1 /* 2 * Copyright (c) 1985, 1988, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)ftpcmd.y 8.3 (Berkeley) 4/6/94 34 */ 35 36 /* 37 * Grammar for FTP commands. 38 * See RFC 959. 39 */ 40 41 %{ 42 43 #ifndef lint 44 #if 0 45 static char sccsid[] = "@(#)ftpcmd.y 8.3 (Berkeley) 4/6/94"; 46 #endif 47 static const char rcsid[] = 48 "$FreeBSD$"; 49 #endif /* not lint */ 50 51 #include <sys/param.h> 52 #include <sys/socket.h> 53 #include <sys/stat.h> 54 55 #include <netinet/in.h> 56 #include <arpa/ftp.h> 57 58 #include <ctype.h> 59 #include <errno.h> 60 #include <glob.h> 61 #include <libutil.h> 62 #include <limits.h> 63 #include <md5.h> 64 #include <netdb.h> 65 #include <pwd.h> 66 #include <signal.h> 67 #include <stdio.h> 68 #include <stdlib.h> 69 #include <string.h> 70 #include <syslog.h> 71 #include <time.h> 72 #include <unistd.h> 73 74 #include "extern.h" 75 76 extern union sockunion data_dest, his_addr; 77 extern int logged_in; 78 extern struct passwd *pw; 79 extern int guest; 80 extern int paranoid; 81 extern int logging; 82 extern int type; 83 extern int form; 84 extern int ftpdebug; 85 extern int timeout; 86 extern int maxtimeout; 87 extern int pdata; 88 extern char *hostname; 89 extern char remotehost[]; 90 extern char proctitle[]; 91 extern int usedefault; 92 extern int transflag; 93 extern char tmpline[]; 94 extern int readonly; 95 extern int noepsv; 96 extern int noretr; 97 extern int noguestretr; 98 extern char *typenames[]; /* defined in <arpa/ftp.h> included from ftpd.c */ 99 100 off_t restart_point; 101 102 static int cmd_type; 103 static int cmd_form; 104 static int cmd_bytesz; 105 static int state; 106 char cbuf[512]; 107 char *fromname = (char *) 0; 108 109 extern int epsvall; 110 111 %} 112 113 %union { 114 struct { 115 off_t o; 116 int i; 117 } u; 118 char *s; 119 } 120 121 %token 122 A B C E F I 123 L N P R S T 124 ALL 125 126 SP CRLF COMMA 127 128 USER PASS ACCT REIN QUIT PORT 129 PASV TYPE STRU MODE RETR STOR 130 APPE MLFL MAIL MSND MSOM MSAM 131 MRSQ MRCP ALLO REST RNFR RNTO 132 ABOR DELE CWD LIST NLST SITE 133 STAT HELP NOOP MKD RMD PWD 134 CDUP STOU SMNT SYST SIZE MDTM 135 LPRT LPSV EPRT EPSV 136 137 UMASK IDLE CHMOD MDFIVE 138 139 LEXERR 140 141 %token <s> STRING 142 %token <u> NUMBER 143 144 %type <u.i> check_login octal_number byte_size 145 %type <u.i> check_login_ro check_login_epsv 146 %type <u.i> struct_code mode_code type_code form_code 147 %type <s> pathstring pathname password username 148 %type <s> ALL 149 150 %start cmd_list 151 152 %% 153 154 cmd_list 155 : /* empty */ 156 | cmd_list cmd 157 { 158 if (fromname) 159 free(fromname); 160 fromname = (char *) 0; 161 restart_point = (off_t) 0; 162 } 163 | cmd_list rcmd 164 ; 165 166 cmd 167 : USER SP username CRLF 168 { 169 user($3); 170 free($3); 171 } 172 | PASS SP password CRLF 173 { 174 pass($3); 175 free($3); 176 } 177 | PASS CRLF 178 { 179 pass(""); 180 } 181 | PORT check_login SP host_port CRLF 182 { 183 if (epsvall) { 184 reply(501, "no PORT allowed after EPSV ALL"); 185 goto port_done; 186 } 187 if (!$2) 188 goto port_done; 189 if (port_check("PORT") == 1) 190 goto port_done; 191 #ifdef INET6 192 if ((his_addr.su_family != AF_INET6 || 193 !IN6_IS_ADDR_V4MAPPED(&his_addr.su_sin6.sin6_addr))) { 194 /* shoud never happen */ 195 usedefault = 1; 196 reply(500, "Invalid address rejected."); 197 goto port_done; 198 } 199 port_check_v6("pcmd"); 200 #endif 201 port_done: 202 } 203 | LPRT check_login SP host_long_port CRLF 204 { 205 if (epsvall) { 206 reply(501, "no LPRT allowed after EPSV ALL"); 207 goto lprt_done; 208 } 209 if (!$2) 210 goto lprt_done; 211 if (port_check("LPRT") == 1) 212 goto lprt_done; 213 #ifdef INET6 214 if (his_addr.su_family != AF_INET6) { 215 usedefault = 1; 216 reply(500, "Invalid address rejected."); 217 goto lprt_done; 218 } 219 if (port_check_v6("LPRT") == 1) 220 goto lprt_done; 221 #endif 222 lprt_done: 223 } 224 | EPRT check_login SP STRING CRLF 225 { 226 char delim; 227 char *tmp = NULL; 228 char *p, *q; 229 char *result[3]; 230 struct addrinfo hints; 231 struct addrinfo *res; 232 int i; 233 234 if (epsvall) { 235 reply(501, "no EPRT allowed after EPSV ALL"); 236 goto eprt_done; 237 } 238 if (!