summaryrefslogtreecommitdiffstats
path: root/libexec/ftpd
Commit message (Collapse)AuthorAgeFilesLines
* Simplify conditional compilation logic some.obrien2004-06-131-11/+15
|
* There's no such beast like AF_INET4, even when powered by whiskey.ru2004-05-161-1/+1
|
* Handle variable argument lists correctly in reply() and lreply().tjr2004-05-131-2/+8
| | | | | | In particular, do not pass the same va_list to both vprintf() and vsyslog() without first reinitializing it. This fixes ftpd -d on amd64.
* NULL looks better than (char *)0 unless we're passingyar2004-02-071-1/+1
| | | | an unprototyped argument to a function.
* Deny attempts to rename a file from guest users if the policyyar2004-02-071-0/+4
| | | | | | | | | says they may not modify existing files through FTP. Renaming a file is effectively a way to modify it. For instance, if a malicious party is unable to delete or overwrite a sensitive file, they can nevertheless rename it to a hidden name and then upload a troyan horse under the guise of the old file name.
* perror_reply() should not be used where errno isn't meaningful.yar2004-02-071-1/+5
|
* Work around a bug in some clients by never returning raw directoryyar2004-02-071-1/+8
| | | | | | | | | contents in reply to a RETR command. Such clients consider RETR as a way to tell a file from a directory. Mozilla is an example. PR: bin/62232 Submitted by: Bob Finch <bob+freebsd <at> nas <dot> com> MFC after: 1 week
* Reorder dependencies to fix static NOPAM build.ru2004-02-021-4/+4
| | | | Submitted by: lorder(1)
* add missing setusershell() calls.charnier2004-01-181-0/+1
| | | | | PR: bin/2442 Reviewed by: Friedemann Becker <zxmxy33@mail.uni-tuebingen.de>
* man ftpd says that "by default, anonymous users cannot modify existing files."anholt2004-01-071-1/+1
| | | | | | | | However, the code did allow deletion of files. Make deleting require the -m flag, too. PR: bin/60809 Submitted by: Alexander Melkov <melkov@comptek.ru>
* If a file to send in ASCII mode already has CRLF as end-of-line,yar2003-11-151-2/+4
| | | | | | | | don't add excessive CR on the wire. PR: bin/59285 Submitted by: Andrey Beresovsky <and at rsu.ru> MFC after: 1 week
* Pacify gcc warning with a Douglas Adams reference.peter2003-10-261-0/+2
|
* Don't depend on IPv4-mapped IPv6 address to bind to both IPv4ume2003-09-142-76/+116
| | | | | | | | and IPv6. Wrote at: Hakone. Powered by: Warner Losh's scotch whisky. Requested by: nork
* Eliminate last three uses of varargs.h in the tree. These three fileskan2003-09-011-1/+0
| | | | | were including varargs.h file but did not use any of its macros, so they escaped the clean-up before.
* Add a note that the -u option can be overridden by settings in login.conf(5).ceri2003-08-311-0/+2
| | | | | PR: docs/56017 Submitted by: Josef El-Rayes <j.el-rayes@daemon.li>
* Block SIGURG while reading from the control channel.yar2003-07-091-0/+6
| | | | | | | | | | | | | | | Rationale: SIGURG is configured by ftpd to interrupt system calls, which is useful during data transfers. However, SIGURG could interrupt I/O on the control channel as well, which was mistaken for the end of the session. A practical example could be aborting the download of a tiny file, when the abort sequence reached ftpd after ftpd had passed the file data to the system and returned to its command loop. Reported by: ceri MFC after: 1 week
* Improve error handling in getline():yar2003-07-091-4/+7
| | | | | | | | | - always check the return value from getc(3) for EOF; - if the attempt to read the TELNET command byte has returned EOF, exit from the loop instead of using the EOF value as a normal character. MFC after: 1 week
* Make a malloced copy of "chrootdir" even if it points to an absoluteyar2003-07-091-3/+5
| | | | | | | | pathname inside "residue" so "chrootdir" can be simply freed later. PR: bin/53435 Submitted by: Yutaka Ishihara <yutaka at fandc.co.jp> MFC after: 1 week
* Don't declare unneeded extern variables,yar2003-06-211-2/+0
| | | | leave alone specifying a wrong type for one of them.
