Module Name:	basesrc
Committed By:	lukem
Date:		Sun Jul 23 14:40:49 UTC 2000

Modified Files:
	basesrc/libexec/ftpd: conf.c extern.h ftpcmd.y ftpd.8 ftpd.c
	    ftpd.conf.5 version.h

Log Message:
* make checkportcmd the default. this breaks third-party proxy ftp but
  prevents the ftp bounce attack, and we should be secure out of the
  box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
  if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
  > IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
  file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
  ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
  merge). if root privs have been dropped, and this would be a port <
  IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
  but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
  in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
  for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup


To generate a diff of this commit:
cvs rdiff -r1.33 -r1.34 basesrc/libexec/ftpd/conf.c
cvs rdiff -r1.30 -r1.31 basesrc/libexec/ftpd/extern.h
cvs rdiff -r1.51 -r1.52 basesrc/libexec/ftpd/ftpcmd.y
cvs rdiff -r1.56 -r1.57 basesrc/libexec/ftpd/ftpd.8
cvs rdiff -r1.100 -r1.101 basesrc/libexec/ftpd/ftpd.c
cvs rdiff -r1.10 -r1.11 basesrc/libexec/ftpd/ftpd.conf.5
cvs rdiff -r1.17 -r1.18 basesrc/libexec/ftpd/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.