ftpd.c   [plain text]

/*
 * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *	This product includes software developed by the University of
 *	California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#define	FTP_NAMES
#include "ftpd_locl.h"
#ifdef KRB5
#include <krb5.h>
#endif
#include "getarg.h"

RCSID("$Id$");

static char version[] = "Version 6.00";

extern	off_t restart_point;
extern	char cbuf[];

struct  sockaddr_storage ctrl_addr_ss;
struct  sockaddr *ctrl_addr = (struct sockaddr *)&ctrl_addr_ss;

struct  sockaddr_storage data_source_ss;
struct  sockaddr *data_source = (struct sockaddr *)&data_source_ss;

struct  sockaddr_storage data_dest_ss;
struct  sockaddr *data_dest = (struct sockaddr *)&data_dest_ss;

struct  sockaddr_storage his_addr_ss;
struct  sockaddr *his_addr = (struct sockaddr *)&his_addr_ss;

struct  sockaddr_storage pasv_addr_ss;
struct  sockaddr *pasv_addr = (struct sockaddr *)&pasv_addr_ss;

int	data;
int	logged_in;
struct	passwd *pw;
int	debug = 0;
int	ftpd_timeout = 900;    /* timeout after 15 minutes of inactivity */
int	maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
int	restricted_data_ports = 1;
int	logging;
int	guest;
int	dochroot;
int	type;
int	form;
int	stru;			/* avoid C keyword */
int	mode;
int	usedefault = 1;		/* for data transfers */
int	pdata = -1;		/* for passive mode */
int	allow_insecure_oob = 1;
static int transflag;
static int urgflag;
off_t	file_size;
off_t	byte_count;
#if !defined(CMASK) || CMASK == 0
#undef CMASK
#define CMASK 027
#endif
int	defumask = CMASK;		/* default umask value */
int	guest_umask = 0777;	/* Paranoia for anonymous users */
char	tmpline[10240];
char	hostname[MaxHostNameLen];
char	remotehost[MaxHostNameLen];
static char ttyline[20];
int     paranoid = 1;

#define AUTH_PLAIN	(1 << 0) /* allow sending passwords */
#define AUTH_OTP	(1 << 1) /* passwords are one-time */
#define AUTH_FTP	(1 << 2) /* allow anonymous login */

static int auth_level = 0; /* Only allow kerberos login by default */

/*
 * Timeout intervals for retrying connections
 * to hosts that don't accept PORT cmds.  This
 * is a kludge, but given the problems with TCP...
 */
#define	SWAITMAX	90	/* wait at most 90 seconds */
#define	SWAITINT	5	/* interval between retries */

int	swaitmax = SWAITMAX;
int	swaitint = SWAITINT;

#ifdef HAVE_SETPROCTITLE
char	proctitle[BUFSIZ];	/* initial part of title */
#endif /* HAVE_SETPROCTITLE */

#define LOGCMD(cmd, file) \
	if (logging > 1) \
	    syslog(LOG_INFO,"%s %s%s", cmd, \
		*(file) == '/' ? "" : curdir(), file);
#define LOGCMD2(cmd, file1, file2) \
	 if (logging > 1) \
	    syslog(LOG_INFO,"%s %s%s %s%s", cmd, \
		*(file1) == '/' ? "" : curdir(), file1, \
		*(file2) == '/' ? "" : curdir(), file2);
#define LOGBYTES(cmd, file, cnt) \
	if (logging > 1) { \
		if (cnt == (off_t)-1) \
		    syslog(LOG_INFO,"%s %s%s", cmd, \
			*(file) == '/' ? "" : curdir(), file); \
		else \
		    syslog(LOG_INFO, "%s %s%s = %ld bytes", \
			cmd, (*(file) == '/') ? "" : curdir(), file, (long)cnt); \
	}

static void	 ack (char *);
static void	 myoob (int);
static int	 handleoobcmd(void);
static int	 checkuser (char *, char *);
static int	 checkaccess (char *);
static FILE	*dataconn (const char *, off_t, const char *);
static void	 dolog (struct sockaddr *, int);
static void	 end_login (void);
static FILE	*getdatasock (const char *, int);
static char	*gunique (char *);
static RETSIGTYPE	 lostconn (int);
static int	 receive_data (FILE *, FILE *);
static void	 send_data (FILE *, FILE *);
static struct passwd * sgetpwnam (char *);

static char *
curdir(void)
{
	static char path[MaxPathLen+1];	/* path + '/' + '\0' */

	if (getcwd(path, sizeof(path)-1) == NULL)
		return ("");
	if (path[1] != '\0')		/* special case for root dir. */
		strlcat(path, "/", sizeof(path));
	/* For guest account, skip / since it's chrooted */
	return (guest ? path+1 : path);
}

#ifndef LINE_MAX
#define LINE_MAX 1024
#endif

static int
parse_auth_level(char *str)
{
    char *p;
    int ret = 0;
    char *foo = NULL;

    for(p = strtok_r(str, ",", &foo);
	p;
	p = strtok_r(NULL, ",", &foo)) {
	if(strcmp(p, "user") == 0)
	    ;
#ifdef OTP
	else if(strcmp(p, "otp") == 0)
	    ret |= AUTH_PLAIN|AUTH_OTP;
#endif
	else if(strcmp(p, "ftp") == 0 ||
		strcmp(p, "safe") == 0)
	    ret |= AUTH_FTP;
	else if(strcmp(p, "plain") == 0)
	    ret |= AUTH_PLAIN;
	else if(strcmp(p, "none") == 0)
	    ret |= AUTH_PLAIN|AUTH_FTP;
	else
	    warnx("bad value for -a: `%s'", p);
    }
    return ret;
}

/*
 * Print usage and die.
 */

static int interactive_flag;
static char *guest_umask_string;
static char *port_string;
static char *umask_string;
static char *auth_string;

int use_builtin_ls = -1;

static int help_flag;
static int version_flag;

static const char *good_chars = "+-=_,.";

struct getargs args[] = {
    { NULL, 'a', arg_string, &auth_string, "required authentication" },
    { NULL, 'i', arg_flag, &interactive_flag, "don't assume stdin is a socket" },
    { NULL, 'p', arg_string, &port_string, "what port to listen to" },
    { NULL, 'g', arg_string, &guest_umask_string, "umask for guest logins" },
    { NULL, 'l', arg_counter, &logging, "log more stuff", "" },
    { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
    { NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
    { NULL, 'u', arg_string, &umask_string, "umask for user logins" },
    { NULL, 'U', arg_negative_flag, &restricted_data_ports, "don't use high data ports" },
    { NULL, 'd', arg_flag, &debug, "enable debugging" },
    { NULL, 'v', arg_flag, &debug, "enable debugging" },
    { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
    { "good-chars", 0, arg_string, &good_chars, "allowed anonymous upload filename chars" },
    { "insecure-oob", 'I', arg_negative_flag, &allow_insecure_oob, "don't allow insecure OOB ABOR/STAT" },
#ifdef KRB5
    { "gss-bindings", 0,  arg_flag, &ftp_do_gss_bindings, "Require GSS-API bindings", NULL},
#endif
    { "version", 0, arg_flag, &version_flag },
    { "help", 'h', arg_flag, &help_flag }
};

static int num_args = sizeof(args) / sizeof(args[0]);

static void
usage (int code)
{
    arg_printusage(args, num_args, NULL, "");
    exit (code);
}

