Up to [cvs.NetBSD.org] / src / libexec / ftpd
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Pull up following revision(s) (requested by lukem in ticket #1907): libexec/ftpd/version.h: revision 1.80 NetBSD-ftpd 20230930 Update version to "NetBSD-ftpd 20230930" for changes: - fix uninitialized memory usage in count_users() - fix pam_set_item call with proper struct passed as PAM_SOCKADDR
Pull up following revision(s) (requested by lukem in ticket #1903): libexec/ftpd/ftpd.c: revision 1.207 libexec/ftpd/version.h: revision 1.78 ftpd: improve seteuid error handling Handle seteuid() failures. Per suggestion by Simon Josefsson. Consistent logging and fatal exit if uid/gid switching fails. Log correct errno if dataconn() fails.
Pull up following revision(s) (requested by lukem in ticket #1743): libexec/ftpd/version.h: revision 1.80 NetBSD-ftpd 20230930 Update version to "NetBSD-ftpd 20230930" for changes: - fix uninitialized memory usage in count_users() - fix pam_set_item call with proper struct passed as PAM_SOCKADDR
Pull up following revision(s) (requested by lukem in ticket #390): libexec/ftpd/version.h: revision 1.80 NetBSD-ftpd 20230930 Update version to "NetBSD-ftpd 20230930" for changes: - fix uninitialized memory usage in count_users() - fix pam_set_item call with proper struct passed as PAM_SOCKADDR
Pull up following revision(s) (requested by lukem in ticket #1739): libexec/ftpd/ftpd.c: revision 1.207 libexec/ftpd/version.h: revision 1.78 ftpd: improve seteuid error handling Handle seteuid() failures. Per suggestion by Simon Josefsson. Consistent logging and fatal exit if uid/gid switching fails. Log correct errno if dataconn() fails.
Pull up following revision(s) (requested by lukem in ticket #385): libexec/ftpd/ftpd.c: revision 1.207 libexec/ftpd/version.h: revision 1.78 ftpd: improve seteuid error handling Handle seteuid() failures. Per suggestion by Simon Josefsson. Consistent logging and fatal exit if uid/gid switching fails. Log correct errno if dataconn() fails.
NetBSD-ftpd 20230930 Update version to "NetBSD-ftpd 20230930" for changes: - fix uninitialized memory usage in count_users() - fix pam_set_item call with proper struct passed as PAM_SOCKADDR
version NetBSD-ftpd 20230922 for MLSD/MLST fix
ftpd: improve seteuid error handling Handle seteuid() failures. Per suggestion by Simon Josefsson. Consistent logging and fatal exit if uid/gid switching fails. Log correct errno if dataconn() fails.
NetBSD-ftpd 20200615 Update version to "NetBSD-ftpd 20200615" for changes: - Increase some buffer sizes. - Rename blacklist to blocklist.
Sync with HEAD
NetBSD-ftpd 20180428 Update version to "NetBSD-ftpd 20180428" for changes: - Fix violations of the sequence point rule. - Check that stat and fstat succeed. - Support blacklistd(8) hooks. - Clear utmpx struct before writing it to wtmpx files. - Fix directory stream leaks. - Use explicit_memset(3) instead of memset(3) to clear password. - Fix scope of variable. PR misc/50665. - Ensure that closing socket exists. CID 603440. - Add -f option to ftpd to stay in foreground with -D. PR bin/53221.
sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
resync from head
Update version to 20110904 for the user-visible change I made back then: Reduce priority of syslog message if getpeername returns ENOTCONN. PR bin/18934 by Greg A. Woods (with supplied fix).
sync to netbsd-5
Pull up following revision(s) (requested by lukem in ticket #1372): libexec/ftpd/version.h: revision 1.74 Update version to 20100320 for Christos' commit to popen.c 1.37 for: PR/43023: Bruce Cran: FTPD bug remote crash
Pull up following revision(s) (requested by lukem in ticket #1372): libexec/ftpd/version.h: revision 1.74 Update version to 20100320 for Christos' commit to popen.c 1.37 for: PR/43023: Bruce Cran: FTPD bug remote crash
Update version to 20100320 for Christos' commit to popen.c 1.37 for: PR/43023: Bruce Cran: FTPD bug remote crash
NetBSD-ftpd 20091107: * Fix WARNS=4 issues (const & sign mismatches, etc) * Ensure various ftpd.conf values can't exceed their underlying types. * Fix for 64 bit time_t and dev_t * Rename internal getline() function to get_line() so it does conflict with the getline(3) libc function. * Log both the hostname and numeric address. * Improve man page mdoc formatting
Sync with HEAD. Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
Fix WARNS=4 issues (const & sign mismatches, etc) Ensure various ftpd.conf values can't exceed their underlying types.
