2003-12-13 Ken Raeburn * ftp.c (do_auth): Handle a return code of 335, where the authentication exchange requires more messages. 2003-06-25 Tom Yu * ftp.c (do_auth): Call gss_release_buffer() on send_tok immediately after sending it. Call gss_release_name() on target_name at outer_loop instead of inside the loop. 2003-06-16 Ken Raeburn * ftp.c (recvrequest): Add new argument indicating whether "-" and "|..." special treatment should be disabled. * ftp_var.h (recvrequest): Update declaration. * cmds.c (remglob, ls, mls): Pass 0 as the extra argument. (mget): Pass 1. (getit): Pass 1 iff only one filename was supplied. 2003-06-05 Sam Hartman * pclose.c (mypopen): use fork not vfork 2003-01-09 Ken Raeburn * ftp.c (hookup, initconn, dataconn): Use socklen_t when passing address to socket functions. 2002-11-08 Ken Raeburn * main.c (makeargv): Report an error if parsed arguments won't fit in margv array. * ftp_var.h (line, argbuf): Extend to 500 bytes. 2002-08-29 Ken Raeburn * Makefile.in: Revert $(S)=>/ change, for Windows support. 2002-08-23 Ken Raeburn * Makefile.in: Change $(S)=>/ and $(U)=>.. globally. 2002-06-13 Ken Raeburn * Makefile.in ($(OUTPRE)ftp.exe): Use ws2_32.lib instead of wsock32.lib. 2002-04-11 Sam Hartman * radix.c : Initialize c and D to suppress warning; code was already correct 2002-04-10 Danilo Almeida * ftp.c: Include Winsock 2 instead of Winsock. * ftp_var.h: Include Winsock 2 headers. * secure.c: Include port-sockets.h on Win32. * main.c: Include mswsock.h (MS Winsock extensions) so that we get some socket options we need to convert sockets to "file descriptors" used in posix-like routines. We now need to pull this in explictly now that we are using Winsock 2. 2002-04-04 Sam Hartman * radix.c (decode;): Patch from Mark Eichin for one char buffer overflow [635] 2002-03-05 Ken Raeburn * cmds.c (unix): Define if BSD is defined. 2001-11-30 Tom Yu * glob.c (execbrc): Fix some fencepost errors. Don't copy uninitialized memory past the end of the pattern string. Don't increment pointer beyond string end. 2001-10-10 Danilo Almeida * ftp.c: Conditionalize declarations of some "unused variables" to eliminate warnings. ANSI-fy definitions. 2001-10-09 Ken Raeburn * cmds.c, ftp.c, ftp_var.h, glob.c, main.c, ruserpass.c, secure.c, secure.h: Make prototypes unconditional. Don't define PROTOTYPE macro. 2001-08-21 Ken Raeburn * glob.c (amatch, case '*'): Treat multiple asterisks the same as one. 2001-07-30 Ezra Peisach * ftp.c: Declare mech_type in struct gss_trials gss_OID to be compatible with GSS_C_NO_OID type. (was gss_OID *). 2001-07-27 Danilo Almeida * ftp.c: Remove local Win32-specific definition of gss_mech_krb5. Use GSS_C_NO_OID instead of gss_mech_krb5 for mech_type to use an implementation specific default. 2001-07-24 Tom Yu * getpass.c: Remove duplicate definitions of sig_t, my_sig_t; they're already declared in ftp_var.h. * ftp_var.h (FDOPEN_SOCKET): Fix second arg. 2001-07-23 Danilo Almeida * Makefile.in, cmds.c, ftp.c, ftp_var.h, getpass.c, glob.c, main.c, ruserpass.c, secure.c, secure.h: Quick and dirty Win32 port. Changes include using sockets more portably; changing the method of getting username, home directory, and temporary filenames; adding password reading code for Win32; directory enumeration via FindNextFile() rather than readdir(); removing OUT labels (which appear to cause problems with MSVC++ 6.0). Since ANSI C, assume we have stdarg.h. 2001-07-03 Ezra Peisach * secure.c: Instead of hard wiring the FUDGE_FACTOR, new variables to keep track of the total buffer length desired and the actual maximum that can be fitted. Add secure_determine_constants() to determine the mechanism dependent overhead. This has a hard limit for krb4 - for gssapi use gss_wrap_size_limit. 