Commit Graph

1131 Commits

Author SHA1 Message Date
yar
92b68c7646 Let tilde expansion be done even if a file/directory doesn't exist yet.
This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile"
do what they are supposed to instead of failing miserably with the
"File not found" error.

This involves a bit of code reorganization.  Namely, the code doing
glob(3) expansion has been separated to a function; a new function
has been introduced to do tilde expansion; the latter function is
invoked on a pathname before the former one.  Thus behaviour mimicing
that of the Bourne shell has been achieved.
2003-02-04 17:50:38 +00:00
yar
b1a2e9acb4 RFC 959 doesn't list reply code 550 as a valid responce to STOR/STOU,
so return reply code 553 to indicate a error from open(2) for consistency,
as long as the code is used in the rest of the STOR/STOU handler.
2003-02-04 03:33:25 +00:00
obrien
c3523316fa Add OPIE and PAM libs to the mix. 2003-02-02 21:11:15 +00:00
obrien
001be11d96 OPIE and PAM bits to agument LukeMftpd.
Submitted by:	mikeh (reworked by me)
2003-02-02 21:06:10 +00:00
yar
02d8e2b208 Let real users access special files through FTP
if allowed by their filesystem permissions.

This doesn't break anything since using sendfile(2)
is triggered later by a separate S_ISREG conditional.

PR:		bin/20824
MFC after:	1 week
2003-01-31 13:18:55 +00:00
yar
6962d02957 When searching for a unique file name in guniquefd(),
distinguish between the cases of an existing file and
a real system error, such as I/O failure, no access etc.

MFC after:	3 days
2003-01-29 17:04:07 +00:00
yar
6284753cac Add a new option to ftpd(8), "-h", to disable printing any
host-specific information in FTP server messages (so paranoid
admins can sleep at night :-)

PR:		bin/16705
MFC after:	1 week
2003-01-29 10:58:58 +00:00
yar
e6e9500985 Give the code around chroot(2)/chdir(2) a major overhaul by
separating its part around chroot(2) from that around initial
chdir(2).  This makes the below changes really easy.

Move seteuid(to user's uid) to before calling chdir(2).  There are
two goals to achieve by that.  First, NFS mounted home directories
with restrictive permissions become accessible (local superuser
can't access them if not mapped to uid 0 on the remote side
explicitly.)  Second, all the permissions to the home directory
pathname components become effective; previously a user could be
carried to any local directory despite its permissions since the
chdir(2) was done with euid 0.  This reduces possible impact from
FTP server misconfiguration, e.g., assigning a wrong home directory
to a user.

Implement the "/./" feature.  Now a guest or user subject to chrooting
may have "/./" in his login directory, which separates his chroot
directory from his home directory inside the chrooted environment.
This works for ftpchroot(5) as well.

PR:		bin/17843 bin/23944
2003-01-29 10:07:27 +00:00
yar
a322ce3682 Actually extract the second field from a line in ftpchroot(5)
instead of just using the rest of the line behind the first field.
2003-01-27 15:34:22 +00:00
yar
704ec7b02a Allow more than one separator character between fields in ftpchroot(5). 2003-01-27 14:41:08 +00:00
yar
411365f15d Extend the format of /etc/ftpchroot so an alternative chroot
directory can be specified for a user or a group.

Add the manpage ftpchroot(5) since the file's format has grown
complex enough.

PR:			bin/45327
Portions submitted by:	Hideki SAKAMOTO <sakamoto@hlla.is.tsukuba.ac.jp>
MFC after:		1 week
2003-01-26 19:02:56 +00:00
yar
e67bf5e192 GLOB_MAXPATH has been deprecated in favour of GLOB_LIMIT. 2003-01-25 14:59:48 +00:00
yar
3d2488fff7 - Add a new option, ``-P port'', to specify the port for ftpd(8)
to listen at in daemon mode.
- Use the port by 1 less than the control port as the default
  data port instead of always using hard-coded port 20.

Submitted by:	roam
MFC after:	1 week
2003-01-23 18:39:48 +00:00
yar
f5eff04464 Prevent server-side glob(3) patterns from expanding
to a pathname that contains '\r' or '\n'.

