357 Commits

Author SHA1 Message Date
yar
3851ed3f4f '\n' needs not to appear in reply() strings. 2004-11-18 11:07:00 +00:00
yar
750c661453 Log pathname arguments to ftp commands as the user specified them;
add the working directory pathname to the log message if any of
such arguments isn't absolute.  This has advantage over the old
way of logging that an admin can see what users are actually trying
to do, and where.  The old code was also not too robust when it
came to a chrooted session and an absolute pathname.

Pointed out by: Nick Leuta
MFC after:      2 weeks
2004-11-18 10:02:28 +00:00
yar
6cd7428b13 Use S_ISDIR() macro instead of a hand-rolled test. 2004-11-18 09:26:58 +00:00
yar
28f076df82 getcwd() won't leave a error string in the buffer, unlike getwd(). 2004-11-18 00:14:09 +00:00
yar
95ee012f23 Use POSIX functions instead of legacy ones:
getwd() -> getcwd()
	wait3() -> waitpid()
2004-11-17 22:43:46 +00:00
yar
5bdd791606 Kill more unneeded casts found.
Noticed by:	Nick Leuta <skynick -at- mail.sc.ru> (some of them)
2004-11-17 11:52:41 +00:00
yar
ddaaf2c2ee Don't invent ways of capitalization orthogonal to the English grammar. 2004-11-15 12:47:44 +00:00
yar
93c067539e RFC 959 states that the following codes should be used
for status replies on file system objects:

 212 Directory status.
 213 File status.

Reported by:	Oleg Koreshkov <okor -at- zone.salut.ru>
MFC after:	1 week
2004-11-15 12:41:56 +00:00
yar
c9044cf500 Using off_t to pass a block size is obvious overkill.
The size_t type is better suited for that, particularly because
the "blksize" argument is to be passed to malloc() and read().
On 64-bit archs it's more to a style issue, but the good style
of coding in C is also important.
2004-11-13 13:42:43 +00:00
yar
9e5ec41335 Kill ancient casts to integral types left from the K&R era.
They're unneeded and sometimes erroneous now.
2004-11-13 13:15:47 +00:00
yar
77ad2555a3 Fix logxfer() by using realpath(3) instead of playing with getwd(3).
Previously logxfer() used to record bogus pathnames to the log
in some cases, namely, when cwd was / or "name" was absolute.

Noticed by:	Nick Leuta
MFC after:	2 weeks
2004-11-03 06:52:40 +00:00
yar
9ff4238c2a Replace the last occurence of (long long) and %qd with
(intmax_t) and %jd, which is the right way to printf
an off_t in the presence of <stdint.h>.

Submitted by:	Nick Leuta
2004-11-02 18:48:44 +00:00
yar
75e4d56d9f OpenPAM allows passing a NULL "pamh" to pam_strerror() to indicate
that the creation of a PAM context has failed.

N.B. This does not apply to pam_strerror() in RELENG_4, it
will mishandle a NULL "pamh".

Discussed with:	des
2004-11-01 16:05:57 +00:00
yar
610346f6c5 - Stop shadowing global "pamh" by a local variable in auth_pam().
- Stop calling pam_strerror() with NULL pamh.
- Add a missing call to pam_end().

PR:		bin/59776
Submitted by:	Nick Leuta <see PR for email>
MFC after:	2 weeks
2004-10-30 17:30:56 +00:00
yar
4e42ff84eb Describe the semantics of the sgetpwnam() helper function
in the comment above it so that nobody will save pointers
returned inside "struct passwd" across the calls to the function.
2004-10-30 16:11:15 +00:00
yar
9167ecf0cb Log the actual number of bytes sent on the wire to /var/log/ftpd
instead of the disk size of the file sent.   Since the log file
is intended to provide data for anonymous ftp traffic accounting,
the disk size of the file isn't really informative in this case.

PR:		bin/72687
Submitted by:	Oleg Koreshkov
MFC after:	1 week
2004-10-24 20:12:08 +00:00
yar
6cff4ecf57 We must not fall back to the old way (read-write)
if sendfile() transferred some data before throwing
a error condition because sendfile() won't move the
file offset for read() to start from.

