ftpd.c revision 1.5
1 /* 2 * Copyright (c) 1985, 1988, 1990 Regents of the University of California. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #ifndef lint 35 char copyright[] = 36 "@(#) Copyright (c) 1985, 1988, 1990 Regents of the University of California.\n\ 37 All rights reserved.\n"; 38 #endif /* not lint */ 39 40 #ifndef lint 41 /*static char sccsid[] = "from: @(#)ftpd.c 5.40 (Berkeley) 7/2/91";*/ 42 static char rcsid[] = "$Id: ftpd.c,v 1.5 1994/04/06 20:50:05 cgd Exp $"; 43 #endif /* not lint */ 44 45 /* 46 * FTP server. 47 */ 48 #include <sys/param.h> 49 #include <sys/stat.h> 50 #include <sys/ioctl.h> 51 #include <sys/socket.h> 52 #include <sys/wait.h> 53 54 #include <netinet/in.h> 55 #include <netinet/in_systm.h> 56 #include <netinet/ip.h> 57 58 #define FTP_NAMES 59 #include <arpa/ftp.h> 60 #include <arpa/inet.h> 61 #include <arpa/telnet.h> 62 63 #include <signal.h> 64 #include <dirent.h> 65 #include <fcntl.h> 66 #include <time.h> 67 #include <pwd.h> 68 #include <setjmp.h> 69 #include <netdb.h> 70 #include <errno.h> 71 #include <syslog.h> 72 #include <varargs.h> 73 #include <unistd.h> 74 #include <stdio.h> 75 #include <ctype.h> 76 #include <stdlib.h> 77 #include <string.h> 78 #include "pathnames.h" 79 80 /* 81 * File containing login names 82 * NOT to be used on this machine. 83 * Commonly used to disallow uucp. 84 */ 85 extern int errno; 86 extern char *crypt(); 87 extern char version[]; 88 extern char *home; /* pointer to home directory for glob */ 89 extern FILE *ftpd_popen(), *fopen(), *freopen(); 90 extern int ftpd_pclose(), fclose(); 91 extern char *getline(); 92 extern char cbuf[]; 93 extern off_t restart_point; 94 95 struct sockaddr_in ctrl_addr; 96 struct sockaddr_in data_source; 97 struct sockaddr_in data_dest; 98 struct sockaddr_in his_addr; 99 struct sockaddr_in pasv_addr; 100 101 int data; 102 jmp_buf errcatch, urgcatch; 103 int logged_in; 104 struct passwd *pw; 105 int debug; 106 int timeout = 900; /* timeout after 15 minutes of inactivity */ 107 int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */ 108 int logging; 109 int guest; 110 int dochroot; 111 int type; 112 int form; 113 int stru; /* avoid C keyword */ 114 int mode; 115 int usedefault = 1; /* for data transfers */ 116 int pdata = -1; /* for passive mode */ 117 int transflag; 118 off_t file_size; 119 off_t byte_count; 120 #if !defined(CMASK) || CMASK == 0 121 #undef CMASK 122 #define CMASK 027 123 #endif 124 int defumask = CMASK; /* default umask value */ 125 char tmpline[7]; 126 char hostname[MAXHOSTNAMELEN]; 127 char remotehost[MAXHOSTNAMELEN]; 128 129 #if defined(KERBEROS) 130 int notickets = 1; 131 char *krbtkfile_env = NULL; 132 #endif 133 134 /* 135 * Timeout intervals for retrying connections 136 * to hosts that don't accept PORT cmds. This 137 * is a kludge, but given the problems with TCP... 138 */ 139 #define SWAITMAX 90 /* wait at most 90 seconds */ 140 #define SWAITINT 5 /* interval between retries */ 141 142 int swaitmax = SWAITMAX; 143 int swaitint = SWAITINT; 144 145 void lostconn(), myoob(); 146 FILE *getdatasock(), *dataconn(); 147 148 #ifdef SETPROCTITLE 149 char **Argv = NULL; /* pointer to argument vector */ 150 char *LastArgv = NULL; /* end of argv */ 151 char proctitle[BUFSIZ]; /* initial part of title */ 152 #endif /* SETPROCTITLE */ 153 154 main(argc, argv, envp) 155 int argc; 156 char *argv[]; 157 char **envp; 158 { 159 int addrlen, on = 1, tos; 160 char *cp; 161 162 /* 163 * LOG_NDELAY sets up the logging connection immediately, 164 * necessary for anonymous ftp's that chroot and can't do it later. 165 */ 166 openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); 167 addrlen = sizeof (his_addr); 168 if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { 169 syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); 170 exit(1); 171 } 172 addrlen = sizeof (ctrl_addr); 173 if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) { 174 syslog(LOG_ERR, "getsockname (%s): %m",argv[0]); 175 exit(1); 176 } 177 #ifdef IP_TOS 178 tos = IPTOS_LOWDELAY; 179 if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0) 180 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); 181 #endif 182 data_source.sin_port = htons(ntohs(ctrl_addr.sin_port) - 1); 183 debug = 0; 184 #ifdef SETPROCTITLE 185 /* 186 * Save start and extent of argv for setproctitle. 