1 /* $NetBSD: ftpd.c,v 1.202 2015/08/10 07:32:49 shm Exp $ */ 2 3 /* 4 * Copyright (c) 1997-2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Luke Mewburn. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* 33 * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 */ 60 61 /* 62 * Copyright (C) 1997 and 1998 WIDE Project. 63 * All rights reserved. 64 * 65 * Redistribution and use in source and binary forms, with or without 66 * modification, are permitted provided that the following conditions 67 * are met: 68 * 1. Redistributions of source code must retain the above copyright 69 * notice, this list of conditions and the following disclaimer. 70 * 2. Redistributions in binary form must reproduce the above copyright 71 * notice, this list of conditions and the following disclaimer in the 72 * documentation and/or other materials provided with the distribution. 73 * 3. Neither the name of the project nor the names of its contributors 74 * may be used to endorse or promote products derived from this software 75 * without specific prior written permission. 76 * 77 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 78 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 79 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 80 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 81 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 82 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 83 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 84 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 85 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 86 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 87 * SUCH DAMAGE. 88 */ 89 90 #include <sys/cdefs.h> 91 #ifndef lint 92 __COPYRIGHT("@(#) Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994\ 93 The Regents of the University of California. All rights reserved."); 94 #endif /* not lint */ 95 96 #ifndef lint 97 #if 0 98 static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95"; 99 #else 100 __RCSID("$NetBSD: ftpd.c,v 1.202 2015/08/10 07:32:49 shm Exp $"); 101 #endif 102 #endif /* not lint */ 103 104 /* 105 * FTP server. 106 */ 107 #include <sys/param.h> 108 #include <sys/stat.h> 109 #include <sys/ioctl.h> 110 #include <sys/socket.h> 111 #include <sys/wait.h> 112 #include <sys/mman.h> 113 #include <sys/resource.h> 114 115 #include <netinet/in.h> 116 #include <netinet/in_systm.h> 117 #include <netinet/ip.h> 118 119 #define FTP_NAMES 120 #include <arpa/ftp.h> 121 #include <arpa/inet.h> 122 #include <arpa/telnet.h> 123 124 #include <ctype.h> 125 #include <dirent.h> 126 #include <err.h> 127 #include <errno.h> 128 #include <fcntl.h> 129 #include <fnmatch.h> 130 #include <glob.h> 131 #include <grp.h> 132 #include <limits.h> 133 #include <netdb.h> 134 #include <pwd.h> 135 #include <poll.h> 136 #include <signal.h> 137 #include <stdarg.h> 138 #include <stdio.h> 139 #include <stdlib.h> 140 #include <string.h> 141 #include <syslog.h> 142 #include <time.h> 143 #include <tzfile.h> 144 #include <unistd.h> 145 #include <util.h> 146 #ifdef SUPPORT_UTMP 147 #include <utmp.h> 148 #endif 149 #ifdef SUPPORT_UTMPX 150 #include <utmpx.h> 151 #endif 152 #ifdef SKEY 153 #include <skey.h> 154 #endif 155 #ifdef KERBEROS5 156 #include <com_err.h> 157 #include <krb5/krb5.h> 158 #endif 159 160 #ifdef LOGIN_CAP 161 #include <login_cap.h> 162 #endif 163 164 #ifdef USE_PAM 165 #include <security/pam_appl.h> 166 #endif 167 168 #include "pfilter.h" 169 170 #define GLOBAL 171 #include "extern.h" 172 #include "pathnames.h" 173 #include "version.h" 174 175 static sig_atomic_t transflag; 176 static sig_atomic_t urgflag; 177 178 int data; 179 int Dflag; 180 int sflag; 181 int stru; /* avoid C keyword */ 182 int mode; 183 int dataport; /* use specific data port */ 184 int dopidfile; /* maintain pid file */ 185 int doutmp; /* update utmp file */ 186 int dowtmp; /* update wtmp file */ 187 int doxferlog; /* syslog/write wu-ftpd style xferlog entries */ 188 int xferlogfd; /* fd to write wu-ftpd xferlog entries to */ 189 int getnameopts; /* flags for use with getname() */ 190 int dropprivs; /* if privileges should or have been dropped */ 191 int mapped; /* IPv4 connection on AF_INET6 socket */ 192 off_t file_size; 193 off_t byte_count; 194 static char ttyline[20]; 195 196 #ifdef USE_PAM 197 static int auth_pam(void); 198 pam_handle_t *pamh = NULL; 199 #endif 200 201 #ifdef SUPPORT_UTMP 202 static struct utmp utmp; /* for utmp */ 203 #endif 204 #ifdef SUPPORT_UTMPX 205 static struct utmpx utmpx; /* for utmpx */ 206 #endif 207 208 static const char *anondir = NULL; 209 static const char *confdir = _DEFAULT_CONFDIR; 210 211 static char *curname; /* current USER name */ 212 static size_t curname_len; /* length of curname (include NUL) */ 213 214 #if defined(KERBEROS) || defined(KERBEROS5) 215 int has_ccache = 0; 216 int notickets = 1; 217 char *krbtkfile_env = NULL; 218 char *tty = ttyline; 219 int login_krb5_forwardable_tgt = 0; 220 #endif 221 222 int epsvall = 0; 223 224 /* 225 * Timeout intervals for retrying connections 226 * to hosts that don't accept PORT cmds. This 227 * is a kludge, but given the problems with TCP... 228 */ 229 #define SWAITMAX 90 /* wait at most 90 seconds */ 230 #define SWAITINT 5 /* interval between retries */ 231 232 int swaitmax = SWAITMAX; 233 int swaitint = SWAITINT; 234 235 enum send_status { 236 SS_SUCCESS, 237 SS_ABORTED, /* transfer aborted */ 238 SS_NO_TRANSFER, /* no transfer made yet */ 239 SS_FILE_ERROR, /* file read error */ 240 SS_DATA_ERROR /* data send error */ 241 }; 242 243 static int bind_pasv_addr(void); 244 static int checkuser(const char *, const char *, int, int, char **); 245 static int checkaccess(const char *); 246 static int checkpassword(const struct passwd *, const char *); 247 static void do_pass(int, int, const char *); 248 static void end_login(void); 249 static FILE *getdatasock(const char *); 250 static char *gunique(const char *); 251 static void login_utmp(const char *, const char *, const char *, 252 struct sockinet *); 253 static void logremotehost(struct sockinet *); 254 __dead static void lostconn(int); 255 __dead static void toolong(int); 256 __dead static void sigquit(int); 257 static void sigurg(int); 258 static int handleoobcmd(void); 259 static int receive_data(FILE *, FILE *); 260 static int send_data(FILE *, FILE *, const struct stat *, int); 261 static struct passwd *sgetpwnam(const char *); 262 static int write_data(int, char *, size_t, off_t *, struct timeval *, 263 int); 264 static enum send_status 265 send_data_with_read(int, int, const struct stat *, int); 266 #if !defined(__minix) 267 static enum send_status 268 send_data_with_mmap(int, int, const struct stat *, int); 269 #endif /* !defined(__minix) */ 270 static void logrusage(const struct rusage *, const struct rusage *); 271 static void logout_utmp(void); 272 273 int main(int, char *[]); 274 275 #if defined(KERBEROS) 276 int klogin(struct passwd *, char *, char *, char *); 277 void kdestroy(void); 278 #endif 279 #if defined(KERBEROS5) 280 int k5login(struct passwd *, char *, char *, char *); 281 void k5destroy(void); 282 #endif 283 284 int 285 main(int argc, char *argv[]) 286 { 287 int ch, on = 1, tos, keepalive; 288 socklen_t addrlen; 289 #ifdef KERBEROS5 290 krb5_error_code kerror; 291 #endif 292 char *p; 293 const char *xferlogname = NULL; 294 long l; 295 struct sigaction sa; 296 sa_family_t af = AF_UNSPEC; 297 298 connections = 1; 299 ftpd_debug = 0; 300 logging = 0; 301 pdata = -1; 302 Dflag = 0; 303 sflag = 0; 304 dataport = 0; 305 dopidfile = 1; /* default: DO use a pid file to count users */ 306 doutmp = 0; /* default: Do NOT log to utmp */ 307 dowtmp = 1; /* default: DO log to wtmp */ 308 doxferlog = 0; /* default: Do NOT syslog xferlog */ 309 xferlogfd = -1; /* default: Do NOT write xferlog file */ 310 getnameopts = 0; /* default: xlate addrs to name */ 311 dropprivs = 0; 312 mapped = 0; 313 usedefault = 1; 314 emailaddr = NULL; 315 hostname[0] = '\0'; 316 homedir[0] = '\0'; 317 gidcount = 0; 318 is_oob = 0; 319 version = FTPD_VERSION; 320 321 /* 322 * LOG_NDELAY sets up the logging connection immediately, 323 * necessary for anonymous ftp's that chroot and can't do it later. 324 */ 325 openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); 326 327 while ((ch = getopt(argc, argv, 328 "46a:c:C:Dde:h:HlL:nP:qQrst:T:uUvV:wWX")) != -1) { 329 switch (ch) { 330 case '4': 331 af = AF_INET; 332 break; 333 334 case '6': 335 af = AF_INET6; 336 break; 337 338 case 'a': 339 anondir = optarg; 340 break; 341 342 case 'c': 343 confdir = optarg; 344 break; 345 346 case 'C': 347 if ((p = strchr(optarg, '@')) != NULL) { 348 *p++ = '\0'; 349 strlcpy(remotehost, p, MAXHOSTNAMELEN + 1); 350 if (inet_pton(AF_INET, p, 351 &his_addr.su_addr) == 1) { 352 his_addr.su_family = AF_INET; 353 his_addr.su_len = 354 sizeof(his_addr.si_su.su_sin); 355 #ifdef INET6 356 } else if (inet_pton(AF_INET6, p, 357 &his_addr.su_6addr) == 1) { 358 his_addr.su_family = AF_INET6; 359 his_addr.su_len = 360 sizeof(his_addr.si_su.su_sin6); 361 #endif 362 } else 363 his_addr.su_family = AF_UNSPEC; 364 } 365 pw = sgetpwnam(optarg); 366 exit(checkaccess(optarg) ? 0 : 1); 367 /* NOTREACHED */ 368 369 case 'D': 370 Dflag = 1; 371 break; 372 373 case 'd': 374 case 'v': /* deprecated */ 375 ftpd_debug = 1; 376 break; 377 378 case 'e': 379 emailaddr = optarg; 380 break; 381 382 case 'h': 383 strlcpy(hostname, optarg, sizeof(hostname)); 384 break; 385 386 case 'H': 387 if (gethostname(hostname, sizeof(hostname)) == -1) 388 hostname[0] = '\0'; 389 hostname[sizeof(hostname) - 1] = '\0'; 390 break; 391 392 case 'l': 393 logging++; /* > 1 == extra logging */ 394 break; 395 396 case 'L': 397 xferlogname = optarg; 398 break; 399 400 case 'n': 401 getnameopts = NI_NUMERICHOST; 402 break; 403 404 case 'P': 405 errno = 0; 406 p = NULL; 407 l = strtol(optarg, &p, 10); 408 if (errno || *optarg == '\0' || *p != '\0' || 409 l < IPPORT_RESERVED || 410 l > IPPORT_ANONMAX) { 411 syslog(LOG_WARNING, "Invalid dataport %s", 412 optarg); 413 dataport = 0; 414 } 415 dataport = (int)l; 416 break; 417 418 case 'q': 419 dopidfile = 1; 420 break; 421 422 case 'Q': 423 dopidfile = 0; 424 break; 425 426 case 'r': 427 dropprivs = 1; 428 break; 429 430 case 's': 431 sflag = 1; 432 break; 433 434 case 't': 435 case 'T': 436 syslog(LOG_WARNING, 437 "-%c has been deprecated in favour of ftpd.conf", 438 ch); 439 break; 440 441 case 'u': 442 doutmp = 1; 443 break; 444 445 case 'U': 446 doutmp = 0; 447 break; 448 449 case 'V': 450 if (EMPTYSTR(optarg) || strcmp(optarg, "-") == 0) 451 version = NULL; 452 else 453 version = ftpd_strdup(optarg); 454 break; 455 456 case 'w': 457 dowtmp = 1; 458 break; 459 460 case 'W': 461 dowtmp = 0; 462 break; 463 464 case 'X': 465 doxferlog |= 1; 466 break; 467 468 default: 469 if (optopt == 'a' || optopt == 'C') 470 exit(1); 471 syslog(LOG_WARNING, "unknown flag -%c ignored", optopt); 472 break; 473 } 474 } 475 if (EMPTYSTR(confdir)) 476 confdir = _DEFAULT_CONFDIR; 477 478 pfilter_open(); 479 480 if (dowtmp) { 481 #ifdef SUPPORT_UTMPX 482 ftpd_initwtmpx(); 483 #endif 484 #ifdef SUPPORT_UTMP 485 ftpd_initwtmp(); 486 #endif 487 } 488 errno = 0; 489 #if !defined(__minix) 490 l = sysconf(_SC_LOGIN_NAME_MAX); 491 if (l == -1 && errno != 0) { 492 syslog(LOG_ERR, "sysconf _SC_LOGIN_NAME_MAX: %m"); 493 exit(1); 494 } else if (l <= 0) { 495 syslog(LOG_WARNING, "using conservative LOGIN_NAME_MAX value"); 496 curname_len = _POSIX_LOGIN_NAME_MAX; 497 } else 498 curname_len = (size_t)l; 499 #else 500 curname_len = _POSIX_LOGIN_NAME_MAX; 501 #endif /* !defined(__minix) */ 502 curname = malloc(curname_len); 503 if (curname == NULL) { 504 syslog(LOG_ERR, "malloc: %m"); 505 exit(1); 506 } 507 curname[0] = '\0'; 508 509 if (Dflag) { 510 int error, fd, i, n, *socks; 511 struct pollfd *fds; 512 struct addrinfo hints, *res, *res0; 513 514 if (daemon(1, 0) == -1) { 515 syslog(LOG_ERR, "failed to daemonize: %m"); 516 exit(1); 517 } 518 (void)memset(&sa, 0, sizeof(sa)); 519 sa.sa_handler = SIG_IGN; 520 sa.sa_flags = SA_NOCLDWAIT; 521 sigemptyset(&sa.sa_mask); 522 (void)sigaction(SIGCHLD, &sa, NULL); 523 524 (void)memset(&hints, 0, sizeof(hints)); 525 hints.ai_flags = AI_PASSIVE; 526 hints.ai_family = af; 527 hints.ai_socktype = SOCK_STREAM; 528 error = getaddrinfo(NULL, "ftp", &hints, &res0); 529 if (error) { 530 syslog(LOG_ERR, "getaddrinfo: %s", gai_strerror(error)); 531 exit(1); 532 } 533 534 for (n = 0, res = res0; res != NULL; res = res->ai_next) 535 n++; 536 if (n == 0) { 537 syslog(LOG_ERR, "no addresses available"); 538 exit(1); 539 } 540 socks = malloc(n * sizeof(int)); 541 fds = malloc(n * sizeof(struct pollfd)); 542 if (socks == NULL || fds == NULL) { 543 syslog(LOG_ERR, "malloc: %m"); 544 exit(1); 545 } 546 547 for (n = 0, res = res0; res != NULL; res = res->ai_next) { 548 socks[n] = socket(res->ai_family, res->ai_socktype, 549 res->ai_protocol); 550 if (socks[n] == -1) 551 continue; 552 (void)setsockopt(socks[n], SOL_SOCKET, SO_REUSEADDR, 553 &on, sizeof(on)); 554 if (bind(socks[n], res->ai_addr, res->ai_addrlen) 555 == -1) { 556 (void)close(socks[n]); 557 continue; 558 } 559 if (listen(socks[n], 12) == -1) { 560 (void)close(socks[n]); 561 continue; 562 } 563 564 fds[n].fd = socks[n]; 565 fds[n].events = POLLIN; 566 n++; 567 } 568 if (n == 0) { 569 syslog(LOG_ERR, "%m"); 570 exit(1); 571 } 572 freeaddrinfo(res0); 573 574 if (pidfile(NULL) == -1) 575 syslog(LOG_ERR, "failed to write a pid file: %m"); 576 577 for (;;) { 578 if (poll(fds, n, INFTIM) == -1) { 579 if (errno == EINTR) 580 continue; 581 syslog(LOG_ERR, "poll: %m"); 582 exit(1); 583 } 584 for (i = 0; i < n; i++) { 585 if (fds[i].revents & POLLIN) { 586 fd = accept(fds[i].fd, NULL, NULL); 587 if (fd == -1) { 588 syslog(LOG_ERR, "accept: %m"); 589 continue; 590 } 591 switch (fork()) { 592 case -1: 593 syslog(LOG_ERR, "fork: %m"); 594 break; 595 case 0: 596 goto child; 597 /* NOTREACHED */ 598 } 599 (void)close(fd); 600 } 601 } 602 } 603 child: 604 (void)dup2(fd, STDIN_FILENO); 605 (void)dup2(fd, STDOUT_FILENO); 606 (void)dup2(fd, STDERR_FILENO); 607 for (i = 0; i < n; i++) 608 (void)close(socks[i]); 609 } 610 611 memset((char *)&his_addr, 0, sizeof(his_addr)); 612 addrlen = sizeof(his_addr.si_su); 613 if (getpeername(0, (struct sockaddr *)&his_addr.si_su, &addrlen) < 0) { 614 syslog((errno == ENOTCONN) ? LOG_NOTICE : LOG_ERR, 615 "getpeername (%s): %m",argv[0]); 616 exit(1); 617 } 618 his_addr.su_len = addrlen; 619 memset((char *)&ctrl_addr, 0, sizeof(ctrl_addr)); 620 addrlen = sizeof(ctrl_addr.si_su); 621 if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) { 622 syslog(LOG_ERR, "getsockname (%s): %m",argv[0]); 623 exit(1); 624 } 625 ctrl_addr.su_len = addrlen; 626 #ifdef INET6 627 if (his_addr.su_family == AF_INET6 628 && IN6_IS_ADDR_V4MAPPED(&his_addr.su_6addr)) { 629 #if 1 630 /* 631 * IPv4 control connection arrived to AF_INET6 socket. 