd to long long because on 64-bit machines they're often
just long, which is not the same, even when it's the same size.
1997-06-21 18:01:35 +00:00
mellon
973a248f85 Need prototype for klogin() - probably ought to go in a header file, but klogin probably ought to go in a library first 1997-06-21 04:38:54 +00:00
christos
2424c4f970 - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
1997-06-18 19:05:46 +00:00
lukem
31547ec641 * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
  all or none) basis:
    * on-the-fly execution of a command to build the file (a ``conversion''),
      providing support for "get dirname.tar" and the like.
    * displaying the contents of a file when a directory is entered
      for the first time.
    * maximum value for timeout (replaces -T).
    * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
    * notifying the user of the existance of a files matching a glob
      pattern when a directory is entered for the first time.
    * default value for timeout (replaces -t).
    * default umask (replaces -DGUEST_CMASK and -u).
  The conversion, display, and notify functionality was based on code by
  Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
  -t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
  stderr stream mixing with the stdout stream during a conversion,
  as this can corrupt the stream.
1997-06-14 08:43:26 +00:00
lukem
dfb524fa46 * don't log failed usernames to ftp.notice; use authpriv.notice instead.
closes [bin/1571]
* don't quit if "PASV" is received without the user being logged in.
  closes [bin/2401], albiet with a modified test.
1997-05-29 10:31:48 +00:00
cjs
93b985ed90 Allow setting the directory to which anonymous users chdir from
the command line. Document -u option. A couple of minor cleanups.
1997-05-23 22:09:48 +00:00
pk
58efb9d20c NULL => 0 (Arne Juul; PR#3629) 1997-05-17 19:24:44 +00:00
cjs
6ed41b9085 /etc/ftpusers now matches globs against the username. mycroft suggested this. 1997-04-29 04:00:39 +00:00
lukem
66783f1f43 * fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups
1997-04-27 03:21:38 +00:00
thorpej
85ea5d090f Don't compile this with -O on the PowerPC - cc1 cores. 1997-04-19 05:13:26 +00:00
cjs
a5d6da371a Change the syntax of /etc/ftpusers to have both allow and deny
information in the same file by following the username with `allow'
or `deny'. Also, the user `*' can be used to set the default for
users not listed in the file. This is entirely backward compatable
with old /etc/ftpusers files.
  Also, do the /etc/ftpusers and the valid login shell checks after
the password is verified, rather than before, so as not to give away
whether or not a particular user ID is present on the system.
1997-04-06 07:53:10 +00:00
cjs
ff88177058 Changes to make anonymous uploads more secure. For anonymous users:
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.
1997-03-30 22:53:36 +00:00
cjs
76d4734615 4.4lite2 update. (The one minor bugfix between 4.4lite and 4.4lite2
was already in our sources, thus just the sccsid line is changed.)
1997-03-28 21:55:41 +00:00
mrg
3771fb912e set transflag to 0 in dologout, to prevent a SIGURG taking us back to the main loop. 1997-01-23 05:57:55 +00:00
jtc
93153c7796 Changed to use 1900 + tm_year instead of hardcoding "19" as the century.
From PR #2308 by Stephen J. Roznowski <sjr@zombie.ncsc.mil>.
1996-04-08 19:03:11 +00:00
cgd
02172229ba add -Dunix to CFLAGS 1996-02-16 02:07:41 +00:00
thorpej
08f474ecc4 Correct the instructions regarding the password database in
~ftp/etc, from Rob Windsor <windsor@ksu.ksu.edu> in PR #544.
1996-01-14 20:55:23 +00:00
mycroft
5860921eda Fill in sin_len. 1995-06-03 22:37:19 +00:00
cgd
8954551479 typo. 1995-04-11 02:58:40 +00:00
cgd
6a9917621c clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
1995-04-11 02:44:45 +00:00
mycroft
dad7a18390 Use IPTOS_THROUGHPUT for passive mode data connection. 1995-03-22 16:55:35 +00:00
mycroft
ebeae88da2 Use POSIX signals. 1995-03-21 21:47:04 +00:00
brezak
4036a63b78 Fill in ttyname for cred file uniquifier under KERBEROS (From Michael Graff) 1995-03-08 19:50:54 +00:00
jtc
490ec0010d Change mention of /etc/passwd to /etc/pwd.db, as reported by PR #556. 1995-02-17 09:19:45 +00:00
cgd
b54e75897f be a bit more careful with types, casts, and and function declarations. 1994-12-23 14:29:31 +00:00
cgd
ae9172d6cd specify man pages the new way. 1994-12-22 09:57:51 +00:00
jtc
a5f771b355 Fix PR #491, what could have been a big security hole 1994-09-20 23:09:14 +00:00
brezak
ad6e6fe7ab As long as KERBEROS is here at least let it compile cleanly... 1994-07-25 18:48:40 +00:00
mycroft
ec9f6d82c2 Clean up deleted files. 1994-06-29 01:49:53 +00:00
deraadt
d6743f02e5 4.4-lite, plus our local changes 1994-06-29 01:49:37 +00:00
deraadt
1a3b9af761 add skey support 1994-05-24 06:52:17 +00:00
cgd
d7e56d367a use setproctitle 1994-04-14 03:15:37 +00:00
cgd
8940935dd1 Jarle.F.Greipsland@idt.unit.no's changes to allow for password-protected
chrooted ftp logins.
1994-04-06 20:49:52 +00:00
cgd
2ab4a0ae5c some changes to make Kerberos a bit easier to use. from
Michael Graff <explorer@vorpal.com>, with some work by myself...
1994-03-30 02:49:15 +00:00
cgd
4b30c543a0 always use libcrypt 1993-10-07 02:16:39 +00:00
mycroft
e9d867ef50 Add RCS identifiers. 1993-08-01 17:54:45 +00:00
mycroft
dfb9caab49 Add RCS indentifiers. 1993-08-01 07:32:48 +00:00
mycroft
cda4f8f6ee Add RCS identifiers. 1993-08-01 05:37:30 +00:00