bump version for remoteloghost & portability changes
Merge in changes between wrstuden-revivesa-base-2 and wrstuden-revivesa-base-3.
Pull up following revision(s) (requested by lukem in ticket #1964): libexec/ftpd/ftpd.c: revision 1.187 via patch libexec/ftpd/extern.h: revision 1.58 via patch libexec/ftpd/ftpcmd.y: revision 1.88 via patch libexec/ftpd/version.h: patch Don't split large commands into multiple commands; just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server. Reported by Maksymilian Arciemowicz <cxib@securityreason.com>. Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o= rg>
Pull up following revision(s) (requested by lukem in ticket #1964): libexec/ftpd/ftpd.c: revision 1.187 via patch libexec/ftpd/extern.h: revision 1.58 via patch libexec/ftpd/ftpcmd.y: revision 1.88 via patch libexec/ftpd/version.h: patch Don't split large commands into multiple commands; just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server. Reported by Maksymilian Arciemowicz <cxib@securityreason.com>. Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o= rg>
Pull up following revision(s) (requested by lukem in ticket #1964): libexec/ftpd/ftpd.c: revision 1.187 via patch libexec/ftpd/extern.h: revision 1.58 via patch libexec/ftpd/ftpcmd.y: revision 1.88 via patch libexec/ftpd/version.h: patch Don't split large commands into multiple commands; just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server. Reported by Maksymilian Arciemowicz <cxib@securityreason.com>. Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o= rg>
Pull up following revision(s) (requested by lukem in ticket #1202): libexec/ftpd/ftpd.c: revision 1.187 libexec/ftpd/extern.h: revision 1.58 libexec/ftpd/version.h: patch libexec/ftpd/ftpcmd.y: revision 1.88 Don't split large commands into multiple commands; just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server. Reported by Maksymilian Arciemowicz <cxib@securityreason.com>. Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o= rg>
Pull up following revision(s) (requested by lukem in ticket #1202): libexec/ftpd/ftpd.c: revision 1.187 libexec/ftpd/extern.h: revision 1.58 libexec/ftpd/version.h: patch libexec/ftpd/ftpcmd.y: revision 1.88 Don't split large commands into multiple commands; just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server. Reported by Maksymilian Arciemowicz <cxib@securityreason.com>. Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o= rg>
Pull up following revision(s) (requested by lukem in ticket #1201): libexec/ftpd/ftpd.c: revision 1.183 libexec/ftpd/Makefile: revision 1.58 libexec/ftpd/version.h: revision 1.66 Reorganize USE_PAM support so that the reply(331,) from USER is performed by the pam_conv (PAM conversation) callback, which then getline()s the PASS reply internally. This involves calling auth_pam() from user() and caching the result to use later in pass(). This allows the PAM modules to present a different password prompt dialog if necesary. For example: Name (localhost:lukem): 331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ]. versus Name (localhost:lukem): root 331 User root accepted, provide password. This is independent of (and effectively exclusive to) USE_SKEY support. Previously ftpd with USE_SKEY=yes would provide the skey prompt if the user had an skey configured, even if /etc/pam.d/ftpd didn't have pam_skey in use. I.e., ftpd shouldn't need special support for custom password prompts (such as skey) if PAM is in use.
Pull up following revision(s) (requested by lukem in ticket #1201): libexec/ftpd/ftpd.c: revision 1.183 libexec/ftpd/Makefile: revision 1.58 libexec/ftpd/version.h: revision 1.66 Reorganize USE_PAM support so that the reply(331,) from USER is performed by the pam_conv (PAM conversation) callback, which then getline()s the PASS reply internally. This involves calling auth_pam() from user() and caching the result to use later in pass(). This allows the PAM modules to present a different password prompt dialog if necesary. For example: Name (localhost:lukem): 331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ]. versus Name (localhost:lukem): root 331 User root accepted, provide password. This is independent of (and effectively exclusive to) USE_SKEY support. Previously ftpd with USE_SKEY=yes would provide the skey prompt if the user had an skey configured, even if /etc/pam.d/ftpd didn't have pam_skey in use. I.e., ftpd shouldn't need special support for custom password prompts (such as skey) if PAM is in use.
