--- bsd-ftpd-0.3.2.orig/ftpd/ftpd.c +++ bsd-ftpd-0.3.2/ftpd/ftpd.c @@ -212,7 +212,7 @@ off_t byte_count; #if !defined(CMASK) || CMASK == 0 #undef CMASK -#define CMASK 027 +#define CMASK 022 #endif int defumask = CMASK; /* default umask value */ int umaskchange = 1; /* allow user to change umask value. */ @@ -2228,15 +2228,21 @@ replydirname(name, message) const char *name, *message; { + char *p, *ep; char npath[MAXPATHLEN]; - int i; - for (i = 0; *name != '\0' && i < sizeof(npath) - 1; i++, name++) { - npath[i] = *name; - if (*name == '"') - npath[++i] = '"'; + p = npath; + ep = &npath[sizeof(npath) - 1]; + while (*name) { + if (*name == '"' && ep - p >= 2) { + *p++ = *name++; + *p++ = '"'; + } else if (ep - p >= 1) + *p++ = *name++; + else + break; } - npath[i] = '\0'; + *p = '\0'; reply(257, "\"%s\" %s", npath, message); } --- bsd-ftpd-0.3.2.orig/debian/README.Debian +++ bsd-ftpd-0.3.2/debian/README.Debian @@ -0,0 +1,38 @@ +bsd-ftpd for Debian +------------------- + +I packed a new port of the OpenBSD ftp daemon. This package is very similar +to "linux-ftpd", expect that this version of the port is newer. + +I added debconf support to bsd-ftpd. Configuring should be as easy as +typing "dpkg-reconfigure bsd-ftpd". Most options can be set by debconf. + +For the command-line guys, please read the information from Herbert below. +They are taken from the original linux-ftpd and apply also to this version +of ftpd (most of what is descibed below can be set via debconf). + + +Michael + + +---------------------------------8<-------------------------------------- +ftpd for Debian +---------------- + +ftpd now supports PAM. It is recommended that you leave the pam_ftp entry +alone in the pam configuration file since ftpd uses it to figure out prompts +and determining anonymity. + +The best way to disable anonymous ftp is to place ftp and anonymous in +/etc/ftpusers. Removing the user ftp from the system also works. + +The -A option no longer has any effect since authentication is done by PAM. +To recover its functionality, just uncomment the ftpchroot line in the pam +configuration file. + +If you wish to receive reports from users of your ftp server, you should setup +an alias for ftp-bugs@name.of.your.ftp.server. + +Herbert +$Id: README.Debian,v 1.1 1999/04/16 07:00:27 herbert Exp $ + --- bsd-ftpd-0.3.2.orig/debian/copyright +++ bsd-ftpd-0.3.2/debian/copyright @@ -0,0 +1,14 @@ +This package was debianized by Michael Vogt on +Wed, 1 Jun 2000 00:00:47 +0100. + +It was downloaded from +http://www.eleves.ens.fr:8080/home/madore/programs/ + + +Upstream Author(s): david.madore@ens.fr (David Madore) + + +Copyright: + +BSD +see /usr/share/common-licenses/BSD --- bsd-ftpd-0.3.2.orig/debian/changelog +++ bsd-ftpd-0.3.2/debian/changelog @@ -0,0 +1,111 @@ +bsd-ftpd (0.3.2-7.1) unstable; urgency=low + + * Define default CMASK to 022 instead of 027 + + -- Billy Ng Wed, 07 Feb 2001 11:24:33 +0800 + +bsd-ftpd (0.3.2-7) unstable; urgency=high + + * closes: #78786 (thanks to Jeff Bachtel) + * closes possible security bug in upstream OpenBSD ftpd + (see http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c?r1=1.83&r2=1.84 + for the patch) + + -- Michael Vogt Mon, 04 Dec 2000 22:44:33 +0100 + +bsd-ftpd (0.3.2-6) unstable; urgency=low + + * closes: #76799 (thanks to Roland Rosenfeld) + + -- Michael Vogt Mon, 13 Nov 2000 23:44:33 +0100 + +bsd-ftpd (0.3.2-5) unstable; urgency=low + + * close: Bug #69767 (thanks to Julian