Commit Graph

388 Commits

Author SHA1 Message Date
maxim
41902e813d Indent. 2004-09-24 13:22:45 +00:00
maxim
b218fbfba3 o Merge rev. 1.5 libexec/ftpd/ftpd.c from DragonflyBSD:
Do not unconditionally fork() after accept().  accept() can
  return -1 due to an interrupted system call (i.e. SIGCHLD).
  If we fork in that case ftpd can get into an
  accept()/SIGCHLD/fork/[fail]/repeat loop.

  Reported-by: fabian <fabian.duelli@bluewin.ch>

Obtained from:	DragonflyBSD
MFC after:	1 month
2004-09-24 13:21:52 +00:00
yar
55224f76bf ftpd(8) seems to be WARNS=2 clean now.
Tested on:	i386, ia64, amd64, sparc64, alpha
2004-07-31 15:07:33 +00:00
yar
d786b94f15 Change `(foo *)0'' to `NULL'' where it's possible
(and it appears possible throughout ftpd(8) source.)

It is not a mere issue of style: Null pointers in C
seem to have been mistaken one way or another quite often.
2004-07-31 15:03:17 +00:00
yar
06b7ed859f Kill a small herd of casts to off_t where they were not needed.
Thank Fortune, the C compiler can figure out by itself the proper
conversion for assignments, comparisons, and prototyped function
arguments.
2004-07-31 14:46:41 +00:00
yar
634a2a6e4f Printf(3) off_t values through conversion to intmax_t since
we've got <stdint.h> et al now.  (This makes ftpd(8) WARNS=2 clean.)
2004-07-31 14:22:02 +00:00
yar
6f57f3272c Kill an unused variable (heading to WARNS=2.) 2004-07-31 14:03:59 +00:00
yar
81692845b8 Convert a couple of bogus null statements to the right form.
(Heading to WARNS=2.)
2004-07-31 14:03:14 +00:00
yar
4cacae89d9 Ditto for (gid_t). 2004-07-30 17:30:07 +00:00
yar
dc8c8c95c0 Kill casts to (uid_t) obviously left from the K&R era.
Prototyping library functions in header files has rendered
them superfluous.
2004-07-30 17:27:23 +00:00
yar
8839880434 Add a comment to explain that the loop around the call to bind(2)
is not a hack, but it has a clear purpose.
2004-07-30 17:18:57 +00:00
yar
9fb1cda8d0 Open a socket for a data transfer in active mode using euid
of the current user, not root.  This will allow neat things
like matching anonymous FTP data traffic with a single ipfw(8)
rule:
	ipfw add ... tcp from any to any uid ftp

Note that the control connection socket still belongs to the
user ftpd(8) was started from, usually root.

PR:		bin/65928
Submitted by:	Eugene Grosbein <eugen at grosbein.pp.ru>
MFC after:	1 month
2004-07-30 16:57:42 +00:00
ru
20fbd172b2 Mechanically kill hard sentence breaks. 2004-07-02 21:28:50 +00:00
obrien
fc65dfcc08 Simplify conditional compilation logic some. 2004-06-13 19:54:12 +00:00
ru
54449ad4e3 There's no such beast like AF_INET4, even when powered by whiskey. 2004-05-16 22:11:40 +00:00
tjr
4b192dc71d Handle variable argument lists correctly in reply() and lreply().
In particular, do not pass the same va_list to both vprintf() and
vsyslog() without first reinitializing it. This fixes ftpd -d
on amd64.
2004-05-13 05:36:38 +00:00
yar
c0140bd141 NULL looks better than (char *)0 unless we're passing
an unprototyped argument to a function.
2004-02-07 14:59:11 +00:00
yar
ec50e6c644 Deny attempts to rename a file from guest users if the policy
says they may not modify existing files through FTP.

Renaming a file is effectively a way to modify it.
For instance, if a malicious party is unable to delete or overwrite
a sensitive file, they can nevertheless rename it to a hidden name
and then upload a troyan horse under the guise of the old file name.
2004-02-07 14:54:30 +00:00
yar
b836e6309f perror_reply() should not be used where errno isn't meaningful. 2004-02-07 14:38:04 +00:00
yar
b6d44d65d8 Work around a bug in some clients by never returning raw directory
contents in reply to a RETR command.  Such clients consider RETR
as a way to tell a file from a directory.  Mozilla is an example.

