#
1.234 |
|
09-May-2024 |
florian |
ctime(3) and ctime_r(3) can fail when timestamps are way off. Add missing error checks to all calls under libexec/
Input kettenis, millert OK millert
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.233 |
|
08-Mar-2023 |
guenther |
Delete obsolete /* ARGSUSED */ lint comments.
ok miod@ millert@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.232 |
|
23-May-2021 |
jan |
Constify function parameters.
OK martijn@
|
#
1.231 |
|
22-May-2021 |
jan |
Remove useless fflush(3) calls. lreply() already called fflush(3).
OK martijn@
|
#
1.230 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.229 |
|
15-Jan-2020 |
jan |
Simplify globbing of ftpd(8)s list and nlst commands. Also avoid command option injection for ls(1).
OK martijn@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.228 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
#
1.227 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.226 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.225 |
|
11-Dec-2018 |
bluhm |
Flip snprintf(3) error check to align it with the man page example. No functional change. suggested by tb@; from Jan Klemkow
|
#
1.224 |
|
11-Dec-2018 |
bluhm |
Convert some variables with non-negative values to unsigned type to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.233 |
|
08-Mar-2023 |
guenther |
Delete obsolete /* ARGSUSED */ lint comments.
ok miod@ millert@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.232 |
|
23-May-2021 |
jan |
Constify function parameters.
OK martijn@
|
#
1.231 |
|
22-May-2021 |
jan |
Remove useless fflush(3) calls. lreply() already called fflush(3).
OK martijn@
|
#
1.230 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.229 |
|
15-Jan-2020 |
jan |
Simplify globbing of ftpd(8)s list and nlst commands. Also avoid command option injection for ls(1).
OK martijn@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.228 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
#
1.227 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.226 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.225 |
|
11-Dec-2018 |
bluhm |
Flip snprintf(3) error check to align it with the man page example. No functional change. suggested by tb@; from Jan Klemkow
|
#
1.224 |
|
11-Dec-2018 |
bluhm |
Convert some variables with non-negative values to unsigned type to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.232 |
|
23-May-2021 |
jan |
Constify function parameters.
OK martijn@
|
#
1.231 |
|
22-May-2021 |
jan |
Remove useless fflush(3) calls. lreply() already called fflush(3).
OK martijn@
|
#
1.230 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.229 |
|
15-Jan-2020 |
jan |
Simplify globbing of ftpd(8)s list and nlst commands. Also avoid command option injection for ls(1).
OK martijn@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.228 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
#
1.227 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.226 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.225 |
|
11-Dec-2018 |
bluhm |
Flip snprintf(3) error check to align it with the man page example. No functional change. suggested by tb@; from Jan Klemkow
|
#
1.224 |
|
11-Dec-2018 |
bluhm |
Convert some variables with non-negative values to unsigned type to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.231 |
|
22-May-2021 |
jan |
Remove useless fflush(3) calls. lreply() already called fflush(3).
OK martijn@
|
#
1.230 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.229 |
|
15-Jan-2020 |
jan |
Simplify globbing of ftpd(8)s list and nlst commands. Also avoid command option injection for ls(1).
OK martijn@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.228 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
#
1.227 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.226 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.225 |
|
11-Dec-2018 |
bluhm |
Flip snprintf(3) error check to align it with the man page example. No functional change. suggested by tb@; from Jan Klemkow
|
#
1.224 |
|
11-Dec-2018 |
bluhm |
Convert some variables with non-negative values to unsigned type to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.230 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.229 |
|
15-Jan-2020 |
jan |
Simplify globbing of ftpd(8)s list and nlst commands. Also avoid command option injection for ls(1).
OK martijn@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.228 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
#
1.227 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.226 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.225 |
|
11-Dec-2018 |
bluhm |
Flip snprintf(3) error check to align it with the man page example. No functional change. suggested by tb@; from Jan Klemkow
|
#
1.224 |
|
11-Dec-2018 |
bluhm |
Convert some variables with non-negative values to unsigned type to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.229 |
|
15-Jan-2020 |
jan |
Simplify globbing of ftpd(8)s list and nlst commands. Also avoid command option injection for ls(1).