/* output contents of a file */
static int
show_file(const char *file, int code)
{
    FILE *f;
    char buf[128];

    f = fopen(file, "r");
    if(f == NULL)
	return -1;
    while(fgets(buf, sizeof(buf), f)){
	buf[strcspn(buf, "\r\n")] = '\0';
	lreply(code, "%s", buf);
    }
    fclose(f);
    return 0;
}

int
main(int argc, char **argv)
{
    socklen_t his_addr_len, ctrl_addr_len;
    int on = 1;
    int port;
    struct servent *sp;

    int optind = 0;

    setprogname (argv[0]);

    if(getarg(args, num_args, argc, argv, &optind))
	usage(1);

    if(help_flag)
	usage(0);

    if(version_flag) {
	print_version(NULL);
	exit(0);
    }

    if(auth_string)
	auth_level = parse_auth_level(auth_string);
    {
	char *p;
	long val = 0;

	if(guest_umask_string) {
	    val = strtol(guest_umask_string, &p, 8);
	    if (*p != '\0' || val < 0)
		warnx("bad value for -g");
	    else
		guest_umask = val;
	}
	if(umask_string) {
	    val = strtol(umask_string, &p, 8);
	    if (*p != '\0' || val < 0)
		warnx("bad value for -u");
	    else
		defumask = val;
	}
    }
    sp = getservbyname("ftp", "tcp");
    if(sp)
	port = sp->s_port;
    else
	port = htons(21);
    if(port_string) {
	sp = getservbyname(port_string, "tcp");
	if(sp)
	    port = sp->s_port;
	else
	    if(isdigit((unsigned char)port_string[0]))
		port = htons(atoi(port_string));
	    else
		warnx("bad value for -p");
    }

    if (maxtimeout < ftpd_timeout)
	maxtimeout = ftpd_timeout;

#if 0
    if (ftpd_timeout > maxtimeout)
	ftpd_timeout = maxtimeout;
#endif

    if(interactive_flag)
	mini_inetd(port, NULL);

    /*
     * LOG_NDELAY sets up the logging connection immediately,
     * necessary for anonymous ftp's that chroot and can't do it later.
     */
    openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
    his_addr_len = sizeof(his_addr_ss);
    if (getpeername(STDIN_FILENO, his_addr, &his_addr_len) < 0) {
	syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
	exit(1);
    }
    ctrl_addr_len = sizeof(ctrl_addr_ss);
    if (getsockname(STDIN_FILENO, ctrl_addr, &ctrl_addr_len) < 0) {
	syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
	exit(1);
    }
#if defined(IP_TOS)
    if (ctrl_addr->sa_family == AF_INET)
	socket_set_tos(STDIN_FILENO, IP_TOS);
#endif
    data_source->sa_family = ctrl_addr->sa_family;
    socket_set_port (data_source,
		     htons(ntohs(socket_get_port(ctrl_addr)) - 1));

    /* set this here so it can be put in wtmp */
    snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid());


    /*	freopen(_PATH_DEVNULL, "w", stderr); */
    signal(SIGPIPE, lostconn);
    signal(SIGCHLD, SIG_IGN);
#ifdef SIGURG
    if (signal(SIGURG, myoob) == SIG_ERR)
	syslog(LOG_ERR, "signal: %m");
#endif

    /* Try to handle urgent data inline */
#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
    if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (void *)&on,
		   sizeof(on)) < 0)
	syslog(LOG_ERR, "setsockopt: %m");
#endif

#ifdef	F_SETOWN
    if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
	syslog(LOG_ERR, "fcntl F_SETOWN: %m");
#endif
    dolog(his_addr, his_addr_len);
    /*
     * Set up default state
     */
    data = -1;
    type = TYPE_A;
    form = FORM_N;
    stru = STRU_F;
    mode = MODE_S;
    tmpline[0] = '\0';

    /* If logins are disabled, print out the message. */
    if(show_file(_PATH_NOLOGIN, 530) == 0) {
	reply(530, "System not available.");
	exit(0);
    }
    show_file(_PATH_FTPWELCOME, 220);
    /* reply(220,) must follow */
    gethostname(hostname, sizeof(hostname));

    reply(220, "%s FTP server (%s"
#ifdef KRB5
	  "+%s"
#endif
	  ") ready.", hostname, version
#ifdef KRB5
	  ,heimdal_version
#endif
	  );

    for (;;)
	yyparse();
    /* NOTREACHED */
}

static RETSIGTYPE
lostconn(int signo)
{

	if (debug)
		syslog(LOG_DEBUG, "lost connection");
	dologout(-1);
}

/*
 * Helper function for sgetpwnam().
 */
static char *
sgetsave(char *s)
{
	char *new = strdup(s);

	if (new == NULL) {
		perror_reply(421, "Local resource failure: malloc");
		dologout(1);
		/* NOTREACHED */
	}
	return new;
}

/*
 * Save the result of a getpwnam.  Used for USER command, since
 * the data returned must not be clobbered by any other command
 * (e.g., globbing).
 */
static struct passwd *
sgetpwnam(char *name)
{
	static struct passwd save;
	struct passwd *p;

	if ((p = k_getpwnam(name)) == NULL)
		return (p);
	if (save.pw_name) {
		free(save.pw_name);
		free(save.pw_passwd);
		free(save.pw_gecos);
		free(save.pw_dir);
		free(save.pw_shell);
	}
	save = *p;
	save.pw_name = sgetsave(p->pw_name);
	save.pw_passwd = sgetsave(p->pw_passwd);
	save.pw_gecos = sgetsave(p->pw_gecos);
	save.pw_dir = sgetsave(p->pw_dir);
	save.pw_shell = sgetsave(p->pw_shell);
	return (&save);
}

static int login_attempts;	/* number of failed login attempts */
static int askpasswd;		/* had user command, ask for passwd */
static char curname[10];	/* current USER name */
#ifdef OTP
OtpContext otp_ctx;
#endif

/*
 * USER command.
 * Sets global passwd pointer pw if named account exists and is acceptable;
 * sets askpasswd if a PASS command is expected.  If logged in previously,
 * need to reset state.  If name is "ftp" or "anonymous", the name is not in
 * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return.
 * If account doesn't exist, ask for passwd anyway.  Otherwise, check user
 * requesting login privileges.  Disallow anyone who does not have a standard
 * shell as returned by getusershell().  Disallow anyone mentioned in the file
 * _PATH_FTPUSERS to allow people such as root and uucp to be avoided.
 */
void
user(char *name)
{
	char *cp, *shell;

	if(auth_level == 0 && !sec_complete){
	    reply(530, "No login allowed without authorization.");
	    return;
	}

	if (logged_in) {
		if (guest) {
			reply(530, "Can't change user from guest login.");
			return;
		} else if (dochroot) {
			reply(530, "Can't change user from chroot user.");
			return;
		}
		end_login();
	}

	guest = 0;
	if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
	    if ((auth_level & AUTH_FTP) == 0 ||
		checkaccess("ftp") ||
		checkaccess("anonymous"))
		reply(530, "User %s access denied.", name);
	    else if ((pw = sgetpwnam("ftp")) != NULL) {
		guest = 1;
		defumask = guest_umask;	/* paranoia for incoming */
		askpasswd = 1;
		reply(331, "Guest login ok, type your name as password.");
	    } else
		reply(530, "User %s unknown.", name);
	    if (!askpasswd && logging) {
		char data_addr[256];

		if (inet_ntop (his_addr->sa_family,
			       socket_get_address(his_addr),
			       data_addr, sizeof(data_addr)) == NULL)
			strlcpy (data_addr, "unknown address",
					 sizeof(data_addr));

		syslog(LOG_NOTICE,
		       "ANONYMOUS FTP LOGIN REFUSED FROM %s(%s)",
		       remotehost, data_addr);
	    }
	    return;
	}
	if((auth_level & AUTH_PLAIN) == 0 && !sec_complete){
	    reply(530, "Only authorized and anonymous login allowed.");
	    return;
	}
	if ((pw = sgetpwnam(name))) {
		if ((shell = pw->pw_shell) == NULL || *shell == 0)
			shell = _PATH_BSHELL;
		while ((cp = getusershell()) != NULL)
			if (strcmp(cp, shell) == 0)
				break;
		endusershell();