Stoev) + + -- Michael Vogt Wed, 23 Aug 2000 09:52:25 +0200 + +bsd-ftpd (0.3.2-4) unstable; urgency=low + + * minor fixes in postrm + + -- Michael Vogt Thu, 10 Aug 2000 13:31:37 +0200 + +bsd-ftpd (0.3.2-3) unstable; urgency=low + + * close: Bug #68565, #68694 thanks to + Kalle Olavi Niemitalo and + Jean-Philippe Guerard + + -- Michael Vogt Sat, 5 Aug 2000 17:59:43 +0200 + +bsd-ftpd (0.3.2-2) unstable; urgency=low + + * fixed a minor bug in postinst + + -- Michael Vogt Thu, 3 Aug 2000 12:17:02 +0200 + +bsd-ftpd (0.3.2-1) unstable; urgency=low + + * new upstream + + -- Michael Vogt Tue, 25 Jul 2000 20:23:49 +0200 + +bsd-ftpd (0.3.1-6) unstable; urgency=low + + * close #67227 + + -- Michael Vogt Tue, 18 Jul 2000 01:10:30 +0200 + +bsd-ftpd (0.3.1-5) unstable; urgency=low + + * close #67325, thanks to Jordi Mallach + + -- Michael Vogt Mon, 17 Jul 2000 22:40:34 +0200 + +bsd-ftpd (0.3.1-4) unstable; urgency=low + + * security fixed: setproctitle() + + -- Michael Vogt Fri, 7 Jul 2000 03:15:51 +0200 + +bsd-ftpd (0.3.1-3) unstable; urgency=low + + * more cleanups + + -- Michael Vogt Tue, 27 Jun 2000 22:52:40 +0200 + +bsd-ftpd (0.3.1-2) unstable; urgency=low + + * minor cleanups + + -- Michael Vogt Mon, 5 Jun 2000 23:07:52 +0200 + +bsd-ftpd (0.3.1-1) unstable; urgency=low + + * new upstream release + + -- Michael Vogt Wed, 12 Apr 2000 01:37:25 +0200 + +bsd-ftpd (0.2.3-3) unstable; urgency=low + + * added debconf support + + -- Michael Vogt Wed, 5 Apr 2000 13:32:26 +0200 + +bsd-ftpd (0.2.3-2) unstable; urgency=low + + * Fixed minor bugs. Added Build-Depends. + + -- Michael Vogt Mon, 16 Jan 1999 00:21:37 +1100 + +bsd-ftpd (0.2.3-1) unstable; urgency=low + + * Packed initial version. Used linux-ftpd as template. + + -- Michael Vogt Mon, 14 Dec 1999 23:21:37 +1100 + +Local variables: +mode: debian-changelog +add-log-mailing-address: "mvo@debian.org" +End: --- bsd-ftpd-0.3.2.orig/debian/conffiles +++ bsd-ftpd-0.3.2/debian/conffiles @@ -0,0 +1,2 @@ +/etc/ftpchroot +/etc/pam.d/ftp --- bsd-ftpd-0.3.2.orig/debian/config +++ bsd-ftpd-0.3.2/debian/config @@ -0,0 +1,40 @@ +#!/bin/sh -e + +# Source debconf library. +. /usr/share/debconf/confmodule + +db_version +db_title 'bsd-ftpd Configuration' + +# can "normal" user login? +db_input medium bsd-ftpd/userlogin || true +db_go +db_get bsd-ftpd/userlogin +if [ "$RET" = "true" ]; then + # if there is a /etc/ftpusers, we probably want to keep it + if [ -f /etc/ftpusers ]; then + db_input medium bsd-ftpd/keep-ftpusers || true + db_go + db_get bsd-ftpd/keep-ftpusers + if [ "$RET" = "false" ]; then + db_input medium bsd-ftpd/ftpusers || true + db_go + fi + else + db_set bsd-ftpd/keep-ftpusers false + # which users shall I put into ftpusers + db_input medium bsd-ftpd/ftpusers || true + db_go + fi +fi + +# allow "anonymous" login? +db_input medium bsd-ftpd/allow-anonymous || true +db_go +db_get bsd-ftpd/allow-anonymous +if [ "$RET" = "true" ]; then + # path of the ftpd-path + db_input medium bsd-ftpd/ftpd-path || true + db_go +fi + --- bsd-ftpd-0.3.2.orig/debian/control +++ bsd-ftpd-0.3.2/debian/control @@ -0,0 +1,17 @@ +Source: bsd-ftpd +Section: net +Priority: extra +Maintainer: Michael Vogt +Standards-Version: 3.1.1 +Build-Depends: libwrap0-dev, libpam0g-dev, debhelper + +Package: bsd-ftpd +Architecture: any +Depends: adduser, netbase, libpam-modules, ${shlibs:Depends} +Provides: ftp-server +Conflicts: ftp-server +Replaces: netstd +Description: Port of the OpenBSD FTP server + This is a