272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
262435 |
24-Feb-2014 |
brueffer |
MFC: r262136
Remove the 3rd clause ("advertising clause") of the BSD license as permitted by the University of Berkeley on July 22, 1999.
Reviewed by: imp
|
262284 |
21-Feb-2014 |
brueffer |
MFC: r261885
In sgetpwnam(), save and free pw_class like all other char members of struct passwd. This fixes spurious "login_getclass: unknown class" errors.
PR: 186439 Submitted by: UEMURA Tetsuya <t_uemura at macome.co.jp>
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
240506 |
14-Sep-2012 |
eadler |
Bump date missed in r202756
PR: docs/171624 Submitted by: bdrewery Approved by: gabor MFC after: 3 days
|
229780 |
07-Jan-2012 |
uqs |
Spelling fixes for libexec/
|
228843 |
23-Dec-2011 |
cperciva |
Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]
Add an API for alerting internal libc routines to the presence of "unsafe" paths post-chroot, and use it in ftpd. [11:07]
Fix a buffer overflow in telnetd. [11:08]
Make pam_ssh ignore unpassphrased keys unless the "nullok" option is specified. [11:09]
Add sanity checking of service names in pam_start. [11:10]
Approved by: so (cperciva) Approved by: re (bz) Security: FreeBSD-SA-11:06.bind Security: FreeBSD-SA-11:07.chroot Security: FreeBSD-SA-11:08.telnetd Security: FreeBSD-SA-11:09.pam_ssh Security: FreeBSD-SA-11:10.pam
|
223434 |
22-Jun-2011 |
trasz |
Add LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to the setusercontext(3) calls in ftpd(8).
|
216945 |
04-Jan-2011 |
emaste |
Make format string a string literal. (Discovered by clang.)
MFC After: 1 week
|
216943 |
04-Jan-2011 |
emaste |
Handle failure from ftpd_popen in statfilecmd().
Reviewed by: attilio MFC after: 1 week
|
216932 |
03-Jan-2011 |
csjp |
expand checkuser() to support the propagation of error codes back to the caller. Currently, checkuser() does not differentiate between the failure to open the file and the absence of a user in the file. Check to see if there was an error opening the file. If there are any errors, terminate the connection. Currently, the only exception to this rule is ENOENT, since there is nothing that says the /etc/ftpuser and /etc/ftpchroot has to exist.
MFC after: 3 weeks
|
213573 |
08-Oct-2010 |
uqs |
mdoc: drop redundant .Pp and .LP calls
They have no effect when coming in pairs, or before .Bl/.Bd
|
205656 |
25-Mar-2010 |
delphij |
Check that gl_pathc is bigger than zero before derefencing gl_pathv. When gl_pathc == 0, the content of gl_pathv is undefined.
PR: bin/144761 Submitted by: David BERARD <contact davidberard fr> Obtained from: OpenBSD MFC after: 1 week
|
203698 |
09-Feb-2010 |
ed |
Set ut_line to "ftpd" for ftpd.
This makes it a little easier to figure out which application was responsible for this log entry. Ideally we should add an ut_process or something similar.
Suggested by: Vincent Poy <vincepoy gmail com>
|
202756 |
21-Jan-2010 |
ed |
Remove stale references to utmp(5) and its corresponding filenames.
I removed utmp and its manpage, but not other manpages referring to it.
|
202604 |
18-Jan-2010 |
ed |
Really disable wtmp logging when chrooting.
Also perform a small cleanup to ftpd_logwtmp(). Just use a NULL parameter for the username to indicate a logout, instead of an empty string.
Reported by: Alexey Shuvaev <shuvaev physik uni-wuerzburg de>
|
202209 |
13-Jan-2010 |
ed |
Port ftpd to utmpx.
Unfortunately I have to partially wreck its functionality, though. ftpd used to keep a file descriptor to the wtmp, which allowed it to work from within a chroot. The current utmpx implementation doesn't offer a way to do this. Maybe we can address this in the future, if it turns out to be a real issue.
|
190828 |
07-Apr-2009 |
obrien |
Move variable externs into extern.h so they are checked against the definitions.
|
187913 |
30-Jan-2009 |
maxim |
o Fix typo: indentical -> identical.
PR: docs/131149 Submitted by: Patrick Oonk MFC after: 1 week
|
186405 |
23-Dec-2008 |
cperciva |
Prevent cross-site forgery attacks on ftpd(8) due to splitting long commands into multiple requests. [08:12]
Avoid calling uninitialized function pointers in protocol switch code. [08:13]
Merry Christmas everybody...
Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw
|
168899 |
20-Apr-2007 |
trhodes |
Remove references to S/Key and list OPIE.
|
168871 |
19-Apr-2007 |
yar |
Reword the description of the UTF8 option (-8) so I can swear to myself that I understand it.
Bump document date.
|
168849 |
18-Apr-2007 |
yar |
Add support for RFC 2389 (FEAT) and RFC 2640 (UTF8) to ftpd(8).
The support for RFC 2640 (UTF8) is optional and rudimentary. The server just advertises its capability to handle UTF-8 file names and relies on its own 8-bit cleanness, as well as on the backward compatibility of UTF-8 with ASCII. So uploaded files will have UTF-8 names, but the initial server contents should be prepared in UTF-8 by hand, no on-the-fly conversion of file names will be done.
PR: bin/111714 Submitted by: Zhang Weiwu <see email in the PR> MFC after: 1 week
|
166598 |
09-Feb-2007 |
yar |
Let automatic TCP send buffer sizing do its job for ftpd(8): stop setting the SO_SNDBUF socket option. Using a hard-coded value for it was a poor idea anyway in the face of diverse network conditions.
|
159276 |
05-Jun-2006 |
yar |
Fix compilation of ftpcmd.y without -DINET6. Respect MK_INET6_SUPPORT in Makefile.
Requested by: Attila Nagy <bra at fsn dot hu> MFC after: 1 week
|
156813 |
17-Mar-2006 |
ru |
Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
156156 |
01-Mar-2006 |
ume |
- Reduce needless DNS query by lookup only appropriate address family. [1] - Specify appropriate hints to getaddrinfo(3). [1] - Obtain address family from peername in inet mode.
Submitted by: Rostislav Krasny <rosti.bsd__at__gmail.com> [1] Tested by: yar, Rostislav Krasny <rosti.bsd__at__gmail.com> MFC after: 1 week
|
154997 |
29-Jan-2006 |
yar |
Touch .Dd because the last commit was content-related.
|
154634 |
21-Jan-2006 |
yar |
In the daemon code, check for and report possible errors from accept(2) and fork(2). Also close all unneeded fds in the child process, namely listening sockets for all address families and the fd initially obtained from accept(2). (The main ftpd code operates on stdin/stdout anyway as it has been designed for running from inetd.)
MFC after: 5 days
|
154631 |
21-Jan-2006 |
yar |
The daemon's child shouldn't go on with the for loop over ctl_sock's -- it is solely the parent daemon's job. So just break out of the loop in the child.
MFC after: 5 days
|
154630 |
21-Jan-2006 |
yar |
Use pidfile(3) provided by libutil to manage the deamon's pid file.
By default, create a pid file at the standard location, /var/run/ftpd.pid, in accord with the expected behavior of a stock system daemon.
MFC after: 5 days
|
141967 |
16-Feb-2005 |
yar |
Add some consistency checks to the signal-related code.
MFC: along with rev. 1.202
|
141966 |
16-Feb-2005 |
yar |
A call to maskurg() makes sense only when a transfer is under way, the function will emit an annoying log message otherwise.
Reported by: kris MFC: along with rev. 1.202
|
141918 |
14-Feb-2005 |
stefanf |
Fix most cases where the address of an int is passed to a function expecting a socklen_t * argument.
|
140473 |
19-Jan-2005 |
yar |
Respect the `logging' flag.
Pointed out by: Nick Leuta MFC after: 3 days
|
140472 |
19-Jan-2005 |
yar |
Improve handling SIGURG and OOB commands on the control channel.
The major change is to process STAT sent as an OOB command w/o breaking the current data transfer. As a side effect, this gives better error checking in the code performing data transfers.
A lesser, but in no way cosmetic, change is using the flag `recvurg' in the only signal-safe way that has been blessed by SUSv3. The other flag, `transflag,' becomes private to the SIGURG machinery, serves debugging purposes only, and may be dropped in the future.
The `byte_count' global variable is now accounting bytes actually transferred over the network. This can give status messages looking strange, like "X of Y bytes transferred," where X > Y, but that has more sense than trying to compensate for combinations of data formats on the server and client when transferring ASCII type data. BTW, getting the size of a file in advance is unreliable for a number of reasons in the first place. See question 18.8 of the Infrequently Asked Questions in comp.lang.c for details.
PR: bin/52072 Tested by: Nick Leuta (earlier versions), a stress-testing tool (final) MFC after: 1 month
|
140414 |
18-Jan-2005 |
ru |
Sort sections.
|
139981 |
10-Jan-2005 |
yar |
Replace err(3) calls when in daemon mode by syslog(3), too. A daemon has no stderr to send its complains to.
