[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-228-g16059
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-228-g160598f |
|
Date: |
Wed, 19 Dec 2012 12:28:54 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via 160598f05ba99a6abc4852314679548c209f5831 (commit)
from 98596728f57c78b24930910ff9d442bab9e39c32 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=160598f05ba99a6abc4852314679548c209f5831
commit 160598f05ba99a6abc4852314679548c209f5831
Author: Mats Erik Andersson <address@hidden>
Date: Wed Dec 19 13:22:25 2012 +0100
ftp-localhost.sh: New subtest.
diff --git a/ChangeLog b/ChangeLog
index fc4d1e6..9e5a1cb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2012-12-19 Mats Erik Andersson <address@hidden>
+
+ Detect a writable directory for better coverage.
+ Add a test for mapping of file names.
+
+ * tests/ftp-localhost.sh (DLDIR): New variable.
+ Put files in $DLDIR of the chrooted user.
+ (GETME, PUTME): Use mktemp() to generate names.
+ [do_transfer]: New test of two nmap modes.
+
2012-12-17 Mats Erik Andersson <address@hidden>
* ftp/cmds.c (cp_subst): Change SRC_LEN to size_t.
diff --git a/doc/inetutils.texi b/doc/inetutils.texi
index 4561606..47573fa 100644
--- a/doc/inetutils.texi
+++ b/doc/inetutils.texi
@@ -3286,7 +3286,7 @@ Daemon uses only IPv6 addressing. Ignored in inetd mode.
Only anonymous login is allowed.
@item -a @var{auth}
address@hidden address@hidden
address@hidden address@hidden
@opindex -a
@opindex --auth
Specify what authentication mechanism to use for incoming connections.
@@ -3297,8 +3297,8 @@ Anonymous logins will continue to work when this option
is used.
@item -D
@itemx --daemon
address@hidden --daemon
@opindex -D
address@hidden --daemon
@command{ftpd} enters daemon-mode. That allows @command{ftpd} to be
run without @command{inetd}.
@@ -3320,20 +3320,20 @@ directory, remove directory and rename operations and
their filename
arguments are also logged.
@item -p @var{pidfile}
address@hidden address@hidden
address@hidden address@hidden
@opindex -p
@opindex --pidfile
Change default location of @var{pidfile}.
@item -q
address@hidden --no-version
address@hidden --no-version
@opindex -q
@opindex --no-version
Quiet mode. No information about the version of the @command{ftpd} is
given to the client.
@item -T
address@hidden --max-timeout
address@hidden --max-timeout
@opindex -T
@opindex --max-timeout
A client may also request a different timeout period; the maximum
@@ -3341,17 +3341,17 @@ period allowed may be set to timeout seconds with the
@option{-T}
option. The default limit is 2 hours.
@item -t @var{timeout}
address@hidden address@hidden
address@hidden address@hidden
@opindex -t
@opindex --timeout
The inactivity timeout period is set to timeout seconds (the default
is 15 minutes).
@item -u @var{umask}
address@hidden address@hidden
address@hidden address@hidden
@opindex -u
@opindex --umask
-Set default umask(base 8).
+Set default umask, expressed in base 8.
@end table
The file @file{/etc/nologin} can be used to disable FTP access. If
@@ -3437,7 +3437,7 @@ transfer status will be returned.
conventions used by @command{csh}. This allows users to utilize the
metacharacters @address@hidden@}~}.
address@hidden authenticates users according to three rules.
address@hidden authenticates users according to four rules.
@enumerate
@item
@@ -3467,10 +3467,10 @@ constructed with care, following these rules:
@table @file
@item ~ftp
-Make the home directory owned by @samp{root} and unwritable by anyone.
+Make the home directory owned by @samp{root} and not writable by anyone.
@item ~ftp/bin
-Make this directory owned by @samp{root} and unwritable by anyone
+Make this directory owned by @samp{root} and not writable by anyone
(mode 555). The program @command{ls} must be present to support the
list command. This program should be mode 111.
@@ -3492,17 +3492,24 @@ this directory.
@section Configuration files
@table @samp
address@hidden @file{/etc/ftpchroot}
+List of users to enclose in a chrooted directory.
+The anonymous user @samp{ftp} is always considered
+to be a member of this list, explicit or not.
+
@item @file{/etc/ftpusers}
List of unwelcome/restricted users.
@item @file{/etc/ftpwelcome}
-Welcome notice.
+Welcome notice printed before server identification
+and any authentication exchange.
@item @file{/etc/motd}
-Welcome notice after login.
+Welcome notice presented after completed login.
@item @file{/etc/nologin}
-Displayed and access refused.
+If present, the contents are displayed and all further
+access is refused.
@end table
@node tftpd invocation
diff --git a/tests/ftp-localhost.sh b/tests/ftp-localhost.sh
index 41a68b1..de13851 100755
--- a/tests/ftp-localhost.sh
+++ b/tests/ftp-localhost.sh
@@ -64,10 +64,6 @@ TARGET46=${TARGET46:-::ffff:127.0.0.1}
do_transfer=false
test "${TRANSFERTEST+yes}" = "yes" && do_transfer=true
-# Files used in transmission tests.
