| History log of /src/libexec/ftpd |
| Revision | Date | Author | Comments |
| 1.1 | 21-Mar-1993 |
cgd | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 29-Jun-1994 |
mycroft | Clean up deleted files.
|
| 1.1.1.1 | 21-Mar-1993 |
cgd | initial import of 386bsd-0.1 sources
|
| 1.70 | 25-Nov-2023 |
prlw1 | ftpd: deduplicate gcc warning avoidance
OK lukem@
|
| 1.69 | 03-Jun-2023 |
lukem | bsd.own.mk: rename GCC_NO_* to CC_WNO_*
Rename compiler-warning-disable variables from
GCC_NO_warning
to
CC_WNO_warning
where warning is the full warning name as used by the compiler.
GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH
Using the convention CC_compilerflag, where compilerflag
is based on the full compiler flag name.
|
| 1.68 | 15-Jun-2020 |
christos | Rename blacklist -> blocklist
|
| 1.67 | 15-Oct-2019 |
christos | use strncpy...
|
| 1.66 | 13-Oct-2019 |
mrg | introduce some common variables for use in GCC warning disables:
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
|
| 1.65 | 25-Feb-2018 |
mrg | branches: 1.65.4;
add LIBKRB5_LDADD/LIBKRB5_DPADD and their static counterparts
to bsd.prog.mk. use them instead of hard coding various lists
of libraries for krb5.
this fixes static builds.
|
| 1.64 | 25-Jan-2015 |
christos | blacklist hooks
|
| 1.63 | 14-Aug-2011 |
christos | branches: 1.63.20;
remove gcc-4.5 hack
|
| 1.62 | 22-Jun-2011 |
mrg | apply some -Wno-error and/or -fno-strict-aliasing.
all of this should be looked at closer, but some of them are not
very trivial.
|
| 1.61 | 24-Apr-2011 |
elric | We no longer need -I/usr/include/krb5.
|
| 1.60 | 15-Mar-2009 |
lukem | Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.
|
| 1.59 | 16-Sep-2008 |
lukem | branches: 1.59.6;
Support building with -DNO_INTERNAL_LS
|
| 1.58 | 27-Mar-2008 |
lukem | branches: 1.58.4;
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
|
| 1.57 | 14-Dec-2006 |
he | Complete the move of string_to_flags() and flags_to_string() from the
bin/ls sources to libutil:
o Bump libutil minor version number
o Fix uses to include <util.h> to pick up the function definitions
o Fix most uses of flags_to_string() to release the now-malloc()ed result
|
| 1.56 | 23-Mar-2006 |
wiz | branches: 1.56.4; 1.56.8;
Remove more references to kerberosIV.
|
| 1.55 | 09-Mar-2005 |
christos | Add -lcrypt where -lcrypto is specified.
|
| 1.54 | 04-Mar-2005 |
he | Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications. The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.
Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.
Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.
Discussed with thorpej and christos.
|
| 1.53 | 20-Feb-2005 |
christos | Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined,
then we don't fall back to other authentications even if PAM fails due
to a system error (e.g. configuration problem).
|
| 1.52 | 10-Jan-2005 |
lukem | Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
|
| 1.51 | 23-Jul-2003 |
itojun | split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se
(build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no)
|
| 1.50 | 18-Sep-2002 |
lukem | use bsd.own.mk instead of the (obvious typo of) bsd.obj.mk
|
| 1.49 | 22-Aug-2002 |
christos | enable utmpx support. this doesn't work correctly for chrooted ftpd's, but
I am leaving it to luke to fix.
|
| 1.48 | 20-Aug-2002 |
christos | Disable UTMPX support for now, because ftpd might chroot and we need
to keep files open.
|
| 1.47 | 19-Aug-2002 |
lukem | Use ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path
|
| 1.46 | 22-Mar-2002 |
thorpej | branches: 1.46.2;
Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.
* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
of the infratsructure (libraries, support programs, etc.)
* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
building of support for using the corresponding API
in various libraries/programs that can use it.
As discussed on tech-toolchain.
|
| 1.45 | 01-Dec-2001 |
lukem | - enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2
|
| 1.44 | 30-Nov-2000 |
lukem | - move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
support if this is to be used on NetBSD.
|
| 1.43 | 03-Jul-2000 |
matt | Make things builds with GCC 2.96
|
| 1.42 | 20-Jun-2000 |
thorpej | branches: 1.42.2;
Merge a bunch of things from crypto-us and crypto-intl into basesrc,
adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate
bsd.crypto.mk.
There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
|
| 1.41 | 14-Jun-2000 |
lukem | major overhaul (just before netbsd 1.5 :-):
* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
we already supported SIZE and MDTM. add the appropriate FEAT output lines.
* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c
* make dataconn(), feat(), lookup(), opts() and sizecmd() public
* modify struct tab so that it has a `flags' instead of `implemented' element,
and remove the `hasopts' element. If flags == 1, the command is implemented.
if flags == 2, the command is implemented and takes options
* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")
* modify lreply() so that lreply(-2, ...) just outputs the given info without
a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;
* enhance statcmd(). still needs work in the LPRT status stuff.
* crank version
|
| 1.40 | 05-Mar-2000 |
lukem | branches: 1.40.2;
* don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
|
| 1.39 | 18-Dec-1999 |
lukem | * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit
The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
|
| 1.38 | 16-Dec-1999 |
lukem | install ftpusers(5) as ftpchroot(5). more cleanups
|
| 1.37 | 16-Dec-1999 |
lukem | separate ftpd.conf(5) and ftpusers(5) out from ftpd(8).
xxx: still needs a bit of work
|
| 1.36 | 07-Dec-1999 |
lukem | * change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
(to take advantage of the above changes). fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
|
| 1.35 | 20-Jul-1999 |
mrg | branches: 1.35.4;
optionally include CRYPTOPATH Makefile.frag files.
|
| 1.34 | 12-Jul-1999 |
thorpej | Use bsd.crypto.mk.
|
| 1.33 | 02-Jul-1999 |
itojun | dual-stack ftpd. run this from inetd, like:
>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
|
| 1.32 | 26-Jun-1999 |
danw | Remove the .ifdef to compile without optimization on powerpc since the
bug that it was working around doesn't seem to exist in egcs
|
| 1.31 | 17-May-1999 |
lukem | features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.
internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
|
| 1.30 | 18-Feb-1999 |
scottr | Remove the crypto-related bits until such time as we have a fully-
integrated source tree. Export-controlled versions of these are now
built during the domestic build process.
|
| 1.29 | 28-Dec-1998 |
lukem | * replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.
|
| 1.28 | 06-Sep-1998 |
lukem | * complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
otherwise an invalid command after login incorrectly sets the timeout
to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
(instead of `BSD-199506')
* move all extern-ed vars into extern.h
|
| 1.27 | 13-Apr-1998 |
lukem | fix disabling of optimization on powerpc (set COPTS *after* <bsd.prog.mk>...)
|
| 1.26 | 09-Apr-1998 |
tv | .y.c <sys.mk> rule fixes. Don't create a y.tab.h file unless asked for,
and use smarter creation of the header file.
|
| 1.25 | 11-Nov-1997 |
mrg | add a "checkportcmd <class>" option that stops ftp bounce attacks.
|
| 1.24 | 12-Oct-1997 |
mycroft | branches: 1.24.2;
SRCS must be defined *before* bsd.prog.mk is included...
|
| 1.23 | 12-Oct-1997 |
mycroft | Add some krb5 hooks, though it probably doesn't work yet.
|
| 1.22 | 12-Oct-1997 |
mycroft | Oops; fix typo.
|
| 1.21 | 12-Oct-1997 |
mycroft | Conditionalize s/key support.
|
| 1.20 | 08-Oct-1997 |
mrg | merge lite-2 Makefiles (rcsids), and turn on WARNS for all of libexec.
|
| 1.19 | 01-Jul-1997 |
christos | Add WARNS=1
|
| 1.18 | 18-Jun-1997 |
christos | - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
|
| 1.17 | 14-Jun-1997 |
lukem | * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
|
| 1.16 | 27-Apr-1997 |
lukem | * fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups
|
| 1.15 | 19-Apr-1997 |
thorpej | Don't compile this with -O on the PowerPC - cc1 cores.
|
| 1.14 | 30-Mar-1997 |
cjs | Changes to make anonymous uploads more secure. For anonymous users:
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.
|
| 1.13 | 16-Feb-1996 |
cgd | add -Dunix to CFLAGS
|
| 1.12 | 11-Apr-1995 |
cgd | clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
|
| 1.11 | 22-Dec-1994 |
cgd | specify man pages the new way.
|
| 1.10 | 25-Jul-1994 |
brezak | As long as KERBEROS is here at least let it compile cleanly...
|
| 1.9 | 29-Jun-1994 |
deraadt | branches: 1.9.2;
4.4-lite, plus our local changes
|
| 1.8 | 24-May-1994 |
deraadt | add skey support
|
| 1.7 | 14-Apr-1994 |
cgd | use setproctitle
|
| 1.6 | 30-Mar-1994 |
cgd | some changes to make Kerberos a bit easier to use. from
Michael Graff <explorer@vorpal.com>, with some work by myself...
|
| 1.5 | 07-Oct-1993 |
cgd | always use libcrypt
|
| 1.4 | 01-Aug-1993 |
mycroft | Add RCS identifiers.
|
| 1.3 | 26-Apr-1993 |
cgd | changed to use new libcrypt scheme.
|
| 1.2 | 22-Mar-1993 |
cgd | added support for using real crypt
|
| 1.1 | 21-Mar-1993 |
cgd | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 29-Mar-1997 |
cjs | Lite-1 Import.
|
| 1.1.1.1 | 21-Mar-1993 |
cgd | initial import of 386bsd-0.1 sources
|
| 1.9.2.1 | 19-Aug-1994 |
mycroft | update from trunk
|
| 1.24.2.1 | 11-Nov-1997 |
mrg | pull up from trunk: add a "checkportcmd <class>" option that stops ftp bounce attacks.
|
| 1.35.4.1 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.40.2.1 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.42.2.3 | 26-Aug-2004 |
jmc | Pullup rev 1.45-1.51 + patch (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.42.2.2 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.42.2.1 | 20-Jun-2000 |
lukem | file Makefile was added on branch netbsd-1-5 on 2001-03-29 14:14:16 +0000
|
| 1.46.2.1 | 31-Aug-2004 |
jmc | Pullup rev 1.47-1.51 + patch (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.56.8.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1201):
libexec/ftpd/ftpd.c: revision 1.183
libexec/ftpd/Makefile: revision 1.58
libexec/ftpd/version.h: revision 1.66
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
|
| 1.56.4.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1201):
libexec/ftpd/ftpd.c: revision 1.183
libexec/ftpd/Makefile: revision 1.58
libexec/ftpd/version.h: revision 1.66
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
|
| 1.58.4.1 | 24-Sep-2008 |
wrstuden | Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
|
| 1.59.6.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.63.20.1 | 30-Apr-2015 |
riz | Pull up blacklistd(8), requested by christos in ticket #711:
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2
crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3
crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1
crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1
crypto/external/bsd/openssh/dist/blf.h up to 1.1
crypto/external/bsd/openssh/dist/blocks.c up to 1.3
crypto/external/bsd/openssh/dist/blowfish.c up to 1.2
crypto/external/bsd/openssh/dist/chacha.c up to 1.3
crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3
crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ge25519.c up to 1.3
crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1
crypto/external/bsd/openssh/dist/hash.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3
crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/sc25519.c up to 1.3
crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4
crypto/external/bsd/openssh/dist/ssherr.c up to 1.3
crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshkey.c up to 1.3
crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/verify.c up to 1.3
crypto/external/bsd/openssh/dist/opacket.c up to 1.2
crypto/external/bsd/openssh/dist/umac128.c up to 1.1
crypto/external/bsd/openssh/dist/pfilter.c up to 1.2
crypto/external/bsd/openssh/dist/pfilter.h up to 1.1
crypto/external/bsd/openssh/dist/bitmap.h up to 1.2
crypto/external/bsd/openssh/dist/opacket.h up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2
crypto/external/bsd/openssh/dist/auth2-jpake.c delete
crypto/external/bsd/openssh/dist/compress.c delete
crypto/external/bsd/openssh/dist/compress.h delete
crypto/external/bsd/openssh/dist/jpake.c delete
crypto/external/bsd/openssh/dist/jpake.h delete
crypto/external/bsd/openssh/dist/schnorr.c delete
crypto/external/bsd/openssh/dist/schnorr.h delete
crypto/external/bsd/openssh/dist/strtonum.c 1.1
crypto/external/bsd/openssh/Makefile.inc up to 1.8
crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2
crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12
crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5
crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2
crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8
crypto/external/bsd/openssh/dist/atomicio.c up to 1.6
crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4
crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6
crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7
crypto/external/bsd/openssh/dist/auth-options.c up to 1.9
crypto/external/bsd/openssh/dist/auth-options.h up to 1.6
crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4
crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6
crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5
crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10
crypto/external/bsd/openssh/dist/auth.c up to 1.12
crypto/external/bsd/openssh/dist/auth.h up to 1.10
crypto/external/bsd/openssh/dist/auth1.c up to 1.11
crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4
crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11
crypto/external/bsd/openssh/dist/auth2.c up to 1.11
crypto/external/bsd/openssh/dist/authfd.c up to 1.8
crypto/external/bsd/openssh/dist/authfd.h up to 1.5
crypto/external/bsd/openssh/dist/authfile.c up to 1.10
crypto/external/bsd/openssh/dist/authfile.h up to 1.6
crypto/external/bsd/openssh/dist/bufaux.c up to 1.7
crypto/external/bsd/openssh/dist/bufbn.c up to 1.5
crypto/external/bsd/openssh/dist/bufec.c up to 1.5
crypto/external/bsd/openssh/dist/buffer.c up to 1.6
crypto/external/bsd/openssh/dist/buffer.h up to 1.7
crypto/external/bsd/openssh/dist/canohost.c up to 1.8
crypto/external/bsd/openssh/dist/channels.c up to 1.13
crypto/external/bsd/openssh/dist/channels.h up to 1.10
crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6
crypto/external/bsd/openssh/dist/cipher.c up to 1.7
crypto/external/bsd/openssh/dist/cipher.h up to 1.7
crypto/external/bsd/openssh/dist/clientloop.c up to 1.13
crypto/external/bsd/openssh/dist/compat.c up to 1.9
crypto/external/bsd/openssh/dist/compat.h up to 1.6
crypto/external/bsd/openssh/dist/deattack.c up to 1.4
crypto/external/bsd/openssh/dist/deattack.h up to 1.4
crypto/external/bsd/openssh/dist/dh.c up to 1.8
crypto/external/bsd/openssh/dist/dh.h up to 1.4
crypto/external/bsd/openssh/dist/dispatch.c up to 1.5
crypto/external/bsd/openssh/dist/dispatch.h up to 1.4
crypto/external/bsd/openssh/dist/dns.c up to 1.11
crypto/external/bsd/openssh/dist/dns.h up to 1.6
crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5
crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7
crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8
crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.h up to 1.7
crypto/external/bsd/openssh/dist/includes.h up to 1.4
crypto/external/bsd/openssh/dist/kex.c up to 1.10
crypto/external/bsd/openssh/dist/kex.h up to 1.9
crypto/external/bsd/openssh/dist/kexdh.c up to 1.4
crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6
crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8
crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5
crypto/external/bsd/openssh/dist/kexgex.c up to 1.4
crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6
crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8
crypto/external/bsd/openssh/dist/key.c up to 1.16
crypto/external/bsd/openssh/dist/key.h up to 1.9
crypto/external/bsd/openssh/dist/krl.c up to 1.5
crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/mac.c up to 1.11
crypto/external/bsd/openssh/dist/mac.h up to 1.5
crypto/external/bsd/openssh/dist/match.c up to 1.5
crypto/external/bsd/openssh/dist/misc.c up to 1.10
crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch
crypto/external/bsd/openssh/dist/moduli.c up to 1.8
crypto/external/bsd/openssh/dist/monitor.c up to 1.14
crypto/external/bsd/openssh/dist/monitor.h up to 1.7
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5
crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6
crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8
crypto/external/bsd/openssh/dist/msg.c up to 1.4
crypto/external/bsd/openssh/dist/msg.h up to 1.4
crypto/external/bsd/openssh/dist/mux.c up to 1.11
crypto/external/bsd/openssh/dist/myproposal.h up to 1.10
crypto/external/bsd/openssh/dist/namespace.h up to 1.5
crypto/external/bsd/openssh/dist/packet.c up to 1.18
crypto/external/bsd/openssh/dist/packet.h up to 1.11
crypto/external/bsd/openssh/dist/pathnames.h up to 1.9
crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7
crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4
crypto/external/bsd/openssh/dist/reallocarray.c new
crypto/external/bsd/openssh/dist/readconf.c up to 1.13
crypto/external/bsd/openssh/dist/readconf.h up to 1.12
crypto/external/bsd/openssh/dist/readpass.c up to 1.6
crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7
crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9
crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4
crypto/external/bsd/openssh/dist/rsa.c up to 1.5
crypto/external/bsd/openssh/dist/rsa.h up to 1.4
crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5
crypto/external/bsd/openssh/dist/scp.1 up to 1.9
crypto/external/bsd/openssh/dist/scp.c up to 1.11
crypto/external/bsd/openssh/dist/servconf.c up to 1.17
crypto/external/bsd/openssh/dist/servconf.h up to 1.11
crypto/external/bsd/openssh/dist/serverloop.c up to 1.12
crypto/external/bsd/openssh/dist/session.c up to 1.14
crypto/external/bsd/openssh/dist/session.h up to 1.4
crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13
crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5
crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9
crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11
crypto/external/bsd/openssh/dist/sftp.1 up to 1.11
crypto/external/bsd/openssh/dist/sftp.c up to 1.15
crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9
crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10
crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8
crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14
crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5
crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13
crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16
crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10
crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13
crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9
crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7
crypto/external/bsd/openssh/dist/ssh.1 up to 1.14
crypto/external/bsd/openssh/dist/ssh.c up to 1.16
crypto/external/bsd/openssh/dist/ssh2.h up to 1.6
crypto/external/bsd/openssh/dist/ssh_config up to 1.8
crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13
crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11
crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6
crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6
crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19
crypto/external/bsd/openssh/dist/sshd.8 up to 1.13
crypto/external/bsd/openssh/dist/sshd.c up to 1.18
crypto/external/bsd/openssh/dist/sshd_config up to 1.13
crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17
crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6
crypto/external/bsd/openssh/dist/sshpty.c up to 1.4
crypto/external/bsd/openssh/dist/uidswap.c up to 1.4
crypto/external/bsd/openssh/dist/umac.c up to 1.9
crypto/external/bsd/openssh/dist/version.h up to 1.14
crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5
crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch
crypto/external/bsd/openssh/lib/shlib_version up to 1.13
distrib/sets/lists/base/ad.aarch64 patch
distrib/sets/lists/base/ad.arm patch
distrib/sets/lists/base/ad.mips patch
distrib/sets/lists/base/ad.powerpc patch
distrib/sets/lists/base/md.amd64 patch
distrib/sets/lists/base/md.sparc64 patch
distrib/sets/lists/base/mi patch
distrib/sets/lists/base/shl.mi patch
distrib/sets/lists/comp/ad.aarch64 patch
distrib/sets/lists/comp/ad.arm patch
distrib/sets/lists/comp/ad.mips patch
distrib/sets/lists/comp/ad.powerpc patch
distrib/sets/lists/comp/md.amd64 patch
distrib/sets/lists/comp/md.sparc64 patch
distrib/sets/lists/comp/mi patch
distrib/sets/lists/comp/shl.mi patch
distrib/sets/lists/debug/ad.aarch64 patch
distrib/sets/lists/debug/ad.arm patch
distrib/sets/lists/debug/ad.mips patch
distrib/sets/lists/debug/ad.powerpc patch
distrib/sets/lists/debug/md.amd64 patch
distrib/sets/lists/debug/md.sparc64 patch
distrib/sets/lists/debug/shl.mi patch
distrib/sets/lists/etc/mi patch
distrib/sets/lists/man/mi patch
etc/defaults/rc.conf 1.130
etc/mtree/NetBSD.dist.base 1.142
external/bsd/Makefile up to 1.48
external/bsd/blacklist/bin/Makefile up to 1.11 plus patch
external/bsd/blacklist/bin/blacklistctl.8 up to 1.6
external/bsd/blacklist/bin/blacklistctl.c up to 1.17
external/bsd/blacklist/bin/blacklistd.8 up to 1.10
external/bsd/blacklist/bin/blacklistd.c up to 1.32
external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2
external/bsd/blacklist/bin/conf.c up to 1.18
external/bsd/blacklist/bin/conf.h up to 1.6
external/bsd/blacklist/bin/internal.c up to 1.5
external/bsd/blacklist/bin/internal.h up to 1.12
external/bsd/blacklist/bin/run.c up to 1.12
external/bsd/blacklist/bin/run.h up to 1.5
external/bsd/blacklist/bin/state.c up to 1.15
external/bsd/blacklist/bin/state.h up to 1.5
external/bsd/blacklist/bin/support.c up to 1.6
external/bsd/blacklist/bin/support.h up to 1.5
external/bsd/blacklist/etc/rc.d/Makefile up to 1.1
external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1
external/bsd/blacklist/etc/Makefile up to 1.3
external/bsd/blacklist/etc/blacklistd.conf up to 1.3
external/bsd/blacklist/etc/npf.conf up to 1.1
external/bsd/blacklist/Makefile up to 1.2
external/bsd/blacklist/Makefile.inc up to 1.3
external/bsd/blacklist/README up to 1.7
external/bsd/blacklist/TODO up to 1.7
external/bsd/blacklist/diff/ftpd.diff up to 1.1
external/bsd/blacklist/diff/named.diff up to 1.6
external/bsd/blacklist/diff/ssh.diff up to 1.6
external/bsd/blacklist/include/Makefile up to 1.1
external/bsd/blacklist/include/bl.h up to 1.12
external/bsd/blacklist/include/blacklist.h up to 1.3
external/bsd/blacklist/include/config.h new
external/bsd/blacklist/lib/Makefile up to 1.3
external/bsd/blacklist/lib/bl.c up to 1.24
external/bsd/blacklist/lib/blacklist.c up to 1.5
external/bsd/blacklist/lib/libblacklist.3 up to 1.3
external/bsd/blacklist/lib/shlib_version up to 1.1
external/bsd/blacklist/libexec/Makefile up to 1.1
external/bsd/blacklist/libexec/blacklistd-helper up to 1.4
external/bsd/blacklist/port/m4/.cvsignore up to 1.1
external/bsd/blacklist/port/Makefile.am up to 1.4
external/bsd/blacklist/port/_strtoi.h up to 1.1
external/bsd/blacklist/port/clock_gettime.c up to 1.2
external/bsd/blacklist/port/configure.ac up to 1.7
external/bsd/blacklist/port/fgetln.c up to 1.1
external/bsd/blacklist/port/fparseln.c up to 1.1
external/bsd/blacklist/port/getprogname.c up to 1.4
external/bsd/blacklist/port/pidfile.c up to 1.1
external/bsd/blacklist/port/popenve.c up to 1.2
external/bsd/blacklist/port/port.h up to 1.6
external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9
external/bsd/blacklist/port/strlcat.c up to 1.2
external/bsd/blacklist/port/strlcpy.c up to 1.2
external/bsd/blacklist/port/strtoi.c up to 1.3
external/bsd/blacklist/test/Makefile up to 1.2
external/bsd/blacklist/test/cltest.c up to 1.6
external/bsd/blacklist/test/srvtest.c up to 1.9
lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23
libexec/ftpd/pfilter.c up to 1.1
libexec/ftpd/pfilter.h up to 1.1
libexec/ftpd/Makefile up to 1.64
libexec/ftpd/ftpd.c up to 1.201
Add blacklistd(8), a daemon to block and release network ports
on demand to mitigate abuse, and related changes to system daemons
to support it.
[christos, ticket #711]
|
| 1.65.4.1 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.35 | 17-Jan-2016 |
christos | PR/50665: David Binderman: move "dir" to the outer scope so it stays alive
when the pointer is used later.
|
| 1.34 | 10-Aug-2015 |
shm | Fix directory stream leaks
|
| 1.33 | 03-Jul-2013 |
christos | check that stat succeeded before testing the guts of struct stat
(Manime Villard)
|
| 1.32 | 28-Jun-2013 |
joerg | Fix violations of the sequence point rule.
|
| 1.31 | 19-Jun-2012 |
dholland | branches: 1.31.2;
Pass WARNS=5
|
| 1.30 | 15-Mar-2009 |
lukem | branches: 1.30.6;
Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.
|
| 1.29 | 02-Mar-2009 |
lukem | Use LLF (et al) instead of "%lld" (et al).
|
| 1.28 | 29-Dec-2008 |
christos | branches: 1.28.2;
fix for 64 bit time_t and dev_t
|
| 1.27 | 13-Sep-2008 |
lukem | Crank copyright dates
|
| 1.26 | 09-Jun-2008 |
lukem | Don't use non-standard "u_<foo>" types.
Strip trailing whitespace (as well as ':'s) off PAM password prompts.
Improve some debug logging related to PAM.
|
| 1.25 | 28-Apr-2008 |
martin | branches: 1.25.2;
Remove clause 3 and 4 from TNF licenses
|
| 1.24 | 01-Feb-2006 |
christos | branches: 1.24.18;
debug -> ftpd_debug
xstrdup -> ftpd_strdup
|
| 1.23 | 09-Aug-2004 |
lukem | Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
|
| 1.22 | 07-Aug-2003 |
agc | branches: 1.22.2;
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
|
| 1.21 | 24-Feb-2003 |
erh | Fix uninitialized variable in mlsname()
|
| 1.20 | 08-Jan-2003 |
manu | ftpd was unable to service the pwd request once you entered a directory
without search permission. This confused some ftp clients.
We fix this problem by maitaining a cached path when getcwd() does not work.
The symbolic links and ../ are resolved in the cached path, and it is finnally
checked for accuracy by comparing ./ and the cached path with stat (device
and inode comparison). If the comparison fails, pwd fails as it did before,
and if the comparison succeeds, the cached path is displayed.
If paths are too long, we should just compare ./ with a truncated path and
fail, thus making pwd displaying an error as it did before.
|
| 1.19 | 25-Oct-2002 |
itojun | Turns out that our implementation of STAT wasn't RFC 959 compliant.
This version is now RFC 959 compliant, using a patch adapted from one
sent in by david.leonard@eecs.uq.edu.au
openbsd libexec/ftpd/ftpd.c revision 1.69.
(see RFC959 page 36)
|
| 1.18 | 12-Oct-2002 |
darrenr | * enclose unknown command strings inside a pair of 's to clearly mark the
text as being the 'whole' part received.
* change a HELP reply from 214 to 504 when there is an error looking for
help on a command.
|
| 1.17 | 11-Oct-2002 |
darrenr | "Command not implemented." is 502, not 501 (RFC959, 4.2.1)
|
| 1.16 | 13-Feb-2002 |
lukem | branches: 1.16.2;
Fixes for mlsd/mlst standards conformance issues (noted by Robert Elz):
- mlst shouldn't return cdir or pdir for type, only dir
- mlst should always provide a full path name
- mlsd should provide a full path name for the cdir entry. (providing a
full path name for the pdir entry is optional, and i punted on that).
|
| 1.15 | 01-Feb-2002 |
lukem | fix previous, and ensure that closedataconn() is only called after dataconn()
and with a non-NULL file pointer. active transfers now work correctly again,
passive transfers work, and the data stream is only closed after a PASV or
EPSV if a successful connection was initiated with dataconn().
|
| 1.14 | 17-Jan-2002 |
itojun | reject SIZE request for ascii file if it exceeds 10k.
|
| 1.13 | 25-Apr-2001 |
lukem | crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
|
| 1.12 | 09-Jan-2001 |
itojun | ensure replydirname() do not truncate the names.
From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
| 1.11 | 09-Jan-2001 |
itojun | make sure we do not return stray " at the end of stirng, like bla"\0.
From: "William C. Allen" <allenwc@home.com>
|
| 1.10 | 18-Dec-2000 |
lukem | Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
advertised to the client for PASV transfers. this may be useful in
certain firewall/NAT environments.
Feature requested in [bin/9606] by Scott Presnell.
* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
`xferlog: '. An example line from syslog (wrapped):
Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c
These messages can be converted to a wu-ftpd style xferlog file
suitable for parsing with third-party tools with something like:
grep 'xferlog: ' /var/log/xferlog | \
sed -e 's/^.*xferlog: //' >wuxferlog
The format is the same as the wu-ftpd xferlog entries (with the leading
syslog stuff), but different from the wu-ftpd syslogged xferlog entries
because the latter is not as easy to convert into the standard xferlog
file format.
The choice to only syslog the xferlog messages rather than append to
a /var/log/xferlog file was made because the latter doesn't work to
well in the situation where the logfile is rotated and compressed and
a long-running ftpd still has a file-descriptor to the now nonexistant
xferlog file, and the log message will then get lost.
Feature requested in [bin/11651] by Hubert Feyrer.
Fixes:
* In ftpd(8), clarify the -a and -c options.
* More clarifications in ftpd.conf(5).
* Ensure that all ftpd.conf commands set a parameter back to sane defaults
if an argument of `none' or bad settings are given.
* Support the `chroot' directive for `REAL' users too (for consistency).
* For `GUEST' users, store the supplied password in pw->pw_passwd for use
later in the xferlog.
* If show_chdir_messages() is given a code of -1, flush the cache of
visited directories. Invoke show_chdir_messages(-1) in end_login().
* Only syslog session stats if logging is requested.
* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().
* Use cprintf() instead of fprintf() where appropriate.
* Minor KNF, and make a couple of functions static that were declared static.
|
| 1.9 | 04-Dec-2000 |
itojun | in replydirname(), avoid one-byte overrun.
From: Kristian Vlaardingerbroek <kris@obit.nl> (to bugs@openbsd)
|
| 1.8 | 16-Nov-2000 |
lukem | - new ftpd.conf directives:
maxfilesize set the maximum size of uploaded files
sanenames if set, only permit uploaded filenames that contain
characters from the set "-+,._A-Za-z0-9" and that
don't start with `.'
- new/changed command line options:
-e emailaddr define email address for %E (see below)
-P dataport use dataport as the dataport (instead of ctrlport-1)
-q use pid files to count users [default]
-Q don't use pid files to count users
-u write entries to utmp
-U don't write entries to utmp [default]
-w write entries to wtmp [default]
-W don't write entries to wtmp
NOTE: -U used to mean `write utmp entries'. Its meaning has changed
so that it's orthogonal with -q/-Q and -w/-W. This isn't
considered a major problem, because using -U isn't going to
enable something you don't want, but will disable something
you did want (which is safer).
- new display file escape sequences:
%E email address
%s literal `s' if the previous %M or %N wasn't ``1''.
%S literal `S' if the previous %M or %N wasn't ``1''.
- expand the description of building ~ftp/incoming to cover the
appropriate ftpd.conf(5) directives (which are defaults, but it pays
to explicitly explain them)
- replace strsuftoi() with strsuftoll(), which returns a long long if
supported, otherwise a long
- rework the way that check_modify and check_upload are done in the yacc
parser; they're merged into a common check_write() function which is
called explicitly
- merge all ftpclass `flag variables' into a single bitfield-based flag element
- move various common bits of parse_conf() into a couple of macros
- clean up some comments
|
| 1.7 | 15-Nov-2000 |
lukem | changes to improve portability:
* replace union sockunion {} with struct sockinet {}, and modify the code
accordingly. this is possibly more portable, as it doesn't rely upon
the structure alignment within the union for our own stuff. uses local
su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4)
(XXX: haven't tested the ipv6 stuff)
* always use getaddrinfo() and getnameinfo() instead of maintaining two code
paths. (lukemftpd will provide replacements for these on older systems)
* use lockf() instead of open(.., O_EXLOCK) to lock the pid file
* minor KNF
* clean up long long support: create helper #defines and use as appropriate:
#define NO_LONG_LONG ! NO_LONG_LONG
------- ------------ --------------
LLF "%ld" "%lld"
LLFP(x) "%" x "ld" "%" x "lld"
LLT long long long
ULLF "%lu" "%llu"
ULLFP(x) "%" x "lu" "%" x "llu"
ULLT unsigned long unsigned long long
STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
|
| 1.6 | 10-Jul-2000 |
lukem | base64_encode(): separate out the special case for the last 2 bytes, and
be a bit safer with signed chars. per discussion with kre.
|
| 1.5 | 09-Jul-2000 |
lukem | - base64_encode(): fix garbled output due to fencepost error. output now
appears to match that of 'mimencode' (from metamail).
problem noted by kre@munnari.oz.au.
- fact_unique(): encode a combined dev_t+ino_t chunk rather than separate bits
|
| 1.4 | 19-Jun-2000 |
lukem | branches: 1.4.2; 1.4.4;
rewrite method of traversing facttab[]; use size of list to terminate
not NULL terminated entry (since we need to know the size of other
reasons...)
|
| 1.3 | 19-Jun-2000 |
lukem | various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
|
| 1.2 | 16-Jun-2000 |
explorer | include <krb5/krb5.h> before including extern.h, so krb5_context is defined
|
| 1.1 | 14-Jun-2000 |
lukem | major overhaul (just before netbsd 1.5 :-):
* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
we already supported SIZE and MDTM. add the appropriate FEAT output lines.
* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c
* make dataconn(), feat(), lookup(), opts() and sizecmd() public
* modify struct tab so that it has a `flags' instead of `implemented' element,
and remove the `hasopts' element. If flags == 1, the command is implemented.
if flags == 2, the command is implemented and takes options
* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")
* modify lreply() so that lreply(-2, ...) just outputs the given info without
a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;
* enhance statcmd(). still needs work in the LPRT status stuff.
* crank version
|
| 1.4.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.4.4.1 | 19-Jun-2000 |
minoura | file cmds.c was added on branch minoura-xpg4dl on 2000-06-22 15:58:15 +0000
|
| 1.4.2.5 | 26-Aug-2004 |
jmc | Pullup rev 1.13-1.18,1.20-1.23 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.4.2.4 | 25-Oct-2002 |
itojun | libexec/ftpd/cmds.c 1.19
Correct RFC959 compliance in quoting lines starting with digits (page 36).