PR:		bin/62232
Submitted by:	Bob Finch <bob+freebsd <at> nas <dot> com>
MFC after:	1 week
2004-02-07 14:11:38 +00:00
ru
5eae3592f4 Reorder dependencies to fix static NOPAM build.
Submitted by:	lorder(1)
2004-02-02 18:19:41 +00:00
charnier
9af7d6a659 add missing setusershell() calls.
PR: bin/2442
Reviewed by: Friedemann Becker <zxmxy33@mail.uni-tuebingen.de>
2004-01-18 21:29:33 +00:00
anholt
f69246ee4c man ftpd says that "by default, anonymous users cannot modify existing files."
However, the code did allow deletion of files.  Make deleting require the -m
flag, too.

PR:		bin/60809
Submitted by:	Alexander Melkov <melkov@comptek.ru>
2004-01-07 19:28:31 +00:00
yar
759577e793 If a file to send in ASCII mode already has CRLF as end-of-line,
don't add excessive CR on the wire.

PR:		bin/59285
Submitted by:	Andrey Beresovsky <and at rsu.ru>
MFC after:	1 week
2003-11-15 11:08:26 +00:00
peter
9e4da6dd3b Pacify gcc warning with a Douglas Adams reference. 2003-10-26 04:30:05 +00:00
ume
d25cb60913 Don't depend on IPv4-mapped IPv6 address to bind to both IPv4
and IPv6.

Wrote at:	Hakone.
Powered by:	Warner Losh's scotch whisky.
Requested by:	nork
2003-09-14 16:42:46 +00:00
kan
80babb4e26 Eliminate last three uses of varargs.h in the tree. These three files
were including varargs.h file but did not use any of its macros,
so they escaped the clean-up before.
2003-09-01 04:12:18 +00:00
ceri
d4a07597ca Add a note that the -u option can be overridden by settings in login.conf(5).
PR:		docs/56017
Submitted by:	Josef El-Rayes <j.el-rayes@daemon.li>
2003-08-31 07:45:48 +00:00
yar
beedaf29a1 Block SIGURG while reading from the control channel.
Rationale:

SIGURG is configured by ftpd to interrupt system calls, which is useful
during data transfers.  However, SIGURG could interrupt I/O on the
control channel as well, which was mistaken for the end of the session.

A practical example could be aborting the download of a tiny file,
when the abort sequence reached ftpd after ftpd had passed the file
data to the system and returned to its command loop.

Reported by:	ceri
MFC after:	1 week
2003-07-09 13:54:33 +00:00
yar
94167f7347 Improve error handling in getline():
- always check the return value from getc(3) for EOF;
- if the attempt to read the TELNET command byte has
  returned EOF, exit from the loop instead of using
  the EOF value as a normal character.

MFC after:	1 week
2003-07-09 13:15:32 +00:00
yar
72eaf383f4 Make a malloced copy of "chrootdir" even if it points to an absolute
pathname inside "residue" so "chrootdir" can be simply freed later.

PR:		bin/53435
Submitted by:	Yutaka Ishihara <yutaka at fandc.co.jp>
MFC after:	1 week
2003-07-09 12:46:24 +00:00
yar
3b7c9bf6da Don't declare unneeded extern variables,
leave alone specifying a wrong type for one of them.
2003-06-21 10:45:38 +00:00
yar
478d73b235 If ftpd is run with an -h option (hide host-specific info,)
don't reveal the info in reply to the SYST command.

Get rid of using the "unix" macro at the same time.  It was a rather
poor way to check if the system was Unix since there were quite a
few Unix clones out there whose cc didn't define "unix" (e.g.,
NetBSD.)  It was also sensitive to the C standard used, which caused
unnecessary trouble:  With -std=c99, it should have been "__unix__",
and so on.

PR:		bin/50690
Submitted by:	Alex Semenyaka <alexs _at_ snark.ratmir.ru>
MFC after:	1 week
2003-06-16 11:30:23 +00:00
charnier
eeb46390af Add section number to .Xr 2003-06-08 12:40:50 +00:00
ru
d727dda421 Assorted mdoc(7) fixes. 2003-06-01 19:52:36 +00:00
ru
d51b17e639 mdoc(7) police: Properly markup the previous revision.
Approved by:	re (blanket)
2003-05-16 21:36:10 +00:00
silby
dc7f6e718f Update the description of the -u option to mention that IP_PORTRANGE_HIGH
and _DEFAULT are the same for 5.x.

Committed under threat of action from:	The mdoc police
2003-03-25 22:20:02 +00:00
ru
0dea541567 mdoc(7) police: Scheduled sweep. 2003-02-24 22:53:26 +00:00
yar
cd7b1c298a Kill unnecessary vertical whitespace. 2003-02-11 14:10:48 +00:00
yar
f6108273cb Use LOG_AUTHPRIV to hide the username attempted during an invalid login
from everyone but sysadmins.