OK martijn@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.228 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
#
1.227 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.226 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.225 |
|
11-Dec-2018 |
bluhm |
Flip snprintf(3) error check to align it with the man page example. No functional change. suggested by tb@; from Jan Klemkow
|
#
1.224 |
|
11-Dec-2018 |
bluhm |
Convert some variables with non-negative values to unsigned type to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.228 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
#
1.227 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.226 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.225 |
|
11-Dec-2018 |
bluhm |
Flip snprintf(3) error check to align it with the man page example. No functional change. suggested by tb@; from Jan Klemkow
|
#
1.224 |
|
11-Dec-2018 |
bluhm |
Convert some variables with non-negative values to unsigned type to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.227 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.226 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.225 |
|
11-Dec-2018 |
bluhm |
Flip snprintf(3) error check to align it with the man page example. No functional change. suggested by tb@; from Jan Klemkow
|
#
1.224 |
|
11-Dec-2018 |
bluhm |
Convert some variables with non-negative values to unsigned type to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.226 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.225 |
|
11-Dec-2018 |
bluhm |
Flip snprintf(3) error check to align it with the man page example. No functional change. suggested by tb@; from Jan Klemkow
|
#
1.224 |
|
11-Dec-2018 |
bluhm |
Convert some variables with non-negative values to unsigned type to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.225 |
|
11-Dec-2018 |
bluhm |
Flip snprintf(3) error check to align it with the man page example. No functional change. suggested by tb@; from Jan Klemkow
|
#
1.224 |
|
11-Dec-2018 |
bluhm |
Convert some variables with non-negative values to unsigned type to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.223 |
|
03-Sep-2016 |
jca |
Use a single "opt" variable for all setsockopt calls in getdatasock().
on = 65536; if (setsockopt(... &on ...)
is slightly misleading.
|
#
1.222 |
|
03-Sep-2016 |
jca |
Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.
|
#
1.221 |
|
31-Aug-2016 |
jca |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
|
#
1.220 |
|
30-Aug-2016 |
tedu |
remove ifdef for all the features we have. retain disabled ip4in6 code until its future is decided. ok deraadt jca
|
#
1.219 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.218 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.217 |
|
04-Jul-2016 |
guenther |
Use fstatat() instead of crafting a filename to use with stat()
ok millert@
|
#
1.216 |
|
04-May-2016 |
jca |
Kill #ifdef INET6 occurrences in userland.
Prompted by and ok millert@
(tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
|
#
1.215 |
|
25-Apr-2016 |
deraadt |
prefer setres{u,g}id() rather than manipulating both real and effective ids, it clarifies these are full revocation situations. ok millert
|
#
1.214 |
|
06-Apr-2016 |
semarie |
compare pointer to NULL instead of 0
from fritjof ! alokat.org
ok ratchov@ natano@
|
#
1.213 |
|
16-Mar-2016 |
krw |
More "(<blah> *)0" -> NULL, avoiding any stdarg functions.
Feedback millert@ kettenis@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.212 |
|
12-Dec-2015 |
mmcc |
Remove NULL-checks before free(). ok tb@
|
#
1.211 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.210 |
|
25-Oct-2015 |
millert |
No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@
|
#
1.209 |
|
04-Oct-2015 |
tedu |
fix custom popen to return pid to caller instead of tracking in a giant array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
|
#
1.208 |
|
01-Sep-2015 |
jsg |
test pointers with NULL not '\0'
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.207 |
|
19-Jan-2015 |
deraadt |
CMASK went out of scope with the recent <sys/param.h> removal. But oh golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
|
#
1.206 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.205 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
1.204 |
|
25-Aug-2014 |
doug |
Delete secret or secret-derived data with explicit_bzero.
