summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--libexec/ftp-proxy/ftp-proxy.c135
-rw-r--r--libexec/ftp-proxy/getline.c7
-rw-r--r--libexec/ftp-proxy/util.c29
-rw-r--r--libexec/ftp-proxy/util.h5
4 files changed, 76 insertions, 100 deletions
diff --git a/libexec/ftp-proxy/ftp-proxy.c b/libexec/ftp-proxy/ftp-proxy.c
index 51c70b01c30..551f62e2950 100644
--- a/libexec/ftp-proxy/ftp-proxy.c
+++ b/libexec/ftp-proxy/ftp-proxy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ftp-proxy.c,v 1.12 2001/08/22 05:28:16 beck Exp $ */
+/* $OpenBSD: ftp-proxy.c,v 1.13 2001/08/28 19:35:04 deraadt Exp $ */
/*
* Copyright (c) 1996-2001
@@ -27,7 +27,7 @@
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
+ *
*/
/*
@@ -143,8 +143,6 @@ char OurName[NI_MAXHOST];
char *User, *Group;
-char *argstr = "D:g:m:M:t:u:AnVwr";
-
extern int Debug_Level;
extern int Use_Rdns;
extern char *__progname;
@@ -166,16 +164,16 @@ usage()
{
syslog(LOG_NOTICE,
"usage: %s [-ArVw] [-t timeout] [-D debuglevel] %s",
- __progname, "[-m min_port] [-M max_port ]\n");
+ __progname, "[-m min_port] [-M max_port]\n");
exit(EX_USAGE);
}
-static void
+static void
close_client_data()
{
- if (client_data_socket >= 0) {
- shutdown(client_data_socket,2);
+ if (client_data_socket >= 0) {
+ shutdown(client_data_socket, 2);
close(client_data_socket);
client_data_socket = -1;
}
@@ -184,9 +182,9 @@ close_client_data()
static void
close_server_data()
-{
+{
if (server_data_socket >= 0) {
- shutdown(server_data_socket,2);
+ shutdown(server_data_socket, 2);
close(server_data_socket);
server_data_socket = -1;
}
@@ -197,9 +195,9 @@ static void
drop_privs()
{
struct passwd *pw;
- struct group *gr;
- int uid = 0;
- int gid = 0;
+ struct group *gr;
+ uid_t uid = 0;
+ gid_t gid = 0;
if (User != NULL) {
pw = getpwnam(User);
@@ -218,8 +216,7 @@ drop_privs()
exit(EX_USAGE);
}
gid = gr->gr_gid;
- }
-
+ }
if (gid != 0 && (setegid(gid) == -1 || setgid(gid) == -1)) {
syslog(LOG_ERR, "can't drop group privs (%m)");
@@ -232,19 +229,14 @@ drop_privs()
}
}
-
-
-
/*
* Check a connection against the tcpwrapper, log if we're going to
* reject it, returns: 0 -> reject, 1 -> accept. We add in hostnames
* if we are set to do reverse DNS, otherwise no.
*/
-
static int
check_host(struct sockaddr_in *client_sin, struct sockaddr_in *server_sin)
{
-
char cname[NI_MAXHOST];
char sname[NI_MAXHOST];
struct request_info request;
@@ -267,7 +259,7 @@ check_host(struct sockaddr_in *client_sin, struct sockaddr_in *server_sin)
sizeof(cname), NULL, 0, NI_NAMEREQD);
if (i == -1)
strlcpy(cname, STRING_UNKNOWN, sizeof(cname));
-
+
i = getnameinfo(
(struct sockaddr *)&server_sin->sin_addr,
sizeof(&server_sin->sin_addr), sname,
@@ -300,14 +292,13 @@ wallclock_time()
{
struct timeval tv;
- gettimeofday(&tv,NULL);
+ gettimeofday(&tv, NULL);
return(tv.tv_sec + tv.tv_usec / 1e6);
}
/*
* Show the stats for this data transfer
*/
-
void
show_xfer_stats()
{
@@ -415,7 +406,6 @@ log_control_command (char *cmd, int client)
int
new_dataconn(int server)
{
-
/*
* Close existing data conn.
