Date: Wed, 29 Aug 2001 13:44:52 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: Nik Clayton <nik@freebsd.org> Cc: audit@FreeBSD.org Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c Message-ID: <75288.999085492@axl.seasidesoftware.co.za> In-Reply-To: Your message of "Tue, 28 Aug 2001 15:00:24 %2B0200." <51079.999003624@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Aug 2001 15:00:24 +0200, Sheldon Hearn wrote:
> Operating on that assumption, I propose -o for "write-only mode for all
> users" and -O for "write-only mode for guest (anonymouse & ftp) users".
Here is the patch I propose. Note:
1) Andrey Chernov has made the worthwhile observation that command-line
options for this behaviour are not ideal. Really, ftpd should allow
more flexible configuration through a configuration file.
That said, the functionality added by Nik serves a definite purpose
even without the additional flexibility Andrey speaks of. My patch
only serves to make Nik's new feature useful in what I consider the
more likely scenario.
This is feature creep. My feeling, though, is that Nik's new feature
doesn't make much sense without this "companion" option. Either both
should be present or the first (-o) should be backed out.
2) The existing manual page's SYNOPSIS and option listing in the
DESCRIPTION are already horribly disordered. No attempt has been
made to fix this.
3) The existing source's getopt() optstring and option handling switch
are already horribly disordered. No attempt has been made to fix
this.
Ciao,
Sheldon.
Index: ftpcmd.y
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/ftpcmd.y,v
retrieving revision 1.27
diff -u -d -r1.27 ftpcmd.y
--- ftpcmd.y 28 Aug 2001 11:59:20 -0000 1.27
+++ ftpcmd.y 29 Aug 2001 11:38:18 -0000
@@ -94,6 +94,7 @@
extern int readonly;
extern int noepsv;
extern int noretr;
+extern int noguestretr;
off_t restart_point;
@@ -440,7 +441,7 @@
}
| RETR check_login SP pathname CRLF
{
- if (noretr)
+ if (noretr || (guest && noguestretr))
reply(500, "RETR command is disabled");
else if ($2 && $4 != NULL)
retrieve((char *) 0, $4);
Index: ftpd.8
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/ftpd.8,v
retrieving revision 1.42
diff -u -d -r1.42 ftpd.8
--- ftpd.8 28 Aug 2001 11:59:21 -0000 1.42
+++ ftpd.8 29 Aug 2001 11:31:21 -0000
@@ -51,6 +51,7 @@
.Op Fl U
.Op Fl r
.Op Fl o
+.Op Fl O
.Op Fl E
.Op Fl T Ar maxtimeout
.Op Fl t Ar timeout
@@ -161,6 +162,12 @@
.It Fl o
Put server in write-only mode.
RETR is disabled, preventing downloads.
+.It Fl O
+Put server in write-only mode for anonymous users only.
+RETR is disabled for anonymous users, preventing anonymous downloads.
+This has no effect if
+.Fl o
+is also specified.
.It Fl E
Disable the EPSV command.
This is useful for servers behind older firewalls.
Index: ftpd.c
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.80
diff -u -d -r1.80 ftpd.c
--- ftpd.c 28 Aug 2001 11:59:21 -0000 1.80
+++ ftpd.c 29 Aug 2001 11:36:52 -0000
@@ -150,6 +150,7 @@
int readonly=0; /* Server is in readonly mode. */
int noepsv=0; /* EPSV command is disabled. */
int noretr=0; /* RETR command is disabled. */
+int noguestretr=0; /* RETR command is disabled for anon users. */
sig_atomic_t transflag;
off_t file_size;
@@ -301,7 +302,7 @@
#endif /* OLD_SETPROCTITLE */
- while ((ch = getopt(argc, argv, "AdlDESURrt:T:u:voa:p:46")) != -1) {
+ while ((ch = getopt(argc, argv, "AdlDESURrt:T:u:vOoa:p:46")) != -1) {
switch (ch) {
case 'D':
daemon_mode++;
@@ -382,6 +383,10 @@
case '6':
family = AF_INET6;
+ break;
+
+ case 'O':
+ noguestretr = 1;
break;
case 'o':
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?75288.999085492>