summaryrefslogtreecommitdiffstats
path: root/libexec/ftp-proxy (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* KNF during an audit; found an improperly initialized sockaddrderaadt2002-05-236-118/+85
|
* o End a sentence with a period, not a comma; Hans-Joerg Hoexermillert2002-05-191-7/+8
| | | | o Start all sentences on a new line (me)
* We need ftp-proxy only on loopback.mpech2002-03-271-2/+2
| | | | todd@, beck@ ok
* Pass full length to strlcat(). From Brian Poole.dhartmei2002-03-121-5/+6
|
* Fix memory leak in get_proxy_env().mpech2002-02-151-9/+3
| | | | deraadt@ ok
* missing perioditojun2002-02-011-2/+2
|
* print proper host name for the proxy's peer; bob okmickey2002-01-101-4/+4
|
* RFC 959 wasn't clear about what happens around a PASV reply, and inbeck2001-12-141-5/+8
| | | | | | | fact RFC 1123 does say that it may not contain parenthesis, and you just have to look at the end of the line. Tholo managed to find a TOPS20 ftp server (toad.xkl.com) that doesn't put parens around the reply - This fixes it so it will handle either case.
* kill more registers;mpech2001-12-071-6/+6
| | | | millert@ ok
* comment typo, and $OpenBSD$ (thanks pval)beck2001-12-061-1/+2
|
* Fix realloc in getline so we exit on failure - in this context it's sillybeck2001-12-061-4/+10
| | | | | to try to continue and hold on to the same memory if we can't get memory to hold a control command. log and fail instead. (absurdity spotted by theo)
* use .Nm morederaadt2001-12-061-5/+8
|
* don't use "you" in a man page.beck2001-12-061-5/+4
|
* *** empty log message ***beck2001-12-061-7/+7
|
* typodhartmei2001-12-051-3/+3
|
* Explain that filter rules need to let pass connections to the proxy portsdhartmei2001-12-051-1/+20
| | | | in, why this is so, and how it's done.
* Ignore leading whitespace in commands. From Frank Denis. Closes PR 2226.dhartmei2001-12-031-0/+5
|
* Remove the last line, pf does support IPv6 now.dhartmei2001-12-031-3/+1
| | | | From Dries Schellekens. Closes PR 2221.
* fix multi-line contunuations - ok deraadt@beck2001-10-101-2/+13
|
* Drop privs to named group, not group with same name as user.beck2001-09-211-2/+2
| | | | | | noticed by itojun, thanks. fries, you need to catch this for what you're using with faithd
* IPv6 support from Ryan McBride (mcbride@countersiege.com)frantzen2001-09-151-4/+6
|
* -Make ftp-proxy drop privs to user "proxy" by default.beck2001-09-053-12/+15
| | | | | | | *WARNING* this means that it will die when it can't find user proxy if you are not running with a passwd database generated from current - Speling cleanup and missing va_end() noticed by <d.doroshenko@omnitel.net> - fix logging of getpwnam|getgrnam failures.
* s/pf_natlook/pfioc_natlook (ioctl parameter struct)dhartmei2001-09-051-2/+2
|
* remove unneeded code (this is done later)beck2001-08-281-10/+1
|
* oh, some cleanups etc etcderaadt2001-08-284-100/+76
|
* oopsbeck2001-08-221-3/+3
|
* Fixes for my worst abuses of nroff from mpech@beck2001-08-221-30/+42
| | | | Add a sentence at the start for espie in dumb user mode :)
* Duh.beck2001-08-221-8/+10
|
* -Functionify some of the main loop, so it isn't so horrificly deep and isbeck2001-08-222-234/+326
| | | | | | | | | | | | | a bit easier to look at, for small values of easier. -Add two options for -u user and -g group to optionally make the proxy drop privs after doing it's pf ioctl's to find out where to go. Running as non root does mean that the PORT and EPRT backchannels do not come from port 20, but this isn't a problem for most sensible ftp clients and sets of packet filter rules that aren't written by a knuckle dragging ape living in the 90's. I would make it drop privs by default, but technically this breaks the ftp specs, and for the upcoming stuff to deal with EPRT, we will need root privs to manipulate rdr rules).
* unsmokecrack - thanks millertbeck2001-08-191-22/+20
|
* decruftify with prejudicebeck2001-08-191-37/+25
|
* decruftifybeck2001-08-191-29/+8
|
* Argh. I must be wearing a stupid sign todaybeck2001-08-191-2/+2
|
* bye bye atoi.beck2001-08-191-8/+21
|
* oopsbeck2001-08-191-3/+3
|
* I'm a knuckle-dragging moron, the fd_set is overflowable - make it sobeck2001-08-191-28/+39
| | | | it isn't.
* 1564 lines of cleanupderaadt2001-08-194-367/+294
|
* KNFbeck2001-08-191-11/+5
|
* gratuitous KNFism's, don't have it looking like it's your first daybeck2001-08-191-13/+8
| | | | with your new crack pipe
* transparent ftp proxy, based on Obtuse Systems juniper stuff with muchbeck2001-08-196-0/+2157
modernizing and cleanup. still needs looking at. Currently supports PORT PASV EPRT data connections with only a pf rdr to capture the control connection. (I.E. you don't need ip forwarding or other NAT stuff). Runs from inetd. Supports all passive (EPSV PASV) when using -n flag, where the proxy ignores passive mode data connections (and assumes nat will get them through). Todo yet: More audit IpV6 Handle EPSV in proxy (with an rdr added then removed) Option to Daemonize and bind only to the loopback More Content/Login filtering, etc. etc. and more bloat
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.