(itojun)
|
| 1.4.2.3 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.4.2.2 | 13-Dec-2000 |
he | Pull up revision 1.9 (requested by itojun):
Fix a one-byte buffer overrun.
|
| 1.4.2.1 | 13-Jul-2000 |
thorpej | Pull up revs. 1.4-1.6 (lukem):
fixes some issues with the correct generation of unique facts in
the output of MLSx.
|
| 1.16.2.3 | 31-Aug-2004 |
jmc | Pullup rev 1.17-1.18,1.21-1.23 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.16.2.2 | 11-Jan-2003 |
jmc | Pull up revisions 1.19-1.20 (requested by manu in ticket #1064)
ftpd was unable to service the pwd request once you entered a directory
without search permission. This confused some ftp clients.
We fix this problem by maitaining a cached path when getcwd() does not
work. The symbolic links and ../ are resolved in the cached path, and it
is finnally checked for accuracy by comparing ./ and the cached path
with stat (device and inode comparison). If the comparison fails, pwd
fails as it did before, and if the comparison succeeds, the cached path
is displayed.
If paths are too long, we should just compare ./ with a truncated path
and fail, thus making pwd displaying an error as it did before.
|
| 1.16.2.1 | 01-Nov-2002 |
tron | Pull up revision 1.19 (requested by itojun in ticket #942):
Turns out that our implementation of STAT wasn't RFC 959 compliant.
This version is now RFC 959 compliant, using a patch adapted from one
sent in by david.leonard@eecs.uq.edu.au
openbsd libexec/ftpd/ftpd.c revision 1.69.
(see RFC959 page 36)
|
| 1.22.2.1 | 13-Aug-2004 |
jmc | Pullup rev 1.23 (requested by lukem in ticket #757)
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue.
|
| 1.24.18.2 | 17-Jun-2008 |
yamt | sync with head.
|
| 1.24.18.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.25.2.2 | 24-Sep-2008 |
wrstuden | Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
|
| 1.25.2.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.28.2.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.30.6.2 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.30.6.1 | 30-Oct-2012 |
yamt | sync with head
|
| 1.31.2.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.65 | 29-Sep-2023 |
shm | Fix uninitialized memory usage in count_users()
If the file was previously empty, pids table is not set, the code however used
pids[0] which is uninitialized in this case. In some scenarios it may lead to
propagate garbage value from pids[0] to the file and cause writing outside of
allocated memory.
OK lukem@
|
| 1.64 | 04-Nov-2012 |
christos | branches: 1.64.22; 1.64.32; 1.64.40;
include pwd.h for password stuff
|
| 1.63 | 14-Aug-2011 |
christos | branches: 1.63.2; 1.63.8;
remove gcc-4.5 hack
|
| 1.62 | 15-Mar-2009 |
lukem | Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.
|
| 1.61 | 09-Jun-2008 |
lukem | branches: 1.61.6;
Don't use non-standard "u_<foo>" types.
Strip trailing whitespace (as well as ':'s) off PAM password prompts.
Improve some debug logging related to PAM.
|
| 1.60 | 28-Apr-2008 |
martin | branches: 1.60.2;
Remove clause 3 and 4 from TNF licenses
|
| 1.59 | 09-Mar-2008 |
lukem | branches: 1.59.2;
Switch from lockf() to (more portable) fcntl() locking
|
| 1.58 | 17-Dec-2006 |
christos | branches: 1.58.4; 1.58.8;
fix volatile and initialization issues, from Anon Ymous
|
| 1.57 | 01-Feb-2006 |
christos | debug -> ftpd_debug
xstrdup -> ftpd_strdup
|
| 1.56 | 02-Oct-2005 |
lukem | Fix comment about DEFAULT_UMASK.
Pointed out in private mail by Tetsuya Isaki and Dmitry Sivachenko.
|
| 1.55 | 24-Aug-2005 |
ginsbach | * Add recvbufsize configuration option
This allows for setting the passive socket's SO_RCVBUF. Option works
similarly to the current sendbufsize configuration option.
* Change how recveive_data() works
When reading data from the socket for passive transfers to the server,
receive_data() now works very similar to send_data_with_read(). Reads
from the network are now done using either the filesystem block size or
the configuration option readsize chunks.
* Crank version.h
[Changes discussed with lukem.]
|
| 1.54 | 03-Mar-2005 |
ginsbach | * Add hidesymlinks configuration option
This adds a -L to all ls command arguments so that the file or directory
the link references is listed rather than the link itself. This was
inspired by IRIX ftpd's -S option.
[Discussed with lukem some time ago.]
* Crank version.h [right Luke? :-)]
|
| 1.53 | 11-Dec-2004 |
christos | change _PATH_FOO to _NAME_FOO where FOO is not a path. I'll discuss with
luke what is the best way to fix this.
|
| 1.52 | 09-Aug-2004 |
lukem | Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
|
| 1.51 | 29-Nov-2002 |
lukem | branches: 1.51.2;
- convert to using libc's strsuftoll(3)
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
|
| 1.50 | 16-Nov-2002 |
itojun | audit use of strto* - beware of ERANGE, as well as typecast on result.
|
| 1.49 | 03-Oct-2002 |
lukem | Enable GLOB_BRACE for ftpd.conf(5)'s `notify' directive.
Now it's much easier to list multiple files...
|
| 1.48 | 18-Jun-2002 |
aidan | Added CONF_LL macro, which understands raw 'strsuftoll' conf variables.
|
| 1.47 | 30-May-2002 |
enami | Add optional mmap(2)/write(2) support for binary file transfer.
The default is read(2)/write(2). Note that the sosend_loan needs
some more work for better performance when a file isn't cached.
|
| 1.46 | 04-Dec-2001 |
lukem | branches: 1.46.2;
Add two new ftpd.conf(5) directives:
- 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER
command instead of the PASS command. whilst this might provide some
info leakage of accounts names if you have some `real' or `chroot'
users enabled and not others, it does prevent accidental entering of
such passwords if you have all such users denied. This option is
strongly recommended on anonymous-only servers.
Functionality requested by Rob Windsor in [bin/12602]
- 'private'; don't display class related information in the output of STAT.
For paranoid admins.
|
| 1.45 | 01-Dec-2001 |
lukem | - enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2
|
| 1.44 | 19-Sep-2001 |
lukem | a few changes from Mike Heffner <mheffner@vt.edu> in private email:
- totally clear a glob buffer before use, because FreeBSD depends on
some of the other fields being cleared (other than just gl_offs)
- in strend(), ensure that the source string isn't too large
- remove unnecessarily complicated sizing of proctitle, since snprintf()
will truncate it anyway
|
| 1.43 | 26-Jun-2001 |
lukem | s/tise/tize/ in docco, add "advertize" as synonym for "advertise"
|
| 1.42 | 25-May-2001 |
kristerw | Initialize a pointer needed when expanding the %C "display file escape
sequence".
|
| 1.41 | 25-Apr-2001 |
lukem | crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
|
| 1.40 | 18-Mar-2001 |
christos | don't leak globbed memory.
|
| 1.39 | 16-Mar-2001 |
christos | Use GLOB_LIMIT. Also fix a bug where gl_offs was not initialized and could
contain trash.
|
| 1.38 | 16-Mar-2001 |
lukem | don't support t(erabyte) as a suffix in strsuftoll() #ifdef NO_LONG_LONG
|
| 1.37 | 18-Dec-2000 |
lukem | Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
advertised to the client for PASV transfers. this may be useful in
certain firewall/NAT environments.
Feature requested in [bin/9606] by Scott Presnell.
* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
`xferlog: '. An example line from syslog (wrapped):
Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c
These messages can be converted to a wu-ftpd style xferlog file
suitable for parsing with third-party tools with something like:
grep 'xferlog: ' /var/log/xferlog | \
sed -e 's/^.*xferlog: //' >wuxferlog
The format is the same as the wu-ftpd xferlog entries (with the leading
syslog stuff), but different from the wu-ftpd syslogged xferlog entries
because the latter is not as easy to convert into the standard xferlog
file format.
The choice to only syslog the xferlog messages rather than append to
a /var/log/xferlog file was made because the latter doesn't work to
well in the situation where the logfile is rotated and compressed and
a long-running ftpd still has a file-descriptor to the now nonexistant
xferlog file, and the log message will then get lost.
Feature requested in [bin/11651] by Hubert Feyrer.
Fixes:
* In ftpd(8), clarify the -a and -c options.
* More clarifications in ftpd.conf(5).
* Ensure that all ftpd.conf commands set a parameter back to sane defaults
if an argument of `none' or bad settings are given.
* Support the `chroot' directive for `REAL' users too (for consistency).
* For `GUEST' users, store the supplied password in pw->pw_passwd for use
later in the xferlog.
* If show_chdir_messages() is given a code of -1, flush the cache of
visited directories. Invoke show_chdir_messages(-1) in end_login().
* Only syslog session stats if logging is requested.
* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().
* Use cprintf() instead of fprintf() where appropriate.
* Minor KNF, and make a couple of functions static that were declared static.
|
| 1.36 | 16-Nov-2000 |
lukem | - new ftpd.conf directives:
maxfilesize set the maximum size of uploaded files
sanenames if set, only permit uploaded filenames that contain
characters from the set "-+,._A-Za-z0-9" and that
don't start with `.'
- new/changed command line options:
-e emailaddr define email address for %E (see below)
-P dataport use dataport as the dataport (instead of ctrlport-1)
-q use pid files to count users [default]
-Q don't use pid files to count users
-u write entries to utmp
-U don't write entries to utmp [default]
-w write entries to wtmp [default]
-W don't write entries to wtmp
NOTE: -U used to mean `write utmp entries'. Its meaning has changed
so that it's orthogonal with -q/-Q and -w/-W. This isn't
considered a major problem, because using -U isn't going to
enable something you don't want, but will disable something
you did want (which is safer).
- new display file escape sequences:
%E email address
%s literal `s' if the previous %M or %N wasn't ``1''.
%S literal `S' if the previous %M or %N wasn't ``1''.
- expand the description of building ~ftp/incoming to cover the
appropriate ftpd.conf(5) directives (which are defaults, but it pays
to explicitly explain them)
- replace strsuftoi() with strsuftoll(), which returns a long long if
supported, otherwise a long
- rework the way that check_modify and check_upload are done in the yacc
parser; they're merged into a common check_write() function which is
called explicitly
- merge all ftpclass `flag variables' into a single bitfield-based flag element
- move various common bits of parse_conf() into a couple of macros
- clean up some comments
|
| 1.35 | 15-Nov-2000 |
lukem | changes to improve portability:
* replace union sockunion {} with struct sockinet {}, and modify the code
accordingly. this is possibly more portable, as it doesn't rely upon
the structure alignment within the union for our own stuff. uses local
su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4)
(XXX: haven't tested the ipv6 stuff)
* always use getaddrinfo() and getnameinfo() instead of maintaining two code
paths. (lukemftpd will provide replacements for these on older systems)
* use lockf() instead of open(.., O_EXLOCK) to lock the pid file
* minor KNF
* clean up long long support: create helper #defines and use as appropriate:
#define NO_LONG_LONG ! NO_LONG_LONG
------- ------------ --------------
LLF "%ld" "%lld"
LLFP(x) "%" x "ld" "%" x "lld"
LLT long long long
ULLF "%lu" "%llu"
ULLFP(x) "%" x "lu" "%" x "llu"
ULLT unsigned long unsigned long long
STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
|
| 1.34 | 23-Jul-2000 |
lukem | * make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
|
| 1.33 | 17-Jul-2000 |
lukem | * add two new ftpd.conf(5) directives:
chroot specify dir to chroot to for GUEST and CHROOT users, to
override -a anondir or the user's homedir.
homedir specify dir to change to upon login; also used for ~ expansion
and $HOME for subprocesses)
both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
into dst.
* rename format_file() to display_file()
|
| 1.32 | 09-Jul-2000 |
sommerfeld | More -Wformat cleanups.
|
| 1.31 | 19-Jun-2000 |
lukem | branches: 1.31.2;
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
|
| 1.30 | 20-May-2000 |
lukem | branches: 1.30.2;
convert to ANSI C as per style guide
|
| 1.29 | 13-Jan-2000 |
lukem | suppress verbose messages from CWD and post-login if the first
character of the anonymous password is `-'.
|
| 1.28 | 12-Jan-2000 |
lukem | * add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
consistent.
|
| 1.27 | 10-Jan-2000 |
lukem | fix problem where ftpd.conf lines would match everything if there was
no template defined. noted by Vebjorn Ljosa <ljosa@initio.no>
|
| 1.26 | 09-Jan-2000 |
lukem | * new ftpd.conf directive:
template class [refclass]
following directives for refclass will apply to class as well.
this makes setting up a `template' class with many default settings
easy, whilst allowing for class-specific overrides
* prevent crash when the optional limitfile wasn't given to limit
* document count_users()
* document default setting of limit in ftpd.conf(5)
* crank version
|
| 1.25 | 08-Jan-2000 |
lukem | features:
* add connection limits (`limit' keyword in ftpd.conf)
* move initialisation of curclass from parse_conf() to new function
init_curclass()
* implement count_users(), which determines the number of users in a given
class. a file - /var/run/ftpd.pids-<class> - is used to store a list
of pids in use (effectively an array of pid_t's), and its size is reduced
as necessary.
* new % modifiers in format_file:
%c class
%M maximum connection count
%N current connection count
* always end_login()s, even for refused connections
bugs fixed:
* remove \n from %T output
* fix some inconsistencies in the man pages
* ensure that both `ftp' *and* `anonymous' are allowed in ftpusers.
(this was accidently broken in a recent commit to be ``or'' not ``and'')
* use MAXPATHLEN not MAXPATHLEN+1
* crank copyright date on modified files
* crank version
|
| 1.24 | 12-Dec-1999 |
lukem | * change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
|
| 1.23 | 07-Dec-1999 |
lukem | * change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
(to take advantage of the above changes). fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
|
| 1.22 | 28-Nov-1999 |
lukem | check return val of sl_init() and sl_add()
|
| 1.21 | 25-Aug-1999 |
christos | branches: 1.21.4;
more kerberos5 fixes
|
| 1.20 | 18-May-1999 |
lukem | * fix a problem in retrieve() where arguments to commands weren't working
(this was broken in the last commit). problem noticed by simonb@
* don't display the stderr output of the internal ls.
* modify usage of lreply so that generally only one `XXX-' code per
`block' is displayed; the rest of the lines have four spaces instead.
i find this easier to read.
* fix a couple places where byte accounting wasn't correct
|
| 1.19 | 17-May-1999 |
lukem | features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.
internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
|
| 1.18 | 24-Feb-1999 |
explorer | branches: 1.18.2;
Make this build with KERBEROS5 defined.
|
| 1.17 | 05-Feb-1999 |
lukem | * actually commit the changes which add support for recognising RFC 2228
commands (even if we don't do anything with them)
* in logcmd(), syslog why realpath() failed (if it did).
|
| 1.16 | 28-Dec-1998 |
lukem | * replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.
|
| 1.15 | 06-Sep-1998 |
lukem | * complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
otherwise an invalid command after login incorrectly sets the timeout
to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
(instead of `BSD-199506')
* move all extern-ed vars into extern.h
|
| 1.14 | 30-Jun-1998 |
tv | Add the ability to disable passive connects in ftpd.conf (breaks RFC1123,
STD3, but needed in some firewall environments).
|
| 1.13 | 03-Jun-1998 |
mouse | Show/log the strerror(errno) string when getcwd fails
|
| 1.12 | 03-Jun-1998 |
hubertf | Fix some problems with failed getcwd commands, reported in PR bin/5531
by Saitoh Masanobu <msaitoh@spa.is.uec.ac.jp>.
|
| 1.11 | 01-Apr-1998 |
kleink | Need <time.h> for time(), localtime() and ctime() prototypes.
|
| 1.10 | 16-Nov-1997 |
lukem | log debug stuff using LOG_DEBUG not LOG_INFO
|
| 1.9 | 11-Nov-1997 |
lukem | * change checkportcmd syntax to `checkportcmd class [off]' (as per `modify')
* display current setting of checkportcmd in STAT
* ensure that curclass.checkportcmd is initialised to 0
* document default setting of checkportcmd in ftpd(8)
* cleanup code a bit, putting code for "checkportcmd" in alphabetical order
|
| 1.8 | 11-Nov-1997 |
mrg | add a "checkportcmd <class>" option that stops ftp bounce attacks.
|
| 1.7 | 19-Oct-1997 |
mycroft | branches: 1.7.2;
Use S_IS*(), not S_IF*.
|
| 1.6 | 23-Sep-1997 |
lukem | implement '-c confdir', which allows the specification of an alternate
directory to look for the various configuration files, overriding /etc.
From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
|
| 1.5 | 14-Aug-1997 |
lukem | * don't depend upon buffer returned by fgetln() to remain. fix mainly
from Tatoku Ogaito <tacha@tera.fukui-med.ac.jp> in [bin/3967]
* fgetln() doesn't \0 terminate its string. look for the \n and replace
it with \0 (if no \n, ignore the line - it's most likely corrupt)
* more intensive checks on strdup() returns (not a current mem leak,
but depended upon code elsewhere to cleanup - not good)
* cleanup some syslog error messages
|
| 1.4 | 31-Jul-1997 |
jtc | Fix files using old TNF copyright notice
|
| 1.3 | 22-Jun-1997 |
christos | missed some warnings.
|
| 1.2 | 18-Jun-1997 |
christos | - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
|
| 1.1 | 14-Jun-1997 |
lukem | * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
|
| 1.7.2.3 | 17-Nov-1997 |
mrg | pull up from trunk: fixes from lukem.
|
| 1.7.2.2 | 11-Nov-1997 |
mrg | pull up from trunk: cleanup and a fix to previous (from lukem).
|
| 1.7.2.1 | 11-Nov-1997 |
mrg | pull up from trunk: add a "checkportcmd <class>" option that stops ftp bounce attacks.
|
| 1.18.2.1 | 01-Apr-2001 |
he | Pull up revision 1.39 (requested by christos):
Fixes buffer overflow problems in glob(3). Adds and uses GLOB_LIMIT
to prevent denial of service attacks.
|
| 1.21.4.1 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.30.2.1 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.31.2.3 | 26-Aug-2004 |
jmc | Pullup rev 1.41-1.52 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.31.2.2 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.31.2.1 | 25-Jul-2000 |
lukem | user visible changes (besides checking the cvs log):
* make checkportcmd the default
* add -r; force permanent drop of root privs after login
* add -V vers; change version string to vers
* add -H; act as -h `hostname`
* permanently drop root privs if it makes sense to do so (e.g; logging in as
guest/chroot user on a port > 1024)
* fix reference to draft-ietf-ftpext-mlst-11
* add ftpd.conf directives: chroot, homedir
* fix base64_encode() and generation of the unique fact
* crank version to 20000723
|
| 1.46.2.1 | 31-Aug-2004 |
jmc | Pullup rev 1.47-1.52 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.51.2.1 | 12-Aug-2004 |
jmc | Pullup rev 1.52 (requested by lukem in ticket #757)
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue.
|
| 1.58.8.1 | 24-Mar-2008 |
keiichi | sync with head.
|
| 1.58.4.1 | 23-Mar-2008 |
matt | sync with HEAD
|
| 1.59.2.2 | 17-Jun-2008 |
yamt | sync with head.
|
| 1.59.2.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.60.2.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.61.6.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.63.8.1 | 20-Nov-2012 |
tls | Resync to 2012-11-19 00:00:00 UTC
|
| 1.63.2.1 | 16-Jan-2013 |
yamt | sync with (a bit old) head
|
| 1.64.40.1 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #388):
libexec/ftpd/conf.c: revision 1.65
Fix uninitialized memory usage in count_users()
If the file was previously empty, pids table is not set, the code however used
pids[0] which is uninitialized in this case. In some scenarios it may lead to
propagate garbage value from pids[0] to the file and cause writing outside of
allocated memory.
OK lukem@
|
| 1.64.32.1 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1741):
libexec/ftpd/conf.c: revision 1.65
Fix uninitialized memory usage in count_users()
If the file was previously empty, pids table is not set, the code however used
pids[0] which is uninitialized in this case. In some scenarios it may lead to
propagate garbage value from pids[0] to the file and cause writing outside of
allocated memory.
OK lukem@
|
| 1.64.22.1 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1905):
libexec/ftpd/conf.c: revision 1.65
Fix uninitialized memory usage in count_users()
If the file was previously empty, pids table is not set, the code however used
pids[0] which is uninitialized in this case. In some scenarios it may lead to
propagate garbage value from pids[0] to the file and cause writing outside of
allocated memory.
OK lukem@
|
| 1.66 | 17-Apr-2022 |
andvar | fix various typos in comments.
|
| 1.65 | 15-Oct-2019 |
christos | bump sizes
|
| 1.64 | 23-Jun-2018 |
gson | branches: 1.64.2; 1.64.4;
No semicolon after macro do ... while (0) wrapper.
|
| 1.63 | 21-Mar-2013 |
lukem | branches: 1.63.22; 1.63.28;
Convert from __attribute__(foo) to the __foo equiv in <sys/cdefs.h>
|
| 1.62 | 29-Aug-2011 |
joerg | branches: 1.62.2; 1.62.8;
Use __dead
|
| 1.61 | 13-Jul-2009 |
roy | Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.
|
| 1.60 | 15-Mar-2009 |
lukem | Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.
|
| 1.59 | 08-Jan-2009 |
christos | branches: 1.59.2;
PR/40339: Ed Ravin: make ftpd log both the hostname and numeric address.
|
| 1.58 | 13-Sep-2008 |
lukem | Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.org>
|
| 1.57 | 28-Apr-2008 |
martin | branches: 1.57.2;
Remove clause 3 and 4 from TNF licenses
|
| 1.56 | 22-Jul-2007 |
lukem | branches: 1.56.10; 1.56.12;
Rename HAVE_SOCKADDR_SA_LEN to HAVE_STRUCT_SOCKADDR_SA_LEN.
Use defined(HAVE_foo) instead of just testing HAVE_foo.
|
| 1.55 | 01-Feb-2006 |
christos | branches: 1.55.4; 1.55.8;
debug -> ftpd_debug
xstrdup -> ftpd_strdup
|
| 1.54 | 24-Aug-2005 |
ginsbach | * Add recvbufsize configuration option
This allows for setting the passive socket's SO_RCVBUF. Option works
similarly to the current sendbufsize configuration option.
* Change how recveive_data() works
When reading data from the socket for passive transfers to the server,
receive_data() now works very similar to send_data_with_read(). Reads
from the network are now done using either the filesystem block size or
the configuration option readsize chunks.
* Crank version.h
[Changes discussed with lukem.]
|
| 1.53 | 23-Jun-2005 |
christos | cleanup utmp and utmpx support.
- make them symmetric
- add a function to open the wtmp file explicitly very early in the game
|
| 1.52 | 03-Mar-2005 |
ginsbach | branches: 1.52.2; 1.52.4; 1.52.6;
* Add hidesymlinks configuration option
This adds a -L to all ls command arguments so that the file or directory
the link references is listed rather than the link itself. This was
inspired by IRIX ftpd's -S option.
[Discussed with lukem some time ago.]
* Crank version.h [right Luke? :-)]
|
| 1.51 | 11-Nov-2004 |
christos | Don't write trash in ut_ss; either initialize it to 0, or put in the proper
information.
|
| 1.50 | 09-Aug-2004 |
lukem | Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
|
| 1.49 | 07-Aug-2003 |
agc | branches: 1.49.2;
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
|
| 1.48 | 30-Jun-2003 |
tacha | Add ftpd_loginx() and ftpd_logwtmpx() and use them to hold wtmpx file
open while a session.
Close bin/21692 by bqt@Krille.Update.UU.SE.
|
| 1.47 | 23-Feb-2003 |
lukem | rename local copies of login(), logout() and logwtmp() to
ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively.
(makes utmp support much easier in tnftpd).
per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who
forwarded patch from Michael Ranner <mranner@inode.at>.
|
| 1.46 | 19-Feb-2003 |
matt | gidlist is nolonger an array.
|
| 1.45 | 29-Nov-2002 |
lukem | - convert to using libc's strsuftoll(3)
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
|
| 1.44 | 30-May-2002 |
enami | Add optional mmap(2)/write(2) support for binary file transfer.
The default is read(2)/write(2). Note that the sosend_loan needs
some more work for better performance when a file isn't cached.
|
| 1.43 | 04-Dec-2001 |
lukem | branches: 1.43.2;
Add two new ftpd.conf(5) directives:
- 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER
command instead of the PASS command. whilst this might provide some
info leakage of accounts names if you have some `real' or `chroot'
users enabled and not others, it does prevent accidental entering of
such passwords if you have all such users denied. This option is
strongly recommended on anonymous-only servers.
Functionality requested by Rob Windsor in [bin/12602]
- 'private'; don't display class related information in the output of STAT.
For paranoid admins.
|
| 1.42 | 13-Jul-2001 |
lukem | use __NetBSD__ instead of BSD4_4 to determine if we should automatically
define HAVE_SETPROCTITLE and HAVE_SOCKADDR_SA_LEN, because certain
operating systems from a vendor which claims to be the biggest unix
vendor as of two months ago #define BSD4_4 and THEN REMOVE BITS OF THE
4.4BSD API!
anyway, this won't affect other systems which use lukemftpd (e.g,
other 4.4BSD derived systems), because autoconf will set HAVE_SETPROCTITLE
as appropriate. the point of this little code fragment is to remove the
need to have -DHAVE_SETPROCTITLE ... in our libexec/ftpd/Makefile
</rant>
|
| 1.41 | 25-Apr-2001 |
lukem | crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
|
| 1.40 | 01-Apr-2001 |
aidan | add 'noreturn' attribute to ftp_loop, to fix a cc warning.
|
| 1.39 | 01-Apr-2001 |
aidan | As threatened, handle OOB commands from within ftpcmd.y.
This involved changing the yacc syntax to be line-oriented, rather than
having it run against the entire input at once, and adding a flag to
struct tab, to indicate if or not it's acceptable for a command to occur
OOB.
|
| 1.38 | 04-Feb-2001 |
christos | fix redundant declarations.
|
| 1.37 | 18-Dec-2000 |
lukem | Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
advertised to the client for PASV transfers. this may be useful in
certain firewall/NAT environments.
Feature requested in [bin/9606] by Scott Presnell.
* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
`xferlog: '. An example line from syslog (wrapped):
Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c
These messages can be converted to a wu-ftpd style xferlog file
suitable for parsing with third-party tools with something like:
grep 'xferlog: ' /var/log/xferlog | \
sed -e 's/^.*xferlog: //' >wuxferlog
The format is the same as the wu-ftpd xferlog entries (with the leading
syslog stuff), but different from the wu-ftpd syslogged xferlog entries
because the latter is not as easy to convert into the standard xferlog
file format.
The choice to only syslog the xferlog messages rather than append to
a /var/log/xferlog file was made because the latter doesn't work to
well in the situation where the logfile is rotated and compressed and
a long-running ftpd still has a file-descriptor to the now nonexistant
xferlog file, and the log message will then get lost.
Feature requested in [bin/11651] by Hubert Feyrer.
Fixes:
* In ftpd(8), clarify the -a and -c options.
* More clarifications in ftpd.conf(5).
* Ensure that all ftpd.conf commands set a parameter back to sane defaults
if an argument of `none' or bad settings are given.
* Support the `chroot' directive for `REAL' users too (for consistency).
* For `GUEST' users, store the supplied password in pw->pw_passwd for use
later in the xferlog.
* If show_chdir_messages() is given a code of -1, flush the cache of
visited directories. Invoke show_chdir_messages(-1) in end_login().
* Only syslog session stats if logging is requested.
* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().
* Use cprintf() instead of fprintf() where appropriate.
* Minor KNF, and make a couple of functions static that were declared static.
|
| 1.36 | 30-Nov-2000 |
lukem | - move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
support if this is to be used on NetBSD.
|
| 1.35 | 16-Nov-2000 |
lukem | - new ftpd.conf directives:
maxfilesize set the maximum size of uploaded files
sanenames if set, only permit uploaded filenames that contain
characters from the set "-+,._A-Za-z0-9" and that
don't start with `.'
- new/changed command line options:
-e emailaddr define email address for %E (see below)
-P dataport use dataport as the dataport (instead of ctrlport-1)
-q use pid files to count users [default]
-Q don't use pid files to count users
-u write entries to utmp
-U don't write entries to utmp [default]
-w write entries to wtmp [default]
-W don't write entries to wtmp
NOTE: -U used to mean `write utmp entries'. Its meaning has changed
so that it's orthogonal with -q/-Q and -w/-W. This isn't
considered a major problem, because using -U isn't going to
enable something you don't want, but will disable something
you did want (which is safer).
- new display file escape sequences:
%E email address
%s literal `s' if the previous %M or %N wasn't ``1''.
%S literal `S' if the previous %M or %N wasn't ``1''.
- expand the description of building ~ftp/incoming to cover the
appropriate ftpd.conf(5) directives (which are defaults, but it pays
to explicitly explain them)
- replace strsuftoi() with strsuftoll(), which returns a long long if
supported, otherwise a long
- rework the way that check_modify and check_upload are done in the yacc
parser; they're merged into a common check_write() function which is
called explicitly
- merge all ftpclass `flag variables' into a single bitfield-based flag element
- move various common bits of parse_conf() into a couple of macros
- clean up some comments
|
| 1.34 | 15-Nov-2000 |
lukem | changes to improve portability:
* replace union sockunion {} with struct sockinet {}, and modify the code
accordingly. this is possibly more portable, as it doesn't rely upon
the structure alignment within the union for our own stuff. uses local
su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4)
(XXX: haven't tested the ipv6 stuff)
* always use getaddrinfo() and getnameinfo() instead of maintaining two code
paths. (lukemftpd will provide replacements for these on older systems)
* use lockf() instead of open(.., O_EXLOCK) to lock the pid file
* minor KNF
* clean up long long support: create helper #defines and use as appropriate:
#define NO_LONG_LONG ! NO_LONG_LONG
------- ------------ --------------
LLF "%ld" "%lld"
LLFP(x) "%" x "ld" "%" x "lld"
LLT long long long
ULLF "%lu" "%llu"
ULLFP(x) "%" x "lu" "%" x "llu"
ULLT unsigned long unsigned long long
STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
|
| 1.33 | 13-Nov-2000 |
itojun | - improve RFC2428 conformance.
return 522 on unknown protocol identifier on EPRT.
- clarify EPSV/EPRT/LPSV/LPRT behavior.
- repair memory leak and lack of boundary check on EPRT.
- make sure we do not resolve DNS on EPRT.
sync with kame.
|
| 1.32 | 15-Sep-2000 |
christos | Make this compile again without -DINET6 and without get{addr,name}info(3)
This ftpd now compiles and runs on NetBSD/1.4.2 with:
CPPFLAGS+= \
'-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \
'-Dstrlcat=strncat' \
'-Dsl_add(a,b)=(sl_add(a,b),0)'
|
| 1.31 | 23-Jul-2000 |
lukem | * make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
|
| 1.30 | 17-Jul-2000 |
lukem | * add two new ftpd.conf(5) directives:
chroot specify dir to chroot to for GUEST and CHROOT users, to
override -a anondir or the user's homedir.
homedir specify dir to change to upon login; also used for ~ expansion
and $HOME for subprocesses)
both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
into dst.
* rename format_file() to display_file()
|
| 1.29 | 08-Jul-2000 |
sommerfeld | More format paranoia.
|
| 1.28 | 19-Jun-2000 |
lukem | branches: 1.28.2;
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
|
| 1.27 | 14-Jun-2000 |
lukem | major overhaul (just before netbsd 1.5 :-):
* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
we already supported SIZE and MDTM. add the appropriate FEAT output lines.
* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c
* make dataconn(), feat(), lookup(), opts() and sizecmd() public
* modify struct tab so that it has a `flags' instead of `implemented' element,
and remove the `hasopts' element. If flags == 1, the command is implemented.
if flags == 2, the command is implemented and takes options
* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")
* modify lreply() so that lreply(-2, ...) just outputs the given info without
a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;
* enhance statcmd(). still needs work in the LPRT status stuff.
* crank version
|
| 1.26 | 20-May-2000 |
lukem | branches: 1.26.2;
convert to ANSI C as per style guide
|
| 1.25 | 05-Mar-2000 |
lukem | * don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
|
| 1.24 | 13-Jan-2000 |
lukem | suppress verbose messages from CWD and post-login if the first
character of the anonymous password is `-'.
|
| 1.23 | 12-Jan-2000 |
lukem | * add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
consistent.
|
| 1.22 | 08-Jan-2000 |
lukem | features:
* add connection limits (`limit' keyword in ftpd.conf)
* move initialisation of curclass from parse_conf() to new function
init_curclass()
* implement count_users(), which determines the number of users in a given
class. a file - /var/run/ftpd.pids-<class> - is used to store a list
of pids in use (effectively an array of pid_t's), and its size is reduced
as necessary.
* new % modifiers in format_file:
%c class
%M maximum connection count
%N current connection count
* always end_login()s, even for refused connections
bugs fixed:
* remove \n from %T output
* fix some inconsistencies in the man pages
* ensure that both `ftp' *and* `anonymous' are allowed in ftpusers.
(this was accidently broken in a recent commit to be ``or'' not ``and'')
* use MAXPATHLEN not MAXPATHLEN+1
* crank copyright date on modified files
* crank version
|
| 1.21 | 12-Dec-1999 |
lukem | * change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
|
| 1.20 | 07-Dec-1999 |
lukem | * change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
(to take advantage of the above changes). fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
|
| 1.19 | 02-Jul-1999 |
itojun | branches: 1.19.4;
dual-stack ftpd. run this from inetd, like:
>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
|
| 1.18 | 24-May-1999 |
ross | Define types for ILP32/LP64-harmonized %q[du] arguments.
|
| 1.17 | 18-May-1999 |
lukem | * fix a problem in retrieve() where arguments to commands weren't working
(this was broken in the last commit). problem noticed by simonb@
* don't display the stderr output of the internal ls.
* modify usage of lreply so that generally only one `XXX-' code per
`block' is displayed; the rest of the lines have four spaces instead.
i find this easier to read.
* fix a couple places where byte accounting wasn't correct
|
| 1.16 | 17-May-1999 |
lukem | features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.
internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
|
| 1.15 | 28-Dec-1998 |
lukem | * replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.
|
| 1.14 | 12-Sep-1998 |
kleink | Make the external declaration of `transflag' match its definition; from R. C.
Dowdeswell <elric@mabelode.imrryr.org> in PR bin/6141.
|
| 1.13 | 07-Sep-1998 |
lukem | remove nack() - missed in previous work
|
| 1.12 | 07-Sep-1998 |
lukem | new features:
* implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM.
OPTS only works on NOOP (as a test).
* extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry
can take an optional trailing `yes' or `no' which indicates if
chroot should be done (defaults to `yes').
based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769]
cleanups/bugs:
* reorder and reformat entries in yacc parser to match cmdtab[].
add a blank line between each rule.
