1 /* $NetBSD: ftpd.c,v 1.202 2015/08/10 07:32:49 shm Exp $ */
2
3 /*
4 * Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Luke Mewburn.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 /*
33 * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
34 * The Regents of the University of California. All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 */
60
61 /*
62 * Copyright (C) 1997 and 1998 WIDE Project.
63 * All rights reserved.
64 *
65 * Redistribution and use in source and binary forms, with or without
66 * modification, are permitted provided that the following conditions
67 * are met:
68 * 1. Redistributions of source code must retain the above copyright
69 * notice, this list of conditions and the following disclaimer.
70 * 2. Redistributions in binary form must reproduce the above copyright
71 * notice, this list of conditions and the following disclaimer in the
72 * documentation and/or other materials provided with the distribution.
73 * 3. Neither the name of the project nor the names of its contributors
74 * may be used to endorse or promote products derived from this software
75 * without specific prior written permission.
76 *
77 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
78 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
79 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
80 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
81 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
82 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
83 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
84 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
85 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
86 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
87 * SUCH DAMAGE.
88 */
89
90 #include <sys/cdefs.h>
91 #ifndef lint
92 __COPYRIGHT("@(#) Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994\
93 The Regents of the University of California. All rights reserved.");
94 #endif /* not lint */
95
96 #ifndef lint
97 #if 0
98 static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95";
99 #else
100 __RCSID("$NetBSD: ftpd.c,v 1.202 2015/08/10 07:32:49 shm Exp $");
101 #endif
102 #endif /* not lint */
103
104 /*
105 * FTP server.
106 */
107 #include <sys/param.h>
108 #include <sys/stat.h>
109 #include <sys/ioctl.h>
110 #include <sys/socket.h>
111 #include <sys/wait.h>
112 #include <sys/mman.h>
113 #include <sys/resource.h>
114
115 #include <netinet/in.h>
116 #include <netinet/in_systm.h>
117 #include <netinet/ip.h>
118
119 #define FTP_NAMES
120 #include <arpa/ftp.h>
121 #include <arpa/inet.h>
122 #include <arpa/telnet.h>
123
124 #include <ctype.h>
125 #include <dirent.h>
126 #include <err.h>
127 #include <errno.h>
128 #include <fcntl.h>
129 #include <fnmatch.h>
130 #include <glob.h>
131 #include <grp.h>
132 #include <limits.h>
133 #include <netdb.h>
134 #include <pwd.h>
135 #include <poll.h>
136 #include <signal.h>
137 #include <stdarg.h>
138 #include <stdio.h>
139 #include <stdlib.h>
140 #include <string.h>
141 #include <syslog.h>
142 #include <time.h>
143 #include <tzfile.h>
144 #include <unistd.h>
145 #include <util.h>
146 #ifdef SUPPORT_UTMP
147 #include <utmp.h>
148 #endif
149 #ifdef SUPPORT_UTMPX
150 #include <utmpx.h>
151 #endif
152 #ifdef SKEY
153 #include <skey.h>
154 #endif
155 #ifdef KERBEROS5
156 #include <com_err.h>
157 #include <krb5/krb5.h>
158 #endif
159
160 #ifdef LOGIN_CAP
161 #include <login_cap.h>
162 #endif
163
164 #ifdef USE_PAM
165 #include <security/pam_appl.h>
166 #endif
167
168 #include "pfilter.h"
169
170 #define GLOBAL
171 #include "extern.h"
172 #include "pathnames.h"
173 #include "version.h"
174
175 static sig_atomic_t transflag;
176 static sig_atomic_t urgflag;
177
178 int data;
179 int Dflag;
180 int sflag;
181 int stru; /* avoid C keyword */
182 int mode;
183 int dataport; /* use specific data port */
184 int dopidfile; /* maintain pid file */
185 int doutmp; /* update utmp file */
186 int dowtmp; /* update wtmp file */
187 int doxferlog; /* syslog/write wu-ftpd style xferlog entries */
188 int xferlogfd; /* fd to write wu-ftpd xferlog entries to */
189 int getnameopts; /* flags for use with getname() */
190 int dropprivs; /* if privileges should or have been dropped */
191 int mapped; /* IPv4 connection on AF_INET6 socket */
192 off_t file_size;
193 off_t byte_count;
194 static char ttyline[20];
195
196 #ifdef USE_PAM
197 static int auth_pam(void);
198 pam_handle_t *pamh = NULL;
199 #endif
200
201 #ifdef SUPPORT_UTMP
202 static struct utmp utmp; /* for utmp */
203 #endif
204 #ifdef SUPPORT_UTMPX
205 static struct utmpx utmpx; /* for utmpx */
206 #endif
207
208 static const char *anondir = NULL;
209 static const char *confdir = _DEFAULT_CONFDIR;
210
211 static char *curname; /* current USER name */
212 static size_t curname_len; /* length of curname (include NUL) */
213
214 #if defined(KERBEROS) || defined(KERBEROS5)
215 int has_ccache = 0;
216 int notickets = 1;
217 char *krbtkfile_env = NULL;
218 char *tty = ttyline;
219 int login_krb5_forwardable_tgt = 0;
220 #endif
221
222 int epsvall = 0;
223
224 /*
225 * Timeout intervals for retrying connections
226 * to hosts that don't accept PORT cmds. This
227 * is a kludge, but given the problems with TCP...
228 */
229 #define SWAITMAX 90 /* wait at most 90 seconds */
230 #define SWAITINT 5 /* interval between retries */
231
232 int swaitmax = SWAITMAX;
233 int swaitint = SWAITINT;
234
235 enum send_status {
236 SS_SUCCESS,
237 SS_ABORTED, /* transfer aborted */
238 SS_NO_TRANSFER, /* no transfer made yet */
239 SS_FILE_ERROR, /* file read error */
240 SS_DATA_ERROR /* data send error */
241 };
242
243 static int bind_pasv_addr(void);
244 static int checkuser(const char *, const char *, int, int, char **);
245 static int checkaccess(const char *);
246 static int checkpassword(const struct passwd *, const char *);
247 static void do_pass(int, int, const char *);
248 static void end_login(void);
249 static FILE *getdatasock(const char *);
250 static char *gunique(const char *);
251 static void login_utmp(const char *, const char *, const char *,
252 struct sockinet *);
253 static void logremotehost(struct sockinet *);
254 __dead static void lostconn(int);
255 __dead static void toolong(int);
256 __dead static void sigquit(int);
257 static void sigurg(int);
258 static int handleoobcmd(void);
259 static int receive_data(FILE *, FILE *);
260 static int send_data(FILE *, FILE *, const struct stat *, int);
261 static struct passwd *sgetpwnam(const char *);
262 static int write_data(int, char *, size_t, off_t *, struct timeval *,
263 int);
264 static enum send_status
265 send_data_with_read(int, int, const struct stat *, int);
266 #if !defined(__minix)
267 static enum send_status
268 send_data_with_mmap(int, int, const struct stat *, int);
269 #endif /* !defined(__minix) */
270 static void logrusage(const struct rusage *, const struct rusage *);
271 static void logout_utmp(void);
272
273 int main(int, char *[]);
274
275 #if defined(KERBEROS)
276 int klogin(struct passwd *, char *, char *, char *);
277 void kdestroy(void);
278 #endif
279 #if defined(KERBEROS5)
280 int k5login(struct passwd *, char *, char *, char *);
281 void k5destroy(void);
282 #endif
283
284 int
main(int argc,char * argv[])285 main(int argc, char *argv[])
286 {
287 int ch, on = 1, tos, keepalive;
288 socklen_t addrlen;
289 #ifdef KERBEROS5
290 krb5_error_code kerror;
291 #endif
292 char *p;
293 const char *xferlogname = NULL;
294 long l;
295 struct sigaction sa;
296 sa_family_t af = AF_UNSPEC;
297
298 connections = 1;
299 ftpd_debug = 0;
300 logging = 0;
301 pdata = -1;
302 Dflag = 0;
303 sflag = 0;
304 dataport = 0;
305 dopidfile = 1; /* default: DO use a pid file to count users */
306 doutmp = 0; /* default: Do NOT log to utmp */
307 dowtmp = 1; /* default: DO log to wtmp */
308 doxferlog = 0; /* default: Do NOT syslog xferlog */
309 xferlogfd = -1; /* default: Do NOT write xferlog file */
310 getnameopts = 0; /* default: xlate addrs to name */
311 dropprivs = 0;
312 mapped = 0;
313 usedefault = 1;
314 emailaddr = NULL;
315 hostname[0] = '\0';
316 homedir[0] = '\0';
317 gidcount = 0;
318 is_oob = 0;
319 version = FTPD_VERSION;
320
321 /*
322 * LOG_NDELAY sets up the logging connection immediately,
323 * necessary for anonymous ftp's that chroot and can't do it later.
324 */
325 openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
326
327 while ((ch = getopt(argc, argv,
328 "46a:c:C:Dde:h:HlL:nP:qQrst:T:uUvV:wWX")) != -1) {
329 switch (ch) {
330 case '4':
331 af = AF_INET;
332 break;
333
334 case '6':
335 af = AF_INET6;
336 break;
337
338 case 'a':
339 anondir = optarg;
340 break;
341
342 case 'c':
343 confdir = optarg;
344 break;
345
346 case 'C':
347 if ((p = strchr(optarg, '@')) != NULL) {
348 *p++ = '\0';
349 strlcpy(remotehost, p, MAXHOSTNAMELEN + 1);
350 if (inet_pton(AF_INET, p,
351 &his_addr.su_addr) == 1) {
352 his_addr.su_family = AF_INET;
353 his_addr.su_len =
354 sizeof(his_addr.si_su.su_sin);
355 #ifdef INET6
356 } else if (inet_pton(AF_INET6, p,
357 &his_addr.su_6addr) == 1) {
358 his_addr.su_family = AF_INET6;
359 his_addr.su_len =
360 sizeof(his_addr.si_su.su_sin6);
361 #endif
362 } else
363 his_addr.su_family = AF_UNSPEC;
364 }
365 pw = sgetpwnam(optarg);
366 exit(checkaccess(optarg) ? 0 : 1);
367 /* NOTREACHED */
368
369 case 'D':
370 Dflag = 1;
371 break;
372
373 case 'd':
374 case 'v': /* deprecated */
375 ftpd_debug = 1;
376 break;
377
378 case 'e':
379 emailaddr = optarg;
380 break;
381
382 case 'h':
383 strlcpy(hostname, optarg, sizeof(hostname));
384 break;
385
386 case 'H':
387 if (gethostname(hostname, sizeof(hostname)) == -1)
388 hostname[0] = '\0';
389 hostname[sizeof(hostname) - 1] = '\0';
390 break;
391
392 case 'l':
393 logging++; /* > 1 == extra logging */
394 break;
395
396 case 'L':
397 xferlogname = optarg;
398 break;
399
400 case 'n':
401 getnameopts = NI_NUMERICHOST;
402 break;
403
404 case 'P':
405 errno = 0;
406 p = NULL;
407 l = strtol(optarg, &p, 10);
408 if (errno || *optarg == '\0' || *p != '\0' ||
409 l < IPPORT_RESERVED ||
410 l > IPPORT_ANONMAX) {
411 syslog(LOG_WARNING, "Invalid dataport %s",
412 optarg);
413 dataport = 0;
414 }
415 dataport = (int)l;
416 break;
417
418 case 'q':
419 dopidfile = 1;
420 break;
421
422 case 'Q':
423 dopidfile = 0;
424 break;
425
426 case 'r':
427 dropprivs = 1;
428 break;
429
430 case 's':
431 sflag = 1;
432 break;
433
434 case 't':
435 case 'T':
436 syslog(LOG_WARNING,
437 "-%c has been deprecated in favour of ftpd.conf",
438 ch);
439 break;
440
441 case 'u':
442 doutmp = 1;
443 break;
444
445 case 'U':
446 doutmp = 0;
447 break;
448
449 case 'V':
450 if (EMPTYSTR(optarg) || strcmp(optarg, "-") == 0)
451 version = NULL;
452 else
453 version = ftpd_strdup(optarg);
454 break;
455
456 case 'w':
457 dowtmp = 1;
458 break;
459
460 case 'W':
461 dowtmp = 0;
462 break;
463
464 case 'X':
465 doxferlog |= 1;
466 break;
467
468 default:
469 if (optopt == 'a' || optopt == 'C')
470 exit(1);
471 syslog(LOG_WARNING, "unknown flag -%c ignored", optopt);
472 break;
473 }
474 }
475 if (EMPTYSTR(confdir))
476 confdir = _DEFAULT_CONFDIR;
477
478 pfilter_open();
479
480 if (dowtmp) {
481 #ifdef SUPPORT_UTMPX
482 ftpd_initwtmpx();
483 #endif
484 #ifdef SUPPORT_UTMP
485 ftpd_initwtmp();
486 #endif
487 }
488 errno = 0;
489 #if !defined(__minix)
490 l = sysconf(_SC_LOGIN_NAME_MAX);
491 if (l == -1 && errno != 0) {
492 syslog(LOG_ERR, "sysconf _SC_LOGIN_NAME_MAX: %m");
493 exit(1);
494 } else if (l <= 0) {
495 syslog(LOG_WARNING, "using conservative LOGIN_NAME_MAX value");
496 curname_len = _POSIX_LOGIN_NAME_MAX;
497 } else
498 curname_len = (size_t)l;
499 #else
500 curname_len = _POSIX_LOGIN_NAME_MAX;
501 #endif /* !defined(__minix) */
502 curname = malloc(curname_len);
503 if (curname == NULL) {
504 syslog(LOG_ERR, "malloc: %m");
505 exit(1);
506 }
507 curname[0] = '\0';
508
509 if (Dflag) {
510 int error, fd, i, n, *socks;
511 struct pollfd *fds;
512 struct addrinfo hints, *res, *res0;
513
514 if (daemon(1, 0) == -1) {
515 syslog(LOG_ERR, "failed to daemonize: %m");
516 exit(1);
517 }
518 (void)memset(&sa, 0, sizeof(sa));
519 sa.sa_handler = SIG_IGN;
520 sa.sa_flags = SA_NOCLDWAIT;
521 sigemptyset(&sa.sa_mask);
522 (void)sigaction(SIGCHLD, &sa, NULL);
523
524 (void)memset(&hints, 0, sizeof(hints));
525 hints.ai_flags = AI_PASSIVE;
526 hints.ai_family = af;
527 hints.ai_socktype = SOCK_STREAM;
528 error = getaddrinfo(NULL, "ftp", &hints, &res0);
529 if (error) {
530 syslog(LOG_ERR, "getaddrinfo: %s", gai_strerror(error));
531 exit(1);
532 }
533
534 for (n = 0, res = res0; res != NULL; res = res->ai_next)
535 n++;
536 if (n == 0) {
537 syslog(LOG_ERR, "no addresses available");
538 exit(1);
539 }
540 socks = malloc(n * sizeof(int));
541 fds = malloc(n * sizeof(struct pollfd));
542 if (socks == NULL || fds == NULL) {
543 syslog(LOG_ERR, "malloc: %m");
544 exit(1);
545 }
546
547 for (n = 0, res = res0; res != NULL; res = res->ai_next) {
548 socks[n] = socket(res->ai_family, res->ai_socktype,
549 res->ai_protocol);
550 if (socks[n] == -1)
551 continue;
552 (void)setsockopt(socks[n], SOL_SOCKET, SO_REUSEADDR,
553 &on, sizeof(on));
554 if (bind(socks[n], res->ai_addr, res->ai_addrlen)
555 == -1) {
556 (void)close(socks[n]);
557 continue;
558 }
559 if (listen(socks[n], 12) == -1) {
560 (void)close(socks[n]);
561 continue;
562 }
563
564 fds[n].fd = socks[n];
565 fds[n].events = POLLIN;
566 n++;
567 }
568 if (n == 0) {
569 syslog(LOG_ERR, "%m");
570 exit(1);
571 }
572 freeaddrinfo(res0);
573
574 if (pidfile(NULL) == -1)
575 syslog(LOG_ERR, "failed to write a pid file: %m");
576
577 for (;;) {
578 #ifdef __minix
579 /*
580 * MINIX 3 does not yet support SA_NOCLDWAIT. Cleaning
581 * up zombies this way is not perfect, but at least it
582 * prevents accumulation of zombies over time.
