2005-01-13 Ezra Peisach <epeisach@mit.edu> * ftpd.c: GCC 4.0 fixes... Move static declaration of gunique out of function. 2004-11-26 Sam Hartman <hartmans@mit.edu> * ftpcmd.y: nbby should be 8 for anything platform we care about. The previous test broke on Debian BSD, so the test has been removed. 2004-11-03 Tom Yu <tlyu@mit.edu> * ftpcmd.y (getline): Merge Athena change to reject MICed password. * ftpd.M: Document '-E'. * ftpd.c (main): Merge Athena's '-E' changes to prohibit unencrypted passwords. 2004-09-22 Tom Yu <tlyu@mit.edu> * Makefile.in (ftpd): Use UTIL_LIB. 2004-08-27 Ken Raeburn <raeburn@mit.edu> * ftpd.c (ftpd_gss_convert_creds): Terminate argument list to krb5_build_principal_ext with 0, not NULL. Patch from Nalin Dahyabhai. 2004-08-27 Sam Hartman <hartmans@mit.edu> * ftpd.c (passwd;): Patch from Garry Zacheiss to use krb5_get_init_creds_password instead of krb5_get_in_tkt since get_in_tkt is obselete 2004-08-08 Ken Raeburn <raeburn@mit.edu> * ftpd.c (main): Use socklen_t for the size of the address from accept. 2003-12-13 Ken Raeburn <raeburn@mit.edu> * ftpcmd.y (getline): Allow "AUTH" as an unprotected command. * ftpd.c (login): Fix checks for accept_sec_context status. Only send back one message in the CONTINUE_NEEDED case. (with_gss_error_text): New function, split out from reply_gss_error. (reply_gss_error): Call it. (reply_gss_error_1): New function. (log_gss_error, log_gss_error_1): New functions. (login): Call log_gss_error instead of syslog on error from gss_display_name. 2003-06-05 Sam Hartman <hartmans@mit.edu> * popen.c (ftpd_popen): Use fork not vfork 2003-04-23 Ken Raeburn <raeburn@mit.edu> * ftpd.c: Don't declare errno. 2003-01-03 Ken Raeburn <raeburn@mit.edu> * ftpd.c (auth_data): Kerberos v4 checksum must be a 32-bit value. 2002-10-23 Ezra Peisach <epeisach@bu.edu> * ftpcmd.y: Bison 1.75 cleanup. Essentially remove `=' before statements to be executed. (ticket 1218). 2002-08-29 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Revert $(S)=>/ change, for Windows support. 2002-08-23 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Change $(S)=>/ and $(U)=>.. globally. 2002-08-23 Ezra Peisach <epeisach@bu.edu> * ftpd.c (auth_data, reply_gss_code): Use OM_uint32 instead of int to match arguments to gssapi functions. 2002-07-12 Ken Raeburn <raeburn@mit.edu> * ftpd.c: Include port-sockets.h. 2002-06-25 Ken Raeburn <raeburn@mit.edu> * Makefile.in (ftpd): Don't use krb5util library. 2002-04-11 Sam Hartman <hartmans@mit.edu> * ftpd.c (adata;): Don't use channel bindings in call to gss_accept 2002-03-20 Ezra Peisach <epeisach@mit.edu> * Makefile.in: Remove dependency on krb524.h and krb524_err.h as they may not be present if compiling --without-krb4. 2002-03-05 Ken Raeburn <raeburn@mit.edu> * ftpcmd.y (unix): Define if BSD is defined. 2002-01-08 Ken Raeburn <raeburn@mit.edu> * ftpd.c (login): New argument LOGINCODE, optional result code to override local use of success code 230 when homedir is not accessible but root directory is. (user): Pass result code 232 to login. (pass): Pass result code 0 to login. 2001-11-30 Tom Yu <tlyu@mit.edu> * ftpcmd.y (pathname): Handle returns from ftpglob() better so that errors get sent via reply(), while causing some match failures to match to simply return $1, so the higher level can deal. Previously, some failures would cause synch problems since NULL would be returned and no reply was sent. 2001-10-11 Mitchell Berger <mitchb@mit.edu> * ftpd.M: Remove improper formatting from the .SH NAME section, as it was reported to cause windex generation problems and was inconsistent with all the other man pages. 2001-10-09 Ken Raeburn <raeburn@mit.edu> * ftpd_var.h, secure.h: Make prototypes unconditional. 2001-08-03 Mitchell Berger <mitchb@mit.edu> * ftpd.M: Update the usage line and option descriptions to be in sync with what the code actually does and be in a consistent order. 