		if (cp == NULL || checkaccess(name)) {
			reply(530, "User %s access denied.", name);
			if (logging) {
				char data_addr[256];

				if (inet_ntop (his_addr->sa_family,
					       socket_get_address(his_addr),
					       data_addr,
					       sizeof(data_addr)) == NULL)
					strlcpy (data_addr,
							 "unknown address",
							 sizeof(data_addr));

				syslog(LOG_NOTICE,
				       "FTP LOGIN REFUSED FROM %s(%s), %s",
				       remotehost,
				       data_addr,
				       name);
			}
			pw = (struct passwd *) NULL;
			return;
		}
	}
	if (logging)
	    strlcpy(curname, name, sizeof(curname));
	if(sec_complete) {
	    if(sec_userok(name) == 0) {
		do_login(232, name);
		sec_session(name);
	    } else
		reply(530, "User %s access denied.", name);
	} else {
#ifdef OTP
		char ss[256];

		if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) {
			reply(331, "Password %s for %s required.",
			      ss, name);
			askpasswd = 1;
		} else
#endif
		if ((auth_level & AUTH_OTP) == 0) {
		    reply(331, "Password required for %s.", name);
		    askpasswd = 1;
		} else {
#ifdef OTP
		    char *s;

		    if ((s = otp_error (&otp_ctx)) != NULL)
			lreply(530, "OTP: %s", s);
#endif
		    reply(530,
			  "Only authorized, anonymous"
#ifdef OTP
			  " and OTP "
#endif
			  "login allowed.");
		}

	}
	/*
	 * Delay before reading passwd after first failed
	 * attempt to slow down passwd-guessing programs.
	 */
	if (login_attempts)
		sleep(login_attempts);
}

/*
 * Check if a user is in the file "fname"
 */
static int
checkuser(char *fname, char *name)
{
	FILE *fd;
	int found = 0;
	char *p, line[BUFSIZ];

	if ((fd = fopen(fname, "r")) != NULL) {
		while (fgets(line, sizeof(line), fd) != NULL)
			if ((p = strchr(line, '\n')) != NULL) {
				*p = '\0';
				if (line[0] == '#')
					continue;
				if (strcmp(line, name) == 0) {
					found = 1;
					break;
				}
			}
		fclose(fd);
	}
	return (found);
}


/*
 * Determine whether a user has access, based on information in
 * _PATH_FTPUSERS. The users are listed one per line, with `allow'
 * or `deny' after the username. If anything other than `allow', or
 * just nothing, is given after the username, `deny' is assumed.
 *
 * If the user is not found in the file, but the pseudo-user `*' is,
 * the permission is taken from that line.
 *
 * This preserves the old semantics where if a user was listed in the
 * file he was denied, otherwise he was allowed.
 *
 * Return 1 if the user is denied, or 0 if he is allowed.  */

static int
match(const char *pattern, const char *string)
{
    return fnmatch(pattern, string, FNM_NOESCAPE);
}

static int
checkaccess(char *name)
{
#define ALLOWED		0
#define	NOT_ALLOWED	1
    FILE *fd;
    int allowed = ALLOWED;
    char *user, *perm, line[BUFSIZ];
    char *foo;

    fd = fopen(_PATH_FTPUSERS, "r");

    if(fd == NULL)
	return allowed;

    while (fgets(line, sizeof(line), fd) != NULL)  {
	foo = NULL;
	user = strtok_r(line, " \t\n", &foo);
	if (user == NULL || user[0] == '#')
	    continue;
	perm = strtok_r(NULL, " \t\n", &foo);
	if (match(user, name) == 0){
	    if(perm && strcmp(perm, "allow") == 0)
		allowed = ALLOWED;
	    else
		allowed = NOT_ALLOWED;
	    break;
	}
    }
    fclose(fd);
    return allowed;
}
#undef	ALLOWED
#undef	NOT_ALLOWED


int do_login(int code, char *passwd)
{
    login_attempts = 0;		/* this time successful */
    if (setegid((gid_t)pw->pw_gid) < 0) {
	reply(550, "Can't set gid.");
	return -1;
    }
    initgroups(pw->pw_name, pw->pw_gid);
#if defined(KRB5)
    if(k_hasafs())
	k_setpag();
#endif

    /* open wtmp before chroot */
    ftpd_logwtmp(ttyline, pw->pw_name, remotehost);
    logged_in = 1;

    dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name);
    if (guest) {
	/*
	 * We MUST do a chdir() after the chroot. Otherwise
	 * the old current directory will be accessible as "."
	 * outside the new root!
	 */
	if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
	    reply(550, "Can't set guest privileges.");
	    return -1;
	}
    } else if (dochroot) {
	if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
	    reply(550, "Can't change root.");
	    return -1;
	}
    } else if (chdir(pw->pw_dir) < 0) {
	if (chdir("/") < 0) {
	    reply(530, "User %s: can't change directory to %s.",
		  pw->pw_name, pw->pw_dir);
	    return -1;
	} else
	    lreply(code, "No directory! Logging in with home=/");
    }
    if (seteuid((uid_t)pw->pw_uid) < 0) {
	reply(550, "Can't set uid.");
	return -1;
    }

    if(use_builtin_ls == -1) {
	struct stat st;
	/* if /bin/ls exist and is a regular file, use it, otherwise
           use built-in ls */
	if(stat("/bin/ls", &st) == 0 &&
	   S_ISREG(st.st_mode))
	    use_builtin_ls = 0;
	else
	    use_builtin_ls = 1;
    }

    /*
     * Display a login message, if it exists.
     * N.B. reply(code,) must follow the message.
     */
    show_file(_PATH_FTPLOGINMESG, code);
    if(show_file(_PATH_ISSUE_NET, code) != 0)
	show_file(_PATH_ISSUE, code);
    if (guest) {
	reply(code, "Guest login ok, access restrictions apply.");
#ifdef HAVE_SETPROCTITLE
	snprintf (proctitle, sizeof(proctitle),
		  "%s: anonymous/%s",
		  remotehost,
		  passwd);
	setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
	if (logging) {
	    char data_addr[256];

	    if (inet_ntop (his_addr->sa_family,
			   socket_get_address(his_addr),
			   data_addr, sizeof(data_addr)) == NULL)
		strlcpy (data_addr, "unknown address",
				 sizeof(data_addr));

	    syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s",
		   remotehost,
		   data_addr,
		   passwd);
	}
    } else {
	reply(code, "User %s logged in.", pw->pw_name);
#ifdef HAVE_SETPROCTITLE
	snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
	setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
	if (logging) {
	    char data_addr[256];

	    if (inet_ntop (his_addr->sa_family,
			   socket_get_address(his_addr),
			   data_addr, sizeof(data_addr)) == NULL)
		strlcpy (data_addr, "unknown address",
				 sizeof(data_addr));

	    syslog(LOG_INFO, "FTP LOGIN FROM %s(%s) as %s",
		   remotehost,
		   data_addr,
		   pw->pw_name);
	}
    }
    umask(defumask);
    return 0;
}

/*
 * Terminate login as previous user, if any, resetting state;
 * used when USER command is given or login fails.
 */
static void
end_login(void)
{

	if (seteuid((uid_t)0) < 0)
		fatal("Failed to seteuid");
	if (logged_in)
		ftpd_logwtmp(ttyline, "", "");
	pw = NULL;
	logged_in = 0;
	guest = 0;
	dochroot = 0;
}