*/
@@ -466,7 +456,7 @@ new_dataconn(int server)
-static void
+static void
connect_pasv_backchannel()
{
struct sockaddr_in listen_sa;
@@ -512,7 +502,7 @@ connect_pasv_backchannel()
-static void
+static void
connect_port_backchannel()
{
struct sockaddr_in listen_sa;
@@ -539,16 +529,13 @@ connect_port_backchannel()
server_listen_socket = -1;
if (getuid() != 0) {
-
- /*
+ /*
* We're not running as root, so we get a backchannel
- * socket bound in our designated range, instead of
+ * socket bound in our designated range, instead of
* getting one bound to port 20 - This is deliberately
* not RFC compliant.
*/
-
- bzero(&listen_sa.sin_addr,
- sizeof(struct in_addr));
+ bzero(&listen_sa.sin_addr, sizeof(struct in_addr));
client_data_socket = get_backchannel_socket(SOCK_STREAM,
min_port, max_port, -1, 1, &listen_sa);
if (client_data_socket < 0) {
@@ -560,15 +547,13 @@ connect_port_backchannel()
/*
* We're root, get our backchannel socket bound to port
- * 20 here, so we're fully RFC compliant.
+ * 20 here, so we're fully RFC compliant.
*/
-
client_data_socket = socket(AF_INET, SOCK_STREAM, 0);
salen = 1;
listen_sa.sin_family = AF_INET;
- bzero(&listen_sa.sin_addr,
- sizeof(struct in_addr));
+ bzero(&listen_sa.sin_addr, sizeof(struct in_addr));
listen_sa.sin_port = htons(20);
if (setsockopt(client_data_socket, SOL_SOCKET, SO_REUSEADDR,
@@ -583,7 +568,7 @@ connect_port_backchannel()
exit(EX_OSERR);
}
}
-
+
if (connect(client_data_socket, (struct sockaddr *) &client_listen_sa,
sizeof(client_listen_sa)) != 0) {
syslog(LOG_INFO, "can't connect data connection (%m)");
@@ -599,7 +584,7 @@ connect_port_backchannel()
void
do_client_cmd(struct csiob *client, struct csiob *server)
{
- int i,j,rv;
+ int i, j, rv;
char tbuf[100];
char *sendbuf = NULL;
@@ -645,7 +630,7 @@ do_client_cmd(struct csiob *client, struct csiob *server)
} else
sendbuf = client->line_buffer;
} else if ((strncasecmp((char *)client->line_buffer, "eprt ",
- strlen("eprt ")) == 0)) {
+ strlen("eprt ")) == 0)) {
/* Watch out for EPRT commands */
char *line = NULL, *q, *p, *result[3], delim;
@@ -702,7 +687,7 @@ do_client_cmd(struct csiob *client, struct csiob *server)
debuglog(1, "we want server to use %s:%u\n",
inet_ntoa(server->sa.sin_addr),
- ntohs(server_listen_sa.sin_port));
+ ntohs(server_listen_sa.sin_port));
snprintf(tbuf, sizeof(tbuf), "EPRT |%d|%s|%u|\r\n", 1,
inet_ntoa(server->sa.sin_addr),
@@ -741,7 +726,7 @@ out:
j += rv;
} while (j >= 0 && j < i);
}
- } else if (!NatMode && (strncasecmp((char *)client->line_buffer,
+ } else if (!NatMode && (strncasecmp((char *)client->line_buffer,
"epsv", strlen("epsv")) == 0)) {
/*
@@ -786,17 +771,17 @@ out:
i = sscanf(tailptr, "%u,%u,%u,%u,%u,%u", &values[0],
&values[1], &values[2], &values[3], &values[4],
&values[5]);
- if (i != 6) {
- syslog(LOG_INFO, "malformed PORT command (%s)",
+ if (i != 6) {
+ syslog(LOG_INFO, "malformed PORT command (%s)",
client->line_buffer);
exit(EX_DATAERR);
}
- for (i=0; i<6; i++)
+ for (i = 0; i<6; i++)
if (values[i] > 255) {
- syslog(LOG_INFO,
+ syslog(LOG_INFO,
"malformed PORT command (%s)",
- client->line_buffer);
+ client->line_buffer);
exit(EX_DATAERR);
}
@@ -820,7 +805,7 @@ out:
