*
* Author: Adam Tkac <vonsch@gmail.com>
*
- * Licensed under GPLv2, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2, see file LICENSE in this source tree.
*
* Only subset of FTP protocol is implemented but vast majority of clients
* should not have any problem.
* You have to run this daemon via inetd.
*/
+//usage:#define ftpd_trivial_usage
+//usage: "[-wvS] [-t N] [-T N] [DIR]"
+//usage:#define ftpd_full_usage "\n\n"
+//usage: "Anonymous FTP server\n"
+//usage: "\n"
+//usage: "ftpd should be used as an inetd service.\n"
+//usage: "ftpd's line for inetd.conf:\n"
+//usage: " 21 stream tcp nowait root ftpd ftpd /files/to/serve\n"
+//usage: "It also can be ran from tcpsvd:\n"
+//usage: " tcpsvd -vE 0.0.0.0 21 ftpd /files/to/serve\n"
+//usage: "\n -w Allow upload"
+//usage: "\n -v Log errors to stderr. -vv: verbose log"
+//usage: "\n -S Log errors to syslog. -SS: verbose log"
+//usage: "\n -t,-T Idle and absolute timeouts"
+//usage: "\n DIR Change root to this directory"
+
#include "libbb.h"
#include <syslog.h>
#include <netinet/tcp.h>
struct globals {
int pasv_listen_fd;
- int proc_self_fd;
+#if !BB_MMU
+ int root_fd;
+#endif
int local_file_fd;
unsigned end_time;
unsigned timeout;
/* We need these aligned to uint32_t */
char msg_ok [(sizeof("NNN " MSG_OK ) + 3) & 0xfffc];
char msg_err[(sizeof("NNN " MSG_ERR) + 3) & 0xfffc];
-};
+} FIX_ALIASING;
#define G (*(struct globals*)&bb_common_bufsiz1)
#define INIT_G() do { \
/* Moved to main */ \
{
*(uint32_t *) G.msg_err = status;
xwrite(STDOUT_FILENO, G.msg_err, sizeof("NNN " MSG_ERR) - 1);
- if (G.verbose > 1)
+ if (G.verbose > 0)
verbose_log(G.msg_err);
}
#define WRITE_ERR(a) cmdio_write_error(STRNUM32sp(a))
static void
handle_stat(void)
{
- cmdio_write_raw(STR(FTP_STATOK)"-FTP server status:\r\n"
+ cmdio_write_raw(STR(FTP_STATOK)"-Server status:\r\n"
" TYPE: BINARY\r\n"
STR(FTP_STATOK)" Ok\r\n");
}
port_or_pasv_was_seen(void)
{
if (!pasv_active() && !port_active()) {
- cmdio_write_raw(STR(FTP_BADSENDCONN)" Use PORT or PASV first\r\n");
+ cmdio_write_raw(STR(FTP_BADSENDCONN)" Use PORT/PASV first\r\n");
return 0;
}
G.pasv_listen_fd = fd = xsocket(G.local_addr->u.sa.sa_family, SOCK_STREAM, 0);
setsockopt_reuseaddr(fd);
- set_nport(G.local_addr, 0);
+ set_nport(&G.local_addr->u.sa, 0);
xbind(fd, &G.local_addr->u.sa, G.local_addr->len);
xlisten(fd, 1);
getsockname(fd, &G.local_addr->u.sa, &G.local_addr->len);
addr = xstrdup("0.0.0.0");
replace_char(addr, '.', ',');
- response = xasprintf(STR(FTP_PASVOK)" Entering Passive Mode (%s,%u,%u)\r\n",
+ response = xasprintf(STR(FTP_PASVOK)" PASV ok (%s,%u,%u)\r\n",
