Commit Graph

196 Commits

Author SHA1 Message Date
Yaroslav Tykhiy
ebd83647a4 When looking for a virtual host to handle the connection,
stop the search on the first match for efficiency.

Submitted by:	Nick Leuta
2004-11-22 11:10:04 +00:00
Yaroslav Tykhiy
4cbc4ad644 Calling pam_chauthtok() isn't really needed since
an FTP user has no chance to change password anyway.

Submitted by:	Nick Leuta
2004-11-22 11:02:42 +00:00
Yaroslav Tykhiy
e897216f45 Don't log the chroot dir on every command since it's constant for a session.
Log it once at the beginning of the session instead.  OTOH, log wd each
time for the sake of better auditing and consistent log format.

Proposed by:	Nick Leuta <skynick -at- mail.sc.ru>
2004-11-22 10:48:29 +00:00
Yaroslav Tykhiy
7cdd3cb70b Always log remote IP.
PR:		bin/59773
2004-11-22 10:27:16 +00:00
Yaroslav Tykhiy
04683b2c35 Treat host name buffers consistently. 2004-11-22 10:16:43 +00:00
Yaroslav Tykhiy
215a9f9de5 Make chrootdir global and use it in log messages
regarding restricted users.

MFC after:	2 weeks
2004-11-18 14:15:32 +00:00
Yaroslav Tykhiy
2b7eb1c076 Nitpicking on style(9) and whitespace.
Tested with:	md5(1)
2004-11-18 13:55:15 +00:00
Yaroslav Tykhiy
0c4b401f76 Use __FBSDID. 2004-11-18 13:46:29 +00:00
Yaroslav Tykhiy
405e2987ca Don't say, "file: permission denied," if the operation
is disabled entirely.
2004-11-18 11:50:01 +00:00
Yaroslav Tykhiy
02c9749295 Use uniform punctuation, capitalization, and language style
in server messages wherever this doesn't contradict to a particular
message format.
2004-11-18 11:45:13 +00:00
Yaroslav Tykhiy
eb5b2bb3ae Apply __printflike() to the appendf() prototype so the compiler
can detect format errors.
2004-11-18 11:32:35 +00:00
Yaroslav Tykhiy
82c03024c2 Fix perror_reply() vs. reply() usage. 2004-11-18 11:27:31 +00:00
Yaroslav Tykhiy
4a3e5acd8d '\n' needs not to appear in reply() strings. 2004-11-18 11:07:00 +00:00
Yaroslav Tykhiy
6b2dee6ba1 Log pathname arguments to ftp commands as the user specified them;
add the working directory pathname to the log message if any of
such arguments isn't absolute.  This has advantage over the old
way of logging that an admin can see what users are actually trying
to do, and where.  The old code was also not too robust when it
came to a chrooted session and an absolute pathname.

Pointed out by: Nick Leuta
MFC after:      2 weeks
2004-11-18 10:02:28 +00:00
Yaroslav Tykhiy
ac4f2391be Use S_ISDIR() macro instead of a hand-rolled test. 2004-11-18 09:26:58 +00:00
Yaroslav Tykhiy
75933089af getcwd() won't leave a error string in the buffer, unlike getwd(). 2004-11-18 00:14:09 +00:00
Yaroslav Tykhiy
de9b6c0343 Use POSIX functions instead of legacy ones:
getwd() -> getcwd()
	wait3() -> waitpid()
2004-11-17 22:43:46 +00:00
Yaroslav Tykhiy
7e295315e6 Kill more unneeded casts found.
Noticed by:	Nick Leuta <skynick -at- mail.sc.ru> (some of them)
2004-11-17 11:52:41 +00:00
Yaroslav Tykhiy
3b48b87700 Don't invent ways of capitalization orthogonal to the English grammar. 2004-11-15 12:47:44 +00:00
Yaroslav Tykhiy
41c57b487e RFC 959 states that the following codes should be used
for status replies on file system objects:

