Commit Graph

155 Commits

Author SHA1 Message Date
tacha 3bab95ce42 Add ftpd_loginx() and ftpd_logwtmpx() and use them to hold wtmpx file
open while a session.

Close bin/21692 by bqt@Krille.Update.UU.SE.
2003-06-30 03:06:06 +00:00
lukem 0263859762 Add '-L xferlogfile', to write xferlog entries there rather than syslog them.
Based on work from Dmitry Sivachenko.
2003-02-26 12:27:04 +00:00
erh dadb4ce1cf Fix uninitialized variable "notglob" in send_file_list() that was causing
transfers to fail due to an abort in free().
2003-02-24 19:26:49 +00:00
lukem 558032443d rename local copies of login(), logout() and logwtmp() to
ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively.
(makes utmp support much easier in tnftpd).

per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who
forwarded patch from Michael Ranner <mranner@inode.at>.
2003-02-23 13:04:37 +00:00
dsl 3dfa0d0485 Stop ftpd changing inetd's 'logname'
Stop buffer overrun if {NGROUPS_MAX} is greater than the compile time
NGROUPS_MAX.
(approved by christos)
2003-02-19 18:26:48 +00:00
lukem 1075c8325b Apply DoS fix as described by Crist J. Clark <crist.clark@attbi.com>
on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository
as libexec/ftpd/ftpd.c rev 1.133:

	The FTP daemon was vulnerable to a DoS where an attacker could bind()
	up port 20 for an extended period of time and thus lock out all other
	users from establishing PORT data connections. Don't hold on to the
	bind() while we loop around waiting to see if we can make our
	connection.

Bump version to 20030122.
2003-01-22 04:46:08 +00:00
lukem 6d15ebd30b Fixes from Dmitry Sivachenko <demon@freebsd.org>:
- always set "curname" to something appropriate (even when logging is
  not in effect).
- fix usage for "PORT" command
2003-01-22 04:33:35 +00:00
thorpej 7ec31d736f Avoid conflict with reserved identifier "log". 2002-12-06 01:59:22 +00:00
lukem ee2d1afbb4 - convert to using libc's strsuftoll(3)
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out:  mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 14:39:59 +00:00
itojun 92ebc57756 audit use of strto* - beware of ERANGE, as well as typecast on result. 2002-11-16 03:10:34 +00:00
lukem 0acfaa653a Change arguments of login_utmp(line, name, host) (to be consistent
with logwtmp(3)/logwtmpx(3)), and call correctly.
Resolves [bin/18498] by Geoff Wing, who identified that the previous
version was being called incorrectly, albiet in a different manner.
2002-10-07 13:29:59 +00:00
itojun a05a73b5b6 revert previous. wtmp{,x} entries need not be \0-terminated, so
strncpy is more proper.
2002-09-13 02:58:54 +00:00
itojun 57afbee27d use strl*, not strn*. 2002-09-12 08:55:31 +00:00
lukem 38a05c7450 Use LOGIN_NAME_MAX instead of `10' for the size of the curname[] buffer.
Allows /etc/ftpchroot to work correctly for usernames > 9 characters.

Noted by Max Khon in the freebsd-stable mailing list, via Thomas Vogt in
private email.
2002-09-12 06:40:43 +00:00
christos c0b21fbbf7 Disable UTMPX support for now, because ftpd might chroot and we need
to keep files open.
2002-08-20 13:55:58 +00:00
christos 4b476b1883 utmpx support 2002-08-20 13:51:09 +00:00
enami 260e9f55a7 Add optional mmap(2)/write(2) support for binary file transfer.
The default is read(2)/write(2).  Note that the sosend_loan needs
some more work for better performance when a file isn't cached.
2002-05-30 00:24:47 +00:00
lukem 9616ee612a Don't log an xferlog-style entry if bytes == -1.
Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar
circumstances.
2002-02-11 11:45:07 +00:00
lukem f65c7d5689 fix previous, and ensure that closedataconn() is only called after dataconn()
and with a non-NULL file pointer.  active transfers now work correctly again,
passive transfers work, and the data stream is only closed after a PASV or
EPSV if a successful connection was initiated with dataconn().
2002-02-01 04:35:30 +00:00
lukem 0d1261454e in closedataconn(), only close the passive data fd if the main data
descriptor was set by dataconn().  this fixes a problem for clients (such
as lynx and netscape) that only sent PASV/EPSV after a transfer (RETR, LIST,
STOR) started and returned 150.  certain command sequences could return 550
(etc) before setting up the dataconn(), and would run into this bug. netbsd's
ftp didn't hit this bug because it always sends PASV/EPSV before a new
transfer command.
2002-01-21 11:25:20 +00:00
lukem 839b30885a remove extraneous ": " from message 2001-12-12 08:13:33 +00:00
lukem 4fece086d7 Fix skey password challenge. Problem reported in [bin/14848] by John F. Woods. 2001-12-06 02:00:06 +00:00
lukem c31e16f75e Add two new ftpd.conf(5) directives:
- 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER
  command instead of the PASS command. whilst this might provide some
  info leakage of accounts names if you have some `real' or `chroot'
  users enabled and not others, it does prevent accidental entering of
  such passwords if you have all such users denied. This option is
  strongly recommended on anonymous-only servers.
  Functionality requested by Rob Windsor in [bin/12602]
- 'private'; don't display class related information in the output of STAT.
  For paranoid admins.
2001-12-04 13:54:12 +00:00
lukem 3a491eda3c - enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2
2001-12-01 10:25:29 +00:00
lukem 5f6482cfc3 - Don't try and use the motd if it's empty.
Problem reported in [bin/14751] by Kimmo Suominen
- Display conffilename() version of limitfile and motd in status output
2001-11-27 23:42:40 +00:00
wiz 4c99916337 va_{start,end} audit:
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).