632 * I hate to do this, but this is the easiest solution. 633 * 634 * The assumption is untrue on SIIT environment. 635 */ 636 struct sockinet tmp_addr; 637 const int off = sizeof(struct in6_addr) - sizeof(struct in_addr); 638 639 tmp_addr = his_addr; 640 memset(&his_addr, 0, sizeof(his_addr)); 641 his_addr.su_family = AF_INET; 642 his_addr.su_len = sizeof(his_addr.si_su.su_sin); 643 memcpy(&his_addr.su_addr, &tmp_addr.su_6addr.s6_addr[off], 644 sizeof(his_addr.su_addr)); 645 his_addr.su_port = tmp_addr.su_port; 646 647 tmp_addr = ctrl_addr; 648 memset(&ctrl_addr, 0, sizeof(ctrl_addr)); 649 ctrl_addr.su_family = AF_INET; 650 ctrl_addr.su_len = sizeof(ctrl_addr.si_su.su_sin); 651 memcpy(&ctrl_addr.su_addr, &tmp_addr.su_6addr.s6_addr[off], 652 sizeof(ctrl_addr.su_addr)); 653 ctrl_addr.su_port = tmp_addr.su_port; 654 #else 655 while (fgets(line, sizeof(line), fd) != NULL) { 656 if ((cp = strchr(line, '\n')) != NULL) 657 *cp = '\0'; 658 reply(-530, "%s", line); 659 } 660 (void) fflush(stdout); 661 (void) fclose(fd); 662 reply(530, 663 "Connection from IPv4 mapped address is not supported."); 664 exit(0); 665 #endif 666 667 mapped = 1; 668 } else 669 #endif /* INET6 */ 670 mapped = 0; 671 #ifdef IP_TOS 672 if (!mapped && his_addr.su_family == AF_INET) { 673 tos = IPTOS_LOWDELAY; 674 if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&tos, 675 sizeof(int)) < 0) 676 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); 677 } 678 #endif 679 /* if the hostname hasn't been given, attempt to determine it */ 680 if (hostname[0] == '\0') { 681 if (getnameinfo((struct sockaddr *)&ctrl_addr.si_su, 682 ctrl_addr.su_len, hostname, sizeof(hostname), NULL, 0, 683 getnameopts) != 0) 684 (void)gethostname(hostname, sizeof(hostname)); 685 hostname[sizeof(hostname) - 1] = '\0'; 686 } 687 688 /* set this here so klogin can use it... */ 689 (void)snprintf(ttyline, sizeof(ttyline), "ftp%d", getpid()); 690 691 (void) freopen(_PATH_DEVNULL, "w", stderr); 692 693 memset(&sa, 0, sizeof(sa)); 694 sa.sa_handler = SIG_DFL; 695 sa.sa_flags = SA_RESTART; 696 sigemptyset(&sa.sa_mask); 697 (void) sigaction(SIGCHLD, &sa, NULL); 698 699 sa.sa_handler = sigquit; 700 sa.sa_flags = SA_RESTART; 701 sigfillset(&sa.sa_mask); /* block all sigs in these handlers */ 702 (void) sigaction(SIGHUP, &sa, NULL); 703 (void) sigaction(SIGINT, &sa, NULL); 704 (void) sigaction(SIGQUIT, &sa, NULL); 705 (void) sigaction(SIGTERM, &sa, NULL); 706 sa.sa_handler = lostconn; 707 (void) sigaction(SIGPIPE, &sa, NULL); 708 sa.sa_handler = toolong; 709 (void) sigaction(SIGALRM, &sa, NULL); 710 sa.sa_handler = sigurg; 711 #if !defined(__minix) 712 (void) sigaction(SIGURG, &sa, NULL); 713 714 /* Try to handle urgent data inline */ 715 #ifdef SO_OOBINLINE 716 if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on)) < 0) 717 syslog(LOG_WARNING, "setsockopt: %m"); 718 #endif 719 /* Set keepalives on the socket to detect dropped connections. */ 720 #ifdef SO_KEEPALIVE 721 keepalive = 1; 722 if (setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&keepalive, 723 sizeof(int)) < 0) 724 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 725 #endif 726 #endif /* !defined(__minix) */ 727 728 #ifdef F_SETOWN 729 if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1) 730 syslog(LOG_WARNING, "fcntl F_SETOWN: %m"); 731 #endif 732 logremotehost(&his_addr); 733 /* 734 * Set up default state 735 */ 736 data = -1; 737 type = TYPE_A; 738 form = FORM_N; 739 stru = STRU_F; 740 mode = MODE_S; 741 tmpline[0] = '\0'; 742 hasyyerrored = 0; 743 744 #ifdef KERBEROS5 745 kerror = krb5_init_context(&kcontext); 746 if (kerror) { 747 syslog(LOG_ERR, "%s when initializing Kerberos context", 748 error_message(kerror)); 749 exit(0); 750 } 751 #endif /* KERBEROS5 */ 752 753 init_curclass(); 754 curclass.timeout = 300; /* 5 minutes, as per login(1) */ 755 curclass.type = CLASS_REAL; 756 757 /* If logins are disabled, print out the message. */ 758 if (display_file(_PATH_NOLOGIN, 530)) { 759 reply(530, "System not available."); 760 exit(0); 761 } 762 (void)display_file(conffilename(_NAME_FTPWELCOME), 220); 763 /* reply(220,) must follow */ 764 if (EMPTYSTR(version)) 765 reply(220, "%s FTP server ready.", hostname); 766 else 767 reply(220, "%s FTP server (%s) ready.", hostname, version); 768 769 if (xferlogname != NULL) { 770 xferlogfd = open(xferlogname, O_WRONLY | O_APPEND | O_CREAT, 771 0660); 772 if (xferlogfd == -1) 773 syslog(LOG_WARNING, "open xferlog `%s': %m", 774 xferlogname); 775 else 776 doxferlog |= 2; 777 } 778 779 ftp_loop(); 780 /* NOTREACHED */ 781 } 782 783 static void 784 lostconn(int signo __unused) 785 { 786 787 if (ftpd_debug) 788 syslog(LOG_DEBUG, "lost connection"); 789 dologout(1); 790 } 791 792 static void 793 toolong(int signo __unused) 794 { 795 796 /* XXXSIGRACE */ 797 reply(421, 798 "Timeout (" LLF " seconds): closing control connection.", 799 (LLT)curclass.timeout); 800 if (logging) 801 syslog(LOG_INFO, "User %s timed out after " LLF " seconds", 802 (pw ? pw->pw_name : "unknown"), (LLT)curclass.timeout); 803 dologout(1); 804 } 805 806 static void 807 sigquit(int signo) 808 { 809 810 if (ftpd_debug) 811 syslog(LOG_DEBUG, "got signal %d", signo); 812 dologout(1); 813 } 814 815 static void 816 sigurg(int signo __unused) 817 { 818 819 urgflag = 1; 820 } 821 822 823 /* 824 * Save the result of a getpwnam. Used for USER command, since 825 * the data returned must not be clobbered by any other command 826 * (e.g., globbing). 827 */ 828 static struct passwd * 829 sgetpwnam(const char *name) 830 { 831 static struct passwd save; 832 struct passwd *p; 833 834 if ((p = getpwnam(name)) == NULL) 835 return (p); 836 if (save.pw_name) { 837 free((char *)save.pw_name); 838 memset(save.pw_passwd, 0, strlen(save.pw_passwd)); 839 free((char *)save.pw_passwd); 840 free((char *)save.pw_gecos); 841 free((char *)save.pw_dir); 842 free((char *)save.pw_shell); 843 } 844 save = *p; 845 save.pw_name = ftpd_strdup(p->pw_name); 846 save.pw_passwd = ftpd_strdup(p->pw_passwd); 847 save.pw_gecos = ftpd_strdup(p->pw_gecos); 848 save.pw_dir = ftpd_strdup(p->pw_dir); 849 save.pw_shell = ftpd_strdup(p->pw_shell); 850 return (&save); 851 } 852 853 static int login_attempts; /* number of failed login attempts */ 854 static int askpasswd; /* had USER command, ask for PASSwd */ 855 static int permitted; /* USER permitted */ 856 857 /* 858 * USER command. 859 * Sets global passwd pointer pw if named account exists and is acceptable; 860 * sets askpasswd if a PASS command is expected. If logged in previously, 861 * need to reset state. If name is "ftp" or "anonymous", the name is not in 862 * _NAME_FTPUSERS, and ftp account exists, set guest and pw, then just return. 863 * If account doesn't exist, ask for passwd anyway. Otherwise, check user 864 * requesting login privileges. Disallow anyone who does not have a standard 865 * shell as returned by getusershell(). Disallow anyone mentioned in the file 866 * _NAME_FTPUSERS to allow people such as root and uucp to be avoided. 867 */ 868 void 869 user(const char *name) 870 { 871 char *class; 872 #ifdef LOGIN_CAP 873 login_cap_t *lc = NULL; 874 #endif 875 #ifdef USE_PAM 876 int e; 877 #endif 878 879 class = NULL; 880 if (logged_in) { 881 switch (curclass.type) { 882 case CLASS_GUEST: 883 reply(530, "Can't change user from guest login."); 884 return; 885 case CLASS_CHROOT: 886 reply(530, "Can't change user from chroot user."); 887 return; 888 case CLASS_REAL: 889 if (dropprivs) { 890 reply(530, "Can't change user."); 891 return; 892 } 893 end_login(); 894 break; 895 default: 896 abort(); 897 } 898 } 899 900 #if defined(KERBEROS) 901 kdestroy(); 902 #endif 903 #if defined(KERBEROS5) 904 k5destroy(); 905 #endif 906 907 curclass.type = CLASS_REAL; 908 askpasswd = 0; 909 permitted = 0; 910 911 if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { 912 /* need `pw' setup for checkaccess() and checkuser () */ 913 if ((pw = sgetpwnam("ftp")) == NULL) 914 reply(530, "User %s unknown.", name); 915 else if (! checkaccess("ftp") || ! checkaccess("anonymous")) 916 reply(530, "User %s access denied.", name); 917 else { 918 curclass.type = CLASS_GUEST; 919 askpasswd = 1; 920 reply(331, 921 "Guest login ok, type your name as password."); 922 } 923 if (!askpasswd) { 924 if (logging) 925 syslog(LOG_NOTICE, 926 "ANONYMOUS FTP LOGIN REFUSED FROM %s", 927 remoteloghost); 928 end_login(); 929 goto cleanup_user; 930 } 931 name = "ftp"; 932 } else 933 pw = sgetpwnam(name); 934 935 strlcpy(curname, name, curname_len); 936 937 /* check user in /etc/ftpusers, and setup class */ 938 permitted = checkuser(_NAME_FTPUSERS, curname, 1, 0, &class); 939 940 /* check user in /etc/ftpchroot */ 941 #ifdef LOGIN_CAP 942 lc = login_getpwclass(pw); 943 #endif 944 if (checkuser(_NAME_FTPCHROOT, curname, 0, 0, NULL) 945 #ifdef LOGIN_CAP /* Allow login.conf configuration as well */ 946 || login_getcapbool(lc, "ftp-chroot", 0) 947 #endif 948 ) { 949 if (curclass.type == CLASS_GUEST) { 950 syslog(LOG_NOTICE, 951 "Can't change guest user to chroot class; remove entry in %s", 952 _NAME_FTPCHROOT); 953 exit(1); 954 } 955 curclass.type = CLASS_CHROOT; 956 } 957 958 /* determine default class */ 959 if (class == NULL) { 960 switch (curclass.type) { 961 case CLASS_GUEST: 962 class = ftpd_strdup("guest"); 963 break; 964 case CLASS_CHROOT: 965 class = ftpd_strdup("chroot"); 966 break; 967 case CLASS_REAL: 968 class = ftpd_strdup("real"); 969 break; 970 default: 971 syslog(LOG_ERR, "unknown curclass.type %d; aborting", 972 curclass.type); 973 abort(); 974 } 975 } 976 /* parse ftpd.conf, setting up various parameters */ 977 parse_conf(class); 978 /* if not guest user, check for valid shell */ 979 if (pw == NULL) 980 permitted = 0; 981 else { 982 const char *cp, *shell; 983 984 if ((shell = pw->pw_shell) == NULL || *shell == 0) 985 shell = _PATH_BSHELL; 986 while ((cp = getusershell()) != NULL) 987 if (strcmp(cp, shell) == 0) 988 break; 989 endusershell(); 990 if (cp == NULL && curclass.type != CLASS_GUEST) 991 permitted = 0; 992 } 993 994 /* deny quickly (after USER not PASS) if requested */ 995 if (CURCLASS_FLAGS_ISSET(denyquick) && !permitted) { 996 reply(530, "User %s may not use FTP.", curname); 997 if (logging) 998 syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s", 999 remoteloghost, curname); 1000 end_login(); 1001 goto cleanup_user; 1002 } 1003 1004 /* if haven't asked yet (i.e, not anon), ask now */ 1005 if (!askpasswd) { 1006 askpasswd = 1; 1007 #ifdef USE_PAM 1008 e = auth_pam(); /* this does reply(331, ...) */ 1009 do_pass(1, e, ""); 1010 goto cleanup_user; 1011 #else /* !USE_PAM */ 1012 #ifdef SKEY 1013 if (skey_haskey(curname) == 0) { 1014 const char *myskey; 1015 1016 myskey = skey_keyinfo(curname); 1017 reply(331, "Password [ %s ] required for %s.", 1018 myskey ? myskey : "error getting challenge", 1019 curname); 1020 } else 1021 #endif 1022 reply(331, "Password required for %s.", curname); 1023 #endif /* !USE_PAM */ 1024 } 1025 1026 cleanup_user: 1027 #ifdef LOGIN_CAP 1028 login_close(lc); 1029 #endif 1030 /* 1031 * Delay before reading passwd after first failed 1032 * attempt to slow down passwd-guessing programs. 1033 */ 1034 if (login_attempts) 1035 sleep((unsigned) login_attempts); 1036 1037 if (class) 1038 free(class); 1039 } 1040 1041 /* 1042 * Determine whether something is to happen (allow access, chroot) 1043 * for a user. Each line is a shell-style glob followed by 1044 * `yes' or `no'. 1045 * 1046 * For backward compatibility, `allow' and `deny' are synonymns 1047 * for `yes' and `no', respectively. 