#ifdef KRB5
static int
krb5_verify(struct passwd *pwd, char *passwd)
{
   krb5_context context;
   krb5_ccache  id;
   krb5_principal princ;
   krb5_error_code ret;

   ret = krb5_init_context(&context);
   if(ret)
        return ret;

  ret = krb5_parse_name(context, pwd->pw_name, &princ);
  if(ret){
        krb5_free_context(context);
        return ret;
  }
  ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id);
  if(ret){
        krb5_free_principal(context, princ);
        krb5_free_context(context);
        return ret;
  }
  ret = krb5_verify_user(context,
                         princ,
                         id,
                         passwd,
                         1,
                         NULL);
  krb5_free_principal(context, princ);
  if (k_hasafs()) {
      krb5_afslog_uid_home(context, id,NULL, NULL,pwd->pw_uid, pwd->pw_dir);
  }
  krb5_cc_destroy(context, id);
  krb5_free_context (context);
  if(ret)
      return ret;
  return 0;
}
#endif /* KRB5 */

void
pass(char *passwd)
{
	int rval;

	/* some clients insists on sending a password */
	if (logged_in && askpasswd == 0){
	    reply(230, "Password not necessary");
	    return;
	}

	if (logged_in || askpasswd == 0) {
		reply(503, "Login with USER first.");
		return;
	}
	askpasswd = 0;
	rval = 1;
	if (!guest) {		/* "ftp" is only account allowed no password */
		if (pw == NULL)
			rval = 1;	/* failure below */
#ifdef OTP
		else if (otp_verify_user (&otp_ctx, passwd) == 0) {
		    rval = 0;
		}
#endif
		else if((auth_level & AUTH_OTP) == 0) {
#ifdef KRB5
		    rval = krb5_verify(pw, passwd);
#endif
		    if (rval)
			rval = unix_verify_user(pw->pw_name, passwd);
		} else {
#ifdef OTP
		    char *s;
		    if ((s = otp_error(&otp_ctx)) != NULL)
			lreply(530, "OTP: %s", s);
#endif
		}
		memset (passwd, 0, strlen(passwd));

		/*
		 * If rval == 1, the user failed the authentication
		 * check above.  If rval == 0, either Kerberos or
		 * local authentication succeeded.
		 */
		if (rval) {
			char data_addr[256];

			if (inet_ntop (his_addr->sa_family,
				       socket_get_address(his_addr),
				       data_addr, sizeof(data_addr)) == NULL)
				strlcpy (data_addr, "unknown address",
						 sizeof(data_addr));

			reply(530, "Login incorrect.");
			if (logging)
				syslog(LOG_NOTICE,
				    "FTP LOGIN FAILED FROM %s(%s), %s",
				       remotehost,
				       data_addr,
				       curname);
			pw = NULL;
			if (login_attempts++ >= 5) {
				syslog(LOG_NOTICE,
				       "repeated login failures from %s(%s)",
				       remotehost,
				       data_addr);
				exit(0);
			}
			return;
		}
	}
	if(!do_login(230, passwd))
	  return;

	/* Forget all about it... */
	end_login();
}

void
retrieve(const char *cmd, char *name)
{
	FILE *fin = NULL, *dout;
	struct stat st;
	int (*closefunc) (FILE *);
	char line[BUFSIZ];


	if (cmd == 0) {
		fin = fopen(name, "r");
		closefunc = fclose;
		st.st_size = 0;
		if(fin == NULL){
		    int save_errno = errno;
		    struct cmds {
			const char *ext;
			const char *cmd;
		        const char *rev_cmd;
		    } cmds[] = {
			{".tar", "/bin/gtar cPf - %s", NULL},
			{".tar.gz", "/bin/gtar zcPf - %s", NULL},
			{".tar.Z", "/bin/gtar ZcPf - %s", NULL},
			{".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"},
			{".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"},
			{NULL, NULL}
		    };
		    struct cmds *p;
		    for(p = cmds; p->ext; p++){
			char *tail = name + strlen(name) - strlen(p->ext);
			char c = *tail;

			if(strcmp(tail, p->ext) == 0 &&
			   (*tail  = 0) == 0 &&
			   access(name, R_OK) == 0){
			    snprintf (line, sizeof(line), p->cmd, name);
			    *tail  = c;
			    break;
			}
			*tail = c;
			if (p->rev_cmd != NULL) {
			    char *ext;
			    int ret;

			    ret = asprintf(&ext, "%s%s", name, p->ext);
			    if (ret != -1) {
  			        if (access(ext, R_OK) == 0) {
				    snprintf (line, sizeof(line),
					      p->rev_cmd, ext);
				    free(ext);
				    break;
				}
			        free(ext);
			    }
			}

		    }
		    if(p->ext){
			fin = ftpd_popen(line, "r", 0, 0);
			closefunc = ftpd_pclose;
			st.st_size = -1;
			cmd = line;
		    } else
			errno = save_errno;
		}
	} else {
		snprintf(line, sizeof(line), cmd, name);
		name = line;
		fin = ftpd_popen(line, "r", 1, 0);
		closefunc = ftpd_pclose;
		st.st_size = -1;
	}
	if (fin == NULL) {
		if (errno != 0) {
			perror_reply(550, name);
			if (cmd == 0) {
				LOGCMD("get", name);
			}
		}
		return;
	}
	byte_count = -1;
	if (cmd == 0){
	    if(fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode)) {
		reply(550, "%s: not a plain file.", name);
		goto done;
	    }
	}
	if (restart_point) {
		if (type == TYPE_A) {
			off_t i, n;
			int c;

			n = restart_point;
			i = 0;
			while (i++ < n) {
				if ((c=getc(fin)) == EOF) {
					perror_reply(550, name);
					goto done;
				}
				if (c == '\n')
					i++;
			}
		} else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
			perror_reply(550, name);
			goto done;
		}
	}
	dout = dataconn(name, st.st_size, "w");
	if (dout == NULL)
		goto done;
	set_buffer_size(fileno(dout), 0);
	send_data(fin, dout);
	fclose(dout);
	data = -1;
	pdata = -1;
done:
	if (cmd == 0)
		LOGBYTES("get", name, byte_count);
	(*closefunc)(fin);
}

/* filename sanity check */

int
filename_check(char *filename)
{
    char *p;

    p = strrchr(filename, '/');
    if(p)
	filename = p + 1;

    p = filename;

    if(isalnum((unsigned char)*p)){
	p++;
	while(*p && (isalnum((unsigned char)*p) || strchr(good_chars, (unsigned char)*p)))
	    p++;
	if(*p == '\0')
	    return 0;
    }
    lreply(553, "\"%s\" is not an acceptable filename.", filename);
    lreply(553, "The filename must start with an alphanumeric "
	   "character and must only");
    reply(553, "consist of alphanumeric characters or any of the following: %s",
	  good_chars);
    return 1;
}

void
do_store(char *name, char *mode, int unique)
{
	FILE *fout, *din;
	struct stat st;
	int (*closefunc) (FILE *);

	if(guest && filename_check(name))
	    return;
	if (unique) {
	    char *uname;
	    if (stat(name, &st) == 0) {
		if ((uname = gunique(name)) == NULL)
		    return;
		name = uname;
	    }
	    LOGCMD(*mode == 'w' ? "put" : "append", name);
	}

	if (restart_point)
		mode = "r+";
	fout = fopen(name, mode);
	closefunc = fclose;
	if (fout == NULL) {
		perror_reply(553, name);
		LOGCMD(*mode == 'w' ? "put" : "append", name);
		return;
	}
	byte_count = -1;
	if (restart_point) {
		if (type == TYPE_A) {
			off_t i, n;
			int c;