PR:		bin/29487
MFC after:	3 days
2003-02-11 11:58:33 +00:00
yar
5d11fbeaec Allow "~/" in pathnames to work for a chrooted user. 2003-02-05 11:11:32 +00:00
yar
92b68c7646 Let tilde expansion be done even if a file/directory doesn't exist yet.
This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile"
do what they are supposed to instead of failing miserably with the
"File not found" error.

This involves a bit of code reorganization.  Namely, the code doing
glob(3) expansion has been separated to a function; a new function
has been introduced to do tilde expansion; the latter function is
invoked on a pathname before the former one.  Thus behaviour mimicing
that of the Bourne shell has been achieved.
2003-02-04 17:50:38 +00:00
yar
b1a2e9acb4 RFC 959 doesn't list reply code 550 as a valid responce to STOR/STOU,
so return reply code 553 to indicate a error from open(2) for consistency,
as long as the code is used in the rest of the STOR/STOU handler.
2003-02-04 03:33:25 +00:00
yar
02d8e2b208 Let real users access special files through FTP
if allowed by their filesystem permissions.

This doesn't break anything since using sendfile(2)
is triggered later by a separate S_ISREG conditional.

PR:		bin/20824
MFC after:	1 week
2003-01-31 13:18:55 +00:00
yar
6962d02957 When searching for a unique file name in guniquefd(),
distinguish between the cases of an existing file and
a real system error, such as I/O failure, no access etc.

MFC after:	3 days
2003-01-29 17:04:07 +00:00
yar
6284753cac Add a new option to ftpd(8), "-h", to disable printing any
host-specific information in FTP server messages (so paranoid
admins can sleep at night :-)

PR:		bin/16705
MFC after:	1 week
2003-01-29 10:58:58 +00:00
yar
e6e9500985 Give the code around chroot(2)/chdir(2) a major overhaul by
separating its part around chroot(2) from that around initial
chdir(2).  This makes the below changes really easy.

Move seteuid(to user's uid) to before calling chdir(2).  There are
two goals to achieve by that.  First, NFS mounted home directories
with restrictive permissions become accessible (local superuser
can't access them if not mapped to uid 0 on the remote side
explicitly.)  Second, all the permissions to the home directory
pathname components become effective; previously a user could be
carried to any local directory despite its permissions since the
chdir(2) was done with euid 0.  This reduces possible impact from
FTP server misconfiguration, e.g., assigning a wrong home directory
to a user.

Implement the "/./" feature.  Now a guest or user subject to chrooting
may have "/./" in his login directory, which separates his chroot
directory from his home directory inside the chrooted environment.
This works for ftpchroot(5) as well.

PR:		bin/17843 bin/23944
2003-01-29 10:07:27 +00:00
yar
a322ce3682 Actually extract the second field from a line in ftpchroot(5)
instead of just using the rest of the line behind the first field.
2003-01-27 15:34:22 +00:00
yar
704ec7b02a Allow more than one separator character between fields in ftpchroot(5). 2003-01-27 14:41:08 +00:00
yar
411365f15d Extend the format of /etc/ftpchroot so an alternative chroot
directory can be specified for a user or a group.

Add the manpage ftpchroot(5) since the file's format has grown
complex enough.

PR:			bin/45327
Portions submitted by:	Hideki SAKAMOTO <sakamoto@hlla.is.tsukuba.ac.jp>
MFC after:		1 week
2003-01-26 19:02:56 +00:00
yar
e67bf5e192 GLOB_MAXPATH has been deprecated in favour of GLOB_LIMIT. 2003-01-25 14:59:48 +00:00
yar
3d2488fff7 - Add a new option, ``-P port'', to specify the port for ftpd(8)
to listen at in daemon mode.
- Use the port by 1 less than the control port as the default
  data port instead of always using hard-coded port 20.

Submitted by:	roam
MFC after:	1 week
2003-01-23 18:39:48 +00:00
yar
f5eff04464 Prevent server-side glob(3) patterns from expanding
to a pathname that contains '\r' or '\n'.

Together with the earlier STAT bugfix, this must solve
the problem of such pathnames appearing in the FTP control
stream.
2003-01-22 16:25:22 +00:00
cjc
29a813efb6 The FTP daemon was vulnerable to a DoS where an attacker could bind()
up port 20 for an extended period of time and thus lock out all other
users from establishing PORT data connections. Don't hold on to the
bind() while we loop around waiting to see if we can make our
connection.

Being a DoS, it has security implications, giving it a short MFC
time.