1048 * 1049 * Each glob is matched against the username in turn, and the first 1050 * match found is used. If no match is found, the result is the 1051 * argument `def'. If a match is found but without and explicit 1052 * `yes'/`no', the result is the opposite of def. 1053 * 1054 * If the file doesn't exist at all, the result is the argument 1055 * `nofile' 1056 * 1057 * Any line starting with `#' is considered a comment and ignored. 1058 * 1059 * Returns 0 if the user is denied, or 1 if they are allowed. 1060 * 1061 * NOTE: needs struct passwd *pw setup before use. 1062 */ 1063 static int 1064 checkuser(const char *fname, const char *name, int def, int nofile, 1065 char **retclass) 1066 { 1067 FILE *fd; 1068 int retval; 1069 char *word, *perm, *class, *buf, *p; 1070 size_t len, line; 1071 1072 retval = def; 1073 if (retclass != NULL) 1074 *retclass = NULL; 1075 if ((fd = fopen(conffilename(fname), "r")) == NULL) 1076 return nofile; 1077 1078 line = 0; 1079 for (; 1080 (buf = fparseln(fd, &len, &line, NULL, FPARSELN_UNESCCOMM | 1081 FPARSELN_UNESCCONT | FPARSELN_UNESCESC)) != NULL; 1082 free(buf), buf = NULL) { 1083 word = perm = class = NULL; 1084 p = buf; 1085 if (len < 1) 1086 continue; 1087 if (p[len - 1] == '\n') 1088 p[--len] = '\0'; 1089 if (EMPTYSTR(p)) 1090 continue; 1091 1092 NEXTWORD(p, word); 1093 NEXTWORD(p, perm); 1094 NEXTWORD(p, class); 1095 if (EMPTYSTR(word)) 1096 continue; 1097 if (!EMPTYSTR(class)) { 1098 if (strcasecmp(class, "all") == 0 || 1099 strcasecmp(class, "none") == 0) { 1100 syslog(LOG_WARNING, 1101 "%s line %d: illegal user-defined class `%s' - skipping entry", 1102 fname, (int)line, class); 1103 continue; 1104 } 1105 } 1106 1107 /* have a host specifier */ 1108 if ((p = strchr(word, '@')) != NULL) { 1109 unsigned char net[16], mask[16], *addr; 1110 int addrlen, bits, bytes, a; 1111 1112 *p++ = '\0'; 1113 /* check against network or CIDR */ 1114 memset(net, 0x00, sizeof(net)); 1115 if ((bits = inet_net_pton(his_addr.su_family, p, net, 1116 sizeof(net))) != -1) { 1117 #ifdef INET6 1118 if (his_addr.su_family == AF_INET) { 1119 #endif 1120 addrlen = 4; 1121 addr = (unsigned char *)&his_addr.su_addr; 1122 #ifdef INET6 1123 } else { 1124 addrlen = 16; 1125 addr = (unsigned char *)&his_addr.su_6addr; 1126 } 1127 #endif 1128 bytes = bits / 8; 1129 bits = bits % 8; 1130 if (bytes > 0) 1131 memset(mask, 0xFF, bytes); 1132 if (bytes < addrlen) 1133 mask[bytes] = 0xFF << (8 - bits); 1134 if (bytes + 1 < addrlen) 1135 memset(mask + bytes + 1, 0x00, 1136 addrlen - bytes - 1); 1137 for (a = 0; a < addrlen; a++) 1138 if ((addr[a] & mask[a]) != net[a]) 1139 break; 1140 if (a < addrlen) 1141 continue; 1142 1143 /* check against hostname glob */ 1144 } else if (fnmatch(p, remotehost, FNM_CASEFOLD) != 0) 1145 continue; 1146 } 1147 1148 /* have a group specifier */ 1149 if ((p = strchr(word, ':')) != NULL) { 1150 gid_t *groups, *ng; 1151 int gsize, i, found; 1152 1153 if (pw == NULL) 1154 continue; /* no match for unknown user */ 1155 *p++ = '\0'; 1156 groups = NULL; 1157 gsize = 16; 1158 do { 1159 ng = realloc(groups, gsize * sizeof(gid_t)); 1160 if (ng == NULL) 1161 fatal( 1162 "Local resource failure: realloc"); 1163 groups = ng; 1164 } while (getgrouplist(pw->pw_name, pw->pw_gid, 1165 groups, &gsize) == -1); 1166 found = 0; 1167 for (i = 0; i < gsize; i++) { 1168 struct group *g; 1169 1170 if ((g = getgrgid(groups[i])) == NULL) 1171 continue; 1172 if (fnmatch(p, g->gr_name, 0) == 0) { 1173 found = 1; 1174 break; 1175 } 1176 } 1177 free(groups); 1178 if (!found) 1179 continue; 1180 } 1181 1182 /* check against username glob */ 1183 if (fnmatch(word, name, 0) != 0) 1184 continue; 1185 1186 if (perm != NULL && 1187 ((strcasecmp(perm, "allow") == 0) || 1188 (strcasecmp(perm, "yes") == 0))) 1189 retval = 1; 1190 else if (perm != NULL && 1191 ((strcasecmp(perm, "deny") == 0) || 1192 (strcasecmp(perm, "no") == 0))) 1193 retval = 0; 1194 else 1195 retval = !def; 1196 if (!EMPTYSTR(class) && retclass != NULL) 1197 *retclass = ftpd_strdup(class); 1198 free(buf); 1199 break; 1200 } 1201 (void) fclose(fd); 1202 return (retval); 1203 } 1204 1205 /* 1206 * Check if user is allowed by /etc/ftpusers 1207 * returns 1 for yes, 0 for no 1208 * 1209 * NOTE: needs struct passwd *pw setup (for checkuser()) 1210 */ 1211 static int 1212 checkaccess(const char *name) 1213 { 1214 1215 return (checkuser(_NAME_FTPUSERS, name, 1, 0, NULL)); 1216 } 1217 1218 static void 1219 login_utmp(const char *line, const char *name, const char *host, 1220 struct sockinet *haddr) 1221 { 1222 #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP) 1223 struct timeval tv; 1224 (void)gettimeofday(&tv, NULL); 1225 #endif 1226 #ifdef SUPPORT_UTMPX 1227 if (doutmp) { 1228 (void)memset(&utmpx, 0, sizeof(utmpx)); 1229 utmpx.ut_tv = tv; 1230 utmpx.ut_pid = getpid(); 1231 utmpx.ut_id[0] = 'f'; 1232 utmpx.ut_id[1] = 't'; 1233 utmpx.ut_id[2] = 'p'; 1234 utmpx.ut_id[3] = '*'; 1235 utmpx.ut_type = USER_PROCESS; 1236 (void)strncpy(utmpx.ut_name, name, sizeof(utmpx.ut_name)); 1237 (void)strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line)); 1238 (void)strncpy(utmpx.ut_host, host, sizeof(utmpx.ut_host)); 1239 (void)memcpy(&utmpx.ut_ss, &haddr->si_su, haddr->su_len); 1240 ftpd_loginx(&utmpx); 1241 } 1242 if (dowtmp) 1243 ftpd_logwtmpx(line, name, host, haddr, 0, USER_PROCESS); 1244 #endif 1245 #ifdef SUPPORT_UTMP 1246 if (doutmp) { 1247 (void)memset(&utmp, 0, sizeof(utmp)); 1248 (void)time(&utmp.ut_time); 1249 (void)strncpy(utmp.ut_name, name, sizeof(utmp.ut_name)); 1250 (void)strncpy(utmp.ut_line, line, sizeof(utmp.ut_line)); 1251 (void)strncpy(utmp.ut_host, host, sizeof(utmp.ut_host)); 1252 ftpd_login(&utmp); 1253 } 1254 if (dowtmp) 1255 ftpd_logwtmp(line, name, host); 1256 #endif 1257 } 1258 1259 static void 1260 logout_utmp(void) 1261 { 1262 #ifdef SUPPORT_UTMPX 1263 int okwtmpx = dowtmp; 1264 #endif 1265 #ifdef SUPPORT_UTMP 1266 int okwtmp = dowtmp; 1267 #endif 1268 if (logged_in) { 1269 #ifdef SUPPORT_UTMPX 1270 if (doutmp) 1271 okwtmpx &= ftpd_logoutx(ttyline, 0, DEAD_PROCESS); 1272 if (okwtmpx) 1273 ftpd_logwtmpx(ttyline, "", "", NULL, 0, DEAD_PROCESS); 1274 #endif 1275 #ifdef SUPPORT_UTMP 1276 if (doutmp) 1277 okwtmp &= ftpd_logout(ttyline); 1278 if (okwtmp) 1279 ftpd_logwtmp(ttyline, "", ""); 1280 #endif 1281 } 1282 } 1283 1284 /* 1285 * Terminate login as previous user (if any), resetting state; 1286 * used when USER command is given or login fails. 1287 */ 1288 static void 1289 end_login(void) 1290 { 1291 #ifdef USE_PAM 1292 int e; 1293 #endif 1294 logout_utmp(); 1295 show_chdir_messages(-1); /* flush chdir cache */ 1296 if (pw != NULL && pw->pw_passwd != NULL) 1297 memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); 1298 pw = NULL; 1299 logged_in = 0; 1300 askpasswd = 0; 1301 permitted = 0; 1302 quietmessages = 0; 1303 gidcount = 0; 1304 curclass.type = CLASS_REAL; 1305 (void) seteuid((uid_t)0); 1306 #ifdef LOGIN_CAP 1307 setusercontext(NULL, getpwuid(0), 0, 1308 LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK); 1309 #endif 1310 #ifdef USE_PAM 1311 if (pamh) { 1312 if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS) 1313 syslog(LOG_ERR, "pam_setcred: %s", 1314 pam_strerror(pamh, e)); 1315 if ((e = pam_close_session(pamh,0)) != PAM_SUCCESS) 1316 syslog(LOG_ERR, "pam_close_session: %s", 1317 pam_strerror(pamh, e)); 1318 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) 1319 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); 1320 pamh = NULL; 1321 } 1322 #endif 1323 } 1324 1325 void 1326 pass(const char *passwd) 1327 { 1328 do_pass(0, 0, passwd); 1329 } 1330 1331 /* 1332 * Perform the passwd confirmation and login. 1333 * 1334 * If pass_checked is zero, confirm passwd is correct, & ignore pass_rval. 1335 * This is the traditional PASS implementation. 1336 * 1337 * If pass_checked is non-zero, use pass_rval and ignore passwd. 1338 * This is used by auth_pam() which has already parsed PASS. 1339 * This only applies to curclass.type != CLASS_GUEST. 1340 */ 1341 static void 1342 do_pass(int pass_checked, int pass_rval, const char *passwd) 1343 { 1344 int rval; 1345 char root[MAXPATHLEN]; 1346 #ifdef LOGIN_CAP 1347 login_cap_t *lc = NULL; 1348 #endif 1349 #ifdef USE_PAM 1350 int e; 1351 #endif 1352 1353 rval = 1; 1354 1355 if (logged_in || askpasswd == 0) { 1356 reply(503, "Login with USER first."); 1357 return; 1358 } 1359 askpasswd = 0; 1360 if (curclass.type != CLASS_GUEST) { 1361 /* "ftp" is the only account allowed with no password */ 1362 if (pw == NULL) { 1363 rval = 1; /* failure below */ 1364 goto skip; 1365 } 1366 if (pass_checked) { /* password validated in user() */ 1367 rval = pass_rval; 1368 goto skip; 1369 } 1370 #ifdef USE_PAM 1371 syslog(LOG_ERR, "do_pass: USE_PAM shouldn't get here"); 1372 rval = 1; 1373 goto skip; 1374 #endif 1375 #if defined(KERBEROS) 1376 if (klogin(pw, "", hostname, (char *)passwd) == 0) { 1377 rval = 0; 1378 goto skip; 1379 } 1380 #endif 1381 #if defined(KERBEROS5) 1382 if (k5login(pw, "", hostname, (char *)passwd) == 0) { 1383 rval = 0; 1384 goto skip; 1385 } 1386 #endif 1387 #ifdef SKEY 1388 if (skey_haskey(pw->pw_name) == 0) { 1389 char *p; 1390 int r; 1391 1392 p = ftpd_strdup(passwd); 1393 r = skey_passcheck(pw->pw_name, p); 1394 free(p); 1395 if (r != -1) { 1396 rval = 0; 1397 goto skip; 1398 } 1399 } 1400 #endif 1401 if (!sflag) 1402 rval = checkpassword(pw, passwd); 1403 else 1404 rval = 1; 1405 1406 skip: 1407 1408 /* 1409 * If rval > 0, the user failed the authentication check 1410 * above. If rval == 0, either Kerberos or local 1411 * authentication succeeded. 1412 */ 1413 if (rval) { 1414 reply(530, "%s", rval == 2 ? "Password expired." : 1415 "Login incorrect."); 1416 pfilter_notify(1, rval == 2 ? "exppass" : "badpass"); 1417 if (logging) { 1418 syslog(LOG_NOTICE, 1419 "FTP LOGIN FAILED FROM %s", remoteloghost); 1420 syslog(LOG_AUTHPRIV | LOG_NOTICE, 1421 "FTP LOGIN FAILED FROM %s, %s", 1422 remoteloghost, curname); 1423 } 1424 pw = NULL; 1425 if (login_attempts++ >= 5) { 1426 syslog(LOG_NOTICE, 1427 "repeated login failures from %s", 1428 remoteloghost); 1429 exit(0); 1430 } 1431 return; 1432 } 1433 } 1434 1435 /* password ok; check if anything else prevents login */ 1436 if (! permitted) { 1437 reply(530, "User %s may not use FTP.", pw->pw_name); 1438 if (logging) 1439 syslog(LOG_NOTICE, "FTP LOGIN REFUSED FROM %s, %s", 1440 remoteloghost, pw->pw_name); 1441 goto bad; 1442 } 1443 1444 login_attempts = 0; /* this time successful */ 1445 if (setegid((gid_t)pw->pw_gid) < 0) { 1446 reply(550, "Can't set gid."); 1447 goto bad; 1448 } 1449 #ifdef LOGIN_CAP 1450 if ((lc = login_getpwclass(pw)) != NULL) { 1451 #ifdef notyet 1452 char remote_ip[NI_MAXHOST]; 1453 1454 if (getnameinfo((struct sockaddr *)&his_addr, his_addr.su_len, 1455 remote_ip, sizeof(remote_ip) - 1, NULL, 0, 1456 NI_NUMERICHOST)) 1457 *remote_ip = 0; 1458 remote_ip[sizeof(remote_ip) - 1] = 0; 1459 if (!auth_hostok(lc, remotehost, remote_ip)) { 1460 pfilter_notify(1, "bannedhost"); 1461 syslog(LOG_INFO|LOG_AUTH, 1462 "FTP LOGIN FAILED (HOST) as %s: permission denied.", 1463 pw->pw_name); 1464 reply(530, "Permission denied."); 1465 pw = NULL; 1466 return; 1467 } 1468 if (!auth_timeok(lc, time(NULL))) { 1469 reply(530, "Login not available right now."); 1470 pw = NULL; 1471 return; 1472 } 1473 #endif 1474 } 1475 setsid(); 1476 setusercontext(lc, pw, 0, 1477 LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY| 1478 LOGIN_SETRESOURCES|LOGIN_SETUMASK); 1479 #else 1480 (void) initgroups(pw->pw_name, pw->pw_gid); 1481 /* cache groups for cmds.c::matchgroup() */ 1482 #endif 1483 #ifdef USE_PAM 1484 if (pamh) { 1485 if ((e = pam_open_session(pamh, 0)) != PAM_SUCCESS) { 1486 syslog(LOG_ERR, "pam_open_session: %s", 1487 pam_strerror(pamh, e)); 1488 } else if ((e = pam_setcred(pamh, PAM_ESTABLISH_CRED)) 1489 != PAM_SUCCESS) { 1490 syslog(LOG_ERR, "pam_setcred: %s", 1491 pam_strerror(pamh, e)); 1492 } 1493 } 1494 #endif 1495 gidcount = getgroups(0, NULL); 1496 if (gidlist) 1497 free(gidlist); 1498 gidlist = malloc(gidcount * sizeof *gidlist); 1499 gidcount = getgroups(gidcount, gidlist); 1500 1501 /* open utmp/wtmp before chroot */ 1502 login_utmp(ttyline, pw->pw_name, remotehost, &his_addr); 1503 1504 logged_in = 1; 1505 1506 connections = 1; 1507 if (dopidfile) 1508 count_users(); 1509 if (curclass.limit != -1 && connections > curclass.limit) { 1510 if (! EMPTYSTR(curclass.limitfile)) 1511 (void)display_file(conffilename(curclass.limitfile), 1512 530); 1513 reply(530, 1514 "User %s access denied, connection limit of " LLF 1515 " reached.", 1516 pw->pw_name, (LLT)curclass.limit); 1517 syslog(LOG_NOTICE, 1518 "Maximum connection limit of " LLF 1519 " for class %s reached, login refused for %s", 1520 (LLT)curclass.limit, curclass.classname, pw->pw_name); 1521 goto bad; 1522 } 1523 1524 homedir[0] = '/'; 1525 switch (curclass.type) { 1526 case CLASS_GUEST: 1527 /* 1528 * We MUST do a chdir() after the chroot. Otherwise 1529 * the old current directory will be accessible as "." 