583 */
584 while (waitpid(-1, NULL, WNOHANG) > 0)
585 ;
586 #endif /* __minix */
587 if (poll(fds, n, INFTIM) == -1) {
588 if (errno == EINTR)
589 continue;
590 syslog(LOG_ERR, "poll: %m");
591 exit(1);
592 }
593 for (i = 0; i < n; i++) {
594 if (fds[i].revents & POLLIN) {
595 fd = accept(fds[i].fd, NULL, NULL);
596 if (fd == -1) {
597 syslog(LOG_ERR, "accept: %m");
598 continue;
599 }
600 switch (fork()) {
601 case -1:
602 syslog(LOG_ERR, "fork: %m");
603 break;
604 case 0:
605 goto child;
606 /* NOTREACHED */
607 }
608 (void)close(fd);
609 }
610 }
611 }
612 child:
613 (void)dup2(fd, STDIN_FILENO);
614 (void)dup2(fd, STDOUT_FILENO);
615 (void)dup2(fd, STDERR_FILENO);
616 for (i = 0; i < n; i++)
617 (void)close(socks[i]);
618 }
619
620 memset((char *)&his_addr, 0, sizeof(his_addr));
621 addrlen = sizeof(his_addr.si_su);
622 if (getpeername(0, (struct sockaddr *)&his_addr.si_su, &addrlen) < 0) {
623 syslog((errno == ENOTCONN) ? LOG_NOTICE : LOG_ERR,
624 "getpeername (%s): %m",argv[0]);
625 exit(1);
626 }
627 his_addr.su_len = addrlen;
628 memset((char *)&ctrl_addr, 0, sizeof(ctrl_addr));
629 addrlen = sizeof(ctrl_addr.si_su);
630 if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) {
631 syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
632 exit(1);
633 }
634 ctrl_addr.su_len = addrlen;
635 #ifdef INET6
636 if (his_addr.su_family == AF_INET6
637 && IN6_IS_ADDR_V4MAPPED(&his_addr.su_6addr)) {
638 #if 1
639 /*
640 * IPv4 control connection arrived to AF_INET6 socket.
641 * I hate to do this, but this is the easiest solution.
642 *
643 * The assumption is untrue on SIIT environment.
644 */
645 struct sockinet tmp_addr;
646 const int off = sizeof(struct in6_addr) - sizeof(struct in_addr);
647
648 tmp_addr = his_addr;
649 memset(&his_addr, 0, sizeof(his_addr));
650 his_addr.su_family = AF_INET;
651 his_addr.su_len = sizeof(his_addr.si_su.su_sin);
652 memcpy(&his_addr.su_addr, &tmp_addr.su_6addr.s6_addr[off],
653 sizeof(his_addr.su_addr));
654 his_addr.su_port = tmp_addr.su_port;
655
656 tmp_addr = ctrl_addr;
657 memset(&ctrl_addr, 0, sizeof(ctrl_addr));
658 ctrl_addr.su_family = AF_INET;
659 ctrl_addr.su_len = sizeof(ctrl_addr.si_su.su_sin);
660 memcpy(&ctrl_addr.su_addr, &tmp_addr.su_6addr.s6_addr[off],
661 sizeof(ctrl_addr.su_addr));
662 ctrl_addr.su_port = tmp_addr.su_port;
663 #else
664 while (fgets(line, sizeof(line), fd) != NULL) {
665 if ((cp = strchr(line, '\n')) != NULL)
666 *cp = '\0';
667 reply(-530, "%s", line);
668 }
669 (void) fflush(stdout);
670 (void) fclose(fd);
671 reply(530,
672 "Connection from IPv4 mapped address is not supported.");
673 exit(0);
674 #endif
675
676 mapped = 1;
677 } else
678 #endif /* INET6 */
679 mapped = 0;
680 #ifdef IP_TOS
681 if (!mapped && his_addr.su_family == AF_INET) {
682 tos = IPTOS_LOWDELAY;
683 if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&tos,
684 sizeof(int)) < 0)
685 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
686 }
687 #endif
688 /* if the hostname hasn't been given, attempt to determine it */
689 if (hostname[0] == '\0') {
690 if (getnameinfo((struct sockaddr *)&ctrl_addr.si_su,
691 ctrl_addr.su_len, hostname, sizeof(hostname), NULL, 0,
692 getnameopts) != 0)
693 (void)gethostname(hostname, sizeof(hostname));
694 hostname[sizeof(hostname) - 1] = '\0';
695 }
696
697 /* set this here so klogin can use it... */
698 (void)snprintf(ttyline, sizeof(ttyline), "ftp%d", getpid());
699
700 (void) freopen(_PATH_DEVNULL, "w", stderr);
701
702 memset(&sa, 0, sizeof(sa));
703 sa.sa_handler = SIG_DFL;
704 sa.sa_flags = SA_RESTART;
705 sigemptyset(&sa.sa_mask);
706 (void) sigaction(SIGCHLD, &sa, NULL);
707
708 sa.sa_handler = sigquit;
709 sa.sa_flags = SA_RESTART;
710 sigfillset(&sa.sa_mask); /* block all sigs in these handlers */
711 (void) sigaction(SIGHUP, &sa, NULL);
712 (void) sigaction(SIGINT, &sa, NULL);
713 (void) sigaction(SIGQUIT, &sa, NULL);
714 (void) sigaction(SIGTERM, &sa, NULL);
715 sa.sa_handler = lostconn;
716 (void) sigaction(SIGPIPE, &sa, NULL);
717 sa.sa_handler = toolong;
718 (void) sigaction(SIGALRM, &sa, NULL);
719 sa.sa_handler = sigurg;
720 (void) sigaction(SIGURG, &sa, NULL);
721
722 /* Try to handle urgent data inline */
723 #ifdef SO_OOBINLINE
724 if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on)) < 0)
725 syslog(LOG_WARNING, "setsockopt: %m");
726 #endif
727 /* Set keepalives on the socket to detect dropped connections. */
728 #ifdef SO_KEEPALIVE
729 keepalive = 1;
730 if (setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&keepalive,
731 sizeof(int)) < 0)
732 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
733 #endif
734
735 #ifdef F_SETOWN
736 if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
737 syslog(LOG_WARNING, "fcntl F_SETOWN: %m");
738 #endif
739 logremotehost(&his_addr);
740 /*
741 * Set up default state
742 */
743 data = -1;
744 type = TYPE_A;
745 form = FORM_N;
746 stru = STRU_F;
747 mode = MODE_S;
748 tmpline[0] = '\0';
749 hasyyerrored = 0;
750
751 #ifdef KERBEROS5
752 kerror = krb5_init_context(&kcontext);
753 if (kerror) {
754 syslog(LOG_ERR, "%s when initializing Kerberos context",
755 error_message(kerror));
756 exit(0);
757 }
758 #endif /* KERBEROS5 */
759
760 init_curclass();
761 curclass.timeout = 300; /* 5 minutes, as per login(1) */
762 curclass.type = CLASS_REAL;
763
764 /* If logins are disabled, print out the message. */
765 if (display_file(_PATH_NOLOGIN, 530)) {
766 reply(530, "System not available.");
767 exit(0);
768 }
769 (void)display_file(conffilename(_NAME_FTPWELCOME), 220);
770 /* reply(220,) must follow */
771 if (EMPTYSTR(version))
772 reply(220, "%s FTP server ready.", hostname);
773 else
774 reply(220, "%s FTP server (%s) ready.", hostname, version);
775
776 if (xferlogname != NULL) {
777 xferlogfd = open(xferlogname, O_WRONLY | O_APPEND | O_CREAT,
778 0660);
779 if (xferlogfd == -1)
780 syslog(LOG_WARNING, "open xferlog `%s': %m",
781 xferlogname);
782 else
783 doxferlog |= 2;
784 }
785
786 ftp_loop();
787 /* NOTREACHED */
788 }
789
790 static void
lostconn(int signo __unused)791 lostconn(int signo __unused)
792 {
793
794 if (ftpd_debug)
795 syslog(LOG_DEBUG, "lost connection");
796 dologout(1);
797 }
798
799 static void
toolong(int signo __unused)800 toolong(int signo __unused)
801 {
802
803 /* XXXSIGRACE */
804 reply(421,
805 "Timeout (" LLF " seconds): closing control connection.",
806 (LLT)curclass.timeout);
807 if (logging)
808 syslog(LOG_INFO, "User %s timed out after " LLF " seconds",
809 (pw ? pw->pw_name : "unknown"), (LLT)curclass.timeout);
810 dologout(1);
811 }
812
813 static void
sigquit(int signo)814 sigquit(int signo)
815 {
816
817 if (ftpd_debug)
818 syslog(LOG_DEBUG, "got signal %d", signo);
819 dologout(1);
820 }
821
822 static void
sigurg(int signo __unused)823 sigurg(int signo __unused)
824 {
825
826 urgflag = 1;
827 }
828
829
830 /*
831 * Save the result of a getpwnam. Used for USER command, since
832 * the data returned must not be clobbered by any other command
833 * (e.g., globbing).
834 */
835 static struct passwd *
sgetpwnam(const char * name)836 sgetpwnam(const char *name)
837 {
838 static struct passwd save;
839 struct passwd *p;
840
841 if ((p = getpwnam(name)) == NULL)
842 return (p);
843 if (save.pw_name) {
844 free((char *)save.pw_name);
845 memset(save.pw_passwd, 0, strlen(save.pw_passwd));
846 free((char *)save.pw_passwd);
847 free((char *)save.pw_gecos);
848 free((char *)save.pw_dir);
849 free((char *)save.pw_shell);
850 }
851 save = *p;
852 save.pw_name = ftpd_strdup(p->pw_name);
853 save.pw_passwd = ftpd_strdup(p->pw_passwd);
854 save.pw_gecos = ftpd_strdup(p->pw_gecos);
855 save.pw_dir = ftpd_strdup(p->pw_dir);
856 save.pw_shell = ftpd_strdup(p->pw_shell);
857 return (&save);
858 }
859
860 static int login_attempts; /* number of failed login attempts */
861 static int askpasswd; /* had USER command, ask for PASSwd */
862 static int permitted; /* USER permitted */
863
864 /*
865 * USER command.
866 * Sets global passwd pointer pw if named account exists and is acceptable;
867 * sets askpasswd if a PASS command is expected. If logged in previously,
868 * need to reset state. If name is "ftp" or "anonymous", the name is not in
869 * _NAME_FTPUSERS, and ftp account exists, set guest and pw, then just return.
870 * If account doesn't exist, ask for passwd anyway. Otherwise, check user
871 * requesting login privileges. Disallow anyone who does not have a standard
872 * shell as returned by getusershell(). Disallow anyone mentioned in the file
873 * _NAME_FTPUSERS to allow people such as root and uucp to be avoided.
874 */
875 void
user(const char * name)876 user(const char *name)
877 {
878 char *class;
879 #ifdef LOGIN_CAP
880 login_cap_t *lc = NULL;
881 #endif
882 #ifdef USE_PAM
883 int e;
884 #endif
885
886 class = NULL;
887 if (logged_in) {
888 switch (curclass.type) {
889 case CLASS_GUEST:
890 reply(530, "Can't change user from guest login.");
891 return;
892 case CLASS_CHROOT:
893 reply(530, "Can't change user from chroot user.");
894 return;
895 case CLASS_REAL:
896 if (dropprivs) {
897 reply(530, "Can't change user.");
898 return;
899 }
900 end_login();
901 break;
902 default:
903 abort();
904 }
905 }
906
907 #if defined(KERBEROS)
908 kdestroy();
909 #endif
910 #if defined(KERBEROS5)
911 k5destroy();
912 #endif
913
914 curclass.type = CLASS_REAL;
915 askpasswd = 0;
916 permitted = 0;
917
918 if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
919 /* need `pw' setup for checkaccess() and checkuser () */
920 if ((pw = sgetpwnam("ftp")) == NULL)
921 reply(530, "User %s unknown.", name);
922 else if (! checkaccess("ftp") || ! checkaccess("anonymous"))
923 reply(530, "User %s access denied.", name);
924 else {
925 curclass.type = CLASS_GUEST;
926 askpasswd = 1;
927 reply(331,
928 "Guest login ok, type your name as password.");
929 }
930 if (!askpasswd) {
931 if (logging)
932 syslog(LOG_NOTICE,
933 "ANONYMOUS FTP LOGIN REFUSED FROM %s",
934 remoteloghost);
935 end_login();
936 goto cleanup_user;
937 }
938 name = "ftp";
939 } else
940 pw = sgetpwnam(name);
941
942 strlcpy(curname, name, curname_len);
943
944 /* check user in /etc/ftpusers, and setup class */
945 permitted = checkuser(_NAME_FTPUSERS, curname, 1, 0, &class);
946
947 /* check user in /etc/ftpchroot */
948 #ifdef LOGIN_CAP
949 lc = login_getpwclass(pw);
950 #endif
951 if (checkuser(_NAME_FTPCHROOT, curname, 0, 0, NULL)
952 #ifdef LOGIN_CAP /* Allow login.conf configuration as well */
953 || login_getcapbool(lc, "ftp-chroot", 0)
954 #endif
955 ) {
956 if (curclass.type == CLASS_GUEST) {
957 syslog(LOG_NOTICE,
958 "Can't change guest user to chroot class; remove entry in %s",
959 _NAME_FTPCHROOT);
960 exit(1);
961 }
962 curclass.type = CLASS_CHROOT;
963 }
964
965 /* determine default class */
966 if (class == NULL) {
967 switch (curclass.type) {
968 case CLASS_GUEST:
969 class = ftpd_strdup("guest");
970 break;
971 case CLASS_CHROOT:
972 class = ftpd_strdup("chroot");
973 break;
974 case CLASS_REAL:
975 class = ftpd_strdup("real");
976 break;
977 default:
978 syslog(LOG_ERR, "unknown curclass.type %d; aborting",
979 curclass.type);
980 abort();
981 }
982 }
983 /* parse ftpd.conf, setting up various parameters */
984 parse_conf(class);
985 /* if not guest user, check for valid shell */
986 if (pw == NULL)
987 permitted = 0;
988 else {
989 const char *cp, *shell;
990
991 if ((shell = pw->pw_shell) == NULL || *shell == 0)
992 shell = _PATH_BSHELL;
993 while ((cp = getusershell()) != NULL)
994 if (strcmp(cp, shell) == 0)
995 break;
996 endusershell();
997 if (cp == NULL && curclass.type != CLASS_GUEST)
998 permitted = 0;
999 }
1000
1001 /* deny quickly (after USER not PASS) if requested */
1002 if (CURCLASS_FLAGS_ISSET(denyquick) && !permitted) {
1003 reply(530, "User %s may not use FTP.", curname);
1004 if (logging)
1005 syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",
1006 remoteloghost, curname);
1007 end_login();
1008 goto cleanup_user;
1009 }
1010
1011 /* if haven't asked yet (i.e, not anon), ask now */
1012 if (!askpasswd) {
1013 askpasswd = 1;
1014 #ifdef USE_PAM
1015 e = auth_pam(); /* this does reply(331, ...) */
1016 do_pass(1, e, "");
1017 goto cleanup_user;
1018 #else /* !USE_PAM */
1019 #ifdef SKEY
1020 if (skey_haskey(curname) == 0) {
1021 const char *myskey;
1022
1023 myskey = skey_keyinfo(curname);
1024 reply(331, "Password [ %s ] required for %s.",
1025 myskey ? myskey : "error getting challenge",
1026 curname);
1027 } else
1028 #endif
1029 reply(331, "Password required for %s.", curname);
1030 #endif /* !USE_PAM */
1031 }
1032
1033 cleanup_user:
1034 #ifdef LOGIN_CAP
1035 login_close(lc);
1036 #endif
1037 /*
1038 * Delay before reading passwd after first failed
1039 * attempt to slow down passwd-guessing programs.
1040 */
1041 if (login_attempts)
1042 sleep((unsigned) login_attempts);
1043
1044 if (class)
1045 free(class);
1046 }
1047
1048 /*
1049 * Determine whether something is to happen (allow access, chroot)
1050 * for a user. Each line is a shell-style glob followed by
1051 * `yes' or `no'.
1052 *
1053 * For backward compatibility, `allow' and `deny' are synonymns
1054 * for `yes' and `no', respectively.
1055 *
1056 * Each glob is matched against the username in turn, and the first
1057 * match found is used. If no match is found, the result is the
1058 * argument `def'. If a match is found but without and explicit
1059 * `yes'/`no', the result is the opposite of def.
1060 *
1061 * If the file doesn't exist at all, the result is the argument
1062 * `nofile'
1063 *
1064 * Any line starting with `#' is considered a comment and ignored.
1065 *
1066 * Returns 0 if the user is denied, or 1 if they are allowed.
1067 *
1068 * NOTE: needs struct passwd *pw setup before use.
