1 /* 2 * Copyright (c) 1985, 1988, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)ftpcmd.y 8.3 (Berkeley) 4/6/94 30 * $FreeBSD: src/libexec/ftpd/ftpcmd.y,v 1.67 2008/12/23 01:23:09 cperciva Exp $ 31 * $DragonFly: src/libexec/ftpd/ftpcmd.y,v 1.4 2004/06/19 20:36:04 joerg Exp $ 32 */ 33 34 /* 35 * Grammar for FTP commands. 36 * See RFC 959. 37 */ 38 39 %{ 40 41 #include <sys/param.h> 42 #include <sys/socket.h> 43 #include <sys/stat.h> 44 45 #include <netinet/in.h> 46 #include <arpa/ftp.h> 47 48 #include <ctype.h> 49 #include <errno.h> 50 #include <glob.h> 51 #include <libutil.h> 52 #include <limits.h> 53 #include <md5.h> 54 #include <netdb.h> 55 #include <pwd.h> 56 #include <signal.h> 57 #include <stdint.h> 58 #include <stdio.h> 59 #include <stdlib.h> 60 #include <string.h> 61 #include <syslog.h> 62 #include <time.h> 63 #include <unistd.h> 64 65 #include "extern.h" 66 #include "pathnames.h" 67 68 extern union sockunion data_dest, his_addr; 69 extern int hostinfo; 70 extern int logged_in; 71 extern struct passwd *pw; 72 extern int guest; 73 extern char *homedir; 74 extern int paranoid; 75 extern int logging; 76 extern int type; 77 extern int form; 78 extern int ftpdebug; 79 extern int timeout; 80 extern int maxtimeout; 81 extern int pdata; 82 extern char *hostname; 83 extern char proctitle[]; 84 extern int usedefault; 85 extern char tmpline[]; 86 extern int readonly; 87 extern int assumeutf8; 88 extern int noepsv; 89 extern int noretr; 90 extern int noguestretr; 91 extern char *typenames[]; /* defined in <arpa/ftp.h> included from ftpd.c */ 92 93 off_t restart_point; 94 95 static int cmd_type; 96 static int cmd_form; 97 static int cmd_bytesz; 98 static int state; 99 char cbuf[512]; 100 char *fromname = NULL; 101 102 extern int epsvall; 103 104 %} 105 106 %union { 107 struct { 108 off_t o; 109 int i; 110 } u; 111 char *s; 112 } 113 114 %token 115 A B C E F I 116 L N P R S T 117 ALL 118 119 SP CRLF COMMA 120 121 USER PASS ACCT REIN QUIT PORT 122 PASV TYPE STRU MODE RETR STOR 123 APPE MLFL MAIL MSND MSOM MSAM 124 MRSQ MRCP ALLO REST RNFR RNTO 125 ABOR DELE CWD LIST NLST SITE 126 STAT HELP NOOP MKD RMD PWD 127 CDUP STOU SMNT SYST SIZE MDTM 128 LPRT LPSV EPRT EPSV FEAT 129 130 UMASK IDLE CHMOD MDFIVE 131 132 LEXERR NOTIMPL 133 134 %token <s> STRING 135 %token <u> NUMBER 136 137 %type <u.i> check_login octal_number byte_size 138 %type <u.i> check_login_ro check_login_epsv 139 %type <u.i> struct_code mode_code type_code form_code 140 %type <s> pathstring pathname password username 141 %type <s> ALL NOTIMPL 142 143 %start cmd_list 144 145 %% 146 147 cmd_list 148 : /* empty */ 149 | cmd_list cmd 150 { 151 if (fromname) 152 free(fromname); 153 fromname = NULL; 154 restart_point = 0; 155 } 156 | cmd_list rcmd 157 ; 158 159 cmd 160 : USER SP username CRLF 161 { 162 user($3); 163 free($3); 164 } 165 | PASS SP password CRLF 166 { 167 pass($3); 168 free($3); 169 } 170 | PASS CRLF 171 { 172 pass(""); 173 } 174 | PORT check_login SP host_port CRLF 175 { 176 if (epsvall) { 177 reply(501, "No PORT allowed after EPSV ALL."); 178 goto port_done; 179 } 180 if (!$2) 181 goto port_done; 182 if (port_check("PORT") == 1) 183 goto port_done; 184 #ifdef INET6 185 if ((his_addr.su_family != AF_INET6 || 186 !IN6_IS_ADDR_V4MAPPED(&his_addr.su_sin6.sin6_addr))) { 187 /* shoud never happen */ 188 usedefault = 1; 189 reply(500, "Invalid address rejected."); 190 goto port_done; 191 } 192 port_check_v6("pcmd"); 193 #endif 194 port_done: 195 ; 196 } 197 | LPRT check_login SP host_long_port CRLF 198 { 199 if (epsvall) { 200 reply(501, "No LPRT allowed after EPSV ALL."); 201 goto lprt_done; 202 } 203 if (!$2) 204 goto lprt_done; 205 if (port_check("LPRT") == 1) 206 goto lprt_done; 207 #ifdef INET6 208 if (his_addr.su_family != AF_INET6) { 209 usedefault = 1; 210 reply(500, "Invalid address rejected."); 211 goto lprt_done; 212 } 213 if (port_check_v6("LPRT") == 1) 214 goto lprt_done; 215 #endif 216 lprt_done: 217 ; 218 } 219 | EPRT check_login SP STRING CRLF 220 { 221 char delim; 222 char *tmp = NULL; 223 char *p, *q; 224 char *result[3]; 225 struct addrinfo hints; 226 struct addrinfo *res; 227 int i; 228 229 if (epsvall) { 230 reply(501, "No EPRT allowed after EPSV ALL."); 231 goto eprt_done; 232 } 233 if (!