* add short hasopts and char *options to struct tab, to support OPTS.
* deprecate upper(); use strcasecmp() instead of strcmp()
* remove unnecessary for (;;) { } in yylex();
* replace copy() and sgetsave() with xstrdup()
* fix a couple of `hasyyerrored = 1' that were accidently removed.
|
| 1.11 | 06-Sep-1998 |
lukem | * complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
otherwise an invalid command after login incorrectly sets the timeout
to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
(instead of `BSD-199506')
* move all extern-ed vars into extern.h
|
| 1.10 | 27-Jul-1998 |
mycroft | const poisoning.
|
| 1.9 | 27-Jul-1998 |
mycroft | const poisoning.
|
| 1.8 | 30-Jun-1998 |
tv | Add the ability to disable passive connects in ftpd.conf (breaks RFC1123,
STD3, but needed in some firewall environments).
|
| 1.7 | 11-Nov-1997 |
lukem | * change checkportcmd syntax to `checkportcmd class [off]' (as per `modify')
* display current setting of checkportcmd in STAT
* ensure that curclass.checkportcmd is initialised to 0
* document default setting of checkportcmd in ftpd(8)
* cleanup code a bit, putting code for "checkportcmd" in alphabetical order
|
| 1.6 | 11-Nov-1997 |
mrg | add a "checkportcmd <class>" option that stops ftp bounce attacks.
|
| 1.5 | 23-Sep-1997 |
lukem | branches: 1.5.2;
implement '-c confdir', which allows the specification of an alternate
directory to look for the various configuration files, overriding /etc.
From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
|
| 1.4 | 18-Jun-1997 |
christos | - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
|
| 1.3 | 14-Jun-1997 |
lukem | * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
|
| 1.2 | 11-Apr-1995 |
cgd | clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
|
| 1.1 | 29-Jun-1994 |
deraadt | branches: 1.1.1;
4.4-lite, plus our local changes
|
| 1.1.1.1 | 29-Mar-1997 |
cjs | Lite-1 Import.
|
| 1.5.2.2 | 11-Nov-1997 |
mrg | pull up from trunk: cleanup and a fix to previous (from lukem).
|
| 1.5.2.1 | 11-Nov-1997 |
mrg | pull up from trunk: add a "checkportcmd <class>" option that stops ftp bounce attacks.
|
| 1.19.4.1 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.26.2.1 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.28.2.3 | 26-Aug-2004 |
jmc | Pullup rev 1.39-1.50 + patch (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.28.2.2 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.28.2.1 | 25-Jul-2000 |
lukem | user visible changes (besides checking the cvs log):
* make checkportcmd the default
* add -r; force permanent drop of root privs after login
* add -V vers; change version string to vers
* add -H; act as -h `hostname`
* permanently drop root privs if it makes sense to do so (e.g; logging in as
guest/chroot user on a port > 1024)
* fix reference to draft-ietf-ftpext-mlst-11
* add ftpd.conf directives: chroot, homedir
* fix base64_encode() and generation of the unique fact
* crank version to 20000723
|
| 1.43.2.1 | 31-Aug-2004 |
jmc | Pullup rev 1.44-1.50 + patch (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.49.2.1 | 12-Aug-2004 |
jmc | Pullup rev 1.50 (requested by lukem in ticket #757)
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue.
|
| 1.52.6.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.52.4.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.52.2.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.55.8.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1202):
libexec/ftpd/ftpd.c: revision 1.187
libexec/ftpd/extern.h: revision 1.58
libexec/ftpd/version.h: patch
libexec/ftpd/ftpcmd.y: revision 1.88
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.55.4.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1202):
libexec/ftpd/ftpd.c: revision 1.187
libexec/ftpd/extern.h: revision 1.58
libexec/ftpd/version.h: patch
libexec/ftpd/ftpcmd.y: revision 1.88
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.56.12.2 | 22-Jul-2007 |
lukem | Rename HAVE_SOCKADDR_SA_LEN to HAVE_STRUCT_SOCKADDR_SA_LEN.
Use defined(HAVE_foo) instead of just testing HAVE_foo.
|
| 1.56.12.1 | 22-Jul-2007 |
lukem | file extern.h was added on branch matt-mips64 on 2007-07-22 05:06:46 +0000
|
| 1.56.10.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.57.2.1 | 24-Sep-2008 |
wrstuden | Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
|
| 1.59.2.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.62.8.1 | 23-Jun-2013 |
tls | resync from head
|
| 1.62.2.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.63.28.1 | 25-Jun-2018 |
pgoyette | Sync with HEAD
|
| 1.63.22.1 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1901):
libexec/ftpd/extern.h: revision 1.65
libexec/ftpd/ftpd.c: revision 1.205
bump sizes
|
| 1.64.4.1 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1737):
libexec/ftpd/extern.h: revision 1.65
libexec/ftpd/ftpd.c: revision 1.205
bump sizes
|
| 1.64.2.1 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.96 | 16-Feb-2024 |
jkoshy | Remove obsolete code.
Per src/doc/CHANGES.prev support for the NI_WITHSCOPEID flag was removed
in NetBSD 1.6.
|
| 1.95 | 22-Sep-2023 |
shm | Add missing check_login checks for MLST and MLSD
|
| 1.94 | 10-Aug-2015 |
shm | branches: 1.94.8; 1.94.18; 1.94.26;
Use explicit_memset(3) instead of memset(3) to clear password
|
| 1.93 | 16-Sep-2011 |
plunky | NULL does not need a cast, here
|
| 1.92 | 01-Jul-2011 |
joerg | Fix memcpy usage.
|
| 1.91 | 14-Jan-2011 |
christos | PR/44390: Paul Koning: make code gcc-4.5.1 friendly.
|
| 1.90 | 13-Jul-2009 |
roy | Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.
|
| 1.89 | 15-Mar-2009 |
lukem | Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.
|
| 1.88 | 13-Sep-2008 |
lukem | branches: 1.88.6;
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.org>
|
| 1.87 | 28-Apr-2008 |
martin | branches: 1.87.2;
Remove clause 3 and 4 from TNF licenses
|
| 1.86 | 22-Jul-2007 |
lukem | branches: 1.86.10; 1.86.12;
Rename HAVE_SOCKADDR_SA_LEN to HAVE_STRUCT_SOCKADDR_SA_LEN.
Use defined(HAVE_foo) instead of just testing HAVE_foo.
|
| 1.85 | 10-May-2007 |
lukem | Replace references from draft-ietf-ftpext-mlst-NN to RFC 3659.
|
| 1.84 | 01-Feb-2006 |
christos | branches: 1.84.4; 1.84.8;
debug -> ftpd_debug
xstrdup -> ftpd_strdup
|
| 1.83 | 03-Mar-2005 |
ginsbach | branches: 1.83.2; 1.83.4; 1.83.6;
* Add hidesymlinks configuration option
This adds a -L to all ls command arguments so that the file or directory
the link references is listed rather than the link itself. This was
inspired by IRIX ftpd's -S option.
[Discussed with lukem some time ago.]
* Crank version.h [right Luke? :-)]
|
| 1.82 | 05-Jan-2005 |
lukem | Reorder some declarations so that parsers generated by bison can compile.
Fix from Michael Richardson.
|
| 1.81 | 05-Nov-2004 |
dsl | Add (unsigned char) cast to ctype functions
|
| 1.80 | 09-Aug-2004 |
lukem | Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
|
| 1.79 | 16-Jul-2004 |
lukem | Correctly clamp illegal "SITE CHMOD" mode values. From OpenBSD.
|
| 1.78 | 16-Jul-2004 |
lukem | Fix minor memory leak with fromname. Inspired by OpenBSD.
|
| 1.77 | 07-Aug-2003 |
agc | branches: 1.77.2;
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
|
| 1.76 | 03-Mar-2003 |
lukem | Don't declare "yylex()" static; AFAICT it shouldn't be, and it causes
build problems with the output of some versions of yacc.
|
| 1.75 | 03-Mar-2003 |
lukem | Fix typos accidentally introduced in rev 1.70 as part of the large
number support.
(NetBSD yacc didn't barf on these, although Solaris and HP/UX's did...)
|
| 1.74 | 24-Feb-2003 |
lukem | use LLT and STRTOLL() instead of off_t and strtoull() for parsing the
"larger than int" arguments from commands. improves portability.
|
| 1.73 | 22-Jan-2003 |
lukem | Fixes from Dmitry Sivachenko <demon@freebsd.org>:
- always set "curname" to something appropriate (even when logging is
not in effect).
- fix usage for "PORT" command
|
| 1.72 | 29-Nov-2002 |
lukem | - convert to using libc's strsuftoll(3)
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
|
| 1.71 | 12-Oct-2002 |
darrenr | * enclose unknown command strings inside a pair of 's to clearly mark the
text as being the 'whole' part received.
* change a HELP reply from 214 to 504 when there is an error looking for
help on a command.
|
| 1.70 | 02-Jul-2002 |
lukem | - Change lexer to support numbers > 2^31-1 (stored in an off_t), and allow
RESTart to use the larger numbers.
Fix from Maxim Konovalov <maxim@freebsd.org>
- Update version
- Minor whitespace changes
|
| 1.69 | 30-Jun-2002 |
tv | We really, actually, positively want to apply the ftpd.conf "passive"
option to all possible *PSV commands. Some ftp servers are simply not
capable of passive connections, hence the option....
|
| 1.68 | 15-Jun-2002 |
lukem | crank copyright
|
| 1.67 | 15-Jun-2002 |
lukem | Implement "SITE UMASK" `enabled command' check with (modified)
check_write(), so that a user who has modify disabled gets an error
message rather than a hung connection.
Noted by M.J. Rutter <mjr19@cus.cam.ac.uk> in private email.
|
| 1.66 | 01-Dec-2001 |
lukem | branches: 1.66.2;
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2
|
| 1.65 | 25-Apr-2001 |
lukem | crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
|
| 1.64 | 17-Apr-2001 |
lukem | use own code instead of bother with glob() to do ~ expansion in pathname;
there's no need to support glob wildcards in this case when it's not expanded
here in the non-~ case
|
| 1.63 | 17-Apr-2001 |
lukem | limit the number of matches in a ~ pathname glob, and complain if more
than one path is matched.
|
| 1.62 | 12-Apr-2001 |
lukem | minor knf post aidan's oob rototill
|
| 1.61 | 10-Apr-2001 |
itojun | make checkportcmd address family independent, and correct IPv4 case. PR 12558.
|
| 1.60 | 01-Apr-2001 |
aidan | As threatened, handle OOB commands from within ftpcmd.y.
This involved changing the yacc syntax to be line-oriented, rather than
having it run against the entire input at once, and adding a flag to
struct tab, to indicate if or not it's acceptable for a command to occur
OOB.
|
| 1.59 | 18-Dec-2000 |
lukem | Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
advertised to the client for PASV transfers. this may be useful in
certain firewall/NAT environments.
Feature requested in [bin/9606] by Scott Presnell.
* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
`xferlog: '. An example line from syslog (wrapped):
Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c
These messages can be converted to a wu-ftpd style xferlog file
suitable for parsing with third-party tools with something like:
grep 'xferlog: ' /var/log/xferlog | \
sed -e 's/^.*xferlog: //' >wuxferlog
The format is the same as the wu-ftpd xferlog entries (with the leading
syslog stuff), but different from the wu-ftpd syslogged xferlog entries
because the latter is not as easy to convert into the standard xferlog
file format.
The choice to only syslog the xferlog messages rather than append to
a /var/log/xferlog file was made because the latter doesn't work to
well in the situation where the logfile is rotated and compressed and
a long-running ftpd still has a file-descriptor to the now nonexistant
xferlog file, and the log message will then get lost.
Feature requested in [bin/11651] by Hubert Feyrer.
Fixes:
* In ftpd(8), clarify the -a and -c options.
* More clarifications in ftpd.conf(5).
* Ensure that all ftpd.conf commands set a parameter back to sane defaults
if an argument of `none' or bad settings are given.
* Support the `chroot' directive for `REAL' users too (for consistency).
* For `GUEST' users, store the supplied password in pw->pw_passwd for use
later in the xferlog.
* If show_chdir_messages() is given a code of -1, flush the cache of
visited directories. Invoke show_chdir_messages(-1) in end_login().
* Only syslog session stats if logging is requested.
* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().
* Use cprintf() instead of fprintf() where appropriate.
* Minor KNF, and make a couple of functions static that were declared static.
|
| 1.58 | 30-Nov-2000 |
lukem | - move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
support if this is to be used on NetBSD.
|
| 1.57 | 28-Nov-2000 |
lukem | - ensure all uses of AF_INET6 are wrapped in #ifdef INET6
- don't define `ALL' as a token twice in the grammar
|
| 1.56 | 16-Nov-2000 |
lukem | - new ftpd.conf directives:
maxfilesize set the maximum size of uploaded files
sanenames if set, only permit uploaded filenames that contain
characters from the set "-+,._A-Za-z0-9" and that
don't start with `.'
- new/changed command line options:
-e emailaddr define email address for %E (see below)
-P dataport use dataport as the dataport (instead of ctrlport-1)
-q use pid files to count users [default]
-Q don't use pid files to count users
-u write entries to utmp
-U don't write entries to utmp [default]
-w write entries to wtmp [default]
-W don't write entries to wtmp
NOTE: -U used to mean `write utmp entries'. Its meaning has changed
so that it's orthogonal with -q/-Q and -w/-W. This isn't
considered a major problem, because using -U isn't going to
enable something you don't want, but will disable something
you did want (which is safer).
- new display file escape sequences:
%E email address
%s literal `s' if the previous %M or %N wasn't ``1''.
%S literal `S' if the previous %M or %N wasn't ``1''.
- expand the description of building ~ftp/incoming to cover the
appropriate ftpd.conf(5) directives (which are defaults, but it pays
to explicitly explain them)
- replace strsuftoi() with strsuftoll(), which returns a long long if
supported, otherwise a long
- rework the way that check_modify and check_upload are done in the yacc
parser; they're merged into a common check_write() function which is
called explicitly
- merge all ftpclass `flag variables' into a single bitfield-based flag element
- move various common bits of parse_conf() into a couple of macros
- clean up some comments
|
| 1.55 | 15-Nov-2000 |
lukem | changes to improve portability:
* replace union sockunion {} with struct sockinet {}, and modify the code
accordingly. this is possibly more portable, as it doesn't rely upon
the structure alignment within the union for our own stuff. uses local
su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4)
(XXX: haven't tested the ipv6 stuff)
* always use getaddrinfo() and getnameinfo() instead of maintaining two code
paths. (lukemftpd will provide replacements for these on older systems)
* use lockf() instead of open(.., O_EXLOCK) to lock the pid file
* minor KNF
* clean up long long support: create helper #defines and use as appropriate:
#define NO_LONG_LONG ! NO_LONG_LONG
------- ------------ --------------
LLF "%ld" "%lld"
LLFP(x) "%" x "ld" "%" x "lld"
LLT long long long
ULLF "%lu" "%llu"
ULLFP(x) "%" x "lu" "%" x "llu"
ULLT unsigned long unsigned long long
STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
|
| 1.54 | 13-Nov-2000 |
itojun | - improve RFC2428 conformance.
return 522 on unknown protocol identifier on EPRT.
- clarify EPSV/EPRT/LPSV/LPRT behavior.
- repair memory leak and lack of boundary check on EPRT.
- make sure we do not resolve DNS on EPRT.
sync with kame.
|
| 1.53 | 15-Sep-2000 |
christos | Make this compile again without -DINET6 and without get{addr,name}info(3)
This ftpd now compiles and runs on NetBSD/1.4.2 with:
CPPFLAGS+= \
'-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \
'-Dstrlcat=strncat' \
'-Dsl_add(a,b)=(sl_add(a,b),0)'
|
| 1.52 | 23-Jul-2000 |
lukem | * make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
|
| 1.51 | 17-Jul-2000 |
lukem | * add two new ftpd.conf(5) directives:
chroot specify dir to chroot to for GUEST and CHROOT users, to
override -a anondir or the user's homedir.
homedir specify dir to change to upon login; also used for ~ expansion
and $HOME for subprocesses)
both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
into dst.
* rename format_file() to display_file()
|
| 1.50 | 15-Jul-2000 |
lukem | * add -H, which acts like -h `hostname`. (requested by kim@)
* refer to draft-ietf-ftpext-mlst-11 instead of -10
|
| 1.49 | 08-Jul-2000 |
sommerfeld | More format paranoia.
|
| 1.48 | 19-Jun-2000 |
lukem | branches: 1.48.2;
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
|
| 1.47 | 14-Jun-2000 |
lukem | major overhaul (just before netbsd 1.5 :-):
* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
we already supported SIZE and MDTM. add the appropriate FEAT output lines.
* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c
* make dataconn(), feat(), lookup(), opts() and sizecmd() public
* modify struct tab so that it has a `flags' instead of `implemented' element,
and remove the `hasopts' element. If flags == 1, the command is implemented.
if flags == 2, the command is implemented and takes options
* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")
* modify lreply() so that lreply(-2, ...) just outputs the given info without
a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;
* enhance statcmd(). still needs work in the LPRT status stuff.
* crank version
|
| 1.46 | 20-May-2000 |
lukem | branches: 1.46.2;
convert to ANSI C as per style guide
|
| 1.45 | 05-Mar-2000 |
lukem | * don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
|
| 1.44 | 12-Jan-2000 |
lukem | * add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
consistent.
|
| 1.43 | 21-Dec-1999 |
lukem | trivial simplification
|
| 1.42 | 18-Dec-1999 |
lukem | * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit
The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
|
| 1.41 | 12-Dec-1999 |
lukem | * change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
|
| 1.40 | 07-Dec-1999 |
lukem | * change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
(to take advantage of the above changes). fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
|
| 1.39 | 04-Oct-1999 |
tron | Don't use undefined C expression. Patch supplied by David A. Holland
in PR bin/8534.
|
| 1.38 | 06-Sep-1999 |
simonb | branches: 1.38.2;
In the command table, remove a trailing comma and make white space
consistant.
|
| 1.37 | 01-Sep-1999 |
itojun | ftpd(8): Copy sin6_scope_id from control connection to active data
connection destination, hoping this to help ftpd's behavior with
scoped IPv6 addresses.
I'm not sure if it is the right way, but it is the best way available to us.
LPRT or EPRT command gives no information about which interface (or scope)
to be used for new data connection.
ftp(1): On data connection establishment, warn if scoped address is used.
If peer (ftp daemon) does not handle scoped address, data connection
may not work right.
This seems to be sort of protocol spec hole, not implementation issue.
|
| 1.36 | 25-Aug-1999 |
christos | Make this compile with krb5.
|
| 1.35 | 11-Jul-1999 |
itojun | more sanity check on LPRT.
|
| 1.34 | 11-Jul-1999 |
itojun | make LPRT on IPv4 work.
make LPSV on IPv6 work.
|
| 1.33 | 02-Jul-1999 |
itojun | close data socket when new EPRT command comes.
|
| 1.32 | 02-Jul-1999 |
itojun | dual-stack ftpd. run this from inetd, like:
>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
|
| 1.31 | 26-May-1999 |
lukem | move stuff around, so the `thank you' message is counted in the
syslogged bytecount.
|
| 1.30 | 24-May-1999 |
ross | * Cast %q[ud] arguments to fix ILP32/LP64 off_t variation.
* Fix bug in 213 reply: correct ordering of format string args.
|
| 1.29 | 24-May-1999 |
ross | LP64ize %q use.
|
| 1.28 | 18-May-1999 |
lukem | * fix a problem in retrieve() where arguments to commands weren't working
(this was broken in the last commit). problem noticed by simonb@
* don't display the stderr output of the internal ls.
* modify usage of lreply so that generally only one `XXX-' code per
`block' is displayed; the rest of the lines have four spaces instead.
i find this easier to read.
* fix a couple places where byte accounting wasn't correct
|
| 1.27 | 17-May-1999 |
lukem | features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.
internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
|
| 1.26 | 24-Feb-1999 |
explorer | branches: 1.26.2;
Make this build with KERBEROS5 defined.
|
| 1.25 | 05-Feb-1999 |
lukem | * actually commit the changes which add support for recognising RFC 2228
commands (even if we don't do anything with them)
* in logcmd(), syslog why realpath() failed (if it did).
|
| 1.24 | 28-Dec-1998 |
lukem | * replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.
|
| 1.23 | 07-Sep-1998 |
lukem | new features:
* implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM.
OPTS only works on NOOP (as a test).
* extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry
can take an optional trailing `yes' or `no' which indicates if
chroot should be done (defaults to `yes').
based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769]
cleanups/bugs:
* reorder and reformat entries in yacc parser to match cmdtab[].
add a blank line between each rule.
* add short hasopts and char *options to struct tab, to support OPTS.
* deprecate upper(); use strcasecmp() instead of strcmp()
* remove unnecessary for (;;) { } in yylex();
* replace copy() and sgetsave() with xstrdup()
* fix a couple of `hasyyerrored = 1' that were accidently removed.
|
| 1.22 | 06-Sep-1998 |
lukem | * complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
otherwise an invalid command after login incorrectly sets the timeout
to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
(instead of `BSD-199506')
* move all extern-ed vars into extern.h
|
| 1.21 | 05-Sep-1998 |
lukem | * implement NOARGS state, for commands which don't take any arguments.
fixes long standing ftpd bug where two replies would be returned
to the client if a command was flagged as accepting `ARGS' but the
parser didn't know how to cope. obvious symptom of this would be
ftp client is always one error message `behind' the server.
* consistently refer to the RFC as `RFC 959' not `RFC959' or `RFC-959',
and replace refs to RFC 765 with RFC 959.
* change order of commands in cmdtab[] to: RFC 959, BSD extras, and obsolete.
* whitespace police, deprecate register, replace malloc/strcpy with strdup
|
| 1.20 | 30-Jun-1998 |
tv | Add the ability to disable passive connects in ftpd.conf (breaks RFC1123,
STD3, but needed in some firewall environments).
|
| 1.19 | 21-Jun-1998 |
kleink | GLOB_QUOTE is gone; per POSIX, backslash quoting of special characters being
enabled is the default behaviour.
|
| 1.18 | 21-May-1998 |
lukem | use TM_YEAR_BASE (not 1900) - not that we expect it to change in any case :)
|
| 1.17 | 13-Feb-1998 |
cjs | Disable RNFR command for guest users so that they can't rename (and thus
also overwrite!) files.
|
| 1.16 | 11-Nov-1997 |
mrg | oops, missed this bit in previous change.
|
| 1.15 | 11-Nov-1997 |
mrg | add a "checkportcmd <class>" option that stops ftp bounce attacks.
|
| 1.14 | 24-Jun-1997 |
hannken | branches: 1.14.2;
Add missing braces. `check_modify' returns 0 without a reply. See PR #3779.
|
| 1.13 | 18-Jun-1997 |
christos | - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
|
| 1.12 | 14-Jun-1997 |
lukem | * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
|
| 1.11 | 23-May-1997 |
cjs | Allow setting the directory to which anonymous users chdir from
the command line. Document -u option. A couple of minor cleanups.
|
| 1.10 | 17-May-1997 |
pk | NULL => 0 (Arne Juul; PR#3629)
|
| 1.9 | 27-Apr-1997 |
lukem | * fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups
|
| 1.8 | 30-Mar-1997 |
cjs | Changes to make anonymous uploads more secure. For anonymous users:
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.
|
| 1.7 | 08-Apr-1996 |
jtc | Changed to use 1900 + tm_year instead of hardcoding "19" as the century.
From PR #2308 by Stephen J. Roznowski <sjr@zombie.ncsc.mil>.
|
| 1.6 | 03-Jun-1995 |
mycroft | Fill in sin_len.
|
| 1.5 | 11-Apr-1995 |
cgd | clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
|
| 1.4 | 29-Jun-1994 |
deraadt | 4.4-lite, plus our local changes
|
| 1.3 | 14-Apr-1994 |
cgd | use setproctitle
|
| 1.2 | 01-Aug-1993 |
mycroft | Add RCS identifiers.
|
| 1.1 | 21-Mar-1993 |
cgd | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 29-Mar-1997 |
cjs | Lite-1 Import.
|
| 1.1.1.1 | 21-Mar-1993 |
cgd | initial import of 386bsd-0.1 sources
|
| 1.14.2.3 | 14-Feb-1998 |
mellon | Fix RNFR exploit
|
| 1.14.2.2 | 11-Nov-1997 |
mrg | weird. fix error in previous.
|
| 1.14.2.1 | 11-Nov-1997 |
mrg | pull up from trunk: add a "checkportcmd <class>" option that stops ftp bounce attacks.
|
| 1.26.2.1 | 05-Oct-1999 |
he | Pull up revision 1.39 (requested by tron):
Don't use an undefined C expression, fixing PR#8534.
|
| 1.38.2.1 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.46.2.1 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.48.2.3 | 26-Aug-2004 |
jmc | Pullup rev 1.60-1.80 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.48.2.2 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.48.2.1 | 25-Jul-2000 |
lukem | user visible changes (besides checking the cvs log):
* make checkportcmd the default
* add -r; force permanent drop of root privs after login
* add -V vers; change version string to vers
* add -H; act as -h `hostname`
* permanently drop root privs if it makes sense to do so (e.g; logging in as
guest/chroot user on a port > 1024)
* fix reference to draft-ietf-ftpext-mlst-11
* add ftpd.conf directives: chroot, homedir
* fix base64_encode() and generation of the unique fact
* crank version to 20000723
|
| 1.66.2.3 | 31-Aug-2004 |
jmc | Pullup rev 1.68,1.70-1.80 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.66.2.2 | 06-Nov-2002 |
tron | Pull up revision 1.69 (requested by tv in ticket #418):
We really, actually, positively want to apply the ftpd.conf "passive"
option to all possible *PSV commands. Some ftp servers are simply not
capable of passive connections, hence the option....
|
| 1.66.2.1 | 15-Jun-2002 |
lukem | Pull up revision 1.67 (requested by lukem in ticket #282):
Implement "SITE UMASK" `enabled command' check with (modified)
check_write(), so that a user who has modify disabled gets an error
message rather than a hung connection.
Noted by M.J. Rutter <mjr19@cus.cam.ac.uk> in private email.
|
| 1.77.2.3 | 12-Aug-2004 |
jmc | Pullup rev 1.80 (requested by lukem in ticket #757)
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue.
|
| 1.77.2.2 | 12-Aug-2004 |
jmc | Pullup rev 1.79 (requested by lukem in ticket #756)
Correctly clamp illegal "SITE CHMOD" mode values.
|
| 1.77.2.1 | 12-Aug-2004 |
jmc | Pullup rev 1.78 (requested by lukem in ticket #755)
Fix minor memory leak with fromname.
|
| 1.83.6.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.83.4.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.83.2.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.84.8.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1202):
libexec/ftpd/ftpd.c: revision 1.187
libexec/ftpd/extern.h: revision 1.58
libexec/ftpd/version.h: patch
libexec/ftpd/ftpcmd.y: revision 1.88
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.84.4.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1202):
libexec/ftpd/ftpd.c: revision 1.187
libexec/ftpd/extern.h: revision 1.58
libexec/ftpd/version.h: patch
libexec/ftpd/ftpcmd.y: revision 1.88
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.86.12.2 | 22-Jul-2007 |
lukem | Rename HAVE_SOCKADDR_SA_LEN to HAVE_STRUCT_SOCKADDR_SA_LEN.
Use defined(HAVE_foo) instead of just testing HAVE_foo.
|
| 1.86.12.1 | 22-Jul-2007 |
lukem | file ftpcmd.y was added on branch matt-mips64 on 2007-07-22 05:06:46 +0000
|
| 1.86.10.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.87.2.1 | 24-Sep-2008 |
wrstuden | Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
|
| 1.88.6.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.94.26.1 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #386):
libexec/ftpd/ftpcmd.y: revision 1.95
Add missing check_login checks for MLST and MLSD
|
| 1.94.18.1 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1740):
libexec/ftpd/ftpcmd.y: revision 1.95
Add missing check_login checks for MLST and MLSD
|
| 1.94.8.1 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1904):
libexec/ftpd/ftpcmd.y: revision 1.95
Add missing check_login checks for MLST and MLSD
|
| 1.87 | 28-Apr-2018 |
riastradh | Add -f option to ftpd to stay in foreground with -D.
From nia in PR bin/53221.
|
| 1.86 | 03-Jul-2017 |
wiz | branches: 1.86.4;
Remove workaround for ancient HTML generation code.
|
| 1.85 | 01-May-2009 |
wiz | branches: 1.85.38;
Drop trailing whitespace.
|
| 1.84 | 01-May-2009 |
lukem | Simplify the example command used to extract a wu-ftpd compatible xferlog.
|
| 1.83 | 15-Mar-2009 |
joerg | Declare all columns.
|
| 1.82 | 21-Sep-2008 |
lukem | branches: 1.82.6;
Use passwd(5) instead of /etc/pwd.db as the name of the "password data base".
|
| 1.81 | 16-Sep-2008 |
lukem | Enhance -C to support an optional @host ('-C user[@host]'):
checks whether user as connecting from host would be granted
access by ftpusers(5).
Support IPv6 in the host directive of ftpusers(5).
(May resolve PR 26555)
Both features from Rudolf Cejka <cejkar@fit.vutbr.cz>
(FreeBSD's tnftpd port maintainer).
|
| 1.80 | 02-May-2008 |
martin | branches: 1.80.2;
Move TNF licenses to 2 clause form
|
| 1.79 | 30-Jan-2008 |
lukem | branches: 1.79.4;
Explicitly note the unsupported requests from RFC 2228.
Improvements from FreeBSD:
* Document `ftp-chroot' from login.conf(5).
* Document that SIZE is prevented for files > 10240 bytes via ASCII transfers.
|
| 1.78 | 10-Jun-2007 |
christos | branches: 1.78.4;
PR/36468: Andreas Wrede: ftpd(8) always logs hostnames. Add -n option to display
addresses.
|
| 1.77 | 10-May-2007 |
lukem | Replace references from draft-ietf-ftpext-mlst-NN to RFC 3659.
|
| 1.76 | 07-Aug-2005 |
wiz | Sort options.
|
| 1.75 | 04-Aug-2005 |
peter | Implement option "-D", for running ftpd in standalone mode (daemon).
ftpd will listen on the default FTP port for incoming connections and fork
a child for each connection. This is lower overhead than starting ftpd from
inetd(8) and thus might be useful on busy servers to reduce load.
Inspired by FreeBSD.
Reviewed by lukem@.
|
| 1.74 | 07-Aug-2003 |
agc | Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
|
| 1.73 | 28-Feb-2003 |
lukem | it's actually 2003 ...
|
| 1.72 | 26-Feb-2003 |
lukem | Add '-L xferlogfile', to write xferlog entries there rather than syslog them.
Based on work from Dmitry Sivachenko.
|
| 1.71 | 04-Feb-2003 |
perry | "Utilize" has exactly the same meaning as "use," but it is more
difficult to read and understand. Most manuals of English style
therefore say that you should use "use".
|
| 1.70 | 26-Oct-2002 |
lukem | tweak reference to me
|
| 1.69 | 08-Feb-2002 |
ross | branches: 1.69.2;
Generate <>& symbolically. I'm avoiding .../dist/... directories for now.
|
| 1.68 | 15-Jan-2002 |
wiz | Drop some unnecessary .Pps, sort SEE ALSO, whitespace nits.
|
| 1.67 | 13-Oct-2001 |
lukem | set "upload guest on" in incoming example, even though it is the default
|
| 1.66 | 31-Aug-2001 |
lukem | Expand description of shells(5) requirement.
Per PR [misc/13814] from Alexander Sorg.
|
| 1.65 | 08-Jul-2001 |
lukem | Alan Barrett informs me that "advertise" (instead of "advertize") is
the norm even in American English.
|
| 1.64 | 26-Jun-2001 |
lukem | s/tise/tize/ in docco, add "advertize" as synonym for "advertise"
|
| 1.63 | 18-Dec-2000 |
lukem | Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
advertised to the client for PASV transfers. this may be useful in
certain firewall/NAT environments.
Feature requested in [bin/9606] by Scott Presnell.
* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
`xferlog: '. An example line from syslog (wrapped):
Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c
These messages can be converted to a wu-ftpd style xferlog file
suitable for parsing with third-party tools with something like:
grep 'xferlog: ' /var/log/xferlog | \
sed -e 's/^.*xferlog: //' >wuxferlog
The format is the same as the wu-ftpd xferlog entries (with the leading
syslog stuff), but different from the wu-ftpd syslogged xferlog entries
because the latter is not as easy to convert into the standard xferlog
file format.
The choice to only syslog the xferlog messages rather than append to
a /var/log/xferlog file was made because the latter doesn't work to
well in the situation where the logfile is rotated and compressed and
a long-running ftpd still has a file-descriptor to the now nonexistant
xferlog file, and the log message will then get lost.
Feature requested in [bin/11651] by Hubert Feyrer.
Fixes:
* In ftpd(8), clarify the -a and -c options.
* More clarifications in ftpd.conf(5).
* Ensure that all ftpd.conf commands set a parameter back to sane defaults
if an argument of `none' or bad settings are given.
* Support the `chroot' directive for `REAL' users too (for consistency).
* For `GUEST' users, store the supplied password in pw->pw_passwd for use
later in the xferlog.
* If show_chdir_messages() is given a code of -1, flush the cache of
visited directories. Invoke show_chdir_messages(-1) in end_login().
* Only syslog session stats if logging is requested.
* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().
* Use cprintf() instead of fprintf() where appropriate.
* Minor KNF, and make a couple of functions static that were declared static.
|
| 1.62 | 01-Dec-2000 |
lukem | fix typo
|
| 1.61 | 16-Nov-2000 |
lukem | - new ftpd.conf directives:
maxfilesize set the maximum size of uploaded files
sanenames if set, only permit uploaded filenames that contain
characters from the set "-+,._A-Za-z0-9" and that
don't start with `.'
- new/changed command line options:
-e emailaddr define email address for %E (see below)
-P dataport use dataport as the dataport (instead of ctrlport-1)
-q use pid files to count users [default]
-Q don't use pid files to count users
-u write entries to utmp
-U don't write entries to utmp [default]
-w write entries to wtmp [default]
-W don't write entries to wtmp
NOTE: -U used to mean `write utmp entries'. Its meaning has changed
so that it's orthogonal with -q/-Q and -w/-W. This isn't
considered a major problem, because using -U isn't going to
enable something you don't want, but will disable something
you did want (which is safer).
- new display file escape sequences:
%E email address
%s literal `s' if the previous %M or %N wasn't ``1''.
%S literal `S' if the previous %M or %N wasn't ``1''.