GNU/Linux port of the FTP server from OpenBSD. Consequently, + it is believed to be quite secure. + Other interessting features are support for IPv6 and an internal ls. --- bsd-ftpd-0.3.2.orig/debian/dirs +++ bsd-ftpd-0.3.2/debian/dirs @@ -0,0 +1,5 @@ +etc +usr/share/man/man5 +usr/share/man/man8 +usr/share/doc +usr/sbin --- bsd-ftpd-0.3.2.orig/debian/templates +++ bsd-ftpd-0.3.2/debian/templates @@ -0,0 +1,35 @@ +Template: bsd-ftpd/userlogin +Type: boolean +Default: false +Description: Allow user login + Allow "normal" users (as listed in /etc/passwd) to login via ftp? + +Template: bsd-ftpd/keep-ftpusers +Type: boolean +Default: true +Description: Should /etc/ftpusers be keept? + It looks like you have a valid /etc/ftpusers. Say "yes" here if you + want to keep it. If you say "no" here, a new /etc/ftpusers will be + generated. If unsure say "no". + +Template: bsd-ftpd/ftpusers +Type: string +Default: root bin daemon operator nobody sys uucp +Description: What users shall not login + A list of users that shouldn't login via ftp. For example "root admin" + won't allow the users root and admin to login via ftp. Preventing root + from login via ftp is _allways_ a good idea. + +Template: bsd-ftpd/allow-anonymous +Type: boolean +Default: false +Description: Allow anonymous login + Do you want to allow anonymous logins? If you want to run a public + ftp-site say "yes" here. If unsure say "no" + +Template: bsd-ftpd/ftpd-path +Type: string +Default: /var/ftp +Description: ftp root-dir + Which path shall I use for you ftp-root (where are your public files located)? Warning: it will be created if it does not exist. + --- bsd-ftpd-0.3.2.orig/debian/docs +++ bsd-ftpd-0.3.2/debian/docs @@ -0,0 +1 @@ +ftpd/README --- bsd-ftpd-0.3.2.orig/debian/ftpchroot +++ bsd-ftpd-0.3.2/debian/ftpchroot @@ -0,0 +1 @@ +# /etc/ftpchroot: list of users who needs to be chrooted. See ftpchroot(5). --- bsd-ftpd-0.3.2.orig/debian/ftpchroot.5 +++ bsd-ftpd-0.3.2/debian/ftpchroot.5 @@ -0,0 +1,28 @@ +.\" Copyright (c) 1999 Herbert Xu (herbert@gondor.apana.org.au), +.\" Copyright (c) 1994 Peter Tobias (tobias@server.et-inf.fho-emden.de), +.\" This file may be distributed under the GNU General Public License. +.TH FTPCHROOT 5 "1999 April 1st" "Linux" "Linux Programmer's Manual" +.SH NAME +ftpchroot \- file which lists users who need to be chrooted +.SH DESCRIPTION +\fB/etc/ftpchroot\fP is used by +.BR ftpd(8); +the file contains a list of users who need to be chrooted before the ftp +service is offered. Blank lines and lines beginning with "#" are ignored. +Remember that the whole line will be used for the username, so please +don't use the "#" character after a name to comment this entry. +.SH EXAMPLES +.B /etc/ftpchroot +may contain the following entries: +.sp +# +.br +# /etc/ftpusers +.br +# +.br +not_so_anonymous +.SH FILES +/etc/ftpchroot +.SH "SEE ALSO" +.BR ftp "(1), " ftpd "(8)" --- bsd-ftpd-0.3.2.orig/debian/ftpusers +++ bsd-ftpd-0.3.2/debian/ftpusers @@ -0,0 +1,2 @@ +# /etc/ftpusers: list of users disallowed ftp access. See ftpusers(5). + --- bsd-ftpd-0.3.2.orig/debian/ftpusers.5 +++ bsd-ftpd-0.3.2/debian/ftpusers.5 @@ -0,0 +1,33 @@ +.\" Copyright (c) 1994 Peter Tobias (tobias@server.et-inf.fho-emden.de), +.