Enhance -C to support an optional @host ('-C user[@host]'): checks whether user as connecting from host would be granted access by ftpusers(5). Support IPv6 in the host directive of ftpusers(5). (May resolve PR 26555) Both features from Rudolf Cejka <cejkar@fit.vutbr.cz> (FreeBSD's tnftpd port maintainer).
Don't split large commands into multiple commands; just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server. Reported by Maksymilian Arciemowicz <cxib@securityreason.com>. Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.org>
Sync w/ -current. 34 merge conflicts to follow.
sync with head.
Don't use non-standard "u_<foo>" types. Strip trailing whitespace (as well as ':'s) off PAM password prompts. Improve some debug logging related to PAM.
sync with head.
Remove clause 3 and 4 from TNF licenses
Reorganize USE_PAM support so that the reply(331,) from USER is performed by the pam_conv (PAM conversation) callback, which then getline()s the PASS reply internally. This involves calling auth_pam() from user() and caching the result to use later in pass(). This allows the PAM modules to present a different password prompt dialog if necesary. For example: Name (localhost:lukem): 331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ]. versus Name (localhost:lukem): root 331 User root accepted, provide password. This is independent of (and effectively exclusive to) USE_SKEY support. Previously ftpd with USE_SKEY=yes would provide the skey prompt if the user had an skey configured, even if /etc/pam.d/ftpd didn't have pam_skey in use. I.e., ftpd shouldn't need special support for custom password prompts (such as skey) if PAM is in use.
Update to 20060923 for the following changes: 20060201 debug -> ftpd_debug xstrdup -> ftpd_strdup 20060317 * Make sure that "su" is initialized before dereferencing it. Fixes Coverity CID 1075. * Set file to NULL after calling fclose(). Fixes Coverity CID 2669. * Remove unreachable code (res could never be NULL here). Fixes Coverity CID 712. 20060509 change (mostly) int to socklen_t. GCC 4 doesn't like that int and socklen_t are different signness. 20060923 Apply patch from PR bin/33261 sent by FUKAOMI Naoki: "ftpd does not update wtmpx".
NLST should return 450 instead of 550 upon error, per RFC 959.
logxfer(): don't use the same buffer to store the results of two separate concurrent realpath(3)s, otherwise we'll log the wrong information for a rename. Noted by Dmitry Sivachenko in private mail.
* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.]
Implement option "-D", for running ftpd in standalone mode (daemon). ftpd will listen on the default FTP port for incoming connections and fork a child for each connection. This is lower overhead than starting ftpd from inetd(8) and thus might be useful on busy servers to reduce load. Inspired by FreeBSD. Reviewed by lukem@.
Crank version for Christos' utmpx/wtmpx changes on 20050623
* Add hidesymlinks configuration option This adds a -L to all ls command arguments so that the file or directory the link references is listed rather than the link itself. This was inspired by IRIX ftpd's -S option. [Discussed with lukem some time ago.] * Crank version.h [right Luke? :-)]
* Don't allow accounts with age expired passwords to login. Any account that is required to change their password will not be allowed FTP access. Inspired by similar functionality in other FTP daemons. (approved by lukem) * Crank version to 20041119 per lukem's request.
Pullup rev 1.44-1.57 (requested by he in ticket #1739) Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
Pullup rev 1.29-1.57 (requested by he in ticket #158) Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
Pullup rev 1.57 (requested by lukem in ticket #757) * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue.