187 */ 188 Argv = argv; 189 while (*envp) 190 envp++; 191 LastArgv = envp[-1] + strlen(envp[-1]); 192 #endif /* SETPROCTITLE */ 193 194 argc--, argv++; 195 while (argc > 0 && *argv[0] == '-') { 196 for (cp = &argv[0][1]; *cp; cp++) switch (*cp) { 197 198 case 'v': 199 debug = 1; 200 break; 201 202 case 'd': 203 debug = 1; 204 break; 205 206 case 'l': 207 logging = 1; 208 break; 209 210 case 't': 211 timeout = atoi(++cp); 212 if (maxtimeout < timeout) 213 maxtimeout = timeout; 214 goto nextopt; 215 216 case 'T': 217 maxtimeout = atoi(++cp); 218 if (timeout > maxtimeout) 219 timeout = maxtimeout; 220 goto nextopt; 221 222 case 'u': 223 { 224 int val = 0; 225 226 while (*++cp && *cp >= '0' && *cp <= '9') 227 val = val*8 + *cp - '0'; 228 if (*cp) 229 fprintf(stderr, "ftpd: Bad value for -u\n"); 230 else 231 defumask = val; 232 goto nextopt; 233 } 234 235 default: 236 fprintf(stderr, "ftpd: Unknown flag -%c ignored.\n", 237 *cp); 238 break; 239 } 240 nextopt: 241 argc--, argv++; 242 } 243 (void) freopen(_PATH_DEVNULL, "w", stderr); 244 (void) signal(SIGPIPE, lostconn); 245 (void) signal(SIGCHLD, SIG_IGN); 246 if ((int)signal(SIGURG, myoob) < 0) 247 syslog(LOG_ERR, "signal: %m"); 248 249 /* Try to handle urgent data inline */ 250 #ifdef SO_OOBINLINE 251 if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on)) < 0) 252 syslog(LOG_ERR, "setsockopt: %m"); 253 #endif 254 255 #ifdef F_SETOWN 256 if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1) 257 syslog(LOG_ERR, "fcntl F_SETOWN: %m"); 258 #endif 259 dolog(&his_addr); 260 /* 261 * Set up default state 262 */ 263 data = -1; 264 type = TYPE_A; 265 form = FORM_N; 266 stru = STRU_F; 267 mode = MODE_S; 268 tmpline[0] = '\0'; 269 (void) gethostname(hostname, sizeof (hostname)); 270 reply(220, "%s FTP server (%s) ready.", hostname, version); 271 (void) setjmp(errcatch); 272 for (;;) 273 (void) yyparse(); 274 /* NOTREACHED */ 275 } 276 277 void 278 lostconn() 279 { 280 if (debug) 281 syslog(LOG_DEBUG, "lost connection"); 282 dologout(-1); 283 } 284 285 static char ttyline[20]; 286 287 /* 288 * Helper function for sgetpwnam(). 289 */ 290 char * 291 sgetsave(s) 292 char *s; 293 { 294 char *new = malloc((unsigned) strlen(s) + 1); 295 296 if (new == NULL) { 297 perror_reply(421, "Local resource failure: malloc"); 298 dologout(1); 299 /* NOTREACHED */ 300 } 301 (void) strcpy(new, s); 302 return (new); 303 } 304 305 /* 306 * Save the result of a getpwnam. Used for USER command, since 307 * the data returned must not be clobbered by any other command 308 * (e.g., globbing). 309 */ 310 struct passwd * 311 sgetpwnam(name) 312 char *name; 313 { 314 static struct passwd save; 315 register struct passwd *p; 316 char *sgetsave(); 317 318 if ((p = getpwnam(name)) == NULL) 319 return (p); 320 if (save.pw_name) { 321 free(save.pw_name); 322 free(save.pw_passwd); 323 free(save.pw_gecos); 324 free(save.pw_dir); 325 free(save.pw_shell); 326 } 327 save = *p; 328 save.pw_name = sgetsave(p->pw_name); 329 save.pw_passwd = sgetsave(p->pw_passwd); 330 save.pw_gecos = sgetsave(p->pw_gecos); 331 save.pw_dir = sgetsave(p->pw_dir); 332 save.pw_shell = sgetsave(p->pw_shell); 333 return (&save); 334 } 335 336 int login_attempts; /* number of failed login attempts */ 337 int askpasswd; /* had user command, ask for passwd */ 338 339 /* 340 * USER command. 341 * Sets global passwd pointer pw if named account exists and is acceptable; 342 * sets askpasswd if a PASS command is expected. If logged in previously, 343 * need to reset state. If name is "ftp" or "anonymous", the name is not in 344 * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return. 345 * If account doesn't exist, ask for passwd anyway. Otherwise, check user 346 * requesting login privileges. Disallow anyone who does not have a standard 347 * shell as returned by getusershell(). Disallow anyone mentioned in the file 348 * _PATH_FTPUSERS to allow people such as root and uucp to be avoided. 