Commit Graph

35 Commits

Author SHA1 Message Date
lukem 96ad830ee2 - add '-C user', which runs checkaccess(user) and exits with the result
(0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers).
  from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods
- getopt returns -1 not EOF
- in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 14:25:30 +00:00
lukem 550665a814 implement '-c confdir', which allows the specification of an alternate
directory to look for the various configuration files, overriding /etc.
From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 13:56:39 +00:00
lukem 67d65f4970 - ensure 257 reply codes from PWD and MKD are RFC959 compliant:
257 "dirname" some message
  (any "s in dirname should be doubled, per the RFC)
- don't put an extra / in the output of NLST if the last char in the
  directory is a /
- bump the version to 7.01 because of these fixes
1997-09-18 07:27:35 +00:00
lukem 05efcc80e4 fix grammo 1997-08-26 13:10:39 +00:00
kleink 66105c37fc Lseek(2) usage cleanup: the use of L_SET/L_INCR/L_XTND is deprecated,
use SEEK_SET/SEEK_CUR/SEEK_END instead.
1997-08-25 19:31:43 +00:00
lukem 0bba8ce38d * don't depend upon buffer returned by fgetln() to remain. fix mainly
from Tatoku Ogaito <tacha@tera.fukui-med.ac.jp> in [bin/3967]
* fgetln() doesn't \0 terminate its string. look for the \n and replace
  it with \0 (if no \n, ignore the line - it's most likely corrupt)
* more intensive checks on strdup() returns (not a current mem leak,
  but depended upon code elsewhere to cleanup - not good)
* cleanup some syslog error messages
1997-08-14 02:06:15 +00:00
mrg 04b009a915 be safe with some buffers. 1997-07-21 05:13:10 +00:00
christos c22375d4d3 missed some warnings. 1997-06-22 22:33:12 +00:00
cjs fedfe5c4d3 %qd wants long long. Thus, if you're going to turn on warnings for
printf format strings, you've got to make sure you cast quantities
passed to %qd to long long because on 64-bit machines they're often
just long, which is not the same, even when it's the same size.
1997-06-21 18:01:35 +00:00
mellon 973a248f85 Need prototype for klogin() - probably ought to go in a header file, but klogin probably ought to go in a library first 1997-06-21 04:38:54 +00:00
christos 2424c4f970 - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
1997-06-18 19:05:46 +00:00
lukem 31547ec641 * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
  all or none) basis:
    * on-the-fly execution of a command to build the file (a ``conversion''),
      providing support for "get dirname.tar" and the like.
    * displaying the contents of a file when a directory is entered
      for the first time.
    * maximum value for timeout (replaces -T).
    * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
    * notifying the user of the existance of a files matching a glob
      pattern when a directory is entered for the first time.
    * default value for timeout (replaces -t).
    * default umask (replaces -DGUEST_CMASK and -u).
  The conversion, display, and notify functionality was based on code by
  Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
  -t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
  stderr stream mixing with the stdout stream during a conversion,
  as this can corrupt the stream.
1997-06-14 08:43:26 +00:00
lukem dfb524fa46 * don't log failed usernames to ftp.notice; use authpriv.notice instead.
closes [bin/1571]
* don't quit if "PASV" is received without the user being logged in.
  closes [bin/2401], albiet with a modified test.
1997-05-29 10:31:48 +00:00
cjs 93b985ed90 Allow setting the directory to which anonymous users chdir from
the command line. Document -u option. A couple of minor cleanups.
1997-05-23 22:09:48 +00:00
cjs 6ed41b9085 /etc/ftpusers now matches globs against the username. mycroft suggested this. 1997-04-29 04:00:39 +00:00
lukem 66783f1f43 * fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups
1997-04-27 03:21:38 +00:00
cjs a5d6da371a Change the syntax of /etc/ftpusers to have both allow and deny
information in the same file by following the username with `allow'
or `deny'. Also, the user `*' can be used to set the default for
users not listed in the file. This is entirely backward compatable
with old /etc/ftpusers files.
  Also, do the /etc/ftpusers and the valid login shell checks after
the password is verified, rather than before, so as not to give away
whether or not a particular user ID is present on the system.
1997-04-06 07:53:10 +00:00
cjs ff88177058 Changes to make anonymous uploads more secure. For anonymous users:
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.
1997-03-30 22:53:36 +00:00
cjs 76d4734615 4.4lite2 update. (The one minor bugfix between 4.4lite and 4.4lite2
was already in our sources, thus just the sccsid line is changed.)
1997-03-28 21:55:41 +00:00
mrg 3771fb912e set transflag to 0 in dologout, to prevent a SIGURG taking us back to the main loop. 1997-01-23 05:57:55 +00:00
mycroft 5860921eda Fill in sin_len. 1995-06-03 22:37:19 +00:00
cgd 8954551479 typo. 1995-04-11 02:58:40 +00:00
cgd 6a9917621c clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
1995-04-11 02:44:45 +00:00
mycroft dad7a18390 Use IPTOS_THROUGHPUT for passive mode data connection. 1995-03-22 16:55:35 +00:00
brezak 4036a63b78 Fill in ttyname for cred file uniquifier under KERBEROS (From Michael Graff) 1995-03-08 19:50:54 +00:00
cgd b54e75897f be a bit more careful with types, casts, and and function declarations. 1994-12-23 14:29:31 +00:00
jtc a5f771b355 Fix PR #491, what could have been a big security hole 1994-09-20 23:09:14 +00:00
deraadt d6743f02e5 4.4-lite, plus our local changes 1994-06-29 01:49:37 +00:00
deraadt 1a3b9af761 add skey support 1994-05-24 06:52:17 +00:00
cgd d7e56d367a use setproctitle 1994-04-14 03:15:37 +00:00
cgd 8940935dd1 Jarle.F.Greipsland@idt.unit.no's changes to allow for password-protected
chrooted ftp logins.
1994-04-06 20:49:52 +00:00
cgd 2ab4a0ae5c some changes to make Kerberos a bit easier to use. from
Michael Graff <explorer@vorpal.com>, with some work by myself...
1994-03-30 02:49:15 +00:00
mycroft e9d867ef50 Add RCS identifiers. 1993-08-01 17:54:45 +00:00
cgd 811e6386f8 changed to use new libcrypt scheme. 1993-04-26 14:33:28 +00:00
cgd 61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00