Merge from current: adds login.conf support & bugfix mmap failure. - src

diff options


context:
space:
mode:

author	David Nugent <davidn@FreeBSD.org>	1997-05-10 19:48:13 +0000
committer	David Nugent <davidn@FreeBSD.org>	1997-05-10 19:48:13 +0000
commit	e28f66ee9c202e11dead07d4020d6662e84ef48d (patch)
tree	bcd9ad8bbf0b69385b2d0197bc1ea2914a5d3f14 /libexec
parent	ccd4f86e061e3ecde5461adf9178a1be85124072 (diff)

Notes

Diffstat (limited to 'libexec')

-rw-r--r--

libexec/ftpd/Makefile

-rw-r--r--

libexec/ftpd/ftpd.8

-rw-r--r--

libexec/ftpd/ftpd.c

-rw-r--r--

libexec/ftpd/skey-stuff.c

4 files changed, 60 insertions, 9 deletions

diff --git a/libexec/ftpd/Makefile b/libexec/ftpd/Makefile
index 0af51342978f..fc5cd6697436 100644
--- a/libexec/ftpd/Makefile
+++ b/libexec/ftpd/Makefile

@@ -1,11 +1,11 @@

# @(#)Makefile 8.2 (Berkeley) 4/4/94

-# $Id: Makefile,v 1.17.2.1 1997/04/26 23:39:29 davidn Exp $

+# $Id: Makefile,v 1.17.2.2 1997/04/29 12:55:33 davidn Exp $

PROG= ftpd

MAN8= ftpd.8

SRCS= ftpd.c ftpcmd.c logwtmp.c popen.c skey-stuff.c

-CFLAGS+=-DSETPROCTITLE -DSKEY -DVIRTUAL_HOSTING -Wall

+CFLAGS+=-DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -Wall

LDADD= -lskey -lmd -lcrypt -lutil

DPADD= ${LIBSKEY} ${LIBMD} ${LIBCRYPT} ${LIBUTIL}

diff --git a/libexec/ftpd/ftpd.8 b/libexec/ftpd/ftpd.8
index e7acdd602658..fefa763ed40c 100644
--- a/libexec/ftpd/ftpd.8
+++ b/libexec/ftpd/ftpd.8

@@ -30,7 +30,7 @@

.\" SUCH DAMAGE.

.\"

.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94

-.\" $Id: ftpd.8,v 1.9.2.6 1997/04/27 08:25:42 davidn Exp $

+.\" $Id: ftpd.8,v 1.9.2.7 1997/04/29 12:55:33 davidn Exp $

.\"

.Dd April 19, 1994

.Dt FTPD 8

@@ -282,6 +282,9 @@ as for an

.Dq ftp

account (see next item).

+This facility may also be triggered by enabling the boolean "ftp-chroot"

+capability in

+.Xr login.conf 5 .

However, the user must still supply a password.

This feature is intended as a compromise between a fully anonymous

account and a fully privileged account.

@@ -435,6 +438,7 @@ Log file for anonymous transfers.

.Xr ftp 1 ,

.Xr key 1 ,

.Xr getusershell 3 ,

+.Xr login.conf 5 ,

.Xr inetd 8 ,

.Xr syslogd 8

.Sh BUGS

diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 5673817be2b7..77af6f9bddc3 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c

@@ -30,7 +30,7 @@

* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

* SUCH DAMAGE.

- * $Id: ftpd.c,v 1.25.2.6 1997/04/27 08:19:50 davidn Exp $

+ * $Id: ftpd.c,v 1.25.2.7 1997/04/29 12:55:33 davidn Exp $

#if 0

@@ -86,6 +86,9 @@ static char sccsid[] = "@(#)ftpd.c 8.4 (Berkeley) 4/16/94";

#include <time.h>

#include <unistd.h>

#include <libutil.h>

+#ifdef LOGIN_CAP

+#include <login_cap.h>

+#endif

#ifdef SKEY

#include <skey.h>

@@ -286,7 +289,7 @@ main(argc, argv, envp)

bind_address.s_addr = htonl(INADDR_ANY);

