summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/appl/ftp/ftpd
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/appl/ftp/ftpd')
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/Makefile.in16
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpd.813
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpd.c14
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpd.cat8296
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpusers.52
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpusers.cat527
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/popen.c5
7 files changed, 360 insertions, 13 deletions
diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.in b/crypto/heimdal/appl/ftp/ftpd/Makefile.in
index a3fa628..cd67376 100644
--- a/crypto/heimdal/appl/ftp/ftpd/Makefile.in
+++ b/crypto/heimdal/appl/ftp/ftpd/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
CHECK_LOCAL =
libexec_PROGRAMS = ftpd
@@ -288,7 +291,7 @@ OBJECTS = $(am_ftpd_OBJECTS)
all: all-redirect
.SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x .y
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj .y
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/ftpd/Makefile
@@ -462,6 +465,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
+GTAGS:
+ here=`CDPATH=: && cd $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $$here
+
mostlyclean-tags:
clean-tags:
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.8
index 745090c..32d5002 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.8
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.8
@@ -40,7 +40,7 @@
.Nm ftpd
.Nd Internet File Transfer Protocol server
.Sh SYNOPSIS
-.Nm ftpd
+.Nm
.Op Fl a Ar authmode
.Op Fl dilv
.Op Fl g Ar umask
@@ -48,6 +48,8 @@
.Op Fl T Ar maxtimeout
.Op Fl t Ar timeout
.Op Fl u Ar default umask
+.Op Fl B | Fl -builtin-ls
+.Op Fl -good-chars= Ns Ar string
.Sh DESCRIPTION
.Nm Ftpd
is the
@@ -128,6 +130,15 @@ seconds (the default is 15 minutes).
Set the initial umask to something else than the default 027.
.It Fl v
Verbose mode.
+.It Xo
+.Fl B Ns ,
+.Fl -builtin-ls
+.Xc
+use built-in ls to list files
+.It Xo
+.Fl -good-chars= Ns Ar string
+.Xc
+allowed anonymous upload filename chars
.El
.Pp
The file
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c
index 4db5e9f..faf07ff 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.c
@@ -38,7 +38,7 @@
#endif
#include "getarg.h"
-RCSID("$Id: ftpd.c,v 1.153 2001/01/18 09:14:59 joda Exp $");
+RCSID("$Id: ftpd.c,v 1.157 2001/04/19 14:41:29 joda Exp $");
static char version[] = "Version 6.00";
@@ -262,7 +262,7 @@ main(int argc, char **argv)
int optind = 0;
- set_progname (argv[0]);
+ setprogname (argv[0]);
/* detach from any tickets and tokens */
{
@@ -1187,18 +1187,22 @@ do_store(char *name, char *mode, int unique)
goto done;
set_buffer_size(fileno(din), 1);
if (receive_data(din, fout) == 0) {
+ if((*closefunc)(fout) < 0)
+ perror_reply(552, name);
+ else {
if (unique)
reply(226, "Transfer complete (unique file name:%s).",
name);
else
reply(226, "Transfer complete.");
- }
+ }
+ } else
+ (*closefunc)(fout);
fclose(din);
data = -1;
pdata = -1;
done:
LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count);
- (*closefunc)(fout);
}
static FILE *
@@ -2161,7 +2165,7 @@ send_file_list(char *whichf)
char buf[MaxPathLen];
if (strpbrk(whichf, "~{[*?") != NULL) {
- int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|GLOB_LIMIT;
memset(&gl, 0, sizeof(gl));
freeglob = 1;
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
new file mode 100644
index 0000000..d4af02e
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
@@ -0,0 +1,296 @@
+
+FTPD(8) UNIX System Manager's Manual FTPD(8)
+
+NNAAMMEE
+ ffttppdd - Internet File Transfer Protocol server
+
+SSYYNNOOPPSSIISS
+ ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvv] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt
+ _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g]
+
+DDEESSCCRRIIPPTTIIOONN
+ FFttppdd is the Internet File Transfer Protocol server process. The server
+ uses the TCP protocol and listens at the port specified in the ``ftp''
+ service specification; see services(5).