1069 */
1070 static int
checkuser(const char * fname,const char * name,int def,int nofile,char ** retclass)1071 checkuser(const char *fname, const char *name, int def, int nofile,
1072 char **retclass)
1073 {
1074 FILE *fd;
1075 int retval;
1076 char *word, *perm, *class, *buf, *p;
1077 size_t len, line;
1078
1079 retval = def;
1080 if (retclass != NULL)
1081 *retclass = NULL;
1082 if ((fd = fopen(conffilename(fname), "r")) == NULL)
1083 return nofile;
1084
1085 line = 0;
1086 for (;
1087 (buf = fparseln(fd, &len, &line, NULL, FPARSELN_UNESCCOMM |
1088 FPARSELN_UNESCCONT | FPARSELN_UNESCESC)) != NULL;
1089 free(buf), buf = NULL) {
1090 word = perm = class = NULL;
1091 p = buf;
1092 if (len < 1)
1093 continue;
1094 if (p[len - 1] == '\n')
1095 p[--len] = '\0';
1096 if (EMPTYSTR(p))
1097 continue;
1098
1099 NEXTWORD(p, word);
1100 NEXTWORD(p, perm);
1101 NEXTWORD(p, class);
1102 if (EMPTYSTR(word))
1103 continue;
1104 if (!EMPTYSTR(class)) {
1105 if (strcasecmp(class, "all") == 0 ||
1106 strcasecmp(class, "none") == 0) {
1107 syslog(LOG_WARNING,
1108 "%s line %d: illegal user-defined class `%s' - skipping entry",
1109 fname, (int)line, class);
1110 continue;
1111 }
1112 }
1113
1114 /* have a host specifier */
1115 if ((p = strchr(word, '@')) != NULL) {
1116 unsigned char net[16], mask[16], *addr;
1117 int addrlen, bits, bytes, a;
1118
1119 *p++ = '\0';
1120 /* check against network or CIDR */
1121 memset(net, 0x00, sizeof(net));
1122 if ((bits = inet_net_pton(his_addr.su_family, p, net,
1123 sizeof(net))) != -1) {
1124 #ifdef INET6
1125 if (his_addr.su_family == AF_INET) {
1126 #endif
1127 addrlen = 4;
1128 addr = (unsigned char *)&his_addr.su_addr;
1129 #ifdef INET6
1130 } else {
1131 addrlen = 16;
1132 addr = (unsigned char *)&his_addr.su_6addr;
1133 }
1134 #endif
1135 bytes = bits / 8;
1136 bits = bits % 8;
1137 if (bytes > 0)
1138 memset(mask, 0xFF, bytes);
1139 if (bytes < addrlen)
1140 mask[bytes] = 0xFF << (8 - bits);
1141 if (bytes + 1 < addrlen)
1142 memset(mask + bytes + 1, 0x00,
1143 addrlen - bytes - 1);
1144 for (a = 0; a < addrlen; a++)
1145 if ((addr[a] & mask[a]) != net[a])
1146 break;
1147 if (a < addrlen)
1148 continue;
1149
1150 /* check against hostname glob */
1151 } else if (fnmatch(p, remotehost, FNM_CASEFOLD) != 0)
1152 continue;
1153 }
1154
1155 /* have a group specifier */
1156 if ((p = strchr(word, ':')) != NULL) {
1157 gid_t *groups, *ng;
1158 int gsize, i, found;
1159
1160 if (pw == NULL)
1161 continue; /* no match for unknown user */
1162 *p++ = '\0';
1163 groups = NULL;
1164 gsize = 16;
1165 do {
1166 ng = realloc(groups, gsize * sizeof(gid_t));
1167 if (ng == NULL)
1168 fatal(
1169 "Local resource failure: realloc");
1170 groups = ng;
1171 } while (getgrouplist(pw->pw_name, pw->pw_gid,
1172 groups, &gsize) == -1);
1173 found = 0;
1174 for (i = 0; i < gsize; i++) {
1175 struct group *g;
1176
1177 if ((g = getgrgid(groups[i])) == NULL)
1178 continue;
1179 if (fnmatch(p, g->gr_name, 0) == 0) {
1180 found = 1;
1181 break;
1182 }
1183 }
1184 free(groups);
1185 if (!found)
1186 continue;
1187 }
1188
1189 /* check against username glob */
1190 if (fnmatch(word, name, 0) != 0)
1191 continue;
1192
1193 if (perm != NULL &&
1194 ((strcasecmp(perm, "allow") == 0) ||
1195 (strcasecmp(perm, "yes") == 0)))
1196 retval = 1;
1197 else if (perm != NULL &&
1198 ((strcasecmp(perm, "deny") == 0) ||
1199 (strcasecmp(perm, "no") == 0)))
1200 retval = 0;
1201 else
1202 retval = !def;
1203 if (!EMPTYSTR(class) && retclass != NULL)
1204 *retclass = ftpd_strdup(class);
1205 free(buf);
1206 break;
1207 }
1208 (void) fclose(fd);
1209 return (retval);
1210 }
1211
1212 /*
1213 * Check if user is allowed by /etc/ftpusers
1214 * returns 1 for yes, 0 for no
1215 *
1216 * NOTE: needs struct passwd *pw setup (for checkuser())
1217 */
1218 static int
checkaccess(const char * name)1219 checkaccess(const char *name)
1220 {
1221
1222 return (checkuser(_NAME_FTPUSERS, name, 1, 0, NULL));
1223 }
1224
1225 static void
login_utmp(const char * line,const char * name,const char * host,struct sockinet * haddr)1226 login_utmp(const char *line, const char *name, const char *host,
1227 struct sockinet *haddr)
1228 {
1229 #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
1230 struct timeval tv;
1231 (void)gettimeofday(&tv, NULL);
1232 #endif
1233 #ifdef SUPPORT_UTMPX
1234 if (doutmp) {
1235 (void)memset(&utmpx, 0, sizeof(utmpx));
1236 utmpx.ut_tv = tv;
1237 utmpx.ut_pid = getpid();
1238 utmpx.ut_id[0] = 'f';
1239 utmpx.ut_id[1] = 't';
1240 utmpx.ut_id[2] = 'p';
1241 utmpx.ut_id[3] = '*';
1242 utmpx.ut_type = USER_PROCESS;
1243 (void)strncpy(utmpx.ut_name, name, sizeof(utmpx.ut_name));
1244 (void)strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line));
1245 (void)strncpy(utmpx.ut_host, host, sizeof(utmpx.ut_host));
1246 (void)memcpy(&utmpx.ut_ss, &haddr->si_su, haddr->su_len);
1247 ftpd_loginx(&utmpx);
1248 }
1249 if (dowtmp)
1250 ftpd_logwtmpx(line, name, host, haddr, 0, USER_PROCESS);
1251 #endif
1252 #ifdef SUPPORT_UTMP
1253 if (doutmp) {
1254 (void)memset(&utmp, 0, sizeof(utmp));
1255 (void)time(&utmp.ut_time);
1256 (void)strncpy(utmp.ut_name, name, sizeof(utmp.ut_name));
1257 (void)strncpy(utmp.ut_line, line, sizeof(utmp.ut_line));
1258 (void)strncpy(utmp.ut_host, host, sizeof(utmp.ut_host));
1259 ftpd_login(&utmp);
1260 }
1261 if (dowtmp)
1262 ftpd_logwtmp(line, name, host);
1263 #endif
1264 }
1265
1266 static void
logout_utmp(void)1267 logout_utmp(void)
1268 {
1269 #ifdef SUPPORT_UTMPX
1270 int okwtmpx = dowtmp;
1271 #endif
1272 #ifdef SUPPORT_UTMP
1273 int okwtmp = dowtmp;
1274 #endif
1275 if (logged_in) {
1276 #ifdef SUPPORT_UTMPX
1277 if (doutmp)
1278 okwtmpx &= ftpd_logoutx(ttyline, 0, DEAD_PROCESS);
1279 if (okwtmpx)
1280 ftpd_logwtmpx(ttyline, "", "", NULL, 0, DEAD_PROCESS);
1281 #endif
1282 #ifdef SUPPORT_UTMP
1283 if (doutmp)
1284 okwtmp &= ftpd_logout(ttyline);
1285 if (okwtmp)
1286 ftpd_logwtmp(ttyline, "", "");
1287 #endif
1288 }
1289 }
1290
1291 /*
1292 * Terminate login as previous user (if any), resetting state;
1293 * used when USER command is given or login fails.
1294 */
1295 static void
end_login(void)1296 end_login(void)
1297 {
1298 #ifdef USE_PAM
1299 int e;
1300 #endif
1301 logout_utmp();
1302 show_chdir_messages(-1); /* flush chdir cache */
1303 if (pw != NULL && pw->pw_passwd != NULL)
1304 memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
1305 pw = NULL;
1306 logged_in = 0;
1307 askpasswd = 0;
1308 permitted = 0;
1309 quietmessages = 0;
1310 gidcount = 0;
1311 curclass.type = CLASS_REAL;
1312 (void) seteuid((uid_t)0);
1313 #ifdef LOGIN_CAP
1314 setusercontext(NULL, getpwuid(0), 0,
1315 LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
1316 #endif
1317 #ifdef USE_PAM
1318 if (pamh) {
1319 if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
1320 syslog(LOG_ERR, "pam_setcred: %s",
1321 pam_strerror(pamh, e));
1322 if ((e = pam_close_session(pamh,0)) != PAM_SUCCESS)
1323 syslog(LOG_ERR, "pam_close_session: %s",
1324 pam_strerror(pamh, e));
1325 if ((e = pam_end(pamh, e)) != PAM_SUCCESS)
1326 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
1327 pamh = NULL;
1328 }
1329 #endif
1330 }
1331
1332 void
pass(const char * passwd)1333 pass(const char *passwd)
1334 {
1335 do_pass(0, 0, passwd);
1336 }
1337
1338 /*
1339 * Perform the passwd confirmation and login.
1340 *
1341 * If pass_checked is zero, confirm passwd is correct, & ignore pass_rval.
1342 * This is the traditional PASS implementation.
1343 *
1344 * If pass_checked is non-zero, use pass_rval and ignore passwd.
1345 * This is used by auth_pam() which has already parsed PASS.
1346 * This only applies to curclass.type != CLASS_GUEST.
1347 */
1348 static void
do_pass(int pass_checked,int pass_rval,const char * passwd)1349 do_pass(int pass_checked, int pass_rval, const char *passwd)
1350 {
1351 int rval;
1352 char root[MAXPATHLEN];
1353 #ifdef LOGIN_CAP
1354 login_cap_t *lc = NULL;
1355 #endif
1356 #ifdef USE_PAM
1357 int e;
1358 #endif
1359
1360 rval = 1;
1361
1362 if (logged_in || askpasswd == 0) {
1363 reply(503, "Login with USER first.");
1364 return;
1365 }
1366 askpasswd = 0;
1367 if (curclass.type != CLASS_GUEST) {
1368 /* "ftp" is the only account allowed with no password */
1369 if (pw == NULL) {
1370 rval = 1; /* failure below */
1371 goto skip;
1372 }
1373 if (pass_checked) { /* password validated in user() */
1374 rval = pass_rval;
1375 goto skip;
1376 }
1377 #ifdef USE_PAM
1378 syslog(LOG_ERR, "do_pass: USE_PAM shouldn't get here");
1379 rval = 1;
1380 goto skip;
1381 #endif
1382 #if defined(KERBEROS)
1383 if (klogin(pw, "", hostname, (char *)passwd) == 0) {
1384 rval = 0;
1385 goto skip;
1386 }
1387 #endif
1388 #if defined(KERBEROS5)
1389 if (k5login(pw, "", hostname, (char *)passwd) == 0) {
1390 rval = 0;
1391 goto skip;
1392 }
1393 #endif
1394 #ifdef SKEY
1395 if (skey_haskey(pw->pw_name) == 0) {
1396 char *p;
1397 int r;
1398
1399 p = ftpd_strdup(passwd);
1400 r = skey_passcheck(pw->pw_name, p);
1401 free(p);
1402 if (r != -1) {
1403 rval = 0;
1404 goto skip;
1405 }
1406 }
1407 #endif
1408 if (!sflag)
1409 rval = checkpassword(pw, passwd);
1410 else
1411 rval = 1;
1412
1413 skip:
1414
1415 /*
1416 * If rval > 0, the user failed the authentication check
1417 * above. If rval == 0, either Kerberos or local
1418 * authentication succeeded.
1419 */
1420 if (rval) {
1421 reply(530, "%s", rval == 2 ? "Password expired." :
1422 "Login incorrect.");
1423 pfilter_notify(1, rval == 2 ? "exppass" : "badpass");
1424 if (logging) {
1425 syslog(LOG_NOTICE,
1426 "FTP LOGIN FAILED FROM %s", remoteloghost);
1427 syslog(LOG_AUTHPRIV | LOG_NOTICE,
1428 "FTP LOGIN FAILED FROM %s, %s",
1429 remoteloghost, curname);
1430 }
1431 pw = NULL;
1432 if (login_attempts++ >= 5) {
1433 syslog(LOG_NOTICE,
1434 "repeated login failures from %s",
1435 remoteloghost);
1436 exit(0);
1437 }
1438 return;
1439 }
1440 }
1441
1442 /* password ok; check if anything else prevents login */
1443 if (! permitted) {
1444 reply(530, "User %s may not use FTP.", pw->pw_name);
1445 if (logging)
1446 syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s",
1447 remoteloghost, pw->pw_name);
1448 goto bad;
1449 }
1450
1451 login_attempts = 0; /* this time successful */
1452 if (setegid((gid_t)pw->pw_gid) < 0) {
1453 reply(550, "Can't set gid.");
1454 goto bad;
1455 }
1456 #ifdef LOGIN_CAP
1457 if ((lc = login_getpwclass(pw)) != NULL) {
1458 #ifdef notyet
1459 char remote_ip[NI_MAXHOST];
1460
1461 if (getnameinfo((struct sockaddr *)&his_addr, his_addr.su_len,
1462 remote_ip, sizeof(remote_ip) - 1, NULL, 0,
1463 NI_NUMERICHOST))
1464 *remote_ip = 0;
1465 remote_ip[sizeof(remote_ip) - 1] = 0;
1466 if (!auth_hostok(lc, remotehost, remote_ip)) {
1467 pfilter_notify(1, "bannedhost");
1468 syslog(LOG_INFO|LOG_AUTH,
1469 "FTP LOGIN FAILED (HOST) as %s: permission denied.",
1470 pw->pw_name);
1471 reply(530, "Permission denied.");
1472 pw = NULL;
1473 return;
1474 }
1475 if (!auth_timeok(lc, time(NULL))) {
1476 reply(530, "Login not available right now.");
1477 pw = NULL;
1478 return;
1479 }
1480 #endif
1481 }
1482 setsid();
1483 setusercontext(lc, pw, 0,
1484 LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
1485 LOGIN_SETRESOURCES|LOGIN_SETUMASK);
1486 #else
1487 (void) initgroups(pw->pw_name, pw->pw_gid);
1488 /* cache groups for cmds.c::matchgroup() */
1489 #endif
1490 #ifdef USE_PAM
1491 if (pamh) {
1492 if ((e = pam_open_session(pamh, 0)) != PAM_SUCCESS) {
1493 syslog(LOG_ERR, "pam_open_session: %s",
1494 pam_strerror(pamh, e));
1495 } else if ((e = pam_setcred(pamh, PAM_ESTABLISH_CRED))
1496 != PAM_SUCCESS) {
1497 syslog(LOG_ERR, "pam_setcred: %s",
1498 pam_strerror(pamh, e));
1499 }
1500 }
1501 #endif
1502 gidcount = getgroups(0, NULL);
1503 if (gidlist)
1504 free(gidlist);
1505 gidlist = malloc(gidcount * sizeof *gidlist);
1506 gidcount = getgroups(gidcount, gidlist);
1507
1508 /* open utmp/wtmp before chroot */
1509 login_utmp(ttyline, pw->pw_name, remotehost, &his_addr);
1510
1511 logged_in = 1;
1512
1513 connections = 1;
1514 if (dopidfile)
1515 count_users();
1516 if (curclass.limit != -1 && connections > curclass.limit) {
1517 if (! EMPTYSTR(curclass.limitfile))
1518 (void)display_file(conffilename(curclass.limitfile),
1519 530);
1520 reply(530,
1521 "User %s access denied, connection limit of " LLF
1522 " reached.",
1523 pw->pw_name, (LLT)curclass.limit);
1524 syslog(LOG_NOTICE,
1525 "Maximum connection limit of " LLF
1526 " for class %s reached, login refused for %s",
1527 (LLT)curclass.limit, curclass.classname, pw->pw_name);
1528 goto bad;
1529 }
1530
1531 homedir[0] = '/';
1532 switch (curclass.type) {
1533 case CLASS_GUEST:
1534 /*
1535 * We MUST do a chdir() after the chroot. Otherwise
1536 * the old current directory will be accessible as "."
1537 * outside the new root!
