diff options
| author | stas <stas@FreeBSD.org> | 2012-03-22 08:48:42 +0000 |
|---|---|---|
| committer | stas <stas@FreeBSD.org> | 2012-03-22 08:48:42 +0000 |
| commit | e7e0b349883e80d63c4e856f16351aaa6607766d (patch) | |
| tree | 5518cb944fa25f627a797b58451ccf506b720fcf /crypto/heimdal/appl/ftp/ftpd | |
| parent | e02fd6b8423e63f1fdbfc1f984d7c7291a1bacd1 (diff) | |
| parent | 2db247d3fc10ef5304f61dbd66448efff8cc6684 (diff) | |
| download | FreeBSD-src-e7e0b349883e80d63c4e856f16351aaa6607766d.zip FreeBSD-src-e7e0b349883e80d63c4e856f16351aaa6607766d.tar.gz | |
- Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
Diffstat (limited to 'crypto/heimdal/appl/ftp/ftpd')
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/Makefile.am | 13 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/Makefile.in | 474 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/extern.h | 4 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/ftpcmd.c | 269 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/ftpcmd.y | 68 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/ftpd.8 | 16 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/ftpd.c | 164 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h | 60 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/ftpusers.5 | 2 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/gss_userok.c | 170 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/gssapi.c | 145 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/kauth.c | 242 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/klist.c | 22 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/krb4.c | 340 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/logwtmp.c | 85 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/ls.c | 78 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/popen.c | 14 | ||||
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/security.c | 78 |
18 files changed, 846 insertions, 1398 deletions
diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.am b/crypto/heimdal/appl/ftp/ftpd/Makefile.am index b404876..355b8ba 100644 --- a/crypto/heimdal/appl/ftp/ftpd/Makefile.am +++ b/crypto/heimdal/appl/ftp/ftpd/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 21031 2007-06-09 05:00:27Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -8,9 +8,6 @@ libexec_PROGRAMS = ftpd CHECK_LOCAL = -if KRB4 -krb4_sources = krb4.c -endif if KRB5 krb5_sources = gssapi.c gss_userok.c endif @@ -30,7 +27,7 @@ ftpd_SOURCES = \ $(krb4_sources) \ $(krb5_sources) -EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c +EXTRA_ftpd_SOURCES = kauth.c gssapi.c gss_userok.c $(ftpd_OBJECTS): security.h @@ -38,12 +35,10 @@ security.c: @test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c . security.h: @test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h . -krb4.c: - @test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c . gssapi.c: @test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c . -CLEANFILES = security.c security.h krb4.c gssapi.c +CLEANFILES = security.c security.h gssapi.c man_MANS = ftpd.8 ftpusers.5 @@ -56,4 +51,4 @@ LDADD = ../common/libcommon.a \ $(LIB_hcrypto) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.in b/crypto/heimdal/appl/ftp/ftpd/Makefile.in index c7a6a8f..afa9615 100644 --- a/crypto/heimdal/appl/ftp/ftpd/Makefile.in +++ b/crypto/heimdal/appl/ftp/ftpd/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 21031 2007-06-09 05:00:27Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ libexec_PROGRAMS = ftpd$(EXEEXT) subdir = appl/ftp/ftpd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,25 +89,23 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(libexec_PROGRAMS) am__ftpd_SOURCES_DIST = extern.h ftpcmd.y ftpd.c ftpd_locl.h logwtmp.c \ - ls.c pathnames.h popen.c security.c kauth.c klist.c krb4.c \ - gssapi.c gss_userok.c -@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT) -@KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT) gss_userok.$(OBJEXT) + ls.c pathnames.h popen.c security.c kauth.c klist.c gssapi.c \ + gss_userok.c +@KRB5_TRUE@am__objects_1 = gssapi.$(OBJEXT) gss_userok.$(OBJEXT) am_ftpd_OBJECTS = ftpcmd.$(OBJEXT) ftpd.$(OBJEXT) logwtmp.$(OBJEXT) \ ls.$(OBJEXT) popen.$(OBJEXT) security.$(OBJEXT) \ - kauth.$(OBJEXT) klist.$(OBJEXT) $(am__objects_1) \ - $(am__objects_2) + kauth.$(OBJEXT) klist.$(OBJEXT) $(am__objects_1) ftpd_OBJECTS = $(am_ftpd_OBJECTS) ftpd_LDADD = $(LDADD) am__DEPENDENCIES_1 = @@ -112,9 +115,9 @@ ftpd_DEPENDENCIES = ../common/libcommon.a $(am__DEPENDENCIES_1) \ $(LIB_gssapi) $(LIB_krb5) $(am__DEPENDENCIES_2) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -131,6 +134,27 @@ LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ YLWRAP = $(top_srcdir)/ylwrap SOURCES = $(ftpd_SOURCES) $(EXTRA_ftpd_SOURCES) DIST_SOURCES = $(am__ftpd_SOURCES_DIST) $(EXTRA_ftpd_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 MANS = $(man_MANS) @@ -141,49 +165,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -207,10 +240,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -227,6 +261,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -242,31 +278,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -281,10 +331,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -325,33 +377,37 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) -I$(srcdir)/../common $(INCLUDE_krb4) \ + -DFTP_SERVER @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la CHECK_LOCAL = -@KRB4_TRUE@krb4_sources = krb4.c @KRB5_TRUE@krb5_sources = gssapi.c gss_userok.c ftpd_SOURCES = \ extern.h \ @@ -368,8 +424,8 @@ ftpd_SOURCES = \ $(krb4_sources) \ $(krb5_sources) -EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c -CLEANFILES = security.c security.h krb4.c gssapi.c +EXTRA_ftpd_SOURCES = kauth.c gssapi.c gss_userok.c +CLEANFILES = security.c security.h gssapi.c man_MANS = ftpd.8 ftpusers.5 LDADD = ../common/libcommon.a \ $(LIB_otp) \ @@ -380,23 +436,23 @@ LDADD = ../common/libcommon.a \ $(LIB_hcrypto) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/ftp/ftpd/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/ftp/ftpd/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/ftpd/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/ftp/ftpd/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -414,34 +470,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list ftpd$(EXEEXT): $(ftpd_OBJECTS) $(ftpd_DEPENDENCIES) @rm -f ftpd$(EXEEXT) $(LINK) $(ftpd_OBJECTS) $(ftpd_LDADD) $(LIBS) @@ -452,14 +524,37 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ftpcmd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ftpd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gss_userok.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssapi.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kauth.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/klist.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logwtmp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ls.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/popen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/security.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< .y.c: $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE) @@ -469,146 +564,149 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man5: $(man5_MANS) $(man_MANS) +install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man5dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + uninstall-man5: @$(NORMAL_UNINSTALL) - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -624,13 +722,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -666,6 +768,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -677,6 +780,7 @@ clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -687,6 +791,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -694,26 +800,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man5 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -733,11 +848,10 @@ ps-am: uninstall-am: uninstall-libexecPROGRAMS uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man5 uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \ @@ -825,6 +939,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -910,7 +1027,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -930,10 +1047,9 @@ security.c: @test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c . security.h: @test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h . -krb4.c: - @test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c . gssapi.c: @test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c . + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/ftp/ftpd/extern.h b/crypto/heimdal/appl/ftp/ftpd/extern.h index db40f2f..3f48ec6 100644 --- a/crypto/heimdal/appl/ftp/ftpd/extern.h +++ b/crypto/heimdal/appl/ftp/ftpd/extern.h @@ -63,7 +63,7 @@ void abor(void); void blkfree(char **); char **copyblk(char **); -void cwd(char *); +void cwd(const char *); void do_delete(char *); void dologout(int); void eprt(char *); @@ -129,6 +129,7 @@ extern struct sockaddr *data_dest; extern int logged_in; extern struct passwd *pw; extern int guest; +extern int dochroot; extern int logging; extern int type; extern off_t file_size; @@ -144,5 +145,6 @@ extern char hostname[], remotehost[]; extern char proctitle[]; extern int usedefault; extern char tmpline[]; +extern int paranoid; #endif /* _EXTERN_H_ */ diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c index 94eadee..dab11bc 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c +++ b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c @@ -242,7 +242,7 @@ #include "ftpd_locl.h" -RCSID("$Id: ftpcmd.y 15677 2005-07-19 18:33:08Z lha $"); +RCSID("$Id$"); off_t restart_point; @@ -665,16 +665,16 @@ static const yytype_int8 yyrhs[] = /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const yytype_uint16 yyrline[] = { - 0, 129, 129, 131, 136, 140, 146, 153, 164, 170, - 175, 180, 186, 223, 237, 251, 257, 263, 272, 281, - 290, 295, 304, 309, 315, 322, 327, 334, 348, 353, - 358, 365, 370, 387, 392, 399, 406, 411, 416, 426, - 433, 438, 443, 451, 464, 478, 485, 502, 525, 530, - 539, 552, 563, 576, 583, 588, 595, 613, 630, 658, - 665, 671, 681, 691, 696, 701, 706, 711, 716, 721, - 726, 734, 739, 742, 746, 750, 763, 767, 771, 778, - 