aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDuncaen <mail@duncano.de>2018-04-04 17:07:08 +0200
committerDuncaen <mail@duncano.de>2018-04-04 17:32:09 +0200
commita6d207d3b85ca2868a7c278cc14f68269fb39a17 (patch)
tree7496dac9db1a01d19243a4cbff962d9d17870bd8
parente502ff0c7b11a4b9ba702eabac24431b959e8d3e (diff)
downloadlobase-a6d207d3b85ca2868a7c278cc14f68269fb39a17.tar.gz
usr.bin/ftp: update to OPENBSD_6_3
-rw-r--r--usr.bin/ftp/cmds.c5
-rw-r--r--usr.bin/ftp/fetch.c73
-rw-r--r--usr.bin/ftp/ftp.111
-rw-r--r--usr.bin/ftp/ftp_var.h3
-rw-r--r--usr.bin/ftp/main.c34
-rw-r--r--usr.bin/ftp/util.c28
6 files changed, 95 insertions, 59 deletions
diff --git a/usr.bin/ftp/cmds.c b/usr.bin/ftp/cmds.c
index ca79942..33e94bc 100644
--- a/usr.bin/ftp/cmds.c
+++ b/usr.bin/ftp/cmds.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmds.c,v 1.79 2017/01/21 08:33:07 krw Exp $ */
+/* $OpenBSD: cmds.c,v 1.80 2018/01/24 13:25:25 tb Exp $ */
/* $NetBSD: cmds.c,v 1.27 1997/08/18 10:20:15 lukem Exp $ */
/*
@@ -990,8 +990,7 @@ shell(int argc, char *argv[])
old1 = signal (SIGINT, SIG_IGN);
old2 = signal (SIGQUIT, SIG_IGN);
if ((pid = fork()) == 0) {
- for (pid = 3; pid < 20; pid++)
- (void)close(pid);
+ (void)closefrom(3);
(void)signal(SIGINT, SIG_DFL);
(void)signal(SIGQUIT, SIG_DFL);
shellp = getenv("SHELL");
diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c
index 8511d29..7420e88 100644
--- a/usr.bin/ftp/fetch.c
+++ b/usr.bin/ftp/fetch.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: fetch.c,v 1.164 2017/09/25 11:04:54 krw Exp $ */
+/* $OpenBSD: fetch.c,v 1.167 2018/02/10 06:25:16 jsing Exp $ */
/* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */
/*-
@@ -191,7 +191,7 @@ url_get(const char *origline, const char *proxyenv, const char *outfile, int las
const char * volatile savefile;
char * volatile proxyurl = NULL;
char *credentials = NULL;
- volatile int s = -1, out = -1;
+ volatile int fd = -1, out = -1;
volatile sig_t oldintr, oldinti;
FILE *fin = NULL;
off_t hashbytes;
@@ -366,13 +366,13 @@ noslash:
if (isfileurl) {
struct stat st;
- s = open(path, O_RDONLY);
- if (s == -1) {
+ fd = open(path, O_RDONLY);
+ if (fd == -1) {
warn("Can't open file %s", path);
goto cleanup_url_get;
}
- if (fstat(s, &st) == -1)
+ if (fstat(fd, &st) == -1)
filesize = -1;
else
filesize = st.st_size;
@@ -401,7 +401,7 @@ noslash:
warn("Can't fstat %s", savefile);
goto cleanup_url_get;
}
- if (lseek(s, st.st_size, SEEK_SET) == -1) {
+ if (lseek(fd, st.st_size, SEEK_SET) == -1) {
warn("Can't lseek %s", path);
goto cleanup_url_get;
}
@@ -431,7 +431,7 @@ noslash:
/* Finally, suck down the file. */
i = 0;
oldinti = signal(SIGINFO, psummary);
- while ((len = read(s, buf, buflen)) > 0) {
+ while ((len = read(fd, buf, buflen)) > 0) {
bytes += len;
for (cp = buf; len > 0; len -= i, cp += i) {
if ((i = write(out, cp, len)) == -1) {
@@ -537,7 +537,7 @@ noslash:
if (verbose)
setvbuf(ttyout, NULL, _IOLBF, 0);
- s = -1;
+ fd = -1;
for (res = res0; res; res = res->ai_next) {
if (getnameinfo(res->ai_addr, res->ai_addrlen, hbuf,
sizeof(hbuf), NULL, 0, NI_NUMERICHOST) != 0)
@@ -545,8 +545,8 @@ noslash:
if (verbose)
fprintf(ttyout, "Trying %s...\n", hbuf);
- s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
- if (s == -1) {
+ fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (fd == -1) {
cause = "socket";
continue;
}
@@ -554,17 +554,17 @@ noslash:
#ifndef SMALL
if (srcaddr) {
if (ares->ai_family != res->ai_family) {
- close(s);
- s = -1;
+ close(fd);
+ fd = -1;
errno = EINVAL;
cause = "bind";
continue;
}
- if (bind(s, ares->ai_addr, ares->ai_addrlen) < 0) {
+ if (bind(fd, ares->ai_addr, ares->ai_addrlen) < 0) {
save_errno = errno;
- close(s);
+ close(fd);
errno = save_errno;
- s = -1;
+ fd = -1;
cause = "bind";
continue;
}
@@ -576,14 +576,14 @@ noslash:
alarmtimer(connect_timeout);
}
- for (error = connect(s, res->ai_addr, res->ai_addrlen);
- error != 0 && errno == EINTR; error = connect_wait(s))
+ for (error = connect(fd, res->ai_addr, res->ai_addrlen);
+ error != 0 && errno == EINTR; error = connect_wait(fd))
continue;
if (error != 0) {
save_errno = errno;
- close(s);
+ close(fd);
errno = save_errno;
- s = -1;
+ fd = -1;
cause = "connect";
continue;
}
@@ -597,7 +597,7 @@ noslash:
#ifndef NOSSL
if (proxyenv && sslhost)
- proxy_connect(s, sslhost, credentials);
+ proxy_connect(fd, sslhost, credentials);
#endif /* !NOSSL */
break;
}
@@ -606,7 +606,7 @@ noslash:
if (srcaddr)
freeaddrinfo(ares);
#endif /* !SMALL */
- if (s < 0) {
+ if (fd < 0) {
warn("%s", cause);
goto cleanup_url_get;
}
@@ -632,15 +632,17 @@ noslash:
tls_error(tls));
goto cleanup_url_get;
}
- if (tls_connect_socket(tls, s, sslhost) != 0) {
+ if (tls_connect_socket(tls, fd, sslhost) != 0) {
fprintf(ttyout, "SSL failure: %s\n", tls_error(tls));
goto cleanup_url_get;
}
} else {
- fin = fdopen(s, "r+");
+ fin = fdopen(fd, "r+");
+ fd = -1;
}
#else /* !NOSSL */
- fin = fdopen(s, "r+");
+ fin = fdopen(fd, "r+");
+ fd = -1;
#endif /* !NOSSL */
#ifdef SMALL
@@ -914,10 +916,14 @@ noslash:
*loctail = '\0';
if (verbose)
fprintf(ttyout, "Redirected to %s\n", redirurl);
- if (fin != NULL)
+ if (fin != NULL) {
fclose(fin);
- else if (s != -1)
- close(s);
+ fin = NULL;
+ }
+ if (fd != -1) {
+ close(fd);
+ fd = -1;
+ }
rval = url_get(redirurl, proxyenv, savefile, lastfile);
free(redirurl);
goto cleanup_url_get;
@@ -1033,6 +1039,9 @@ improper:
cleanup_url_get:
#ifndef NOSSL
if (tls != NULL) {
+ if (tls_session_fd != -1)
+ dprintf(STDERR_FILENO, "tls session resumed: %s\n",
+ tls_conn_session_resumed(tls) ? "yes" : "no");
do {
i = tls_close(tls);
} while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT);
@@ -1041,10 +1050,14 @@ cleanup_url_get:
free(full_host);
free(sslhost);
#endif /* !NOSSL */
- if (fin != NULL)
+ if (fin != NULL) {
fclose(fin);
- else if (s != -1)
- close(s);
+ fin = NULL;
+ }
+ if (fd != -1) {
+ close(fd);
+ fd = -1;
+ }
if (out >= 0 && out != fileno(stdout))
close(out);
free(buf);
diff --git a/usr.bin/ftp/ftp.1 b/usr.bin/ftp/ftp.1
index 3f93dbb..2527b7e 100644
--- a/usr.bin/ftp/ftp.1
+++ b/usr.bin/ftp/ftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ftp.1,v 1.107 2017/01/25 07:21:18 jmc Exp $
+.\" $OpenBSD: ftp.1,v 1.108 2018/02/10 06:25:16 jsing Exp $
.\" $NetBSD: ftp.1,v 1.22 1997/08/18 10:20:22 lukem Exp $
.\"
.\" Copyright (c) 1985, 1989, 1990, 1993
@@ -30,7 +30,7 @@
.\"
.\" @(#)ftp.1 8.3 (Berkeley) 10/9/94
.\"
-.Dd $Mdocdate: January 25 2017 $
+.Dd $Mdocdate: February 10 2018 $
.Dt FTP 1
.Os
.Sh NAME
@@ -253,6 +253,13 @@ Don't perform server certificate validation.