Pointed out by: Nick Leuta MFC after: 1 week
|
139126 |
21-Dec-2004 |
ru |
NOPAM -> NO_PAM
|
138911 |
16-Dec-2004 |
yar |
Do a small style(9) fix before I'm hacking the code itself.
|
138910 |
16-Dec-2004 |
yar |
free(3) is void already.
|
138747 |
12-Dec-2004 |
yar |
Never emit a message to stderr: use syslog instead. When in inetd mode, this prevents bogus messages from appearing on the control channel. When running as a daemon, we shouldn't write to the terminal we used to have at all.
PR: bin/74823 MFC after: 1 week
|
137987 |
22-Nov-2004 |
yar |
When looking for a virtual host to handle the connection, stop the search on the first match for efficiency.
Submitted by: Nick Leuta
|
137986 |
22-Nov-2004 |
yar |
Calling pam_chauthtok() isn't really needed since an FTP user has no chance to change password anyway.
Submitted by: Nick Leuta
|
137985 |
22-Nov-2004 |
yar |
Don't log the chroot dir on every command since it's constant for a session. Log it once at the beginning of the session instead. OTOH, log wd each time for the sake of better auditing and consistent log format.
Proposed by: Nick Leuta <skynick -at- mail.sc.ru>
|
137984 |
22-Nov-2004 |
yar |
Always log remote IP.
PR: bin/59773
|
137983 |
22-Nov-2004 |
yar |
Treat host name buffers consistently.
|
137862 |
18-Nov-2004 |
yar |
Make chrootdir global and use it in log messages regarding restricted users.
MFC after: 2 weeks
|
137861 |
18-Nov-2004 |
yar |
Nitpicking on style(9) and whitespace.
Tested with: md5(1)
|
137859 |
18-Nov-2004 |
yar |
Use __FBSDID.
|
137853 |
18-Nov-2004 |
yar |
Don't say, "file: permission denied," if the operation is disabled entirely.
|
137852 |
18-Nov-2004 |
yar |
Use uniform punctuation, capitalization, and language style in server messages wherever this doesn't contradict to a particular message format.
|
137851 |
18-Nov-2004 |
yar |
Apply __printflike() to the appendf() prototype so the compiler can detect format errors.
|
137850 |
18-Nov-2004 |
yar |
Fix perror_reply() vs. reply() usage.
|
137849 |
18-Nov-2004 |
yar |
'\n' needs not to appear in reply() strings.
|
137848 |
18-Nov-2004 |
yar |
Log pathname arguments to ftp commands as the user specified them; add the working directory pathname to the log message if any of such arguments isn't absolute. This has advantage over the old way of logging that an admin can see what users are actually trying to do, and where. The old code was also not too robust when it came to a chrooted session and an absolute pathname.
Pointed out by: Nick Leuta MFC after: 2 weeks
|
137847 |
18-Nov-2004 |
yar |
Use S_ISDIR() macro instead of a hand-rolled test.
|
137839 |
18-Nov-2004 |
yar |
getcwd() won't leave a error string in the buffer, unlike getwd().
|
137830 |
17-Nov-2004 |
yar |
Use POSIX functions instead of legacy ones: getwd() -> getcwd() wait3() -> waitpid()
|
137811 |
17-Nov-2004 |
yar |
Kill more unneeded casts found.
Noticed by: Nick Leuta <skynick -at- mail.sc.ru> (some of them)
|
137729 |
15-Nov-2004 |
yar |
Don't invent ways of capitalization orthogonal to the English grammar.
|
137728 |
15-Nov-2004 |
yar |
RFC 959 states that the following codes should be used for status replies on file system objects:
212 Directory status. 213 File status.
Reported by: Oleg Koreshkov <okor -at- zone.salut.ru> MFC after: 1 week
|
137660 |
13-Nov-2004 |
yar |
Using off_t to pass a block size is obvious overkill. The size_t type is better suited for that, particularly because the "blksize" argument is to be passed to malloc() and read(). On 64-bit archs it's more to a style issue, but the good style of coding in C is also important.
|
137659 |
13-Nov-2004 |
yar |
Kill ancient casts to integral types left from the K&R era. They're unneeded and sometimes erroneous now.
|
137145 |
03-Nov-2004 |
yar |
Fix logxfer() by using realpath(3) instead of playing with getwd(3). Previously logxfer() used to record bogus pathnames to the log in some cases, namely, when cwd was / or "name" was absolute.
Noticed by: Nick Leuta MFC after: 2 weeks
|
137132 |
02-Nov-2004 |
yar |
Replace the last occurence of (long long) and %qd with (intmax_t) and %jd, which is the right way to printf an off_t in the presence of <stdint.h>.
Submitted by: Nick Leuta
|
137108 |
01-Nov-2004 |
yar |
OpenPAM allows passing a NULL "pamh" to pam_strerror() to indicate that the creation of a PAM context has failed.
N.B. This does not apply to pam_strerror() in RELENG_4, it will mishandle a NULL "pamh".
Discussed with: des
|
137078 |
30-Oct-2004 |
yar |
- Stop shadowing global "pamh" by a local variable in auth_pam(). - Stop calling pam_strerror() with NULL pamh. - Add a missing call to pam_end().
PR: bin/59776 Submitted by: Nick Leuta <see PR for email> MFC after: 2 weeks
|
137076 |
30-Oct-2004 |
yar |
Describe the semantics of the sgetpwnam() helper function in the comment above it so that nobody will save pointers returned inside "struct passwd" across the calls to the function.
|
136929 |
24-Oct-2004 |
yar |
Log the actual number of bytes sent on the wire to /var/log/ftpd instead of the disk size of the file sent. Since the log file is intended to provide data for anonymous ftp traffic accounting, the disk size of the file isn't really informative in this case.
PR: bin/72687 Submitted by: Oleg Koreshkov MFC after: 1 week
|
136556 |
15-Oct-2004 |
yar |
We must not fall back to the old way (read-write) if sendfile() transferred some data before throwing a error condition because sendfile() won't move the file offset for read() to start from.
MFC after: 2 weeks
|
136555 |
15-Oct-2004 |
yar |
Clean-up around sendfile(): drop an excessive check for error condition.
|
136554 |
15-Oct-2004 |
yar |
Account for the fact that sendfile(2) may hit the end of file prematurely, e.g., if the file has been truncated by someone else.
PR: bin/72649 Submitted by: Oleg Koreshkov (portions) MFC after: 2 weeks
|
135738 |
24-Sep-2004 |
maxim |
Indent.
|
135737 |
24-Sep-2004 |
maxim |
o Merge rev. 1.5 libexec/ftpd/ftpd.c from DragonflyBSD:
Do not unconditionally fork() after accept(). accept() can return -1 due to an interrupted system call (i.e. SIGCHLD). If we fork in that case ftpd can get into an accept()/SIGCHLD/fork/[fail]/repeat loop.
Reported-by: fabian <fabian.duelli@bluewin.ch>
Obtained from: DragonflyBSD MFC after: 1 month
|
132932 |
31-Jul-2004 |
yar |
ftpd(8) seems to be WARNS=2 clean now.
Tested on: i386, ia64, amd64, sparc64, alpha
|
132931 |
31-Jul-2004 |
yar |
Change ``(foo *)0'' to ``NULL'' where it's possible (and it appears possible throughout ftpd(8) source.)
It is not a mere issue of style: Null pointers in C seem to have been mistaken one way or another quite often.
|
132930 |
31-Jul-2004 |
yar |
Kill a small herd of casts to off_t where they were not needed. Thank Fortune, the C compiler can figure out by itself the proper conversion for assignments, comparisons, and prototyped function arguments.
|
132929 |
31-Jul-2004 |
yar |
Printf(3) off_t values through conversion to intmax_t since we've got <stdint.h> et al now. (This makes ftpd(8) WARNS=2 clean.)
|
132926 |
31-Jul-2004 |
yar |
Kill an unused variable (heading to WARNS=2.)
|
132925 |
31-Jul-2004 |
yar |
Convert a couple of bogus null statements to the right form. (Heading to WARNS=2.)
|
132894 |
30-Jul-2004 |
yar |
Ditto for (gid_t).
|
132893 |
30-Jul-2004 |
yar |
Kill casts to (uid_t) obviously left from the K&R era. Prototyping library functions in header files has rendered them superfluous.
|
132891 |
30-Jul-2004 |
yar |
Add a comment to explain that the loop around the call to bind(2) is not a hack, but it has a clear purpose.
|
132889 |
30-Jul-2004 |
yar |
Open a socket for a data transfer in active mode using euid of the current user, not root. This will allow neat things like matching anonymous FTP data traffic with a single ipfw(8) rule: ipfw add ... tcp from any to any uid ftp
Note that the control connection socket still belongs to the user ftpd(8) was started from, usually root.