1530 * outside the new root! 1531 */ 1532 format_path(root, 1533 curclass.chroot ? curclass.chroot : 1534 anondir ? anondir : 1535 pw->pw_dir); 1536 format_path(homedir, 1537 curclass.homedir ? curclass.homedir : 1538 "/"); 1539 if (EMPTYSTR(homedir)) 1540 homedir[0] = '/'; 1541 if (EMPTYSTR(root) || chroot(root) < 0) { 1542 syslog(LOG_NOTICE, 1543 "GUEST user %s: can't chroot to %s: %m", 1544 pw->pw_name, root); 1545 goto bad_guest; 1546 } 1547 if (chdir(homedir) < 0) { 1548 syslog(LOG_NOTICE, 1549 "GUEST user %s: can't chdir to %s: %m", 1550 pw->pw_name, homedir); 1551 bad_guest: 1552 reply(550, "Can't set guest privileges."); 1553 goto bad; 1554 } 1555 break; 1556 case CLASS_CHROOT: 1557 format_path(root, 1558 curclass.chroot ? curclass.chroot : 1559 pw->pw_dir); 1560 format_path(homedir, 1561 curclass.homedir ? curclass.homedir : 1562 "/"); 1563 if (EMPTYSTR(homedir)) 1564 homedir[0] = '/'; 1565 if (EMPTYSTR(root) || chroot(root) < 0) { 1566 syslog(LOG_NOTICE, 1567 "CHROOT user %s: can't chroot to %s: %m", 1568 pw->pw_name, root); 1569 goto bad_chroot; 1570 } 1571 if (chdir(homedir) < 0) { 1572 syslog(LOG_NOTICE, 1573 "CHROOT user %s: can't chdir to %s: %m", 1574 pw->pw_name, homedir); 1575 bad_chroot: 1576 reply(550, "Can't change root."); 1577 goto bad; 1578 } 1579 break; 1580 case CLASS_REAL: 1581 /* only chroot REAL if explicitly requested */ 1582 if (! EMPTYSTR(curclass.chroot)) { 1583 format_path(root, curclass.chroot); 1584 if (EMPTYSTR(root) || chroot(root) < 0) { 1585 syslog(LOG_NOTICE, 1586 "REAL user %s: can't chroot to %s: %m", 1587 pw->pw_name, root); 1588 goto bad_chroot; 1589 } 1590 } 1591 format_path(homedir, 1592 curclass.homedir ? curclass.homedir : 1593 pw->pw_dir); 1594 if (EMPTYSTR(homedir) || chdir(homedir) < 0) { 1595 if (chdir("/") < 0) { 1596 syslog(LOG_NOTICE, 1597 "REAL user %s: can't chdir to %s: %m", 1598 pw->pw_name, 1599 !EMPTYSTR(homedir) ? homedir : "/"); 1600 reply(530, 1601 "User %s: can't change directory to %s.", 1602 pw->pw_name, 1603 !EMPTYSTR(homedir) ? homedir : "/"); 1604 goto bad; 1605 } else { 1606 reply(-230, 1607 "No directory! Logging in with home=/"); 1608 homedir[0] = '/'; 1609 } 1610 } 1611 break; 1612 } 1613 #ifndef LOGIN_CAP 1614 setsid(); 1615 #if !defined(__minix) 1616 setlogin(pw->pw_name); 1617 #endif /* !defined(__minix) */ 1618 #endif 1619 if (dropprivs || 1620 (curclass.type != CLASS_REAL && 1621 ntohs(ctrl_addr.su_port) > IPPORT_RESERVED + 1)) { 1622 dropprivs++; 1623 if (setgid((gid_t)pw->pw_gid) < 0) { 1624 reply(550, "Can't set gid."); 1625 goto bad; 1626 } 1627 if (setuid((uid_t)pw->pw_uid) < 0) { 1628 reply(550, "Can't set uid."); 1629 goto bad; 1630 } 1631 } else { 1632 if (seteuid((uid_t)pw->pw_uid) < 0) { 1633 reply(550, "Can't set uid."); 1634 goto bad; 1635 } 1636 } 1637 setenv("HOME", homedir, 1); 1638 1639 if (curclass.type == CLASS_GUEST && passwd[0] == '-') 1640 quietmessages = 1; 1641 1642 /* 1643 * Display a login message, if it exists. 1644 * N.B. reply(230,) must follow the message. 1645 */ 1646 if (! EMPTYSTR(curclass.motd)) 1647 (void)display_file(conffilename(curclass.motd), 230); 1648 show_chdir_messages(230); 1649 if (curclass.type == CLASS_GUEST) { 1650 char *p; 1651 1652 reply(230, "Guest login ok, access restrictions apply."); 1653 #if defined(HAVE_SETPROCTITLE) 1654 snprintf(proctitle, sizeof(proctitle), 1655 "%s: anonymous/%s", remotehost, passwd); 1656 setproctitle("%s", proctitle); 1657 #endif /* defined(HAVE_SETPROCTITLE) */ 1658 if (logging) 1659 syslog(LOG_INFO, 1660 "ANONYMOUS FTP LOGIN FROM %s, %s (class: %s, type: %s)", 1661 remoteloghost, passwd, 1662 curclass.classname, CURCLASSTYPE); 1663 /* store guest password reply into pw_passwd */ 1664 REASSIGN(pw->pw_passwd, ftpd_strdup(passwd)); 1665 for (p = pw->pw_passwd; *p; p++) 1666 if (!isgraph((unsigned char)*p)) 1667 *p = '_'; 1668 } else { 1669 reply(230, "User %s logged in.", pw->pw_name); 1670 #if defined(HAVE_SETPROCTITLE) 1671 snprintf(proctitle, sizeof(proctitle), 1672 "%s: %s", remotehost, pw->pw_name); 1673 setproctitle("%s", proctitle); 1674 #endif /* defined(HAVE_SETPROCTITLE) */ 1675 if (logging) 1676 syslog(LOG_INFO, 1677 "FTP LOGIN FROM %s as %s (class: %s, type: %s)", 1678 remoteloghost, pw->pw_name, 1679 curclass.classname, CURCLASSTYPE); 1680 } 1681 (void) umask(curclass.umask); 1682 #ifdef LOGIN_CAP 1683 login_close(lc); 1684 #endif 1685 return; 1686 1687 bad: 1688 #ifdef LOGIN_CAP 1689 login_close(lc); 1690 #endif 1691 /* Forget all about it... */ 1692 end_login(); 1693 } 1694 1695 void 1696 retrieve(const char *argv[], const char *name) 1697 { 1698 FILE *fin, *dout; 1699 struct stat st; 1700 int (*closefunc)(FILE *) = NULL; 1701 int dolog, sendrv, closerv, stderrfd, isconversion, isdata, isls; 1702 struct timeval start, finish, td, *tdp; 1703 struct rusage rusage_before, rusage_after; 1704 const char *dispname; 1705 const char *error; 1706 1707 sendrv = closerv = stderrfd = -1; 1708 isconversion = isdata = isls = dolog = 0; 1709 tdp = NULL; 1710 dispname = name; 1711 fin = dout = NULL; 1712 error = NULL; 1713 if (argv == NULL) { /* if not running a command ... */ 1714 dolog = 1; 1715 isdata = 1; 1716 fin = fopen(name, "r"); 1717 closefunc = fclose; 1718 if (fin == NULL) /* doesn't exist?; try a conversion */ 1719 argv = do_conversion(name); 1720 if (argv != NULL) { 1721 isconversion++; 1722 syslog(LOG_DEBUG, "get command: '%s' on '%s'", 1723 argv[0], name); 1724 } 1725 } 1726 if (argv != NULL) { 1727 char temp[MAXPATHLEN]; 1728 1729 if (strcmp(argv[0], INTERNAL_LS) == 0) { 1730 isls = 1; 1731 stderrfd = -1; 1732 } else { 1733 (void)snprintf(temp, sizeof(temp), "%s", TMPFILE); 1734 stderrfd = mkstemp(temp); 1735 if (stderrfd != -1) 1736 (void)unlink(temp); 1737 } 1738 dispname = argv[0]; 1739 fin = ftpd_popen(argv, "r", stderrfd); 1740 closefunc = ftpd_pclose; 1741 st.st_size = -1; 1742 st.st_blksize = BUFSIZ; 1743 } 1744 if (fin == NULL) { 1745 if (errno != 0) { 1746 perror_reply(550, dispname); 1747 if (dolog) 1748 logxfer("get", -1, name, NULL, NULL, 1749 strerror(errno)); 1750 } 1751 goto cleanupretrieve; 1752 } 1753 byte_count = -1; 1754 if (argv == NULL 1755 && (fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode))) { 1756 error = "Not a plain file"; 1757 reply(550, "%s: %s.", dispname, error); 1758 goto done; 1759 } 1760 if (restart_point) { 1761 if (type == TYPE_A) { 1762 off_t i; 1763 int c; 1764 1765 for (i = 0; i < restart_point; i++) { 1766 if ((c=getc(fin)) == EOF) { 1767 error = strerror(errno); 1768 perror_reply(550, dispname); 1769 goto done; 1770 } 1771 if (c == '\n') 1772 i++; 1773 } 1774 } else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) { 1775 error = strerror(errno); 1776 perror_reply(550, dispname); 1777 goto done; 1778 } 1779 } 1780 dout = dataconn(dispname, st.st_size, "w"); 1781 if (dout == NULL) 1782 goto done; 1783 1784 (void)getrusage(RUSAGE_SELF, &rusage_before); 1785 (void)gettimeofday(&start, NULL); 1786 sendrv = send_data(fin, dout, &st, isdata); 1787 (void)gettimeofday(&finish, NULL); 1788 (void)getrusage(RUSAGE_SELF, &rusage_after); 1789 closedataconn(dout); /* close now to affect timing stats */ 1790 timersub(&finish, &start, &td); 1791 tdp = &td; 1792 done: 1793 if (dolog) { 1794 logxfer("get", byte_count, name, NULL, tdp, error); 1795 if (tdp != NULL) 1796 logrusage(&rusage_before, &rusage_after); 1797 } 1798 closerv = (*closefunc)(fin); 1799 if (sendrv == 0) { 1800 FILE *errf; 1801 struct stat sb; 1802 1803 if (!isls && argv != NULL && closerv != 0) { 1804 reply(-226, 1805 "Command returned an exit status of %d", 1806 closerv); 1807 if (isconversion) 1808 syslog(LOG_WARNING, 1809 "retrieve command: '%s' returned %d", 1810 argv[0], closerv); 1811 } 1812 if (!isls && argv != NULL && stderrfd != -1 && 1813 (fstat(stderrfd, &sb) == 0) && sb.st_size > 0 && 1814 ((errf = fdopen(stderrfd, "r")) != NULL)) { 1815 char *cp, line[LINE_MAX]; 1816 1817 reply(-226, "Command error messages:"); 1818 rewind(errf); 1819 while (fgets(line, sizeof(line), errf) != NULL) { 1820 if ((cp = strchr(line, '\n')) != NULL) 1821 *cp = '\0'; 1822 reply(0, " %s", line); 1823 } 1824 (void) fflush(stdout); 1825 (void) fclose(errf); 1826 /* a reply(226,) must follow */ 1827 } 1828 reply(226, "Transfer complete."); 1829 } 1830 cleanupretrieve: 1831 if (stderrfd != -1) 1832 (void)close(stderrfd); 1833 if (isconversion) 1834 free(argv); 1835 } 1836 1837 void 1838 store(const char *name, const char *fmode, int unique) 1839 { 1840 FILE *fout, *din; 1841 struct stat st; 1842 int (*closefunc)(FILE *); 1843 struct timeval start, finish, td, *tdp; 1844 const char *desc, *error; 1845 1846 din = NULL; 1847 desc = (*fmode == 'w') ? "put" : "append"; 1848 error = NULL; 1849 if (unique && stat(name, &st) == 0 && 1850 (name = gunique(name)) == NULL) { 1851 logxfer(desc, -1, name, NULL, NULL, 1852 "cannot create unique file"); 1853 goto cleanupstore; 1854 } 1855 1856 if (restart_point) 1857 fmode = "r+"; 1858 fout = fopen(name, fmode); 1859 closefunc = fclose; 1860 tdp = NULL; 1861 if (fout == NULL) { 1862 perror_reply(553, name); 1863 logxfer(desc, -1, name, NULL, NULL, strerror(errno)); 1864 goto cleanupstore; 1865 } 1866 byte_count = -1; 1867 if (restart_point) { 1868 if (type == TYPE_A) { 1869 off_t i; 1870 int c; 1871 1872 for (i = 0; i < restart_point; i++) { 1873 if ((c=getc(fout)) == EOF) { 1874 error = strerror(errno); 1875 perror_reply(550, name); 1876 goto done; 1877 } 1878 if (c == '\n') 1879 i++; 1880 } 1881 /* 1882 * We must do this seek to "current" position 1883 * because we are changing from reading to 1884 * writing. 1885 */ 1886 if (fseek(fout, 0L, SEEK_CUR) < 0) { 1887 error = strerror(errno); 1888 perror_reply(550, name); 1889 goto done; 1890 } 1891 } else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) { 1892 error = strerror(errno); 1893 perror_reply(550, name); 1894 goto done; 1895 } 1896 } 1897 din = dataconn(name, (off_t)-1, "r"); 1898 if (din == NULL) 1899 goto done; 1900 (void)gettimeofday(&start, NULL); 1901 if (receive_data(din, fout) == 0) { 1902 if (unique) 1903 reply(226, "Transfer complete (unique file name:%s).", 1904 name); 1905 else 1906 reply(226, "Transfer complete."); 1907 } 1908 (void)gettimeofday(&finish, NULL); 1909 closedataconn(din); /* close now to affect timing stats */ 1910 timersub(&finish, &start, &td); 1911 tdp = &td; 1912 done: 1913 logxfer(desc, byte_count, name, NULL, tdp, error); 1914 (*closefunc)(fout); 1915 cleanupstore: 1916 ; 1917 } 1918 1919 static FILE * 1920 getdatasock(const char *fmode) 1921 { 1922 int on, s, t, tries; 1923 in_port_t port; 1924 1925 on = 1; 1926 if (data >= 0) 1927 return (fdopen(data, fmode)); 1928 if (! dropprivs) 1929 (void) seteuid((uid_t)0); 1930 s = socket(ctrl_addr.su_family, SOCK_STREAM, 0); 1931 if (s < 0) 1932 goto bad; 1933 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, 1934 (char *) &on, sizeof(on)) < 0) 1935 goto bad; 1936 if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, 1937 (char *) &on, sizeof(on)) < 0) 1938 goto bad; 1939 /* anchor socket to avoid multi-homing problems */ 1940 data_source = ctrl_addr; 1941 /* 1942 * By default source port for PORT connctions is 1943 * ctrlport-1 (see RFC959 section 5.2). 1944 * However, if privs have been dropped and that 1945 * would be < IPPORT_RESERVED, use a random port 1946 * instead. 1947 */ 1948 if (dataport) 1949 port = dataport; 1950 else 1951 port = ntohs(ctrl_addr.su_port) - 1; 1952 if (dropprivs && port < IPPORT_RESERVED) 1953 port = 0; /* use random port */ 1954 data_source.su_port = htons(port); 1955 1956 for (tries = 1; ; tries++) { 1957 if (bind(s, (struct sockaddr *)&data_source.si_su, 1958 data_source.su_len) >= 0) 1959 break; 1960 if (errno != EADDRINUSE || tries > 10) 1961 goto bad; 1962 sleep(tries); 1963 } 1964 if (! dropprivs) 1965 (void) seteuid((uid_t)pw->pw_uid); 1966 #ifdef IP_TOS 1967 if (!mapped && ctrl_addr.su_family == AF_INET) { 1968 on = IPTOS_THROUGHPUT; 1969 if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&on, 1970 sizeof(int)) < 0) 1971 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); 1972 } 1973 #endif 1974 return (fdopen(s, fmode)); 1975 bad: 1976 /* Return the real value of errno (close may change it) */ 1977 t = errno; 1978 if (! dropprivs) 1979 (void) seteuid((uid_t)pw->pw_uid); 1980 (void) close(s); 1981 errno = t; 1982 return (NULL); 1983 } 1984 1985 FILE * 1986 dataconn(const char *name, off_t size, const char *fmode) 1987 { 1988 char sizebuf[32]; 1989 FILE *file; 1990 int retry, tos, keepalive, conerrno; 1991 1992 file_size = size; 1993 byte_count = 0; 1994 if (size != (off_t) -1) 1995 (void)snprintf(sizebuf, sizeof(sizebuf), " (" LLF " byte%s)", 1996 (LLT)size, PLURAL(size)); 1997 else 1998 sizebuf[0] = '\0'; 1999 if (pdata >= 0) { 2000 struct sockinet from; 2001 int s; 2002 socklen_t fromlen = sizeof(from.su_len); 2003 2004 (void) alarm(curclass.timeout); 2005 s = accept(pdata, (struct sockaddr *)&from.si_su, &fromlen); 2006 (void) alarm(0); 2007 if (s < 0) { 2008 reply(425, "Can't open data connection."); 2009 (void) close(pdata); 2010 pdata = -1; 2011 return (NULL); 2012 } 2013 (void) close(pdata); 2014 pdata = s; 2015 #if !defined(__minix) 2016 switch (from.su_family) { 2017 case AF_INET: 2018 #ifdef IP_TOS 2019 if (!mapped) { 2020 tos = IPTOS_THROUGHPUT; 2021 (void) setsockopt(s, IPPROTO_IP, IP_TOS, 2022 (char *)&tos, sizeof(int)); 2023 } 2024 break; 2025 #endif 2026 } 2027 #endif /* !defined(__minix) */ 2028 /* Set keepalives on the socket to detect dropped conns. */ 2029 #ifdef SO_KEEPALIVE 2030 keepalive = 1; 2031 (void) setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, 2032 (char *)&keepalive, sizeof(int)); 2033 #endif 2034 reply(150, "Opening %s mode data connection for '%s'%s.", 2035 type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); 2036 return (fdopen(pdata, fmode)); 2037 } 2038 if (data >= 0) { 2039 reply(125, "Using existing data connection for '%s'%s.", 2040 name, sizebuf); 2041 usedefault = 1; 2042 return (fdopen(data, fmode)); 2043 } 2044 if (usedefault) 2045 data_dest = his_addr; 2046 usedefault = 1; 2047 retry = conerrno = 0; 2048 do { 2049 file = getdatasock(fmode); 2050 if (file == NULL) { 2051 char hbuf[NI_MAXHOST]; 2052 char pbuf[NI_MAXSERV]; 2053 2054 if (getnameinfo((struct sockaddr *)&data_source.si_su, 2055 data_source.su_len, hbuf, sizeof(hbuf), pbuf, 2056 sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) 2057 strlcpy(hbuf, "?", sizeof(hbuf)); 2058 reply(425, "Can't create data socket (%s,%s): %s.", 2059 hbuf, pbuf, strerror(errno)); 2060 return (NULL); 2061 } 2062 data = fileno(file); 2063 conerrno = 0; 2064 if (connect(data, (struct sockaddr *)&data_dest.si_su, 2065 data_dest.su_len) == 0) 2066 break; 2067 conerrno = errno; 2068 (void) fclose(file); 2069 file = NULL; 2070 data = -1; 2071 if (conerrno == EADDRINUSE) { 2072 sleep((unsigned) swaitint); 2073 retry += swaitint; 2074 } else { 2075 break; 2076 } 2077 } while (retry <= swaitmax); 2078 if (conerrno != 0) { 2079 perror_reply(425, "Can't build data connection"); 2080 return (NULL); 2081 } 2082 reply(150, "Opening %s mode data connection for '%s'%s.", 2083 type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); 2084 return (file); 2085 } 2086 2087 void 2088 closedataconn(FILE *fd) 2089 { 2090 2091 if (fd == NULL) 2092 return; 2093 (void)fclose(fd); 2094 data = -1; 2095 if (pdata >= 0) 2096 (void)close(pdata); 2097 pdata = -1; 2098 } 2099 2100 int 2101 write_data(int fd, char *buf, size_t size, off_t *bufrem, 2102 struct timeval *then, int isdata) 2103 { 2104 struct timeval now, td; 2105 ssize_t c; 2106 2107 while (size > 0) { 2108 c = size; 2109 if (curclass.writesize) { 2110 if (curclass.writesize < c) 2111 c = curclass.writesize; 2112 } 2113 if (curclass.rateget) { 2114 if (*bufrem < c) 2115 c = *bufrem; 2116 } 2117 (void) alarm(curclass.timeout); 2118 c = write(fd, buf, c); 2119 if (c <= 0) 2120 return (1); 2121 buf += c; 2122 size -= c; 2123 byte_count += c; 2124 if (isdata) { 2125 total_data_out += c; 2126 total_data += c; 2127 } 2128 total_bytes_out += c; 2129 total_bytes += c; 2130 if (curclass.rateget) { 2131 *bufrem -= c; 2132 if (*bufrem == 0) { 2133 (void)gettimeofday(&now, NULL); 2134 timersub(&now, then, &td); 2135 if (td.tv_sec == 0) { 2136 usleep(1000000 - td.tv_usec); 2137 (void)gettimeofday(then, NULL); 2138 } else 2139 *then = now; 2140 *bufrem = curclass.rateget; 2141 } 2142 } 2143 } 2144 return (0); 2145 } 2146 2147 static enum send_status 2148 send_data_with_read(int filefd, int netfd, const struct stat *st, int isdata) 2149 { 2150 struct timeval then; 2151 off_t bufrem; 2152 ssize_t readsize; 2153 char *buf; 2154 int c, error; 2155 2156 if (curclass.readsize > 0) 2157 readsize = curclass.readsize; 2158 else 2159 readsize = st->st_blksize; 2160 if ((buf = malloc(readsize)) == NULL) { 2161 perror_reply(451, "Local resource failure: malloc"); 2162 return (SS_NO_TRANSFER); 2163 } 2164 2165 if (curclass.rateget) { 2166 bufrem = curclass.rateget; 2167 (void)gettimeofday(&then, NULL); 2168 } else 2169 bufrem = readsize; 2170 for (;;) { 2171 (void) alarm(curclass.timeout); 2172 c = read(filefd, buf, readsize); 2173 if (c == 0) 2174 error = SS_SUCCESS; 2175 else if (c < 0) 2176 error = SS_FILE_ERROR; 2177 else if (write_data(netfd, buf, c, &bufrem, &then, isdata)) 2178 error = SS_DATA_ERROR; 2179 else if (urgflag && handleoobcmd()) 2180 error = SS_ABORTED; 2181 else 2182 continue; 2183 2184 free(buf); 2185 return (error); 2186 } 2187 } 2188 2189 static enum send_status 2190 send_data_with_mmap(int filefd, int netfd, const struct stat *st, int isdata) 2191 { 2192 struct timeval then; 2193 off_t bufrem, filesize, off, origoff; 2194 ssize_t mapsize, winsize; 2195 int error, sendbufsize, sendlowat; 2196 void *win; 2197 2198 bufrem = 0; 2199 if (curclass.sendbufsize) { 2200 sendbufsize = curclass.sendbufsize; 2201 if (setsockopt(netfd, SOL_SOCKET, SO_SNDBUF, 2202 &sendbufsize, sizeof(int)) == -1) 2203 syslog(LOG_WARNING, "setsockopt(SO_SNDBUF, %d): %m", 2204 sendbufsize); 2205 } 2206 2207 if (curclass.sendlowat) { 2208 sendlowat = curclass.sendlowat; 2209 if (setsockopt(netfd, SOL_SOCKET, SO_SNDLOWAT, 2210 &sendlowat, sizeof(int)) == -1) 2211 syslog(LOG_WARNING, "setsockopt(SO_SNDLOWAT, %d): %m", 2212 sendlowat); 2213 } 2214 2215 winsize = curclass.mmapsize; 2216 filesize = st->st_size; 2217 if (ftpd_debug) 2218 syslog(LOG_INFO, "mmapsize = " LLF ", writesize = " LLF, 2219 (LLT)winsize, (LLT)curclass.writesize); 2220 if (winsize <= 0) 2221 goto try_read; 2222 2223 off = lseek(filefd, (off_t)0, SEEK_CUR); 2224 if (off == -1) 2225 goto try_read; 2226 2227 origoff = off; 2228 if (curclass.rateget) { 2229 bufrem = curclass.rateget; 2230 (void)gettimeofday(&then, NULL); 2231 } else 2232 bufrem = winsize; 2233 while (1) { 2234 mapsize = MIN(filesize - off, winsize); 2235 if (mapsize == 0) 2236 break; 2237 win = mmap(NULL, mapsize, PROT_READ, 2238 MAP_FILE|MAP_SHARED, filefd, off); 2239 if (win == MAP_FAILED) { 2240 if (off == origoff) 2241 goto try_read; 2242 return (SS_FILE_ERROR); 2243 } 2244 #if !defined(__minix) 2245 (void) madvise(win, mapsize, MADV_SEQUENTIAL); 2246 #endif /* !defined(__minix) */ 2247 error = write_data(netfd, win, mapsize, &bufrem, &then, 2248 isdata); 2249 #if !defined(__minix) 2250 (void) madvise(win, mapsize, MADV_DONTNEED); 2251 #endif /* !defined(__minix) */ 2252 munmap(win, mapsize); 2253 if (urgflag && handleoobcmd()) 2254 return (SS_ABORTED); 2255 if (error) 2256 return (SS_DATA_ERROR); 2257 off += mapsize; 2258 } 2259 return (SS_SUCCESS); 2260 2261 try_read: 2262 return (send_data_with_read(filefd, netfd, st, isdata)); 2263 } 2264 2265 /* 2266 * Transfer the contents of "instr" to "outstr" peer using the appropriate 2267 * encapsulation of the data subject to Mode, Structure, and Type. 2268 * 2269 * NB: Form isn't handled. 2270 */ 2271 static int 2272 send_data(FILE *instr, FILE *outstr, const struct stat *st, int isdata) 2273 { 2274 int c, filefd, netfd, rval; 2275 2276 urgflag = 0; 2277 transflag = 1; 2278 rval = -1; 2279 2280 switch (type) { 2281 2282 case TYPE_A: 2283 /* XXXLUKEM: rate limit ascii send (get) */ 2284 (void) alarm(curclass.timeout); 2285 while ((c = getc(instr)) != EOF) { 2286 if (urgflag && handleoobcmd()) 2287 goto cleanup_send_data; 2288 byte_count++; 2289 if (c == '\n') { 2290 if (ferror(outstr)) 2291 goto data_err; 2292 (void) putc('\r', outstr); 2293 if (isdata) { 2294 total_data_out++; 2295 total_data++; 2296 } 2297 total_bytes_out++; 2298 total_bytes++; 2299 } 2300 (void) putc(c, outstr); 2301 if (isdata) { 2302 total_data_out++; 2303 total_data++; 2304 } 2305 total_bytes_out++; 2306 total_bytes++; 2307 if ((byte_count % 4096) == 0) 2308 (void) alarm(curclass.timeout); 2309 } 2310 (void) alarm(0); 2311 fflush(outstr); 2312 if (ferror(instr)) 2313 goto file_err; 2314 if (ferror(outstr)) 2315 goto data_err; 2316 rval = 0; 2317 goto cleanup_send_data; 2318 2319 case TYPE_I: 2320 case TYPE_L: 2321 filefd = fileno(instr); 2322 netfd = fileno(outstr); 2323 switch (send_data_with_mmap(filefd, netfd, st, isdata)) { 2324 2325 case SS_SUCCESS: 2326 break; 2327 2328 case SS_ABORTED: 2329 case SS_NO_TRANSFER: 2330 goto cleanup_send_data; 2331 2332 case SS_FILE_ERROR: 2333 goto file_err; 2334 2335 case SS_DATA_ERROR: 2336 goto data_err; 2337 } 2338 rval = 0; 2339 goto cleanup_send_data; 2340 2341 default: 2342 reply(550, "Unimplemented TYPE %d in send_data", type); 2343 goto cleanup_send_data; 2344 } 2345 2346 data_err: 2347 (void) alarm(0); 2348 perror_reply(426, "Data connection"); 2349 goto cleanup_send_data; 2350 2351 file_err: 2352 (void) alarm(0); 2353 perror_reply(551, "Error on input file"); 2354 goto cleanup_send_data; 2355 2356 cleanup_send_data: 2357 (void) alarm(0); 2358 transflag = 0; 2359 urgflag = 0; 2360 if (isdata) { 2361 total_files_out++; 2362 total_files++; 2363 } 2364 total_xfers_out++; 2365 total_xfers++; 2366 return (rval); 2367 } 2368 2369 /* 2370 * Transfer data from peer to "outstr" using the appropriate encapulation of 2371 * the data subject to Mode, Structure, and Type. 2372 * 2373 * N.B.: Form isn't handled. 2374 */ 2375 static int 2376 receive_data(FILE *instr, FILE *outstr) 2377 { 2378 int c, netfd, filefd, rval; 2379 int volatile bare_lfs; 2380 off_t byteswritten; 2381 char *buf; 2382 ssize_t readsize; 2383 struct sigaction sa, sa_saved; 2384 struct stat st; 2385 2386 memset(&sa, 0, sizeof(sa)); 2387 sigfillset(&sa.sa_mask); 2388 sa.sa_flags = SA_RESTART; 2389 sa.sa_handler = lostconn; 2390 (void) sigaction(SIGALRM, &sa, &sa_saved); 2391 2392 bare_lfs = 0; 2393 urgflag = 0; 2394 transflag = 1; 2395 rval = -1; 2396 byteswritten = 0; 2397 buf = NULL; 2398 2399 #define FILESIZECHECK(x) \ 2400 do { \ 2401 if (curclass.maxfilesize != -1 && \ 2402 (x) > curclass.maxfilesize) { \ 2403 errno = EFBIG; \ 2404 goto file_err; \ 2405 } \ 2406 } while (0) 2407 2408 switch (type) { 2409 2410 case TYPE_I: 2411 case TYPE_L: 2412 netfd = fileno(instr); 2413 filefd = fileno(outstr); 2414 (void) alarm(curclass.timeout); 2415 if (curclass.readsize) 2416 readsize = curclass.readsize; 2417 else if (fstat(filefd, &st) != -1) 2418 readsize = (ssize_t)st.st_blksize; 2419 else 2420 readsize = BUFSIZ; 2421 if ((buf = malloc(readsize)) == NULL) { 2422 perror_reply(451, "Local resource failure: malloc"); 2423 goto cleanup_recv_data; 2424 } 2425 if (curclass.rateput) { 2426 while (1) { 2427 int d; 2428 struct timeval then, now, td; 2429 off_t bufrem; 2430 2431 (void)gettimeofday(&then, NULL); 2432 errno = c = d = 0; 2433 for (bufrem = curclass.rateput; bufrem > 0; ) { 2434 if ((c = read(netfd, buf, 2435 MIN(readsize, bufrem))) <= 0) 2436 goto recvdone; 2437 if (urgflag && handleoobcmd()) 2438 goto cleanup_recv_data; 2439 FILESIZECHECK(byte_count + c); 2440 if ((d = write(filefd, buf, c)) != c) 2441 goto file_err; 2442 (void) alarm(curclass.timeout); 2443 bufrem -= c; 2444 byte_count += c; 2445 total_data_in += c; 2446 total_data += c; 2447 total_bytes_in += c; 2448 total_bytes += c; 2449 } 2450 (void)gettimeofday(&now, NULL); 2451 timersub(&now, &then, &td); 2452 if (td.tv_sec == 0) 2453 usleep(1000000 - td.tv_usec); 2454 } 2455 } else { 2456 while ((c = read(netfd, buf, readsize)) > 0) { 2457 if (urgflag && handleoobcmd()) 2458 goto cleanup_recv_data; 2459 FILESIZECHECK(byte_count + c); 2460 if (write(filefd, buf, c) != c) 2461 goto file_err; 2462 (void) alarm(curclass.timeout); 2463 byte_count += c; 2464 total_data_in += c; 2465 total_data += c; 2466 total_bytes_in += c; 2467 total_bytes += c; 2468 } 2469 } 2470 recvdone: 2471 if (c < 0) 2472 goto data_err; 2473 rval = 0; 2474 goto cleanup_recv_data; 2475 2476 case TYPE_E: 2477 reply(553, "TYPE E not implemented."); 2478 goto cleanup_recv_data; 2479 2480 case TYPE_A: 2481 (void) alarm(curclass.timeout); 2482 /* XXXLUKEM: rate limit ascii receive (put) */ 2483 while ((c = getc(instr)) != EOF) { 2484 if (urgflag && handleoobcmd()) 2485 goto cleanup_recv_data; 2486 byte_count++; 2487 total_data_in++; 2488 total_data++; 2489 total_bytes_in++; 2490 total_bytes++; 2491 if ((byte_count % 4096) == 0) 2492 (void) alarm(curclass.timeout); 2493 if (c == '\n') 2494 bare_lfs++; 2495 while (c == '\r') { 2496 if (ferror(outstr)) 2497 goto data_err; 2498 if ((c = getc(instr)) != '\n') { 2499 byte_count++; 2500 total_data_in++; 2501 total_data++; 2502 total_bytes_in++; 2503 total_bytes++; 2504 if ((byte_count % 4096) == 0) 2505 (void) alarm(curclass.timeout); 2506 byteswritten++; 2507 FILESIZECHECK(byteswritten); 2508 (void) putc ('\r', outstr); 2509 if (c == '\0' || c == EOF) 2510 goto contin2; 2511 } 2512 } 2513 byteswritten++; 2514 FILESIZECHECK(byteswritten); 2515 (void) putc(c, outstr); 2516 contin2: ; 2517 } 2518 (void) alarm(0); 2519 fflush(outstr); 2520 if (ferror(instr)) 2521 goto data_err; 2522 if (ferror(outstr)) 2523 goto file_err; 2524 if (bare_lfs) { 2525 reply(-226, 2526 "WARNING! %d bare linefeeds received in ASCII mode", 2527 bare_lfs); 2528 reply(0, "File may not have transferred correctly."); 2529 } 2530 rval = 0; 2531 goto cleanup_recv_data; 2532 2533 default: 2534 reply(550, "Unimplemented TYPE %d in receive_data", type); 2535 goto cleanup_recv_data; 2536 } 2537 #undef FILESIZECHECK 2538 2539 data_err: 2540 (void) alarm(0); 2541 perror_reply(426, "Data Connection"); 2542 goto cleanup_recv_data; 2543 2544 file_err: 2545 (void) alarm(0); 2546 perror_reply(452, "Error writing file"); 2547 goto cleanup_recv_data; 2548 2549 cleanup_recv_data: 2550 (void) alarm(0); 2551 (void) sigaction(SIGALRM, &sa_saved, NULL); 