-GETME=getme.$$
-PUTME=putme.$$
-
# Portability fix for SVR4
PWD="${PWD:-`pwd`}"
@@ -153,6 +149,26 @@ else
exit 77
fi
+# Try common subdirectories for writability.
+# Result is in DLDIR, usable in chrooted setting.
+# Assigns an empty value when no writable candidate
+# was found.
+
+if test -z "$DLDIR"; then
+ for DLDIR in /pub /download /downloads /dl / ; do
+ test -d $FTPHOME$DLDIR || continue
+ set -- `ls -ld $FTPHOME$DLDIR`
+ # Check owner.
+ test "$3" = $FTPUSER || continue
+ # Check for write access.
+ test `expr $1 : 'drwx'` -eq 4 && break
+ DLDIR= # Reset failed value
+ done
+
+ test -z "$DLDIR" && do_transfer=false
+ test x"$DLDIR" = x"/" && DLDIR=
+fi
+
# Note that inetd changes directory to / when --debug is not given so
# all paths must be absolute for things to work.
@@ -169,7 +185,7 @@ posttesting () {
|| kill -9 "`cat $TMPDIR/inetd.pid`"; }
test -n "$TMPDIR" && test -d "$TMPDIR" && rm -rf "$TMPDIR"
$do_transfer && test -n "$FTPHOME" \
- && test -f "$FTPHOME/$PUTME" && rm -f "$FTPHOME/$PUTME" \
+ && test -f "$FTPHOME$DLDIR/$PUTME" && rm -f "$FTPHOME$DLDIR/$PUTME" \
|| true
}
@@ -188,6 +204,13 @@ locate_port () {
fi
}
+# Files used in transmission tests.
+GETME=`$MKTEMP $TMPDIR/file.XXXXXXXX` || do_transfer=false
+
+test -n "$GETME" && GETME=`expr "$GETME" : "$TMPDIR/\(.*\)"`
+
+PUTME=putme.$GETME
+
# Find an available port number. There will be some
# room left for a race condition, but we try to be
# flexible enough for running copies of this script.
@@ -294,6 +317,8 @@ echo "PASV to $TARGET (IPv4) using inetd."
cat <<STOP |
rstatus
dir
+`$do_transfer && test -n "$DLDIR" && echo "\
+cd $DLDIR"`
`$do_transfer && echo "\
lcd $TMPDIR
image
@@ -304,7 +329,7 @@ HOME=$TMPDIR $FTP "$TARGET" $PORT -4 -v -p -t
>$TMPDIR/ftp.stdout 2>&1
test_report $? "$TMPDIR/ftp.stdout" "PASV/$TARGET"
$do_transfer && \
- if cmp -s "$TMPDIR/$GETME" "$FTPHOME/$PUTME"; then
+ if cmp -s "$TMPDIR/$GETME" "$FTPHOME$DLDIR/$PUTME"; then
test "${VERBOSE+yes}" && echo >&2 'Binary transfer succeeded.'
date "+%s" >> "$TMPDIR/$GETME"
else
@@ -318,6 +343,8 @@ echo "PORT to $TARGET (IPv4) using inetd."
cat <<STOP |
rstatus
dir
+`$do_transfer && test -n "$DLDIR" && echo "\
+cd $DLDIR"`
`$do_transfer && echo "\
lcd $TMPDIR
image
@@ -328,7 +355,7 @@ HOME=$TMPDIR $FTP "$TARGET" $PORT -4 -v -t
>$TMPDIR/ftp.stdout 2>&1
test_report $? "$TMPDIR/ftp.stdout" "PORT/$TARGET"
$do_transfer && \
- if cmp -s "$TMPDIR/$GETME" "$FTPHOME/$PUTME"; then
+ if cmp -s "$TMPDIR/$GETME" "$FTPHOME$DLDIR/$PUTME"; then
test "${VERBOSE+yes}" && echo >&2 'Binary transfer succeeded.'
date "+%s" >> "$TMPDIR/$GETME"
else
@@ -355,6 +382,8 @@ cat <<STOP |
rstatus
epsv4
dir
+`$do_transfer && test -n "$DLDIR" && echo "\
+cd $DLDIR"`
`$do_transfer && echo "\
lcd $TMPDIR
image
@@ -365,7 +394,7 @@ HOME=$TMPDIR $FTP "$TARGET" $PORT -4 -v -t
>$TMPDIR/ftp.stdout 2>&1
test_report $? "$TMPDIR/ftp.stdout" "EPRT/$TARGET"
$do_transfer && \
- if cmp -s "$TMPDIR/$GETME" "$FTPHOME/$PUTME"; then
+ if cmp -s "$TMPDIR/$GETME" "$FTPHOME$DLDIR/$PUTME"; then
test "${VERBOSE+yes}" && echo >&2 'Binary transfer succeeded.'