* If ftpd is run with an -h option (hide host-specific info,)yar2003-06-161-8/+8
| | | | | | | | | | | | | | | don't reveal the info in reply to the SYST command. Get rid of using the "unix" macro at the same time. It was a rather poor way to check if the system was Unix since there were quite a few Unix clones out there whose cc didn't define "unix" (e.g., NetBSD.) It was also sensitive to the C standard used, which caused unnecessary trouble: With -std=c99, it should have been "__unix__", and so on. PR: bin/50690 Submitted by: Alex Semenyaka <alexs _at_ snark.ratmir.ru> MFC after: 1 week
* Add section number to .Xrcharnier2003-06-081-1/+1
|
* Assorted mdoc(7) fixes.ru2003-06-011-19/+18
|
* mdoc(7) police: Properly markup the previous revision.ru2003-05-161-2/+6
| | | | Approved by: re (blanket)
* Update the description of the -u option to mention that IP_PORTRANGE_HIGHsilby2003-03-251-6/+9
| | | | | | and _DEFAULT are the same for 5.x. Committed under threat of action from: The mdoc police
* mdoc(7) police: Scheduled sweep.ru2003-02-241-1/+1
|
* Kill unnecessary vertical whitespace.yar2003-02-111-1/+0
|
* Use LOG_AUTHPRIV to hide the username attempted during an invalid loginyar2003-02-111-1/+5
| | | | | | | from everyone but sysadmins. PR: bin/29487 MFC after: 3 days
* Allow "~/" in pathnames to work for a chrooted user.yar2003-02-051-2/+4
|
* Let tilde expansion be done even if a file/directory doesn't exist yet.yar2003-02-041-35/+98
| | | | | | | | | | | | This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile" do what they are supposed to instead of failing miserably with the "File not found" error. This involves a bit of code reorganization. Namely, the code doing glob(3) expansion has been separated to a function; a new function has been introduced to do tilde expansion; the latter function is invoked on a pathname before the former one. Thus behaviour mimicing that of the Bourne shell has been achieved.
* RFC 959 doesn't list reply code 550 as a valid responce to STOR/STOU,yar2003-02-041-1/+1
| | | | | so return reply code 553 to indicate a error from open(2) for consistency, as long as the code is used in the rest of the STOR/STOU handler.
* Let real users access special files through FTPyar2003-01-311-3/+13
| | | | | | | | | | if allowed by their filesystem permissions. This doesn't break anything since using sendfile(2) is triggered later by a separate S_ISREG conditional. PR: bin/20824 MFC after: 1 week
* When searching for a unique file name in guniquefd(),yar2003-01-291-0/+4
| | | | | | | distinguish between the cases of an existing file and a real system error, such as I/O failure, no access etc. MFC after: 3 days
* Add a new option to ftpd(8), "-h", to disable printing anyyar2003-01-293-6/+25
| | | | | | | | host-specific information in FTP server messages (so paranoid admins can sleep at night :-) PR: bin/16705 MFC after: 1 week
* Give the code around chroot(2)/chdir(2) a major overhaul byyar2003-01-294-41/+101
| | | | | | | | | | | | | | | | | | | | | | | separating its part around chroot(2) from that around initial chdir(2). This makes the below changes really easy. Move seteuid(to user's uid) to before calling chdir(2). There are two goals to achieve by that. First, NFS mounted home directories with restrictive permissions become accessible (local superuser can't access them if not mapped to uid 0 on the remote side explicitly.) Second, all the permissions to the home directory pathname components become effective; previously a user could be carried to any local directory despite its permissions since the chdir(2) was done with euid 0. This reduces possible impact from FTP server misconfiguration, e.g., assigning a wrong home directory to a user. Implement the "/./" feature. Now a guest or user subject to chrooting may have "/./" in his login directory, which separates his chroot directory from his home directory inside the chrooted environment. This works for ftpchroot(5) as well. PR: bin/17843 bin/23944
* Actually extract the second field from a line in ftpchroot(5)yar2003-01-271-15/+17
| | | | instead of just using the rest of the line behind the first field.