- expand the description of building ~ftp/incoming to cover the
appropriate ftpd.conf(5) directives (which are defaults, but it pays
to explicitly explain them)
- replace strsuftoi() with strsuftoll(), which returns a long long if
supported, otherwise a long
- rework the way that check_modify and check_upload are done in the yacc
parser; they're merged into a common check_write() function which is
called explicitly
- merge all ftpclass `flag variables' into a single bitfield-based flag element
- move various common bits of parse_conf() into a couple of macros
- clean up some comments
|
| 1.60 | 28-Jul-2000 |
lukem | wtmp is in /var/log not /var/run ...
|
| 1.59 | 26-Jul-2000 |
lukem | add support for -W; don't log to wtmp (orthogonal of -U which logs to utmp).
inspired by similar option in wuftpd.
|
| 1.58 | 26-Jul-2000 |
lukem | document /var/run/[uw]tmp, /var/run/ftpd.pids-CLASS
|
| 1.57 | 23-Jul-2000 |
lukem | * make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
|
| 1.56 | 17-Jul-2000 |
lukem | * add two new ftpd.conf(5) directives:
chroot specify dir to chroot to for GUEST and CHROOT users, to
override -a anondir or the user's homedir.
homedir specify dir to change to upon login; also used for ~ expansion
and $HOME for subprocesses)
both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
into dst.
* rename format_file() to display_file()
|
| 1.55 | 15-Jul-2000 |
lukem | * add -H, which acts like -h `hostname`. (requested by kim@)
* refer to draft-ietf-ftpext-mlst-11 instead of -10
|
| 1.54 | 20-Jun-2000 |
lukem | fix problems noted by <dogcow@redback.com> in [bin/10390] and private email:
* fix RATE{GET,PUT} under some situations when the client is slower than
the server (something i missed when migrating the rate limiting code
i wrote in ftp(1) to ftpd(8))
* document what units RATE{GET,PUT} use
|
| 1.53 | 19-Jun-2000 |
lukem | branches: 1.53.2;
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
|
| 1.52 | 14-Jun-2000 |
lukem | major overhaul (just before netbsd 1.5 :-):
* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
we already supported SIZE and MDTM. add the appropriate FEAT output lines.
* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c
* make dataconn(), feat(), lookup(), opts() and sizecmd() public
* modify struct tab so that it has a `flags' instead of `implemented' element,
and remove the `hasopts' element. If flags == 1, the command is implemented.
if flags == 2, the command is implemented and takes options
* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")
* modify lreply() so that lreply(-2, ...) just outputs the given info without
a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;
* enhance statcmd(). still needs work in the LPRT status stuff.
* crank version
|
| 1.51 | 16-May-2000 |
itojun | branches: 1.51.2;
move IPv6 considerations into BUGS section
|
| 1.50 | 13-Jan-2000 |
lukem | suppress verbose messages from CWD and post-login if the first
character of the anonymous password is `-'.
|
| 1.49 | 08-Jan-2000 |
lukem | features:
* add connection limits (`limit' keyword in ftpd.conf)
* move initialisation of curclass from parse_conf() to new function
init_curclass()
* implement count_users(), which determines the number of users in a given
class. a file - /var/run/ftpd.pids-<class> - is used to store a list
of pids in use (effectively an array of pid_t's), and its size is reduced
as necessary.
* new % modifiers in format_file:
%c class
%M maximum connection count
%N current connection count
* always end_login()s, even for refused connections
bugs fixed:
* remove \n from %T output
* fix some inconsistencies in the man pages
* ensure that both `ftp' *and* `anonymous' are allowed in ftpusers.
(this was accidently broken in a recent commit to be ``or'' not ``and'')
* use MAXPATHLEN not MAXPATHLEN+1
* crank copyright date on modified files
* crank version
|
| 1.48 | 19-Dec-1999 |
lukem | * add back support for `-h hostname'; it still may be useful to override
the name advertised to the client, even if ftpd can determine it from
the ip address that ftpd is bound to. requested by mrg.
* remove -4/-6; they were effectively no-ops since itojun's change in 1.75.
* crank version
|
| 1.47 | 18-Dec-1999 |
lukem | deprecate -h hostname in favour of automatic determination of local hostname.
this is a much cleaner solution for supporting multihomed virtual servers.
from Geoff C. Wing <gcw@pobox.com> in [bin/8137].
|
| 1.46 | 18-Dec-1999 |
lukem | * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit
The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
|
| 1.45 | 16-Dec-1999 |
lukem | install ftpusers(5) as ftpchroot(5). more cleanups
|
| 1.44 | 16-Dec-1999 |
lukem | * add support for `-h hostname', which defines the hostname to advertise
as (useful for virtual ftp servers in conjunction with inetd.conf(5)'s
ability to bind to a specific address).
if this option is used, add `hostname' to the syslog messages.
* improve documentation of command-line options
* don't allow class names of `all' or `none' in ftpusers
|
| 1.43 | 16-Dec-1999 |
lukem | separate ftpd.conf(5) and ftpusers(5) out from ftpd(8).
xxx: still needs a bit of work
|
| 1.42 | 12-Dec-1999 |
lukem | * change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
|
| 1.41 | 02-Aug-1999 |
hubertf | branches: 1.41.4;
Document setup of "ftp-only" non-anonymous accounts.
Suggested by Thilo Manske <Thilo.Manske@HEH.Uni-Oldenburg.DE>,
approved by Luke Mewburn <lukem@netbsd.org>
|
| 1.40 | 27-Jul-1999 |
itojun | handle IPv4 TCP control connection, toward AF_INET6 socket.
this happens when you have the following line in inetd.conf,
but not with tcp4 line:
>>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
|
| 1.39 | 11-Jul-1999 |
itojun | make LPRT on IPv4 work.
make LPSV on IPv6 work.
|
| 1.38 | 02-Jul-1999 |
itojun | typo fix: s/LPSV/LPRT/
|
| 1.37 | 02-Jul-1999 |
itojun | dual-stack ftpd. run this from inetd, like:
>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
|
| 1.36 | 17-May-1999 |
lukem | features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.
internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
|
| 1.35 | 22-Mar-1999 |
garbled | More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages. Many more to
come.
|
| 1.34 | 05-Feb-1999 |
lukem | * actually commit the changes which add support for recognising RFC 2228
commands (even if we don't do anything with them)
* in logcmd(), syslog why realpath() failed (if it did).
|
| 1.33 | 18-Nov-1998 |
hubertf | Fix typo, per PR 6457 by Geoff C. Wing <gcw@pobox.com>
|
| 1.32 | 17-Nov-1998 |
msaitoh | s/a a/a/
|
| 1.31 | 07-Sep-1998 |
lukem | new features:
* implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM.
OPTS only works on NOOP (as a test).
* extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry
can take an optional trailing `yes' or `no' which indicates if
chroot should be done (defaults to `yes').
based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769]
cleanups/bugs:
* reorder and reformat entries in yacc parser to match cmdtab[].
add a blank line between each rule.
* add short hasopts and char *options to struct tab, to support OPTS.
* deprecate upper(); use strcasecmp() instead of strcmp()
* remove unnecessary for (;;) { } in yylex();
* replace copy() and sgetsave() with xstrdup()
* fix a couple of `hasyyerrored = 1' that were accidently removed.
|
| 1.30 | 05-Sep-1998 |
lukem | * implement NOARGS state, for commands which don't take any arguments.
fixes long standing ftpd bug where two replies would be returned
to the client if a command was flagged as accepting `ARGS' but the
parser didn't know how to cope. obvious symptom of this would be
ftp client is always one error message `behind' the server.
* consistently refer to the RFC as `RFC 959' not `RFC959' or `RFC-959',
and replace refs to RFC 765 with RFC 959.
* change order of commands in cmdtab[] to: RFC 959, BSD extras, and obsolete.
* whitespace police, deprecate register, replace malloc/strcpy with strdup
|
| 1.29 | 13-Jul-1998 |
lukem | remove Extraneous .El call which caused formatting problem
|
| 1.28 | 30-Jun-1998 |
tv | Add the ability to disable passive connects in ftpd.conf (breaks RFC1123,
STD3, but needed in some firewall environments).
|
| 1.27 | 26-Jun-1998 |
msaitoh | add "-s" flag (like telnetd and login)
|
| 1.26 | 08-Jun-1998 |
lukem | Implement a new manual page category ``SECURITY CONSIDERATIONS''
(suggested by mycroft)
|
| 1.25 | 08-Jun-1998 |
lukem | support displaying the stderr output from a LIST or a conversion to
the user at the end of a transfer.
this generates a file in /tmp, so anonymous requires a
writable ~ftp/tmp, which you may not want to do (because it may
allow people to unwanted upload files).
XXX: a better method of storing the stderr output would be nice, but
is a lot more effort to implement. this feature can at least be
used temporarily whilst debugging why an ftp conversion doesn't
work.
|
| 1.24 | 29-Apr-1998 |
fair | fix bad .Xr references
|
| 1.23 | 28-Apr-1998 |
fair | Change occurrences of "UNIX" to .Ux or .At as appropriate.
|
| 1.22 | 13-Feb-1998 |
cjs | Disable RNFR command for guest users so that they can't rename (and thus
also overwrite!) files.
|
| 1.21 | 23-Jan-1998 |
mrg | expand on the checkportcmd option.
|
| 1.20 | 31-Dec-1997 |
lukem | clarify /etc/ftpwelcome is shown *before* login
|
| 1.19 | 11-Nov-1997 |
lukem | * change checkportcmd syntax to `checkportcmd class [off]' (as per `modify')
* display current setting of checkportcmd in STAT
* ensure that curclass.checkportcmd is initialised to 0
* document default setting of checkportcmd in ftpd(8)
* cleanup code a bit, putting code for "checkportcmd" in alphabetical order
|
| 1.18 | 11-Nov-1997 |
mrg | add a "checkportcmd <class>" option that stops ftp bounce attacks.
|
| 1.17 | 23-Sep-1997 |
lukem | branches: 1.17.2;
- add '-C user', which runs checkaccess(user) and exits with the result
(0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers).
from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods
- getopt returns -1 not EOF
- in lostcon(), call dologout(1) not dologout(-1);
|
| 1.16 | 23-Sep-1997 |
lukem | implement '-c confdir', which allows the specification of an alternate
directory to look for the various configuration files, overriding /etc.
From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
|
| 1.15 | 21-Sep-1997 |
cjs | Mention that if the user's shell is null, it's assumed to be /bin/sh.
(Pointed out by Jim Bernard <jbernard@tater.mines.edu>.)
|
| 1.14 | 14-Jun-1997 |
lukem | * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
|
| 1.13 | 23-May-1997 |
cjs | Allow setting the directory to which anonymous users chdir from
the command line. Document -u option. A couple of minor cleanups.
|
| 1.12 | 29-Apr-1997 |
cjs | /etc/ftpusers now matches globs against the username. mycroft suggested this.
|
| 1.11 | 27-Apr-1997 |
lukem | * fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups
|
| 1.10 | 06-Apr-1997 |
cjs | Change the syntax of /etc/ftpusers to have both allow and deny
information in the same file by following the username with `allow'
or `deny'. Also, the user `*' can be used to set the default for
users not listed in the file. This is entirely backward compatable
with old /etc/ftpusers files.
Also, do the /etc/ftpusers and the valid login shell checks after
the password is verified, rather than before, so as not to give away
whether or not a particular user ID is present on the system.
|
| 1.9 | 30-Mar-1997 |
cjs | Changes to make anonymous uploads more secure. For anonymous users:
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.
|
| 1.8 | 14-Jan-1996 |
thorpej | Correct the instructions regarding the password database in
~ftp/etc, from Rob Windsor <windsor@ksu.ksu.edu> in PR #544.
|
| 1.7 | 11-Apr-1995 |
cgd | clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
|
| 1.6 | 17-Feb-1995 |
jtc | Change mention of /etc/passwd to /etc/pwd.db, as reported by PR #556.
|
| 1.5 | 29-Jun-1994 |
deraadt | 4.4-lite, plus our local changes
|
| 1.4 | 24-May-1994 |
deraadt | add skey support
|
| 1.3 | 06-Apr-1994 |
cgd | Jarle.F.Greipsland@idt.unit.no's changes to allow for password-protected
chrooted ftp logins.
|
| 1.2 | 01-Aug-1993 |
mycroft | Add RCS indentifiers.
|
| 1.1 | 21-Mar-1993 |
cgd | branches: 1.1.1;
Initial revision
|
| 1.1.1.3 | 29-Mar-1997 |
cjs | 4.4BSD-lite2 import.
|
| 1.1.1.2 | 29-Mar-1997 |
cjs | Lite-1 Import.
|
| 1.1.1.1 | 21-Mar-1993 |
cgd | initial import of 386bsd-0.1 sources
|
| 1.17.2.5 | 14-Feb-1998 |
mellon | Fix RNFR exploit
|
| 1.17.2.4 | 29-Jan-1998 |
mellon | Pull up 1.20 (lukem) and 1.21 (mrg)
|
| 1.17.2.3 | 17-Nov-1997 |
mrg | pull up from trunk: fixes from lukem.
|
| 1.17.2.2 | 11-Nov-1997 |
mrg | pull up from trunk: cleanup and a fix to previous (from lukem).
|
| 1.17.2.1 | 11-Nov-1997 |
mrg | pull up from trunk: add a "checkportcmd <class>" option that stops ftp bounce attacks.
|
| 1.41.4.1 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.51.2.1 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.53.2.4 | 26-Aug-2004 |
jmc | Pullup rev 1.64-1.74 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.53.2.3 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.53.2.2 | 25-Jul-2000 |
lukem | user visible changes (besides checking the cvs log):
* make checkportcmd the default
* add -r; force permanent drop of root privs after login
* add -V vers; change version string to vers
* add -H; act as -h `hostname`
* permanently drop root privs if it makes sense to do so (e.g; logging in as
guest/chroot user on a port > 1024)
* fix reference to draft-ietf-ftpext-mlst-11
* add ftpd.conf directives: chroot, homedir
* fix base64_encode() and generation of the unique fact
* crank version to 20000723
|
| 1.53.2.1 | 22-Jun-2000 |
lukem | Pull up revision 1.54:
- fix RATE{GET,PUT} when the client is slower than the rate limit
- document units RATE{GET,PUT} use
Fixes PR#10390
|
| 1.69.2.1 | 31-Aug-2004 |
jmc | Pullup rev 1.70-1.74 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.78.4.1 | 23-Mar-2008 |
matt | sync with HEAD
|
| 1.79.4.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.80.2.1 | 24-Sep-2008 |
wrstuden | Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
|
| 1.82.6.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.85.38.1 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1900):
libexec/ftpd/ftpd.8: revision 1.87
libexec/ftpd/ftpd.c: revision 1.204
Add -f option to ftpd to stay in foreground with -D.
From nia in PR bin/53221.
|
| 1.86.4.1 | 02-May-2018 |
pgoyette | Synch with HEAD
|
| 1.211 | 27-Jun-2025 |
andvar | Grammar and spelling fixes, mainly in comments. A few in documentation,
logging, test description, and SCSI ASC/ASCQ assignment descriptions.
|
| 1.210 | 19-May-2025 |
andvar | spelling and grammar fixes in comments.
|
| 1.209 | 26-Mar-2025 |
christos | PR/59213: jlduran: Allow the nfail counter to be reset once a valid login occurs
|
| 1.208 | 30-Sep-2023 |
shm | branches: 1.208.2;
pam_set_item PAM_SOCKADDR expects sockaddr_storage structure
Instead, internal struct sockinet was used. Because it's length is shorter
than sockaddr_storage, libpam was copying also memory outside of sockinet
struct.
|
| 1.207 | 02-Sep-2023 |
lukem | ftpd: improve seteuid error handling
Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.
|
| 1.206 | 03-Jul-2021 |
christos | branches: 1.206.2;
Treat failed chdir/chroot for guest and chroot accounts as fatal.
Also treat failed set{e,}(u,g}id calls as fatal.
Addresses CVE-2020-7468, via FreeBSD.
|
| 1.205 | 15-Oct-2019 |
christos | bump sizes
|
| 1.204 | 28-Apr-2018 |
riastradh | branches: 1.204.2; 1.204.4;
Add -f option to ftpd to stay in foreground with -D.
From nia in PR bin/53221.
|
| 1.203 | 19-Jul-2016 |
shm | branches: 1.203.6; 1.203.12;
CID 603440: ensure that closing socket exists
|
| 1.202 | 10-Aug-2015 |
shm | branches: 1.202.2;
Fix directory stream leaks
|
| 1.201 | 25-Jan-2015 |
christos | blacklist hooks
|
| 1.200 | 31-Jul-2013 |
christos | branches: 1.200.4;
fstat returns -1 on error (Maxime Villard)
also while (1) -> for (;;)
|
| 1.199 | 03-Jul-2013 |
christos | remove unneeded initialization.
|
| 1.198 | 19-Jun-2012 |
dholland | branches: 1.198.2;
Pass WARNS=5
|
| 1.197 | 16-Sep-2011 |
plunky | branches: 1.197.2;
NULL does not need a cast, here
|
| 1.196 | 04-Sep-2011 |
lukem | Reduce priority of syslog message if getpeername returns ENOTCONN.
PR bin/18934 by Greg A. Woods (with supplied fix).
|
| 1.195 | 29-Aug-2011 |
joerg | Use __dead
|
| 1.194 | 13-Jul-2009 |
roy | Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.
|
| 1.193 | 15-Mar-2009 |
lukem | Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.
|
| 1.192 | 02-Mar-2009 |
lukem | Use LLF (et al) instead of "%lld" (et al).
|
| 1.191 | 08-Jan-2009 |
christos | branches: 1.191.2;
PR/40339: Ed Ravin: make ftpd log both the hostname and numeric address.
|
| 1.190 | 29-Dec-2008 |
christos | fix for 64 bit time_t and dev_t
|
| 1.189 | 28-Oct-2008 |
lukem | Constify.
Rework an expression to make it easier to conditionally compile.
|
| 1.188 | 16-Sep-2008 |
lukem | Enhance -C to support an optional @host ('-C user[@host]'):
checks whether user as connecting from host would be granted
access by ftpusers(5).
Support IPv6 in the host directive of ftpusers(5).
(May resolve PR 26555)
Both features from Rudolf Cejka <cejkar@fit.vutbr.cz>
(FreeBSD's tnftpd port maintainer).
|
| 1.187 | 13-Sep-2008 |
lukem | Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.org>
|
| 1.186 | 20-Jul-2008 |
lukem | Remove the \n and tabs from the __COPYRIGHT() strings.
|
| 1.185 | 09-Jun-2008 |
lukem | Don't use non-standard "u_<foo>" types.
Strip trailing whitespace (as well as ':'s) off PAM password prompts.
Improve some debug logging related to PAM.
|
| 1.184 | 28-Apr-2008 |
martin | branches: 1.184.2;
Remove clause 3 and 4 from TNF licenses
|
| 1.183 | 27-Mar-2008 |
lukem | branches: 1.183.2;
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
|
| 1.182 | 23-Jul-2007 |
lukem | branches: 1.182.10;
Rename cred_t to ftpd_cred_t; the former causes a nameclash on Solaris.
|
| 1.181 | 22-Jul-2007 |
lukem | Rename HAVE_SOCKADDR_SA_LEN to HAVE_STRUCT_SOCKADDR_SA_LEN.
Use defined(HAVE_foo) instead of just testing HAVE_foo.
|
| 1.180 | 10-Jun-2007 |
christos | PR/36468: Andreas Wrede: ftpd(8) always logs hostnames. Add -n option to display
addresses.
|
| 1.179 | 20-Jan-2007 |
christos | PR/35449: Shigeya Suzuki: ftpd does not register socket address into PAM +FIX
|
| 1.178 | 17-Dec-2006 |
christos | fix volatile and initialization issues, from Anon Ymous
|
| 1.177 | 26-Sep-2006 |
lukem | branches: 1.177.2; 1.177.6;
Fix -ULOGIN_CAP compile.
|
| 1.176 | 09-May-2006 |
mrg | change (mostly) int to socklen_t. GCC 4 doesn't like that int and
socklen_t are different signness.
|
| 1.175 | 17-Mar-2006 |
peter | Remove unreachable code (res could never be NULL here).
Fixes Coverity CID 712.
Ok by lukem@.
|
| 1.174 | 17-Mar-2006 |
peter | Set file to NULL after calling fclose().
Fixes Coverity CID 2669.
Ok by lukem@.
|
| 1.173 | 17-Mar-2006 |
peter | Make sure that "su" is initialized before dereferencing it.
Fixes Coverity CID 1075.
Ok by lukem@.
|
| 1.172 | 25-Feb-2006 |
wiz | Fix some typos.
|
| 1.171 | 01-Feb-2006 |
christos | debug -> ftpd_debug
xstrdup -> ftpd_strdup
|
| 1.170 | 24-Nov-2005 |
lukem | NLST should return 450 instead of 550 upon error, per RFC 959.
|
| 1.169 | 03-Oct-2005 |
lukem | logxfer(): don't use the same buffer to store the results of two separate
concurrent realpath(3)s, otherwise we'll log the wrong information
for a rename.
Noted by Dmitry Sivachenko in private mail.
|
| 1.168 | 24-Aug-2005 |
ginsbach | * Add recvbufsize configuration option
This allows for setting the passive socket's SO_RCVBUF. Option works
similarly to the current sendbufsize configuration option.
* Change how recveive_data() works
When reading data from the socket for passive transfers to the server,
receive_data() now works very similar to send_data_with_read(). Reads
from the network are now done using either the filesystem block size or
the configuration option readsize chunks.
* Crank version.h
[Changes discussed with lukem.]
|
| 1.167 | 04-Aug-2005 |
peter | Implement option "-D", for running ftpd in standalone mode (daemon).
ftpd will listen on the default FTP port for incoming connections and fork
a child for each connection. This is lower overhead than starting ftpd from
inetd(8) and thus might be useful on busy servers to reduce load.
Inspired by FreeBSD.
Reviewed by lukem@.
|
| 1.166 | 23-Jun-2005 |
christos | cleanup utmp and utmpx support.
- make them symmetric
- add a function to open the wtmp file explicitly very early in the game
|
| 1.165 | 10-Apr-2005 |
christos | s/getpwnam/sgetpwnam/ Found by John Nemeth.
|
| 1.164 | 20-Feb-2005 |
christos | branches: 1.164.2;
Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined,
then we don't fall back to other authentications even if PAM fails due
to a system error (e.g. configuration problem).
|
| 1.163 | 11-Dec-2004 |
christos | change _PATH_FOO to _NAME_FOO where FOO is not a path. I'll discuss with
luke what is the best way to fix this.
|
| 1.162 | 09-Dec-2004 |
ginsbach | Fix inverted test for expired passwords. Mea culpa.
|
| 1.161 | 19-Nov-2004 |
ginsbach | * Don't allow accounts with age expired passwords to login. Any account
that is required to change their password will not be allowed FTP
access. Inspired by similar functionality in other FTP daemons.
(approved by lukem)
* Crank version to 20041119 per lukem's request.
|
| 1.160 | 11-Nov-2004 |
christos | Don't write trash in ut_ss; either initialize it to 0, or put in the proper
information.
|
| 1.159 | 05-Nov-2004 |
dsl | Add (unsigned char) cast to ctype functions
|
| 1.158 | 09-Aug-2004 |
lukem | Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
|
| 1.157 | 10-Dec-2003 |
lukem | branches: 1.157.2;
Use sysconf(_SC_LOGIN_NAME_MAX) to determine the length of login
names, rather than assuming LOGIN_NAME_MAX.
Based on patch from Garrett Wollman via David O'Brien (both at FreeBSD.org)
|
| 1.156 | 07-Aug-2003 |
agc | Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
|
| 1.155 | 30-Jun-2003 |
tacha | Add ftpd_loginx() and ftpd_logwtmpx() and use them to hold wtmpx file
open while a session.
Close bin/21692 by bqt@Krille.Update.UU.SE.
|
| 1.154 | 26-Feb-2003 |
lukem | Add '-L xferlogfile', to write xferlog entries there rather than syslog them.
Based on work from Dmitry Sivachenko.
|
| 1.153 | 24-Feb-2003 |
erh | Fix uninitialized variable "notglob" in send_file_list() that was causing
transfers to fail due to an abort in free().
|
| 1.152 | 23-Feb-2003 |
lukem | rename local copies of login(), logout() and logwtmp() to
ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively.
(makes utmp support much easier in tnftpd).
per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who
forwarded patch from Michael Ranner <mranner@inode.at>.
|
| 1.151 | 19-Feb-2003 |
dsl | Stop ftpd changing inetd's 'logname'
Stop buffer overrun if {NGROUPS_MAX} is greater than the compile time
NGROUPS_MAX.
(approved by christos)
|
| 1.150 | 22-Jan-2003 |
lukem | Apply DoS fix as described by Crist J. Clark <crist.clark@attbi.com>
on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository
as libexec/ftpd/ftpd.c rev 1.133:
The FTP daemon was vulnerable to a DoS where an attacker could bind()
up port 20 for an extended period of time and thus lock out all other
users from establishing PORT data connections. Don't hold on to the
bind() while we loop around waiting to see if we can make our
connection.
Bump version to 20030122.
|
| 1.149 | 22-Jan-2003 |
lukem | Fixes from Dmitry Sivachenko <demon@freebsd.org>:
- always set "curname" to something appropriate (even when logging is
not in effect).
- fix usage for "PORT" command
|
| 1.148 | 06-Dec-2002 |
thorpej | Avoid conflict with reserved identifier "log".
|
| 1.147 | 29-Nov-2002 |
lukem | - convert to using libc's strsuftoll(3)
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
|
| 1.146 | 16-Nov-2002 |
itojun | audit use of strto* - beware of ERANGE, as well as typecast on result.
|
| 1.145 | 07-Oct-2002 |
lukem | Change arguments of login_utmp(line, name, host) (to be consistent
with logwtmp(3)/logwtmpx(3)), and call correctly.
Resolves [bin/18498] by Geoff Wing, who identified that the previous
version was being called incorrectly, albiet in a different manner.
|
| 1.144 | 13-Sep-2002 |
itojun | revert previous. wtmp{,x} entries need not be \0-terminated, so
strncpy is more proper.
|
| 1.143 | 12-Sep-2002 |
itojun | use strl*, not strn*.
|
| 1.142 | 12-Sep-2002 |
lukem | Use LOGIN_NAME_MAX instead of `10' for the size of the curname[] buffer.
Allows /etc/ftpchroot to work correctly for usernames > 9 characters.
Noted by Max Khon in the freebsd-stable mailing list, via Thomas Vogt in
private email.
|
| 1.141 | 20-Aug-2002 |
christos | Disable UTMPX support for now, because ftpd might chroot and we need
to keep files open.
|
| 1.140 | 20-Aug-2002 |
christos | utmpx support
|
| 1.139 | 30-May-2002 |
enami | Add optional mmap(2)/write(2) support for binary file transfer.
The default is read(2)/write(2). Note that the sosend_loan needs
some more work for better performance when a file isn't cached.
|
| 1.138 | 11-Feb-2002 |
lukem | branches: 1.138.2;
Don't log an xferlog-style entry if bytes == -1.
Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar
circumstances.
|
| 1.137 | 01-Feb-2002 |
lukem | fix previous, and ensure that closedataconn() is only called after dataconn()
and with a non-NULL file pointer. active transfers now work correctly again,
passive transfers work, and the data stream is only closed after a PASV or
EPSV if a successful connection was initiated with dataconn().
|
| 1.136 | 21-Jan-2002 |
lukem | in closedataconn(), only close the passive data fd if the main data
descriptor was set by dataconn(). this fixes a problem for clients (such
as lynx and netscape) that only sent PASV/EPSV after a transfer (RETR, LIST,
STOR) started and returned 150. certain command sequences could return 550
(etc) before setting up the dataconn(), and would run into this bug. netbsd's
ftp didn't hit this bug because it always sends PASV/EPSV before a new
transfer command.
|
| 1.135 | 12-Dec-2001 |
lukem | remove extraneous ": " from message
|
| 1.134 | 06-Dec-2001 |
lukem | Fix skey password challenge. Problem reported in [bin/14848] by John F. Woods.
|
| 1.133 | 04-Dec-2001 |
lukem | Add two new ftpd.conf(5) directives:
- 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER
command instead of the PASS command. whilst this might provide some
info leakage of accounts names if you have some `real' or `chroot'
users enabled and not others, it does prevent accidental entering of
such passwords if you have all such users denied. This option is
strongly recommended on anonymous-only servers.
Functionality requested by Rob Windsor in [bin/12602]
- 'private'; don't display class related information in the output of STAT.
For paranoid admins.
|
| 1.132 | 01-Dec-2001 |
lukem | - enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2
|
| 1.131 | 27-Nov-2001 |
lukem | - Don't try and use the motd if it's empty.
Problem reported in [bin/14751] by Kimmo Suominen
- Display conffilename() version of limitfile and motd in status output
|
| 1.130 | 24-Sep-2001 |
wiz | va_{start,end} audit:
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).
Improved by comments from enami and christos -- thanks!
Heimdal/krb4/KAME changes already fed back, rest to follow.
Inspired by, but not not based on, OpenBSD.
|
| 1.129 | 19-Sep-2001 |
lukem | a few changes from Mike Heffner <mheffner@vt.edu> in private email:
- totally clear a glob buffer before use, because FreeBSD depends on
some of the other fields being cleared (other than just gl_offs)
- in strend(), ensure that the source string isn't too large
- remove unnecessarily complicated sizing of proctitle, since snprintf()
will truncate it anyway
|
| 1.128 | 08-Jul-2001 |
lukem | Alan Barrett informs me that "advertise" (instead of "advertize") is
the norm even in American English.
|
| 1.127 | 26-Jun-2001 |
lukem | s/tise/tize/ in docco, add "advertize" as synonym for "advertise"
|
| 1.126 | 11-Jun-2001 |
wiz | Fix various misspellings of compatible/compatibility.
|
| 1.125 | 25-Apr-2001 |
lukem | crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
|
| 1.124 | 12-Apr-2001 |
lukem | minor knf post aidan's oob rototill
|
| 1.123 | 01-Apr-2001 |
aidan | As threatened, handle OOB commands from within ftpcmd.y.
This involved changing the yacc syntax to be line-oriented, rather than
having it run against the entire input at once, and adding a flag to
struct tab, to indicate if or not it's acceptable for a command to occur
OOB.
|
| 1.122 | 16-Mar-2001 |
christos | Use GLOB_LIMIT. Also fix a bug where gl_offs was not initialized and could
contain trash.
|
| 1.121 | 04-Feb-2001 |
christos | fix redundant declarations.
|
| 1.120 | 16-Jan-2001 |
cgd | comment or delete text after CPP directives.
|
| 1.119 | 10-Jan-2001 |
lukem | consistently use syslog priorities
|
| 1.118 | 18-Dec-2000 |
lukem | Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
advertised to the client for PASV transfers. this may be useful in
certain firewall/NAT environments.
Feature requested in [bin/9606] by Scott Presnell.
* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
`xferlog: '. An example line from syslog (wrapped):
Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c
These messages can be converted to a wu-ftpd style xferlog file
suitable for parsing with third-party tools with something like:
grep 'xferlog: ' /var/log/xferlog | \
sed -e 's/^.*xferlog: //' >wuxferlog
The format is the same as the wu-ftpd xferlog entries (with the leading
syslog stuff), but different from the wu-ftpd syslogged xferlog entries
because the latter is not as easy to convert into the standard xferlog
file format.
The choice to only syslog the xferlog messages rather than append to
a /var/log/xferlog file was made because the latter doesn't work to
well in the situation where the logfile is rotated and compressed and
a long-running ftpd still has a file-descriptor to the now nonexistant
xferlog file, and the log message will then get lost.
Feature requested in [bin/11651] by Hubert Feyrer.
Fixes:
* In ftpd(8), clarify the -a and -c options.
* More clarifications in ftpd.conf(5).
* Ensure that all ftpd.conf commands set a parameter back to sane defaults
if an argument of `none' or bad settings are given.
* Support the `chroot' directive for `REAL' users too (for consistency).
* For `GUEST' users, store the supplied password in pw->pw_passwd for use
later in the xferlog.
* If show_chdir_messages() is given a code of -1, flush the cache of
visited directories. Invoke show_chdir_messages(-1) in end_login().
* Only syslog session stats if logging is requested.
* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().
* Use cprintf() instead of fprintf() where appropriate.
* Minor KNF, and make a couple of functions static that were declared static.
|
| 1.117 | 30-Nov-2000 |
lukem | initialise confdir to _DEFAULT_CONFDIR again, so that -C works...
|
| 1.116 | 30-Nov-2000 |
lukem | - rename valid_passwd() -> checkpassword()
- move check for expired accounts from pass() into checkpassword()
|
| 1.115 | 30-Nov-2000 |
lukem | - move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
support if this is to be used on NetBSD.
|
| 1.114 | 28-Nov-2000 |
lukem | modify dolog() to take a struct sockinet * instead of struct sockaddr *
|
| 1.113 | 28-Nov-2000 |
lukem | - ensure all uses of AF_INET6 are wrapped in #ifdef INET6
- don't define `ALL' as a token twice in the grammar
|
| 1.112 | 24-Nov-2000 |
itojun | cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach
scope identifier).
always check error result from getnameinfo.
|
| 1.111 | 16-Nov-2000 |
lukem | - new ftpd.conf directives:
maxfilesize set the maximum size of uploaded files
sanenames if set, only permit uploaded filenames that contain
characters from the set "-+,._A-Za-z0-9" and that
don't start with `.'
- new/changed command line options:
-e emailaddr define email address for %E (see below)
-P dataport use dataport as the dataport (instead of ctrlport-1)
-q use pid files to count users [default]
-Q don't use pid files to count users
-u write entries to utmp
-U don't write entries to utmp [default]
-w write entries to wtmp [default]
-W don't write entries to wtmp
NOTE: -U used to mean `write utmp entries'. Its meaning has changed
so that it's orthogonal with -q/-Q and -w/-W. This isn't
considered a major problem, because using -U isn't going to
enable something you don't want, but will disable something
you did want (which is safer).
- new display file escape sequences:
%E email address
%s literal `s' if the previous %M or %N wasn't ``1''.
%S literal `S' if the previous %M or %N wasn't ``1''.