addr, (int)(port >> 8), (int)(port & 255));
free(addr);
cmdio_write_raw(response);
char *response;
port = bind_for_passive_mode();
- response = xasprintf(STR(FTP_EPSVOK)" EPSV Ok (|||%u|)\r\n", port);
+ response = xasprintf(STR(FTP_EPSVOK)" EPSV ok (|||%u|)\r\n", port);
cmdio_write_raw(response);
free(response);
}
-/* libbb candidate */
-static
-len_and_sockaddr* get_peer_lsa(int fd)
-{
- len_and_sockaddr *lsa;
- socklen_t len = 0;
-
- if (getpeername(fd, NULL, &len) != 0)
- return NULL;
- lsa = xzalloc(LSA_LEN_SIZE + len);
- lsa->len = len;
- getpeername(fd, &lsa->u.sa, &lsa->len);
- return lsa;
-}
-
static void
handle_port(void)
{
G.port_addr = xdotted2sockaddr(raw, port);
#else
G.port_addr = get_peer_lsa(STDIN_FILENO);
- set_nport(G.port_addr, htons(port));
+ set_nport(&G.port_addr->u.sa, htons(port));
#endif
WRITE_OK(FTP_PORTOK);
}
handle_rest(void)
{
/* When ftp_arg == NULL simply restart from beginning */
- G.restart_pos = G.ftp_arg ? xatoi_u(G.ftp_arg) : 0;
+ G.restart_pos = G.ftp_arg ? xatoi_positive(G.ftp_arg) : 0;
WRITE_OK(FTP_RESTOK);
}
xlseek(local_file_fd, offset, SEEK_SET);
response = xasprintf(
- " Opening BINARY mode data connection for %s (%"OFF_FMT"u bytes)",
+ " Opening BINARY connection for %s (%"OFF_FMT"u bytes)",
G.ftp_arg, statbuf.st_size);
remote_fd = get_remote_transfer_fd(response);
free(response);
static int
popen_ls(const char *opt)
{
- char *cwd;
- const char *argv[5] = { "ftpd", opt, NULL, G.ftp_arg, NULL };
+ const char *argv[5];
struct fd_pair outfd;
pid_t pid;
- cwd = xrealloc_getcwd_or_warn(NULL);
+ argv[0] = "ftpd";
+ argv[1] = opt; /* "-l" or "-1" */
+#if BB_MMU
+ argv[2] = "--";
+#else
+ /* NOMMU ftpd ls helper chdirs to argv[2],
+ * preventing peer from seeing real root. */
+ argv[2] = xrealloc_getcwd_or_warn(NULL);
+#endif
+ argv[3] = G.ftp_arg;
+ argv[4] = NULL;
+
+ /* Improve compatibility with non-RFC conforming FTP clients
+ * which send e.g. "LIST -l", "LIST -la", "LIST -aL".
+ * See https://bugs.kde.org/show_bug.cgi?id=195578 */
+ if (ENABLE_FEATURE_FTPD_ACCEPT_BROKEN_LIST
+ && G.ftp_arg && G.ftp_arg[0] == '-'
+ ) {
+ const char *tmp = strchr(G.ftp_arg, ' ');
+ if (tmp) /* skip the space */
+ tmp++;
+ argv[3] = tmp;
+ }
+
xpiped_pair(outfd);
- /*fflush(NULL); - so far we dont use stdio on output */
- pid = vfork();
- switch (pid) {
- case -1: /* failure */
- bb_perror_msg_and_die("vfork");
- case 0: /* child */
- /* NB: close _first_, then move fds! */
+ /*fflush_all(); - so far we dont use stdio on output */
+ pid = BB_MMU ? xfork() : xvfork();
+ if (pid == 0) {
+ /* child */
+#if !BB_MMU
+ /* On NOMMU, we want to execute a child - copy of ourself.