			n = restart_point;
			i = 0;
			while (i++ < n) {
				if ((c=getc(fout)) == EOF) {
					perror_reply(550, name);
					goto done;
				}
				if (c == '\n')
					i++;
			}
			/*
			 * We must do this seek to "current" position
			 * because we are changing from reading to
			 * writing.
			 */
			if (fseek(fout, 0L, SEEK_CUR) < 0) {
				perror_reply(550, name);
				goto done;
			}
		} else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
			perror_reply(550, name);
			goto done;
		}
	}
	din = dataconn(name, (off_t)-1, "r");
	if (din == NULL)
		goto done;
	set_buffer_size(fileno(din), 1);
	if (receive_data(din, fout) == 0) {
	    if((*closefunc)(fout) < 0)
		perror_reply(552, name);
	    else {
		if (unique)
			reply(226, "Transfer complete (unique file name:%s).",
			    name);
		else
			reply(226, "Transfer complete.");
	    }
	} else
	    (*closefunc)(fout);
	fclose(din);
	data = -1;
	pdata = -1;
done:
	LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count);
}

static FILE *
getdatasock(const char *mode, int domain)
{
	int s, t, tries;

	if (data >= 0)
		return (fdopen(data, mode));
	if (seteuid(0) < 0)
		fatal("Failed to seteuid");
	s = socket(domain, SOCK_STREAM, 0);
	if (s < 0)
		goto bad;
	socket_set_reuseaddr (s, 1);
	/* anchor socket to avoid multi-homing problems */
	socket_set_address_and_port (data_source,
				     socket_get_address (ctrl_addr),
				     socket_get_port (data_source));

	for (tries = 1; ; tries++) {
		if (bind(s, data_source,
			 socket_sockaddr_size (data_source)) >= 0)
			break;
		if (errno != EADDRINUSE || tries > 10)
			goto bad;
		sleep(tries);
	}
	if (seteuid(pw->pw_uid) < 0)
		fatal("Failed to seteuid");
#ifdef IPTOS_THROUGHPUT
	socket_set_tos (s, IPTOS_THROUGHPUT);
#endif
	return (fdopen(s, mode));
bad:
	/* Return the real value of errno (close may change it) */
	t = errno;
	if (seteuid((uid_t)pw->pw_uid) < 0)
		fatal("Failed to seteuid");
	close(s);
	errno = t;
	return (NULL);
}

static int
accept_with_timeout(int socket,
		    struct sockaddr *address,
		    socklen_t *address_len,
		    struct timeval *timeout)
{
    int ret;
    fd_set rfd;
    FD_ZERO(&rfd);
    FD_SET(socket, &rfd);
    ret = select(socket + 1, &rfd, NULL, NULL, timeout);
    if(ret < 0)
	return ret;
    if(ret == 0) {
	errno = ETIMEDOUT;
	return -1;
    }
    return accept(socket, address, address_len);
}

static FILE *
dataconn(const char *name, off_t size, const char *mode)
{
	char sizebuf[32];
	FILE *file;
	int domain, retry = 0;

	file_size = size;
	byte_count = 0;
	if (size >= 0)
	    snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", (long)size);
	else
	    *sizebuf = '\0';
	if (pdata >= 0) {
		struct sockaddr_storage from_ss;
		struct sockaddr *from = (struct sockaddr *)&from_ss;
		struct timeval timeout;
		int s;
		socklen_t fromlen = sizeof(from_ss);

		timeout.tv_sec = 15;
		timeout.tv_usec = 0;
		s = accept_with_timeout(pdata, from, &fromlen, &timeout);
		if (s < 0) {
			reply(425, "Can't open data connection.");
			close(pdata);
			pdata = -1;
			return (NULL);
		}
		close(pdata);
		pdata = s;
#if defined(IPTOS_THROUGHPUT)
		if (from->sa_family == AF_INET)
		    socket_set_tos(s, IPTOS_THROUGHPUT);
#endif
		reply(150, "Opening %s mode data connection for '%s'%s.",
		     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
		return (fdopen(pdata, mode));
	}
	if (data >= 0) {
		reply(125, "Using existing data connection for '%s'%s.",
		    name, sizebuf);
		usedefault = 1;
		return (fdopen(data, mode));
	}
	if (usedefault)
		data_dest = his_addr;
	usedefault = 1;
	/*
	 * Default to using the same socket type as the ctrl address,
	 * unless we know the type of the data address.
	 */
	domain = data_dest->sa_family;
	if (domain == PF_UNSPEC)
	    domain = ctrl_addr->sa_family;

	file = getdatasock(mode, domain);
	if (file == NULL) {
		char data_addr[256];

		if (inet_ntop (data_source->sa_family,
			       socket_get_address(data_source),
			       data_addr, sizeof(data_addr)) == NULL)
			strlcpy (data_addr, "unknown address",
					 sizeof(data_addr));

		reply(425, "Can't create data socket (%s,%d): %s.",
		      data_addr,
		      socket_get_port (data_source),
		      strerror(errno));
		return (NULL);
	}
	data = fileno(file);
	while (connect(data, data_dest,
		       socket_sockaddr_size(data_dest)) < 0) {
		if (errno == EADDRINUSE && retry < swaitmax) {
			sleep(swaitint);
			retry += swaitint;
			continue;
		}
		perror_reply(425, "Can't build data connection");
		fclose(file);
		data = -1;
		return (NULL);
	}
	reply(150, "Opening %s mode data connection for '%s'%s.",
	     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
	return (file);
}

/*
 * Tranfer the contents of "instr" to "outstr" peer using the appropriate
 * encapsulation of the data subject * to Mode, Structure, and Type.
 *
 * NB: Form isn't handled.
 */
static void
send_data(FILE *instr, FILE *outstr)
{
	int c, cnt, filefd, netfd;
	static char *buf;
	static size_t bufsize;

	transflag = 1;
	switch (type) {

	case TYPE_A:
	    while ((c = getc(instr)) != EOF) {
		if (urgflag && handleoobcmd())
		    return;
		byte_count++;
		if(c == '\n')
		    sec_putc('\r', outstr);
		sec_putc(c, outstr);
	    }
	    sec_fflush(outstr);
	    transflag = 0;
	    urgflag = 0;
	    if (ferror(instr))
		goto file_err;
	    if (ferror(outstr))
		goto data_err;
	    reply(226, "Transfer complete.");
	    return;

	case TYPE_I:
	case TYPE_L:
#if 0 /* XXX handle urg flag */
#if defined(HAVE_MMAP) && !defined(NO_MMAP)
#ifndef MAP_FAILED
#define MAP_FAILED (-1)
#endif
	    {
		struct stat st;
		char *chunk;
		int in = fileno(instr);
		if(fstat(in, &st) == 0 && S_ISREG(st.st_mode)
		   && st.st_size > 0) {
		    /*
		     * mmap zero bytes has potential of loosing, don't do it.
		     */
		    chunk = mmap(0, st.st_size, PROT_READ,
				 MAP_SHARED, in, 0);
		    if((void *)chunk != (void *)MAP_FAILED) {
			cnt = st.st_size - restart_point;
			sec_write(fileno(outstr), chunk + restart_point, cnt);
			if (munmap(chunk, st.st_size) < 0)
			    warn ("munmap");
			sec_fflush(outstr);
			byte_count = cnt;
			transflag = 0;
			urgflag = 0;
		    }
		}
	    }
#endif
#endif
	if(transflag) {
	    struct stat st;

	    netfd = fileno(outstr);
	    filefd = fileno(instr);
	    buf = alloc_buffer (buf, &bufsize,
				fstat(filefd, &st) >= 0 ? &st : NULL);
	    if (buf == NULL) {
		transflag = 0;
		urgflag = 0;
		perror_reply(451, "Local resource failure: malloc");
		return;
	    }
	    while ((cnt = read(filefd, buf, bufsize)) > 0 &&
		   sec_write(netfd, buf, cnt) == cnt) {
		byte_count += cnt;
		if (urgflag && handleoobcmd())
		    return;
	    }
	    sec_fflush(outstr); /* to end an encrypted stream */
	    transflag = 0;
	    urgflag = 0;
	    if (cnt != 0) {
		if (cnt < 0)
		    goto file_err;
		goto data_err;
	    }
	}
	reply(226, "Transfer complete.");
	return;
	default:
	    transflag = 0;
	    urgflag = 0;
	    reply(550, "Unimplemented TYPE %d in send_data", type);
	    return;
	}

data_err:
	transflag = 0;
	urgflag = 0;
	perror_reply(426, "Data connection");
	return;

file_err:
	transflag = 0;
	urgflag = 0;
	perror_reply(551, "Error on input file");
}