Together with the earlier STAT bugfix, this must solve
the problem of such pathnames appearing in the FTP control
stream.
2003-01-22 16:25:22 +00:00
cjc
29a813efb6 The FTP daemon was vulnerable to a DoS where an attacker could bind()
up port 20 for an extended period of time and thus lock out all other
users from establishing PORT data connections. Don't hold on to the
bind() while we loop around waiting to see if we can make our
connection.

Being a DoS, it has security implications, giving it a short MFC
time.

MFC after:	1 day
2003-01-21 05:13:02 +00:00
sobomax
b5161aafed Fix a typo (missed &&).
Submitted by:	marcus
2003-01-20 10:33:35 +00:00
sobomax
2435c6cf8e Add a new gettytab(5) option - `pl', which if set tells getty that the line
in question is PPP-only line, i.e. no PPP-sequence detection is necessary and
PPP login program referenced by `pp' should be started automatically instead of
login(1)

Feature suggested and sponsored by:     United Networks of Ukraine
No reply from:  re
MFC after:	2 weeks
2003-01-19 20:59:52 +00:00
yar
65804c6d3c Prepend a space character if a line begins with a digit
in the output to the "STAT file" request.

This closes one discrepancy with RFC 959 (page 36.)

See also http://www.kb.cert.org/vuls/id/328867

Obtained from:	OpenBSD
2003-01-16 14:25:32 +00:00
yar
999cc66112 Replace the instances of literal "/bin/ls"
with the _PATH_LS macro to be consistent
with the rest of the ftpd(8) source.
2003-01-16 13:27:58 +00:00
obrien
1d7140c9c9 We have a usable 'LOGIN_NAME_MAX' now. 2003-01-06 04:42:20 +00:00
obrien
245822d35f Need to prototype strsuftollx() to quiet a warning. 2003-01-06 04:09:20 +00:00
obrien
c5fa1fb790 Make the "nbsd_20030105" import build. 2003-01-06 03:03:53 +00:00
jmallett
a33543dd92 Implement POSIX grantpt(3) functionality, and add a pt_chown utility (akin
to Solaris, it is in /usr/libexec) to perform the handing over of tty nodes
to the user being granted the pty.

Submitted by:	Ryan Younce <ryany@pobox.com>
Reviewed by:	security-officer@, standards@, mike@
2003-01-02 20:44:41 +00:00
schweikh
d3367c5f5d Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
schweikh
86f7487fb6 Fix typos, mostly s/ an / a / where appropriate and a few s/an/and/
Add FreeBSD Id tag where missing.
2002-12-30 21:18:15 +00:00
schweikh
fec6546e12 english(4) police. 2002-12-27 12:15:40 +00:00
ru
4979ab8d81 mdoc(7) police: Deal with self-xrefs. 2002-12-24 13:41:48 +00:00
ru
301b96498b Fixed the abuses of .Ql visible on stderr in troff mode.
PR:		docs/37176
2002-12-23 16:04:51 +00:00
dillon
be3db49c80 Change the way ELF coredumps are handled. Instead of unconditionally
skipping read-only pages, which can result in valuable non-text-related
data not getting dumped, the ELF loader and the dynamic loader now mark
read-only text pages NOCORE and the coredump code only checks (primarily) for
complete inaccessibility of the page or NOCORE being set.

Certain applications which map large amounts of read-only data will
produce much larger cores.  A new sysctl has been added,
debug.elf_legacy_coredump, which will revert to the old behavior.

This commit represents collaborative work by all parties involved.
The PR contains a program demonstrating the problem.

PR:		kern/45994
Submitted by:	"Peter Edwards" <pmedwards@eircom.net>, Archie Cobbs <archie@dellroad.org>
Reviewed by:	jdp, dillon
MFC after:	7 days
2002-12-16 19:24:43 +00:00
ru
041d1287e8 Uniformly refer to a file system as "file system".
Approved by:	re
2002-12-12 17:26:04 +00:00
kan
f7319be8e1 Fix rtld to handle SPARC_R_UA{16,64} relocations correctly.
Approved by:	re (rwatson)
2002-12-05 16:58:31 +00:00
grehan
fdd44c57ca rtld support for PowerPC. Mostly obtained from NetBSD, with mods
for binutils 2.13

Reviewed by:  benno

Approved by:  re (blanket)
2002-12-04 07:32:20 +00:00
kan
7edfa0142f Put back a test for binaries with no PT_LOAD entries I over-jealosly
removed in r1.69.