+ * In chroot we usually can't do it. Thus we chdir
+ * out of the chroot back to original root,
+ * and (see later below) execute bb_busybox_exec_path
+ * relative to current directory */
+ if (fchdir(G.root_fd) != 0)
+ _exit(127);
+ /*close(G.root_fd); - close_on_exec_on() took care of this */
+#endif
+ /* NB: close _first_, then move fd! */
close(outfd.rd);
xmove_fd(outfd.wr, STDOUT_FILENO);
+ /* Opening /dev/null in chroot is hard.
+ * Just making sure STDIN_FILENO is opened
+ * to something harmless. Paranoia,
+ * ls won't read it anyway */
close(STDIN_FILENO);
- /* xopen("/dev/null", O_RDONLY); - chroot may lack it! */
- if (fchdir(G.proc_self_fd) == 0) {
- close(G.proc_self_fd);
- argv[2] = cwd;
- /* ftpd ls helper chdirs to argv[2],
- * preventing peer from seeing /proc/self
- */
- execv("exe", (char**) argv);
- }
+ dup(STDOUT_FILENO); /* copy will become STDIN_FILENO */
+#if BB_MMU
+ /* memset(&G, 0, sizeof(G)); - ls_main does it */
+ exit(ls_main(ARRAY_SIZE(argv) - 1, (char**) argv));
+#else
+ /* + 1: we must use relative path here if in chroot.
+ * For example, execv("/proc/self/exe") will fail, since
+ * it looks for "/proc/self/exe" _relative to chroot!_ */
+ execv(bb_busybox_exec_path + 1, (char**) argv);
_exit(127);
+#endif
}
/* parent */
close(outfd.wr);
- free(cwd);
+#if !BB_MMU
+ free((char*)argv[2]);
+#endif
return outfd.rd;
}
/* -n prevents user/groupname display,
* which can be problematic in chroot */
ls_fd = popen_ls((opts & LONG_LISTING) ? "-l" : "-1");
- ls_fp = fdopen(ls_fd, "r");
- if (!ls_fp) /* never happens. paranoia */
- bb_perror_msg_and_die("fdopen");
+ ls_fp = xfdopen_for_read(ls_fd);
if (opts & USE_CTRL_CONN) {
/* STAT <filename> */
- cmdio_write_raw(STR(FTP_STATFILE_OK)"-Status follows:\r\n");
+ cmdio_write_raw(STR(FTP_STATFILE_OK)"-File status:\r\n");
while (1) {
- line = xmalloc_fgetline(ls_fp);
+ line = xmalloc_fgetline(ls_fp);
if (!line)
break;
- cmdio_write(0, line); /* hack: 0 results in no status at all */
+ /* Hack: 0 results in no status at all */
+ /* Note: it's ok that we don't prepend space,
+ * ftp.kernel.org doesn't do that too */
+ cmdio_write(0, line);
free(line);
}
WRITE_OK(FTP_STATFILE_OK);
} else {
/* LIST/NLST [<filename>] */
- int remote_fd = get_remote_transfer_fd(" Here comes the directory listing");
+ int remote_fd = get_remote_transfer_fd(" Directory listing");
if (remote_fd >= 0) {
while (1) {
- line = xmalloc_fgetline(ls_fp);
+ line = xmalloc_fgetline(ls_fp);
if (!line)
break;
/* I've seen clients complaining when they
gmtime_r(&statbuf.st_mtime, &broken_out);
sprintf(buf, STR(FTP_STATFILE_OK)" %04u%02u%02u%02u%02u%02u\r\n",
broken_out.tm_year + 1900,
- broken_out.tm_mon,
+ broken_out.tm_mon + 1,
broken_out.tm_mday,
broken_out.tm_hour,
broken_out.tm_min,
/* If we didn't get a RNFR, throw a wobbly */
