Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/libexec/ftpd * add two new ftpd.conf(5) directives:
details: https://anonhg.NetBSD.org/src/rev/683c46c78e72
branches: trunk
changeset: 494888:683c46c78e72
user: lukem <lukem%NetBSD.org@localhost>
date: Mon Jul 17 02:30:52 2000 +0000
description:
* add two new ftpd.conf(5) directives:
chroot specify dir to chroot to for GUEST and CHROOT users, to
override -a anondir or the user's homedir.
homedir specify dir to change to upon login; also used for ~ expansion
and $HOME for subprocesses)
both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
into dst.
* rename format_file() to display_file()
diffstat:
libexec/ftpd/conf.c | 73 +++++++++++++++++++++++++++-
libexec/ftpd/extern.h | 8 ++-
libexec/ftpd/ftpcmd.y | 13 ++--
libexec/ftpd/ftpd.8 | 37 ++++++++++---
libexec/ftpd/ftpd.c | 97 +++++++++++++++++++++++++++++---------
libexec/ftpd/ftpd.conf.5 | 119 +++++++++++++++++++++++++++++++++++++---------
libexec/ftpd/ftpusers.5 | 21 +++++---
libexec/ftpd/version.h | 4 +-
8 files changed, 291 insertions(+), 81 deletions(-)
diffs (truncated from 739 to 300 lines):
diff -r 78a542b4c80d -r 683c46c78e72 libexec/ftpd/conf.c
--- a/libexec/ftpd/conf.c Mon Jul 17 02:25:02 2000 +0000
+++ b/libexec/ftpd/conf.c Mon Jul 17 02:30:52 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.32 2000/07/09 02:24:30 sommerfeld Exp $ */
+/* $NetBSD: conf.c,v 1.33 2000/07/17 02:30:52 lukem Exp $ */
/*-
* Copyright (c) 1997-2000 The NetBSD Foundation, Inc.
@@ -38,7 +38,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: conf.c,v 1.32 2000/07/09 02:24:30 sommerfeld Exp $");
+__RCSID("$NetBSD: conf.c,v 1.33 2000/07/17 02:30:52 lukem Exp $");
#endif /* not lint */
#include <sys/types.h>
@@ -89,9 +89,11 @@
}
curclass.checkportcmd = 0;
+ REASSIGN(curclass.chroot, NULL);
REASSIGN(curclass.classname, NULL);
curclass.conversions = NULL;
REASSIGN(curclass.display, NULL);
+ REASSIGN(curclass.homedir, NULL);
curclass.limit = -1; /* unlimited connections */
REASSIGN(curclass.limitfile, NULL);
curclass.maxrateget = 0;
@@ -106,6 +108,7 @@
curclass.rateget = 0;
curclass.rateput = 0;
curclass.timeout = 900; /* 15 minutes */
+ /* curclass.type is set elsewhere */
curclass.umask = 027;
curclass.upload = 1;
}
@@ -174,6 +177,13 @@
else
curclass.checkportcmd = 1;
+ } else if (strcasecmp(word, "chroot") == 0) {
+ if (none || EMPTYSTR(arg))
+ arg = NULL;
+ else
+ arg = xstrdup(arg);
+ REASSIGN(curclass.chroot, arg);
+
} else if (strcasecmp(word, "classtype") == 0) {
if (!none && !EMPTYSTR(arg)) {
if (strcasecmp(arg, "GUEST") == 0)
@@ -249,6 +259,13 @@
arg = xstrdup(arg);
REASSIGN(curclass.display, arg);
+ } else if (strcasecmp(word, "homedir") == 0) {
+ if (none || EMPTYSTR(arg))
+ arg = NULL;
+ else
+ arg = xstrdup(arg);
+ REASSIGN(curclass.homedir, arg);
+
} else if (strcasecmp(word, "limit") == 0) {
int limit;
@@ -494,7 +511,7 @@
syslog(LOG_WARNING, "can't add `%s' to stringlist", cp);
/* First check for a display file */
- (void)format_file(curclass.display, code);
+ (void)display_file(curclass.display, code);
/* Now see if there are any notify files */
if (EMPTYSTR(curclass.notify))
@@ -525,7 +542,7 @@
}
int
-format_file(const char *file, int code)
+display_file(const char *file, int code)
{
FILE *f;
char *buf, *p, *cwd;
@@ -622,6 +639,54 @@
}
/*
+ * Parse src, expanding '%' escapes, into dst (which must be at least
+ * MAXPATHLEN long).
+ */
+void
+format_path(char *dst, const char *src)
+{
+ size_t len;
+ const char *p;
+
+ dst[0] = '\0';
+ len = 0;
+ if (src == NULL)
+ return;
+
+ for (p = src; *p && len < MAXPATHLEN; p++) {
+ if (*p == '%') {
+ p++;
+ switch (*p) {
+
+ case 'c':
+ len += strlcpy(dst + len, curclass.classname,
+ MAXPATHLEN - len);
+ break;
+
+ case 'd':
+ len += strlcpy(dst + len, pw->pw_dir,
+ MAXPATHLEN - len);
+ break;
+
+ case 'u':
+ len += strlcpy(dst + len, pw->pw_name,
+ MAXPATHLEN - len);
+ break;
+
+ case '%':
+ dst[len++] = '%';
+ break;
+
+ }
+ } else
+ dst[len++] = *p;
+ }
+ if (len < MAXPATHLEN)
+ dst[len] = '\0';
+ dst[MAXPATHLEN - 1] = '\0';
+}
+
+/*
* Find s2 at the end of s1. If found, return a string up to (but
* not including) s2, otherwise returns NULL.