783, 788, 793, 798, 802, 807, 813, 821, 825, 829, - 836, 840, 844, 851, 879, 883, 909, 917, 928 + 0, 129, 129, 131, 136, 140, 146, 154, 175, 181, + 186, 191, 197, 234, 248, 262, 268, 274, 283, 292, + 301, 306, 315, 320, 326, 333, 338, 345, 359, 364, + 373, 380, 385, 402, 407, 414, 421, 426, 431, 441, + 448, 453, 458, 466, 479, 493, 500, 517, 521, 526, + 530, 534, 545, 558, 565, 570, 577, 595, 612, 640, + 647, 653, 663, 673, 678, 683, 688, 693, 698, 703, + 708, 716, 721, 724, 728, 732, 745, 749, 753, 760, + 765, 770, 775, 780, 784, 789, 795, 803, 807, 811, + 818, 822, 826, 833, 861, 865, 891, 899, 910 }; #endif @@ -1794,21 +1794,31 @@ yyreduce: break; case 7: -#line 154 "ftpcmd.y" +#line 155 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { - usedefault = 0; - if (pdata >= 0) { + if (paranoid && + (data_dest->sa_family != his_addr->sa_family || + (socket_get_port(data_dest) < IPPORT_RESERVED) || + memcmp(socket_get_address(data_dest), + socket_get_address(his_addr), + socket_addr_size(his_addr)) != 0)) { + usedefault = 1; + reply(500, "Illegal PORT range rejected."); + } else { + usedefault = 0; + if (pdata >= 0) { close(pdata); pdata = -1; + } + reply(200, "PORT command successful."); } - reply(200, "PORT command successful."); } } break; case 8: -#line 165 "ftpcmd.y" +#line 176 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) eprt ((yyvsp[(3) - (5)].s)); @@ -1817,7 +1827,7 @@ yyreduce: break; case 9: -#line 171 "ftpcmd.y" +#line 182 "ftpcmd.y" { if((yyvsp[(3) - (3)].i)) pasv (); @@ -1825,7 +1835,7 @@ yyreduce: break; case 10: -#line 176 "ftpcmd.y" +#line 187 "ftpcmd.y" { if((yyvsp[(3) - (3)].i)) epsv (NULL); @@ -1833,7 +1843,7 @@ yyreduce: break; case 11: -#line 181 "ftpcmd.y" +#line 192 "ftpcmd.y" { if((yyvsp[(5) - (5)].i)) epsv ((yyvsp[(3) - (5)].s)); @@ -1842,7 +1852,7 @@ yyreduce: break; case 12: -#line 187 "ftpcmd.y" +#line 198 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { switch (cmd_type) { @@ -1882,7 +1892,7 @@ yyreduce: break; case 13: -#line 224 "ftpcmd.y" +#line 235 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { switch ((yyvsp[(3) - (5)].i)) { @@ -1899,7 +1909,7 @@ yyreduce: break; case 14: -#line 238 "ftpcmd.y" +#line 249 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { switch ((yyvsp[(3) - (5)].i)) { @@ -1916,7 +1926,7 @@ yyreduce: break; case 15: -#line 252 "ftpcmd.y" +#line 263 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { reply(202, "ALLO command ignored."); @@ -1925,7 +1935,7 @@ yyreduce: break; case 16: -#line 258 "ftpcmd.y" +#line 269 "ftpcmd.y" { if ((yyvsp[(9) - (9)].i)) { reply(202, "ALLO command ignored."); @@ -1934,7 +1944,7 @@ yyreduce: break; case 17: -#line 264 "ftpcmd.y" +#line 275 "ftpcmd.y" { char *name = (yyvsp[(3) - (5)].s); @@ -1946,7 +1956,7 @@ yyreduce: break; case 18: -#line 273 "ftpcmd.y" +#line 284 "ftpcmd.y" { char *name = (yyvsp[(3) - (5)].s); @@ -1958,7 +1968,7 @@ yyreduce: break; case 19: -#line 282 "ftpcmd.y" +#line 293 "ftpcmd.y" { char *name = (yyvsp[(3) - (5)].s); @@ -1970,7 +1980,7 @@ yyreduce: break; case 20: -#line 291 "ftpcmd.y" +#line 302 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) send_file_list("."); @@ -1978,7 +1988,7 @@ yyreduce: break; case 21: -#line 296 "ftpcmd.y" +#line 307 "ftpcmd.y" { char *name = (yyvsp[(3) - (5)].s); @@ -1990,7 +2000,7 @@ yyreduce: break; case 22: -#line 305 "ftpcmd.y" +#line 316 "ftpcmd.y" { if((yyvsp[(3) - (3)].i)) list_file("."); @@ -1998,7 +2008,7 @@ yyreduce: break; case 23: -#line 310 "ftpcmd.y" +#line 321 "ftpcmd.y" { if((yyvsp[(5) - (5)].i)) list_file((yyvsp[(3) - (5)].s)); @@ -2007,7 +2017,7 @@ yyreduce: break; case 24: -#line 316 "ftpcmd.y" +#line 327 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) statfilecmd((yyvsp[(3) - (5)].s)); @@ -2017,7 +2027,7 @@ yyreduce: break; case 25: -#line 323 "ftpcmd.y" +#line 334 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) statcmd(); @@ -2025,7 +2035,7 @@ yyreduce: break; case 26: -#line 328 "ftpcmd.y" +#line 339 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) do_delete((yyvsp[(3) - (5)].s)); @@ -2035,7 +2045,7 @@ yyreduce: break; case 27: -#line 335 "ftpcmd.y" +#line 346 "ftpcmd.y" { if((yyvsp[(5) - (5)].i)){ if (fromname) { @@ -2052,7 +2062,7 @@ yyreduce: break; case 28: -#line 349 "ftpcmd.y" +#line 360 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) reply(225, "ABOR command successful."); @@ -2060,15 +2070,19 @@ yyreduce: break; case 29: -#line 354 "ftpcmd.y" +#line 365 "ftpcmd.y" { - if ((yyvsp[(3) - (3)].i)) - cwd(pw->pw_dir); + if ((yyvsp[(3) - (3)].i)) { + const char *path = pw->pw_dir; + if (dochroot || guest) + path = "/"; + cwd(path); + } } break; case 30: -#line 359 "ftpcmd.y" +#line 374 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) cwd((yyvsp[(3) - (5)].s)); @@ -2078,7 +2092,7 @@ yyreduce: break; case 31: -#line 366 "ftpcmd.y" +#line 381 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) help(cmdtab, (char *) 0); @@ -2086,7 +2100,7 @@ yyreduce: break; case 32: -#line 371 "ftpcmd.y" +#line 386 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { char *cp = (yyvsp[(3) - (5)].s); @@ -2106,7 +2120,7 @@ yyreduce: break; case 33: -#line 388 "ftpcmd.y" +#line 403 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) reply(200, "NOOP command successful."); @@ -2114,7 +2128,7 @@ yyreduce: break; case 34: -#line 393 "ftpcmd.y" +#line 408 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) makedir((yyvsp[(3) - (5)].s)); @@ -2124,7 +2138,7 @@ yyreduce: break; case 35: -#line 400 "ftpcmd.y" +#line 415 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) removedir((yyvsp[(3) - (5)].s)); @@ -2134,7 +2148,7 @@ yyreduce: break; case 36: -#line 407 "ftpcmd.y" +#line 422 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) pwd(); @@ -2142,7 +2156,7 @@ yyreduce: break; case 37: -#line 412 "ftpcmd.y" +#line 427 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) cwd(".."); @@ -2150,7 +2164,7 @@ yyreduce: break; case 38: -#line 417 "ftpcmd.y" +#line 432 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) { lreply(211, "Supported features:"); @@ -2163,7 +2177,7 @@ yyreduce: break; case 39: -#line 427 "ftpcmd.y" +#line 442 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) reply(501, "Bad options"); @@ -2172,7 +2186,7 @@ yyreduce: break; case 40: -#line 434 "ftpcmd.y" +#line 449 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) help(sitetab, (char *) 0); @@ -2180,7 +2194,7 @@ yyreduce: break; case 41: -#line 439 "ftpcmd.y" +#line 454 "ftpcmd.y" { if ((yyvsp[(7) - (7)].i)) help(sitetab, (yyvsp[(5) - (7)].s)); @@ -2188,7 +2202,7 @@ yyreduce: break; case 42: -#line 444 "ftpcmd.y" +#line 459 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { int oldmask = umask(0); @@ -2199,7 +2213,7 @@ yyreduce: break; case 43: -#line 452 "ftpcmd.y" +#line 467 "ftpcmd.y" { if ((yyvsp[(7) - (7)].i)) { if (((yyvsp[(5) - (7)].i) == -1) || ((yyvsp[(5) - (7)].i) > 0777)) { @@ -2215,7 +2229,7 @@ yyreduce: break; case 44: -#line 465 "ftpcmd.y" +#line 480 "ftpcmd.y" { if ((yyvsp[(9) - (9)].i) && (yyvsp[(7) - (9)].s) != NULL) { if ((yyvsp[(5) - (9)].i) > 0777) @@ -2232,7 +2246,7 @@ yyreduce: break; case 45: -#line 479 "ftpcmd.y" +#line 494 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) reply(200, @@ -2242,7 +2256,7 @@ yyreduce: break; case 46: -#line 486 "ftpcmd.y" +#line 501 "ftpcmd.y" { if ((yyvsp[(7) - (7)].i)) { if ((yyvsp[(5) - (7)].i) < 30 || (yyvsp[(5) - (7)].i) > maxtimeout) { @@ -2261,33 +2275,14 @@ yyreduce: break; case 47: -#line 503 "ftpcmd.y" - { -#ifdef KRB4 - char *p; - - if(guest) - reply(500, "Can't be done as guest."); - else{ - if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s) != NULL){ - p = strpbrk((yyvsp[(5) - (7)].s), " \t"); - if(p){ - *p++ = 0; - kauth((yyvsp[(5) - (7)].s), p + strspn(p, " \t")); - }else - kauth((yyvsp[(5) - (7)].s), NULL); - } - } - if((yyvsp[(5) - (7)].s) != NULL) - free((yyvsp[(5) - (7)].s)); -#else +#line 518 "ftpcmd.y" + { reply(500, "Command not implemented."); -#endif } break; case 48: -#line 526 "ftpcmd.y" +#line 522 "ftpcmd.y" { if((yyvsp[(5) - (5)].i)) klist(); @@ -2295,37 +2290,23 @@ yyreduce: break; case 49: -#line 531 "ftpcmd.y" +#line 527 "ftpcmd.y" { -#ifdef KRB4 - if((yyvsp[(5) - (5)].i)) - kdestroy(); -#else reply(500, "Command not implemented."); -#endif } break; case 50: -#line 540 "ftpcmd.y" +#line 531 "ftpcmd.y" { -#ifdef KRB4 - if(guest) - reply(500, "Can't be done as guest."); - else if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s)) - krbtkfile((yyvsp[(5) - (7)].s)); - if((yyvsp[(5) - (7)].s)) - free((yyvsp[(5) - (7)].s)); -#else reply(500, "Command not implemented."); -#endif } break; case 51: -#line 553 "ftpcmd.y" +#line 535 "ftpcmd.y" { -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(guest) reply(500, "Can't be done as guest."); else if((yyvsp[(5) - (5)].i)) @@ -2337,9 +2318,9 @@ yyreduce: break; case 52: -#line 564 "ftpcmd.y" +#line 546 "ftpcmd.y" { -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(guest) reply(500, "Can't be done as guest."); else if((yyvsp[(7) - (7)].i)) @@ -2353,7 +2334,7 @@ yyreduce: break; case 53: -#line 577 "ftpcmd.y" +#line 559 "ftpcmd.y" { if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s) != NULL) find((yyvsp[(5) - (7)].s)); @@ -2363,7 +2344,7 @@ yyreduce: break; case 54: -#line 584 "ftpcmd.y" +#line 566 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) reply(200, "http://www.pdc.kth.se/heimdal/"); @@ -2371,7 +2352,7 @@ yyreduce: break; case 55: -#line 589 "ftpcmd.y" +#line 571 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) do_store((yyvsp[(3) - (5)].s), "w", 1); @@ -2381,7 +2362,7 @@ yyreduce: break; case 56: -#line 596 "ftpcmd.y" +#line 578 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) { #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) @@ -2394,7 +2375,7 @@ yyreduce: break; case 57: -#line 614 "ftpcmd.y" +#line 596 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) sizecmd((yyvsp[(3) - (5)].s)); @@ -2404,7 +2385,7 @@ yyreduce: break; case 58: -#line 631 "ftpcmd.y" +#line 613 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) { struct stat stbuf; @@ -2435,7 +2416,7 @@ yyreduce: break; case 59: -#line 659 "ftpcmd.y" +#line 641 