Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/libexec/ftpd user visible changes (besides checking the...
details: https://anonhg.NetBSD.org/src/rev/ef889ac80bd6
branches: netbsd-1-5
changeset: 488709:ef889ac80bd6
user: lukem <lukem%NetBSD.org@localhost>
date: Tue Jul 25 08:38:37 2000 +0000
description:
user visible changes (besides checking the cvs log):
* make checkportcmd the default
* add -r; force permanent drop of root privs after login
* add -V vers; change version string to vers
* add -H; act as -h `hostname`
* permanently drop root privs if it makes sense to do so (e.g; logging in as
guest/chroot user on a port > 1024)
* fix reference to draft-ietf-ftpext-mlst-11
* add ftpd.conf directives: chroot, homedir
* fix base64_encode() and generation of the unique fact
* crank version to 20000723
diffstat:
libexec/ftpd/conf.c | 79 +++++++++++++-
libexec/ftpd/extern.h | 15 ++-
libexec/ftpd/ftpcmd.y | 224 +++++++++++++++---------------------------
libexec/ftpd/ftpd.8 | 178 ++++++++++++++++++++++++++++------
libexec/ftpd/ftpd.c | 242 ++++++++++++++++++++++++++++++++++------------
libexec/ftpd/ftpd.conf.5 | 121 ++++++++++++++++++-----
libexec/ftpd/ftpusers.5 | 21 ++-
libexec/ftpd/version.h | 4 +-
8 files changed, 596 insertions(+), 288 deletions(-)
diffs (truncated from 1661 to 300 lines):
diff -r 02f174dc9fe5 -r ef889ac80bd6 libexec/ftpd/conf.c
--- a/libexec/ftpd/conf.c Tue Jul 25 08:38:21 2000 +0000
+++ b/libexec/ftpd/conf.c Tue Jul 25 08:38:37 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.31 2000/06/19 15:15:03 lukem Exp $ */
+/* $NetBSD: conf.c,v 1.31.2.1 2000/07/25 08:38:37 lukem Exp $ */
/*-
* Copyright (c) 1997-2000 The NetBSD Foundation, Inc.
@@ -38,7 +38,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: conf.c,v 1.31 2000/06/19 15:15:03 lukem Exp $");
+__RCSID("$NetBSD: conf.c,v 1.31.2.1 2000/07/25 08:38:37 lukem Exp $");
#endif /* not lint */
#include <sys/types.h>
@@ -88,10 +88,12 @@
free(conv);
}
- curclass.checkportcmd = 0;
+ curclass.checkportcmd = 1;
+ REASSIGN(curclass.chroot, NULL);
REASSIGN(curclass.classname, NULL);
curclass.conversions = NULL;
REASSIGN(curclass.display, NULL);
+ REASSIGN(curclass.homedir, NULL);
curclass.limit = -1; /* unlimited connections */
REASSIGN(curclass.limitfile, NULL);
curclass.maxrateget = 0;
@@ -106,6 +108,7 @@
curclass.rateget = 0;
curclass.rateput = 0;
curclass.timeout = 900; /* 15 minutes */
+ /* curclass.type is set elsewhere */
curclass.umask = 027;
curclass.upload = 1;
}
@@ -174,6 +177,13 @@
else
curclass.checkportcmd = 1;
+ } else if (strcasecmp(word, "chroot") == 0) {
+ if (none || EMPTYSTR(arg))
+ arg = NULL;
+ else
+ arg = xstrdup(arg);
+ REASSIGN(curclass.chroot, arg);
+
} else if (strcasecmp(word, "classtype") == 0) {
if (!none && !EMPTYSTR(arg)) {
if (strcasecmp(arg, "GUEST") == 0)
@@ -249,6 +259,13 @@
arg = xstrdup(arg);
REASSIGN(curclass.display, arg);
+ } else if (strcasecmp(word, "homedir") == 0) {
+ if (none || EMPTYSTR(arg))
+ arg = NULL;
+ else
+ arg = xstrdup(arg);