2552 if (buf) 2553 free(buf); 2554 transflag = 0; 2555 urgflag = 0; 2556 total_files_in++; 2557 total_files++; 2558 total_xfers_in++; 2559 total_xfers++; 2560 return (rval); 2561 } 2562 2563 void 2564 statcmd(void) 2565 { 2566 struct sockinet *su = NULL; 2567 static char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; 2568 unsigned char *a, *p; 2569 int ispassive, af; 2570 off_t otbi, otbo, otb; 2571 2572 a = p = NULL; 2573 2574 reply(-211, "%s FTP server status:", hostname); 2575 reply(0, "Version: %s", EMPTYSTR(version) ? "<suppressed>" : version); 2576 hbuf[0] = '\0'; 2577 if (!getnameinfo((struct sockaddr *)&his_addr.si_su, his_addr.su_len, 2578 hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST) 2579 && strcmp(remotehost, hbuf) != 0) 2580 reply(0, "Connected to %s (%s)", remotehost, hbuf); 2581 else 2582 reply(0, "Connected to %s", remotehost); 2583 2584 if (logged_in) { 2585 if (curclass.type == CLASS_GUEST) 2586 reply(0, "Logged in anonymously"); 2587 else 2588 reply(0, "Logged in as %s%s", pw->pw_name, 2589 curclass.type == CLASS_CHROOT ? " (chroot)" : ""); 2590 } else if (askpasswd) 2591 reply(0, "Waiting for password"); 2592 else 2593 reply(0, "Waiting for user name"); 2594 cprintf(stdout, " TYPE: %s", typenames[type]); 2595 if (type == TYPE_A || type == TYPE_E) 2596 cprintf(stdout, ", FORM: %s", formnames[form]); 2597 if (type == TYPE_L) { 2598 #if NBBY == 8 2599 cprintf(stdout, " %d", NBBY); 2600 #else 2601 /* XXX: `bytesize' needs to be defined in this case */ 2602 cprintf(stdout, " %d", bytesize); 2603 #endif 2604 } 2605 cprintf(stdout, "; STRUcture: %s; transfer MODE: %s\r\n", 2606 strunames[stru], modenames[mode]); 2607 ispassive = 0; 2608 if (data != -1) { 2609 reply(0, "Data connection open"); 2610 su = NULL; 2611 } else if (pdata != -1) { 2612 reply(0, "in Passive mode"); 2613 if (curclass.advertise.su_len != 0) 2614 su = &curclass.advertise; 2615 else 2616 su = &pasv_addr; 2617 ispassive = 1; 2618 goto printaddr; 2619 } else if (usedefault == 0) { 2620 su = (struct sockinet *)&data_dest; 2621 2622 if (epsvall) { 2623 reply(0, "EPSV only mode (EPSV ALL)"); 2624 goto epsvonly; 2625 } 2626 printaddr: 2627 /* PASV/PORT */ 2628 if (su->su_family == AF_INET) { 2629 a = (unsigned char *) &su->su_addr; 2630 p = (unsigned char *) &su->su_port; 2631 #define UC(b) (((int) b) & 0xff) 2632 reply(0, "%s (%d,%d,%d,%d,%d,%d)", 2633 ispassive ? "PASV" : "PORT" , 2634 UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), 2635 UC(p[0]), UC(p[1])); 2636 } 2637 2638 /* LPSV/LPRT */ 2639 { 2640 int alen, i; 2641 2642 alen = 0; 2643 switch (su->su_family) { 2644 case AF_INET: 2645 a = (unsigned char *) &su->su_addr; 2646 p = (unsigned char *) &su->su_port; 2647 alen = sizeof(su->su_addr); 2648 af = 4; 2649 break; 2650 #ifdef INET6 2651 case AF_INET6: 2652 a = (unsigned char *) &su->su_6addr; 2653 p = (unsigned char *) &su->su_port; 2654 alen = sizeof(su->su_6addr); 2655 af = 6; 2656 break; 2657 #endif 2658 default: 2659 af = 0; 2660 break; 2661 } 2662 if (af) { 2663 cprintf(stdout, " %s (%d,%d", 2664 ispassive ? "LPSV" : "LPRT", af, alen); 2665 for (i = 0; i < alen; i++) 2666 cprintf(stdout, ",%d", UC(a[i])); 2667 cprintf(stdout, ",%d,%d,%d)\r\n", 2668 2, UC(p[0]), UC(p[1])); 2669 #undef UC 2670 } 2671 } 2672 2673 /* EPRT/EPSV */ 2674 epsvonly: 2675 af = af2epsvproto(su->su_family); 2676 hbuf[0] = '\0'; 2677 if (af > 0) { 2678 struct sockinet tmp; 2679 2680 tmp = *su; 2681 #ifdef INET6 2682 if (tmp.su_family == AF_INET6) 2683 tmp.su_scope_id = 0; 2684 #endif 2685 if (getnameinfo((struct sockaddr *)&tmp.si_su, 2686 tmp.su_len, hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), 2687 NI_NUMERICHOST | NI_NUMERICSERV) == 0) 2688 reply(0, "%s (|%d|%s|%s|)", 2689 ispassive ? "EPSV" : "EPRT", 2690 af, hbuf, sbuf); 2691 } 2692 } else 2693 reply(0, "No data connection"); 2694 2695 if (logged_in) { 2696 reply(0, 2697 "Data sent: " LLF " byte%s in " LLF " file%s", 2698 (LLT)total_data_out, PLURAL(total_data_out), 2699 (LLT)total_files_out, PLURAL(total_files_out)); 2700 reply(0, 2701 "Data received: " LLF " byte%s in " LLF " file%s", 2702 (LLT)total_data_in, PLURAL(total_data_in), 2703 (LLT)total_files_in, PLURAL(total_files_in)); 2704 reply(0, 2705 "Total data: " LLF " byte%s in " LLF " file%s", 2706 (LLT)total_data, PLURAL(total_data), 2707 (LLT)total_files, PLURAL(total_files)); 2708 } 2709 otbi = total_bytes_in; 2710 otbo = total_bytes_out; 2711 otb = total_bytes; 2712 reply(0, "Traffic sent: " LLF " byte%s in " LLF " transfer%s", 2713 (LLT)otbo, PLURAL(otbo), 2714 (LLT)total_xfers_out, PLURAL(total_xfers_out)); 2715 reply(0, "Traffic received: " LLF " byte%s in " LLF " transfer%s", 2716 (LLT)otbi, PLURAL(otbi), 2717 (LLT)total_xfers_in, PLURAL(total_xfers_in)); 2718 reply(0, "Total traffic: " LLF " byte%s in " LLF " transfer%s", 2719 (LLT)otb, PLURAL(otb), 2720 (LLT)total_xfers, PLURAL(total_xfers)); 2721 2722 if (logged_in && !CURCLASS_FLAGS_ISSET(private)) { 2723 struct ftpconv *cp; 2724 2725 reply(0, "%s", ""); 2726 reply(0, "Class: %s, type: %s", 2727 curclass.classname, CURCLASSTYPE); 2728 reply(0, "Check PORT/LPRT commands: %sabled", 2729 CURCLASS_FLAGS_ISSET(checkportcmd) ? "en" : "dis"); 2730 if (! EMPTYSTR(curclass.display)) 2731 reply(0, "Display file: %s", curclass.display); 2732 if (! EMPTYSTR(curclass.notify)) 2733 reply(0, "Notify fileglob: %s", curclass.notify); 2734 reply(0, "Idle timeout: " LLF ", maximum timeout: " LLF, 2735 (LLT)curclass.timeout, (LLT)curclass.maxtimeout); 2736 reply(0, "Current connections: %d", connections); 2737 if (curclass.limit == -1) 2738 reply(0, "Maximum connections: unlimited"); 2739 else 2740 reply(0, "Maximum connections: " LLF, 2741 (LLT)curclass.limit); 2742 if (curclass.limitfile) 2743 reply(0, "Connection limit exceeded message file: %s", 2744 conffilename(curclass.limitfile)); 2745 if (! EMPTYSTR(curclass.chroot)) 2746 reply(0, "Chroot format: %s", curclass.chroot); 2747 reply(0, "Deny bad ftpusers(5) quickly: %sabled", 2748 CURCLASS_FLAGS_ISSET(denyquick) ? "en" : "dis"); 2749 if (! EMPTYSTR(curclass.homedir)) 2750 reply(0, "Homedir format: %s", curclass.homedir); 2751 if (curclass.maxfilesize == -1) 2752 reply(0, "Maximum file size: unlimited"); 2753 else 2754 reply(0, "Maximum file size: " LLF, 2755 (LLT)curclass.maxfilesize); 2756 if (! EMPTYSTR(curclass.motd)) 2757 reply(0, "MotD file: %s", conffilename(curclass.motd)); 2758 reply(0, 2759 "Modify commands (CHMOD, DELE, MKD, RMD, RNFR, UMASK): %sabled", 2760 CURCLASS_FLAGS_ISSET(modify) ? "en" : "dis"); 2761 reply(0, "Upload commands (APPE, STOR, STOU): %sabled", 2762 CURCLASS_FLAGS_ISSET(upload) ? "en" : "dis"); 2763 reply(0, "Sanitize file names: %sabled", 2764 CURCLASS_FLAGS_ISSET(sanenames) ? "en" : "dis"); 2765 reply(0, "PASV/LPSV/EPSV connections: %sabled", 2766 CURCLASS_FLAGS_ISSET(passive) ? "en" : "dis"); 2767 if (curclass.advertise.su_len != 0) { 2768 char buf[50]; /* big enough for IPv6 address */ 2769 const char *bp; 2770 2771 bp = inet_ntop(curclass.advertise.su_family, 2772 (void *)&curclass.advertise.su_addr, 2773 buf, sizeof(buf)); 2774 if (bp != NULL) 2775 reply(0, "PASV advertise address: %s", bp); 2776 } 2777 if (curclass.portmin && curclass.portmax) 2778 reply(0, "PASV port range: " LLF " - " LLF, 2779 (LLT)curclass.portmin, (LLT)curclass.portmax); 2780 if (curclass.rateget) 2781 reply(0, "Rate get limit: " LLF " bytes/sec", 2782 (LLT)curclass.rateget); 2783 else 2784 reply(0, "Rate get limit: disabled"); 2785 if (curclass.rateput) 2786 reply(0, "Rate put limit: " LLF " bytes/sec", 2787 (LLT)curclass.rateput); 2788 else 2789 reply(0, "Rate put limit: disabled"); 2790 if (curclass.mmapsize) 2791 reply(0, "Mmap size: " LLF, (LLT)curclass.mmapsize); 2792 else 2793 reply(0, "Mmap size: disabled"); 2794 if (curclass.readsize) 2795 reply(0, "Read size: " LLF, (LLT)curclass.readsize); 2796 else 2797 reply(0, "Read size: default"); 2798 if (curclass.writesize) 2799 reply(0, "Write size: " LLF, (LLT)curclass.writesize); 2800 else 2801 reply(0, "Write size: default"); 2802 if (curclass.recvbufsize) 2803 reply(0, "Receive buffer size: " LLF, 2804 (LLT)curclass.recvbufsize); 2805 else 2806 reply(0, "Receive buffer size: default"); 2807 if (curclass.sendbufsize) 2808 reply(0, "Send buffer size: " LLF, 2809 (LLT)curclass.sendbufsize); 2810 else 2811 reply(0, "Send buffer size: default"); 2812 if (curclass.sendlowat) 2813 reply(0, "Send low water mark: " LLF, 2814 (LLT)curclass.sendlowat); 2815 else 2816 reply(0, "Send low water mark: default"); 2817 reply(0, "Umask: %.04o", curclass.umask); 2818 for (cp = curclass.conversions; cp != NULL; cp=cp->next) { 2819 if (cp->suffix == NULL || cp->types == NULL || 2820 cp->command == NULL) 2821 continue; 2822 reply(0, "Conversion: %s [%s] disable: %s, command: %s", 2823 cp->suffix, cp->types, cp->disable, cp->command); 2824 } 2825 } 2826 2827 reply(211, "End of status"); 2828 } 2829 2830 void 2831 fatal(const char *s) 2832 { 2833 2834 reply(451, "Error in server: %s\n", s); 2835 reply(221, "Closing connection due to server error."); 2836 dologout(0); 2837 /* NOTREACHED */ 2838 } 2839 2840 /* 2841 * reply() -- 2842 * depending on the value of n, display fmt with a trailing CRLF and 2843 * prefix of: 2844 * n < -1 prefix the message with abs(n) + "-" (initial line) 2845 * n == 0 prefix the message with 4 spaces (middle lines) 2846 * n > 0 prefix the message with n + " " (final line) 2847 */ 2848 void 2849 reply(int n, const char *fmt, ...) 2850 { 2851 char msg[MAXPATHLEN * 2 + 100]; 2852 size_t b; 2853 va_list ap; 2854 2855 if (n == 0) 2856 b = snprintf(msg, sizeof(msg), " "); 2857 else if (n < 0) 2858 b = snprintf(msg, sizeof(msg), "%d-", -n); 2859 else 2860 b = snprintf(msg, sizeof(msg), "%d ", n); 2861 va_start(ap, fmt); 2862 vsnprintf(msg + b, sizeof(msg) - b, fmt, ap); 2863 va_end(ap); 2864 cprintf(stdout, "%s\r\n", msg); 2865 (void)fflush(stdout); 2866 if (ftpd_debug) 2867 syslog(LOG_DEBUG, "<--- %s", msg); 2868 } 2869 2870 static void 2871 logremotehost(struct sockinet *who) 2872 { 2873 2874 #if defined(HAVE_SOCKADDR_SNPRINTF) 2875 char abuf[BUFSIZ]; 2876 #endif 2877 2878 struct sockaddr *sa = (struct sockaddr *)&who->si_su; 2879 if (getnameinfo(sa, who->su_len, remotehost, sizeof(remotehost), NULL, 2880 0, getnameopts)) 2881 strlcpy(remotehost, "?", sizeof(remotehost)); 2882 #if defined(HAVE_SOCKADDR_SNPRINTF) 2883 sockaddr_snprintf(abuf, sizeof(abuf), "%a", sa); 2884 snprintf(remoteloghost, sizeof(remoteloghost), "%s(%s)", remotehost, 2885 abuf); 2886 #else 2887 strlcpy(remoteloghost, remotehost, sizeof(remoteloghost)); 2888 #endif 2889 2890 #if defined(HAVE_SETPROCTITLE) 2891 snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost); 2892 setproctitle("%s", proctitle); 2893 #endif /* defined(HAVE_SETPROCTITLE) */ 2894 if (logging) 2895 syslog(LOG_INFO, "connection from %s to %s", 2896 remoteloghost, hostname); 2897 } 2898 2899 /* 2900 * Record logout in wtmp file and exit with supplied status. 2901 * NOTE: because this is called from signal handlers it cannot 2902 * use stdio (or call other functions that use stdio). 2903 */ 2904 void 2905 dologout(int status) 2906 { 2907 /* 2908 * Prevent reception of SIGURG from resulting in a resumption 2909 * back to the main program loop. 2910 */ 2911 transflag = 0; 2912 logout_utmp(); 2913 if (logged_in) { 2914 #ifdef KERBEROS 2915 if (!notickets && krbtkfile_env) 2916 unlink(krbtkfile_env); 2917 #endif 2918 } 2919 /* beware of flushing buffers after a SIGPIPE */ 2920 if (xferlogfd != -1) 2921 close(xferlogfd); 2922 _exit(status); 2923 } 2924 2925 void 2926 abor(void) 2927 { 2928 2929 if (!transflag) 2930 return; 2931 tmpline[0] = '\0'; 2932 is_oob = 0; 2933 reply(426, "Transfer aborted. Data connection closed."); 2934 reply(226, "Abort successful"); 2935 transflag = 0; /* flag that the transfer has aborted */ 2936 } 2937 2938 void 2939 statxfer(void) 2940 { 2941 2942 if (!transflag) 2943 return; 2944 tmpline[0] = '\0'; 2945 is_oob = 0; 2946 if (file_size != (off_t) -1) 2947 reply(213, 2948 "Status: " LLF " of " LLF " byte%s transferred", 2949 (LLT)byte_count, (LLT)file_size, 2950 PLURAL(byte_count)); 2951 else 2952 reply(213, "Status: " LLF " byte%s transferred", 2953 (LLT)byte_count, PLURAL(byte_count)); 2954 } 2955 2956 /* 2957 * Call when urgflag != 0 to handle Out Of Band commands. 2958 * Returns non zero if the OOB command aborted the transfer 2959 * by setting transflag to 0. (c.f., "ABOR"). 2960 */ 2961 static int 2962 handleoobcmd(void) 2963 { 2964 char *cp; 2965 int ret; 2966 2967 if (!urgflag) 2968 return (0); 2969 urgflag = 0; 2970 /* only process if transfer occurring */ 2971 if (!transflag) 2972 return (0); 2973 cp = tmpline; 2974 ret = get_line(cp, sizeof(tmpline)-1, stdin); 2975 if (ret == -1) { 2976 reply(221, "You could at least say goodbye."); 2977 dologout(0); 2978 } else if (ret == -2) { 2979 /* Ignore truncated command */ 2980 /* XXX: abort xfer with "500 command too long", & return 1 ? */ 2981 return 0; 2982 } 2983 /* 2984 * Manually parse OOB commands, because we can't 2985 * recursively call the yacc parser... 