2001-06-15 Ezra Peisach * cmds.c, domacro.c: Cast arguments to isspace() and isdigit() from char to int. * ftp.c: krb5_mk_priv(), krb5_mk_safe() expect C_Block *. 2001-05-01 Ken Raeburn * cmds.c (setpeer): Port number should be unsigned short. (Patch from Garry Zacheiss.) Add upper-bound check in case short is not exactly 16 bits. Don't truncate the port number before checking. 2001-04-27 Ezra Peisach * ftp_var.h: Prototype for recvrequest() needs volatile declaration to match code. Native Dec Alpha compiler errors on the inconsistancy. * secure.h (PROTOTYPE): Only define if not defined already. 2001-04-26 Ken Raeburn * ftp_var.h (PROTOTYPE): Always define to use supplied prototype. * secure.h (PROTOTYPE): Likewise. 2001-03-07 Ken Raeburn * cmds.c (strerror): Only define if not HAVE_STRERROR. * ftp.c (strerror): Likewise. * secure.c (secure_putbuf, secure_getbyte): Use strerror. 2000-11-21 Ken Raeburn * cmds.c (globulize): Use correct address of globbed results when freeing storage. Patch from Nalin Dahyabhai . 2000-10-23 Tom Yu * secure.h: Change SESSION to refer to &cred.session instead, so as to have the correct pointer type when passed to {mk,rd}_{safe,priv}() functions. Tue Oct 10 05:01:21 2000 Ezra Peisach * ftp.c (do_auth): Remove debugging printf which I inadvertantly introduced. 2000-08-29 Alexandra Ellwood * cmds.c, cmdtab.c, ftp_var.h: renamed getmode() and setmode() to get_mode() and set_mode() to avoid a collision with Mac OS X file permission bits manipulation functions of the same name which get included through unistd.h. Tue Aug 22 17:10:39 2000 Ezra Peisach * secure.h (myaddr): For secure data stream, pass the port number of the data stream and not the control stream to krb_mk_priv. 2000-08-17 Ezra Peisach * domacro.c: Compiler warning cleanups and fix the overflow fix to index the proper array. * cmds.c, cmdtab.c, ftp.c, ftp_var.h, getpass.c, glob.c, main.c, radix.c, ruserpass.c, secure.c, secure.h: Compiler warning cleanups including providing prototypes, cleanup of assignments in conditionals, including unistd.h and stdlib.h (if present), declaring local functions as static. * Makefile.in: Do not compile pclose.c - the code is not used. 2000-05-11 Nalin Dahyabhai * domacro.c (domacro): Don't overflow "line2" * ftp.c (getreply, krb4 compat): Bail if message data too big for buffer (getreply, gssapi): Ditto. (pswitch): Don't overflow "ntin", "ntout", "mapin", "mapout". (do_auth, krb4 compat): Don't overflow "realm". 2000-04-27 Nalin Dahyabhai * cmds.c (remglob): Don't overflow buffer "temp". (shell): Don't overflow buffer "shellnam". (quote1): "buf" * glob.c (ftpglob): Fix boundary in buffer "agpath". (expand): Don't overflow buffer pointed to by "gpath". (execbrc): Don't overflow buffer "restbuf". 2000-02-18 Ken Raeburn * cmds.c (mls): Declare some variables volatile to protect against getting clobbered by setjmp/longjmp. * ftp.c (sendrequest, recvrequest, proxtrans): Ditto. * main.c (main): Ditto. * pclose.c (mypopen): Ditto. 1999-10-26 Wilfredo Sanchez * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, LOCAL_INCLUDES such that one can override CFLAGS from the command line without losing CPP search patchs and defines. Some associated Makefile cleanup. 1999-09-21 Ken Raeburn * ftp.c (getreply): Don't declare strpbrk or strstr functions if they're defined as macros. 