netutils/vsftpd
1
0
Fork 0
mirror of https://github.com/InfrastructureServices/vsftpd.git synced 2025-04-19 01:24:02 +03:00
Code

Updated to v1.2.2

Browse Source
This commit is contained in:
Dag Wieers 2004-04-26 00:00:00 +02:00
parent 8c2b3b01b5
commit 8e72d5f29a
25 changed files with 183 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Changelog
View File

@ -743,3 +743,26 @@ of RH bugzilla #89765. (The more serious part was fixed with v1.2.0).
At this point: v1.2.1 released!
===============================
- Fix FreeBSD 5.1/5.2 issue with time_t being long long on that platform.
Thanks to Matthias Andree <matthias.andree@gmx.de>.
- Tweak vsftpd.conf.5 to avoid automated mails from ESR ;-)
- Remove vsftpd spec files, they are old and buggy.
- Add -v flag which just outputs the version and exits.
- Fix nasty issue resulting in listener instability under extreme load (root
cause was re-entering malloc/free). Many thanks to Olivier Baudron
<olivier.baudron@m4x.org> for an excellent report.
(v1.2.2pre1)
- Fix build with modern glibc-2.3 and no libcap on Linux.
- Fix 64-bit file support on Solaris.
(v1.2.2pre2)
- Add initial support for running as the user which launched vsftpd, i.e. no
root needed. Warning - easy to create insecurity if you use this without
knowing what you are doing.
- For above run-as-launching-user support: make CDUP re-use CWD code so that
deny_file of *..* is useful.
- Attempt fix of 64-bit file support on FreeBSD (may need another go).
- Update INSTALL to refer to more modern platforms.
At this point: v1.2.2 released! (need to get the listener fix out)
==================================================================

23
FAQ
View File

@ -175,6 +175,29 @@ However, you many get tripped up by vsftpd's security precautions on IP
addresses. In order to relax these precautions, have a look in the
vsftpd.conf.5 for pasv_promiscuous (and the less advisable port_promiscuous).
Q) Help! I'm getting the error "426 Failure writing network stream." on
downloads.
A) You shouldn't see this with v1.2.1 or newer versions of vsftpd. Older
versions of vsftpd can give this error if the user tries to download
something from an unusual filesystem (e.g. FAT), which don't support
performance features used by vsftpd. With vsftpd-1.1.3 and newer there is a
confif workaround, use_sendfile=NO.
Q) Help! I'm using the pam_userdb login module and the login hangs.
A) This could be a bad interaction with glibc version 2.3 and PAM. A Debian
user reported this. The initial report is here:
http://lists.debian.org/debian-glibc/2003/debian-glibc-200309/msg00310.html
Q) Help! Does vsftpd support large files (>2Gb?).
A) Yes, it does.
Q) Help! Well, large file support doesn't seem to be working, then!
A1) Large file support first appeared in v1.1.0.
A2) Solaris large file support wasn't fixed until v1.2.2.
A3) FreeBSD large file support wasn't fixed until v1.2.2.
A4) The early Linux 2.6 kernels had a bug in this area - use v2.6.6 or newer.
A5) Are you sure your FTP _client_ correctly supports large files?
Q) Blah.. blah..
A) For a good idea of what vsftpd can do, read the vsftpd.conf.5 man page
and the EXAMPLES.

32
INSTALL
View File

@ -148,24 +148,16 @@ Other notes
===========
Tested platforms (well, it builds)
- Any modern, well featured platform should work fine! More recent versions of
the platforms listed below should be fine.
- RedHat Linux 8.0
- RedHat Linux 7.3
- RedHat Linux 7.2
- RedHat Linux 7.0
- RedHat Linux 6.1
- RedHat Linux 6.2
- RedHat Linux 5.2
- Solaris 8 / GNU tools
- SuSE 6.4
- SuSE 6.0
- Debian 2.2
- OpenBSD 2.8
- FreeBSD 4.2
- FreeBSD 3.5
- HP-UX 11.11 / GNU tools
- HP-UX 10.20 / GNU tools
- Solaris 2.6
- IRIX 6.5.11 / GNU tools
- Any modern, well featured platform should work fine! Recent versions of
the platforms listed below, and often older ones, should work fine.
- RedHat Linux
- RedHat Enterprise Linux
- Solaris / GNU tools (note - Solaris 8 or newer recommended)
- SuSE Linux
- Debian Linux
- OpenBSD
- FreeBSD
- NetBSD
- HP-UX / GNU tools
- IRIX / GNU tools