 212 Directory status.
 213 File status.

Reported by:	Oleg Koreshkov <okor -at- zone.salut.ru>
MFC after:	1 week
2004-11-15 12:41:56 +00:00
Yaroslav Tykhiy
6e4b0a55f7 Using off_t to pass a block size is obvious overkill.
The size_t type is better suited for that, particularly because
the "blksize" argument is to be passed to malloc() and read().
On 64-bit archs it's more to a style issue, but the good style
of coding in C is also important.
2004-11-13 13:42:43 +00:00
Yaroslav Tykhiy
e3765043a8 Kill ancient casts to integral types left from the K&R era.
They're unneeded and sometimes erroneous now.
2004-11-13 13:15:47 +00:00
Yaroslav Tykhiy
8c1c21f2ef Fix logxfer() by using realpath(3) instead of playing with getwd(3).
Previously logxfer() used to record bogus pathnames to the log
in some cases, namely, when cwd was / or "name" was absolute.

Noticed by:	Nick Leuta
MFC after:	2 weeks
2004-11-03 06:52:40 +00:00
Yaroslav Tykhiy
bb4641e28b Replace the last occurence of (long long) and %qd with
(intmax_t) and %jd, which is the right way to printf
an off_t in the presence of <stdint.h>.

Submitted by:	Nick Leuta
2004-11-02 18:48:44 +00:00
Yaroslav Tykhiy
545ea86459 OpenPAM allows passing a NULL "pamh" to pam_strerror() to indicate
that the creation of a PAM context has failed.

N.B. This does not apply to pam_strerror() in RELENG_4, it
will mishandle a NULL "pamh".

Discussed with:	des
2004-11-01 16:05:57 +00:00
Yaroslav Tykhiy
de45162d8c - Stop shadowing global "pamh" by a local variable in auth_pam().
- Stop calling pam_strerror() with NULL pamh.
- Add a missing call to pam_end().

PR:		bin/59776
Submitted by:	Nick Leuta <see PR for email>
MFC after:	2 weeks
2004-10-30 17:30:56 +00:00
Yaroslav Tykhiy
c29b9b4797 Describe the semantics of the sgetpwnam() helper function
in the comment above it so that nobody will save pointers
returned inside "struct passwd" across the calls to the function.
2004-10-30 16:11:15 +00:00
Yaroslav Tykhiy
c999732b45 Log the actual number of bytes sent on the wire to /var/log/ftpd
instead of the disk size of the file sent.   Since the log file
is intended to provide data for anonymous ftp traffic accounting,
the disk size of the file isn't really informative in this case.

PR:		bin/72687
Submitted by:	Oleg Koreshkov
MFC after:	1 week
2004-10-24 20:12:08 +00:00
Yaroslav Tykhiy
b4585cc137 We must not fall back to the old way (read-write)
if sendfile() transferred some data before throwing
a error condition because sendfile() won't move the
file offset for read() to start from.

MFC after:	2 weeks
2004-10-15 09:51:36 +00:00
Yaroslav Tykhiy
2f492fc883 Clean-up around sendfile(): drop an excessive check for error condition. 2004-10-15 09:38:13 +00:00
Yaroslav Tykhiy
2e22b91434 Account for the fact that sendfile(2) may hit the end of file
prematurely, e.g., if the file has been truncated by someone else.

PR:		bin/72649
Submitted by:	Oleg Koreshkov (portions)
MFC after:	2 weeks
2004-10-15 09:31:08 +00:00
Maxim Konovalov
6d4a0e75fc Indent. 2004-09-24 13:22:45 +00:00
Maxim Konovalov
40e677651c o Merge rev. 1.5 libexec/ftpd/ftpd.c from DragonflyBSD:
Do not unconditionally fork() after accept().  accept() can
  return -1 due to an interrupted system call (i.e. SIGCHLD).
  If we fork in that case ftpd can get into an
  accept()/SIGCHLD/fork/[fail]/repeat loop.

  Reported-by: fabian <fabian.duelli@bluewin.ch>

Obtained from:	DragonflyBSD
MFC after:	1 month
2004-09-24 13:21:52 +00:00
Yaroslav Tykhiy
aa5a9d3fff Change `(foo *)0'' to `NULL'' where it's possible
(and it appears possible throughout ftpd(8) source.)