1538 */
1539 format_path(root,
1540 curclass.chroot ? curclass.chroot :
1541 anondir ? anondir :
1542 pw->pw_dir);
1543 format_path(homedir,
1544 curclass.homedir ? curclass.homedir :
1545 "/");
1546 if (EMPTYSTR(homedir))
1547 homedir[0] = '/';
1548 if (EMPTYSTR(root) || chroot(root) < 0) {
1549 syslog(LOG_NOTICE,
1550 "GUEST user %s: can't chroot to %s: %m",
1551 pw->pw_name, root);
1552 goto bad_guest;
1553 }
1554 if (chdir(homedir) < 0) {
1555 syslog(LOG_NOTICE,
1556 "GUEST user %s: can't chdir to %s: %m",
1557 pw->pw_name, homedir);
1558 bad_guest:
1559 reply(550, "Can't set guest privileges.");
1560 goto bad;
1561 }
1562 break;
1563 case CLASS_CHROOT:
1564 format_path(root,
1565 curclass.chroot ? curclass.chroot :
1566 pw->pw_dir);
1567 format_path(homedir,
1568 curclass.homedir ? curclass.homedir :
1569 "/");
1570 if (EMPTYSTR(homedir))
1571 homedir[0] = '/';
1572 if (EMPTYSTR(root) || chroot(root) < 0) {
1573 syslog(LOG_NOTICE,
1574 "CHROOT user %s: can't chroot to %s: %m",
1575 pw->pw_name, root);
1576 goto bad_chroot;
1577 }
1578 if (chdir(homedir) < 0) {
1579 syslog(LOG_NOTICE,
1580 "CHROOT user %s: can't chdir to %s: %m",
1581 pw->pw_name, homedir);
1582 bad_chroot:
1583 reply(550, "Can't change root.");
1584 goto bad;
1585 }
1586 break;
1587 case CLASS_REAL:
1588 /* only chroot REAL if explicitly requested */
1589 if (! EMPTYSTR(curclass.chroot)) {
1590 format_path(root, curclass.chroot);
1591 if (EMPTYSTR(root) || chroot(root) < 0) {
1592 syslog(LOG_NOTICE,
1593 "REAL user %s: can't chroot to %s: %m",
1594 pw->pw_name, root);
1595 goto bad_chroot;
1596 }
1597 }
1598 format_path(homedir,
1599 curclass.homedir ? curclass.homedir :
1600 pw->pw_dir);
1601 if (EMPTYSTR(homedir) || chdir(homedir) < 0) {
1602 if (chdir("/") < 0) {
1603 syslog(LOG_NOTICE,
1604 "REAL user %s: can't chdir to %s: %m",
1605 pw->pw_name,
1606 !EMPTYSTR(homedir) ? homedir : "/");
1607 reply(530,
1608 "User %s: can't change directory to %s.",
1609 pw->pw_name,
1610 !EMPTYSTR(homedir) ? homedir : "/");
1611 goto bad;
1612 } else {
1613 reply(-230,
1614 "No directory! Logging in with home=/");
1615 homedir[0] = '/';
1616 }
1617 }
1618 break;
1619 }
1620 #ifndef LOGIN_CAP
1621 setsid();
1622 #if !defined(__minix)
1623 setlogin(pw->pw_name);
1624 #endif /* !defined(__minix) */
1625 #endif
1626 if (dropprivs ||
1627 (curclass.type != CLASS_REAL &&
1628 ntohs(ctrl_addr.su_port) > IPPORT_RESERVED + 1)) {
1629 dropprivs++;
1630 if (setgid((gid_t)pw->pw_gid) < 0) {
1631 reply(550, "Can't set gid.");
1632 goto bad;
1633 }
1634 if (setuid((uid_t)pw->pw_uid) < 0) {
1635 reply(550, "Can't set uid.");
1636 goto bad;
1637 }
1638 } else {
1639 if (seteuid((uid_t)pw->pw_uid) < 0) {
1640 reply(550, "Can't set uid.");
1641 goto bad;
1642 }
1643 }
1644 setenv("HOME", homedir, 1);
1645
1646 if (curclass.type == CLASS_GUEST && passwd[0] == '-')
1647 quietmessages = 1;
1648
1649 /*
1650 * Display a login message, if it exists.
1651 * N.B. reply(230,) must follow the message.
1652 */
1653 if (! EMPTYSTR(curclass.motd))
1654 (void)display_file(conffilename(curclass.motd), 230);
1655 show_chdir_messages(230);
1656 if (curclass.type == CLASS_GUEST) {
1657 char *p;
1658
1659 reply(230, "Guest login ok, access restrictions apply.");
1660 #if defined(HAVE_SETPROCTITLE)
1661 snprintf(proctitle, sizeof(proctitle),
1662 "%s: anonymous/%s", remotehost, passwd);
1663 setproctitle("%s", proctitle);
1664 #endif /* defined(HAVE_SETPROCTITLE) */
1665 if (logging)
1666 syslog(LOG_INFO,
1667 "ANONYMOUS FTP LOGIN FROM %s, %s (class: %s, type: %s)",
1668 remoteloghost, passwd,
1669 curclass.classname, CURCLASSTYPE);
1670 /* store guest password reply into pw_passwd */
1671 REASSIGN(pw->pw_passwd, ftpd_strdup(passwd));
1672 for (p = pw->pw_passwd; *p; p++)
1673 if (!isgraph((unsigned char)*p))
1674 *p = '_';
1675 } else {
1676 reply(230, "User %s logged in.", pw->pw_name);
1677 #if defined(HAVE_SETPROCTITLE)
1678 snprintf(proctitle, sizeof(proctitle),
1679 "%s: %s", remotehost, pw->pw_name);
1680 setproctitle("%s", proctitle);
1681 #endif /* defined(HAVE_SETPROCTITLE) */
1682 if (logging)
1683 syslog(LOG_INFO,
1684 "FTP LOGIN FROM %s as %s (class: %s, type: %s)",
1685 remoteloghost, pw->pw_name,
1686 curclass.classname, CURCLASSTYPE);
1687 }
1688 (void) umask(curclass.umask);
1689 #ifdef LOGIN_CAP
1690 login_close(lc);
1691 #endif
1692 return;
1693
1694 bad:
1695 #ifdef LOGIN_CAP
1696 login_close(lc);
1697 #endif
1698 /* Forget all about it... */
1699 end_login();
1700 }
1701
1702 void
retrieve(const char * argv[],const char * name)1703 retrieve(const char *argv[], const char *name)
1704 {
1705 FILE *fin, *dout;
1706 struct stat st;
1707 int (*closefunc)(FILE *) = NULL;
1708 int dolog, sendrv, closerv, stderrfd, isconversion, isdata, isls;
1709 struct timeval start, finish, td, *tdp;
1710 struct rusage rusage_before, rusage_after;
1711 const char *dispname;
1712 const char *error;
1713
1714 sendrv = closerv = stderrfd = -1;
1715 isconversion = isdata = isls = dolog = 0;
1716 tdp = NULL;
1717 dispname = name;
1718 fin = dout = NULL;
1719 error = NULL;
1720 if (argv == NULL) { /* if not running a command ... */
1721 dolog = 1;
1722 isdata = 1;
1723 fin = fopen(name, "r");
1724 closefunc = fclose;
1725 if (fin == NULL) /* doesn't exist?; try a conversion */
1726 argv = do_conversion(name);
1727 if (argv != NULL) {
1728 isconversion++;
1729 syslog(LOG_DEBUG, "get command: '%s' on '%s'",
1730 argv[0], name);
1731 }
1732 }
1733 if (argv != NULL) {
1734 char temp[MAXPATHLEN];
1735
1736 if (strcmp(argv[0], INTERNAL_LS) == 0) {
1737 isls = 1;
1738 stderrfd = -1;
1739 } else {
1740 (void)snprintf(temp, sizeof(temp), "%s", TMPFILE);
1741 stderrfd = mkstemp(temp);
1742 if (stderrfd != -1)
1743 (void)unlink(temp);
1744 }
1745 dispname = argv[0];
1746 fin = ftpd_popen(argv, "r", stderrfd);
1747 closefunc = ftpd_pclose;
1748 st.st_size = -1;
1749 st.st_blksize = BUFSIZ;
1750 }
1751 if (fin == NULL) {
1752 if (errno != 0) {
1753 perror_reply(550, dispname);
1754 if (dolog)
1755 logxfer("get", -1, name, NULL, NULL,
1756 strerror(errno));
1757 }
1758 goto cleanupretrieve;
1759 }
1760 byte_count = -1;
1761 if (argv == NULL
1762 && (fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode))) {
1763 error = "Not a plain file";
1764 reply(550, "%s: %s.", dispname, error);
1765 goto done;
1766 }
1767 if (restart_point) {
1768 if (type == TYPE_A) {
1769 off_t i;
1770 int c;
1771
1772 for (i = 0; i < restart_point; i++) {
1773 if ((c=getc(fin)) == EOF) {
1774 error = strerror(errno);
1775 perror_reply(550, dispname);
1776 goto done;
1777 }
1778 if (c == '\n')
1779 i++;
1780 }
1781 } else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
1782 error = strerror(errno);
1783 perror_reply(550, dispname);
1784 goto done;
1785 }
1786 }
1787 dout = dataconn(dispname, st.st_size, "w");
1788 if (dout == NULL)
1789 goto done;
1790
1791 (void)getrusage(RUSAGE_SELF, &rusage_before);
1792 (void)gettimeofday(&start, NULL);
1793 sendrv = send_data(fin, dout, &st, isdata);
1794 (void)gettimeofday(&finish, NULL);
1795 (void)getrusage(RUSAGE_SELF, &rusage_after);
1796 closedataconn(dout); /* close now to affect timing stats */
1797 timersub(&finish, &start, &td);
1798 tdp = &td;
1799 done:
1800 if (dolog) {
1801 logxfer("get", byte_count, name, NULL, tdp, error);
1802 if (tdp != NULL)
1803 logrusage(&rusage_before, &rusage_after);
1804 }
1805 closerv = (*closefunc)(fin);
1806 if (sendrv == 0) {
1807 FILE *errf;
1808 struct stat sb;
1809
1810 if (!isls && argv != NULL && closerv != 0) {
1811 reply(-226,
1812 "Command returned an exit status of %d",
1813 closerv);
1814 if (isconversion)
1815 syslog(LOG_WARNING,
1816 "retrieve command: '%s' returned %d",
1817 argv[0], closerv);
1818 }
1819 if (!isls && argv != NULL && stderrfd != -1 &&
1820 (fstat(stderrfd, &sb) == 0) && sb.st_size > 0 &&
1821 ((errf = fdopen(stderrfd, "r")) != NULL)) {
1822 char *cp, line[LINE_MAX];
1823
1824 reply(-226, "Command error messages:");
1825 rewind(errf);
1826 while (fgets(line, sizeof(line), errf) != NULL) {
1827 if ((cp = strchr(line, '\n')) != NULL)
1828 *cp = '\0';
1829 reply(0, " %s", line);
1830 }
1831 (void) fflush(stdout);
1832 (void) fclose(errf);
1833 /* a reply(226,) must follow */
1834 }
1835 reply(226, "Transfer complete.");
1836 }
1837 cleanupretrieve:
1838 if (stderrfd != -1)
1839 (void)close(stderrfd);
1840 if (isconversion)
1841 free(argv);
1842 }
1843
1844 void
store(const char * name,const char * fmode,int unique)1845 store(const char *name, const char *fmode, int unique)
1846 {
1847 FILE *fout, *din;
1848 struct stat st;
1849 int (*closefunc)(FILE *);
1850 struct timeval start, finish, td, *tdp;
1851 const char *desc, *error;
1852
1853 din = NULL;
1854 desc = (*fmode == 'w') ? "put" : "append";
1855 error = NULL;
1856 if (unique && stat(name, &st) == 0 &&
1857 (name = gunique(name)) == NULL) {
1858 logxfer(desc, -1, name, NULL, NULL,
1859 "cannot create unique file");
1860 goto cleanupstore;
1861 }
1862
1863 if (restart_point)
1864 fmode = "r+";
1865 fout = fopen(name, fmode);
1866 closefunc = fclose;
1867 tdp = NULL;
1868 if (fout == NULL) {
1869 perror_reply(553, name);
1870 logxfer(desc, -1, name, NULL, NULL, strerror(errno));
1871 goto cleanupstore;
1872 }
1873 byte_count = -1;
1874 if (restart_point) {
1875 if (type == TYPE_A) {
1876 off_t i;
1877 int c;
1878
1879 for (i = 0; i < restart_point; i++) {
1880 if ((c=getc(fout)) == EOF) {
1881 error = strerror(errno);
1882 perror_reply(550, name);
1883 goto done;
1884 }
1885 if (c == '\n')
1886 i++;
1887 }
1888 /*
1889 * We must do this seek to "current" position
1890 * because we are changing from reading to
1891 * writing.
1892 */
1893 if (fseek(fout, 0L, SEEK_CUR) < 0) {
1894 error = strerror(errno);
1895 perror_reply(550, name);
1896 goto done;
1897 }
1898 } else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
1899 error = strerror(errno);
1900 perror_reply(550, name);
1901 goto done;
1902 }
1903 }
1904 din = dataconn(name, (off_t)-1, "r");
1905 if (din == NULL)
1906 goto done;
1907 (void)gettimeofday(&start, NULL);
1908 if (receive_data(din, fout) == 0) {
1909 if (unique)
1910 reply(226, "Transfer complete (unique file name:%s).",
1911 name);
1912 else
1913 reply(226, "Transfer complete.");
1914 }
1915 (void)gettimeofday(&finish, NULL);
1916 closedataconn(din); /* close now to affect timing stats */
1917 timersub(&finish, &start, &td);
1918 tdp = &td;
1919 done:
1920 logxfer(desc, byte_count, name, NULL, tdp, error);
1921 (*closefunc)(fout);
1922 cleanupstore:
1923 ;
1924 }
1925
1926 static FILE *
getdatasock(const char * fmode)1927 getdatasock(const char *fmode)
1928 {
1929 int on, s, t, tries;
1930 in_port_t port;
1931
1932 on = 1;
1933 if (data >= 0)
1934 return (fdopen(data, fmode));
1935 if (! dropprivs)
1936 (void) seteuid((uid_t)0);
1937 s = socket(ctrl_addr.su_family, SOCK_STREAM, 0);
1938 if (s < 0)
1939 goto bad;
1940 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
1941 (char *) &on, sizeof(on)) < 0)
1942 goto bad;
1943 if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
1944 (char *) &on, sizeof(on)) < 0)
1945 goto bad;
1946 /* anchor socket to avoid multi-homing problems */
1947 data_source = ctrl_addr;
1948 /*
1949 * By default source port for PORT connctions is
1950 * ctrlport-1 (see RFC959 section 5.2).
1951 * However, if privs have been dropped and that
1952 * would be < IPPORT_RESERVED, use a random port
1953 * instead.