Improved by comments from enami and christos -- thanks!

Heimdal/krb4/KAME changes already fed back, rest to follow.

Inspired by, but not not based on, OpenBSD.
2001-09-24 13:22:25 +00:00
lukem 53c91d8f76 a few changes from Mike Heffner <mheffner@vt.edu> in private email:
- totally clear a glob buffer before use, because FreeBSD depends on
  some of the other fields being cleared (other than just gl_offs)
- in strend(), ensure that the source string isn't too large
- remove unnecessarily complicated sizing of proctitle, since snprintf()
  will truncate it anyway
2001-09-19 00:50:52 +00:00
lukem fe60c5801d Alan Barrett informs me that "advertise" (instead of "advertize") is
the norm even in American English.
2001-07-08 07:27:14 +00:00
lukem afa0abb87f s/tise/tize/ in docco, add "advertize" as synonym for "advertise" 2001-06-26 19:30:44 +00:00
wiz 40ac848024 Fix various misspellings of compatible/compatibility. 2001-06-11 01:50:48 +00:00
lukem 7e903ba2b0 crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
2001-04-25 01:46:25 +00:00
lukem 748a2d7987 minor knf post aidan's oob rototill 2001-04-12 02:28:59 +00:00
aidan 7f74ad2bfd As threatened, handle OOB commands from within ftpcmd.y.
This involved changing the yacc syntax to be line-oriented, rather than
having it run against the entire input at once, and adding a flag to
struct tab, to indicate if or not it's acceptable for a command to occur
OOB.
2001-04-01 23:04:30 +00:00
christos 62f543d92e Use GLOB_LIMIT. Also fix a bug where gl_offs was not initialized and could
contain trash.
2001-03-16 20:42:12 +00:00
christos 4056c9f72d fix redundant declarations. 2001-02-04 22:04:11 +00:00
cgd d594ce939b comment or delete text after CPP directives. 2001-01-16 02:50:27 +00:00
lukem cbddac44d6 consistently use syslog priorities 2001-01-10 00:20:49 +00:00
lukem 5015048190 Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
  advertised to the client for PASV transfers. this may be useful in
  certain firewall/NAT environments.

  Feature requested in [bin/9606] by Scott Presnell.

* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
  `xferlog: '.  An example line from syslog (wrapped):
	Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
	2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c

  These messages can be converted to a wu-ftpd style xferlog file
  suitable for parsing with third-party tools with something like:
	grep 'xferlog: ' /var/log/xferlog | \
	    sed -e 's/^.*xferlog: //' >wuxferlog

  The format is the same as the wu-ftpd xferlog entries (with the leading
  syslog stuff), but different from the wu-ftpd syslogged xferlog entries
  because the latter is not as easy to convert into the standard xferlog
  file format.

  The choice to only syslog the xferlog messages rather than append to
  a /var/log/xferlog file was made because the latter doesn't work to
  well in the situation where the logfile is rotated and compressed and
  a long-running ftpd still has a file-descriptor to the now nonexistant
  xferlog file, and the log message will then get lost.

  Feature requested in [bin/11651] by Hubert Feyrer.


Fixes:

* In ftpd(8), clarify the -a and -c options.

* More clarifications in ftpd.conf(5).

* Ensure that all ftpd.conf commands set a parameter back to sane defaults
  if an argument of `none' or bad settings are given.

* Support the `chroot' directive for `REAL' users too (for consistency).

* For `GUEST' users, store the supplied password in pw->pw_passwd for use
  later in the xferlog.

* If show_chdir_messages() is given a code of -1, flush the cache of
  visited directories.  Invoke show_chdir_messages(-1) in end_login().