2001-08-03 Mitchell Berger <mitchb@mit.edu> * ftpd.c (main): Convert to do option parsing with getopt() rather than the whitespace-sensitive voodoo we've used in the past. This fixes a bug where use of -u to set a default umask silently failed and granted more permission on files than desired if the -u and the mode were separated by a space, and likely many other such bugs. 2001-07-04 Ezra Peisach <epeisach@mit.edu> * ftpd.c: Provide prototypes for myoob and lostconn. 2001-07-03 Ezra Peisach <epeisach@mit.edu> * ftpd.c (sgetpwnam): Remove local declaration of sgetsave. 2001-07-02 Ezra Peisach <epeisach@mit.edu> * popen.c: Include ftpd_var.h. * ftpd.c: Declare secure_fprintf, gunique, sgetsave, sgetpwnam, path_expand static. * ftpd_var.h: Add prototypes for getline, renamefrom, ftpd_popen, ftpd_pclose. * ftpcmd.y: Declare lookup, copy and urgsafe_getc static. 2001-06-22 Ezra Peisach <epeisach@mit.edu> * ftpcmd.y (help): Change local variable type to ftype. * ftpd.c (main): Local variable name changes to prevent shadowing of cp, sin, optarg. 2001-06-21 Ezra Peisach <epeisach@mit.edu> * ftpd.c: If NEED_SETENV defined, prototype for setenv. (auth_data): radix_encode expects a int * and not a size_t *. Use temporary variable to pass data in and out. 2001-06-20 Ezra Peisach <epeisach@mit.edu> * ftpd.c: Include gssapi/gssapi_krb5.h for gss_krb5_copy_ccache prototype. Provide prototype for yyparse. 2001-06-19 Ezra Peisach <epeisach@mit.edu> * ftpcmd.y: Cleanup potential ambiguity between comparsion and pre-increment for a variable. 2001-06-15 Ezra Peisach <epeisach@mit.edu> * ftpcmd.y, ftpd.c: Cast argument to isspace()/isdigit() to int. * secure.h (SESSION): Pass pointer to C_Block as expected by krb5_mk_priv(). 2001-06-08 Mitchell Berger <mitchb@mit.edu> * pathnames.h: _PATH_FTPUSERS renamed to _PATH_FTPUSERS_DEFAULT. * ftpd.c: Added '-U filename' option to allow specification of an ftpusers file other than the default. * ftpd.M: Documented the new -U option. 2001-06-06 Ezra Peisach <epeisach@mit.edu> * ftpcmd.y: Include "ftpd_var.h" and remove prototype for reply() and lreply(). Add prototypes and declare as returning void sizecmd(), help() and yylex(). Cleanup assignments in conditionals. * ftpd.c: Include <grp.h> for initgroups() prototype. Move reply(), lreply() prototypes to ftpd_var.h (and include same). Include "krb524.h" for krb524_convert_creds_kdc() prototype. Include secure.h. Provide static prototypes for ftpd_gss_convert_creds(), ftpd_gss_userok(), dolog(), receive_data(), login(), end_login(), disallowed_user(), restricted_user(), checkuser(). Declare main(), checkuser(), disallowed_user(), restricted_user(), end_login(), kpass(), retreive_data(), auth_data(), secure_printf(), ftpd_gss_userok(), as returning int. Declare setdlevel(), user(), pass(), login(), retreive(), store_file(), secure_error(), statfilecmd(), stat_cmd(), fatal(), reply(), lreply(), ack(), nack(), yyerror(), delete_file(), cwd(), makedir(), removedir(), pwd(), renamecmd(), dolog(), dologout(), passive(), perror_reply(), auth(), send_file_list(), reply_gss_error(), secure_gss_error(), ftpd_gss_convert_creds(), as returning void. Cleanup printf argument mismatches. * ftpd_var.h: New header file with many prototypes from ftpd.c. * popen.c (ftpd_popen): Add parenthesis in conditional to distinguish || vs &&. Add prototype for blkfree(). (ftpd_pclose): Declare as returning int. 2001-04-25 Tom Yu <tlyu@mit.edu> * ftpcmd.y: Don't dereference a NULL pointer returned from ftpglob(). * ftpd.c: Be more paranoid about return values from ftpglob(). Police uses of sprintf(). Account for expansion in radix_encode(). 2001-03-07 Ken Raeburn <raeburn@mit.edu> * ftpd.c (strerror): Only define if not HAVE_STRERROR. 