1999-08-27 Tom Yu * ftp.c: Diable krb5-mech2 for now. Tue May 11 11:58:00 1999 Ezra Peisach * ftp.c: Inclusion of gssapi_krb5.h requires gssapi_generic.h. Thu Feb 25 23:05:03 1999 Tom Yu * secure.c (secure_putbuf): Revert Sam's last change; if FUDGE_FACTOR is wrong, then badness can happen. Also, if out_buf.length != nbytes+FUDGE_FACTOR, heap corruption could happen. We really should be using gss_wrap_size_limit() or something like that, but doing so would require substantial amounts of reworking. [krb5-appl/685] 1998-11-13 Theodore Ts'o * Makefile.in: Set the myfulldir and mydir variables (which are relative to buildtop and thisconfigdir, respectively.) 1998-10-26 Marc Horowitz * ftp.c (login): *always* encrypt the password, regardless of the default command mode. (do_auth): Try the new krb5 mech, and if that fails, try the old one. 1998-10-26 Geoffrey King * ftp.M: Add documentation for new ccc and cprotect commands. Also, add previously omitted command line options -u and -t and "passive" command to the man page. * main.c (main): Print out a usage message instead of just "unknown option." Fri Oct 2 16:16:13 1998 Theodore Y. Ts'o * cmdtab.c: Update help message for passive mode so that it indicates that the "passive" command toggles passive mode. * main.c (main): Make passive mode off by default. Fri Aug 28 18:46:35 1998 Geoffrey King * cmds.c (user): Replace "oldlevel" with the more descriptive "oldclevel". Also, replace all occurrences of "dlevel" in this function with "clevel". * ftp.c (login): Test whether or not the server actually requires "PASS dummy" by first sending "PWD" and checking the return value. Wed Aug 12 02:26:26 1998 Geoffrey King * ftp.c, cmds.c, cmdtab.c, main.c, secure.c, ftp_var.h: Replace global variable level with separate variables clevel and dlevel for the control channel and data channel protection levels, respectively, so that the user may specify separate protection levels for each channel. Similarly, functions such as getlevel and setlevel are now getclevel/getdlevel, and setclevel/setdlevel. * cmdtab.c: Add new FTP commands "cprotect" to allow the user to set the control channel protection level (similar to "protect"), and "ccc" (Clear Command Channel) which sets the control channel protection level to clear (per the RFC). Fri Aug 7 22:39:47 1998 Matthew D Hancher * ftp.c (do_auth): Make verbosity not disappear if GSSAPI fails. (getreply): Move 'S:' and 'P:' from verbose to debug. Fri Aug 7 11:45:17 1998 Tom Yu * ftp.c (getreply): Restore proper setting of safe. This variable was previously being set to the value of code rather than to the boolean expression (code == 631), which it had been previously. The bug resulted in all replies from the server being parsed as krb_safe messages even when they were krb_priv messages. 1998-05-06 Theodore Ts'o * radix.c (argv): POSIX states that getopt returns -1 when it is done parsing options, not EOF. Sat Apr 25 01:53:04 1998 Sam Hartman * cmds.c (setpeer): Fix so that autologin is respected again 1998-04-21 Ken Raeburn * glob.c (ftpglob): Always allocate new storage, even if no magic glob characters were found, because the caller will always free the storage. Tue Apr 7 16:53:58 1998 Dan Winship * secure.c (secure_putbyte): Set nout = 0 *before* calling secure_putbuf: if the transfer is aborted, the SIGURG handler will longjmp out, so the line after the secure_putbuf will never get executed, so nout would never be reset and the next transfer would overrun ucbuf. Wed Feb 18 15:29:35 1998 Tom Yu * Makefile.in: Remove trailing slash from thisconfigdir. Fix up BUILDTOP for new conventions. Fri Feb 13 15:31:46 1998 Theodore Ts'o * Makefile.in (thisconfigdir), configure.in: Point the configuration directory at our parent, and remove our local configure.in Mon Feb 2 17:02:29 1998 Theodore Ts'o * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile Thu Jan 29 19:39:27 1998 Dan Winship * ftp.h: * ftp.M: * main.c (main): add options -f (forward