PR: bin/65928 Submitted by: Eugene Grosbein <eugen at grosbein.pp.ru> MFC after: 1 month
|
131487 |
02-Jul-2004 |
ru |
Mechanically kill hard sentence breaks.
|
130428 |
13-Jun-2004 |
obrien |
Simplify conditional compilation logic some.
|
129304 |
16-May-2004 |
ru |
There's no such beast like AF_INET4, even when powered by whiskey.
|
129170 |
13-May-2004 |
tjr |
Handle variable argument lists correctly in reply() and lreply(). In particular, do not pass the same va_list to both vprintf() and vsyslog() without first reinitializing it. This fixes ftpd -d on amd64.
|
125570 |
07-Feb-2004 |
yar |
NULL looks better than (char *)0 unless we're passing an unprototyped argument to a function.
|
125569 |
07-Feb-2004 |
yar |
Deny attempts to rename a file from guest users if the policy says they may not modify existing files through FTP.
Renaming a file is effectively a way to modify it. For instance, if a malicious party is unable to delete or overwrite a sensitive file, they can nevertheless rename it to a hidden name and then upload a troyan horse under the guise of the old file name.
|
125568 |
07-Feb-2004 |
yar |
perror_reply() should not be used where errno isn't meaningful.
|
125565 |
07-Feb-2004 |
yar |
Work around a bug in some clients by never returning raw directory contents in reply to a RETR command. Such clients consider RETR as a way to tell a file from a directory. Mozilla is an example.
PR: bin/62232 Submitted by: Bob Finch <bob+freebsd <at> nas <dot> com> MFC after: 1 week
|
125336 |
02-Feb-2004 |
ru |
Reorder dependencies to fix static NOPAM build.
Submitted by: lorder(1)
|
124687 |
18-Jan-2004 |
charnier |
add missing setusershell() calls.
PR: bin/2442 Reviewed by: Friedemann Becker <zxmxy33@mail.uni-tuebingen.de>
|
124229 |
07-Jan-2004 |
anholt |
man ftpd says that "by default, anonymous users cannot modify existing files." However, the code did allow deletion of files. Make deleting require the -m flag, too.
PR: bin/60809 Submitted by: Alexander Melkov <melkov@comptek.ru>
|
122751 |
15-Nov-2003 |
yar |
If a file to send in ASCII mode already has CRLF as end-of-line, don't add excessive CR on the wire.
PR: bin/59285 Submitted by: Andrey Beresovsky <and at rsu.ru> MFC after: 1 week
|
121537 |
26-Oct-2003 |
peter |
Pacify gcc warning with a Douglas Adams reference.
|
120059 |
14-Sep-2003 |
ume |
Don't depend on IPv4-mapped IPv6 address to bind to both IPv4 and IPv6.
Wrote at: Hakone. Powered by: Warner Losh's scotch whisky. Requested by: nork
|
119632 |
01-Sep-2003 |
kan |
Eliminate last three uses of varargs.h in the tree. These three files were including varargs.h file but did not use any of its macros, so they escaped the clean-up before.
|
119602 |
31-Aug-2003 |
ceri |
Add a note that the -u option can be overridden by settings in login.conf(5).
PR: docs/56017 Submitted by: Josef El-Rayes <j.el-rayes@daemon.li>
|
117352 |
09-Jul-2003 |
yar |
Block SIGURG while reading from the control channel.
Rationale:
SIGURG is configured by ftpd to interrupt system calls, which is useful during data transfers. However, SIGURG could interrupt I/O on the control channel as well, which was mistaken for the end of the session.
A practical example could be aborting the download of a tiny file, when the abort sequence reached ftpd after ftpd had passed the file data to the system and returned to its command loop.
Reported by: ceri MFC after: 1 week
|
117351 |
09-Jul-2003 |
yar |
Improve error handling in getline(): - always check the return value from getc(3) for EOF; - if the attempt to read the TELNET command byte has returned EOF, exit from the loop instead of using the EOF value as a normal character.
MFC after: 1 week
|
117349 |
09-Jul-2003 |
yar |
Make a malloced copy of "chrootdir" even if it points to an absolute pathname inside "residue" so "chrootdir" can be simply freed later.
PR: bin/53435 Submitted by: Yutaka Ishihara <yutaka at fandc.co.jp> MFC after: 1 week
|
116655 |
21-Jun-2003 |
yar |
Don't declare unneeded extern variables, leave alone specifying a wrong type for one of them.
|
116439 |
16-Jun-2003 |
yar |
If ftpd is run with an -h option (hide host-specific info,) don't reveal the info in reply to the SYST command.
Get rid of using the "unix" macro at the same time. It was a rather poor way to check if the system was Unix since there were quite a few Unix clones out there whose cc didn't define "unix" (e.g., NetBSD.) It was also sensitive to the C standard used, which caused unnecessary trouble: With -std=c99, it should have been "__unix__", and so on.
PR: bin/50690 Submitted by: Alex Semenyaka <alexs _at_ snark.ratmir.ru> MFC after: 1 week
|
116034 |
08-Jun-2003 |
charnier |
Add section number to .Xr
|
115634 |
01-Jun-2003 |
ru |
Assorted mdoc(7) fixes.
|
115087 |
16-May-2003 |
ru |
mdoc(7) police: Properly markup the previous revision.
Approved by: re (blanket)
|
112644 |
25-Mar-2003 |
silby |
Update the description of the -u option to mention that IP_PORTRANGE_HIGH and _DEFAULT are the same for 5.x.
Committed under threat of action from: The mdoc police
|
111447 |
24-Feb-2003 |
ru |
mdoc(7) police: Scheduled sweep.
|
110707 |
11-Feb-2003 |
yar |
Kill unnecessary vertical whitespace.
|
110691 |
11-Feb-2003 |
yar |
Use LOG_AUTHPRIV to hide the username attempted during an invalid login from everyone but sysadmins.
PR: bin/29487 MFC after: 3 days
|
110378 |
05-Feb-2003 |
yar |
Allow "~/" in pathnames to work for a chrooted user.
|
110340 |
04-Feb-2003 |
yar |
Let tilde expansion be done even if a file/directory doesn't exist yet. This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile" do what they are supposed to instead of failing miserably with the "File not found" error.
This involves a bit of code reorganization. Namely, the code doing glob(3) expansion has been separated to a function; a new function has been introduced to do tilde expansion; the latter function is invoked on a pathname before the former one. Thus behaviour mimicing that of the Bourne shell has been achieved.
|
110307 |
04-Feb-2003 |
yar |
RFC 959 doesn't list reply code 550 as a valid responce to STOR/STOU, so return reply code 553 to indicate a error from open(2) for consistency, as long as the code is used in the rest of the STOR/STOU handler.
|
110144 |
31-Jan-2003 |
yar |
Let real users access special files through FTP if allowed by their filesystem permissions.
This doesn't break anything since using sendfile(2) is triggered later by a separate S_ISREG conditional.
PR: bin/20824 MFC after: 1 week
|
110046 |
29-Jan-2003 |
yar |
When searching for a unique file name in guniquefd(), distinguish between the cases of an existing file and a real system error, such as I/O failure, no access etc.
MFC after: 3 days
|
110037 |
29-Jan-2003 |
yar |
Add a new option to ftpd(8), "-h", to disable printing any host-specific information in FTP server messages (so paranoid admins can sleep at night :-)
PR: bin/16705 MFC after: 1 week
|
110036 |
29-Jan-2003 |
yar |
Give the code around chroot(2)/chdir(2) a major overhaul by separating its part around chroot(2) from that around initial chdir(2). This makes the below changes really easy.
Move seteuid(to user's uid) to before calling chdir(2). There are two goals to achieve by that. First, NFS mounted home directories with restrictive permissions become accessible (local superuser can't access them if not mapped to uid 0 on the remote side explicitly.) Second, all the permissions to the home directory pathname components become effective; previously a user could be carried to any local directory despite its permissions since the chdir(2) was done with euid 0. This reduces possible impact from FTP server misconfiguration, e.g., assigning a wrong home directory to a user.
Implement the "/./" feature. Now a guest or user subject to chrooting may have "/./" in his login directory, which separates his chroot directory from his home directory inside the chrooted environment. This works for ftpchroot(5) as well.
PR: bin/17843 bin/23944
|
109939 |
27-Jan-2003 |
yar |
Actually extract the second field from a line in ftpchroot(5) instead of just using the rest of the line behind the first field.
|
109938 |
27-Jan-2003 |
yar |
Allow more than one separator character between fields in ftpchroot(5).
|
109893 |
26-Jan-2003 |
yar |
Extend the format of /etc/ftpchroot so an alternative chroot directory can be specified for a user or a group.
Add the manpage ftpchroot(5) since the file's format has grown complex enough.
PR: bin/45327 Portions submitted by: Hideki SAKAMOTO <sakamoto@hlla.is.tsukuba.ac.jp> MFC after: 1 week
|
109815 |
25-Jan-2003 |
yar |
GLOB_MAXPATH has been deprecated in favour of GLOB_LIMIT.
|
109742 |
23-Jan-2003 |
yar |
- Add a new option, ``-P port'', to specify the port for ftpd(8) to listen at in daemon mode. - Use the port by 1 less than the control port as the default data port instead of always using hard-coded port 20.
Submitted by: roam MFC after: 1 week
|
109685 |
22-Jan-2003 |
yar |
Prevent server-side glob(3) patterns from expanding to a pathname that contains '\r' or '\n'.