2000-12-06 Ken Raeburn <raeburn@mit.edu> * ftpd.c (dolog): Cast first argument to pty_make_sane_hostname to sockaddr pointer. 2000-10-16 Ezra Peisach <epeisach@mit.edu> * ftpd.c (reply): For gssapi connection, do not include NULL in sealed reply string. 2000-10-03 Ezra Peisach <epeisach@mit.edu> * ftpd.c (login): Return of krb5_cc_get_name is now const char *. 2000-08-25 Tom Yu <tlyu@mit.edu> * ftpcmd.y: Fix up grammar so that single character token names are no longer used; this was breaking the build using bison on HP/UX because some system headers declare structures with members having all-uppercase field names and bison puts the token name #define statements in front of the C declarations section in the output, causing them to be in force while those headers get #included. There doesn't seem to be much purpose in not just using character constants, anyway. Tue Aug 22 11:37:35 2000 Ezra Peisach <epeisach@mit.edu> * secure.h (myaddr): For secure data stream, pass the port number of the data stream and not the control stream to krb_mk_priv. * ftpd.c (auth_data): Iterate over all krb4 services instead of trying to examine the srvtab file for a particular key (which failes when falling back on the v5 keytab for des3 services). 2000-06-14 Tom Yu <tlyu@mit.edu> * ftpcmd.y (nonguest): Return $1, not 1, if (!guest). 2000-05-11 Nalin Dahyabhai <nalin@redhat.com> * ftpd.c (gunique): Make sure that path stored in "new" isn't too long. 2000-02-18 Ken Raeburn <raeburn@mit.edu> * ftpd.c (reply, lreply): Declare with format attribute under gcc. (send_data, receive_data, send_file_list): Declare some variables volatile to protect against getting clobbered by setjmp/longjmp. * popen.c (ftpd_popen): Declare IOP volatile. 1999-10-26 Wilfredo Sanchez <tritan@mit.edu> * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, LOCAL_INCLUDES such that one can override CFLAGS from the command line without losing CPP search patchs and defines. Some associated Makefile cleanup. 1999-09-21 Ken Raeburn <raeburn@mit.edu> * ftpd.c (checkuser): Only call fclose on file handle if it's not NULL. (send_file_list): Don't declare strpbrk function if it's defined as a macro. Thu Mar 25 23:13:56 1999 Tom Yu <tlyu@mit.edu> * ftpd.c (login): Check that the luid is not the uid we want to change to prior to calling setluid() so that we can run as non-root. Wed Mar 24 17:11:32 1999 Tom Yu <tlyu@mit.edu> * ftpcmd.y (urgsafe_getc): New function; like getc() except it retries once if SIOCATMARK returns TRUE. (getline): Use urgsafe_getc() rather than getc() to avoid problems with certain Mac clients that cause the urgent pointer to end up in a location that results in EOF from getc(). Fri Mar 12 07:35:01 1999 Tom Yu <tlyu@mit.edu> * ftpd.c (user): Remove extra "%s" in call to sprintf() to avoid dereferencing stack garbage. Mon Mar 8 23:47:51 1999 Tom Yu <tlyu@mit.edu> * ftpd.M: Resync with reality. * Makefile.in (ftpd): Add libpty to link line. Remove mention of logwtmp files. * ftpd.c: Fix up hostname logging to use pty_make_sane_hostname(). Thu Feb 25 23:31:37 1999 Tom Yu <tlyu@mit.edu> * ftpd.c (reply): Don't call secure_gss_error() or secure_error() from within reply() to avoid setting up an infinite loop. [krb5-appl/684] Thu Feb 18 18:34:23 1999 Tom Yu <tlyu@mit.edu> * ftpd.c (login): Add call to setluid() if necessary. Fri Feb 12 21:11:18 1999 Tom Yu <tlyu@mit.edu> * ftpd.c: strcat -> strncat 1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Set the myfulldir and mydir variables (which are relative to buildtop and thisconfigdir, respectively.) Mon Oct 26 13:46:47 1998 Dan Winship <danw@mit.edu> * ftpd.c (main): Add -A (require authentication, but not necessarily authorization) and -C (user wants local credentials). (user): Implement -A. Reorganize code a bit. If want_creds (-C) is set, require a password even if authorization succeeds. (kpass): Add krb5 ticket-getting code too. If want_creds is set, don't destroy the tickets after verifying the Kerberos password. (pass): Check krb password before local password, so we can get credentials if we need them. Ignore local password if want_creds is set. In case of "too many failed login attempts", exit via dologout() instead of exit() so on-disk credentials are destroyed. (auth_data): If user forwards GSSAPI creds and want_creds is set, write them out to a krb5 ccache. If doing krb4 compat, convert them to krb4 tickets as well. (If want_creds is not set, smile and nod at the user and then destroy the creds.) (end_login): If the user has creds on disk, destroy them. (dologout): If the user has creds on disk, destroy them. * ftpd.M: Add -A and -C. Fri Oct 23 18:18:52 1998 Theodore Y. Ts'o <tytso@mit.edu> * ftpd.c (pass): Wait 5 seconds before returning "password incorrect", and only allow three bad passwords. Then return an 421 reply code before closing the connection and going away. * ftpcmd.y (cmd): Don't allow the PORT command to accept a port number lower than 1024; this prevents some nasty ftp "bounce attacks" to SMTP ports, etc. Tue Oct 20 16:29:46 1998 Dan Winship <danw@mit.edu> * ftpd.M: Reality check. Add -a to synopsis, document -c and -u and CCC. 1998-10-08 Geoffrey King <gjking@mit.edu> * ftpd.c: Add support for restricted users, as requested in [krb5-appl/481]. Users that appear in /etc/ftpusers, followed by the keyword "restrict" will be granted access, but a chroot() will be done to their home directory. Tue Sep 29 19:25:09 1998 Theodore Y. Ts'o <tytso@mit.edu> * ftpd.c (auth_data): Don't use h_errno, it's not fully portable, and it's not worth it. 1998-08-28 Geoffrey King <gjking@mit.edu> * ftpd.c (login): New function. Essentially, the old pass function has been split into its two logical components, pass and login. Don't reply 230 "User logged in" if the user didn't send a PASS command; this causes the client to get a bit confused. (pass): If auth_ok is true, reply with code 202 to tell the user that a PASS command is not necessary. (auth_ok): New function that returns true if either gss_ok or kerb_ok is true (all the #ifdefs were beginning to clutter things, and it's a good abstraction in case other auth types are ever added in the future). (user): If GSSAPI or Kerberos v4 authentication succeeds, call login immediately, instead of waiting for the client to send "PASS dummy." Also, use #ifdef PARANOID instead of "some paranoid sites may wish to uncomment this" Wed Aug 19 06:47:46 1998 Geoffrey King <gjking@mit.edu> * ftpd.c: Add a new command line option, -c, which tells the server to accept the CCC command. * ftpcmd.y: If the -c option was given, check to make sure the CCC command itself was integrity protected, and then set ccc_ok to allow future commands to be transmitted as cleartext. (getline): Now that CCC is potentially allowed, we must check to see if we are parsing an unprotected command even if a security context is established (i.e. auth_type is set). Wed Aug 12 02:57:07 1998 Geoffrey King <gjking@mit.edu> * ftpcmd.y, ftpd.c: Replace global variable level with clevel and dlevel to allow independence of command and data channel protection levels. Tue Aug 11 04:30:59 1998 Matthew D Hancher <mdh@mit.edu> * ftpd.c: Add support for extended logging as per PR#481. Using the 'l' command line option twice now logs the major file commands, and using it thrice logs bytecounts for RETR and STOR as well. Fri Aug 7 00:56:30 1998 Matthew D Hancher <mdh@mit.edu> * ftpcmd.y: Replace old KERBEROS #ifdef's with KRB5_KRB4_COMPAT so that K4 compatibility support actually gets compiled in. * ftpd.c: (pass): Make daemon not lose for homedirs on root-squashing filesystems. (auth_data): Fix that godawful "error: No error" message when gss_acquire_cred() fails. (user): Fix getusershell() code so it works more than once. 1998-07-11 <hartmans@fundsxpress.com> * ftpd.c (data;): do not declare h_errno; breaks on AIX and possibly with other multithreaded systems. 