*/
diff -r 78a542b4c80d -r 683c46c78e72 libexec/ftpd/extern.h
--- a/libexec/ftpd/extern.h Mon Jul 17 02:25:02 2000 +0000
+++ b/libexec/ftpd/extern.h Mon Jul 17 02:30:52 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: extern.h,v 1.29 2000/07/08 18:24:28 sommerfeld Exp $ */
+/* $NetBSD: extern.h,v 1.30 2000/07/17 02:30:53 lukem Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -110,11 +110,12 @@
void cwd(const char *);
FILE *dataconn(const char *, off_t, const char *);
void delete(const char *);
+int display_file(const char *, int);
char **do_conversion(const char *);
void dologout(int);
void fatal(const char *);
void feat(void);
-int format_file(const char *, int);
+void format_path(char *, const char *);
int ftpd_pclose(FILE *);
FILE *ftpd_popen(char *[], const char *, int);
char *getline(char *, int, FILE *);
@@ -178,9 +179,11 @@
struct ftpclass {
int checkportcmd; /* Check PORT commands are valid */
+ char *chroot; /* Directory to chroot(2) to at login */
char *classname; /* Current class */
struct ftpconv *conversions; /* List of conversions */
char *display; /* Files to display upon chdir */
+ char *homedir; /* Directory to chdir(2) to at login */
int limit; /* Max connections (-1 = unlimited) */
char *limitfile; /* File to display if limit reached */
int maxrateget; /* Maximum get transfer rate throttle */
@@ -238,6 +241,7 @@
GLOBAL gid_t gidlist[NGROUPS_MAX];
GLOBAL int hasyyerrored;
GLOBAL char hostname[MAXHOSTNAMELEN+1];
+GLOBAL char homedir[MAXPATHLEN];
#ifdef KERBEROS5
GLOBAL krb5_context kcontext;
#endif
diff -r 78a542b4c80d -r 683c46c78e72 libexec/ftpd/ftpcmd.y
--- a/libexec/ftpd/ftpcmd.y Mon Jul 17 02:25:02 2000 +0000
+++ b/libexec/ftpd/ftpcmd.y Mon Jul 17 02:30:52 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ftpcmd.y,v 1.50 2000/07/15 03:45:19 lukem Exp $ */
+/* $NetBSD: ftpcmd.y,v 1.51 2000/07/17 02:30:53 lukem Exp $ */
/*-
* Copyright (c) 1997-2000 The NetBSD Foundation, Inc.
@@ -83,7 +83,7 @@
#if 0
static char sccsid[] = "@(#)ftpcmd.y 8.3 (Berkeley) 4/6/94";
#else
-__RCSID("$NetBSD: ftpcmd.y,v 1.50 2000/07/15 03:45:19 lukem Exp $");
+__RCSID("$NetBSD: ftpcmd.y,v 1.51 2000/07/17 02:30:53 lukem Exp $");
#endif
#endif /* not lint */
@@ -205,7 +205,7 @@
| CWD check_login CRLF
{
if ($2)
- cwd(pw->pw_dir);
+ cwd(homedir);
}
| CWD check_login SP pathname CRLF
@@ -703,7 +703,7 @@
send_file_list(".");
}
- | NLST check_login SP STRING CRLF
+ | NLST check_login SP pathname CRLF
{
if ($2)
send_file_list($4);
@@ -1259,11 +1259,10 @@
*/
if (logged_in && $1 && *$1 == '~') {
glob_t gl;
- int flags =
- GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE;
+ int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE;
if ($1[1] == '\0')
- $$ = xstrdup(pw->pw_dir);
+ $$ = xstrdup(homedir);
else {
memset(&gl, 0, sizeof(gl));
if (glob($1, flags, NULL, &gl) ||
diff -r 78a542b4c80d -r 683c46c78e72 libexec/ftpd/ftpd.8
--- a/libexec/ftpd/ftpd.8 Mon Jul 17 02:25:02 2000 +0000
+++ b/libexec/ftpd/ftpd.8 Mon Jul 17 02:30:52 2000 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: ftpd.8,v 1.55 2000/07/15 03:45:20 lukem Exp $
+.\" $NetBSD: ftpd.8,v 1.56 2000/07/17 02:30:54 lukem Exp $
.\"
.\" Copyright (c) 1997-2000 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -67,7 +67,7 @@
.\"
.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
.\"
-.Dd July 15, 2000
+.Dd July 17, 2000
.Dt FTPD 8
.Os
.Sh NAME
@@ -322,13 +322,13 @@
.It
If directed by the file
.Xr ftpchroot 5
-the session's root will be changed to the user's login directory by
+the session's root directory will be changed by
.Xr chroot 2
-as for an
-.Dq anonymous
-or
-.Dq ftp
-account (see next item).
+to the directory specified in the
+.Xr ftpd.conf 5
+.Sy chroot
+directive (if set),
+or to the home directory of the user.
However, the user must still supply a password.
This feature is intended as a compromise between a fully anonymous account
and a fully privileged account.
@@ -347,11 +347,28 @@
In this case the user is allowed
to log in by specifying any password (by convention an email address for
the user should be used as the password).
+.Pp
The server performs a
.Xr chroot 2
-to the home directory of the
+to the directory specified in the
+.Xr ftpd.conf 5
+.Sy chroot
+directive (if set),
+the
+.Fl a Ar anondir
+directory (if set),
+or to the home directory of the
.Dq ftp
user.
+.Pp
+The server then performs a
+.Xr chdir 2
+to the directory specified in the
+.Xr ftpd.conf 5
+.Sy homedir
+directive (if set), otherwise to
+.Pa / .
+.Pp
If other restrictions are required (such as disabling of certain
commands and the setting of a specific umask), then appropriate
entries in
Home |
Main Index |
Thread Index |
Old Index