summaryrefslogtreecommitdiff
path: root/libexec/ftpd
AgeCommit message (Collapse)Author
2011-12-15s,/var/run/wtmp,/var/log/wtmp and add it to FILES.Antoine Jacoutot
from Steffen Daode Nurpmeso with a tweak from jmc@ ok jmc@
2011-12-14Add a new '-W' option to prevent saving login records to /var/run/wtmp.Antoine Jacoutot
This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive. ok sthen@ millert@
2011-02-09Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@Todd C. Miller
"Makes sense" markus@ and "i don't see a reason not to" henning@
2010-08-30Add missing network service name from /var/log/ftpd entries.lum
ok and suggestion from jmc@ ok tobias@
2010-08-27In revision 1.14 of ftpd.c the ident variable was removed from its only ↵lum
meaningful usage when a snprintf call was removed, rendering ident useless. Time to remove remaining code. ok tobias@
2010-08-01Properly reset states when a login phase is interrupted by another one.Tobias Stoeckmann
Prevents ftpd from letting regular users logging in during anonymous-only mode (-A). ok millert, ray
2010-07-30Don't set "success" flags before error checks.Ray Lai
Add check for login_getclass() failure, pointed out by tobias. OK tobias
2010-06-18Prevent a segmentation fault on ftpd_popen error (memory, file descriptor,Tobias Stoeckmann
pipe ...) during status command. ok millert
2010-06-13Adjust FTP reply codes (in error conditions) to conform to RFC 959.Tobias Stoeckmann
ok millert, schwarze
2010-03-08Check that gl_pathc is bigger than zero before derefencing gl_pathv. WhileMark Kettenis
this shouldn't happen since we specifiy GLOB_NOMAGIC, it doesn't hurt to be paranoid, even if we fix the bug in glob(3) that causes gl_pathc to be zero even if we specify GLOB_NOMAGIC. ok deraadt@
2009-10-28rcsid[] and sccsid[] and copyright[] are essentially unmaintained (andTheo de Raadt
unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
2009-06-04...and now try again with a commit from the right tree. doh!Stuart Henderson
ftp uses its own ugly "sockunion" to hold addresses, but with CMD_BIND the monitor treats it as if it were a sockaddr. this is fine for v4 but fails for v6, so active connections break. problem reported and diff tested by Maurice Janssen. looks sensible to deraadt@.
2009-06-04ftp uses its own ugly "sockunion" to hold addresses, but with CMD_BINDStuart Henderson
the monitor treats it as if it were a sockaddr. this is fine for v4 but fails for v6, so active connections break. problem reported and diff tested by Maurice Janssen. looks sensible to deraadt@.
2009-04-20When receiving a new connection, log the remote IP numberIngo Schwarze
in addition to the remote hostname. Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@
2008-09-30Always say "User %s access denied", in all cases, to avoid some stupidTheo de Raadt
spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert
2008-09-13Fix minor bug in the previous commit, which could hang theMoritz Jodeit
current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large. Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>. ok millert@
2008-09-12Don't split large commands into multiple commands on a 512-byteMoritz Jodeit
boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server. Reported by Maksymilian Arciemowicz <cxib@securityreason.com>. ok millert@ martynas@
2008-06-30Include file order must be "monitor.h" before "extern.h" otherwise enumAnders Magnusson
auth_ret is referenced before it is declared, which is not allowed by C99. Ok krw@, millert@, gilles@
2008-04-13Use arc4random_buf() when requesting more than a single word of outputDamien Miller
Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@
2008-03-24msg_controllen has to be CMSG_SPACE so that the kernel can account forTheo de Raadt
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis
2008-03-15Repair the simple cases for msg_controllen where it should just beTheo de Raadt
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer
2008-03-13Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due toTheo de Raadt
an extensive discussion with otto, kettenis, millert, and hshoexer
2007-09-02use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsgTheo de Raadt
2007-07-31From Gilles Chehade:Ray Lai
- Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result. OK moritz
2007-07-27Fix potential memory leak, when snprintf(3) returns an empty buffer.Moritz Jodeit
OK ray@
2007-06-21Adjust spacing, combine malloc + strlcpy + strlcat into a singleRay Lai
asprintf call. OK moritz
2007-06-19Make sure perror_reply() is only called when errno is set. WhenRay Lai
changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering. OK moritz
2007-05-31convert to new .Dd format;Jason McIntyre
2007-04-05Remove lint comment, which does not apply anymore.Moritz Jodeit
2007-03-26Do not log when the slave gets killed because of read()Moritz Jodeit
returning 0. This is normal behavior and should not spam the logs. Noticed by henning@ OK henning@ millert@
2007-03-22Do not advertise version in the ftp banner, because there is no reason to.Chad Loder
OK mbalmer@, xsa@, henning@, idea prompted by deraadt
2007-03-01- use proper log facility and priority in the slave sig handlersOtto Moerbeek
- if the monitor decides to kill the slave, log that ok millert@ moritz@
2006-12-21'tranfer' -> 'transfer' in comments.Kenneth R Westerback
2006-10-18Avoid double fclose() of a file if we exceed retries. Coverity ID 2669.Todd C. Miller
OK cloder@
2006-10-18you do not call fclose() on a file descriptor; ok cloderTheo de Raadt
2006-04-21lint cleanup; ok ray moritz dhillTheo de Raadt
2006-04-02malloc(x * y) -> calloc(x, y) from adobriyan AT gmail.com, with tweaksDamien Miller
suggested by kjell@; ok otto@ pat@ millert@ jaredy@
2006-03-14Allow anonymous logins without a password, which was brokenMoritz Jodeit
by the last commit. Noticed by Armin Wolfermann. ok henning@
2006-01-20fix integer overflows. ok millert@Moritz Jodeit
2005-12-03remove shadowing variables; ok pvalTheo de Raadt
2005-12-01fix double var declarations in same scope, found by lint; ok deraadt cloderPeter Valchev
2005-09-09uppercase `FTP' when talking about the protocol rather than theJason McIntyre
ftp(1) binary...this is in line with what ftp(1) already does...
2005-08-22EOF in ascii mode may also mean EOF so avoid printing a bogus error and ↵Michael Shalayeff
behave same as bin mode; beck@ deraadt@ millert@ ok
2005-07-14let root create the data socket. fixes PR 4287.Moritz Jodeit
ok millert@ henning@
2005-06-15remove y.tab.c on make clean tooMichael Shalayeff
2005-05-27include sys/time.h to get struct timevalTodd C. Miller
2005-05-24readd endpwent()Moritz Jodeit
2005-05-24no need for endpwent()Moritz Jodeit
2005-04-21make code prettier so we can tell it is safe when we read it; ok beck cloderTheo de Raadt
2005-03-15better handling of cases where getnameinfo() returns non-zero.Niall O'Higgins
upon failure, don't try to print the contents of the char buffers we passed it. ok & feedback henning@, moritz@ (thanks!)