debuglog(1, "we want server to use %s:%u\n",
inet_ntoa(server->sa.sin_addr),
- ntohs(server_listen_sa.sin_port));
+ ntohs(server_listen_sa.sin_port));
snprintf(tbuf, sizeof(tbuf), "PORT %u,%u,%u,%u,%u,%u\r\n",
((u_char *)&server->sa.sin_addr.s_addr)[0],
@@ -892,7 +877,7 @@ do_server_reply(struct csiob *server, struct csiob *client)
debuglog(1, "Got a PASV reply\n");
debuglog(1, "{%s}\n", (char *)server->line_buffer);
- tailptr = strchr((char *)server->line_buffer,'(');
+ tailptr = strchr((char *)server->line_buffer, '(');
if (tailptr == NULL) {
syslog(LOG_NOTICE, "malformed 227 reply");
exit(EX_DATAERR);
@@ -905,15 +890,15 @@ do_server_reply(struct csiob *server, struct csiob *client)
i = sscanf(tailptr, "(%u,%u,%u,%u,%u,%u)", &values[0],
&values[1], &values[2], &values[3], &values[4],
&values[5]);
- if (i != 6) {
- syslog(LOG_INFO, "malformed PASV reply (%s)",
+ if (i != 6) {
+ syslog(LOG_INFO, "malformed PASV reply (%s)",
client->line_buffer);
exit(EX_DATAERR);
}
- for (i=0; i<6; i++)
+ for (i = 0; i<6; i++)
if (values[i] > 255) {
syslog(LOG_INFO, "malformed PASV reply(%s)",
- client->line_buffer);
+ client->line_buffer);
exit(EX_DATAERR);
}
@@ -965,14 +950,13 @@ int
main(int argc, char **argv)
{
struct csiob client_iob, server_iob;
- struct timeval tv;
- long timeout_seconds = 0;
struct sigaction new_sa, old_sa;
int sval, ch, salen, flags, i;
- int use_tcpwrapper = 0;
- int one = 1;
+ int use_tcpwrapper = 0, one = 1;
+ long timeout_seconds = 0;
+ struct timeval tv;
- while ((ch = getopt(argc, argv, argstr)) != -1) {
+ while ((ch = getopt(argc, argv, "D:g:m:M:t:u:AnVwr")) != -1) {
char *p;
switch (ch) {
case 'A':
@@ -1049,10 +1033,8 @@ main(int argc, char **argv)
* RFC compliant. This shouldn't cause problems for all but
* the stupidest ftp clients and the stupidest packet filters.
*/
-
drop_privs();
-
/*
* We check_host after get_proxy_env so that checks are done
* against the original destination endpoint, not the endpoint
@@ -1088,14 +1070,14 @@ main(int argc, char **argv)
client_iob.fd = 0;
- /* Check to see if we have a timeout defined, if so,
+ /*
+ * Check to see if we have a timeout defined, if so,
* set a timeout for this select call to that value, so
* we may time out if don't see any data in timeout
* seconds.
*/
tv.tv_sec = timeout_seconds;
tv.tv_usec = 0;
- timeout_seconds=tv.tv_sec;
debuglog(1, "client is %s:%u\n", ClientName,
ntohs(client_iob.sa.sin_port));
@@ -1174,7 +1156,7 @@ main(int argc, char **argv)
while (client_iob.alive || server_iob.alive) {
int maxfd = 0;
fd_set *fdsp;
-
+
if (client_iob.fd > maxfd)
maxfd = client_iob.fd;
if (client_listen_socket > maxfd)
@@ -1187,12 +1169,12 @@ main(int argc, char **argv)
maxfd = server_listen_socket;
if (server_data_socket > maxfd)
maxfd = server_data_socket;
-
+
debuglog(3, "client is %s, server is %s\n",
client_iob.alive ? "alive" : "dead",
server_iob.alive ? "alive" : "dead");
- fdsp = (fd_set *)calloc(howmany(maxfd + 1, NFDBITS),
+ fdsp = (fd_set *)calloc(howmany(maxfd + 1, NFDBITS),
sizeof(fd_mask));
if (fdsp == NULL) {
syslog(LOG_NOTICE, "Insufficient memory");
@@ -1239,19 +1221,19 @@ main(int argc, char **argv)
* for any passing mourners.
