Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-10]: src/usr.bin/ftp Pull up following revision(s) (requested by ...
details: https://anonhg.NetBSD.org/src/rev/c390f7051f96
branches: netbsd-10
changeset: 375843:c390f7051f96
user: martin <martin%NetBSD.org@localhost>
date: Tue May 16 16:16:00 2023 +0000
description:
Pull up following revision(s) (requested by lukem in ticket #170):
usr.bin/ftp/ssl.c: revision 1.13
usr.bin/ftp/fetch.c: revision 1.236
usr.bin/ftp/util.c: revision 1.166
usr.bin/ftp/main.c: revision 1.129
usr.bin/ftp/extern.h: revision 1.83
usr.bin/ftp/ftp.1: revision 1.148
usr.bin/ftp/cmdtab.c: revision 1.53
usr.bin/ftp/version.h: revision 1.96
Add option sslnoverify to control validation of SSL certificates.
Add netrc processing to fetch-mode (URL on command line) to enable options and autologin
via netrc.
Fix SSL cleanup in some error paths.
Certificate validation is now enabled by default. Set FTPSSLNOVERIFY=1 in environment
or configure a corresponding init macro via netrc to not validate certs (required if
you haven't installed a required CA certificate for OpenSSL).
Discussed with lukem@ on icb.
diffstat:
usr.bin/ftp/cmdtab.c | 25 +++++++++++++------------
usr.bin/ftp/extern.h | 5 +++--
usr.bin/ftp/fetch.c | 45 +++++++++++++++++++++++++++++++++++++++++----
usr.bin/ftp/ftp.1 | 15 +++++++++------
usr.bin/ftp/main.c | 7 ++++---
usr.bin/ftp/ssl.c | 16 +++++++++++++---
usr.bin/ftp/util.c | 26 +++++++++++++++++++++++---
usr.bin/ftp/version.h | 6 +++---
8 files changed, 109 insertions(+), 36 deletions(-)
diffs (truncated from 394 to 300 lines):
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/cmdtab.c
--- a/usr.bin/ftp/cmdtab.c Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/cmdtab.c Tue May 16 16:16:00 2023 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: cmdtab.c,v 1.52 2012/12/22 16:57:09 christos Exp $ */
+/* $NetBSD: cmdtab.c,v 1.52.40.1 2023/05/16 16:16:00 martin Exp $ */
/*-
- * Copyright (c) 1996-2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 1996-2023 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
@@ -63,7 +63,7 @@
#if 0
static char sccsid[] = "@(#)cmdtab.c 8.4 (Berkeley) 10/9/94";
#else
-__RCSID("$NetBSD: cmdtab.c,v 1.52 2012/12/22 16:57:09 christos Exp $");
+__RCSID("$NetBSD: cmdtab.c,v 1.52.40.1 2023/05/16 16:16:00 martin Exp $");
#endif
#endif /* not lint */
@@ -295,13 +295,14 @@ struct cmd cmdtab[] = {
};
struct option optiontab[] = {
- { "anonpass", NULL },
- { "ftp_proxy", NULL },
- { "http_proxy", NULL },
- { "https_proxy",NULL },
- { "no_proxy", NULL },
- { "pager", NULL },
- { "prompt", NULL },
- { "rprompt", NULL },
- { NULL, NULL },
+ { "anonpass", NULL },
+ { "ftp_proxy", NULL },
+ { "http_proxy", NULL },
+ { "https_proxy", NULL },
+ { "no_proxy", NULL },
+ { "pager", NULL },
+ { "prompt", NULL },
+ { "rprompt", NULL },
+ { "sslnoverify" ,NULL },
+ { NULL, NULL },
};
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/extern.h
--- a/usr.bin/ftp/extern.h Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/extern.h Tue May 16 16:16:00 2023 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: extern.h,v 1.82 2019/06/22 23:40:53 christos Exp $ */
+/* $NetBSD: extern.h,v 1.82.10.1 2023/05/16 16:16:00 martin Exp $ */
/*-
- * Copyright (c) 1996-2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 1996-2023 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
