[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-112-ge3c1d
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-112-ge3c1d1e |
|
Date: |
Mon, 11 Jun 2012 18:41:59 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via e3c1d1eafcf5483ddedb94daad4aa5eb748df8a0 (commit)
via cfc0538ce07973f543ed868a350506bb50893fef (commit)
from b65e343173354b58ae3f21bdf6d745c7be260bc4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e3c1d1eafcf5483ddedb94daad4aa5eb748df8a0
commit e3c1d1eafcf5483ddedb94daad4aa5eb748df8a0
Author: Mats Erik Andersson <address@hidden>
Date: Mon Jun 11 12:26:56 2012 +0200
rexecd, rlogind: Review use of LOG_AUTH.
diff --git a/ChangeLog b/ChangeLog
index 4611d31..123b69a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2012-06-11 Mats Erik Andersson <address@hidden>
+
+ rexecd, rlogind: Distinguish logging facility.
+ Use LOG_AUTH only for authentication messages.
+
+ * src/rexecd.c (doit): Add LOG_AUTH to syslog() in user
+ contexts. Otherwise use default LOG_DAEMON in openlog().
+ * src/rlogind.c (main, do_rlogin, do_krb4_login)
+ (do_krb5_login, do_shishi_login): Likewise.
+
2012-06-09 Mats Erik Andersson <address@hidden>
ftpd: Long address transfer request.
diff --git a/src/rexecd.c b/src/rexecd.c
index 0b39524..f8b1c55 100644
--- a/src/rexecd.c
+++ b/src/rexecd.c
@@ -357,7 +357,7 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
#endif /* HAVE_GETPWNAM_R */
{
if (logging)
- syslog (LOG_WARNING, "no user named \"%s\"", user);
+ syslog (LOG_WARNING | LOG_AUTH, "no user named \"%s\"", user);
die (EXIT_FAILURE, "Login incorrect.");
}
@@ -372,7 +372,7 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
if (strcmp (namep, pw_password))
{
if (logging)
- syslog (LOG_WARNING, "password failure for \"%s\"", user);
+ syslog (LOG_WARNING | LOG_AUTH, "password failure for \"%s\"",
user);
die (EXIT_FAILURE, "Password incorrect.");
}
}
@@ -443,7 +443,7 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
#ifdef WITH_PAM
pam_rc = PAM_ABORT;
#endif
- syslog (LOG_DEBUG, "setgid(gid = %d): %m", pwd->pw_gid);
+ syslog (LOG_DEBUG | LOG_AUTH, "setgid(gid = %d): %m", pwd->pw_gid);
die (EXIT_FAILURE, "Failed group protections.");
}
@@ -453,7 +453,7 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
# ifdef WITH_PAM
pam_rc = PAM_ABORT;
# endif
- syslog (LOG_DEBUG, "initgroups(%s, %s): %m",
+ syslog (LOG_DEBUG | LOG_AUTH, "initgroups(%s, %s): %m",
pwd->pw_name, pwd->pw_gid);
die (EXIT_FAILURE, "Failed group protections.");
}
@@ -463,7 +463,7 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
pam_rc = pam_setcred (pam_handle, PAM_SILENT | PAM_ESTABLISH_CRED);
if (pam_rc != PAM_SUCCESS)
{
- syslog (LOG_ERR, "pam_setcred: %s",
+ syslog (LOG_ERR | LOG_AUTH, "pam_setcred: %s",
pam_strerror (pam_handle, pam_rc));
pam_rc = PAM_SUCCESS; /* Only report the above anomaly. */
}