Together with the earlier STAT bugfix, this must solve the problem of such pathnames appearing in the FTP control stream.
|
109611 |
21-Jan-2003 |
cjc |
The FTP daemon was vulnerable to a DoS where an attacker could bind() up port 20 for an extended period of time and thus lock out all other users from establishing PORT data connections. Don't hold on to the bind() while we loop around waiting to see if we can make our connection.
Being a DoS, it has security implications, giving it a short MFC time.
MFC after: 1 day
|
109382 |
16-Jan-2003 |
yar |
Prepend a space character if a line begins with a digit in the output to the "STAT file" request.
This closes one discrepancy with RFC 959 (page 36.)
See also http://www.kb.cert.org/vuls/id/328867
Obtained from: OpenBSD
|
109380 |
16-Jan-2003 |
yar |
Replace the instances of literal "/bin/ls" with the _PATH_LS macro to be consistent with the rest of the ftpd(8) source.
|
108317 |
27-Dec-2002 |
schweikh |
english(4) police.
|
107231 |
25-Nov-2002 |
ru |
mdoc(7) police:
Properly sort options, spell "file system" correctly, expand contraction.
Catch up to the src/etc/syslog.conf,v 1.23 change: ftpd(8) session logs are now by default get logged to /var/log/xferlog.
Approved by: re
|
107030 |
17-Nov-2002 |
peter |
Oops. Some ut_time stuff slipped through the cracks. These turned out to be non-fatal due to stack alignment roundups.
|
106754 |
11-Nov-2002 |
yar |
Don't free the current addrinfo list, or else a pointer to a freed memory area would arise. Only an addrinfo list from an earlier call to getaddrinfo() should be freed there because it will be substituted by the current list referenced by "res".
Reported by: John Long <fbsd1@pruam.com> MFC after: 5 days
|
105877 |
24-Oct-2002 |
rwatson |
Have ftpd specify the LOGIN_SETMAC flag to setlogincontext() so that MAC labels are set if MAC is enabled and configured for the user logging in.
Note that lukemftpd is not considered a supported application when MAC is enabled, as it does not use the standard system interfaces for managing user contexts; if lukemftpd is used with labeled MAC policies, it will not properly give up privileges when switching to the user account.
Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
105832 |
24-Oct-2002 |
rwatson |
Teach "ls -Z" to use the policy-agnostic MAC label interfaces rather than the LOMAC-specific interfaces for listing MAC labels. This permits ls to view MAC labels in a manner similar to getfmac, when ls is used with the -l argument. Next generation LOMAC will use the MAC Framework so should "just" work with this and other policies. Not the prettiest code in the world, but then, neither is ls(1).
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
103949 |
25-Sep-2002 |
mike |
Use the standardized CHAR_BIT constant instead of NBBY in userland.
|
102566 |
29-Aug-2002 |
yar |
The mode can be "r+" as well on PUT, but only "a" on APPE.
|
102565 |
29-Aug-2002 |
yar |
Fix lexer jam on unimplemented commands.
Submitted by: maxim MFC after: 5 days
|
102474 |
27-Aug-2002 |
yar |
Remove variables no longer used.
|
102473 |
27-Aug-2002 |
yar |
More inithosts() fixes: o Don't free(3) memory occupied by host structures already in the host list. o Set hrp->hostinfo to NULL if a host record has to stay in the host list, but is to be ignored. Selecthost() knows that. o Reduce the pollution with excessive NULL checks. o Close a couple of memory leaks.
MFC after: 1 week
|
102469 |
27-Aug-2002 |
yar |
Fix an inconsistency between a printf-like format and its argument list.
Submitted by: kris MFC after: 3 days
|
102311 |
23-Aug-2002 |
yar |
Add option '-W': don't log FTP sessions to wtmp.
Submitted by: maxim MFC after: 1 week
|
102183 |
20-Aug-2002 |
yar |
Clean up hostname and hostinfo handling in inithosts(): o check getaddrinfo(3) return value, not result pointer o getaddrinfo(3) returns int, not pointer o don't leak memory allocated for hostnames and hostinfo structures o initialize pointers that will be checked for NULL somewhere
MFC after: 1 week
|
101809 |
13-Aug-2002 |
yar |
Fix a wrong comment on (hopefully) right code.
MFC after: 3 days
|
101806 |
13-Aug-2002 |
yar |
Fix command help lines: o PORT takes six byte values, not five. o TYPE argument is mandatory.
Submitted by: demon (the 1st part) MFC after: 3 days
|
101537 |
08-Aug-2002 |
yar |
Rework storing files thoroughly. This includes:
o Remove the race between stat(2) & fopen(3) when creating a unique file.
o Improve bound checking when generating a unique name from a given pathname.
o Ignore REST marker on APPE. No RFC specifies this case, but the idea of resuming APPE's implies this.
o By default, deny upload resumes and appends by anonymous users. Previously these commands were translated to STOU silently, which led to broken files on server without any notification to the user.
o Add an option, -m, to allow anonymous users to modify existing files (e.g., to resume uploads) if filesystem permissions permit.
Portions obrainded from: OpenBSD MFC after: 3 weeks
|
101395 |
05-Aug-2002 |
yar |
1) Use "pathstring" instead of "STRING" consistently. 2) Remove unneeded "if not NULL" props from "pathstring", which will never be NULL by the lexer design.
Inspired by: OpenBSD MFC after: 1 week
|
101380 |
05-Aug-2002 |
yar |
Since GLOB_NOCHECK is set in the glob(3) call, glob(3) will return at least one pathname unless a system error has occured. It's not a "not found" error otherwise.
MFC after: 3 days
|
101379 |
05-Aug-2002 |
yar |
Spot places where "pathname" hasn't been checked for NULL. The "pathname" rule may return NULL on a glob(3) error.
Obtained from: OpenBSD MFC after: 1 week
|
101378 |
05-Aug-2002 |
yar |
Disallow invalid numeric mode values for SITE CHMOD. Earlier, a decimal number (e.g., 890) could be passed for mode, leading to dangerous permissions set: -1, that is, 07777.
Obtained from: OpenBSD MFC after: 1 week
|
101376 |
05-Aug-2002 |
yar |
Reflect in the ftpd(8) manpage the fact that ASCII SIZE requests against large files will be denied.
MFC after: 10 days
|
101034 |
31-Jul-2002 |
yar |
Deny the SIZE command on large files when in ASCII mode. This eliminates an opportunity for DoS attack.
Pointed out by: maxim Inspired by: lukemftpd, OpenBSD MFC after: 2 weeks
|
100878 |
29-Jul-2002 |
yar |
Conform to RFC 959, Appendix II, when replying to a successful MKD command.
MFC after: 1 week
|
100720 |
26-Jul-2002 |
yar |
Make the `-v' option a synonym for `-d' (as it was intended initially) and document it in the manpage.
MFC after: 2 weeks
|
100719 |
26-Jul-2002 |
yar |
Document the -u (set umask) option (which has been there at least since 4.4BSD-Lite!)
MFC after: 2 weeks
|
100717 |
26-Jul-2002 |
yar |
Sort command-line options according to the mostly used style: alphabetical order, lower and upper case of the same letter stick together, lower case first.
MFC after: 2 weeks
|
100684 |
25-Jul-2002 |
yar |
Use <arpa/ftp.h> stuff cleanly, without introducing non-portable constants (in this case, hidden as offsets to the "?AEIL" string.)
MFC after: 1 week
|
100615 |
24-Jul-2002 |
yar |
Re-use passive data ports with the SO_REUSEADDR socket option to avoid exausting the passive port space by TIME_WAIT'ing connections.
PR: bin/36955 Submitted by: Maxim Konovalov <maxim@FreeBSD.org> MFC after: 2 weeks
|
100612 |
24-Jul-2002 |
yar |
Remove the outdated casts to "char *" from the setsockopt(2), write(2), and getipnodebyaddr(3) calls. Now all the above functions accept "void *" in that arguments and have prototypes. Thus, the casts are useless under the normal circumstances (and would be harmful if the functions had no prototypes.)
MFC after: 2 weeks
|
100609 |
24-Jul-2002 |
yar |
Clean up the syslog(3) messages on the setsockopt(2) errors:
o Always check a setsockopt(2) return value o Use a consistent message format o Don't abort if the failed setsockopt(2) was actually not vital o Use LOG_WARNING, not LOG_ERR, in non-fatal cases
MFC after: 1 week
|
100505 |
22-Jul-2002 |
ume |
use IPV6_V6ONLY instead of non standard IPV6_BINDV6ONLY.
MFC after: 1 week
|
100486 |
22-Jul-2002 |
yar |
Fix one RFC 959 incompliance: Double double-quotes in a PWD result if they appear in the directory pathname.
PR: misc/18365 MFC after: 1 week
|
100439 |
21-Jul-2002 |
yar |
Allow deleting and renaming stale symlinks and deleting symlinks pointing to directories.
PR: bin/37250 Submitted by: Nino Dehne <TeCeEm@gmx.de> MFC after: 1 week
|
100263 |
17-Jul-2002 |
yar |
Avoid passing NULL to freehostent(3).
