Commit Graph

1117 Commits

Author SHA1 Message Date
Philippe Charnier
538015aa3b Add FBSDID. udp/bootps -> bootps/udp. Use err(3). 2003-02-05 13:45:25 +00:00
Yaroslav Tykhiy
31f77a4b49 Allow "~/" in pathnames to work for a chrooted user. 2003-02-05 11:11:32 +00:00
Yaroslav Tykhiy
6cfbc84115 Let tilde expansion be done even if a file/directory doesn't exist yet.
This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile"
do what they are supposed to instead of failing miserably with the
"File not found" error.

This involves a bit of code reorganization.  Namely, the code doing
glob(3) expansion has been separated to a function; a new function
has been introduced to do tilde expansion; the latter function is
invoked on a pathname before the former one.  Thus behaviour mimicing
that of the Bourne shell has been achieved.
2003-02-04 17:50:38 +00:00
Yaroslav Tykhiy
50618d61ae RFC 959 doesn't list reply code 550 as a valid responce to STOR/STOU,
so return reply code 553 to indicate a error from open(2) for consistency,
as long as the code is used in the rest of the STOR/STOU handler.
2003-02-04 03:33:25 +00:00
David E. O'Brien
f7093daaae Add OPIE and PAM libs to the mix. 2003-02-02 21:11:15 +00:00
David E. O'Brien
99994ce124 OPIE and PAM bits to agument LukeMftpd.
Submitted by:	mikeh (reworked by me)
2003-02-02 21:06:10 +00:00
Yaroslav Tykhiy
ea7012261a Let real users access special files through FTP
if allowed by their filesystem permissions.

This doesn't break anything since using sendfile(2)
is triggered later by a separate S_ISREG conditional.

PR:		bin/20824
MFC after:	1 week
2003-01-31 13:18:55 +00:00
Yaroslav Tykhiy
88b707218e When searching for a unique file name in guniquefd(),
distinguish between the cases of an existing file and
a real system error, such as I/O failure, no access etc.

MFC after:	3 days
2003-01-29 17:04:07 +00:00
Yaroslav Tykhiy
c152df28e5 Add a new option to ftpd(8), "-h", to disable printing any
host-specific information in FTP server messages (so paranoid
admins can sleep at night :-)

PR:		bin/16705
MFC after:	1 week
2003-01-29 10:58:58 +00:00
Yaroslav Tykhiy
ce9287fc02 Give the code around chroot(2)/chdir(2) a major overhaul by
separating its part around chroot(2) from that around initial
chdir(2).  This makes the below changes really easy.

Move seteuid(to user's uid) to before calling chdir(2).  There are
two goals to achieve by that.  First, NFS mounted home directories
with restrictive permissions become accessible (local superuser
can't access them if not mapped to uid 0 on the remote side
explicitly.)  Second, all the permissions to the home directory
pathname components become effective; previously a user could be
carried to any local directory despite its permissions since the
chdir(2) was done with euid 0.  This reduces possible impact from
FTP server misconfiguration, e.g., assigning a wrong home directory
to a user.

Implement the "/./" feature.  Now a guest or user subject to chrooting
may have "/./" in his login directory, which separates his chroot
directory from his home directory inside the chrooted environment.
This works for ftpchroot(5) as well.

PR:		bin/17843 bin/23944
2003-01-29 10:07:27 +00:00
Yaroslav Tykhiy
341e476e25 Actually extract the second field from a line in ftpchroot(5)
instead of just using the rest of the line behind the first field.
2003-01-27 15:34:22 +00:00
Yaroslav Tykhiy
0ba71e2424 Allow more than one separator character between fields in ftpchroot(5). 2003-01-27 14:41:08 +00:00
Yaroslav Tykhiy
8657b576d8 Extend the format of /etc/ftpchroot so an alternative chroot
directory can be specified for a user or a group.

Add the manpage ftpchroot(5) since the file's format has grown
complex enough.

PR:			bin/45327
Portions submitted by:	Hideki SAKAMOTO <sakamoto@hlla.is.tsukuba.ac.jp>
MFC after:		1 week
2003-01-26 19:02:56 +00:00
Yaroslav Tykhiy
80f728d4ff GLOB_MAXPATH has been deprecated in favour of GLOB_LIMIT. 2003-01-25 14:59:48 +00:00
Yaroslav Tykhiy
63591ba5c8 - Add a new option, ``-P port'', to specify the port for ftpd(8)
to listen at in daemon mode.
- Use the port by 1 less than the control port as the default
  data port instead of always using hard-coded port 20.

