summaryrefslogtreecommitdiffstats
path: root/libexec/ftpd
Commit message (Collapse)AuthorAgeFilesLines
...
* We must not fall back to the old way (read-write)yar2004-10-151-1/+1
| | | | | | | | if sendfile() transferred some data before throwing a error condition because sendfile() won't move the file offset for read() to start from. MFC after: 2 weeks
* Clean-up around sendfile(): drop an excessive check for error condition.yar2004-10-151-2/+2
|
* Account for the fact that sendfile(2) may hit the end of fileyar2004-10-151-1/+12
| | | | | | | | prematurely, e.g., if the file has been truncated by someone else. PR: bin/72649 Submitted by: Oleg Koreshkov (portions) MFC after: 2 weeks
* Indent.maxim2004-09-241-7/+7
|
* o Merge rev. 1.5 libexec/ftpd/ftpd.c from DragonflyBSD:maxim2004-09-241-0/+2
| | | | | | | | | | | | Do not unconditionally fork() after accept(). accept() can return -1 due to an interrupted system call (i.e. SIGCHLD). If we fork in that case ftpd can get into an accept()/SIGCHLD/fork/[fail]/repeat loop. Reported-by: fabian <fabian.duelli@bluewin.ch> Obtained from: DragonflyBSD MFC after: 1 month
* ftpd(8) seems to be WARNS=2 clean now.yar2004-07-311-0/+1
| | | | Tested on: i386, ia64, amd64, sparc64, alpha
* Change ``(foo *)0'' to ``NULL'' where it's possibleyar2004-07-312-11/+11
| | | | | | | (and it appears possible throughout ftpd(8) source.) It is not a mere issue of style: Null pointers in C seem to have been mistaken one way or another quite often.
* Kill a small herd of casts to off_t where they were not needed.yar2004-07-312-10/+9
| | | | | | Thank Fortune, the C compiler can figure out by itself the proper conversion for assignments, comparisons, and prototyped function arguments.
* Printf(3) off_t values through conversion to intmax_t sinceyar2004-07-312-10/+15
| | | | we've got <stdint.h> et al now. (This makes ftpd(8) WARNS=2 clean.)
* Kill an unused variable (heading to WARNS=2.)yar2004-07-311-1/+0
|
* Convert a couple of bogus null statements to the right form.yar2004-07-311-2/+2
| | | | (Heading to WARNS=2.)
* Ditto for (gid_t).yar2004-07-301-1/+1
|
* Kill casts to (uid_t) obviously left from the K&R era.yar2004-07-301-14/+14
| | | | | Prototyping library functions in header files has rendered them superfluous.
* Add a comment to explain that the loop around the call to bind(2)yar2004-07-301-0/+9
| | | | is not a hack, but it has a clear purpose.
* Open a socket for a data transfer in active mode using euidyar2004-07-301-1/+1
| | | | | | | | | | | | | | of the current user, not root. This will allow neat things like matching anonymous FTP data traffic with a single ipfw(8) rule: ipfw add ... tcp from any to any uid ftp Note that the control connection socket still belongs to the user ftpd(8) was started from, usually root. PR: bin/65928 Submitted by: Eugene Grosbein <eugen at grosbein.pp.ru> MFC after: 1 month
* Mechanically kill hard sentence breaks.ru2004-07-021-8/+15
|
* Simplify conditional compilation logic some.obrien2004-06-131-11/+15
|
* There's no such beast like AF_INET4, even when powered by whiskey.ru2004-05-161-1/+1
|
* Handle variable argument lists correctly in reply() and lreply().tjr2004-05-131-2/+8
| | | | | | In particular, do not pass the same va_list to both vprintf() and vsyslog() without first reinitializing it. This fixes ftpd -d on amd64.
* NULL looks better than (char *)0 unless we're passingyar2004-02-071-1/+1
| | | | an unprototyped argument to a function.
* Deny attempts to rename a file from guest users if the policyyar2004-02-071-0/+4
| | | | | | | | | says they may not modify existing files through FTP. Renaming a file is effectively a way to modify it. For instance, if a malicious party is unable to delete or overwrite a sensitive file, they can nevertheless rename it to a hidden name and then upload a troyan horse under the guise of the old file name.
* perror_reply() should not be used where errno isn't meaningful.yar2004-02-071-1/+5
|
* Work around a bug in some clients by never returning raw directoryyar2004-02-071-1/+8
| | | | | | | | | contents in reply to a RETR command. Such clients consider RETR as a way to tell a file from a directory. Mozilla is an example. PR: bin/62232 Submitted by: Bob Finch <bob+freebsd <at> nas <dot> com> MFC after: 1 week
* Reorder dependencies to fix static NOPAM build.ru2004-02-021-4/+4
| | | | Submitted by: lorder(1)
* add missing setusershell() calls.charnier2004-01-181-0/+1
| | | | | PR: bin/2442 Reviewed by: Friedemann Becker <zxmxy33@mail.uni-tuebingen.de>
* man ftpd says that "by default, anonymous users cannot modify existing files."anholt2004-01-071-1/+1
| | | | | | | | However, the code did allow deletion of files. Make deleting require the -m flag, too. PR: bin/60809 Submitted by: Alexander Melkov <melkov@comptek.ru>
* If a file to send in ASCII mode already has CRLF as end-of-line,yar2003-11-151-2/+4
| | | | | | | | don't add excessive CR on the wire. PR: bin/59285 Submitted by: Andrey Beresovsky <and at rsu.ru> MFC after: 1 week
* Pacify gcc warning with a Douglas Adams reference.peter2003-10-261-0/+2
|
* Don't depend on IPv4-mapped IPv6 address to bind to both IPv4ume2003-09-142-76/+116
| | | | | | | | and IPv6. Wrote at: Hakone. Powered by: Warner Losh's scotch whisky. Requested by: nork
* Eliminate last three uses of varargs.h in the tree. These three fileskan2003-09-011-1/+0
| | | | | were including varargs.h file but did not use any of its macros, so they escaped the clean-up before.