MFC after: 1 week
|
100259 |
17-Jul-2002 |
yar |
Fix setting parameters for getipnodebyaddr(3): o "struct addrinfo" contains a pointer to "struct sockaddr," not "struct sockaddr" itself o the function takes a pointer to "struct in*_addr", not to "struct sockaddr," so the address length must be corresponding
MFC after: 1 week
|
100222 |
17-Jul-2002 |
mikeh |
GLOB_QUOTE has been retired.
|
100183 |
16-Jul-2002 |
yar |
Use the right indent for the closing brace: it belongs to `if', not to `for'. The previous indent was reather misleading for the code reader.
MFC after: 1 week
|
100182 |
16-Jul-2002 |
yar |
Replace the awkward hackery about strtok(3) by conventional one-way parsing of ftphosts(5). Don't let NULL hostname pointers into virtual host records as well.
PR: bin/18410 MFC after: 1 month
|
99877 |
12-Jul-2002 |
yar |
Use fgetln(3) to read lines from configuration files (ftpusers, ftphosts.) Thus lines of any length can be handled, unlike before.
Don't assume that each line read from the files ends with a newline.
As a side effect in inithosts(), don't use automatic buffer at all, utilize malloc(3) when getting local host name instead.
PR: misc/21494 Reviewed by: maxim, mikeh MFC after: 1 month
|
99500 |
06-Jul-2002 |
charnier |
The .Nm utility
|
99318 |
03-Jul-2002 |
dan |
Make sure to reset transflag back to zero upon succesfully using sendfile() to transfer a file.
PR: 39362 Submitted by: TANAKA Hiroyuki <kattyo@abk.nu> MFC after: 1 week
|
99255 |
02-Jul-2002 |
ume |
Cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach scope identifier).
MFC after: 3 weeks
|
99213 |
01-Jul-2002 |
maxim |
Remove trailing whitespaces.
|
99212 |
01-Jul-2002 |
maxim |
Move 'byte_count' calculation just before 'recvurg' check. It is a global variable and used in myoob().
PR: bin/38928 Submitted by: Oliver Fromme <olli@secnetix.de> MFC after: 1 month
|
99195 |
01-Jul-2002 |
mdodd |
Implement a flag to disable directory creation for anonymous users.
PR: misc/38987 Submitted by: Peter da Silva <peter@abbnm.com> MFC after: 1 week
|
98973 |
28-Jun-2002 |
markm |
Remove a GCC-specific command-line option. We should be using WARNS=n for this stuff.
|
97420 |
28-May-2002 |
alfred |
Assume __STDC__, remove non-__STDC__ code.
|
92272 |
14-Mar-2002 |
maxim |
Teach REST how to restart a file transfer after 2^31 bytes: now yylex() returns off_t in yylval.u.o. REST is the only user of yylval.u.o at the moment.
NB: seems lukemftpd has the same bug.
PR: misc/28629 Reviewed by: ru Approved by: ru MFC after: 1 month
|
92090 |
11-Mar-2002 |
maxim |
Remove duplicated yacc nonterminals declarations, sort includes. No functional changes from rev. 1.31.
Reviewed by: ru Approved by: ru MFC after: 1 week
|
91404 |
27-Feb-2002 |
obrien |
Put the last added source file in proper order. (and dcc the committer a dictionary)
|
91244 |
25-Feb-2002 |
des |
Rewrite the part of the conversation function that allocates the reply array; it was inelegant and neglected to check the return value from malloc(3).
Sponsored by: DARPA, NAI Labs
|
90604 |
13-Feb-2002 |
maxim |
Fix infinite loop around sendfile(2) after sending >4GB file.
PR: bin/33770 Submitted by: Vladislav Shabanov <vs@rambler-co.ru> Reviewed by: ru Approved by: ru MFC after: 1 month
|
90164 |
04-Feb-2002 |
kris |
Lock down with WFORMAT?=1, with overrides in the subdirectories which are not yet warning-clean. Tested on i386 and alpha.
|
90158 |
04-Feb-2002 |
kris |
Silence some FORMAT_AUDIT warnings (one left)
|
90148 |
03-Feb-2002 |
imp |
o Eliminate __P o Use new-style function definitions o remove some !__STDC__ code o eliminate register
|
89935 |
28-Jan-2002 |
yar |
Remove the setjmp/longjmp stuff completely. Use signal handlers to set flags only (with exception for sigquit(), which still seems to call some non-reentrant functions on its way to _exit(2).) That must eliminate the possibility of catching SIGSEGV from following non-reentrant paths from signal handlers.
PR: bin/32740 bin/33846 Submitted by: Maxim Konovalov <maxim@macomnet.ru> Obtained from: OpenBSD
|
89920 |
28-Jan-2002 |
ume |
Log wtmp according to an address family properly.
Reported by: matusita Reviewed by: matusita MFC after: 1 week
|
89622 |
21-Jan-2002 |
ache |
Remove my workaround fallback since PAM now do it properly.
|
89569 |
19-Jan-2002 |
des |
Really back out ache's commits. These files are now precisely as they were twentyfour hours ago, except for RCS ids.
|
89568 |
19-Jan-2002 |
ache |
Back out PAM_CRED_ERR addition
|
89552 |
19-Jan-2002 |
ache |
Add PAM_CRED_ERR as valid failure case
|
89544 |
19-Jan-2002 |
ache |
Call opieunlock() only if we skip opieverify() part
|
89530 |
19-Jan-2002 |
ache |
Remove conditional 'pwok' fallback for PAM which now is implemented in pam_opie module
For non-PAM variant rewrite empty password checking code to do the right thing and not disallow empty passwords in all cases.
|
88935 |
05-Jan-2002 |
dwmalone |
Be more careful about freeing memory after parsing commands. Hiroyuki YAMAMORI gave a patch for the EPRT command in the PR below. Problems with the rest of the patch are my fault.
PR: 33268 Reviewed by: iedowse, sheldonh
|
88763 |
01-Jan-2002 |
ache |
Fix OPIE auth
|
88673 |
29-Dec-2001 |
bde |
Fixed missing DPADD in previous commit. Fixed most style bugs related to DPADD and LDADD.
|
88669 |
29-Dec-2001 |
joe |
Link with libm to take advantage of the -h flag to ls.
Submitted by: Mike Makonnen <mike_makonnen@yahoo.com>
|
86943 |
27-Nov-2001 |
green |
Add lomac.c.
Found by: ken
|
86628 |
19-Nov-2001 |
yar |
Eliminate another instance of the old and well-known DoS bug that the select(2)/accept(2) pair is called on a socket that is in the blocking I/O mode. The bug is triggered if a selected connection dies before the accept(2) leading to the accept(2) blocking virtually forever.
MFC after: 1 week
|
84842 |
12-Oct-2001 |
yar |
Don't let a user name in ftpd's proctitle be mistaken for a status message.
PR: misc/25217 MFC after: 7 days
|
84841 |
12-Oct-2001 |
yar |
Be consistent about indent at least within one block of code.
|
84285 |
01-Oct-2001 |
ru |
mdoc(7) police: markup nits.
|
84146 |
29-Sep-2001 |
ache |
1) Use OPIE response only when OPIE keys really used 2) Use commonly used OPIE response form instead of self-made one
|
83919 |
25-Sep-2001 |
mikeh |
Improve the description on how to construct ~ftp/pub. Specifically, don't instruct users to set the directory mode 777.
PR: 30690 Obtained from: NetBSD (with modification) MFC after: 2 weeks
|
83308 |
10-Sep-2001 |
mikeh |
Remove a field width specifier that's not doing anything more than what using snprintf() achieves. It was also being used incorrectly.
|
82944 |
04-Sep-2001 |
sheldonh |
Do the best we can with respect to fixing command-line option disorder in the SYNOPSIS and DESCRIPTION.
Note that -l remains an ugly exception, to which no known rules apply, since the specification of a single option multiple times isn't normal standards-compliant CLI behaviour.
While here, mark AF_INET* and LOG_* defined values up with Dv.
|
82796 |
02-Sep-2001 |
sheldonh |
Extend the functionality offered by the -o option into a new option -O, which limits the impact of the write-only restriction to guest users.
*) The existing manual page's SYNOPSIS and option listing in the DESCRIPTION are already horribly disordered. No attempt has been made to fix this.
*) The existing source's getopt() optstring and option handling switch are already horribly disordered. No attempt has been made to fix this.
Discussed with: nik, -audit
|
82792 |
02-Sep-2001 |
ache |
long -> off_t long -> time_t %ld -> %qd fseek -> fseeko
NOTE: that fseek not works for >long offsets per POSIX:
[EOVERFLOW] For fseek( ), the resulting file offset would be a value which cannot be represented correctly in an object of type long.
|
82460 |
28-Aug-2001 |
nik |
Add a new option, '-o', for "Write-only". Disables the RETR command, preventing anyone from downloading files. In conjunction with -A, and some appropriate file permissions, this lets you create an anonymous FTP drop box for people to upload files to.