concept ok deraadt@ diff looks ok tedu@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.203 |
|
24-Mar-2014 |
tedu |
remove tcpwrappers support. ok deraadt
|
#
1.202 |
|
17-Mar-2014 |
sthen |
args! fix argstr. from LEVAI Daniel.
|
#
1.201 |
|
17-Mar-2014 |
sthen |
typo, spotted by okan@
|
#
1.200 |
|
17-Mar-2014 |
sthen |
Add an option to disallow ftp access to accounts with uid below a certain number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.199 |
|
08-Jan-2014 |
jca |
If the file size is zero, there's nothing to transmit so avoid spamming syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
|
#
1.198 |
|
22-Aug-2013 |
guenther |
Correct format string mismatches turned up by -Wformat=2
suggestions and ok millert@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.197 |
|
26-Jul-2013 |
guenther |
Make sure tmpline[] is always NUL terminated, to avoid possible read-beyond-end in get_line().
Analysis and patch by Maxime Villard (rustyBSD (at) gmx.fr) ok millert@ deraadt@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.196 |
|
04-Dec-2012 |
deraadt |
remove some unnecessary sys/param.h inclusions
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.195 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.194 |
|
14-Dec-2011 |
ajacoutot |
Add a new '-W' option to prevent saving login records to /var/run/wtmp. This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive.
ok sthen@ millert@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.193 |
|
09-Feb-2011 |
millert |
Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@ "Makes sense" markus@ and "i don't see a reason not to" henning@
|
#
1.192 |
|
27-Aug-2010 |
lum |
In revision 1.14 of ftpd.c the ident variable was removed from its only meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code.
ok tobias@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.191 |
|
01-Aug-2010 |
tobias |
Properly reset states when a login phase is interrupted by another one. Prevents ftpd from letting regular users logging in during anonymous-only mode (-A).
ok millert, ray
|
#
1.190 |
|
30-Jul-2010 |
ray |
Don't set "success" flags before error checks. Add check for login_getclass() failure, pointed out by tobias.
OK tobias
|
#
1.189 |
|
18-Jun-2010 |
tobias |
Prevent a segmentation fault on ftpd_popen error (memory, file descriptor, pipe ...) during status command.
ok millert
|
#
1.188 |
|
13-Jun-2010 |
tobias |
Adjust FTP reply codes (in error conditions) to conform to RFC 959.
ok millert, schwarze
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.187 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.186 |
|
20-Apr-2009 |
schwarze |
When receiving a new connection, log the remote IP number in addition to the remote hostname.
Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.185 |
|
30-Sep-2008 |
deraadt |
Always say "User %s access denied", in all cases, to avoid some stupid spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
|
#
1.184 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.183 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
#
1.182 |
|
13-Apr-2008 |
djm |
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound is not a power of two
ok deraadt@ millert@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.181 |
|
02-Sep-2007 |
deraadt |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.180 |
|
31-Jul-2007 |
ray |
From Gilles Chehade: - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result.
OK moritz
|
#
1.179 |
|
27-Jul-2007 |
moritz |
Fix potential memory leak, when snprintf(3) returns an empty buffer.
OK ray@
|
#
1.178 |
|
21-Jun-2007 |
ray |
Adjust spacing, combine malloc + strlcpy + strlcat into a single asprintf call.
OK moritz
|
#
1.177 |
|
19-Jun-2007 |
ray |
Make sure perror_reply() is only called when errno is set. When changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering.
OK moritz
|
#
1.176 |
|
22-Mar-2007 |
cloder |
Do not advertise version in the ftp banner, because there is no reason to. OK mbalmer@, xsa@, henning@, idea prompted by deraadt
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.175 |
|
01-Mar-2007 |
otto |
- use proper log facility and priority in the slave sig handlers - if the monitor decides to kill the slave, log that ok millert@ moritz@
|
#
1.174 |
|
21-Dec-2006 |
krw |
'tranfer' -> 'transfer' in comments.