1954 */
1955 if (dataport)
1956 port = dataport;
1957 else
1958 port = ntohs(ctrl_addr.su_port) - 1;
1959 if (dropprivs && port < IPPORT_RESERVED)
1960 port = 0; /* use random port */
1961 data_source.su_port = htons(port);
1962
1963 for (tries = 1; ; tries++) {
1964 if (bind(s, (struct sockaddr *)&data_source.si_su,
1965 data_source.su_len) >= 0)
1966 break;
1967 if (errno != EADDRINUSE || tries > 10)
1968 goto bad;
1969 sleep(tries);
1970 }
1971 if (! dropprivs)
1972 (void) seteuid((uid_t)pw->pw_uid);
1973 #ifdef IP_TOS
1974 if (!mapped && ctrl_addr.su_family == AF_INET) {
1975 on = IPTOS_THROUGHPUT;
1976 if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&on,
1977 sizeof(int)) < 0)
1978 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
1979 }
1980 #endif
1981 return (fdopen(s, fmode));
1982 bad:
1983 /* Return the real value of errno (close may change it) */
1984 t = errno;
1985 if (! dropprivs)
1986 (void) seteuid((uid_t)pw->pw_uid);
1987 (void) close(s);
1988 errno = t;
1989 return (NULL);
1990 }
1991
1992 FILE *
dataconn(const char * name,off_t size,const char * fmode)1993 dataconn(const char *name, off_t size, const char *fmode)
1994 {
1995 char sizebuf[32];
1996 FILE *file;
1997 int retry, tos, keepalive, conerrno;
1998
1999 file_size = size;
2000 byte_count = 0;
2001 if (size != (off_t) -1)
2002 (void)snprintf(sizebuf, sizeof(sizebuf), " (" LLF " byte%s)",
2003 (LLT)size, PLURAL(size));
2004 else
2005 sizebuf[0] = '\0';
2006 if (pdata >= 0) {
2007 struct sockinet from;
2008 int s;
2009 socklen_t fromlen = sizeof(from.su_len);
2010
2011 (void) alarm(curclass.timeout);
2012 s = accept(pdata, (struct sockaddr *)&from.si_su, &fromlen);
2013 (void) alarm(0);
2014 if (s < 0) {
2015 reply(425, "Can't open data connection.");
2016 (void) close(pdata);
2017 pdata = -1;
2018 return (NULL);
2019 }
2020 (void) close(pdata);
2021 pdata = s;
2022 switch (from.su_family) {
2023 case AF_INET:
2024 #ifdef IP_TOS
2025 if (!mapped) {
2026 tos = IPTOS_THROUGHPUT;
2027 (void) setsockopt(s, IPPROTO_IP, IP_TOS,
2028 (char *)&tos, sizeof(int));
2029 }
2030 break;
2031 #endif
2032 }
2033 /* Set keepalives on the socket to detect dropped conns. */
2034 #ifdef SO_KEEPALIVE
2035 keepalive = 1;
2036 (void) setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
2037 (char *)&keepalive, sizeof(int));
2038 #endif
2039 reply(150, "Opening %s mode data connection for '%s'%s.",
2040 type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
2041 return (fdopen(pdata, fmode));
2042 }
2043 if (data >= 0) {
2044 reply(125, "Using existing data connection for '%s'%s.",
2045 name, sizebuf);
2046 usedefault = 1;
2047 return (fdopen(data, fmode));
2048 }
2049 if (usedefault)
2050 data_dest = his_addr;
2051 usedefault = 1;
2052 retry = conerrno = 0;
2053 do {
2054 file = getdatasock(fmode);
2055 if (file == NULL) {
2056 char hbuf[NI_MAXHOST];
2057 char pbuf[NI_MAXSERV];
2058
2059 if (getnameinfo((struct sockaddr *)&data_source.si_su,
2060 data_source.su_len, hbuf, sizeof(hbuf), pbuf,
2061 sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV))
2062 strlcpy(hbuf, "?", sizeof(hbuf));
2063 reply(425, "Can't create data socket (%s,%s): %s.",
2064 hbuf, pbuf, strerror(errno));
2065 return (NULL);
2066 }
2067 data = fileno(file);
2068 conerrno = 0;
2069 if (connect(data, (struct sockaddr *)&data_dest.si_su,
2070 data_dest.su_len) == 0)
2071 break;
2072 conerrno = errno;
2073 (void) fclose(file);
2074 file = NULL;
2075 data = -1;
2076 if (conerrno == EADDRINUSE) {
2077 sleep((unsigned) swaitint);
2078 retry += swaitint;
2079 } else {
2080 break;
2081 }
2082 } while (retry <= swaitmax);
2083 if (conerrno != 0) {
2084 perror_reply(425, "Can't build data connection");
2085 return (NULL);
2086 }
2087 reply(150, "Opening %s mode data connection for '%s'%s.",
2088 type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
2089 return (file);
2090 }
2091
2092 void
closedataconn(FILE * fd)2093 closedataconn(FILE *fd)
2094 {
2095
2096 if (fd == NULL)
2097 return;
2098 (void)fclose(fd);
2099 data = -1;
2100 if (pdata >= 0)
2101 (void)close(pdata);
2102 pdata = -1;
2103 }
2104
2105 int
write_data(int fd,char * buf,size_t size,off_t * bufrem,struct timeval * then,int isdata)2106 write_data(int fd, char *buf, size_t size, off_t *bufrem,
2107 struct timeval *then, int isdata)
2108 {
2109 struct timeval now, td;
2110 ssize_t c;
2111
2112 while (size > 0) {
2113 c = size;
2114 if (curclass.writesize) {
2115 if (curclass.writesize < c)
2116 c = curclass.writesize;
2117 }
2118 if (curclass.rateget) {
2119 if (*bufrem < c)
2120 c = *bufrem;
2121 }
2122 (void) alarm(curclass.timeout);
2123 c = write(fd, buf, c);
2124 if (c <= 0)
2125 return (1);
2126 buf += c;
2127 size -= c;
2128 byte_count += c;
2129 if (isdata) {
2130 total_data_out += c;
2131 total_data += c;
2132 }
2133 total_bytes_out += c;
2134 total_bytes += c;
2135 if (curclass.rateget) {
2136 *bufrem -= c;
2137 if (*bufrem == 0) {
2138 (void)gettimeofday(&now, NULL);
2139 timersub(&now, then, &td);
2140 if (td.tv_sec == 0) {
2141 usleep(1000000 - td.tv_usec);
2142 (void)gettimeofday(then, NULL);
2143 } else
2144 *then = now;
2145 *bufrem = curclass.rateget;
2146 }
2147 }
2148 }
2149 return (0);
2150 }
2151
2152 static enum send_status
send_data_with_read(int filefd,int netfd,const struct stat * st,int isdata)2153 send_data_with_read(int filefd, int netfd, const struct stat *st, int isdata)
2154 {
2155 struct timeval then;
2156 off_t bufrem;
2157 ssize_t readsize;
2158 char *buf;
2159 int c, error;
2160
2161 if (curclass.readsize > 0)
2162 readsize = curclass.readsize;
2163 else
2164 readsize = st->st_blksize;
2165 if ((buf = malloc(readsize)) == NULL) {
2166 perror_reply(451, "Local resource failure: malloc");
2167 return (SS_NO_TRANSFER);
2168 }
2169
2170 if (curclass.rateget) {
2171 bufrem = curclass.rateget;
2172 (void)gettimeofday(&then, NULL);
2173 } else
2174 bufrem = readsize;
2175 for (;;) {
2176 (void) alarm(curclass.timeout);
2177 c = read(filefd, buf, readsize);
2178 if (c == 0)
2179 error = SS_SUCCESS;
2180 else if (c < 0)
2181 error = SS_FILE_ERROR;
2182 else if (write_data(netfd, buf, c, &bufrem, &then, isdata))
2183 error = SS_DATA_ERROR;
2184 else if (urgflag && handleoobcmd())
2185 error = SS_ABORTED;
2186 else
2187 continue;
2188
2189 free(buf);
2190 return (error);
2191 }
2192 }
2193
2194 static enum send_status
send_data_with_mmap(int filefd,int netfd,const struct stat * st,int isdata)2195 send_data_with_mmap(int filefd, int netfd, const struct stat *st, int isdata)
2196 {
2197 struct timeval then;
2198 off_t bufrem, filesize, off, origoff;
2199 ssize_t mapsize, winsize;
2200 int error, sendbufsize, sendlowat;
2201 void *win;
2202
2203 bufrem = 0;
2204 if (curclass.sendbufsize) {
2205 sendbufsize = curclass.sendbufsize;
2206 if (setsockopt(netfd, SOL_SOCKET, SO_SNDBUF,
2207 &sendbufsize, sizeof(int)) == -1)
2208 syslog(LOG_WARNING, "setsockopt(SO_SNDBUF, %d): %m",
2209 sendbufsize);
2210 }
2211
2212 if (curclass.sendlowat) {
2213 sendlowat = curclass.sendlowat;
2214 if (setsockopt(netfd, SOL_SOCKET, SO_SNDLOWAT,
2215 &sendlowat, sizeof(int)) == -1)
2216 syslog(LOG_WARNING, "setsockopt(SO_SNDLOWAT, %d): %m",
2217 sendlowat);
2218 }
2219
2220 winsize = curclass.mmapsize;
2221 filesize = st->st_size;
2222 if (ftpd_debug)
2223 syslog(LOG_INFO, "mmapsize = " LLF ", writesize = " LLF,
2224 (LLT)winsize, (LLT)curclass.writesize);
2225 if (winsize <= 0)
2226 goto try_read;
2227
2228 off = lseek(filefd, (off_t)0, SEEK_CUR);
2229 if (off == -1)
2230 goto try_read;
2231
2232 origoff = off;
2233 if (curclass.rateget) {
2234 bufrem = curclass.rateget;
2235 (void)gettimeofday(&then, NULL);
2236 } else
2237 bufrem = winsize;
2238 while (1) {
2239 mapsize = MIN(filesize - off, winsize);
2240 if (mapsize == 0)
2241 break;
2242 win = mmap(NULL, mapsize, PROT_READ,
2243 MAP_FILE|MAP_SHARED, filefd, off);
2244 if (win == MAP_FAILED) {
2245 if (off == origoff)
2246 goto try_read;
2247 return (SS_FILE_ERROR);
2248 }
2249 #if !defined(__minix)
2250 (void) madvise(win, mapsize, MADV_SEQUENTIAL);
2251 #endif /* !defined(__minix) */
2252 error = write_data(netfd, win, mapsize, &bufrem, &then,
2253 isdata);
2254 #if !defined(__minix)
2255 (void) madvise(win, mapsize, MADV_DONTNEED);
2256 #endif /* !defined(__minix) */
2257 munmap(win, mapsize);
2258 if (urgflag && handleoobcmd())
2259 return (SS_ABORTED);
2260 if (error)
2261 return (SS_DATA_ERROR);
2262 off += mapsize;
2263 }
2264 return (SS_SUCCESS);
2265
2266 try_read:
2267 return (send_data_with_read(filefd, netfd, st, isdata));
2268 }
2269
2270 /*
2271 * Transfer the contents of "instr" to "outstr" peer using the appropriate
2272 * encapsulation of the data subject to Mode, Structure, and Type.
2273 *
2274 * NB: Form isn't handled.
2275 */
2276 static int
send_data(FILE * instr,FILE * outstr,const struct stat * st,int isdata)2277 send_data(FILE *instr, FILE *outstr, const struct stat *st, int isdata)
2278 {
2279 int c, filefd, netfd, rval;
2280
2281 urgflag = 0;
2282 transflag = 1;
2283 rval = -1;
2284
2285 switch (type) {
2286
2287 case TYPE_A:
2288 /* XXXLUKEM: rate limit ascii send (get) */
2289 (void) alarm(curclass.timeout);
2290 while ((c = getc(instr)) != EOF) {
2291 if (urgflag && handleoobcmd())
2292 goto cleanup_send_data;
2293 byte_count++;
2294 if (c == '\n') {
2295 if (ferror(outstr))
2296 goto data_err;
2297 (void) putc('\r', outstr);
2298 if (isdata) {
2299 total_data_out++;
2300 total_data++;
2301 }
2302 total_bytes_out++;
2303 total_bytes++;
2304 }
2305 (void) putc(c, outstr);
2306 if (isdata) {
2307 total_data_out++;
2308 total_data++;
2309 }
2310 total_bytes_out++;
2311 total_bytes++;
2312 if ((byte_count % 4096) == 0)
2313 (void) alarm(curclass.timeout);
2314 }
2315 (void) alarm(0);
2316 fflush(outstr);
2317 if (ferror(instr))
2318 goto file_err;
2319 if (ferror(outstr))
2320 goto data_err;
2321 rval = 0;
2322 goto cleanup_send_data;
2323
2324 case TYPE_I:
2325 case TYPE_L:
2326 filefd = fileno(instr);
2327 netfd = fileno(outstr);
2328 switch (send_data_with_mmap(filefd, netfd, st, isdata)) {
2329
2330 case SS_SUCCESS:
2331 break;
2332
2333 case SS_ABORTED:
2334 case SS_NO_TRANSFER:
2335 goto cleanup_send_data;
2336
2337 case SS_FILE_ERROR:
2338 goto file_err;
2339
2340 case SS_DATA_ERROR:
2341 goto data_err;
2342 }
2343 rval = 0;
2344 goto cleanup_send_data;
2345
2346 default:
2347 reply(550, "Unimplemented TYPE %d in send_data", type);
2348 goto cleanup_send_data;
2349 }
2350
2351 data_err:
2352 (void) alarm(0);
2353 perror_reply(426, "Data connection");
2354 goto cleanup_send_data;
2355
2356 file_err:
2357 (void) alarm(0);
2358 perror_reply(551, "Error on input file");
2359 goto cleanup_send_data;
2360
2361 cleanup_send_data:
2362 (void) alarm(0);
2363 transflag = 0;
2364 urgflag = 0;
2365 if (isdata) {
2366 total_files_out++;
2367 total_files++;
2368 }
2369 total_xfers_out++;
2370 total_xfers++;
2371 return (rval);
2372 }
2373
2374 /*
2375 * Transfer data from peer to "outstr" using the appropriate encapulation of
2376 * the data subject to Mode, Structure, and Type.
2377 *
2378 * N.B.: Form isn't handled.
2379 */
2380 static int
receive_data(FILE * instr,FILE * outstr)2381 receive_data(FILE *instr, FILE *outstr)
2382 {
2383 int c, netfd, filefd, rval;
2384 int volatile bare_lfs;
2385 off_t byteswritten;
2386 char *buf;
2387 ssize_t readsize;
2388 struct sigaction sa, sa_saved;
2389 struct stat st;
2390
2391 memset(&sa, 0, sizeof(sa));
2392 sigfillset(&sa.sa_mask);
2393 sa.sa_flags = SA_RESTART;
2394 sa.sa_handler = lostconn;
2395 (void) sigaction(SIGALRM, &sa, &sa_saved);
2396
2397 bare_lfs = 0;
2398 urgflag = 0;
2399 transflag = 1;
2400 rval = -1;
2401 byteswritten = 0;
2402 buf = NULL;
2403
2404 #define FILESIZECHECK(x) \
2405 do { \
2406 if (curclass.maxfilesize != -1 && \
2407 (x) > curclass.maxfilesize) { \
2408 errno = EFBIG; \
2409 goto file_err; \
2410 } \
2411 } while (0)
2412
2413 switch (type) {
2414
2415 case TYPE_I:
2416 case TYPE_L:
2417 netfd = fileno(instr);
2418 filefd = fileno(outstr);
2419 (void) alarm(curclass.timeout);
2420 if (curclass.readsize)
2421 readsize = curclass.readsize;
2422 else if (fstat(filefd, &st) != -1)
2423 readsize = (ssize_t)st.st_blksize;
2424 else
2425 readsize = BUFSIZ;
2426 if ((buf = malloc(readsize)) == NULL) {
2427 perror_reply(451, "Local resource failure: malloc");
2428 goto cleanup_recv_data;
2429 }
2430 if (curclass.rateput) {
2431 while (1) {
2432 int d;
2433 struct timeval then, now, td;
2434 off_t bufrem;
2435
2436 (void)gettimeofday(&then, NULL);
2437 errno = c = d = 0;
2438 for (bufrem = curclass.rateput; bufrem > 0; ) {
2439 if ((c = read(netfd, buf,
2440 MIN(readsize, bufrem))) <= 0)
2441 goto recvdone;
2442 if (urgflag && handleoobcmd())
2443 goto cleanup_recv_data;
2444 FILESIZECHECK(byte_count + c);
2445 if ((d = write(filefd, buf, c)) != c)
2446 goto file_err;
2447 (void) alarm(curclass.timeout);
2448 bufrem -= c;
2449 byte_count += c;
2450 total_data_in += c;
2451 total_data += c;
2452 total_bytes_in += c;
2453 total_bytes += c;
2454 }
2455 (void)gettimeofday(&now, NULL);
2456 timersub(&now, &then, &td);
2457 if (td.tv_sec == 0)
2458 usleep(1000000 - td.tv_usec);
2459 }
2460 } else {
2461 while ((c = read(netfd, buf, readsize)) > 0) {
2462 if (urgflag && handleoobcmd())
2463 goto cleanup_recv_data;
2464 FILESIZECHECK(byte_count + c);
2465 if (write(filefd, buf, c) != c)
2466 goto file_err;
2467 (void) alarm(curclass.timeout);
2468 byte_count += c;
2469 total_data_in += c;
2470 total_data += c;
2471 total_bytes_in += c;
2472 total_bytes += c;
2473 }
2474 }
2475 recvdone:
2476 if (c < 0)
2477 goto data_err;
2478 rval = 0;
2479 goto cleanup_recv_data;
2480
2481 case TYPE_E:
2482 reply(553, "TYPE E not implemented.");
2483 goto cleanup_recv_data;
2484
2485 case TYPE_A:
2486 (void) alarm(curclass.timeout);
2487 /* XXXLUKEM: rate limit ascii receive (put) */
2488 while ((c = getc(instr)) != EOF) {
2489 if (urgflag && handleoobcmd())
2490 goto cleanup_recv_data;
2491 byte_count++;
2492 total_data_in++;
2493 total_data++;
2494 total_bytes_in++;
2495 total_bytes++;
2496 if ((byte_count % 4096) == 0)
2497 (void) alarm(curclass.timeout);
2498 if (c == '\n')
2499 bare_lfs++;
2500 while (c == '\r') {
2501 if (ferror(outstr))
2502 goto data_err;
2503 if ((c = getc(instr)) != '\n') {
2504 byte_count++;
2505 total_data_in++;
2506 total_data++;
2507 total_bytes_in++;
2508 total_bytes++;