$2) 234 goto eprt_done; 235 236 memset(&data_dest, 0, sizeof(data_dest)); 237 tmp = strdup($4); 238 if (ftpdebug) 239 syslog(LOG_DEBUG, "%s", tmp); 240 if (!tmp) { 241 fatalerror("not enough core"); 242 /*NOTREACHED*/ 243 } 244 p = tmp; 245 delim = p[0]; 246 p++; 247 memset(result, 0, sizeof(result)); 248 for (i = 0; i < 3; i++) { 249 q = strchr(p, delim); 250 if (!q || *q != delim) { 251 parsefail: 252 reply(500, 253 "Invalid argument, rejected."); 254 if (tmp) 255 free(tmp); 256 usedefault = 1; 257 goto eprt_done; 258 } 259 *q++ = '\0'; 260 result[i] = p; 261 if (ftpdebug) 262 syslog(LOG_DEBUG, "%d: %s", i, p); 263 p = q; 264 } 265 266 /* some more sanity check */ 267 p = result[0]; 268 while (*p) { 269 if (!isdigit(*p)) 270 goto parsefail; 271 p++; 272 } 273 p = result[2]; 274 while (*p) { 275 if (!isdigit(*p)) 276 goto parsefail; 277 p++; 278 } 279 280 /* grab address */ 281 memset(&hints, 0, sizeof(hints)); 282 if (atoi(result[0]) == 1) 283 hints.ai_family = PF_INET; 284 #ifdef INET6 285 else if (atoi(result[0]) == 2) 286 hints.ai_family = PF_INET6; 287 #endif 288 else 289 hints.ai_family = PF_UNSPEC; /*XXX*/ 290 hints.ai_socktype = SOCK_STREAM; 291 i = getaddrinfo(result[1], result[2], &hints, &res); 292 if (i) 293 goto parsefail; 294 memcpy(&data_dest, res->ai_addr, res->ai_addrlen); 295 #ifdef INET6 296 if (his_addr.su_family == AF_INET6 297 && data_dest.su_family == AF_INET6) { 298 /* XXX more sanity checks! */ 299 data_dest.su_sin6.sin6_scope_id = 300 his_addr.su_sin6.sin6_scope_id; 301 } 302 #endif 303 free(tmp); 304 tmp = NULL; 305 306 if (port_check("EPRT") == 1) 307 goto eprt_done; 308 #ifdef INET6 309 if (his_addr.su_family != AF_INET6) { 310 usedefault = 1; 311 reply(500, "Invalid address rejected."); 312 goto eprt_done; 313 } 314 if (port_check_v6("EPRT") == 1) 315 goto eprt_done; 316 #endif 317 eprt_done: 318 free($4); 319 } 320 | PASV check_login CRLF 321 { 322 if (epsvall) 323 reply(501, "No PASV allowed after EPSV ALL."); 324 else if ($2) 325 passive(); 326 } 327 | LPSV check_login CRLF 328 { 329 if (epsvall) 330 reply(501, "No LPSV allowed after EPSV ALL."); 331 else if ($2) 332 long_passive("LPSV", PF_UNSPEC); 333 } 334 | EPSV check_login_epsv SP NUMBER CRLF 335 { 336 if ($2) { 337 int pf; 338 switch ($4.i) { 339 case 1: 340 pf = PF_INET; 341 break; 342 #ifdef INET6 343 case 2: 344 pf = PF_INET6; 345 break; 346 #endif 347 default: 348 pf = -1; /*junk value*/ 349 break; 350 } 351 long_passive("EPSV", pf); 352 } 353 } 354 | EPSV check_login_epsv SP ALL CRLF 355 { 356 if ($2) { 357 reply(200, "EPSV ALL command successful."); 358 epsvall++; 359 } 360 } 361 | EPSV check_login_epsv CRLF 362 { 363 if ($2) 364 long_passive("EPSV", PF_UNSPEC); 365 } 366 | TYPE check_login SP type_code CRLF 367 { 368 if ($2) { 369 switch (cmd_type) { 370 371 case TYPE_A: 372 if (cmd_form == FORM_N) { 373 reply(200, "Type set to A."); 374 type = cmd_type; 375 form = cmd_form; 376 } else 377 reply(504, "Form must be N."); 378 break; 379 380 case TYPE_E: 381 reply(504, "Type E not implemented."); 382 break; 383 384 case TYPE_I: 385 reply(200, "Type set to I."); 386 type = cmd_type; 387 break; 388 389 case TYPE_L: 390 #if CHAR_BIT == 8 391 if (cmd_bytesz == 8) { 392 reply(200, 393 "Type set to L (byte size 8)."); 394 type = cmd_type; 395 } else 396 reply(504, "Byte size must be 8."); 397 #else /* CHAR_BIT == 8 */ 398 UNIMPLEMENTED for CHAR_BIT != 8 399 #endif /* CHAR_BIT == 8 */ 400 } 401 } 402 } 403 | STRU check_login SP struct_code CRLF 404 { 405 if ($2) { 406 switch ($4) { 407 408 case STRU_F: 409 reply(200, "STRU F accepted."); 410 break; 411 412 default: 413 reply(504, "Unimplemented STRU type."); 414 } 415 } 416 } 417 | MODE check_login SP mode_code CRLF 418 { 419 if ($2) { 420 switch ($4) { 421 422 case MODE_S: 423 reply(200, "MODE S accepted."); 424 break; 425 426 default: 427 reply(502, "Unimplemented MODE type."); 428 } 429 } 430 } 431 | ALLO check_login SP NUMBER CRLF 432 { 433 if ($2) { 434 reply(202, "ALLO command ignored."); 435 } 436 } 437 | ALLO check_login SP NUMBER SP R SP NUMBER CRLF 438 { 439 if ($2) { 440 reply(202, "ALLO command ignored."); 441 } 442 } 443 | RETR check_login SP pathname CRLF 444 { 445 if (noretr || (guest && noguestretr)) 446 reply(500, "RETR command disabled."); 447 else if ($2 && $4 != NULL) 448 retrieve(NULL, $4); 449 450 if ($4 != NULL) 451 free($4); 452 } 453 | STOR check_login_ro SP pathname CRLF 454 { 455 if ($2 && $4 != NULL) 456 store($4, "w", 0); 457 if ($4 != NULL) 458 free($4); 459 } 460 | APPE check_login_ro SP pathname CRLF 461 { 462 if ($2 && $4 != NULL) 463 store($4, "a", 0); 464 if ($4 != NULL) 465 free($4); 466 } 467 | NLST check_login CRLF 468 { 469 if ($2) 470 send_file_list("."); 471 } 472 | NLST check_login SP pathstring CRLF 473 { 474 if ($2) 475 send_file_list($4); 476 free($4); 477 } 478 | LIST check_login CRLF 479 { 480 if ($2) 481 retrieve(_PATH_LS " -lgA", ""); 482 } 483 | LIST check_login SP pathstring CRLF 484 { 485 if ($2) 486 retrieve(_PATH_LS " -lgA %s", $4); 487 free($4); 488 } 489 | STAT check_login SP pathname CRLF 490 { 491 if ($2 && $4 != NULL) 492 statfilecmd($4); 493 if ($4 != NULL) 494 free($4); 495 } 496 | STAT check_login CRLF 497 { 498 if ($2) { 499 statcmd(); 500 } 501 } 502 | DELE check_login_ro SP pathname CRLF 503 { 504 if ($2 && $4 != NULL) 505 delete($4); 506 if ($4 != NULL) 507 free($4); 508 } 509 | RNTO check_login_ro SP pathname CRLF 510 { 511 if ($2 && $4 != NULL) { 512 if (fromname) { 513 renamecmd(fromname, $4); 514 free(fromname); 515 fromname = NULL; 516 } else { 517 reply(503, "Bad sequence of commands."); 518 } 519 } 520 if ($4 != NULL) 521 free($4); 522 } 523 | ABOR check_login CRLF 524 { 525 if ($2) 526 reply(225, "ABOR command