userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
the string tokenisation must be performed by the caller (which is
generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
(to take advantage of the above changes). fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
connection destination, hoping this to help ftpd's behavior with
scoped IPv6 addresses.
I'm not sure if it is the right way, but it is the best way available to us.
LPRT or EPRT command gives no information about which interface (or scope)
to be used for new data connection.
ftp(1): On data connection establishment, warn if scoped address is used.
If peer (ftp daemon) does not handle scoped address, data connection
may not work right.
This seems to be sort of protocol spec hole, not implementation issue.
is not monotonically increasing (e.g. clock is slaved to another system)
the optimization will result in segments being treated as corrupt
(uncleanable). If enough such "bad" segments were created, the cleaner would
clean continuously, and after some time the system would panic with "no
clean segments".
(Legitimately old partial-segments are relatively rare, and will have their
blocks culled by lfs_bmapv.)
testing and archival for now. I don't expect anyone to work with it
since the binutils and gas changes are still pending. But you got to
crawl before you walk.
region first (using the data/bss protection) covering it, then overlay
the text and data regions at the appropriate offsets within the region,
and then unmap any gap between the text and data.
The previous method of maping the entire address space with the actual
file object itself is incorrect, as it may extend past the end of the
file if the section alignment is large enough.
This bug was the source of the libposix failure on the SPARC and another
similar failure (with libc!) on the Alpha (failure was accompanied by
a "uvn_io: size check fired" message on the console).
runpath > built-in default; this is the behaviour of the SVR4 shared loader,
and gives users the opportunity to override the runpath. (Addresses a report
on current-users by John Kohl.)
>>finger stream tcp6 nowait nobody /usr/libexec/fingerd fingerd
Single daemon on tcp6 socket will be able to serve both IPv4 and
IPv6 connections, while you can run both if you wish.
contents, a substantial optimization if the work load is right: if enough
empty segments are available, the cleaner never has to read or write *any*
blocks except those on the Ifile. When the cleaner wakes up it marks all
empty segments clean before deciding whether any further segments need to
be cleaned.
Fixed overflow bugs in the cleaner's handling of the cost/benefit metric
for empty segments.
(this was broken in the last commit). problem noticed by simonb@
* don't display the stderr output of the internal ls.
* modify usage of lreply so that generally only one `XXX-' code per
`block' is displayed; the rest of the lines have four spaces instead.
i find this easier to read.
* fix a couple places where byte accounting wasn't correct
assertion^W^W^W^W^W^W^Wprovide admins with a means of providing a
standard host-wide identd response. From the man page:
The -L<user name> option instructs identd to lie brazenly
about the identity of the user in question. You didn't
really intend to trust my assertion about who I was any-
way, right?
This flag provides a way for a site to support services
requiring the ident protocol while providing a standard
answer to all ident queries. All queries to identd will
respond with a host type of `OTHER' and a username of
<user name>.
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.
internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
no need to save the stack pointer. Just push the space for the cleanup
and obj_main pointers before calling _rtld(), and pop it after loading those
pointers into the appropriate argument registers for the program entry point.
.Sh "SEE ALSO"
to:
.Sh SEE ALSO
The doc macros check for the latter (actually just for 'SEE' as the first
argument to .Sh) to set the section header SEE ALSO flag, which modifies
some behaviour (e.g. references done with .Rs/.Re).
and rename them to match the executable format. Introduce a new link.h
file which automatically picks the correct header based on the target of
the toolchain.
try to check _rtld_objself when doing R_TYPE(RELATIVE) relocs, as the
Alpha ld.elf_so contains them!
I'm not sure the logic for the RELATIVE fix is quite right; it happens to
Work on alpha, but do we actually need to make sure we aren't relocating
ld.elf_so there?
XXX: I am working on making use of RTLD_RELOCATE_SELF on alpha, which may
make this hack of a fix moot.
I've not followed the trend in this file by trying to wrench the MD
code into individual functions. Rather I,ve replaced several functions
wholesale. Anyway, this whole file needs to be re-done.
not pointing to the PLT in _rtld_relocate_plt_object(). I'm not quite
sure why the i386 added the extra relocations, but it removed the `return
0' needed for other arches.
THIS DOES NOT YET FIX BUILDING LD.ELF_SO ON ALPHA. There are some other
binutils 2.9.1 related issues, but this does return build ability to
2.8.1 based as and ld. Will do more investigation later.
Allow relative file writes,
For relative file accesses, no longer continues searching dirlist once we find
_any_ file, even one for which we don't have access,
If no dirlist was given on the command line, apply same permissions check as
with 'absolute' requests before allowing access.