349 */ 350 user(name) 351 char *name; 352 { 353 register char *cp; 354 char *shell; 355 char *getusershell(); 356 357 if (logged_in) { 358 if (guest) { 359 reply(530, "Can't change user from guest login."); 360 return; 361 } else if (dochroot) { 362 reply(530, "Can't change user from chroot user."); 363 return; 364 } 365 end_login(); 366 } 367 368 guest = 0; 369 if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { 370 if (checkuser(_PATH_FTPUSERS, "ftp") || 371 checkuser(_PATH_FTPUSERS, "anonymous")) 372 reply(530, "User %s access denied.", name); 373 else if ((pw = sgetpwnam("ftp")) != NULL) { 374 guest = 1; 375 askpasswd = 1; 376 reply(331, "Guest login ok, send ident as password."); 377 } else 378 reply(530, "User %s unknown.", name); 379 return; 380 } 381 if (pw = sgetpwnam(name)) { 382 if ((shell = pw->pw_shell) == NULL || *shell == 0) 383 shell = _PATH_BSHELL; 384 while ((cp = getusershell()) != NULL) 385 if (strcmp(cp, shell) == 0) 386 break; 387 endusershell(); 388 if (cp == NULL || checkuser(_PATH_FTPUSERS, name)) { 389 reply(530, "User %s access denied.", name); 390 if (logging) 391 syslog(LOG_NOTICE, 392 "FTP LOGIN REFUSED FROM %s, %s", 393 remotehost, name); 394 pw = (struct passwd *) NULL; 395 return; 396 } 397 } 398 reply(331, "Password required for %s.", name); 399 askpasswd = 1; 400 /* 401 * Delay before reading passwd after first failed 402 * attempt to slow down passwd-guessing programs. 403 */ 404 if (login_attempts) 405 sleep((unsigned) login_attempts); 406 } 407 408 /* 409 * Check if a user is in the file "fname" 410 */ 411 checkuser(fname, name) 412 char *fname; 413 char *name; 414 { 415 register FILE *fd; 416 register char *p; 417 char line[BUFSIZ]; 418 419 if ((fd = fopen(fname, "r")) != NULL) { 420 while (fgets(line, sizeof(line), fd) != NULL) 421 if ((p = index(line, '\n')) != NULL) { 422 *p = '\0'; 423 if (line[0] == '#') 424 continue; 425 if (strcmp(line, name) == 0) 426 return (1); 427 } 428 (void) fclose(fd); 429 } 430 return (0); 431 } 432 433 /* 434 * Terminate login as previous user, if any, resetting state; 435 * used when USER command is given or login fails. 436 */ 437 end_login() 438 { 439 440 (void) seteuid((uid_t)0); 441 if (logged_in) 442 logwtmp(ttyline, "", ""); 443 pw = NULL; 444 logged_in = 0; 445 guest = 0; 446 dochroot = 0; 447 } 448 449 pass(passwd) 450 char *passwd; 451 { 452 int rval; 453 454 if (logged_in || askpasswd == 0) { 455 reply(503, "Login with USER first."); 456 return; 457 } 458 askpasswd = 0; 459 if (!guest) { /* "ftp" is only account allowed no password */ 460 if (pw == NULL) 461 rval = 1; /* failure below */ 462 else 463 #if defined(KERBEROS) 464 rval = klogin(pw, "", hostname, passwd); 465 if (rval == 1) 466 #endif 467 /* the strcmp does not catch null passwords! */ 468 if (pw == NULL || *pw->pw_passwd == '\0') 469 rval = 1; /* failure */ 470 else 471 rval = strcmp(crypt(passwd, (pw ? pw->pw_passwd : "xx")), 472 pw->pw_passwd); 473 474 /* 475 * If rval == 1, the user failed the authentication check 476 * above. If rval == 0, either Kerberos or local authentication 477 * succeeded. 478 */ 479 if (rval) { 480 reply(530, "Login incorrect."); 481 pw = NULL; 482 if (login_attempts++ >= 5) { 483 syslog(LOG_NOTICE, 484 "repeated login failures from %s", 485 remotehost); 486 exit(0); 487 } 488 return; 489 } 490 } 491 login_attempts = 0; /* this time successful */ 492 (void) setegid((gid_t)pw->pw_gid); 493 (void) initgroups(pw->pw_name, pw->pw_gid); 494 495 /* open wtmp before chroot */ 496 (void)sprintf(ttyline, "ftp%d", getpid()); 497 logwtmp(ttyline, pw->pw_name, remotehost); 498 logged_in = 1; 499 500 dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name); 501 if (guest) { 502 /* 503 * We MUST do a chdir() after the chroot. Otherwise 504 * the old current directory will be accessible as "." 505 * outside the new root! 506 */ 507 if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { 508 reply(550, "Can't set guest privileges."); 509 goto bad; 510 } 511 } else if (dochroot) { 512 if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { 513 reply(550, "Can't change root."); 514 goto bad; 515 } 516 } else if (chdir(pw->pw_dir) < 0) { 517 if (chdir("/") < 0) { 518 reply(530, "User %s: can't change directory to %s.", 519 pw->pw_name, pw->pw_dir); 520 goto bad; 521 } else 522 lreply(230, "No directory! Logging in with home=/"); 523 } 524 if (seteuid((uid_t)pw->pw_uid) < 0) { 525 reply(550, "Can't set uid."); 526 goto bad; 527 } 528 if (guest) { 529 reply(230, "Guest login ok, access restrictions apply."); 530 #ifdef SETPROCTITLE 531 sprintf(proctitle, "%s: anonymous/%.