It is not a mere issue of style: Null pointers in C
seem to have been mistaken one way or another quite often.
2004-07-31 15:03:17 +00:00
Yaroslav Tykhiy
0e519c96ef Kill a small herd of casts to off_t where they were not needed.
Thank Fortune, the C compiler can figure out by itself the proper
conversion for assignments, comparisons, and prototyped function
arguments.
2004-07-31 14:46:41 +00:00
Yaroslav Tykhiy
a57e1ef070 Printf(3) off_t values through conversion to intmax_t since
we've got <stdint.h> et al now.  (This makes ftpd(8) WARNS=2 clean.)
2004-07-31 14:22:02 +00:00
Yaroslav Tykhiy
c16cd94d23 Kill an unused variable (heading to WARNS=2.) 2004-07-31 14:03:59 +00:00
Yaroslav Tykhiy
c4536e21d4 Ditto for (gid_t). 2004-07-30 17:30:07 +00:00
Yaroslav Tykhiy
52e7ee748d Kill casts to (uid_t) obviously left from the K&R era.
Prototyping library functions in header files has rendered
them superfluous.
2004-07-30 17:27:23 +00:00
Yaroslav Tykhiy
9ec7612a2f Add a comment to explain that the loop around the call to bind(2)
is not a hack, but it has a clear purpose.
2004-07-30 17:18:57 +00:00
Yaroslav Tykhiy
6c124a8422 Open a socket for a data transfer in active mode using euid
of the current user, not root.  This will allow neat things
like matching anonymous FTP data traffic with a single ipfw(8)
rule:
	ipfw add ... tcp from any to any uid ftp

Note that the control connection socket still belongs to the
user ftpd(8) was started from, usually root.

PR:		bin/65928
Submitted by:	Eugene Grosbein <eugen at grosbein.pp.ru>
MFC after:	1 month
2004-07-30 16:57:42 +00:00
David E. O'Brien
63047c6ffc Simplify conditional compilation logic some. 2004-06-13 19:54:12 +00:00
Tim J. Robbins
9cbb335cfd Handle variable argument lists correctly in reply() and lreply().
In particular, do not pass the same va_list to both vprintf() and
vsyslog() without first reinitializing it. This fixes ftpd -d
on amd64.
2004-05-13 05:36:38 +00:00
Yaroslav Tykhiy
385f9bf07c NULL looks better than (char *)0 unless we're passing
an unprototyped argument to a function.
2004-02-07 14:59:11 +00:00
Yaroslav Tykhiy
b943b3c4ae Deny attempts to rename a file from guest users if the policy
says they may not modify existing files through FTP.

Renaming a file is effectively a way to modify it.
For instance, if a malicious party is unable to delete or overwrite
a sensitive file, they can nevertheless rename it to a hidden name
and then upload a troyan horse under the guise of the old file name.
2004-02-07 14:54:30 +00:00
Yaroslav Tykhiy
3f8b9cfe85 perror_reply() should not be used where errno isn't meaningful. 2004-02-07 14:38:04 +00:00
Yaroslav Tykhiy
10e8910499 Work around a bug in some clients by never returning raw directory
contents in reply to a RETR command.  Such clients consider RETR
as a way to tell a file from a directory.  Mozilla is an example.

PR:		bin/62232
Submitted by:	Bob Finch <bob+freebsd <at> nas <dot> com>
MFC after:	1 week
2004-02-07 14:11:38 +00:00
Philippe Charnier
c433c9daac add missing setusershell() calls.
PR: bin/2442
Reviewed by: Friedemann Becker <zxmxy33@mail.uni-tuebingen.de>
2004-01-18 21:29:33 +00:00
Eric Anholt
c83098a31d man ftpd says that "by default, anonymous users cannot modify existing files."
However, the code did allow deletion of files.  Make deleting require the -m
flag, too.

PR:		bin/60809
Submitted by:	Alexander Melkov <melkov@comptek.ru>
2004-01-07 19:28:31 +00:00
Yaroslav Tykhiy
db1c2da334 If a file to send in ASCII mode already has CRLF as end-of-line,
don't add excessive CR on the wire.

PR:		bin/59285
Submitted by:	Andrey Beresovsky <and at rsu.ru>
MFC after:	1 week
2003-11-15 11:08:26 +00:00