Fixes from (or inspired by) OpenBSD: * Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary. * Fix SIGURG handler to set an urgflag that's later tested, rather than abusing setjmp(3)/longjmp(3). * Use "volatile sig_atomic_t" as the type of variables modified by sig handlers. * Use sigaction(3) instead of signal(3) to set the signal handlers. * Only set the main SIGALRM handler once. If we need to change it, cache the old handler and restore appropriately... * Remove a bunch of signal races by improving the signal handlers. * Fix memory leak with 'ESPV ALL'. My stuff: * Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3). * Rework parsing of OOB commands to _not_ use the yacc parser, since the latter isn't reentrant and the hacks to work around that are ugly. We now examine urgflag at appropriate locations and call handleoobcmd() if it's set. Since the only OOB commands we currently implement are ABOR and STAT, this isn't an issue. (I also can't find the reference in RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.) I could clean up the is_oob stuff some more, but the remaining stuff in ftpcmd.y is harmless and it's unnecessary churn right this moment.
Use sysconf(_SC_LOGIN_NAME_MAX) to determine the length of login names, rather than assuming LOGIN_NAME_MAX. Based on patch from Garrett Wollman via David O'Brien (both at FreeBSD.org)
Add ftpd_loginx() and ftpd_logwtmpx() and use them to hold wtmpx file open while a session. Close bin/21692 by bqt@Krille.Update.UU.SE.
Add '-L xferlogfile', to write xferlog entries there rather than syslog them. Based on work from Dmitry Sivachenko.
use LLT and STRTOLL() instead of off_t and strtoull() for parsing the "larger than int" arguments from commands. improves portability.
rename local copies of login(), logout() and logwtmp() to ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively. (makes utmp support much easier in tnftpd). per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who forwarded patch from Michael Ranner <mranner@inode.at>.
crank version for: Stop ftpd changing inetd's 'logname' Stop buffer overrun if {NGROUPS_MAX} is greater than the compile time NGROUPS_MAX.
Apply DoS fix as described by Crist J. Clark <crist.clark@attbi.com> on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository as libexec/ftpd/ftpd.c rev 1.133: The FTP daemon was vulnerable to a DoS where an attacker could bind() up port 20 for an extended period of time and thus lock out all other users from establishing PORT data connections. Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Bump version to 20030122.
- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
crank version for statfilecmd() 'fix'
Change arguments of login_utmp(line, name, host) (to be consistent with logwtmp(3)/logwtmpx(3)), and call correctly. Resolves [bin/18498] by Geoff Wing, who identified that the previous version was being called incorrectly, albiet in a different manner.
Enable GLOB_BRACE for ftpd.conf(5)'s `notify' directive. Now it's much easier to list multiple files...
- Change lexer to support numbers > 2^31-1 (stored in an off_t), and allow RESTart to use the larger numbers. Fix from Maxim Konovalov <maxim@freebsd.org> - Update version - Minor whitespace changes
Pull up revision 1.43 (requested by lukem in ticket #282): Implement "SITE UMASK" `enabled command' check with (modified) check_write(), so that a user who has modify disabled gets an error message rather than a hung connection. Noted by M.J. Rutter <mjr19@cus.cam.ac.uk> in private email.
crank copyright
Implement "SITE UMASK" `enabled command' check with (modified) check_write(), so that a user who has modify disabled gets an error message rather than a hung connection. Noted by M.J. Rutter <mjr19@cus.cam.ac.uk> in private email.
Fixes for mlsd/mlst standards conformance issues (noted by Robert Elz): - mlst shouldn't return cdir or pdir for type, only dir - mlst should always provide a full path name - mlsd should provide a full path name for the cdir entry. (providing a full path name for the pdir entry is optional, and i punted on that).
Don't log an xferlog-style entry if bytes == -1. Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar circumstances.
fix previous, and ensure that closedataconn() is only called after dataconn() and with a non-NULL file pointer. active transfers now work correctly again, passive transfers work, and the data stream is only closed after a PASV or EPSV if a successful connection was initiated with dataconn().
in closedataconn(), only close the passive data fd if the main data descriptor was set by dataconn(). this fixes a problem for clients (such as lynx and netscape) that only sent PASV/EPSV after a transfer (RETR, LIST, STOR) started and returned 150. certain command sequences could return 550 (etc) before setting up the dataconn(), and would run into this bug. netbsd's ftp didn't hit this bug because it always sends PASV/EPSV before a new transfer command.
Fix skey password challenge. Problem reported in [bin/14848] by John F. Woods.
Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins.