\" This file may be distributed under the GNU General Public License. +.TH FTPUSERS 5 "April 22 1994" "Linux" "Linux Programmer's Manual" +.SH NAME +ftpusers \- file which lists users who are not allowed to use ftp +.SH DESCRIPTION +\fB/etc/ftpusers\fP is used by +.BR ftpd(8); +the file contains a list of users who are not allowed to use the +ftp command. For security reasons at least users like "root", "bin", +"uucp" or "news" should be listed in this file. +Blank lines and lines beginning with "#" are ignored. +Remember that the whole line will be used for the username, so please +don't use the "#" character after a name to comment this entry. +.SH EXAMPLES +.B /etc/ftpusers +may contain the following entries: +.sp +# +.br +# /etc/ftpusers +.br +# +.br +root +.br +uucp +.br +news +.SH FILES +/etc/ftpusers +.SH "SEE ALSO" +.BR ftp "(1), " ftpd "(8)" --- bsd-ftpd-0.3.2.orig/debian/postinst +++ bsd-ftpd-0.3.2/debian/postinst @@ -0,0 +1,98 @@ +#!/bin/sh -e +# $Id: postinst,v 1.3 1999/07/05 07:51:09 herbert Exp $ + +# Source debconf library. +. /usr/share/debconf/confmodule + +installftp() { + # this goes into /etc/inetd.conf + FTPENTRY="ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.ftpd -q" + + # this goes into /etc/pam.d/ftp + NOLOGIN="auth\trequired\tpam_listfile\.so item\=user sense\=allow file\=\/etc\/ftpchroot onerr\=fail" + + # update inetd.conf + if grep -q '.*/usr/sbin/in\.ftpd.*' /etc/inetd.conf; then + if ! grep -q '^ftp:' /etc/inetd.conf; then + update-inetd --pattern '/usr/sbin/in\.ftpd' --enable ftp + fi + else + if grep '^ftp:' /etc/inetd.conf; then + # disable old ftp-service + update-inetd --comment-chars "## " --disable ftp + fi + update-inetd --group STANDARD --add "$FTPENTRY" + fi + + # change pam settings (honor non-login setting) + db_get bsd-ftpd/userlogin + if [ "$RET" = "false" ]; then + # disable user-login + if grep -q '^#auth.*ftpchroot.*' /etc/pam.d/ftp; then + perl -i -p -e "s/^#auth.*ftpchroot.*/$NOLOGIN/g" /etc/pam.d/ftp + fi + else + # enable user-login + if grep -q '^auth.*ftpchroot.*' /etc/pam.d/ftp; then + perl -i -p -e "s/^auth.*ftpchroot.*/\#$NOLOGIN/g" /etc/pam.d/ftp + fi + fi + + db_get bsd-ftpd/keep-ftpusers + if [ "$RET" = "false" ]; then + # change ftp-users + db_get bsd-ftpd/ftpusers + echo "# /etc/ftpusers: list of users disallowed ftp access. See ftpusers(5)." >/etc/ftpusers + for i in $RET; do + if ! grep -q $i /etc/ftpusers; then + echo $i >>/etc/ftpusers + fi + done + fi + + # check if anonymous is allow + db_get bsd-ftpd/allow-anonymous + ALLOW_ANONYMOUS="$RET" + if [ "$RET" = "false" ]; then + for i in ftp anonymous; do + if ! grep -q "^$i" /etc/ftpusers; then + echo "$i" >> /etc/ftpusers + fi + done + else + for i in ftp anonymous; do + if grep -q "^$i" /etc/ftpusers; then + sed /^$i/d /etc/ftpusers >/etc/ftpusers.postinst + mv /etc/ftpusers.postinst /etc/ftpusers + fi + done + fi + + db_get bsd-ftpd/ftpd-path + if [ "$ALLOW_ANONYMOUS" = "true" ]; then + db_get bsd-ftpd/ftpd-path + # make dir first + if [ ! -d $RET ]; then + mkdir -m 0555 -p $RET + fi + # add user + if ! grep -q '^ftp:' /etc/passwd; then + adduser --system --home $RET ftp + else + #modifiy /etc/paswd + awk -v OFS=":" -v FS=":" '{if( $1 == "ftp" ) $6="'$RET'"; print $_ }' /etc/passwd >/etc/passwd.postinst + mv /etc/passwd.postinst /etc/passwd + fi + fi +} + +# main() +if [ "$1" = "configure" ]; then + installftp +fi + + +#DEBHELPER# + + + --- bsd-ftpd-0.3.2.orig/debian/postrm +++ bsd-ftpd-0.3.2/debian/postrm @@ -0,0 +1,19 @@ +#!/bin/sh -e +# $Id: postrm,v 1.1 1999/04/16 07:00:28 herbert Exp $ + +# Source debconf library. +. /usr/share/debconf/confmodule + +if [ "$1" = "purge" ]; then + # remove ftp-user from /etc/passwd + userdel ftp || true + # remove entry from /etc/inetd.conf + update-inetd --remove ".