+
+ Available options:
+
+ --aa Select the level of authentication required. Kerberised login
+ can not be turned off. The default is to only allow kerberised
+ login. Other possibilities can be turned on by giving a string
+ of comma separated flags as argument to --aa. Recognised flags are:
+
+ _p_l_a_i_n Allow logging in with plaintext password. The password can
+ be a(n) OTP or an ordinary password.
+
+ _o_t_p Same as _p_l_a_i_n, but only OTP is allowed.
+
+ _f_t_p Allow anonymous login.
+
+ The following combination modes exists for backwards compatibili-
+ ty:
+
+ _n_o_n_e Same as _p_l_a_i_n_,_f_t_p.
+
+ _s_a_f_e Same as _f_t_p.
+
+ _u_s_e_r Ignored.
+
+ --dd Debugging information is written to the syslog using LOG_FTP.
+
+ --gg Anonymous users will get a umask of _u_m_a_s_k.
+
+ --ii Open a socket and wait for a connection. This is mainly used for
+ debugging when ftpd isn't started by inetd.
+
+ --ll Each successful and failed ftp(1) session is logged using syslog
+ with a facility of LOG_FTP. If this option is specified twice,
+ the retrieve (get), store (put), append, delete, make directory,
+ remove directory and rename operations and their filename argu-
+ ments are also logged.
+
+ --pp Use _p_o_r_t (a service name or number) instead of the default
+ _f_t_p_/_t_c_p.
+
+ --TT A client may also request a different timeout period; the maximum
+ period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option.
+ The default limit is 2 hours.
+
+ --tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de-
+ fault is 15 minutes).
+
+ --uu Set the initial umask to something else than the default 027.
+
+
+
+ --vv Verbose mode.
+
+ --BB, ----bbuuiillttiinn--llss
+ use built-in ls to list files
+
+ ----ggoooodd--cchhaarrss==_s_t_r_i_n_g
+ allowed anonymous upload filename chars
+
+ The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex-
+ ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
+ ffttppdd prints it before issuing the ``ready'' message. If the file
+ _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login.
+
+ The ftp server currently supports the following ftp requests. The case
+ of the requests is ignored.
+
+ Request Description
+ ABOR abort previous command
+ ACCT specify account (ignored)
+ ALLO allocate storage (vacuously)
+ APPE append to a file
+ CDUP change to parent of current working directory
+ CWD change working directory
+ DELE delete a file
+ HELP give help information
+ LIST give list files in a directory (``ls -lgA'')
+ MKD make a directory
+ MDTM show last modification time of file
+ MODE specify data transfer _m_o_d_e
+ NLST give name list of files in directory
+ NOOP do nothing
+ PASS specify password
+ PASV prepare for server-to-server transfer
+ PORT specify data connection port
+ PWD print the current working directory
+ QUIT terminate session
+ REST restart incomplete transfer
+ RETR retrieve a file
+ RMD remove a directory
+ RNFR specify rename-from file name
+ RNTO specify rename-to file name
+ SITE non-standard commands (see next section)
+ SIZE return size of file
+ STAT return status of server
+ STOR store a file
+ STOU store a file with a unique name
+ STRU specify data transfer _s_t_r_u_c_t_u_r_e
+ SYST show operating system type of server system
+ TYPE specify data transfer _t_y_p_e
+ USER specify user name
+ XCUP change to parent of current working directory
+ (deprecated)
+ XCWD change working directory (deprecated)
+ XMKD make a directory (deprecated)
+ XPWD print the current working directory (deprecated)
+ XRMD remove a directory (deprecated)
+
+ The following commands are specified by RFC2228.
+
+ AUTH authentication/security mechanism
+ ADAT authentication/security data
+ PROT data channel protection level
+ PBSZ protection buffer size
+ MIC integrity protected command
+
+
+ CONF confidentiality protected command
+ ENC privacy protected command
+ CCC clear command channel
+
+ The following non-standard or UNIX specific commands are supported by the
+ SITE request.