- expand the description of building ~ftp/incoming to cover the
appropriate ftpd.conf(5) directives (which are defaults, but it pays
to explicitly explain them)
- replace strsuftoi() with strsuftoll(), which returns a long long if
supported, otherwise a long
- rework the way that check_modify and check_upload are done in the yacc
parser; they're merged into a common check_write() function which is
called explicitly
- merge all ftpclass `flag variables' into a single bitfield-based flag element
- move various common bits of parse_conf() into a couple of macros
- clean up some comments
|
| 1.110 | 15-Nov-2000 |
itojun | we can assume presense of getaddrinfo.
use NI_MAXHOST for the hostname buffer used with getnameinfo.
|
| 1.109 | 15-Nov-2000 |
lukem | changes to improve portability:
* replace union sockunion {} with struct sockinet {}, and modify the code
accordingly. this is possibly more portable, as it doesn't rely upon
the structure alignment within the union for our own stuff. uses local
su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4)
(XXX: haven't tested the ipv6 stuff)
* always use getaddrinfo() and getnameinfo() instead of maintaining two code
paths. (lukemftpd will provide replacements for these on older systems)
* use lockf() instead of open(.., O_EXLOCK) to lock the pid file
* minor KNF
* clean up long long support: create helper #defines and use as appropriate:
#define NO_LONG_LONG ! NO_LONG_LONG
------- ------------ --------------
LLF "%ld" "%lld"
LLFP(x) "%" x "ld" "%" x "lld"
LLT long long long
ULLF "%lu" "%llu"
ULLFP(x) "%" x "lu" "%" x "llu"
ULLT unsigned long unsigned long long
STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
|
| 1.108 | 13-Nov-2000 |
itojun | correct result code on invalid port number against EPRT.
|
| 1.107 | 13-Nov-2000 |
itojun | plug memory leak
|
| 1.106 | 13-Nov-2000 |
itojun | - improve RFC2428 conformance.
return 522 on unknown protocol identifier on EPRT.
- clarify EPSV/EPRT/LPSV/LPRT behavior.
- repair memory leak and lack of boundary check on EPRT.
- make sure we do not resolve DNS on EPRT.
sync with kame.
|
| 1.105 | 28-Sep-2000 |
jdolecek | call setlogin() before dropping root privileges, so that process
would have correct p_login value
|
| 1.104 | 15-Sep-2000 |
christos | Make this compile again without -DINET6 and without get{addr,name}info(3)
This ftpd now compiles and runs on NetBSD/1.4.2 with:
CPPFLAGS+= \
'-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \
'-Dstrlcat=strncat' \
'-Dsl_add(a,b)=(sl_add(a,b),0)'
|
| 1.103 | 29-Jul-2000 |
martin | Fixed s/key compile bug.
|
| 1.102 | 26-Jul-2000 |
lukem | add support for -W; don't log to wtmp (orthogonal of -U which logs to utmp).
inspired by similar option in wuftpd.
|
| 1.101 | 23-Jul-2000 |
lukem | * make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
|
| 1.100 | 17-Jul-2000 |
lukem | * add two new ftpd.conf(5) directives:
chroot specify dir to chroot to for GUEST and CHROOT users, to
override -a anondir or the user's homedir.
homedir specify dir to change to upon login; also used for ~ expansion
and $HOME for subprocesses)
both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
into dst.
* rename format_file() to display_file()
|
| 1.99 | 15-Jul-2000 |
lukem | * add -H, which acts like -h `hostname`. (requested by kim@)
* refer to draft-ietf-ftpext-mlst-11 instead of -10
|
| 1.98 | 08-Jul-2000 |
sommerfeld | More format paranoia.
|
| 1.97 | 05-Jul-2000 |
itojun | setproctitle(), and for any other printf variants, it is not a good idea
to pass variable directly like foo(x). use foo("%s", x) to avoid misuse.
from: openbsd
|
| 1.96 | 20-Jun-2000 |
lukem | fix problems noted by <dogcow@redback.com> in [bin/10390] and private email:
* fix RATE{GET,PUT} under some situations when the client is slower than
the server (something i missed when migrating the rate limiting code
i wrote in ftp(1) to ftpd(8))
* document what units RATE{GET,PUT} use
|
| 1.95 | 19-Jun-2000 |
lukem | branches: 1.95.2;
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
|
| 1.94 | 14-Jun-2000 |
itojun | correct LPSV/LPRT display on STAT command.
(did not crank the version since the change is on the same day)
|
| 1.93 | 14-Jun-2000 |
lukem | major overhaul (just before netbsd 1.5 :-):
* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
we already supported SIZE and MDTM. add the appropriate FEAT output lines.
* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c
* make dataconn(), feat(), lookup(), opts() and sizecmd() public
* modify struct tab so that it has a `flags' instead of `implemented' element,
and remove the `hasopts' element. If flags == 1, the command is implemented.
if flags == 2, the command is implemented and takes options
* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")
* modify lreply() so that lreply(-2, ...) just outputs the given info without
a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;
* enhance statcmd(). still needs work in the LPRT status stuff.
* crank version
|
| 1.92 | 02-Jun-2000 |
explorer | make this compile with KERBEROS5 defined. Note: only one of KERBEROS or KERBEROS5 may be defined in this file...
|
| 1.91 | 02-Jun-2000 |
fredb | Make this build again with crypto-us, after recent changes to k{,5}login.c.
|
| 1.90 | 30-May-2000 |
itojun | add comment on IPv4 mapped address twist
|
| 1.89 | 20-May-2000 |
lukem | branches: 1.89.2;
- Always close(pdata) if it was a valid filedescriptor before setting it to -1.
Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>,
(part of which already had been solved by itojun a while ago), and provided
patch covered most of the fixes needed. (Thanks Takahiro!)
- Consistently indent goto labels by one space.
|
| 1.88 | 20-May-2000 |
lukem | convert to ANSI C as per style guide
|
| 1.87 | 05-Mar-2000 |
lukem | * don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
|
| 1.86 | 14-Feb-2000 |
aidan | Move include/kerberosIV/com_err.h to include/com_err.h
|
| 1.85 | 13-Jan-2000 |
lukem | suppress verbose messages from CWD and post-login if the first
character of the anonymous password is `-'.
|
| 1.84 | 12-Jan-2000 |
lukem | * add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
consistent.
|
| 1.83 | 08-Jan-2000 |
lukem | missing "." on reply
|
| 1.82 | 08-Jan-2000 |
lukem | features:
* add connection limits (`limit' keyword in ftpd.conf)
* move initialisation of curclass from parse_conf() to new function
init_curclass()
* implement count_users(), which determines the number of users in a given
class. a file - /var/run/ftpd.pids-<class> - is used to store a list
of pids in use (effectively an array of pid_t's), and its size is reduced
as necessary.
* new % modifiers in format_file:
%c class
%M maximum connection count
%N current connection count
* always end_login()s, even for refused connections
bugs fixed:
* remove \n from %T output
* fix some inconsistencies in the man pages
* ensure that both `ftp' *and* `anonymous' are allowed in ftpusers.
(this was accidently broken in a recent commit to be ``or'' not ``and'')
* use MAXPATHLEN not MAXPATHLEN+1
* crank copyright date on modified files
* crank version
|
| 1.81 | 21-Dec-1999 |
lukem | * add support for optional groupglob in ftpuser entry. the syntax is now:
userglob[:groupglob][@host] [directive [class]]
* append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
|
| 1.80 | 19-Dec-1999 |
lukem | * add back support for `-h hostname'; it still may be useful to override
the name advertised to the client, even if ftpd can determine it from
the ip address that ftpd is bound to. requested by mrg.
* remove -4/-6; they were effectively no-ops since itojun's change in 1.75.
* crank version
|
| 1.79 | 18-Dec-1999 |
lukem | deprecate -h hostname in favour of automatic determination of local hostname.
this is a much cleaner solution for supporting multihomed virtual servers.
from Geoff C. Wing <gcw@pobox.com> in [bin/8137].
|
| 1.78 | 18-Dec-1999 |
lukem | * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit
The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
|
| 1.77 | 16-Dec-1999 |
lukem | crank version
|
| 1.76 | 16-Dec-1999 |
lukem | * add support for `-h hostname', which defines the hostname to advertise
as (useful for virtual ftp servers in conjunction with inetd.conf(5)'s
ability to bind to a specific address).
if this option is used, add `hostname' to the syslog messages.
* improve documentation of command-line options
* don't allow class names of `all' or `none' in ftpusers
|
| 1.75 | 13-Dec-1999 |
itojun | do not perform setsockopt(IP_TOS) on mapped connections (IPv4 connection
toward AF_INET6 socket).
|
| 1.74 | 13-Dec-1999 |
itojun | avoid use of s6_addr32, as it is non-standard.
(sync with KAME)
|
| 1.73 | 12-Dec-1999 |
lukem | * change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
|
| 1.72 | 09-Dec-1999 |
itojun | close pdata when it is kept opened till call to {,long_}passive().
|
| 1.71 | 07-Dec-1999 |
lukem | * change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
(to take advantage of the above changes). fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
|
| 1.70 | 30-Sep-1999 |
tron | Avoid segmention fault if there is an empty line in "/etc/ftpusers".
Problem noted by Emmanuel Dreyfus in PR bin/8504.
|
| 1.69 | 25-Aug-1999 |
christos | branches: 1.69.2;
Make this compile with krb5.
|
| 1.68 | 27-Jul-1999 |
itojun | handle IPv4 TCP control connection, toward AF_INET6 socket.
this happens when you have the following line in inetd.conf,
but not with tcp4 line:
>>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
|
| 1.67 | 02-Jul-1999 |
itojun | dual-stack ftpd. run this from inetd, like:
>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
|
| 1.66 | 05-Jun-1999 |
briggs | Set keepalives on the sockets to force logouts on connections that have
disappeared.
|
| 1.65 | 24-May-1999 |
ross | * Cast %q[ud] arguments to fix ILP32/LP64 off_t variation.
* Fix bug in 213 reply: correct ordering of format string args.
|
| 1.64 | 19-May-1999 |
thorpej | Cast away a const for now; const poisoning kerberos #0.
|
| 1.63 | 18-May-1999 |
lukem | * fix a problem in retrieve() where arguments to commands weren't working
(this was broken in the last commit). problem noticed by simonb@
* don't display the stderr output of the internal ls.
* modify usage of lreply so that generally only one `XXX-' code per
`block' is displayed; the rest of the lines have four spaces instead.
i find this easier to read.
* fix a couple places where byte accounting wasn't correct
|
| 1.62 | 17-May-1999 |
lukem | features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.
internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
|
| 1.61 | 28-Dec-1998 |
lukem | branches: 1.61.2;
* replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.
|
| 1.60 | 07-Sep-1998 |
lukem | bump version from 7.03 to 7.1.0 (new commands available)
|
| 1.59 | 07-Sep-1998 |
lukem | remove nack() - missed in previous work
|
| 1.58 | 07-Sep-1998 |
lukem | new features:
* implement FEAT and OPTS from RFC2389. FEAT returns SIZE and MDTM.
OPTS only works on NOOP (as a test).
* extend format of /etc/ftpchroot similar to /etc/ftpusers; each entry
can take an optional trailing `yes' or `no' which indicates if
chroot should be done (defaults to `yes').
based on patches from Ty Sarna <tsarna@endicor.com> in [bin/4769]
cleanups/bugs:
* reorder and reformat entries in yacc parser to match cmdtab[].
add a blank line between each rule.
* add short hasopts and char *options to struct tab, to support OPTS.
* deprecate upper(); use strcasecmp() instead of strcmp()
* remove unnecessary for (;;) { } in yylex();
* replace copy() and sgetsave() with xstrdup()
* fix a couple of `hasyyerrored = 1' that were accidently removed.
|
| 1.57 | 06-Sep-1998 |
lukem | * complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
otherwise an invalid command after login incorrectly sets the timeout
to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
(instead of `BSD-199506')
* move all extern-ed vars into extern.h
|
| 1.56 | 05-Sep-1998 |
lukem | replace malloc/strcpy with strdup
|
| 1.55 | 27-Jul-1998 |
mycroft | const poisoning.
|
| 1.54 | 27-Jul-1998 |
mycroft | const poisoning.
|
| 1.53 | 26-Jul-1998 |
mycroft | const poisoning.
|
| 1.52 | 06-Jul-1998 |
mrg | - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
|
| 1.51 | 26-Jun-1998 |
msaitoh | add "-s" flag (SecureID).
|
| 1.50 | 19-Jun-1998 |
kleink | GLOB_QUOTE is dead; per POSIX, backslash quoting of special characters being
enabled is the default behaviour.
|
| 1.49 | 08-Jun-1998 |
lukem | support displaying the stderr output from a LIST or a conversion to
the user at the end of a transfer.
this generates a file in /tmp, so anonymous requires a
writable ~ftp/tmp, which you may not want to do (because it may
allow people to unwanted upload files).
XXX: a better method of storing the stderr output would be nice, but
is a lot more effort to implement. this feature can at least be
used temporarily whilst debugging why an ftp conversion doesn't
work.
|
| 1.48 | 03-Jun-1998 |
mouse | Show/log the strerror(errno) string when getcwd fails
|
| 1.47 | 03-Jun-1998 |
hubertf | Fix some problems with failed getcwd commands, reported in PR bin/5531
by Saitoh Masanobu <msaitoh@spa.is.uec.ac.jp>.
|
| 1.46 | 23-Feb-1998 |
cjs | Send back an error message rather than dumping core when an invalid
username is entered. The latter, while effective, does not appear to
me to be an appropriate response.
|
| 1.45 | 01-Feb-1998 |
christos | - #endif foo -> #endif /* foo */
- #if __STDC__ -> #ifdef __STDC__
- Don't allow expired accounts to login.
|
| 1.44 | 28-Dec-1997 |
lukem | set $HOME to "/" for guest or chroot users, pw->pw_dir otherwise.
fixes expansion of `~/...' pathnames.
|
| 1.43 | 28-Nov-1997 |
lukem | use 300 seconds (as per login(1)) for initial timeout, rather than 900 secs
|
| 1.42 | 28-Nov-1997 |
lukem | * initialise curclass.timeout to 900 in main(), so that operations that
want to timeout using this value that are executed before the conf file
is parsed will work. fixes ``stale ftpd stuck in connection phase''
* in PASV mode, wrap accept() in an alarm timeout. fixes ``stale ftpd because
of client disappearing in pasv mode (usually browsers)''
* main() doesn't need envp argument
|
| 1.41 | 11-Nov-1997 |
lukem | * change checkportcmd syntax to `checkportcmd class [off]' (as per `modify')
* display current setting of checkportcmd in STAT
* ensure that curclass.checkportcmd is initialised to 0
* document default setting of checkportcmd in ftpd(8)
* cleanup code a bit, putting code for "checkportcmd" in alphabetical order
|
| 1.40 | 11-Nov-1997 |
mrg | increment version.
|
| 1.39 | 19-Oct-1997 |
mycroft | branches: 1.39.2;
Use remove(3) rather than stat(2)ing the file, yadda yadda.
Simpler, and DTRT for symlinks.
|
| 1.38 | 12-Oct-1997 |
mycroft | Add some krb5 hooks, though it probably doesn't work yet.
|
| 1.37 | 12-Oct-1997 |
mycroft | Actually, do Kerberos first, since we want to get a TGT if possible.
Also, clean up some minor cruft.
|
| 1.36 | 12-Oct-1997 |
mycroft | Format police.
Also, try s/key before Kerberos.
|
| 1.35 | 23-Sep-1997 |
lukem | - add '-C user', which runs checkaccess(user) and exits with the result
(0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers).
from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods
- getopt returns -1 not EOF
- in lostcon(), call dologout(1) not dologout(-1);
|
| 1.34 | 23-Sep-1997 |
lukem | implement '-c confdir', which allows the specification of an alternate
directory to look for the various configuration files, overriding /etc.
From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
|
| 1.33 | 18-Sep-1997 |
lukem | - ensure 257 reply codes from PWD and MKD are RFC959 compliant:
257 "dirname" some message
(any "s in dirname should be doubled, per the RFC)
- don't put an extra / in the output of NLST if the last char in the
directory is a /
- bump the version to 7.01 because of these fixes
|
| 1.32 | 26-Aug-1997 |
lukem | fix grammo
|
| 1.31 | 25-Aug-1997 |
kleink | Lseek(2) usage cleanup: the use of L_SET/L_INCR/L_XTND is deprecated,
use SEEK_SET/SEEK_CUR/SEEK_END instead.
|
| 1.30 | 14-Aug-1997 |
lukem | * don't depend upon buffer returned by fgetln() to remain. fix mainly
from Tatoku Ogaito <tacha@tera.fukui-med.ac.jp> in [bin/3967]
* fgetln() doesn't \0 terminate its string. look for the \n and replace
it with \0 (if no \n, ignore the line - it's most likely corrupt)
* more intensive checks on strdup() returns (not a current mem leak,
but depended upon code elsewhere to cleanup - not good)
* cleanup some syslog error messages
|
| 1.29 | 21-Jul-1997 |
mrg | be safe with some buffers.
|
| 1.28 | 22-Jun-1997 |
christos | missed some warnings.
|
| 1.27 | 21-Jun-1997 |
cjs | %qd wants long long. Thus, if you're going to turn on warnings for
printf format strings, you've got to make sure you cast quantities
passed to %qd to long long because on 64-bit machines they're often
just long, which is not the same, even when it's the same size.
|
| 1.26 | 21-Jun-1997 |
mellon | Need prototype for klogin() - probably ought to go in a header file, but klogin probably ought to go in a library first
|
| 1.25 | 18-Jun-1997 |
christos | - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
|
| 1.24 | 14-Jun-1997 |
lukem | * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
|
| 1.23 | 29-May-1997 |
lukem | * don't log failed usernames to ftp.notice; use authpriv.notice instead.
closes [bin/1571]
* don't quit if "PASV" is received without the user being logged in.
closes [bin/2401], albiet with a modified test.
|
| 1.22 | 23-May-1997 |
cjs | Allow setting the directory to which anonymous users chdir from
the command line. Document -u option. A couple of minor cleanups.
|
| 1.21 | 29-Apr-1997 |
cjs | /etc/ftpusers now matches globs against the username. mycroft suggested this.
|
| 1.20 | 27-Apr-1997 |
lukem | * fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups
|
| 1.19 | 06-Apr-1997 |
cjs | Change the syntax of /etc/ftpusers to have both allow and deny
information in the same file by following the username with `allow'
or `deny'. Also, the user `*' can be used to set the default for
users not listed in the file. This is entirely backward compatable
with old /etc/ftpusers files.
Also, do the /etc/ftpusers and the valid login shell checks after
the password is verified, rather than before, so as not to give away
whether or not a particular user ID is present on the system.
|
| 1.18 | 30-Mar-1997 |
cjs | Changes to make anonymous uploads more secure. For anonymous users:
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.
|
| 1.17 | 28-Mar-1997 |
cjs | 4.4lite2 update. (The one minor bugfix between 4.4lite and 4.4lite2
was already in our sources, thus just the sccsid line is changed.)
|
| 1.16 | 23-Jan-1997 |
mrg | set transflag to 0 in dologout, to prevent a SIGURG taking us back to the main loop.
|
| 1.15 | 03-Jun-1995 |
mycroft | branches: 1.15.6;
Fill in sin_len.
|
| 1.14 | 11-Apr-1995 |
cgd | typo.
|
| 1.13 | 11-Apr-1995 |
cgd | clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
|
| 1.12 | 22-Mar-1995 |
mycroft | Use IPTOS_THROUGHPUT for passive mode data connection.
|
| 1.11 | 08-Mar-1995 |
brezak | Fill in ttyname for cred file uniquifier under KERBEROS (From Michael Graff)
|
| 1.10 | 23-Dec-1994 |
cgd | be a bit more careful with types, casts, and and function declarations.
|
| 1.9 | 20-Sep-1994 |
jtc | Fix PR #491, what could have been a big security hole
|
| 1.8 | 29-Jun-1994 |
deraadt | branches: 1.8.2;
4.4-lite, plus our local changes
|
| 1.7 | 24-May-1994 |
deraadt | add skey support
|
| 1.6 | 14-Apr-1994 |
cgd | use setproctitle
|
| 1.5 | 06-Apr-1994 |
cgd | Jarle.F.Greipsland@idt.unit.no's changes to allow for password-protected
chrooted ftp logins.
|
| 1.4 | 30-Mar-1994 |
cgd | some changes to make Kerberos a bit easier to use. from
Michael Graff <explorer@vorpal.com>, with some work by myself...
|
| 1.3 | 01-Aug-1993 |
mycroft | Add RCS identifiers.
|
| 1.2 | 26-Apr-1993 |
cgd | changed to use new libcrypt scheme.
|
| 1.1 | 21-Mar-1993 |
cgd | branches: 1.1.1;
Initial revision
|
| 1.1.1.3 | 29-Mar-1997 |
cjs | 4.4BSD-lite2 import.
|
| 1.1.1.2 | 29-Mar-1997 |
cjs | Lite-1 Import.
|
| 1.1.1.1 | 21-Mar-1993 |
cgd | initial import of 386bsd-0.1 sources
|
| 1.8.2.1 | 25-Sep-1994 |
cgd | from trunk, per mycroft
|
| 1.15.6.1 | 23-Jan-1997 |
mrg | from trunk: set transflag to 0 in dologout, to prevent a SIGURG taking us back to the main loop.
|
| 1.39.2.4 | 29-Jan-1998 |
mellon | Pull up 1.44 (lukem)
|
| 1.39.2.3 | 01-Dec-1997 |
mellon | Pull rev 1.42 and 1.43 up from trunk (lukem) (reviewed by mellon)
|
| 1.39.2.2 | 17-Nov-1997 |
mrg | pull up from trunk: fixes from lukem.
|
| 1.39.2.1 | 11-Nov-1997 |
mrg | pull up from trunk: increment version.
|
| 1.61.2.5 | 01-Apr-2001 |
he | Pull up revision 1.122 (requested by christos):
Fixes buffer overflow problems in glob(3). Adds and uses GLOB_LIMIT
to prevent denial of service attacks.
|
| 1.61.2.4 | 14-Dec-2000 |
he | Apply patch (requested by bouyer):
Fix a one-byte buffer overrun.
Bump version to 7.1.0a.
|
| 1.61.2.3 | 08-Jul-2000 |
he | Pull up revision 1.97 (requested by itojun):
Do not use user-supplied data as format string to setproctitle().
|
| 1.61.2.2 | 11-May-2000 |
he | Apply patch (requested by sommerfeld):
Back out unnecessary half of revision 1.70 which breaks parsing
of /etc/ftpchroot.
|
| 1.61.2.1 | 01-Oct-1999 |
he | Pull up revision 1.70 (requested by tron):
Avoid segmentation fault if there is an empty line in /etc/ftpusers,
fixing PR#8504.
|
| 1.69.2.1 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.89.2.1 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.95.2.6 | 26-Aug-2004 |
jmc | Pullup rev 1.123-1.158 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.95.2.5 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.95.2.4 | 28-Sep-2000 |
jdolecek | pullup rev. 1.105 from trunk (approved by thorpej):
call setlogin() before dropping root privileges, so that process
would have correct p_login value
|
| 1.95.2.3 | 25-Jul-2000 |
lukem | user visible changes (besides checking the cvs log):
* make checkportcmd the default
* add -r; force permanent drop of root privs after login
* add -V vers; change version string to vers
* add -H; act as -h `hostname`
* permanently drop root privs if it makes sense to do so (e.g; logging in as
guest/chroot user on a port > 1024)
* fix reference to draft-ietf-ftpext-mlst-11
* add ftpd.conf directives: chroot, homedir
* fix base64_encode() and generation of the unique fact
* crank version to 20000723
|
| 1.95.2.2 | 07-Jul-2000 |
itojun | pullup, approved by releng-1-5
udit setproctitle() - don't use variable alone, use with "%s".
from openbsd
usr.sbin/faithd/faithd.c 1.12 -> 1.13
libexec/ftpd/ftpd.c 1.96 -> 1.97
usr.sbin/rpc.lockd/lockd_lock.c 1.2 -> 1.3
|
| 1.95.2.1 | 22-Jun-2000 |
lukem | Pull up revision 1.96:
- fix RATE{GET,PUT} when the client is slower than the rate limit
- document units RATE{GET,PUT} use
Fixes PR#10390
|
| 1.138.2.3 | 31-Aug-2004 |
jmc | Pullup rev 1.139-1.158 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.138.2.2 | 23-Jul-2004 |
tron | Apply patch (requested by dbj in ticket 1724):
Fix problems when building the netbsd-1-6 branch with GCC 3.3.3.
|
| 1.138.2.1 | 30-Sep-2002 |
lukem | Pull up revision 1.142 (requested by lukem in ticket #843):
Use LOGIN_NAME_MAX instead of `10' for the size of the curname[] buffer.
Allows /etc/ftpchroot to work correctly for usernames > 9 characters.
Noted by Max Khon in the freebsd-stable mailing list, via Thomas Vogt in
private email.
|
| 1.157.2.1 | 12-Aug-2004 |
jmc | Pullup rev 1.158 (requested by lukem in ticket #757)
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue.
|
| 1.164.2.8 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.164.2.7 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1963):
libexec/ftpd/ftpd.c: revision 1.179
PR/35449: Shigeya Suzuki: ftpd does not register socket address into PAM +FIX
|
| 1.164.2.6 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1962):
libexec/ftpd/ftpd.c: revision 1.175
Remove unreachable code (res could never be NULL here).
Fixes Coverity CID 712.
Ok by lukem@.
|
| 1.164.2.5 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1961):
libexec/ftpd/ftpd.c: revision 1.174
Set file to NULL after calling fclose().
Fixes Coverity CID 2669.
Ok by lukem@.
|
| 1.164.2.4 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1960):
libexec/ftpd/ftpd.c: revision 1.173
Make sure that "su" is initialized before dereferencing it.
Fixes Coverity CID 1075.
Ok by lukem@.
|
| 1.164.2.3 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1959):
libexec/ftpd/ftpd.c: revision 1.170
NLST should return 450 instead of 550 upon error, per RFC 959.
|
| 1.164.2.2 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1958):
libexec/ftpd/ftpd.c: revision 1.169
logxfer(): don't use the same buffer to store the results of two separate
concurrent realpath(3)s, otherwise we'll log the wrong information
for a rename.
Noted by Dmitry Sivachenko in private mail.
|
| 1.164.2.1 | 05-Jul-2005 |
tron | branches: 1.164.2.1.2; 1.164.2.1.4;
Pull up revision 1.165 (requested by lukem in ticket #538):
s/getpwnam/sgetpwnam/ Found by John Nemeth.
|
| 1.164.2.1.4.7 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.164.2.1.4.6 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1963):
libexec/ftpd/ftpd.c: revision 1.179
PR/35449: Shigeya Suzuki: ftpd does not register socket address into PAM +FIX
|
| 1.164.2.1.4.5 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1962):
libexec/ftpd/ftpd.c: revision 1.175
Remove unreachable code (res could never be NULL here).
Fixes Coverity CID 712.
Ok by lukem@.
|
| 1.164.2.1.4.4 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1961):
libexec/ftpd/ftpd.c: revision 1.174
Set file to NULL after calling fclose().
Fixes Coverity CID 2669.
Ok by lukem@.
|
| 1.164.2.1.4.3 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1960):
libexec/ftpd/ftpd.c: revision 1.173
Make sure that "su" is initialized before dereferencing it.
Fixes Coverity CID 1075.
Ok by lukem@.
|
| 1.164.2.1.4.2 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1959):
libexec/ftpd/ftpd.c: revision 1.170
NLST should return 450 instead of 550 upon error, per RFC 959.
|
| 1.164.2.1.4.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1958):
libexec/ftpd/ftpd.c: revision 1.169
logxfer(): don't use the same buffer to store the results of two separate
concurrent realpath(3)s, otherwise we'll log the wrong information
for a rename.
Noted by Dmitry Sivachenko in private mail.
|
| 1.164.2.1.2.7 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.164.2.1.2.6 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1963):
libexec/ftpd/ftpd.c: revision 1.179
PR/35449: Shigeya Suzuki: ftpd does not register socket address into PAM +FIX
|
| 1.164.2.1.2.5 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1962):
libexec/ftpd/ftpd.c: revision 1.175
Remove unreachable code (res could never be NULL here).
Fixes Coverity CID 712.
Ok by lukem@.
|
| 1.164.2.1.2.4 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1961):
libexec/ftpd/ftpd.c: revision 1.174
Set file to NULL after calling fclose().
Fixes Coverity CID 2669.
Ok by lukem@.
|
| 1.164.2.1.2.3 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1960):
libexec/ftpd/ftpd.c: revision 1.173
Make sure that "su" is initialized before dereferencing it.
Fixes Coverity CID 1075.
Ok by lukem@.
|
| 1.164.2.1.2.2 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1959):
libexec/ftpd/ftpd.c: revision 1.170
NLST should return 450 instead of 550 upon error, per RFC 959.
|
| 1.164.2.1.2.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1958):
libexec/ftpd/ftpd.c: revision 1.169
logxfer(): don't use the same buffer to store the results of two separate
concurrent realpath(3)s, otherwise we'll log the wrong information
for a rename.
Noted by Dmitry Sivachenko in private mail.
|
| 1.177.6.4 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1202):
libexec/ftpd/ftpd.c: revision 1.187
libexec/ftpd/extern.h: revision 1.58
libexec/ftpd/version.h: patch
libexec/ftpd/ftpcmd.y: revision 1.88
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.177.6.3 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1201):
libexec/ftpd/ftpd.c: revision 1.183
libexec/ftpd/Makefile: revision 1.58
libexec/ftpd/version.h: revision 1.66
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
|
| 1.177.6.2 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1200):
libexec/ftpd/ftpd.c: revision 1.182
Rename cred_t to ftpd_cred_t; the former causes a nameclash on Solaris.
|
| 1.177.6.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1199):
libexec/ftpd/ftpd.c: revision 1.179
PR/35449: Shigeya Suzuki: ftpd does not register socket address into PAM +FIX
|
| 1.177.2.4 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1202):
libexec/ftpd/ftpd.c: revision 1.187
libexec/ftpd/extern.h: revision 1.58
libexec/ftpd/version.h: patch
libexec/ftpd/ftpcmd.y: revision 1.88
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.177.2.3 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1201):
libexec/ftpd/ftpd.c: revision 1.183
libexec/ftpd/Makefile: revision 1.58
libexec/ftpd/version.h: revision 1.66
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
|
| 1.177.2.2 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1200):
libexec/ftpd/ftpd.c: revision 1.182
Rename cred_t to ftpd_cred_t; the former causes a nameclash on Solaris.
|
| 1.177.2.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1199):
libexec/ftpd/ftpd.c: revision 1.179
PR/35449: Shigeya Suzuki: ftpd does not register socket address into PAM +FIX
|
| 1.182.10.2 | 23-Jul-2007 |
lukem | Rename cred_t to ftpd_cred_t; the former causes a nameclash on Solaris.
|
| 1.182.10.1 | 23-Jul-2007 |
lukem | file ftpd.c was added on branch matt-mips64 on 2007-07-23 10:41:06 +0000
|
| 1.183.2.2 | 17-Jun-2008 |
yamt | sync with head.
|
| 1.183.2.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.184.2.3 | 24-Sep-2008 |
wrstuden | Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
|
| 1.184.2.2 | 18-Sep-2008 |
wrstuden | Sync with wrstuden-revivesa-base-2.