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5) - enable WARNS=2
- Don't try and use the motd if it's empty. Problem reported in [bin/14751] by Kimmo Suominen - Display conffilename() version of limitfile and motd in status output
a few changes from Mike Heffner <mheffner@vt.edu> in private email: - totally clear a glob buffer before use, because FreeBSD depends on some of the other fields being cleared (other than just gl_offs) - in strend(), ensure that the source string isn't too large - remove unnecessarily complicated sizing of proctitle, since snprintf() will truncate it anyway
s/tise/tize/ in docco, add "advertize" as synonym for "advertise"
crank copyrights of files changed this year remove superfluous byte_count update in send_file_list crank version
use own code instead of bother with glob() to do ~ expansion in pathname; there's no need to support glob wildcards in this case when it's not expanded here in the non-~ case
limit the number of matches in a ~ pathname glob, and complain if more than one path is matched.
bump version for IPv4 PASV fix. PR 12558
sync ftpd to -current with the following revisions (for lukem/christos): Makefile 1.43-1.44 cmds.c 1.7-1.8, 1.10-1.12 conf.c 1.35-1.40 extern.h 1.32-1.38 ftpcmd.y 1.53-1.59 ftpd.8 1.58-1.63 ftpd.c 1.102-1.104, 1.106-1.122 ftpd.conf.5 1.12-1.15 ftpusers.5 1.8 logwtmp.c 1.16 popen.c 1.23-1.25 version.h 1.28 a quick summary of user-visible changes; - fix glob DoS by using GLOB_LIMIT - add ftpd.conf directives `advertise', `maxfilesize', `sanenames' - add flags: -P dataport, -X - wuftpd style log entries, -q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp, -w/-W - (en|dis)able wtmp
crank for GLOB_LIMIT fix
Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static.
Apply patch (requested by he): Fix a one-byte buffer overrun. Note by appending an 'a' to the version number, since we do not here upgrade ftpd wholesale.
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl> (to bugs@openbsd)
- move password checking into separate valid_passwd() function, to assist in porting to other systems. - don't syslog() or setproctitle() "ACCT" lines (as per "PASS") - replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the latter #ifdef BSD4_4 - don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile support if this is to be used on NetBSD.
- ensure all uses of AF_INET6 are wrapped in #ifdef INET6 - don't define `ALL' as a token twice in the grammar
cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier). always check error result from getnameinfo.
- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments
changes to improve portability: * replace union sockunion {} with struct sockinet {}, and modify the code accordingly. this is possibly more portable, as it doesn't rely upon the structure alignment within the union for our own stuff. uses local su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4) (XXX: haven't tested the ipv6 stuff) * always use getaddrinfo() and getnameinfo() instead of maintaining two code paths. (lukemftpd will provide replacements for these on older systems) * use lockf() instead of open(.., O_EXLOCK) to lock the pid file * minor KNF * clean up long long support: create helper #defines and use as appropriate: #define NO_LONG_LONG ! NO_LONG_LONG ------- ------------ -------------- LLF "%ld" "%lld" LLFP(x) "%" x "ld" "%" x "lld" LLT long long long ULLF "%lu" "%llu" ULLFP(x) "%" x "lu" "%" x "llu" ULLT unsigned long unsigned long long STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
- improve RFC2428 conformance. return 522 on unknown protocol identifier on EPRT. - clarify EPSV/EPRT/LPSV/LPRT behavior. - repair memory leak and lack of boundary check on EPRT. - make sure we do not resolve DNS on EPRT. sync with kame.
add support for -W; don't log to wtmp (orthogonal of -U which logs to utmp). inspired by similar option in wuftpd.
user visible changes (besides checking the cvs log): * make checkportcmd the default * add -r; force permanent drop of root privs after login * add -V vers; change version string to vers * add -H; act as -h `hostname` * permanently drop root privs if it makes sense to do so (e.g; logging in as guest/chroot user on a port > 1024) * fix reference to draft-ietf-ftpext-mlst-11 * add ftpd.conf directives: chroot, homedir * fix base64_encode() and generation of the unique fact * crank version to 20000723
* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup
* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file()
* add -H, which acts like -h `hostname`. (requested by kim@) * refer to draft-ietf-ftpext-mlst-11 instead of -10
base64_encode(): separate out the special case for the last 2 bytes, and be a bit safer with signed chars. per discussion with kre.