2986 */ 2987 if (strcasecmp(cp, "ABOR\r\n") == 0) { 2988 abor(); 2989 } else if (strcasecmp(cp, "STAT\r\n") == 0) { 2990 statxfer(); 2991 } else { 2992 /* XXX: error with "500 unknown command" ? */ 2993 } 2994 return (transflag == 0); 2995 } 2996 2997 static int 2998 bind_pasv_addr(void) 2999 { 3000 static int passiveport; 3001 int port, len; 3002 3003 len = pasv_addr.su_len; 3004 if (curclass.portmin == 0 && curclass.portmax == 0) { 3005 pasv_addr.su_port = 0; 3006 return (bind(pdata, (struct sockaddr *)&pasv_addr.si_su, len)); 3007 } 3008 3009 if (passiveport == 0) { 3010 srand(getpid()); 3011 passiveport = rand() % (curclass.portmax - curclass.portmin) 3012 + curclass.portmin; 3013 } 3014 3015 port = passiveport; 3016 while (1) { 3017 port++; 3018 if (port > curclass.portmax) 3019 port = curclass.portmin; 3020 else if (port == passiveport) { 3021 errno = EAGAIN; 3022 return (-1); 3023 } 3024 pasv_addr.su_port = htons(port); 3025 if (bind(pdata, (struct sockaddr *)&pasv_addr.si_su, len) == 0) 3026 break; 3027 if (errno != EADDRINUSE) 3028 return (-1); 3029 } 3030 passiveport = port; 3031 return (0); 3032 } 3033 3034 /* 3035 * Note: a response of 425 is not mentioned as a possible response to 3036 * the PASV command in RFC959. However, it has been blessed as 3037 * a legitimate response by Jon Postel in a telephone conversation 3038 * with Rick Adams on 25 Jan 89. 3039 */ 3040 void 3041 passive(void) 3042 { 3043 socklen_t len; 3044 int recvbufsize; 3045 char *p, *a; 3046 3047 if (pdata >= 0) 3048 close(pdata); 3049 pdata = socket(AF_INET, SOCK_STREAM, 0); 3050 if (pdata < 0 || !logged_in) { 3051 perror_reply(425, "Can't open passive connection"); 3052 return; 3053 } 3054 pasv_addr = ctrl_addr; 3055 3056 if (bind_pasv_addr() < 0) 3057 goto pasv_error; 3058 len = pasv_addr.su_len; 3059 if (getsockname(pdata, (struct sockaddr *) &pasv_addr.si_su, &len) < 0) 3060 goto pasv_error; 3061 pasv_addr.su_len = len; 3062 if (curclass.recvbufsize) { 3063 recvbufsize = curclass.recvbufsize; 3064 if (setsockopt(pdata, SOL_SOCKET, SO_RCVBUF, &recvbufsize, 3065 sizeof(int)) == -1) 3066 syslog(LOG_WARNING, "setsockopt(SO_RCVBUF, %d): %m", 3067 recvbufsize); 3068 } 3069 if (listen(pdata, 1) < 0) 3070 goto pasv_error; 3071 if (curclass.advertise.su_len != 0) 3072 a = (char *) &curclass.advertise.su_addr; 3073 else 3074 a = (char *) &pasv_addr.su_addr; 3075 p = (char *) &pasv_addr.su_port; 3076 3077 #define UC(b) (((int) b) & 0xff) 3078 3079 reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]), 3080 UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); 3081 return; 3082 3083 pasv_error: 3084 (void) close(pdata); 3085 pdata = -1; 3086 perror_reply(425, "Can't open passive connection"); 3087 return; 3088 } 3089 3090 /* 3091 * convert protocol identifier to/from AF 3092 */ 3093 int 3094 lpsvproto2af(int proto) 3095 { 3096 3097 switch (proto) { 3098 case 4: 3099 return AF_INET; 3100 #ifdef INET6 3101 case 6: 3102 return AF_INET6; 3103 #endif 3104 default: 3105 return -1; 3106 } 3107 } 3108 3109 int 3110 af2lpsvproto(int af) 3111 { 3112 3113 switch (af) { 3114 case AF_INET: 3115 return 4; 3116 #ifdef INET6 3117 case AF_INET6: 3118 return 6; 3119 #endif 3120 default: 3121 return -1; 3122 } 3123 } 3124 3125 int 3126 epsvproto2af(int proto) 3127 { 3128 3129 switch (proto) { 3130 case 1: 3131 return AF_INET; 3132 #ifdef INET6 3133 case 2: 3134 return AF_INET6; 3135 #endif 3136 default: 3137 return -1; 3138 } 3139 } 3140 3141 int 3142 af2epsvproto(int af) 3143 { 3144 3145 switch (af) { 3146 case AF_INET: 3147 return 1; 3148 #ifdef INET6 3149 case AF_INET6: 3150 return 2; 3151 #endif 3152 default: 3153 return -1; 3154 } 3155 } 3156 3157 /* 3158 * 228 Entering Long Passive Mode (af, hal, h1, h2, h3,..., pal, p1, p2...) 3159 * 229 Entering Extended Passive Mode (|||port|) 3160 */ 3161 void 3162 long_passive(const char *cmd, int pf) 3163 { 3164 socklen_t len; 3165 char *p, *a; 3166 3167 if (!logged_in) { 3168 syslog(LOG_NOTICE, "long passive but not logged in"); 3169 reply(503, "Login with USER first."); 3170 return; 3171 } 3172 3173 if (pf != PF_UNSPEC && ctrl_addr.su_family != pf) { 3174 /* 3175 * XXX: only EPRT/EPSV ready clients will understand this 3176 */ 3177 if (strcmp(cmd, "EPSV") != 0) 3178 reply(501, "Network protocol mismatch"); /*XXX*/ 3179 else 3180 epsv_protounsupp("Network protocol mismatch"); 3181 3182 return; 3183 } 3184 3185 if (pdata >= 0) 3186 close(pdata); 3187 pdata = socket(ctrl_addr.su_family, SOCK_STREAM, 0); 3188 if (pdata < 0) { 3189 perror_reply(425, "Can't open passive connection"); 3190 return; 3191 } 3192 pasv_addr = ctrl_addr; 3193 if (bind_pasv_addr() < 0) 3194 goto pasv_error; 3195 len = pasv_addr.su_len; 3196 if (getsockname(pdata, (struct sockaddr *) &pasv_addr.si_su, &len) < 0) 3197 goto pasv_error; 3198 pasv_addr.su_len = len; 3199 if (listen(pdata, 1) < 0) 3200 goto pasv_error; 3201 p = (char *) &pasv_addr.su_port; 3202 3203 #define UC(b) (((int) b) & 0xff) 3204 3205 if (strcmp(cmd, "LPSV") == 0) { 3206 struct sockinet *advert; 3207 3208 if (curclass.advertise.su_len != 0) 3209 advert = &curclass.advertise; 3210 else 3211 advert = &pasv_addr; 3212 switch (advert->su_family) { 3213 case AF_INET: 3214 a = (char *) &advert->su_addr; 3215 reply(228, 3216 "Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d)", 3217 4, 4, UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), 3218 2, UC(p[0]), UC(p[1])); 3219 return; 3220 #ifdef INET6 3221 case AF_INET6: 3222 a = (char *) &advert->su_6addr; 3223 reply(228, 3224 "Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)", 3225 6, 16, 3226 UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), 3227 UC(a[4]), UC(a[5]), UC(a[6]), UC(a[7]), 3228 UC(a[8]), UC(a[9]), UC(a[10]), UC(a[11]), 3229 UC(a[12]), UC(a[13]), UC(a[14]), UC(a[15]), 3230 2, UC(p[0]), UC(p[1])); 3231 return; 3232 #endif 3233 } 3234 #undef UC 3235 } else if (strcmp(cmd, "EPSV") == 0) { 3236 switch (pasv_addr.su_family) { 3237 case AF_INET: 3238 #ifdef INET6 3239 case AF_INET6: 3240 #endif 3241 reply(229, "Entering Extended Passive Mode (|||%d|)", 3242 ntohs(pasv_addr.su_port)); 3243 return; 3244 } 3245 } else { 3246 /* more proper error code? */ 3247 } 3248 3249 pasv_error: 3250 (void) close(pdata); 3251 pdata = -1; 3252 perror_reply(425, "Can't open passive connection"); 3253 return; 3254 } 3255 3256 int 3257 extended_port(const char *arg) 3258 { 3259 char *tmp = NULL; 3260 char *result[3]; 3261 char *p, *q; 3262 char delim; 3263 struct addrinfo hints; 3264 struct addrinfo *res = NULL; 3265 int i; 3266 unsigned long proto; 3267 3268 tmp = ftpd_strdup(arg); 3269 p = tmp; 3270 delim = p[0]; 3271 p++; 3272 memset(result, 0, sizeof(result)); 3273 for (i = 0; i < 3; i++) { 3274 q = strchr(p, delim); 3275 if (!q || *q != delim) 3276 goto parsefail; 3277 *q++ = '\0'; 3278 result[i] = p; 3279 p = q; 3280 } 3281 3282 /* some more sanity checks */ 3283 errno = 0; 3284 p = NULL; 3285 (void)strtoul(result[2], &p, 10); 3286 if (errno || !*result[2] || *p) 3287 goto parsefail; 3288 errno = 0; 3289 p = NULL; 3290 proto = strtoul(result[0], &p, 10); 3291 if (errno || !*result[0] || *p) 3292 goto protounsupp; 3293 3294 memset(&hints, 0, sizeof(hints)); 3295 hints.ai_family = epsvproto2af((int)proto); 3296 if (hints.ai_family < 0) 3297 goto protounsupp; 3298 hints.ai_socktype = SOCK_STREAM; 3299 hints.ai_flags = AI_NUMERICHOST; 3300 if (getaddrinfo(result[1], result[2], &hints, &res)) 3301 goto parsefail; 3302 if (res->ai_next) 3303 goto parsefail; 3304 if (sizeof(data_dest) < res->ai_addrlen) 3305 goto parsefail; 3306 memcpy(&data_dest.si_su, res->ai_addr, res->ai_addrlen); 3307 data_dest.su_len = res->ai_addrlen; 3308 #ifdef INET6 3309 if (his_addr.su_family == AF_INET6 && 3310 data_dest.su_family == AF_INET6) { 3311 /* XXX: more sanity checks! */ 3312 data_dest.su_scope_id = his_addr.su_scope_id; 3313 } 3314 #endif 3315 3316 if (tmp != NULL) 3317 free(tmp); 3318 if (res) 3319 freeaddrinfo(res); 3320 return 0; 3321 3322 parsefail: 3323 reply(500, "Invalid argument, rejected."); 3324 usedefault = 1; 3325 if (tmp != NULL) 3326 free(tmp); 3327 if (res) 3328 freeaddrinfo(res); 3329 return -1; 3330 3331 protounsupp: 3332 epsv_protounsupp("Protocol not supported"); 3333 usedefault = 1; 3334 if (tmp != NULL) 3335 free(tmp); 3336 return -1; 3337 } 3338 3339 /* 3340 * 522 Protocol not supported (proto,...) 3341 * as we assume address family for control and data connections are the same, 3342 * we do not return the list of address families we support - instead, we 3343 * return the address family of the control connection. 3344 */ 3345 void 3346 epsv_protounsupp(const char *message) 3347 { 3348 int proto; 3349 3350 proto = af2epsvproto(ctrl_addr.su_family); 3351 if (proto < 0) 3352 reply(501, "%s", message); /* XXX */ 3353 else 3354 reply(522, "%s, use (%d)", message, proto); 3355 } 3356 3357 /* 3358 * Generate unique name for file with basename "local". 3359 * The file named "local" is already known to exist. 3360 * Generates failure reply on error. 3361 * 3362 * XXX: this function should under go changes similar to 3363 * the mktemp(3)/mkstemp(3) changes. 3364 */ 3365 static char * 3366 gunique(const char *local) 3367 { 3368 static char new[MAXPATHLEN]; 3369 struct stat st; 3370 char *cp; 3371 int count; 3372 3373 cp = strrchr(local, '/'); 3374 if (cp) 3375 *cp = '\0'; 3376 if (stat(cp ? local : ".", &st) < 0) { 3377 perror_reply(553, cp ? local : "."); 3378 return (NULL); 3379 } 3380 if (cp) 3381 *cp = '/'; 3382 for (count = 1; count < 100; count++) { 3383 (void)snprintf(new, sizeof(new) - 1, "%s.%d", local, count); 3384 if (stat(new, &st) < 0) 3385 return (new); 3386 } 3387 reply(452, "Unique file name cannot be created."); 3388 return (NULL); 3389 } 3390 3391 /* 3392 * Format and send reply containing system error number. 3393 */ 3394 void 3395 perror_reply(int code, const char *string) 3396 { 3397 int save_errno; 3398 3399 save_errno = errno; 3400 reply(code, "%s: %s.", string, strerror(errno)); 3401 errno = save_errno; 3402 } 3403 3404 static char *onefile[] = { 3405 NULL, 3406 0 3407 }; 3408 3409 void 3410 send_file_list(const char *whichf) 3411 { 3412 struct stat st; 3413 DIR *dirp; 3414 struct dirent *dir; 3415 FILE *volatile dout; 3416 char **volatile dirlist; 3417 char *dirname, *p; 3418 char *notglob; 3419 int volatile simple; 3420 int volatile freeglob; 3421 glob_t gl; 3422 3423 dirp = NULL; 3424 dout = NULL; 3425 notglob = NULL; 3426 simple = 0; 3427 freeglob = 0; 3428 urgflag = 0; 3429 3430 p = NULL; 3431 if (strpbrk(whichf, "~{[*?") != NULL) { 3432 int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE|GLOB_LIMIT; 3433 3434 memset(&gl, 0, sizeof(gl)); 3435 freeglob = 1; 3436 if (glob(whichf, flags, 0, &gl)) { 3437 reply(450, "Not found"); 3438 goto cleanup_send_file_list; 3439 } else if (gl.gl_pathc == 0) { 3440 errno = ENOENT; 3441 perror_reply(450, whichf); 3442 goto cleanup_send_file_list; 3443 } 3444 dirlist = gl.gl_pathv; 3445 } else { 3446 notglob = ftpd_strdup(whichf); 3447 onefile[0] = notglob; 3448 dirlist = onefile; 3449 simple = 1; 3450 } 3451 /* XXX: } for vi sm */ 3452 3453 while ((dirname = *dirlist++) != NULL) { 3454 int trailingslash = 0; 3455 3456 if (stat(dirname, &st) < 0) { 3457 /* 3458 * If user typed "ls -l", etc, and the client 3459 * used NLST, do what the user meant. 3460 */ 3461 /* XXX: nuke this support? */ 3462 if (dirname[0] == '-' && *dirlist == NULL && 3463 transflag == 0) { 3464 const char *argv[] = { INTERNAL_LS, "", NULL }; 3465 3466 argv[1] = dirname; 3467 retrieve(argv, dirname); 3468 goto cleanup_send_file_list; 3469 } 3470 perror_reply(450, whichf); 3471 goto cleanup_send_file_list; 3472 } 3473 3474 if (S_ISREG(st.st_mode)) { 3475 /* 3476 * XXXRFC: 3477 * should we follow RFC959 and not work 3478 * for non directories? 3479 */ 3480 if (dout == NULL) { 3481 dout = dataconn("file list", (off_t)-1, "w"); 3482 if (dout == NULL) 3483 goto cleanup_send_file_list; 3484 transflag = 1; 3485 } 3486 cprintf(dout, "%s%s\n", dirname, 3487 type == TYPE_A ? "\r" : ""); 3488 continue; 3489 } else if (!S_ISDIR(st.st_mode)) 3490 continue; 3491 3492 if (dirname[strlen(dirname) - 1] == '/') 3493 trailingslash++; 3494 3495 if ((dirp = opendir(dirname)) == NULL) 3496 continue; 3497 3498 while ((dir = readdir(dirp)) != NULL) { 3499 char nbuf[MAXPATHLEN]; 3500 3501 if (urgflag && handleoobcmd()) { 3502 (void) closedir(dirp); 3503 goto cleanup_send_file_list; 3504 } 3505 3506 if (ISDOTDIR(dir->d_name) || ISDOTDOTDIR(dir->d_name)) 3507 continue; 3508 3509 (void)snprintf(nbuf, sizeof(nbuf), "%s%s%s", dirname, 3510 trailingslash ? "" : "/", dir->d_name); 3511 3512 /* 3513 * We have to do a stat to ensure it's 3514 * not a directory or special file. 3515 */ 3516 /* 3517 * XXXRFC: 3518 * should we follow RFC959 and filter out 3519 * non files ? lukem - NO!, or not until 3520 * our ftp client uses MLS{T,D} for completion. 