Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-10]: src/usr.bin/ftp Pull up following revision(s) (requested by ...



details:   https://anonhg.NetBSD.org/src/rev/c390f7051f96
branches:  netbsd-10
changeset: 375843:c390f7051f96
user:      martin <martin%NetBSD.org@localhost>
date:      Tue May 16 16:16:00 2023 +0000

description:
Pull up following revision(s) (requested by lukem in ticket #170):

        usr.bin/ftp/ssl.c: revision 1.13
        usr.bin/ftp/fetch.c: revision 1.236
        usr.bin/ftp/util.c: revision 1.166
        usr.bin/ftp/main.c: revision 1.129
        usr.bin/ftp/extern.h: revision 1.83
        usr.bin/ftp/ftp.1: revision 1.148
        usr.bin/ftp/cmdtab.c: revision 1.53
        usr.bin/ftp/version.h: revision 1.96

Add option sslnoverify to control validation of SSL certificates.

Add netrc processing to fetch-mode (URL on command line) to enable options and autologin
via netrc.

Fix SSL cleanup in some error paths.

Certificate validation is now enabled by default. Set FTPSSLNOVERIFY=1 in environment
or configure a corresponding init macro via netrc to not validate certs (required if
you haven't installed a required CA certificate for OpenSSL).

Discussed with lukem@ on icb.

diffstat:

 usr.bin/ftp/cmdtab.c  |  25 +++++++++++++------------
 usr.bin/ftp/extern.h  |   5 +++--
 usr.bin/ftp/fetch.c   |  45 +++++++++++++++++++++++++++++++++++++++++----
 usr.bin/ftp/ftp.1     |  15 +++++++++------
 usr.bin/ftp/main.c    |   7 ++++---
 usr.bin/ftp/ssl.c     |  16 +++++++++++++---
 usr.bin/ftp/util.c    |  26 +++++++++++++++++++++++---
 usr.bin/ftp/version.h |   6 +++---
 8 files changed, 109 insertions(+), 36 deletions(-)

diffs (truncated from 394 to 300 lines):

diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/cmdtab.c
--- a/usr.bin/ftp/cmdtab.c      Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/cmdtab.c      Tue May 16 16:16:00 2023 +0000
@@ -1,7 +1,7 @@
-/*     $NetBSD: cmdtab.c,v 1.52 2012/12/22 16:57:09 christos Exp $     */
+/*     $NetBSD: cmdtab.c,v 1.52.40.1 2023/05/16 16:16:00 martin Exp $  */
 
 /*-
- * Copyright (c) 1996-2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 1996-2023 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This code is derived from software contributed to The NetBSD Foundation
@@ -63,7 +63,7 @@
 #if 0
 static char sccsid[] = "@(#)cmdtab.c   8.4 (Berkeley) 10/9/94";
 #else
-__RCSID("$NetBSD: cmdtab.c,v 1.52 2012/12/22 16:57:09 christos Exp $");
+__RCSID("$NetBSD: cmdtab.c,v 1.52.40.1 2023/05/16 16:16:00 martin Exp $");
 #endif
 #endif /* not lint */
 
@@ -295,13 +295,14 @@ struct cmd cmdtab[] = {
 };
 
 struct option optiontab[] = {
-       { "anonpass",   NULL },
-       { "ftp_proxy",  NULL },
-       { "http_proxy", NULL },
-       { "https_proxy",NULL },
-       { "no_proxy",   NULL },
-       { "pager",      NULL },
-       { "prompt",     NULL },
-       { "rprompt",    NULL },
-       { NULL,         NULL },
+       { "anonpass",      NULL },
+       { "ftp_proxy",     NULL },
+       { "http_proxy",    NULL },
+       { "https_proxy",   NULL },
+       { "no_proxy",      NULL },
+       { "pager",         NULL },
+       { "prompt",        NULL },
+       { "rprompt",       NULL },
+       { "sslnoverify"   ,NULL },
+       { NULL,            NULL },
 };
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/extern.h
--- a/usr.bin/ftp/extern.h      Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/extern.h      Tue May 16 16:16:00 2023 +0000
@@ -1,7 +1,7 @@
-/*     $NetBSD: extern.h,v 1.82 2019/06/22 23:40:53 christos Exp $     */
+/*     $NetBSD: extern.h,v 1.82.10.1 2023/05/16 16:16:00 martin Exp $  */
 