MFC after:	1 day
2003-01-21 05:13:02 +00:00
yar
65804c6d3c Prepend a space character if a line begins with a digit
in the output to the "STAT file" request.

This closes one discrepancy with RFC 959 (page 36.)

See also http://www.kb.cert.org/vuls/id/328867

Obtained from:	OpenBSD
2003-01-16 14:25:32 +00:00
yar
999cc66112 Replace the instances of literal "/bin/ls"
with the _PATH_LS macro to be consistent
with the rest of the ftpd(8) source.
2003-01-16 13:27:58 +00:00
schweikh
fec6546e12 english(4) police. 2002-12-27 12:15:40 +00:00
ru
146b294736 mdoc(7) police:
Properly sort options, spell "file system" correctly, expand contraction.

Catch up to the src/etc/syslog.conf,v 1.23 change: ftpd(8) session logs
are now by default get logged to /var/log/xferlog.

Approved by:	re
2002-11-25 15:20:06 +00:00
peter
570525a6c7 Oops. Some ut_time stuff slipped through the cracks. These turned out
to be non-fatal due to stack alignment roundups.
2002-11-17 23:46:45 +00:00
yar
e2616c6490 Don't free the current addrinfo list, or else a pointer to a freed
memory area would arise.  Only an addrinfo list from an earlier
call to getaddrinfo() should be freed there because it will be
substituted by the current list referenced by "res".

Reported by:	John Long <fbsd1@pruam.com>
MFC after:	5 days
2002-11-11 07:31:48 +00:00
rwatson
71edd02c55 Have ftpd specify the LOGIN_SETMAC flag to setlogincontext() so that
MAC labels are set if MAC is enabled and configured for the user
logging in.

Note that lukemftpd is not considered a supported application when
MAC is enabled, as it does not use the standard system interfaces for
managing user contexts; if lukemftpd is used with labeled MAC policies,
it will not properly give up privileges when switching to the user
account.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-24 16:19:52 +00:00
rwatson
a20ce31a58 Teach "ls -Z" to use the policy-agnostic MAC label interfaces rather
than the LOMAC-specific interfaces for listing MAC labels.  This permits
ls to view MAC labels in a manner similar to getfmac, when ls is used
with the -l argument.  Next generation LOMAC will use the MAC Framework
so should "just" work with this and other policies.  Not the prettiest
code in the world, but then, neither is ls(1).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-24 00:07:30 +00:00
mike
86a758e51b Use the standardized CHAR_BIT constant instead of NBBY in userland. 2002-09-25 04:06:37 +00:00
yar
f8c5ceb68d The mode can be "r+" as well on PUT, but only "a" on APPE. 2002-08-29 09:53:51 +00:00
yar
c4deb81f31 Fix lexer jam on unimplemented commands.
Submitted by:	maxim
MFC after:	5 days
2002-08-29 09:23:08 +00:00
yar
906476b28e Remove variables no longer used. 2002-08-27 09:05:03 +00:00
yar
9841ff7102 More inithosts() fixes:
o Don't free(3) memory occupied by host structures
  already in the host list.
o Set hrp->hostinfo to NULL if a host record has to stay in
  the host list, but is to be ignored.  Selecthost() knows that.
o Reduce the pollution with excessive NULL checks.
o Close a couple of memory leaks.

MFC after:	1 week
2002-08-27 09:02:52 +00:00
yar
57e404b3cd Fix an inconsistency between a printf-like format and its argument list.
Submitted by:	kris
MFC after:	3 days
2002-08-27 07:38:55 +00:00
yar
8edf222b9e Add option '-W': don't log FTP sessions to wtmp.
Submitted by:	maxim
MFC after:	1 week
2002-08-23 09:06:28 +00:00
yar
a5929f9a88 Clean up hostname and hostinfo handling in inithosts():
o check getaddrinfo(3) return value, not result pointer
o getaddrinfo(3) returns int, not pointer
o don't leak memory allocated for hostnames and hostinfo structures
o initialize pointers that will be checked for NULL somewhere

MFC after:	1 week
2002-08-20 14:56:06 +00:00
yar
2a6f0e09d3 Fix a wrong comment on (hopefully) right code.
MFC after:	3 days
2002-08-13 14:08:38 +00:00
yar
6c62e6d106 Fix command help lines:
o PORT takes six byte values, not five.
o TYPE argument is mandatory.

