From 84cdbf39c285b342d508d04f0fc9bad5d75376ae Mon Sep 17 00:00:00 2001 From: hsn <> Date: Mon, 8 Nov 2004 17:19:35 +0000 Subject: [PATCH] sync --- ChangeLog | 5 ++++ TODO | 8 +++---- clients/.cvsignore | 1 + doc/Makefile.am | 1 + fspd.conf | 6 +++-- include/common_def.h | 1 + include/fspinfo.h | 57 ++++++++++++++++++++++++++++++++++++++++++++ man/fspscan.1 | 15 ++++++++---- server/Makefile.am | 2 +- server/main.c | 15 +++++++++--- server/server.c | 4 ++-- 11 files changed, 99 insertions(+), 16 deletions(-) create mode 100644 include/fspinfo.h diff --git a/ChangeLog b/ChangeLog index c483b72..a94d6d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ + print key=, seq= in fspd debugs with fixed width for easy reading + added BUGS and HISTORY sections to fspscan.1 manual page + Lamerpack: disable most of command line options in fspd and print + simpler help message. + version 2.8.1b21 - 1 Nov 2004 check for errors while copying files in fspd. removed all the PROTOX macros junk. Tools for analyzing C source diff --git a/TODO b/TODO index 554838b..cd243ee 100644 --- a/TODO +++ b/TODO @@ -12,14 +12,13 @@ Write a simple FSP protocol testing tool Write a test suite using testing tool test for remote buffer overflows Test if >2GB files but <4GB works correctly with and without --disable-largefile -Test new command rename /when implemented/ SECURITY BUGS: symlink to FILE can escape from FSP root directory. OLD known problem. symlink support must be reworked before final release. PROTOCOL-RELATED BUGS: -fprocmd/fcdcmd do not support embedded servers correctly +none PORTING Sven's Slowaris 8 compile problem @@ -108,12 +107,13 @@ libraries and support for FSP protocol DONE: FSP library for Java DONE: FSP over HTTP -FSP plugin do Netscape/MSIE. Not possible to write protocol plugins? +FSP plugin for Netscape/MSIE. + Not possible to write protocol plugins with Netscape 3 SDK we have fsproxy now. WIP: new small,light fsplib for C. FSP backend for APT Transfer HTTP over fsp transport -FSP support to lftp,wget,curl +FSP support to lftp,wget,curl,gftp AVFS plugin http://sourceforge.net/projects/avf LARGEFILES64 how to turn them on: diff --git a/clients/.cvsignore b/clients/.cvsignore index 4fc0e0c..45b424f 100644 --- a/clients/.cvsignore +++ b/clients/.cvsignore @@ -19,3 +19,4 @@ fstatcmd fver .deps fspprof.c +fmvcmd diff --git a/doc/Makefile.am b/doc/Makefile.am index e1c461d..524e2ad 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -6,3 +6,4 @@ noinst_DATA = fsp-faq.html SUFFIXES = .html .sgml .sgml.html: sgmlfmt -d docbook -f html $< +# jade -t sgml -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl $< diff --git a/fspd.conf b/fspd.conf index a042665..99995d5 100644 --- a/fspd.conf +++ b/fspd.conf @@ -80,8 +80,10 @@ vercommand on dircache 100 # 'use_prebuild_dirlists' allows to load/save prebuilded directories -# listing from filesystem. It is a good idea to allow that. -# Do not use on Win32 system. +# listing from filesystem. It is a good idea to allow that, because it +# helps server performance. Disable it only if you dislike .FSP_CONTENT +# file in every directory. +# Do not use on Win32 system! #use_prebuild_dirlists yes # The 'statcache' command controls how many