Submitted by:	roam
MFC after:	1 week
2003-01-23 18:39:48 +00:00
Yaroslav Tykhiy
b7f470a943 Prevent server-side glob(3) patterns from expanding
to a pathname that contains '\r' or '\n'.

Together with the earlier STAT bugfix, this must solve
the problem of such pathnames appearing in the FTP control
stream.
2003-01-22 16:25:22 +00:00
Crist J. Clark
e509445689 The FTP daemon was vulnerable to a DoS where an attacker could bind()
up port 20 for an extended period of time and thus lock out all other
users from establishing PORT data connections. Don't hold on to the
bind() while we loop around waiting to see if we can make our
connection.

Being a DoS, it has security implications, giving it a short MFC
time.

MFC after:	1 day
2003-01-21 05:13:02 +00:00
Maxim Sobolev
0fd652782b Fix a typo (missed &&).
Submitted by:	marcus
2003-01-20 10:33:35 +00:00
Maxim Sobolev
9b76604885 Add a new gettytab(5) option - `pl', which if set tells getty that the line
in question is PPP-only line, i.e. no PPP-sequence detection is necessary and
PPP login program referenced by `pp' should be started automatically instead of
login(1)

Feature suggested and sponsored by:     United Networks of Ukraine
No reply from:  re
MFC after:	2 weeks
2003-01-19 20:59:52 +00:00
Yaroslav Tykhiy
f8a581a0c6 Prepend a space character if a line begins with a digit
in the output to the "STAT file" request.

This closes one discrepancy with RFC 959 (page 36.)

See also http://www.kb.cert.org/vuls/id/328867

Obtained from:	OpenBSD
2003-01-16 14:25:32 +00:00
Yaroslav Tykhiy
dcb4f239cd Replace the instances of literal "/bin/ls"
with the _PATH_LS macro to be consistent
with the rest of the ftpd(8) source.
2003-01-16 13:27:58 +00:00
David E. O'Brien
1e7812cb5f We have a usable 'LOGIN_NAME_MAX' now. 2003-01-06 04:42:20 +00:00
David E. O'Brien
e18083deb1 Need to prototype strsuftollx() to quiet a warning. 2003-01-06 04:09:20 +00:00
David E. O'Brien
c7940c49ba Make the "nbsd_20030105" import build. 2003-01-06 03:03:53 +00:00
Juli Mallett
d3951ad162 Implement POSIX grantpt(3) functionality, and add a pt_chown utility (akin
to Solaris, it is in /usr/libexec) to perform the handing over of tty nodes
to the user being granted the pty.

Submitted by:	Ryan Younce <ryany@pobox.com>
Reviewed by:	security-officer@, standards@, mike@
2003-01-02 20:44:41 +00:00
Jens Schweikhardt
9d5abbddbf Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
Jens Schweikhardt
d64ada501a Fix typos, mostly s/ an / a / where appropriate and a few s/an/and/
Add FreeBSD Id tag where missing.
2002-12-30 21:18:15 +00:00
Jens Schweikhardt
57bd0fc6e8 english(4) police. 2002-12-27 12:15:40 +00:00
Ruslan Ermilov
facc67676f mdoc(7) police: Deal with self-xrefs. 2002-12-24 13:41:48 +00:00
Ruslan Ermilov
463cfa804d Fixed the abuses of .Ql visible on stderr in troff mode.
PR:		docs/37176
2002-12-23 16:04:51 +00:00
Matthew Dillon
fa7dd9c5bc Change the way ELF coredumps are handled. Instead of unconditionally
skipping read-only pages, which can result in valuable non-text-related
data not getting dumped, the ELF loader and the dynamic loader now mark
read-only text pages NOCORE and the coredump code only checks (primarily) for
complete inaccessibility of the page or NOCORE being set.

Certain applications which map large amounts of read-only data will
produce much larger cores.  A new sysctl has been added,
debug.elf_legacy_coredump, which will revert to the old behavior.

This commit represents collaborative work by all parties involved.
The PR contains a program demonstrating the problem.

PR:		kern/45994
Submitted by:	"Peter Edwards" <pmedwards@eircom.net>, Archie Cobbs <archie@dellroad.org>
Reviewed by:	jdp, dillon
MFC after:	7 days
2002-12-16 19:24:43 +00:00
Ruslan Ermilov
8d5d039f80 Uniformly refer to a file system as "file system".
Approved by:	re
2002-12-12 17:26:04 +00:00
Alexander Kabaev
f94cc7e9ca Fix rtld to handle SPARC_R_UA{16,64} relocations correctly.
Approved by:	re (rwatson)
2002-12-05 16:58:31 +00:00
Peter Grehan
b9dea67fa8 rtld support for PowerPC. Mostly obtained from NetBSD, with mods
for binutils 2.13

Reviewed by:  benno

Approved by:  re (blanket)
2002-12-04 07:32:20 +00:00
Alexander Kabaev
999d9d2bd4 Put back a test for binaries with no PT_LOAD entries I over-jealosly
removed in r1.69.