@@ -474,7 +474,7 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
#ifdef WITH_PAM
pam_rc = PAM_ABORT;
#endif
- syslog (LOG_DEBUG, "setuid(uid = %d): %m", pwd->pw_uid);
+ syslog (LOG_DEBUG | LOG_AUTH, "setuid(uid = %d): %m", pwd->pw_uid);
die (EXIT_FAILURE, "Failed user identity.");
}
@@ -558,7 +558,8 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
if (chdir (pwd->pw_dir) < 0)
{
if (logging)
- syslog (LOG_NOTICE, "\"%s\" uses invalid \"%s\"", user, pwd->pw_dir);
+ syslog (LOG_NOTICE | LOG_AUTH, "\"%s\" uses invalid \"%s\"",
+ user, pwd->pw_dir);
#ifdef WITH_PAM
pam_rc = PAM_ABORT;
#endif
@@ -582,7 +583,7 @@ doit (int f, struct sockaddr *fromp, socklen_t fromlen)
if (pwd == NULL)
# endif /* HAVE_GETPWNAM_R */
{
- syslog (LOG_ERR, "no user named \"%s\"", user);
+ syslog (LOG_ERR | LOG_AUTH, "no user named \"%s\"", user);
die (EXIT_FAILURE, "Login incorrect.");
}
#endif /* WITH_PAM */
diff --git a/src/rlogind.c b/src/rlogind.c
index 48f1bdc..19dd6ab 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -393,7 +393,7 @@ main (int argc, char *argv[])
iu_argp_init ("rlogind", program_authors);
argp_parse (&argp, argc, argv, 0, &index, NULL);
- openlog ("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
+ openlog ("rlogind", LOG_PID | LOG_CONS, LOG_DAEMON);
argc -= index;
if (argc > 0)
{
@@ -572,7 +572,7 @@ rlogind_auth (int fd, struct auth_data *ap)
}
if (!match)
{
- syslog (LOG_ERR | LOG_AUTH, "cannot find matching IP for %s (%s)",
+ syslog (LOG_ERR | LOG_AUTH, "cannot verify matching IP for %s (%s)",
ap->hostname, inet_ntoa (ap->from.sin_addr));
fatal (fd, "Permission denied", 0);
}
@@ -872,24 +872,27 @@ do_rlogin (int infd, struct auth_data *ap)
pwd = getpwnam (ap->lusername);
if (pwd == NULL)
{
- syslog (LOG_ERR, "no passwd entry for %s", ap->lusername);
+ syslog (LOG_ERR | LOG_AUTH, "no passwd entry for %s", ap->lusername);
fatal (infd, "Permission denied", 0);
}
if (!allow_root && pwd->pw_uid == 0)
{
- syslog (LOG_ERR, "root logins not permitted");
+ syslog (LOG_ERR | LOG_AUTH, "root logins not permitted");
fatal (infd, "Permission denied", 0);
}
#ifdef WITH_IRUSEROK
rc = iruserok (ap->from.sin_addr.s_addr, 0, ap->rusername, ap->lusername);
if (rc)
- syslog (LOG_ERR, "iruserok failed: rusername=%s, lusername=%s",
+ syslog (LOG_ERR | LOG_AUTH,
+ "iruserok failed: rusername=%s, lusername=%s",
ap->rusername, ap->lusername);
#elif defined WITH_RUSEROK
- rc = ruserok (inet_ntoa (ap->from.sin_addr), 0, ap->rusername,
ap->lusername);
+ rc = ruserok (inet_ntoa (ap->from.sin_addr), 0, ap->rusername,
+ ap->lusername);
if (rc)
- syslog (LOG_ERR, "ruserok failed: rusername=%s, lusername=%s",
+ syslog (LOG_ERR | LOG_AUTH,
+ "ruserok failed: rusername=%s, lusername=%s",
ap->rusername, ap->lusername);
#else /* !WITH_IRUSEROK && !WITH_RUSEROK */
#error Unable to use mandatory iruserok/ruserok. This should not happen.