Submitted by:	demon (the 1st part)
MFC after:	3 days
2002-08-13 13:56:42 +00:00
yar
1402e3c762 Rework storing files thoroughly. This includes:
o Remove the race between stat(2) & fopen(3) when creating
  a unique file.

o Improve bound checking when generating a unique name from
  a given pathname.

o Ignore REST marker on APPE.  No RFC specifies this case,
  but the idea of resuming APPE's implies this.

o By default, deny upload resumes and appends by anonymous users.
  Previously these commands were translated to STOU silently,
  which led to broken files on server without any notification
  to the user.

o Add an option, -m, to allow anonymous users to modify
  existing files (e.g., to resume uploads) if filesystem
  permissions permit.

Portions obrainded from:	OpenBSD
MFC after:			3 weeks
2002-08-08 17:53:52 +00:00
yar
dbe59dc029 1) Use "pathstring" instead of "STRING" consistently.
2) Remove unneeded "if not NULL" props from "pathstring",
   which will never be NULL by the lexer design.

Inspired by:	OpenBSD
MFC after:	1 week
2002-08-05 17:34:15 +00:00
yar
37e3668bf5 Since GLOB_NOCHECK is set in the glob(3) call,
glob(3) will return at least one pathname unless
a system error has occured.  It's not a "not found"
error otherwise.

MFC after:	3 days
2002-08-05 14:40:38 +00:00
yar
4396de5e38 Spot places where "pathname" hasn't been checked
for NULL.  The "pathname" rule may return NULL
on a glob(3) error.

Obtained from:	OpenBSD
MFC after:	1 week
2002-08-05 14:26:40 +00:00
yar
09fb3e817b Disallow invalid numeric mode values for SITE CHMOD.
Earlier, a decimal number (e.g., 890) could be passed
for mode, leading to dangerous permissions set:
-1, that is, 07777.

Obtained from:	OpenBSD
MFC after:	1 week
2002-08-05 14:10:57 +00:00
yar
87d654b4a4 Reflect in the ftpd(8) manpage the fact that ASCII SIZE
requests against large files will be denied.

MFC after:	10 days
2002-08-05 13:37:18 +00:00
yar
919470cf7d Deny the SIZE command on large files when in ASCII mode.
This eliminates an opportunity for DoS attack.

Pointed out by:	maxim
Inspired by:	lukemftpd, OpenBSD
MFC after:	2 weeks
2002-07-31 10:55:31 +00:00
yar
856a7116df Conform to RFC 959, Appendix II, when replying
to a successful MKD command.

MFC after:	1 week
2002-07-29 15:54:27 +00:00
yar
b0f2856844 Make the -v' option a synonym for -d'
(as it was intended initially)
and document it in the manpage.

MFC after:	2 weeks
2002-07-26 16:07:19 +00:00
yar
ae142b4144 Document the -u (set umask) option
(which has been there at least since 4.4BSD-Lite!)

MFC after:	2 weeks
2002-07-26 16:01:24 +00:00
yar
11df7e3f6f Sort command-line options according to the mostly used style:
alphabetical order, lower and upper case of the same letter
stick together, lower case first.

MFC after:	2 weeks
2002-07-26 15:46:08 +00:00
yar
01cbae6356 Use <arpa/ftp.h> stuff cleanly, without introducing
non-portable constants (in this case, hidden as offsets
to the "?AEIL" string.)

MFC after:	1 week
2002-07-25 17:41:47 +00:00
yar
90caf3dc00 Re-use passive data ports with the SO_REUSEADDR
socket option to avoid exausting the passive port
space by TIME_WAIT'ing connections.

PR:		bin/36955
Submitted by:	Maxim Konovalov <maxim@FreeBSD.org>
MFC after:	2 weeks
2002-07-24 16:11:34 +00:00
yar
b55ffaf6bb Remove the outdated casts to "char *" from the setsockopt(2),
write(2), and getipnodebyaddr(3) calls.  Now all the above functions
accept "void *" in that arguments and have prototypes.  Thus, the
casts are useless under the normal circumstances (and would be harmful
if the functions had no prototypes.)

MFC after:	2 weeks
2002-07-24 15:30:53 +00:00
yar
d19478c57f Clean up the syslog(3) messages on the setsockopt(2) errors:
o Always check a setsockopt(2) return value
o Use a consistent message format
o Don't abort if the failed setsockopt(2) was actually not vital
o Use LOG_WARNING, not LOG_ERR, in non-fatal cases

MFC after:	1 week
2002-07-24 14:50:17 +00:00
ume
9c2c51a1e6 use IPV6_V6ONLY instead of non standard IPV6_BINDV6ONLY.
MFC after:	1 week
2002-07-22 15:22:53 +00:00
yar
7825a53069 Fix one RFC 959 incompliance:
Double double-quotes in a PWD result
if they appear in the directory pathname.