MFC after:	2 weeks
2004-10-15 09:51:36 +00:00
yar
e6e865ec71 Clean-up around sendfile(): drop an excessive check for error condition. 2004-10-15 09:38:13 +00:00
yar
3cdbfddc40 Account for the fact that sendfile(2) may hit the end of file
prematurely, e.g., if the file has been truncated by someone else.

PR:		bin/72649
Submitted by:	Oleg Koreshkov (portions)
MFC after:	2 weeks
2004-10-15 09:31:08 +00:00
maxim
41902e813d Indent. 2004-09-24 13:22:45 +00:00
maxim
b218fbfba3 o Merge rev. 1.5 libexec/ftpd/ftpd.c from DragonflyBSD:
Do not unconditionally fork() after accept().  accept() can
  return -1 due to an interrupted system call (i.e. SIGCHLD).
  If we fork in that case ftpd can get into an
  accept()/SIGCHLD/fork/[fail]/repeat loop.

  Reported-by: fabian <fabian.duelli@bluewin.ch>

Obtained from:	DragonflyBSD
MFC after:	1 month
2004-09-24 13:21:52 +00:00
yar
55224f76bf ftpd(8) seems to be WARNS=2 clean now.
Tested on:	i386, ia64, amd64, sparc64, alpha
2004-07-31 15:07:33 +00:00
yar
d786b94f15 Change `(foo *)0'' to `NULL'' where it's possible
(and it appears possible throughout ftpd(8) source.)

It is not a mere issue of style: Null pointers in C
seem to have been mistaken one way or another quite often.
2004-07-31 15:03:17 +00:00
yar
06b7ed859f Kill a small herd of casts to off_t where they were not needed.
Thank Fortune, the C compiler can figure out by itself the proper
conversion for assignments, comparisons, and prototyped function
arguments.
2004-07-31 14:46:41 +00:00
yar
634a2a6e4f Printf(3) off_t values through conversion to intmax_t since
we've got <stdint.h> et al now.  (This makes ftpd(8) WARNS=2 clean.)
2004-07-31 14:22:02 +00:00
yar
6f57f3272c Kill an unused variable (heading to WARNS=2.) 2004-07-31 14:03:59 +00:00
yar
81692845b8 Convert a couple of bogus null statements to the right form.
(Heading to WARNS=2.)
2004-07-31 14:03:14 +00:00
yar
4cacae89d9 Ditto for (gid_t). 2004-07-30 17:30:07 +00:00
yar
dc8c8c95c0 Kill casts to (uid_t) obviously left from the K&R era.
Prototyping library functions in header files has rendered
them superfluous.
2004-07-30 17:27:23 +00:00
yar
8839880434 Add a comment to explain that the loop around the call to bind(2)
is not a hack, but it has a clear purpose.
2004-07-30 17:18:57 +00:00
yar
9fb1cda8d0 Open a socket for a data transfer in active mode using euid
of the current user, not root.  This will allow neat things
like matching anonymous FTP data traffic with a single ipfw(8)
rule:
	ipfw add ... tcp from any to any uid ftp

Note that the control connection socket still belongs to the
user ftpd(8) was started from, usually root.

PR:		bin/65928
Submitted by:	Eugene Grosbein <eugen at grosbein.pp.ru>
MFC after:	1 month
2004-07-30 16:57:42 +00:00
ru
20fbd172b2 Mechanically kill hard sentence breaks. 2004-07-02 21:28:50 +00:00
obrien
fc65dfcc08 Simplify conditional compilation logic some. 2004-06-13 19:54:12 +00:00
ru
54449ad4e3 There's no such beast like AF_INET4, even when powered by whiskey. 2004-05-16 22:11:40 +00:00
tjr
4b192dc71d Handle variable argument lists correctly in reply() and lreply().
In particular, do not pass the same va_list to both vprintf() and
vsyslog() without first reinitializing it. This fixes ftpd -d
on amd64.
2004-05-13 05:36:38 +00:00
yar
c0140bd141 NULL looks better than (char *)0 unless we're passing
an unprototyped argument to a function.
2004-02-07 14:59:11 +00:00
yar
ec50e6c644 Deny attempts to rename a file from guest users if the policy
says they may not modify existing files through FTP.