successful."); 527 } 528 | CWD check_login CRLF 529 { 530 if ($2) { 531 cwd(homedir); 532 } 533 } 534 | CWD check_login SP pathname CRLF 535 { 536 if ($2 && $4 != NULL) 537 cwd($4); 538 if ($4 != NULL) 539 free($4); 540 } 541 | HELP CRLF 542 { 543 help(cmdtab, NULL); 544 } 545 | HELP SP STRING CRLF 546 { 547 char *cp = $3; 548 549 if (strncasecmp(cp, "SITE", 4) == 0) { 550 cp = $3 + 4; 551 if (*cp == ' ') 552 cp++; 553 if (*cp) 554 help(sitetab, cp); 555 else 556 help(sitetab, NULL); 557 } else 558 help(cmdtab, $3); 559 free($3); 560 } 561 | NOOP CRLF 562 { 563 reply(200, "NOOP command successful."); 564 } 565 | MKD check_login_ro SP pathname CRLF 566 { 567 if ($2 && $4 != NULL) 568 makedir($4); 569 if ($4 != NULL) 570 free($4); 571 } 572 | RMD check_login_ro SP pathname CRLF 573 { 574 if ($2 && $4 != NULL) 575 removedir($4); 576 if ($4 != NULL) 577 free($4); 578 } 579 | PWD check_login CRLF 580 { 581 if ($2) 582 pwd(); 583 } 584 | CDUP check_login CRLF 585 { 586 if ($2) 587 cwd(".."); 588 } 589 | SITE SP HELP CRLF 590 { 591 help(sitetab, NULL); 592 } 593 | SITE SP HELP SP STRING CRLF 594 { 595 help(sitetab, $5); 596 free($5); 597 } 598 | SITE SP MDFIVE check_login SP pathname CRLF 599 { 600 char p[64], *q; 601 602 if ($4 && $6) { 603 q = MD5File($6, p); 604 if (q != NULL) 605 reply(200, "MD5(%s) = %s", $6, p); 606 else 607 perror_reply(550, $6); 608 } 609 if ($6) 610 free($6); 611 } 612 | SITE SP UMASK check_login CRLF 613 { 614 int oldmask; 615 616 if ($4) { 617 oldmask = umask(0); 618 umask(oldmask); 619 reply(200, "Current UMASK is %03o.", oldmask); 620 } 621 } 622 | SITE SP UMASK check_login SP octal_number CRLF 623 { 624 int oldmask; 625 626 if ($4) { 627 if (($6 == -1) || ($6 > 0777)) { 628 reply(501, "Bad UMASK value."); 629 } else { 630 oldmask = umask($6); 631 reply(200, 632 "UMASK set to %03o (was %03o).", 633 $6, oldmask); 634 } 635 } 636 } 637 | SITE SP CHMOD check_login_ro SP octal_number SP pathname CRLF 638 { 639 if ($4 && ($8 != NULL)) { 640 if (($6 == -1 ) || ($6 > 0777)) 641 reply(501, "Bad mode value."); 642 else if (chmod($8, $6) < 0) 643 perror_reply(550, $8); 644 else 645 reply(200, "CHMOD command successful."); 646 } 647 if ($8 != NULL) 648 free($8); 649 } 650 | SITE SP check_login IDLE CRLF 651 { 652 if ($3) 653 reply(200, 654 "Current IDLE time limit is %d seconds; max %d.", 655 timeout, maxtimeout); 656 } 657 | SITE SP check_login IDLE SP NUMBER CRLF 658 { 659 if ($3) { 660 if ($6.i < 30 || $6.i > maxtimeout) { 661 reply(501, 662 "Maximum IDLE time must be between 30 and %d seconds.", 663 maxtimeout); 664 } else { 665 timeout = $6.i; 666 alarm(timeout); 667 reply(200, 668 "Maximum IDLE time set to %d seconds.", 669 timeout); 670 } 671 } 672 } 673 | STOU check_login_ro SP pathname CRLF 674 { 675 if ($2 && $4 != NULL) 676 store($4, "w", 1); 677 if ($4 != NULL) 678 free($4); 679 } 680 | FEAT CRLF 681 { 682 lreply(211, "Extensions supported:"); 683 #if 0 684 /* XXX these two keywords are non-standard */ 685 printf(" EPRT\r\n"); 686 if (!noepsv) 687 printf(" EPSV\r\n"); 688 #endif 689 printf(" MDTM\r\n"); 690 printf(" REST STREAM\r\n"); 691 printf(" SIZE\r\n"); 692 if (assumeutf8) { 693 /* TVFS requires UTF8, see RFC 3659 */ 694 printf(" TVFS\r\n"); 695 printf(" UTF8\r\n"); 696 } 697 reply(211, "End."); 698 } 699 | SYST check_login CRLF 700 { 701 if ($2) { 702 if (hostinfo) 703 #ifdef BSD 704 reply(215, "UNIX Type: L%d Version: BSD-%d", 705 CHAR_BIT, BSD); 706 #else /* BSD */ 707 reply(215, "UNIX Type: L%d", CHAR_BIT); 708 #endif /* BSD */ 709 else 710 reply(215, "UNKNOWN Type: L%d", CHAR_BIT); 711 } 712 } 713 714 /* 715 * SIZE is not in RFC959, but Postel has blessed it and 716 * it will be in the updated RFC. 717 * 718 * Return size of file in a format suitable for 719 * using with RESTART (we just count bytes). 720 */ 721 | SIZE check_login SP pathname CRLF 722 { 723 if ($2 && $4 != NULL) 724 sizecmd($4); 725 if ($4 != NULL) 726 free($4); 727 } 728 729 /* 730 * MDTM is not in RFC959, but Postel has blessed it and 731 * it will be in the updated RFC. 732 * 733 * Return modification time of file as an ISO 3307 734 * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx 735 * where xxx is the fractional second (of any precision, 736 * not necessarily 3 digits) 737 */ 738 | MDTM check_login SP pathname CRLF 739 { 740 if ($2 && $4 != NULL) { 741 struct stat stbuf; 742 if (stat($4, &stbuf) < 0) 743 perror_reply(550, $4); 744 else if (!S_ISREG(stbuf.st_mode)) { 745 reply(550, "%s: not a plain file.", $4); 746 } else { 747 struct tm *t; 748 t = gmtime(&stbuf.st_mtime); 749 reply(213, 750 "%04d%02d%02d%02d%02d%02d", 751 1900 + t->tm_year, 752 t->tm_mon+1, t->tm_mday, 753 t->tm_hour, t->tm_min, t->tm_sec); 754 } 755 } 756 if ($4 != NULL) 757 free($4); 758 } 759 | QUIT CRLF 760 { 761 reply(221, "Goodbye."); 762 dologout(0); 763 } 764 | NOTIMPL 765 { 766 nack($1); 767 } 768 | error 769 { 770 yyclearin; /* discard lookahead data */ 771 yyerrok; /* clear error condition */ 772 state = CMD; /* reset lexer state */ 773 } 774 ; 775 rcmd 776 : RNFR check_login_ro SP pathname CRLF 777 { 778 restart_point = 0; 779 if ($2 && $4) { 780 if (fromname) 781 free(fromname); 782 fromname = NULL; 783 if (renamefrom($4)) 784 fromname = $4; 785 else 786 free($4); 787 } else if ($4) { 788 free($4); 789 } 790 } 791 | REST check_login SP NUMBER CRLF 792 { 793 if ($2) { 794 if (fromname) 795 free(fromname); 796 fromname = NULL; 797 restart_point = $4.o; 798 reply(350, "Restarting at %jd. %s", 799 (intmax_t)restart_point, 800 "Send STORE or RETRIEVE to initiate transfer."); 801 } 802 } 803 ; 804 805 username 806 : STRING 807 ; 808 809 password 810 : /* empty */ 811 { 812 $$ = (char *)calloc(1, sizeof(char)); 813 } 814 | STRING 815 ; 816 817 byte_size 818 : NUMBER 819 { 820 $$ = $1.i; 821 } 822 ; 823 824 host_port 825 : NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 826 NUMBER COMMA NUMBER 827 { 828 char *a, *p; 829 830 data_dest.su_len = sizeof(struct sockaddr_in); 831 data_dest.su_family = AF_INET; 832 p = (char *)&data_dest.su_sin.sin_port; 833 p[0] = $9.i; p[1] = $11.i; 834 a = (char *)&data_dest.su_sin.sin_addr; 835 a[0] = $1.i; a[1] = $3.i; a[2] = $5.i; a[3] = $7.i; 836 } 837 ; 838 839 host_long_port 840 : NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 841 NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 842 NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 843 NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 844 NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 845 NUMBER 846 { 847 char *a, *p; 848 849 memset(&data_dest, 0, sizeof(data_dest)); 850 data_dest.su_len = sizeof(struct sockaddr_in6); 851 data_dest.su_family = AF_INET6; 852 p = (char *)&data_dest.su_port; 853 p[0] = $39.i; p[1] = $41.i; 854 a = (char *)&data_dest.su_sin6.sin6_addr; 855 a[0] = $5.i; a[1] = $7.i; a[2] = $9.i; a[3] = $11.i; 856 a[4] = $13.i; a[5] = $15.i; a[6] = $17.i; a[7] = $19.i; 857 a[8] = $21.i; a[9] = $23.i; a[10] = $25.i; a[11] = $27.i; 858 a[12] = $29.i; a[13] = $31.i; a[14] = $33.i; a[15] = $35.i; 859 if (his_addr.su_family == AF_INET6) { 860 /* XXX more sanity checks! */ 861 data_dest.su_sin6.sin6_scope_id = 862 his_addr.su_sin6.sin6_scope_id; 863 } 864 if ($1.i != 6 || $3.i != 16 || $37.i != 2) 865 memset(&data_dest, 0, sizeof(data_dest)); 866 } 867 | NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 868 NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 869 NUMBER 870 { 871 char *a, *p; 872 873 memset(&data_dest, 0, sizeof(data_dest)); 874 data_dest.su_sin.sin_len = sizeof(struct sockaddr_in); 875 data_dest.su_family = AF_INET; 876 p = (char *)&data_dest.su_port; 877 p[0] = $15.i; p[1] = $17.i; 878 a = (char *)&data_dest.su_sin.sin_addr; 879 a[0] = $5.i; a[1] = $7.i; a[2] = $9.i; a[3] = $11.i; 880 if ($1.i != 4 || $3.i != 4 || $13.i != 2) 881 memset(&data_dest, 0, sizeof(data_dest)); 882 } 883 ; 884 885 form_code 886 : N 887 { 888 $$ = FORM_N; 889 } 890 | T 891 { 892 $$ = FORM_T; 893 } 894 | C 895 { 896 $$ = FORM_C; 897 } 898 ; 899 900 type_code 901 : A 902 { 903 cmd_type = TYPE_A; 904 cmd_form = FORM_N; 905 } 906 | A SP form_code 907 { 908 cmd_type = TYPE_A; 909 cmd_form = $3; 910 } 911 | E 912 { 913 cmd_type = TYPE_E; 914 cmd_form = FORM_N; 915 } 916 | E SP form_code 917 { 918 cmd_type = TYPE_E; 919 cmd_form = $3; 920 } 921 | I 922 { 923 cmd_type = TYPE_I; 924 } 925 | L 926 { 927 cmd_type = TYPE_L; 928 cmd_bytesz = CHAR_BIT; 929 } 930 | L SP byte_size 931 { 932 cmd_type = TYPE_L; 933 cmd_bytesz = $3; 934 } 935 /* this is for a bug in the BBN ftp */ 936 | L byte_size 937 { 938 cmd_type = TYPE_L; 939 cmd_bytesz = $2; 940 } 941 ; 942 943 struct_code 944 : F 945 { 946 $$ = STRU_F; 947 } 948 | R 949 { 950 $$ = STRU_R; 951 } 952 | P 953 { 954 $$ = STRU_P; 955 } 956 ; 957 958 mode_code 959 : S 960 { 961 $$ = MODE_S; 962 } 963 | B 964 { 965 $$ = MODE_B; 966 } 967 | C 968 { 969 $$ = MODE_C; 970 } 971 ; 972 973 pathname 974 : pathstring 975 { 976 if (logged_in && $1) { 977 char *p; 978 979 /* 980 * Expand ~user manually since glob(3) 981 * will return the unexpanded pathname 982 * if the corresponding file/directory 983 * doesn't exist yet. Using sole glob(3) 984 * would break natural commands like 985 * MKD ~user/newdir 986 * or 987 * RNTO ~/newfile 988 */ 989 if ((p = exptilde($1)) != NULL) { 990 $$ = expglob(p); 991 free(p); 992 } else 993 $$ = NULL; 994 free($1); 995 } else 996 $$ = $1; 997 } 998 ; 999 1000 pathstring 1001 : STRING 1002 ; 1003 1004 octal_number 1005 : NUMBER 1006 { 1007 int ret, dec, multby, digit; 1008 1009 /* 1010 * Convert a number that was read as decimal number 1011 * to what it would be if it had been read as octal. 