From owner-freebsd-audit Wed Aug 29 4:43:20 2001 Delivered-To: freebsd-audit@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 87CF337B403; Wed, 29 Aug 2001 04:43:11 -0700 (PDT) (envelope-from sheldonh@starjuice.net) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 15c3m8-000JaL-00; Wed, 29 Aug 2001 13:44:52 +0200 From: Sheldon Hearn To: Nik Clayton Cc: audit@FreeBSD.org Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c In-reply-to: Your message of "Tue, 28 Aug 2001 15:00:24 +0200." <51079.999003624@axl.seasidesoftware.co.za> Date: Wed, 29 Aug 2001 13:44:52 +0200 Message-ID: <75288.999085492@axl.seasidesoftware.co.za> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 28 Aug 2001 15:00:24 +0200, Sheldon Hearn wrote: > Operating on that assumption, I propose -o for "write-only mode for all > users" and -O for "write-only mode for guest (anonymouse & ftp) users". Here is the patch I propose. Note: 1) Andrey Chernov has made the worthwhile observation that command-line options for this behaviour are not ideal. Really, ftpd should allow more flexible configuration through a configuration file. That said, the functionality added by Nik serves a definite purpose even without the additional flexibility Andrey speaks of. My patch only serves to make Nik's new feature useful in what I consider the more likely scenario. This is feature creep. My feeling, though, is that Nik's new feature doesn't make much sense without this "companion" option. Either both should be present or the first (-o) should be backed out. 2) The existing manual page's SYNOPSIS and option listing in the DESCRIPTION are already horribly disordered. No attempt has been made to fix this. 3) The existing source's getopt() optstring and option handling switch are already horribly disordered. No attempt has been made to fix this. Ciao, Sheldon. Index: ftpcmd.y =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpcmd.y,v retrieving revision 1.27 diff -u -d -r1.27 ftpcmd.y --- ftpcmd.y 28 Aug 2001 11:59:20 -0000 1.27 +++ ftpcmd.y 29 Aug 2001 11:38:18 -0000 @@ -94,6 +94,7 @@ extern int readonly; extern int noepsv; extern int noretr; +extern int noguestretr; off_t restart_point; @@ -440,7 +441,7 @@ } | RETR check_login SP pathname CRLF { - if (noretr) + if (noretr || (guest && noguestretr)) reply(500, "RETR command is disabled"); else if ($2 && $4 != NULL) retrieve((char *) 0, $4); Index: ftpd.8 =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpd.8,v retrieving revision 1.42 diff -u -d -r1.42 ftpd.8 --- ftpd.8 28 Aug 2001 11:59:21 -0000 1.42 +++ ftpd.8 29 Aug 2001 11:31:21 -0000 @@ -51,6 +51,7 @@ .Op Fl U .Op Fl r .Op Fl o +.Op Fl O .Op Fl E .Op Fl T Ar maxtimeout .Op Fl t Ar timeout @@ -161,6 +162,12 @@ .It Fl o Put server in write-only mode. RETR is disabled, preventing downloads. +.It Fl O +Put server in write-only mode for anonymous users only. +RETR is disabled for anonymous users, preventing anonymous downloads. +This has no effect if +.Fl o +is also specified. .It Fl E Disable the EPSV command. This is useful for servers behind older firewalls. Index: ftpd.c =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.80 diff -u -d -r1.80 ftpd.c --- ftpd.c 28 Aug 2001 11:59:21 -0000 1.80 +++ ftpd.c 29 Aug 2001 11:36:52 -0000 @@ -150,6 +150,7 @@ int readonly=0; /* Server is in readonly mode. */ int noepsv=0; /* EPSV command is disabled. */ int noretr=0; /* RETR command is disabled. */ +int noguestretr=0; /* RETR command is disabled for anon users. */ sig_atomic_t transflag; off_t file_size; @@ -301,7 +302,7 @@ #endif /* OLD_SETPROCTITLE */ - while ((ch = getopt(argc, argv, "AdlDESURrt:T:u:voa:p:46")) != -1) { + while ((ch = getopt(argc, argv, "AdlDESURrt:T:u:vOoa:p:46")) != -1) { switch (ch) { case 'D': daemon_mode++; @@ -382,6 +383,10 @@ case '6': family = AF_INET6; + break; + + case 'O': + noguestretr = 1; break; case 'o': To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message