Commit Graph

317 Commits

Author SHA1 Message Date
christos d465dbd49e change _PATH_FOO to _NAME_FOO where FOO is not a path. I'll discuss with
luke what is the best way to fix this.
2004-12-11 18:37:26 +00:00
ginsbach 93b00943e9 Fix inverted test for expired passwords. Mea culpa. 2004-12-09 20:58:39 +00:00
ginsbach 0211645da7 * Don't allow accounts with age expired passwords to login. Any account
that is required to change their password will not be allowed FTP
  access.  Inspired by similar functionality in other FTP daemons.
  (approved by lukem)

* Crank version to 20041119 per lukem's request.
2004-11-19 16:03:58 +00:00
christos 3b40bfaefe Don't write trash in ut_ss; either initialize it to 0, or put in the proper
information.
2004-11-11 01:14:10 +00:00
dsl 55d39107c6 Add (unsigned char) cast to ctype functions 2004-11-05 21:45:36 +00:00
lukem 635a375704 Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
  abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once.  If we need to change it,
  cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.

My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
  latter isn't reentrant and the hacks to work around that are ugly.
  We now examine urgflag at appropriate locations and call handleoobcmd()
  if it's set.  Since the only OOB commands we currently implement are
  ABOR and STAT, this isn't an issue.  (I also can't find the reference in
  RFC2228 where MIC, CONF & ENC are OOB-only commands.  Go figure.)
  I could clean up the is_oob stuff some more, but the remaining stuff
  in ftpcmd.y is harmless and it's unnecessary churn right this moment.
2004-08-09 12:56:47 +00:00
lukem 2b8830ba06 Correctly clamp illegal "SITE CHMOD" mode values. From OpenBSD. 2004-07-16 08:29:28 +00:00
lukem 0cd997a9f7 Fix minor memory leak with fromname. Inspired by OpenBSD. 2004-07-16 03:31:51 +00:00
lukem afca253464 Use sysconf(_SC_LOGIN_NAME_MAX) to determine the length of login
names, rather than assuming LOGIN_NAME_MAX.
Based on patch from Garrett Wollman via David O'Brien (both at FreeBSD.org)
2003-12-10 01:18:56 +00:00
agc 9f1aac5bb3 Move Jason Downs's code from a 4-clause to a 3-clause licence by
removing the advertising clause.  Diffs provided in PR 22410 by Joel
Baker, confirmed to the board by Jason Downs.

With additional thanks to Jason Thorpe.
2003-10-13 15:36:33 +00:00
agc 8e6ab8837d Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
2003-08-07 09:46:37 +00:00
salo 99410184e7 netbsd.org->NetBSD.org 2003-07-26 19:24:24 +00:00
itojun e63468d8cc split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se
(build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no)
2003-07-23 08:01:24 +00:00
tacha 3bab95ce42 Add ftpd_loginx() and ftpd_logwtmpx() and use them to hold wtmpx file
open while a session.

Close bin/21692 by bqt@Krille.Update.UU.SE.
2003-06-30 03:06:06 +00:00
wiz ac4f069fda Add Ns. 2003-06-27 18:59:54 +00:00
perry 01788f947d behaviour->behavior
I actually really like the UK spelling on this, but consistency among
our man pages is also a virtue.
2003-03-31 17:05:12 +00:00
lukem b018fb8971 Don't declare "yylex()" static; AFAICT it shouldn't be, and it causes
build problems with the output of some versions of yacc.
2003-03-03 02:14:57 +00:00
lukem 2cc6fff994 Fix typos accidentally introduced in rev 1.70 as part of the large
number support.
(NetBSD yacc didn't barf on these, although Solaris and HP/UX's did...)
2003-03-03 01:52:13 +00:00
lukem ceba77be0a it's actually 2003 ... 2003-02-28 03:06:14 +00:00
lukem 0263859762 Add '-L xferlogfile', to write xferlog entries there rather than syslog them.
Based on work from Dmitry Sivachenko.
2003-02-26 12:27:04 +00:00
wiz 990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
erh dadb4ce1cf Fix uninitialized variable "notglob" in send_file_list() that was causing
transfers to fail due to an abort in free().
2003-02-24 19:26:49 +00:00
erh 6697099535 Fix uninitialized variable in mlsname() 2003-02-24 19:25:25 +00:00
lukem 6c12b8f0d2 use LLT and STRTOLL() instead of off_t and strtoull() for parsing the
"larger than int" arguments from commands.  improves portability.
2003-02-24 12:57:06 +00:00
lukem 558032443d rename local copies of login(), logout() and logwtmp() to
ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively.
(makes utmp support much easier in tnftpd).