2509 if ((byte_count % 4096) == 0)
2510 (void) alarm(curclass.timeout);
2511 byteswritten++;
2512 FILESIZECHECK(byteswritten);
2513 (void) putc ('\r', outstr);
2514 if (c == '\0' || c == EOF)
2515 goto contin2;
2516 }
2517 }
2518 byteswritten++;
2519 FILESIZECHECK(byteswritten);
2520 (void) putc(c, outstr);
2521 contin2: ;
2522 }
2523 (void) alarm(0);
2524 fflush(outstr);
2525 if (ferror(instr))
2526 goto data_err;
2527 if (ferror(outstr))
2528 goto file_err;
2529 if (bare_lfs) {
2530 reply(-226,
2531 "WARNING! %d bare linefeeds received in ASCII mode",
2532 bare_lfs);
2533 reply(0, "File may not have transferred correctly.");
2534 }
2535 rval = 0;
2536 goto cleanup_recv_data;
2537
2538 default:
2539 reply(550, "Unimplemented TYPE %d in receive_data", type);
2540 goto cleanup_recv_data;
2541 }
2542 #undef FILESIZECHECK
2543
2544 data_err:
2545 (void) alarm(0);
2546 perror_reply(426, "Data Connection");
2547 goto cleanup_recv_data;
2548
2549 file_err:
2550 (void) alarm(0);
2551 perror_reply(452, "Error writing file");
2552 goto cleanup_recv_data;
2553
2554 cleanup_recv_data:
2555 (void) alarm(0);
2556 (void) sigaction(SIGALRM, &sa_saved, NULL);
2557 if (buf)
2558 free(buf);
2559 transflag = 0;
2560 urgflag = 0;
2561 total_files_in++;
2562 total_files++;
2563 total_xfers_in++;
2564 total_xfers++;
2565 return (rval);
2566 }
2567
2568 void
statcmd(void)2569 statcmd(void)
2570 {
2571 struct sockinet *su = NULL;
2572 static char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
2573 unsigned char *a, *p;
2574 int ispassive, af;
2575 off_t otbi, otbo, otb;
2576
2577 a = p = NULL;
2578
2579 reply(-211, "%s FTP server status:", hostname);
2580 reply(0, "Version: %s", EMPTYSTR(version) ? "<suppressed>" : version);
2581 hbuf[0] = '\0';
2582 if (!getnameinfo((struct sockaddr *)&his_addr.si_su, his_addr.su_len,
2583 hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST)
2584 && strcmp(remotehost, hbuf) != 0)
2585 reply(0, "Connected to %s (%s)", remotehost, hbuf);
2586 else
2587 reply(0, "Connected to %s", remotehost);
2588
2589 if (logged_in) {
2590 if (curclass.type == CLASS_GUEST)
2591 reply(0, "Logged in anonymously");
2592 else
2593 reply(0, "Logged in as %s%s", pw->pw_name,
2594 curclass.type == CLASS_CHROOT ? " (chroot)" : "");
2595 } else if (askpasswd)
2596 reply(0, "Waiting for password");
2597 else
2598 reply(0, "Waiting for user name");
2599 cprintf(stdout, " TYPE: %s", typenames[type]);
2600 if (type == TYPE_A || type == TYPE_E)
2601 cprintf(stdout, ", FORM: %s", formnames[form]);
2602 if (type == TYPE_L) {
2603 #if NBBY == 8
2604 cprintf(stdout, " %d", NBBY);
2605 #else
2606 /* XXX: `bytesize' needs to be defined in this case */
2607 cprintf(stdout, " %d", bytesize);
2608 #endif
2609 }
2610 cprintf(stdout, "; STRUcture: %s; transfer MODE: %s\r\n",
2611 strunames[stru], modenames[mode]);
2612 ispassive = 0;
2613 if (data != -1) {
2614 reply(0, "Data connection open");
2615 su = NULL;
2616 } else if (pdata != -1) {
2617 reply(0, "in Passive mode");
2618 if (curclass.advertise.su_len != 0)
2619 su = &curclass.advertise;
2620 else
2621 su = &pasv_addr;
2622 ispassive = 1;
2623 goto printaddr;
2624 } else if (usedefault == 0) {
2625 su = (struct sockinet *)&data_dest;
2626
2627 if (epsvall) {
2628 reply(0, "EPSV only mode (EPSV ALL)");
2629 goto epsvonly;
2630 }
2631 printaddr:
2632 /* PASV/PORT */
2633 if (su->su_family == AF_INET) {
2634 a = (unsigned char *) &su->su_addr;
2635 p = (unsigned char *) &su->su_port;
2636 #define UC(b) (((int) b) & 0xff)
2637 reply(0, "%s (%d,%d,%d,%d,%d,%d)",
2638 ispassive ? "PASV" : "PORT" ,
2639 UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
2640 UC(p[0]), UC(p[1]));
2641 }
2642
2643 /* LPSV/LPRT */
2644 {
2645 int alen, i;
2646
2647 alen = 0;
2648 switch (su->su_family) {
2649 case AF_INET:
2650 a = (unsigned char *) &su->su_addr;
2651 p = (unsigned char *) &su->su_port;
2652 alen = sizeof(su->su_addr);
2653 af = 4;
2654 break;
2655 #ifdef INET6
2656 case AF_INET6:
2657 a = (unsigned char *) &su->su_6addr;
2658 p = (unsigned char *) &su->su_port;
2659 alen = sizeof(su->su_6addr);
2660 af = 6;
2661 break;
2662 #endif
2663 default:
2664 af = 0;
2665 break;
2666 }
2667 if (af) {
2668 cprintf(stdout, " %s (%d,%d",
2669 ispassive ? "LPSV" : "LPRT", af, alen);
2670 for (i = 0; i < alen; i++)
2671 cprintf(stdout, ",%d", UC(a[i]));
2672 cprintf(stdout, ",%d,%d,%d)\r\n",
2673 2, UC(p[0]), UC(p[1]));
2674 #undef UC
2675 }
2676 }
2677
2678 /* EPRT/EPSV */
2679 epsvonly:
2680 af = af2epsvproto(su->su_family);
2681 hbuf[0] = '\0';
2682 if (af > 0) {
2683 struct sockinet tmp;
2684
2685 tmp = *su;
2686 #ifdef INET6
2687 if (tmp.su_family == AF_INET6)
2688 tmp.su_scope_id = 0;
2689 #endif
2690 if (getnameinfo((struct sockaddr *)&tmp.si_su,
2691 tmp.su_len, hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
2692 NI_NUMERICHOST | NI_NUMERICSERV) == 0)
2693 reply(0, "%s (|%d|%s|%s|)",
2694 ispassive ? "EPSV" : "EPRT",
2695 af, hbuf, sbuf);
2696 }
2697 } else
2698 reply(0, "No data connection");
2699
2700 if (logged_in) {
2701 reply(0,
2702 "Data sent: " LLF " byte%s in " LLF " file%s",
2703 (LLT)total_data_out, PLURAL(total_data_out),
2704 (LLT)total_files_out, PLURAL(total_files_out));
2705 reply(0,
2706 "Data received: " LLF " byte%s in " LLF " file%s",
2707 (LLT)total_data_in, PLURAL(total_data_in),
2708 (LLT)total_files_in, PLURAL(total_files_in));
2709 reply(0,
2710 "Total data: " LLF " byte%s in " LLF " file%s",
2711 (LLT)total_data, PLURAL(total_data),
2712 (LLT)total_files, PLURAL(total_files));
2713 }
2714 otbi = total_bytes_in;
2715 otbo = total_bytes_out;
2716 otb = total_bytes;
2717 reply(0, "Traffic sent: " LLF " byte%s in " LLF " transfer%s",
2718 (LLT)otbo, PLURAL(otbo),
2719 (LLT)total_xfers_out, PLURAL(total_xfers_out));
2720 reply(0, "Traffic received: " LLF " byte%s in " LLF " transfer%s",
2721 (LLT)otbi, PLURAL(otbi),
2722 (LLT)total_xfers_in, PLURAL(total_xfers_in));
2723 reply(0, "Total traffic: " LLF " byte%s in " LLF " transfer%s",
2724 (LLT)otb, PLURAL(otb),
2725 (LLT)total_xfers, PLURAL(total_xfers));
2726
2727 if (logged_in && !CURCLASS_FLAGS_ISSET(private)) {
2728 struct ftpconv *cp;
2729
2730 reply(0, "%s", "");
2731 reply(0, "Class: %s, type: %s",
2732 curclass.classname, CURCLASSTYPE);
2733 reply(0, "Check PORT/LPRT commands: %sabled",
2734 CURCLASS_FLAGS_ISSET(checkportcmd) ? "en" : "dis");
2735 if (! EMPTYSTR(curclass.display))
2736 reply(0, "Display file: %s", curclass.display);
2737 if (! EMPTYSTR(curclass.notify))
2738 reply(0, "Notify fileglob: %s", curclass.notify);
2739 reply(0, "Idle timeout: " LLF ", maximum timeout: " LLF,
2740 (LLT)curclass.timeout, (LLT)curclass.maxtimeout);
2741 reply(0, "Current connections: %d", connections);
2742 if (curclass.limit == -1)
2743 reply(0, "Maximum connections: unlimited");
2744 else
2745 reply(0, "Maximum connections: " LLF,
2746 (LLT)curclass.limit);
2747 if (curclass.limitfile)
2748 reply(0, "Connection limit exceeded message file: %s",
2749 conffilename(curclass.limitfile));
2750 if (! EMPTYSTR(curclass.chroot))
2751 reply(0, "Chroot format: %s", curclass.chroot);
2752 reply(0, "Deny bad ftpusers(5) quickly: %sabled",
2753 CURCLASS_FLAGS_ISSET(denyquick) ? "en" : "dis");
2754 if (! EMPTYSTR(curclass.homedir))
2755 reply(0, "Homedir format: %s", curclass.homedir);
2756 if (curclass.maxfilesize == -1)
2757 reply(0, "Maximum file size: unlimited");
2758 else
2759 reply(0, "Maximum file size: " LLF,
2760 (LLT)curclass.maxfilesize);
2761 if (! EMPTYSTR(curclass.motd))
2762 reply(0, "MotD file: %s", conffilename(curclass.motd));
2763 reply(0,
2764 "Modify commands (CHMOD, DELE, MKD, RMD, RNFR, UMASK): %sabled",
2765 CURCLASS_FLAGS_ISSET(modify) ? "en" : "dis");
2766 reply(0, "Upload commands (APPE, STOR, STOU): %sabled",
2767 CURCLASS_FLAGS_ISSET(upload) ? "en" : "dis");
2768 reply(0, "Sanitize file names: %sabled",
2769 CURCLASS_FLAGS_ISSET(sanenames) ? "en" : "dis");
2770 reply(0, "PASV/LPSV/EPSV connections: %sabled",
2771 CURCLASS_FLAGS_ISSET(passive) ? "en" : "dis");
2772 if (curclass.advertise.su_len != 0) {
2773 char buf[50]; /* big enough for IPv6 address */
2774 const char *bp;
2775
2776 bp = inet_ntop(curclass.advertise.su_family,
2777 (void *)&curclass.advertise.su_addr,
2778 buf, sizeof(buf));
2779 if (bp != NULL)
2780 reply(0, "PASV advertise address: %s", bp);
2781 }
2782 if (curclass.portmin && curclass.portmax)
2783 reply(0, "PASV port range: " LLF " - " LLF,
2784 (LLT)curclass.portmin, (LLT)curclass.portmax);
2785 if (curclass.rateget)
2786 reply(0, "Rate get limit: " LLF " bytes/sec",
2787 (LLT)curclass.rateget);
2788 else
2789 reply(0, "Rate get limit: disabled");
2790 if (curclass.rateput)
2791 reply(0, "Rate put limit: " LLF " bytes/sec",
2792 (LLT)curclass.rateput);
2793 else
2794 reply(0, "Rate put limit: disabled");
2795 if (curclass.mmapsize)
2796 reply(0, "Mmap size: " LLF, (LLT)curclass.mmapsize);
2797 else
2798 reply(0, "Mmap size: disabled");
2799 if (curclass.readsize)
2800 reply(0, "Read size: " LLF, (LLT)curclass.readsize);
2801 else
2802 reply(0, "Read size: default");
2803 if (curclass.writesize)
2804 reply(0, "Write size: " LLF, (LLT)curclass.writesize);
2805 else
2806 reply(0, "Write size: default");
2807 if (curclass.recvbufsize)
2808 reply(0, "Receive buffer size: " LLF,
2809 (LLT)curclass.recvbufsize);
2810 else
2811 reply(0, "Receive buffer size: default");
2812 if (curclass.sendbufsize)
2813 reply(0, "Send buffer size: " LLF,
2814 (LLT)curclass.sendbufsize);
2815 else
2816 reply(0, "Send buffer size: default");
2817 if (curclass.sendlowat)
2818 reply(0, "Send low water mark: " LLF,
2819 (LLT)curclass.sendlowat);
2820 else
2821 reply(0, "Send low water mark: default");
2822 reply(0, "Umask: %.04o", curclass.umask);
2823 for (cp = curclass.conversions; cp != NULL; cp=cp->next) {
2824 if (cp->suffix == NULL || cp->types == NULL ||
2825 cp->command == NULL)
2826 continue;
2827 reply(0, "Conversion: %s [%s] disable: %s, command: %s",
2828 cp->suffix, cp->types, cp->disable, cp->command);
2829 }
2830 }
2831
2832 reply(211, "End of status");
2833 }
2834
2835 void
fatal(const char * s)2836 fatal(const char *s)
2837 {
2838
2839 reply(451, "Error in server: %s\n", s);
2840 reply(221, "Closing connection due to server error.");
2841 dologout(0);
2842 /* NOTREACHED */
2843 }
2844
2845 /*
2846 * reply() --
2847 * depending on the value of n, display fmt with a trailing CRLF and
2848 * prefix of:
2849 * n < -1 prefix the message with abs(n) + "-" (initial line)
2850 * n == 0 prefix the message with 4 spaces (middle lines)
2851 * n > 0 prefix the message with n + " " (final line)
2852 */
2853 void
reply(int n,const char * fmt,...)2854 reply(int n, const char *fmt, ...)
2855 {
2856 char msg[MAXPATHLEN * 2 + 100];
2857 size_t b;
2858 va_list ap;
2859
2860 if (n == 0)
2861 b = snprintf(msg, sizeof(msg), " ");
2862 else if (n < 0)
2863 b = snprintf(msg, sizeof(msg), "%d-", -n);
2864 else
2865 b = snprintf(msg, sizeof(msg), "%d ", n);
2866 va_start(ap, fmt);
2867 vsnprintf(msg + b, sizeof(msg) - b, fmt, ap);
2868 va_end(ap);
2869 cprintf(stdout, "%s\r\n", msg);
2870 (void)fflush(stdout);
2871 if (ftpd_debug)
2872 syslog(LOG_DEBUG, "<--- %s", msg);
2873 }
2874
2875 static void
logremotehost(struct sockinet * who)2876 logremotehost(struct sockinet *who)
2877 {
2878
2879 #if defined(HAVE_SOCKADDR_SNPRINTF)
2880 char abuf[BUFSIZ];
2881 #endif
2882
2883 struct sockaddr *sa = (struct sockaddr *)&who->si_su;
2884 if (getnameinfo(sa, who->su_len, remotehost, sizeof(remotehost), NULL,
2885 0, getnameopts))
2886 strlcpy(remotehost, "?", sizeof(remotehost));
2887 #if defined(HAVE_SOCKADDR_SNPRINTF)
2888 sockaddr_snprintf(abuf, sizeof(abuf), "%a", sa);
2889 snprintf(remoteloghost, sizeof(remoteloghost), "%s(%s)", remotehost,
2890 abuf);
2891 #else
2892 strlcpy(remoteloghost, remotehost, sizeof(remoteloghost));
2893 #endif
2894
2895 #if defined(HAVE_SETPROCTITLE)
2896 snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
2897 setproctitle("%s", proctitle);
2898 #endif /* defined(HAVE_SETPROCTITLE) */
2899 if (logging)
2900 syslog(LOG_INFO, "connection from %s to %s",
2901 remoteloghost, hostname);
2902 }
2903
2904 /*
2905 * Record logout in wtmp file and exit with supplied status.
2906 * NOTE: because this is called from signal handlers it cannot
2907 * use stdio (or call other functions that use stdio).
2908 */
2909 void
dologout(int status)2910 dologout(int status)
2911 {
2912 /*
2913 * Prevent reception of SIGURG from resulting in a resumption
2914 * back to the main program loop.
2915 */
2916 transflag = 0;
2917 logout_utmp();
2918 if (logged_in) {
2919 #ifdef KERBEROS
2920 if (!notickets && krbtkfile_env)
2921 unlink(krbtkfile_env);
2922 #endif
2923 }
2924 /* beware of flushing buffers after a SIGPIPE */
2925 if (xferlogfd != -1)
2926 close(xferlogfd);
2927 _exit(status);
2928 }
2929
2930 void
abor(void)2931 abor(void)
2932 {
2933
2934 if (!transflag)
2935 return;
2936 tmpline[0] = '\0';
2937 is_oob = 0;
2938 reply(426, "Transfer aborted. Data connection closed.");
2939 reply(226, "Abort successful");
2940 transflag = 0; /* flag that the transfer has aborted */
2941 }
2942
2943 void
statxfer(void)2944 statxfer(void)
2945 {
2946
2947 if (!transflag)
2948 return;
2949 tmpline[0] = '\0';
2950 is_oob = 0;
2951 if (file_size != (off_t) -1)
2952 reply(213,
2953 "Status: " LLF " of " LLF " byte%s transferred",
2954 (LLT)byte_count, (LLT)file_size,
2955 PLURAL(byte_count));
2956 else
2957 reply(213, "Status: " LLF " byte%s transferred",
2958 (LLT)byte_count, PLURAL(byte_count));
2959 }
2960
2961 /*
2962 * Call when urgflag != 0 to handle Out Of Band commands.
2963 * Returns non zero if the OOB command aborted the transfer
2964 * by setting transflag to 0. (c.f., "ABOR").
2965 */
2966 static int
handleoobcmd(void)2967 handleoobcmd(void)
2968 {
2969 char *cp;
2970 int ret;
2971
2972 if (!urgflag)
2973 return (0);
2974 urgflag = 0;
2975 /* only process if transfer occurring */
2976 if (!transflag)
2977 return (0);
2978 cp = tmpline;
2979 ret = get_line(cp, sizeof(tmpline)-1, stdin);
2980 if (ret == -1) {
2981 reply(221, "You could at least say goodbye.");
2982 dologout(0);
2983 } else if (ret == -2) {
2984 /* Ignore truncated command */
2985 /* XXX: abort xfer with "500 command too long", & return 1 ? */
2986 return 0;
2987 }
2988 /*
2989 * Manually parse OOB commands, because we can't
2990 * recursively call the yacc parser...
