Commit Graph

146 Commits

Author SHA1 Message Date
markm
92fb2502f8 Cleaner method of making PAMable apps static (in the optional case of
wanting static apps).
2001-04-28 15:18:10 +00:00
markm
6cecf95d7d Damn. That should be _enable_ static linking, not _force_ static linking. 2001-04-28 07:58:12 +00:00
markm
e0475f8cde Enable (optional) static linking.
Asked for by:	BDE
2001-04-28 07:56:49 +00:00
markm
fefaa70f2e Change names of functions and variables with global scope that are
in conflict with library values of the same name. This allows static
linking.
2001-04-28 07:55:19 +00:00
ru
2d1b95a96f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
peter
2f71212769 Previous clobbered a work-in-progress. Here is the merged result:
Limit the "pathname" glob to one item, as that is what all users of it
are expecting, except for LIST.

Always glob, instead of when the first character is a ~.  For example,
if you had directories ~/x1, and ~/x2, then "cwd x[1]" would fail, but
"cwd ~/x[1]" would work since it was globbed due to the ~ character.
Also, "cwd ~/x[12]" used to arbitarily work as it used the first
expansion (ie: x1) without an error.  Make it return '550 ambiguous'
instead of '550 not found' so that the user can see the difference.

For LIST, just use the user supplied string as the popen does the glob.

Problem noticed by:  Ajay Mittal <amittal@iprg.nokia.com>
2001-04-17 03:03:45 +00:00
jedgar
58889ae5bb Limit number of paths returned via glob() for authorized users
using tilde expansion.
2001-04-17 02:33:20 +00:00
green
3b359dad32 Support the empty "PASS\r\n" command. 2001-04-16 22:20:26 +00:00
ru
06518a8e99 Document that SITE extensions are disabled for anonymous logins.
Obtained from:	logdaemon package by Wietse Venema
2001-04-16 14:51:11 +00:00
phk
a463dd29ce Add the "SITE MD5 filename" facility.
This allows you to determine if the file on the other side is the same
as the one you have without transferring the entire file to compare.

Needless to say, if the server end lies to you this check doesn't work,
but on the other hand, if it lies to you about the files checksum,
what can you trust from it ?
2001-04-15 20:59:29 +00:00
markm
f767ca7e60 Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by:	"David J. MacKenzie" <djm@web.us.uu.net>
2001-03-27 19:40:51 +00:00
ru
45d92a4319 - Backout botched attempt to intoduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:22:12 +00:00
ru
a23a98f937 Set the default manual section for libexec/ to 8. 2001-03-20 18:10:13 +00:00
jlemon
e62162bcfe Teach ftpd about the new GLOB_MAXPATH flag. 2001-03-19 19:11:00 +00:00
des
49ef2fb609 When the file was transferred using sendfile(2), we forgot to keep track
of the transferred byte count. MFC candidate.

PR:		bin/25699
2001-03-11 13:20:44 +00:00
des
46ef236ff6 Change the read-only reply to "550 Permission denied.". 2001-02-19 21:51:26 +00:00
jedgar
7aee899b93 Limit commands that can be issued when not logged in:
TYPE, STRU, MODE, ALLO, STAT, ABOR, SITE IDLE, SYST, REST

Reviewed by:	kris, sheldon
2001-01-20 01:34:22 +00:00
dan
c9771e4d86 In send_data(), use sendfile() instead of the mmap() algorithm. 2000-12-20 03:34:54 +00:00
ru
aa8bbee899 mdoc(7) police: removed hard sentence breaks, run through spell-checker. 2000-12-18 08:33:25 +00:00
demon
cc35668453 Fix typo.
PR:		23591
Submitted by:	mavetju@chello.nl
2000-12-17 17:45:22 +00:00
phk
10d3e9963a Add option -E to disable EPSV which throws certain stateful firewalls
into confusion.

Add option -r to make ftpd support only read-only operations.

Submitted by:	Flemming (F3) Jacobsen <fj@batmule.dk>
Reviewed by:	phk
2000-12-16 19:19:19 +00:00
obrien
cafb2a0daa The GCC 2.96 snapshots have slightly different rules for finding include
files.  Mostly -I${.CURDIR} was needed -- especially for YACC generated
files as the new cpp does not look in the ultimate source file
(ie, the .y file)'s directory as told by the "#line" directive.  Some were
misspellings of "-I${.CURDIR}" as "-I.".
2000-12-01 09:39:28 +00:00
obrien
c2462a2bf1 There is no src/contrib-crypto/ anything directory. So don't look for
include files in subdirs of it.
2000-12-01 06:34:44 +00:00
danny
229c440944 Prevent leakage of information about anonymous user's homedir
via 'QUOTE CWD'.

Reviewed by:	des
2000-11-26 23:33:36 +00:00
ru
fda4c0a990 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 14:42:24 +00:00
kris
33514b48b8 Format string paranoia 2000-11-19 12:46:16 +00:00
guido
752f9b3d1c Fix broken PAM with SKEY behaviour: the skey.access file checks
were broken because the code failed to set PAM_RHOST.
2000-10-12 10:21:05 +00:00
wollman
c5c43ce91f Don't depend on <sys/stat.h> bogusly including <sys/time.h> (and thereby
<time.h>).
2000-10-10 01:50:26 +00:00
imp
a0b3642056 remove redundant optreset declaration 2000-09-04 05:47:14 +00:00
sheldonh
0160624e09 Don't set an arbitrary limit on username lengths; use MAXLOGNAME
instead.