/*
 * Transfer data from peer to "outstr" using the appropriate encapulation of
 * the data subject to Mode, Structure, and Type.
 *
 * N.B.: Form isn't handled.
 */
static int
receive_data(FILE *instr, FILE *outstr)
{
    int cnt, bare_lfs = 0;
    static char *buf;
    static size_t bufsize;
    struct stat st;

    transflag = 1;

    buf = alloc_buffer (buf, &bufsize,
			fstat(fileno(outstr), &st) >= 0 ? &st : NULL);
    if (buf == NULL) {
	transflag = 0;
	urgflag = 0;
	perror_reply(451, "Local resource failure: malloc");
	return -1;
    }

    switch (type) {

    case TYPE_I:
    case TYPE_L:
	while ((cnt = sec_read(fileno(instr), buf, bufsize)) > 0) {
	    if (write(fileno(outstr), buf, cnt) != cnt)
		goto file_err;
	    byte_count += cnt;
	    if (urgflag && handleoobcmd())
		return (-1);
	}
	if (cnt < 0)
	    goto data_err;
	transflag = 0;
	urgflag = 0;
	return (0);

    case TYPE_E:
	reply(553, "TYPE E not implemented.");
	transflag = 0;
	urgflag = 0;
	return (-1);

    case TYPE_A:
    {
	char *p, *q;
	int cr_flag = 0;
	while ((cnt = sec_read(fileno(instr),
				buf + cr_flag,
				bufsize - cr_flag)) > 0){
	    if (urgflag && handleoobcmd())
		return (-1);
	    byte_count += cnt;
	    cnt += cr_flag;
	    cr_flag = 0;
	    for(p = buf, q = buf; p < buf + cnt;) {
		if(*p == '\n')
		    bare_lfs++;
		if(*p == '\r') {
		    if(p == buf + cnt - 1){
			cr_flag = 1;
			p++;
			continue;
		    }else if(p[1] == '\n'){
			*q++ = '\n';
			p += 2;
			continue;
		    }
		}
		*q++ = *p++;
	    }
	    fwrite(buf, q - buf, 1, outstr);
	    if(cr_flag)
		buf[0] = '\r';
	}
	if(cr_flag)
	    putc('\r', outstr);
	fflush(outstr);
	if (ferror(instr))
	    goto data_err;
	if (ferror(outstr))
	    goto file_err;
	transflag = 0;
	urgflag = 0;
	if (bare_lfs) {
	    lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n"
		   "    File may not have transferred correctly.\r\n",
		   bare_lfs);
	}
	return (0);
    }
    default:
	reply(550, "Unimplemented TYPE %d in receive_data", type);
	transflag = 0;
	urgflag = 0;
	return (-1);
    }

data_err:
    transflag = 0;
    urgflag = 0;
    perror_reply(426, "Data Connection");
    return (-1);

file_err:
    transflag = 0;
    urgflag = 0;
    perror_reply(452, "Error writing file");
    return (-1);
}

void
statfilecmd(char *filename)
{
	FILE *fin;
	int c;
	char line[LINE_MAX];

	snprintf(line, sizeof(line), "/bin/ls -la -- %s", filename);
	fin = ftpd_popen(line, "r", 1, 0);
	lreply(211, "status of %s:", filename);
	while ((c = getc(fin)) != EOF) {
		if (c == '\n') {
			if (ferror(stdout)){
				perror_reply(421, "control connection");
				ftpd_pclose(fin);
				dologout(1);
				/* NOTREACHED */
			}
			if (ferror(fin)) {
				perror_reply(551, filename);
				ftpd_pclose(fin);
				return;
			}
			putc('\r', stdout);
		}
		putc(c, stdout);
	}
	ftpd_pclose(fin);
	reply(211, "End of Status");
}

void
statcmd(void)
{
#if 0
	struct sockaddr_in *sin;
	u_char *a, *p;

	lreply(211, "%s FTP server (%s) status:", hostname, version);
	printf("     %s\r\n", version);
	printf("     Connected to %s", remotehost);
	if (!isdigit((unsigned char)remotehost[0]))
		printf(" (%s)", inet_ntoa(his_addr.sin_addr));
	printf("\r\n");
	if (logged_in) {
		if (guest)
			printf("     Logged in anonymously\r\n");
		else
			printf("     Logged in as %s\r\n", pw->pw_name);
	} else if (askpasswd)
		printf("     Waiting for password\r\n");
	else
		printf("     Waiting for user name\r\n");
	printf("     TYPE: %s", typenames[type]);
	if (type == TYPE_A || type == TYPE_E)
		printf(", FORM: %s", formnames[form]);
	if (type == TYPE_L)
#if NBBY == 8
		printf(" %d", NBBY);
#else
		printf(" %d", bytesize);	/* need definition! */
#endif
	printf("; STRUcture: %s; transfer MODE: %s\r\n",
	    strunames[stru], modenames[mode]);
	if (data != -1)
		printf("     Data connection open\r\n");
	else if (pdata != -1) {
		printf("     in Passive mode");
		sin = &pasv_addr;
		goto printaddr;
	} else if (usedefault == 0) {
		printf("     PORT");
		sin = &data_dest;
printaddr:
		a = (u_char *) &sin->sin_addr;
		p = (u_char *) &sin->sin_port;
#define UC(b) (((int) b) & 0xff)
		printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]),
			UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
#undef UC
	} else
		printf("     No data connection\r\n");
#endif
	reply(211, "End of status");
}

void
fatal(char *s)
{

	reply(451, "Error in server: %s\n", s);
	reply(221, "Closing connection due to server error.");
	dologout(0);
	/* NOTREACHED */
}

static void
int_reply(int, char *, const char *, va_list)
#ifdef __GNUC__
__attribute__ ((format (printf, 3, 0)))
#endif
;

static void
int_reply(int n, char *c, const char *fmt, va_list ap)
{
    char buf[10240];
    char *p;
    p=buf;
    if(n){
	snprintf(p, sizeof(buf), "%d%s", n, c);
	p+=strlen(p);
    }
    vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap);
    p+=strlen(p);
    snprintf(p, sizeof(buf) - strlen(p), "\r\n");
    p+=strlen(p);
    sec_fprintf(stdout, "%s", buf);
    fflush(stdout);
    if (debug)
	syslog(LOG_DEBUG, "<--- %s- ", buf);
}

void
reply(int n, const char *fmt, ...)
{
  va_list ap;
  va_start(ap, fmt);
  int_reply(n, " ", fmt, ap);
  delete_ftp_command();
  va_end(ap);
}

void
lreply(int n, const char *fmt, ...)
{
  va_list ap;
  va_start(ap, fmt);
  int_reply(n, "-", fmt, ap);
  va_end(ap);
}

void
nreply(const char *fmt, ...)
{
  va_list ap;
  va_start(ap, fmt);
  int_reply(0, NULL, fmt, ap);
  va_end(ap);
}

static void
ack(char *s)
{

	reply(250, "%s command successful.", s);
}

void
nack(char *s)
{

	reply(502, "%s command not implemented.", s);
}

void
do_delete(char *name)
{
	struct stat st;