+ REASSIGN(curclass.homedir, arg);
+
} else if (strcasecmp(word, "limit") == 0) {
int limit;
@@ -494,7 +511,7 @@
syslog(LOG_WARNING, "can't add `%s' to stringlist", cp);
/* First check for a display file */
- (void)format_file(curclass.display, code);
+ (void)display_file(curclass.display, code);
/* Now see if there are any notify files */
if (EMPTYSTR(curclass.notify))
@@ -510,7 +527,7 @@
continue;
then = st.st_mtime;
if (code != 0) {
- reply(-code, "");
+ reply(-code, "%s", "");
code = 0;
}
reply(-code, "Please read the file %s", *rlist);
@@ -525,7 +542,7 @@
}
int
-format_file(const char *file, int code)
+display_file(const char *file, int code)
{
FILE *f;
char *buf, *p, *cwd;
@@ -539,7 +556,7 @@
return(0);
if ((f = fopen(file, "r")) == NULL)
return (0);
- reply(-code, "");
+ reply(-code, "%s", "");
for (;
(buf = fparseln(f, &len, NULL, "\0\0\0", 0)) != NULL; free(buf)) {
@@ -622,6 +639,54 @@
}
/*
+ * Parse src, expanding '%' escapes, into dst (which must be at least
+ * MAXPATHLEN long).
+ */
+void
+format_path(char *dst, const char *src)
+{
+ size_t len;
+ const char *p;
+
+ dst[0] = '\0';
+ len = 0;
+ if (src == NULL)
+ return;
+
+ for (p = src; *p && len < MAXPATHLEN; p++) {
+ if (*p == '%') {
+ p++;
+ switch (*p) {
+
+ case 'c':
+ len += strlcpy(dst + len, curclass.classname,
+ MAXPATHLEN - len);
+ break;
+
+ case 'd':
+ len += strlcpy(dst + len, pw->pw_dir,
+ MAXPATHLEN - len);
+ break;
+
+ case 'u':
+ len += strlcpy(dst + len, pw->pw_name,
+ MAXPATHLEN - len);
+ break;
+
+ case '%':
+ dst[len++] = '%';
+ break;
+
+ }
+ } else
+ dst[len++] = *p;
+ }
+ if (len < MAXPATHLEN)
+ dst[len] = '\0';
+ dst[MAXPATHLEN - 1] = '\0';
+}
+
+/*
* Find s2 at the end of s1. If found, return a string up to (but
* not including) s2, otherwise returns NULL.
*/
diff -r 02f174dc9fe5 -r ef889ac80bd6 libexec/ftpd/extern.h
--- a/libexec/ftpd/extern.h Tue Jul 25 08:38:21 2000 +0000
+++ b/libexec/ftpd/extern.h Tue Jul 25 08:38:37 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: extern.h,v 1.28 2000/06/19 15:15:03 lukem Exp $ */
+/* $NetBSD: extern.h,v 1.28.2.1 2000/07/25 08:38:37 lukem Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -105,15 +105,17 @@
char *conffilename(const char *);
char **copyblk(char **);
void count_users(void);
-void cprintf(FILE *, const char *, ...);
+void cprintf(FILE *, const char *, ...)
+ __attribute__((__format__(__printf__, 2, 3)));
void cwd(const char *);
FILE *dataconn(const char *, off_t, const char *);
void delete(const char *);
+int display_file(const char *, int);
char **do_conversion(const char *);
void dologout(int);
void fatal(const char *);
void feat(void);
-int format_file(const char *, int);
+void format_path(char *, const char *);
int ftpd_pclose(FILE *);
FILE *ftpd_popen(char *[], const char *, int);
char *getline(char *, int, FILE *);
@@ -135,7 +137,8 @@
void removedir(const char *);
void renamecmd(const char *, const char *);
char *renamefrom(const char *);
-void reply(int, const char *, ...);
+void reply(int, const char *, ...)