if (G.rnfr_filename == NULL || G.ftp_arg == NULL) {
- cmdio_write_raw(STR(FTP_NEEDRNFR)" RNFR required first\r\n");
+ cmdio_write_raw(STR(FTP_NEEDRNFR)" Use RNFR first\r\n");
return;
}
|| fstat(local_file_fd, &statbuf) != 0
|| !S_ISREG(statbuf.st_mode)
) {
+ free(tempname);
WRITE_ERR(FTP_UPLOADFAIL);
if (local_file_fd >= 0)
goto close_local_and_bail;
static uint32_t
cmdio_get_cmd_and_arg(void)
{
- size_t len;
+ int len;
uint32_t cmdval;
char *cmd;
alarm(G.timeout);
free(G.ftp_cmd);
- len = 8 * 1024; /* Paranoia. Peer may send 1 gigabyte long cmd... */
- G.ftp_cmd = cmd = xmalloc_reads(STDIN_FILENO, NULL, &len);
- if (!cmd)
- exit(0);
+ {
+ /* Paranoia. Peer may send 1 gigabyte long cmd... */
+ /* Using separate len_on_stk instead of len optimizes
+ * code size (allows len to be in CPU register) */
+ size_t len_on_stk = 8 * 1024;
+ G.ftp_cmd = cmd = xmalloc_fgets_str_len(stdin, "\r\n", &len_on_stk);
+ if (!cmd)
+ exit(0);
+ len = len_on_stk;
+ }
- /* Trailing '\n' is already stripped, strip '\r' */
- len = strlen(cmd) - 1;
- if ((ssize_t)len >= 0 && cmd[len] == '\r')
- cmd[len--] = '\0';
+ /* De-escape telnet: 0xff,0xff => 0xff */
+ /* RFC959 says that ABOR, STAT, QUIT may be sent even during
+ * data transfer, and may be preceded by telnet's "Interrupt Process"
+ * code (two-byte sequence 255,244) and then by telnet "Synch" code
+ * 255,242 (byte 242 is sent with TCP URG bit using send(MSG_OOB)
+ * and may generate SIGURG on our side. See RFC854).
+ * So far we don't support that (may install SIGURG handler if we'd want to),
+ * but we need to at least remove 255,xxx pairs. lftp sends those. */
+ /* Then de-escape FTP: NUL => '\n' */
+ /* Testing for \xff:
+ * Create file named '\xff': echo Hello >`echo -ne "\xff"`
+ * Try to get it: ftpget -v 127.0.0.1 Eff `echo -ne "\xff\xff"`
+ * (need "\xff\xff" until ftpget applet is fixed to do escaping :)
+ * Testing for embedded LF:
+ * LF_HERE=`echo -ne "LF\nHERE"`
+ * echo Hello >"$LF_HERE"
+ * ftpget -v 127.0.0.1 LF_HERE "$LF_HERE"
+ */
+ {
+ int dst, src;
+
+ /* Strip "\r\n" if it is there */
+ if (len != 0 && cmd[len - 1] == '\n') {
+ len--;
+ if (len != 0 && cmd[len - 1] == '\r')
+ len--;
+ cmd[len] = '\0';
+ }
+ src = strchrnul(cmd, 0xff) - cmd;
+ /* 99,99% there are neither NULs nor 255s and src == len */
+ if (src < len) {
+ dst = src;
+ do {
+ if ((unsigned char)(cmd[src]) == 255) {
+ src++;
+ /* 255,xxx - skip 255 */
+ if ((unsigned char)(cmd[src]) != 255) {
+ /* 255,!255 - skip both */
+ src++;
+ continue;
+ }
+ /* 255,255 - retain one 255 */
+ }
+ /* NUL => '\n' */
+ cmd[dst++] = cmd[src] ? cmd[src] : '\n';
+ src++;
+ } while (src < len);
+ cmd[dst] = '\0';
+ }
+ }
if (G.verbose > 1)
verbose_log(cmd);
const_TYPE = mk_const4('T', 'Y', 'P', 'E'),
const_USER = mk_const4('U', 'S', 'E', 'R'),
+#if !BB_MMU
OPT_l = (1 << 0),
