1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-14 10:09:48 +00:00
Commit Graph

286 Commits

Author SHA1 Message Date
Yaroslav Tykhiy
809ad9288f ftpd(8) seems to be WARNS=2 clean now.
Tested on:	i386, ia64, amd64, sparc64, alpha
2004-07-31 15:07:33 +00:00
Yaroslav Tykhiy
aa5a9d3fff Change `(foo *)0'' to `NULL'' where it's possible
(and it appears possible throughout ftpd(8) source.)

It is not a mere issue of style: Null pointers in C
seem to have been mistaken one way or another quite often.
2004-07-31 15:03:17 +00:00
Yaroslav Tykhiy
0e519c96ef Kill a small herd of casts to off_t where they were not needed.
Thank Fortune, the C compiler can figure out by itself the proper
conversion for assignments, comparisons, and prototyped function
arguments.
2004-07-31 14:46:41 +00:00
Yaroslav Tykhiy
a57e1ef070 Printf(3) off_t values through conversion to intmax_t since
we've got <stdint.h> et al now.  (This makes ftpd(8) WARNS=2 clean.)
2004-07-31 14:22:02 +00:00
Yaroslav Tykhiy
c16cd94d23 Kill an unused variable (heading to WARNS=2.) 2004-07-31 14:03:59 +00:00
Yaroslav Tykhiy
012cdd2c90 Convert a couple of bogus null statements to the right form.
(Heading to WARNS=2.)
2004-07-31 14:03:14 +00:00
Yaroslav Tykhiy
c4536e21d4 Ditto for (gid_t). 2004-07-30 17:30:07 +00:00
Yaroslav Tykhiy
52e7ee748d Kill casts to (uid_t) obviously left from the K&R era.
Prototyping library functions in header files has rendered
them superfluous.
2004-07-30 17:27:23 +00:00
Yaroslav Tykhiy
9ec7612a2f Add a comment to explain that the loop around the call to bind(2)
is not a hack, but it has a clear purpose.
2004-07-30 17:18:57 +00:00
Yaroslav Tykhiy
6c124a8422 Open a socket for a data transfer in active mode using euid
of the current user, not root.  This will allow neat things
like matching anonymous FTP data traffic with a single ipfw(8)
rule:
	ipfw add ... tcp from any to any uid ftp

Note that the control connection socket still belongs to the
user ftpd(8) was started from, usually root.

PR:		bin/65928
Submitted by:	Eugene Grosbein <eugen at grosbein.pp.ru>
MFC after:	1 month
2004-07-30 16:57:42 +00:00
Ruslan Ermilov
c481aa05e8 Mechanically kill hard sentence breaks. 2004-07-02 21:28:50 +00:00
David E. O'Brien
63047c6ffc Simplify conditional compilation logic some. 2004-06-13 19:54:12 +00:00
Ruslan Ermilov
53ee59fe53 There's no such beast like AF_INET4, even when powered by whiskey. 2004-05-16 22:11:40 +00:00
Tim J. Robbins
9cbb335cfd Handle variable argument lists correctly in reply() and lreply().
In particular, do not pass the same va_list to both vprintf() and
vsyslog() without first reinitializing it. This fixes ftpd -d
on amd64.
2004-05-13 05:36:38 +00:00
Yaroslav Tykhiy
385f9bf07c NULL looks better than (char *)0 unless we're passing
an unprototyped argument to a function.
2004-02-07 14:59:11 +00:00
Yaroslav Tykhiy
b943b3c4ae Deny attempts to rename a file from guest users if the policy
says they may not modify existing files through FTP.

Renaming a file is effectively a way to modify it.
For instance, if a malicious party is unable to delete or overwrite
a sensitive file, they can nevertheless rename it to a hidden name
and then upload a troyan horse under the guise of the old file name.
2004-02-07 14:54:30 +00:00
Yaroslav Tykhiy
3f8b9cfe85 perror_reply() should not be used where errno isn't meaningful. 2004-02-07 14:38:04 +00:00
Yaroslav Tykhiy
10e8910499 Work around a bug in some clients by never returning raw directory
contents in reply to a RETR command.  Such clients consider RETR
as a way to tell a file from a directory.  Mozilla is an example.

