Don't log user passwords when debug is turned on with -d.

Set "home" to "/" when logging in as a guest.
Don't syslog() trailing CR-LF when using -d.
Don't timestamp connect message, syslog() already does that.
Don't timestamp timeout message, syslog() already does that.
Minor whitespace cleanups.
from Craig Leres (leres@ee.lbl.gov)

SCCS-vsn: libexec/ftpd/ftpd.c 5.41
SCCS-vsn: libexec/ftpd/ftpcmd.y 5.25

diff --git a/usr/src/libexec/ftpd/ftpcmd.y b/usr/src/libexec/ftpd/ftpcmd.y
index e25f049..016763d 100644 (file)
--- a/usr/src/libexec/ftpd/ftpcmd.y
+++ b/usr/src/libexec/ftpd/ftpcmd.y
@@ -4,7 +4,7 @@
  *
  * %sccs.include.redist.c%
  *
  *
  * %sccs.include.redist.c%
  *

- *     @(#)ftpcmd.y    5.24 (Berkeley) %G%
+ *     @(#)ftpcmd.y    5.25 (Berkeley) %G%

  */
 
 /*
  */
 
 /*


@@ -15,7 +15,7 @@
 %{
 
 #ifndef lint
 %{
 
 #ifndef lint

-static char sccsid[] = "@(#)ftpcmd.y   5.24 (Berkeley) %G%";
+static char sccsid[] = "@(#)ftpcmd.y   5.25 (Berkeley) %G%";

 #endif /* not lint */
 
 #include <sys/param.h>
 #endif /* not lint */
 
 #include <sys/param.h>


@@ -209,7 +209,7 @@ cmd:                USER SP username CRLF
                }
        |       NLST check_login SP STRING CRLF
                = {
                }
        |       NLST check_login SP STRING CRLF
                = {

-                       if ($2 && $4 != NULL) 
+                       if ($2 && $4 != NULL)

                                send_file_list((char *) $4);
                        if ($4 != NULL)
                                free((char *) $4);
                                send_file_list((char *) $4);
                        if ($4 != NULL)
                                free((char *) $4);


@@ -474,7 +474,7 @@ rcmd:               RNFR check_login SP pathname CRLF
                        }
                }
        ;
                        }
                }
        ;

-               
+

 username:      STRING
        ;
 
 username:      STRING
        ;
 


@@ -488,7 +488,7 @@ password:   /* empty */
 byte_size:     NUMBER
        ;
 
 byte_size:     NUMBER
        ;
 

-host_port:     NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 
+host_port:     NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA

                NUMBER COMMA NUMBER
                = {
                        register char *a, *p;
                NUMBER COMMA NUMBER
                = {
                        register char *a, *p;


@@ -795,24 +795,36 @@ getline(s, n, iop)
        if (c == EOF && cs == s)
                return (NULL);
        *cs++ = '\0';
        if (c == EOF && cs == s)
                return (NULL);
        *cs++ = '\0';

-       if (debug)
-               syslog(LOG_DEBUG, "command: %s", s);
+       if (debug) {
+               if (!guest && strncasecmp("pass ", s, 5) == 0) {
+                       /* Don't syslog passwords */
+                       syslog(LOG_DEBUG, "command: %.5s ???", s);
+               } else {
+                       register char *cp;
+                       register int len;
+
+                       /* Don't syslog trailing CR-LF */
+                       len = strlen(s);
+                       cp = s + len - 1;
+                       while (cp >= s && (*cp == '\n' || *cp == '\r')) {
+                               --cp;
+                               --len;
+                       }
+                       syslog(LOG_DEBUG, "command: %.*s", len, s);
+               }
+       }

        return (s);
 }
 
 static void
 toolong()
 {
        return (s);
 }
 
 static void
 toolong()
 {

-       time_t now;