Apploved by:	re (rwatson)
2002-11-29 16:41:31 +00:00
Ruslan Ermilov
d939fc70a7 mdoc(7) police:
Properly sort options, spell "file system" correctly, expand contraction.

Catch up to the src/etc/syslog.conf,v 1.23 change: ftpd(8) session logs
are now by default get logged to /var/log/xferlog.

Approved by:	re
2002-11-25 15:20:06 +00:00
Thomas Moestl
a42a42e9b9 Fix the handling of high PLT entries (> 32764) on sparc64. This requires
additional arguments to reloc_jmpslot(), which is why MI code and MD code
of other platforms had to be changed.

Reviewed by:	jake
Approved by:	re
2002-11-18 22:08:50 +00:00
Peter Wemm
f316609eb4 Oops. Some ut_time stuff slipped through the cracks. These turned out
to be non-fatal due to stack alignment roundups.
2002-11-17 23:46:45 +00:00
David E. O'Brien
a6f8d995f3 [DAIVD O'BRIEN's OPINION]
Head off what I think is an abuse of the TRB, and disable lukemftpd.
2002-11-12 17:31:12 +00:00
Maxim Konovalov
e1b57f44ef o Fix usage().
o Explicitly initialize domain pointer.
o Fix passwd file parsing.

PR:		bin/39671 (3)
MFC after:	2 weeks
2002-11-12 14:15:59 +00:00
David E. O'Brien
9bdc6053fb We don't use libpam, libopie, or libmd. 2002-11-12 07:41:59 +00:00
David E. O'Brien
606f5646b9 We have fparseln(3). Also libskey on RELENG_4. 2002-11-12 07:37:15 +00:00
David E. O'Brien
f17da7421b Update for version 1.2 Beta 2. 2002-11-12 06:48:35 +00:00
Yaroslav Tykhiy
1f75c13ee0 Don't free the current addrinfo list, or else a pointer to a freed
memory area would arise.  Only an addrinfo list from an earlier
call to getaddrinfo() should be freed there because it will be
substituted by the current list referenced by "res".

Reported by:	John Long <fbsd1@pruam.com>
MFC after:	5 days
2002-11-11 07:31:48 +00:00
Robert Watson
d9e2c4241f Have ftpd specify the LOGIN_SETMAC flag to setlogincontext() so that
MAC labels are set if MAC is enabled and configured for the user
logging in.

Note that lukemftpd is not considered a supported application when
MAC is enabled, as it does not use the standard system interfaces for
managing user contexts; if lukemftpd is used with labeled MAC policies,
it will not properly give up privileges when switching to the user
account.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-24 16:19:52 +00:00
Jun Kuriyama
063469298e Unbreak by merging the change in r1.51 of src/libexec/ftpd/Makefile. 2002-10-24 04:55:25 +00:00
Robert Watson
4d33b62edc Teach "ls -Z" to use the policy-agnostic MAC label interfaces rather
than the LOMAC-specific interfaces for listing MAC labels.  This permits
ls to view MAC labels in a manner similar to getfmac, when ls is used
with the -l argument.  Next generation LOMAC will use the MAC Framework
so should "just" work with this and other policies.  Not the prettiest
code in the world, but then, neither is ls(1).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-24 00:07:30 +00:00
Alexander Kabaev
8b7f25d41d Add support for binaries with arbitrary number of PT_LOAD sections.
Reviewed by:	peter
2002-10-23 01:43:29 +00:00
Alexander Kabaev
b2ce513208 Change the symbol lookup order to search RTLD_GLOBAL objects
before referencing object's DAG. This makes it possible for
C++ exceptions to work across shared libraries and brings
us closer to the search order used by Solaris/Linux.

Reviewed by:	jdp
Approved by:	obrien
MFC after:	1 month
2002-10-19 23:03:35 +00:00
Maxim Sobolev
d1cf9ea2c4 Fix a problem with RTLD_TRACE flag to dlopen(3), which sometimes can return
even if there was no error occured (when trying to dlopen(3) object that
already linked into executable which does dlopen(3) call). This is more
proper fix for `ldd /usr/lib/libc.so' problem, because the new behaviour
conforms to documentation.

Remove workaround from ldd.c (rev.1.32).

PR:		35099
Submitted by:	Nathan Hawkins <utsl@quic.net>
MFC after:	1 week
2002-10-19 10:18:29 +00:00