PR:		bin/62232
Submitted by:	Bob Finch <bob+freebsd <at> nas <dot> com>
MFC after:	1 week
2004-02-07 14:11:38 +00:00
Ruslan Ermilov
40f38d59c2 Reorder dependencies to fix static NOPAM build.
Submitted by:	lorder(1)
2004-02-02 18:19:41 +00:00
Philippe Charnier
c433c9daac add missing setusershell() calls.
PR: bin/2442
Reviewed by: Friedemann Becker <zxmxy33@mail.uni-tuebingen.de>
2004-01-18 21:29:33 +00:00
Eric Anholt
c83098a31d man ftpd says that "by default, anonymous users cannot modify existing files."
However, the code did allow deletion of files.  Make deleting require the -m
flag, too.

PR:		bin/60809
Submitted by:	Alexander Melkov <melkov@comptek.ru>
2004-01-07 19:28:31 +00:00
Yaroslav Tykhiy
db1c2da334 If a file to send in ASCII mode already has CRLF as end-of-line,
don't add excessive CR on the wire.

PR:		bin/59285
Submitted by:	Andrey Beresovsky <and at rsu.ru>
MFC after:	1 week
2003-11-15 11:08:26 +00:00
Peter Wemm
45ffe5605f Pacify gcc warning with a Douglas Adams reference. 2003-10-26 04:30:05 +00:00
Hajimu UMEMOTO
206fe568bf Don't depend on IPv4-mapped IPv6 address to bind to both IPv4
and IPv6.

Wrote at:	Hakone.
Powered by:	Warner Losh's scotch whisky.
Requested by:	nork
2003-09-14 16:42:46 +00:00
Alexander Kabaev
84c0a48249 Eliminate last three uses of varargs.h in the tree. These three files
were including varargs.h file but did not use any of its macros,
so they escaped the clean-up before.
2003-09-01 04:12:18 +00:00
Ceri Davies
a707b683e7 Add a note that the -u option can be overridden by settings in login.conf(5).
PR:		docs/56017
Submitted by:	Josef El-Rayes <j.el-rayes@daemon.li>
2003-08-31 07:45:48 +00:00
Yaroslav Tykhiy
e25d3184d0 Block SIGURG while reading from the control channel.
Rationale:

SIGURG is configured by ftpd to interrupt system calls, which is useful
during data transfers.  However, SIGURG could interrupt I/O on the
control channel as well, which was mistaken for the end of the session.

A practical example could be aborting the download of a tiny file,
when the abort sequence reached ftpd after ftpd had passed the file
data to the system and returned to its command loop.

Reported by:	ceri
MFC after:	1 week
2003-07-09 13:54:33 +00:00
Yaroslav Tykhiy
39b96ba75d Improve error handling in getline():
- always check the return value from getc(3) for EOF;
- if the attempt to read the TELNET command byte has
  returned EOF, exit from the loop instead of using
  the EOF value as a normal character.

MFC after:	1 week
2003-07-09 13:15:32 +00:00
Yaroslav Tykhiy
39bce48245 Make a malloced copy of "chrootdir" even if it points to an absolute
pathname inside "residue" so "chrootdir" can be simply freed later.

PR:		bin/53435
Submitted by:	Yutaka Ishihara <yutaka at fandc.co.jp>
MFC after:	1 week
2003-07-09 12:46:24 +00:00
Yaroslav Tykhiy
9581ecbd72 Don't declare unneeded extern variables,
leave alone specifying a wrong type for one of them.
2003-06-21 10:45:38 +00:00
Yaroslav Tykhiy
a278e092d3 If ftpd is run with an -h option (hide host-specific info,)
don't reveal the info in reply to the SYST command.

Get rid of using the "unix" macro at the same time.  It was a rather
poor way to check if the system was Unix since there were quite a
few Unix clones out there whose cc didn't define "unix" (e.g.,
NetBSD.)  It was also sensitive to the C standard used, which caused
unnecessary trouble:  With -std=c99, it should have been "__unix__",
and so on.

PR:		bin/50690
Submitted by:	Alex Semenyaka <alexs _at_ snark.ratmir.ru>
MFC after:	1 week
2003-06-16 11:30:23 +00:00
Philippe Charnier
42161502bd Add section number to .Xr 2003-06-08 12:40:50 +00:00
Ruslan Ermilov
052a8966eb Assorted mdoc(7) fixes. 2003-06-01 19:52:36 +00:00
Ruslan Ermilov
c00ee5e567 mdoc(7) police: Properly markup the previous revision.
Approved by:	re (blanket)
2003-05-16 21:36:10 +00:00
Mike Silbersack
d28af25586 Update the description of the -u option to mention that IP_PORTRANGE_HIGH
and _DEFAULT are the same for 5.x.