OPT_1 = (1 << 1),
- OPT_v = (1 << 2),
- OPT_S = (1 << 3),
- OPT_w = (1 << 4),
+#endif
+ OPT_v = (1 << ((!BB_MMU) * 2 + 0)),
+ OPT_S = (1 << ((!BB_MMU) * 2 + 1)),
+ OPT_w = (1 << ((!BB_MMU) * 2 + 2)) * ENABLE_FEATURE_FTP_WRITE,
};
int ftpd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+#if !BB_MMU
int ftpd_main(int argc, char **argv)
+#else
+int ftpd_main(int argc UNUSED_PARAM, char **argv)
+#endif
{
unsigned abs_timeout;
+ unsigned verbose_S;
smallint opts;
INIT_G();
abs_timeout = 1 * 60 * 60;
+ verbose_S = 0;
G.timeout = 2 * 60;
- opt_complementary = "t+:T+:vv";
- opts = getopt32(argv, "l1vS" USE_FEATURE_FTP_WRITE("w") "t:T:", &G.timeout, &abs_timeout, &G.verbose);
+ opt_complementary = "t+:T+:vv:SS";
+#if BB_MMU
+ opts = getopt32(argv, "vS" IF_FEATURE_FTP_WRITE("w") "t:T:", &G.timeout, &abs_timeout, &G.verbose, &verbose_S);
+#else
+ opts = getopt32(argv, "l1vS" IF_FEATURE_FTP_WRITE("w") "t:T:", &G.timeout, &abs_timeout, &G.verbose, &verbose_S);
if (opts & (OPT_l|OPT_1)) {
/* Our secret backdoor to ls */
- memset(&G, 0, sizeof(G));
-/* TODO: pass -n too? */
-/* --group-directories-first would be nice, but ls don't do that yet */
+/* TODO: pass -n? It prevents user/group resolution, which may not work in chroot anyway */
+/* TODO: pass -A? It shows dot files */
+/* TODO: pass --group-directories-first? would be nice, but ls doesn't do that yet */
xchdir(argv[2]);
argv[2] = (char*)"--";
+ /* memset(&G, 0, sizeof(G)); - ls_main does it */
return ls_main(argc, argv);
}
+#endif
+ if (G.verbose < verbose_S)
+ G.verbose = verbose_S;
if (abs_timeout | G.timeout) {
if (abs_timeout == 0)
abs_timeout = INT_MAX;
if (logmode)
applet_name = xasprintf("%s[%u]", applet_name, (int)getpid());
- G.proc_self_fd = xopen("/proc/self", O_RDONLY | O_DIRECTORY);
+#if !BB_MMU
+ G.root_fd = xopen("/", O_RDONLY | O_DIRECTORY);
+ close_on_exec_on(G.root_fd);
+#endif
if (argv[optind]) {
- xchdir(argv[optind]);
- chroot(".");
+ xchroot(argv[optind]);
}
//umask(077); - admin can set umask before starting us
/* Set up options on the command socket (do we need these all? why?) */
setsockopt(STDIN_FILENO, IPPROTO_TCP, TCP_NODELAY, &const_int_1, sizeof(const_int_1));
setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE, &const_int_1, sizeof(const_int_1));
+ /* Telnet protocol over command link may send "urgent" data,
+ * we prefer it to be received in the "normal" data stream: */
setsockopt(STDIN_FILENO, SOL_SOCKET, SO_OOBINLINE, &const_int_1, sizeof(const_int_1));
WRITE_OK(FTP_GREET);
handle_appe();
else if (cmdval == const_STOU) /* "store unique" */
handle_stou();
+ else
+ goto bad_cmd;
}
#endif
#if 0
* (doesn't necessarily mean "we must support them")
* foo 1.2.3: XXXX - comment
*/
+#if ENABLE_FEATURE_FTP_WRITE
+ bad_cmd:
+#endif
cmdio_write_raw(STR(FTP_BADCMD)" Unknown command\r\n");
}
}