|
#
1.173 |
|
18-Oct-2006 |
millert |
Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. OK cloder@
|
#
1.172 |
|
18-Oct-2006 |
deraadt |
you do not call fclose() on a file descriptor; ok cloder
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.171 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.170 |
|
03-Dec-2005 |
deraadt |
remove shadowing variables; ok pval
|
#
1.169 |
|
01-Dec-2005 |
pvalchev |
fix double var declarations in same scope, found by lint; ok deraadt cloder
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.168 |
|
22-Aug-2005 |
mickey |
EOF in ascii mode may also mean EOF so avoid printing a bogus error and behave same as bin mode; beck@ deraadt@ millert@ ok
|
#
1.167 |
|
14-Jul-2005 |
moritz |
let root create the data socket. fixes PR 4287. ok millert@ henning@
|
#
1.166 |
|
24-May-2005 |
moritz |
readd endpwent()
|
#
1.165 |
|
24-May-2005 |
moritz |
no need for endpwent()
|
#
1.164 |
|
21-Apr-2005 |
deraadt |
make code prettier so we can tell it is safe when we read it; ok beck cloder
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.163 |
|
15-Mar-2005 |
niallo |
branches: 1.163.2; better handling of cases where getnameinfo() returns non-zero. upon failure, don't try to print the contents of the char buffers we passed it.
ok & feedback henning@, moritz@ (thanks!)
|
#
1.162 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.161 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.160 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.159 |
|
28-Nov-2004 |
henning |
logging fixes: -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz
|
#
1.158 |
|
28-Nov-2004 |
henning |
bump version
|
#
1.157 |
|
28-Nov-2004 |
henning |
fix ttyline setting, fixes proctitle. notice independently by theo and pval, fix from moritz jodeit
|
#
1.156 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
#
1.155 |
|
22-Nov-2004 |
millert |
More sensible error when both the -n and -A flags are used. Text OK jmc@
|
#
1.154 |
|
30-Sep-2004 |
deraadt |
cope nicer with accept() failures, from freebsd; millert ok
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.153 |
|
12-Dec-2003 |
deraadt |
knf
|
#
1.152 |
|
10-Dec-2003 |
deraadt |
spacing
|
#
1.151 |
|
09-Dec-2003 |
deraadt |
knf
|
#
1.150 |
|
09-Dec-2003 |
beck |
fix PR 3596 by making root create the socket, ok millert@
|
#
1.149 |
|
20-Nov-2003 |
jmc |
ftpd.8: - simpler macros - sort options - some updates
ftpd.c: - sync usage()
|
#
1.148 |
|
12-Nov-2003 |
millert |
Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Adapted from FreeBSD via danh@
|
#
1.147 |
|
01-Oct-2003 |
itojun |
listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. comments from markus, millert. tested by fries
|
#
1.146 |
|
30-Sep-2003 |
jmc |
usage():
- add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.145 |
|
29-Jul-2003 |
deraadt |
branches: 1.145.2; spaces
|
#
1.144 |
|
07-Jul-2003 |
deraadt |
make this match protos; millert ok
|
#
1.143 |
|
11-Jun-2003 |
deraadt |
ansi cleanup; ok ian markus
|
#
1.142 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
#
1.141 |
|
10-Apr-2003 |
millert |
Replace strcpy() w/ strlcpy() from espie@
Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.140 |
|
17-Feb-2003 |
mpech |
branches: 1.140.2; reply() -> perror_reply().
millert@ ok
|
#
1.139 |
|
25-Nov-2002 |
millert |
Change a setuid() that should be seteuid(), not iced by grange@ Move a va_end so it gets called in an error condition as well
|
#
1.138 |
|
15-Nov-2002 |
millert |
o Once a user is logged in, don't allow a change to another user. o Run more code with the effective uid of the logged in user. From Frank Denis
|
#
1.137 |
|
13-Oct-2002 |
millert |
Avoid potential printf format string problem with challenge from auth_challenge(). Currently, none of the auth modules put non-sanitized data in the prompt so there are no real security implications with this fix. Patch from Moritz Jodeit.