3521 */ 3522 if (simple || (stat(nbuf, &st) == 0 && 3523 S_ISREG(st.st_mode))) { 3524 if (dout == NULL) { 3525 dout = dataconn("file list", (off_t)-1, 3526 "w"); 3527 if (dout == NULL) { 3528 (void) closedir(dirp); 3529 goto cleanup_send_file_list; 3530 } 3531 transflag = 1; 3532 } 3533 p = nbuf; 3534 if (nbuf[0] == '.' && nbuf[1] == '/') 3535 p = &nbuf[2]; 3536 cprintf(dout, "%s%s\n", p, 3537 type == TYPE_A ? "\r" : ""); 3538 } 3539 } 3540 (void) closedir(dirp); 3541 } 3542 3543 if (dout == NULL) 3544 reply(450, "No files found."); 3545 else if (ferror(dout) != 0) 3546 perror_reply(451, "Data connection"); 3547 else 3548 reply(226, "Transfer complete."); 3549 3550 cleanup_send_file_list: 3551 closedataconn(dout); 3552 transflag = 0; 3553 urgflag = 0; 3554 total_xfers++; 3555 total_xfers_out++; 3556 if (notglob) 3557 free(notglob); 3558 if (freeglob) 3559 globfree(&gl); 3560 } 3561 3562 char * 3563 conffilename(const char *s) 3564 { 3565 static char filename[MAXPATHLEN]; 3566 3567 if (*s == '/') 3568 strlcpy(filename, s, sizeof(filename)); 3569 else 3570 (void)snprintf(filename, sizeof(filename), "%s/%s", confdir ,s); 3571 return (filename); 3572 } 3573 3574 /* 3575 * logxfer -- 3576 * if logging > 1, then based on the arguments, syslog a message: 3577 * if bytes != -1 "<command> <file1> = <bytes> bytes" 3578 * else if file2 != NULL "<command> <file1> <file2>" 3579 * else "<command> <file1>" 3580 * if elapsed != NULL, append "in xxx.yyy seconds" 3581 * if error != NULL, append ": " + error 3582 * 3583 * if doxferlog != 0, bytes != -1, and command is "get", "put", 3584 * or "append", syslog and/or write a wu-ftpd style xferlog entry 3585 */ 3586 void 3587 logxfer(const char *command, off_t bytes, const char *file1, const char *file2, 3588 const struct timeval *elapsed, const char *error) 3589 { 3590 char buf[MAXPATHLEN * 2 + 100]; 3591 char realfile1[MAXPATHLEN], realfile2[MAXPATHLEN]; 3592 const char *r1, *r2; 3593 char direction; 3594 size_t len; 3595 time_t now; 3596 3597 if (logging <=1 && !doxferlog) 3598 return; 3599 3600 r1 = r2 = NULL; 3601 if ((r1 = realpath(file1, realfile1)) == NULL) 3602 r1 = file1; 3603 if (file2 != NULL) 3604 if ((r2 = realpath(file2, realfile2)) == NULL) 3605 r2 = file2; 3606 3607 /* 3608 * syslog command 3609 */ 3610 if (logging > 1) { 3611 len = snprintf(buf, sizeof(buf), "%s %s", command, r1); 3612 if (bytes != (off_t)-1) 3613 len += snprintf(buf + len, sizeof(buf) - len, 3614 " = " LLF " byte%s", (LLT) bytes, PLURAL(bytes)); 3615 else if (r2 != NULL) 3616 len += snprintf(buf + len, sizeof(buf) - len, 3617 " %s", r2); 3618 if (elapsed != NULL) 3619 len += snprintf(buf + len, sizeof(buf) - len, 3620 " in " LLF ".%.03ld seconds", 3621 (LLT)elapsed->tv_sec, 3622 (long)(elapsed->tv_usec / 1000)); 3623 if (error != NULL) 3624 len += snprintf(buf + len, sizeof(buf) - len, 3625 ": %s", error); 3626 syslog(LOG_INFO, "%s", buf); 3627 } 3628 3629 /* 3630 * syslog wu-ftpd style log entry, prefixed with "xferlog: " 3631 */ 3632 if (!doxferlog || bytes == -1) 3633 return; 3634 3635 if (strcmp(command, "get") == 0) 3636 direction = 'o'; 3637 else if (strcmp(command, "put") == 0 || strcmp(command, "append") == 0) 3638 direction = 'i'; 3639 else 3640 return; 3641 3642 time(&now); 3643 len = snprintf(buf, sizeof(buf), 3644 "%.24s " LLF " %s " LLF " %s %c %s %c %c %s FTP 0 * %c\n", 3645 3646 /* 3647 * XXX: wu-ftpd puts ' (send)' or ' (recv)' in the syslog message, and removes 3648 * the full date. This may be problematic for accurate log parsing, 3649 * given that syslog messages don't contain the full date. 3650 */ 3651 ctime(&now), 3652 (LLT) 3653 (elapsed == NULL ? 0 : elapsed->tv_sec + (elapsed->tv_usec > 0)), 3654 remotehost, 3655 (LLT) bytes, 3656 r1, 3657 type == TYPE_A ? 'a' : 'b', 3658 "_", /* XXX: take conversions into account? */ 3659 direction, 3660 3661 curclass.type == CLASS_GUEST ? 'a' : 3662 curclass.type == CLASS_CHROOT ? 'g' : 3663 curclass.type == CLASS_REAL ? 'r' : '?', 3664 3665 curclass.type == CLASS_GUEST ? pw->pw_passwd : pw->pw_name, 3666 error != NULL ? 'i' : 'c' 3667 ); 3668 3669 if ((doxferlog & 2) && xferlogfd != -1) 3670 write(xferlogfd, buf, len); 3671 if ((doxferlog & 1)) { 3672 buf[len-1] = '\n'; /* strip \n from syslog message */ 3673 syslog(LOG_INFO, "xferlog: %s", buf); 3674 } 3675 } 3676 3677 /* 3678 * Log the resource usage. 3679 * 3680 * XXX: more resource usage to logging? 3681 */ 3682 void 3683 logrusage(const struct rusage *rusage_before, 3684 const struct rusage *rusage_after) 3685 { 3686 struct timeval usrtime, systime; 3687 3688 if (logging <= 1) 3689 return; 3690 3691 timersub(&rusage_after->ru_utime, &rusage_before->ru_utime, &usrtime); 3692 timersub(&rusage_after->ru_stime, &rusage_before->ru_stime, &systime); 3693 syslog(LOG_INFO, LLF ".%.03ldu " LLF ".%.03lds %ld+%ldio %ldpf+%ldw", 3694 (LLT)usrtime.tv_sec, (long)(usrtime.tv_usec / 1000), 3695 (LLT)systime.tv_sec, (long)(systime.tv_usec / 1000), 3696 rusage_after->ru_inblock - rusage_before->ru_inblock, 3697 rusage_after->ru_oublock - rusage_before->ru_oublock, 3698 rusage_after->ru_majflt - rusage_before->ru_majflt, 3699 rusage_after->ru_nswap - rusage_before->ru_nswap); 3700 } 3701 3702 /* 3703 * Determine if `password' is valid for user given in `pw'. 3704 * Returns 2 if password expired, 1 if otherwise failed, 0 if ok 3705 */ 3706 int 3707 checkpassword(const struct passwd *pwent, const char *password) 3708 { 3709 const char *orig; 3710 char *new; 3711 time_t change, expire, now; 3712 3713 change = expire = 0; 3714 if (pwent == NULL) 3715 return 1; 3716 3717 time(&now); 3718 orig = pwent->pw_passwd; /* save existing password */ 3719 expire = pwent->pw_expire; 3720 change = pwent->pw_change; 3721 if (change == _PASSWORD_CHGNOW) 3722 change = now; 3723 3724 if (orig[0] == '\0') /* don't allow empty passwords */ 3725 return 1; 3726 3727 new = crypt(password, orig); /* encrypt given password */ 3728 if (strcmp(new, orig) != 0) /* compare */ 3729 return 1; 3730 3731 if ((expire && now >= expire) || (change && now >= change)) 3732 return 2; /* check if expired */ 3733 3734 return 0; /* OK! */ 3735 } 3736 3737 char * 3738 ftpd_strdup(const char *s) 3739 { 3740 char *new = strdup(s); 3741 3742 if (new == NULL) 3743 fatal("Local resource failure: malloc"); 3744 /* NOTREACHED */ 3745 return (new); 3746 } 3747 3748 /* 3749 * As per fprintf(), but increment total_bytes and total_bytes_out, 3750 * by the appropriate amount. 3751 */ 3752 void 3753 cprintf(FILE *fd, const char *fmt, ...) 3754 { 3755 off_t b; 3756 va_list ap; 3757 3758 va_start(ap, fmt); 3759 b = vfprintf(fd, fmt, ap); 3760 va_end(ap); 3761 total_bytes += b; 3762 total_bytes_out += b; 3763 } 3764 3765 #ifdef USE_PAM 3766 /* 3767 * the following code is stolen from imap-uw PAM authentication module and 3768 * login.c 3769 */ 3770 typedef struct { 3771 const char *uname; /* user name */ 3772 int triedonce; /* if non-zero, tried before */ 3773 } ftpd_cred_t; 3774 3775 static int 3776 auth_conv(int num_msg, const struct pam_message **msg, 3777 struct pam_response **resp, void *appdata) 3778 { 3779 int i, ret; 3780 size_t n; 3781 ftpd_cred_t *cred = (ftpd_cred_t *) appdata; 3782 struct pam_response *myreply; 3783 char pbuf[FTP_BUFLEN]; 3784 3785 if (num_msg <= 0 || num_msg > PAM_MAX_NUM_MSG) 3786 return (PAM_CONV_ERR); 3787 myreply = calloc(num_msg, sizeof *myreply); 3788 if (myreply == NULL) 3789 return PAM_BUF_ERR; 3790 3791 for (i = 0; i < num_msg; i++) { 3792 myreply[i].resp_retcode = 0; 3793 myreply[i].resp = NULL; 3794 switch (msg[i]->msg_style) { 3795 case PAM_PROMPT_ECHO_ON: /* user */ 3796 myreply[i].resp = ftpd_strdup(cred->uname); 3797 /* PAM frees resp. */ 3798 break; 3799 case PAM_PROMPT_ECHO_OFF: /* authtok (password) */ 3800 /* 3801 * Only send a single 331 reply and 3802 * then expect a PASS. 3803 */ 3804 if (cred->triedonce) { 3805 syslog(LOG_ERR, 3806 "auth_conv: already performed PAM_PROMPT_ECHO_OFF"); 3807 goto fail; 3808 } 3809 cred->triedonce++; 3810 if (msg[i]->msg[0] == '\0') { 3811 (void)strlcpy(pbuf, "password", sizeof(pbuf)); 3812 } else { 3813 /* Uncapitalize msg */ 3814 (void)strlcpy(pbuf, msg[i]->msg, sizeof(pbuf)); 3815 if (isupper((unsigned char)pbuf[0])) 3816 pbuf[0] = tolower( 3817 (unsigned char)pbuf[0]); 3818 /* Remove trailing ':' and whitespace */ 3819 n = strlen(pbuf); 3820 while (n-- > 0) { 3821 if (isspace((unsigned char)pbuf[n]) || 3822 pbuf[n] == ':') 3823 pbuf[n] = '\0'; 3824 else 3825 break; 3826 } 3827 } 3828 /* Send reply, wait for a response. */ 3829 reply(331, "User %s accepted, provide %s.", 3830 cred->uname, pbuf); 3831 (void) alarm(curclass.timeout); 3832 ret = get_line(pbuf, sizeof(pbuf)-1, stdin); 3833 (void) alarm(0); 3834 if (ret == -1) { 3835 reply(221, "You could at least say goodbye."); 3836 dologout(0); 3837 } else if (ret == -2) { 3838 /* XXX: should we do this reply(-530, ..) ? */ 3839 reply(-530, "Command too long."); 3840 goto fail; 3841 } 3842 /* Ensure it is PASS */ 3843 if (strncasecmp(pbuf, "PASS ", 5) != 0) { 3844 syslog(LOG_ERR, 3845 "auth_conv: unexpected reply '%.4s'", pbuf); 3846 /* XXX: should we do this reply(-530, ..) ? */ 3847 reply(-530, "Unexpected reply '%.4s'.", pbuf); 3848 goto fail; 3849 } 3850 /* Strip CRLF from "PASS" reply */ 3851 n = strlen(pbuf); 3852 while (--n >= 5 && 3853 (pbuf[n] == '\r' || pbuf[n] == '\n')) 3854 pbuf[n] = '\0'; 3855 /* Copy password into reply */ 3856 myreply[i].resp = ftpd_strdup(pbuf+5); 3857 /* PAM frees resp. */ 3858 break; 3859 case PAM_TEXT_INFO: 3860 case PAM_ERROR_MSG: 3861 break; 3862 default: /* unknown message style */ 3863 goto fail; 3864 } 3865 } 3866 3867 *resp = myreply; 3868 return PAM_SUCCESS; 3869 3870 fail: 3871 free(myreply); 3872 *resp = NULL; 3873 return PAM_CONV_ERR; 3874 } 3875 3876 /* 3877 * Attempt to authenticate the user using PAM. Returns 0 if the user is 3878 * authenticated, or 1 if not authenticated. If some sort of PAM system 3879 * error occurs (e.g., the "/etc/pam.conf" file is missing) then this 3880 * function returns -1. This can be used as an indication that we should 3881 * fall back to a different authentication mechanism. 3882 * pw maybe be updated to a new user if PAM_USER changes from curname. 3883 */ 3884 static int 3885 auth_pam(void) 3886 { 3887 const char *tmpl_user; 3888 const void *item; 3889 int rval; 3890 int e; 3891 ftpd_cred_t auth_cred = { curname, 0 }; 3892 struct pam_conv conv = { &auth_conv, &auth_cred }; 3893 3894 e = pam_start("ftpd", curname, &conv, &pamh); 3895 if (e != PAM_SUCCESS) { 3896 /* 3897 * In OpenPAM, it's OK to pass NULL to pam_strerror() 3898 * if context creation has failed in the first place. 3899 */ 3900 syslog(LOG_ERR, "pam_start: %s", pam_strerror(NULL, e)); 3901 return -1; 3902 } 3903 3904 e = pam_set_item(pamh, PAM_RHOST, remotehost); 3905 if (e != PAM_SUCCESS) { 3906 syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s", 3907 pam_strerror(pamh, e)); 3908 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) { 3909 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); 3910 } 3911 pamh = NULL; 3912 return -1; 3913 } 3914 3915 e = pam_set_item(pamh, PAM_SOCKADDR, &his_addr); 3916 if (e != PAM_SUCCESS) { 3917 syslog(LOG_ERR, "pam_set_item(PAM_SOCKADDR): %s", 3918 pam_strerror(pamh, e)); 3919 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) { 3920 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); 3921 } 3922 pamh = NULL; 3923 return -1; 3924 } 3925 3926 e = pam_authenticate(pamh, 0); 3927 if (ftpd_debug) 3928 syslog(LOG_DEBUG, "pam_authenticate: user '%s' returned %d", 3929 curname, e); 3930 switch (e) { 3931 case PAM_SUCCESS: 3932 /* 3933 * With PAM we support the concept of a "template" 3934 * user. The user enters a login name which is 3935 * authenticated by PAM, usually via a remote service 3936 * such as RADIUS or TACACS+. If authentication 3937 * succeeds, a different but related "template" name 3938 * is used for setting the credentials, shell, and 3939 * home directory. The name the user enters need only 3940 * exist on the remote authentication server, but the 3941 * template name must be present in the local password 3942 * database. 3943 * 3944 * This is supported by two various mechanisms in the 3945 * individual modules. However, from the application's 3946 * point of view, the template user is always passed 3947 * back as a changed value of the PAM_USER item. 3948 */ 3949 if ((e = pam_get_item(pamh, PAM_USER, &item)) == 3950 PAM_SUCCESS) { 3951 tmpl_user = (const char *) item; 3952 if (pw == NULL 3953 || strcmp(pw->pw_name, tmpl_user) != 0) { 3954 pw = sgetpwnam(tmpl_user); 3955 if (ftpd_debug) 3956 syslog(LOG_DEBUG, 3957 "auth_pam: PAM changed " 3958 "user from '%s' to '%s'", 3959 curname, pw->pw_name); 3960 (void)strlcpy(curname, pw->pw_name, 3961 curname_len); 3962 } 3963 } else 3964 syslog(LOG_ERR, "Couldn't get PAM_USER: %s", 3965 pam_strerror(pamh, e)); 3966 rval = 0; 3967 break; 3968 3969 case PAM_AUTH_ERR: 3970 case PAM_USER_UNKNOWN: 3971 case PAM_MAXTRIES: 3972 rval = 1; 3973 break; 3974 3975 default: 3976 syslog(LOG_ERR, "pam_authenticate: %s", pam_strerror(pamh, e)); 3977 rval = -1; 3978 break; 3979 } 3980 3981 if (rval == 0) { 3982 e = pam_acct_mgmt(pamh, 0); 3983 if (e != PAM_SUCCESS) { 3984 syslog(LOG_ERR, "pam_acct_mgmt: %s", 3985 pam_strerror(pamh, e)); 3986 rval = 1; 3987 } 3988 } 3989 3990 if (rval != 0) { 3991 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) { 3992 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); 3993 } 3994 pamh = NULL; 3995 } 3996 return rval; 3997 } 3998 3999 #endif /* USE_PAM */ 4000