1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
|
1999-04-13 <tytso@rsts-11.mit.edu>
* configure.in: Check to see if we need to pull in the util
library in order to find logwtmp(). (Needed for
Linux/glibc 2.1.)
Tue Mar 30 22:30:40 1999 Tom Yu <tlyu@mit.edu>
* Makefile.in (KLIB): -lcom_err, not $(COMERRLIB)
Thu Mar 25 23:13:56 1999 Tom Yu <tlyu@mit.edu>
* ftpd.c (login): Check that the luid is not the uid we want to
change to prior to calling setluid() so that we can run as
non-root.
Wed Mar 24 17:11:32 1999 Tom Yu <tlyu@mit.edu>
* configure.in: Check for sys/sockio.h.
* ftpcmd.y (urgsafe_getc): New function; like getc() except it
retries once if SIOCATMARK returns TRUE.
(getline): Use urgsafe_getc() rather than getc() to avoid problems
with certain Mac clients that cause the urgent pointer to end up
in a location that results in EOF from getc().
Mon Mar 8 23:47:51 1999 Tom Yu <tlyu@mit.edu>
* ftpd.M: Resync with reality.
* Makefile.in (ftpd): Add libpty to link line. Remove mention of
logwtmp files.
* ftpd.c: Fix up hostname logging to use
pty_make_sane_hostname().
Thu Feb 25 23:31:37 1999 Tom Yu <tlyu@mit.edu>
* ftpd.c (reply): Don't call secure_gss_error() or secure_error()
from within reply() to avoid setting up an infinite
loop. [krb5-appl/684]
Thu Feb 18 18:34:23 1999 Tom Yu <tlyu@mit.edu>
* configure.in: Add check for setluid() in libsecurity.
* ftpd.c (login): Add call to setluid() if necessary.
Fri Feb 12 21:16:26 1999 Tom Yu <tlyu@mit.edu>
* ftpd.c: strcat -> strncat
Fri Oct 23 18:18:52 1998 Theodore Y. Ts'o <tytso@mit.edu>
* ftpcmd.y (cmd): Don't allow the PORT command to accept a port
number lower than 1024; this prevents some nasty ftp
"bounce attacks" to SMTP ports, etc.
Fri May 8 18:06:52 1998 Theodore Y. Ts'o <tytso@mit.edu>
* ftpcmd.y (cmd): Fix Y2K problem in the MDTM command.
Tue Apr 21 19:59:45 1998 Tom Yu <tlyu@mit.edu>
* configure.in: Add CHECK_SIGNALS and CHECK_SETJMP to help with
changes in ftpd.c.
Fri Apr 10 20:06:31 1998 Tom Yu <tlyu@mit.edu>
* ftpd.c (receive_data):
(send_data): Add support for sigsetjmp().
(main): Use sigaction() if we can to avoid SysV lossage.
(send_file_list): Oops missed a sigsetjmp() call.
(send_data): Add call to secure_flush() to send a zero length
buffer when aborting.
(send_file_list): Add call to secure_flush() to send a zero length
buffer when aborting.
* ftpcmd.y (PBSZ): Remove restriction on shrinking buffer size.
Thu Mar 5 13:59:47 1998 Dan Winship <danw@mit.edu>
* ftpcmd.y (getline): Don't syslog passwords! (or newlines)
Tue Feb 24 21:34:34 1998 Tom Yu <tlyu@mit.edu>
* ftpcmd.y: Add production "nonguest" to catch things that
anonymous users aren't supposed to do. Replace "check_login" with
"nonguest" in a few places to prevent w4r3z d00dz from being
lame with world-writable incoming directories.
Fri Feb 6 13:25:28 1998 Theodore Y. Ts'o <tytso@mit.edu>
* popen.c (ftpd_popen): Make sure you can't overrun the argv[] and
gargv[] arrays. (Patch submitted by dima@best.net).
Sun Dec 21 18:17:53 1997 Tom Yu <tlyu@mit.edu>
* logwtmp.c (ftp_logwtmp): Rename logwtmp to ftp_logwtmp to avoid
collision with native logwtmp. Also, return void rather than
int.
* ftpd.c: Rename logwtmp to ftp_logwtmp to avoid collision with
native logwtmp.
Tue Nov 12 00:04:00 1996 Tom Yu <tlyu@mit.edu>
* ftpd.c (ftpd_userok): Don't undconditionally return -1.
Thu Nov 7 15:38:51 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* ftpd.c (ftpd_userok): Check return value of krb5_init_context()
Thu Oct 17 23:55:32 1996 Mark Eichin <eichin@cygnus.com>
* ftpd.c (auth_data): actually exit the for loop if the ftp key
was ok.