|
| 1.184.2.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.191.2.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.197.2.2 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.197.2.1 | 30-Oct-2012 |
yamt | sync with head
|
| 1.198.2.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.200.4.1 | 30-Apr-2015 |
riz | Pull up blacklistd(8), requested by christos in ticket #711:
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2
crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3
crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1
crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1
crypto/external/bsd/openssh/dist/blf.h up to 1.1
crypto/external/bsd/openssh/dist/blocks.c up to 1.3
crypto/external/bsd/openssh/dist/blowfish.c up to 1.2
crypto/external/bsd/openssh/dist/chacha.c up to 1.3
crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3
crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ge25519.c up to 1.3
crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1
crypto/external/bsd/openssh/dist/hash.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3
crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/sc25519.c up to 1.3
crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4
crypto/external/bsd/openssh/dist/ssherr.c up to 1.3
crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshkey.c up to 1.3
crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/verify.c up to 1.3
crypto/external/bsd/openssh/dist/opacket.c up to 1.2
crypto/external/bsd/openssh/dist/umac128.c up to 1.1
crypto/external/bsd/openssh/dist/pfilter.c up to 1.2
crypto/external/bsd/openssh/dist/pfilter.h up to 1.1
crypto/external/bsd/openssh/dist/bitmap.h up to 1.2
crypto/external/bsd/openssh/dist/opacket.h up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2
crypto/external/bsd/openssh/dist/auth2-jpake.c delete
crypto/external/bsd/openssh/dist/compress.c delete
crypto/external/bsd/openssh/dist/compress.h delete
crypto/external/bsd/openssh/dist/jpake.c delete
crypto/external/bsd/openssh/dist/jpake.h delete
crypto/external/bsd/openssh/dist/schnorr.c delete
crypto/external/bsd/openssh/dist/schnorr.h delete
crypto/external/bsd/openssh/dist/strtonum.c 1.1
crypto/external/bsd/openssh/Makefile.inc up to 1.8
crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2
crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12
crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5
crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2
crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8
crypto/external/bsd/openssh/dist/atomicio.c up to 1.6
crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4
crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6
crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7
crypto/external/bsd/openssh/dist/auth-options.c up to 1.9
crypto/external/bsd/openssh/dist/auth-options.h up to 1.6
crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4
crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6
crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5
crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10
crypto/external/bsd/openssh/dist/auth.c up to 1.12
crypto/external/bsd/openssh/dist/auth.h up to 1.10
crypto/external/bsd/openssh/dist/auth1.c up to 1.11
crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4
crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11
crypto/external/bsd/openssh/dist/auth2.c up to 1.11
crypto/external/bsd/openssh/dist/authfd.c up to 1.8
crypto/external/bsd/openssh/dist/authfd.h up to 1.5
crypto/external/bsd/openssh/dist/authfile.c up to 1.10
crypto/external/bsd/openssh/dist/authfile.h up to 1.6
crypto/external/bsd/openssh/dist/bufaux.c up to 1.7
crypto/external/bsd/openssh/dist/bufbn.c up to 1.5
crypto/external/bsd/openssh/dist/bufec.c up to 1.5
crypto/external/bsd/openssh/dist/buffer.c up to 1.6
crypto/external/bsd/openssh/dist/buffer.h up to 1.7
crypto/external/bsd/openssh/dist/canohost.c up to 1.8
crypto/external/bsd/openssh/dist/channels.c up to 1.13
crypto/external/bsd/openssh/dist/channels.h up to 1.10
crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6
crypto/external/bsd/openssh/dist/cipher.c up to 1.7
crypto/external/bsd/openssh/dist/cipher.h up to 1.7
crypto/external/bsd/openssh/dist/clientloop.c up to 1.13
crypto/external/bsd/openssh/dist/compat.c up to 1.9
crypto/external/bsd/openssh/dist/compat.h up to 1.6
crypto/external/bsd/openssh/dist/deattack.c up to 1.4
crypto/external/bsd/openssh/dist/deattack.h up to 1.4
crypto/external/bsd/openssh/dist/dh.c up to 1.8
crypto/external/bsd/openssh/dist/dh.h up to 1.4
crypto/external/bsd/openssh/dist/dispatch.c up to 1.5
crypto/external/bsd/openssh/dist/dispatch.h up to 1.4
crypto/external/bsd/openssh/dist/dns.c up to 1.11
crypto/external/bsd/openssh/dist/dns.h up to 1.6
crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5
crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7
crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8
crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.h up to 1.7
crypto/external/bsd/openssh/dist/includes.h up to 1.4
crypto/external/bsd/openssh/dist/kex.c up to 1.10
crypto/external/bsd/openssh/dist/kex.h up to 1.9
crypto/external/bsd/openssh/dist/kexdh.c up to 1.4
crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6
crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8
crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5
crypto/external/bsd/openssh/dist/kexgex.c up to 1.4
crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6
crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8
crypto/external/bsd/openssh/dist/key.c up to 1.16
crypto/external/bsd/openssh/dist/key.h up to 1.9
crypto/external/bsd/openssh/dist/krl.c up to 1.5
crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/mac.c up to 1.11
crypto/external/bsd/openssh/dist/mac.h up to 1.5
crypto/external/bsd/openssh/dist/match.c up to 1.5
crypto/external/bsd/openssh/dist/misc.c up to 1.10
crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch
crypto/external/bsd/openssh/dist/moduli.c up to 1.8
crypto/external/bsd/openssh/dist/monitor.c up to 1.14
crypto/external/bsd/openssh/dist/monitor.h up to 1.7
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5
crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6
crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8
crypto/external/bsd/openssh/dist/msg.c up to 1.4
crypto/external/bsd/openssh/dist/msg.h up to 1.4
crypto/external/bsd/openssh/dist/mux.c up to 1.11
crypto/external/bsd/openssh/dist/myproposal.h up to 1.10
crypto/external/bsd/openssh/dist/namespace.h up to 1.5
crypto/external/bsd/openssh/dist/packet.c up to 1.18
crypto/external/bsd/openssh/dist/packet.h up to 1.11
crypto/external/bsd/openssh/dist/pathnames.h up to 1.9
crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7
crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4
crypto/external/bsd/openssh/dist/reallocarray.c new
crypto/external/bsd/openssh/dist/readconf.c up to 1.13
crypto/external/bsd/openssh/dist/readconf.h up to 1.12
crypto/external/bsd/openssh/dist/readpass.c up to 1.6
crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7
crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9
crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4
crypto/external/bsd/openssh/dist/rsa.c up to 1.5
crypto/external/bsd/openssh/dist/rsa.h up to 1.4
crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5
crypto/external/bsd/openssh/dist/scp.1 up to 1.9
crypto/external/bsd/openssh/dist/scp.c up to 1.11
crypto/external/bsd/openssh/dist/servconf.c up to 1.17
crypto/external/bsd/openssh/dist/servconf.h up to 1.11
crypto/external/bsd/openssh/dist/serverloop.c up to 1.12
crypto/external/bsd/openssh/dist/session.c up to 1.14
crypto/external/bsd/openssh/dist/session.h up to 1.4
crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13
crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5
crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9
crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11
crypto/external/bsd/openssh/dist/sftp.1 up to 1.11
crypto/external/bsd/openssh/dist/sftp.c up to 1.15
crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9
crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10
crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8
crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14
crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5
crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13
crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16
crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10
crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13
crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9
crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7
crypto/external/bsd/openssh/dist/ssh.1 up to 1.14
crypto/external/bsd/openssh/dist/ssh.c up to 1.16
crypto/external/bsd/openssh/dist/ssh2.h up to 1.6
crypto/external/bsd/openssh/dist/ssh_config up to 1.8
crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13
crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11
crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6
crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6
crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19
crypto/external/bsd/openssh/dist/sshd.8 up to 1.13
crypto/external/bsd/openssh/dist/sshd.c up to 1.18
crypto/external/bsd/openssh/dist/sshd_config up to 1.13
crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17
crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6
crypto/external/bsd/openssh/dist/sshpty.c up to 1.4
crypto/external/bsd/openssh/dist/uidswap.c up to 1.4
crypto/external/bsd/openssh/dist/umac.c up to 1.9
crypto/external/bsd/openssh/dist/version.h up to 1.14
crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5
crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch
crypto/external/bsd/openssh/lib/shlib_version up to 1.13
distrib/sets/lists/base/ad.aarch64 patch
distrib/sets/lists/base/ad.arm patch
distrib/sets/lists/base/ad.mips patch
distrib/sets/lists/base/ad.powerpc patch
distrib/sets/lists/base/md.amd64 patch
distrib/sets/lists/base/md.sparc64 patch
distrib/sets/lists/base/mi patch
distrib/sets/lists/base/shl.mi patch
distrib/sets/lists/comp/ad.aarch64 patch
distrib/sets/lists/comp/ad.arm patch
distrib/sets/lists/comp/ad.mips patch
distrib/sets/lists/comp/ad.powerpc patch
distrib/sets/lists/comp/md.amd64 patch
distrib/sets/lists/comp/md.sparc64 patch
distrib/sets/lists/comp/mi patch
distrib/sets/lists/comp/shl.mi patch
distrib/sets/lists/debug/ad.aarch64 patch
distrib/sets/lists/debug/ad.arm patch
distrib/sets/lists/debug/ad.mips patch
distrib/sets/lists/debug/ad.powerpc patch
distrib/sets/lists/debug/md.amd64 patch
distrib/sets/lists/debug/md.sparc64 patch
distrib/sets/lists/debug/shl.mi patch
distrib/sets/lists/etc/mi patch
distrib/sets/lists/man/mi patch
etc/defaults/rc.conf 1.130
etc/mtree/NetBSD.dist.base 1.142
external/bsd/Makefile up to 1.48
external/bsd/blacklist/bin/Makefile up to 1.11 plus patch
external/bsd/blacklist/bin/blacklistctl.8 up to 1.6
external/bsd/blacklist/bin/blacklistctl.c up to 1.17
external/bsd/blacklist/bin/blacklistd.8 up to 1.10
external/bsd/blacklist/bin/blacklistd.c up to 1.32
external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2
external/bsd/blacklist/bin/conf.c up to 1.18
external/bsd/blacklist/bin/conf.h up to 1.6
external/bsd/blacklist/bin/internal.c up to 1.5
external/bsd/blacklist/bin/internal.h up to 1.12
external/bsd/blacklist/bin/run.c up to 1.12
external/bsd/blacklist/bin/run.h up to 1.5
external/bsd/blacklist/bin/state.c up to 1.15
external/bsd/blacklist/bin/state.h up to 1.5
external/bsd/blacklist/bin/support.c up to 1.6
external/bsd/blacklist/bin/support.h up to 1.5
external/bsd/blacklist/etc/rc.d/Makefile up to 1.1
external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1
external/bsd/blacklist/etc/Makefile up to 1.3
external/bsd/blacklist/etc/blacklistd.conf up to 1.3
external/bsd/blacklist/etc/npf.conf up to 1.1
external/bsd/blacklist/Makefile up to 1.2
external/bsd/blacklist/Makefile.inc up to 1.3
external/bsd/blacklist/README up to 1.7
external/bsd/blacklist/TODO up to 1.7
external/bsd/blacklist/diff/ftpd.diff up to 1.1
external/bsd/blacklist/diff/named.diff up to 1.6
external/bsd/blacklist/diff/ssh.diff up to 1.6
external/bsd/blacklist/include/Makefile up to 1.1
external/bsd/blacklist/include/bl.h up to 1.12
external/bsd/blacklist/include/blacklist.h up to 1.3
external/bsd/blacklist/include/config.h new
external/bsd/blacklist/lib/Makefile up to 1.3
external/bsd/blacklist/lib/bl.c up to 1.24
external/bsd/blacklist/lib/blacklist.c up to 1.5
external/bsd/blacklist/lib/libblacklist.3 up to 1.3
external/bsd/blacklist/lib/shlib_version up to 1.1
external/bsd/blacklist/libexec/Makefile up to 1.1
external/bsd/blacklist/libexec/blacklistd-helper up to 1.4
external/bsd/blacklist/port/m4/.cvsignore up to 1.1
external/bsd/blacklist/port/Makefile.am up to 1.4
external/bsd/blacklist/port/_strtoi.h up to 1.1
external/bsd/blacklist/port/clock_gettime.c up to 1.2
external/bsd/blacklist/port/configure.ac up to 1.7
external/bsd/blacklist/port/fgetln.c up to 1.1
external/bsd/blacklist/port/fparseln.c up to 1.1
external/bsd/blacklist/port/getprogname.c up to 1.4
external/bsd/blacklist/port/pidfile.c up to 1.1
external/bsd/blacklist/port/popenve.c up to 1.2
external/bsd/blacklist/port/port.h up to 1.6
external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9
external/bsd/blacklist/port/strlcat.c up to 1.2
external/bsd/blacklist/port/strlcpy.c up to 1.2
external/bsd/blacklist/port/strtoi.c up to 1.3
external/bsd/blacklist/test/Makefile up to 1.2
external/bsd/blacklist/test/cltest.c up to 1.6
external/bsd/blacklist/test/srvtest.c up to 1.9
lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23
libexec/ftpd/pfilter.c up to 1.1
libexec/ftpd/pfilter.h up to 1.1
libexec/ftpd/Makefile up to 1.64
libexec/ftpd/ftpd.c up to 1.201
Add blacklistd(8), a daemon to block and release network ports
on demand to mitigate abuse, and related changes to system daemons
to support it.
[christos, ticket #711]
|
| 1.202.2.1 | 26-Jul-2016 |
pgoyette | Sync with HEAD
|
| 1.203.12.1 | 02-May-2018 |
pgoyette | Synch with HEAD
|
| 1.203.6.5 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1906):
libexec/ftpd/ftpd.c: revision 1.208
pam_set_item PAM_SOCKADDR expects sockaddr_storage structure
Instead, internal struct sockinet was used. Because it's length is shorter
than sockaddr_storage, libpam was copying also memory outside of sockinet
struct.
|
| 1.203.6.4 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1903):
libexec/ftpd/ftpd.c: revision 1.207
libexec/ftpd/version.h: revision 1.78
ftpd: improve seteuid error handling
Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.
|
| 1.203.6.3 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1902):
libexec/ftpd/ftpd.c: revision 1.206
Treat failed chdir/chroot for guest and chroot accounts as fatal.
Also treat failed set{e,}(u,g}id calls as fatal.
Addresses CVE-2020-7468, via FreeBSD.
|
| 1.203.6.2 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1901):
libexec/ftpd/extern.h: revision 1.65
libexec/ftpd/ftpd.c: revision 1.205
bump sizes
|
| 1.203.6.1 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1900):
libexec/ftpd/ftpd.8: revision 1.87
libexec/ftpd/ftpd.c: revision 1.204
Add -f option to ftpd to stay in foreground with -D.
From nia in PR bin/53221.
|
| 1.204.4.4 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1742):
libexec/ftpd/ftpd.c: revision 1.208
pam_set_item PAM_SOCKADDR expects sockaddr_storage structure
Instead, internal struct sockinet was used. Because it's length is shorter
than sockaddr_storage, libpam was copying also memory outside of sockinet
struct.
|
| 1.204.4.3 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1739):
libexec/ftpd/ftpd.c: revision 1.207
libexec/ftpd/version.h: revision 1.78
ftpd: improve seteuid error handling
Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.
|
| 1.204.4.2 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1738):
libexec/ftpd/ftpd.c: revision 1.206
Treat failed chdir/chroot for guest and chroot accounts as fatal.
Also treat failed set{e,}(u,g}id calls as fatal.
Addresses CVE-2020-7468, via FreeBSD.
|
| 1.204.4.1 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1737):
libexec/ftpd/extern.h: revision 1.65
libexec/ftpd/ftpd.c: revision 1.205
bump sizes
|
| 1.204.2.1 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.206.2.2 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #389):
libexec/ftpd/ftpd.c: revision 1.208
pam_set_item PAM_SOCKADDR expects sockaddr_storage structure
Instead, internal struct sockinet was used. Because it's length is shorter
than sockaddr_storage, libpam was copying also memory outside of sockinet
struct.
|
| 1.206.2.1 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #385):
libexec/ftpd/ftpd.c: revision 1.207
libexec/ftpd/version.h: revision 1.78
ftpd: improve seteuid error handling
Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.
|
| 1.208.2.1 | 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.38 | 22-Aug-2020 |
lukem | ftpd.conf(5): remove duplicate "be"
Two be or not two be.
Noted by SAITOH Masanobu in private mail.
|
| 1.37 | 09-Apr-2009 |
joerg | Don't use .Xo/.Xc or .Oo/.Oc over .It lines to work around the macro
argument limit in ancient groff versions.
|
| 1.36 | 13-Sep-2008 |
lukem | branches: 1.36.6;
Crank copyright dates
|
| 1.35 | 30-Apr-2008 |
martin | branches: 1.35.2;
Convert TNF licenses to new 2 clause variant
|
| 1.34 | 02-Dec-2007 |
wiz | branches: 1.34.6;
filetypes -> file types.
|
| 1.33 | 13-Apr-2007 |
lukem | branches: 1.33.4;
Expand documentation on numeric argument suffix parsing, and convert
to IEC 60027-2 prefixes for 2^n multiples ("KiB" instead of "KB", etc.)
|
| 1.32 | 11-Sep-2005 |
wiz | Remove duplicate line. From YOMURA Masanori in private mail.
|
| 1.31 | 10-Sep-2005 |
wiz | Fix typo.
|
| 1.30 | 24-Aug-2005 |
ginsbach | * Add recvbufsize configuration option
This allows for setting the passive socket's SO_RCVBUF. Option works
similarly to the current sendbufsize configuration option.
* Change how recveive_data() works
When reading data from the socket for passive transfers to the server,
receive_data() now works very similar to send_data_with_read(). Reads
from the network are now done using either the filesystem block size or
the configuration option readsize chunks.
* Crank version.h
[Changes discussed with lukem.]
|
| 1.29 | 03-Mar-2005 |
ginsbach | * Add hidesymlinks configuration option
This adds a -L to all ls command arguments so that the file or directory
the link references is listed rather than the link itself. This was
inspired by IRIX ftpd's -S option.
[Discussed with lukem some time ago.]
* Crank version.h [right Luke? :-)]
|
| 1.28 | 27-Jun-2003 |
wiz | Add Ns.
|
| 1.27 | 31-Mar-2003 |
perry | behaviour->behavior
I actually really like the UK spelling on this, but consistency among
our man pages is also a virtue.
|
| 1.26 | 25-Feb-2003 |
wiz | .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
|
| 1.25 | 29-Nov-2002 |
wiz | -1 -> \-1.
|
| 1.24 | 29-Nov-2002 |
lukem | - convert to using libc's strsuftoll(3)
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
|
| 1.23 | 02-Oct-2002 |
wiz | especially and interpretation instead of espcially and intrepretation.
By Adrian Mrva.
|
| 1.22 | 29-Sep-2002 |
wiz | Begin new sentences on new lines.
Patch from Robert Elz (kre at munnari oz au).
|
| 1.21 | 31-May-2002 |
wiz | Grammar fixes in last.
|
| 1.20 | 30-May-2002 |
enami | Add optional mmap(2)/write(2) support for binary file transfer.
The default is read(2)/write(2). Note that the sosend_loan needs
some more work for better performance when a file isn't cached.
|
| 1.19 | 15-Jan-2002 |
wiz | branches: 1.19.2;
Whitespace nits.
|
| 1.18 | 04-Dec-2001 |
lukem | Add two new ftpd.conf(5) directives:
- 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER
command instead of the PASS command. whilst this might provide some
info leakage of accounts names if you have some `real' or `chroot'
users enabled and not others, it does prevent accidental entering of
such passwords if you have all such users denied. This option is
strongly recommended on anonymous-only servers.
Functionality requested by Rob Windsor in [bin/12602]
- 'private'; don't display class related information in the output of STAT.
For paranoid admins.
|
| 1.17 | 08-Jul-2001 |
lukem | Alan Barrett informs me that "advertise" (instead of "advertize") is
the norm even in American English.
|
| 1.16 | 26-Jun-2001 |
lukem | s/tise/tize/ in docco, add "advertize" as synonym for "advertise"
|
| 1.15 | 18-Dec-2000 |
lukem | Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
advertised to the client for PASV transfers. this may be useful in
certain firewall/NAT environments.
Feature requested in [bin/9606] by Scott Presnell.
* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
`xferlog: '. An example line from syslog (wrapped):
Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c
These messages can be converted to a wu-ftpd style xferlog file
suitable for parsing with third-party tools with something like:
grep 'xferlog: ' /var/log/xferlog | \
sed -e 's/^.*xferlog: //' >wuxferlog
The format is the same as the wu-ftpd xferlog entries (with the leading
syslog stuff), but different from the wu-ftpd syslogged xferlog entries
because the latter is not as easy to convert into the standard xferlog
file format.
The choice to only syslog the xferlog messages rather than append to
a /var/log/xferlog file was made because the latter doesn't work to
well in the situation where the logfile is rotated and compressed and
a long-running ftpd still has a file-descriptor to the now nonexistant
xferlog file, and the log message will then get lost.
Feature requested in [bin/11651] by Hubert Feyrer.
Fixes:
* In ftpd(8), clarify the -a and -c options.
* More clarifications in ftpd.conf(5).
* Ensure that all ftpd.conf commands set a parameter back to sane defaults
if an argument of `none' or bad settings are given.
* Support the `chroot' directive for `REAL' users too (for consistency).
* For `GUEST' users, store the supplied password in pw->pw_passwd for use
later in the xferlog.
* If show_chdir_messages() is given a code of -1, flush the cache of
visited directories. Invoke show_chdir_messages(-1) in end_login().
* Only syslog session stats if logging is requested.
* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().
* Use cprintf() instead of fprintf() where appropriate.
* Minor KNF, and make a couple of functions static that were declared static.
|
| 1.14 | 16-Nov-2000 |
lukem | - new ftpd.conf directives:
maxfilesize set the maximum size of uploaded files
sanenames if set, only permit uploaded filenames that contain
characters from the set "-+,._A-Za-z0-9" and that
don't start with `.'
- new/changed command line options:
-e emailaddr define email address for %E (see below)
-P dataport use dataport as the dataport (instead of ctrlport-1)
-q use pid files to count users [default]
-Q don't use pid files to count users
-u write entries to utmp
-U don't write entries to utmp [default]
-w write entries to wtmp [default]
-W don't write entries to wtmp
NOTE: -U used to mean `write utmp entries'. Its meaning has changed
so that it's orthogonal with -q/-Q and -w/-W. This isn't
considered a major problem, because using -U isn't going to
enable something you don't want, but will disable something
you did want (which is safer).
- new display file escape sequences:
%E email address
%s literal `s' if the previous %M or %N wasn't ``1''.
%S literal `S' if the previous %M or %N wasn't ``1''.
- expand the description of building ~ftp/incoming to cover the
appropriate ftpd.conf(5) directives (which are defaults, but it pays
to explicitly explain them)
- replace strsuftoi() with strsuftoll(), which returns a long long if
supported, otherwise a long
- rework the way that check_modify and check_upload are done in the yacc
parser; they're merged into a common check_write() function which is
called explicitly
- merge all ftpclass `flag variables' into a single bitfield-based flag element
- move various common bits of parse_conf() into a couple of macros
- clean up some comments
|
| 1.13 | 07-Nov-2000 |
lukem | slight rework
|
| 1.12 | 07-Nov-2000 |
lukem | reorganise slightly to make it more obvious what the actual syntax of
a configuration line is.
|
| 1.11 | 23-Jul-2000 |
lukem | * make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
|
| 1.10 | 17-Jul-2000 |
lukem | * add two new ftpd.conf(5) directives:
chroot specify dir to chroot to for GUEST and CHROOT users, to
override -a anondir or the user's homedir.
homedir specify dir to change to upon login; also used for ~ expansion
and $HOME for subprocesses)
both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
into dst.
* rename format_file() to display_file()
|
| 1.9 | 20-Jun-2000 |
lukem | fix problems noted by <dogcow@redback.com> in [bin/10390] and private email:
* fix RATE{GET,PUT} under some situations when the client is slower than
the server (something i missed when migrating the rate limiting code
i wrote in ftp(1) to ftpd(8))
* document what units RATE{GET,PUT} use
|
| 1.8 | 12-Jan-2000 |
lukem | branches: 1.8.4;
* add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
consistent.
|
| 1.7 | 09-Jan-2000 |
lukem | * new ftpd.conf directive:
template class [refclass]
following directives for refclass will apply to class as well.
this makes setting up a `template' class with many default settings
easy, whilst allowing for class-specific overrides
* prevent crash when the optional limitfile wasn't given to limit
* document count_users()
* document default setting of limit in ftpd.conf(5)
* crank version
|
| 1.6 | 08-Jan-2000 |
lukem | features:
* add connection limits (`limit' keyword in ftpd.conf)
* move initialisation of curclass from parse_conf() to new function
init_curclass()
* implement count_users(), which determines the number of users in a given
class. a file - /var/run/ftpd.pids-<class> - is used to store a list
of pids in use (effectively an array of pid_t's), and its size is reduced
as necessary.
* new % modifiers in format_file:
%c class
%M maximum connection count
%N current connection count
* always end_login()s, even for refused connections
bugs fixed:
* remove \n from %T output
* fix some inconsistencies in the man pages
* ensure that both `ftp' *and* `anonymous' are allowed in ftpusers.
(this was accidently broken in a recent commit to be ``or'' not ``and'')
* use MAXPATHLEN not MAXPATHLEN+1
* crank copyright date on modified files
* crank version
|
| 1.5 | 26-Dec-1999 |
lukem | branches: 1.5.2;
* document all classtype defaults
* xref /usr/share/examples/ftpd/ftpd.conf
|
| 1.4 | 18-Dec-1999 |
lukem | * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit
The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
|
| 1.3 | 16-Dec-1999 |
lukem | install ftpusers(5) as ftpchroot(5). more cleanups
|
| 1.2 | 16-Dec-1999 |
lukem | cleanup
|
| 1.1 | 16-Dec-1999 |
lukem | separate ftpd.conf(5) and ftpusers(5) out from ftpd(8).
xxx: still needs a bit of work
|
| 1.5.2.2 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.5.2.1 | 26-Dec-1999 |
wrstuden | file ftpd.conf.5 was added on branch wrstuden-devbsize on 1999-12-27 18:30:12 +0000
|
| 1.8.4.4 | 26-Aug-2004 |
jmc | Pullup rev 1.16-1.28 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.8.4.3 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.8.4.2 | 25-Jul-2000 |
lukem | user visible changes (besides checking the cvs log):
* make checkportcmd the default
* add -r; force permanent drop of root privs after login
* add -V vers; change version string to vers
* add -H; act as -h `hostname`
* permanently drop root privs if it makes sense to do so (e.g; logging in as
guest/chroot user on a port > 1024)
* fix reference to draft-ietf-ftpext-mlst-11
* add ftpd.conf directives: chroot, homedir
* fix base64_encode() and generation of the unique fact
* crank version to 20000723
|
| 1.8.4.1 | 22-Jun-2000 |
lukem | Pull up revision 1.9:
- fix RATE{GET,PUT} when the client is slower than the rate limit
- document units RATE{GET,PUT} use
Fixes PR#10390
|
| 1.19.2.1 | 31-Aug-2004 |
jmc | Pullup rev 1.20-1.28 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.33.4.1 | 09-Jan-2008 |
matt | sync with HEAD
|
| 1.34.6.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.35.2.1 | 24-Sep-2008 |
wrstuden | Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
|
| 1.36.6.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.17 | 13-Sep-2008 |
lukem | Crank copyright dates
|
| 1.16 | 30-Apr-2008 |
martin | branches: 1.16.2;
Convert TNF licenses to new 2 clause variant
|
| 1.15 | 26-Jul-2003 |
salo | branches: 1.15.30;
netbsd.org->NetBSD.org
|
| 1.14 | 25-Feb-2003 |
wiz | .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
|
| 1.13 | 01-Dec-2001 |
wiz | branches: 1.13.2;
Improve FILES section.
|
| 1.12 | 01-Dec-2001 |
lukem | clarify glob type of hostname glob
|
| 1.11 | 11-Jun-2001 |
wiz | Fix various misspellings of compatible/compatibility.
|
| 1.10 | 25-Apr-2001 |
lukem | crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
|
| 1.9 | 04-Apr-2001 |
wiz | ftpd.conf(8) -> (5), and a whitespace nit.
|
| 1.8 | 07-Nov-2000 |
lukem | slight cleanup of line syntax
|
| 1.7 | 17-Jul-2000 |
lukem | * add two new ftpd.conf(5) directives:
chroot specify dir to chroot to for GUEST and CHROOT users, to
override -a anondir or the user's homedir.
homedir specify dir to change to upon login; also used for ~ expansion
and $HOME for subprocesses)
both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
into dst.
* rename format_file() to display_file()
|
| 1.6 | 30-May-2000 |
lukem | branches: 1.6.2;
Clarify the meaning of `directive', as requested in [security/10229]
by Klaus Klein <kleink@uni-trier.de>
|
| 1.5 | 08-Jan-2000 |
lukem | branches: 1.5.2;
reference usr/share/examples/ftpd/ftpusers
|
| 1.4 | 21-Dec-1999 |
lukem | branches: 1.4.2;
* add support for optional groupglob in ftpuser entry. the syntax is now:
userglob[:groupglob][@host] [directive [class]]
* append ``(class: CLASSNAME, type: TYPE)'' to the syslogged login messages
|
| 1.3 | 18-Dec-1999 |
lukem | * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit
The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
|
| 1.2 | 16-Dec-1999 |
lukem | install ftpusers(5) as ftpchroot(5). more cleanups
|
| 1.1 | 16-Dec-1999 |
lukem | separate ftpd.conf(5) and ftpusers(5) out from ftpd(8).
xxx: still needs a bit of work
|
| 1.4.2.2 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.4.2.1 | 21-Dec-1999 |
wrstuden | file ftpusers.5 was added on branch wrstuden-devbsize on 1999-12-27 18:30:12 +0000
|
| 1.5.2.1 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.6.2.4 | 26-Aug-2004 |
jmc | Pullup rev 1.10-1.15 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.6.2.3 | 26-Apr-2001 |
he | Pull up revision 1.9 (requested by wiz):
Correct ftpd.conf to ftpd.conf(5), and a whitespace fix.
|
| 1.6.2.2 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.6.2.1 | 25-Jul-2000 |
lukem | user visible changes (besides checking the cvs log):
* make checkportcmd the default
* add -r; force permanent drop of root privs after login
* add -V vers; change version string to vers
* add -H; act as -h `hostname`
* permanently drop root privs if it makes sense to do so (e.g; logging in as
guest/chroot user on a port > 1024)
* fix reference to draft-ietf-ftpext-mlst-11
* add ftpd.conf directives: chroot, homedir
* fix base64_encode() and generation of the unique fact
* crank version to 20000723
|
| 1.13.2.1 | 31-Aug-2004 |
jmc | Pullup rev 1.14-1.15 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.15.30.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.16.2.1 | 24-Sep-2008 |
wrstuden | Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
|
| 1.12 | 16-Sep-2011 |
plunky | NULL does not need a cast, here
|
| 1.11 | 09-Jun-2008 |
lukem | Add missing RCSID.
|
| 1.10 | 04-Dec-2006 |
jdolecek | branches: 1.10.10; 1.10.12;
allow compilation without SUPPORT_UTMP
|
| 1.9 | 23-Jun-2005 |
christos | cleanup utmp and utmpx support.
- make them symmetric
- add a function to open the wtmp file explicitly very early in the game
|
| 1.8 | 09-Aug-2004 |
lukem | Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
|
| 1.7 | 13-Oct-2003 |
agc | branches: 1.7.2;
Move Jason Downs's code from a 4-clause to a 3-clause licence by
removing the advertising clause. Diffs provided in PR 22410 by Joel
Baker, confirmed to the board by Jason Downs.
With additional thanks to Jason Thorpe.
|
| 1.6 | 07-Aug-2003 |
agc | Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
|
| 1.5 | 30-Jun-2003 |
tacha | Add ftpd_loginx() and ftpd_logwtmpx() and use them to hold wtmpx file
open while a session.
Close bin/21692 by bqt@Krille.Update.UU.SE.
|
| 1.4 | 23-Feb-2003 |
lukem | rename local copies of login(), logout() and logwtmp() to
ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively.
(makes utmp support much easier in tnftpd).
per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who
forwarded patch from Michael Ranner <mranner@inode.at>.
|
| 1.3 | 29-Nov-2002 |
lukem | - convert to using libc's strsuftoll(3)
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
|
| 1.2 | 20-May-2000 |
lukem | branches: 1.2.4; 1.2.6;
convert to ANSI C as per style guide
|
| 1.1 | 18-Dec-1999 |
lukem | branches: 1.1.2;
* move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit
The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
|
| 1.1.2.1 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.2.6.1 | 31-Aug-2004 |
jmc | Pullup rev 1.3-1.8 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.2.4.1 | 26-Aug-2004 |
jmc | Pullup rev 1.3-1.8 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.7.2.1 | 12-Aug-2004 |
jmc | Pullup rev 1.8 (requested by lukem in ticket #757)
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue.
|
| 1.10.12.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.10.10.1 | 17-Jun-2008 |
yamt | sync with head.
|
| 1.27 | 09-Aug-2015 |
shm | Removed unnecessary memset(3) call
|
| 1.26 | 09-Aug-2015 |
shm | Clear utmpx struct before writing it to wtmpx files
|
| 1.25 | 23-Sep-2006 |
xtraeme | branches: 1.25.24; 1.25.42; 1.25.60;
Apply patch from PR bin/33261 sent by FUKAOMI Naoki:
"ftpd does not update wtmpx".
Thanks.
|
| 1.24 | 23-Jun-2005 |
christos | cleanup utmp and utmpx support.
- make them symmetric
- add a function to open the wtmp file explicitly very early in the game
|
| 1.23 | 11-Nov-2004 |
christos | Don't write trash in ut_ss; either initialize it to 0, or put in the proper
information.
|
| 1.22 | 09-Aug-2004 |
lukem | Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
|
| 1.21 | 07-Aug-2003 |
agc | branches: 1.21.2;
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
|
| 1.20 | 30-Jun-2003 |
tacha | Add ftpd_loginx() and ftpd_logwtmpx() and use them to hold wtmpx file
open while a session.
Close bin/21692 by bqt@Krille.Update.UU.SE.
|
| 1.19 | 23-Feb-2003 |
lukem | rename local copies of login(), logout() and logwtmp() to
ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively.
(makes utmp support much easier in tnftpd).
per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who
forwarded patch from Michael Ranner <mranner@inode.at>.
|
| 1.18 | 13-Sep-2002 |
itojun | revert previous. wtmp{,x} entries need not be \0-terminated, so
strncpy is more proper.
|
| 1.17 | 12-Sep-2002 |
itojun | use strl*, not strn*.
|
| 1.16 | 04-Feb-2001 |
christos | branches: 1.16.2;
fix redundant declarations.
|
| 1.15 | 20-May-2000 |
lukem | branches: 1.15.4;
convert to ANSI C as per style guide
|
| 1.14 | 05-Mar-2000 |
lukem | * don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
|
| 1.13 | 12-Jan-2000 |
lukem | * add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
consistent.
|
| 1.12 | 25-Aug-1999 |
christos | more kerberos5 fixes
|
| 1.11 | 24-Feb-1999 |
explorer | Make this build with KERBEROS5 defined.
|
| 1.10 | 28-Dec-1998 |
lukem | * replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.
|
| 1.9 | 12-Sep-1998 |
kleink | Need <signal.h> for sig_atomic_t.
|
| 1.8 | 06-Sep-1998 |
lukem | * complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
otherwise an invalid command after login incorrectly sets the timeout
to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
(instead of `BSD-199506')
* move all extern-ed vars into extern.h
|
| 1.7 | 27-Jul-1998 |
mycroft | const poisoning.
|
| 1.6 | 01-Apr-1998 |
kleink | Need <time.h> for time() prototype.
|
| 1.5 | 18-Jun-1997 |
christos | - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
|
| 1.4 | 11-Apr-1995 |
cgd | clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
|
| 1.3 | 29-Jun-1994 |
deraadt | 4.4-lite, plus our local changes
|
| 1.2 | 01-Aug-1993 |
mycroft | Add RCS identifiers.
|
| 1.1 | 21-Mar-1993 |
cgd | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 29-Mar-1997 |
cjs | Lite-1 Import.
|
| 1.1.1.1 | 21-Mar-1993 |
cgd | initial import of 386bsd-0.1 sources
|
| 1.15.4.2 | 26-Aug-2004 |
jmc | Pullup rev 1.17-1.22 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.15.4.1 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.16.2.1 | 31-Aug-2004 |
jmc | Pullup rev 1.17-1.22 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.21.2.1 | 12-Aug-2004 |
jmc | Pullup rev 1.22 (requested by lukem in ticket #757)
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue.
|
| 1.25.60.1 | 04-Nov-2015 |
riz | Pull up following revision(s) (requested by shm in ticket #944):
libexec/ftpd/logwtmp.c: revision 1.26
libexec/ftpd/logwtmp.c: revision 1.27
Removed unnecessary memset(3) call
Clear utmpx struct before writing it to wtmpx files
|
| 1.25.42.1 | 15-Nov-2015 |
bouyer | Pull up following revision(s) (requested by shm in ticket #1321):
libexec/ftpd/logwtmp.c: revision 1.26
libexec/ftpd/logwtmp.c: revision 1.27
Removed unnecessary memset(3) call
Clear utmpx struct before writing it to wtmpx files
|
| 1.25.24.1 | 07-Nov-2015 |
snj | Pull up following revision(s) (requested by shm in ticket #1975):
libexec/ftpd/logwtmp.c: revision 1.26
libexec/ftpd/logwtmp.c: revision 1.27
Removed unnecessary memset(3) call
--
Clear utmpx struct before writing it to wtmpx files
|
| 1.12 | 11-Dec-2004 |
christos | change _PATH_FOO to _NAME_FOO where FOO is not a path. I'll discuss with
luke what is the best way to fix this.
|
| 1.11 | 07-Aug-2003 |
agc | Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
|
| 1.10 | 06-Mar-2000 |
lukem | branches: 1.10.4; 1.10.6;
only define _DEFAULT_CONFDIR if not set. (allows compile-time override)
|
| 1.9 | 08-Jan-2000 |
lukem | features:
* add connection limits (`limit' keyword in ftpd.conf)
* move initialisation of curclass from parse_conf() to new function
init_curclass()
* implement count_users(), which determines the number of users in a given
class. a file - /var/run/ftpd.pids-<class> - is used to store a list
of pids in use (effectively an array of pid_t's), and its size is reduced
as necessary.