PR:		misc/18365
MFC after:	1 week
2002-07-22 07:41:14 +00:00
yar
81d786a9d6 Allow deleting and renaming stale symlinks and
deleting symlinks pointing to directories.

PR:		bin/37250
Submitted by:	Nino Dehne <TeCeEm@gmx.de>
MFC after:	1 week
2002-07-21 12:06:56 +00:00
yar
0e4b89607d Avoid passing NULL to freehostent(3).
MFC after:	1 week
2002-07-17 19:29:25 +00:00
yar
ab8d11d3a9 Fix setting parameters for getipnodebyaddr(3):
o "struct addrinfo" contains a pointer to "struct sockaddr,"
  not "struct sockaddr" itself
o the function takes a pointer to "struct in*_addr", not to
  "struct sockaddr," so the address length must be corresponding

MFC after:	1 week
2002-07-17 19:07:07 +00:00
mikeh
1bf2662143 GLOB_QUOTE has been retired. 2002-07-17 05:47:49 +00:00
yar
4410d83dcc Use the right indent for the closing brace: it belongs to `if',
not to `for'.  The previous indent was reather misleading for
the code reader.

MFC after:	1 week
2002-07-16 16:48:15 +00:00
yar
c2dfbe8244 Replace the awkward hackery about strtok(3)
by conventional one-way parsing of ftphosts(5).
Don't let NULL hostname pointers into virtual
host records as well.

PR:		bin/18410
MFC after:	1 month
2002-07-16 16:30:41 +00:00
yar
eba11c79d0 Use fgetln(3) to read lines from configuration files (ftpusers, ftphosts.)
Thus lines of any length can be handled, unlike before.

Don't assume that each line read from the files ends with a newline.

As a side effect in inithosts(), don't use automatic buffer at all,
utilize malloc(3) when getting local host name instead.

PR:		misc/21494
Reviewed by:	maxim, mikeh
MFC after:	1 month
2002-07-12 15:51:15 +00:00
charnier
9639b20db6 The .Nm utility 2002-07-06 19:19:48 +00:00
dan
2bdfbbf7e6 Make sure to reset transflag back to zero upon succesfully using sendfile()
to transfer a file.

PR: 39362
Submitted by: TANAKA Hiroyuki <kattyo@abk.nu>
MFC after: 1 week
2002-07-03 00:12:00 +00:00
ume
8530756499 Cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach
scope identifier).

MFC after:	3 weeks
2002-07-02 11:11:17 +00:00
maxim
2a203b39db Remove trailing whitespaces. 2002-07-01 14:30:38 +00:00
maxim
53025a95ff Move 'byte_count' calculation just before 'recvurg' check. It is a global
variable and used in myoob().

PR:		bin/38928
Submitted by:	Oliver Fromme <olli@secnetix.de>
MFC after:	1 month
2002-07-01 14:29:44 +00:00
mdodd
c8cc9e8e67 Implement a flag to disable directory creation for anonymous users.
PR:		misc/38987
Submitted by:	Peter da Silva <peter@abbnm.com>
MFC after:	1 week
2002-07-01 02:30:11 +00:00
markm
eaea972b25 Remove a GCC-specific command-line option. We should be using WARNS=n
for this stuff.
2002-06-28 10:36:14 +00:00
alfred
a7dd0de84a Assume __STDC__, remove non-__STDC__ code. 2002-05-28 18:57:20 +00:00
maxim
fb79ef5523 Teach REST how to restart a file transfer after 2^31 bytes: now yylex()
returns off_t in yylval.u.o. REST is the only user of yylval.u.o at the
moment.

NB: seems lukemftpd has the same bug.

PR:		misc/28629
Reviewed by:	ru
Approved by:	ru
MFC after:	1 month
2002-03-14 16:05:06 +00:00
maxim
1459c4fc94 Remove duplicated yacc nonterminals declarations, sort includes.
No functional changes from rev. 1.31.

Reviewed by:	ru
Approved by:	ru
MFC after:	1 week
2002-03-11 11:48:55 +00:00
obrien
ce9dcc8784 Put the last added source file in proper order.
(and dcc the committer a dictionary)
2002-02-27 18:29:11 +00:00
des
2b3e8246a1 Rewrite the part of the conversation function that allocates the reply array;
it was inelegant and neglected to check the return value from malloc(3).

