* ftpd.M: Resync with reality

	* Makefile.in (ftpd): Add libpty to link line.  Remove mention of
	logwtmp files.

	* ftpd.c: Fix up hostname logging to use
	pty_make_sane_hostname().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11253 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 105 insertions, 29 deletions

diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog
index d0bc86428..fd44a6077 100644
--- a/src/appl/gssftp/ftpd/ChangeLog
+++ b/src/appl/gssftp/ftpd/ChangeLog
@@ -1,3 +1,13 @@
+Mon Mar  8 23:47:51 1999  Tom Yu  <tlyu@mit.edu>
+
+	* ftpd.M: Resync with reality.
+
+	* Makefile.in (ftpd): Add libpty to link line.  Remove mention of
+	logwtmp files.
+
+	* ftpd.c: Fix up hostname logging to use
+	pty_make_sane_hostname().
+
 Thu Feb 25 23:31:37 1999  Tom Yu  <tlyu@mit.edu>
 
 	* ftpd.c (reply): Don't call secure_gss_error() or secure_error()
diff --git a/src/appl/gssftp/ftpd/Makefile.in b/src/appl/gssftp/ftpd/Makefile.in
index f232ad322..98d11ec96 100644
--- a/src/appl/gssftp/ftpd/Makefile.in
+++ b/src/appl/gssftp/ftpd/Makefile.in
@@ -15,14 +15,14 @@ LIBOBJS=@LIBOBJS@
 COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a
 FTPD_LIBS=@FTPD_LIBS@
 
-SRCS	= $(srcdir)/ftpd.c ftpcmd.c $(srcdir)/logwtmp.c $(srcdir)/popen.c \
+SRCS	= $(srcdir)/ftpd.c ftpcmd.c $(srcdir)/popen.c \
 	  $(srcdir)/vers.c \
 	  $(srcdir)/../ftp/glob.c \
 	  $(srcdir)/../ftp/radix.c \
 	  $(srcdir)/../ftp/secure.c \
 	  $(srcdir)/../../bsd/getdtablesize.c $(SETENVSRC)
 
-OBJS	= ftpd.o ftpcmd.o glob.o popen.o logwtmp.o vers.o radix.o \
+OBJS	= ftpd.o ftpcmd.o glob.o popen.o vers.o radix.o \
 	  secure.o $(LIBOBJS) $(SETENVOBJ)
 
 LOCALINCLUDE = -I$(srcdir)/.. -I$(srcdir) @KRB4_INCLUDES@
@@ -30,8 +30,8 @@ DEFINES = -DGSSAPI -DNOCONFIDENTIAL
 
 all::	ftpd
 
-ftpd:	$(OBJS) $(GSS_DEPLIBS) $(UTIL_DEPLIB) $(KRB4COMPAT_DEPLIBS)
-	$(CC_LINK) -o $@ $(OBJS) $(FTPD_LIBS) $(GSS_LIBS) $(UTIL_LIB) $(KRB4COMPAT_LIBS)
+ftpd:	$(OBJS) $(PTY_DEPLIB) $(GSS_DEPLIBS) $(UTIL_DEPLIB) $(KRB4COMPAT_DEPLIBS)
+	$(CC_LINK) -o $@ $(OBJS) $(FTPD_LIBS) $(PTY_LIB) $(GSS_LIBS) $(UTIL_LIB) $(KRB4COMPAT_LIBS)
 
 clean::
 	$(RM) ftpd ftpcmd.c
@@ -72,7 +72,6 @@ secure.o: $(srcdir)/secure.h
 ftpd.o: $(srcdir)/ftpd.c
 ftpcmd.o: ftpcmd.c
 popen.o: $(srcdir)/popen.c
-logwtmp.o: $(srcdir)/logwtmp.c
 vers.o: $(srcdir)/vers.c
 
