This allows for setting the passive socket's SO_RCVBUF. Option works
similarly to the current sendbufsize configuration option.
* Change how recveive_data() works
When reading data from the socket for passive transfers to the server,
receive_data() now works very similar to send_data_with_read(). Reads
from the network are now done using either the filesystem block size or
the configuration option readsize chunks.
* Crank version.h
[Changes discussed with lukem.]
ftpd will listen on the default FTP port for incoming connections and fork
a child for each connection. This is lower overhead than starting ftpd from
inetd(8) and thus might be useful on busy servers to reduce load.
Inspired by FreeBSD.
Reviewed by lukem@.
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications. The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.
Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.
Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.
Discussed with thorpej and christos.
This adds a -L to all ls command arguments so that the file or directory
the link references is listed rather than the link itself. This was
inspired by IRIX ftpd's -S option.
[Discussed with lukem some time ago.]
* Crank version.h [right Luke? :-)]
that is required to change their password will not be allowed FTP
access. Inspired by similar functionality in other FTP daemons.
(approved by lukem)
* Crank version to 20041119 per lukem's request.
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
removing the advertising clause. Diffs provided in PR 22410 by Joel
Baker, confirmed to the board by Jason Downs.
With additional thanks to Jason Thorpe.
ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively.
(makes utmp support much easier in tnftpd).
per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who
forwarded patch from Michael Ranner <mranner@inode.at>.
on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository
as libexec/ftpd/ftpd.c rev 1.133:
The FTP daemon was vulnerable to a DoS where an attacker could bind()
up port 20 for an extended period of time and thus lock out all other
users from establishing PORT data connections. Don't hold on to the
bind() while we loop around waiting to see if we can make our
connection.
Bump version to 20030122.
without search permission. This confused some ftp clients.
We fix this problem by maitaining a cached path when getcwd() does not work.
The symbolic links and ../ are resolved in the cached path, and it is finnally
checked for accuracy by comparing ./ and the cached path with stat (device
and inode comparison). If the comparison fails, pwd fails as it did before,
and if the comparison succeeds, the cached path is displayed.
If paths are too long, we should just compare ./ with a truncated path and
fail, thus making pwd displaying an error as it did before.
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
This version is now RFC 959 compliant, using a patch adapted from one
sent in by david.leonard@eecs.uq.edu.au
openbsd libexec/ftpd/ftpd.c revision 1.69.
(see RFC959 page 36)
with logwtmp(3)/logwtmpx(3)), and call correctly.
Resolves [bin/18498] by Geoff Wing, who identified that the previous
version was being called incorrectly, albiet in a different manner.
Allows /etc/ftpchroot to work correctly for usernames > 9 characters.
Noted by Max Khon in the freebsd-stable mailing list, via Thomas Vogt in
private email.
check_write(), so that a user who has modify disabled gets an error
message rather than a hung connection.
Noted by M.J. Rutter <mjr19@cus.cam.ac.uk> in private email.
infrastructure and using that infrastructure in programs.
* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
of the infratsructure (libraries, support programs, etc.)
* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
building of support for using the corresponding API
in various libraries/programs that can use it.
As discussed on tech-toolchain.
- mlst shouldn't return cdir or pdir for type, only dir
- mlst should always provide a full path name
- mlsd should provide a full path name for the cdir entry. (providing a
full path name for the pdir entry is optional, and i punted on that).
and with a non-NULL file pointer. active transfers now work correctly again,
passive transfers work, and the data stream is only closed after a PASV or
EPSV if a successful connection was initiated with dataconn().
descriptor was set by dataconn(). this fixes a problem for clients (such
as lynx and netscape) that only sent PASV/EPSV after a transfer (RETR, LIST,
STOR) started and returned 150. certain command sequences could return 550
(etc) before setting up the dataconn(), and would run into this bug. netbsd's
ftp didn't hit this bug because it always sends PASV/EPSV before a new
transfer command.
- 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER
command instead of the PASS command. whilst this might provide some
info leakage of accounts names if you have some `real' or `chroot'
users enabled and not others, it does prevent accidental entering of
such passwords if you have all such users denied. This option is
strongly recommended on anonymous-only servers.
Functionality requested by Rob Windsor in [bin/12602]
- 'private'; don't display class related information in the output of STAT.
For paranoid admins.
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).
Improved by comments from enami and christos -- thanks!
Heimdal/krb4/KAME changes already fed back, rest to follow.
Inspired by, but not not based on, OpenBSD.
- totally clear a glob buffer before use, because FreeBSD depends on
some of the other fields being cleared (other than just gl_offs)
- in strend(), ensure that the source string isn't too large
- remove unnecessarily complicated sizing of proctitle, since snprintf()
will truncate it anyway
define HAVE_SETPROCTITLE and HAVE_SOCKADDR_SA_LEN, because certain
operating systems from a vendor which claims to be the biggest unix
vendor as of two months ago #define BSD4_4 and THEN REMOVE BITS OF THE
4.4BSD API!
anyway, this won't affect other systems which use lukemftpd (e.g,
other 4.4BSD derived systems), because autoconf will set HAVE_SETPROCTITLE
as appropriate. the point of this little code fragment is to remove the
need to have -DHAVE_SETPROCTITLE ... in our libexec/ftpd/Makefile
</rant>
