Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Aug 2001 13:44:52 +0200
From:      Sheldon Hearn <sheldonh@starjuice.net>
To:        Nik Clayton <nik@freebsd.org>
Cc:        audit@FreeBSD.org
Subject:   Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c 
Message-ID:  <75288.999085492@axl.seasidesoftware.co.za>
In-Reply-To: Your message of "Tue, 28 Aug 2001 15:00:24 %2B0200." <51079.999003624@axl.seasidesoftware.co.za> 

next in thread | previous in thread | raw e-mail | index | archive | help


On Tue, 28 Aug 2001 15:00:24 +0200, Sheldon Hearn wrote:

> Operating on that assumption, I propose -o for "write-only mode for all
> users" and -O for "write-only mode for guest (anonymouse & ftp) users".

Here is the patch I propose.  Note:

1) Andrey Chernov has made the worthwhile observation that command-line
   options for this behaviour are not ideal.  Really, ftpd should allow
   more flexible configuration through a configuration file.

   That said, the functionality added by Nik serves a definite purpose
   even without the additional flexibility Andrey speaks of.  My patch
   only serves to make Nik's new feature useful in what I consider the
   more likely scenario.

   This is feature creep.  My feeling, though, is that Nik's new feature
   doesn't make much sense without this "companion" option.  Either both
   should be present or the first (-o) should be backed out.

2) The existing manual page's SYNOPSIS and option listing in the
   DESCRIPTION are already horribly disordered.  No attempt has been
   made to fix this.

3) The existing source's getopt() optstring and option handling switch
   are already horribly disordered.  No attempt has been made to fix
   this.

Ciao,
Sheldon.

Index: ftpcmd.y
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/ftpcmd.y,v
retrieving revision 1.27
diff -u -d -r1.27 ftpcmd.y
--- ftpcmd.y	28 Aug 2001 11:59:20 -0000	1.27
+++ ftpcmd.y	29 Aug 2001 11:38:18 -0000
@@ -94,6 +94,7 @@
 extern	int readonly;
 extern	int noepsv;
 extern	int noretr;
+extern	int noguestretr;
 
 off_t	restart_point;
 
@@ -440,7 +441,7 @@
 		}
 	| RETR check_login SP pathname CRLF
 		{
-			if (noretr)
+			if (noretr || (guest && noguestretr))
 				reply(500, "RETR command is disabled");
 			else if ($2 && $4 != NULL)
 				retrieve((char *) 0, $4);
Index: ftpd.8
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/ftpd.8,v
retrieving revision 1.42
diff -u -d -r1.42 ftpd.8
--- ftpd.8	28 Aug 2001 11:59:21 -0000	1.42
+++ ftpd.8	29 Aug 2001 11:31:21 -0000
@@ -51,6 +51,7 @@
 .Op Fl U
 .Op Fl r
 .Op Fl o
+.Op Fl O
 .Op Fl E
 .Op Fl T Ar maxtimeout
 .Op Fl t Ar timeout
@@ -161,6 +162,12 @@
 .It Fl o
 Put server in write-only mode.
 RETR is disabled, preventing downloads.
+.It Fl O
+Put server in write-only mode for anonymous users only.
+RETR is disabled for anonymous users, preventing anonymous downloads.
+This has no effect if
+.Fl o
+is also specified.
 .It Fl E
 Disable the EPSV command.
 This is useful for servers behind older firewalls.
Index: ftpd.c
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.80
diff -u -d -r1.80 ftpd.c
--- ftpd.c	28 Aug 2001 11:59:21 -0000	1.80
+++ ftpd.c	29 Aug 2001 11:36:52 -0000
@@ -150,6 +150,7 @@
 int	readonly=0;		/* Server is in readonly mode.	*/
 int	noepsv=0;		/* EPSV command is disabled.	*/
 int	noretr=0;		/* RETR command is disabled.	*/
+int	noguestretr=0;		/* RETR command is disabled for anon users. */
 
 sig_atomic_t transflag;
 off_t	file_size;
@@ -301,7 +302,7 @@
 #endif /* OLD_SETPROCTITLE */
 
 
-	while ((ch = getopt(argc, argv, "AdlDESURrt:T:u:voa:p:46")) != -1) {
+	while ((ch = getopt(argc, argv, "AdlDESURrt:T:u:vOoa:p:46")) != -1) {
 		switch (ch) {
 		case 'D':
 			daemon_mode++;
@@ -382,6 +383,10 @@
 
 		case '6':
 			family = AF_INET6;
+			break;
+
+		case 'O':
+			noguestretr = 1;
 			break;
 
 		case 'o':

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?75288.999085492>