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.136 |
|
29-Aug-2002 |
deraadt |
branches: 1.136.2; remove extra arg; jmegq@post.harvard.edu
|
#
1.135 |
|
20-Aug-2002 |
deraadt |
-n: disallow anon ftp even if ftp account exists
|
#
1.134 |
|
24-Jul-2002 |
millert |
Also check for snprintf() returning < 0
|
#
1.133 |
|
24-Jul-2002 |
millert |
What on earth possessed me to use %p instead of %m in syslog() to indicate the error string?
|
#
1.132 |
|
20-Jul-2002 |
millert |
Exit on setusercontext() failure; noticed by deraadt@
|
#
1.131 |
|
14-Jul-2002 |
jakob |
make ftpd always listen to a high tcp port for passive data connections. deprecate and ignore the -h option. ok deraadt@.
|
#
1.130 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.129 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
#
1.128 |
|
09-Jun-2002 |
itojun |
do not present scopeid on wire format (as it is local to a node).
|
#
1.127 |
|
29-May-2002 |
deraadt |
a few more strlcat
|
#
1.126 |
|
26-May-2002 |
deraadt |
pid_t cleanup
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.125 |
|
30-Mar-2002 |
deraadt |
correct an auth_close() misuse; millert ok
|
#
1.124 |
|
16-Mar-2002 |
millert |
o Don't allow password-less accounts to login (like in 2.9 and below) o Stash copy of struct passwd via auth_setpwd() to avoid extra needless getpwnam() calls.
|
#
1.123 |
|
12-Mar-2002 |
millert |
bsd_auth.h requires other headers so it can't be first
|
#
1.122 |
|
12-Mar-2002 |
millert |
Fix a couple mis-sorted headers and sync usage() with man page. From Brian Poole
|
#
1.121 |
|
19-Feb-2002 |
millert |
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.120 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.119 |
|
01-Feb-2002 |
itojun |
strlcpy
|
#
1.118 |
|
01-Feb-2002 |
itojun |
make sure pw_dir is big enough for strcpy(pw->pw_dir, "/").
|
#
1.117 |
|
23-Jan-2002 |
millert |
Plug login_cap and bsd_auth related memory leaks. Problem noticed by mpech@.
|
#
1.116 |
|
23-Jan-2002 |
mpech |
fix potential memory leak.
millert@ ok
|
#
1.115 |
|
23-Jan-2002 |
mpech |
Use always '.' in the end of the fatal() message. Consistency is good.
millert@ ok.
|
#
1.114 |
|
23-Jan-2002 |
mpech |
don't use \n in reply().
millert@ ok
|
#
1.113 |
|
07-Jan-2002 |
millert |
To disable a SIGCHLD signal handler use SIG_DFL, *not* SIG_IGN which now has a different meaning.
|
#
1.112 |
|
18-Dec-2001 |
millert |
Don't use sigprocmask() in signal handlers when we can just set the mask to be what we want with sigaction. Pointed out by Yar Tikhiy.
|
#
1.111 |
|
17-Dec-2001 |
millert |
Add missing sigaction() call from last commit
|
#
1.110 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.109 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.108 |
|
01-Dec-2001 |
miod |
Use pidfile() instead of doing the equivalent thing by hand, and sometimes forgetting to unlink the pid file at exit. ok millert@ deraadt@
|
#
1.107 |
|
17-Nov-2001 |
deraadt |
volatile sig_atomic_t
|
#
1.106 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.105 |
|
02-Oct-2001 |
wilfried |
as is aleady closed and freed by auth_userresponse, ok millert@
|
#
1.104 |
|
05-Sep-2001 |
deraadt |
make sure that va_start() has matching va_end()
|
#
1.103 |
|
08-Jul-2001 |
deraadt |
-Wall
|
#
1.102 |
|
03-Jul-2001 |
millert |
Use the 'welcome' variable from login.conf instead of hard-coding /etc/motd.
|
#
1.101 |
|
25-Jun-2001 |
hin |
millert didn't compile this.