+ __attribute__((__format__(__printf__, 2, 3)));
void retrieve(char *[], const char *);
void send_file_list(const char *);
void show_chdir_messages(int);
@@ -176,9 +179,11 @@
struct ftpclass {
int checkportcmd; /* Check PORT commands are valid */
+ char *chroot; /* Directory to chroot(2) to at login */
char *classname; /* Current class */
struct ftpconv *conversions; /* List of conversions */
char *display; /* Files to display upon chdir */
+ char *homedir; /* Directory to chdir(2) to at login */
int limit; /* Max connections (-1 = unlimited) */
char *limitfile; /* File to display if limit reached */
int maxrateget; /* Maximum get transfer rate throttle */
@@ -236,6 +241,7 @@
GLOBAL gid_t gidlist[NGROUPS_MAX];
GLOBAL int hasyyerrored;
GLOBAL char hostname[MAXHOSTNAMELEN+1];
+GLOBAL char homedir[MAXPATHLEN];
#ifdef KERBEROS5
GLOBAL krb5_context kcontext;
#endif
@@ -253,6 +259,7 @@
GLOBAL sig_atomic_t transflag;
GLOBAL int type;
GLOBAL int usedefault; /* for data transfers */
+GLOBAL const char *version;
/* total file data bytes */
GLOBAL off_t total_data_in, total_data_out, total_data;
diff -r 02f174dc9fe5 -r ef889ac80bd6 libexec/ftpd/ftpcmd.y
--- a/libexec/ftpd/ftpcmd.y Tue Jul 25 08:38:21 2000 +0000
+++ b/libexec/ftpd/ftpcmd.y Tue Jul 25 08:38:37 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ftpcmd.y,v 1.48 2000/06/19 15:15:03 lukem Exp $ */
+/* $NetBSD: ftpcmd.y,v 1.48.2.1 2000/07/25 08:38:38 lukem Exp $ */
/*-
* Copyright (c) 1997-2000 The NetBSD Foundation, Inc.
@@ -83,7 +83,7 @@
#if 0
static char sccsid[] = "@(#)ftpcmd.y 8.3 (Berkeley) 4/6/94";
#else
-__RCSID("$NetBSD: ftpcmd.y,v 1.48 2000/06/19 15:15:03 lukem Exp $");
+__RCSID("$NetBSD: ftpcmd.y,v 1.48.2.1 2000/07/25 08:38:38 lukem Exp $");
#endif
#endif /* not lint */
@@ -205,7 +205,7 @@
| CWD check_login CRLF
{
if ($2)
- cwd(pw->pw_dir);
+ cwd(homedir);
}
| CWD check_login SP pathname CRLF
@@ -225,7 +225,7 @@
| QUIT CRLF
{
if (logged_in) {
- reply(-221, "");
+ reply(-221, "%s", "");
reply(0,
"Data traffic for this session was %qd byte%s in %qd file%s.",
(qdfmt_t)total_data, PLURAL(total_data),
@@ -254,91 +254,20 @@
| PORT check_login SP host_port CRLF
{
- if ($2) {
- /* be paranoid, if told so */
- if (curclass.checkportcmd &&
- ((ntohs(data_dest.su_port) < IPPORT_RESERVED) ||
- memcmp(&data_dest.su_sin.sin_addr,
- &his_addr.su_sin.sin_addr,
- sizeof(data_dest.su_sin.sin_addr)) != 0)) {
- reply(500,
- "Illegal PORT command rejected");
- } else if (epsvall) {
- reply(501, "PORT disallowed after EPSV ALL");
- } else {
- usedefault = 0;
- if (pdata >= 0) {
- (void) close(pdata);
- pdata = -1;
- }
- reply(200, "PORT command successful.");
- }
-
- }
+ if ($2)
+ port_check("PORT", AF_INET);
}
| LPRT check_login SP host_long_port4 CRLF
{
- if ($2) {
-
- /* reject invalid host_long_port4 */
- if (data_dest.su_family != AF_INET) {
- reply(500, "Illegal LPRT command rejected");
- return (NULL);
- }
Home |
Main Index |
Thread Index |
Old Index