@@ -979,7 +982,7 @@ do_krb4_login (int infd, struct auth_data *ap, const char
**err_msg)
if (pwd == NULL)
{
*err_msg = "getpwnam failed";
- syslog (LOG_ERR, "getpwnam failed: %m");
+ syslog (LOG_ERR | LOG_AUTH, "getpwnam failed: %m");
return 1;
}
/* returns nonzero for no access */
@@ -1019,7 +1022,8 @@ do_krb5_login (int infd, struct auth_data *ap, const char
**err_msg)
if (status = krb5_init_context (&ap->context))
{
- syslog (LOG_ERR, "Error initializing krb5: %s", error_message (status));
+ syslog (LOG_ERR, "Error initializing krb5: %s",
+ error_message (status));
return status;
}
@@ -1072,7 +1076,7 @@ do_krb5_login (int infd, struct auth_data *ap, const char
**err_msg)
if (pwd == NULL)
{
*err_msg = "getpwnam failed";
- syslog (LOG_ERR, "getpwnam failed: %m");
+ syslog (LOG_ERR | LOG_AUTH, "getpwnam failed: %m");
return 1;
}
@@ -1196,7 +1200,7 @@ do_shishi_login (int infd, struct auth_data *ad, const
char **err_msg)
if (pwd == NULL)
{
*err_msg = "getpwnam failed";
- syslog (LOG_ERR, "getpwnam failed: %m");
+ syslog (LOG_ERR | LOG_AUTH, "getpwnam failed: %m");
return 1;
}
@@ -1240,7 +1244,7 @@ do_shishi_login (int infd, struct auth_data *ad, const
char **err_msg)
rc = shishi_authorized_p (ad->h, shishi_ap_tkt (ad->ap), ad->lusername);
if (!rc)
{
- syslog (LOG_ERR, "User is not authorized to log in as: %s",
+ syslog (LOG_ERR | LOG_AUTH, "User is not authorized to log in as: %s",
ad->lusername);
shishi_ap_done (ad->ap);
return 1;
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=cfc0538ce07973f543ed868a350506bb50893fef
commit cfc0538ce07973f543ed868a350506bb50893fef
Author: Mats Erik Andersson <address@hidden>
Date: Sat Jun 9 14:35:00 2012 +0200
ftpd: LPRT transfer request.
diff --git a/ChangeLog b/ChangeLog
index 0161e7a..4611d31 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2012-06-09 Mats Erik Andersson <address@hidden>
+
+ ftpd: Long address transfer request.
+
+ * ftpd/ftpcmd.y (LPRT): New token.
+ (long_host_port): New value returning type.
+ * doc/inetutils.texi (ftpd invocation): Updated.
+
2012-06-07 Mats Erik Andersson <address@hidden>
rexecd: Audit of PAM code.
diff --git a/doc/inetutils.texi b/doc/inetutils.texi
index d048397..002c903 100644
--- a/doc/inetutils.texi
+++ b/doc/inetutils.texi
@@ -2901,6 +2901,7 @@ case of the requests is ignored.
@item EPRT @tab specify data connection port
@item HELP @tab give help information
@item LIST @tab give list files in a directory (``ls -lgA'')
address@hidden LPRT @tab specify data connection port
@item LPSV @tab long passive transfer request
@item MKD @tab make a directory
@item MDTM @tab show last modification time of file
@@ -2947,7 +2948,8 @@ the @code{SITE} request.
The remaining FTP requests specified in RFC 959 are recognized, but
not implemented. The extensions @code{MDTM}, @code{REST},
and @code{SIZE} are specified in RFC 3659, while @code{EPRT}
-and @code{EPSV} appear in RFC 2428, and @code{LPSV} in RFC 1639.
+and @code{EPSV} appear in RFC 2428, @code{LPRT} and @code{LPSV}
+in RFC 1639.
The ftp server will abort an active file transfer only when the
@code{ABOR} command is preceded by a Telnet @samp{Interrupt Process}
diff --git a/ftpd/ftpcmd.y b/ftpd/ftpcmd.y
index 1fd0ac6..1bfe92b 100644
--- a/ftpd/ftpcmd.y
+++ b/ftpd/ftpcmd.y
@@ -50,15 +50,15 @@
/*
* Grammar for FTP commands:
*
- * See RFC 959, RFC 1636 (LPSV), RFC 2428,
+ * See RFC 959, RFC 1639, RFC 2428,
* and RFC 3659 (MDTM, REST, SIZE).
*
* TODO: Update with RFC 3659 (MLST, MLSD).
*
- * TODO: RFC 1639 (LPRT).
- *
* TODO: RFC 2389 (FEAT, OPTS).
*
+ * TODO: RFC 2428 (EPSV ALL).
+ *
* FIXME: Rewrite with GNU standard formatting. Legacy code is changed!