directories are placed into diff --git a/include/common_def.h b/include/common_def.h index 0b07aae..c18ac5e 100644 --- a/include/common_def.h +++ b/include/common_def.h @@ -96,6 +96,7 @@ typedef struct UBUF { unsigned char cmd; /* message code. */ /* definition of cmds */ #define CC_VERSION 0x10 /* return server's version string. */ +#define CC_INFO 0x11 /* return server's extended info block */ #define CC_ERR 0x40 /* error response from server. */ #define CC_GET_DIR 0x41 /* get a directory listing. */ #define CC_GET_FILE 0x42 /* get a file. */ diff --git a/include/fspinfo.h b/include/fspinfo.h new file mode 100644 index 0000000..0e826c3 --- /dev/null +++ b/include/fspinfo.h @@ -0,0 +1,57 @@ +/* Header with keys for CC_INFO Command */ + +#define INFO_EOB 0x0000 +#define INFO_SKIP 0x2a2a +/* numeric values */ + +/* users values */ +#define INFO_USERS_ONLINE 0x0001 +#define INFO_USERS_ONLINE_DESCR "Users online" +#define INFO_USERS_SEEN 0x0002 +#define INFO_USERS_SEEN_DESCR "Users seen" + +#define INFO_PKT_IN 0x0010 +#define INFO_PKT_IN_DESCR "Packets in" +#define INFO_PKT_IN_RESENDS 0x0011 +#define INFO_PKT_IN_RESENDS_DESCR "Accepted resends" +#define INFO_PKT_IN_DROPRESENDS 0x0012 +#define INFO_PKT_IN_DROPRESENDS_DESCR "Ignored too early resends" +#define INFO_PKT_IN_CORRUPTED 0x0013 +#define INFO_PKT_IN_CORRUPTED_DESCR "Corrupted packets" +#define INFO_PKT_IN_BADKEY 0x0014 +#define INFO_PKT_IN_BADKEY_DESCR "Droped because of bad key" +#define INFO_PKT_IN_IGNORED 0x0015 +#define INFO_PKT_IN_IGNORED_DESCR "Droped because host is ignored" +#define INFO_PKT_IN_REJECTED 0x0016 +#define INFO_PKT_IN_REJECTED_DESCR "Dropped because host is rejected" + +#define INFO_PKT_OUT 0x0020 +#define INFO_PKT_OUT_DESCR "Packets out" + +#define INFO_TRAFFIC_IN 0x0030 +#define INFO_TRAFFIC_IN_DESCR "Inbound traffic (MB)" +#define INFO_TRAFFIC_OUT 0x0031 +#define INFO_TRAFFIC_OUT_DESCR "Outbound traffic (MB)" + +#define INFO_NUMERIC_MAX 0x1fff + +/* time values */ +#define INFO_STARTUP 0x2000 +#define INFO_STARTUP_DESCR "Server started" +#define INFO_STATSUP 0x2001 +#define INFO_STATSUP_DESCR "Statistics last cleared" + +#define INFO_TIME_MAX 0x3fff +/* string values */ + +/* server info */ +#define INFO_SERVER_SOFTWARE 0x4000 +#define INFO_SERVER_SOFTWARE_DESCR "Server software" +#define INFO_SERVER_NAME 0x4001 +#define INFO_SERVER_NAME_DESCR "Server name" +#define INFO_SERVER_LOCATION 0x4002 +#define INFO_SERVER_LOCATION_DESCR "Server location" +#define INFO_SERVER_OPERATOR 0x4003 +#define INFO_SERVER_OPERATOR_DESCR "Server operator" + +#define INFO_STRING_MAX 0x5fff diff --git a/man/fspscan.1 b/man/fspscan.1 index 1170dd9..f3360c1 100644 --- a/man/fspscan.1 +++ b/man/fspscan.1 @@ -1,7 +1,7 @@ -.TH FSPSCAN 1 "28 September 2003" FSP +.TH FSPSCAN 1 "Oct 2004" FSP .SH NAME -fspscan is a small tool to scan hosts for a running fsp server +fspscan is a small tool to scan host for a running fsp server .SH SYNOPSIS .B fspscan @@ -38,8 +38,15 @@ the server version and the port. -- help, print out a short help and the default values .SH BUGS -fspscan is not fastest scanning tool on the earth. - +fspscan is not fastest scanning tool on the earth. This program is +known in the wild as FSP exploit. Detection