 /*-
- * Copyright (c) 1996-2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 1996-2023 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This code is derived from software contributed to The NetBSD Foundation
@@ -243,6 +243,7 @@ void        user(int, char **);
 int    ftp_connect(int, const struct sockaddr *, socklen_t, int);
 int    ftp_listen(int, int);
 int    ftp_poll(struct pollfd *, int, int);
+int    ftp_truthy(const char *, const char *, int);
 #ifndef SMALL
 void   *ftp_malloc(size_t);
 StringList *ftp_sl_init(void);
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/fetch.c
--- a/usr.bin/ftp/fetch.c       Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/fetch.c       Tue May 16 16:16:00 2023 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: fetch.c,v 1.235 2022/09/11 20:49:27 christos Exp $     */
+/*     $NetBSD: fetch.c,v 1.235.2.1 2023/05/16 16:16:00 martin Exp $   */
 
 /*-
  * Copyright (c) 1997-2015 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.235 2022/09/11 20:49:27 christos Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.235.2.1 2023/05/16 16:16:00 martin Exp $");
 #endif /* not lint */
 
 /*
@@ -617,13 +617,15 @@ parse_url(const char *url, const char *d
 sigjmp_buf     httpabort;
 
 static int
-ftp_socket(const struct urlinfo *ui, void **ssl)
+ftp_socket(const struct urlinfo *ui, void **ssl, struct authinfo *auth)
 {
        struct addrinfo hints, *res, *res0 = NULL;
        int error;
        int s;
        const char *host = ui->host;
        const char *port = ui->port;
+       char *fuser = NULL, *pass = NULL, *facct = NULL;
+       int n;
 
        if (ui->utype != HTTPS_URL_T)
                ssl = NULL;
@@ -688,6 +690,28 @@ ftp_socket(const struct urlinfo *ui, voi
                        continue;
                }
 
+               if (ruserpass("", &fuser, &pass, &facct) < 0) {
+                       close(s);
+                       s = -1;
+                       continue;
+               }
+
+               if (autologin) {
+                       if (fuser != NULL && auth->user == NULL)
+                               auth->user = ftp_strdup(fuser);
+                       if (pass != NULL && auth->pass == NULL)
+                               auth->pass = ftp_strdup(pass);
+               }
+
+               for (n = 0; n < macnum; ++n) {
+                       if (!strcmp("init", macros[n].mac_name)) {
+                               (void)strlcpy(line, "$init", sizeof(line));
+                               makeargv();
+                               domacro(margc, margv);
+                               break;
+                       }
+               }
+
 #ifdef WITH_SSL
                if (ssl) {
                        if ((*ssl = fetch_start_ssl(s, host)) == NULL) {
@@ -699,6 +723,15 @@ ftp_socket(const struct urlinfo *ui, voi
 #endif
                break;
        }
+
+       FREEPTR(fuser);
+       if (pass != NULL)
+               memset(pass, 0, strlen(pass));
+       FREEPTR(pass);
+       if (facct != NULL)
+               memset(facct, 0, strlen(facct));
+       FREEPTR(facct);
+
        if (res0)
                freeaddrinfo(res0);
        return s;
@@ -1484,6 +1517,10 @@ fetch_url(const char *url, const char *p
                }
        } else {                                /* ftp:// or http:// URLs */
                int hasleading;
+               static char hostnamebuf[MAXHOSTNAMELEN];
+
+               (void)strlcpy(hostnamebuf, ui.host, sizeof(hostnamebuf));
+               hostname = hostnamebuf;
 
                if (penv == NULL) {
 #ifdef WITH_SSL
@@ -1517,7 +1554,7 @@ fetch_url(const char *url, const char *p
                        }
                } /* ! EMPTYSTRING(penv) */
 