The more obvious "-w" flag is already taken by NetBSD's ftpd. "-o" was available as an option letter in all three BSDs.
|
80525 |
29-Jul-2001 |
mikeh |
Rename the GLOB_MAXPATH flag of glob(3) to GLOB_LIMIT to be compatible with NetBSD and OpenBSD. glob(3) will now return GLOB_NOSPACE with errno set to 0 instead of GLOB_LIMIT when we match more than `gl_matchc' patterns. GLOB_MAXPATH has been left as an alias of GLOB_LIMIT to maintain backwards compatibility.
Reviewed by: sheldonh, assar Obtained from: NetBSD/OpenBSD
|
79979 |
19-Jul-2001 |
obrien |
Portability configuration data for LukeM ftpd.
|
79754 |
15-Jul-2001 |
dd |
Remove whitespace at EOL.
|
79529 |
10-Jul-2001 |
ru |
mdoc(7) police: removed HISTORY info from the .Os call.
|
79469 |
09-Jul-2001 |
markm |
Remove S/Key. PAM can do its job. Well, not quite - there is an issue with the conversation function and challenges which needs to be revisited, so in the interim a hack is introduced to provide an OPIE challenge (which is random if OPIE does not apply) at all non-anonymnous logins.
|
78153 |
13-Jun-2001 |
dd |
Move the definition of epsvall out of #ifdef VIRTUAL_HOSTING so that the latter is not required for ftpd to compile.
|
76106 |
28-Apr-2001 |
markm |
Cleaner method of making PAMable apps static (in the optional case of wanting static apps).
|
76098 |
28-Apr-2001 |
markm |
Damn. That should be _enable_ static linking, not _force_ static linking.
|
76097 |
28-Apr-2001 |
markm |
Enable (optional) static linking. Asked for by: BDE
|
76096 |
28-Apr-2001 |
markm |
Change names of functions and variables with global scope that are in conflict with library values of the same name. This allows static linking.
|
75670 |
18-Apr-2001 |
ru |
mdoc(7) police: normalize .Nd.
|
75567 |
17-Apr-2001 |
peter |
Previous clobbered a work-in-progress. Here is the merged result:
Limit the "pathname" glob to one item, as that is what all users of it are expecting, except for LIST.
Always glob, instead of when the first character is a ~. For example, if you had directories ~/x1, and ~/x2, then "cwd x[1]" would fail, but "cwd ~/x[1]" would work since it was globbed due to the ~ character. Also, "cwd ~/x[12]" used to arbitarily work as it used the first expansion (ie: x1) without an error. Make it return '550 ambiguous' instead of '550 not found' so that the user can see the difference.
For LIST, just use the user supplied string as the popen does the glob.
Problem noticed by: Ajay Mittal <amittal@iprg.nokia.com>
|
75560 |
17-Apr-2001 |
jedgar |
Limit number of paths returned via glob() for authorized users using tilde expansion.
|
75556 |
16-Apr-2001 |
green |
Support the empty "PASS\r\n" command.
|
75542 |
16-Apr-2001 |
ru |
Document that SITE extensions are disabled for anonymous logins.
Obtained from: logdaemon package by Wietse Venema
|
75535 |
15-Apr-2001 |
phk |
Add the "SITE MD5 filename" facility.
This allows you to determine if the file on the other side is the same as the one you have without transferring the entire file to compare.
Needless to say, if the server end lies to you this check doesn't work, but on the other hand, if it lies to you about the files checksum, what can you trust from it ?
|
74874 |
27-Mar-2001 |
markm |
Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux package's PAM patches to the BSD login.c
Submitted by: "David J. MacKenzie" <djm@web.us.uu.net>
|
74814 |
26-Mar-2001 |
ru |
- Backout botched attempt to intoduce MANSECT feature. - MAN[1-9] -> MAN.
|
74529 |
20-Mar-2001 |
ru |
Set the default manual section for libexec/ to 8.
|
74470 |
19-Mar-2001 |
jlemon |
Teach ftpd about the new GLOB_MAXPATH flag.
|
74100 |
11-Mar-2001 |
des |
When the file was transferred using sendfile(2), we forgot to keep track of the transferred byte count. MFC candidate.
PR: bin/25699
|
72710 |
19-Feb-2001 |
des |
Change the read-only reply to "550 Permission denied.".
|
71278 |
20-Jan-2001 |
jedgar |
Limit commands that can be issued when not logged in: TYPE, STRU, MODE, ALLO, STAT, ABOR, SITE IDLE, SYST, REST
Reviewed by: kris, sheldon
|
70205 |
20-Dec-2000 |
dan |
In send_data(), use sendfile() instead of the mmap() algorithm.
|
70144 |
18-Dec-2000 |
ru |
mdoc(7) police: removed hard sentence breaks, run through spell-checker.
|
70116 |
17-Dec-2000 |
demon |
Fix typo.
PR: 23591 Submitted by: mavetju@chello.nl
|
70102 |
16-Dec-2000 |
phk |
Add option -E to disable EPSV which throws certain stateful firewalls into confusion.
Add option -r to make ftpd support only read-only operations.
Submitted by: Flemming (F3) Jacobsen <fj@batmule.dk> Reviewed by: phk
|
69453 |
01-Dec-2000 |
obrien |
The GCC 2.96 snapshots have slightly different rules for finding include files. Mostly -I${.CURDIR} was needed -- especially for YACC generated files as the new cpp does not look in the ultimate source file (ie, the .y file)'s directory as told by the "#line" directive. Some were misspellings of "-I${.CURDIR}" as "-I.".
|
69443 |
01-Dec-2000 |
obrien |
There is no src/contrib-crypto/ anything directory. So don't look for include files in subdirs of it.
|
69234 |
26-Nov-2000 |
danny |
Prevent leakage of information about anonymous user's homedir via 'QUOTE CWD'.
Reviewed by: des
|
68949 |
20-Nov-2000 |
ru |
mdoc(7) police: use the new features of the Nm macro.
|
68901 |
19-Nov-2000 |
kris |
Format string paranoia
|
67007 |
12-Oct-2000 |
guido |
Fix broken PAM with SKEY behaviour: the skey.access file checks were broken because the code failed to set PAM_RHOST.
|
66907 |
10-Oct-2000 |
wollman |
Don't depend on <sys/stat.h> bogusly including <sys/time.h> (and thereby <time.h>).
|
65425 |
04-Sep-2000 |
imp |
remove redundant optreset declaration
|
64778 |
17-Aug-2000 |
sheldonh |
Don't set an arbitrary limit on username lengths; use MAXLOGNAME instead.
PR: 20675 Submitted by: Vladimir B Grebenschikov <vova@express.ru>
|
64699 |
16-Aug-2000 |
ru |
Fix `control socket: Protocol not supported' failure in standalone -D mode when neither -4 nor -6 is specified.
|
64103 |
01-Aug-2000 |
sheldonh |
Honour skey.access(5) by allowing UNIX passwords when skeyaccess(3) has set pwok to a non-zero value.
Previously, the fact that skey.access(5) allowed UNIX passwords for this connection attempt was ignored, even in the NOPAM case.
This only addresses the NOPAM case; when libpam is used, the problem will persist.
PR: 20333
|
63350 |
17-Jul-2000 |
des |
Don't reply "not a plain file" when the requested file doesn't exist.
|
62946 |
11-Jul-2000 |
ben |
Explain that the -S option only logs file downloads, not all transfers.
PR: 16934 Submitted by: Kurt Zeilenga <kurt@OpenLDAP.org>
|
62100 |
26-Jun-2000 |
davidn |
Fix a problem in the virtual host address compare code which caused duplicated host entries in /etc/ftphosts not to be folded. Make sure we exit the loop on a match.
PR: bin/19390
|
61749 |
17-Jun-2000 |
joe |
Switch over to using the new fflagstostr and strtofflags library calls.
|
60929 |
25-May-2000 |
nsayer |
1. Add IPv6 portrange restriction code (-U flag) to passive().
2. Add portrange restriction code (for both v4 and v6) to the EPSV processing stuff.
|
57978 |
13-Mar-2000 |
ru |
Finally unifdef -DINTERNAL_LS.
|
57267 |
17-Feb-2000 |
peter |
Doc fix: remove references to ~ftp/bin/ls as we have FTPD_INTERNAL_LS unconditionally active already.
Noticed by: obrien
|
57124 |
10-Feb-2000 |
shin |
Add more dual stack consideration.
-ftpd need to know each of AF_INET and AF_INET6 addr for hosts specified in /etc/ftphosts.
Approved by: jkh
|
57003 |
05-Feb-2000 |
joe |
Revert part of the last commit, remove {g|s}etflags from the libc interface, and statically link them to the programs using them. These functions, upon reflection and discussion, are too generically named for a library interface with such specific functionality. Also the api that they use, whilst ok for private use, isn't good enough for a libc function.
Additionally there were complications with the build/install-world process. It depends heavily upon xinstall, which got broken by the change in api, and caused bootstrap problems and general mayhem.
There is work in progress to address future problems that may be caused by changes in install-chain tools, and better names for {g|s}etflags can be derived when some future program requires them. For now the code has been left in src/lib/libc/gen (it started off in src/bin/ls).
It's important to provide library functions for manipulating file flag strings if we ever want this interface to be adopted outside of the source tree, but now isn't necessarily the right moment with 4.0-release just around the corner.