* Only syslog session stats if logging is requested.

* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().

* Use cprintf() instead of fprintf() where appropriate.

* Minor KNF, and make a couple of functions static that were declared static.
2000-12-18 02:32:50 +00:00
lukem c31c7b7d00 initialise confdir to _DEFAULT_CONFDIR again, so that -C works... 2000-11-30 08:33:33 +00:00
lukem b01ed05afa - rename valid_passwd() -> checkpassword()
- move check for expired accounts from pass() into checkpassword()
2000-11-30 06:06:08 +00:00
lukem be437fb5c3 - move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
  latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
  support if this is to be used on NetBSD.
2000-11-30 02:59:11 +00:00
lukem dd752c833d modify dolog() to take a struct sockinet * instead of struct sockaddr * 2000-11-28 09:46:34 +00:00
lukem a1d4e29274 - ensure all uses of AF_INET6 are wrapped in #ifdef INET6
- don't define `ALL' as a token twice in the grammar
2000-11-28 09:31:29 +00:00
itojun f28aa6da4e cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach
scope identifier).
always check error result from getnameinfo.
2000-11-24 12:56:45 +00:00
lukem 999fd3d617 - new ftpd.conf directives:
maxfilesize	set the maximum size of uploaded files
	sanenames	if set, only permit uploaded filenames that contain
			characters from the set "-+,._A-Za-z0-9" and that
			don't start with `.'

- new/changed command line options:
	-e emailaddr	define email address for %E (see below)
	-P dataport	use dataport as the dataport (instead of ctrlport-1)
	-q		use pid files to count users	[default]
	-Q		don't use pid files to count users
	-u		write entries to utmp
	-U		don't write entries to utmp	[default]
	-w		write entries to wtmp		[default]
	-W		don't write entries to wtmp

	  NOTE:	-U used to mean `write utmp entries'. Its meaning has changed
		so that it's orthogonal with -q/-Q and -w/-W. This isn't
		considered a major problem, because using -U isn't going to
		enable something you don't want, but will disable something
		you did want (which is safer).

- new display file escape sequences:
	%E	email address
	%s	literal `s' if the previous %M or %N wasn't ``1''.
	%S	literal `S' if the previous %M or %N wasn't ``1''.

- expand the description of building ~ftp/incoming to cover the
  appropriate ftpd.conf(5) directives (which are defaults, but it pays
  to explicitly explain them)

- replace strsuftoi() with strsuftoll(), which returns a long long if
  supported, otherwise a long

- rework the way that check_modify and check_upload are done in the yacc
  parser; they're merged into a common check_write() function which is
  called explicitly

- merge all ftpclass `flag variables' into a single bitfield-based flag element

- move various common bits of parse_conf() into a couple of macros

- clean up some comments
2000-11-16 13:15:13 +00:00
itojun 0a52851e32 we can assume presense of getaddrinfo.
use NI_MAXHOST for the hostname buffer used with getnameinfo.
2000-11-15 04:07:07 +00:00
lukem f62aa6c8ac changes to improve portability:
* replace union sockunion {} with struct sockinet {}, and modify the code
  accordingly. this is possibly more portable, as it doesn't rely upon
  the structure alignment within the union for our own stuff.  uses local
  su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4)
  (XXX: haven't tested the ipv6 stuff)
* always use getaddrinfo() and getnameinfo() instead of maintaining two code
  paths. (lukemftpd will provide replacements for these on older systems)
* use lockf() instead of open(.., O_EXLOCK) to lock the pid file
* minor KNF
* clean up long long support: create helper #defines and use as appropriate:
        #define		NO_LONG_LONG	! NO_LONG_LONG
        -------		------------	--------------
        LLF		"%ld"		"%lld"
        LLFP(x)		"%" x "ld"	"%" x "lld"
        LLT		long		long long
        ULLF		"%lu"		"%llu"
        ULLFP(x)	"%" x "lu"	"%" x "llu"
        ULLT		unsigned long	unsigned long long
        STRTOLL(x,y,z)	strtol(x,y,z)	strtoll(x,y,z)
2000-11-15 02:32:30 +00:00
itojun b55bfbac42 correct result code on invalid port number against EPRT. 2000-11-13 15:11:57 +00:00
itojun d9ff63c241 plug memory leak 2000-11-13 11:52:41 +00:00
itojun 1e256e9927 - improve RFC2428 conformance.
return 522 on unknown protocol identifier on EPRT.
- clarify EPSV/EPRT/LPSV/LPRT behavior.
- repair memory leak and lack of boundary check on EPRT.
- make sure we do not resolve DNS on EPRT.
sync with kame.
2000-11-13 11:50:46 +00:00