* Allow more than one separator character between fields in ftpchroot(5).yar2003-01-271-1/+3
|
* Extend the format of /etc/ftpchroot so an alternative chrootyar2003-01-264-24/+171
| | | | | | | | | | | directory can be specified for a user or a group. Add the manpage ftpchroot(5) since the file's format has grown complex enough. PR: bin/45327 Portions submitted by: Hideki SAKAMOTO <sakamoto@hlla.is.tsukuba.ac.jp> MFC after: 1 week
* GLOB_MAXPATH has been deprecated in favour of GLOB_LIMIT.yar2003-01-251-1/+1
|
* - Add a new option, ``-P port'', to specify the port for ftpd(8)yar2003-01-232-5/+23
| | | | | | | | | to listen at in daemon mode. - Use the port by 1 less than the control port as the default data port instead of always using hard-coded port 20. Submitted by: roam MFC after: 1 week
* Prevent server-side glob(3) patterns from expandingyar2003-01-221-4/+17
| | | | | | | | to a pathname that contains '\r' or '\n'. Together with the earlier STAT bugfix, this must solve the problem of such pathnames appearing in the FTP control stream.
* The FTP daemon was vulnerable to a DoS where an attacker could bind()cjc2003-01-211-19/+26
| | | | | | | | | | | | up port 20 for an extended period of time and thus lock out all other users from establishing PORT data connections. Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Being a DoS, it has security implications, giving it a short MFC time. MFC after: 1 day
* Prepend a space character if a line begins with a digityar2003-01-161-0/+11
| | | | | | | | | | in the output to the "STAT file" request. This closes one discrepancy with RFC 959 (page 36.) See also http://www.kb.cert.org/vuls/id/328867 Obtained from: OpenBSD
* Replace the instances of literal "/bin/ls"yar2003-01-161-2/+3
| | | | | with the _PATH_LS macro to be consistent with the rest of the ftpd(8) source.
* english(4) police.schweikh2002-12-271-1/+1
|
* mdoc(7) police:ru2002-11-251-37/+35
| | | | | | | | | Properly sort options, spell "file system" correctly, expand contraction. Catch up to the src/etc/syslog.conf,v 1.23 change: ftpd(8) session logs are now by default get logged to /var/log/xferlog. Approved by: re
* Oops. Some ut_time stuff slipped through the cracks. These turned outpeter2002-11-171-1/+2
| | | | to be non-fatal due to stack alignment roundups.
* Don't free the current addrinfo list, or else a pointer to a freedyar2002-11-111-1/+1
| | | | | | | | | memory area would arise. Only an addrinfo list from an earlier call to getaddrinfo() should be freed there because it will be substituted by the current list referenced by "res". Reported by: John Long <fbsd1@pruam.com> MFC after: 5 days
* Have ftpd specify the LOGIN_SETMAC flag to setlogincontext() so thatrwatson2002-10-241-2/+3
| | | | | | | | | | | | | | | MAC labels are set if MAC is enabled and configured for the user logging in. Note that lukemftpd is not considered a supported application when MAC is enabled, as it does not use the standard system interfaces for managing user contexts; if lukemftpd is used with labeled MAC policies, it will not properly give up privileges when switching to the user account. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Teach "ls -Z" to use the policy-agnostic MAC label interfaces ratherrwatson2002-10-241-1/+1
| | | | | | | | | | | than the LOMAC-specific interfaces for listing MAC labels. This permits ls to view MAC labels in a manner similar to getfmac, when ls is used with the -l argument. Next generation LOMAC will use the MAC Framework so should "just" work with this and other policies. Not the prettiest code in the world, but then, neither is ls(1). Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Use the standardized CHAR_BIT constant instead of NBBY in userland.mike2002-09-252-10/+10
|
OpenPOWER on IntegriCloud