Commit Graph

393 Commits

Author SHA1 Message Date
Paul Traina
312c86cfd9 Truncate argument list to avoid buffer overflows.
Cannidate for: 2.1 and 2.2
1996-11-20 22:12:50 +00:00
Andrey A. Chernov
43658eac64 Implement alternative strategy if it is impossible to confirm
password: ask for it, but don't tell that S/key password required.
It looks like non-s/key system from outside.

Additionally tell that s/key required when it is so for normal case
1996-10-18 17:09:26 +00:00
Andrey A. Chernov
28fbb50335 Oops, fix my previous commit, now tell user his s/key parameters 1996-10-17 17:46:00 +00:00
Andrey A. Chernov
28ed0fe08b Don't ever ask for password if it is impossible to confirm it
It happens if 1) regular passwords not allowed, 2) skey database
not activated for given user.
Under some rare circumstanes skey_challenge can return empty
diagnostic or even previous buffer, fix it.
1996-10-17 17:06:04 +00:00
Wolfram Schneider
148531ef1e add forgotten $Id$ 1996-09-22 21:56:57 +00:00
Paul Traina
39ea627d62 Fix some compilation warnings. 1996-09-21 18:01:23 +00:00
Julian Elischer
105a3c98b9 Reviewed by: various
Submitted by:	archie@whistle.com

allow ftpd to bind to a single address/interface
this allows easy split services.
1996-08-09 22:22:30 +00:00
Mark Murray
9aca17cb12 Tidy up the Kerberised bits. While I'm here, fix some -Wall complaints. 1996-08-09 09:02:31 +00:00
Poul-Henning Kamp
3cde2031c8 Fix another bogon. 1996-08-06 14:29:06 +00:00
Poul-Henning Kamp
0bb6e9ed65 Make password checking in ftpd work again. 1996-08-06 08:43:43 +00:00
Paul Traina
a5a4544e77 Convert STATS and PARANOID to run-time options.
Document the new -R (relax paranoia) option.

From NetBSD/Lite2: code and man page cleanups, Kerberos IV hooks
(relax, we're still exportable), and /etc/ftpchroot feature for
semi-anonymous accounts
1996-08-05 00:21:15 +00:00
Paul Traina
61f891a6df If PARANOID is set, do not allow PORT commands to remote ports less than 1024
or addresses other than the requestor's address.  This violates the FTP
protocol (hmm...as I write this, I'm going to change this to a run-time var.)

Require login before PASV and RNTO commands.

Close unused PASV ports so they don't hang around forever.

Do not allow file overwrites via rename or STOR when anonymous
(suspenders).

Clean up buffer utilization.

My code, but heavily inspired by Hobbit's changes to wu-ftpd as pointed out
by Mike Prettejohn and Kit Knox.
1996-08-04 22:40:35 +00:00
Andrey A. Chernov
333468bac7 If hostname > UT_HOSTSIZE, use its numerical address instead to keep
valid utmp and wtmp entries
1996-06-17 14:59:07 +00:00
Poul-Henning Kamp
6b5139742c backout yacc changes 1996-06-02 17:10:13 +00:00
Peter Wemm
40e9d39e59 Use the sysctl settable data port ranges rather than the statically
compiled values.  see sysctl net.inet.ip.portrange.* and the IP_PORTRANGE
discussion in <netinet/in.h>
1996-05-31 03:10:25 +00:00
Poul-Henning Kamp
9ad70fa0b2 Fix yacc rule usage. 1996-05-30 21:29:03 +00:00
David Greenman
cf09a2067c Implemented a "-D" option that causes ftpd to detach and become a daemon -
accepting connections on the FTP port and forking children processes to
handling them. This is lower overhead than spawning ftpd from inetd and
can be a significant win on busy FTP servers. Be sure to disable ftpd in
inetd.conf if you decide to use this option.
These changes are based on similar changes I made to wu-ftpd and have
been in use on wcarchive for several months.
1996-04-11 10:22:16 +00:00
David Greenman
1332892bcf Fix bug that caused a coredump when attempting to enter passive mode when
not logged in. Original fix slightly altered by me to return the correct
reply code.

