DragonFly-2.1.1.277.gbf9ce master etc/pam.d ftpd libexec/ftpd Makefile extern.h ftpchroot.5 ftpcmd.y ftpd.8 ftpd.c popen.c skey-stuff.c

Peter Avalos pavalos at crater.dragonflybsd.org
Sat Jan 3 08:49:30 PST 2009


commit bf9ce431742c80472b7ecab7eb0f3948b9eee24c
Author: Peter Avalos <pavalos at theshell.com>
Date:   Fri Jan 2 18:16:23 2009 -0500

    Sync ftpd(8) with FreeBSD. Here are the highlights:
    
    -Prevent cross-site forgery attacks on ftpd(8) due to splitting
    long commands into multiple requests.
    
    -Switch from S/Key to OPIE.
    
    -Add PAM support for account management and sessions.
    
    -Avoid calling uninitialized function pointers in protocol switch
    code.
    
    -Add support for RFC 2389 (FEAT) and RFC 2640 (UTF8) to ftpd(8).
    
    -Use uniform punctuation, capitalization, and language style
    in server messages wherever this doesn't contradict to a particular
    message format.
    
    -Use the standardized CHAR_BIT constant instead of NBBY.
    
    -Let tilde expansion be done even if a file/directory doesn't exist yet.
    This makes such natural commands as "MKD ~user/newdir" or "STOR
    ~/newfile" do what they are supposed to instead of failing miserably
    with the "File not found" error.
    
    -ANSI function declarations.
    
    -Remove (void) casts and register keyword.
    
    -Block SIGURG while reading from the control channel.
    SIGURG is configured by ftpd to interrupt system calls, which is useful
    during data transfers.  However, SIGURG could interrupt I/O on the
    control channel as well, which was mistaken for the end of the session.
    A practical example could be aborting the download of a tiny file,
    when the abort sequence reached ftpd after ftpd had passed the file
    data to the system and returned to its command loop.
    
    -Improve error handling in getline().
    
    -Log pathname arguments to ftp commands as the user specified them;
    add the working directory pathname to the log message if any of
    such arguments isn't absolute.  This has advantage over the old
    way of logging that an admin can see what users are actually trying
    to do, and where.  The old code was also not too robust when it
    came to a chrooted session and an absolute pathname.
    
    -Improve handling SIGURG and OOB commands on the control channel.
    The major change is to process STAT sent as an OOB command w/o
    breaking the current data transfer.  As a side effect, this gives
    better error checking in the code performing data transfers.
    
    -Never emit a message to stderr: use syslog instead.
    When in inetd mode, this prevents bogus messages from
    appearing on the control channel.  When running as a
    daemon, we shouldn't write to the terminal we used to
    have at all.
    
    -Don't depend on IPv4-mapped IPv6 address to bind to both IPv4
    and IPv6.
    
    -Work around a bug in some clients by never returning raw directory
    contents in reply to a RETR command.  Such clients consider RETR
    as a way to tell a file from a directory.
    
    -Log the actual number of bytes sent on the wire to /var/log/ftpd
    instead of the disk size of the file sent.   Since the log file
    is intended to provide data for anonymous ftp traffic accounting,
    the disk size of the file isn't really informative in this case.

Summary of changes:
 etc/pam.d/ftpd            |   20 +-
 libexec/ftpd/Makefile     |   33 +-
 libexec/ftpd/extern.h     |   71 +-
 libexec/ftpd/ftpchroot.5  |   35 +-
 libexec/ftpd/ftpcmd.y     |  405 +++++++-----
 libexec/ftpd/ftpd.8       |  182 +++---
 libexec/ftpd/ftpd.c       | 1620 ++++++++++++++++++++++++++-------------------
 libexec/ftpd/popen.c      |   33 +-
 libexec/ftpd/skey-stuff.c |   31 -
 9 files changed, 1402 insertions(+), 1028 deletions(-)
 delete mode 100644 libexec/ftpd/skey-stuff.c

http://gitweb.dragonflybsd.org/?p=dragonfly.git;a=commitdiff;h=bf9ce431742c80472b7ecab7eb0f3948b9eee24c


-- 
DragonFly BSD source repository





More information about the Commits mailing list