1998-05-26 Theodore Ts'o <tytso@rsts-11.mit.edu> * logwtmp.c: Include paths.h if present, and use _PATH_WTMP to determine WTMPFILE. Fri May 8 18:06:52 1998 Theodore Y. Ts'o <tytso@mit.edu> * ftpcmd.y (cmd): Fix Y2K problem in the MDTM command. Fri Apr 10 20:06:31 1998 Tom Yu <tlyu@mit.edu> * ftpd.c (receive_data): (send_data): Add support for sigsetjmp(). (main): Use sigaction() if we can to avoid SysV lossage. (send_file_list): Oops missed a sigsetjmp() call. (send_data): Add call to secure_flush() to send a zero length buffer when aborting. (send_file_list): Add call to secure_flush() to send a zero length buffer when aborting. * ftpcmd.y (PBSZ): Remove restriction on shrinking buffer size. Thu Mar 5 13:59:47 1998 Dan Winship <danw@mit.edu> * ftpcmd.y (getline): Don't syslog passwords! (or newlines) Tue Feb 24 21:34:34 1998 Tom Yu <tlyu@mit.edu> * ftpcmd.y: Add production "nonguest" to catch things that anonymous users aren't supposed to do. Replace "check_login" with "nonguest" in a few places to prevent w4r3z d00dz from being lame with world-writable incoming directories. Sun Feb 22 19:37:07 1998 Tom Yu <tlyu@mit.edu> * ftpd.c: Use krb5_seteuid() and krb5_setegid(). [krb5-libs/505] * Makefile.in (ftpd): Fix up KRB4COMPAT_LIBS (was KRB5_BASE_LIBS), and add UTIL_LIB. Wed Feb 18 15:30:10 1998 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove trailing slash from thisconfigdir. Fix up BUILDTOP for new conventions. Fri Feb 13 22:23:34 1998 Theodore Y. Ts'o <tytso@mit.edu> * ftpd.c: Applied lxs's changes to make ftpd safe for systems where sizeof(off_t) > sizeof(int). Fri Feb 13 15:31:46 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in (thisconfigdir), configure.in: Point the configuration directory at our parent, and remove our local configure.in Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile Fri Feb 6 13:25:28 1998 Theodore Y. Ts'o <tytso@mit.edu> * popen.c (ftpd_popen): Make sure you can't overrun the argv[] and gargv[] arrays. (Patch submitted by dima@best.net). Thu Jan 29 19:51:02 1998 Dan Winship <danw@mit.edu> * ftpd.c (auth_data): Accept forwarded credentials and dispose of them properly. (And fix some indentation bugs.) Sun Dec 21 18:17:53 1997 Tom Yu <tlyu@mit.edu> * logwtmp.c (ftp_logwtmp): Rename logwtmp to ftp_logwtmp to avoid collision with native logwtmp. Also, return void rather than int. * ftpd.c: Rename logwtmp to ftp_logwtmp to avoid collision with native logwtmp. Thu Dec 11 23:28:07 1997 Tom Yu <tlyu@mit.edu> * ftpd.c: Don't include netdb.h or sys/socket.h if krb.h is included; this works around an Ultrix bug where those headers aren't protected against multiple inclusion. Thu Oct 16 01:23:41 1997 Tom Yu <tlyu@mit.edu> * Makefile.in: Change LOCALINCLUDE and the link line to allow for krb4 compatibility. * ftpd.c: Change KERBEROS to KRB5_KRB4_COMPAT where appropriate. (reply): Fix up braces around the check for auth_type == "KERBEROS_V4" so that the nesting of if statements is correct. Various and sundry fixes from danw@mit.edu to make it work. Thu Aug 28 23:48:27 1997 Sam Hartman <hartmans@luminous.mesas.com> * ftpd.c (send_file_list): Flush the data before closing it. Sun Aug 17 14:24:09 1997 Ezra Peisach <epeisach@mit.edu> * Makefile.in (SRCS): Add $(srcdir) where needed. Wed Jul 16 19:03:18 1997 Theodore Y. Ts'o <tytso@mit.edu> * ftpd.M: Fix name of srvtab file to be krb5.keytab. Wed Feb 5 20:34:38 1997 Tom Yu <tlyu@mit.edu> * Makefile.in: * configure.in: Update to new program build procedure. Tue Nov 12 00:04:00 1996 