*s", remotehost, 532 sizeof(proctitle) - sizeof(remotehost) - 533 sizeof(": anonymous/"), passwd); 534 setproctitle(proctitle); 535 #endif /* SETPROCTITLE */ 536 if (logging) 537 syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s, %s", 538 remotehost, passwd); 539 } else { 540 reply(230, "User %s logged in.", pw->pw_name); 541 #ifdef SETPROCTITLE 542 sprintf(proctitle, "%s: %s", remotehost, pw->pw_name); 543 setproctitle(proctitle); 544 #endif /* SETPROCTITLE */ 545 if (logging) 546 syslog(LOG_INFO, "FTP LOGIN FROM %s, %s", 547 remotehost, pw->pw_name); 548 } 549 home = pw->pw_dir; /* home dir for globbing */ 550 (void) umask(defumask); 551 return; 552 bad: 553 /* Forget all about it... */ 554 end_login(); 555 } 556 557 retrieve(cmd, name) 558 char *cmd, *name; 559 { 560 FILE *fin, *dout; 561 struct stat st; 562 int (*closefunc)(); 563 564 if (cmd == 0) { 565 fin = fopen(name, "r"), closefunc = fclose; 566 st.st_size = 0; 567 } else { 568 char line[BUFSIZ]; 569 570 (void) sprintf(line, cmd, name), name = line; 571 fin = ftpd_popen(line, "r"), closefunc = ftpd_pclose; 572 st.st_size = -1; 573 st.st_blksize = BUFSIZ; 574 } 575 if (fin == NULL) { 576 if (errno != 0) 577 perror_reply(550, name); 578 return; 579 } 580 if (cmd == 0 && 581 (fstat(fileno(fin), &st) < 0 || (st.st_mode&S_IFMT) != S_IFREG)) { 582 reply(550, "%s: not a plain file.", name); 583 goto done; 584 } 585 if (restart_point) { 586 if (type == TYPE_A) { 587 register int i, n, c; 588 589 n = restart_point; 590 i = 0; 591 while (i++ < n) { 592 if ((c=getc(fin)) == EOF) { 593 perror_reply(550, name); 594 goto done; 595 } 596 if (c == '\n') 597 i++; 598 } 599 } else if (lseek(fileno(fin), restart_point, L_SET) < 0) { 600 perror_reply(550, name); 601 goto done; 602 } 603 } 604 dout = dataconn(name, st.st_size, "w"); 605 if (dout == NULL) 606 goto done; 607 send_data(fin, dout, st.st_blksize); 608 (void) fclose(dout); 609 data = -1; 610 pdata = -1; 611 done: 612 (*closefunc)(fin); 613 } 614 615 store(name, mode, unique) 616 char *name, *mode; 617 int unique; 618 { 619 FILE *fout, *din; 620 struct stat st; 621 int (*closefunc)(); 622 char *gunique(); 623 624 if (unique && stat(name, &st) == 0 && 625 (name = gunique(name)) == NULL) 626 return; 627 628 if (restart_point) 629 mode = "r+w"; 630 fout = fopen(name, mode); 631 closefunc = fclose; 632 if (fout == NULL) { 633 perror_reply(553, name); 634 return; 635 } 636 if (restart_point) { 637 if (type == TYPE_A) { 638 register int i, n, c; 639 640 n = restart_point; 641 i = 0; 642 while (i++ < n) { 643 if ((c=getc(fout)) == EOF) { 644 perror_reply(550, name); 645 goto done; 646 } 647 if (c == '\n') 648 i++; 649 } 650 /* 651 * We must do this seek to "current" position 652 * because we are changing from reading to 653 * writing. 654 */ 655 if (fseek(fout, 0L, L_INCR) < 0) { 656 perror_reply(550, name); 657 goto done; 658 } 659 } else if (lseek(fileno(fout), restart_point, L_SET) < 0) { 660 perror_reply(550, name); 661 goto done; 662 } 663 } 664 din = dataconn(name, (off_t)-1, "r"); 665 if (din == NULL) 666 goto done; 667 if (receive_data(din, fout) == 0) { 668 if (unique) 669 reply(226, "Transfer complete (unique file name:%s).", 670 name); 671 else 672 reply(226, "Transfer complete."); 673 } 674 (void) fclose(din); 675 data = -1; 676 pdata = -1; 677 done: 678 (*closefunc)(fout); 679 } 680 681 FILE * 682 getdatasock(mode) 683 char *mode; 684 { 685 int s, on = 1, tries; 686 687 if (data >= 0) 688 return (fdopen(data, mode)); 689 (void) seteuid((uid_t)0); 690 s = socket(AF_INET, SOCK_STREAM, 0); 691 if (s < 0) 692 goto bad; 693 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, 694 (char *) &on, sizeof (on)) < 0) 695 goto bad; 696 /* anchor socket to avoid multi-homing problems */ 697 data_source.sin_family = AF_INET; 698 data_source.sin_addr = ctrl_addr.sin_addr; 699 for (tries = 1; ; tries++) { 700 if (bind(s, (struct sockaddr *)&data_source, 701 sizeof (data_source)) >= 0) 702 break; 703 if (errno != EADDRINUSE || tries > 10) 704 goto bad; 705 sleep(tries); 706 } 707 (void) seteuid((uid_t)pw->pw_uid); 708 #ifdef IP_TOS 709 on = IPTOS_THROUGHPUT; 710 if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0) 711 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); 712 #endif 713 return (fdopen(s, mode)); 714 bad: 715 (void) seteuid((uid_t)pw->pw_uid); 716 (void) close(s); 717 return (NULL); 718 } 719 720 FILE * 721 dataconn(name, size, mode) 722 char *name; 723 off_t size; 724 char *mode; 725 { 726 char sizebuf[32]; 727 FILE *file; 728 int retry = 0, tos; 729 730 file_size = size; 731 byte_count = 0; 732 if (size != (off_t) -1) 733 (void) sprintf (sizebuf, " (%ld bytes)", size); 734 else 735 (void) strcpy(sizebuf, ""); 736 if (pdata >= 0) { 737 struct sockaddr_in from; 738 int s, fromlen = sizeof(from); 739 740 s = accept(pdata, (struct sockaddr *)&from, &fromlen); 741 if (s < 0) { 742 reply(425, "Can't open data connection."); 743 (void) close(pdata); 744 pdata = -1; 745 return(NULL); 746 } 747 (void) close(pdata); 748 pdata = s; 749 #ifdef IP_TOS 750 tos = IPTOS_LOWDELAY; 751 (void) setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, 752 sizeof(int)); 753 #endif 754 reply(150, "Opening %s mode data connection for %s%s.", 755 type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); 756 return(fdopen(pdata, mode)); 757 } 758 if (data >= 0) { 759 reply(125, "Using existing data connection for %s%s.", 760 name, sizebuf); 761 usedefault = 1; 762 return (fdopen(data, mode)); 763 } 764 if (usedefault) 765 data_dest = his_addr; 766 usedefault = 1; 767 file = getdatasock(mode); 768 if (file == NULL) { 769 reply(425, "Can't create data socket (%s,%d): %s.", 770 inet_ntoa(data_source.sin_addr), 771 ntohs(data_source.sin_port), strerror(errno)); 772 return (NULL); 773 } 774 data = fileno(file); 775 while (connect(data, (struct sockaddr *)&data_dest, 776 sizeof (data_dest)) < 0) { 777 if (errno == EADDRINUSE && retry < swaitmax) { 778 sleep((unsigned) swaitint); 779 retry += swaitint; 780 continue; 781 } 782 perror_reply(425, "Can't build data connection"); 783 (void) fclose(file); 784 data = -1; 785 return (NULL); 786 } 787 reply(150, "Opening %s mode data connection for %s%s.", 788 type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); 789 return (file); 790 } 791 792 /* 793 * Tranfer the contents of "instr" to 794 * "outstr" peer using the appropriate 795 * encapsulation of the data subject 796 * to Mode, Structure, and Type. 797 * 798 * NB: Form isn't handled. 799 */ 800 send_data(instr, outstr, blksize) 801 FILE *instr, *outstr; 802 off_t blksize; 803 { 804 register int c, cnt; 805 register char *buf; 806 int netfd, filefd; 807 808 transflag++; 809 if (setjmp(urgcatch)) { 810 transflag = 0; 811 return; 812 } 813 switch (type) { 814 815 case TYPE_A: 816 while ((c = getc(instr)) != EOF) { 817 byte_count++; 818 if (c == '\n') { 819 if (ferror(outstr)) 820 goto data_err; 821 (void) putc('\r', outstr); 822 } 823 (void) putc(c, outstr); 824 } 825 fflush(outstr); 826 transflag = 0; 827 if (ferror(instr)) 828 goto file_err; 829 if (ferror(outstr)) 830 goto data_err; 831 reply(226, "Transfer complete."); 832 return; 833 834 case TYPE_I: 835 case TYPE_L: 836 if ((buf = malloc((u_int)blksize)) == NULL) { 837 transflag = 0; 838 perror_reply(451, "Local resource failure: malloc"); 839 return; 840 } 841 netfd = fileno(outstr); 842 filefd = fileno(instr); 843 while ((cnt = read(filefd, buf, (u_int)blksize)) > 0 && 844 write(netfd, buf, cnt) == cnt) 845 byte_count += cnt; 846 transflag = 0; 847 (void)free(buf); 848 if (cnt != 0) { 849 if (cnt < 0) 850 goto file_err; 851 goto data_err; 852 } 853 reply(226, "Transfer complete."); 854 return; 855 default: 856 transflag = 0; 857 reply(550, "Unimplemented TYPE %d in send_data", type); 858 return; 859 } 860 861 data_err: 862 transflag = 0; 863 perror_reply(426, "Data connection"); 864 return; 865 866 file_err: 867 transflag = 0; 868 perror_reply(551, "Error on input file"); 869 } 870 871 /* 872 * Transfer data from peer to 873 * "outstr" using the appropriate 874 * encapulation of the data subject 875 * to Mode, Structure, and Type. 876 * 877 * N.B.: Form isn't handled. 878 */ 879 receive_data(instr, outstr) 880 FILE *instr, *outstr; 881 { 882 register int c; 883 int cnt, bare_lfs = 0; 884 char buf[BUFSIZ]; 885 886 transflag++; 887 if (setjmp(urgcatch)) { 888 transflag = 0; 889 return (-1); 890 } 891 switch (type) { 892 893 case TYPE_I: 894 case TYPE_L: 895 while ((cnt = read(fileno(instr), buf, sizeof buf)) > 0) { 896 if (write(fileno(outstr), buf, cnt) != cnt) 897 goto file_err; 898 byte_count += cnt; 899 } 900 if (cnt < 0) 901 goto data_err; 902 transflag = 0; 903 return (0); 904 905 case TYPE_E: 906 reply(553, "TYPE E not implemented."); 907 transflag = 0; 908 return (-1); 909 910 case TYPE_A: 911 while ((c = getc(instr)) != EOF) { 912 byte_count++; 913 if (c == '\n') 914 bare_lfs++; 915 while (c == '\r') { 916 if (ferror(outstr)) 917 goto data_err; 918 if ((c = getc(instr)) != '\n') { 919 (void) putc ('\r', outstr); 920 if (c == '\0' || c == EOF) 921 goto contin2; 922 } 923 } 924 (void) putc(c, outstr); 925 contin2: ; 926 } 927 fflush(outstr); 928 if (ferror(instr)) 929 goto data_err; 930 if (ferror(outstr)) 931 goto file_err; 932 transflag = 0; 933 if (bare_lfs) { 934 lreply(230, "WARNING! %d bare linefeeds received in ASCII mode", bare_lfs); 935 printf(" File may not have transferred correctly.