- base64_encode(): fix garbled output due to fencepost error. output now appears to match that of 'mimencode' (from metamail). problem noted by kre@munnari.oz.au. - fact_unique(): encode a combined dev_t+ino_t chunk rather than separate bits
setproctitle(), and for any other printf variants, it is not a good idea to pass variable directly like foo(x). use foo("%s", x) to avoid misuse. from: openbsd
Sync w/ netbsd-1-5-base.
various fixes suggested by Robert Elz: * implement closedataconn() and use appropriately (including in mlsd()) * only put leading space in front of MLST output (not MLSD output) * MLSD: only output pdir and cdir entries when the type fact is requested. * change error code for giving MLSD a non-directory from 550 to 501 * remove MLSx Type fact support for UNIX.* for now; it's not standardised yet. * do a check_login when MLSD and MLST are given no args * detect & complain about null facts in OPTS MLST * cache getgroups() at login instead of calling each time in fact_perm() other mods: * implement cprintf(); as per fprintf() but increments total_bytes{,_out} * implement CPUTC(); as per putc() but increments total_bytes{,_out} * implement base64_encode() * fact_unique() display base64 encoding of dev_t and ino_t rather than hex output; should scale if size of those changes * change reply() so that a negative code acts as the initial line in a reply, code == 0 prefixes the line with 4 spaces, and code > 0 works as before. deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and reply(0, ) respectively. * use cprintf() and CPUTC() appropriately (often instead of printf(), lreply(-2, ) or lreply(-1, ). now we actually account for the data sent by MLST and MLSD. * remove DEBUG support for sending MLSD output to control connection instead of data connection (my ftp client now supports MLSD :-)
major overhaul (just before netbsd 1.5 :-): * implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD. we already supported SIZE and MDTM. add the appropriate FEAT output lines. * migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c * make dataconn(), feat(), lookup(), opts() and sizecmd() public * modify struct tab so that it has a `flags' instead of `implemented' element, and remove the `hasopts' element. If flags == 1, the command is implemented. if flags == 2, the command is implemented and takes options * add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..") * modify lreply() so that lreply(-2, ...) just outputs the given info without a prefix or trailing \r\n. this saves doing b = printf(); total_* += b; * enhance statcmd(). still needs work in the LPRT status stuff. * crank version
- Always close(pdata) if it was a valid filedescriptor before setting it to -1. Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>, (part of which already had been solved by itojun a while ago), and provided patch covered most of the fixes needed. (Thanks Takahiro!) - Consistently indent goto labels by one space.
convert to ANSI C as per style guide
* don't bother with a version[] string, just use the macro as appropriate * clean some more of the GLOBAL stuff * fix unused var if -UHASSETPROCTITLE
suppress verbose messages from CWD and post-login if the first character of the anonymous password is `-'.
* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe <taca@sky.yamashina.kyoto.jp> * change the way global variables are defined and extern-ed to be more consistent.
* new ftpd.conf directive: template class [refclass] following directives for refclass will apply to class as well. this makes setting up a `template' class with many default settings easy, whilst allowing for class-specific overrides * prevent crash when the optional limitfile wasn't given to limit * document count_users() * document default setting of limit in ftpd.conf(5) * crank version
features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids-<class> - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version
Pull up to last week's -current.
file version.h was added on branch wrstuden-devbsize on 1999-12-27 18:30:13 +0000
crank version
* add back support for `-h hostname'; it still may be useful to override the name advertised to the client, even if ftpd can determine it from the ip address that ftpd is bound to. requested by mrg. * remove -4/-6; they were effectively no-ops since itojun's change in 1.75. * crank version
* move version to separate header file * use .Dv and .Tn in the man pages as appropriate * KNF a bit The following were inspired by similar changes in openbsd, but may have additional improvements by me: * add more check_login tests to the parser rules * nuke a few memory leaks in the parser rules * clear passwords before free()ing them, for safety * don't display \r\n in setproctitle() output * add support for -U, which enables managing /var/run/utmp entries for connections. solves [bin/2217] by Jason Downs <downsj@teeny.org> * fix oob handling for STAT command * use SIG_ERR instead of -1