@@ -243,6 +243,7 @@ void user(int, char **);
int ftp_connect(int, const struct sockaddr *, socklen_t, int);
int ftp_listen(int, int);
int ftp_poll(struct pollfd *, int, int);
+int ftp_truthy(const char *, const char *, int);
#ifndef SMALL
void *ftp_malloc(size_t);
StringList *ftp_sl_init(void);
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/fetch.c
--- a/usr.bin/ftp/fetch.c Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/fetch.c Tue May 16 16:16:00 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: fetch.c,v 1.235 2022/09/11 20:49:27 christos Exp $ */
+/* $NetBSD: fetch.c,v 1.235.2.1 2023/05/16 16:16:00 martin Exp $ */
/*-
* Copyright (c) 1997-2015 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.235 2022/09/11 20:49:27 christos Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.235.2.1 2023/05/16 16:16:00 martin Exp $");
#endif /* not lint */
/*
@@ -617,13 +617,15 @@ parse_url(const char *url, const char *d
sigjmp_buf httpabort;
static int
-ftp_socket(const struct urlinfo *ui, void **ssl)
+ftp_socket(const struct urlinfo *ui, void **ssl, struct authinfo *auth)
{
struct addrinfo hints, *res, *res0 = NULL;
int error;
int s;
const char *host = ui->host;
const char *port = ui->port;
+ char *fuser = NULL, *pass = NULL, *facct = NULL;
+ int n;
if (ui->utype != HTTPS_URL_T)
ssl = NULL;
@@ -688,6 +690,28 @@ ftp_socket(const struct urlinfo *ui, voi
continue;
}
+ if (ruserpass("", &fuser, &pass, &facct) < 0) {
+ close(s);
+ s = -1;
+ continue;
+ }
+
+ if (autologin) {
+ if (fuser != NULL && auth->user == NULL)
+ auth->user = ftp_strdup(fuser);
+ if (pass != NULL && auth->pass == NULL)
+ auth->pass = ftp_strdup(pass);
+ }
+
+ for (n = 0; n < macnum; ++n) {
+ if (!strcmp("init", macros[n].mac_name)) {
+ (void)strlcpy(line, "$init", sizeof(line));
+ makeargv();
+ domacro(margc, margv);
+ break;
+ }
+ }
+
#ifdef WITH_SSL
if (ssl) {
if ((*ssl = fetch_start_ssl(s, host)) == NULL) {
@@ -699,6 +723,15 @@ ftp_socket(const struct urlinfo *ui, voi
#endif
break;
}
+
+ FREEPTR(fuser);
+ if (pass != NULL)
+ memset(pass, 0, strlen(pass));
+ FREEPTR(pass);
+ if (facct != NULL)
+ memset(facct, 0, strlen(facct));
+ FREEPTR(facct);
+
if (res0)
freeaddrinfo(res0);
return s;
@@ -1484,6 +1517,10 @@ fetch_url(const char *url, const char *p
}
} else { /* ftp:// or http:// URLs */
int hasleading;
+ static char hostnamebuf[MAXHOSTNAMELEN];
+
+ (void)strlcpy(hostnamebuf, ui.host, sizeof(hostnamebuf));
+ hostname = hostnamebuf;
if (penv == NULL) {
#ifdef WITH_SSL
@@ -1517,7 +1554,7 @@ fetch_url(const char *url, const char *p
}
} /* ! EMPTYSTRING(penv) */
- s = ftp_socket(&ui, &ssl);
+ s = ftp_socket(&ui, &ssl, &wauth);
if (s < 0) {
warnx("Can't connect to `%s:%s'", ui.host, ui.port);
goto cleanup_fetch_url;
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/ftp.1
--- a/usr.bin/ftp/ftp.1 Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/ftp.1 Tue May 16 16:16:00 2023 +0000
@@ -1,6 +1,6 @@
-.\" $NetBSD: ftp.1,v 1.147 2022/08/30 08:51:28 christos Exp $
+.\" $NetBSD: ftp.1,v 1.147.2.1 2023/05/16 16:16:00 martin Exp $
.\"
-.\" Copyright (c) 1996-2021 The NetBSD Foundation, Inc.
+.\" Copyright (c) 1996-2023 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
@@ -57,7 +57,7 @@
.\"
.\" @(#)ftp.1 8.3 (Berkeley) 10/9/94
.\"
-.Dd August 29, 2022
+.Dd February 25, 2023
.Dt FTP 1
.Os
.Sh NAME
@@ -1382,7 +1382,7 @@ and
.Ar value
are not given, display all of the options and their values.