Require the server to present a valid OCSP stapling in the TLS handshake.
.It Cm noverifytime
Disable validation of certificate times and OCSP validation.
+.It Cm session Ns = Ns Ar /path/to/session
+Specify a file to use for TLS session data.
+If this file has a non-zero length, the session data will be read from this file
+and the client will attempt to resume the TLS session with the server.
+Upon completion of a successful TLS handshake this file will be updated
+with new session data, if available.
+This file will be created if it does not already exist.
.El
.Pp
By default, server certificate validation is performed, and if it fails
diff --git a/usr.bin/ftp/ftp_var.h b/usr.bin/ftp/ftp_var.h
index 952eb94..de6b1b1 100644
--- a/usr.bin/ftp/ftp_var.h
+++ b/usr.bin/ftp/ftp_var.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ftp_var.h,v 1.40 2017/01/21 08:33:07 krw Exp $ */
+/* $OpenBSD: ftp_var.h,v 1.41 2018/02/10 06:25:16 jsing Exp $ */
/* $NetBSD: ftp_var.h,v 1.18 1997/08/18 10:20:25 lukem Exp $ */
/*
@@ -227,4 +227,5 @@ extern struct cmd cmdtab[];
#ifndef NOSSL
extern struct tls_config *tls_config;
+extern int tls_session_fd;
#endif /* !NOSSL */
diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c
index 66642f9..eae8ec8 100644
--- a/usr.bin/ftp/main.c
+++ b/usr.bin/ftp/main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: main.c,v 1.119 2017/01/24 23:47:34 beck Exp $ */
+/* $OpenBSD: main.c,v 1.120 2018/02/10 06:25:16 jsing Exp $ */
/* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */
/*
@@ -67,6 +67,7 @@
#include <ctype.h>
#include <err.h>
+#include <fcntl.h>
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
@@ -84,26 +85,29 @@ int connect_timeout;
#ifndef NOSSL
char * const ssl_verify_opts[] = {
-#define SSL_CAFILE 0
+#define SSL_CAFILE 0
"cafile",
-#define SSL_CAPATH 1
+#define SSL_CAPATH 1
"capath",
-#define SSL_CIPHERS 2
+#define SSL_CIPHERS 2
"ciphers",
-#define SSL_DONTVERIFY 3
+#define SSL_DONTVERIFY 3
"dont",
-#define SSL_DOVERIFY 4
+#define SSL_DOVERIFY 4
"do",
-#define SSL_VERIFYDEPTH 5
+#define SSL_VERIFYDEPTH 5
"depth",
-#define SSL_MUSTSTAPLE 6
+#define SSL_MUSTSTAPLE 6
"muststaple",
#define SSL_NOVERIFYTIME 7
"noverifytime",
+#define SSL_SESSION 8
+ "session",
NULL
};
struct tls_config *tls_config;
+int tls_session_fd = -1;
static void
process_ssl_options(char *cp)
@@ -157,6 +161,18 @@ process_ssl_options(char *cp)
case SSL_NOVERIFYTIME:
tls_config_insecure_noverifytime(tls_config);
break;
+ case SSL_SESSION:
+ if (str == NULL)
+ errx(1, "missing session file");
+ if ((tls_session_fd = open(str, O_RDWR|O_CREAT,
+ 0600)) == -1)
+ err(1, "failed to open or create session file "
+ "'%s'", str);
+ if (tls_config_set_session_fd(tls_config,
+ tls_session_fd) == -1)
+ errx(1, "failed to set session: %s",
+ tls_config_error(tls_config));
