NetBSD Problem Report #26555

Received: (qmail 27387 invoked by uid 605); 5 Aug 2004 12:44:27 -0000
Message-Id: <200408051229.i75CTbaX029128@veracruz.starfleet.univ-paris7.fr>
Date: Thu, 5 Aug 2004 14:29:37 +0200 (CEST)
From: seb@ssr.univ-paris7.fr
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: seb@starfleet.univ-paris7.fr
To: gnats-bugs@gnats.NetBSD.org
Subject: numeral IPv6 support for ftpusers(5)
X-Send-Pr-Version: 3.95

>Number:         26555
>Category:       bin
>Synopsis:       numeral IPv6 support for ftpusers(5)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lukem
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Aug 05 12:45:00 +0000 2004
>Closed-Date:    Sun Sep 21 06:14:47 +0000 2008
>Last-Modified:  Sun Sep 21 06:14:47 +0000 2008
>Originator:     Stoned Elipot
>Release:        NetBSD 2.0G
>Organization:
>Environment:
System: NetBSD runabout 2.0G NetBSD 2.0G (RUNABOUT) #1: Tue Aug 3 13:11:44 CEST 2004 seb@runabout:/u/seb/src/RUNABOUT/kernel/compile i386
Architecture: i386
Machine: i386
>Description:
ftpusers(5) supports numeral IPv4 but not IPv6. The enclosed patch adds
adds numeral IPv6 support.
>How-To-Repeat:
Try adding a numeral IPv6 specification in ftpusers(5)
>Fix:

Index: ftpd.c
===================================================================
RCS file: /cvsroot/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.157
diff -u -u -r1.157 ftpd.c
--- ftpd.c	10 Dec 2003 01:18:56 -0000	1.157
+++ ftpd.c	5 Aug 2004 11:57:20 -0000
@@ -792,6 +792,63 @@
 }

 /*
+ * Return 1 if client address is in network 'net' 0 otherwise.
+ */
+static int
+match_his_prefix(char *net)
+{
+	int bits, nbits, nbytes;
+	unsigned char *phisaddr, *pnetaddr;
+	size_t netaddrsz;
+	struct in_addr netaddr4;
+#ifdef INET6
+	struct in6_addr netaddr6;
+#endif
+
+	if (strchr(net, ':') != NULL) {
+		if (his_addr.su_family == AF_INET)
+			return (0);
+	} else {
+		if (his_addr.su_family == AF_INET6)
+			return (0);
+	}
+
+	switch (his_addr.su_family) {
+	case AF_INET:
+		phisaddr = (unsigned char*) &his_addr.su_addr;
+		pnetaddr = (void *)&netaddr4;
+		netaddrsz = sizeof(netaddr4);
+		break;
+#ifdef INET6
+	case AF_INET6:
+		phisaddr = (unsigned char*) &his_addr.su_6addr;
+		pnetaddr = (void *)&netaddr6;
+		netaddrsz = sizeof(netaddr6);
+		break;
+#endif
+	default:
+		return (0);
+	}
+	bits = inet_net_pton(his_addr.su_family, net, pnetaddr, netaddrsz);
+	if (bits == -1)
+		return (0);
+	nbytes = bits / 8;
+	nbits = bits % 8;
+	if (nbytes > 0)
+		if (memcmp(phisaddr, pnetaddr, nbytes) != 0)
+			return (0);
+	if (nbits > 0) {
+		unsigned int bhis, bnetaddr, mask;
+		bhis = phisaddr[nbytes];
+		bnetaddr = pnetaddr[nbytes];
+		mask = (0xff << (8 - nbits)) & 0xff;
+		if ((bhis & mask) != (bnetaddr & mask))
+			return (0);
+	}
+	return (1);
+}
+
+/*
  * Determine whether something is to happen (allow access, chroot)
  * for a user. Each line is a shell-style glob followed by
  * `yes' or `no'.
@@ -859,18 +916,14 @@

 					/* have a host specifier */
 		if ((p = strchr(word, '@')) != NULL) {
-			unsigned long	net, mask, addr;
-			int		bits;
-
 			*p++ = '\0';
 					/* check against network or CIDR */
-			if (isdigit(*p) &&
-			    (bits = inet_net_pton(AF_INET, p,
-			    &net, sizeof(net))) != -1) {
-				net = ntohl(net);
-				mask = 0xffffffffU << (32 - bits);
-				addr = ntohl(his_addr.su_addr.s_addr);
-				if ((addr & mask) != net)
+			if (isdigit(*p)
+#ifdef INET6
+			   || (*p == ':')
+#endif
+			   ) {
+				if (match_his_prefix(p) == 0)
 					continue;

 					/* check against hostname glob */
>Release-Note:
>Audit-Trail:

From: Stoned Elipot <seb@ssr.univ-paris7.fr>
To: gnats-bugs@gnats.NetBSD.org
Cc:  
Subject: Re: bin/26555: numeral IPv6 support for ftpusers(5)
Date: Sun, 22 Aug 2004 16:06:07 +0200

 I should add that the code for the match_his_prefix() function comes
 from Bind sources: see src/bind/lib/isc/netaddr.c:isc_netaddr_eqprefix().