* Add a note that the -u option can be overridden by settings in login.conf(5).ceri2003-08-311-0/+2
| | | | | PR: docs/56017 Submitted by: Josef El-Rayes <j.el-rayes@daemon.li>
* Block SIGURG while reading from the control channel.yar2003-07-091-0/+6
| | | | | | | | | | | | | | | Rationale: SIGURG is configured by ftpd to interrupt system calls, which is useful during data transfers. However, SIGURG could interrupt I/O on the control channel as well, which was mistaken for the end of the session. A practical example could be aborting the download of a tiny file, when the abort sequence reached ftpd after ftpd had passed the file data to the system and returned to its command loop. Reported by: ceri MFC after: 1 week
* Improve error handling in getline():yar2003-07-091-4/+7
| | | | | | | | | - always check the return value from getc(3) for EOF; - if the attempt to read the TELNET command byte has returned EOF, exit from the loop instead of using the EOF value as a normal character. MFC after: 1 week
* Make a malloced copy of "chrootdir" even if it points to an absoluteyar2003-07-091-3/+5
| | | | | | | | pathname inside "residue" so "chrootdir" can be simply freed later. PR: bin/53435 Submitted by: Yutaka Ishihara <yutaka at fandc.co.jp> MFC after: 1 week
* Don't declare unneeded extern variables,yar2003-06-211-2/+0
| | | | leave alone specifying a wrong type for one of them.
* If ftpd is run with an -h option (hide host-specific info,)yar2003-06-161-8/+8
| | | | | | | | | | | | | | | don't reveal the info in reply to the SYST command. Get rid of using the "unix" macro at the same time. It was a rather poor way to check if the system was Unix since there were quite a few Unix clones out there whose cc didn't define "unix" (e.g., NetBSD.) It was also sensitive to the C standard used, which caused unnecessary trouble: With -std=c99, it should have been "__unix__", and so on. PR: bin/50690 Submitted by: Alex Semenyaka <alexs _at_ snark.ratmir.ru> MFC after: 1 week
* Add section number to .Xrcharnier2003-06-081-1/+1
|
* Assorted mdoc(7) fixes.ru2003-06-011-19/+18
|
* mdoc(7) police: Properly markup the previous revision.ru2003-05-161-2/+6
| | | | Approved by: re (blanket)
* Update the description of the -u option to mention that IP_PORTRANGE_HIGHsilby2003-03-251-6/+9
| | | | | | and _DEFAULT are the same for 5.x. Committed under threat of action from: The mdoc police
* mdoc(7) police: Scheduled sweep.ru2003-02-241-1/+1
|
* Kill unnecessary vertical whitespace.yar2003-02-111-1/+0
|
* Use LOG_AUTHPRIV to hide the username attempted during an invalid loginyar2003-02-111-1/+5
| | | | | | | from everyone but sysadmins. PR: bin/29487 MFC after: 3 days
* Allow "~/" in pathnames to work for a chrooted user.yar2003-02-051-2/+4
|
* Let tilde expansion be done even if a file/directory doesn't exist yet.yar2003-02-041-35/+98
| | | | | | | | | | | | This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile" do what they are supposed to instead of failing miserably with the "File not found" error. This involves a bit of code reorganization. Namely, the code doing glob(3) expansion has been separated to a function; a new function has been introduced to do tilde expansion; the latter function is invoked on a pathname before the former one. Thus behaviour mimicing that of the Bourne shell has been achieved.
* RFC 959 doesn't list reply code 550 as a valid responce to STOR/STOU,yar2003-02-041-1/+1
| | | | | so return reply code 553 to indicate a error from open(2) for consistency, as long as the code is used in the rest of the STOR/STOU handler.
* Let real users access special files through FTPyar2003-01-311-3/+13
| | | | | | | | | | if allowed by their filesystem permissions. This doesn't break anything since using sendfile(2) is triggered later by a separate S_ISREG conditional. PR: bin/20824 MFC after: 1 week
* When searching for a unique file name in guniquefd(),yar2003-01-291-0/+4
| | | | | | | distinguish between the cases of an existing file and a real system error, such as I/O failure, no access etc. MFC after: 3 days
* Add a new option to ftpd(8), "-h", to disable printing anyyar2003-01-293-6/+25
| | | | | | | | host-specific information in FTP server messages (so paranoid admins can sleep at night :-) PR: bin/16705 MFC after: 1 week
* Give the code around chroot(2)/chdir(2) a major overhaul byyar2003-01-294-41/+101
| | | | | | | | | | | | | | | | | | | | | | | separating its part around chroot(2) from that around initial chdir(2). This makes the below changes really easy. Move seteuid(to user's uid) to before calling chdir(2). There are two goals to achieve by that. First, NFS mounted home directories with restrictive permissions become accessible (local superuser can't access them if not mapped to uid 0 on the remote side explicitly.) Second, all the permissions to the home directory pathname components become effective; previously a user could be carried to any local directory despite its permissions since the chdir(2) was done with euid 0. This reduces possible impact from FTP server misconfiguration, e.g., assigning a wrong home directory to a user. Implement the "/./" feature. Now a guest or user subject to chrooting may have "/./" in his login directory, which separates his chroot directory from his home directory inside the chrooted environment. This works for ftpchroot(5) as well. PR: bin/17843 bin/23944
OpenPOWER on IntegriCloud