credentials) and -x (automatically negotiate encryption) * ftp.c (do_auth): implement -f. Also, don't complain that ftp/hostname doesn't exist if host/hostname does. * cmds.c (setpeer): implement -x Thu Dec 11 23:26:58 1997 Tom Yu * ftp.c: * main.c: Don't include netdb.h or sys/socket.h if krb.h is included; this works around an Ultrix bug where those headers aren't protected against multiple inclusion. Sat Dec 6 18:17:10 1997 Sam Hartman * main.c (main): Add -u for unauthenticated * ftp_var.h: Add autoauth * cmds.c (setpeer): Automatic authentication should not be dependent on autologin; use -u instead. Thu Oct 16 01:20:30 1997 Tom Yu * main.c: Change KERBEROS to KRB5_KRB4_COMPAT where appropriate. * secure.c: Use rather than "secure.h" so that the correct secure.h gets included (the one in the $(srcdir) of the directory we're compiling secure.c into). From danw@mit.edu. * ftp.c: Change KERBEROS to KRB5_KRB4_COMPAT where appropriate. Re-order the clauses so that that GSSAPI gets tried before KERBEROS_V4. * Makefile.in: Update LOCALINCLUDE and the link line to DTRT with krb4 compatibility. Sun Aug 17 14:23:39 1997 Ezra Peisach * Makefile.in (SRCS): Add $(srcdir) where needed. Wed Apr 30 14:59:03 1997 Theodore Ts'o * cmds.c (getit): Fix Y2K bug in the parsing of the MDTM command. [krb5-appl/399] Wed Feb 5 20:29:31 1997 Tom Yu * Makefile.in: * configure.in: Update to new program build procedure. Fri Nov 22 15:48:19 1996 unknown * ftp.c (hookup): use sizeof instead of h_length to determine number of bytes of addr to copy from DNS response [krb5-misc/211] Fri Sep 27 16:05:09 1996 Tom Yu * cmds.c (setpeer): Apply jik's fix so "-n" actually works as intended. Tue Sep 10 14:07:15 1996 Tom Yu * ftp.M: remove ".so man1/header.doc" Fri Aug 16 20:04:03 1996 Sam Hartman * secure.c (nbyte;): Fix for Kerberos IV version of the memory allocation bug I fixed for Kerberos V; you want nbyte + FUDGE_FACTOR, not out_buff.length. Tue Jul 30 19:45:45 1996 Samuel D Hartman (hartmans@vorlon) * ftp.c (empt resety): Use fd_set as a typedef not a struct. Linux breaks. Mon Jul 29 22:37:23 1996 Ezra Peisach * secure.c: Do not assume sizeof(long) = 4 for sending lengths OTW * configure.in: Determine sizeof short, int, long for secure.c Fri Jul 26 20:55:12 1996 Sam Hartman * secure.c (secure_putbyte): Reset nout to zero on errorso we don't overflow our buffer. * ftp.c (sendrequest): If there is an error in secure_write, break out of the loop. * secure.c(FUDGE_FACTOR): Define for GSSAPI so writes don't fail. i chose a value of 64, which is larger than the apparent 52 bytes of additional data but I'm not sure 52 is constant. (secure_putbuf): Set bufsize to the size we actually allocate Also, write foure bytes for net_len no matter how long it actually is. I would rather declare it a 32-bit type but am not sure whether to use the GSSAPI, krb4, or krb5 32-bit int. Wed Jul 10 16:40:19 1996 Marc Horowitz * cmdtab.c (cmdtab[]), cmds.c (delete_file): rename delete() to delete_file() to avoid conflict with the dbm delete() function Thu Mar 28 21:07:40 1996 Ken Raeburn * cmds.c (setpeer): Define unix for HP-UX. Thu Mar 28 19:26:53 1996 Marc Horowitz * secure.c (secure_putbuf): the size computation of the output buffer was ok for krb4, but completely wrong for gssapi. I moved the code into the KERBEROS block, and wrote suitable code for GSSAPI. This affects the client and server, which were core dumping on hpux. Mon Mar 18 12:12:44 1996 Ezra Peisach * secure.c, ftp.c, ftp_var.h: Define STDARG if HAVE_STDARG_H is defined (in addition to the other tests) * configure.in: Add AC_HEADER_STDARG Fri Feb 16 15:50:51 1996 Mark Eichin * ftp.c (do_auth): return status handling fixes