Tom Yu <tlyu@mit.edu> * ftpd.c (ftpd_userok): Don't undconditionally return -1. Thu Nov 7 15:38:51 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * ftpd.c (ftpd_userok): Check return value of krb5_init_context() Thu Oct 17 23:55:32 1996 Mark Eichin <eichin@cygnus.com> * ftpd.c (auth_data): actually exit the for loop if the ftp key was ok. Mon Oct 14 07:54:17 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * ftpd.c (secure_fprintf): Use STDARG routines if present. [krb5-appl/108] Tue Sep 10 14:07:36 1996 Tom Yu <tlyu@mit.edu> * ftpd.M: remove ".so man1/header.doc" Mon Jul 29 22:37:05 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * configure.in: Determine sizeof short, int, long for secure.c Tue Jul 23 23:13:07 1996 Marc Horowitz <marc@mit.edu> * ftpd.c (auth_data): the logic which dealt with multiple acceptor names and fallback was just broken. Wed Jul 10 16:38:01 1996 Marc Horowitz <marc@mit.edu> * ftpd.c (store), ftpcmd.y (STOR, APPE, STOU): rename store() to store_file() to avoid conflict with dbm store() function * ftpd.c (delete), ftpcmd.y (DELE): rename delete() to delete_file() to avoid conflict with the dbm delete() function Thu Jun 13 18:35:19 1996 Kevin L Mitchell <klmitch@mit.edu> * ftpd.c (authdata): misplaced braces caused server to not be able to use ftp principle if it was present. Client looks for ftp first, then tries host; ftpd was looking only for host. Mon Jun 3 16:12:59 1996 Tom Yu <tlyu@mit.edu> * Makefile.in, configure.in: back out previous changes and use Ezra's patches instead. Sun Jun 2 22:08:17 1996 Tom Yu <tlyu@mit.edu> * configure.in, Makefile.in: only link getdtablesize.o if needed Thu Mar 28 21:07:20 1996 Ken Raeburn <raeburn@cygnus.com> * ftpcmd.y: Define unix for HP-UX. Mon Mar 18 12:12:20 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * configure.in: Add AC_HEADER_STDARG * ftpcmd.y, ftpd.c: Declard STDARG if HAVE_STDARG_H is declared. Fri Mar 15 14:16:41 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * ftpd.c (auth_data): Do not fail if last gss_service is not present in keytab. If no services present, return a useful minor error status. Fri Mar 15 01:24:39 1996 Richard Basch <basch@lehman.com> * configure.in, ftpd.c: Added shadow password support. Wed Mar 13 20:05:52 1996 Mark Eichin <eichin@cygnus.com> * ftpd.c (auth_data): use gethostbyname to canonicalize local host name, just like krb5_sname_to_principal does. Fri Feb 16 15:51:59 1996 Mark Eichin <eichin@cygnus.com> * ftpcmd.y (yylex): error handling changes from kbalk@hp.com. Tue Jan 16 18:44:42 1996 Mark Eichin <eichin@cygnus.com> * ftpd.c (user): 331 is more appropriate for kuserok failure. Wed Feb 7 13:33:41 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * Makefile.in (clean): Remove ftpd Thu Jan 18 18:39:06 1996 Sam Hartman <hartmans@zygorthian-space-raiders.MIT.EDU> * configure.in: Check for crypt in -lcrypt * ftpd.c: Conditionalize sys_errlist * configure.in: Check to declare sys_errlist. Thu Jan 18 14:55:42 1996 Sam Hartman <hartmans@tertius.mit.edu> * ftpd.c : Only return an unable to acquire credentials error if all possible services fail. Sun Jan 14 02:58:42 1996 Mark Eichin <eichin@cygnus.com> * ftpd.c (auth_data): call gss_release_cred on the server_creds we acquired, before they leave scope. Sun Jan 14 02:47:19 1996 Karri Balk - Contractor <kbalk@cup.hp.com> * ftpd.c (gss_services): list of gssapi service names to try. (auth_data): loop over gss_services. Sun Jan 14 01:54:35 1996 Bill Schoofs <wjs@cray.com> * Makefile.in (DEFINES): define NOCONFIDENTIAL for future use. * ftpcmd.y (CCC): ditch broken CCC code, return proper 534 code. (PBSZ): return proper code 501 for bad PBSZ argument (PROT): recognize PROT E. (cmdtab): add CCC so as to cleanly reject it. (getline): reject CONF as unsupported (but put in code