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) { reply(221, "Goodbye."); @@ -2445,14 +2426,14 @@ yyreduce: break; case 60: -#line 666 "ftpcmd.y" +#line 648 "ftpcmd.y" { yyerrok; } break; case 61: -#line 672 "ftpcmd.y" +#line 654 "ftpcmd.y" { restart_point = (off_t) 0; if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s)) { @@ -2465,7 +2446,7 @@ yyreduce: break; case 62: -#line 682 "ftpcmd.y" +#line 664 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { fromname = (char *) 0; @@ -2478,7 +2459,7 @@ yyreduce: break; case 63: -#line 692 "ftpcmd.y" +#line 674 "ftpcmd.y" { auth((yyvsp[(3) - (4)].s)); free((yyvsp[(3) - (4)].s)); @@ -2486,7 +2467,7 @@ yyreduce: break; case 64: -#line 697 "ftpcmd.y" +#line 679 "ftpcmd.y" { adat((yyvsp[(3) - (4)].s)); free((yyvsp[(3) - (4)].s)); @@ -2494,7 +2475,7 @@ yyreduce: break; case 65: -#line 702 "ftpcmd.y" +#line 684 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) pbsz((yyvsp[(3) - (5)].i)); @@ -2502,7 +2483,7 @@ yyreduce: break; case 66: -#line 707 "ftpcmd.y" +#line 689 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) prot((yyvsp[(3) - (5)].s)); @@ -2510,7 +2491,7 @@ yyreduce: break; case 67: -#line 712 "ftpcmd.y" +#line 694 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) ccc(); @@ -2518,7 +2499,7 @@ yyreduce: break; case 68: -#line 717 "ftpcmd.y" +#line 699 "ftpcmd.y" { mec((yyvsp[(3) - (4)].s), prot_safe); free((yyvsp[(3) - (4)].s)); @@ -2526,7 +2507,7 @@ yyreduce: break; case 69: -#line 722 "ftpcmd.y" +#line 704 "ftpcmd.y" { mec((yyvsp[(3) - (4)].s), prot_confidential); free((yyvsp[(3) - (4)].s)); @@ -2534,7 +2515,7 @@ yyreduce: break; case 70: -#line 727 "ftpcmd.y" +#line 709 "ftpcmd.y" { mec((yyvsp[(3) - (4)].s), prot_private); free((yyvsp[(3) - (4)].s)); @@ -2542,47 +2523,47 @@ yyreduce: break; case 72: -#line 739 "ftpcmd.y" +#line 721 "ftpcmd.y" { (yyval.s) = (char *)calloc(1, sizeof(char)); } break; case 75: -#line 752 "ftpcmd.y" +#line 734 "ftpcmd.y" { struct sockaddr_in *sin4 = (struct sockaddr_in *)data_dest; sin4->sin_family = AF_INET; sin4->sin_port = htons((yyvsp[(9) - (11)].i) * 256 + (yyvsp[(11) - (11)].i)); - sin4->sin_addr.s_addr = + sin4->sin_addr.s_addr = htonl(((yyvsp[(1) - (11)].i) << 24) | ((yyvsp[(3) - (11)].i) << 16) | ((yyvsp[(5) - (11)].i) << 8) | (yyvsp[(7) - (11)].i)); } break; case 76: -#line 764 "ftpcmd.y" +#line 746 "ftpcmd.y" { (yyval.i) = FORM_N; } break; case 77: -#line 768 "ftpcmd.y" +#line 750 "ftpcmd.y" { (yyval.i) = FORM_T; } break; case 78: -#line 772 "ftpcmd.y" +#line 754 "ftpcmd.y" { (yyval.i) = FORM_C; } break; case 79: -#line 779 "ftpcmd.y" +#line 761 "ftpcmd.y" { cmd_type = TYPE_A; cmd_form = FORM_N; @@ -2590,7 +2571,7 @@ yyreduce: break; case 80: -#line 784 "ftpcmd.y" +#line 766 "ftpcmd.y" { cmd_type = TYPE_A; cmd_form = (yyvsp[(3) - (3)].i); @@ -2598,7 +2579,7 @@ yyreduce: break; case 81: -#line 789 "ftpcmd.y" +#line 771 "ftpcmd.y" { cmd_type = TYPE_E; cmd_form = FORM_N; @@ -2606,7 +2587,7 @@ yyreduce: break; case 82: -#line 794 "ftpcmd.y" +#line 776 "ftpcmd.y" { cmd_type = TYPE_E; cmd_form = (yyvsp[(3) - (3)].i); @@ -2614,14 +2595,14 @@ yyreduce: break; case 83: -#line 799 "ftpcmd.y" +#line 781 "ftpcmd.y" { cmd_type = TYPE_I; } break; case 84: -#line 803 "ftpcmd.y" +#line 785 "ftpcmd.y" { cmd_type = TYPE_L; cmd_bytesz = NBBY; @@ -2629,7 +2610,7 @@ yyreduce: break; case 85: -#line 808 "ftpcmd.y" +#line 790 "ftpcmd.y" { cmd_type = TYPE_L; cmd_bytesz = (yyvsp[(3) - (3)].i); @@ -2637,7 +2618,7 @@ yyreduce: break; case 86: -#line 814 "ftpcmd.y" +#line 796 "ftpcmd.y" { cmd_type = TYPE_L; cmd_bytesz = (yyvsp[(2) - (2)].i); @@ -2645,49 +2626,49 @@ yyreduce: break; case 87: -#line 822 "ftpcmd.y" +#line 804 "ftpcmd.y" { (yyval.i) = STRU_F; } break; case 88: -#line 826 "ftpcmd.y" +#line 808 "ftpcmd.y" { (yyval.i) = STRU_R; } break; case 89: -#line 830 "ftpcmd.y" +#line 812 "ftpcmd.y" { (yyval.i) = STRU_P; } break; case 90: -#line 837 "ftpcmd.y" +#line 819 "ftpcmd.y" { (yyval.i) = MODE_S; } break; case 91: -#line 841 "ftpcmd.y" +#line 823 "ftpcmd.y" { (yyval.i) = MODE_B; } break; case 92: -#line 845 "ftpcmd.y" +#line 827 "ftpcmd.y" { (yyval.i) = MODE_C; } break; case 93: -#line 852 "ftpcmd.y" +#line 834 "ftpcmd.y" { /* * Problem: this production is used for all pathname @@ -2715,7 +2696,7 @@ yyreduce: break; case 95: -#line 884 "ftpcmd.y" +#line 866 "ftpcmd.y" { int ret, dec, multby, digit; @@ -2741,7 +2722,7 @@ yyreduce: break; case 96: -#line 910 "ftpcmd.y" +#line 892 "ftpcmd.y" { (yyval.i) = (yyvsp[(1) - (1)].i) && !guest; if((yyvsp[(1) - (1)].i) && !(yyval.i)) @@ -2750,7 +2731,7 @@ yyreduce: break; case 97: -#line 918 "ftpcmd.y" +#line 900 "ftpcmd.y" { if((yyvsp[(1) - (1)].i)) { if(((yyval.i) = logged_in) == 0) @@ -2761,7 +2742,7 @@ yyreduce: break; case 98: -#line 928 "ftpcmd.y" +#line 910 "ftpcmd.y" { (yyval.i) = 1; if(sec_complete && !ccc_passed && !secure_command()) { @@ -2774,7 +2755,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 2778 "ftpcmd.c" +#line 2759 "ftpcmd.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -2988,7 +2969,7 @@ yyreturn: } -#line 938 "ftpcmd.y" +#line 920 "ftpcmd.y" #define CMD 0 /* beginning of command */ @@ -3085,7 +3066,7 @@ struct tab sitetab[] = { { "FIND", LOCATE, STR1, 1, "<sp> globexpr" }, { "URL", URL, ARGS, 1, "?" }, - + { NULL, 0, 0, 0, 0 } }; diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y index 963a6a0..05ae736 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y +++ b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y @@ -43,7 +43,7 @@ %{ #include "ftpd_locl.h" -RCSID("$Id: ftpcmd.y 15677 2005-07-19 18:33:08Z lha $"); +RCSID("$Id$"); off_t restart_point; @@ -150,15 +150,26 @@ cmd memset ($3, 0, strlen($3)); free($3); } + | PORT SP host_port CRLF check_secure { if ($5) { - usedefault = 0; - if (pdata >= 0) { + if (paranoid && + (data_dest->sa_family != his_addr->sa_family || + (socket_get_port(data_dest) < IPPORT_RESERVED) || + memcmp(socket_get_address(data_dest), + socket_get_address(his_addr), + socket_addr_size(his_addr)) != 0)) { + usedefault = 1; + reply(500, "Illegal PORT range rejected."); + } else { + usedefault = 0; + if (pdata >= 0) { close(pdata); pdata = -1; + } + reply(200, "PORT command successful."); } - reply(200, "PORT command successful."); } } | EPRT SP STRING CRLF check_secure @@ -352,8 +363,12 @@ cmd } | CWD CRLF check_login { - if ($3) - cwd(pw->pw_dir); + if ($3) { + const char *path = pw->pw_dir; + if (dochroot || guest) + path = "/"; + cwd(path); + } } | CWD SP pathname CRLF check_login { @@ -501,26 +516,7 @@ cmd | SITE SP KAUTH SP STRING CRLF check_login { -#ifdef KRB4 - char *p; - - if(guest) - reply(500, "Can't be done as guest."); - else{ - if($7 && $5 != NULL){ - p = strpbrk($5, " \t"); - if(p){ - *p++ = 0; - kauth($5, p + strspn(p, " \t")); - }else - kauth($5, NULL); - } - } - if($5 != NULL) - free($5); -#else reply(500, "Command not implemented."); -#endif } | SITE SP KLIST CRLF check_login { @@ -529,29 +525,15 @@ cmd } | SITE SP KDESTROY CRLF check_login { -#ifdef KRB4 - if($5) - kdestroy(); -#else reply(500, "Command not implemented."); -#endif } | SITE SP KRBTKFILE SP STRING CRLF check_login { -#ifdef KRB4 - if(guest) - reply(500, "Can't be done as guest."); - else if($7 && $5) - krbtkfile($5); - if($5) - free($5); -#else reply(500, "Command not implemented."); -#endif } | SITE SP AFSLOG CRLF check_login { -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(guest) reply(500, "Can't be done as guest."); else if($5) @@ -562,7 +544,7 @@ cmd } | SITE SP AFSLOG SP STRING CRLF check_login { -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(guest) reply(500, "Can't be done as guest."); else if($7) @@ -754,7 +736,7 @@ host_port sin4->sin_family = AF_INET; sin4->sin_port = htons($9 * 256 + $11); - sin4->sin_addr.s_addr = + sin4->sin_addr.s_addr = htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7); } ; @@ -1031,7 +1013,7 @@ struct tab sitetab[] = { { "FIND", LOCATE, STR1, 1, "<sp> globexpr" }, { "URL", URL, ARGS, 1, "?" }, - + { NULL, 0, 0, 0, 0 } }; diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.8 index 0dfed9f..b025b1e 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.8 @@ -47,11 +47,11 @@ .Op Fl p Ar port .Op Fl T Ar maxtimeout .Op Fl t Ar timeout -.Op Fl -gss-bindings -.Op Fl I | Fl -no-insecure-oob +.Op Fl Fl gss-bindings +.Op Fl I | Fl Fl no-insecure-oob .Op Fl u Ar default umask -.Op Fl B | Fl -builtin-ls -.Op Fl -good-chars= Ns Ar string +.Op Fl B | Fl Fl builtin-ls +.Op Fl Fl good-chars= Ns Ar string .Sh DESCRIPTION .Nm Ftpd is the @@ -101,7 +101,7 @@ Debugging information is written to the syslog using LOG_FTP. .It Fl g Anonymous users will get a umask of .Ar umask . -.It Fl -gss-bindings +.It Fl Fl gss-bindings require the peer to use GSS-API bindings (ie make sure IP addresses match). .It Fl i Open a socket and wait for a connection. This is mainly used for @@ -144,16 +144,16 @@ revert to the old behavior. Verbose mode. .It Xo .Fl B , -.Fl -builtin-ls +.Fl Fl builtin-ls .Xc use built-in ls to list files .It Xo -.Fl -good-chars= Ns Ar string +.Fl Fl good-chars= Ns Ar string .Xc allowed anonymous upload filename chars .It Xo .Fl I -.Fl -no-insecure-oob +.Fl Fl no-insecure-oob .Xc don't allow insecure out of band. Heimdal ftp clients before 0.6.3 doesn't support secure oob, so turning diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c index 2005a4f..5be67c8 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.c @@ -38,7 +38,7 @@ #endif #include "getarg.h" -RCSID("$Id: ftpd.c 21222 2007-06-20 10:11:14Z lha $"); +RCSID("$Id$"); static char version[] = "Version 6.00"; @@ -91,6 +91,7 @@ char tmpline[10240]; char hostname[MaxHostNameLen]; char remotehost[MaxHostNameLen]; static char ttyline[20]; +int paranoid = 1; #define AUTH_PLAIN (1 << 0) /* allow sending passwords */ #define AUTH_OTP (1 << 1) /* passwords are one-time */ @@ -190,7 +191,7 @@ parse_auth_level(char *str) else warnx("bad value for -a: `%s'", p); } - return ret; + return ret; } /* @@ -225,7 +226,7 @@ struct getargs args[] = { { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" }, { "good-chars", 0, arg_string, &good_chars, "allowed anonymous upload filename chars" }, { "insecure-oob", 'I', arg_negative_flag, &allow_insecure_oob, "don't allow insecure OOB