The currently supported options are:
-.Bl -tag -width "https_proxy" -offset indent
+.Bl -tag -width "sslnoverify" -offset indent
.It Cm anonpass
Defaults to
.Ev $FTPANONPASS
@@ -1407,6 +1407,9 @@ Defaults to
.It Cm rprompt
Defaults to
.Ev $FTPRPROMPT .
+.It Cm sslnoverify
+Defaults to
+.Ev $FTPSSLNOVERIFY .
.El
.It Ic site Op Ar arg ...
The arguments specified are sent, verbatim, to the remote
@@ -2312,6 +2315,8 @@ The value to send for the
.Tn HTTP
User-Agent
header.
+.It Ev FTPSSLNOVERIFY
+Set to 1 to not verify SSL certificates.
.It Ev HOME
For default location of a
.Pa .netrc
@@ -2320,8 +2325,6 @@ file, if one exists.
An alternate location of the
.Pa .netrc
file.
-.It Ev NO_CERT_VERIFY
-Don't verify SSL certificates.
.It Ev PAGER
Used by various commands to display files.
Defaults to
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/main.c
--- a/usr.bin/ftp/main.c Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/main.c Tue May 16 16:16:00 2023 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: main.c,v 1.128 2021/10/09 09:07:20 lukem Exp $ */
+/* $NetBSD: main.c,v 1.128.2.1 2023/05/16 16:16:00 martin Exp $ */
/*-
- * Copyright (c) 1996-2015 The NetBSD Foundation, Inc.
+ * Copyright (c) 1996-2023 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
@@ -98,7 +98,7 @@
#if 0
static char sccsid[] = "@(#)main.c 8.6 (Berkeley) 10/9/94";
#else
-__RCSID("$NetBSD: main.c,v 1.128 2021/10/09 09:07:20 lukem Exp $");
+__RCSID("$NetBSD: main.c,v 1.128.2.1 2023/05/16 16:16:00 martin Exp $");
#endif
#endif /* not lint */
@@ -512,6 +512,7 @@ main(int volatile argc, char **volatile
setupoption("pager", getenv("PAGER"), DEFAULTPAGER);
setupoption("prompt", getenv("FTPPROMPT"), DEFAULTPROMPT);
setupoption("rprompt", getenv("FTPRPROMPT"), DEFAULTRPROMPT);
+ setupoption("sslnoverify", getenv("FTPSSLNOVERIFY"), "");
free(anonpass);
diff -r c1ed85e90c14 -r c390f7051f96 usr.bin/ftp/ssl.c
--- a/usr.bin/ftp/ssl.c Mon May 15 10:40:13 2023 +0000
+++ b/usr.bin/ftp/ssl.c Tue May 16 16:16:00 2023 +0000
@@ -1,9 +1,10 @@
-/* $NetBSD: ssl.c,v 1.12 2022/09/12 15:10:31 christos Exp $ */
+/* $NetBSD: ssl.c,v 1.12.2.1 2023/05/16 16:16:00 martin Exp $ */
/*-
* Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav
* Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg%NetBSD.org@localhost>
* Copyright (c) 2015 Thomas Klausner <wiz%NetBSD.org@localhost>
+ * Copyright (c) 2023 Michael van Elst <mlelstv%NetBSD.org@localhost>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,7 +35,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: ssl.c,v 1.12 2022/09/12 15:10:31 christos Exp $");
+__RCSID("$NetBSD: ssl.c,v 1.12.2.1 2023/05/16 16:16:00 martin Exp $");
#endif
#include <errno.h>
@@ -63,6 +64,11 @@
#include "ssl.h"
+#include <stringlist.h>
+#include <histedit.h>
+#include <sys/poll.h>
+#include "extern.h"
+
extern int quit_time, verbose, ftp_debug;
extern FILE *ttyout;
@@ -589,7 +595,7 @@ fetch_start_ssl(int sock, const char *se
SSL_CTX *ctx;
X509_VERIFY_PARAM *param;
int ret, ssl_err;
- int verify = 0; // getenv("NO_CERT_VERIFY") == NULL;
+ int verify = !ftp_truthy("sslnoverify", getoptionvalue("sslnoverify"), 0);
/* Init the SSL library and context */
if (!SSL_library_init()){
Home |
Main Index |
Thread Index |
Old Index