|
#
1.100 |
|
25-Jun-2001 |
millert |
Set "login" and "notickets" BSD auth options. We don't need to get a kerb ticket but we do need AFS tokens.
|
#
1.99 |
|
13-Jun-2001 |
markus |
more va_start/end fixes, ok deraadt@
|
#
1.98 |
|
11-Jun-2001 |
mickey |
strncpy vs strlcpy, some strlen missuse. some other related minor cleanups, and spaces. millert@ ok
|
#
1.97 |
|
29-May-2001 |
millert |
use BSD authentication
|
#
1.96 |
|
11-May-2001 |
art |
mmap returns MAP_FAILED on error, not 0.
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.95 |
|
18-Mar-2001 |
deraadt |
use GLOB_LIMIT
|
#
1.94 |
|
09-Mar-2001 |
millert |
Block all signals in lostconn() and sigprocmask() since we are headed for _exit(). Fixes a signal handler race condition.
|
#
1.93 |
|
09-Mar-2001 |
deraadt |
do not strerror() a signo
|
#
1.92 |
|
04-Feb-2001 |
pjanzen |
Whoops, don't use strlcpy with utmp; millert@
|
#
1.91 |
|
03-Feb-2001 |
pjanzen |
Long usernames; also some simple strncpy->strlcpy.
|
#
1.90 |
|
19-Jan-2001 |
deraadt |
mark remaining signal races
|
#
1.89 |
|
09-Jan-2001 |
itojun |
make sure replydirname() do not truncate names, even if the filename is MAXPATHLEN doublequotes. From: Paul Janzen <pjanzen@foatdi.harvard.edu>
|
#
1.88 |
|
09-Jan-2001 |
itojun |
make sure we do not return stray " at the end of stirng, like bla"\0. From: "William C. Allen" <allenwc@home.com>
|
#
1.87 |
|
07-Jan-2001 |
angelos |
Make the -P option effective (rjmooney@mediaone.net)
|
#
1.86 |
|
06-Jan-2001 |
millert |
Expand tilde (~) in ftp-dir login.conf variable. Closes PR 1382
|
#
1.85 |
|
30-Dec-2000 |
angelos |
Log the actual bytes transfered, rather than the original file size.
|
#
1.84 |
|
04-Dec-2000 |
itojun |
in replydirname(), avoid one-byte overrun. From: Kristian Vlaardingerbroek <kris@obit.nl>
|
#
1.83 |
|
02-Dec-2000 |
millert |
The man page says the default umask is 027 but it is really 022 since that is the value of CMASK.
Have setusercontext() set the umask unless the -u flag was specified. This allows the admin to set the umask either via -u or via a login class in login.conf.
|
#
1.82 |
|
26-Nov-2000 |
millert |
setusercontext should not set umask as this interferes with the umask specified for ftpd on the command line. Closed PR #1530
|
#
1.81 |
|
23-Nov-2000 |
itojun |
typo in LPSV printing. From: Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp>
|
#
1.80 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.79 |
|
15-Sep-2000 |
deraadt |
branches: 1.79.2; check return value for setenv(3) for failure, and deal appropriately
|
#
1.78 |
|
20-Aug-2000 |
millert |
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
|
#
1.77 |
|
05-Jul-2000 |
deraadt |
crank version to 6.5
|
#
1.76 |
|
05-Jul-2000 |
deraadt |
another setproctitle
|
#
1.75 |
|
05-Jul-2000 |
deraadt |
always setproctitle with %s if using a variable
|
#
1.74 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
#
1.73 |
|
14-Jun-2000 |
itojun |
correct STAT command output for LPSV output.