Sponsored by:	DARPA, NAI Labs
2002-02-25 16:39:34 +00:00
maxim
8b9c5f26cd Fix infinite loop around sendfile(2) after sending >4GB file.
PR:		bin/33770
Submitted by:	Vladislav Shabanov <vs@rambler-co.ru>
Reviewed by:	ru
Approved by:	ru
MFC after:	1 month
2002-02-13 09:00:05 +00:00
kris
c60495e0de Lock down with WFORMAT?=1, with overrides in the subdirectories which
are not yet warning-clean.  Tested on i386 and alpha.
2002-02-04 02:33:51 +00:00
kris
94f0c44ca8 Silence some FORMAT_AUDIT warnings (one left) 2002-02-04 01:23:44 +00:00
imp
f15fa6acaf o Eliminate __P
o Use new-style function definitions
o remove some !__STDC__ code
o eliminate register
2002-02-03 15:53:02 +00:00
yar
dc82fedb5a Remove the setjmp/longjmp stuff completely. Use signal
handlers to set flags only (with exception for sigquit(),
which still seems to call some non-reentrant functions on
its way to _exit(2).)  That must eliminate the possibility
of catching SIGSEGV from following non-reentrant paths from
signal handlers.

PR:		bin/32740 bin/33846
Submitted by:	Maxim Konovalov <maxim@macomnet.ru>
Obtained from:	OpenBSD
2002-01-28 19:28:14 +00:00
ume
fd850072e8 Log wtmp according to an address family properly.
Reported by:	matusita
Reviewed by:	matusita
MFC after:	1 week
2002-01-28 14:50:07 +00:00
ache
09d8de9092 Remove my workaround fallback since PAM now do it properly. 2002-01-21 19:07:15 +00:00
des
6f44d9644f Really back out ache's commits. These files are now precisely as they were
twentyfour hours ago, except for RCS ids.
2002-01-19 18:29:50 +00:00
ache
af75944084 Back out PAM_CRED_ERR addition 2002-01-19 18:06:05 +00:00
ache
46e8d91448 Add PAM_CRED_ERR as valid failure case 2002-01-19 09:01:17 +00:00
ache
86e7a84bd8 Call opieunlock() only if we skip opieverify() part 2002-01-19 05:59:24 +00:00
ache
5d0d99723d Remove conditional 'pwok' fallback for PAM which now
is implemented in pam_opie module

For non-PAM variant rewrite empty password checking code to do the right thing
and not disallow empty passwords in all cases.
2002-01-19 03:18:33 +00:00
dwmalone
7bc655e785 Be more careful about freeing memory after parsing commands.
Hiroyuki YAMAMORI gave a patch for the EPRT command in the
PR below. Problems with the rest of the patch are my fault.

PR:		33268
Reviewed by:	iedowse, sheldonh
2002-01-05 20:13:01 +00:00
ache
50483c2302 Fix OPIE auth 2002-01-01 13:14:25 +00:00
bde
4de262f554 Fixed missing DPADD in previous commit. Fixed most style bugs related to
DPADD and LDADD.
2001-12-29 12:06:59 +00:00
joe
6b4b04d210 Link with libm to take advantage of the -h flag to ls.
Submitted by:	Mike Makonnen <mike_makonnen@yahoo.com>
2001-12-29 10:22:13 +00:00
green
2181f49061 Add lomac.c.
Found by:	ken
2001-11-27 06:15:12 +00:00
yar
e2a8ecd17c Eliminate another instance of the old and well-known
DoS bug that the select(2)/accept(2) pair is called on
a socket that is in the blocking I/O mode.  The bug is
triggered if a selected connection dies before the accept(2)
leading to the accept(2) blocking virtually forever.

MFC after:	1 week
2001-11-19 21:52:03 +00:00
yar
bc2c059580 Don't let a user name in ftpd's proctitle
be mistaken for a status message.

PR:		misc/25217
MFC after:	7 days
2001-10-12 13:16:34 +00:00
yar
090772b098 Be consistent about indent at least within one block of code. 2001-10-12 13:06:40 +00:00
ru
68c24f2f7d mdoc(7) police: markup nits. 2001-10-01 12:58:03 +00:00
ache
7ec889372d 1) Use OPIE response only when OPIE keys really used
2) Use commonly used OPIE response form instead of self-made one
2001-09-29 19:22:24 +00:00
mikeh
a3f68a6bff Improve the description on how to construct ~ftp/pub. Specifically,
don't instruct users to set the directory mode 777.

PR:		30690
Obtained from:	NetBSD (with modification)
MFC after:	2 weeks
2001-09-25 02:43:45 +00:00
mikeh
808da37f93 Remove a field width specifier that's not doing anything more than
what using snprintf() achieves. It was also being used incorrectly.
2001-09-10 18:46:07 +00:00
sheldonh
10a7c0e8b9 Do the best we can with respect to fixing command-line option disorder
in the SYNOPSIS and DESCRIPTION.