Mon Oct 14 07:54:17 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* ftpd.c (secure_fprintf): Use STDARG routines if
present. [krb5-appl/108]
Tue Sep 10 14:07:36 1996 Tom Yu <tlyu@mit.edu>
* ftpd.M: remove ".so man1/header.doc"
Mon Jul 29 22:37:05 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* configure.in: Determine sizeof short, int, long for secure.c
Tue Jul 23 23:13:07 1996 Marc Horowitz <marc@mit.edu>
* ftpd.c (auth_data): the logic which dealt with multiple acceptor
names and fallback was just broken.
Wed Jul 10 16:38:01 1996 Marc Horowitz <marc@mit.edu>
* ftpd.c (store), ftpcmd.y (STOR, APPE, STOU): rename store() to
store_file() to avoid conflict with dbm store() function
* ftpd.c (delete), ftpcmd.y (DELE): rename delete() to
delete_file() to avoid conflict with the dbm delete() function
Thu Jun 13 18:35:19 1996 Kevin L Mitchell <klmitch@mit.edu>
* ftpd.c (authdata): misplaced braces caused server to not be able to
use ftp principle if it was present. Client looks for ftp
first, then tries host; ftpd was looking only for host.
Mon Jun 3 16:12:59 1996 Tom Yu <tlyu@mit.edu>
* Makefile.in, configure.in: back out previous changes and use
Ezra's patches instead.
Sun Jun 2 22:08:17 1996 Tom Yu <tlyu@mit.edu>
* configure.in, Makefile.in: only link getdtablesize.o if needed
Thu Mar 28 21:07:20 1996 Ken Raeburn <raeburn@cygnus.com>
* ftpcmd.y: Define unix for HP-UX.
Mon Mar 18 12:12:20 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* configure.in: Add AC_HEADER_STDARG
* ftpcmd.y, ftpd.c: Declard STDARG if HAVE_STDARG_H is
declared.
Fri Mar 15 14:16:41 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* ftpd.c (auth_data): Do not fail if last gss_service is not
present in keytab. If no services present, return a useful
minor error status.
Fri Mar 15 01:24:39 1996 Richard Basch <basch@lehman.com>
* configure.in, ftpd.c: Added shadow password support.
Wed Mar 13 20:05:52 1996 Mark Eichin <eichin@cygnus.com>
* ftpd.c (auth_data): use gethostbyname to canonicalize local host
name, just like krb5_sname_to_principal does.
Fri Feb 16 15:51:59 1996 Mark Eichin <eichin@cygnus.com>
* ftpcmd.y (yylex): error handling changes from kbalk@hp.com.
Tue Jan 16 18:44:42 1996 Mark Eichin <eichin@cygnus.com>
* ftpd.c (user): 331 is more appropriate for kuserok failure.
Wed Feb 7 13:33:41 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* Makefile.in (clean): Remove ftpd
Thu Jan 18 18:39:06 1996 Sam Hartman <hartmans@zygorthian-space-raiders.MIT.EDU>
* configure.in: Check for crypt in -lcrypt
* ftpd.c: Conditionalize sys_errlist
* configure.in: Check to declare sys_errlist.
Thu Jan 18 14:55:42 1996 Sam Hartman <hartmans@tertius.mit.edu>
* ftpd.c : Only return an unable to acquire credentials error if all possible services fail.
Sun Jan 14 02:58:42 1996 Mark Eichin <eichin@cygnus.com>
* ftpd.c (auth_data): call gss_release_cred on the server_creds we
acquired, before they leave scope.
Sun Jan 14 02:47:19 1996 Karri Balk - Contractor <kbalk@cup.hp.com>
* ftpd.c (gss_services): list of gssapi service names to try.
(auth_data): loop over gss_services.
Sun Jan 14 01:54:35 1996 Bill Schoofs <wjs@cray.com>
* Makefile.in (DEFINES): define NOCONFIDENTIAL for future use.
* ftpcmd.y (CCC): ditch broken CCC code, return proper 534 code.
(PBSZ): return proper code 501 for bad PBSZ argument
(PROT): recognize PROT E.
(cmdtab): add CCC so as to cleanly reject it.
(getline): reject CONF as unsupported (but put in code to
potentially recognize it in the future.) Reject protected commands
of auth_type isn't yet set.
* ftpd.c (setlevel): use 536, not 504, for invalid level, and
use levelnames to find the proper name.
(user): if kuserok succeeds, respond 232, not 231; if it fails,
respond 336 (though 331 might be more appropriate.)
(auth): fix spelling error.