can be avoided by +disabling CC_VERSION command on server side. +.SH HISTORY +This program was written in late 1992 by Cuda and quickly becomes must have +tool for every FSP fan. In September 2003 +it was adapted to modern C compilers and added to FSP suite by Radim +Kolar. Because most value of this program is purely historic, fixes +to this program are kept at minimal amount. .SH "SEE ALSO" .PD fcatcmd(1), fcdcmd(1), fgetcmd(1), fgrabcmd(1), flscmd(1), fmkdir(1), diff --git a/server/Makefile.am b/server/Makefile.am index a520446..5dfda96 100644 --- a/server/Makefile.am +++ b/server/Makefile.am @@ -3,7 +3,7 @@ bin_PROGRAMS=fspd fspd_SOURCES=file.c host.c main.c conf.c server.c fifocache.c \ - log.c iprange.c acl.c path.c random.c pidfile.c + log.c iprange.c acl.c path.c random.c pidfile.c info.c fspd_CFLAGS=-DSYSCONFDIR="\"@sysconfdir@\"" $(AM_CFLAGS) fspd_LDADD=-L../common -lcommon $(EX_LIBS) diff --git a/server/main.c b/server/main.c index e03a56a..5ee0d85 100644 --- a/server/main.c +++ b/server/main.c @@ -1,5 +1,5 @@ /*********************************************************************\ - * Copyright (c) 2003 by Radim Kolar (hsn@cybermail.net) * + * Copyright (c) 2003,2004 by Radim Kolar (hsn netmag.cz ) * * Copyright (c) 1991 by Wen-King Su (wen-king@vlsi.cs.caltech.edu) * * * * You may copy or modify this file in any manner you wish, provided * @@ -42,7 +42,11 @@ static void display_version (void) static void arg_err (void) { +#ifndef LAMERPACK fputs("Usage: fspd [-f configfile] [-d directory] [-v|-V] [-i] [-F] [-p port] [-X] [-t timeout] [-T temporary directory] [-l logfile] [-P pidlogname] [-b bytes/sec]\n", stderr); +#else + fputs("Usage: fspd [-d directory] [-p port] [-T temporary directory] [-l logfile] [-b bytes/sec]\n", stderr); +#endif } static void check_required_vars (void) @@ -133,8 +137,13 @@ int main (int argc, char ** argv) if(strlen(argv[0])>=7) inetd_mode = !strcasecmp(&argv[0][strlen(argv[0])-7],"in.fspd"); - - while( (opt=getopt(argc,argv,"h?Xd:f:vVip:t:FT:l:P:b:"))!=EOF) + while( (opt=getopt(argc,argv, +#ifndef LAMERPACK + "h?Xd:f:vVip:t:FT:l:P:b:" +#else + "d:p:T:l:b:h?" +#endif + ))!=EOF) { switch(opt) { diff --git a/server/server.c b/server/server.c index e4262ac..0b7b3b0 100644 --- a/server/server.c +++ b/server/server.c @@ -311,7 +311,7 @@ int server_reply (struct sockaddr_in *from, UBUF * ub, unsigned int thcsum; if(dbug) - fprintf(stderr,"snd (%s,key=0x%0X,seq=0x%0X,len=%d,len2=%d,pos=%u) ---> %d.%d.%d.%d\n", + fprintf(stderr,"snd (%s,key=0x%04X,seq=0x%04X,len=%d,len2=%d,pos=%u) ---> %d.%d.%d.%d\n", print_command(ub->cmd), BB_READ2(ub->bb_key), BB_READ2(ub->bb_seq),len1, len2, BB_READ4(ub->bb_pos), ((unsigned char *)(&(from->sin_addr.s_addr)))[0], ((unsigned char *)(&(from->sin_addr.s_addr)))[1], @@ -491,7 +491,7 @@ static void server_process_packet (unsigned bytes, UBUF * ub, int old, } } - if(dbug) fprintf(stderr,"rcv (%s,key=0x%0X,seq=0x%0X,len=%d,len2=%d,pos=%lu) <--- %s\n", print_command(ub->cmd), BB_READ2(ub->bb_key),BB_READ2(ub->bb_seq),l1, l2, + if(dbug) fprintf(stderr,"rcv (%s,key=0x%04X,seq=0x%04X,len=%d,len2=%d,pos=%lu) <--- %s\n", print_command(ub->cmd), BB_READ2(ub->bb_key),BB_READ2(ub->bb_seq),l1, l2, pos, inetstr); if(!old) {