* new % modifiers in format_file:
%c class
%M maximum connection count
%N current connection count
* always end_login()s, even for refused connections
bugs fixed:
* remove \n from %T output
* fix some inconsistencies in the man pages
* ensure that both `ftp' *and* `anonymous' are allowed in ftpusers.
(this was accidently broken in a recent commit to be ``or'' not ``and'')
* use MAXPATHLEN not MAXPATHLEN+1
* crank copyright date on modified files
* crank version
|
| 1.8 | 08-Jun-1998 |
lukem | support displaying the stderr output from a LIST or a conversion to
the user at the end of a transfer.
this generates a file in /tmp, so anonymous requires a
writable ~ftp/tmp, which you may not want to do (because it may
allow people to unwanted upload files).
XXX: a better method of storing the stderr output would be nice, but
is a lot more effort to implement. this feature can at least be
used temporarily whilst debugging why an ftp conversion doesn't
work.
|
| 1.7 | 23-Sep-1997 |
lukem | implement '-c confdir', which allows the specification of an alternate
directory to look for the various configuration files, overriding /etc.
From Matthias Scheler <tron@lyssa.owl.de> in [bin/4133]
|
| 1.6 | 14-Jun-1997 |
lukem | * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
|
| 1.5 | 11-Apr-1995 |
cgd | clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
|
| 1.4 | 29-Jun-1994 |
deraadt | 4.4-lite, plus our local changes
|
| 1.3 | 06-Apr-1994 |
cgd | Jarle.F.Greipsland@idt.unit.no's changes to allow for password-protected
chrooted ftp logins.
|
| 1.2 | 01-Aug-1993 |
mycroft | Add RCS identifiers.
|
| 1.1 | 21-Mar-1993 |
cgd | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 29-Mar-1997 |
cjs | 4.4BSD-lite2 import.
|
| 1.1.1.1 | 21-Mar-1993 |
cgd | initial import of 386bsd-0.1 sources
|
| 1.10.6.1 | 31-Aug-2004 |
jmc | Pullup rev 1.11 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.10.4.1 | 26-Aug-2004 |
jmc | Pullup rev 1.11 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.4 | 04-Jul-2020 |
lukem | add missing RCSIDs
(copyrights could be added too - that's up to christos@)
|
| 1.3 | 15-Jun-2020 |
christos | Rename blacklist -> blocklist
|
| 1.2 | 29-Jan-2019 |
lukem | clarify the fd used for blacklisting.
Use STDIN_FILENO instead of 0 as the fd to blacklist_r(),
since we use the former in ftpd.c
|
| 1.1 | 25-Jan-2015 |
christos | branches: 1.1.2; 1.1.18;
blacklist hooks
|
| 1.1.18.1 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.1.2.2 | 30-Apr-2015 |
riz | Pull up blacklistd(8), requested by christos in ticket #711:
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2
crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3
crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1
crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1
crypto/external/bsd/openssh/dist/blf.h up to 1.1
crypto/external/bsd/openssh/dist/blocks.c up to 1.3
crypto/external/bsd/openssh/dist/blowfish.c up to 1.2
crypto/external/bsd/openssh/dist/chacha.c up to 1.3
crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3
crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ge25519.c up to 1.3
crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1
crypto/external/bsd/openssh/dist/hash.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3
crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/sc25519.c up to 1.3
crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4
crypto/external/bsd/openssh/dist/ssherr.c up to 1.3
crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshkey.c up to 1.3
crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/verify.c up to 1.3
crypto/external/bsd/openssh/dist/opacket.c up to 1.2
crypto/external/bsd/openssh/dist/umac128.c up to 1.1
crypto/external/bsd/openssh/dist/pfilter.c up to 1.2
crypto/external/bsd/openssh/dist/pfilter.h up to 1.1
crypto/external/bsd/openssh/dist/bitmap.h up to 1.2
crypto/external/bsd/openssh/dist/opacket.h up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2
crypto/external/bsd/openssh/dist/auth2-jpake.c delete
crypto/external/bsd/openssh/dist/compress.c delete
crypto/external/bsd/openssh/dist/compress.h delete
crypto/external/bsd/openssh/dist/jpake.c delete
crypto/external/bsd/openssh/dist/jpake.h delete
crypto/external/bsd/openssh/dist/schnorr.c delete
crypto/external/bsd/openssh/dist/schnorr.h delete
crypto/external/bsd/openssh/dist/strtonum.c 1.1
crypto/external/bsd/openssh/Makefile.inc up to 1.8
crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2
crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12
crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5
crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2
crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8
crypto/external/bsd/openssh/dist/atomicio.c up to 1.6
crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4
crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6
crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7
crypto/external/bsd/openssh/dist/auth-options.c up to 1.9
crypto/external/bsd/openssh/dist/auth-options.h up to 1.6
crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4
crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6
crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5
crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10
crypto/external/bsd/openssh/dist/auth.c up to 1.12
crypto/external/bsd/openssh/dist/auth.h up to 1.10
crypto/external/bsd/openssh/dist/auth1.c up to 1.11
crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4
crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11
crypto/external/bsd/openssh/dist/auth2.c up to 1.11
crypto/external/bsd/openssh/dist/authfd.c up to 1.8
crypto/external/bsd/openssh/dist/authfd.h up to 1.5
crypto/external/bsd/openssh/dist/authfile.c up to 1.10
crypto/external/bsd/openssh/dist/authfile.h up to 1.6
crypto/external/bsd/openssh/dist/bufaux.c up to 1.7
crypto/external/bsd/openssh/dist/bufbn.c up to 1.5
crypto/external/bsd/openssh/dist/bufec.c up to 1.5
crypto/external/bsd/openssh/dist/buffer.c up to 1.6
crypto/external/bsd/openssh/dist/buffer.h up to 1.7
crypto/external/bsd/openssh/dist/canohost.c up to 1.8
crypto/external/bsd/openssh/dist/channels.c up to 1.13
crypto/external/bsd/openssh/dist/channels.h up to 1.10
crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6
crypto/external/bsd/openssh/dist/cipher.c up to 1.7
crypto/external/bsd/openssh/dist/cipher.h up to 1.7
crypto/external/bsd/openssh/dist/clientloop.c up to 1.13
crypto/external/bsd/openssh/dist/compat.c up to 1.9
crypto/external/bsd/openssh/dist/compat.h up to 1.6
crypto/external/bsd/openssh/dist/deattack.c up to 1.4
crypto/external/bsd/openssh/dist/deattack.h up to 1.4
crypto/external/bsd/openssh/dist/dh.c up to 1.8
crypto/external/bsd/openssh/dist/dh.h up to 1.4
crypto/external/bsd/openssh/dist/dispatch.c up to 1.5
crypto/external/bsd/openssh/dist/dispatch.h up to 1.4
crypto/external/bsd/openssh/dist/dns.c up to 1.11
crypto/external/bsd/openssh/dist/dns.h up to 1.6
crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5
crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7
crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8
crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.h up to 1.7
crypto/external/bsd/openssh/dist/includes.h up to 1.4
crypto/external/bsd/openssh/dist/kex.c up to 1.10
crypto/external/bsd/openssh/dist/kex.h up to 1.9
crypto/external/bsd/openssh/dist/kexdh.c up to 1.4
crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6
crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8
crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5
crypto/external/bsd/openssh/dist/kexgex.c up to 1.4
crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6
crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8
crypto/external/bsd/openssh/dist/key.c up to 1.16
crypto/external/bsd/openssh/dist/key.h up to 1.9
crypto/external/bsd/openssh/dist/krl.c up to 1.5
crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/mac.c up to 1.11
crypto/external/bsd/openssh/dist/mac.h up to 1.5
crypto/external/bsd/openssh/dist/match.c up to 1.5
crypto/external/bsd/openssh/dist/misc.c up to 1.10
crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch
crypto/external/bsd/openssh/dist/moduli.c up to 1.8
crypto/external/bsd/openssh/dist/monitor.c up to 1.14
crypto/external/bsd/openssh/dist/monitor.h up to 1.7
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5
crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6
crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8
crypto/external/bsd/openssh/dist/msg.c up to 1.4
crypto/external/bsd/openssh/dist/msg.h up to 1.4
crypto/external/bsd/openssh/dist/mux.c up to 1.11
crypto/external/bsd/openssh/dist/myproposal.h up to 1.10
crypto/external/bsd/openssh/dist/namespace.h up to 1.5
crypto/external/bsd/openssh/dist/packet.c up to 1.18
crypto/external/bsd/openssh/dist/packet.h up to 1.11
crypto/external/bsd/openssh/dist/pathnames.h up to 1.9
crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7
crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4
crypto/external/bsd/openssh/dist/reallocarray.c new
crypto/external/bsd/openssh/dist/readconf.c up to 1.13
crypto/external/bsd/openssh/dist/readconf.h up to 1.12
crypto/external/bsd/openssh/dist/readpass.c up to 1.6
crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7
crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9
crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4
crypto/external/bsd/openssh/dist/rsa.c up to 1.5
crypto/external/bsd/openssh/dist/rsa.h up to 1.4
crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5
crypto/external/bsd/openssh/dist/scp.1 up to 1.9
crypto/external/bsd/openssh/dist/scp.c up to 1.11
crypto/external/bsd/openssh/dist/servconf.c up to 1.17
crypto/external/bsd/openssh/dist/servconf.h up to 1.11
crypto/external/bsd/openssh/dist/serverloop.c up to 1.12
crypto/external/bsd/openssh/dist/session.c up to 1.14
crypto/external/bsd/openssh/dist/session.h up to 1.4
crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13
crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5
crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9
crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11
crypto/external/bsd/openssh/dist/sftp.1 up to 1.11
crypto/external/bsd/openssh/dist/sftp.c up to 1.15
crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9
crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10
crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8
crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14
crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5
crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13
crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16
crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10
crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13
crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9
crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7
crypto/external/bsd/openssh/dist/ssh.1 up to 1.14
crypto/external/bsd/openssh/dist/ssh.c up to 1.16
crypto/external/bsd/openssh/dist/ssh2.h up to 1.6
crypto/external/bsd/openssh/dist/ssh_config up to 1.8
crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13
crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11
crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6
crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6
crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19
crypto/external/bsd/openssh/dist/sshd.8 up to 1.13
crypto/external/bsd/openssh/dist/sshd.c up to 1.18
crypto/external/bsd/openssh/dist/sshd_config up to 1.13
crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17
crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6
crypto/external/bsd/openssh/dist/sshpty.c up to 1.4
crypto/external/bsd/openssh/dist/uidswap.c up to 1.4
crypto/external/bsd/openssh/dist/umac.c up to 1.9
crypto/external/bsd/openssh/dist/version.h up to 1.14
crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5
crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch
crypto/external/bsd/openssh/lib/shlib_version up to 1.13
distrib/sets/lists/base/ad.aarch64 patch
distrib/sets/lists/base/ad.arm patch
distrib/sets/lists/base/ad.mips patch
distrib/sets/lists/base/ad.powerpc patch
distrib/sets/lists/base/md.amd64 patch
distrib/sets/lists/base/md.sparc64 patch
distrib/sets/lists/base/mi patch
distrib/sets/lists/base/shl.mi patch
distrib/sets/lists/comp/ad.aarch64 patch
distrib/sets/lists/comp/ad.arm patch
distrib/sets/lists/comp/ad.mips patch
distrib/sets/lists/comp/ad.powerpc patch
distrib/sets/lists/comp/md.amd64 patch
distrib/sets/lists/comp/md.sparc64 patch
distrib/sets/lists/comp/mi patch
distrib/sets/lists/comp/shl.mi patch
distrib/sets/lists/debug/ad.aarch64 patch
distrib/sets/lists/debug/ad.arm patch
distrib/sets/lists/debug/ad.mips patch
distrib/sets/lists/debug/ad.powerpc patch
distrib/sets/lists/debug/md.amd64 patch
distrib/sets/lists/debug/md.sparc64 patch
distrib/sets/lists/debug/shl.mi patch
distrib/sets/lists/etc/mi patch
distrib/sets/lists/man/mi patch
etc/defaults/rc.conf 1.130
etc/mtree/NetBSD.dist.base 1.142
external/bsd/Makefile up to 1.48
external/bsd/blacklist/bin/Makefile up to 1.11 plus patch
external/bsd/blacklist/bin/blacklistctl.8 up to 1.6
external/bsd/blacklist/bin/blacklistctl.c up to 1.17
external/bsd/blacklist/bin/blacklistd.8 up to 1.10
external/bsd/blacklist/bin/blacklistd.c up to 1.32
external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2
external/bsd/blacklist/bin/conf.c up to 1.18
external/bsd/blacklist/bin/conf.h up to 1.6
external/bsd/blacklist/bin/internal.c up to 1.5
external/bsd/blacklist/bin/internal.h up to 1.12
external/bsd/blacklist/bin/run.c up to 1.12
external/bsd/blacklist/bin/run.h up to 1.5
external/bsd/blacklist/bin/state.c up to 1.15
external/bsd/blacklist/bin/state.h up to 1.5
external/bsd/blacklist/bin/support.c up to 1.6
external/bsd/blacklist/bin/support.h up to 1.5
external/bsd/blacklist/etc/rc.d/Makefile up to 1.1
external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1
external/bsd/blacklist/etc/Makefile up to 1.3
external/bsd/blacklist/etc/blacklistd.conf up to 1.3
external/bsd/blacklist/etc/npf.conf up to 1.1
external/bsd/blacklist/Makefile up to 1.2
external/bsd/blacklist/Makefile.inc up to 1.3
external/bsd/blacklist/README up to 1.7
external/bsd/blacklist/TODO up to 1.7
external/bsd/blacklist/diff/ftpd.diff up to 1.1
external/bsd/blacklist/diff/named.diff up to 1.6
external/bsd/blacklist/diff/ssh.diff up to 1.6
external/bsd/blacklist/include/Makefile up to 1.1
external/bsd/blacklist/include/bl.h up to 1.12
external/bsd/blacklist/include/blacklist.h up to 1.3
external/bsd/blacklist/include/config.h new
external/bsd/blacklist/lib/Makefile up to 1.3
external/bsd/blacklist/lib/bl.c up to 1.24
external/bsd/blacklist/lib/blacklist.c up to 1.5
external/bsd/blacklist/lib/libblacklist.3 up to 1.3
external/bsd/blacklist/lib/shlib_version up to 1.1
external/bsd/blacklist/libexec/Makefile up to 1.1
external/bsd/blacklist/libexec/blacklistd-helper up to 1.4
external/bsd/blacklist/port/m4/.cvsignore up to 1.1
external/bsd/blacklist/port/Makefile.am up to 1.4
external/bsd/blacklist/port/_strtoi.h up to 1.1
external/bsd/blacklist/port/clock_gettime.c up to 1.2
external/bsd/blacklist/port/configure.ac up to 1.7
external/bsd/blacklist/port/fgetln.c up to 1.1
external/bsd/blacklist/port/fparseln.c up to 1.1
external/bsd/blacklist/port/getprogname.c up to 1.4
external/bsd/blacklist/port/pidfile.c up to 1.1
external/bsd/blacklist/port/popenve.c up to 1.2
external/bsd/blacklist/port/port.h up to 1.6
external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9
external/bsd/blacklist/port/strlcat.c up to 1.2
external/bsd/blacklist/port/strlcpy.c up to 1.2
external/bsd/blacklist/port/strtoi.c up to 1.3
external/bsd/blacklist/test/Makefile up to 1.2
external/bsd/blacklist/test/cltest.c up to 1.6
external/bsd/blacklist/test/srvtest.c up to 1.9
lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23
libexec/ftpd/pfilter.c up to 1.1
libexec/ftpd/pfilter.h up to 1.1
libexec/ftpd/Makefile up to 1.64
libexec/ftpd/ftpd.c up to 1.201
Add blacklistd(8), a daemon to block and release network ports
on demand to mitigate abuse, and related changes to system daemons
to support it.
[christos, ticket #711]
|
| 1.1.2.1 | 25-Jan-2015 |
riz | file pfilter.c was added on branch netbsd-7 on 2015-04-30 06:07:34 +0000
|
| 1.2 | 04-Jul-2020 |
lukem | add missing RCSIDs
(copyrights could be added too - that's up to christos@)
|
| 1.1 | 25-Jan-2015 |
christos | branches: 1.1.2;
blacklist hooks
|
| 1.1.2.2 | 30-Apr-2015 |
riz | Pull up blacklistd(8), requested by christos in ticket #711:
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2
crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3
crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1
crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1
crypto/external/bsd/openssh/dist/blf.h up to 1.1
crypto/external/bsd/openssh/dist/blocks.c up to 1.3
crypto/external/bsd/openssh/dist/blowfish.c up to 1.2
crypto/external/bsd/openssh/dist/chacha.c up to 1.3
crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3
crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ge25519.c up to 1.3
crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1
crypto/external/bsd/openssh/dist/hash.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3
crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/sc25519.c up to 1.3
crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4
crypto/external/bsd/openssh/dist/ssherr.c up to 1.3
crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshkey.c up to 1.3
crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/verify.c up to 1.3
crypto/external/bsd/openssh/dist/opacket.c up to 1.2
crypto/external/bsd/openssh/dist/umac128.c up to 1.1
crypto/external/bsd/openssh/dist/pfilter.c up to 1.2
crypto/external/bsd/openssh/dist/pfilter.h up to 1.1
crypto/external/bsd/openssh/dist/bitmap.h up to 1.2
crypto/external/bsd/openssh/dist/opacket.h up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2
crypto/external/bsd/openssh/dist/auth2-jpake.c delete
crypto/external/bsd/openssh/dist/compress.c delete
crypto/external/bsd/openssh/dist/compress.h delete
crypto/external/bsd/openssh/dist/jpake.c delete
crypto/external/bsd/openssh/dist/jpake.h delete
crypto/external/bsd/openssh/dist/schnorr.c delete
crypto/external/bsd/openssh/dist/schnorr.h delete
crypto/external/bsd/openssh/dist/strtonum.c 1.1
crypto/external/bsd/openssh/Makefile.inc up to 1.8
crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2
crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12
crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5
crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2
crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8
crypto/external/bsd/openssh/dist/atomicio.c up to 1.6
crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4
crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6
crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7
crypto/external/bsd/openssh/dist/auth-options.c up to 1.9
crypto/external/bsd/openssh/dist/auth-options.h up to 1.6
crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4
crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6
crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5
crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10
crypto/external/bsd/openssh/dist/auth.c up to 1.12
crypto/external/bsd/openssh/dist/auth.h up to 1.10
crypto/external/bsd/openssh/dist/auth1.c up to 1.11
crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4
crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11
crypto/external/bsd/openssh/dist/auth2.c up to 1.11
crypto/external/bsd/openssh/dist/authfd.c up to 1.8
crypto/external/bsd/openssh/dist/authfd.h up to 1.5
crypto/external/bsd/openssh/dist/authfile.c up to 1.10
crypto/external/bsd/openssh/dist/authfile.h up to 1.6
crypto/external/bsd/openssh/dist/bufaux.c up to 1.7
crypto/external/bsd/openssh/dist/bufbn.c up to 1.5
crypto/external/bsd/openssh/dist/bufec.c up to 1.5
crypto/external/bsd/openssh/dist/buffer.c up to 1.6
crypto/external/bsd/openssh/dist/buffer.h up to 1.7
crypto/external/bsd/openssh/dist/canohost.c up to 1.8
crypto/external/bsd/openssh/dist/channels.c up to 1.13
crypto/external/bsd/openssh/dist/channels.h up to 1.10
crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6
crypto/external/bsd/openssh/dist/cipher.c up to 1.7
crypto/external/bsd/openssh/dist/cipher.h up to 1.7
crypto/external/bsd/openssh/dist/clientloop.c up to 1.13
crypto/external/bsd/openssh/dist/compat.c up to 1.9
crypto/external/bsd/openssh/dist/compat.h up to 1.6
crypto/external/bsd/openssh/dist/deattack.c up to 1.4
crypto/external/bsd/openssh/dist/deattack.h up to 1.4
crypto/external/bsd/openssh/dist/dh.c up to 1.8
crypto/external/bsd/openssh/dist/dh.h up to 1.4
crypto/external/bsd/openssh/dist/dispatch.c up to 1.5
crypto/external/bsd/openssh/dist/dispatch.h up to 1.4
crypto/external/bsd/openssh/dist/dns.c up to 1.11
crypto/external/bsd/openssh/dist/dns.h up to 1.6
crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5
crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7
crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8
crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.h up to 1.7
crypto/external/bsd/openssh/dist/includes.h up to 1.4
crypto/external/bsd/openssh/dist/kex.c up to 1.10
crypto/external/bsd/openssh/dist/kex.h up to 1.9
crypto/external/bsd/openssh/dist/kexdh.c up to 1.4
crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6
crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8
crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5
crypto/external/bsd/openssh/dist/kexgex.c up to 1.4
crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6
crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8
crypto/external/bsd/openssh/dist/key.c up to 1.16
crypto/external/bsd/openssh/dist/key.h up to 1.9
crypto/external/bsd/openssh/dist/krl.c up to 1.5
crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/mac.c up to 1.11
crypto/external/bsd/openssh/dist/mac.h up to 1.5
crypto/external/bsd/openssh/dist/match.c up to 1.5
crypto/external/bsd/openssh/dist/misc.c up to 1.10
crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch
crypto/external/bsd/openssh/dist/moduli.c up to 1.8
crypto/external/bsd/openssh/dist/monitor.c up to 1.14
crypto/external/bsd/openssh/dist/monitor.h up to 1.7
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5
crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6
crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8
crypto/external/bsd/openssh/dist/msg.c up to 1.4
crypto/external/bsd/openssh/dist/msg.h up to 1.4
crypto/external/bsd/openssh/dist/mux.c up to 1.11
crypto/external/bsd/openssh/dist/myproposal.h up to 1.10
crypto/external/bsd/openssh/dist/namespace.h up to 1.5
crypto/external/bsd/openssh/dist/packet.c up to 1.18
crypto/external/bsd/openssh/dist/packet.h up to 1.11
crypto/external/bsd/openssh/dist/pathnames.h up to 1.9
crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7
crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4
crypto/external/bsd/openssh/dist/reallocarray.c new
crypto/external/bsd/openssh/dist/readconf.c up to 1.13
crypto/external/bsd/openssh/dist/readconf.h up to 1.12
crypto/external/bsd/openssh/dist/readpass.c up to 1.6
crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7
crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9
crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4
crypto/external/bsd/openssh/dist/rsa.c up to 1.5
crypto/external/bsd/openssh/dist/rsa.h up to 1.4
crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5
crypto/external/bsd/openssh/dist/scp.1 up to 1.9
crypto/external/bsd/openssh/dist/scp.c up to 1.11
crypto/external/bsd/openssh/dist/servconf.c up to 1.17
crypto/external/bsd/openssh/dist/servconf.h up to 1.11
crypto/external/bsd/openssh/dist/serverloop.c up to 1.12
crypto/external/bsd/openssh/dist/session.c up to 1.14
crypto/external/bsd/openssh/dist/session.h up to 1.4
crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13
crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5
crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9
crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11
crypto/external/bsd/openssh/dist/sftp.1 up to 1.11
crypto/external/bsd/openssh/dist/sftp.c up to 1.15
crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9
crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10
crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8
crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14
crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5
crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13
crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16
crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10
crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13
crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9
crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7
crypto/external/bsd/openssh/dist/ssh.1 up to 1.14
crypto/external/bsd/openssh/dist/ssh.c up to 1.16
crypto/external/bsd/openssh/dist/ssh2.h up to 1.6
crypto/external/bsd/openssh/dist/ssh_config up to 1.8
crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13
crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11
crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6
crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6
crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19
crypto/external/bsd/openssh/dist/sshd.8 up to 1.13
crypto/external/bsd/openssh/dist/sshd.c up to 1.18
crypto/external/bsd/openssh/dist/sshd_config up to 1.13
crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17
crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6
crypto/external/bsd/openssh/dist/sshpty.c up to 1.4
crypto/external/bsd/openssh/dist/uidswap.c up to 1.4
crypto/external/bsd/openssh/dist/umac.c up to 1.9
crypto/external/bsd/openssh/dist/version.h up to 1.14
crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5
crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch
crypto/external/bsd/openssh/lib/shlib_version up to 1.13
distrib/sets/lists/base/ad.aarch64 patch
distrib/sets/lists/base/ad.arm patch
distrib/sets/lists/base/ad.mips patch
distrib/sets/lists/base/ad.powerpc patch
distrib/sets/lists/base/md.amd64 patch
distrib/sets/lists/base/md.sparc64 patch
distrib/sets/lists/base/mi patch
distrib/sets/lists/base/shl.mi patch
distrib/sets/lists/comp/ad.aarch64 patch
distrib/sets/lists/comp/ad.arm patch
distrib/sets/lists/comp/ad.mips patch
distrib/sets/lists/comp/ad.powerpc patch
distrib/sets/lists/comp/md.amd64 patch
distrib/sets/lists/comp/md.sparc64 patch
distrib/sets/lists/comp/mi patch
distrib/sets/lists/comp/shl.mi patch
distrib/sets/lists/debug/ad.aarch64 patch
distrib/sets/lists/debug/ad.arm patch
distrib/sets/lists/debug/ad.mips patch
distrib/sets/lists/debug/ad.powerpc patch
distrib/sets/lists/debug/md.amd64 patch
distrib/sets/lists/debug/md.sparc64 patch
distrib/sets/lists/debug/shl.mi patch
distrib/sets/lists/etc/mi patch
distrib/sets/lists/man/mi patch
etc/defaults/rc.conf 1.130
etc/mtree/NetBSD.dist.base 1.142
external/bsd/Makefile up to 1.48
external/bsd/blacklist/bin/Makefile up to 1.11 plus patch
external/bsd/blacklist/bin/blacklistctl.8 up to 1.6
external/bsd/blacklist/bin/blacklistctl.c up to 1.17
external/bsd/blacklist/bin/blacklistd.8 up to 1.10
external/bsd/blacklist/bin/blacklistd.c up to 1.32
external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2
external/bsd/blacklist/bin/conf.c up to 1.18
external/bsd/blacklist/bin/conf.h up to 1.6
external/bsd/blacklist/bin/internal.c up to 1.5
external/bsd/blacklist/bin/internal.h up to 1.12
external/bsd/blacklist/bin/run.c up to 1.12
external/bsd/blacklist/bin/run.h up to 1.5
external/bsd/blacklist/bin/state.c up to 1.15
external/bsd/blacklist/bin/state.h up to 1.5
external/bsd/blacklist/bin/support.c up to 1.6
external/bsd/blacklist/bin/support.h up to 1.5
external/bsd/blacklist/etc/rc.d/Makefile up to 1.1
external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1
external/bsd/blacklist/etc/Makefile up to 1.3
external/bsd/blacklist/etc/blacklistd.conf up to 1.3
external/bsd/blacklist/etc/npf.conf up to 1.1
external/bsd/blacklist/Makefile up to 1.2
external/bsd/blacklist/Makefile.inc up to 1.3
external/bsd/blacklist/README up to 1.7
external/bsd/blacklist/TODO up to 1.7
external/bsd/blacklist/diff/ftpd.diff up to 1.1
external/bsd/blacklist/diff/named.diff up to 1.6
external/bsd/blacklist/diff/ssh.diff up to 1.6
external/bsd/blacklist/include/Makefile up to 1.1
external/bsd/blacklist/include/bl.h up to 1.12
external/bsd/blacklist/include/blacklist.h up to 1.3
external/bsd/blacklist/include/config.h new
external/bsd/blacklist/lib/Makefile up to 1.3
external/bsd/blacklist/lib/bl.c up to 1.24
external/bsd/blacklist/lib/blacklist.c up to 1.5
external/bsd/blacklist/lib/libblacklist.3 up to 1.3
external/bsd/blacklist/lib/shlib_version up to 1.1
external/bsd/blacklist/libexec/Makefile up to 1.1
external/bsd/blacklist/libexec/blacklistd-helper up to 1.4
external/bsd/blacklist/port/m4/.cvsignore up to 1.1
external/bsd/blacklist/port/Makefile.am up to 1.4
external/bsd/blacklist/port/_strtoi.h up to 1.1
external/bsd/blacklist/port/clock_gettime.c up to 1.2
external/bsd/blacklist/port/configure.ac up to 1.7
external/bsd/blacklist/port/fgetln.c up to 1.1
external/bsd/blacklist/port/fparseln.c up to 1.1
external/bsd/blacklist/port/getprogname.c up to 1.4
external/bsd/blacklist/port/pidfile.c up to 1.1
external/bsd/blacklist/port/popenve.c up to 1.2
external/bsd/blacklist/port/port.h up to 1.6
external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9
external/bsd/blacklist/port/strlcat.c up to 1.2
external/bsd/blacklist/port/strlcpy.c up to 1.2
external/bsd/blacklist/port/strtoi.c up to 1.3
external/bsd/blacklist/test/Makefile up to 1.2
external/bsd/blacklist/test/cltest.c up to 1.6
external/bsd/blacklist/test/srvtest.c up to 1.9
lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23
libexec/ftpd/pfilter.c up to 1.1
libexec/ftpd/pfilter.h up to 1.1
libexec/ftpd/Makefile up to 1.64
libexec/ftpd/ftpd.c up to 1.201
Add blacklistd(8), a daemon to block and release network ports
on demand to mitigate abuse, and related changes to system daemons
to support it.
[christos, ticket #711]
|
| 1.1.2.1 | 25-Jan-2015 |
riz | file pfilter.h was added on branch netbsd-7 on 2015-04-30 06:07:34 +0000
|
| 1.38 | 17-Mar-2016 |
christos | volatile for gcc 5
|
| 1.37 | 20-Mar-2010 |
christos | PR/43023: Bruce Cran: FTPD bug remote crash
Since we specify NOCHECK, in the NOMATCH case gl_pathv can be NULL.
(From FreeBSD)
|
| 1.36 | 18-Mar-2009 |
lukem | Fix 'vfork clobber' warning on vax.
Problem noted by and fix confirmed by Olaf 'Rhialto' Seibert.
|
| 1.35 | 15-Mar-2009 |
lukem | Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.
|
| 1.34 | 13-Sep-2008 |
lukem | branches: 1.34.4; 1.34.6; 1.34.8; 1.34.10;
Crank copyright dates
|
| 1.33 | 09-Jun-2008 |
lukem | Don't use non-standard "u_<foo>" types.
Strip trailing whitespace (as well as ':'s) off PAM password prompts.
Improve some debug logging related to PAM.
|
| 1.32 | 28-Apr-2008 |
martin | branches: 1.32.2;
Remove clause 3 and 4 from TNF licenses
|
| 1.31 | 01-Feb-2006 |
christos | branches: 1.31.4; 1.31.18;
debug -> ftpd_debug
xstrdup -> ftpd_strdup
|
| 1.30 | 09-Aug-2004 |
lukem | Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
|
| 1.29 | 07-Aug-2003 |
agc | branches: 1.29.2;
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
|
| 1.28 | 16-Jan-2003 |
kleink | Rename `sigset' locals to avoid symbol shadowing warning.
|
| 1.27 | 01-Dec-2001 |
lukem | branches: 1.27.2;
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2
|
| 1.26 | 25-Apr-2001 |
lukem | crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
|
| 1.25 | 18-Mar-2001 |
christos | don't leak globbed memory.
|
| 1.24 | 16-Mar-2001 |
christos | Use GLOB_LIMIT. Also fix a bug where gl_offs was not initialized and could
contain trash.
|
| 1.23 | 30-Nov-2000 |
lukem | - move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
support if this is to be used on NetBSD.
|
| 1.22 | 20-May-2000 |
lukem | branches: 1.22.4;
- Always close(pdata) if it was a valid filedescriptor before setting it to -1.
Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>,
(part of which already had been solved by itojun a while ago), and provided
patch covered most of the fixes needed. (Thanks Takahiro!)
- Consistently indent goto labels by one space.
|
| 1.21 | 20-May-2000 |
lukem | convert to ANSI C as per style guide
|
| 1.20 | 05-Mar-2000 |
lukem | * don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
|
| 1.19 | 12-Jan-2000 |
lukem | * add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
consistent.
|
| 1.18 | 12-Dec-1999 |
lukem | * change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.
* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.
* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that
* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.
* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)
* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).
* update & reorder copyrights
* use strlcpy() as appropriate
|
| 1.17 | 07-Dec-1999 |
lukem | * change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
(to take advantage of the above changes). fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
|
| 1.16 | 25-Aug-1999 |
christos | branches: 1.16.4;
more kerberos5 fixes
|
| 1.15 | 18-May-1999 |
lukem | * fix a problem in retrieve() where arguments to commands weren't working
(this was broken in the last commit). problem noticed by simonb@
* don't display the stderr output of the internal ls.
* modify usage of lreply so that generally only one `XXX-' code per
`block' is displayed; the rest of the lines have four spaces instead.
i find this easier to read.
* fix a couple places where byte accounting wasn't correct
|
| 1.14 | 17-May-1999 |
lukem | features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.
internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
|
| 1.13 | 24-Feb-1999 |
explorer | branches: 1.13.2;
Make this build with KERBEROS5 defined.
|
| 1.12 | 28-Dec-1998 |
lukem | * replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.
|
| 1.11 | 06-Sep-1998 |
lukem | * complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
otherwise an invalid command after login incorrectly sets the timeout
to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
(instead of `BSD-199506')
* move all extern-ed vars into extern.h
|
| 1.10 | 19-Jun-1998 |
kleink | GLOB_QUOTE is dead; per POSIX, backslash quoting of special characters being
enabled is the default behaviour.
|
| 1.9 | 08-Jun-1998 |
lukem | support displaying the stderr output from a LIST or a conversion to
the user at the end of a transfer.
this generates a file in /tmp, so anonymous requires a
writable ~ftp/tmp, which you may not want to do (because it may
allow people to unwanted upload files).