+
+ UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022)
+ IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600)
+ CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee)
+ FIND quickly find a specific file with GNU locate(1).
+ HELP give help information.
+
+ The following Kerberos related site commands are understood.
+
+ KAUTH obtain remote tickets.
+ KLIST show remote tickets
+
+ The remaining ftp requests specified in Internet RFC 959 are recognized,
+ but not implemented. MDTM and SIZE are not specified in RFC 959, but
+ will appear in the next updated FTP RFC.
+
+ The ftp server will abort an active file transfer only when the ABOR com-
+ mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet
+ "Synch" signal in the command Telnet stream, as described in Internet RFC
+ 959. If a STAT command is received during a data transfer, preceded by a
+ Telnet IP and Synch, transfer status will be returned.
+
+ FFttppdd interprets file names according to the ``globbing'' conventions used
+ by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''.
+
+ FFttppdd authenticates users according to these rules.
+
+ 1. If Kerberos authentication is used, the user must pass valid
+ tickets and the principal must be allowed to login as the re-
+ mote user.
+
+ 2. The login name must be in the password data base, and not have
+ a null password (if kerberos is used the password field is not
+ checked). In this case a password must be provided by the
+ client before any file operations may be performed. If the
+ user has an OTP key, the response from a successful USER com-
+ mand will include an OTP challenge. The client may choose to
+ respond with a PASS command giving either a standard password
+ or an OTP one-time password. The server will automatically de-
+ termine which type of password it has been given and attempt
+ to authenticate accordingly. See otp(1) for more information
+ on OTP authentication.
+
+ 3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s.
+
+ 4. The user must have a standard shell returned by
+ getusershell(3).
+
+ 5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses-
+ sion's root will be changed to the user's login directory by
+ chroot(2) as for an ``anonymous'' or ``ftp'' account (see next
+ item). However, the user must still supply a password. This
+ feature is intended as a compromise between a fully anonymous
+ account and a fully privileged account. The account should
+ also be set up as for an anonymous account.
+
+ 6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp
+ account must be present in the password file (user ``ftp'').
+ In this case the user is allowed to log in by specifying any
+ password (by convention an email address for the user should
+ be used as the password).
+
+ In the last case, ffttppdd takes special measures to restrict the client's
+ access privileges. The server performs a chroot(2) to the home directory
+ of the ``ftp'' user. In order that system security is not breached, it
+ is recommended that the ``ftp'' subtree be constructed with care, consid-
+ er following these guidelines for anonymous ftp.
+
+ In general all files should be owned by ``root'', and have non-write per-
+ missions (644 or 755 depending on the kind of file). No files should be
+ owned or writable by ``ftp'' (possibly with exception for the
+ _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below).
+
+ _~_f_t_p The ``ftp'' homedirectory should be owned by root.
+
+ _~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)).
+ These programs must either be statically linked, or you
+ must setup an environment for dynamic linking when run-
+ ning chrooted. These programs will be used if present:
+
+ ls Used when listing files.
+
+ compress
+ When retrieving a filename that ends in _._Z,
+ and that file isn't present, ffttppdd will try
+ to find the filename without _._Z and com-
+ press it on the fly.
+
+ gzip Same as compress, just with files ending in
+ _._g_z.
+
+ gtar Enables retrieval of whole directories as
+ files ending in _._t_a_r. Can also be combined
+ with compression. You must use GNU Tar (or
+ some other that supports the --zz and --ZZ
+ flags).
+
+ locate Will enable ``fast find'' with the SSIITTEE
+ FFIINNDD command. You must also create a
+ _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c.
+
+ _~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files
+ here, ls will be able to produce owner names rather than
+ numbers. Remember to remove any passwords from these
+ files.
+
+ The file _m_o_t_d, if present, will be printed after a suc-
+ cessful login.
+
+ _~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here.
+
+ _~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub-
+ lic.
+
+ If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di-
+ rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure
+ ``ftp'' is member of group ``ftp''). The following restrictions apply to
+ anonymous users:
+
+ ++oo Directories created will have mode 700.
