Commit Graph

317 Commits

Author SHA1 Message Date
lukem b181ccb476 log debug stuff using LOG_DEBUG not LOG_INFO 1997-11-16 12:04:21 +00:00
lukem 83955f6abd * change checkportcmd syntax to `checkportcmd class [off]' (as per `modify')
* display current setting of checkportcmd in STAT
* ensure that curclass.checkportcmd is initialised to 0
* document default setting of checkportcmd in ftpd(8)
* cleanup code a bit, putting code for "checkportcmd" in alphabetical order
1997-11-11 12:42:24 +00:00
mrg c8fbce69fd increment version. 1997-11-11 06:32:17 +00:00
mrg 6666673d8e oops, missed this bit in previous change. 1997-11-11 06:17:22 +00:00
mrg 8e2c08b183 add a "checkportcmd <class>" option that stops ftp bounce attacks. 1997-11-11 05:48:03 +00:00
mycroft 1336137028 Use remove(3) rather than stat(2)ing the file, yadda yadda.
Simpler, and DTRT for symlinks.
1997-10-19 18:16:19 +00:00
mycroft 3ff72472fe Use S_IS*(), not S_IF*. 1997-10-19 18:15:23 +00:00
mycroft 30c6e0cebf SRCS must be defined *before* bsd.prog.mk is included... 1997-10-12 14:06:21 +00:00
mycroft 307211b0f5 Add some krb5 hooks, though it probably doesn't work yet. 1997-10-12 14:04:36 +00:00
mycroft 76a39e6e7c Actually, do Kerberos first, since we want to get a TGT if possible.
Also, clean up some minor cruft.
1997-10-12 13:52:51 +00:00
mycroft 4bf23f1a50 Format police.
Also, try s/key before Kerberos.
1997-10-12 13:18:56 +00:00
mycroft 085fe346f1 Oops; fix typo. 1997-10-12 13:09:11 +00:00
mycroft 5566d4c1f1 Conditionalize s/key support. 1997-10-12 13:08:41 +00:00
mrg 2268d2dfb3 merge lite-2 Makefiles (rcsids), and turn on WARNS for all of libexec. 1997-10-08 09:07:11 +00:00
lukem 96ad830ee2 - add '-C user', which runs checkaccess(user) and exits with the result
(0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers).
  from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods
- getopt returns -1 not EOF
- in lostcon(), call dologout(1) not dologout(-1);
1997-09-23 14:25:30 +00:00
lukem 550665a814 implement '-c confdir', which allows the specification of an alternate
directory to look for the various configuration files, overriding /etc.
From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
1997-09-23 13:56:39 +00:00
cjs 74762c9036 Mention that if the user's shell is null, it's assumed to be /bin/sh.
(Pointed out by Jim Bernard <jbernard@tater.mines.edu>.)
1997-09-21 22:59:03 +00:00
lukem 67d65f4970 - ensure 257 reply codes from PWD and MKD are RFC959 compliant:
257 "dirname" some message
  (any "s in dirname should be doubled, per the RFC)
- don't put an extra / in the output of NLST if the last char in the
  directory is a /
- bump the version to 7.01 because of these fixes
1997-09-18 07:27:35 +00:00
lukem 05efcc80e4 fix grammo 1997-08-26 13:10:39 +00:00
kleink 66105c37fc Lseek(2) usage cleanup: the use of L_SET/L_INCR/L_XTND is deprecated,
use SEEK_SET/SEEK_CUR/SEEK_END instead.
1997-08-25 19:31:43 +00:00
lukem 0bba8ce38d * don't depend upon buffer returned by fgetln() to remain. fix mainly
from Tatoku Ogaito <tacha@tera.fukui-med.ac.jp> in [bin/3967]
* fgetln() doesn't \0 terminate its string. look for the \n and replace
  it with \0 (if no \n, ignore the line - it's most likely corrupt)
* more intensive checks on strdup() returns (not a current mem leak,
  but depended upon code elsewhere to cleanup - not good)
* cleanup some syslog error messages
1997-08-14 02:06:15 +00:00
jtc a158249541 Fix files using old TNF copyright notice 1997-07-31 00:08:03 +00:00
mrg 04b009a915 be safe with some buffers. 1997-07-21 05:13:10 +00:00
christos a838817b21 Add WARNS=1 1997-07-01 20:49:59 +00:00
hannken c9ccc894a4 Add missing braces. `check_modify' returns 0 without a reply. See PR #3779. 1997-06-24 08:49:27 +00:00
christos c22375d4d3 missed some warnings. 1997-06-22 22:33:12 +00:00
cjs fedfe5c4d3 %qd wants long long. Thus, if you're going to turn on warnings for
printf format strings, you've got to make sure you cast quantities
passed to %qd to long long because on 64-bit machines they're often
just long, which is not the same, even when it's the same size.
1997-06-21 18:01:35 +00:00
mellon 973a248f85 Need prototype for klogin() - probably ought to go in a header file, but klogin probably ought to go in a library first 1997-06-21 04:38:54 +00:00
christos 2424c4f970 - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
1997-06-18 19:05:46 +00:00
lukem 31547ec641 * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
  all or none) basis:
    * on-the-fly execution of a command to build the file (a ``conversion''),
      providing support for "get dirname.tar" and the like.
    * displaying the contents of a file when a directory is entered
      for the first time.
    * maximum value for timeout (replaces -T).
    * control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
    * notifying the user of the existance of a files matching a glob
      pattern when a directory is entered for the first time.