*/
@@ -151,7 +151,7 @@ static void yyerror (const char *s);
STAT HELP NOOP MKD RMD PWD
CDUP STOU SMNT SYST SIZE MDTM
- EPRT EPSV LPSV
+ EPRT EPSV LPRT LPSV
UMASK IDLE CHMOD
@@ -163,7 +163,7 @@ static void yyerror (const char *s);
%type <i> check_login octal_number byte_size
%type <i> struct_code mode_code type_code form_code
%type <s> pathstring pathname password username
-%type <i> host_port net_proto tcp_port
+%type <i> host_port net_proto tcp_port long_host_port
%type <s> net_addr
%start cmd_list
@@ -723,6 +723,48 @@ cmd
}
/*
+ * LPRT is in RFC 1639.
+ */
+ | LPRT check_login SP long_host_port CRLF
+ {
+ if ($2)
+ {
+ if ($4 &&
+ ( his_addr.ss_family == AF_INET
+ && memcmp (&((struct sockaddr_in *)
&his_addr)->sin_addr,
+ &((struct sockaddr_in *)
&data_dest)->sin_addr,
+ sizeof (struct in_addr)) == 0
+ && ntohs (((struct sockaddr_in *)
&data_dest)->sin_port)
+ > IPPORT_RESERVED
+ ||
+ his_addr.ss_family == AF_INET6
+ && memcmp (&((struct sockaddr_in6 *)
&his_addr)->sin6_addr,
+ &((struct sockaddr_in6 *)
&data_dest)->sin6_addr,
+ sizeof (struct in6_addr)) == 0
+ && ntohs (((struct sockaddr_in6 *)
&data_dest)->sin6_port)
+ > IPPORT_RESERVED
+ )
+ )
+ {
+ usedefault = 0;
+ if (pdata >= 0)
+ {
+ close(pdata);
+ pdata = -1;
+ }
+ reply (200, "LPRT command successful.");
+ }
+ else
+ {
+ usedefault = 1;
+ memset (&data_dest, 0,
+ sizeof (data_dest));
+ reply(500, "Illegal LPRT Command");
+ }
+ } /* check_login */
+ }
+
+ /*
* LPSV is in RFC 1639.
*/
| LPSV check_login CRLF
@@ -730,6 +772,7 @@ cmd
if ($2)
passive(PASSIVE_LPSV, 0 /* not used */);
}
+
| QUIT CRLF
{
reply(221, "Goodbye.");
@@ -847,6 +890,138 @@ host_port
}
;
+long_host_port
+ : NUMBER COMMA NUMBER COMMA /* af, hal */
+ NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA /* h */
+ NUMBER COMMA NUMBER COMMA NUMBER /* pal, p */
+ {
+ int err;
+ char a[INET6_ADDRSTRLEN], p[8];
+ struct addrinfo hints, *res;
+
+ /* Well formed input for IPv4? */
+ if ($1 != 4 || $3 != 4 || $13 != 2
+ || $5 < 0 || $5 > 255 || $7 < 0 || $7 > 255
+ || $9 < 0 || $9 > 255 || $11 < 0 || $11 > 255
+ || $15 < 0 || $15 > 255
+ || $17 < 0 || $17 > 255)
+ {
+ reply (500, "Invalid address.");
+ memset (&data_dest, 0, sizeof (data_dest));
+ data_dest_len = 0;
+ $$ = 0;
+ }
+ else
+ {
+ snprintf (a, sizeof (a), "%jd.%jd.%jd.%jd",
+ $5, $7, $9, $11);
+ snprintf (p, sizeof (p), "%jd",
+ ($15 << 8) + $17);
+
+ memset (&hints, 0, sizeof (hints));
+ hints.ai_family = his_addr.ss_family;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV;
+
+ if (his_addr.ss_family == AF_INET6)
+ {
+ /* IPv4 mapped to IPv6. */
+ hints.ai_family = AF_INET6;
+#ifdef AI_V4MAPPED
+ hints.ai_flags |= AI_V4MAPPED;
+#endif
+ snprintf (a, sizeof (a),
+ "::ffff:%jd.%jd.%jd.%jd",
+ $5, $7, $9, $11);
+ }
+
+ err = getaddrinfo (a, p, &hints, &res);
+ if (err)
+ {