|
#
1.72 |
|
12-Jun-2000 |
itojun |
address PR 1274 (-h does not work on EPSV). the committed code handles IPv6 case too.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.71 |
|
29-Apr-2000 |
deraadt |
branches: 1.71.2; strerror
|
#
1.70 |
|
11-Apr-2000 |
deraadt |
do not lose descriptors; Takahiro Kambe
|
#
1.69 |
|
03-Mar-2000 |
bitblt |
Turns out that our implementation of STAT wasn't RFC 959 compliant. This version is now RFC 959 compliant, using a patch adapted from one sent in by david.leonard@eecs.uq.edu.au
|
#
1.68 |
|
18-Jan-2000 |
millert |
Fix a pasto in the last commit. The genesis of this bug is actually somewhat interesting. The getwd() function has historically placed an error message in the buffer on failure, but getcwd() does not. Therefor, a bulk search and replace of getwd() with getcwd() can create bugs like this one.
|
#
1.67 |
|
18-Jan-2000 |
millert |
"pwd" should print an error, not garbage, if getcwd() fails; form@vell.nsc.ru
|
#
1.66 |
|
14-Jan-2000 |
ericj |
call dologout() with 1. not -1
|
#
1.65 |
|
10-Dec-1999 |
deraadt |
using u_char * is a lot more convenient than doing & 0xff 80+ times
|
#
1.64 |
|
09-Dec-1999 |
itojun |
close passive mode data socket. From: deraadt
|
#
1.63 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
#
1.62 |
|
03-Dec-1999 |
millert |
Write pid to /var/run/ftpd.pid if running in daemon mode.
|
#
1.61 |
|
02-Dec-1999 |
millert |
Fix thinko on my part, we want to avoid setting mode to "r+" for append, not for ascii.
|
#
1.60 |
|
01-Dec-1999 |
millert |
Move initialization of ttyline to be after the fork() so that when we are in daemon mode it contains the pid of the child, not the parent. This fixes utmp/wtmp updates in daemon mode.
|
#
1.59 |
|
29-Nov-1999 |
millert |
When restarting a STOR, open with "r+", not "w" so we don't truncate. Based on a patch from rmooney@iss.net; closed PR #993
|
#
1.58 |
|
14-Nov-1999 |
deraadt |
warning about getpeername() failing is useless
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.57 |
|
22-Sep-1999 |
deraadt |
correct oob handling for STAT command; ian@plutotech.com
|
#
1.56 |
|
21-Jul-1999 |
deraadt |
bad umask is an error, syslog; pointed out by form@
|
#
1.55 |
|
20-Jul-1999 |
deraadt |
do not proceed if incorrect args are found; found by form
|
#
1.54 |
|
29-Apr-1999 |
downsj |
Work around the blocking read() that causes so many hung ftpd processes.
This has been extensively tested.
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.53 |
|
26-Feb-1999 |
art |
implement internal ls
|
#
1.52 |
|
30-Dec-1998 |
deraadt |
indent
|
#
1.51 |
|
29-Dec-1998 |
deraadt |
use getcwd()
|
#
1.50 |
|
18-Nov-1998 |
deraadt |
check for out-of-range umask bits from strtol()
|
Revision tags: OPENBSD_2_4_BASE
|
#
1.49 |
|
23-Jul-1998 |
deraadt |
add replydirname() from netbsd; fixes 257 directory replies; problem noted by kstailey
|
#
1.48 |
|
13-Jul-1998 |
millert |
ftpd: sleep for an indeterminate amount for non-existant logins to simulate a crypt, like login does. Use SEEK_* not L_* and kill some 0L's used in lseek while we're there.
|
#
1.47 |
|
08-Jun-1998 |
mickey |
allow ftpchroot-ed users to also be multihomed
|
#
1.46 |
|
03-Jun-1998 |
deraadt |
use SIG_ERR
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.45 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.44 |
|
06-Aug-1997 |
angelos |
Errno save/restore.