    * default value for timeout (replaces -t).
    * default umask (replaces -DGUEST_CMASK and -u).
  The conversion, display, and notify functionality was based on code by
  Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
  -t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
  stderr stream mixing with the stdout stream during a conversion,
  as this can corrupt the stream.
1997-06-14 08:43:26 +00:00
lukem dfb524fa46 * don't log failed usernames to ftp.notice; use authpriv.notice instead.
closes [bin/1571]
* don't quit if "PASV" is received without the user being logged in.
  closes [bin/2401], albiet with a modified test.
1997-05-29 10:31:48 +00:00
cjs 93b985ed90 Allow setting the directory to which anonymous users chdir from
the command line. Document -u option. A couple of minor cleanups.
1997-05-23 22:09:48 +00:00
pk 58efb9d20c NULL => 0 (Arne Juul; PR#3629) 1997-05-17 19:24:44 +00:00
cjs 6ed41b9085 /etc/ftpusers now matches globs against the username. mycroft suggested this. 1997-04-29 04:00:39 +00:00
lukem 66783f1f43 * fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups
1997-04-27 03:21:38 +00:00
thorpej 85ea5d090f Don't compile this with -O on the PowerPC - cc1 cores. 1997-04-19 05:13:26 +00:00
cjs a5d6da371a Change the syntax of /etc/ftpusers to have both allow and deny
information in the same file by following the username with `allow'
or `deny'. Also, the user `*' can be used to set the default for
users not listed in the file. This is entirely backward compatable
with old /etc/ftpusers files.
  Also, do the /etc/ftpusers and the valid login shell checks after
the password is verified, rather than before, so as not to give away
whether or not a particular user ID is present on the system.
1997-04-06 07:53:10 +00:00
cjs ff88177058 Changes to make anonymous uploads more secure. For anonymous users:
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.
1997-03-30 22:53:36 +00:00
cjs 76d4734615 4.4lite2 update. (The one minor bugfix between 4.4lite and 4.4lite2
was already in our sources, thus just the sccsid line is changed.)
1997-03-28 21:55:41 +00:00
mrg 3771fb912e set transflag to 0 in dologout, to prevent a SIGURG taking us back to the main loop. 1997-01-23 05:57:55 +00:00
jtc 93153c7796 Changed to use 1900 + tm_year instead of hardcoding "19" as the century.
From PR #2308 by Stephen J. Roznowski <sjr@zombie.ncsc.mil>.
1996-04-08 19:03:11 +00:00
cgd 02172229ba add -Dunix to CFLAGS 1996-02-16 02:07:41 +00:00
thorpej 08f474ecc4 Correct the instructions regarding the password database in
~ftp/etc, from Rob Windsor <windsor@ksu.ksu.edu> in PR #544.
1996-01-14 20:55:23 +00:00
mycroft 5860921eda Fill in sin_len. 1995-06-03 22:37:19 +00:00
cgd 8954551479 typo. 1995-04-11 02:58:40 +00:00
cgd 6a9917621c clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
1995-04-11 02:44:45 +00:00
mycroft dad7a18390 Use IPTOS_THROUGHPUT for passive mode data connection. 1995-03-22 16:55:35 +00:00
mycroft ebeae88da2 Use POSIX signals. 1995-03-21 21:47:04 +00:00
brezak 4036a63b78 Fill in ttyname for cred file uniquifier under KERBEROS (From Michael Graff) 1995-03-08 19:50:54 +00:00
jtc 490ec0010d Change mention of /etc/passwd to /etc/pwd.db, as reported by PR #556. 1995-02-17 09:19:45 +00:00
cgd b54e75897f be a bit more careful with types, casts, and and function declarations. 1994-12-23 14:29:31 +00:00
cgd ae9172d6cd specify man pages the new way. 1994-12-22 09:57:51 +00:00
jtc a5f771b355 Fix PR #491, what could have been a big security hole 1994-09-20 23:09:14 +00:00
brezak ad6e6fe7ab As long as KERBEROS is here at least let it compile cleanly... 1994-07-25 18:48:40 +00:00
mycroft ec9f6d82c2 Clean up deleted files. 1994-06-29 01:49:53 +00:00
deraadt d6743f02e5 4.4-lite, plus our local changes 1994-06-29 01:49:37 +00:00
deraadt 1a3b9af761 add skey support 1994-05-24 06:52:17 +00:00
cgd d7e56d367a use setproctitle 1994-04-14 03:15:37 +00:00
cgd 8940935dd1 Jarle.F.Greipsland@idt.unit.no's changes to allow for password-protected
chrooted ftp logins.
1994-04-06 20:49:52 +00:00
cgd 2ab4a0ae5c some changes to make Kerberos a bit easier to use. from
Michael Graff <explorer@vorpal.com>, with some work by myself...
1994-03-30 02:49:15 +00:00
cgd 4b30c543a0 always use libcrypt 1993-10-07 02:16:39 +00:00
mycroft e9d867ef50 Add RCS identifiers. 1993-08-01 17:54:45 +00:00
mycroft dfb9caab49 Add RCS indentifiers. 1993-08-01 07:32:48 +00:00
mycroft cda4f8f6ee Add RCS identifiers. 1993-08-01 05:37:30 +00:00
cgd 811e6386f8 changed to use new libcrypt scheme. 1993-04-26 14:33:28 +00:00
cgd 649bd7ccc5 added support for using real crypt 1993-03-22 23:27:33 +00:00
cgd 61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00