$2) 239 goto eprt_done; 240 241 memset(&data_dest, 0, sizeof(data_dest)); 242 tmp = strdup($4); 243 if (ftpdebug) 244 syslog(LOG_DEBUG, "%s", tmp); 245 if (!tmp) { 246 fatalerror("not enough core"); 247 /*NOTREACHED*/ 248 } 249 p = tmp; 250 delim = p[0]; 251 p++; 252 memset(result, 0, sizeof(result)); 253 for (i = 0; i < 3; i++) { 254 q = strchr(p, delim); 255 if (!q || *q != delim) { 256 parsefail: 257 reply(500, 258 "Invalid argument, rejected."); 259 if (tmp) 260 free(tmp); 261 usedefault = 1; 262 goto eprt_done; 263 } 264 *q++ = '\0'; 265 result[i] = p; 266 if (ftpdebug) 267 syslog(LOG_DEBUG, "%d: %s", i, p); 268 p = q; 269 } 270 271 /* some more sanity check */ 272 p = result[0]; 273 while (*p) { 274 if (!isdigit(*p)) 275 goto parsefail; 276 p++; 277 } 278 p = result[2]; 279 while (*p) { 280 if (!isdigit(*p)) 281 goto parsefail; 282 p++; 283 } 284 285 /* grab address */ 286 memset(&hints, 0, sizeof(hints)); 287 if (atoi(result[0]) == 1) 288 hints.ai_family = PF_INET; 289 #ifdef INET6 290 else if (atoi(result[0]) == 2) 291 hints.ai_family = PF_INET6; 292 #endif 293 else 294 hints.ai_family = PF_UNSPEC; /*XXX*/ 295 hints.ai_socktype = SOCK_STREAM; 296 i = getaddrinfo(result[1], result[2], &hints, &res); 297 if (i) 298 goto parsefail; 299 memcpy(&data_dest, res->ai_addr, res->ai_addrlen); 300 #ifdef INET6 301 if (his_addr.su_family == AF_INET6 302 && data_dest.su_family == AF_INET6) { 303 /* XXX more sanity checks! */ 304 data_dest.su_sin6.sin6_scope_id = 305 his_addr.su_sin6.sin6_scope_id; 306 } 307 #endif 308 free(tmp); 309 tmp = NULL; 310 311 if (port_check("EPRT") == 1) 312 goto eprt_done; 313 #ifdef INET6 314 if (his_addr.su_family != AF_INET6) { 315 usedefault = 1; 316 reply(500, "Invalid address rejected."); 317 goto eprt_done; 318 } 319 if (port_check_v6("EPRT") == 1) 320 goto eprt_done; 321 #endif 322 eprt_done: 323 free($4); 324 } 325 | PASV check_login CRLF 326 { 327 if (epsvall) 328 reply(501, "no PASV allowed after EPSV ALL"); 329 else if ($2) 330 passive(); 331 } 332 | LPSV check_login CRLF 333 { 334 if (epsvall) 335 reply(501, "no LPSV allowed after EPSV ALL"); 336 else if ($2) 337 long_passive("LPSV", PF_UNSPEC); 338 } 339 | EPSV check_login_epsv SP NUMBER CRLF 340 { 341 if ($2) { 342 int pf; 343 switch ($4.i) { 344 case 1: 345 pf = PF_INET; 346 break; 347 #ifdef INET6 348 case 2: 349 pf = PF_INET6; 350 break; 351 #endif 352 default: 353 pf = -1; /*junk value*/ 354 break; 355 } 356 long_passive("EPSV", pf); 357 } 358 } 359 | EPSV check_login_epsv SP ALL CRLF 360 { 361 if ($2) { 362 reply(200, 363 "EPSV ALL command successful."); 364 epsvall++; 365 } 366 } 367 | EPSV check_login_epsv CRLF 368 { 369 if ($2) 370 long_passive("EPSV", PF_UNSPEC); 371 } 372 | TYPE check_login SP type_code CRLF 373 { 374 if ($2) { 375 switch (cmd_type) { 376 377 case TYPE_A: 378 if (cmd_form == FORM_N) { 379 reply(200, "Type set to A."); 380 type = cmd_type; 381 form = cmd_form; 382 } else 383 reply(504, "Form must be N."); 384 break; 385 386 case TYPE_E: 387 reply(504, "Type E not implemented."); 388 break; 389 390 case TYPE_I: 391 reply(200, "Type set to I."); 392 type = cmd_type; 393 break; 394 395 case TYPE_L: 396 #if NBBY == 8 397 if (cmd_bytesz == 8) { 398 reply(200, 399 "Type set to L (byte size 8)."); 400 type = cmd_type; 401 } else 402 reply(504, "Byte size must be 8."); 403 #else /* NBBY == 8 */ 404 UNIMPLEMENTED for NBBY != 8 405 #endif /* NBBY == 8 */ 406 } 407 } 408 } 409 | STRU check_login SP struct_code CRLF 410 { 411 if ($2) { 412 switch ($4) { 413 414 case STRU_F: 415 reply(200, "STRU F ok."); 416 break; 417 418 default: 419 reply(504, "Unimplemented STRU type."); 420 } 421 } 422 } 423 | MODE check_login SP mode_code CRLF 424 { 425 if ($2) { 426 switch ($4) { 427 428 case MODE_S: 429 reply(200, "MODE S ok."); 430 break; 431 432 default: 433 reply(502, "Unimplemented MODE type."); 434 } 435 } 436 } 437 | ALLO check_login SP NUMBER CRLF 438 { 439 if ($2) { 440 reply(202, "ALLO command ignored."); 441 } 442 } 443 | ALLO check_login SP NUMBER SP R SP NUMBER CRLF 444 { 445 if ($2) { 446 reply(202, "ALLO command ignored."); 447 } 448 } 449 | RETR check_login SP pathname CRLF 450 { 451 if (noretr || (guest && noguestretr)) 452 reply(500, "RETR command is disabled"); 453 else if ($2 && $4 != NULL) 454 retrieve((char *) 0, $4); 455 456 if ($4 != NULL) 457 free($4); 458 } 459 | STOR check_login_ro SP pathname CRLF 460 { 461 if ($2 && $4 != NULL) 462 store($4, "w", 0); 463 if ($4 != NULL) 464 free($4); 465 } 466 | APPE check_login_ro SP pathname CRLF 467 { 468 if ($2 && $4 != NULL) 469 store($4, "a", 0); 470 if ($4 != NULL) 471 free($4); 472 } 473 | NLST check_login CRLF 474 { 475 if ($2) 476 send_file_list("."); 477 } 478 | NLST check_login SP STRING CRLF 479 { 480 if ($2 && $4 != NULL) 481 send_file_list($4); 482 if ($4 != NULL) 483 free($4); 484 } 485 | LIST check_login CRLF 486 { 487 if ($2) 488 retrieve("/bin/ls -lgA", ""); 489 } 490 | LIST check_login SP pathstring CRLF 491 { 492 if ($2 && $4 != NULL) 493 retrieve("/bin/ls -lgA %s", $4); 494 if ($4 != NULL) 495 free($4); 496 } 497 | STAT check_login SP pathname CRLF 498 { 499 if ($2 && $4 != NULL) 500 statfilecmd($4); 501 if ($4 != NULL) 502 free($4); 503 } 504 | STAT check_login CRLF 505 { 506 if ($2) { 507 statcmd(); 508 } 509 } 510 | DELE check_login_ro SP pathname CRLF 511 { 512 if ($2 && $4 != NULL) 513 delete($4); 514 if ($4 != NULL) 515 free($4); 516 } 517 | RNTO check_login_ro SP pathname CRLF 518 { 519 if ($2) { 520 if (fromname) { 521 renamecmd(fromname, $4); 522 free(fromname); 523 fromname = (char *) 0; 524 } else { 525 reply(503, "Bad sequence of commands."); 526 } 527 } 528 free($4); 529 } 530 | ABOR check_login CRLF 531 { 532 if ($2) 533 reply(225, "ABOR command successful."); 534 } 535 | CWD check_login CRLF 536 { 537 if ($2) { 538 if (guest) 539 cwd("/"); 540 else 541 cwd(pw->pw_dir); 542 } 543 } 544 | CWD check_login SP pathname CRLF 545 { 546 if ($2 && $4 != NULL) 547 cwd($4); 548 if ($4 != NULL) 549 free($4); 550 } 551 | HELP CRLF 552 { 553 help(cmdtab, (char *) 0); 554 } 555 | HELP SP STRING CRLF 556 { 557 char *cp = $3; 558 559 if (strncasecmp(cp, "SITE", 4) == 0) { 560 cp = $3 + 4; 561 if (*cp == ' ') 562 cp++; 563 if (*cp) 564 help(sitetab, cp); 565 else 566 help(sitetab, (char *) 0); 567 } else 568 help(cmdtab, $3); 569 free($3); 570 } 571 | NOOP CRLF 572 { 573 reply(200, "NOOP command successful."); 574 } 575 | MKD check_login_ro SP pathname CRLF 576 { 577 if ($2 && $4 != NULL) 578 makedir($4); 579 if ($4 != NULL) 580 free($4); 581 } 582 | RMD check_login_ro SP pathname CRLF 583 { 584 if ($2 && $4 != NULL) 585 removedir($4); 586 if ($4 != NULL) 587 free($4); 588 } 589 | PWD check_login CRLF 590 { 591 if ($2) 592 pwd(); 593 } 594 | CDUP check_login CRLF 595 { 596 if ($2) 597 cwd(".."); 598 } 599 | SITE SP HELP CRLF 600 { 601 help(sitetab, (char *) 0); 602 } 603 | SITE SP HELP SP STRING CRLF 604 { 605 help(sitetab, $5); 606 free($5); 607 } 608 | SITE SP MDFIVE check_login SP pathname CRLF 609 { 610 char p[64], *q; 611 612 if ($4) { 613 q = MD5File($6, p); 614 if (q != NULL) 615 reply(200, "MD5(%s) = %s", $6, p); 616 else 617 perror_reply(550, $6); 618 } 619 if ($6) 620 free($6); 621 } 622 | SITE SP UMASK check_login CRLF 623 { 624 int oldmask; 625 626 if ($4) { 627 oldmask = umask(0); 628 (void) umask(oldmask); 629 reply(200, "Current UMASK is %03o", oldmask); 630 } 631 } 632 | SITE SP UMASK check_login SP octal_number CRLF 633 { 634 int oldmask; 635 636 if ($4) { 637 if (($6 == -1) || ($6 > 0777)) { 638 reply(501, "Bad UMASK value"); 639 } else { 640 oldmask = umask($6); 641 reply(200, 642 "UMASK set to %03o (was %03o)", 643 $6, oldmask); 644 } 645 } 646 } 647 | SITE SP CHMOD check_login_ro SP octal_number SP pathname CRLF 648 { 649 if ($4 && ($8 != NULL)) { 650 if ($6 > 0777) 651 reply(501, 652 "CHMOD: Mode value must be between 0 and 0777"); 653 else if (chmod($8, $6) < 0) 654 perror_reply(550, $8); 655 else 656 reply(200, "CHMOD command successful."); 657 } 658 if ($8 != NULL) 659 free($8); 660 } 661 | SITE SP check_login IDLE CRLF 662 { 663 if ($3) 664 reply(200, 665 "Current IDLE time limit is %d seconds; max %d", 666 timeout, maxtimeout); 667 } 668 | SITE SP check_login IDLE SP NUMBER CRLF 669 { 670 if ($3) { 671 if ($6.i < 30 || $6.i > maxtimeout) { 672 reply(501, 673 "Maximum IDLE time must be between 30 and %d seconds", 674 maxtimeout); 675 } else { 676 timeout = $6.i; 677 (void) alarm((unsigned) timeout); 678 reply(200, 679 "Maximum IDLE time set to %d seconds", 680 timeout); 681 } 682 } 683 } 684 | STOU check_login_ro SP pathname CRLF 685 { 686 if ($2 && $4 != NULL) 687 store($4, "w", 1); 688 if ($4 != NULL) 689 free($4); 690 } 691 | SYST check_login CRLF 692 { 693 if ($2) 694 #ifdef unix 695 #ifdef BSD 696 reply(215, "UNIX Type: L%d Version: BSD-%d", 697 NBBY, BSD); 698 #else /* BSD */ 699 reply(215, "UNIX Type: L%d", NBBY); 700 #endif /* BSD */ 701 #else /* unix */ 702 reply(215, "UNKNOWN Type: L%d", NBBY); 703 #endif /* unix */ 704 } 705 706 /* 707 * SIZE is not in RFC959, but Postel has blessed it and 708 * it will be in the updated RFC. 709 * 710 * Return size of file in a format suitable for 711 * using with RESTART (we just count bytes). 