 
        reply(421,
 
        reply(421,

-         "Timeout (%d seconds): closing control connection.", timeout);
-       (void) time(&now);
-       if (logging) {
-               syslog(LOG_INFO,
-                       "User %s timed out after %d seconds at %s",
-                       (pw ? pw -> pw_name : "unknown"), timeout, ctime(&now));
-       }
+           "Timeout (%d seconds): closing control connection.", timeout);
+       if (logging)
+               syslog(LOG_INFO, "User %s timed out after %d seconds",
+                   (pw ? pw -> pw_name : "unknown"), timeout);

        dologout(1);
 }
 
        dologout(1);
 }
 

diff --git a/usr/src/libexec/ftpd/ftpd.c b/usr/src/libexec/ftpd/ftpd.c
index 025a0b9..f3f585b 100644 (file)
--- a/usr/src/libexec/ftpd/ftpd.c
+++ b/usr/src/libexec/ftpd/ftpd.c
@@ -12,7 +12,7 @@ char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
 #endif /* not lint */
 
 #ifndef lint

-static char sccsid[] = "@(#)ftpd.c     5.40 (Berkeley) %G%";
+static char sccsid[] = "@(#)ftpd.c     5.41 (Berkeley) %G%";

 #endif /* not lint */
 
 /*
 #endif /* not lint */
 
 /*


@@ -478,6 +478,7 @@ pass(passwd)
                if (logging)
                        syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s, %s",
                            remotehost, passwd);
                if (logging)
                        syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s, %s",
                            remotehost, passwd);

+               home = "/";             /* guest home dir for globbing */

        } else {
                reply(230, "User %s logged in.", pw->pw_name);
 #ifdef SETPROCTITLE
        } else {
                reply(230, "User %s logged in.", pw->pw_name);
 #ifdef SETPROCTITLE


@@ -487,8 +488,8 @@ pass(passwd)
                if (logging)
                        syslog(LOG_INFO, "FTP LOGIN FROM %s, %s",
                            remotehost, pw->pw_name);
                if (logging)
                        syslog(LOG_INFO, "FTP LOGIN FROM %s, %s",
                            remotehost, pw->pw_name);

+               home = pw->pw_dir;      /* home dir for globbing */

        }
        }

-       home = pw->pw_dir;              /* home dir for globbing */

        (void) umask(defumask);
        return;
 bad:
        (void) umask(defumask);
        return;
 bad:


@@ -1080,8 +1081,6 @@ dolog(sin)
 {
        struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
                sizeof (struct in_addr), AF_INET);
 {
        struct hostent *hp = gethostbyaddr((char *)&sin->sin_addr,
                sizeof (struct in_addr), AF_INET);

-       time_t t, time();
-       extern char *ctime();

 
        if (hp)
                (void) strncpy(remotehost, hp->h_name, sizeof (remotehost));
 
        if (hp)
                (void) strncpy(remotehost, hp->h_name, sizeof (remotehost));


@@ -1093,11 +1092,8 @@ dolog(sin)
        setproctitle(proctitle);
 #endif /* SETPROCTITLE */
 
        setproctitle(proctitle);
 #endif /* SETPROCTITLE */
 

-       if (logging) {
-               t = time((time_t *) 0);
-               syslog(LOG_INFO, "connection from %s at %s",
-                   remotehost, ctime(&t));
-       }
+       if (logging)
+               syslog(LOG_INFO, "connection from %s", remotehost);

 }
 
 /*
 }
 
 /*


@@ -1146,8 +1142,8 @@ myoob()
 
 /*
  * Note: a response of 425 is not mentioned as a possible response to
 
 /*
  * Note: a response of 425 is not mentioned as a possible response to

- *     the PASV command in RFC959. However, it has been blessed as
- *     a legitimate response by Jon Postel in a telephone conversation
+ *     the PASV command in RFC959. However, it has been blessed as
+ *     a legitimate response by Jon Postel in a telephone conversation

  *     with Rick Adams on 25 Jan 89.
  */
 passive()
  *     with Rick Adams on 25 Jan 89.
  */
 passive()