 # NOPOSTFIX
diff --git a/src/appl/gssftp/ftpd/ftpd.M b/src/appl/gssftp/ftpd/ftpd.M
index 30d8c18b1..725eeee1d 100644
--- a/src/appl/gssftp/ftpd/ftpd.M
+++ b/src/appl/gssftp/ftpd/ftpd.M
@@ -43,6 +43,7 @@ Internet File Transfer Protocol server
 [\fB\-t\fP \fItimeout\fP] [\fB\-T\fP \fImaxtimeout\fP]
 [\fB\-p\fP \fIport\fP] [\fB\-u\fP \fIumask\fP]
 [\fB\-r\fP \fIrealm-file\fP] [\fB\-s\fP \fIsrvtab\fP]
+[\fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]]
 .SH DESCRIPTION
 .B Ftpd
 is the
@@ -117,6 +118,18 @@ Sets the name of the
 .I srvtab
 file to use for Kerberos V4 authentication.  The default value is normally
 .IR /etc/srvtab .
+.TP
+\fB\-w \fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]
+Controls the form of the remote hostname passed to login(1).
+Specifying \fBip\fP results in the numeric IP address always being
+passed to login(1).  Specifying a number, \fImaxhostlen\fP, sets the
+maximum length of the hostname passed to login(1) before it will be
+passed as a numeric IP address.  If \fImaxhostlen\fP is 0, then the
+system default, as determined by the utmp or utmpx structures, is
+used.  The \fBnostriplocal\fP and \fBstriplocal\fP options, which must
+be preceded by a comma, control whether or not the local host domain
+is stripped from the remote hostname.  By default, the equivalent of
+\fBstriplocal\fP is in effect.
 .PP
 The ftp server currently supports the following ftp requests; case is
 not distinguished.
diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c
index 5ca60871d..71709dcea 100644
--- a/src/appl/gssftp/ftpd/ftpd.c
+++ b/src/appl/gssftp/ftpd/ftpd.c
@@ -100,6 +100,7 @@ static char sccsid[] = "@(#)ftpd.c	5.40 (Berkeley) 7/2/91";
 #include <stdarg.h>
 #endif
 #include "pathnames.h"
+#include <libpty.h>
 
 #ifndef L_SET
 #define L_SET 0
@@ -206,6 +207,8 @@ char	tmpline[FTP_BUFSIZ];
 char    pathbuf[MAXPATHLEN + 1];
 char	hostname[MAXHOSTNAMELEN];
 char	remotehost[MAXHOSTNAMELEN];
+char	rhost_addra[16];
+char	*rhost_sane;
 
 /* Defines for authlevel */
 #define AUTHLEVEL_NONE		0
@@ -255,6 +258,10 @@ int initgroups(char* name, gid_t basegid) {
 }
 #endif
 
+int stripdomain = 1;
+int maxhostlen = 0;
+int always_ip = 0;
+
 main(argc, argv, envp)
 	int argc;
 	char *argv[];
@@ -376,6 +383,43 @@ main(argc, argv, envp)
 			goto nextopt;
 		    }
 
+		case 'w':
+		{
+			char *optarg;
+			if (*++cp != '\0')
+				optarg = cp;
+			else if (argc > 1) {
+				argc--;
+				argv++;
+				optarg = *argv;
+			} else {
+				fprintf(stderr, "ftpd: -w expects arg\n");
+				exit(1);
+			}
+
+			if (!strcmp(optarg, "ip"))
+				always_ip = 1;
+			else {
+				char *cp;
+				cp = strchr(optarg, ',');
+				if (cp == NULL)
+					maxhostlen = atoi(optarg);
+				else if (*(++cp)) {
+					if (!strcmp(cp, "striplocal"))
+						stripdomain = 1;
+					else if (!strcmp(cp, "nostriplocal"))
+						stripdomain = 0;
+					else {
+						fprintf(stderr,
+							"ftpd: bad arg to -w\n");
+						exit(1);
+					}
+					*(--cp) = '\0';
+					maxhostlen = atoi(optarg);
+				}
+			}
+			goto nextopt;
+		}
 		default:
 			fprintf(stderr, "ftpd: Unknown flag -%c ignored.\n",
 			     *cp);
@@ -697,8 +741,8 @@ user(name)
 			reply(530, "User %s access denied.", name);
 			if (logging)
 				syslog(LOG_NOTICE,
-				    "FTP LOGIN REFUSED FROM %s, %s",
-				    remotehost, name);
+				    "FTP LOGIN REFUSED FROM %s, %s (%s)",
+				    rhost_addra, remotehost, name);
 			pw = (struct passwd *) NULL;
 			return;
 		}
@@ -823,7 +867,7 @@ end_login()
 
 	(void) krb5_seteuid((uid_t)0);
 	if (logged_in)
-		ftp_logwtmp(ttyline, "", "");
+		pty_logwtmp(ttyline, "", "");
 	if (have_creds) {
 #ifdef GSSAPI
 		krb5_cc_destroy(kcontext, ccache);
@@ -1002,8 +1046,8 @@ pass(passwd)
 				reply(421,
 				      "Login incorrect, closing connection.");
 				syslog(LOG_NOTICE,
-				    "repeated login failures from %s",
-				    remotehost);
+				       "repeated login failures from %s (%s)",
+				       rhost_addra, remotehost);
 				dologout(0);
 			}
 			reply(530, "Login incorrect.");
@@ -1034,7 +1078,7 @@ login(passwd)
 
