ftpd: deduplicate gcc warning avoidance
OK lukem@

bsd.own.mk: rename GCC_NO_* to CC_WNO_*

Rename compiler-warning-disable variables from
GCC_NO_warning
to
CC_WNO_warning
where warning is the full warning name as used by the compiler.

GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH

Using the convention CC_compilerflag, where compilerflag
is based on the full compiler flag name.

Rename blacklist -> blocklist

use strncpy...

introduce some common variables for use in GCC warning disables:

GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)

use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.


we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."

branches: 1.65.4;
add LIBKRB5_LDADD/LIBKRB5_DPADD and their static counterparts
to bsd.prog.mk. use them instead of hard coding various lists
of libraries for krb5.

this fixes static builds.

blacklist hooks

branches: 1.63.20;
remove gcc-4.5 hack

apply some -Wno-error and/or -fno-strict-aliasing.


all of this should be looked at closer, but some of them are not
very trivial.

We no longer need -I/usr/include/krb5.

Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.

branches: 1.59.6;
Support building with -DNO_INTERNAL_LS

branches: 1.58.4;
Reorganize USE_PAM support so that the reply(331,) from USER is
performed by the pam_conv (PAM conversation) callback, which then
getline()s the PASS reply internally. This involves calling
auth_pam() from user() and caching the result to use later in pass().
This allows the PAM modules to present a different password prompt
dialog if necesary. For example:
Name (localhost:lukem):
331 User lukem accepted, provide password [ otp-md4 89 xxxx12345 ].
versus
Name (localhost:lukem): root
331 User root accepted, provide password.

This is independent of (and effectively exclusive to) USE_SKEY support.

Previously ftpd with USE_SKEY=yes would provide the skey prompt
if the user had an skey configured, even if /etc/pam.d/ftpd didn't
have pam_skey in use.
I.e., ftpd shouldn't need special support for custom password prompts
(such as skey) if PAM is in use.

Complete the move of string_to_flags() and flags_to_string() from the
bin/ls sources to libutil:
o Bump libutil minor version number
o Fix uses to include <util.h> to pick up the function definitions
o Fix most uses of flags_to_string() to release the now-malloc()ed result

branches: 1.56.4; 1.56.8;
Remove more references to kerberosIV.

Add -lcrypt where -lcrypto is specified.

Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications. The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.

Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined,
then we don't fall back to other authentications even if PAM fails due
to a system error (e.g. configuration problem).

Only compile in IPv6 support if ${USE_INET6} != "no"

MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).

split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se
(build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no)

use bsd.own.mk instead of the (obvious typo of) bsd.obj.mk

enable utmpx support. this doesn't work correctly for chrooted ftpd's, but
I am leaving it to luke to fix.

Disable UTMPX support for now, because ftpd might chroot and we need
to keep files open.

Use ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path

branches: 1.46.2;
Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
of the infratsructure (libraries, support programs, etc.)

* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
building of support for using the corresponding API
in various libraries/programs that can use it.

As discussed on tech-toolchain.

- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2

- move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
support if this is to be used on NetBSD.

Make things builds with GCC 2.96

branches: 1.42.2;
Merge a bunch of things from crypto-us and crypto-intl into basesrc,
adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate
bsd.crypto.mk.

There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.

major overhaul (just before netbsd 1.5 :-):

* implement draft-ietf-ftpext-mlst-10 commands, especially MLST and MLSD.
we already supported SIZE and MDTM. add the appropriate FEAT output lines.

* migrate a lot of the command code from ftpcmd.y and ftpd.c to cmds.c

* make dataconn(), feat(), lookup(), opts() and sizecmd() public

* modify struct tab so that it has a `flags' instead of `implemented' element,
and remove the `hasopts' element. If flags == 1, the command is implemented.
if flags == 2, the command is implemented and takes options

* add macros ISDOTDIR(x) (is x ".") and ISDOTDOTDIR(x) (is x "..")

* modify lreply() so that lreply(-2, ...) just outputs the given info without
a prefix or trailing \r\n. this saves doing b = printf(); total_* += b;

* enhance statcmd(). still needs work in the LPRT status stuff.

* crank version

branches: 1.40.2;
* don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE

* move version to separate header file
* use .Dv and .Tn in the man pages as appropriate
* KNF a bit

The following were inspired by similar changes in openbsd, but may
have additional improvements by me:
* add more check_login tests to the parser rules
* nuke a few memory leaks in the parser rules
* clear passwords before free()ing them, for safety
* don't display \r\n in setproctitle() output
* add support for -U, which enables managing /var/run/utmp entries for
connections. solves [bin/2217] by Jason Downs <downsj@teeny.org>
* fix oob handling for STAT command
* use SIG_ERR instead of -1

install ftpusers(5) as ftpchroot(5). more cleanups

separate ftpd.conf(5) and ftpusers(5) out from ftpd(8).

xxx: still needs a bit of work

* change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
(to take advantage of the above changes). fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.

branches: 1.35.4;
optionally include CRYPTOPATH Makefile.frag files.

Use bsd.crypto.mk.

dual-stack ftpd. run this from inetd, like:
>>ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll

Remove the .ifdef to compile without optimization on powerpc since the
bug that it was working around doesn't seem to exist in egcs

features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.

internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting

Remove the crypto-related bits until such time as we have a fully-
integrated source tree. Export-controlled versions of these are now
built during the domestic build process.

* replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.

* complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
otherwise an invalid command after login incorrectly sets the timeout
to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
(instead of `BSD-199506')
* move all extern-ed vars into extern.h

fix disabling of optimization on powerpc (set COPTS *after* <bsd.prog.mk>...)

.y.c <sys.mk> rule fixes. Don't create a y.tab.h file unless asked for,
and use smarter creation of the header file.

add a "checkportcmd <class>" option that stops ftp bounce attacks.

branches: 1.24.2;
SRCS must be defined *before* bsd.prog.mk is included...

Add some krb5 hooks, though it probably doesn't work yet.

Oops; fix typo.

Conditionalize s/key support.

merge lite-2 Makefiles (rcsids), and turn on WARNS for all of libexec.

Add WARNS=1

- Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.

* implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.

* fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups

Don't compile this with -O on the PowerPC - cc1 cores.

Changes to make anonymous uploads more secure. For anonymous users:
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.

add -Dunix to CFLAGS

clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)

specify man pages the new way.

As long as KERBEROS is here at least let it compile cleanly...

branches: 1.9.2;
4.4-lite, plus our local changes

add skey support

use setproctitle

some changes to make Kerberos a bit easier to use. from
Michael Graff <explorer@vorpal.com>, with some work by myself...

always use libcrypt

Add RCS identifiers.

changed to use new libcrypt scheme.

added support for using real crypt

branches: 1.1.1;
Initial revision