\r\n"); 936 } 937 return (0); 938 default: 939 reply(550, "Unimplemented TYPE %d in receive_data", type); 940 transflag = 0; 941 return (-1); 942 } 943 944 data_err: 945 transflag = 0; 946 perror_reply(426, "Data Connection"); 947 return (-1); 948 949 file_err: 950 transflag = 0; 951 perror_reply(452, "Error writing file"); 952 return (-1); 953 } 954 955 statfilecmd(filename) 956 char *filename; 957 { 958 char line[BUFSIZ]; 959 FILE *fin; 960 int c; 961 962 (void) sprintf(line, "/bin/ls -lgA %s", filename); 963 fin = ftpd_popen(line, "r"); 964 lreply(211, "status of %s:", filename); 965 while ((c = getc(fin)) != EOF) { 966 if (c == '\n') { 967 if (ferror(stdout)){ 968 perror_reply(421, "control connection"); 969 (void) ftpd_pclose(fin); 970 dologout(1); 971 /* NOTREACHED */ 972 } 973 if (ferror(fin)) { 974 perror_reply(551, filename); 975 (void) ftpd_pclose(fin); 976 return; 977 } 978 (void) putc('\r', stdout); 979 } 980 (void) putc(c, stdout); 981 } 982 (void) ftpd_pclose(fin); 983 reply(211, "End of Status"); 984 } 985 986 statcmd() 987 { 988 struct sockaddr_in *sin; 989 u_char *a, *p; 990 991 lreply(211, "%s FTP server status:", hostname, version); 992 printf(" %s\r\n", version); 993 printf(" Connected to %s", remotehost); 994 if (!isdigit(remotehost[0])) 995 printf(" (%s)", inet_ntoa(his_addr.sin_addr)); 996 printf("\r\n"); 997 if (logged_in) { 998 if (guest) 999 printf(" Logged in anonymously\r\n"); 1000 else 1001 printf(" Logged in as %s\r\n", pw->pw_name); 1002 } else if (askpasswd) 1003 printf(" Waiting for password\r\n"); 1004 else 1005 printf(" Waiting for user name\r\n"); 1006 printf(" TYPE: %s", typenames[type]); 1007 if (type == TYPE_A || type == TYPE_E) 1008 printf(", FORM: %s", formnames[form]); 1009 if (type == TYPE_L) 1010 #if NBBY == 8 1011 printf(" %d", NBBY); 1012 #else 1013 printf(" %d", bytesize); /* need definition! */ 1014 #endif 1015 printf("; STRUcture: %s; transfer MODE: %s\r\n", 1016 strunames[stru], modenames[mode]); 1017 if (data != -1) 1018 printf(" Data connection open\r\n"); 1019 else if (pdata != -1) { 1020 printf(" in Passive mode"); 1021 sin = &pasv_addr; 1022 goto printaddr; 1023 } else if (usedefault == 0) { 1024 printf(" PORT"); 1025 sin = &data_dest; 1026 printaddr: 1027 a = (u_char *) &sin->sin_addr; 1028 p = (u_char *) &sin->sin_port; 1029 #define UC(b) (((int) b) & 0xff) 1030 printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]), 1031 UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); 1032 #undef UC 1033 } else 1034 printf(" No data connection\r\n"); 1035 reply(211, "End of status"); 1036 } 1037 1038 fatal(s) 1039 char *s; 1040 { 1041 reply(451, "Error in server: %s\n", s); 1042 reply(221, "Closing connection due to server error."); 1043 dologout(0); 1044 /* NOTREACHED */ 1045 } 1046 1047 /* VARARGS2 */ 1048 reply(n, fmt, p0, p1, p2, p3, p4, p5) 1049 int n; 1050 char *fmt; 1051 { 1052 printf("%d ", n); 1053 printf(fmt, p0, p1, p2, p3, p4, p5); 1054 printf("\r\n"); 1055 (void)fflush(stdout); 1056 if (debug) { 1057 syslog(LOG_DEBUG, "<--- %d ", n); 1058 syslog(LOG_DEBUG, fmt, p0, p1, p2, p3, p4, p5); 1059 } 1060 } 1061 1062 /* VARARGS2 */ 1063 lreply(n, fmt, p0, p1, p2, p3, p4, p5) 1064 int n; 1065 char *fmt; 1066 { 1067 printf("%d- ", n); 1068 printf(fmt, p0, p1, p2, p3, p4, p5); 1069 printf("\r\n"); 1070 (void)fflush(stdout); 1071 if (debug) { 1072 syslog(LOG_DEBUG, "<--- %d- ", n); 1073 syslog(LOG_DEBUG, fmt, p0, p1, p2, p3, p4, p5); 1074 } 1075 } 1076 1077 ack(s) 1078 char *s; 1079 { 1080 reply(250, "%s command successful.", s); 1081 } 1082 1083 nack(s) 1084 char *s; 1085 { 1086 reply(502, "%s command not implemented.", s); 1087 } 1088 1089 /* ARGSUSED */ 1090 yyerror(s) 1091 char *s; 1092 { 1093 char *cp; 1094 1095 if (cp = index(cbuf,'\n')) 1096 *cp = '\0'; 1097 reply(500, "'%s': command not understood.", cbuf); 1098 } 1099 1100 delete(name) 1101 char *name; 1102 { 1103 struct stat st; 1104 1105 if (stat(name, &st) < 0) { 1106 perror_reply(550, name); 1107 return; 1108 } 1109 if ((st.st_mode&S_IFMT) == S_IFDIR) { 1110 if (rmdir(name) < 0) { 1111 perror_reply(550, name); 1112 return; 1113 } 1114 goto done; 1115 } 1116 if (unlink(name) < 0) { 1117 perror_reply(550, name); 1118 return; 1119 } 1120 done: 1121 ack("DELE"); 1122 } 1123 1124 cwd(path) 1125 char *path; 1126 { 1127 if (chdir(path) < 0) 1128 perror_reply(550, path); 1129 else 1130 ack("CWD"); 1131 } 1132 1133 makedir(name) 1134 char *name; 1135 { 1136 if (mkdir(name, 