per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who
forwarded patch from Michael Ranner <mranner@inode.at>.
2003-02-23 13:04:37 +00:00
lukem 49230d68b3 crank version for:
Stop ftpd changing inetd's 'logname'
Stop buffer overrun if {NGROUPS_MAX} is greater than the compile time
NGROUPS_MAX.
2003-02-23 08:33:13 +00:00
matt 0f3ffeff6a gidlist is nolonger an array. 2003-02-19 23:12:20 +00:00
dsl 3dfa0d0485 Stop ftpd changing inetd's 'logname'
Stop buffer overrun if {NGROUPS_MAX} is greater than the compile time
NGROUPS_MAX.
(approved by christos)
2003-02-19 18:26:48 +00:00
perry 8a49ec08e4 "Utilize" has exactly the same meaning as "use," but it is more
difficult to read and understand. Most manuals of English style
therefore say that you should use "use".
2003-02-04 23:07:28 +00:00
lukem 1075c8325b Apply DoS fix as described by Crist J. Clark <crist.clark@attbi.com>
on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository
as libexec/ftpd/ftpd.c rev 1.133:

	The FTP daemon was vulnerable to a DoS where an attacker could bind()
	up port 20 for an extended period of time and thus lock out all other
	users from establishing PORT data connections. Don't hold on to the
	bind() while we loop around waiting to see if we can make our
	connection.

Bump version to 20030122.
2003-01-22 04:46:08 +00:00
lukem 6d15ebd30b Fixes from Dmitry Sivachenko <demon@freebsd.org>:
- always set "curname" to something appropriate (even when logging is
  not in effect).
- fix usage for "PORT" command
2003-01-22 04:33:35 +00:00
kleink b3df6303a9 Rename `sigset' locals to avoid symbol shadowing warning. 2003-01-16 09:38:37 +00:00
manu 32adf030a4 ftpd was unable to service the pwd request once you entered a directory
without search permission. This confused some ftp clients.

We fix this problem by maitaining a cached path when getcwd() does not work.
The symbolic links and ../ are resolved in the cached path, and it is finnally
checked for accuracy by comparing ./ and the cached path with stat (device
and inode comparison). If the comparison fails, pwd fails as it did before,
and if the comparison succeeds, the cached path is displayed.

If paths are too long, we should just compare ./ with a truncated path and
fail, thus making pwd displaying an error as it did before.
2003-01-08 18:07:31 +00:00
thorpej 7ec31d736f Avoid conflict with reserved identifier "log". 2002-12-06 01:59:22 +00:00
wiz f5cc72e57b -1 -> \-1. 2002-11-29 19:22:01 +00:00
lukem ee2d1afbb4 - convert to using libc's strsuftoll(3)
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out:  mmapsize readsize writesize sendbufsize sendlowat
2002-11-29 14:39:59 +00:00
itojun 92ebc57756 audit use of strto* - beware of ERANGE, as well as typecast on result. 2002-11-16 03:10:34 +00:00
lukem f0349d3444 tweak reference to me 2002-10-26 04:21:12 +00:00
lukem 02c9f40f67 crank version for statfilecmd() 'fix' 2002-10-26 04:19:56 +00:00
itojun 4af2926283 Turns out that our implementation of STAT wasn't RFC 959 compliant.
This version is now RFC 959 compliant, using a patch adapted from one
sent in by david.leonard@eecs.uq.edu.au

openbsd libexec/ftpd/ftpd.c revision 1.69.

(see RFC959 page 36)
2002-10-25 01:45:37 +00:00
darrenr 672b9a1044 * enclose unknown command strings inside a pair of 's to clearly mark the
text as being the 'whole' part received.
* change a HELP reply from 214 to 504 when there is an error looking for
  help on a command.
2002-10-12 08:35:16 +00:00
darrenr 256e201705 "Command not implemented." is 502, not 501 (RFC959, 4.2.1) 2002-10-11 10:57:51 +00:00
lukem 0acfaa653a Change arguments of login_utmp(line, name, host) (to be consistent
with logwtmp(3)/logwtmpx(3)), and call correctly.
Resolves [bin/18498] by Geoff Wing, who identified that the previous
version was being called incorrectly, albiet in a different manner.
2002-10-07 13:29:59 +00:00
lukem adbaddc918 Enable GLOB_BRACE for ftpd.conf(5)'s `notify' directive.
Now it's much easier to list multiple files...
2002-10-03 02:56:47 +00:00
wiz 917e421ecb especially and interpretation instead of espcially and intrepretation.
By Adrian Mrva.
2002-10-02 11:10:38 +00:00
wiz d6285bbf1d Begin new sentences on new lines.
Patch from Robert Elz (kre at munnari oz au).
2002-09-29 14:05:52 +00:00
lukem bafe5da620 use bsd.own.mk instead of the (obvious typo of) bsd.obj.mk 2002-09-18 06:24:33 +00:00
itojun a05a73b5b6 revert previous. wtmp{,x} entries need not be \0-terminated, so
strncpy is more proper.
2002-09-13 02:58:54 +00:00
itojun 57afbee27d use strl*, not strn*. 2002-09-12 08:55:31 +00:00
lukem 38a05c7450 Use LOGIN_NAME_MAX instead of `10' for the size of the curname[] buffer.
Allows /etc/ftpchroot to work correctly for usernames > 9 characters.

Noted by Max Khon in the freebsd-stable mailing list, via Thomas Vogt in
private email.
2002-09-12 06:40:43 +00:00