DragonFly-220.127.116.117.gbf9ce master etc/pam.d ftpd libexec/ftpd Makefile extern.h ftpchroot.5 ftpcmd.y ftpd.8 ftpd.c popen.c skey-stuff.c
pavalos at crater.dragonflybsd.org
Sat Jan 3 08:49:30 PST 2009
Author: Peter Avalos <pavalos at theshell.com>
Date: Fri Jan 2 18:16:23 2009 -0500
Sync ftpd(8) with FreeBSD. Here are the highlights:
-Prevent cross-site forgery attacks on ftpd(8) due to splitting
long commands into multiple requests.
-Switch from S/Key to OPIE.
-Add PAM support for account management and sessions.
-Avoid calling uninitialized function pointers in protocol switch
-Add support for RFC 2389 (FEAT) and RFC 2640 (UTF8) to ftpd(8).
-Use uniform punctuation, capitalization, and language style
in server messages wherever this doesn't contradict to a particular
-Use the standardized CHAR_BIT constant instead of NBBY.
-Let tilde expansion be done even if a file/directory doesn't exist yet.
This makes such natural commands as "MKD ~user/newdir" or "STOR
~/newfile" do what they are supposed to instead of failing miserably
with the "File not found" error.
-ANSI function declarations.
-Remove (void) casts and register keyword.
-Block SIGURG while reading from the control channel.
SIGURG is configured by ftpd to interrupt system calls, which is useful
during data transfers. However, SIGURG could interrupt I/O on the
control channel as well, which was mistaken for the end of the session.
A practical example could be aborting the download of a tiny file,
when the abort sequence reached ftpd after ftpd had passed the file
data to the system and returned to its command loop.
-Improve error handling in getline().
-Log pathname arguments to ftp commands as the user specified them;
add the working directory pathname to the log message if any of
such arguments isn't absolute. This has advantage over the old
way of logging that an admin can see what users are actually trying
to do, and where. The old code was also not too robust when it
came to a chrooted session and an absolute pathname.
-Improve handling SIGURG and OOB commands on the control channel.
The major change is to process STAT sent as an OOB command w/o
breaking the current data transfer. As a side effect, this gives
better error checking in the code performing data transfers.
-Never emit a message to stderr: use syslog instead.
When in inetd mode, this prevents bogus messages from
appearing on the control channel. When running as a
daemon, we shouldn't write to the terminal we used to
have at all.
-Don't depend on IPv4-mapped IPv6 address to bind to both IPv4
-Work around a bug in some clients by never returning raw directory
contents in reply to a RETR command. Such clients consider RETR
as a way to tell a file from a directory.
-Log the actual number of bytes sent on the wire to /var/log/ftpd
instead of the disk size of the file sent. Since the log file
is intended to provide data for anonymous ftp traffic accounting,
the disk size of the file isn't really informative in this case.
Summary of changes:
etc/pam.d/ftpd | 20 +-
libexec/ftpd/Makefile | 33 +-
libexec/ftpd/extern.h | 71 +-
libexec/ftpd/ftpchroot.5 | 35 +-
libexec/ftpd/ftpcmd.y | 405 +++++++-----
libexec/ftpd/ftpd.8 | 182 +++---
libexec/ftpd/ftpd.c | 1620 ++++++++++++++++++++++++++-------------------
libexec/ftpd/popen.c | 33 +-
libexec/ftpd/skey-stuff.c | 31 -
9 files changed, 1402 insertions(+), 1028 deletions(-)
delete mode 100644 libexec/ftpd/skey-stuff.c
DragonFly BSD source repository
More information about the Commits