-               s = ftp_socket(&ui, &ssl);
+               s = ftp_socket(&ui, &ssl, &wauth);
                if (s < 0) {
                        warnx("Can't connect to `%s:%s'", ui.host, ui.port);
                        goto cleanup_fetch_url;
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/ftp.1
--- a/usr.bin/ftp/ftp.1 Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/ftp.1 Tue May 16 16:16:00 2023 +0000
@@ -1,6 +1,6 @@
-.\"    $NetBSD: ftp.1,v 1.147 2022/08/30 08:51:28 christos Exp $
+.\"    $NetBSD: ftp.1,v 1.147.2.1 2023/05/16 16:16:00 martin Exp $
 .\"
-.\" Copyright (c) 1996-2021 The NetBSD Foundation, Inc.
+.\" Copyright (c) 1996-2023 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This code is derived from software contributed to The NetBSD Foundation
@@ -57,7 +57,7 @@
 .\"
 .\"    @(#)ftp.1       8.3 (Berkeley) 10/9/94
 .\"
-.Dd August 29, 2022
+.Dd February 25, 2023
 .Dt FTP 1
 .Os
 .Sh NAME
@@ -1382,7 +1382,7 @@ and
 .Ar value
 are not given, display all of the options and their values.
 The currently supported options are:
-.Bl -tag -width "https_proxy" -offset indent
+.Bl -tag -width "sslnoverify" -offset indent
 .It Cm anonpass
 Defaults to
 .Ev $FTPANONPASS
@@ -1407,6 +1407,9 @@ Defaults to
 .It Cm rprompt
 Defaults to
 .Ev $FTPRPROMPT .
+.It Cm sslnoverify
+Defaults to
+.Ev $FTPSSLNOVERIFY .
 .El
 .It Ic site Op Ar arg ...
 The arguments specified are sent, verbatim, to the remote
@@ -2312,6 +2315,8 @@ The value to send for the
 .Tn HTTP
 User-Agent
 header.
+.It Ev FTPSSLNOVERIFY
+Set to 1 to not verify SSL certificates.
 .It Ev HOME
 For default location of a
 .Pa .netrc
@@ -2320,8 +2325,6 @@ file, if one exists.
 An alternate location of the
 .Pa .netrc
 file.
-.It Ev NO_CERT_VERIFY
-Don't verify SSL certificates.
 .It Ev PAGER
 Used by various commands to display files.
 Defaults to
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/main.c
--- a/usr.bin/ftp/main.c        Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/main.c        Tue May 16 16:16:00 2023 +0000
@@ -1,7 +1,7 @@
-/*     $NetBSD: main.c,v 1.128 2021/10/09 09:07:20 lukem Exp $ */
+/*     $NetBSD: main.c,v 1.128.2.1 2023/05/16 16:16:00 martin Exp $    */
 
 /*-
- * Copyright (c) 1996-2015 The NetBSD Foundation, Inc.
+ * Copyright (c) 1996-2023 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This code is derived from software contributed to The NetBSD Foundation
@@ -98,7 +98,7 @@
 #if 0
 static char sccsid[] = "@(#)main.c     8.6 (Berkeley) 10/9/94";
 #else
-__RCSID("$NetBSD: main.c,v 1.128 2021/10/09 09:07:20 lukem Exp $");
+__RCSID("$NetBSD: main.c,v 1.128.2.1 2023/05/16 16:16:00 martin Exp $");
 #endif
 #endif /* not lint */
 
@@ -512,6 +512,7 @@ main(int volatile argc, char **volatile 
        setupoption("pager",            getenv("PAGER"),        DEFAULTPAGER);
        setupoption("prompt",           getenv("FTPPROMPT"),    DEFAULTPROMPT);
        setupoption("rprompt",          getenv("FTPRPROMPT"),   DEFAULTRPROMPT);
+       setupoption("sslnoverify",      getenv("FTPSSLNOVERIFY"),       "");
 
        free(anonpass);
 
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/ssl.c
--- a/usr.bin/ftp/ssl.c Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/ssl.c Tue May 16 16:16:00 2023 +0000
@@ -1,9 +1,10 @@
-/*     $NetBSD: ssl.c,v 1.12 2022/09/12 15:10:31 christos Exp $        */
+/*     $NetBSD: ssl.c,v 1.12.2.1 2023/05/16 16:16:00 martin Exp $      */
 
 /*-
  * Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav
  * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg%NetBSD.org@localhost>
  * Copyright (c) 2015 Thomas Klausner <wiz%NetBSD.org@localhost>
+ * Copyright (c) 2023 Michael van Elst <mlelstv%NetBSD.org@localhost>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -34,7 +35,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: ssl.c,v 1.12 2022/09/12 15:10:31 christos Exp $");
+__RCSID("$NetBSD: ssl.c,v 1.12.2.1 2023/05/16 16:16:00 martin Exp $");
 #endif
 
 #include <errno.h>
@@ -63,6 +64,11 @@
 
 #include "ssl.h"
 
+#include <stringlist.h>
+#include <histedit.h>
+#include <sys/poll.h>
+#include "extern.h"
+
 extern int quit_time, verbose, ftp_debug;
 extern FILE *ttyout;
 
@@ -589,7 +595,7 @@ fetch_start_ssl(int sock, const char *se
        SSL_CTX *ctx;
        X509_VERIFY_PARAM *param;
        int ret, ssl_err;
-       int verify = 0; // getenv("NO_CERT_VERIFY") == NULL;
+       int verify = !ftp_truthy("sslnoverify", getoptionvalue("sslnoverify"), 0);
 
        /* Init the SSL library and context */
        if (!SSL_library_init()){



Home | Main Index | Thread Index | Old Index