712 */ 713 | SIZE check_login SP pathname CRLF 714 { 715 if ($2 && $4 != NULL) 716 sizecmd($4); 717 if ($4 != NULL) 718 free($4); 719 } 720 721 /* 722 * MDTM is not in RFC959, but Postel has blessed it and 723 * it will be in the updated RFC. 724 * 725 * Return modification time of file as an ISO 3307 726 * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx 727 * where xxx is the fractional second (of any precision, 728 * not necessarily 3 digits) 729 */ 730 | MDTM check_login SP pathname CRLF 731 { 732 if ($2 && $4 != NULL) { 733 struct stat stbuf; 734 if (stat($4, &stbuf) < 0) 735 reply(550, "%s: %s", 736 $4, strerror(errno)); 737 else if (!S_ISREG(stbuf.st_mode)) { 738 reply(550, "%s: not a plain file.", $4); 739 } else { 740 struct tm *t; 741 t = gmtime(&stbuf.st_mtime); 742 reply(213, 743 "%04d%02d%02d%02d%02d%02d", 744 1900 + t->tm_year, 745 t->tm_mon+1, t->tm_mday, 746 t->tm_hour, t->tm_min, t->tm_sec); 747 } 748 } 749 if ($4 != NULL) 750 free($4); 751 } 752 | QUIT CRLF 753 { 754 reply(221, "Goodbye."); 755 dologout(0); 756 } 757 | error 758 { 759 yyclearin; /* discard lookahead data */ 760 yyerrok; /* clear error condition */ 761 state = 0; /* reset lexer state */ 762 } 763 ; 764 rcmd 765 : RNFR check_login_ro SP pathname CRLF 766 { 767 restart_point = (off_t) 0; 768 if ($2 && $4) { 769 if (fromname) 770 free(fromname); 771 fromname = (char *) 0; 772 if (renamefrom($4)) 773 fromname = $4; 774 else 775 free($4); 776 } else if ($4) { 777 free($4); 778 } 779 } 780 | REST check_login SP NUMBER CRLF 781 { 782 if ($2) { 783 if (fromname) 784 free(fromname); 785 fromname = (char *) 0; 786 restart_point = $4.o; 787 reply(350, "Restarting at %llu. %s", 788 restart_point, 789 "Send STORE or RETRIEVE to initiate transfer."); 790 } 791 } 792 ; 793 794 username 795 : STRING 796 ; 797 798 password 799 : /* empty */ 800 { 801 $$ = (char *)calloc(1, sizeof(char)); 802 } 803 | STRING 804 ; 805 806 byte_size 807 : NUMBER 808 { 809 $$ = $1.i; 810 } 811 ; 812 813 host_port 814 : NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 815 NUMBER COMMA NUMBER 816 { 817 char *a, *p; 818 819 data_dest.su_len = sizeof(struct sockaddr_in); 820 data_dest.su_family = AF_INET; 821 p = (char *)&data_dest.su_sin.sin_port; 822 p[0] = $9.i; p[1] = $11.i; 823 a = (char *)&data_dest.su_sin.sin_addr; 824 a[0] = $1.i; a[1] = $3.i; a[2] = $5.i; a[3] = $7.i; 825 } 826 ; 827 828 host_long_port 829 : NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 830 NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 831 NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 832 NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 833 NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 834 NUMBER 835 { 836 char *a, *p; 837 838 memset(&data_dest, 0, sizeof(data_dest)); 839 data_dest.su_len = sizeof(struct sockaddr_in6); 840 data_dest.su_family = AF_INET6; 841 p = (char *)&data_dest.su_port; 842 p[0] = $39.i; p[1] = $41.i; 843 a = (char *)&data_dest.su_sin6.sin6_addr; 844 a[0] = $5.i; a[1] = $7.i; a[2] = $9.i; a[3] = $11.i; 845 a[4] = $13.i; a[5] = $15.i; a[6] = $17.i; a[7] = $19.i; 846 a[8] = $21.i; a[9] = $23.i; a[10] = $25.i; a[11] = $27.i; 847 a[12] = $29.i; a[13] = $31.i; a[14] = $33.i; a[15] = $35.i; 848 if (his_addr.su_family == AF_INET6) { 849 /* XXX more sanity checks! */ 850 data_dest.su_sin6.sin6_scope_id = 851 his_addr.su_sin6.sin6_scope_id; 852 } 853 if ($1.i != 6 || $3.i != 16 || $37.i != 2) 854 memset(&data_dest, 0, sizeof(data_dest)); 855 } 856 | NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 857 NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 858 NUMBER 859 { 860 char *a, *p; 861 862 memset(&data_dest, 0, sizeof(data_dest)); 863 data_dest.su_sin.sin_len = sizeof(struct sockaddr_in); 864 data_dest.su_family = AF_INET; 865 p = (char *)&data_dest.su_port; 866 p[0] = $15.i; p[1] = $17.i; 867 a = (char *)&data_dest.su_sin.sin_addr; 868 a[0] = $5.i; a[1] = $7.i; a[2] = $9.i; a[3] = $11.i; 869 if ($1.i != 4 || $3.i != 4 || $13.i != 2) 870 memset(&data_dest, 0, sizeof(data_dest)); 871 } 872 ; 873 874 form_code 875 : N 876 { 877 $$ = FORM_N; 878 } 879 | T 880 { 881 $$ = FORM_T; 882 } 883 | C 884 { 885 $$ = FORM_C; 886 } 887 ; 888 889 type_code 890 : A 891 { 892 cmd_type = TYPE_A; 893 cmd_form = FORM_N; 894 } 895 | A SP form_code 896 { 897 cmd_type = TYPE_A; 898 cmd_form = $3; 899 } 900 | E 901 { 902 cmd_type = TYPE_E; 903 cmd_form = FORM_N; 904 } 905 | E SP form_code 906 { 907 cmd_type = TYPE_E; 908 cmd_form = $3; 909 } 910 | I 911 { 912 cmd_type = TYPE_I; 913 } 914 | L 915 { 916 cmd_type = TYPE_L; 917 cmd_bytesz = NBBY; 918 } 919 | L SP byte_size 920 { 921 cmd_type = TYPE_L; 922 cmd_bytesz = $3; 923 } 924 /* this is for a bug in the BBN ftp */ 925 | L byte_size 926 { 927 cmd_type = TYPE_L; 928 cmd_bytesz = $2; 929 } 930 ; 931 932 struct_code 933 : F 934 { 935 $$ = STRU_F; 936 } 937 | R 938 { 939 $$ = STRU_R; 940 } 941 | P 942 { 943 $$ = STRU_P; 944 } 945 ; 946 947 mode_code 948 : S 949 { 950 $$ = MODE_S; 951 } 952 | B 953 { 954 $$ = MODE_B; 955 } 956 | C 957 { 958 $$ = MODE_C; 959 } 960 ; 961 962 pathname 963 : pathstring 964 { 965 /* 966 * Problem: this production is used for all pathname 967 * processing, but only gives a 550 error reply. 