0777) < 0) 1137 perror_reply(550, name); 1138 else 1139 reply(257, "MKD command successful."); 1140 } 1141 1142 removedir(name) 1143 char *name; 1144 { 1145 if (rmdir(name) < 0) 1146 perror_reply(550, name); 1147 else 1148 ack("RMD"); 1149 } 1150 1151 pwd() 1152 { 1153 char path[MAXPATHLEN + 1]; 1154 extern char *getwd(); 1155 1156 if (getwd(path) == (char *)NULL) 1157 reply(550, "%s.", path); 1158 else 1159 reply(257, "\"%s\" is current directory.", path); 1160 } 1161 1162 char * 1163 renamefrom(name) 1164 char *name; 1165 { 1166 struct stat st; 1167 1168 if (stat(name, &st) < 0) { 1169 perror_reply(550, name); 1170 return ((char *)0); 1171 } 1172 reply(350, "File exists, ready for destination name"); 1173 return (name); 1174 } 1175 1176 renamecmd(from, to) 1177 char *from, *to; 1178 { 1179 if (rename(from, to) < 0) 1180 perror_reply(550, "rename"); 1181 else 1182 ack("RNTO"); 1183 } 1184 1185 dolog(sin) 1186 struct sockaddr_in *sin; 1187 { 1188 struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr, 1189 sizeof (struct in_addr), AF_INET); 1190 time_t t, time(); 1191 extern char *ctime(); 1192 1193 if (hp) 1194 (void) strncpy(remotehost, hp->h_name, sizeof (remotehost)); 1195 else 1196 (void) strncpy(remotehost, inet_ntoa(sin->sin_addr), 1197 sizeof (remotehost)); 1198 #ifdef SETPROCTITLE 1199 sprintf(proctitle, "%s: connected", remotehost); 1200 setproctitle(proctitle); 1201 #endif /* SETPROCTITLE */ 1202 1203 if (logging) { 1204 t = time((time_t *) 0); 1205 syslog(LOG_INFO, "connection from %s at %s", 1206 remotehost, ctime(&t)); 1207 } 1208 } 1209 1210 /* 1211 * Record logout in wtmp file 1212 * and exit with supplied status. 1213 */ 1214 dologout(status) 1215 int status; 1216 { 1217 if (logged_in) { 1218 (void) seteuid((uid_t)0); 1219 logwtmp(ttyline, "", ""); 1220 #if defined(KERBEROS) 1221 if (!notickets && krbtkfile_env) 1222 unlink(krbtkfile_env); 1223 #endif 1224 } 1225 /* beware of flushing buffers after a SIGPIPE */ 1226 _exit(status); 1227 } 1228 1229 void 1230 myoob() 1231 { 1232 char *cp; 1233 1234 /* only process if transfer occurring */ 1235 if (!transflag) 1236 return; 1237 cp = tmpline; 1238 if (getline(cp, 7, stdin) == NULL) { 1239 reply(221, "You could at least say goodbye."); 1240 dologout(0); 1241 } 1242 upper(cp); 1243 if (strcmp(cp, "ABOR\r\n") == 0) { 1244 tmpline[0] = '\0'; 1245 reply(426, "Transfer aborted. Data connection closed."); 1246 reply(226, "Abort successful"); 1247 longjmp(urgcatch, 1); 1248 } 1249 if (strcmp(cp, "STAT\r\n") == 0) { 1250 if (file_size != (off_t) -1) 1251 reply(213, "Status: %lu of %lu bytes transferred", 1252 byte_count, file_size); 1253 else 1254 reply(213, "Status: %lu bytes transferred", byte_count); 1255 } 1256 } 1257 1258 /* 1259 * Note: a response of 425 is not mentioned as a possible response to 1260 * the PASV command in RFC959. However, it has been blessed as 1261 * a legitimate response by Jon Postel in a telephone conversation 1262 * with Rick Adams on 25 Jan 89. 1263 */ 1264 passive() 1265 { 1266 int len; 1267 register char *p, *a; 1268 1269 pdata = socket(AF_INET, SOCK_STREAM, 0); 1270 if (pdata < 0) { 1271 perror_reply(425, "Can't open passive connection"); 1272 return; 1273 } 1274 pasv_addr = ctrl_addr; 1275 pasv_addr.sin_port = 0; 1276 (void) seteuid((uid_t)0); 1277 if (bind(pdata, (struct sockaddr *)&pasv_addr, sizeof(pasv_addr)) < 0) { 1278 (void) seteuid((uid_t)pw->pw_uid); 1279 goto pasv_error; 1280 } 1281 (void) seteuid((uid_t)pw->pw_uid); 1282 len = sizeof(pasv_addr); 1283 if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0) 1284 goto pasv_error; 1285 if (listen(pdata, 1) < 0) 1286 goto pasv_error; 1287 a = (char *) &pasv_addr.sin_addr; 1288 p = (char *) &pasv_addr.sin_port; 1289 1290 #define UC(b) (((int) b) & 0xff) 1291 1292 reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]), 1293 UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); 1294 return; 1295 1296 pasv_error: 1297 (void) close(pdata); 1298 pdata = -1; 1299 perror_reply(425, "Can't open passive connection"); 1300 return; 1301 } 1302 1303 /* 1304 * Generate unique name for file with basename "local". 1305 * The file named "local" is already known to exist. 1306 * Generates failure reply on error. 