 	/* open wtmp before chroot */
 	(void) sprintf(ttyline, "ftp%d", getpid());
-	ftp_logwtmp(ttyline, pw->pw_name, remotehost);
+	pty_logwtmp(ttyline, pw->pw_name, rhost_sane);
 	logged_in = 1;
 
 	if (guest || restricted) {
@@ -1081,26 +1125,27 @@ login(passwd)
 	if (guest) {
 		reply(230, "Guest login ok, access restrictions apply.");
 #ifdef SETPROCTITLE
-		sprintf(proctitle, "%s: anonymous/%.*s", remotehost,
-		    sizeof(proctitle) - sizeof(remotehost) -
+		sprintf(proctitle, "%s: anonymous/%.*s", rhost_sane,
+		    sizeof(proctitle) - strlen(rhost_sane) -
 		    sizeof(": anonymous/"), passwd);
 		setproctitle(proctitle);
 #endif /* SETPROCTITLE */
 		if (logging)
-			syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s, %s",
-			    remotehost, passwd);
+			syslog(LOG_INFO,
+			       "ANONYMOUS FTP LOGIN FROM %s, %s (%s)",
+			       rhost_addra, remotehost, passwd);
 	} else {
 		if (askpasswd) {
 			askpasswd = 0;
 			reply(230, "User %s logged in.", pw->pw_name);
 		}
 #ifdef SETPROCTITLE
-		sprintf(proctitle, "%s: %s", remotehost, pw->pw_name);
+		sprintf(proctitle, "%s: %s", rhost_sane, pw->pw_name);
 		setproctitle(proctitle);
 #endif /* SETPROCTITLE */
 		if (logging)
-			syslog(LOG_INFO, "FTP LOGIN FROM %s, %s",
-			    remotehost, pw->pw_name);
+			syslog(LOG_INFO, "FTP LOGIN FROM %s, %s (%s)",
+			    rhost_addra, remotehost, pw->pw_name);
 	}
 	home = pw->pw_dir;		/* home dir for globbing */
 	(void) umask(defumask);
@@ -1603,9 +1648,8 @@ statcmd()
 
 	lreply(211, "%s FTP server status:", hostname, version);
 	reply(0, "     %s", version);
-	sprintf(str, "     Connected to %s", remotehost);
-	if (!isdigit(remotehost[0]))
-		sprintf(&str[strlen(str)], " (%s)", inet_ntoa(his_addr.sin_addr));
+	sprintf(str, "     Connected to %s", remotehost[0] ? remotehost : "");
+	sprintf(&str[strlen(str)], " (%s)", rhost_addra);
 	reply(0, "%s", str);
 	if (auth_type) reply(0, "     Authentication type: %s", auth_type);
 	if (logged_in) {
@@ -1918,21 +1962,31 @@ dolog(sin)
 		sizeof (struct in_addr), AF_INET);
 	time_t t, time();
 	extern char *ctime();
+	krb5_error_code retval;
 
-	if (hp)
+	if (hp != NULL) {
 		(void) strncpy(remotehost, hp->h_name, sizeof (remotehost));
-	else
-		(void) strncpy(remotehost, inet_ntoa(sin->sin_addr),
-		    sizeof (remotehost));
+		remotehost[sizeof (remotehost) - 1] = '\0';
+	} else
+		remotehost[0] = '\0';
+	strncpy(rhost_addra, inet_ntoa(sin->sin_addr), sizeof (rhost_addra));
+	rhost_addra[sizeof (rhost_addra) - 1] = '\0';
+	retval = pty_make_sane_hostname(sin, maxhostlen,
+					stripdomain, always_ip, &rhost_sane);
+	if (retval) {
+		fprintf(stderr, "make_sane_hostname: %s\n",
+			error_message(retval));
+		exit(1);
+	}
 #ifdef SETPROCTITLE
-	sprintf(proctitle, "%s: connected", remotehost);
+	sprintf(proctitle, "%s: connected", rhost_sane);
 	setproctitle(proctitle);
 #endif /* SETPROCTITLE */
 
 	if (logging) {
 		t = time((time_t *) 0);
-		syslog(LOG_INFO, "connection from %s at %s",
-		    remotehost, ctime(&t));
+		syslog(LOG_INFO, "connection from %s (%s) at %s",
+		    rhost_addra, remotehost, ctime(&t));
 	}
 }
 
@@ -1945,7 +1999,7 @@ dologout(status)
 {
 	if (logged_in) {
 		(void) krb5_seteuid((uid_t)0);
-		ftp_logwtmp(ttyline, "", "");
+		pty_logwtmp(ttyline, "", "");
 	}
 	if (have_creds) {
 #ifdef GSSAPI