ABOR/STAT" }, -#ifdef KRB5 +#ifdef KRB5 { "gss-bindings", 0, arg_flag, &ftp_do_gss_bindings, "Require GSS-API bindings", NULL}, #endif { "version", 0, arg_flag, &version_flag }, @@ -271,22 +272,12 @@ main(int argc, char **argv) setprogname (argv[0]); - /* detach from any tickets and tokens */ - { -#ifdef KRB4 - char tkfile[1024]; - snprintf(tkfile, sizeof(tkfile), - "/tmp/ftp_%u", (unsigned)getpid()); - krb_set_tkt_string(tkfile); -#endif - } - if(getarg(args, num_args, argc, argv, &optind)) usage(1); if(help_flag) usage(0); - + if(version_flag) { print_version(NULL); exit(0); @@ -297,7 +288,7 @@ main(int argc, char **argv) { char *p; long val = 0; - + if(guest_umask_string) { val = strtol(guest_umask_string, &p, 8); if (*p != '\0' || val < 0) @@ -328,7 +319,7 @@ main(int argc, char **argv) else warnx("bad value for -p"); } - + if (maxtimeout < ftpd_timeout) maxtimeout = ftpd_timeout; @@ -338,7 +329,7 @@ main(int argc, char **argv) #endif if(interactive_flag) - mini_inetd (port); + mini_inetd(port, NULL); /* * LOG_NDELAY sets up the logging connection immediately, @@ -355,14 +346,9 @@ main(int argc, char **argv) syslog(LOG_ERR, "getsockname (%s): %m",argv[0]); exit(1); } -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - { - int tos = IPTOS_LOWDELAY; - - if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS, - (void *)&tos, sizeof(int)) < 0) - syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); - } +#if defined(IP_TOS) + if (ctrl_addr->sa_family == AF_INET) + socket_set_tos(STDIN_FILENO, IP_TOS); #endif data_source->sa_family = ctrl_addr->sa_family; socket_set_port (data_source, @@ -410,21 +396,15 @@ main(int argc, char **argv) show_file(_PATH_FTPWELCOME, 220); /* reply(220,) must follow */ gethostname(hostname, sizeof(hostname)); - + reply(220, "%s FTP server (%s" #ifdef KRB5 "+%s" #endif -#ifdef KRB4 - "+%s" -#endif ") ready.", hostname, version #ifdef KRB5 ,heimdal_version #endif -#ifdef KRB4 - ,krb4_version -#endif ); for (;;) @@ -528,7 +508,7 @@ user(char *name) guest = 0; if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { if ((auth_level & AUTH_FTP) == 0 || - checkaccess("ftp") || + checkaccess("ftp") || checkaccess("anonymous")) reply(530, "User %s access denied.", name); else if ((pw = sgetpwnam("ftp")) != NULL) { @@ -661,7 +641,7 @@ checkuser(char *fname, char *name) /* - * Determine whether a user has access, based on information in + * Determine whether a user has access, based on information in * _PATH_FTPUSERS. The users are listed one per line, with `allow' * or `deny' after the username. If anything other than `allow', or * just nothing, is given after the username, `deny' is assumed. @@ -689,9 +669,9 @@ checkaccess(char *name) int allowed = ALLOWED; char *user, *perm, line[BUFSIZ]; char *foo; - + fd = fopen(_PATH_FTPUSERS, "r"); - + if(fd == NULL) return allowed; @@ -724,7 +704,7 @@ int do_login(int code, char *passwd) return -1; } initgroups(pw->pw_name, pw->pw_gid); -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(k_hasafs()) k_setpag(); #endif @@ -799,7 +779,7 @@ int do_login(int code, char *passwd) sizeof(data_addr)); syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s", - remotehost, + remotehost, data_addr, passwd); } @@ -850,11 +830,11 @@ end_login(void) static int krb5_verify(struct passwd *pwd, char *passwd) { - krb5_context context; + krb5_context context; krb5_ccache id; krb5_principal princ; krb5_error_code ret; - + ret = krb5_init_context(&context); if(ret) return ret; @@ -864,7 +844,7 @@ krb5_verify(struct passwd *pwd, char *passwd) krb5_free_context(context); return ret; } - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id); if(ret){ krb5_free_principal(context, princ); krb5_free_context(context); @@ -882,7 +862,7 @@ krb5_verify(struct passwd *pwd, char *passwd) } krb5_cc_destroy(context, id); krb5_free_context (context); - if(ret) + if(ret) return ret; return 0; } @@ -917,21 +897,6 @@ pass(char *passwd) #ifdef KRB5 rval = krb5_verify(pw, passwd); #endif -#ifdef KRB4 - if (rval) { - char realm[REALM_SZ]; - if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS) - rval = krb_verify_user(pw->pw_name, - "", realm, - passwd, - KRB_VERIFY_SECURE, NULL); - if (rval == KSUCCESS ) { - chown (tkt_string(), pw->pw_uid, pw->pw_gid); - if(k_hasafs()) - krb_afslog(0, 0); - } - } -#endif if (rval) rval = unix_verify_user(pw->pw_name, passwd); } else { @@ -977,7 +942,7 @@ pass(char *passwd) } if(!do_login(230, passwd)) return; - + /* Forget all about it... */ end_login(); } @@ -1013,7 +978,7 @@ retrieve(const char *cmd, char *name) for(p = cmds; p->ext; p++){ char *tail = name + strlen(name) - strlen(p->ext); char c = *tail; - + if(strcmp(tail, p->ext) == 0 && (*tail = 0) == 0 && access(name, R_OK) == 0){ @@ -1037,7 +1002,7 @@ retrieve(const char *cmd, char *name) free(ext); } } - + } if(p->ext){ fin = ftpd_popen(line, "r", 0, 0); @@ -1106,7 +1071,7 @@ done: /* filename sanity check */ -int +int filename_check(char *filename) { char *p; @@ -1127,7 +1092,7 @@ filename_check(char *filename) lreply(553, "\"%s\" is not an acceptable filename.", filename); lreply(553, "The filename must start with an alphanumeric " "character and must only"); - reply(553, "consist of alphanumeric characters or any of the following: %s", + reply(553, "consist of alphanumeric characters or any of the following: %s", good_chars); return 1; } @@ -1141,10 +1106,14 @@ do_store(char *name, char *mode, int unique) if(guest && filename_check(name)) return; - if (unique && stat(name, &st) == 0 && - (name = gunique(name)) == NULL) { - LOGCMD(*mode == 'w' ? "put" : "append", name); - return; + if (unique) { + char *uname; + if (stat(name, &st) == 0) { + if ((uname = gunique(name)) == NULL) + return; + name = uname; + } + LOGCMD(*mode == 'w' ? "put" : "append", name); } if (restart_point) @@ -1252,7 +1221,7 @@ bad: } static int -accept_with_timeout(int socket, +accept_with_timeout(int socket, struct sockaddr *address, socklen_t *address_len, struct timeval *timeout) @@ -1302,13 +1271,9 @@ dataconn(const char *name, off_t size, const char *mode) } close(pdata); pdata = s; -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - { - int tos = IPTOS_THROUGHPUT; - - setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos, - sizeof(tos)); - } +#if defined(IPTOS_THROUGHPUT) + if (from->sa_family == AF_INET) + socket_set_tos(s, IPTOS_THROUGHPUT); #endif reply(150, "Opening %s mode data connection for '%s'%s.", type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); @@ -1323,7 +1288,7 @@ dataconn(const char *name, off_t size, const char *mode) if (usedefault) data_dest = his_addr; usedefault = 1; - /* + /* * Default to using the same socket type as the ctrl address, * unless we know the type of the data address. */ @@ -1399,7 +1364,7 @@ send_data(FILE *instr, FILE *outstr) goto data_err; reply(226, "Transfer complete."); return; - + case TYPE_I: case TYPE_L: #if 0 /* XXX handle urg flag */ @@ -1411,7 +1376,7 @@ send_data(FILE *instr, FILE *outstr) struct stat st; char *chunk; int in = fileno(instr); - if(fstat(in, &st) == 0 && S_ISREG(st.st_mode) + if(fstat(in, &st) == 0 && S_ISREG(st.st_mode) && st.st_size > 0) { /* * mmap zero bytes has potential of loosing, don't do it. @@ -1505,7 +1470,7 @@ receive_data(FILE *instr, FILE *outstr) perror_reply(451, "Local resource failure: malloc"); return -1; } - + switch (type) { case TYPE_I: @@ -1534,7 +1499,7 @@ receive_data(FILE *instr, FILE *outstr) char *p, *q; int cr_flag = 0; while ((cnt = sec_read(fileno(instr), - buf + cr_flag, + buf + cr_flag, bufsize - cr_flag)) > 0){ if (urgflag && handleoobcmd()) return (-1); @@ -1583,13 +1548,13 @@ receive_data(FILE *instr, FILE *outstr) urgflag = 0; return (-1); } - + data_err: transflag = 0; urgflag = 0; perror_reply(426, "Data Connection"); return (-1); - + file_err: transflag = 0; urgflag = 0; @@ -1772,7 +1737,7 @@ do_delete(char *name) perror_reply(550, name); return; } - if ((st.st_mode&S_IFMT) == S_IFDIR) { + if (S_ISDIR(st.st_mode)) { if (rmdir(name) < 0) { perror_reply(550, name); return; @@ -1788,7 +1753,7 @@ done: } void -cwd(char *path) +cwd(const char *path) { if (chdir(path) < 0) @@ -1831,7 +1796,7 @@ pwd(void) char *ret; /* SunOS has a broken getcwd that does popen(pwd) (!!!), this - * failes miserably when running chroot + * failes miserably when running chroot */ ret = getcwd(path, sizeof(path)); if (ret == NULL) @@ -1902,7 +1867,7 @@ dologout(int status) transflag = 0; urgflag = 0; if (logged_in) { -#if KRB4 || KRB5 +#if KRB5 cond_kdestroy(); #endif seteuid((uid_t)0); /* No need to check, we call exit() below */ @@ -1913,7 +1878,7 @@ dologout(int status) exit(status); #else _exit(status); -#endif +#endif } void abor(void) @@ -2017,8 +1982,8 @@ pasv(void) socket_set_address_and_port (pasv_addr, socket_get_address (ctrl_addr), 0); - socket_set_portrange(pdata, restricted_data_ports, - pasv_addr->sa_family); + socket_set_portrange(pdata, restricted_data_ports, + pasv_addr->sa_family); if (seteuid(0) < 0) fatal("Failed to seteuid"); if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) { @@ -2064,8 +2029,8 @@ epsv(char *proto) socket_set_address_and_port (pasv_addr, socket_get_address (ctrl_addr), 0); - socket_set_portrange(pdata, restricted_data_ports, - pasv_addr->sa_family); + socket_set_portrange(pdata, restricted_data_ports, + pasv_addr->sa_family); if (seteuid(0) < 0) fatal("Failed to seteuid"); if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) { @@ -2123,7 +2088,7 @@ eprt(char *str) case 2 : data_dest->sa_family = AF_INET6; break; -#endif +#endif case 1 : data_dest->sa_family = AF_INET; break; @@ -2154,7 +2119,18 @@ eprt(char *str) reply(500, "Bad port syntax in EPRT"); return; } + if (port < IPPORT_RESERVED) { + reply(500, "Bad port in invalid range in EPRT"); + return; + } socket_set_port (data_dest, htons(port)); + + if (paranoid && + (data_dest->sa_family != his_addr->sa_family || + memcmp(socket_get_address(data_dest), socket_get_address(his_addr), socket_sockaddr_size(data_dest)) != 0)) + { + reply(500, "Bad address in EPRT"); + } reply(200, "EPRT command successful."); } @@ -2353,15 +2329,13 @@ out: transflag = 0; if (dout != NULL){ sec_write(fileno(dout), buf, 0); /* XXX flush */ - + fclose(dout); } data = -1; pdata = -1; - if (freeglob) { - freeglob = 0; + if (freeglob) globfree(&gl); - } } diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h b/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h index f5574e9..cff3ff3 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: ftpd_locl.h 14933 2005-04-24 19:58:14Z lha $ */ +/* $Id$ */ #ifndef __ftpd_locl_h__ #define __ftpd_locl_h__ @@ -145,14 +145,10 @@ #include <krb5.h> #endif /* KRB5 */ -#ifdef KRB4 -#include <krb.h> -#endif - -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) #include <kafs.h> #endif - + #ifdef OTP #include <otp.h> #endif diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 index 85b5f62..2e00a2b 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 +++ b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 @@ -1,4 +1,4 @@ -.