to potentially recognize it in the future.) Reject protected commands of auth_type isn't yet set. * ftpd.c (setlevel): use 536, not 504, for invalid level, and use levelnames to find the proper name. (user): if kuserok succeeds, respond 232, not 231; if it fails, respond 336 (though 331 might be more appropriate.) (auth): fix spelling error. Tue Jan 2 19:19:16 1996 Mark Eichin <eichin@cygnus.com> * ftpd.c: use HAVE_SETEUID and HAVE_SETRESUID to figure out how to emulate seteuid instead of assuming hpux. * configure.in: test for seteuid, setreuid and setresuid. Fri Oct 20 17:17:19 1995 Mark Eichin <eichin@cygnus.com> * ftpd.c (auth_data): supply correct channel bindings to accept, matching the client changes. Thu Oct 19 12:22:28 1995 Mark W. Eichin <eichin@cygnus.com> * configure.in: check WITH_DBM_LNAME since we use an_to_ln. Wed Oct 4 19:26:50 1995 Mark Eichin <eichin@cygnus.com> * ftpd.c (user): use HAVE_GETUSERSHELL. * configure.in: check for getusershell. Mon Oct 2 16:43:54 1995 Mark Eichin <eichin@cygnus.com> * popen.c (ftpd_popen): malloc all strings, not just globbed ones. Sun Oct 1 03:31:24 1995 Mark Eichin <eichin@cygnus.com> * ftpd.c (auth_data): acquire credentials (currently fixed for service "host".) Fix loop reply logic. Add debugging syslogs. Set auth_type *after* 235 success reply, so it doesn't get encrypted. Sun Oct 1 00:58:39 1995 Mark Eichin <eichin@cygnus.com> * Makefile.in: use FTP_BUFSIZ everywhere and make it large for now. * configure.in: check for headers need to build getdtablesize. * ftpd.c (secure_reply): add GSSAPI hooks. (reply_gss_error): better gssapi error reporting. Sat Sep 30 22:26:25 1995 Mark Eichin <eichin@cygnus.com> * ftpd.c: correct gssapi includes. Fix type of client_name. Use gss_ok instead of kerb_ok for GSSAPI case (to simplify future combined code.) Fix some declarations. Fix arguments to gss_accept_sec_context for type. * ftpcmd.y: correct gssapi includes. Sat Sep 30 21:40:30 1995 Mark Eichin <eichin@cygnus.com> * Makefile.in: hook setenv.c and getdtablesize.c from appl/bsd. Use double-colon rules for clean, depend, install. configure.in: check for yacc, SIGTYPE, UTMP, SIGPROCMASK, WAIT_TYPE, getdtablesize, getcwd, setenv (using the test from appl/bsd.) * ftpcmd.y: no conf.h. declare level. Use krb5_sigtype directly. * ftpd.c: use getcwd directly, make -s srvtab KERBEROS specific. (user): return 331 as per draft-8, but suggest 53z. (auth_data): return 535 and 335 and quote draft-8 as to why. (secure_gss_error): generic interface for secure.c functions to call reply_gss_error instead. * logwtmp.c: no conf.h, check NO_UT_HOST. * popen.c: no conf.h, no getdtablesize. (ftpd_pclose): Obey USE_SIGPROCMASK. Sat Sep 30 16:43:28 1995 Mark Eichin <eichin@cygnus.com> * configure.in, Makefile.in: new files for port to GSSAPI and build within the Kerberos V5 build tree. * ftpcmd.y, ftpd.c, secure.c: GSSAPI authentication changes based on the IETF CAT working group ***DRAFT*** FTP Security specification, draft number 8, appendix I. **** previous change logs from CNS V4 modifications of Steve Lunt's draft-3 ftp daemon, which this is based on. **** Wed Jul 26 21:03:13 1995 Ken Raeburn <raeburn@cygnus.com> * secure.c: Include string.h. * ftpd.c (main): Cast signal() return value to long instead of int; it's more likely to fit. Thu Feb 2 13:41:24 1995 Ian Lance Taylor <ian@cygnus.com> * ftpcmd.y (NBBY): Explicitly define if __pyrsoft and MIPSEB. (cmd_list): In handling of SYST, undefine BSD if __svr4__ is defined. * ftpd.c: Don't try to use IP_TOS if the IP_TOS argument (IPTOS_LOWDELAY, etc.) is not defined. Wed Jan 18 17:12:22 1995 Ian Lance Taylor <ian@sanguine.cygnus.com> * ftpd.8: Include man1/tmac.doc. Wed Jan 11 15:29:10 1995 Ian Lance Taylor <ian@sanguine.cygnus.com> * ftpd.c (authenticate): New variable. (main): Handle -a (require authentication) option. (user): If authenticate is set, reply with an error if kuserok fails or if no Kerberos authentication was used. * ftpcmd.y: Use check_login when parsing the PASV command. * ftpd.8: Document new -a option. Tue Jan 3 01:25:57 1995 Mark Eichin <eichin@cygnus.com> * Makefile.in (clean): explicitly delete ftpcmd.c on clean. Thu Dec 29 15:17:12 1994 Mark Eichin <eichin@cygnus.com> * ftpcmd.y (rcmd): don't declare atol, since it isn't used here anyhow, and it's a macro under linux. (top level): #define NBBY 8 for linux. Thu Dec 29 14:51:41 1994 Mark Eichin <eichin@cygnus.com> * ftpd.c (statcmd): don't use NBBY check -- linux doesn't have it, it is in no spec, and if it isn't 8, it won't work anyway. (Use strcat instead of sprintf, while we're at it...) Tue Dec 27 16:29:24 1994 Ian Lance Taylor <ian@sanguine.cygnus.com> * ftpcmd.y (reply, lreply): Declare if STDARG || (__STDC__ && ! VARARGS). * ftpd.c: If STDARG is defined, or if __STDC__ is defined and VARARGS is not defined, include <stdarg.h>. (secure_error): Use <stdarg.h> routines if STDARG || (__STDC__ && ! VARARGS). (reply, lreply): Likewise. (setproctitle): Just use one argument. * secure.c (secure_error): Declare if STDARG || (__STDC__ && ! VARARGS). Fri Dec 23 16:25:44 1994 Ian Lance Taylor <ian@sanguine.cygnus.com> * ftpcmd.y (unix): Define if _AIX is defined (AIX compiler does not predefine unix). Thu Dec 22 15:05:14 1994 Ian Lance Taylor <ian@sanguine.cygnus.com> * ftpd.c (keyfile): New global variable. (main): Move option processing before check of remote socket. Add new options -p, -r, and -s. Handle -p by accepting a remote connection. (kpass): Use keyfile variable rather than KEYFILE. Pass keyfile explicitly to krb_rd_req. (auth_data): Likewise. * ftpd.8: Document new -p, -r, and -s options. Fri Dec 16 11:06:16 1994 Ian Lance Taylor <ian@cygnus.com> Fixes for HP/UX: * ftpd.c: On HP/UX, define seteuid and setegid as macros which call setresuid and setresgid. Fixes for UnixWare: * ftpd.c (main): Use a temporary variable rather than calling htons(ntohs(X)). * ftpcmd.y: Include conf.h. (getline): Cast arguments to Kerberos routines to avoid warnings. (toolong): Declare as type sigtype, and add dummy argument. Fixes for SCO: * cmdtab.y: Include <sys/types.h>. * ftpd.c (initgroups): Define on SCO. (main): Don't handle SIGURG if it is not defined. (pass): Don't try to use crypt on SCO; instead, require Kerberos password or anonymous login. Fixes for AIX: * ftpcmd.y (index): Don't define. (strpbrk, strcpy): Don't declare. * ftpd.c (index, rindex): Don't define. * logwtmp.c (strncpy): Don't declare. * secure.c: Include <netinet/in.h>. Fixes for Ultrix: * ftpd.c (main): Define LOG_NDELAY and LOG_DAEMON as zero if they are not already defined by <syslog.h>. Fixes for Irix 4: * ftpd.c (retrieve): Don't refer to st_blksize if NOSTBLKSIZE is defined. * ftpcmd.y: Fix yacc code to use %union and %type. (yylex): Assign to fields of yylval, rather than to yylval directly. General fixes to make it compile on Solaris: Use sigtype for signal handler return values, including conf.h where needed. Add a dummy argument to signal handler functions. Replace index, rindex, bzero and bcopy with ANSI C functions. Cast Kerberos routine arguments to avoid warnings. Also: * ftpd.c: Don't include <varargs.h>. If POSIX is defined, include unistd.h, otherwise define getcwd to call getwd. (L_SET, L_INCR): Define if not defined. (pwd): Use getcwd instead of getwd. If POSIX, change the error handling accordingly. * popen.c (getdtablesize): New function on hpux or __svr4__. (ftpd_pclose): If WAIT_USES_INT, use int instead of union wait. Thu Dec 15 16:13:44 1994 Ian Lance Taylor <ian@sanguine.cygnus.com> * Initial checkin. Based on Steve Lunt's ftp program, which was based on BSD code.