date "+%s" >> "$TMPDIR/$GETME"
else
@@ -390,6 +419,8 @@ echo "EPRT to $TARGET6 (IPv6) using inetd."
cat <<STOP |
rstatus
dir
+`$do_transfer && test -n "$DLDIR" && echo "\
+cd $DLDIR"`
`$do_transfer && echo "\
lcd $TMPDIR
image
@@ -400,7 +431,7 @@ HOME=$TMPDIR $FTP "$TARGET6" $PORT -6 -v -t
>$TMPDIR/ftp.stdout 2>&1
test_report $? "$TMPDIR/ftp.stdout" "EPRT/$TARGET6"
$do_transfer && \
- if cmp -s "$TMPDIR/$GETME" "$FTPHOME/$PUTME"; then
+ if cmp -s "$TMPDIR/$GETME" "$FTPHOME$DLDIR/$PUTME"; then
test "${VERBOSE+yes}" && echo >&2 'Binary transfer succeeded.'
date "+%s" >> "$TMPDIR/$GETME"
else
@@ -468,6 +499,8 @@ if $have_address_mapping && test -n "$TARGET46" ; then
cat <<-STOP |
rstatus
dir
+ `$do_transfer && test -n "$DLDIR" && echo "\
+cd $DLDIR"`
`$do_transfer && echo "\
lcd $TMPDIR
image
@@ -478,7 +511,7 @@ put $GETME $PUTME"`
test_report $? "$TMPDIR/ftp.stdout" "EPSV/$TARGET46"
$do_transfer && \
- if cmp -s "$TMPDIR/$GETME" "$FTPHOME/$PUTME"; then
+ if cmp -s "$TMPDIR/$GETME" "$FTPHOME$DLDIR/$PUTME"; then
test "${VERBOSE+yes}" && echo >&2 'Binary transfer succeeded.'
date "+%s" >> "$TMPDIR/$GETME"
else
@@ -492,6 +525,8 @@ put $GETME $PUTME"`
cat <<-STOP |
rstatus
dir
+ `$do_transfer && test -n "$DLDIR" && echo "\
+cd $DLDIR"`
`$do_transfer && echo "\
lcd $TMPDIR
image
@@ -502,7 +537,7 @@ put $GETME $PUTME"`
test_report $? "$TMPDIR/ftp.stdout" "EPRT/$TARGET46"
$do_transfer && \
- if cmp -s "$TMPDIR/$GETME" "$FTPHOME/$PUTME"; then
+ if cmp -s "$TMPDIR/$GETME" "$FTPHOME$DLDIR/$PUTME"; then
test "${VERBOSE+yes}" && echo >&2 'Binary transfer succeeded.'
else
echo >&2 'Binary transfer failed.'
@@ -513,4 +548,44 @@ else
echo 'Skipping two tests of IPv4 mapped as IPv6.'
fi
+# Test name mapping with PASV and IPv4.
+# Needs a writable destination!
+#
+if $do_transfer; then
+ echo "Name mapping test at $TARGET (IPv4) using inetd."
+
+ cat <<-STOP |
+ `test -z "$DLDIR" || echo "cd $DLDIR"`
+ lcd $TMPDIR
+ image
+ nmap \$1.\$2 \$2.\$1
+ put $GETME
+ nmap \$1.\$2.\$3 [\$3,copy].\$1.\$2
+ put $GETME
+ STOP
+ HOME=$TMPDIR $FTP "$TARGET" $PORT -4 -v -p -t >$TMPDIR/ftp.stdout 2>&1
+
+ sIFS=$IFS
+ IFS=.
+ set -- $GETME
+ IFS=$sIFS
+
+ # Are the expected file copies present?
+
+ if test -s $FTPHOME$DLDIR/$2.$1 && \
+ test -s $FTPHOME$DLDIR/copy.$GETME
+ then
+ test "${VERBOSE+yes}" && echo >&2 'Name mapping succeeded.'
+ rm -f $FTPHOME$DLDIR/$2.$1 $FTPHOME$DLDIR/copy.$GETME
+ else
+ echo >&2 'Binary transfer failed.'
+ test -s $FTPHOME$DLDIR/$2.$1 || \
+ echo >&2 'Mapping "nmap $1.$2 $2.$1" failed.'
+ test -s $FTPHOME$DLDIR/copy.$GETME || \
+ echo >&2 'Mapping "nmap $1.$2.$3 [$3,copy].$1.$2" failed.'
+ rm -f $FTPHOME$DLDIR/$2.$1 $FTPHOME$DLDIR/copy.$GETME
+ exit 1
+ fi
+fi
+
exit 0
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 10 +++++
doc/inetutils.texi | 35 ++++++++++-------
tests/ftp-localhost.sh | 97 ++++++++++++++++++++++++++++++++++++++++++-----
3 files changed, 117 insertions(+), 25 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-228-g160598f,
Mats Erik Andersson <=