	LOGCMD("delete", name);
	if (stat(name, &st) < 0) {
		perror_reply(550, name);
		return;
	}
	if (S_ISDIR(st.st_mode)) {
		if (rmdir(name) < 0) {
			perror_reply(550, name);
			return;
		}
		goto done;
	}
	if (unlink(name) < 0) {
		perror_reply(550, name);
		return;
	}
done:
	ack("DELE");
}

void
cwd(const char *path)
{

	if (chdir(path) < 0)
		perror_reply(550, path);
	else
		ack("CWD");
}

void
makedir(char *name)
{

	LOGCMD("mkdir", name);
	if(guest && filename_check(name))
	    return;
	if (mkdir(name, 0777) < 0)
		perror_reply(550, name);
	else{
	    if(guest)
		chmod(name, 0700); /* guest has umask 777 */
	    reply(257, "MKD command successful.");
	}
}

void
removedir(char *name)
{

	LOGCMD("rmdir", name);
	if (rmdir(name) < 0)
		perror_reply(550, name);
	else
		ack("RMD");
}

void
pwd(void)
{
    char path[MaxPathLen];
    char *ret;

    /* SunOS has a broken getcwd that does popen(pwd) (!!!), this
     * failes miserably when running chroot
     */
    ret = getcwd(path, sizeof(path));
    if (ret == NULL)
	reply(550, "%s.", strerror(errno));
    else
	reply(257, "\"%s\" is current directory.", path);
}

char *
renamefrom(char *name)
{
	struct stat st;

	if (stat(name, &st) < 0) {
		perror_reply(550, name);
		return NULL;
	}
	reply(350, "File exists, ready for destination name");
	return (name);
}

void
renamecmd(char *from, char *to)
{

	LOGCMD2("rename", from, to);
	if(guest && filename_check(to))
	    return;
	if (rename(from, to) < 0)
		perror_reply(550, "rename");
	else
		ack("RNTO");
}

static void
dolog(struct sockaddr *sa, int len)
{
	getnameinfo_verified (sa, len, remotehost, sizeof(remotehost),
			      NULL, 0, 0);
#ifdef HAVE_SETPROCTITLE
	snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
	setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */

	if (logging) {
		char data_addr[256];

		if (inet_ntop (his_addr->sa_family,
			       socket_get_address(his_addr),
			       data_addr, sizeof(data_addr)) == NULL)
			strlcpy (data_addr, "unknown address",
					 sizeof(data_addr));


		syslog(LOG_INFO, "connection from %s(%s)",
		       remotehost,
		       data_addr);
	}
}

/*
 * Record logout in wtmp file
 * and exit with supplied status.
 */
void
dologout(int status)
{
    transflag = 0;
    urgflag = 0;
    if (logged_in) {
#if KRB5
	cond_kdestroy();
#endif
	seteuid((uid_t)0); /* No need to check, we call exit() below */
	ftpd_logwtmp(ttyline, "", "");
    }
    /* beware of flushing buffers after a SIGPIPE */
#ifdef XXX
    exit(status);
#else
    _exit(status);
#endif
}

void abor(void)
{
    if (!transflag)
	return;
    reply(426, "Transfer aborted. Data connection closed.");
    reply(226, "Abort successful");
    transflag = 0;
}

static void
myoob(int signo)
{
    urgflag = 1;
}

static char *
mec_space(char *p)
{
    while(isspace(*(unsigned char *)p))
	  p++;
    return p;
}

static int
handleoobcmd(void)
{
	char *cp;

	/* only process if transfer occurring */
	if (!transflag)
		return 0;

	urgflag = 0;

	cp = tmpline;
	if (ftpd_getline(cp, sizeof(tmpline)) == NULL) {
		reply(221, "You could at least say goodbye.");
		dologout(0);
	}

	if (strncasecmp("MIC", cp, 3) == 0) {
	    mec(mec_space(cp + 3), prot_safe);
	} else if (strncasecmp("CONF", cp, 4) == 0) {
	    mec(mec_space(cp + 4), prot_confidential);
	} else if (strncasecmp("ENC", cp, 3) == 0) {
	    mec(mec_space(cp + 3), prot_private);
	} else if (!allow_insecure_oob) {
	    reply(533, "Command protection level denied "
		  "for paranoid reasons.");
	    goto out;
	}

	if (secure_command())
	    cp = ftp_command;

	if (strcasecmp(cp, "ABOR\r\n") == 0) {
		abor();
	} else if (strcasecmp(cp, "STAT\r\n") == 0) {
		if (file_size != (off_t) -1)
			reply(213, "Status: %ld of %ld bytes transferred",
			      (long)byte_count,
			      (long)file_size);
		else
			reply(213, "Status: %ld bytes transferred",
			      (long)byte_count);
	}
out:
	return (transflag == 0);
}

/*
 * Note: a response of 425 is not mentioned as a possible response to
 *	the PASV command in RFC959. However, it has been blessed as
 *	a legitimate response by Jon Postel in a telephone conversation
 *	with Rick Adams on 25 Jan 89.
 */
void
pasv(void)
{
	socklen_t len;
	char *p, *a;
	struct sockaddr_in *sin;

	if (ctrl_addr->sa_family != AF_INET) {
		reply(425,
		      "You cannot do PASV with something that's not IPv4");
		return;
	}

	if(pdata != -1)
	    close(pdata);

	pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
	if (pdata < 0) {
		perror_reply(425, "Can't open passive connection");
		return;
	}
	pasv_addr->sa_family = ctrl_addr->sa_family;
	socket_set_address_and_port (pasv_addr,
				     socket_get_address (ctrl_addr),
				     0);
	socket_set_portrange(pdata, restricted_data_ports,
	    pasv_addr->sa_family);
	if (seteuid(0) < 0)
		fatal("Failed to seteuid");
	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
		if (seteuid(pw->pw_uid) < 0)
			fatal("Failed to seteuid");
		goto pasv_error;
	}
	if (seteuid(pw->pw_uid) < 0)
		fatal("Failed to seteuid");
	len = sizeof(pasv_addr_ss);
	if (getsockname(pdata, pasv_addr, &len) < 0)
		goto pasv_error;
	if (listen(pdata, 1) < 0)
		goto pasv_error;
	sin = (struct sockaddr_in *)pasv_addr;
	a = (char *) &sin->sin_addr;
	p = (char *) &sin->sin_port;

#define UC(b) (((int) b) & 0xff)

	reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
		UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
	return;

pasv_error:
	close(pdata);
	pdata = -1;
	perror_reply(425, "Can't open passive connection");
	return;
}

void
epsv(char *proto)
{
	socklen_t len;

	pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
	if (pdata < 0) {
		perror_reply(425, "Can't open passive connection");
		return;
	}
	pasv_addr->sa_family = ctrl_addr->sa_family;
	socket_set_address_and_port (pasv_addr,
				     socket_get_address (ctrl_addr),
				     0);
	socket_set_portrange(pdata, restricted_data_ports,
	    pasv_addr->sa_family);
	if (seteuid(0) < 0)
		fatal("Failed to seteuid");
	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
		if (seteuid(pw->pw_uid))
			fatal("Failed to seteuid");
		goto pasv_error;
	}
	if (seteuid(pw->pw_uid) < 0)
		fatal("Failed to seteuid");
	len = sizeof(pasv_addr_ss);
	if (getsockname(pdata, pasv_addr, &len) < 0)
		goto pasv_error;
	if (listen(pdata, 1) < 0)
		goto pasv_error;

	reply(229, "Entering Extended Passive Mode (|||%d|)",
	      ntohs(socket_get_port (pasv_addr)));
	return;

pasv_error:
	close(pdata);
	pdata = -1;
	perror_reply(425, "Can't open passive connection");
	return;
}