Apploved by:	re (rwatson)
2002-11-29 16:41:31 +00:00
ru
146b294736 mdoc(7) police:
Properly sort options, spell "file system" correctly, expand contraction.

Catch up to the src/etc/syslog.conf,v 1.23 change: ftpd(8) session logs
are now by default get logged to /var/log/xferlog.

Approved by:	re
2002-11-25 15:20:06 +00:00
tmm
bd3dff9a70 Fix the handling of high PLT entries (> 32764) on sparc64. This requires
additional arguments to reloc_jmpslot(), which is why MI code and MD code
of other platforms had to be changed.

Reviewed by:	jake
Approved by:	re
2002-11-18 22:08:50 +00:00
peter
570525a6c7 Oops. Some ut_time stuff slipped through the cracks. These turned out
to be non-fatal due to stack alignment roundups.
2002-11-17 23:46:45 +00:00
obrien
5a20d2febf [DAIVD O'BRIEN's OPINION]
Head off what I think is an abuse of the TRB, and disable lukemftpd.
2002-11-12 17:31:12 +00:00
maxim
c8298592e9 o Fix usage().
o Explicitly initialize domain pointer.
o Fix passwd file parsing.

PR:		bin/39671 (3)
MFC after:	2 weeks
2002-11-12 14:15:59 +00:00
obrien
e4a311f35f We don't use libpam, libopie, or libmd. 2002-11-12 07:41:59 +00:00
obrien
252278ff5d We have fparseln(3). Also libskey on RELENG_4. 2002-11-12 07:37:15 +00:00
obrien
b3245bbb2f Update for version 1.2 Beta 2. 2002-11-12 06:48:35 +00:00
yar
e2616c6490 Don't free the current addrinfo list, or else a pointer to a freed
memory area would arise.  Only an addrinfo list from an earlier
call to getaddrinfo() should be freed there because it will be
substituted by the current list referenced by "res".

Reported by:	John Long <fbsd1@pruam.com>
MFC after:	5 days
2002-11-11 07:31:48 +00:00
rwatson
71edd02c55 Have ftpd specify the LOGIN_SETMAC flag to setlogincontext() so that
MAC labels are set if MAC is enabled and configured for the user
logging in.

Note that lukemftpd is not considered a supported application when
MAC is enabled, as it does not use the standard system interfaces for
managing user contexts; if lukemftpd is used with labeled MAC policies,
it will not properly give up privileges when switching to the user
account.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-24 16:19:52 +00:00
kuriyama
1a4ad6f685 Unbreak by merging the change in r1.51 of src/libexec/ftpd/Makefile. 2002-10-24 04:55:25 +00:00
rwatson
a20ce31a58 Teach "ls -Z" to use the policy-agnostic MAC label interfaces rather
than the LOMAC-specific interfaces for listing MAC labels.  This permits
ls to view MAC labels in a manner similar to getfmac, when ls is used
with the -l argument.  Next generation LOMAC will use the MAC Framework
so should "just" work with this and other policies.  Not the prettiest
code in the world, but then, neither is ls(1).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-24 00:07:30 +00:00
kan
dca183b31a Add support for binaries with arbitrary number of PT_LOAD sections.
Reviewed by:	peter
2002-10-23 01:43:29 +00:00
kan
d675c525c1 Change the symbol lookup order to search RTLD_GLOBAL objects
before referencing object's DAG. This makes it possible for
C++ exceptions to work across shared libraries and brings
us closer to the search order used by Solaris/Linux.

Reviewed by:	jdp
Approved by:	obrien
MFC after:	1 month
2002-10-19 23:03:35 +00:00
sobomax
62ac3ba58f Fix a problem with RTLD_TRACE flag to dlopen(3), which sometimes can return
even if there was no error occured (when trying to dlopen(3) object that
already linked into executable which does dlopen(3) call). This is more
proper fix for `ldd /usr/lib/libc.so' problem, because the new behaviour
conforms to documentation.

Remove workaround from ldd.c (rev.1.32).

PR:		35099
Submitted by:	Nathan Hawkins <utsl@quic.net>
MFC after:	1 week
2002-10-19 10:18:29 +00:00
kris
10962700eb Don't call report() without a format string.
MFC after:	3 days
2002-10-13 11:27:36 +00:00
kris
2e6c3a2849 Mark the logerr() function __printflike().
MFC after:	3 days
2002-10-13 11:26:37 +00:00