From: Stoned Elipot <seb@ssr.univ-paris7.fr>
To: gnats-bugs@gnats.NetBSD.org
Cc:  
Subject: Re: bin/26555: numeral IPv6 support for ftpusers(5)
Date: Sun, 22 Aug 2004 16:08:41 +0200

 Two minor tweaks..

 On Thu, Aug 05, 2004 at 02:29:37PM +0200, seb@ssr.univ-paris7.fr wrote:
 > +	switch (his_addr.su_family) {
 > +	case AF_INET:
 > +		phisaddr = (unsigned char*) &his_addr.su_addr;
                             ^^^^^^^^^^^^^^ void *
 > +		pnetaddr = (void *)&netaddr4;
 > +		netaddrsz = sizeof(netaddr4);
 > +		break;
 > +#ifdef INET6
 > +	case AF_INET6:
 > +		phisaddr = (unsigned char*) &his_addr.su_6addr;
                             ^^^^^^^^^^^^^^ void *
 > +		pnetaddr = (void *)&netaddr6;
 > +		netaddrsz = sizeof(netaddr6);
 > +		break;
 > +#endif

From: Stoned Elipot <seb@ssr.univ-paris7.fr>
To: gnats-bugs@gnats.NetBSD.org
Cc:  
Subject: Re: bin/26555: numeral IPv6 support for ftpusers(5)
Date: Sun, 22 Aug 2004 16:12:38 +0200

 Actually phisaddr and pnetaddr should be declared as unsigned char *
 or void * and the castings made consistent.
Responsible-Changed-From-To: bin-bug-people->lukem
Responsible-Changed-By: lukem@NetBSD.org
Responsible-Changed-When: Tue, 16 Sep 2008 12:32:11 +0000
Responsible-Changed-Why:
I'll take it.


State-Changed-From-To: open->feedback
State-Changed-By: lukem@NetBSD.org
State-Changed-When: Tue, 16 Sep 2008 12:32:11 +0000
State-Changed-Why:
Does the latest version of ftpd in -current (20080916 or newer)
solve the problem?
I used a different patch, derived from the one the FreeBSD tnftpd port
has, because that added an enhancement to -C as well.


From: Luke Mewburn <lukem@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/26555 CVS commit: src/libexec/ftpd
Date: Tue, 16 Sep 2008 12:30:38 +0000 (UTC)

 Module Name:	src
 Committed By:	lukem
 Date:		Tue Sep 16 12:30:38 UTC 2008

 Modified Files:
 	src/libexec/ftpd: ftpd.8 ftpd.c version.h

 Log Message:
 Enhance -C to support an optional @host ('-C user[@host]'):
 checks whether user as connecting from host would be granted
 access by ftpusers(5).

 Support IPv6 in the host directive of ftpusers(5).
 (May resolve PR 26555)

 Both features from Rudolf Cejka <cejkar@fit.vutbr.cz>
 (FreeBSD's tnftpd port maintainer).


 To generate a diff of this commit:
 cvs rdiff -r1.80 -r1.81 src/libexec/ftpd/ftpd.8
 cvs rdiff -r1.187 -r1.188 src/libexec/ftpd/ftpd.c
 cvs rdiff -r1.69 -r1.70 src/libexec/ftpd/version.h

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Stoned Elipot <seb@ssr.univ-paris-diderot.fr>
To: gnats-bugs@NetBSD.org
Cc: lukem@NetBSD.org, gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org
Subject: Re: bin/26555 (numeral IPv6 support for ftpusers(5))
Date: Sat, 20 Sep 2008 14:39:34 +0200

 Hi,

 On Tue, Sep 16, 2008 at 12:32:13PM +0000, lukem@NetBSD.org wrote:
 > Does the latest version of ftpd in -current (20080916 or newer)
 > solve the problem?
 > I used a different patch, derived from the one the FreeBSD tnftpd port
 > has, because that added an enhancement to -C as well.

 Yes it solves the problem. Many thanks!
 Cheers, Stoned.

State-Changed-From-To: feedback->closed
State-Changed-By: lukem@NetBSD.org
State-Changed-When: Sun, 21 Sep 2008 06:14:47 +0000
State-Changed-Why:
Submitter confirms functionality now present.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.