Renaming a file is effectively a way to modify it.
For instance, if a malicious party is unable to delete or overwrite
a sensitive file, they can nevertheless rename it to a hidden name
and then upload a troyan horse under the guise of the old file name.
2004-02-07 14:54:30 +00:00
yar
b836e6309f perror_reply() should not be used where errno isn't meaningful. 2004-02-07 14:38:04 +00:00
yar
b6d44d65d8 Work around a bug in some clients by never returning raw directory
contents in reply to a RETR command.  Such clients consider RETR
as a way to tell a file from a directory.  Mozilla is an example.

PR:		bin/62232
Submitted by:	Bob Finch <bob+freebsd <at> nas <dot> com>
MFC after:	1 week
2004-02-07 14:11:38 +00:00
ru
5eae3592f4 Reorder dependencies to fix static NOPAM build.
Submitted by:	lorder(1)
2004-02-02 18:19:41 +00:00
charnier
9af7d6a659 add missing setusershell() calls.
PR: bin/2442
Reviewed by: Friedemann Becker <zxmxy33@mail.uni-tuebingen.de>
2004-01-18 21:29:33 +00:00
anholt
f69246ee4c man ftpd says that "by default, anonymous users cannot modify existing files."
However, the code did allow deletion of files.  Make deleting require the -m
flag, too.

PR:		bin/60809
Submitted by:	Alexander Melkov <melkov@comptek.ru>
2004-01-07 19:28:31 +00:00
yar
759577e793 If a file to send in ASCII mode already has CRLF as end-of-line,
don't add excessive CR on the wire.

PR:		bin/59285
Submitted by:	Andrey Beresovsky <and at rsu.ru>
MFC after:	1 week
2003-11-15 11:08:26 +00:00
peter
9e4da6dd3b Pacify gcc warning with a Douglas Adams reference. 2003-10-26 04:30:05 +00:00
ume
d25cb60913 Don't depend on IPv4-mapped IPv6 address to bind to both IPv4
and IPv6.

Wrote at:	Hakone.
Powered by:	Warner Losh's scotch whisky.
Requested by:	nork
2003-09-14 16:42:46 +00:00
kan
80babb4e26 Eliminate last three uses of varargs.h in the tree. These three files
were including varargs.h file but did not use any of its macros,
so they escaped the clean-up before.
2003-09-01 04:12:18 +00:00
ceri
d4a07597ca Add a note that the -u option can be overridden by settings in login.conf(5).
PR:		docs/56017
Submitted by:	Josef El-Rayes <j.el-rayes@daemon.li>
2003-08-31 07:45:48 +00:00
yar
beedaf29a1 Block SIGURG while reading from the control channel.
Rationale:

SIGURG is configured by ftpd to interrupt system calls, which is useful
during data transfers.  However, SIGURG could interrupt I/O on the
control channel as well, which was mistaken for the end of the session.

A practical example could be aborting the download of a tiny file,
when the abort sequence reached ftpd after ftpd had passed the file
data to the system and returned to its command loop.

Reported by:	ceri
MFC after:	1 week
2003-07-09 13:54:33 +00:00
yar
94167f7347 Improve error handling in getline():
- always check the return value from getc(3) for EOF;
- if the attempt to read the TELNET command byte has
  returned EOF, exit from the loop instead of using
  the EOF value as a normal character.

MFC after:	1 week
2003-07-09 13:15:32 +00:00
yar
72eaf383f4 Make a malloced copy of "chrootdir" even if it points to an absolute
pathname inside "residue" so "chrootdir" can be simply freed later.

PR:		bin/53435
Submitted by:	Yutaka Ishihara <yutaka at fandc.co.jp>
MFC after:	1 week
2003-07-09 12:46:24 +00:00