*in.ftpd" + db_get bsd-ftpd/keep-ftpusers + if [ $RET = "false" ]; then + rm -f /etc/ftpusers + fi +fi + + +#DEBHELPER# --- bsd-ftpd-0.3.2.orig/debian/preinst +++ bsd-ftpd-0.3.2/debian/preinst @@ -0,0 +1,12 @@ +#!/bin/sh -e +# $Id: preinst,v 1.1 1999/10/07 12:48:39 herbert Exp $ + +# Rename old PAM conffile. +if [ -n "$2" ] && dpkg --compare-versions "$2" lt 0.11-5; then + cd /etc/pam.d + if [ -f ftpd -a ! -f ftp ]; then + cp -p ftpd ftp + fi +fi + +#DEBHELPER# --- bsd-ftpd-0.3.2.orig/debian/prerm +++ bsd-ftpd-0.3.2/debian/prerm @@ -0,0 +1,6 @@ +#!/bin/sh -e +# $Id: prerm,v 1.1 1999/04/16 07:00:29 herbert Exp $ + +update-inetd --pattern '/usr/sbin/in\.ftpd' --disable ftp + +#DEBHELPER# --- bsd-ftpd-0.3.2.orig/debian/rules +++ bsd-ftpd-0.3.2/debian/rules @@ -0,0 +1,75 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +build: build-stamp +build-stamp: + dh_testdir + + $(MAKE) -C ftpd + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp install-stamp + + -$(MAKE) -C ftpd clean + -$(MAKE) -C ls clean + + dh_clean + +install: install-stamp +install-stamp: build-stamp + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + cp ftpd/ftpd debian/tmp/usr/sbin/in.ftpd + cp ftpd/ftpd.8 debian/tmp/usr/share/man/man8/in.ftpd.8 + cp debian/*.5 debian/tmp/usr/share/man/man5 + #cp debian/ftpchroot debian/ftpusers debian/tmp/etc + cp debian/ftpchroot debian/tmp/etc + cp -r debian/pam.d debian/tmp/etc + + touch install-stamp + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install +# dh_testversion + dh_testdir + dh_testroot + dh_installdocs + dh_installexamples + dh_installmenu +# dh_installemacsen +# dh_installinit + dh_installcron +# dh_installmanpages +# dh_undocumented + dh_installdebconf + dh_installchangelogs debian/changelog + dh_strip + dh_compress + dh_fixperms + dh_suidregister + dh_installdeb + dh_shlibdeps + dh_gencontrol +# dh_makeshlibs + dh_md5sums + dh_builddeb + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- bsd-ftpd-0.3.2.orig/debian/pam.d/ftp +++ bsd-ftpd-0.3.2/debian/pam.d/ftp @@ -0,0 +1,16 @@ +# Standard behaviour for ftpd(8). +auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed + +# This line is required by ftpd(8). +auth sufficient pam_ftp.so + +# Uncomment this to achieve what used to be ftpd -A. +#auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail + + + +# Standard blurb. +auth required pam_unix_auth.so shadow nullok use_first_pass +auth required pam_shells.so +account required pam_unix_acct.so +session required pam_unix_session.so --- bsd-ftpd-0.3.2.orig/debian/config.test +++ bsd-ftpd-0.3.2/debian/config.test @@ -0,0 +1,36 @@ +#!/bin/sh -e + +# Source debconf library. +. /usr/share/debconf/confmodule + +db_version +db_title 'bsd-ftpd Configuration' + +# can "normal" user login? +db_input medium bsd-ftpd/userlogin || true +db_go +db_get bsd-ftpd/userlogin +if [ "$RET" = "true" ]; then + # which users shall I put into ftpusers + if [ -f /etc/ftpusers ]; then + ftpusers="" + for i in `grep -v '^#' /etc/ftpusers`; do + ftpusers="$ftpusers $i" + done + db_set medium bsd-ftpd/ftpusers $x + fi + + db_input medium bsd-ftpd/ftpusers || true + #db_go +fi + +# allow "anonymous" login? +db_input medium bsd-ftpd/allow-anonymous || true +db_go +db_get bsd-ftpd/allow-anonymous +if [ "$RET" = "true" ]; then + # path of the ftpd-path + db_input medium bsd-ftpd/ftpd-path || true + db_go +fi +