2991 */
2992 if (strcasecmp(cp, "ABOR\r\n") == 0) {
2993 abor();
2994 } else if (strcasecmp(cp, "STAT\r\n") == 0) {
2995 statxfer();
2996 } else {
2997 /* XXX: error with "500 unknown command" ? */
2998 }
2999 return (transflag == 0);
3000 }
3001
3002 static int
bind_pasv_addr(void)3003 bind_pasv_addr(void)
3004 {
3005 static int passiveport;
3006 int port, len;
3007
3008 len = pasv_addr.su_len;
3009 if (curclass.portmin == 0 && curclass.portmax == 0) {
3010 pasv_addr.su_port = 0;
3011 return (bind(pdata, (struct sockaddr *)&pasv_addr.si_su, len));
3012 }
3013
3014 if (passiveport == 0) {
3015 srand(getpid());
3016 passiveport = rand() % (curclass.portmax - curclass.portmin)
3017 + curclass.portmin;
3018 }
3019
3020 port = passiveport;
3021 while (1) {
3022 port++;
3023 if (port > curclass.portmax)
3024 port = curclass.portmin;
3025 else if (port == passiveport) {
3026 errno = EAGAIN;
3027 return (-1);
3028 }
3029 pasv_addr.su_port = htons(port);
3030 if (bind(pdata, (struct sockaddr *)&pasv_addr.si_su, len) == 0)
3031 break;
3032 if (errno != EADDRINUSE)
3033 return (-1);
3034 }
3035 passiveport = port;
3036 return (0);
3037 }
3038
3039 /*
3040 * Note: a response of 425 is not mentioned as a possible response to
3041 * the PASV command in RFC959. However, it has been blessed as
3042 * a legitimate response by Jon Postel in a telephone conversation
3043 * with Rick Adams on 25 Jan 89.
3044 */
3045 void
passive(void)3046 passive(void)
3047 {
3048 socklen_t len;
3049 int recvbufsize;
3050 char *p, *a;
3051
3052 if (pdata >= 0)
3053 close(pdata);
3054 pdata = socket(AF_INET, SOCK_STREAM, 0);
3055 if (pdata < 0 || !logged_in) {
3056 perror_reply(425, "Can't open passive connection");
3057 return;
3058 }
3059 pasv_addr = ctrl_addr;
3060
3061 if (bind_pasv_addr() < 0)
3062 goto pasv_error;
3063 len = pasv_addr.su_len;
3064 if (getsockname(pdata, (struct sockaddr *) &pasv_addr.si_su, &len) < 0)
3065 goto pasv_error;
3066 pasv_addr.su_len = len;
3067 if (curclass.recvbufsize) {
3068 recvbufsize = curclass.recvbufsize;
3069 if (setsockopt(pdata, SOL_SOCKET, SO_RCVBUF, &recvbufsize,
3070 sizeof(int)) == -1)
3071 syslog(LOG_WARNING, "setsockopt(SO_RCVBUF, %d): %m",
3072 recvbufsize);
3073 }
3074 if (listen(pdata, 1) < 0)
3075 goto pasv_error;
3076 if (curclass.advertise.su_len != 0)
3077 a = (char *) &curclass.advertise.su_addr;
3078 else
3079 a = (char *) &pasv_addr.su_addr;
3080 p = (char *) &pasv_addr.su_port;
3081
3082 #define UC(b) (((int) b) & 0xff)
3083
3084 reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
3085 UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
3086 return;
3087
3088 pasv_error:
3089 (void) close(pdata);
3090 pdata = -1;
3091 perror_reply(425, "Can't open passive connection");
3092 return;
3093 }
3094
3095 /*
3096 * convert protocol identifier to/from AF
3097 */
3098 int
lpsvproto2af(int proto)3099 lpsvproto2af(int proto)
3100 {
3101
3102 switch (proto) {
3103 case 4:
3104 return AF_INET;
3105 #ifdef INET6
3106 case 6:
3107 return AF_INET6;
3108 #endif
3109 default:
3110 return -1;
3111 }
3112 }
3113
3114 int
af2lpsvproto(int af)3115 af2lpsvproto(int af)
3116 {
3117
3118 switch (af) {
3119 case AF_INET:
3120 return 4;
3121 #ifdef INET6
3122 case AF_INET6:
3123 return 6;
3124 #endif
3125 default:
3126 return -1;
3127 }
3128 }
3129
3130 int
epsvproto2af(int proto)3131 epsvproto2af(int proto)
3132 {
3133
3134 switch (proto) {
3135 case 1:
3136 return AF_INET;
3137 #ifdef INET6
3138 case 2:
3139 return AF_INET6;
3140 #endif
3141 default:
3142 return -1;
3143 }
3144 }
3145
3146 int
af2epsvproto(int af)3147 af2epsvproto(int af)
3148 {
3149
3150 switch (af) {
3151 case AF_INET:
3152 return 1;
3153 #ifdef INET6
3154 case AF_INET6:
3155 return 2;
3156 #endif
3157 default:
3158 return -1;
3159 }
3160 }
3161
3162 /*
3163 * 228 Entering Long Passive Mode (af, hal, h1, h2, h3,..., pal, p1, p2...)
3164 * 229 Entering Extended Passive Mode (|||port|)
3165 */
3166 void
long_passive(const char * cmd,int pf)3167 long_passive(const char *cmd, int pf)
3168 {
3169 socklen_t len;
3170 char *p, *a;
3171
3172 if (!logged_in) {
3173 syslog(LOG_NOTICE, "long passive but not logged in");
3174 reply(503, "Login with USER first.");
3175 return;
3176 }
3177
3178 if (pf != PF_UNSPEC && ctrl_addr.su_family != pf) {
3179 /*
3180 * XXX: only EPRT/EPSV ready clients will understand this
3181 */
3182 if (strcmp(cmd, "EPSV") != 0)
3183 reply(501, "Network protocol mismatch"); /*XXX*/
3184 else
3185 epsv_protounsupp("Network protocol mismatch");
3186
3187 return;
3188 }
3189
3190 if (pdata >= 0)
3191 close(pdata);
3192 pdata = socket(ctrl_addr.su_family, SOCK_STREAM, 0);
3193 if (pdata < 0) {
3194 perror_reply(425, "Can't open passive connection");
3195 return;
3196 }
3197 pasv_addr = ctrl_addr;
3198 if (bind_pasv_addr() < 0)
3199 goto pasv_error;
3200 len = pasv_addr.su_len;
3201 if (getsockname(pdata, (struct sockaddr *) &pasv_addr.si_su, &len) < 0)
3202 goto pasv_error;
3203 pasv_addr.su_len = len;
3204 if (listen(pdata, 1) < 0)
3205 goto pasv_error;
3206 p = (char *) &pasv_addr.su_port;
3207
3208 #define UC(b) (((int) b) & 0xff)
3209
3210 if (strcmp(cmd, "LPSV") == 0) {
3211 struct sockinet *advert;
3212
3213 if (curclass.advertise.su_len != 0)
3214 advert = &curclass.advertise;
3215 else
3216 advert = &pasv_addr;
3217 switch (advert->su_family) {
3218 case AF_INET:
3219 a = (char *) &advert->su_addr;
3220 reply(228,
3221 "Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d)",
3222 4, 4, UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
3223 2, UC(p[0]), UC(p[1]));
3224 return;
3225 #ifdef INET6
3226 case AF_INET6:
3227 a = (char *) &advert->su_6addr;
3228 reply(228,
3229 "Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)",
3230 6, 16,
3231 UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
3232 UC(a[4]), UC(a[5]), UC(a[6]), UC(a[7]),
3233 UC(a[8]), UC(a[9]), UC(a[10]), UC(a[11]),
3234 UC(a[12]), UC(a[13]), UC(a[14]), UC(a[15]),
3235 2, UC(p[0]), UC(p[1]));
3236 return;
3237 #endif
3238 }
3239 #undef UC
3240 } else if (strcmp(cmd, "EPSV") == 0) {
3241 switch (pasv_addr.su_family) {
3242 case AF_INET:
3243 #ifdef INET6
3244 case AF_INET6:
3245 #endif
3246 reply(229, "Entering Extended Passive Mode (|||%d|)",
3247 ntohs(pasv_addr.su_port));
3248 return;
3249 }
3250 } else {
3251 /* more proper error code? */
3252 }
3253
3254 pasv_error:
3255 (void) close(pdata);
3256 pdata = -1;
3257 perror_reply(425, "Can't open passive connection");
3258 return;
3259 }
3260
3261 int
extended_port(const char * arg)3262 extended_port(const char *arg)
3263 {
3264 char *tmp = NULL;
3265 char *result[3];
3266 char *p, *q;
3267 char delim;
3268 struct addrinfo hints;
3269 struct addrinfo *res = NULL;
3270 int i;
3271 unsigned long proto;
3272
3273 tmp = ftpd_strdup(arg);
3274 p = tmp;
3275 delim = p[0];
3276 p++;
3277 memset(result, 0, sizeof(result));
3278 for (i = 0; i < 3; i++) {
3279 q = strchr(p, delim);
3280 if (!q || *q != delim)
3281 goto parsefail;
3282 *q++ = '\0';
3283 result[i] = p;
3284 p = q;
3285 }
3286
3287 /* some more sanity checks */
3288 errno = 0;
3289 p = NULL;
3290 (void)strtoul(result[2], &p, 10);
3291 if (errno || !*result[2] || *p)
3292 goto parsefail;
3293 errno = 0;
3294 p = NULL;
3295 proto = strtoul(result[0], &p, 10);
3296 if (errno || !*result[0] || *p)
3297 goto protounsupp;
3298
3299 memset(&hints, 0, sizeof(hints));
3300 hints.ai_family = epsvproto2af((int)proto);
3301 if (hints.ai_family < 0)
3302 goto protounsupp;
3303 hints.ai_socktype = SOCK_STREAM;
3304 hints.ai_flags = AI_NUMERICHOST;
3305 if (getaddrinfo(result[1], result[2], &hints, &res))
3306 goto parsefail;
3307 if (res->ai_next)
3308 goto parsefail;
3309 if (sizeof(data_dest) < res->ai_addrlen)
3310 goto parsefail;
3311 memcpy(&data_dest.si_su, res->ai_addr, res->ai_addrlen);
3312 data_dest.su_len = res->ai_addrlen;
3313 #ifdef INET6
3314 if (his_addr.su_family == AF_INET6 &&
3315 data_dest.su_family == AF_INET6) {
3316 /* XXX: more sanity checks! */
3317 data_dest.su_scope_id = his_addr.su_scope_id;
3318 }
3319 #endif
3320
3321 if (tmp != NULL)
3322 free(tmp);
3323 if (res)
3324 freeaddrinfo(res);
3325 return 0;
3326
3327 parsefail:
3328 reply(500, "Invalid argument, rejected.");
3329 usedefault = 1;
3330 if (tmp != NULL)
3331 free(tmp);
3332 if (res)
3333 freeaddrinfo(res);
3334 return -1;
3335
3336 protounsupp:
3337 epsv_protounsupp("Protocol not supported");
3338 usedefault = 1;
3339 if (tmp != NULL)
3340 free(tmp);
3341 return -1;
3342 }
3343
3344 /*
3345 * 522 Protocol not supported (proto,...)
3346 * as we assume address family for control and data connections are the same,
3347 * we do not return the list of address families we support - instead, we
3348 * return the address family of the control connection.
3349 */
3350 void
epsv_protounsupp(const char * message)3351 epsv_protounsupp(const char *message)
3352 {
3353 int proto;
3354
3355 proto = af2epsvproto(ctrl_addr.su_family);
3356 if (proto < 0)
3357 reply(501, "%s", message); /* XXX */
3358 else
3359 reply(522, "%s, use (%d)", message, proto);
3360 }
3361
3362 /*
3363 * Generate unique name for file with basename "local".
3364 * The file named "local" is already known to exist.
3365 * Generates failure reply on error.
3366 *
3367 * XXX: this function should under go changes similar to
3368 * the mktemp(3)/mkstemp(3) changes.
3369 */
3370 static char *
gunique(const char * local)3371 gunique(const char *local)
3372 {
3373 static char new[MAXPATHLEN];
3374 struct stat st;
3375 char *cp;
3376 int count;
3377
3378 cp = strrchr(local, '/');
3379 if (cp)
3380 *cp = '\0';
3381 if (stat(cp ? local : ".", &st) < 0) {
3382 perror_reply(553, cp ? local : ".");
3383 return (NULL);
3384 }
3385 if (cp)
3386 *cp = '/';
3387 for (count = 1; count < 100; count++) {
3388 (void)snprintf(new, sizeof(new) - 1, "%s.%d", local, count);
3389 if (stat(new, &st) < 0)
3390 return (new);
3391 }
3392 reply(452, "Unique file name cannot be created.");
3393 return (NULL);
3394 }
3395
3396 /*
3397 * Format and send reply containing system error number.
3398 */
3399 void
perror_reply(int code,const char * string)3400 perror_reply(int code, const char *string)
3401 {
3402 int save_errno;
3403
3404 save_errno = errno;
3405 reply(code, "%s: %s.", string, strerror(errno));
3406 errno = save_errno;
3407 }
3408
3409 static char *onefile[] = {
3410 NULL,
3411 0
3412 };
3413
3414 void
send_file_list(const char * whichf)3415 send_file_list(const char *whichf)
3416 {
3417 struct stat st;
3418 DIR *dirp;
3419 struct dirent *dir;
3420 FILE *volatile dout;
3421 char **volatile dirlist;
3422 char *dirname, *p;
3423 char *notglob;
3424 int volatile simple;
3425 int volatile freeglob;
3426 glob_t gl;
3427
3428 dirp = NULL;
3429 dout = NULL;
3430 notglob = NULL;
3431 simple = 0;
3432 freeglob = 0;
3433 urgflag = 0;
3434
3435 p = NULL;
3436 if (strpbrk(whichf, "~{[*?") != NULL) {
3437 int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE|GLOB_LIMIT;
3438
3439 memset(&gl, 0, sizeof(gl));
3440 freeglob = 1;
3441 if (glob(whichf, flags, 0, &gl)) {
3442 reply(450, "Not found");
3443 goto cleanup_send_file_list;
3444 } else if (gl.gl_pathc == 0) {
3445 errno = ENOENT;
3446 perror_reply(450, whichf);
3447 goto cleanup_send_file_list;
3448 }
3449 dirlist = gl.gl_pathv;
3450 } else {
3451 notglob = ftpd_strdup(whichf);
3452 onefile[0] = notglob;
3453 dirlist = onefile;
3454 simple = 1;
3455 }
3456 /* XXX: } for vi sm */
3457
3458 while ((dirname = *dirlist++) != NULL) {
3459 int trailingslash = 0;
3460
3461 if (stat(dirname, &st) < 0) {
3462 /*
3463 * If user typed "ls -l", etc, and the client
3464 * used NLST, do what the user meant.
3465 */
3466 /* XXX: nuke this support? */
3467 if (dirname[0] == '-' && *dirlist == NULL &&
3468 transflag == 0) {
3469 const char *argv[] = { INTERNAL_LS, "", NULL };
3470
3471 argv[1] = dirname;
3472 retrieve(argv, dirname);
3473 goto cleanup_send_file_list;
3474 }
3475 perror_reply(450, whichf);
3476 goto cleanup_send_file_list;
3477 }
3478
3479 if (S_ISREG(st.st_mode)) {
3480 /*
3481 * XXXRFC:
3482 * should we follow RFC959 and not work
3483 * for non directories?
3484 */
3485 if (dout == NULL) {
3486 dout = dataconn("file list", (off_t)-1, "w");
3487 if (dout == NULL)
3488 goto cleanup_send_file_list;
3489 transflag = 1;
3490 }
3491 cprintf(dout, "%s%s\n", dirname,
3492 type == TYPE_A ? "\r" : "");
3493 continue;
3494 } else if (!S_ISDIR(st.st_mode))
3495 continue;
3496
3497 if (dirname[strlen(dirname) - 1] == '/')
3498 trailingslash++;
3499
3500 if ((dirp = opendir(dirname)) == NULL)
3501 continue;
3502
3503 while ((dir = readdir(dirp)) != NULL) {
3504 char nbuf[MAXPATHLEN];
3505
3506 if (urgflag && handleoobcmd()) {
3507 (void) closedir(dirp);
3508 goto cleanup_send_file_list;
3509 }
3510
3511 if (ISDOTDIR(dir->d_name) || ISDOTDOTDIR(dir->d_name))
3512 continue;
3513
3514 (void)snprintf(nbuf, sizeof(nbuf), "%s%s%s", dirname,
3515 trailingslash ? "" : "/", dir->d_name);
3516
3517 /*
3518 * We have to do a stat to ensure it's
3519 * not a directory or special file.
3520 */
3521 /*
3522 * XXXRFC:
3523 * should we follow RFC959 and filter out
3524 * non files ? lukem - NO!, or not until
3525 * our ftp client uses MLS{T,D} for completion.
