From: Tom Yu Date: Tue, 9 Mar 1999 05:11:18 +0000 (+0000) Subject: * ftpd.M: Resync with reality X-Git-Tag: krb5-1.1-beta1~306 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a4f3198c633da8a1975de3c77d0209d377c27ce6;p=krb5.git * ftpd.M: Resync with reality * Makefile.in (ftpd): Add libpty to link line. Remove mention of logwtmp files. * ftpd.c: Fix up hostname logging to use pty_make_sane_hostname(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11253 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index d0bc86428..fd44a6077 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,13 @@ +Mon Mar 8 23:47:51 1999 Tom Yu + + * ftpd.M: Resync with reality. + + * Makefile.in (ftpd): Add libpty to link line. Remove mention of + logwtmp files. + + * ftpd.c: Fix up hostname logging to use + pty_make_sane_hostname(). + Thu Feb 25 23:31:37 1999 Tom Yu * ftpd.c (reply): Don't call secure_gss_error() or secure_error() diff --git a/src/appl/gssftp/ftpd/Makefile.in b/src/appl/gssftp/ftpd/Makefile.in index f232ad322..98d11ec96 100644 --- a/src/appl/gssftp/ftpd/Makefile.in +++ b/src/appl/gssftp/ftpd/Makefile.in @@ -15,14 +15,14 @@ LIBOBJS=@LIBOBJS@ COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a FTPD_LIBS=@FTPD_LIBS@ -SRCS = $(srcdir)/ftpd.c ftpcmd.c $(srcdir)/logwtmp.c $(srcdir)/popen.c \ +SRCS = $(srcdir)/ftpd.c ftpcmd.c $(srcdir)/popen.c \ $(srcdir)/vers.c \ $(srcdir)/../ftp/glob.c \ $(srcdir)/../ftp/radix.c \ $(srcdir)/../ftp/secure.c \ $(srcdir)/../../bsd/getdtablesize.c $(SETENVSRC) -OBJS = ftpd.o ftpcmd.o glob.o popen.o logwtmp.o vers.o radix.o \ +OBJS = ftpd.o ftpcmd.o glob.o popen.o vers.o radix.o \ secure.o $(LIBOBJS) $(SETENVOBJ) LOCALINCLUDE = -I$(srcdir)/.. -I$(srcdir) @KRB4_INCLUDES@ @@ -30,8 +30,8 @@ DEFINES = -DGSSAPI -DNOCONFIDENTIAL all:: ftpd -ftpd: $(OBJS) $(GSS_DEPLIBS) $(UTIL_DEPLIB) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $@ $(OBJS) $(FTPD_LIBS) $(GSS_LIBS) $(UTIL_LIB) $(KRB4COMPAT_LIBS) +ftpd: $(OBJS) $(PTY_DEPLIB) $(GSS_DEPLIBS) $(UTIL_DEPLIB) $(KRB4COMPAT_DEPLIBS) + $(CC_LINK) -o $@ $(OBJS) $(FTPD_LIBS) $(PTY_LIB) $(GSS_LIBS) $(UTIL_LIB) $(KRB4COMPAT_LIBS) clean:: $(RM) ftpd ftpcmd.c @@ -72,7 +72,6 @@ secure.o: $(srcdir)/secure.h ftpd.o: $(srcdir)/ftpd.c ftpcmd.o: ftpcmd.c popen.o: $(srcdir)/popen.c -logwtmp.o: $(srcdir)/logwtmp.c vers.o: $(srcdir)/vers.c # NOPOSTFIX diff --git a/src/appl/gssftp/ftpd/ftpd.M b/src/appl/gssftp/ftpd/ftpd.M index 30d8c18b1..725eeee1d 100644 --- a/src/appl/gssftp/ftpd/ftpd.M +++ b/src/appl/gssftp/ftpd/ftpd.M @@ -43,6 +43,7 @@ Internet File Transfer Protocol server [\fB\-t\fP \fItimeout\fP] [\fB\-T\fP \fImaxtimeout\fP] [\fB\-p\fP \fIport\fP] [\fB\-u\fP \fIumask\fP] [\fB\-r\fP \fIrealm-file\fP] [\fB\-s\fP \fIsrvtab\fP] +[\fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] .SH DESCRIPTION .B Ftpd is the @@ -117,6 +118,18 @@ Sets the name of the .I srvtab file to use for Kerberos V4 authentication. The default value is normally .IR /etc/srvtab . +.TP +\fB\-w \fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]] +Controls