1307 */ 1308 char * 1309 gunique(local) 1310 char *local; 1311 { 1312 static char new[MAXPATHLEN]; 1313 struct stat st; 1314 char *cp = rindex(local, '/'); 1315 int count = 0; 1316 1317 if (cp) 1318 *cp = '\0'; 1319 if (stat(cp ? local : ".", &st) < 0) { 1320 perror_reply(553, cp ? local : "."); 1321 return((char *) 0); 1322 } 1323 if (cp) 1324 *cp = '/'; 1325 (void) strcpy(new, local); 1326 cp = new + strlen(new); 1327 *cp++ = '.'; 1328 for (count = 1; count < 100; count++) { 1329 (void) sprintf(cp, "%d", count); 1330 if (stat(new, &st) < 0) 1331 return(new); 1332 } 1333 reply(452, "Unique file name cannot be created."); 1334 return((char *) 0); 1335 } 1336 1337 /* 1338 * Format and send reply containing system error number. 1339 */ 1340 perror_reply(code, string) 1341 int code; 1342 char *string; 1343 { 1344 reply(code, "%s: %s.", string, strerror(errno)); 1345 } 1346 1347 static char *onefile[] = { 1348 "", 1349 0 1350 }; 1351 1352 send_file_list(whichfiles) 1353 char *whichfiles; 1354 { 1355 struct stat st; 1356 DIR *dirp = NULL; 1357 struct dirent *dir; 1358 FILE *dout = NULL; 1359 register char **dirlist, *dirname; 1360 int simple = 0; 1361 char *strpbrk(); 1362 1363 if (strpbrk(whichfiles, "~{[*?") != NULL) { 1364 extern char **ftpglob(), *globerr; 1365 1366 globerr = NULL; 1367 dirlist = ftpglob(whichfiles); 1368 if (globerr != NULL) { 1369 reply(550, globerr); 1370 return; 1371 } else if (dirlist == NULL) { 1372 errno = ENOENT; 1373 perror_reply(550, whichfiles); 1374 return; 1375 } 1376 } else { 1377 onefile[0] = whichfiles; 1378 dirlist = onefile; 1379 simple = 1; 1380 } 1381 1382 if (setjmp(urgcatch)) { 1383 transflag = 0; 1384 return; 1385 } 1386 while (dirname = *dirlist++) { 1387 if (stat(dirname, &st) < 0) { 1388 /* 1389 * If user typed "ls -l", etc, and the client 1390 * used NLST, do what the user meant. 1391 */ 1392 if (dirname[0] == '-' && *dirlist == NULL && 1393 transflag == 0) { 1394 retrieve("/bin/ls %s", dirname); 1395 return; 1396 } 1397 perror_reply(550, whichfiles); 1398 if (dout != NULL) { 1399 (void) fclose(dout); 1400 transflag = 0; 1401 data = -1; 1402 pdata = -1; 1403 } 1404 return; 1405 } 1406 1407 if ((st.st_mode&S_IFMT) == S_IFREG) { 1408 if (dout == NULL) { 1409 dout = dataconn("file list", (off_t)-1, "w"); 1410 if (dout == NULL) 1411 return; 1412 transflag++; 1413 } 1414 fprintf(dout, "%s%s\n", dirname, 1415 type == TYPE_A ? "\r" : ""); 1416 byte_count += strlen(dirname) + 1; 1417 continue; 1418 } else if ((st.st_mode&S_IFMT) != S_IFDIR) 1419 continue; 1420 1421 if ((dirp = opendir(dirname)) == NULL) 1422 continue; 1423 1424 while ((dir = readdir(dirp)) != NULL) { 1425 char nbuf[MAXPATHLEN]; 1426 1427 if (dir->d_name[0] == '.' && dir->d_namlen == 1) 1428 continue; 1429 if (dir->d_name[0] == '.' && dir->d_name[1] == '.' && 1430 dir->d_namlen == 2) 1431 continue; 1432 1433 sprintf(nbuf, "%s/%s", dirname, dir->d_name); 1434 1435 /* 1436 * We have to do a stat to insure it's 1437 * not a directory or special file. 1438 */ 1439 if (simple || (stat(nbuf, &st) == 0 && 1440 (st.st_mode&S_IFMT) == S_IFREG)) { 1441 if (dout == NULL) { 1442 dout = dataconn("file list", (off_t)-1, 1443 "w"); 1444 if (dout == NULL) 1445 return; 1446 transflag++; 1447 } 1448 if (nbuf[0] == '.' && nbuf[1] == '/') 1449 fprintf(dout, "%s%s\n", &nbuf[2], 1450 type == TYPE_A ? "\r" : ""); 1451 else 1452 fprintf(dout, "%s%s\n", nbuf, 1453 type == TYPE_A ? "\r" : ""); 1454 byte_count += strlen(nbuf) + 1; 1455 } 1456 } 1457 (void) closedir(dirp); 1458 } 1459 1460 if (dout == NULL) 1461 reply(550, "No files found."); 1462 else if (ferror(dout) != 0) 1463 perror_reply(550, "Data connection"); 1464 else 1465 reply(226, "Transfer complete."); 1466 1467 transflag = 0; 1468 if (dout != NULL) 1469 (void) fclose(dout); 1470 data = -1; 1471 pdata = -1; 1472 } 1473 1474 #ifdef SETPROCTITLE 1475 /* 1476 * clobber argv so ps will show what we're doing. 1477 * (stolen from sendmail) 1478 * warning, since this is usually started from inetd.conf, it 1479 * often doesn't have much of an environment or arglist to overwrite. 1480 */ 1481 1482 /*VARARGS1*/ 1483 setproctitle(fmt, a, b, c) 1484 char *fmt; 1485 { 1486 register char *p, *bp, ch; 1487 register int i; 1488 char buf[BUFSIZ]; 1489 1490 (void) sprintf(buf, fmt, a, b, c); 1491 1492 /* make ps print our process name */ 1493 p = Argv[0]; 1494 *p++ = '-'; 1495 1496 i = strlen(buf); 1497 if (i > LastArgv - p - 2) { 1498 i = LastArgv - p - 2; 1499 buf[i] = '\0'; 1500 } 1501 bp = buf; 1502 while (ch = *bp++) 1503 if (ch != '\n' && ch != '\r') 1504 *p++ = ch; 1505 while (p < LastArgv) 1506 *p++ = ' '; 1507 } 1508 #endif /* SETPROCTITLE */ 1509
Indexes created Tue Sep 23 07:09:52 GMT 2025