968 * This is a valid reply in some cases but not in others. 969 */ 970 if (logged_in && $1) { 971 glob_t gl; 972 int flags = 973 GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE; 974 975 memset(&gl, 0, sizeof(gl)); 976 flags |= GLOB_MAXPATH; 977 gl.gl_matchc = MAXGLOBARGS; 978 if (glob($1, flags, NULL, &gl) || 979 gl.gl_pathc == 0) { 980 reply(550, "not found"); 981 $$ = NULL; 982 } else if (gl.gl_pathc > 1) { 983 reply(550, "ambiguous"); 984 $$ = NULL; 985 } else { 986 $$ = strdup(gl.gl_pathv[0]); 987 } 988 globfree(&gl); 989 free($1); 990 } else 991 $$ = $1; 992 } 993 ; 994 995 pathstring 996 : STRING 997 ; 998 999 octal_number 1000 : NUMBER 1001 { 1002 int ret, dec, multby, digit; 1003 1004 /* 1005 * Convert a number that was read as decimal number 1006 * to what it would be if it had been read as octal. 1007 */ 1008 dec = $1.i; 1009 multby = 1; 1010 ret = 0; 1011 while (dec) { 1012 digit = dec%10; 1013 if (digit > 7) { 1014 ret = -1; 1015 break; 1016 } 1017 ret += digit * multby; 1018 multby *= 8; 1019 dec /= 10; 1020 } 1021 $$ = ret; 1022 } 1023 ; 1024 1025 1026 check_login 1027 : /* empty */ 1028 { 1029 $$ = check_login1(); 1030 } 1031 ; 1032 1033 check_login_epsv 1034 : /* empty */ 1035 { 1036 if (noepsv) { 1037 reply(500, "EPSV command disabled"); 1038 $$ = 0; 1039 } 1040 else 1041 $$ = check_login1(); 1042 } 1043 ; 1044 1045 check_login_ro 1046 : /* empty */ 1047 { 1048 if (readonly) { 1049 reply(550, "Permission denied."); 1050 $$ = 0; 1051 } 1052 else 1053 $$ = check_login1(); 1054 } 1055 ; 1056 1057 %% 1058 1059 #define CMD 0 /* beginning of command */ 1060 #define ARGS 1 /* expect miscellaneous arguments */ 1061 #define STR1 2 /* expect SP followed by STRING */ 1062 #define STR2 3 /* expect STRING */ 1063 #define OSTR 4 /* optional SP then STRING */ 1064 #define ZSTR1 5 /* optional SP then optional STRING */ 1065 #define ZSTR2 6 /* optional STRING after SP */ 1066 #define SITECMD 7 /* SITE command */ 1067 #define NSTR 8 /* Number followed by a string */ 1068 1069 #define MAXGLOBARGS 1000 1070 1071 struct tab { 1072 char *name; 1073 short token; 1074 short state; 1075 short implemented; /* 1 if command is implemented */ 1076 char *help; 1077 }; 1078 1079 struct tab cmdtab[] = { /* In order defined in RFC 765 */ 1080 { "USER", USER, STR1, 1, "<sp> username" }, 1081 { "PASS", PASS, ZSTR1, 1, "[<sp> [password]]" }, 1082 { "ACCT", ACCT, STR1, 0, "(specify account)" }, 1083 { "SMNT", SMNT, ARGS, 0, "(structure mount)" }, 1084 { "REIN", REIN, ARGS, 0, "(reinitialize server state)" }, 1085 { "QUIT", QUIT, ARGS, 1, "(terminate service)", }, 1086 { "PORT", PORT, ARGS, 1, "<sp> b0, b1, b2, b3, b4" }, 1087 { "LPRT", LPRT, ARGS, 1, "<sp> af, hal, h1, h2, h3,..., pal, p1, p2..." }, 1088 { "EPRT", EPRT, STR1, 1, "<sp> |af|addr|port|" }, 1089 { "PASV", PASV, ARGS, 1, "(set server in passive mode)" }, 1090 { "LPSV", LPSV, ARGS, 1, "(set server in passive mode)" }, 1091 { "EPSV", EPSV, ARGS, 1, "[<sp> af|ALL]" }, 1092 { "TYPE", TYPE, ARGS, 1, "<sp> [ A | E | I | L ]" }, 1093 { "STRU", STRU, ARGS, 1, "(specify file structure)" }, 1094 { "MODE", MODE, ARGS, 1, "(specify transfer mode)" }, 1095 { "RETR", RETR, STR1, 1, "<sp> file-name" }, 1096 { "STOR", STOR, STR1, 1, "<sp> file-name" }, 1097 { "APPE", APPE, STR1, 1, "<sp> file-name" }, 1098 { "MLFL", MLFL, OSTR, 0, "(mail file)" }, 1099 { "MAIL", MAIL, OSTR, 0, "(mail to user)" }, 1100 { "MSND", MSND, OSTR, 0, "(mail send to terminal)" }, 1101 { "MSOM", MSOM, OSTR, 0, "(mail send to terminal or mailbox)" }, 1102 { "MSAM", MSAM, OSTR, 0, "(mail send to terminal and mailbox)" }, 1103 { "MRSQ", MRSQ, OSTR, 0, "(mail recipient scheme question)" }, 1104 { "MRCP", MRCP, STR1, 0, "(mail recipient)" }, 1105 { "ALLO", ALLO, ARGS, 1, "allocate storage (vacuously)" }, 1106 { "REST", REST, ARGS, 1, "<sp> offset (restart command)" }, 1107 { "RNFR", RNFR, STR1, 1, "<sp> file-name" }, 1108 { "RNTO", RNTO, STR1, 1, "<sp> file-name" }, 1109 { "ABOR", ABOR, ARGS, 1, "(abort operation)" }, 1110 { "DELE", DELE, STR1, 1, "<sp> file-name" }, 1111 { "CWD", CWD, OSTR, 1, "[ <sp> directory-name ]" }, 1112 { "XCWD", CWD, OSTR, 1, "[ <sp> directory-name ]" }, 1113 { "LIST", LIST, OSTR, 1, "[ <sp> path-name ]" }, 1114 { "NLST", NLST, OSTR, 1, "[ <sp> path-name ]" }, 1115 { "SITE", SITE, SITECMD, 1, "site-cmd [ <sp> arguments ]" }, 1116 { "SYST", SYST, ARGS, 1, "(get type of operating system)" }, 1117 { "STAT", STAT, OSTR, 1, "[ <sp> path-name ]" }, 1118 { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" }, 1119 { "NOOP", NOOP, ARGS, 1, "" }, 1120 { "MKD", MKD, STR1, 1, "<sp> path-name" }, 1121 { "XMKD", MKD, STR1, 1, "<sp> path-name" }, 1122 { "RMD", RMD, STR1, 1, "<sp> path-name" }, 1123 { "XRMD", RMD, STR1, 1, "<sp> path-name" }, 1124 { "PWD", PWD, ARGS, 1, "(return current directory)" }, 1125 { "XPWD", PWD, ARGS, 1, "(return current directory)" }, 1126 { "CDUP", CDUP, ARGS, 1, "(change to parent directory)" }, 1127 { "XCUP", CDUP, ARGS, 1, "(change to parent directory)" }, 1128 { "STOU", STOU, STR1, 1, "<sp> file-name" }, 1129 { "SIZE", SIZE, OSTR, 1, "<sp> path-name" }, 1130 { "MDTM", MDTM, OSTR, 1, "<sp> path-name" }, 1131 { NULL, 0, 0, 0, 0 } 1132 }; 1133 1134 struct tab sitetab[] = { 1135 { "MD5", MDFIVE, STR1, 1, "[ <sp> file-name ]" }, 1136 { "UMASK", UMASK, ARGS, 1, "[ <sp> umask ]" }, 1137 { "IDLE", IDLE, ARGS, 1, "[ <sp> maximum-idle-time ]" }, 1138 { "CHMOD", CHMOD, NSTR, 1, "<sp> mode <sp> file-name" }, 1139 { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" }, 1140 { NULL, 0, 0, 0, 0 } 1141 }; 1142 1143 static char *copy(char *); 1144 static void help(struct tab *, char *); 1145 static struct tab * 1146 lookup(struct tab *, char *); 1147 static int port_check(const char *); 1148 static int port_check_v6(const char *); 1149 static void sizecmd(char *); 1150 static void toolong(int); 1151 static void v4map_data_dest(void); 1152 static int yylex(void); 1153 1154 static struct tab * 1155 lookup(struct tab *p, char *cmd) 1156 { 1157 1158 for (; p->name != NULL; p++) 1159 if (strcmp(cmd, p->name) == 0) 1160 return (p); 1161 return (0); 1162 } 1163 1164 #include <arpa/telnet.h> 1165 1166 /* 1167 * getline - a hacked up version of fgets to ignore TELNET escape codes. 1168 */ 1169 char * 1170 getline(char *s, int n, FILE *iop) 1171 { 1172 int c; 1173 register char *cs; 1174 1175 cs = s; 1176 /* tmpline may contain saved command from urgent mode interruption */ 1177 for (c = 0; tmpline[c] != '\0' && --n > 0; ++c) { 1178 *cs++ = tmpline[c]; 1179 if (tmpline[c] == '\n') { 1180 *cs++ = '\0'; 1181 if (ftpdebug) 1182 syslog(LOG_DEBUG, "command: %s", s); 1183 tmpline[0] = '\0'; 1184 return(s); 1185 } 1186 if (c == 0) 1187 tmpline[0] = '\0'; 1188 } 1189 while ((c = getc(iop)) != EOF) { 1190 c &= 0377; 1191 if (c == IAC) { 1192 if ((c = getc(iop)) != EOF) { 1193 c &= 0377; 1194 switch (c) { 1195 case WILL: 1196 case WONT: 1197 c = getc(iop); 1198 printf("%c%c%c", IAC, DONT, 0377&c); 1199 (void) fflush(stdout); 1200 continue; 1201 case DO: 1202 case DONT: 1203 c = getc(iop); 1204 printf("%c%c%c", IAC, WONT, 0377&c); 1205 (void) fflush(stdout); 1206 continue; 1207 case IAC: 1208 break; 1209 default: 1210 continue; /* ignore command */ 1211 } 1212 } 1213 } 1214 *cs++ = c; 1215 if (--n <= 0 || c == '\n') 1216 break; 1217 } 1218 if (c == EOF && cs == s) 1219 return (NULL); 1220 *cs++ = '\0'; 1221 if (ftpdebug) { 1222 if (!guest && strncasecmp("pass ", s, 5) == 0) { 1223 /* Don't syslog passwords */ 1224 syslog(LOG_DEBUG, "command: %.5s ???", s); 1225 } else { 1226 register char *cp; 1227 register int len; 1228 1229 /* Don't syslog trailing CR-LF */ 1230 len = strlen(s); 1231 cp = s + len - 1; 1232 while (cp >= s && (*cp == '\n' || *cp == '\r')) { 1233 --cp; 1234 --len; 1235 } 1236 syslog(LOG_DEBUG, "command: %.*s", len, s); 1237 } 1238 } 1239 return (s); 1240 } 1241 1242 static void 1243 toolong(int signo) 1244 { 1245 1246 reply(421, 1247 "Timeout (%d seconds): closing control connection.", timeout); 1248 if (logging) 1249 syslog(LOG_INFO, "User %s timed out after %d seconds", 1250 (pw ? pw -> pw_name : "unknown"), timeout); 1251 dologout(1); 1252 } 1253 1254 static int 1255 yylex(void) 1256 { 1257 static int cpos; 1258 char *cp, *cp2; 1259 struct tab *p; 1260 int n; 1261 char c; 1262 1263 for (;;) { 1264 switch (state) { 1265 1266 case CMD: 1267 (void) signal(SIGALRM, toolong); 1268 (void) alarm((unsigned) timeout); 1269 if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) { 1270 reply(221, "You could at least say goodbye."); 1271 dologout(0); 1272 } 1273 (void) alarm(0); 1274 #ifdef SETPROCTITLE 1275 if (strncasecmp(cbuf, "PASS", 4) != 0) 1276 setproctitle("%s: %s", proctitle, cbuf); 1277 #endif /* SETPROCTITLE */ 1278 if ((cp = strchr(cbuf, '\r'))) { 1279 *cp++ = '\n'; 1280 *cp = '\0'; 1281 } 1282 if ((cp = strpbrk(cbuf, " \n"))) 1283 cpos = cp - cbuf; 1284 if (cpos == 0) 1285 cpos = 4; 1286 c = cbuf[cpos]; 1287 cbuf[cpos] = '\0'; 1288 upper(cbuf); 1289 p = lookup(cmdtab, cbuf); 1290 cbuf[cpos] = c; 1291 if (p != 0) { 1292 if (p->implemented == 0) { 1293 nack(p->name); 1294 return (LEXERR); 1295 } 1296 state = p->state; 1297 yylval.s = p->name; 1298 return (p->token); 1299 } 1300 break; 1301 1302 case SITECMD: 1303 if (cbuf[cpos] == ' ') { 1304 cpos++; 1305 return (SP); 1306 } 1307 cp = &cbuf[cpos]; 1308 if ((cp2 = strpbrk(cp, " \n"))) 1309 cpos = cp2 - cbuf; 1310 c = cbuf[cpos]; 1311 cbuf[cpos] = '\0'; 1312 upper(cp); 1313 p = lookup(sitetab, cp); 1314 cbuf[cpos] = c; 1315 if (guest == 0 && p != 0) { 1316 if (p->implemented == 0) { 1317 state = CMD; 1318 nack(p->name); 1319 return (LEXERR); 1320 } 1321 state = p->state; 1322 yylval.s = p->name; 1323 return (p->token); 1324 } 1325 state = CMD; 1326 break; 1327 1328 case ZSTR1: 1329 case OSTR: 1330 if (cbuf[cpos] == '\n') { 1331 state = CMD; 1332 return (CRLF); 1333 } 1334 /* FALLTHROUGH */ 1335 1336 case STR1: 1337 dostr1: 1338 if (cbuf[cpos] == ' ') { 1339 cpos++; 1340 state = state == OSTR ? STR2 : state+1; 1341 return (SP); 1342 } 1343 break; 1344 1345 case ZSTR2: 1346 if (cbuf[cpos] == '\n') { 1347 state = CMD; 1348 return (CRLF); 1349 } 1350 /* FALLTHROUGH */ 1351 1352 case STR2: 1353 cp = &cbuf[cpos]; 1354 n = strlen(cp); 1355 cpos += n - 1; 1356 /* 1357 * Make sure the string is nonempty and \n terminated. 1358 */ 1359 if (n > 1 && cbuf[cpos] == '\n') { 1360 cbuf[cpos] = '\0'; 1361 yylval.s = copy(cp); 1362 cbuf[cpos] = '\n'; 1363 state = ARGS; 1364 return (STRING); 1365 } 1366 break; 1367 1368 case NSTR: 1369 if (cbuf[cpos] == ' ') { 1370 cpos++; 1371 return (SP); 1372 } 1373 if (isdigit(cbuf[cpos])) { 1374 cp = &cbuf[cpos]; 1375 while (isdigit(cbuf[++cpos])) 1376 ; 1377 c = cbuf[cpos]; 1378 cbuf[cpos] = '\0'; 1379 yylval.u.i = atoi(cp); 1380 cbuf[cpos] = c; 1381 state = STR1; 1382 return (NUMBER); 1383 } 1384 state = STR1; 1385 goto dostr1; 1386 1387 case ARGS: 1388 if (isdigit(cbuf[cpos])) { 1389 cp = &cbuf[cpos]; 1390 while (isdigit(cbuf[++cpos])) 1391 ; 1392 c = cbuf[cpos]; 1393 cbuf[cpos] = '\0'; 1394 yylval.u.i = atoi(cp); 1395 yylval.u.o = strtoull(cp, (char **)NULL, 10); 1396 cbuf[cpos] = c; 1397 return (NUMBER); 1398 } 1399 if (strncasecmp(&cbuf[cpos], "ALL", 3) == 0 1400 && !isalnum(cbuf[cpos + 3])) { 1401 cpos += 3; 1402 return ALL; 1403 } 1404 switch (cbuf[cpos++]) { 1405 1406 case '\n': 1407 state = CMD; 1408 return (CRLF); 1409 1410 case ' ': 1411 return (SP); 1412 1413 case ',': 1414 return (COMMA); 1415 1416 case 'A': 1417 case 'a': 1418 return (A); 1419 1420 case 'B': 1421 case 'b': 1422 return (B); 1423 1424 case 'C': 1425 case 'c': 1426 return (C); 1427 1428 case 'E': 1429 case 'e': 1430 return (E); 1431 1432 case 'F': 1433 case 'f': 1434 return (F); 1435 1436 case 'I': 1437 case 'i': 1438 return (I); 1439 1440 case 'L': 1441 case 'l': 1442 return (L); 1443 1444 case 'N': 1445 case 'n': 1446 return (N); 1447 1448 case 'P': 1449 case 'p': 1450 return (P); 1451 1452 case 'R': 1453 case 'r': 1454 return (R); 1455 1456 case 'S': 1457 case 's': 1458 return (S); 1459 1460 case 'T': 1461 case 't': 1462 return (T); 1463 1464 } 1465 break; 1466 1467 default: 1468 fatalerror("Unknown state in scanner."); 1469 } 1470 state = CMD; 1471 return (LEXERR); 1472 } 1473 } 1474 1475 void 1476 upper(char *s) 1477 { 1478 while (*s != '\0') { 1479 if (islower(*s)) 1480 *s = toupper(*s); 1481 s++; 1482 } 1483 } 1484 1485 static char * 1486 copy(char *s) 1487 { 1488 char *p; 1489 1490 p = malloc((unsigned) strlen(s) + 1); 1491 if (p == NULL) 1492 fatalerror("Ran out of memory."); 1493 (void) strcpy(p, s); 1494 return (p); 1495 } 1496 1497 static void 1498 help(struct tab *ctab, char *s) 1499 { 1500 struct tab *c; 1501 int width, NCMDS; 1502 char *type; 1503 1504 if (ctab == sitetab) 1505 type = "SITE "; 1506 else 1507 type = ""; 1508 width = 0, NCMDS = 0; 1509 for (c = ctab; c->name != NULL; c++) { 1510 int len = strlen(c->name); 1511 1512 if (len > width) 1513 width = len; 1514 NCMDS++; 1515 } 1516 width = (width + 8) &~ 7; 1517 if (s == 0) { 1518 int i, j, w; 1519 int columns, lines; 1520 1521 lreply(214, "The following %scommands are recognized %s.", 1522 type, "(* =>'s unimplemented)"); 1523 columns = 76 / width; 1524 if (columns == 0) 1525 columns = 1; 1526 lines = (NCMDS + columns - 1) / columns; 1527 for (i = 0; i < lines; i++) { 1528 printf(" "); 1529 for (j = 0; j < columns; j++) { 1530 c = ctab + j * lines + i; 1531 printf("%s%c", c->name, 1532 c->implemented ? ' ' : '*'); 1533 if (c + lines >= &ctab[NCMDS]) 1534 break; 1535 w = strlen(c->name) + 1; 1536 while (w < width) { 1537 putchar(' '); 1538 w++; 1539 } 1540 } 1541 printf("\r\n"); 1542 } 1543 (void) fflush(stdout); 1544 reply(214, "Direct comments to ftp-bugs@%s.", hostname); 1545 return; 1546 } 1547 upper(s); 1548 c = lookup(ctab, s); 1549 if (c == (struct tab *)0) { 1550 reply(502, "Unknown command %s.", s); 1551 return; 1552 } 1553 if (c->implemented) 1554 reply(214, "Syntax: %s%s %s", type, c->name, c->help); 1555 else 1556 reply(214, "%s%-*s\t%s; unimplemented.", type, width, 1557 c->name, c->help); 1558 } 1559 1560 static void 1561 sizecmd(char *filename) 1562 { 1563 switch (type) { 1564 case TYPE_L: 1565 case TYPE_I: { 1566 struct stat stbuf; 1567 if (stat(filename, &stbuf) < 0) 1568 perror_reply(550, filename); 1569 else if (!S_ISREG(stbuf.st_mode)) 1570 reply(550, "%s: not a plain file.", filename); 1571 else 1572 reply(213, "%qu", stbuf.st_size); 1573 break; } 1574 case TYPE_A: { 1575 FILE *fin; 1576 int c; 1577 off_t count; 1578 struct stat stbuf; 1579 fin = fopen(filename, "r"); 1580 if (fin == NULL) { 1581 perror_reply(550, filename); 1582 return; 1583 } 1584 if (fstat(fileno(fin), &stbuf) < 0) { 1585 perror_reply(550, filename); 1586 (void) fclose(fin); 1587 return; 1588 } else if (!S_ISREG(stbuf.st_mode)) { 1589 reply(550, "%s: not a plain file.", filename); 1590 (void) fclose(fin); 1591 return; 1592 } 1593 1594 count = 0; 1595 while((c=getc(fin)) != EOF) { 1596 if (c == '\n') /* will get expanded to \r\n */ 1597 count++; 1598 count++; 1599 } 1600 (void) fclose(fin); 1601 1602 reply(213, "%qd", count); 1603 break; } 1604 default: 1605 reply(504, "SIZE not implemented for type %s.", 1606 typenames[type]); 1607 } 1608 } 1609 1610 /* Return 1, if port check is done. Return 0, if not yet. */ 1611 static int 1612 port_check(const char *pcmd) 1613 { 1614 if (his_addr.su_family == AF_INET) { 1615 if (data_dest.su_family != AF_INET) { 1616 usedefault = 1; 1617 reply(500, "Invalid address rejected."); 1618 return 1; 1619 } 1620 if (paranoid && 1621 ((ntohs(data_dest.su_port) < IPPORT_RESERVED) || 1622 memcmp(&data_dest.su_sin.sin_addr, 1623 &his_addr.su_sin.sin_addr, 1624 sizeof(data_dest.su_sin.sin_addr)))) { 1625 usedefault = 1; 1626 reply(500, "Illegal PORT range rejected."); 1627 } else { 1628 usedefault = 0; 1629 if (pdata >= 0) { 1630 (void) close(pdata); 1631 pdata = -1; 1632 } 1633 reply(200, "%s command successful.", pcmd); 1634 } 1635 return 1; 1636 } 1637 return 0; 1638 } 1639 1640 static int 1641 check_login1(void) 1642 { 1643 if (logged_in) 1644 return 1; 1645 else { 1646 reply(530, "Please login with USER and PASS."); 1647 return 0; 1648 } 1649 } 1650 1651 #ifdef INET6 1652 /* Return 1, if port check is done. Return 0, if not yet. */ 1653 static int 1654 port_check_v6(const char *pcmd) 1655 { 1656 if (his_addr.su_family == AF_INET6) { 1657 if (IN6_IS_ADDR_V4MAPPED(&his_addr.su_sin6.sin6_addr)) 1658 /* Convert data_dest into v4 mapped sockaddr.*/ 1659 v4map_data_dest(); 1660 if (data_dest.su_family != AF_INET6) { 1661 usedefault = 1; 1662 reply(500, "Invalid address rejected."); 1663 return 1; 1664 } 1665 if (paranoid && 1666 ((ntohs(data_dest.su_port) < IPPORT_RESERVED) || 1667 memcmp(&data_dest.su_sin6.sin6_addr, 1668 &his_addr.su_sin6.sin6_addr, 1669 sizeof(data_dest.su_sin6.sin6_addr)))) { 1670 usedefault = 1; 1671 reply(500, "Illegal PORT range rejected."); 1672 } else { 1673 usedefault = 0; 1674 if (pdata >= 0) { 1675 (void) close(pdata); 1676 pdata = -1; 1677 } 1678 reply(200, "%s command successful.", pcmd); 1679 } 1680 return 1; 1681 } 1682 return 0; 1683 } 1684 1685 static void 1686 v4map_data_dest(void) 1687 { 1688 struct in_addr savedaddr; 1689 int savedport; 1690 1691 if (data_dest.su_family != AF_INET) { 1692 usedefault = 1; 1693 reply(500, "Invalid address rejected."); 1694 return; 1695 } 1696 1697 savedaddr = data_dest.su_sin.sin_addr; 1698 savedport = data_dest.su_port; 1699 1700 memset(&data_dest, 0, sizeof(data_dest)); 1701 data_dest.su_sin6.sin6_len = sizeof(struct sockaddr_in6); 1702 data_dest.su_sin6.sin6_family = AF_INET6; 1703 data_dest.su_sin6.sin6_port = savedport; 1704 memset((caddr_t)&data_dest.su_sin6.sin6_addr.s6_addr[10], 0xff, 2); 1705 memcpy((caddr_t)&data_dest.su_sin6.sin6_addr.s6_addr[12], 1706 (caddr_t)&savedaddr, sizeof(savedaddr)); 1707 } 1708 #endif 1709