Approved: jkh
|
56975 |
03-Feb-2000 |
shin |
Remove unnecessary -g for CFLAGS.
-g for CFLAGS which was set at debugging time was mistakenly committed, so removed it.
Approved by: jkh
|
56974 |
03-Feb-2000 |
shin |
Fix ftpd core dump when hostname is not set.
When hostname is not set, ftpd core dumps, because there is no NULL check for freeing name resolving information for its own hostname. So the check is added.
Approved by: jkh
|
56668 |
27-Jan-2000 |
shin |
another tcp apps IPv6 updates.(should be make world safe) ftp, telnet, ftpd, faithd also telnet related sync with crypto, secure, kerberosIV
Obtained from: KAME project
|
55270 |
30-Dec-1999 |
joe |
Moved flags_to_string and string_to_flags into libutil. It's used in many places nowadays.
|
51979 |
07-Oct-1999 |
alfred |
sync with netbsd PR 8534, fix undefined C code. Pointed out by: David A. Holland
|
51433 |
19-Sep-1999 |
markm |
Fix for new Kerberos4. Make a fist cut at PAM-ising while I'm here.
|
51192 |
12-Sep-1999 |
mharo |
When a STAT command is sent to ftpd as an out-of-band transmission during a file transfer, the command was mishandled on every other receipt of the command.
PR: 13261 Submitted by: Ian Lepore <ian@plutotech.com>
|
50990 |
06-Sep-1999 |
markm |
Add common error lib for the Kerberos case.
|
50476 |
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
50380 |
26-Aug-1999 |
peter |
unifdef -DINTERNAL_LS - it's too useful to be off by default. If anyone really dislikes this, we could add a switch to disable it at runtime and check in popen.c.
|
48313 |
28-Jun-1999 |
mpp |
Update the SYNOPSIS to reflect that the -l option can be specified more than once.
Pointed-out-by: sheldonh
|
46439 |
04-May-1999 |
ghelmer |
Add missing -A option to SYNOPSIS.
PR: docs/10771
|
46078 |
25-Apr-1999 |
imp |
More egcs warning fixes: o main returns int not void o use return 0 at end of main when needed o use braces to avoid potentially ambiguous else o don't default to type int (and also remove a useless register modifier).
Reviewed by: obrien and chuckr
|
45422 |
07-Apr-1999 |
brian |
Ensure that things returned by gethostname() and friends are terminated and allow for a maximum host name length of MAXHOSTNAMELEN - 1. Put parenthesis around sizeof args. Make some variables static. Fix telnetd -u (broken by my last commit)
Prompted by: bde
|
45393 |
06-Apr-1999 |
brian |
Use realhostname() rather than various combinations of gethostbyaddr() & gethostbyname().
Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
|
42587 |
12-Jan-1999 |
asami |
Oops, I missed a few more /etc/nologin references yesterday. It appears my check of the tree was incomplete. Sorry guys.
Reported by: Ben Smithurst <ben@scientia.demon.co.uk>
|
41465 |
02-Dec-1998 |
billf |
Update to correctly reflect the default values of net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast
PR: docs/6745 Submitted by: Masachika Ishizuka <ishizuka@ish.org>
|
41278 |
21-Nov-1998 |
jdp |
Find "klogin.c" in "src/lib/libpam/modules/pam_kerberosIV" instead of in "src/usr.bin/login". The latter instance is going away. As soon as ftpd is PAMized, it won't need to use klogin.c at all.
|
40310 |
13-Oct-1998 |
des |
Set the user context correctly so that cd ~ does the right thing.
PR: bin/7943 bin/8293 Submitted by: Bill Fenner <fenner@parc.xerox.com> Approved by: jkh
|
39783 |
29-Sep-1998 |
alex |
Added double quotes around CHMOD description to prevent garbled output.
PR: 8094 Submitted by: Christoph Weber-Fahr <wefa@callcenter.systemhaus.net>
|
37532 |
09-Jul-1998 |
jkoshy |
Document the use of lines beginning with a '#' as comment lines.
PR: 5676
|
36612 |
03-Jun-1998 |
jb |
signal() returns SIG_ERR on error, not int.
time() requires a time_t pointer, not a long.
|
36349 |
25-May-1998 |
steve |
Make ftpd(8) honor its default group setting in the config files.
PR: 6682 Submitted by: Max Euston <meuston@jmrodgers.com>
|
36140 |
18-May-1998 |
ache |
Back out "always UTC" fix since some people want visually identical 'ls' output for local users. FTP protocol RFC also says that 'ls' output is not machine-readable. "always UTC" still possible with TZ= in ftpd environment by price of having UTC in log files too.
Fix INTERNAL_LS to sense new /etc/localtime after chroot
|
36105 |
16-May-1998 |
ache |
Return back initial tzset() must be before first chroot
|
36072 |
15-May-1998 |
ache |
Return back vfork and use execve with TZ="" environment in vfork case
|
36070 |
15-May-1998 |
ache |
Use fork instead of vfork since setenv clobber parent environment Fork already used for INTERNAL_LS in anycase
|
36068 |
15-May-1998 |
ache |
Move TZ="" assignment just before exec to not touch other time stuff
|
36066 |
15-May-1998 |
ache |
Do TZ= as first thing, since FTP protocol is unable to tell zone offset in any case.
It makes no difference for anon account (since chroot already makes it GMT), but if you do mirror with special non-anon login, in old variant your mirror will be wholy retransmitted twice in the year due to time zone changes (/etc/localtime plays bad role here)
|
35700 |
04-May-1998 |
bde |
Simplified by using new yacc rules and by not generating y.tab.h.
|
35482 |
28-Apr-1998 |
dg |
Set TCP_NODELAY on the control channel to improve performance a bit.
|
35474 |
27-Apr-1998 |
dg |
Fixed a bug where if MAXUSRARGS amount of args were passed in, the argv[] array would end up without the NULL pointer termination, causing the glob code to glob whatever garbage happend to follow on the stack.
|
33829 |
25-Feb-1998 |
danny |
PR: 5812 Pointed-in-the-right-driection-by: Mike Smith and Steve Price
Close syslogging before calling ls_main()
|
33782 |
24-Feb-1998 |
eivind |
Make ftpd log IP-addresses in addition to hostnames.
|
33552 |
18-Feb-1998 |
obrien |
MFS.
|
31973 |
24-Dec-1997 |
imp |
Various sprintf -> snprintf fixes. Minor style fix (strcpy(foo,"") -> *foo = '\0') Obtained from: OpenBSD(?)
|
31523 |
04-Dec-1997 |
steve |
FTP_INTERNAL_LS -> FTPD_INTERNAL_LS
Pointed out by: Jaye Mathisen <mrcpu@cdsnet.net>
|
31329 |
21-Nov-1997 |
charnier |
Cosmetics in man page. Exit(-1) -> exit(1).
|
30113 |
05-Oct-1997 |
jkh |
Changes to support full make parallelism (-j<n>) in the world target. Reviewed by: <many different folks> Submitted by: Nickolay N. Dudorov" <nnd@nnd.itfs.nsk.su>
|
29574 |
18-Sep-1997 |
phk |
Many places in the code NULL is used in integer context, where plain 0 should be used. This happens to work because we #define NULL to 0, but is stylistically wrong and can cause problems for people trying to port bits of code to other environments.
PR: 2752 Submitted by: Arne Henrik Juul <arnej@imf.unit.no>
|
29140 |
05-Sep-1997 |
tg |
Hopefully better fix for logwtmp(): rename to a private version ftpd_logwtmp().
|
29139 |
05-Sep-1997 |
tg |
logwtmp() prototype is in <libutil.h>.
|
27650 |
24-Jul-1997 |
davidn |
Make useage of hostname global variable consistent. PR: 4135 Based on submitted patch by: blank@fox.uni-trier.de
|
25986 |
21-May-1997 |
danny |
Tell the chroot()ed user that "access restrictions apply".
|
25674 |
10-May-1997 |
davidn |
login_getclass() -> login_getpwclass().
|
25283 |
29-Apr-1997 |
davidn |
Adds anon ftp virtual host capability to ftpd, using /etc/ftphosts for definition of a system's virtual hosts.
|
25187 |
27-Apr-1997 |
davidn |
YAMF2.2: Allow @group entries in /etc/ftpusers & /etc/ftpchroot to deny and allow chroot access to entire groups.
|
25166 |
26-Apr-1997 |
davidn |
Document internal ls, how to compile it in and what it changes wrt anon ftp and chrooted users.
|
25165 |
26-Apr-1997 |
davidn |
Adds optional "internal ls" support for ftpd, by collecting modules from src/bin/ls, and handling exec(_PATH_LS,..) as a special case, very useful in an environment where many users are given chroot access. "~/etc/{s}pwd.db" files are still needed if uid/gid->user/group translation is desired.
To enable this it must be compiled with the make variable FTP_INTERNAL_LS defined, either in /etc/make.conf or the environment.
|
25101 |
23-Apr-1997 |
davidn |
Add basic login.conf (sans authentication) support.
|
24349 |
28-Mar-1997 |
imp |
compare return value from getopt against -1 rather than EOF, per the final posix standard on the topic.
|
24242 |
25-Mar-1997 |
mpp |
Remove some incorrect text on how passwords are validated. Closes PR# 3050.