XXX: a better method of storing the stderr output would be nice, but
is a lot more effort to implement. this feature can at least be
used temporarily whilst debugging why an ftp conversion doesn't
work.
|
| 1.8 | 18-Jun-1997 |
christos | - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
|
| 1.7 | 14-Jun-1997 |
lukem | * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
|
| 1.6 | 27-Apr-1997 |
lukem | * fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups
|
| 1.5 | 11-Apr-1995 |
cgd | clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
|
| 1.4 | 21-Mar-1995 |
mycroft | Use POSIX signals.
|
| 1.3 | 29-Jun-1994 |
deraadt | 4.4-lite, plus our local changes
|
| 1.2 | 01-Aug-1993 |
mycroft | Add RCS identifiers.
|
| 1.1 | 21-Mar-1993 |
cgd | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 29-Mar-1997 |
cjs | 4.4BSD-lite2 import.
|
| 1.1.1.1 | 21-Mar-1993 |
cgd | initial import of 386bsd-0.1 sources
|
| 1.13.2.1 | 01-Apr-2001 |
he | Pull up revision 1.24 (requested by christos):
Fixes buffer overflow problems in glob(3). Adds and uses GLOB_LIMIT
to prevent denial of service attacks.
|
| 1.16.4.1 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.22.4.2 | 26-Aug-2004 |
jmc | Pullup rev 1.26-1.30 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.22.4.1 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.27.2.1 | 31-Aug-2004 |
jmc | Pullup rev 1.28-1.30 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.29.2.1 | 12-Aug-2004 |
jmc | Pullup rev 1.30 (requested by lukem in ticket #757)
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue.
|
| 1.31.18.2 | 17-Jun-2008 |
yamt | sync with head.
|
| 1.31.18.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.31.4.1 | 13-Jun-2010 |
riz | Pull up following revision(s) (requested by dholland in ticket #1395):
libexec/ftpd/popen.c: revision 1.37
PR/43023: Bruce Cran: FTPD bug remote crash
Since we specify NOCHECK, in the NOMATCH case gl_pathv can be NULL.
(From FreeBSD)
|
| 1.32.2.2 | 24-Sep-2008 |
wrstuden | Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
|
| 1.32.2.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.34.10.1 | 21-Apr-2010 |
matt | sync to netbsd-5
|
| 1.34.8.1 | 12-Apr-2010 |
snj | Pull up following revision(s) (requested by lukem in ticket #1372):
libexec/ftpd/popen.c: revision 1.37
PR/43023: Bruce Cran: FTPD bug remote crash
Since we specify NOCHECK, in the NOMATCH case gl_pathv can be NULL.
(From FreeBSD)
|
| 1.34.6.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.34.4.1 | 12-Apr-2010 |
snj | Pull up following revision(s) (requested by lukem in ticket #1372):
libexec/ftpd/popen.c: revision 1.37
PR/43023: Bruce Cran: FTPD bug remote crash
Since we specify NOCHECK, in the NOMATCH case gl_pathv can be NULL.
(From FreeBSD)
|
| 1.1 | 26-Aug-2004 |
jmc | branches: 1.1.2; 1.1.4;
file strsuftoll.c was initially added on branch netbsd-1-5.
|
| 1.1.4.1 | 31-Aug-2004 |
jmc | Pullup rev patch (new) (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.1.2.1 | 26-Aug-2004 |
jmc | Pullup rev new + patch (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.6 | 17-May-1999 |
lukem | features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.
internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
|
| 1.5 | 24-Feb-1999 |
explorer | Make this build with KERBEROS5 defined.
|
| 1.4 | 05-Feb-1999 |
lukem | * actually commit the changes which add support for recognising RFC 2228
commands (even if we don't do anything with them)
* in logcmd(), syslog why realpath() failed (if it did).
|
| 1.3 | 03-Jan-1999 |
lukem | rcsid police
|
| 1.2 | 02-Jan-1999 |
nathanw | Fix compile warning on alpha (%qd and off_t lossage).
|
| 1.1 | 28-Dec-1998 |
lukem | * replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.
|
| 1.3 | 11-Apr-1995 |
cgd | clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
|
| 1.2 | 01-Aug-1993 |
mycroft | Add RCS identifiers.
|
| 1.1 | 21-Mar-1993 |
cgd | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 21-Mar-1993 |
cgd | initial import of 386bsd-0.1 sources
|
| 1.80 | 30-Sep-2023 |
shm | NetBSD-ftpd 20230930
Update version to "NetBSD-ftpd 20230930" for changes:
- fix uninitialized memory usage in count_users()
- fix pam_set_item call with proper struct passed as PAM_SOCKADDR
|
| 1.79 | 22-Sep-2023 |
lukem | version NetBSD-ftpd 20230922 for MLSD/MLST fix
|
| 1.78 | 02-Sep-2023 |
lukem | ftpd: improve seteuid error handling
Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.
|
| 1.77 | 04-Jul-2020 |
lukem | branches: 1.77.6;
NetBSD-ftpd 20200615
Update version to "NetBSD-ftpd 20200615" for changes:
- Increase some buffer sizes.
- Rename blacklist to blocklist.
|
| 1.76 | 29-Jan-2019 |
lukem | branches: 1.76.2;
NetBSD-ftpd 20180428
Update version to "NetBSD-ftpd 20180428" for changes:
- Fix violations of the sequence point rule.
- Check that stat and fstat succeed.
- Support blacklistd(8) hooks.
- Clear utmpx struct before writing it to wtmpx files.
- Fix directory stream leaks.
- Use explicit_memset(3) instead of memset(3) to clear password.
- Fix scope of variable. PR misc/50665.
- Ensure that closing socket exists. CID 603440.
- Add -f option to ftpd to stay in foreground with -D. PR bin/53221.
|
| 1.75 | 21-Mar-2013 |
lukem | branches: 1.75.22; 1.75.30;
Update version to 20110904 for the user-visible change I made back then:
Reduce priority of syslog message if getpeername returns ENOTCONN.
PR bin/18934 by Greg A. Woods (with supplied fix).
|
| 1.74 | 21-Mar-2010 |
lukem | branches: 1.74.6; 1.74.12;
Update version to 20100320 for Christos' commit to popen.c 1.37 for:
PR/43023: Bruce Cran: FTPD bug remote crash
|
| 1.73 | 07-Nov-2009 |
lukem | NetBSD-ftpd 20091107:
* Fix WARNS=4 issues (const & sign mismatches, etc)
* Ensure various ftpd.conf values can't exceed their underlying types.
* Fix for 64 bit time_t and dev_t
* Rename internal getline() function to get_line() so it does
conflict with the getline(3) libc function.
* Log both the hostname and numeric address.
* Improve man page mdoc formatting
|
| 1.72 | 15-Mar-2009 |
lukem | Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.
|
| 1.71 | 02-Mar-2009 |
lukem | bump version for remoteloghost & portability changes
|
| 1.70 | 16-Sep-2008 |
lukem | branches: 1.70.4; 1.70.6; 1.70.8; 1.70.10;
Enhance -C to support an optional @host ('-C user[@host]'):
checks whether user as connecting from host would be granted
access by ftpusers(5).
Support IPv6 in the host directive of ftpusers(5).
(May resolve PR 26555)
Both features from Rudolf Cejka <cejkar@fit.vutbr.cz>
(FreeBSD's tnftpd port maintainer).
|
| 1.69 | 13-Sep-2008 |
lukem | Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.org>
|
| 1.68 | 09-Jun-2008 |
lukem | Don't use non-standard "u_<foo>" types.
Strip trailing whitespace (as well as ':'s) off PAM password prompts.
Improve some debug logging related to PAM.
|
| 1.67 | 28-Apr-2008 |
martin | branches: 1.67.2;
Remove clause 3 and 4 from TNF licenses
|
| 1.66 | 27-Mar-2008 |
lukem | branches: 1.66.2;
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
|
| 1.65 | 25-Sep-2006 |
lukem | branches: 1.65.2; 1.65.12;
Update to 20060923 for the following changes:
20060201
debug -> ftpd_debug
xstrdup -> ftpd_strdup
20060317
* Make sure that "su" is initialized before dereferencing it.
Fixes Coverity CID 1075.
* Set file to NULL after calling fclose().
Fixes Coverity CID 2669.
* Remove unreachable code (res could never be NULL here).
Fixes Coverity CID 712.
20060509
change (mostly) int to socklen_t. GCC 4 doesn't like that int and
socklen_t are different signness.
20060923
Apply patch from PR bin/33261 sent by FUKAOMI Naoki:
"ftpd does not update wtmpx".
|
| 1.64 | 24-Nov-2005 |
lukem | NLST should return 450 instead of 550 upon error, per RFC 959.
|
| 1.63 | 03-Oct-2005 |
lukem | logxfer(): don't use the same buffer to store the results of two separate
concurrent realpath(3)s, otherwise we'll log the wrong information
for a rename.
Noted by Dmitry Sivachenko in private mail.
|
| 1.62 | 24-Aug-2005 |
ginsbach | * Add recvbufsize configuration option
This allows for setting the passive socket's SO_RCVBUF. Option works
similarly to the current sendbufsize configuration option.
* Change how recveive_data() works
When reading data from the socket for passive transfers to the server,
receive_data() now works very similar to send_data_with_read(). Reads
from the network are now done using either the filesystem block size or
the configuration option readsize chunks.
* Crank version.h
[Changes discussed with lukem.]
|
| 1.61 | 04-Aug-2005 |
peter | Implement option "-D", for running ftpd in standalone mode (daemon).
ftpd will listen on the default FTP port for incoming connections and fork
a child for each connection. This is lower overhead than starting ftpd from
inetd(8) and thus might be useful on busy servers to reduce load.
Inspired by FreeBSD.
Reviewed by lukem@.
|
| 1.60 | 26-Jul-2005 |
lukem | Crank version for Christos' utmpx/wtmpx changes on 20050623
|
| 1.59 | 03-Mar-2005 |
ginsbach | branches: 1.59.2; 1.59.4; 1.59.6;
* Add hidesymlinks configuration option
This adds a -L to all ls command arguments so that the file or directory
the link references is listed rather than the link itself. This was
inspired by IRIX ftpd's -S option.
[Discussed with lukem some time ago.]
* Crank version.h [right Luke? :-)]
|
| 1.58 | 19-Nov-2004 |
ginsbach | * Don't allow accounts with age expired passwords to login. Any account
that is required to change their password will not be allowed FTP
access. Inspired by similar functionality in other FTP daemons.
(approved by lukem)
* Crank version to 20041119 per lukem's request.
|
| 1.57 | 09-Aug-2004 |
lukem | Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
|
| 1.56 | 10-Dec-2003 |
lukem | branches: 1.56.2;
Use sysconf(_SC_LOGIN_NAME_MAX) to determine the length of login
names, rather than assuming LOGIN_NAME_MAX.
Based on patch from Garrett Wollman via David O'Brien (both at FreeBSD.org)
|
| 1.55 | 30-Jun-2003 |
tacha | Add ftpd_loginx() and ftpd_logwtmpx() and use them to hold wtmpx file
open while a session.
Close bin/21692 by bqt@Krille.Update.UU.SE.
|
| 1.54 | 26-Feb-2003 |
lukem | Add '-L xferlogfile', to write xferlog entries there rather than syslog them.
Based on work from Dmitry Sivachenko.
|
| 1.53 | 24-Feb-2003 |
lukem | use LLT and STRTOLL() instead of off_t and strtoull() for parsing the
"larger than int" arguments from commands. improves portability.
|
| 1.52 | 23-Feb-2003 |
lukem | rename local copies of login(), logout() and logwtmp() to
ftpd_login(), ftpd_logout() and ftpd_logwtmp() respectively.
(makes utmp support much easier in tnftpd).
per suggestion in mail from Mike Heffner <mheffner@vt.edu>, who
forwarded patch from Michael Ranner <mranner@inode.at>.
|
| 1.51 | 23-Feb-2003 |
lukem | crank version for:
Stop ftpd changing inetd's 'logname'
Stop buffer overrun if {NGROUPS_MAX} is greater than the compile time
NGROUPS_MAX.
|
| 1.50 | 22-Jan-2003 |
lukem | Apply DoS fix as described by Crist J. Clark <crist.clark@attbi.com>
on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository
as libexec/ftpd/ftpd.c rev 1.133:
The FTP daemon was vulnerable to a DoS where an attacker could bind()
up port 20 for an extended period of time and thus lock out all other
users from establishing PORT data connections. Don't hold on to the
bind() while we loop around waiting to see if we can make our
connection.
Bump version to 20030122.
|
| 1.49 | 29-Nov-2002 |
lukem | - convert to using libc's strsuftoll(3)
- use LLT (aka 'long long type') for all numeric class parameters
- improve description of various ftpd.conf(5) options
- statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat
|
| 1.48 | 26-Oct-2002 |
lukem | crank version for statfilecmd() 'fix'
|
| 1.47 | 07-Oct-2002 |
lukem | Change arguments of login_utmp(line, name, host) (to be consistent
with logwtmp(3)/logwtmpx(3)), and call correctly.
Resolves [bin/18498] by Geoff Wing, who identified that the previous
version was being called incorrectly, albiet in a different manner.
|
| 1.46 | 03-Oct-2002 |
lukem | Enable GLOB_BRACE for ftpd.conf(5)'s `notify' directive.
Now it's much easier to list multiple files...
|
| 1.45 | 02-Jul-2002 |
lukem | - Change lexer to support numbers > 2^31-1 (stored in an off_t), and allow
RESTart to use the larger numbers.
Fix from Maxim Konovalov <maxim@freebsd.org>
- Update version
- Minor whitespace changes
|
| 1.44 | 15-Jun-2002 |
lukem | crank copyright
|
| 1.43 | 15-Jun-2002 |
lukem | Implement "SITE UMASK" `enabled command' check with (modified)
check_write(), so that a user who has modify disabled gets an error
message rather than a hung connection.
Noted by M.J. Rutter <mjr19@cus.cam.ac.uk> in private email.
|
| 1.42 | 13-Feb-2002 |
lukem | branches: 1.42.2;
Fixes for mlsd/mlst standards conformance issues (noted by Robert Elz):
- mlst shouldn't return cdir or pdir for type, only dir
- mlst should always provide a full path name
- mlsd should provide a full path name for the cdir entry. (providing a
full path name for the pdir entry is optional, and i punted on that).
|
| 1.41 | 11-Feb-2002 |
lukem | Don't log an xferlog-style entry if bytes == -1.
Per suggestion by Kimmo Suominen and observation of wu-ftpd in similar
circumstances.
|
| 1.40 | 01-Feb-2002 |
lukem | fix previous, and ensure that closedataconn() is only called after dataconn()
and with a non-NULL file pointer. active transfers now work correctly again,
passive transfers work, and the data stream is only closed after a PASV or
EPSV if a successful connection was initiated with dataconn().
|
| 1.39 | 21-Jan-2002 |
lukem | in closedataconn(), only close the passive data fd if the main data
descriptor was set by dataconn(). this fixes a problem for clients (such
as lynx and netscape) that only sent PASV/EPSV after a transfer (RETR, LIST,
STOR) started and returned 150. certain command sequences could return 550
(etc) before setting up the dataconn(), and would run into this bug. netbsd's
ftp didn't hit this bug because it always sends PASV/EPSV before a new
transfer command.
|
| 1.38 | 06-Dec-2001 |
lukem | Fix skey password challenge. Problem reported in [bin/14848] by John F. Woods.
|
| 1.37 | 04-Dec-2001 |
lukem | Add two new ftpd.conf(5) directives:
- 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER
command instead of the PASS command. whilst this might provide some
info leakage of accounts names if you have some `real' or `chroot'
users enabled and not others, it does prevent accidental entering of
such passwords if you have all such users denied. This option is
strongly recommended on anonymous-only servers.
Functionality requested by Rob Windsor in [bin/12602]
- 'private'; don't display class related information in the output of STAT.
For paranoid admins.
|
| 1.36 | 01-Dec-2001 |
lukem | - enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2
|
| 1.35 | 27-Nov-2001 |
lukem | - Don't try and use the motd if it's empty.
Problem reported in [bin/14751] by Kimmo Suominen
- Display conffilename() version of limitfile and motd in status output
|
| 1.34 | 19-Sep-2001 |
lukem | a few changes from Mike Heffner <mheffner@vt.edu> in private email:
- totally clear a glob buffer before use, because FreeBSD depends on
some of the other fields being cleared (other than just gl_offs)
- in strend(), ensure that the source string isn't too large
- remove unnecessarily complicated sizing of proctitle, since snprintf()
will truncate it anyway
|
| 1.33 | 26-Jun-2001 |
lukem | s/tise/tize/ in docco, add "advertize" as synonym for "advertise"
|
| 1.32 | 25-Apr-2001 |
lukem | crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
|
| 1.31 | 17-Apr-2001 |
lukem | use own code instead of bother with glob() to do ~ expansion in pathname;
there's no need to support glob wildcards in this case when it's not expanded
here in the non-~ case
|
| 1.30 | 17-Apr-2001 |
lukem | limit the number of matches in a ~ pathname glob, and complain if more
than one path is matched.
|
| 1.29 | 10-Apr-2001 |
itojun | bump version for IPv4 PASV fix. PR 12558
|
| 1.28 | 29-Mar-2001 |
lukem | crank for GLOB_LIMIT fix
|
| 1.27 | 18-Dec-2000 |
lukem | Features:
* Add ftpd.conf(5) directive `advertise'; change the address that is
advertised to the client for PASV transfers. this may be useful in
certain firewall/NAT environments.
Feature requested in [bin/9606] by Scott Presnell.
* Add -X option; syslog wu-ftpd style xferlog messages, prefixed with
`xferlog: '. An example line from syslog (wrapped):
Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000
2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@ FTP 0 * c
These messages can be converted to a wu-ftpd style xferlog file
suitable for parsing with third-party tools with something like:
grep 'xferlog: ' /var/log/xferlog | \
sed -e 's/^.*xferlog: //' >wuxferlog
The format is the same as the wu-ftpd xferlog entries (with the leading
syslog stuff), but different from the wu-ftpd syslogged xferlog entries
because the latter is not as easy to convert into the standard xferlog
file format.
The choice to only syslog the xferlog messages rather than append to
a /var/log/xferlog file was made because the latter doesn't work to
well in the situation where the logfile is rotated and compressed and
a long-running ftpd still has a file-descriptor to the now nonexistant
xferlog file, and the log message will then get lost.
Feature requested in [bin/11651] by Hubert Feyrer.
Fixes:
* In ftpd(8), clarify the -a and -c options.
* More clarifications in ftpd.conf(5).
* Ensure that all ftpd.conf commands set a parameter back to sane defaults
if an argument of `none' or bad settings are given.
* Support the `chroot' directive for `REAL' users too (for consistency).
* For `GUEST' users, store the supplied password in pw->pw_passwd for use
later in the xferlog.
* If show_chdir_messages() is given a code of -1, flush the cache of
visited directories. Invoke show_chdir_messages(-1) in end_login().
* Only syslog session stats if logging is requested.
* Rename logcmd() -> logxfer(), and dolog() -> logremotehost().
* Use cprintf() instead of fprintf() where appropriate.
* Minor KNF, and make a couple of functions static that were declared static.
|
| 1.26 | 04-Dec-2000 |
itojun | in replydirname(), avoid one-byte overrun.
From: Kristian Vlaardingerbroek <kris@obit.nl> (to bugs@openbsd)
|
| 1.25 | 30-Nov-2000 |
lukem | - move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
support if this is to be used on NetBSD.
|
| 1.24 | 28-Nov-2000 |
lukem | - ensure all uses of AF_INET6 are wrapped in #ifdef INET6
- don't define `ALL' as a token twice in the grammar
|
| 1.23 | 24-Nov-2000 |
itojun | cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach
scope identifier).
always check error result from getnameinfo.
|
| 1.22 | 16-Nov-2000 |
lukem | - new ftpd.conf directives:
maxfilesize set the maximum size of uploaded files
sanenames if set, only permit uploaded filenames that contain
characters from the set "-+,._A-Za-z0-9" and that
don't start with `.'
- new/changed command line options:
-e emailaddr define email address for %E (see below)
-P dataport use dataport as the dataport (instead of ctrlport-1)
-q use pid files to count users [default]
-Q don't use pid files to count users
-u write entries to utmp
-U don't write entries to utmp [default]
-w write entries to wtmp [default]
-W don't write entries to wtmp
NOTE: -U used to mean `write utmp entries'. Its meaning has changed
so that it's orthogonal with -q/-Q and -w/-W. This isn't
considered a major problem, because using -U isn't going to
enable something you don't want, but will disable something
you did want (which is safer).
- new display file escape sequences:
%E email address
%s literal `s' if the previous %M or %N wasn't ``1''.
%S literal `S' if the previous %M or %N wasn't ``1''.
- expand the description of building ~ftp/incoming to cover the
appropriate ftpd.conf(5) directives (which are defaults, but it pays
to explicitly explain them)
- replace strsuftoi() with strsuftoll(), which returns a long long if
supported, otherwise a long
- rework the way that check_modify and check_upload are done in the yacc
parser; they're merged into a common check_write() function which is
called explicitly
- merge all ftpclass `flag variables' into a single bitfield-based flag element
- move various common bits of parse_conf() into a couple of macros
- clean up some comments
|
| 1.21 | 15-Nov-2000 |
lukem | changes to improve portability:
* replace union sockunion {} with struct sockinet {}, and modify the code
accordingly. this is possibly more portable, as it doesn't rely upon
the structure alignment within the union for our own stuff. uses local
su_len unless HAVE_SOCKADDR_SA_LEN is defined (set ifdef BSD4_4)
(XXX: haven't tested the ipv6 stuff)
* always use getaddrinfo() and getnameinfo() instead of maintaining two code
paths. (lukemftpd will provide replacements for these on older systems)
* use lockf() instead of open(.., O_EXLOCK) to lock the pid file
* minor KNF
* clean up long long support: create helper #defines and use as appropriate:
#define NO_LONG_LONG ! NO_LONG_LONG
------- ------------ --------------
LLF "%ld" "%lld"
LLFP(x) "%" x "ld" "%" x "lld"
LLT long long long
ULLF "%lu" "%llu"
ULLFP(x) "%" x "lu" "%" x "llu"
ULLT unsigned long unsigned long long
STRTOLL(x,y,z) strtol(x,y,z) strtoll(x,y,z)
|
| 1.20 | 13-Nov-2000 |
itojun | - improve RFC2428 conformance.
return 522 on unknown protocol identifier on EPRT.
- clarify EPSV/EPRT/LPSV/LPRT behavior.
- repair memory leak and lack of boundary check on EPRT.
- make sure we do not resolve DNS on EPRT.
sync with kame.
|
| 1.19 | 26-Jul-2000 |
lukem | add support for -W; don't log to wtmp (orthogonal of -U which logs to utmp).
inspired by similar option in wuftpd.
|
| 1.18 | 23-Jul-2000 |
lukem | * make checkportcmd the default. this breaks third-party proxy ftp but
prevents the ftp bounce attack, and we should be secure out of the
box, not require users to tweak obscure stuff.
* allow the version string reported to clients to be changed with '-V vers'.
if vers is empty or `-', don't report a version.
* if -r is given, permanently drop root privs
* if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port
> IPPORT_RESERVED+1, permanently drop root privs
* don't bother reverting to root privs to logout of wtmp/utmp; since the
file descriptor is already open this isn't necessary.
* fix the binding of the port for the PORT/LPRT/EPRT connection to be the
ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6
merge). if root privs have been dropped, and this would be a port <
IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant
but it doesn't appear that many clients care).
* prevent login of a new user if privs have been dropped and already logged
in as a REAL user (existing check already stops GUEST & CHROOT users).
* move the port check stuff into a separate port_check() function, and use
for PORT, LPRT, and EPRT checks. inspired by freebsd
* minor KNF
* minor man page cleanup
|
| 1.17 | 17-Jul-2000 |
lukem | * add two new ftpd.conf(5) directives:
chroot specify dir to chroot to for GUEST and CHROOT users, to
override -a anondir or the user's homedir.
homedir specify dir to change to upon login; also used for ~ expansion
and $HOME for subprocesses)
both of these can take % escapes: %u (username), %d (homedir), %c (class).
* fix NLST to take a pathname not a STRING, so that ~ expansion works
* modify CWD to use the homedir parsed from curclass.homedir
* implement format_path(dst, src), to parse src expanding % escapes (see above)
into dst.
* rename format_file() to display_file()
|
| 1.16 | 15-Jul-2000 |
lukem | * add -H, which acts like -h `hostname`. (requested by kim@)
* refer to draft-ietf-ftpext-mlst-11 instead of -10
|
| 1.15 | 10-Jul-2000 |
lukem | base64_encode(): separate out the special case for the last 2 bytes, and
be a bit safer with signed chars. per discussion with kre.
|
| 1.14 | 09-Jul-2000 |
lukem | - base64_encode(): fix garbled output due to fencepost error. output now
appears to match that of 'mimencode' (from metamail).
problem noted by kre@munnari.oz.au.
- fact_unique(): encode a combined dev_t+ino_t chunk rather than separate bits
|
| 1.13 | 09-Jul-2000 |
lukem | setproctitle(), and for any other printf variants, it is not a good idea
to pass variable directly like foo(x). use foo("%s", x) to avoid misuse.
from: openbsd
|
| 1.12 | 19-Jun-2000 |
lukem | branches: 1.12.2;
various fixes suggested by Robert Elz:
* implement closedataconn() and use appropriately (including in mlsd())
* only put leading space in front of MLST output (not MLSD output)
* MLSD: only output pdir and cdir entries when the type fact is requested.
* change error code for giving MLSD a non-directory from 550 to 501
* remove MLSx Type fact support for UNIX.* for now; it's not standardised yet.
* do a check_login when MLSD and MLST are given no args
* detect & complain about null facts in OPTS MLST
* cache getgroups() at login instead of calling each time in fact_perm()
other mods:
* implement cprintf(); as per fprintf() but increments total_bytes{,_out}
* implement CPUTC(); as per putc() but increments total_bytes{,_out}
* implement base64_encode()
* fact_unique() display base64 encoding of dev_t and ino_t rather than
hex output; should scale if size of those changes
* change reply() so that a negative code acts as the initial line in a reply,
code == 0 prefixes the line with 4 spaces, and code > 0 works as before.
deprecate lreply(code, ) and lreply(0, ) in favour of reply(-code, ) and
reply(0, ) respectively.
* use cprintf() and CPUTC() appropriately (often instead of printf(),
lreply(-2, ) or lreply(-1, ).
now we actually account for the data sent by MLST and MLSD.
* remove DEBUG support for sending MLSD output to control connection instead
of data connection (my ftp client now supports MLSD :-)
|
| 1.11 | 14-Jun-2000 |
lukem | major overhaul (just before netbsd 1.5 :-):
* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
we already supported SIZE and MDTM. add the appropriate FEAT output lines.
* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c
* make dataconn(), feat(), lookup(), opts() and sizecmd() public
* modify struct tab so that it has a `flags' instead of `implemented' element,
and remove the `hasopts' element. If flags == 1, the command is implemented.
if flags == 2, the command is implemented and takes options
* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")
* modify lreply() so that lreply(-2, ...) just outputs the given info without
a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;
* enhance statcmd(). still needs work in the LPRT status stuff.
* crank version
|
| 1.10 | 20-May-2000 |
lukem | branches: 1.10.2;
- Always close(pdata) if it was a valid filedescriptor before setting it to -1.
Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>,
(part of which already had been solved by itojun a while ago), and provided
patch covered most of the fixes needed. (Thanks Takahiro!)
- Consistently indent goto labels by one space.
|
| 1.9 | 20-May-2000 |
lukem | convert to ANSI C as per style guide
|
| 1.8 | 05-Mar-2000 |
lukem | * don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
|
| 1.7 | 13-Jan-2000 |
lukem | suppress verbose messages from CWD and post-login if the first
character of the anonymous password is `-'.
|
| 1.6 | 12-Jan-2000 |
lukem | * add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
consistent.
|
| 1.5 | 09-Jan-2000 |
lukem | * new ftpd.conf directive:
template class [refclass]
following directives for refclass will apply to class as well.
this makes setting up a `template' class with many default settings
easy, whilst allowing for class-specific overrides
* prevent crash when the optional limitfile wasn't given to limit
* document count_users()
* document default setting of limit in ftpd.conf(5)
* crank version
|
| 1.4 | 08-Jan-2000 |
lukem | features:
* add connection limits (`limit' keyword in ftpd.conf)
* move initialisation of curclass from parse_conf() to new function
init_curclass()
* implement count_users(), which determines the number of users in a given
class. a file - /var/run/ftpd.pids-<class> - is used to store a list
of pids in use (effectively an array of pid_t's), and its size is reduced
as necessary.
* new % modifiers in format_file:
%c class
%M maximum connection count
%N current connection count
* always end_login()s, even for refused connections
bugs fixed:
* remove \n from %T output
* fix some inconsistencies in the man pages
* ensure that both `ftp' *and* `anonymous' are allowed in ftpusers.
(this was accidently broken in a recent commit to be ``or'' not ``and'')
* use MAXPATHLEN not MAXPATHLEN+1
* crank copyright date on modified files
* crank version
|
| 1.3 | 21-Dec-1999 |
lukem | branches: 1.3.2;
crank version
|
| 1.2 | 19-Dec-1999 |
lukem | * add back support for `-h hostname'; it still may be useful to override
the name advertised to the client, even if ftpd can determine it from
the ip address that ftpd is bound to. requested by mrg.
* remove -4/-6; they were effectively no-ops since itojun's change in 1.75.
* crank version
|
| 1.1 | 18-Dec-1999 |
lukem | * move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit
The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1
|
| 1.3.2.2 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.3.2.1 | 21-Dec-1999 |
wrstuden | file version.h was added on branch wrstuden-devbsize on 1999-12-27 18:30:13 +0000
|
| 1.10.2.1 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.12.2.4 | 26-Aug-2004 |
jmc | Pullup rev 1.29-1.57 (requested by he in ticket #158)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.12.2.3 | 29-Mar-2001 |
lukem | sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28
a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
|
| 1.12.2.2 | 13-Dec-2000 |
he | Apply patch (requested by he):
Fix a one-byte buffer overrun.
Note by appending an 'a' to the version number,
since we do not here upgrade ftpd wholesale.
|
| 1.12.2.1 | 25-Jul-2000 |
lukem | user visible changes (besides checking the cvs log):
* make checkportcmd the default
* add -r; force permanent drop of root privs after login
* add -V vers; change version string to vers
* add -H; act as -h `hostname`
* permanently drop root privs if it makes sense to do so (e.g; logging in as
guest/chroot user on a port > 1024)
* fix reference to draft-ietf-ftpext-mlst-11
* add ftpd.conf directives: chroot, homedir
* fix base64_encode() and generation of the unique fact
* crank version to 20000723
|
| 1.42.2.2 | 31-Aug-2004 |
jmc | Pullup rev 1.44-1.57 (requested by he in ticket #1739)
Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
|
| 1.42.2.1 | 15-Jun-2002 |
lukem | Pull up revision 1.43 (requested by lukem in ticket #282):
Implement "SITE UMASK" `enabled command' check with (modified)
check_write(), so that a user who has modify disabled gets an error
message rather than a hung connection.
Noted by M.J. Rutter <mjr19@cus.cam.ac.uk> in private email.
|
| 1.56.2.1 | 12-Aug-2004 |
jmc | Pullup rev 1.57 (requested by lukem in ticket #757)
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue.
|
| 1.59.6.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.59.4.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.59.2.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.65.12.2 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1202):
libexec/ftpd/ftpd.c: revision 1.187
libexec/ftpd/extern.h: revision 1.58
libexec/ftpd/version.h: patch
libexec/ftpd/ftpcmd.y: revision 1.88
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.65.12.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1201):
libexec/ftpd/ftpd.c: revision 1.183
libexec/ftpd/Makefile: revision 1.58
libexec/ftpd/version.h: revision 1.66
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
|
| 1.65.2.2 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1202):
libexec/ftpd/ftpd.c: revision 1.187
libexec/ftpd/extern.h: revision 1.58
libexec/ftpd/version.h: patch
libexec/ftpd/ftpcmd.y: revision 1.88
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit <moritz@OpenBSD.o=
rg>
|
| 1.65.2.1 | 18-Sep-2008 |
bouyer | Pull up following revision(s) (requested by lukem in ticket #1201):
libexec/ftpd/ftpd.c: revision 1.183
libexec/ftpd/Makefile: revision 1.58
libexec/ftpd/version.h: revision 1.66
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.
This is independent of (and effectively exclusive to) USE_SKEY support.
Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.
|
| 1.66.2.2 | 17-Jun-2008 |
yamt | sync with head.
|
| 1.66.2.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.67.2.2 | 24-Sep-2008 |
wrstuden | Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
|
| 1.67.2.1 | 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.70.10.1 | 21-Apr-2010 |
matt | sync to netbsd-5
|
| 1.70.8.1 | 12-Apr-2010 |
snj | Pull up following revision(s) (requested by lukem in ticket #1372):
libexec/ftpd/version.h: revision 1.74
Update version to 20100320 for Christos' commit to popen.c 1.37 for:
PR/43023: Bruce Cran: FTPD bug remote crash
|
| 1.70.6.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.70.4.1 | 12-Apr-2010 |
snj | Pull up following revision(s) (requested by lukem in ticket #1372):
libexec/ftpd/version.h: revision 1.74
Update version to 20100320 for Christos' commit to popen.c 1.37 for:
PR/43023: Bruce Cran: FTPD bug remote crash
|
| 1.74.12.1 | 23-Jun-2013 |
tls | resync from head
|
| 1.74.6.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.75.30.1 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.75.22.2 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1907):
libexec/ftpd/version.h: revision 1.80
NetBSD-ftpd 20230930
Update version to "NetBSD-ftpd 20230930" for changes:
- fix uninitialized memory usage in count_users()
- fix pam_set_item call with proper struct passed as PAM_SOCKADDR
|
| 1.75.22.1 | 03-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1903):
libexec/ftpd/ftpd.c: revision 1.207
libexec/ftpd/version.h: revision 1.78
ftpd: improve seteuid error handling
Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.
|
| 1.76.2.2 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1743):
libexec/ftpd/version.h: revision 1.80
NetBSD-ftpd 20230930
Update version to "NetBSD-ftpd 20230930" for changes:
- fix uninitialized memory usage in count_users()
- fix pam_set_item call with proper struct passed as PAM_SOCKADDR
|
| 1.76.2.1 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #1739):
libexec/ftpd/ftpd.c: revision 1.207
libexec/ftpd/version.h: revision 1.78
ftpd: improve seteuid error handling
Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.
|
| 1.77.6.2 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #390):
libexec/ftpd/version.h: revision 1.80
NetBSD-ftpd 20230930
Update version to "NetBSD-ftpd 20230930" for changes:
- fix uninitialized memory usage in count_users()
- fix pam_set_item call with proper struct passed as PAM_SOCKADDR
|
| 1.77.6.1 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by lukem in ticket #385):
libexec/ftpd/ftpd.c: revision 1.207
libexec/ftpd/version.h: revision 1.78
ftpd: improve seteuid error handling
Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.
|