from kbalk@hp.com. Tue Jan 16 19:05:31 1996 Mark Eichin * ftp.c (login): move do_auth ... * cmds.c (setpeer): ... to just before login call. Mon Feb 5 09:06:16 1996 Ezra Peisach * configure.in: Check for stdlib.h * secure.c, pclose.c, ruserpass.c, ftp.c: Include stdlib.h if present for malloc declarations. Thu Jan 18 18:33:18 1996 Sam Hartman * cmds.c: Handle sys_errlist and remove declaration of errno. * configure.in: Check to see if we need to declare sys_errlist. * ftp.c secure.c: Only define sys_errlist if needed Thu Jan 18 11:55:50 1996 Sam Hartman * configure.in: Check for sys/select.h * ftp.c: Include sys/select.h if present. Sun Jan 14 01:54:35 1996 Bill Schoofs * Makefile.in (DEFINES): define NOCONFIDENTIAL for future use. * ftp.c (command): recognize 533, not 402, for 'server unwilling to accept' (getreply): recognize 633 for confidential reply, and then don't support it. Tue Jan 2 19:17:47 1996 Mark Eichin * pclose.c: test HAVE_GETDTABLESIZE instead of hpux. * configure.in: set HAVE_GETDTABLESIZE. Fri Oct 20 11:59:32 1995 Mark W. Eichin * ftp.c (do_auth): synthesize channel bindings from myctladdr and hisctladdr, based on changes pending for draft 9. Thu Oct 19 04:47:36 1995 Mark W. Eichin * configure.in: check for POSIX_TERMIOS just like appl/bsd does. Wed Oct 4 19:24:39 1995 Mark Eichin * ftp, pclose, ruserpass.c, secure.c: don't ever declare malloc. Sun Oct 1 03:30:30 1995 Mark Eichin * ftp.c (do_auth): accept ADAT 3yz response. Clean up loops, add lots of debugging messages. Sun Oct 1 00:56:55 1995 Mark Eichin * Makefile.in: use FTP_BUFSIZ everywhere and make it large for now. * ftp.c: only look at "host" for now. Report error parsing name. Handle gssapi error reporting better. Sat Sep 30 22:26:37 1995 Mark Eichin * ftp.c, secure.c: correct gssapi includes. Fix some typos and missing declarations. Sat Sep 30 21:31:09 1995 Mark Eichin * Makefile.in (depend, install): change to double colon rules. * cmds.c: no conf.h, check HAVE_GETCWD, use krb5_sigtype. * configure.in: check KRB5_SIGTYPE, CHECK_SIGPROCMASK, CHECK_WAIT_TYPE, and getcwd. * ftp.c: no conf.h, use krb5_sigtype. (secure_command): use user_gss_error. (do_auth): cycle through gss_services. (user_gss_error): new function, decomposes GSSAPI errors and sends them to standard error. (secure_gss_error): hook for secure.c common functions to get the correct error routine. * getpass.c, main.c: no conf.h, use krb5_sigtype. * pclose.c: no conf.h, use krb5_sigtype. (mypclose): obey USE_SIGPROCMASK. * secure.c (secure_getbyte): use generic secure_gss_error. Sat Sep 30 16:43:28 1995 Mark Eichin * configure.in, Makefile.in: new files for port to GSSAPI and build within the Kerberos V5 build tree. * ftp.c, secure.c: GSSAPI authentication changes based on the IETF CAT working group ***DRAFT*** FTP Security specification, draft number 8, appendix I. **** previous change logs from CNS V4 modifications of Steve Lunt's draft-3 ftp client, which this is based on. **** Wed Jul 26 21:01:42 1995 Ken Raeburn * domacro.c: Include string.h. * secure.c: Ditto. Mon Jul 10 14:54:41 1995 Michael Meissner * glob.c (matchdir): #if 0 code that uses a private member of the DIR structure to check whether a filename passed to opendir is a directory or not. Fri May 26 19:36:12 1995 Mark Eichin * glob.c (matchdir): open "." explicitly if gpath is null. Fri May 19 16:11:07 1995 Mark Eichin * ftp.c (ptransfer): be sure that printf(%g) gets a float, not an implicit double, by doing the whole calculation in the variable. Thu Feb 2 13:40:04 1995 Ian Lance Taylor * ftp.c: Don't try to use IP_TOS if the IP_TOS argument (IPTOS_LOWDELAY, etc.) is not defined. Wed Jan 18 14:07:33 1995 Ian Lance Taylor * ftp.1: Include man1/tmac.doc. * ftp.c (initconn): If the PASV command is rejected, turn off passive mode and try again. Wed Jan 4 11:21:34 1995 Ian Lance Taylor * cmds.c, ftp.c: Use mygetpass instead of getpass. * ruserpass.c: Don't include . Don't declare getlogin, getpass, or getuttmp. Thu Dec 29 15:19:44 1994 Mark Eichin * cmds.c (setpeer): add || defined(linux) to the NBBY == 8 check, since this code is appropriate under linux. Thu Dec 29 14:11:37 1994 Mark Eichin * cmds.c (siteidle): renamed idle() to avoid conflict with linux idle(void). * cmdtab.c: rename declaration and cmdtab entry. Tue Dec 27 13:29:08 1994 Ian Lance Taylor * ftp.c: If STDARG is defined, or if __STDC__ is defined and VARARGS is not defined, include , instead of . (command): Use routines if STDARG || (__STDC__ && ! VARARGS). (secure_error): Likewise. * ftp_var.h (command): Declare if STDARG || (__STDC__ && ! VARARGS). * secure.c (secure_error): Likewise. * secure.h (hisaddr): Define as hisdataaddr. * ftp.c (hisdataaddr): New global variable. (initconn): Set hisdataaddr to data_addr. (dataconn): Use hisdataaddr instead of local variable from. Fri Dec 23 15:18:12 1994 Ian Lance Taylor * cmds.c (unix): Define if _AIX is defined (AIX compiler does not predefine unix). * ftp.c (login): When choosing the default login name, use the values of the environment variables LOGNAME and then USER in preference to calling getlogin. Thu Dec 22 14:59:34 1994 Ian Lance Taylor * cmds.c (gettype): Sometimes type will be zero, which requires special handling. * main.c: Include . (main): Support new option: -k. * ftp.c (realm): New global variable. (do_auth): Remove local variable realm; use new global instead. Don't call krb_realmofhost if realm is set. * ftp.1: Document -k. Fri Dec 16 10:53:08 1994 Ian Lance Taylor Fixes for Alpha OSF/1: * cmds.c: Redefine sig_t to my_sig_t to avoid header file conflict. * ftp.c: Likewise. Fixes for SCO: * cmdtab.c: Include before ftp_var.h. * domacro.c: Move include of before include of ftp_var.h. Don't include . * main.c: Move include of before include of ftp_var.h. Fixes for AIX: * cmds.c (mput): Use 0 instead of NULL when an integer is expected. (getit, mget): Likewise. * ftp_var.h (strncpy, strncat, strcat, strcpy): Don't declare. * ruserpass.c (strcpy): Don't declare. * secure.c: Include . Fixes for Irix 4: * ftp_var.h: Unless DEFINITIONS is defined, declare variables rather than defining them. * ftp.c: Define DEFINITIONS before including ftp_var.h. (recvrequest): If NOSTBLKSIZE is defined, use BUFSIZ instead of st_blksize. * getpass.c: Put note after #endif in /* */ * pclose.c: Likewise. * ruserpass.c (token): Move before ruserpass. (ruserpass): Don't declare token. General fixes to make it compile on Solaris: Use sigtype for signal handler return values, including conf.h where needed. Add a dummy argument to signal handler functions. Replace index, rindex, bzero and bcopy with ANSI C functions. Cast Kerberos routine arguments to avoid warnings. Also: * cmds.c: Include . If POSIX is defined, include unistd.h, otherwise define getcwd to call getwd. (lcd): Call getcwd instead of getwd. (shell): If WAIT_USES_INT, use int instead of union wait. * ftp.c: Include . (L_SET, L_INCR): Define if not defined. * ftp_var.h (index, rindex): Don't declare. * main.c: Inclue . * pclose.c (getdtablesize): New function on hpux or __svr4__. * radix.c (radix_encode): Cast strcmp arguments to avoid warnings. * ruserpass.c: Include . If POSIX, include and don't declare malloc. (MAXHOSTNAMELEN): Define if not defined. (index): Don't declare. Thu Dec 15 16:13:44 1994 Ian Lance Taylor * Initial checkin. Based on Steve Lunt's ftp program, which was based on BSD code.