Submitted by: Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
|
22989 |
22-Feb-1997 |
peter |
Revert $FreeBSD$ to $Id$
|
22954 |
20-Feb-1997 |
mpp |
#include <string.h> to help silence -Wall.
|
22668 |
13-Feb-1997 |
guido |
Actually allow the -R flag.
|
22058 |
28-Jan-1997 |
dg |
Oops, fix white space in last commit.
|
22057 |
28-Jan-1997 |
dg |
Fix signal handler race condition.
|
21786 |
16-Jan-1997 |
alex |
Sweep through the tree fixing mmap() usage:
- Use MAP_FAILED instead of the constant -1 to indicate failure (required by POSIX). - Removed flag arguments of '0' (required by POSIX). - Fixed code which expected an error return of 0. - Fixed code which thought any address with the high bit set was an error. - Check for failure where no checks were present.
Discussed with: bde
|
21673 |
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
21553 |
11-Jan-1997 |
mpp |
Document the fact that the administrator may have to change syslog's config file in order for all of ftpd's log messages to be displayed by syslogd.
Closes PR# 1559.
|
20042 |
30-Nov-1996 |
torstenb |
add flag to allow only anonymous ftp logins
Reviewed by: pst
|
19903 |
20-Nov-1996 |
pst |
Conditionalize setsockopt IP_PORTRANGE to make ftpd portable.
|
19902 |
20-Nov-1996 |
pst |
Truncate argument list to avoid buffer overflows.
Cannidate for: 2.1 and 2.2
|
19018 |
18-Oct-1996 |
ache |
Implement alternative strategy if it is impossible to confirm password: ask for it, but don't tell that S/key password required. It looks like non-s/key system from outside.
Additionally tell that s/key required when it is so for normal case
|
18993 |
17-Oct-1996 |
ache |
Oops, fix my previous commit, now tell user his s/key parameters
|
18989 |
17-Oct-1996 |
ache |
Don't ever ask for password if it is impossible to confirm it It happens if 1) regular passwords not allowed, 2) skey database not activated for given user. Under some rare circumstanes skey_challenge can return empty diagnostic or even previous buffer, fix it.
|
18471 |
22-Sep-1996 |
wosch |
add forgotten $Id$
|
18449 |
21-Sep-1996 |
pst |
Fix some compilation warnings.
|
17483 |
09-Aug-1996 |
julian |
Reviewed by: various Submitted by: archie@whistle.com
allow ftpd to bind to a single address/interface this allows easy split services.
|
17478 |
09-Aug-1996 |
markm |
Tidy up the Kerberised bits. While I'm here, fix some -Wall complaints.
|
17453 |
06-Aug-1996 |
phk |
Fix another bogon.
|
17451 |
06-Aug-1996 |
phk |
Make password checking in ftpd work again.
|
17435 |
05-Aug-1996 |
pst |
Convert STATS and PARANOID to run-time options. Document the new -R (relax paranoia) option.
From NetBSD/Lite2: code and man page cleanups, Kerberos IV hooks (relax, we're still exportable), and /etc/ftpchroot feature for semi-anonymous accounts
|
17433 |
04-Aug-1996 |
pst |
If PARANOID is set, do not allow PORT commands to remote ports less than 1024 or addresses other than the requestor's address. This violates the FTP protocol (hmm...as I write this, I'm going to change this to a run-time var.)
Require login before PASV and RNTO commands.
Close unused PASV ports so they don't hang around forever.
Do not allow file overwrites via rename or STOR when anonymous (suspenders).
Clean up buffer utilization.
My code, but heavily inspired by Hobbit's changes to wu-ftpd as pointed out by Mike Prettejohn and Kit Knox.
|
16433 |
17-Jun-1996 |
ache |
If hostname > UT_HOSTSIZE, use its numerical address instead to keep valid utmp and wtmp entries
|
16072 |
02-Jun-1996 |
phk |
backout yacc changes
|
16033 |
31-May-1996 |
peter |
Use the sysctl settable data port ranges rather than the statically compiled values. see sysctl net.inet.ip.portrange.* and the IP_PORTRANGE discussion in <netinet/in.h>
|
16015 |
30-May-1996 |
phk |
Fix yacc rule usage.
|
15196 |
11-Apr-1996 |
dg |
Implemented a "-D" option that causes ftpd to detach and become a daemon - accepting connections on the FTP port and forking children processes to handling them. This is lower overhead than spawning ftpd from inetd and can be a significant win on busy FTP servers. Be sure to disable ftpd in inetd.conf if you decide to use this option. These changes are based on similar changes I made to wu-ftpd and have been in use on wcarchive for several months.
|
14667 |
18-Mar-1996 |
dg |
Fix bug that caused a coredump when attempting to enter passive mode when not logged in. Original fix slightly altered by me to return the correct reply code.
Submitted by: Vadim Kolontsov <vadim@tversu.ac.ru>
|
13139 |
01-Jan-1996 |
peter |
Make ftpd use setproctitle() from libutil
I've left the old code in there under #ifdef OLD_SETPROCTITLE in case somebody wants to try to compile out ftpd on some other machine.
|
12532 |
29-Nov-1995 |
guido |
Timeout when an expected accept does not happen after all. This gets rids of dozens of hanging ftpd's because some broken pc implementation `forgets' to open a passive connection. Obtained from: Wietse Venema
|
10401 |
28-Aug-1995 |
mpp |
Check for expired passwords before allowing access to the system.
|
9933 |
05-Aug-1995 |
pst |
Use data ports in the range 40000..44999 by default to enhance FTP usability in a firewall environment. Original idea by Mark Tracy (?).
Reviewed by: wollman Submitted by: pst
|
8870 |
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
8697 |
22-May-1995 |
dg |
Make last change a little more robust by checking for failure of getcwd().
|
8696 |
22-May-1995 |
dg |
Set "HOME" so that tilde expands correctly. It previously was always root's directory /root.
|
8240 |
03-May-1995 |
wollman |
Speed up ftpd and make it more efficient:
- set TCP_NOPUSH to keep from sending short packets at each write(2) boundary - set SO_SNDBUF to 64k so we have a reasonable amount of buffer space - for a regular file in binary mode which is not being restarted and is . smaller than 16 Meg, use mmap(2) and write(2) the whole file in one big gulp
In the most common circumstances, this should dramatically reduce the system-call load from ftpd, since the call to write() will not return until the entire file has been written, rather than writing just a few K at a time in a loop.
|
7842 |
15-Apr-1995 |
gpalmer |
Fix two more references to /etc/motd that I overlooked. PR #29
|
7841 |
15-Apr-1995 |
gpalmer |
Close PR #29. The file should be /etc/ftpmotd, not /etc/motd.
|
7127 |
18-Mar-1995 |
nate |
Change the library order so libcrypt is the last library in the list. libskey contains references to _crypt and can't resolve it unless -lcrypt occurs after it in the link command. This only occurs when linking statically.
|
6740 |
26-Feb-1995 |
guido |
Add some functionality to ftpd so it logs all anonymous file transfers. It only does this when -S is set. Reviewed by: Submitted by: Obtained from: logdaemon package
|
3938 |
27-Oct-1994 |
pst |
recommit rev 1.5 of ftpd, I fatfingered a command
|
3936 |
27-Oct-1994 |
pst |
Printing out /etc/motd when a ftp login occurs is a security hole (as is printing out a version number at the telnet login banner).
Don't print out /etc/motd when people login, instead if present, print out /etc/ftpmotd. It looks like 4.4lite2 has done something similar (perhaps for different reasons) because /etc/motd no longer shows up on vangogh.
Folks who like the old behavior can create a symbolic link to motd.
|
3777 |
22-Oct-1994 |
pst |
Figured it out, misapplied a patch, ftpd now works again.
|
3776 |
22-Oct-1994 |
pst |
Fix broken command parser (fall back 10 yards and scratch head).
|
3702 |
19-Oct-1994 |
pst |
Include most of the logdaemon v4.4 S/key changes
|
3250 |
30-Sep-1994 |
pst |
Clean up makefile
|
3206 |
29-Sep-1994 |
pst |
Use new skey access routines
|
2930 |
20-Sep-1994 |
dg |
Fixed bug where /etc/ftpusers was ineffective. Caused by the wrong pointer being passed to strcmp(). Bug noticed by Matthew Green.
|
2194 |
21-Aug-1994 |
guido |
Put skey support to ftpd Reviewed by: Submitted by: guido
|
2193 |
21-Aug-1994 |
guido |
Put skey support in ftpd. Reviewed by: Submitted by: guido
|
2158 |
20-Aug-1994 |
csgr |
LDADD= -lcrypt Submitted by: Geoff
|
1875 |
05-Aug-1994 |
wollman |
Update to new make macros and disable Kerberos because we haven't got it set up right yet.
|
1593 |
27-May-1994 |
rgrimes |
This commit was generated by cvs2svn to compensate for changes in r1592, which included commits to RCS files with non-trunk default branches.
|