1012 */ 1013 dec = $1.i; 1014 multby = 1; 1015 ret = 0; 1016 while (dec) { 1017 digit = dec%10; 1018 if (digit > 7) { 1019 ret = -1; 1020 break; 1021 } 1022 ret += digit * multby; 1023 multby *= 8; 1024 dec /= 10; 1025 } 1026 $$ = ret; 1027 } 1028 ; 1029 1030 1031 check_login 1032 : /* empty */ 1033 { 1034 $$ = check_login1(); 1035 } 1036 ; 1037 1038 check_login_epsv 1039 : /* empty */ 1040 { 1041 if (noepsv) { 1042 reply(500, "EPSV command disabled."); 1043 $$ = 0; 1044 } 1045 else 1046 $$ = check_login1(); 1047 } 1048 ; 1049 1050 check_login_ro 1051 : /* empty */ 1052 { 1053 if (readonly) { 1054 reply(550, "Permission denied."); 1055 $$ = 0; 1056 } 1057 else 1058 $$ = check_login1(); 1059 } 1060 ; 1061 1062 %% 1063 1064 #define CMD 0 /* beginning of command */ 1065 #define ARGS 1 /* expect miscellaneous arguments */ 1066 #define STR1 2 /* expect SP followed by STRING */ 1067 #define STR2 3 /* expect STRING */ 1068 #define OSTR 4 /* optional SP then STRING */ 1069 #define ZSTR1 5 /* optional SP then optional STRING */ 1070 #define ZSTR2 6 /* optional STRING after SP */ 1071 #define SITECMD 7 /* SITE command */ 1072 #define NSTR 8 /* Number followed by a string */ 1073 1074 #define MAXGLOBARGS 1000 1075 1076 #define MAXASIZE 10240 /* Deny ASCII SIZE on files larger than that */ 1077 1078 struct tab { 1079 char *name; 1080 short token; 1081 short state; 1082 short implemented; /* 1 if command is implemented */ 1083 char *help; 1084 }; 1085 1086 struct tab cmdtab[] = { /* In order defined in RFC 765 */ 1087 { "USER", USER, STR1, 1, "<sp> username" }, 1088 { "PASS", PASS, ZSTR1, 1, "[<sp> [password]]" }, 1089 { "ACCT", ACCT, STR1, 0, "(specify account)" }, 1090 { "SMNT", SMNT, ARGS, 0, "(structure mount)" }, 1091 { "REIN", REIN, ARGS, 0, "(reinitialize server state)" }, 1092 { "QUIT", QUIT, ARGS, 1, "(terminate service)", }, 1093 { "PORT", PORT, ARGS, 1, "<sp> b0, b1, b2, b3, b4, b5" }, 1094 { "LPRT", LPRT, ARGS, 1, "<sp> af, hal, h1, h2, h3,..., pal, p1, p2..." }, 1095 { "EPRT", EPRT, STR1, 1, "<sp> |af|addr|port|" }, 1096 { "PASV", PASV, ARGS, 1, "(set server in passive mode)" }, 1097 { "LPSV", LPSV, ARGS, 1, "(set server in passive mode)" }, 1098 { "EPSV", EPSV, ARGS, 1, "[<sp> af|ALL]" }, 1099 { "TYPE", TYPE, ARGS, 1, "<sp> { A | E | I | L }" }, 1100 { "STRU", STRU, ARGS, 1, "(specify file structure)" }, 1101 { "MODE", MODE, ARGS, 1, "(specify transfer mode)" }, 1102 { "RETR", RETR, STR1, 1, "<sp> file-name" }, 1103 { "STOR", STOR, STR1, 1, "<sp> file-name" }, 1104 { "APPE", APPE, STR1, 1, "<sp> file-name" }, 1105 { "MLFL", MLFL, OSTR, 0, "(mail file)" }, 1106 { "MAIL", MAIL, OSTR, 0, "(mail to user)" }, 1107 { "MSND", MSND, OSTR, 0, "(mail send to terminal)" }, 1108 { "MSOM", MSOM, OSTR, 0, "(mail send to terminal or mailbox)" }, 1109 { "MSAM", MSAM, OSTR, 0, "(mail send to terminal and mailbox)" }, 1110 { "MRSQ", MRSQ, OSTR, 0, "(mail recipient scheme question)" }, 1111 { "MRCP", MRCP, STR1, 0, "(mail recipient)" }, 1112 { "ALLO", ALLO, ARGS, 1, "allocate storage (vacuously)" }, 1113 { "REST", REST, ARGS, 1, "<sp> offset (restart command)" }, 1114 { "RNFR", RNFR, STR1, 1, "<sp> file-name" }, 1115 { "RNTO", RNTO, STR1, 1, "<sp> file-name" }, 1116 { "ABOR", ABOR, ARGS, 1, "(abort operation)" }, 1117 { "DELE", DELE, STR1, 1, "<sp> file-name" }, 1118 { "CWD", CWD, OSTR, 1, "[ <sp> directory-name ]" }, 1119 { "XCWD", CWD, OSTR, 1, "[ <sp> directory-name ]" }, 1120 { "LIST", LIST, OSTR, 1, "[ <sp> path-name ]" }, 1121 { "NLST", NLST, OSTR, 1, "[ <sp> path-name ]" }, 1122 { "SITE", SITE, SITECMD, 1, "site-cmd [ <sp> arguments ]" }, 1123 { "SYST", SYST, ARGS, 1, "(get type of operating system)" }, 1124 { "FEAT", FEAT, ARGS, 1, "(get extended features)" }, 1125 { "STAT", STAT, OSTR, 1, "[ <sp> path-name ]" }, 1126 { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" }, 1127 { "NOOP", NOOP, ARGS, 1, "" }, 1128 { "MKD", MKD, STR1, 1, "<sp> path-name" }, 1129 { "XMKD", MKD, STR1, 1, "<sp> path-name" }, 1130 { "RMD", RMD, STR1, 1, "<sp> path-name" }, 1131 { "XRMD", RMD, STR1, 1, "<sp> path-name" }, 1132 { "PWD", PWD, ARGS, 1, "(return current directory)" }, 1133 { "XPWD", PWD, ARGS, 1, "(return current directory)" }, 1134 { "CDUP", CDUP, ARGS, 1, "(change to parent directory)" }, 1135 { "XCUP", CDUP, ARGS, 1, "(change to parent directory)" }, 1136 { "STOU", STOU, STR1, 1, "<sp> file-name" }, 1137 { "SIZE", SIZE, OSTR, 1, "<sp> path-name" }, 1138 { "MDTM", MDTM, OSTR, 1, "<sp> path-name" }, 1139 { NULL, 0, 0, 0, 0 } 1140 }; 1141 1142 struct tab sitetab[] = { 1143 { "MD5", MDFIVE, STR1, 1, "[ <sp> file-name ]" }, 1144 { "UMASK", UMASK, ARGS, 1, "[ <sp> umask ]" }, 1145 { "IDLE", IDLE, ARGS, 1, "[ <sp> maximum-idle-time ]" }, 1146 { "CHMOD", CHMOD, NSTR, 1, "<sp> mode <sp> file-name" }, 1147 { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" }, 1148 { NULL, 0, 0, 0, 0 } 1149 }; 1150 1151 static char *copy(char *); 1152 static char *expglob(char *); 1153 static char *exptilde(char *); 1154 static void help(struct tab *, char *); 1155 static struct tab * 1156 lookup(struct tab *, char *); 1157 static int port_check(const char *); 1158 #ifdef INET6 1159 static int port_check_v6(const char *); 1160 #endif 1161 static void sizecmd(char *); 1162 static void toolong(int); 1163 #ifdef INET6 1164 static void v4map_data_dest(void); 1165 #endif 1166 static int yylex(void); 1167 1168 static struct tab * 1169 lookup(struct tab *p, char *cmd) 1170 { 1171 1172 for (; p->name != NULL; p++) 1173 if (strcmp(cmd, p->name) == 0) 1174 return (p); 1175 return (0); 1176 } 1177 1178 #include <arpa/telnet.h> 1179 1180 /* 1181 * get_line - a hacked up version of fgets to ignore TELNET escape codes. 