summaryrefslogtreecommitdiff
path: root/libexec/ftp-proxy/ftp-proxy.c
AgeCommit message (Collapse)Author
2002-12-19various tweaks. someone mailed in a huge diff that was so wrong in soTheo de Raadt
many ways, and i wasted 2 hours finding the gems in it...
2002-12-19accidental commitTheo de Raadt
2002-12-19missing .PpTheo de Raadt
2002-07-07typos/grammar/better wordsJan-Uwe Finck
in comments.
2002-07-03KNFTheo de Raadt
2002-06-09no newlines in syslogBob Beck
2002-05-23KNF during an audit; found an improperly initialized sockaddrTheo de Raadt
2002-03-12Pass full length to strlcat(). From Brian Poole.Daniel Hartmeier
2002-01-10print proper host name for the proxy's peer; bob okMichael Shalayeff
2001-12-14RFC 959 wasn't clear about what happens around a PASV reply, and inBob Beck
fact RFC 1123 does say that it may not contain parenthesis, and you just have to look at the end of the line. Tholo managed to find a TOPS20 ftp server (toad.xkl.com) that doesn't put parens around the reply - This fixes it so it will handle either case.
2001-10-10 fix multi-line contunuations - ok deraadt@Bob Beck
2001-09-21 Drop privs to named group, not group with same name as user.Bob Beck
noticed by itojun, thanks. fries, you need to catch this for what you're using with faithd
2001-09-05-Make ftp-proxy drop privs to user "proxy" by default.Bob Beck
*WARNING* this means that it will die when it can't find user proxy if you are not running with a passwd database generated from current - Speling cleanup and missing va_end() noticed by <d.doroshenko@omnitel.net> - fix logging of getpwnam|getgrnam failures.
2001-08-28remove unneeded code (this is done later)Bob Beck
2001-08-28oh, some cleanups etc etcTheo de Raadt
2001-08-22-Functionify some of the main loop, so it isn't so horrificly deep and isBob Beck
a bit easier to look at, for small values of easier. -Add two options for -u user and -g group to optionally make the proxy drop privs after doing it's pf ioctl's to find out where to go. Running as non root does mean that the PORT and EPRT backchannels do not come from port 20, but this isn't a problem for most sensible ftp clients and sets of packet filter rules that aren't written by a knuckle dragging ape living in the 90's. I would make it drop privs by default, but technically this breaks the ftp specs, and for the upcoming stuff to deal with EPRT, we will need root privs to manipulate rdr rules).
2001-08-19unsmokecrack - thanks millertBob Beck
2001-08-19decruftify with prejudiceBob Beck
2001-08-19decruftifyBob Beck
2001-08-19Argh. I must be wearing a stupid sign todayBob Beck
2001-08-19bye bye atoi.Bob Beck
2001-08-19oopsBob Beck
2001-08-19I'm a knuckle-dragging moron, the fd_set is overflowable - make it soBob Beck
it isn't.
2001-08-191564 lines of cleanupTheo de Raadt
2001-08-19KNFBob Beck
2001-08-19gratuitous KNFism's, don't have it looking like it's your first dayBob Beck
with your new crack pipe
2001-08-19transparent ftp proxy, based on Obtuse Systems juniper stuff with muchBob Beck
modernizing and cleanup. still needs looking at. Currently supports PORT PASV EPRT data connections with only a pf rdr to capture the control connection. (I.E. you don't need ip forwarding or other NAT stuff). Runs from inetd. Supports all passive (EPSV PASV) when using -n flag, where the proxy ignores passive mode data connections (and assumes nat will get them through). Todo yet: More audit IpV6 Handle EPSV in proxy (with an rdr added then removed) Option to Daemonize and bind only to the loopback More Content/Login filtering, etc. etc. and more bloat