+ reply (550, "LPRT address failure: %s,%s",
+ a, p);
+ memset (&data_dest, 0, sizeof (data_dest));
+ data_dest_len = 0;
+ $$ = 0;
+ }
+ else
+ {
+ memcpy (&data_dest, res->ai_addr,
+ res->ai_addrlen);
+ data_dest_len = res->ai_addrlen;
+ freeaddrinfo (res);
+ $$ = 1;
+ }
+ }
+ }
+ | NUMBER COMMA NUMBER COMMA /* af, hal */
+ NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA /* h */
+ NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
+ NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
+ NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
+ NUMBER COMMA NUMBER COMMA NUMBER /* pal, p */
+ {
+ int err;
+ char a[INET6_ADDRSTRLEN], p[8];
+ struct addrinfo hints, *res;
+
+ /* Well formed input for IPv6? */
+ if ($1 != 6 || $3 != 16 || $37 != 2
+ || $5 < 0 || $5 > 255 || $7 < 0 || $7 > 255
+ || $9 < 0 || $9 > 255 || $11 < 0 || $11 > 255
+ || $13 < 0 || $13 > 255 || $15 < 0 || $15 > 255
+ || $17 < 0 || $17 > 255 || $19 < 0 || $19 > 255
+ || $21 < 0 || $21 > 255 || $23 < 0 || $23 > 255
+ || $25 < 0 || $25 > 255 || $27 < 0 || $27 > 255
+ || $29 < 0 || $29 > 255 || $31 < 0 || $31 > 255
+ || $33 < 0 || $33 > 255 || $35 < 0 || $35 > 255
+ || $39 < 0 || $39 > 255 || $41 < 0 || $41 > 255)
+ {
+ reply (500, "Invalid address.");
+ memset (&data_dest, 0, sizeof (data_dest));
+ data_dest_len = 0;
+ $$ = 0;
+ }
+ else
+ {
+ snprintf (a, sizeof (a),
+ "%02jx%02jx:%02jx%02jx:"
+ "%02jx%02jx:%02jx%02jx:"
+ "%02jx%02jx:%02jx%02jx:"
+ "%02jx%02jx:%02jx%02jx",
+ $5, $7, $9, $11,
+ $13, $15, $17, $19,
+ $21, $23, $25, $27,
+ $29, $31, $33, $35);
+ snprintf (p, sizeof (p), "%jd",
+ ($39 << 8) + $41);
+
+ memset (&hints, 0, sizeof (hints));
+ hints.ai_family = his_addr.ss_family;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV;
+
+ err = getaddrinfo (a, p, &hints, &res);
+ if (err)
+ {
+ reply (550, "LPRT address failure: %s,%s",
+ a, p);
+ memset (&data_dest, 0, sizeof (data_dest));
+ data_dest_len = 0;
+ $$ = 0;
+ }
+ else
+ {
+ memcpy (&data_dest, res->ai_addr,
+ res->ai_addrlen);
+ data_dest_len = res->ai_addrlen;
+ freeaddrinfo (res);
+ $$ = 1;
+ }
+ }
+ }
+ ;
+
form_code
: N
{
@@ -1077,6 +1252,7 @@ struct tab cmdtab[] = { /* In order defined in
RFC 765 */
{ "MDTM", MDTM, OSTR, 1, "<sp> path-name" },
{ "EPRT", EPRT, DLIST, 1, "<sp> <d> proto <d> addr <d> port <d>"
},
{ "EPSV", EPSV, ARGS, 1, "[ <sp> af ]" },
+ { "LPRT", LPRT, ARGS, 1, "<sp> af,hal,h0..hn,2,p0,p1" },
{ "LPSV", LPSV, ARGS, 1, "(set server in long passive mode)" },
{ NULL, 0, 0, 0, 0 }
};
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 18 +++++
doc/inetutils.texi | 4 +-
ftpd/ftpcmd.y | 186 ++++++++++++++++++++++++++++++++++++++++++++++++++--
src/rexecd.c | 17 +++--
src/rlogind.c | 28 +++++----
5 files changed, 227 insertions(+), 26 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-112-ge3c1d1e,
Mats Erik Andersson <=