Note that -l remains an ugly exception, to which no known rules apply,
since the specification of a single option multiple times isn't normal
standards-compliant CLI behaviour.

While here, mark AF_INET* and LOG_* defined values up with Dv.
2001-09-04 09:22:21 +00:00
sheldonh
c86b5450b5 Extend the functionality offered by the -o option into a new option
-O, which limits the impact of the write-only restriction to guest
users.

*) The existing manual page's SYNOPSIS and option listing in the
   DESCRIPTION are already horribly disordered.  No attempt has been
   made to fix this.

*) The existing source's getopt() optstring and option handling switch
   are already horribly disordered.  No attempt has been made to fix
   this.

Discussed with: nik, -audit
2001-09-02 17:24:19 +00:00
ache
858507dd20 long -> off_t
long -> time_t
%ld -> %qd
fseek -> fseeko

NOTE: that fseek not works for >long offsets per POSIX:

[EOVERFLOW] For fseek( ), the resulting file offset would be a value which
cannot be represented correctly in an object of type long.
2001-09-02 14:18:28 +00:00
nik
28e8743f4b Add a new option, '-o', for "Write-only". Disables the RETR command,
preventing anyone from downloading files.  In conjunction with -A, and some
appropriate file permissions, this lets you create an anonymous FTP drop
box for people to upload files to.

The more obvious "-w" flag is already taken by NetBSD's ftpd.  "-o" was
available as an option letter in all three BSDs.
2001-08-28 11:59:21 +00:00
mikeh
b925de092b Rename the GLOB_MAXPATH flag of glob(3) to GLOB_LIMIT to be compatible
with NetBSD and OpenBSD. glob(3) will now return GLOB_NOSPACE with
errno set to 0 instead of GLOB_LIMIT when we match more than `gl_matchc'
patterns. GLOB_MAXPATH has been left as an alias of GLOB_LIMIT to
maintain backwards compatibility.

Reviewed by:	sheldonh, assar
Obtained from:	NetBSD/OpenBSD
2001-07-29 00:52:37 +00:00
obrien
199ab8cc56 Portability configuration data for LukeM ftpd. 2001-07-19 17:45:14 +00:00
dd
a145482cf6 Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
ru
5e14a6862e mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:49:54 +00:00
markm
3b3e6201e7 Remove S/Key. PAM can do its job. Well, not quite - there is an issue
with the conversation function and challenges which needs to be
revisited, so in the interim a hack is introduced to provide
an OPIE challenge (which is random if OPIE does not apply)
at all non-anonymnous logins.
2001-07-09 17:46:24 +00:00
dd
61b8c1c1c8 Move the definition of epsvall out of #ifdef VIRTUAL_HOSTING so that
the latter is not required for ftpd to compile.
2001-06-13 00:06:42 +00:00
markm
92fb2502f8 Cleaner method of making PAMable apps static (in the optional case of
wanting static apps).
2001-04-28 15:18:10 +00:00
markm
6cecf95d7d Damn. That should be _enable_ static linking, not _force_ static linking. 2001-04-28 07:58:12 +00:00
markm
e0475f8cde Enable (optional) static linking.
Asked for by:	BDE
2001-04-28 07:56:49 +00:00
markm
fefaa70f2e Change names of functions and variables with global scope that are
in conflict with library values of the same name. This allows static
linking.
2001-04-28 07:55:19 +00:00
ru
2d1b95a96f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
peter
2f71212769 Previous clobbered a work-in-progress. Here is the merged result:
Limit the "pathname" glob to one item, as that is what all users of it
are expecting, except for LIST.

Always glob, instead of when the first character is a ~.  For example,
if you had directories ~/x1, and ~/x2, then "cwd x[1]" would fail, but
"cwd ~/x[1]" would work since it was globbed due to the ~ character.
Also, "cwd ~/x[12]" used to arbitarily work as it used the first
expansion (ie: x1) without an error.  Make it return '550 ambiguous'
instead of '550 not found' so that the user can see the difference.

For LIST, just use the user supplied string as the popen does the glob.

Problem noticed by:  Ajay Mittal <amittal@iprg.nokia.com>
2001-04-17 03:03:45 +00:00
jedgar
58889ae5bb Limit number of paths returned via glob() for authorized users
using tilde expansion.
2001-04-17 02:33:20 +00:00
green
3b359dad32 Support the empty "PASS\r\n" command. 2001-04-16 22:20:26 +00:00