1182 */ 1183 int 1184 get_line(char *s, int n, FILE *iop) 1185 { 1186 int c; 1187 char *cs; 1188 sigset_t sset, osset; 1189 1190 cs = s; 1191 /* tmpline may contain saved command from urgent mode interruption */ 1192 for (c = 0; tmpline[c] != '\0' && --n > 0; ++c) { 1193 *cs++ = tmpline[c]; 1194 if (tmpline[c] == '\n') { 1195 *cs++ = '\0'; 1196 if (ftpdebug) 1197 syslog(LOG_DEBUG, "command: %s", s); 1198 tmpline[0] = '\0'; 1199 return(0); 1200 } 1201 if (c == 0) 1202 tmpline[0] = '\0'; 1203 } 1204 /* SIGURG would interrupt stdio if not blocked during the read loop */ 1205 sigemptyset(&sset); 1206 sigaddset(&sset, SIGURG); 1207 sigprocmask(SIG_BLOCK, &sset, &osset); 1208 while ((c = getc(iop)) != EOF) { 1209 c &= 0377; 1210 if (c == IAC) { 1211 if ((c = getc(iop)) == EOF) 1212 goto got_eof; 1213 c &= 0377; 1214 switch (c) { 1215 case WILL: 1216 case WONT: 1217 if ((c = getc(iop)) == EOF) 1218 goto got_eof; 1219 printf("%c%c%c", IAC, DONT, 0377&c); 1220 fflush(stdout); 1221 continue; 1222 case DO: 1223 case DONT: 1224 if ((c = getc(iop)) == EOF) 1225 goto got_eof; 1226 printf("%c%c%c", IAC, WONT, 0377&c); 1227 fflush(stdout); 1228 continue; 1229 case IAC: 1230 break; 1231 default: 1232 continue; /* ignore command */ 1233 } 1234 } 1235 *cs++ = c; 1236 if (--n <= 0) { 1237 /* 1238 * If command doesn't fit into buffer, discard the 1239 * rest of the command and indicate truncation. 1240 * This prevents the command to be split up into 1241 * multiple commands. 1242 */ 1243 while (c != '\n' && (c = getc(iop)) != EOF) 1244 ; 1245 return (-2); 1246 } 1247 if (c == '\n') 1248 break; 1249 } 1250 got_eof: 1251 sigprocmask(SIG_SETMASK, &osset, NULL); 1252 if (c == EOF && cs == s) 1253 return (-1); 1254 *cs++ = '\0'; 1255 if (ftpdebug) { 1256 if (!guest && strncasecmp("pass ", s, 5) == 0) { 1257 /* Don't syslog passwords */ 1258 syslog(LOG_DEBUG, "command: %.5s ???", s); 1259 } else { 1260 char *cp; 1261 int len; 1262 1263 /* Don't syslog trailing CR-LF */ 1264 len = strlen(s); 1265 cp = s + len - 1; 1266 while (cp >= s && (*cp == '\n' || *cp == '\r')) { 1267 --cp; 1268 --len; 1269 } 1270 syslog(LOG_DEBUG, "command: %.*s", len, s); 1271 } 1272 } 1273 return (0); 1274 } 1275 1276 static void 1277 toolong(int signo) 1278 { 1279 1280 reply(421, 1281 "Timeout (%d seconds): closing control connection.", timeout); 1282 if (logging) 1283 syslog(LOG_INFO, "User %s timed out after %d seconds", 1284 (pw ? pw -> pw_name : "unknown"), timeout); 1285 dologout(1); 1286 } 1287 1288 static int 1289 yylex(void) 1290 { 1291 static int cpos; 1292 char *cp, *cp2; 1293 struct tab *p; 1294 int n; 1295 char c; 1296 1297 for (;;) { 1298 switch (state) { 1299 1300 case CMD: 1301 signal(SIGALRM, toolong); 1302 alarm(timeout); 1303 n = get_line(cbuf, sizeof(cbuf)-1, stdin); 1304 if (n == -1) { 1305 reply(221, "You could at least say goodbye."); 1306 dologout(0); 1307 } else if (n == -2) { 1308 reply(500, "Command too long."); 1309 alarm(0); 1310 continue; 1311 } 1312 alarm(0); 1313 #ifdef SETPROCTITLE 1314 if (strncasecmp(cbuf, "PASS", 4) != 0) 1315 setproctitle("%s: %s", proctitle, cbuf); 1316 #endif /* SETPROCTITLE */ 1317 if ((cp = strchr(cbuf, '\r'))) { 1318 *cp++ = '\n'; 1319 *cp = '\0'; 1320 } 1321 if ((cp = strpbrk(cbuf, " \n"))) 1322 cpos = cp - cbuf; 1323 if (cpos == 0) 1324 cpos = 4; 1325 c = cbuf[cpos]; 1326 cbuf[cpos] = '\0'; 1327 upper(cbuf); 1328 p = lookup(cmdtab, cbuf); 1329 cbuf[cpos] = c; 1330 if (p != 0) { 1331 yylval.s = p->name; 1332 if (!p->implemented) 1333 return (NOTIMPL); /* state remains CMD */ 1334 state = p->state; 1335 return (p->token); 1336 } 1337 break; 1338 1339 case SITECMD: 1340 if (cbuf[cpos] == ' ') { 1341 cpos++; 1342 return (SP); 1343 } 1344 cp = &cbuf[cpos]; 1345 if ((cp2 = strpbrk(cp, " \n"))) 1346 cpos = cp2 - cbuf; 1347 c = cbuf[cpos]; 1348 cbuf[cpos] = '\0'; 1349 upper(cp); 1350 p = lookup(sitetab, cp); 1351 cbuf[cpos] = c; 1352 if (guest == 0 && p != 0) { 1353 yylval.s = p->name; 1354 if (!p->implemented) { 1355 state = CMD; 1356 return (NOTIMPL); 1357 } 1358 state = p->state; 1359 return (p->token); 1360 } 1361 state = CMD; 1362 break; 1363 1364 case ZSTR1: 1365 case OSTR: 1366 if (cbuf[cpos] == '\n') { 1367 state = CMD; 1368 return (CRLF); 1369 } 1370 /* FALLTHROUGH */ 1371 1372 case STR1: 1373 dostr1: 1374 if (cbuf[cpos] == ' ') { 1375 cpos++; 1376 state = state == OSTR ? STR2 : state+1; 1377 return (SP); 1378 } 1379 break; 1380 1381 case ZSTR2: 1382 if (cbuf[cpos] == '\n') { 1383 state = CMD; 1384 return (CRLF); 1385 } 1386 /* FALLTHROUGH */ 1387 1388 case STR2: 1389 cp = &cbuf[cpos]; 1390 n = strlen(cp); 1391 cpos += n - 1; 1392 /* 1393 * Make sure the string is nonempty and \n terminated. 