\" $Id: ftpusers.5 11176 2002-08-20 17:07:29Z joda $ +.\" $Id$ .\" .Dd May 7, 1997 .Dt FTPUSERS 5 diff --git a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c index 6fa8f7e..6031b52 100644 --- a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c +++ b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c @@ -1,155 +1,75 @@ /* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ftpd_locl.h" -#include <gssapi.h> -#include <krb5.h> - -RCSID("$Id: gss_userok.c 21222 2007-06-20 10:11:14Z lha $"); - -/* XXX a bit too much of krb5 dependency here... - What is the correct way to do this? - */ - -struct gss_krb5_data { - krb5_context context; -}; +#include <gssapi/gssapi.h> /* XXX sync with gssapi.c */ -struct gss_data { +struct gssapi_data { gss_ctx_id_t context_hdl; - char *client_name; + gss_name_t client_name; gss_cred_id_t delegated_cred_handle; void *mech_data; }; -int gss_userok(void*, char*); /* to keep gcc happy */ -int gss_session(void*, char*); /* to keep gcc happy */ +int gssapi_userok(void*, char*); /* to keep gcc happy */ +int gssapi_session(void*, char*); /* to keep gcc happy */ int -gss_userok(void *app_data, char *username) +gssapi_userok(void *app_data, char *username) { - struct gss_data *data = app_data; - krb5_error_code ret; - krb5_principal client; - struct gss_krb5_data *kdata; - - kdata = calloc(1, sizeof(struct gss_krb5_data)); - if (kdata == NULL) - return 1; - data->mech_data = kdata; - - ret = krb5_init_context(&(kdata->context)); - if (ret) { - free(kdata); - return 1; - } + struct gssapi_data *data = app_data; - ret = krb5_parse_name(kdata->context, data->client_name, &client); - if(ret) { - krb5_free_context(kdata->context); - free(kdata); - return 1; - } - ret = krb5_kuserok(kdata->context, client, username); - if (!ret) { - krb5_free_principal(kdata->context, client); - krb5_free_context(kdata->context); - free(kdata); - return 1; - } - - ret = 0; - krb5_free_principal(kdata->context, client); - return ret; + /* Yes, this logic really is inverted. */ + return !gss_userok(data->client_name, username); } int -gss_session(void *app_data, char *username) +gssapi_session(void *app_data, char *username) { - struct gss_data *data = app_data; - krb5_error_code ret; - OM_uint32 minor_status; - struct gss_krb5_data *kdata; - - ret = 0; + struct gssapi_data *data = app_data; + OM_uint32 major, minor; + int ret = 0; - kdata = (struct gss_krb5_data *)(data->mech_data); - - /* more of krb-depend stuff :-( */ - /* gss_add_cred() ? */ if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) { - krb5_ccache ccache = NULL; - const char* ticketfile; - struct passwd *kpw; - - ret = krb5_cc_gen_new(kdata->context, &krb5_fcc_ops, &ccache); - if (ret) - goto fail; - - ticketfile = krb5_cc_get_name(kdata->context, ccache); - - ret = gss_krb5_copy_ccache(&minor_status, - data->delegated_cred_handle, - ccache); - if (ret) { - ret = 0; - goto fail; - } - - do_destroy_tickets = 1; - - kpw = getpwnam(username); - - if (kpw == NULL) { - unlink(ticketfile); - ret = 1; - goto fail; - } - - chown (ticketfile, kpw->pw_uid, kpw->pw_gid); - - if (asprintf(&k5ccname, "FILE:%s", ticketfile) != -1) { - esetenv ("KRB5CCNAME", k5ccname, 1); - } + major = gss_store_cred(&minor, data->delegated_cred_handle, + GSS_C_INITIATE, GSS_C_NO_OID, + 1, 1, NULL, NULL); + if (GSS_ERROR(major)) + ret = 1; afslog(NULL, 1); - fail: - if (ccache) - krb5_cc_close(kdata->context, ccache); } - - gss_release_cred(&minor_status, &data->delegated_cred_handle); - krb5_free_context(kdata->context); - free(kdata); + + gss_release_cred(&minor, &data->delegated_cred_handle); return ret; } diff --git a/crypto/heimdal/appl/ftp/ftpd/gssapi.c b/crypto/heimdal/appl/ftp/ftpd/gssapi.c index 9432feb..29be764 100644 --- a/crypto/heimdal/appl/ftp/ftpd/gssapi.c +++ b/crypto/heimdal/appl/ftp/ftpd/gssapi.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifdef FTP_SERVER @@ -36,17 +36,18 @@ #else #include "ftp_locl.h" #endif -#include <gssapi.h> +#include <gssapi/gssapi.h> +#include <gssapi/gssapi_krb5.h> #include <krb5_err.h> -RCSID("$Id: gssapi.c 21513 2007-07-12 12:45:25Z lha $"); +RCSID("$Id$"); int ftp_do_gss_bindings = 0; int ftp_do_gss_delegate = 1; -struct gss_data { +struct gssapi_data { gss_ctx_id_t context_hdl; - char *client_name; + gss_name_t client_name; gss_cred_id_t delegated_cred_handle; void *mech_data; }; @@ -54,7 +55,7 @@ struct gss_data { static int gss_init(void *app_data) { - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; d->context_hdl = GSS_C_NO_CONTEXT; d->delegated_cred_handle = GSS_C_NO_CREDENTIAL; #if defined(FTP_SERVER) @@ -84,7 +85,7 @@ gss_decode(void *app_data, void *buf, int len, int level) gss_buffer_desc input, output; gss_qop_t qop_state; int conf_state; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; size_t ret_len; input.length = len; @@ -116,7 +117,7 @@ gss_encode(void *app_data, void *from, int length, int level, void **to) OM_uint32 maj_stat, min_stat; gss_buffer_desc input, output; int conf_state; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; input.length = length; input.value = from; @@ -157,7 +158,7 @@ sockaddr_to_gss_address (struct sockaddr *sa, } default : errx (1, "unknown address family %d", sa->sa_family); - + } } @@ -172,7 +173,7 @@ gss_adat(void *app_data, void *buf, size_t len) gss_buffer_desc input_token, output_token; OM_uint32 maj_stat, min_stat; gss_name_t client_name; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; gss_channel_bindings_t bindings; if (ftp_do_gss_bindings) { @@ -186,7 +187,7 @@ gss_adat(void *app_data, void *buf, size_t len) sockaddr_to_gss_address (ctrl_addr, &bindings->acceptor_addrtype, &bindings->acceptor_address); - + bindings->application_data.length = 0; bindings->application_data.value = NULL; } else @@ -218,32 +219,8 @@ gss_adat(void *app_data, void *buf, size_t len) gss_release_buffer(&min_stat, &output_token); } if(maj_stat == GSS_S_COMPLETE){ - char *name; - gss_buffer_desc export_name; - gss_OID oid; - - maj_stat = gss_display_name(&min_stat, client_name, - &export_name, &oid); - if(maj_stat != 0) { - reply(500, "Error displaying name"); - goto out; - } - /* XXX kerberos */ - if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) { - reply(500, "OID not kerberos principal name"); - gss_release_buffer(&min_stat, &export_name); - goto out; - } - name = malloc(export_name.length + 1); - if(name == NULL) { - reply(500, "Out of memory"); - gss_release_buffer(&min_stat, &export_name); - goto out; - } - memcpy(name, export_name.value, export_name.length); - name[export_name.length] = '\0'; - gss_release_buffer(&min_stat, &export_name); - d->client_name = name; + d->client_name = client_name; + client_name = GSS_C_NO_NAME; if(p) reply(235, "ADAT=%s", p); else @@ -265,24 +242,25 @@ gss_adat(void *app_data, void *buf, size_t len) GSS_C_NO_OID, &msg_ctx, &status_string); - syslog(LOG_ERR, "gss_accept_sec_context: %s", + syslog(LOG_ERR, "gss_accept_sec_context: %.*s", + (int)status_string.length, (char*)status_string.value); gss_release_buffer(&new_stat, &status_string); reply(431, "Security resource unavailable"); } - out: + if (client_name) gss_release_name(&min_stat, &client_name); free(p); return 0; } -int gss_userok(void*, char*); -int gss_session(void*, char*); +int gssapi_userok(void*, char*); +int gssapi_session(void*, char*); struct sec_server_mech gss_server_mech = { "GSSAPI", - sizeof(struct gss_data), + sizeof(struct gssapi_data), gss_init, /* init */ NULL, /* end */ gss_check_prot, @@ -294,8 +272,8 @@ struct sec_server_mech gss_server_mech = { gss_adat, NULL, /* pbsz */ NULL, /* ccc */ - gss_userok, - gss_session + gssapi_userok, + gssapi_session }; #else /* FTP_SERVER */ @@ -324,15 +302,17 @@ import_name(const char *kname, const char *host, gss_name_t *target_name) OM_uint32 new_stat; OM_uint32 msg_ctx = 0; gss_buffer_desc status_string; - + gss_display_status(&new_stat, min_stat, GSS_C_MECH_CODE, GSS_C_NO_OID, &msg_ctx, &status_string); - printf("Error importing name %s: %s\n", + printf("Error importing name %.*s: %.*s\n", + (int)name.length, (char *)name.value, + (int)status_string.length, (char *)status_string.value); free(name.value); gss_release_buffer(&new_stat, &status_string); @@ -345,7 +325,7 @@ import_name(const char *kname, const char *host, gss_name_t *target_name) static int gss_auth(void *app_data, char *host) { - + OM_uint32 maj_stat, min_stat; gss_name_t target_name; gss_buffer_desc input, output_token; @@ -353,12 +333,12 @@ gss_auth(void *app_data, char *host) char *p; int n; gss_channel_bindings_t bindings; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; const char *knames[] = { "ftp", "host", NULL }, **kname = knames; - - + + if(import_name(*kname++, host, &target_name)) return AUTH_ERROR; @@ -369,14 +349,14 @@ gss_auth(void *app_data, char *host) bindings = malloc(sizeof(*bindings)); if (bindings == NULL) errx(1, "out of memory"); - + sockaddr_to_gss_address (myctladdr, &bindings->initiator_addrtype, &bindings->initiator_address); sockaddr_to_gss_address (hisctladdr, &bindings->acceptor_addrtype, &bindings->acceptor_address); - + bindings->application_data.length = 0; bindings->application_data.value = NULL; } else @@ -417,7 +397,7 @@ gss_auth(void *app_data, char *host) } continue; } - + if (bindings != GSS_C_NO_CHANNEL_BINDINGS) free(bindings); @@ -427,7 +407,8 @@ gss_auth(void *app_data, char *host) GSS_C_NO_OID, &msg_ctx, &status_string); - printf("Error initializing security context: %s\n", + printf("Error initializing security context: %.