PR:		20675
Submitted by:	Vladimir B Grebenschikov <vova@express.ru>
2000-08-17 12:31:17 +00:00
ru
9406c3f2a3 Fix `control socket: Protocol not supported' failure in
standalone -D mode when neither -4 nor -6 is specified.
2000-08-16 09:12:33 +00:00
sheldonh
449e2ec6a6 Honour skey.access(5) by allowing UNIX passwords when skeyaccess(3)
has set pwok to a non-zero value.

Previously, the fact that skey.access(5) allowed UNIX passwords for
this connection attempt was ignored, even in the NOPAM case.

This only addresses the NOPAM case; when libpam is used, the problem
will persist.

PR:		20333
2000-08-01 13:58:55 +00:00
des
08cda657c6 Don't reply "not a plain file" when the requested file doesn't exist. 2000-07-17 22:24:52 +00:00
ben
6cecb051f3 Explain that the -S option only logs file downloads, not all transfers.
PR:		16934
Submitted by:	Kurt Zeilenga <kurt@OpenLDAP.org>
2000-07-11 11:42:29 +00:00
davidn
1f6b02c5a3 Fix a problem in the virtual host address compare code which caused
duplicated host entries in /etc/ftphosts not to be folded. Make sure
we exit the loop on a match.

PR:		bin/19390
2000-06-26 05:36:09 +00:00
joe
8de98cc2fa Switch over to using the new fflagstostr and strtofflags library calls. 2000-06-17 14:19:33 +00:00
nsayer
1779ef3d1c 1. Add IPv6 portrange restriction code (-U flag) to passive().
2. Add portrange restriction code (for both v4 and v6) to the EPSV
processing stuff.
2000-05-25 19:30:18 +00:00
ru
05f194203e Finally unifdef -DINTERNAL_LS. 2000-03-13 11:20:09 +00:00
peter
5a4c9a9fe5 Doc fix: remove references to ~ftp/bin/ls as we have FTPD_INTERNAL_LS
unconditionally active already.

Noticed by:	obrien
2000-02-17 02:14:11 +00:00
shin
6c4d71e2a2 Add more dual stack consideration.
-ftpd need to know each of AF_INET and AF_INET6 addr for hosts specified in
   /etc/ftphosts.

Approved by: jkh
2000-02-10 19:51:30 +00:00
joe
b57f9be4b7 Revert part of the last commit, remove {g|s}etflags from the libc
interface, and statically link them to the programs using them.
These functions, upon reflection and discussion, are too generically
named for a library interface with such specific functionality.
Also the api that they use, whilst ok for private use, isn't good
enough for a libc function.

Additionally there were complications with the build/install-world
process.  It depends heavily upon xinstall, which got broken by
the change in api, and caused bootstrap problems and general mayhem.

There is work in progress to address future problems that may be
caused by changes in install-chain tools, and better names for
{g|s}etflags can be derived when some future program requires them.
For now the code has been left in src/lib/libc/gen (it started off
in src/bin/ls).

It's important to provide library functions for manipulating file
flag strings if we ever want this interface to be adopted outside
of the source tree, but now isn't necessarily the right moment
with 4.0-release just around the corner.

Approved:	jkh
2000-02-05 18:42:36 +00:00
shin
14318c071f Remove unnecessary -g for CFLAGS.
-g for CFLAGS which was set at debugging time was mistakenly committed,
 so removed it.

Approved by: jkh
2000-02-03 10:01:11 +00:00
shin
f7d03af6d5 Fix ftpd core dump when hostname is not set.
When hostname is not set, ftpd core dumps, because there is no
  NULL check for freeing name resolving information for its own
  hostname.
  So the check is added.

Approved by: jkh
2000-02-03 09:59:36 +00:00
shin
ce15efb7c0 another tcp apps IPv6 updates.(should be make world safe)
ftp, telnet, ftpd, faithd
  also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project
2000-01-27 09:28:38 +00:00
joe
a381d987c4 Moved flags_to_string and string_to_flags into libutil. It's used in
many places nowadays.
1999-12-30 13:15:15 +00:00
alfred
b4eb8ad32b sync with netbsd PR 8534, fix undefined C code.
Pointed out by: David A. Holland
1999-10-07 08:41:55 +00:00
markm
0b2fe68756 Fix for new Kerberos4. Make a fist cut at PAM-ising while I'm here. 1999-09-19 22:05:32 +00:00
mharo
73f4a09b05 When a STAT command is sent to ftpd as an out-of-band transmission during
a file transfer, the command was mishandled on every other receipt of the
command.

PR:		13261
Submitted by:	Ian Lepore <ian@plutotech.com>
1999-09-12 01:27:46 +00:00
markm
918093dd50 Add common error lib for the Kerberos case. 1999-09-06 06:32:02 +00:00
peter
76f0c923fe $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00