Committed under threat of action from:	The mdoc police
2003-03-25 22:20:02 +00:00
Ruslan Ermilov
ace5be682d mdoc(7) police: Scheduled sweep. 2003-02-24 22:53:26 +00:00
Yaroslav Tykhiy
f29288c05e Kill unnecessary vertical whitespace. 2003-02-11 14:10:48 +00:00
Yaroslav Tykhiy
b8939f6fa6 Use LOG_AUTHPRIV to hide the username attempted during an invalid login
from everyone but sysadmins.

PR:		bin/29487
MFC after:	3 days
2003-02-11 11:58:33 +00:00
Yaroslav Tykhiy
31f77a4b49 Allow "~/" in pathnames to work for a chrooted user. 2003-02-05 11:11:32 +00:00
Yaroslav Tykhiy
6cfbc84115 Let tilde expansion be done even if a file/directory doesn't exist yet.
This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile"
do what they are supposed to instead of failing miserably with the
"File not found" error.

This involves a bit of code reorganization.  Namely, the code doing
glob(3) expansion has been separated to a function; a new function
has been introduced to do tilde expansion; the latter function is
invoked on a pathname before the former one.  Thus behaviour mimicing
that of the Bourne shell has been achieved.
2003-02-04 17:50:38 +00:00
Yaroslav Tykhiy
50618d61ae RFC 959 doesn't list reply code 550 as a valid responce to STOR/STOU,
so return reply code 553 to indicate a error from open(2) for consistency,
as long as the code is used in the rest of the STOR/STOU handler.
2003-02-04 03:33:25 +00:00
Yaroslav Tykhiy
ea7012261a Let real users access special files through FTP
if allowed by their filesystem permissions.

This doesn't break anything since using sendfile(2)
is triggered later by a separate S_ISREG conditional.

PR:		bin/20824
MFC after:	1 week
2003-01-31 13:18:55 +00:00
Yaroslav Tykhiy
88b707218e When searching for a unique file name in guniquefd(),
distinguish between the cases of an existing file and
a real system error, such as I/O failure, no access etc.

MFC after:	3 days
2003-01-29 17:04:07 +00:00
Yaroslav Tykhiy
c152df28e5 Add a new option to ftpd(8), "-h", to disable printing any
host-specific information in FTP server messages (so paranoid
admins can sleep at night :-)

PR:		bin/16705
MFC after:	1 week
2003-01-29 10:58:58 +00:00
Yaroslav Tykhiy
ce9287fc02 Give the code around chroot(2)/chdir(2) a major overhaul by
separating its part around chroot(2) from that around initial
chdir(2).  This makes the below changes really easy.

Move seteuid(to user's uid) to before calling chdir(2).  There are
two goals to achieve by that.  First, NFS mounted home directories
with restrictive permissions become accessible (local superuser
can't access them if not mapped to uid 0 on the remote side
explicitly.)  Second, all the permissions to the home directory
pathname components become effective; previously a user could be
carried to any local directory despite its permissions since the
chdir(2) was done with euid 0.  This reduces possible impact from
FTP server misconfiguration, e.g., assigning a wrong home directory
to a user.

Implement the "/./" feature.  Now a guest or user subject to chrooting
may have "/./" in his login directory, which separates his chroot
directory from his home directory inside the chrooted environment.
This works for ftpchroot(5) as well.

PR:		bin/17843 bin/23944
2003-01-29 10:07:27 +00:00
Yaroslav Tykhiy
341e476e25 Actually extract the second field from a line in ftpchroot(5)
instead of just using the rest of the line behind the first field.
2003-01-27 15:34:22 +00:00
Yaroslav Tykhiy
0ba71e2424 Allow more than one separator character between fields in ftpchroot(5). 2003-01-27 14:41:08 +00:00
Yaroslav Tykhiy
8657b576d8 Extend the format of /etc/ftpchroot so an alternative chroot
directory can be specified for a user or a group.

Add the manpage ftpchroot(5) since the file's format has grown
complex enough.

PR:			bin/45327
Portions submitted by:	Hideki SAKAMOTO <sakamoto@hlla.is.tsukuba.ac.jp>
MFC after:		1 week
2003-01-26 19:02:56 +00:00
Yaroslav Tykhiy
80f728d4ff GLOB_MAXPATH has been deprecated in favour of GLOB_LIMIT. 2003-01-25 14:59:48 +00:00
Yaroslav Tykhiy
63591ba5c8 - Add a new option, ``-P port'', to specify the port for ftpd(8)
to listen at in daemon mode.
- Use the port by 1 less than the control port as the default
  data port instead of always using hard-coded port 20.

Submitted by:	roam
MFC after:	1 week
2003-01-23 18:39:48 +00:00