|
#
1.43 |
|
04-Aug-1997 |
deraadt |
save errno in sigchld handlers
|
#
1.42 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.41 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.40 |
|
29-Jun-1997 |
deraadt |
crank version
|
#
1.39 |
|
29-Jun-1997 |
deraadt |
partial Wall
|
#
1.38 |
|
21-Jun-1997 |
deraadt |
attempt to realpath() log entries
|
#
1.37 |
|
05-Jun-1997 |
deraadt |
bigger buf
|
#
1.36 |
|
01-Jun-1997 |
downsj |
Support integrated tcp wrappers when in daemon mode.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.35 |
|
01-May-1997 |
deraadt |
change -A to let in anon | chroot accounts
|
#
1.34 |
|
25-Apr-1997 |
deraadt |
do not allow connect to a 2049 either, helps firewall cases; adam@math.tau.ac.il
|
#
1.33 |
|
25-Mar-1997 |
millert |
Splat .message file if it exists when user cd's to a directory like wu-ftpd. Based on changes from Oliver.
|
#
1.32 |
|
23-Jan-1997 |
deraadt |
crank version number
|
#
1.31 |
|
15-Jan-1997 |
millert |
getopt(3) returns -1 when out of args, not EOF, whee!
|
#
1.30 |
|
05-Jan-1997 |
bitblt |
Signals are now blocked while ftpd runs with euid 0, as suggested by Weiste Venema. If this triggers any problems (most likely with ABOR not working at certain times) let me know.
|
#
1.29 |
|
02-Jan-1997 |
deraadt |
avoid SIGURG race; dg@root.com
|
#
1.28 |
|
14-Dec-1996 |
deraadt |
stop gunique() open/fopen race
|
#
1.27 |
|
14-Dec-1996 |
deraadt |
solve /tmp-style race spotted by bitblt
|
#
1.26 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.25 |
|
03-Dec-1996 |
deraadt |
-A for anon only; from freebsd
|
#
1.24 |
|
19-Oct-1996 |
michaels |
add ')'.
|
#
1.23 |
|
18-Oct-1996 |
deraadt |
forget old password nicely
|
#
1.22 |
|
15-Oct-1996 |
deraadt |
fd leak spotted by bitblt
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.21 |
|
29-Sep-1996 |
millert |
s/key (otp) challenge is now rfc 1938 compliant.
|
#
1.20 |
|
22-Sep-1996 |
deraadt |
vis log entries; noted by bitblt
|
#
1.19 |
|
04-Sep-1996 |
deraadt |
no, bad commit
|
#
1.18 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.17 |
|
27-Aug-1996 |
deraadt |
strncpy correctly
|
#
1.16 |
|
25-Aug-1996 |
deraadt |
hide our base dir
|
#
1.15 |
|
13-Aug-1996 |
deraadt |
log non-anon stuff for -S too, from downsj
|
#
1.14 |
|
10-Aug-1996 |
downsj |
Add multihome support (-M) and make stats logging look like wu-ftpd.
|
#
1.13 |
|
08-Aug-1996 |
downsj |
Handle signals better.
|
#
1.12 |
|
07-Aug-1996 |
downsj |
STATS is not an option.
|
#
1.11 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.10 |
|
07-Aug-1996 |
downsj |
sprintf -> snprintf
|
#
1.9 |
|
29-Jul-1996 |
downsj |
Remove some FreeBSD cruft.
|
#
1.8 |
|
29-Jul-1996 |
downsj |
Add -h, causing passive mode connections to request the high port range.
Also a few other changes.
|
#
1.7 |
|
29-Jul-1996 |
downsj |
Add setenv for HOME (from FreeBSD).
|
#
1.6 |
|
28-Jul-1996 |
downsj |
Add daemon mode (from FreeBSD), moving a lot of things around.
Also change the advertised version to '6.1/OpenBSD'; using the old version number from 4.4BSD seems rather silly at this point.
|
#
1.5 |
|
28-Jul-1996 |
downsj |
Add anonymous statistics logging, based on FreeBSD but with the really obvious bugs fixed.
|
#
1.4 |
|
28-Jul-1996 |
downsj |
New mmap(2)-using send_data() from FreeBSD.
|
#
1.3 |
|
27-Jul-1996 |
joshd |
No more ftpd bounce attacks.
|
#
1.2 |
|
18-Jun-1996 |
downsj |
my netbsd pr#2217: add utmp support to ftpd, some other small changes/fixes.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|