Submitted by:	Vadim Kolontsov <vadim@tversu.ac.ru>
1996-03-18 11:09:03 +00:00
Peter Wemm
b63e1fe2c4 Make ftpd use setproctitle() from libutil
I've left the old code in there under #ifdef OLD_SETPROCTITLE in case
somebody wants to try to compile out ftpd on some other machine.
1996-01-01 08:35:11 +00:00
Guido van Rooij
d6ed3c374d Timeout when an expected accept does not happen after all.
This gets rids of dozens of hanging ftpd's because some broken
pc implementation `forgets' to open a passive connection.
Obtained from: Wietse Venema
1995-11-29 19:52:30 +00:00
Mike Pritchard
ae532ecb79 Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
Paul Traina
4c450ad7a7 Use data ports in the range 40000..44999 by default to enhance FTP usability
in a firewall environment.  Original idea by Mark Tracy (?).

Reviewed by:	wollman
Submitted by:	pst
1995-08-05 19:12:05 +00:00
Rodney W. Grimes
6c06b4e2aa Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
David Greenman
956455631c Make last change a little more robust by checking for failure of getcwd(). 1995-05-22 11:03:55 +00:00
David Greenman
82c76939c1 Set "HOME" so that tilde expands correctly. It previously was always root's
directory /root.
1995-05-22 09:53:02 +00:00
Garrett Wollman
9fc5823a7a Speed up ftpd and make it more efficient:
- set TCP_NOPUSH to keep from sending short packets at each write(2) boundary
- set SO_SNDBUF to 64k so we have a reasonable amount of buffer space
- for a regular file in binary mode which is not being restarted and is
. smaller than 16 Meg, use mmap(2) and write(2) the whole file in one big
  gulp

In the most common circumstances, this should dramatically reduce the
system-call load from ftpd, since the call to write() will not return until
the entire file has been written, rather than writing just a few K at a time
in a loop.
1995-05-03 16:58:12 +00:00
Gary Palmer
7253b58b7b Fix two more references to /etc/motd that I overlooked. PR #29 1995-04-15 07:05:07 +00:00
Gary Palmer
025362a70b Close PR #29. The file should be /etc/ftpmotd, not /etc/motd. 1995-04-15 07:02:22 +00:00
Nate Williams
79f5f586ac Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command.  This only occurs when
linking statically.
1995-03-18 06:41:08 +00:00
Guido van Rooij
3eb568f24c Add some functionality to ftpd so it logs all anonymous file
transfers. It only does this when -S is set.
Reviewed by:
Submitted by:
Obtained from: logdaemon package
1995-02-26 19:36:59 +00:00
Paul Traina
2c60c54cc4 recommit rev 1.5 of ftpd, I fatfingered a command 1994-10-27 19:36:01 +00:00
Paul Traina
29e92c359a Printing out /etc/motd when a ftp login occurs is a security hole
(as is printing out a version number at the telnet login banner).

Don't print out /etc/motd when people login, instead if present,
print out /etc/ftpmotd.  It looks like 4.4lite2 has done something similar
(perhaps for different reasons) because /etc/motd no longer shows up
on vangogh.

Folks who like the old behavior can create a symbolic link to motd.
1994-10-27 19:14:39 +00:00
Paul Traina
9e53ab00d2 Figured it out, misapplied a patch, ftpd now works again. 1994-10-22 06:23:15 +00:00
Paul Traina
0d78c1c051 Fix broken command parser (fall back 10 yards and scratch head). 1994-10-22 06:19:53 +00:00
Paul Traina
2ddadf840c Include most of the logdaemon v4.4 S/key changes 1994-10-19 00:03:45 +00:00
Paul Traina
28dc19771b Clean up makefile 1994-09-30 21:19:58 +00:00
Paul Traina
bb56d435e3 Use new skey access routines 1994-09-29 18:59:42 +00:00
David Greenman
348c7a1250 Fixed bug where /etc/ftpusers was ineffective. Caused by the wrong
pointer being passed to strcmp(). Bug noticed by Matthew Green.
1994-09-20 15:53:30 +00:00
Guido van Rooij
d007582cfe Put skey support to ftpd
Reviewed by:
Submitted by:	guido
1994-08-21 19:09:58 +00:00
Guido van Rooij
726040de0e Put skey support in ftpd.
Reviewed by:
Submitted by:	 guido
1994-08-21 19:09:23 +00:00
Geoff Rehmet
4714bb15be LDADD= -lcrypt
Submitted by:	Geoff
1994-08-20 21:19:46 +00:00
Garrett Wollman
2a3c26c889 Update to new make macros and disable Kerberos because we haven't got it
set up right yet.
1994-08-05 21:24:58 +00:00
Rodney W. Grimes
ea022d1687 BSD 4.4 Lite Libexec Sources 1994-05-27 12:39:25 +00:00