*s\n", + (int)status_string.length, (char*)status_string.value); gss_release_buffer(&new_stat, &status_string); return AUTH_CONTINUE; @@ -501,13 +482,15 @@ gss_auth(void *app_data, char *host) &name, NULL); if (GSS_ERROR(maj_stat) == 0) { - printf("Authenticated to <%s>\n", (char *)name.value); + printf("Authenticated to <%.*s>\n", + (int)name.length, + (char *)name.value); gss_release_buffer(&min_stat, &name); } gss_release_name(&min_stat, &targ_name); } else printf("Failed to get gss name of peer.\n"); - } + } return AUTH_OK; @@ -515,7 +498,7 @@ gss_auth(void *app_data, char *host) struct sec_client_mech gss_client_mech = { "GSSAPI", - sizeof(struct gss_data), + sizeof(struct gssapi_data), gss_init, gss_auth, NULL, /* end */ diff --git a/crypto/heimdal/appl/ftp/ftpd/kauth.c b/crypto/heimdal/appl/ftp/ftpd/kauth.c index 0f34092..546461d 100644 --- a/crypto/heimdal/appl/ftp/ftpd/kauth.c +++ b/crypto/heimdal/appl/ftp/ftpd/kauth.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 1999, 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 1999, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -33,226 +33,15 @@ #include "ftpd_locl.h" -RCSID("$Id: kauth.c 15666 2005-07-19 17:08:11Z lha $"); +RCSID("$Id$"); -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) int do_destroy_tickets = 1; char *k5ccname; #endif -#ifdef KRB4 - -static KTEXT_ST cip; -static unsigned int lifetime; -static time_t local_time; - -static krb_principal pr; - -static int -save_tkt(const char *user, - const char *instance, - const char *realm, - const void *arg, - key_proc_t key_proc, - KTEXT *cipp) -{ - local_time = time(0); - memmove(&cip, *cipp, sizeof(cip)); - return -1; -} - -static int -store_ticket(KTEXT cip) -{ - char *ptr; - des_cblock session; - krb_principal sp; - unsigned char kvno; - KTEXT_ST tkt; - int left = cip->length; - int len; - int kerror; - - ptr = (char *) cip->dat; - - /* extract session key */ - memmove(session, ptr, 8); - ptr += 8; - left -= 8; - - len = strnlen(ptr, left); - if (len == left) - return(INTK_BADPW); - - /* extract server's name */ - strlcpy(sp.name, ptr, sizeof(sp.name)); - ptr += len + 1; - left -= len + 1; - - len = strnlen(ptr, left); - if (len == left) - return(INTK_BADPW); - - /* extract server's instance */ - strlcpy(sp.instance, ptr, sizeof(sp.instance)); - ptr += len + 1; - left -= len + 1; - - len = strnlen(ptr, left); - if (len == left) - return(INTK_BADPW); - - /* extract server's realm */ - strlcpy(sp.realm, ptr, sizeof(sp.realm)); - ptr += len + 1; - left -= len + 1; - - if(left < 3) - return INTK_BADPW; - /* extract ticket lifetime, server key version, ticket length */ - /* be sure to avoid sign extension on lifetime! */ - lifetime = (unsigned char) ptr[0]; - kvno = (unsigned char) ptr[1]; - tkt.length = (unsigned char) ptr[2]; - ptr += 3; - left -= 3; - - if (tkt.length > left) - return(INTK_BADPW); - - /* extract ticket itself */ - memmove(tkt.dat, ptr, tkt.length); - ptr += tkt.length; - left -= tkt.length; - - /* Here is where the time should be verified against the KDC. - * Unfortunately everything is sent in host byte order (receiver - * makes wrong) , and at this stage there is no way for us to know - * which byteorder the KDC has. So we simply ignore the time, - * there are no security risks with this, the only thing that can - * happen is that we might receive a replayed ticket, which could - * at most be useless. - */ - -#if 0 - /* check KDC time stamp */ - { - time_t kdc_time; - - memmove(&kdc_time, ptr, sizeof(kdc_time)); - if (swap_bytes) swap_u_long(kdc_time); - - ptr += 4; - - if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) { - return(RD_AP_TIME); /* XXX should probably be better - code */ - } - } -#endif - - /* initialize ticket cache */ - - if (tf_create(TKT_FILE) != KSUCCESS) - return(INTK_ERR); - - if (tf_put_pname(pr.name) != KSUCCESS || - tf_put_pinst(pr.instance) != KSUCCESS) { - tf_close(); - return(INTK_ERR); - } - - - kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session, - lifetime, kvno, &tkt, local_time); - tf_close(); - - return(kerror); -} - -void -kauth(char *principal, char *ticket) -{ - char *p; - int ret; - - if(get_command_prot() != prot_private) { - reply(500, "Request denied (bad protection level)"); - return; - } - ret = krb_parse_name(principal, &pr); - if(ret){ - reply(500, "Bad principal: %s.", krb_get_err_text(ret)); - return; - } - if(pr.realm[0] == 0) - krb_get_lrealm(pr.realm, 1); - - if(ticket){ - cip.length = base64_decode(ticket, &cip.dat); - if(cip.length == -1){ - reply(500, "Failed to decode data."); - return; - } - ret = store_ticket(&cip); - if(ret){ - reply(500, "Kerberos error: %s.", krb_get_err_text(ret)); - memset(&cip, 0, sizeof(cip)); - return; - } - do_destroy_tickets = 1; - - if(k_hasafs()) - krb_afslog(0, 0); - reply(200, "Tickets will be destroyed on exit."); - return; - } - - ret = krb_get_in_tkt (pr.name, - pr.instance, - pr.realm, - KRB_TICKET_GRANTING_TICKET, - pr.realm, - DEFAULT_TKT_LIFE, - NULL, save_tkt, NULL); - if(ret != INTK_BADPW){ - reply(500, "Kerberos error: %s.", krb_get_err_text(ret)); - return; - } - if(base64_encode(cip.dat, cip.length, &p) < 0) { - reply(500, "Out of memory while base64-encoding."); - return; - } - reply(300, "P=%s T=%s", krb_unparse_name(&pr), p); - free(p); - memset(&cip, 0, sizeof(cip)); -} - - -static char * -short_date(int32_t dp) -{ - char *cp; - time_t t = (time_t)dp; - - if (t == (time_t)(-1L)) return "*** Never *** "; - cp = ctime(&t) + 4; - cp[15] = '\0'; - return (cp); -} - -void -krbtkfile(const char *tkfile) -{ - do_destroy_tickets = 0; - krb_set_tkt_string(tkfile); - reply(200, "Using ticket file %s", tkfile); -} - -#endif /* KRB4 */ - #ifdef KRB5 static void @@ -261,7 +50,7 @@ dest_cc(void) krb5_context context; krb5_error_code ret; krb5_ccache id; - + ret = krb5_init_context(&context); if (ret == 0) { if (k5ccname) @@ -278,7 +67,7 @@ dest_cc(void) } #endif -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) /* * Only destroy if we created the tickets @@ -288,9 +77,6 @@ void cond_kdestroy(void) { if (do_destroy_tickets) { -#if KRB4 - dest_tkt(); -#endif #if KRB5 dest_cc(); #endif @@ -302,9 +88,6 @@ cond_kdestroy(void) void kdestroy(void) { -#if KRB4 - dest_tkt(); -#endif #if KRB5 dest_cc(); #endif @@ -337,9 +120,6 @@ afslog(const char *cell, int quiet) krb5_free_context (context); } #endif -#ifdef KRB4 - krb_afslog(cell, 0); -#endif if (!quiet) reply(200, "afslog done"); } else { @@ -357,4 +137,4 @@ afsunlog(void) #else int ftpd_afslog_placeholder; -#endif /* KRB4 || KRB5 */ +#endif /* KRB5 */ diff --git a/crypto/heimdal/appl/ftp/ftpd/klist.c b/crypto/heimdal/appl/ftp/ftpd/klist.c index 4afa9b8..5da107d 100644 --- a/crypto/heimdal/appl/ftp/ftpd/klist.c +++ b/crypto/heimdal/appl/ftp/ftpd/klist.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -48,7 +48,7 @@ print_cred(krb5_context context, krb5_creds *cred) krb5_format_time(context, cred->times.starttime, t1, sizeof(t1), 1); else krb5_format_time(context, cred->times.authtime, t1, sizeof(t1), 1); - + if(cred->times.endtime > sec) krb5_format_time(context, cred->times.endtime, t2, sizeof(t2), 1); else @@ -81,7 +81,7 @@ print_tickets (krb5_context context, return 500; } - lreply(200, "%17s: %s:%s", + lreply(200, "%17s: %s:%s", "Credentials cache", krb5_cc_get_type(context, ccache), krb5_cc_get_name(context, ccache)); @@ -101,7 +101,7 @@ print_tickets (krb5_context context, &cursor, &cred)) == 0) { if (print_cred(context, &cred)) - return 500; + return 500; krb5_free_cred_contents (context, &cred); } if (ret != KRB5_CC_END) { @@ -137,7 +137,7 @@ klist5(void) else ret = krb5_cc_default (context, &ccache); if (ret) { - lreply(500, "krb5_cc_default: %d", ret); + lreply(500, "krb5_cc_default: %d", ret); return 500; } @@ -155,7 +155,7 @@ klist5(void) ret = krb5_cc_close (context, ccache); if (ret) { - lreply(500, "krb5_cc_close: %d", ret); + lreply(500, "krb5_cc_close: %d", ret); exit_status = 500; } diff --git a/crypto/heimdal/appl/ftp/ftpd/krb4.c b/crypto/heimdal/appl/ftp/ftpd/krb4.c deleted file mode 100644 index 408b7fa..0000000 --- a/crypto/heimdal/appl/ftp/ftpd/krb4.c +++ /dev/null @@ -1,340 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef FTP_SERVER -#include "ftpd_locl.h" -#else -#include "ftp_locl.h" -#endif -#include <krb.h> - -RCSID("$Id: krb4.c 17450 2006-05-05 11:11:43Z lha $"); - -#ifdef FTP_SERVER -#define LOCAL_ADDR ctrl_addr -#define REMOTE_ADDR his_addr -#else -#define LOCAL_ADDR myctladdr -#define REMOTE_ADDR hisctladdr -#endif - -extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR; - -struct krb4_data { - des_cblock key; - des_key_schedule schedule; - char name[ANAME_SZ]; - char instance[INST_SZ]; - char realm[REALM_SZ]; -}; - -static int -krb4_check_prot(void *app_data, int level) -{ - if(level == prot_confidential) - return -1; - return 0; -} - -static int -krb4_decode(void *app_data, void *buf, int len, int level) -{ - MSG_DAT m; - int e; - struct krb4_data *d = app_data; - - if(level == prot_safe) - e = krb_rd_safe(buf, len, &d->key, - (struct sockaddr_in *)REMOTE_ADDR, - (struct sockaddr_in *)LOCAL_ADDR, &m); - else - e = krb_rd_priv(buf, len, d->schedule, &d->key, - (struct sockaddr_in *)REMOTE_ADDR, - (struct sockaddr_in *)LOCAL_ADDR, &m); - if(e){ - syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e)); - return -1; - } - memmove(buf, m.app_data, m.app_length); - return m.app_length; -} - -static int -krb4_overhead(void *app_data, int level, int len) -{ - return 31; -} - -static int -krb4_encode(void *app_data, void *from, int length, int level, void **to) -{ - struct krb4_data *d = app_data; - *to = malloc(length + 31); - if(level == prot_safe) - return krb_mk_safe(from, *to, length, &d->key, - (struct sockaddr_in *)LOCAL_ADDR, - (struct sockaddr_in *)REMOTE_ADDR); - else if(level == prot_private) - return krb_mk_priv(from, *to, length, d->schedule, &d->key, - (struct sockaddr_in *)LOCAL_ADDR, - (struct sockaddr_in *)REMOTE_ADDR); - else - return -1; -} - -#ifdef FTP_SERVER - -static int -krb4_adat(void *app_data, void *buf, size_t len) -{ - KTEXT_ST tkt; - AUTH_DAT