*/
syslog(LOG_INFO,
- "timeout, no data for %ld seconds",
- timeout_seconds);
+ "timeout, no data for %ld seconds",
+ timeout_seconds);
exit(EX_OK);
}
if (sval == -1) {
if (errno == EINTR || errno == EAGAIN)
goto doselect;
syslog(LOG_NOTICE,
- "select failed (%m) - exiting");
+ "select failed (%m) - exiting");
exit(EX_OSERR);
}
if (client_data_socket >= 0 &&
- FD_ISSET(client_data_socket,fdsp)) {
+ FD_ISSET(client_data_socket, fdsp)) {
int rval;
debuglog(3, "xfer client to server\n");
@@ -1268,7 +1250,7 @@ main(int argc, char **argv)
client_data_bytes += rval;
}
if (server_data_socket >= 0 &&
- FD_ISSET(server_data_socket,fdsp)) {
+ FD_ISSET(server_data_socket, fdsp)) {
int rval;
debuglog(3, "xfer server to client\n");
@@ -1285,19 +1267,19 @@ main(int argc, char **argv)
server_data_bytes += rval;
}
if (server_listen_socket >= 0 &&
- FD_ISSET(server_listen_socket,fdsp)) {
+ FD_ISSET(server_listen_socket, fdsp)) {
connect_port_backchannel();
}
if (client_listen_socket >= 0 &&
- FD_ISSET(client_listen_socket,fdsp)) {
+ FD_ISSET(client_listen_socket, fdsp)) {
connect_pasv_backchannel();
}
if (client_iob.alive &&
- FD_ISSET(client_iob.fd,fdsp)) {
+ FD_ISSET(client_iob.fd, fdsp)) {
client_iob.data_available = 1;
}
if (server_iob.alive &&
- FD_ISSET(server_iob.fd,fdsp)) {
+ FD_ISSET(server_iob.fd, fdsp)) {
server_iob.data_available = 1;
}
}
@@ -1309,12 +1291,11 @@ main(int argc, char **argv)
client_iob.alive = 0;
}
if (server_iob.got_eof) {
- shutdown(client_iob.fd,1);
- shutdown(server_iob.fd,0);
+ shutdown(client_iob.fd, 1);
+ shutdown(server_iob.fd, 0);
server_iob.got_eof = 0;
server_iob.alive = 0;
- }
-
+ }
}
exit(EX_OK);
}
diff --git a/libexec/ftp-proxy/getline.c b/libexec/ftp-proxy/getline.c
index bf70a1b5fc2..c63231cbd4a 100644
--- a/libexec/ftp-proxy/getline.c
+++ b/libexec/ftp-proxy/getline.c
@@ -33,11 +33,6 @@
* @(#)ftpcmd.y 5.24 (Berkeley) 2/25/91
*/
-/*
- * RCS information:
- * $Id: getline.c,v 1.2 2001/08/19 13:43:09 deraadt Exp $
- */
-
#include <sys/types.h>
#include <sys/socket.h>
@@ -268,7 +263,7 @@ telnet_getline(register struct csiob *iobp, struct csiob *telnet_passthrough)
/* +1 is for the newline */
clen = (ix+1) - iobp->next_byte;
memcpy(iobp->line_buffer, &iobp->io_buffer[iobp->next_byte],
- clen);
+ clen);
iobp->next_byte += clen;
iobp->line_buffer[clen] = '\0';
diff --git a/libexec/ftp-proxy/util.c b/libexec/ftp-proxy/util.c
index ddacd35e6a9..35780125c7c 100644
--- a/libexec/ftp-proxy/util.c
+++ b/libexec/ftp-proxy/util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: util.c,v 1.2 2001/08/19 13:43:09 deraadt Exp $ */
+/* $OpenBSD: util.c,v 1.3 2001/08/28 19:35:04 deraadt Exp $ */
/*
* Copyright (c) 1996-2001
@@ -65,30 +65,30 @@ void
debuglog(int debug_level, const char *fmt, ...)