3526 */
3527 if (simple || (stat(nbuf, &st) == 0 &&
3528 S_ISREG(st.st_mode))) {
3529 if (dout == NULL) {
3530 dout = dataconn("file list", (off_t)-1,
3531 "w");
3532 if (dout == NULL) {
3533 (void) closedir(dirp);
3534 goto cleanup_send_file_list;
3535 }
3536 transflag = 1;
3537 }
3538 p = nbuf;
3539 if (nbuf[0] == '.' && nbuf[1] == '/')
3540 p = &nbuf[2];
3541 cprintf(dout, "%s%s\n", p,
3542 type == TYPE_A ? "\r" : "");
3543 }
3544 }
3545 (void) closedir(dirp);
3546 }
3547
3548 if (dout == NULL)
3549 reply(450, "No files found.");
3550 else if (ferror(dout) != 0)
3551 perror_reply(451, "Data connection");
3552 else
3553 reply(226, "Transfer complete.");
3554
3555 cleanup_send_file_list:
3556 closedataconn(dout);
3557 transflag = 0;
3558 urgflag = 0;
3559 total_xfers++;
3560 total_xfers_out++;
3561 if (notglob)
3562 free(notglob);
3563 if (freeglob)
3564 globfree(&gl);
3565 }
3566
3567 char *
conffilename(const char * s)3568 conffilename(const char *s)
3569 {
3570 static char filename[MAXPATHLEN];
3571
3572 if (*s == '/')
3573 strlcpy(filename, s, sizeof(filename));
3574 else
3575 (void)snprintf(filename, sizeof(filename), "%s/%s", confdir ,s);
3576 return (filename);
3577 }
3578
3579 /*
3580 * logxfer --
3581 * if logging > 1, then based on the arguments, syslog a message:
3582 * if bytes != -1 "<command> <file1> = <bytes> bytes"
3583 * else if file2 != NULL "<command> <file1> <file2>"
3584 * else "<command> <file1>"
3585 * if elapsed != NULL, append "in xxx.yyy seconds"
3586 * if error != NULL, append ": " + error
3587 *
3588 * if doxferlog != 0, bytes != -1, and command is "get", "put",
3589 * or "append", syslog and/or write a wu-ftpd style xferlog entry
3590 */
3591 void
logxfer(const char * command,off_t bytes,const char * file1,const char * file2,const struct timeval * elapsed,const char * error)3592 logxfer(const char *command, off_t bytes, const char *file1, const char *file2,
3593 const struct timeval *elapsed, const char *error)
3594 {
3595 char buf[MAXPATHLEN * 2 + 100];
3596 char realfile1[MAXPATHLEN], realfile2[MAXPATHLEN];
3597 const char *r1, *r2;
3598 char direction;
3599 size_t len;
3600 time_t now;
3601
3602 if (logging <=1 && !doxferlog)
3603 return;
3604
3605 r1 = r2 = NULL;
3606 if ((r1 = realpath(file1, realfile1)) == NULL)
3607 r1 = file1;
3608 if (file2 != NULL)
3609 if ((r2 = realpath(file2, realfile2)) == NULL)
3610 r2 = file2;
3611
3612 /*
3613 * syslog command
3614 */
3615 if (logging > 1) {
3616 len = snprintf(buf, sizeof(buf), "%s %s", command, r1);
3617 if (bytes != (off_t)-1)
3618 len += snprintf(buf + len, sizeof(buf) - len,
3619 " = " LLF " byte%s", (LLT) bytes, PLURAL(bytes));
3620 else if (r2 != NULL)
3621 len += snprintf(buf + len, sizeof(buf) - len,
3622 " %s", r2);
3623 if (elapsed != NULL)
3624 len += snprintf(buf + len, sizeof(buf) - len,
3625 " in " LLF ".%.03ld seconds",
3626 (LLT)elapsed->tv_sec,
3627 (long)(elapsed->tv_usec / 1000));
3628 if (error != NULL)
3629 len += snprintf(buf + len, sizeof(buf) - len,
3630 ": %s", error);
3631 syslog(LOG_INFO, "%s", buf);
3632 }
3633
3634 /*
3635 * syslog wu-ftpd style log entry, prefixed with "xferlog: "
3636 */
3637 if (!doxferlog || bytes == -1)
3638 return;
3639
3640 if (strcmp(command, "get") == 0)
3641 direction = 'o';
3642 else if (strcmp(command, "put") == 0 || strcmp(command, "append") == 0)
3643 direction = 'i';
3644 else
3645 return;
3646
3647 time(&now);
3648 len = snprintf(buf, sizeof(buf),
3649 "%.24s " LLF " %s " LLF " %s %c %s %c %c %s FTP 0 * %c\n",
3650
3651 /*
3652 * XXX: wu-ftpd puts ' (send)' or ' (recv)' in the syslog message, and removes
3653 * the full date. This may be problematic for accurate log parsing,
3654 * given that syslog messages don't contain the full date.
3655 */
3656 ctime(&now),
3657 (LLT)
3658 (elapsed == NULL ? 0 : elapsed->tv_sec + (elapsed->tv_usec > 0)),
3659 remotehost,
3660 (LLT) bytes,
3661 r1,
3662 type == TYPE_A ? 'a' : 'b',
3663 "_", /* XXX: take conversions into account? */
3664 direction,
3665
3666 curclass.type == CLASS_GUEST ? 'a' :
3667 curclass.type == CLASS_CHROOT ? 'g' :
3668 curclass.type == CLASS_REAL ? 'r' : '?',
3669
3670 curclass.type == CLASS_GUEST ? pw->pw_passwd : pw->pw_name,
3671 error != NULL ? 'i' : 'c'
3672 );
3673
3674 if ((doxferlog & 2) && xferlogfd != -1)
3675 write(xferlogfd, buf, len);
3676 if ((doxferlog & 1)) {
3677 buf[len-1] = '\n'; /* strip \n from syslog message */
3678 syslog(LOG_INFO, "xferlog: %s", buf);
3679 }
3680 }
3681
3682 /*
3683 * Log the resource usage.
3684 *
3685 * XXX: more resource usage to logging?
3686 */
3687 void
logrusage(const struct rusage * rusage_before,const struct rusage * rusage_after)3688 logrusage(const struct rusage *rusage_before,
3689 const struct rusage *rusage_after)
3690 {
3691 struct timeval usrtime, systime;
3692
3693 if (logging <= 1)
3694 return;
3695
3696 timersub(&rusage_after->ru_utime, &rusage_before->ru_utime, &usrtime);
3697 timersub(&rusage_after->ru_stime, &rusage_before->ru_stime, &systime);
3698 syslog(LOG_INFO, LLF ".%.03ldu " LLF ".%.03lds %ld+%ldio %ldpf+%ldw",
3699 (LLT)usrtime.tv_sec, (long)(usrtime.tv_usec / 1000),
3700 (LLT)systime.tv_sec, (long)(systime.tv_usec / 1000),
3701 rusage_after->ru_inblock - rusage_before->ru_inblock,
3702 rusage_after->ru_oublock - rusage_before->ru_oublock,
3703 rusage_after->ru_majflt - rusage_before->ru_majflt,
3704 rusage_after->ru_nswap - rusage_before->ru_nswap);
3705 }
3706
3707 /*
3708 * Determine if `password' is valid for user given in `pw'.
3709 * Returns 2 if password expired, 1 if otherwise failed, 0 if ok
3710 */
3711 int
checkpassword(const struct passwd * pwent,const char * password)3712 checkpassword(const struct passwd *pwent, const char *password)
3713 {
3714 const char *orig;
3715 char *new;
3716 time_t change, expire, now;
3717
3718 change = expire = 0;
3719 if (pwent == NULL)
3720 return 1;
3721
3722 time(&now);
3723 orig = pwent->pw_passwd; /* save existing password */
3724 expire = pwent->pw_expire;
3725 change = pwent->pw_change;
3726 if (change == _PASSWORD_CHGNOW)
3727 change = now;
3728
3729 if (orig[0] == '\0') /* don't allow empty passwords */
3730 return 1;
3731
3732 new = crypt(password, orig); /* encrypt given password */
3733 if (strcmp(new, orig) != 0) /* compare */
3734 return 1;
3735
3736 if ((expire && now >= expire) || (change && now >= change))
3737 return 2; /* check if expired */
3738
3739 return 0; /* OK! */
3740 }
3741
3742 char *
ftpd_strdup(const char * s)3743 ftpd_strdup(const char *s)
3744 {
3745 char *new = strdup(s);
3746
3747 if (new == NULL)
3748 fatal("Local resource failure: malloc");
3749 /* NOTREACHED */
3750 return (new);
3751 }
3752
3753 /*
3754 * As per fprintf(), but increment total_bytes and total_bytes_out,
3755 * by the appropriate amount.
3756 */
3757 void
cprintf(FILE * fd,const char * fmt,...)3758 cprintf(FILE *fd, const char *fmt, ...)
3759 {
3760 off_t b;
3761 va_list ap;
3762
3763 va_start(ap, fmt);
3764 b = vfprintf(fd, fmt, ap);
3765 va_end(ap);
3766 total_bytes += b;
3767 total_bytes_out += b;
3768 }
3769
3770 #ifdef USE_PAM
3771 /*
3772 * the following code is stolen from imap-uw PAM authentication module and
3773 * login.c
3774 */
3775 typedef struct {
3776 const char *uname; /* user name */
3777 int triedonce; /* if non-zero, tried before */
3778 } ftpd_cred_t;
3779
3780 static int
auth_conv(int num_msg,const struct pam_message ** msg,struct pam_response ** resp,void * appdata)3781 auth_conv(int num_msg, const struct pam_message **msg,
3782 struct pam_response **resp, void *appdata)
3783 {
3784 int i, ret;
3785 size_t n;
3786 ftpd_cred_t *cred = (ftpd_cred_t *) appdata;
3787 struct pam_response *myreply;
3788 char pbuf[FTP_BUFLEN];
3789
3790 if (num_msg <= 0 || num_msg > PAM_MAX_NUM_MSG)
3791 return (PAM_CONV_ERR);
3792 myreply = calloc(num_msg, sizeof *myreply);
3793 if (myreply == NULL)
3794 return PAM_BUF_ERR;
3795
3796 for (i = 0; i < num_msg; i++) {
3797 myreply[i].resp_retcode = 0;
3798 myreply[i].resp = NULL;
3799 switch (msg[i]->msg_style) {
3800 case PAM_PROMPT_ECHO_ON: /* user */
3801 myreply[i].resp = ftpd_strdup(cred->uname);
3802 /* PAM frees resp. */
3803 break;
3804 case PAM_PROMPT_ECHO_OFF: /* authtok (password) */
3805 /*
3806 * Only send a single 331 reply and
3807 * then expect a PASS.
3808 */
3809 if (cred->triedonce) {
3810 syslog(LOG_ERR,
3811 "auth_conv: already performed PAM_PROMPT_ECHO_OFF");
3812 goto fail;
3813 }
3814 cred->triedonce++;
3815 if (msg[i]->msg[0] == '\0') {
3816 (void)strlcpy(pbuf, "password", sizeof(pbuf));
3817 } else {
3818 /* Uncapitalize msg */
3819 (void)strlcpy(pbuf, msg[i]->msg, sizeof(pbuf));
3820 if (isupper((unsigned char)pbuf[0]))
3821 pbuf[0] = tolower(
3822 (unsigned char)pbuf[0]);
3823 /* Remove trailing ':' and whitespace */
3824 n = strlen(pbuf);
3825 while (n-- > 0) {
3826 if (isspace((unsigned char)pbuf[n]) ||
3827 pbuf[n] == ':')
3828 pbuf[n] = '\0';
3829 else
3830 break;
3831 }
3832 }
3833 /* Send reply, wait for a response. */
3834 reply(331, "User %s accepted, provide %s.",
3835 cred->uname, pbuf);
3836 (void) alarm(curclass.timeout);
3837 ret = get_line(pbuf, sizeof(pbuf)-1, stdin);
3838 (void) alarm(0);
3839 if (ret == -1) {
3840 reply(221, "You could at least say goodbye.");
3841 dologout(0);
3842 } else if (ret == -2) {
3843 /* XXX: should we do this reply(-530, ..) ? */
3844 reply(-530, "Command too long.");
3845 goto fail;
3846 }
3847 /* Ensure it is PASS */
3848 if (strncasecmp(pbuf, "PASS ", 5) != 0) {
3849 syslog(LOG_ERR,
3850 "auth_conv: unexpected reply '%.4s'", pbuf);
3851 /* XXX: should we do this reply(-530, ..) ? */
3852 reply(-530, "Unexpected reply '%.4s'.", pbuf);
3853 goto fail;
3854 }
3855 /* Strip CRLF from "PASS" reply */
3856 n = strlen(pbuf);
3857 while (--n >= 5 &&
3858 (pbuf[n] == '\r' || pbuf[n] == '\n'))
3859 pbuf[n] = '\0';
3860 /* Copy password into reply */
3861 myreply[i].resp = ftpd_strdup(pbuf+5);
3862 /* PAM frees resp. */
3863 break;
3864 case PAM_TEXT_INFO:
3865 case PAM_ERROR_MSG:
3866 break;
3867 default: /* unknown message style */
3868 goto fail;
3869 }
3870 }
3871
3872 *resp = myreply;
3873 return PAM_SUCCESS;
3874
3875 fail:
3876 free(myreply);
3877 *resp = NULL;
3878 return PAM_CONV_ERR;
3879 }
3880
3881 /*
3882 * Attempt to authenticate the user using PAM. Returns 0 if the user is
3883 * authenticated, or 1 if not authenticated. If some sort of PAM system
3884 * error occurs (e.g., the "/etc/pam.conf" file is missing) then this
3885 * function returns -1. This can be used as an indication that we should
3886 * fall back to a different authentication mechanism.
3887 * pw maybe be updated to a new user if PAM_USER changes from curname.
3888 */
3889 static int
auth_pam(void)3890 auth_pam(void)
3891 {
3892 const char *tmpl_user;
3893 const void *item;
3894 int rval;
3895 int e;
3896 ftpd_cred_t auth_cred = { curname, 0 };
3897 struct pam_conv conv = { &auth_conv, &auth_cred };
3898
3899 e = pam_start("ftpd", curname, &conv, &pamh);
3900 if (e != PAM_SUCCESS) {
3901 /*
3902 * In OpenPAM, it's OK to pass NULL to pam_strerror()
3903 * if context creation has failed in the first place.
3904 */
3905 syslog(LOG_ERR, "pam_start: %s", pam_strerror(NULL, e));
3906 return -1;
3907 }
3908
3909 e = pam_set_item(pamh, PAM_RHOST, remotehost);
3910 if (e != PAM_SUCCESS) {
3911 syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s",
3912 pam_strerror(pamh, e));
3913 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) {
3914 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
3915 }
3916 pamh = NULL;
3917 return -1;
3918 }
3919
3920 e = pam_set_item(pamh, PAM_SOCKADDR, &his_addr);
3921 if (e != PAM_SUCCESS) {
3922 syslog(LOG_ERR, "pam_set_item(PAM_SOCKADDR): %s",
3923 pam_strerror(pamh, e));
3924 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) {
3925 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
3926 }
3927 pamh = NULL;
3928 return -1;
3929 }
3930
3931 e = pam_authenticate(pamh, 0);
3932 if (ftpd_debug)
3933 syslog(LOG_DEBUG, "pam_authenticate: user '%s' returned %d",
3934 curname, e);
3935 switch (e) {
3936 case PAM_SUCCESS:
3937 /*
3938 * With PAM we support the concept of a "template"
3939 * user. The user enters a login name which is
3940 * authenticated by PAM, usually via a remote service
3941 * such as RADIUS or TACACS+. If authentication
3942 * succeeds, a different but related "template" name
3943 * is used for setting the credentials, shell, and
3944 * home directory. The name the user enters need only
3945 * exist on the remote authentication server, but the
3946 * template name must be present in the local password
3947 * database.
3948 *
3949 * This is supported by two various mechanisms in the
3950 * individual modules. However, from the application's
3951 * point of view, the template user is always passed
3952 * back as a changed value of the PAM_USER item.
3953 */
3954 if ((e = pam_get_item(pamh, PAM_USER, &item)) ==
3955 PAM_SUCCESS) {
3956 tmpl_user = (const char *) item;
3957 if (pw == NULL
3958 || strcmp(pw->pw_name, tmpl_user) != 0) {
3959 pw = sgetpwnam(tmpl_user);
3960 if (ftpd_debug)
3961 syslog(LOG_DEBUG,
3962 "auth_pam: PAM changed "
3963 "user from '%s' to '%s'",
3964 curname, pw->pw_name);
3965 (void)strlcpy(curname, pw->pw_name,
3966 curname_len);
3967 }
3968 } else
3969 syslog(LOG_ERR, "Couldn't get PAM_USER: %s",
3970 pam_strerror(pamh, e));
3971 rval = 0;
3972 break;
3973
3974 case PAM_AUTH_ERR:
3975 case PAM_USER_UNKNOWN:
3976 case PAM_MAXTRIES:
3977 rval = 1;
3978 break;
3979
3980 default:
3981 syslog(LOG_ERR, "pam_authenticate: %s", pam_strerror(pamh, e));
3982 rval = -1;
3983 break;
3984 }
3985
3986 if (rval == 0) {
3987 e = pam_acct_mgmt(pamh, 0);
3988 if (e != PAM_SUCCESS) {
3989 syslog(LOG_ERR, "pam_acct_mgmt: %s",
3990 pam_strerror(pamh, e));
3991 rval = 1;
3992 }
3993 }
3994
3995 if (rval != 0) {
3996 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) {
3997 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
3998 }
3999 pamh = NULL;
4000 }
4001 return rval;
4002 }
4003
4004 #endif /* USE_PAM */
4005