auth_dat; - char *p; - int kerror; - uint32_t cs; - char msg[35]; /* size of encrypted block */ - int tmp_len; - struct krb4_data *d = app_data; - char inst[INST_SZ]; - struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr; - - memcpy(tkt.dat, buf, len); - tkt.length = len; - - k_getsockinst(0, inst, sizeof(inst)); - kerror = krb_rd_req(&tkt, "ftp", inst, - his_addr_sin->sin_addr.s_addr, &auth_dat, ""); - if(kerror == RD_AP_UNDEC){ - k_getsockinst(0, inst, sizeof(inst)); - kerror = krb_rd_req(&tkt, "rcmd", inst, - his_addr_sin->sin_addr.s_addr, &auth_dat, ""); - } - - if(kerror){ - reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); - return -1; - } - - memcpy(d->key, auth_dat.session, sizeof(d->key)); - des_set_key(&d->key, d->schedule); - - strlcpy(d->name, auth_dat.pname, sizeof(d->name)); - strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance)); - strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance)); - - cs = auth_dat.checksum + 1; - { - unsigned char tmp[4]; - KRB_PUT_INT(cs, tmp, 4, sizeof(tmp)); - tmp_len = krb_mk_safe(tmp, msg, 4, &d->key, - (struct sockaddr_in *)LOCAL_ADDR, - (struct sockaddr_in *)REMOTE_ADDR); - } - if(tmp_len < 0){ - reply(535, "Error creating reply: %s.", strerror(errno)); - return -1; - } - len = tmp_len; - if(base64_encode(msg, len, &p) < 0) { - reply(535, "Out of memory base64-encoding."); - return -1; - } - reply(235, "ADAT=%s", p); - sec_complete = 1; - free(p); - return 0; -} - -static int -krb4_userok(void *app_data, char *user) -{ - struct krb4_data *d = app_data; - return krb_kuserok(d->name, d->instance, d->realm, user); -} - -struct sec_server_mech krb4_server_mech = { - "KERBEROS_V4", - sizeof(struct krb4_data), - NULL, /* init */ - NULL, /* end */ - krb4_check_prot, - krb4_overhead, - krb4_encode, - krb4_decode, - /* */ - NULL, - krb4_adat, - NULL, /* pbsz */ - NULL, /* ccc */ - krb4_userok -}; - -#else /* FTP_SERVER */ - -static int -krb4_init(void *app_data) -{ - return !use_kerberos; -} - -static int -mk_auth(struct krb4_data *d, KTEXT adat, - char *service, char *host, int checksum) -{ - int ret; - CREDENTIALS cred; - char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ]; - - strlcpy(sname, service, sizeof(sname)); - strlcpy(inst, krb_get_phost(host), sizeof(inst)); - strlcpy(realm, krb_realmofhost(host), sizeof(realm)); - ret = krb_mk_req(adat, sname, inst, realm, checksum); - if(ret) - return ret; - strlcpy(sname, service, sizeof(sname)); - strlcpy(inst, krb_get_phost(host), sizeof(inst)); - strlcpy(realm, krb_realmofhost(host), sizeof(realm)); - ret = krb_get_cred(sname, inst, realm, &cred); - memmove(&d->key, &cred.session, sizeof(des_cblock)); - des_key_sched(&d->key, d->schedule); - memset(&cred, 0, sizeof(cred)); - return ret; -} - -static int -krb4_auth(void *app_data, char *host) -{ - int ret; - char *p; - int len; - KTEXT_ST adat; - MSG_DAT msg_data; - int checksum; - uint32_t cs; - struct krb4_data *d = app_data; - struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR; - struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR; - - checksum = getpid(); - ret = mk_auth(d, &adat, "ftp", host, checksum); - if(ret == KDC_PR_UNKNOWN) - ret = mk_auth(d, &adat, "rcmd", host, checksum); - if(ret){ - printf("%s\n", krb_get_err_text(ret)); - return AUTH_CONTINUE; - } - -#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM - if (krb_get_config_bool("nat_in_use")) { - struct in_addr natAddr; - - if (krb_get_our_ip_for_realm(krb_realmofhost(host), - &natAddr) != KSUCCESS - && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS) - printf("Can't get address for realm %s\n", - krb_realmofhost(host)); - else { - if (natAddr.s_addr != localaddr->sin_addr.s_addr) { - printf("Using NAT IP address (%s) for kerberos 4\n", - inet_ntoa(natAddr)); - localaddr->sin_addr = natAddr; - - /* - * This not the best place to do this, but it - * is here we know that (probably) NAT is in - * use! - */ - - passivemode = 1; - printf("Setting: Passive mode on.\n"); - } - } - } -#endif - - printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr)); - printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr)); - - if(base64_encode(adat.dat, adat.length, &p) < 0) { - printf("Out of memory base64-encoding.\n"); - return AUTH_CONTINUE; - } - ret = command("ADAT %s", p); - free(p); - - if(ret != COMPLETE){ - printf("Server didn't accept auth data.\n"); - return AUTH_ERROR; - } - - p = strstr(reply_string, "ADAT="); - if(!p){ - printf("Remote host didn't send adat reply.\n"); - return AUTH_ERROR; - } - p += 5; - len = base64_decode(p, adat.dat); - if(len < 0){ - printf("Failed to decode base64 from server.\n"); - return AUTH_ERROR; - } - adat.length = len; - ret = krb_rd_safe(adat.dat, adat.length, &d->key, - (struct sockaddr_in *)hisctladdr, - (struct sockaddr_in *)myctladdr, &msg_data); - if(ret){ - printf("Error reading reply from server: %s.\n", - krb_get_err_text(ret)); - return AUTH_ERROR; - } - krb_get_int(msg_data.app_data, &cs, 4, 0); - if(cs - checksum != 1){ - printf("Bad checksum returned from server.\n"); - return AUTH_ERROR; - } - return AUTH_OK; -} - -struct sec_client_mech krb4_client_mech = { - "KERBEROS_V4", - sizeof(struct krb4_data), - krb4_init, /* init */ - krb4_auth, - NULL, /* end */ - krb4_check_prot, - krb4_overhead, - krb4_encode, - krb4_decode -}; - -#endif /* FTP_SERVER */ diff --git a/crypto/heimdal/appl/ftp/ftpd/logwtmp.c b/crypto/heimdal/appl/ftp/ftpd/logwtmp.c index ebf37e6..59f45b2 100644 --- a/crypto/heimdal/appl/ftp/ftpd/logwtmp.c +++ b/crypto/heimdal/appl/ftp/ftpd/logwtmp.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: logwtmp.c 9079 2000-09-19 13:17:20Z assar $"); +RCSID("$Id$"); #endif #include <stdio.h> @@ -58,9 +58,13 @@ RCSID("$Id: logwtmp.c 9079 2000-09-19 13:17:20Z assar $"); #ifdef HAVE_UTMPX_H #include <utmpx.h> #endif +#ifdef HAVE_ASL_H +#include <asl.h> +#endif #include <roken.h> #include "extern.h" +#ifndef HAVE_UTMPX_H #ifndef WTMP_FILE #ifdef _PATH_WTMP #define WTMP_FILE _PATH_WTMP @@ -68,20 +72,56 @@ RCSID("$Id: logwtmp.c 9079 2000-09-19 13:17:20Z assar $"); #define WTMP_FILE "/var/adm/wtmp" #endif #endif +#endif -void -ftpd_logwtmp(char *line, char *name, char *host) +#ifdef HAVE_ASL_H + +#ifndef ASL_KEY_FACILITY +#define ASL_KEY_FACILITY "Facility" +#endif + +static void +ftpd_logwtmp_asl(char *line, char *name, char *host) +{ + static aslmsg m = NULL; + static int init = 0; + + if (!init) { + init = 1; + m = asl_new(ASL_TYPE_MSG); + if (m == NULL) + return; + asl_set(m, ASL_KEY_FACILITY, "org.h5l.ftpd"); + } + if (m) + asl_log(NULL, m, ASL_LEVEL_NOTICE, + "host %s/%s user %s%sconnected pid %d", + host, line, name, name[0] ? " " : "dis", (int)getpid()); +} + +#endif + +#ifndef HAVE_ASL_H + +static void +ftpd_logwtmp_wtmp(char *line, char *name, char *host) { static int init = 0; static int fd; #ifdef WTMPX_FILE static int fdx; #endif +#ifdef HAVE_UTMP_H struct utmp ut; -#ifdef WTMPX_FILE +#endif +#if defined(WTMPX_FILE) || defined(HAVE_UTMPX_H) struct utmpx utx; #endif +#ifdef HAVE_UTMPX_H + memset(&utx, 0, sizeof(struct utmpx)); +#endif +#ifdef HAVE_UTMP_H memset(&ut, 0, sizeof(struct utmp)); #ifdef HAVE_STRUCT_UTMP_UT_TYPE if(name[0]) @@ -98,8 +138,9 @@ ftpd_logwtmp(char *line, char *name, char *host) strncpy(ut.ut_host, host, sizeof(ut.ut_host)); #endif ut.ut_time = time(NULL); +#endif -#ifdef WTMPX_FILE +#if defined(WTMPX_FILE) || defined(HAVE_UTMPX_H) strncpy(utx.ut_line, line, sizeof(utx.ut_line)); strncpy(utx.ut_user, name, sizeof(utx.ut_user)); strncpy(utx.ut_host, host, sizeof(utx.ut_host)); @@ -122,17 +163,37 @@ ftpd_logwtmp(char *line, char *name, char *host) utx.ut_type = DEAD_PROCESS; #endif +#ifdef HAVE_UTMPX_H + pututxline(&utx); +#endif + if(!init){ +#ifdef WTMP_FILE fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0); +#endif #ifdef WTMPX_FILE fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0); #endif init = 1; } if(fd >= 0) { +#ifdef WTMP_FILE write(fd, &ut, sizeof(struct utmp)); /* XXX */ +#endif #ifdef WTMPX_FILE write(fdx, &utx, sizeof(struct utmpx)); -#endif +#endif } } + +#endif /* !HAVE_ASL_H */ + +void +ftpd_logwtmp(char *line, char *name, char *host) +{ +#ifdef HAVE_ASL_H + ftpd_logwtmp_asl(line, name, host); +#else + ftpd_logwtmp_wtmp(line, name, host); +#endif +} diff --git a/crypto/heimdal/appl/ftp/ftpd/ls.c b/crypto/heimdal/appl/ftp/ftpd/ls.c index 9dcd848..a8366b9 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ls.c +++ b/crypto/heimdal/appl/ftp/ftpd/ls.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,7 +33,7 @@ #ifndef TEST #include "ftpd_locl.h" -RCSID("$Id: ls.c 16216 2005-10-22 13:15:43Z lha $"); +RCSID("$Id$"); #else #include <stdio.h> @@ -152,10 +152,10 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags) char buf[128]; int file_type = 0; struct stat *st = &file->st; - + file->inode = st->st_ino; file->bsize = block_convert(st->st_blocks); - + if(S_ISDIR(st->st_mode)) { file->mode[0] = 'd'; file_type = '/'; @@ -187,10 +187,10 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags) file_type = '%'; } #endif - else + else file->mode[0] = '?'; { - char *x[] = { "---", "--x", "-w-", "-wx", + char *x[] = { "---", "--x", "-w-", "-wx", "r--", "r-x", "rw-", "rwx" }; strcpy(file->mode + 1, x[(st->st_mode & S_IRWXU) >> 6]); strcpy(file->mode + 4, x[(st->st_mode & S_IRWXG) >> 3]); @@ -241,7 +241,7 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags) return -1; } } - + if(S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) { #if defined(major) && defined(minor) if (asprintf(&file->major, "%u", (unsigned)major(st->st_rdev)) == -1) @@ -405,16 +405,16 @@ find_log10(int num) * have to fetch them. */ -#ifdef KRB4 +#ifdef KRB5 static int do_the_afs_dance = 1; #endif static int lstat_file (const char *file, struct stat *sb) { -#ifdef KRB4 +#ifdef KRB5 if (do_the_afs_dance && - k_hasafs() + k_hasafs() && strcmp(file, ".") && strcmp(file, "..") && strcmp(file, "/")) @@ -425,19 +425,19 @@ lstat_file (const char *file, struct stat *sb) static ino_t ino_counter = 0, ino_last = 0; int ret; const int maxsize = 2048; - + path_bkp = strdup (file); if (path_bkp == NULL) return -1; - + a_params.out = malloc (maxsize); - if (a_params.out == NULL) { + if (a_params.out == NULL) { free (path_bkp); return -1; } - + /* If path contains more than the filename alone - split it */ - + last = strrchr (path_bkp, '/'); if (last != NULL) { if(last[1] == '\0') @@ -457,10 +457,10 @@ lstat_file (const char *file, struct stat *sb) dir = "."; a_params.in = path_bkp; } - + a_params.in_size = strlen (a_params.in) + 1; a_params.out_size = maxsize; - + ret = k_pioctl (dir, VIOC_AFS_STAT_MT_PT, &a_params, 0); free (a_params.out); if (ret < 0) { @@ -473,7 +473,7 @@ lstat_file (const char *file, struct stat *sb) return lstat (file, sb); } - /* + /* * wow this was a mountpoint, lets cook the struct stat * use . as a prototype */ @@ -494,7 +494,7 @@ lstat_file (const char *file, struct stat *sb) return 0; } -#endif /* KRB4 */ +#endif /* KRB5 */ return lstat (file, sb); } @@ -551,15 +551,15 @@ list_files(FILE *out, const char **files, int n_files, int flags) } switch(SORT_MODE(flags)) { case LS_SORT_NAME: - qsort(fi, n_files, sizeof(*fi), + qsort(fi, n_files, sizeof(*fi), (int (*)(const void*, const void*))compare_filename); break; case LS_SORT_MTIME: - qsort(fi, n_files, sizeof(*fi), + qsort(fi, n_files, sizeof(*fi), (int (*)(const void*, const void*))compare_mtime); break; case LS_SORT_SIZE: - qsort(fi, n_files, sizeof(*fi), + qsort(fi, n_files, sizeof(*fi), (int (*)(const void*, const void*))compare_size); break; } @@ -602,7 +602,7 @@ list_files(FILE *out, const char **files, int n_files, int flags) max_inode = find_log10(max_inode); max_bsize = find_log10(max_bsize); max_n_link = find_log10(max_n_link); - + if(n_print > 0) sec_fprintf2(out, "total %lu\r\n", (unsigned long)total_blocks); if(flags & LS_SORT_REVERSE) @@ -633,7 +633,7 @@ list_files(FILE *out, const char **files, int n_files, int flags) max_major, max_minor, max_date); - } else if(DISP_MODE(flags) == LS_DISP_COLUMN || + } else if(DISP_MODE(flags) == LS_DISP_COLUMN || DISP_MODE(flags) == LS_DISP_CROSS) { int max_len = 0; int size_len = 0; @@ -660,14 +660,14 @@ list_files(FILE *out, const char **files, int n_files, int flags) max_len = 80 / columns; } if(flags & LS_SIZE) - sec_fprintf2(out, "total %lu\r\n", + sec_fprintf2(out, "total %lu\r\n", (unsigned long)total_blocks); if(DISP_MODE(flags) == LS_DISP_CROSS) { for(i = 0, j = 0; i < n_files; i++) { if(fi[i].filename == NULL) continue; if(flags & LS_SIZE) - sec_fprintf2(out, "%*u %-*s", size_len, fi[i].bsize, + sec_fprintf2(out, "%*u %-*s", size_len, fi[i].bsize, max_len, fi[i].filename); else sec_fprintf2(out, "%-*s", max_len, fi[i].filename); @@ -681,13 +681,13 @@ list_files(FILE *out, const char **files, int n_files, int flags) sec_fprintf2(out, "\r\n"); } else { int skip = (num_files + columns - 1) / columns; - j = 0; + for(i = 0; i < skip; i++) { for(j = i; j < n_files;) { while(j < n_files && fi[j].filename == NULL) j++; if(flags & LS_SIZE) - sec_fprintf2(out, "%*u %-*s", size_len, fi[j].bsize, + sec_fprintf2(out, "%*u %-*s", size_len, fi[j].bsize, max_len, fi[j].filename); else sec_fprintf2(out, "%-*s", max_len, fi[j].filename); @@ -710,7 +710,7 @@ list_files(FILE *out, const char **files, int n_files, int flags) const char *p = strrchr(files[i], '/'); if(p == NULL) p = files[i]; - else + else p++; if(!(flags & LS_DIR_FLAG) || !IS_DOT_DOTDOT(p)) { if((flags & LS_SHOW_DIRNAME)) { diff --git a/crypto/heimdal/appl/ftp/ftpd/popen.c b/crypto/heimdal/appl/ftp/ftpd/popen.c index dc75fb4..5488472 100644 --- a/crypto/heimdal/appl/ftp/ftpd/popen.c +++ b/crypto/heimdal/appl/ftp/ftpd/popen.c @@ -37,7 +37,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: popen.c 10900 2002-04-02 11:57:39Z joda $"); +RCSID("$Id$"); #endif #include <sys/types.h> @@ -65,7 +65,7 @@ RCSID("$Id: popen.c 10900 2002-04-02 11:57:39Z joda $"); #include "extern.h" -/* +/* * Special version of popen which avoids call to shell. This ensures * no one may create a pipe to a hidden program as a side effect of a * list or dir command. @@ -73,8 +73,6 @@ RCSID("$Id: popen.c 10900 2002-04-02 11:57:39Z joda $"); static int *pids; static int fds; -extern int dochroot; - /* return path prepended with ~ftp if that file exists, otherwise * return path unchanged */ @@ -148,8 +146,8 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob) ; memset(&gl, 0, sizeof(gl)); - if (no_glob || - glob(argv[argc], flags, NULL, &gl) || + if (no_glob || + glob(argv[argc], flags, NULL, &gl) || gl.gl_pathc == 0) gargv[gargc++] = strdup(argv[argc]); else @@ -198,8 +196,8 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob) close(pdes[0]); } pids[fileno(iop)] = pid; - -pfree: + +pfree: for (argc = 1; gargv[argc] != NULL; argc++) free(gargv[argc]); diff --git a/crypto/heimdal/appl/ftp/ftpd/security.c b/crypto/heimdal/appl/ftp/ftpd/security.c index 2a4803f..86c73a1 100644 --- a/crypto/heimdal/appl/ftp/ftpd/security.c +++ b/crypto/heimdal/appl/ftp/ftpd/security.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1998-2002, 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1998-2002, 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -37,7 +37,7 @@ #include "ftp_locl.h" #endif -RCSID("$Id: security.c 21225 2007-06-20 10:16:02Z lha $"); +RCSID("$Id$"); static enum protection_level command_prot; static enum protection_level data_prot; @@ -74,14 +74,14 @@ level_to_name(enum protection_level level) } #ifndef FTP_SERVER /* not used in server */ -static enum protection_level +static enum protection_level name_to_level(const char *name) { int i; for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) if(!strncasecmp(level_names[i].name, name, strlen(name))) return level_names[i].level; - return (enum protection_level)-1; + return prot_invalid; } #endif @@ -91,9 +91,6 @@ static struct sec_server_mech *mechs[] = { #ifdef KRB5 &gss_server_mech, #endif -#ifdef KRB4 - &krb4_server_mech, -#endif NULL }; @@ -105,9 +102,6 @@ static struct sec_client_mech *mechs[] = { #ifdef KRB5 &gss_client_mech, #endif -#ifdef KRB4 - &krb4_client_mech, -#endif NULL }; @@ -229,12 +223,12 @@ sec_read(int fd, void *dataptr, int length) in_buffer.eof_flag = 0; return 0; } - + len = buffer_read(&in_buffer, dataptr, length); length -= len; rx += len; dataptr = (char*)dataptr + len; - + while(length){ int ret; @@ -286,7 +280,7 @@ sec_write(int fd, char *dataptr, int length) { int len = buffer_size; int tx = 0; - + if(data_prot == prot_clear) return write(fd, dataptr, length); @@ -337,7 +331,7 @@ sec_putc(int c, FILE *F) char ch = c; if(data_prot == prot_clear) return putc(c, F); - + buffer_write(&out_buffer, &ch, 1); if(c == '\n' || out_buffer.index >= 1024 /* XXX */) { sec_write(fileno(F), out_buffer.data, out_buffer.index); @@ -352,14 +346,14 @@ sec_read_msg(char *s, int level) int len; char *buf; int return_code; - + buf = malloc(strlen(s)); len = base64_decode(s + 4, buf); /* XXX */ - + len = (*mech->decode)(app_data, buf, len, level); if(len < 0) return -1; - + buf[len] = '\0'; if(buf[3] == '-') @@ -381,7 +375,7 @@ sec_vfprintf(FILE *f, const char *fmt, va_list ap) int len; if(!sec_complete) return vfprintf(f, fmt, ap); - + if (vasprintf(&buf, fmt, ap) == -1) { printf("Failed to allocate command.\n"); return -1; @@ -520,10 +514,10 @@ prot(char *pl) reply(504, "Unrecognized protection level."); return; } - + if(sec_complete){ if((*mech->check_prot)(app_data, p)){ - reply(536, "%s does not support %s protection.", + reply(536, "%s does not support %s protection.", mech->name, level_to_name(p)); }else{ data_prot = (enum protection_level)p; @@ -556,14 +550,20 @@ void mec(char *msg, enum protection_level level) } buf_size = strlen(msg) + 2; buf = malloc(buf_size); + if (buf == NULL) { + reply(501, "Failed to allocate %lu", (unsigned long)buf_size); + return; + } len = base64_decode(msg, buf); command_prot = level; if(len == (size_t)-1) { + free(buf); reply(501, "Failed to base64-decode command"); return; } len = (*mech->decode)(app_data, buf, len, level); if(len == (size_t)-1) { + free(buf); reply(535, "Failed to decode command"); return; } @@ -628,7 +628,7 @@ sec_status(void) printf("Using %s command channel.\n", level_to_name(command_prot)); printf("Using %s data channel.\n", level_to_name(data_prot)); if(buffer_size > 0) - printf("Protection buffer size: %lu.\n", + printf("Protection buffer size: %lu.\n", (unsigned long)buffer_size); }else{ printf("Not using any security mechanism.\n"); @@ -669,7 +669,7 @@ sec_prot_internal(int level) printf("Failed to set protection level.\n"); return -1; } - + data_prot = (enum protection_level)level; return 0; } @@ -683,7 +683,7 @@ set_command_prot(enum protection_level level) ret = command("CCC"); if(ret != COMPLETE) { printf("Failed to clear command channel.\n"); - return -1; + return prot_invalid; } } command_prot = level; @@ -708,17 +708,17 @@ sec_prot(int argc, char **argv) return; } level = name_to_level(argv[argc - 1]); - + if(level == -1) goto usage; - + if((*mech->check_prot)(app_data, level)) { - printf("%s does not implement %s protection.\n", + printf("%s does not implement %s protection.\n", mech->name, level_to_name(level)); code = -1; return; } - + if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) { if(sec_prot_internal(level) < 0){ code = -1; @@ -759,9 +759,9 @@ sec_prot_command(int argc, char **argv) level = name_to_level(argv[1]); if(level == -1) goto usage; - + if((*mech->check_prot)(app_data, level)) { - printf("%s does not implement %s protection.\n", + printf("%s does not implement %s protection.\n", mech->name, level_to_name(level)); code = -1; return; @@ -808,7 +808,7 @@ sec_login(char *host) verbose = -1; /* shut up all messages this will produce (they are usually not very user friendly) */ - + for(m = mechs; *m && (*m)->name; m++) { void *tmp; @@ -818,7 +818,7 @@ sec_login(char *host) return -1; } app_data = tmp; - + if((*m)->init && (*(*m)->init)(app_data) != 0) { printf("Skipping %s...\n", (*m)->name); continue; @@ -840,7 +840,7 @@ sec_login(char *host) } ret = (*(*m)->auth)(app_data, host); - + if(ret == AUTH_CONTINUE) continue; else if(ret != AUTH_OK){ @@ -852,13 +852,13 @@ sec_login(char *host) sec_complete = 1; if(doencrypt) { command_prot = prot_private; - request_data_prot = prot_private; + request_data_prot = prot_private; } else { command_prot = prot_safe; } break; } - + verbose = old_verbose; return *m == NULL; } |