the form of the remote hostname passed to login(1). +Specifying \fBip\fP results in the numeric IP address always being +passed to login(1). Specifying a number, \fImaxhostlen\fP, sets the +maximum length of the hostname passed to login(1) before it will be +passed as a numeric IP address. If \fImaxhostlen\fP is 0, then the +system default, as determined by the utmp or utmpx structures, is +used. The \fBnostriplocal\fP and \fBstriplocal\fP options, which must +be preceded by a comma, control whether or not the local host domain +is stripped from the remote hostname. By default, the equivalent of +\fBstriplocal\fP is in effect. .PP The ftp server currently supports the following ftp requests; case is not distinguished. diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 5ca60871d..71709dcea 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -100,6 +100,7 @@ static char sccsid[] = "@(#)ftpd.c 5.40 (Berkeley) 7/2/91"; #include #endif #include "pathnames.h" +#include #ifndef L_SET #define L_SET 0 @@ -206,6 +207,8 @@ char tmpline[FTP_BUFSIZ]; char pathbuf[MAXPATHLEN + 1]; char hostname[MAXHOSTNAMELEN]; char remotehost[MAXHOSTNAMELEN]; +char rhost_addra[16]; +char *rhost_sane; /* Defines for authlevel */ #define AUTHLEVEL_NONE 0 @@ -255,6 +258,10 @@ int initgroups(char* name, gid_t basegid) { } #endif +int stripdomain = 1; +int maxhostlen = 0; +int always_ip = 0; + main(argc, argv, envp) int argc; char *argv[]; @@ -376,6 +383,43 @@ main(argc, argv, envp) goto nextopt; } + case 'w': + { + char *optarg; + if (*++cp != '\0') + optarg = cp; + else if (argc > 1) { + argc--; + argv++; + optarg = *argv; + } else { + fprintf(stderr, "ftpd: -w expects arg\n"); + exit(1); + } + + if (!strcmp(optarg, "ip")) + always_ip = 1; + else { + char *cp; + cp = strchr(optarg, ','); + if (cp == NULL) + maxhostlen = atoi(optarg); + else if (*(++cp)) { + if (!strcmp(cp, "striplocal")) + stripdomain = 1; + else if (!strcmp(cp, "nostriplocal")) + stripdomain = 0; + else { + fprintf(stderr, + "ftpd: bad arg to -w\n"); + exit(1); + } + *(--cp) = '\0'; + maxhostlen = atoi(optarg); + } + } + goto nextopt; + } default: fprintf(stderr, "ftpd: Unknown flag -%c ignored.\n", *cp); @@ -697,8 +741,8 @@ user(name) reply(530, "User %s access denied.", name); if (logging) syslog(LOG_NOTICE, - "FTP LOGIN REFUSED FROM %s, %s", - remotehost, name); + "FTP LOGIN REFUSED FROM %s, %s (%s)", + rhost_addra, remotehost, name); pw = (struct passwd *) NULL; return; } @@ -823,7 +867,7 @@ end_login() (void) krb5_seteuid((uid_t)0); if (logged_in) - ftp_logwtmp(ttyline, "", ""); + pty_logwtmp(ttyline, "", ""); if (have_creds) { #ifdef GSSAPI krb5_cc_destroy(kcontext, ccache); @@ -1002,8 +1046,8 @@ pass(passwd) reply(421, "Login incorrect, closing connection."); syslog(LOG_NOTICE, - "repeated login failures from %s", - remotehost); + "repeated login failures from %s (%s)", + rhost_addra, remotehost); dologout(0); } reply(530, "Login incorrect."); @@ -1034,7 +1078,7 @@ login(passwd) /* open wtmp before chroot */ (void) sprintf(ttyline, "ftp%d", getpid()); - ftp_logwtmp(ttyline, pw->pw_name, remotehost); + pty_logwtmp(ttyline, pw->pw_name, rhost_sane); logged_in = 1; if (guest || restricted) { @@ -1081,26 +1125,27 @@ login(passwd) if (guest) { reply(230, "Guest login ok, access restrictions apply."); #ifdef SETPROCTITLE - sprintf(proctitle, "%s: anonymous/%.