1394 */ 1395 if (n > 1 && cbuf[cpos] == '\n') { 1396 cbuf[cpos] = '\0'; 1397 yylval.s = copy(cp); 1398 cbuf[cpos] = '\n'; 1399 state = ARGS; 1400 return (STRING); 1401 } 1402 break; 1403 1404 case NSTR: 1405 if (cbuf[cpos] == ' ') { 1406 cpos++; 1407 return (SP); 1408 } 1409 if (isdigit(cbuf[cpos])) { 1410 cp = &cbuf[cpos]; 1411 while (isdigit(cbuf[++cpos])) 1412 ; 1413 c = cbuf[cpos]; 1414 cbuf[cpos] = '\0'; 1415 yylval.u.i = atoi(cp); 1416 cbuf[cpos] = c; 1417 state = STR1; 1418 return (NUMBER); 1419 } 1420 state = STR1; 1421 goto dostr1; 1422 1423 case ARGS: 1424 if (isdigit(cbuf[cpos])) { 1425 cp = &cbuf[cpos]; 1426 while (isdigit(cbuf[++cpos])) 1427 ; 1428 c = cbuf[cpos]; 1429 cbuf[cpos] = '\0'; 1430 yylval.u.i = atoi(cp); 1431 yylval.u.o = strtoull(cp, NULL, 10); 1432 cbuf[cpos] = c; 1433 return (NUMBER); 1434 } 1435 if (strncasecmp(&cbuf[cpos], "ALL", 3) == 0 1436 && !isalnum(cbuf[cpos + 3])) { 1437 cpos += 3; 1438 return ALL; 1439 } 1440 switch (cbuf[cpos++]) { 1441 1442 case '\n': 1443 state = CMD; 1444 return (CRLF); 1445 1446 case ' ': 1447 return (SP); 1448 1449 case ',': 1450 return (COMMA); 1451 1452 case 'A': 1453 case 'a': 1454 return (A); 1455 1456 case 'B': 1457 case 'b': 1458 return (B); 1459 1460 case 'C': 1461 case 'c': 1462 return (C); 1463 1464 case 'E': 1465 case 'e': 1466 return (E); 1467 1468 case 'F': 1469 case 'f': 1470 return (F); 1471 1472 case 'I': 1473 case 'i': 1474 return (I); 1475 1476 case 'L': 1477 case 'l': 1478 return (L); 1479 1480 case 'N': 1481 case 'n': 1482 return (N); 1483 1484 case 'P': 1485 case 'p': 1486 return (P); 1487 1488 case 'R': 1489 case 'r': 1490 return (R); 1491 1492 case 'S': 1493 case 's': 1494 return (S); 1495 1496 case 'T': 1497 case 't': 1498 return (T); 1499 1500 } 1501 break; 1502 1503 default: 1504 fatalerror("Unknown state in scanner."); 1505 } 1506 state = CMD; 1507 return (LEXERR); 1508 } 1509 } 1510 1511 void 1512 upper(char *s) 1513 { 1514 while (*s != '\0') { 1515 if (islower(*s)) 1516 *s = toupper(*s); 1517 s++; 1518 } 1519 } 1520 1521 static char * 1522 copy(char *s) 1523 { 1524 char *p; 1525 1526 p = malloc(strlen(s) + 1); 1527 if (p == NULL) 1528 fatalerror("Ran out of memory."); 1529 strcpy(p, s); 1530 return (p); 1531 } 1532 1533 static void 1534 help(struct tab *ctab, char *s) 1535 { 1536 struct tab *c; 1537 int width, NCMDS; 1538 char *type; 1539 1540 if (ctab == sitetab) 1541 type = "SITE "; 1542 else 1543 type = ""; 1544 width = 0, NCMDS = 0; 1545 for (c = ctab; c->name != NULL; c++) { 1546 int len = strlen(c->name); 1547 1548 if (len > width) 1549 width = len; 1550 NCMDS++; 1551 } 1552 width = (width + 8) &~ 7; 1553 if (s == 0) { 1554 int i, j, w; 1555 int columns, lines; 1556 1557 lreply(214, "The following %scommands are recognized %s.", 1558 type, "(* =>'s unimplemented)"); 1559 columns = 76 / width; 1560 if (columns == 0) 1561 columns = 1; 1562 lines = (NCMDS + columns - 1) / columns; 1563 for (i = 0; i < lines; i++) { 1564 printf(" "); 1565 for (j = 0; j < columns; j++) { 1566 c = ctab + j * lines + i; 1567 printf("%s%c", c->name, 1568 c->implemented ? ' ' : '*'); 1569 if (c + lines >= &ctab[NCMDS]) 1570 break; 1571 w = strlen(c->name) + 1; 1572 while (w < width) { 1573 putchar(' '); 1574 w++; 1575 } 1576 } 1577 printf("\r\n"); 1578 } 1579 fflush(stdout); 1580 if (hostinfo) 1581 reply(214, "Direct comments to ftp-bugs@%s.", hostname); 1582 else 1583 reply(214, "End."); 1584 return; 1585 } 1586 upper(s); 1587 c = lookup(ctab, s); 1588 if (c == NULL) { 1589 reply(502, "Unknown command %s.", s); 1590 return; 1591 } 1592 if (c->implemented) 1593 reply(214, "Syntax: %s%s %s", type, c->name, c->help); 1594 else 1595 reply(214, "%s%-*s\t%s; unimplemented.", type, width, 1596 c->name, c->help); 1597 } 1598 1599 static void 1600 sizecmd(char *filename) 1601 { 1602 switch (type) { 1603 case TYPE_L: 1604 case TYPE_I: { 1605 struct stat stbuf; 1606 if (stat(filename, &stbuf) < 0) 1607 perror_reply(550, filename); 1608 else if (!S_ISREG(stbuf.st_mode)) 1609 reply(550, "%s: not a plain file.", filename); 1610 else 1611 reply(213, "%jd", (intmax_t)stbuf.st_size); 1612 break; } 1613 case TYPE_A: { 1614 FILE *fin; 1615 int c; 1616 off_t count; 1617 struct stat stbuf; 1618 fin = fopen(filename, "r"); 1619 if (fin == NULL) { 1620 perror_reply(550, filename); 1621 return; 1622 } 1623 if (fstat(fileno(fin), &stbuf) < 0) { 1624 perror_reply(550, filename); 1625 fclose(fin); 1626 return; 1627 } else if (!S_ISREG(stbuf.st_mode)) { 1628 reply(550, "%s: not a plain file.", filename); 1629 fclose(fin); 1630 return; 1631 } else if (stbuf.st_size > MAXASIZE) { 1632 reply(550, "%s: too large for type A SIZE.", filename); 1633 fclose(fin); 1634 return; 1635 } 1636 1637 count = 0; 1638 while((c=getc(fin)) != EOF) { 1639 if (c == '\n') /* will get expanded to \r\n */ 1640 count++; 1641 count++; 1642 } 1643 fclose(fin); 1644 1645 reply(213, "%jd", (intmax_t)count); 1646 break; } 1647 default: 1648 