Tue Jan 2 19:19:16 1996 Mark Eichin <eichin@cygnus.com>
* ftpd.c: use HAVE_SETEUID and HAVE_SETRESUID to figure out how
to emulate seteuid instead of assuming hpux.
* configure.in: test for seteuid, setreuid and setresuid.
Fri Oct 20 17:17:19 1995 Mark Eichin <eichin@cygnus.com>
* ftpd.c (auth_data): supply correct channel bindings to accept,
matching the client changes.
Thu Oct 19 12:22:28 1995 Mark W. Eichin <eichin@cygnus.com>
* configure.in: check WITH_DBM_LNAME since we use an_to_ln.
Wed Oct 4 19:26:50 1995 Mark Eichin <eichin@cygnus.com>
* ftpd.c (user): use HAVE_GETUSERSHELL.
* configure.in: check for getusershell.
Mon Oct 2 16:43:54 1995 Mark Eichin <eichin@cygnus.com>
* popen.c (ftpd_popen): malloc all strings, not just globbed ones.
Sun Oct 1 03:31:24 1995 Mark Eichin <eichin@cygnus.com>
* ftpd.c (auth_data): acquire credentials (currently fixed for
service "host".) Fix loop reply logic. Add debugging syslogs. Set
auth_type *after* 235 success reply, so it doesn't get encrypted.
Sun Oct 1 00:58:39 1995 Mark Eichin <eichin@cygnus.com>
* Makefile.in: use FTP_BUFSIZ everywhere and make it large for
now.
* configure.in: check for headers need to build getdtablesize.
* ftpd.c (secure_reply): add GSSAPI hooks.
(reply_gss_error): better gssapi error reporting.
Sat Sep 30 22:26:25 1995 Mark Eichin <eichin@cygnus.com>
* ftpd.c: correct gssapi includes. Fix type of client_name. Use
gss_ok instead of kerb_ok for GSSAPI case (to simplify future
combined code.) Fix some declarations. Fix arguments to
gss_accept_sec_context for type.
* ftpcmd.y: correct gssapi includes.
Sat Sep 30 21:40:30 1995 Mark Eichin <eichin@cygnus.com>
* Makefile.in: hook setenv.c and getdtablesize.c from appl/bsd.
Use double-colon rules for clean, depend, install.
configure.in: check for yacc, SIGTYPE, UTMP, SIGPROCMASK,
WAIT_TYPE, getdtablesize, getcwd, setenv (using the test from
appl/bsd.)
* ftpcmd.y: no conf.h. declare level. Use krb5_sigtype directly.
* ftpd.c: use getcwd directly, make -s srvtab KERBEROS specific.
(user): return 331 as per draft-8, but suggest 53z.
(auth_data): return 535 and 335 and quote draft-8 as to why.
(secure_gss_error): generic interface for secure.c functions to
call reply_gss_error instead.
* logwtmp.c: no conf.h, check NO_UT_HOST.
* popen.c: no conf.h, no getdtablesize.
(ftpd_pclose): Obey USE_SIGPROCMASK.
Sat Sep 30 16:43:28 1995 Mark Eichin <eichin@cygnus.com>
* configure.in, Makefile.in: new files for port to GSSAPI and
build within the Kerberos V5 build tree.
* ftpcmd.y, ftpd.c, secure.c: GSSAPI authentication changes based
on the IETF CAT working group ***DRAFT*** FTP Security
specification, draft number 8, appendix I.
**** previous change logs from CNS V4 modifications of Steve Lunt's
draft-3 ftp daemon, which this is based on. ****
Wed Jul 26 21:03:13 1995 Ken Raeburn <raeburn@cygnus.com>
* secure.c: Include string.h.
* ftpd.c (main): Cast signal() return value to long instead of
int; it's more likely to fit.
Thu Feb 2 13:41:24 1995 Ian Lance Taylor <ian@cygnus.com>
* ftpcmd.y (NBBY): Explicitly define if __pyrsoft and MIPSEB.
(cmd_list): In handling of SYST, undefine BSD if __svr4__ is
defined.
* ftpd.c: Don't try to use IP_TOS if the IP_TOS argument
(IPTOS_LOWDELAY, etc.) is not defined.
Wed Jan 18 17:12:22 1995 Ian Lance Taylor <ian@sanguine.cygnus.com>
* ftpd.8: Include man1/tmac.doc.
Wed Jan 11 15:29:10 1995 Ian Lance Taylor <ian@sanguine.cygnus.com>
* ftpd.c (authenticate): New variable.
(main): Handle -a (require authentication) option.