*s", remotehost, - sizeof(proctitle) - sizeof(remotehost) - + sprintf(proctitle, "%s: anonymous/%.*s", rhost_sane, + sizeof(proctitle) - strlen(rhost_sane) - sizeof(": anonymous/"), passwd); setproctitle(proctitle); #endif /* SETPROCTITLE */ if (logging) - syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s, %s", - remotehost, passwd); + syslog(LOG_INFO, + "ANONYMOUS FTP LOGIN FROM %s, %s (%s)", + rhost_addra, remotehost, passwd); } else { if (askpasswd) { askpasswd = 0; reply(230, "User %s logged in.", pw->pw_name); } #ifdef SETPROCTITLE - sprintf(proctitle, "%s: %s", remotehost, pw->pw_name); + sprintf(proctitle, "%s: %s", rhost_sane, pw->pw_name); setproctitle(proctitle); #endif /* SETPROCTITLE */ if (logging) - syslog(LOG_INFO, "FTP LOGIN FROM %s, %s", - remotehost, pw->pw_name); + syslog(LOG_INFO, "FTP LOGIN FROM %s, %s (%s)", + rhost_addra, remotehost, pw->pw_name); } home = pw->pw_dir; /* home dir for globbing */ (void) umask(defumask); @@ -1603,9 +1648,8 @@ statcmd() lreply(211, "%s FTP server status:", hostname, version); reply(0, " %s", version); - sprintf(str, " Connected to %s", remotehost); - if (!isdigit(remotehost[0])) - sprintf(&str[strlen(str)], " (%s)", inet_ntoa(his_addr.sin_addr)); + sprintf(str, " Connected to %s", remotehost[0] ? remotehost : ""); + sprintf(&str[strlen(str)], " (%s)", rhost_addra); reply(0, "%s", str); if (auth_type) reply(0, " Authentication type: %s", auth_type); if (logged_in) { @@ -1918,21 +1962,31 @@ dolog(sin) sizeof (struct in_addr), AF_INET); time_t t, time(); extern char *ctime(); + krb5_error_code retval; - if (hp) + if (hp != NULL) { (void) strncpy(remotehost, hp->h_name, sizeof (remotehost)); - else - (void) strncpy(remotehost, inet_ntoa(sin->sin_addr), - sizeof (remotehost)); + remotehost[sizeof (remotehost) - 1] = '\0'; + } else + remotehost[0] = '\0'; + strncpy(rhost_addra, inet_ntoa(sin->sin_addr), sizeof (rhost_addra)); + rhost_addra[sizeof (rhost_addra) - 1] = '\0'; + retval = pty_make_sane_hostname(sin, maxhostlen, + stripdomain, always_ip, &rhost_sane); + if (retval) { + fprintf(stderr, "make_sane_hostname: %s\n", + error_message(retval)); + exit(1); + } #ifdef SETPROCTITLE - sprintf(proctitle, "%s: connected", remotehost); + sprintf(proctitle, "%s: connected", rhost_sane); setproctitle(proctitle); #endif /* SETPROCTITLE */ if (logging) { t = time((time_t *) 0); - syslog(LOG_INFO, "connection from %s at %s", - remotehost, ctime(&t)); + syslog(LOG_INFO, "connection from %s (%s) at %s", + rhost_addra, remotehost, ctime(&t)); } } @@ -1945,7 +1999,7 @@ dologout(status) { if (logged_in) { (void) krb5_seteuid((uid_t)0); - ftp_logwtmp(ttyline, "", ""); + pty_logwtmp(ttyline, "", ""); } if (have_creds) { #ifdef GSSAPI