- while ((ch = getopt(argc, argv, "AdlDSURt:T:u:va:p:")) != EOF) {

+ while ((ch = getopt(argc, argv, "AdlDSURt:T:u:va:p:")) != -1) {

switch (ch) {

case 'D':

daemon_mode++;

@@ -888,6 +891,10 @@ end_login()

if (logged_in)

logwtmp(ttyline, "", "");

pw = NULL;

+#ifdef LOGIN_CAP

+ setusercontext(NULL, getpwuid(0), (uid_t)0,

+ LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);

+#endif

logged_in = 0;

guest = 0;

dochroot = 0;

@@ -899,6 +906,9 @@ pass(passwd)

{

int rval;

FILE *fd;

+#ifdef LOGIN_CAP

+ login_cap_t *lc = NULL;

+#endif

static char homedir[MAXPATHLEN];

if (logged_in || askpasswd == 0) {

@@ -954,7 +964,34 @@ skip:

reply(550, "Can't set gid.");

return;

}

+ /* May be overridden by login.conf */

+ (void) umask(defumask);

+#ifdef LOGIN_CAP

+ if ((lc = login_getpwclass(pw)) != NULL) {

+ char remote_ip[MAXHOSTNAMELEN];

+ strncpy(remote_ip, inet_ntoa(his_addr.sin_addr),

+ sizeof(remote_ip) - 1);

+ remote_ip[sizeof(remote_ip) - 1] = 0;

+ if (!auth_hostok(lc, remotehost, remote_ip)) {

+ syslog(LOG_INFO|LOG_AUTH,

+ "FTP LOGIN FAILED (HOST) as %s: permission denied.",

+ pw->pw_name);

+ reply(530, "Permission denied.\n");

+ pw = NULL;

+ return;

+ }

+ if (!auth_timeok(lc, time(NULL))) {

+ reply(530, "Login not available right now.\n");

+ pw = NULL;

+ return;

+ }

+ setusercontext(lc, pw, (uid_t)0,

+ LOGIN_SETGROUP|LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);

+#else

(void) initgroups(pw->pw_name, pw->pw_gid);

+#endif

/* open wtmp before chroot */

logwtmp(ttyline, pw->pw_name, remotehost);

@@ -968,7 +1005,11 @@ skip:

#endif

stats = 0;

- dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name);

+ dochroot =

+#ifdef LOGIN_CAP /* Allow login.conf configuration as well */

+ login_getcapbool(lc, "ftp-chroot", 0) ||

+#endif

+ checkuser(_PATH_FTPCHROOT, pw->pw_name);

if (guest) {

* We MUST do a chdir() after the chroot. Otherwise

@@ -1059,10 +1100,15 @@ skip:

syslog(LOG_INFO, "FTP LOGIN FROM %s as %s",

remotehost, pw->pw_name);

}

- (void) umask(defumask);

+#ifdef LOGIN_CAP

+ login_close(lc);

+#endif

return;

bad:

/* Forget all about it... */

+#ifdef LOGIN_CAP

+ login_close(lc);

+#endif

end_login();

}

@@ -1404,7 +1450,7 @@ send_data(instr, outstr, blksize, filesize, isreg)

if (isreg && filesize < (off_t)16 * 1024 * 1024) {

buf = mmap(0, filesize, PROT_READ, MAP_SHARED, filefd,

(off_t)0);

- if (!buf) {

+ if (buf == MAP_FAILED) {

syslog(LOG_WARNING, "mmap(%lu): %m",

(unsigned long)filesize);

goto oldway;

diff --git a/libexec/ftpd/skey-stuff.c b/libexec/ftpd/skey-stuff.c
index 98542e154ac5..e341d5f4ee38 100644
--- a/libexec/ftpd/skey-stuff.c
+++ b/libexec/ftpd/skey-stuff.c

@@ -1,9 +1,10 @@

/* Author: Wietse Venema, Eindhoven University of Technology.

- * $Id: skey-stuff.c,v 1.3 1996/09/22 21:53:34 wosch Exp $

+ * $Id: skey-stuff.c,v 1.6 1996/10/18 17:09:26 ache Exp $

#include <stdio.h>

+#include <string.h>

#include <pwd.h>

#include <skey.h>