+
+ ++oo Uploaded files will be created with an umask of 777, if not changed
+ with the --gg option.
+
+ ++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK,
+
+ and SSIITTEE CCHHMMOODD.
+
+ ++oo Filenames must start with an alpha-numeric character, and consist of
+ alpha-numeric characters or any of the following: + (plus), - (mi-
+ nus), = (equal), _ (underscore), . (period), and , (comma).
+
+FFIILLEESS
+ /etc/ftpusers Access list for users.
+ /etc/ftpchroot List of normal users who should be chroot'd.
+ /etc/ftpwelcome Welcome notice.
+ /etc/motd Welcome notice after login.
+ /etc/nologin Displayed and access refused.
+ ~/.klogin Login access for Kerberos.
+
+SSEEEE AALLSSOO
+ ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8),
+
+SSTTAANNDDAARRDDSS
+ RRFFCC 995599 FTP PROTOCOL SPECIFICATION
+ RRFFCC 11993388 OTP Specification
+ RRFFCC 22222288 FTP Security Extensions.
+
+BBUUGGSS
+ The server must run as the super-user to create sockets with privileged
+ port numbers. It maintains an effective user id of the logged in user,
+ reverting to the super-user only when binding addresses to sockets. The
+ possible security holes have been extensively scrutinized, but are possi-
+ bly incomplete.
+
+HHIISSTTOORRYY
+ The ffttppdd command appeared in 4.2BSD.
+
+4.2 Berkeley Distribution April 19, 1997 5
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
index d10d15a..631f11b 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
@@ -1,4 +1,4 @@
-.\" $Id: ftpusers.5,v 1.3 2001/01/11 16:16:26 assar Exp $
+.\" $Id: ftpusers.5,v 1.4 2001/05/02 08:59:20 assar Exp $
.\"
.Dd May 7, 1997
.Dt FTPUSERS 5
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5
new file mode 100644
index 0000000..d2ee3d3
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5
@@ -0,0 +1,27 @@
+
+FTPUSERS(5) UNIX Programmer's Manual FTPUSERS(5)
+
+NNAAMMEE
+ _/_e_t_c_/_f_t_p_u_s_e_r_s - FTP access list file
+
+DDEESSCCRRIIPPTTIIOONN
+ _/_e_t_c_/_f_t_p_u_s_e_r_s contains a list of users that should be allowed or denied
+ FTP access. Each line contains a user, optionally followed by ``allow''
+ (anything but ``allow'' is ignored). The semi-user ``*'' matches any us-
+ er. Users that has an explicit ``allow'', or that does not match any
+ line, are allowed access. Anyone else is denied access.
+
+ Note that this is compatible with the old format, where this file con-
+ tained a list of users that should be denied access.
+
+EEXXAAMMPPLLEESS
+ This will deny anyone but ``foo'' and ``bar'' to use FTP:
+
+ foo allow
+ bar allow
+ *
+
+SSEEEE AALLSSOO
+ ftpd(8)
+
+ KTH-KRB May 7, 1997 1
diff --git a/crypto/heimdal/appl/ftp/ftpd/popen.c b/crypto/heimdal/appl/ftp/ftpd/popen.c
index d8a4996..52c8824 100644
--- a/crypto/heimdal/appl/ftp/ftpd/popen.c
+++ b/crypto/heimdal/appl/ftp/ftpd/popen.c
@@ -37,7 +37,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: popen.c,v 1.22 2001/02/05 07:51:51 assar Exp $");
+RCSID("$Id: popen.c,v 1.24 2001/03/26 11:41:02 assar Exp $");
#endif
#include <sys/types.h>
@@ -138,7 +138,8 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
/* glob each piece */
for (gargc = argc = 1; argv[argc] && gargc < MAXGLOBS - 1; argc++) {
glob_t gl;
- int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE
+ | GLOB_LIMIT;
memset(&gl, 0, sizeof(gl));
if (no_glob || glob(argv[argc], flags, NULL, &gl))
OpenPOWER on IntegriCloud