(user): If authenticate is set, reply with an error if kuserok
fails or if no Kerberos authentication was used.
* ftpcmd.y: Use check_login when parsing the PASV command.
* ftpd.8: Document new -a option.
Tue Jan 3 01:25:57 1995 Mark Eichin <eichin@cygnus.com>
* Makefile.in (clean): explicitly delete ftpcmd.c on clean.
Thu Dec 29 15:17:12 1994 Mark Eichin <eichin@cygnus.com>
* ftpcmd.y (rcmd): don't declare atol, since it isn't used here
anyhow, and it's a macro under linux.
(top level): #define NBBY 8 for linux.
Thu Dec 29 14:51:41 1994 Mark Eichin <eichin@cygnus.com>
* ftpd.c (statcmd): don't use NBBY check -- linux doesn't have it,
it is in no spec, and if it isn't 8, it won't work anyway. (Use
strcat instead of sprintf, while we're at it...)
Tue Dec 27 16:29:24 1994 Ian Lance Taylor <ian@sanguine.cygnus.com>
* ftpcmd.y (reply, lreply): Declare if STDARG || (__STDC__ && !
VARARGS).
* ftpd.c: If STDARG is defined, or if __STDC__ is defined and
VARARGS is not defined, include <stdarg.h>.
(secure_error): Use <stdarg.h> routines if STDARG || (__STDC__ &&
! VARARGS).
(reply, lreply): Likewise.
(setproctitle): Just use one argument.
* secure.c (secure_error): Declare if STDARG || (__STDC__ && !
VARARGS).
Fri Dec 23 16:25:44 1994 Ian Lance Taylor <ian@sanguine.cygnus.com>
* ftpcmd.y (unix): Define if _AIX is defined (AIX compiler does
not predefine unix).
Thu Dec 22 15:05:14 1994 Ian Lance Taylor <ian@sanguine.cygnus.com>
* ftpd.c (keyfile): New global variable.
(main): Move option processing before check of remote socket. Add
new options -p, -r, and -s. Handle -p by accepting a remote
connection.
(kpass): Use keyfile variable rather than KEYFILE. Pass keyfile
explicitly to krb_rd_req.
(auth_data): Likewise.
* ftpd.8: Document new -p, -r, and -s options.
Fri Dec 16 11:06:16 1994 Ian Lance Taylor <ian@cygnus.com>
Fixes for HP/UX:
* ftpd.c: On HP/UX, define seteuid and setegid as macros which
call setresuid and setresgid.
Fixes for UnixWare:
* ftpd.c (main): Use a temporary variable rather than calling
htons(ntohs(X)).
* ftpcmd.y: Include conf.h.
(getline): Cast arguments to Kerberos routines to avoid warnings.
(toolong): Declare as type sigtype, and add dummy argument.
Fixes for SCO:
* cmdtab.y: Include <sys/types.h>.
* ftpd.c (initgroups): Define on SCO.
(main): Don't handle SIGURG if it is not defined.
(pass): Don't try to use crypt on SCO; instead, require Kerberos
password or anonymous login.
Fixes for AIX:
* ftpcmd.y (index): Don't define.
(strpbrk, strcpy): Don't declare.
* ftpd.c (index, rindex): Don't define.
* logwtmp.c (strncpy): Don't declare.
* secure.c: Include <netinet/in.h>.
Fixes for Ultrix:
* ftpd.c (main): Define LOG_NDELAY and LOG_DAEMON as zero if they
are not already defined by <syslog.h>.
Fixes for Irix 4:
* ftpd.c (retrieve): Don't refer to st_blksize if NOSTBLKSIZE is
defined.
* ftpcmd.y: Fix yacc code to use %union and %type.
(yylex): Assign to fields of yylval, rather than to yylval
directly.
General fixes to make it compile on Solaris: Use sigtype for
signal handler return values, including conf.h where needed. Add
a dummy argument to signal handler functions. Replace index,
rindex, bzero and bcopy with ANSI C functions. Cast Kerberos
routine arguments to avoid warnings. Also:
* ftpd.c: Don't include <varargs.h>. If POSIX is defined, include
unistd.h, otherwise define getcwd to call getwd.
(L_SET, L_INCR): Define if not defined.
(pwd): Use getcwd instead of getwd. If POSIX, change the error
handling accordingly.
* popen.c (getdtablesize): New function on hpux or __svr4__.
(ftpd_pclose): If WAIT_USES_INT, use int instead of union wait.
Thu Dec 15 16:13:44 1994 Ian Lance Taylor <ian@sanguine.cygnus.com>
* Initial checkin. Based on Steve Lunt's ftp program, which was
based on BSD code.
|