{
va_list ap;
- va_start(ap,fmt);
+ va_start(ap, fmt);
if (Debug_Level >= debug_level)
vsyslog(LOG_DEBUG, fmt, ap);
}
int
-get_proxy_env(int connected_fd, struct sockaddr_in *real_server_sa_ptr,
+get_proxy_env(int connected_fd, struct sockaddr_in *real_server_sa_ptr,
struct sockaddr_in *client_sa_ptr)
{
- struct pf_natlook natlook, *natlookp;
+ struct pf_natlook natlook;
char *client;
int slen, fd;
slen = sizeof(*real_server_sa_ptr);
if (getsockname(connected_fd, (struct sockaddr *)real_server_sa_ptr,
&slen) != 0) {
- syslog(LOG_ERR,"getsockname failed (%m)");
+ syslog(LOG_ERR, "getsockname failed (%m)");
return(-1);
}
slen = sizeof(*client_sa_ptr);
if (getpeername(connected_fd, (struct sockaddr *)client_sa_ptr,
&slen) != 0) {
- syslog(LOG_ERR,"getpeername failed (%m)");
+ syslog(LOG_ERR, "getpeername failed (%m)");
return(-1);
}
@@ -119,8 +119,7 @@ get_proxy_env(int connected_fd, struct sockaddr_in *real_server_sa_ptr,
exit(EX_UNAVAILABLE);
}
- natlookp = &natlook;
- if (ioctl(fd, DIOCNATLOOK, natlookp) == -1) {
+ if (ioctl(fd, DIOCNATLOOK, &natlook) == -1) {
syslog(LOG_INFO,
"pf nat lookup failed (%m), connection from %s:%hu",
client, ntohs(client_sa_ptr->sin_port));
@@ -134,8 +133,8 @@ get_proxy_env(int connected_fd, struct sockaddr_in *real_server_sa_ptr,
* destination sockaddr_in for the proxy to deal with.
*/
memset((void *)real_server_sa_ptr, 0, sizeof(struct sockaddr_in));
- real_server_sa_ptr->sin_port = natlookp->rdport;
- real_server_sa_ptr->sin_addr.s_addr = natlookp->rdaddr;
+ real_server_sa_ptr->sin_port = natlook.rdport;
+ real_server_sa_ptr->sin_addr.s_addr = natlook.rdaddr;
real_server_sa_ptr->sin_len = sizeof(struct sockaddr_in);
real_server_sa_ptr->sin_family = AF_INET;
return(0);
@@ -169,7 +168,7 @@ xfer_data(const char *what_read,int from_fd, int to_fd, struct in_addr from,
flags = MSG_OOB; /* Yes - at the OOB mark */
snarf:
- rlen = recv(from_fd,tbuf,sizeof(tbuf), flags);
+ rlen = recv(from_fd, tbuf, sizeof(tbuf), flags);
if (rlen == -1 && flags == MSG_OOB && errno == EINVAL) {
/* OOB didn't work */
flags = 0;
@@ -182,7 +181,7 @@ snarf:
if (errno == EAGAIN || errno == EINTR)
goto snarf;
xerrno = errno;
- syslog(LOG_ERR,"(xfer_data:%s) - failed (%m) with flags 0%o",
+ syslog(LOG_ERR, "(xfer_data:%s) - failed (%m) with flags 0%o",
what_read, flags);
errno = xerrno;
return(-1);
@@ -196,17 +195,17 @@ snarf:
wlen = send(to_fd, &tbuf[offset], rlen - offset,
flags);
if (wlen == 0) {
- debuglog(3,"zero length write");
+ debuglog(3, "zero length write");
goto fling;
} else if (wlen == -1) {
if (errno == EAGAIN || errno == EINTR)
goto fling;
xerrno = errno;
- syslog(LOG_INFO,"write failed (%m)");
+ syslog(LOG_INFO, "write failed (%m)");
errno = xerrno;
return(-1);
} else {
- debuglog(3,"wrote %d bytes to socket\n",wlen);
+ debuglog(3, "wrote %d bytes to socket\n",wlen);
offset += wlen;
}
}
diff --git a/libexec/ftp-proxy/util.h b/libexec/ftp-proxy/util.h
index 3e9e33ede98..c7262d175cd 100644
--- a/libexec/ftp-proxy/util.h
+++ b/libexec/ftp-proxy/util.h
@@ -1,4 +1,5 @@
-/* $OpenBSD: util.h,v 1.1 2001/08/19 04:11:12 beck Exp $ */
+/* $OpenBSD: util.h,v 1.2 2001/08/28 19:35:04 deraadt Exp $ */
+
/*
* Copyright (c) 1996-2001
* Obtuse Systems Corporation. All rights reserved.
@@ -60,7 +61,7 @@ extern int get_proxy_env(int fd, struct sockaddr_in *server_sa_ptr,
extern int get_backchannel_socket(int type, int min_port, int max_port,
int start_port, int direction, struct sockaddr_in *sap);
-extern int xfer_data(const char *what_read, int from_fd, int to_fd,
+extern int xfer_data(const char *what_read, int from_fd, int to_fd,
struct in_addr from, struct in_addr to);
extern char *ProgName;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.