reply(504, "SIZE not implemented for type %s.", 1649 typenames[type]); 1650 } 1651 } 1652 1653 /* Return 1, if port check is done. Return 0, if not yet. */ 1654 static int 1655 port_check(const char *pcmd) 1656 { 1657 if (his_addr.su_family == AF_INET) { 1658 if (data_dest.su_family != AF_INET) { 1659 usedefault = 1; 1660 reply(500, "Invalid address rejected."); 1661 return 1; 1662 } 1663 if (paranoid && 1664 ((ntohs(data_dest.su_port) < IPPORT_RESERVED) || 1665 memcmp(&data_dest.su_sin.sin_addr, 1666 &his_addr.su_sin.sin_addr, 1667 sizeof(data_dest.su_sin.sin_addr)))) { 1668 usedefault = 1; 1669 reply(500, "Illegal PORT range rejected."); 1670 } else { 1671 usedefault = 0; 1672 if (pdata >= 0) { 1673 close(pdata); 1674 pdata = -1; 1675 } 1676 reply(200, "%s command successful.", pcmd); 1677 } 1678 return 1; 1679 } 1680 return 0; 1681 } 1682 1683 static int 1684 check_login1(void) 1685 { 1686 if (logged_in) 1687 return 1; 1688 else { 1689 reply(530, "Please login with USER and PASS."); 1690 return 0; 1691 } 1692 } 1693 1694 /* 1695 * Replace leading "~user" in a pathname by the user's login directory. 1696 * Returned string will be in a freshly malloced buffer unless it's NULL. 1697 */ 1698 static char * 1699 exptilde(char *s) 1700 { 1701 char *p, *q; 1702 char *path, *user; 1703 struct passwd *ppw; 1704 1705 if ((p = strdup(s)) == NULL) 1706 return (NULL); 1707 if (*p != '~') 1708 return (p); 1709 1710 user = p + 1; /* skip tilde */ 1711 if ((path = strchr(p, '/')) != NULL) 1712 *(path++) = '\0'; /* separate ~user from the rest of path */ 1713 if (*user == '\0') /* no user specified, use the current user */ 1714 user = pw->pw_name; 1715 /* read passwd even for the current user since we may be chrooted */ 1716 if ((ppw = getpwnam(user)) != NULL) { 1717 /* user found, substitute login directory for ~user */ 1718 if (path) 1719 asprintf(&q, "%s/%s", ppw->pw_dir, path); 1720 else 1721 q = strdup(ppw->pw_dir); 1722 free(p); 1723 p = q; 1724 } else { 1725 /* user not found, undo the damage */ 1726 if (path) 1727 path[-1] = '/'; 1728 } 1729 return (p); 1730 } 1731 1732 /* 1733 * Expand glob(3) patterns possibly present in a pathname. 1734 * Avoid expanding to a pathname including '\r' or '\n' in order to 1735 * not disrupt the FTP protocol. 1736 * The expansion found must be unique. 1737 * Return the result as a malloced string, or NULL if an error occured. 1738 * 1739 * Problem: this production is used for all pathname 1740 * processing, but only gives a 550 error reply. 1741 * This is a valid reply in some cases but not in others. 1742 */ 1743 static char * 1744 expglob(char *s) 1745 { 1746 char *p, **pp, *rval; 1747 int flags = GLOB_BRACE | GLOB_NOCHECK; 1748 int n; 1749 glob_t gl; 1750 1751 memset(&gl, 0, sizeof(gl)); 1752 /*flags |= GLOB_LIMIT;*/ 1753 gl.gl_matchc = MAXGLOBARGS; 1754 if (glob(s, flags, NULL, &gl) == 0 && gl.gl_pathc != 0) { 1755 for (pp = gl.gl_pathv, p = NULL, n = 0; *pp; pp++) 1756 if (*(*pp + strcspn(*pp, "\r\n")) == '\0') { 1757 p = *pp; 1758 n++; 1759 } 1760 if (n == 0) 1761 rval = strdup(s); 1762 else if (n == 1) 1763 rval = strdup(p); 1764 else { 1765 reply(550, "Wildcard is ambiguous."); 1766 rval = NULL; 1767 } 1768 } else { 1769 reply(550, "Wildcard expansion error."); 1770 rval = NULL; 1771 } 1772 globfree(&gl); 1773 return (rval); 1774 } 1775 1776 #ifdef INET6 1777 /* Return 1, if port check is done. Return 0, if not yet. */ 1778 static int 1779 port_check_v6(const char *pcmd) 1780 { 1781 if (his_addr.su_family == AF_INET6) { 1782 if (IN6_IS_ADDR_V4MAPPED(&his_addr.su_sin6.sin6_addr)) 1783 /* Convert data_dest into v4 mapped sockaddr.*/ 1784 v4map_data_dest(); 1785 if (data_dest.su_family != AF_INET6) { 1786 usedefault = 1; 1787 reply(500, "Invalid address rejected."); 1788 return 1; 1789 } 1790 if (paranoid && 1791 ((ntohs(data_dest.su_port) < IPPORT_RESERVED) || 1792 memcmp(&data_dest.su_sin6.sin6_addr, 1793 &his_addr.su_sin6.sin6_addr, 1794 sizeof(data_dest.su_sin6.sin6_addr)))) { 1795 usedefault = 1; 1796 reply(500, "Illegal PORT range rejected."); 1797 } else { 1798 usedefault = 0; 1799 if (pdata >= 0) { 1800 close(pdata); 1801 pdata = -1; 1802 } 1803 reply(200, "%s command successful.", pcmd); 1804 } 1805 return 1; 1806 } 1807 return 0; 1808 } 1809 1810 static void 1811 v4map_data_dest(void) 1812 { 1813 struct in_addr savedaddr; 1814 int savedport; 1815 1816 if (data_dest.su_family != AF_INET) { 1817 usedefault = 1; 1818 reply(500, "Invalid address rejected."); 1819 return; 1820 } 1821 1822 savedaddr = data_dest.su_sin.sin_addr; 1823 savedport = data_dest.su_port; 1824 1825 memset(&data_dest, 0, sizeof(data_dest)); 1826 data_dest.su_sin6.sin6_len = sizeof(struct sockaddr_in6); 1827 data_dest.su_sin6.sin6_family = AF_INET6; 1828 data_dest.su_sin6.sin6_port = savedport; 1829 memset((caddr_t)&data_dest.su_sin6.sin6_addr.s6_addr[10], 0xff, 2); 1830 memcpy((caddr_t)&data_dest.su_sin6.sin6_addr.s6_addr[12], 1831 (caddr_t)&savedaddr, sizeof(savedaddr)); 1832 } 1833 #endif 1834