void
eprt(char *str)
{
	char *end;
	char sep;
	int af;
	int ret;
	int port;

	usedefault = 0;
	if (pdata >= 0) {
	    close(pdata);
	    pdata = -1;
	}

	sep = *str++;
	if (sep == '\0') {
		reply(500, "Bad syntax in EPRT");
		return;
	}
	af = strtol (str, &end, 0);
	if (af == 0 || *end != sep) {
		reply(500, "Bad syntax in EPRT");
		return;
	}
	str = end + 1;
	switch (af) {
#ifdef HAVE_IPV6
	case 2 :
	    data_dest->sa_family = AF_INET6;
	    break;
#endif
	case 1 :
	    data_dest->sa_family = AF_INET;
		break;
	default :
		reply(522, "Network protocol %d not supported, use (1"
#ifdef HAVE_IPV6
		      ",2"
#endif
		      ")", af);
		return;
	}
	end = strchr (str, sep);
	if (end == NULL) {
		reply(500, "Bad syntax in EPRT");
		return;
	}
	*end = '\0';
	ret = inet_pton (data_dest->sa_family, str,
			 socket_get_address (data_dest));

	if (ret != 1) {
		reply(500, "Bad address syntax in EPRT");
		return;
	}
	str = end + 1;
	port = strtol (str, &end, 0);
	if (port == 0 || *end != sep) {
		reply(500, "Bad port syntax in EPRT");
		return;
	}
	if (port < IPPORT_RESERVED) {
		reply(500, "Bad port in invalid range in EPRT");
		return;
	}
	socket_set_port (data_dest, htons(port));

	if (paranoid &&
	    (data_dest->sa_family != his_addr->sa_family ||
	     memcmp(socket_get_address(data_dest), socket_get_address(his_addr), socket_sockaddr_size(data_dest)) != 0))
	{
		reply(500, "Bad address in EPRT");
	}
	reply(200, "EPRT command successful.");
}

/*
 * Generate unique name for file with basename "local".
 * The file named "local" is already known to exist.
 * Generates failure reply on error.
 */
static char *
gunique(char *local)
{
	static char new[MaxPathLen];
	struct stat st;
	int count;
	char *cp;

	cp = strrchr(local, '/');
	if (cp)
		*cp = '\0';
	if (stat(cp ? local : ".", &st) < 0) {
		perror_reply(553, cp ? local : ".");
		return NULL;
	}
	if (cp)
		*cp = '/';
	for (count = 1; count < 100; count++) {
		snprintf (new, sizeof(new), "%s.%d", local, count);
		if (stat(new, &st) < 0)
			return (new);
	}
	reply(452, "Unique file name cannot be created.");
	return (NULL);
}

/*
 * Format and send reply containing system error number.
 */
void
perror_reply(int code, const char *string)
{
	reply(code, "%s: %s.", string, strerror(errno));
}

static char *onefile[] = {
	"",
	0
};

void
list_file(char *file)
{
    if(use_builtin_ls) {
	FILE *dout;
	dout = dataconn(file, -1, "w");
	if (dout == NULL)
	    return;
	set_buffer_size(fileno(dout), 0);
	if(builtin_ls(dout, file) == 0)
	    reply(226, "Transfer complete.");
	else
	    reply(451, "Requested action aborted. Local error in processing.");
	fclose(dout);
	data = -1;
	pdata = -1;
    } else {
#ifdef HAVE_LS_A
	const char *cmd = "/bin/ls -lA %s";
#else
	const char *cmd = "/bin/ls -la %s";
#endif
	retrieve(cmd, file);
    }
}

void
send_file_list(char *whichf)
{
    struct stat st;
    DIR *dirp = NULL;
    struct dirent *dir;
    FILE *dout = NULL;
    char **dirlist, *dirname;
    int simple = 0;
    int freeglob = 0;
    glob_t gl;
    char buf[MaxPathLen];

    if (strpbrk(whichf, "~{[*?") != NULL) {
	int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
#ifdef GLOB_MAXPATH
	    GLOB_MAXPATH
#else
	    GLOB_LIMIT
#endif
	    ;

	memset(&gl, 0, sizeof(gl));
	freeglob = 1;
	if (glob(whichf, flags, 0, &gl)) {
	    reply(550, "not found");
	    goto out;
	} else if (gl.gl_pathc == 0) {
	    errno = ENOENT;
	    perror_reply(550, whichf);
	    goto out;
	}
	dirlist = gl.gl_pathv;
    } else {
	onefile[0] = whichf;
	dirlist = onefile;
	simple = 1;
    }

    while ((dirname = *dirlist++)) {

	if (urgflag && handleoobcmd())
	    goto out;

	if (stat(dirname, &st) < 0) {
	    /*
	     * If user typed "ls -l", etc, and the client
	     * used NLST, do what the user meant.
	     */
	    if (dirname[0] == '-' && *dirlist == NULL &&
		transflag == 0) {
		list_file(dirname);
		goto out;
	    }
	    perror_reply(550, whichf);
	    goto out;
	}

	if (S_ISREG(st.st_mode)) {
	    if (dout == NULL) {
		dout = dataconn("file list", (off_t)-1, "w");
		if (dout == NULL)
		    goto out;
		transflag = 1;
	    }
	    snprintf(buf, sizeof(buf), "%s%s\n", dirname,
		     type == TYPE_A ? "\r" : "");
	    sec_write(fileno(dout), buf, strlen(buf));
	    byte_count += strlen(dirname) + 1;
	    continue;
	} else if (!S_ISDIR(st.st_mode))
	    continue;

	if ((dirp = opendir(dirname)) == NULL)
	    continue;

	while ((dir = readdir(dirp)) != NULL) {
	    char nbuf[MaxPathLen];

	    if (urgflag && handleoobcmd())
		goto out;

	    if (!strcmp(dir->d_name, "."))
		continue;
	    if (!strcmp(dir->d_name, ".."))
		continue;

	    snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name);

	    /*
	     * We have to do a stat to insure it's
	     * not a directory or special file.
	     */
	    if (simple || (stat(nbuf, &st) == 0 &&
			   S_ISREG(st.st_mode))) {
		if (dout == NULL) {
		    dout = dataconn("file list", (off_t)-1, "w");
		    if (dout == NULL)
			goto out;
		    transflag = 1;
		}
		if(strncmp(nbuf, "./", 2) == 0)
		    snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2,
			     type == TYPE_A ? "\r" : "");
		else
		    snprintf(buf, sizeof(buf), "%s%s\n", nbuf,
			     type == TYPE_A ? "\r" : "");
		sec_write(fileno(dout), buf, strlen(buf));
		byte_count += strlen(nbuf) + 1;
	    }
	}
	closedir(dirp);
    }
    if (dout == NULL)
	reply(550, "No files found.");
    else if (ferror(dout) != 0)
	perror_reply(550, "Data connection");
    else
	reply(226, "Transfer complete.");

out:
    transflag = 0;
    if (dout != NULL){
	sec_write(fileno(dout), buf, 0); /* XXX flush */

	fclose(dout);
    }
    data = -1;
    pdata = -1;
    if (freeglob)
	globfree(&gl);
}


int
find(char *pattern)
{
    char line[1024];
    FILE *f;

    snprintf(line, sizeof(line),
	     "/bin/locate -d %s -- %s",
	     ftp_rooted("/etc/locatedb"),
	     pattern);
    f = ftpd_popen(line, "r", 1, 1);
    if(f == NULL){
	perror_reply(550, "/bin/locate");
	return 1;
    }
    lreply(200, "Output from find.");
    while(fgets(line, sizeof(line), f)){
	if(line[strlen(line)-1] == '\n')
	    line[strlen(line)-1] = 0;
	nreply("%s", line);
    }
    reply(200, "Done");
    ftpd_pclose(f);
    return 0;
}