+ break;
default:
errx(1, "unknown -S suboption `%s'",
suboptarg ? suboptarg : "");
@@ -276,7 +292,7 @@ main(volatile int argc, char *argv[])
errx(1, "tls set ciphers failed: %s",
tls_config_error(tls_config));
}
-#endif /* !SMALL */
+#endif /* !NOSSL */
httpuseragent = NULL;
diff --git a/usr.bin/ftp/util.c b/usr.bin/ftp/util.c
index 8fa6c1b..1c82f3f 100644
--- a/usr.bin/ftp/util.c
+++ b/usr.bin/ftp/util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: util.c,v 1.85 2017/09/05 05:37:35 jca Exp $ */
+/* $OpenBSD: util.c,v 1.86 2017/12/23 20:04:23 cheloha Exp $ */
/* $NetBSD: util.c,v 1.12 1997/08/18 10:20:27 lukem Exp $ */
/*-
@@ -744,7 +744,7 @@ updateprogressmeter(int signo)
* with flag = 0
* - After the transfer, call with flag = 1
*/
-static struct timeval start;
+static struct timespec start;
char *action;
@@ -757,21 +757,21 @@ progressmeter(int flag, const char *filename)
*/
static const char prefixes[] = " KMGTP";
- static struct timeval lastupdate;
+ static struct timespec lastupdate;
static off_t lastsize;
static char *title = NULL;
- struct timeval now, td, wait;
+ struct timespec now, td, wait;
off_t cursize, abbrevsize;
double elapsed;
int ratio, barlength, i, remaining, overhead = 30;
char buf[512];
if (flag == -1) {
- (void)gettimeofday(&start, NULL);
+ clock_gettime(CLOCK_MONOTONIC, &start);
lastupdate = start;
lastsize = restart_point;
}
- (void)gettimeofday(&now, NULL);
+ clock_gettime(CLOCK_MONOTONIC, &now);
if (!progress || filesize < 0)
return;
cursize = bytes + restart_point;
@@ -851,19 +851,19 @@ progressmeter(int flag, const char *filename)
" %5lld %c%c ", (long long)abbrevsize, prefixes[i],
prefixes[i] == ' ' ? ' ' : 'B');
- timersub(&now, &lastupdate, &wait);
+ timespecsub(&now, &lastupdate, &wait);
if (cursize > lastsize) {
lastupdate = now;
lastsize = cursize;
if (wait.tv_sec >= STALLTIME) { /* fudge out stalled time */
start.tv_sec += wait.tv_sec;
- start.tv_usec += wait.tv_usec;
+ start.tv_nsec += wait.tv_nsec;
}
wait.tv_sec = 0;
}
- timersub(&now, &start, &td);
- elapsed = td.tv_sec + (td.tv_usec / 1000000.0);
+ timespecsub(&now, &start, &td);
+ elapsed = td.tv_sec + (td.tv_nsec / 1000000000.0);
if (flag == 1) {
i = (int)elapsed / 3600;
@@ -921,7 +921,7 @@ progressmeter(int flag, const char *filename)
void
ptransfer(int siginfo)
{
- struct timeval now, td;
+ struct timespec now, td;
double elapsed;
off_t bs;
int meg, remaining, hh;
@@ -930,9 +930,9 @@ ptransfer(int siginfo)
if (!verbose && !siginfo)
return;
- (void)gettimeofday(&now, NULL);
- timersub(&now, &start, &td);
- elapsed = td.tv_sec + (td.tv_usec / 1000000.0);
+ clock_gettime(CLOCK_MONOTONIC, &now);
+ timespecsub(&now, &start, &td);
+ elapsed = td.tv_sec + (td.tv_nsec / 1000000000.0);
bs = bytes / (elapsed == 0.0 ? 1 : elapsed);
meg = 0;
if (bs > (1024 * 1024))