2
README
View File

@ -1,4 +1,4 @@
This is vsftpd, version 1.2.1
This is vsftpd, version 1.2.2
Author: Chris Evans
Contact: chris@scary.beasts.org

3
RedHat/README.spec Normal file
View File

@ -0,0 +1,3 @@
The .spec files have gone because they are old and buggy.
All modern versions of RedHat now include vsftpd packages anyway.

76
RedHat/vsftpd-rh6.spec
View File

@ -1,76 +0,0 @@
Summary: vsftpd - Very Secure Ftp Daemon
Name: vsftpd
Version: 1.2.0
Release: rh6_1
Copyright: GPL
Group: System Environment/Daemons
URL: ftp://ferret.lmh.ox.ac.uk/pub/linux/
Source: %{name}-%{version}.tar.gz
Packager: Seth Vidal <skvidal@phy.duke.edu>
BuildRoot: /var/tmp/%{name}-%{version}-root
Requires: inetd, logrotate
Provides: ftpserver
%description
A Very Secure FTP Daemon - written from scratch - by Chris "One Man Security
Audit Team" Evans
%prep
%setup -q -n %{name}-%{version}
%build
make
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/sbin
mkdir -p $RPM_BUILD_ROOT/usr/share/empty
mkdir -p $RPM_BUILD_ROOT/etc
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man5
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8
install -m 755 vsftpd $RPM_BUILD_ROOT/usr/local/sbin/vsftpd
install -m 600 vsftpd.conf $RPM_BUILD_ROOT/etc/vsftpd.conf
install -m 644 RedHat/vsftpd.pam $RPM_BUILD_ROOT/etc/pam.d/ftp
install -m 644 vsftpd.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5/
install -m 644 vsftpd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
install -m 644 RedHat/vsftpd.log $RPM_BUILD_ROOT/etc/logrotate.d/vsftpd.log
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
/usr/local/sbin/vsftpd
%dir /usr/share/empty
%config /etc/vsftpd.conf
%config /etc/pam.d/ftp
%config /etc/logrotate.d/vsftpd.log
%doc INSTALL BUGS AUDIT Changelog LICENSE README README.security REWARD SPEED TODO SECURITY/ TUNING SIZE
%{_mandir}/man5/vsftpd.conf.*
%{_mandir}/man8/vsftpd.*
%changelog
* Thu Mar 22 2001 Seth Vidal <skvidal@phy.duke.edu>
- updated to 0.0.15
- added entry for vsftpd.8 man page
- added entry for vsftpd.log logrotate file
- added TUNING file to docs list
* Wed Mar 7 2001 Seth Vidal <skvidal@phy.duke.edu>
- Updated to 0.0.14
- made %files entry for man page
* Wed Feb 21 2001 Seth Vidal <skvidal@phy.duke.edu>
- Updated to 0.0.13
* Mon Feb 12 2001 Seth Vidal <skvidal@phy.duke.edu>
- Updated to 0.0.12
* Wed Feb 7 2001 Seth Vidal <skvidal@phy.duke.edu>
- updated to 0.0.11
* Fri Feb 1 2001 Seth Vidal <skvidal@phy.duke.edu>
- Update to 0.0.10
* Fri Feb 1 2001 Seth Vidal <skvidal@phy.duke.edu>
- First RPM packaging
- Stolen items from wu-ftpd's pam setup
- Separated rh 7 and rh 6.X's packages
- Built for Rh6

80
RedHat/vsftpd-rh7.spec
View File

@ -1,80 +0,0 @@
Summary: vsftpd - Very Secure Ftp Daemon
Name: vsftpd
Version: 1.2.0
Release: rh7_2
Copyright: GPL
Group: System Environment/Daemons
URL: ftp://ferret.lmh.ox.ac.uk/pub/linux/
Source: %{name}-%{version}.tar.gz
Packager: Seth Vidal <skvidal@phy.duke.edu>
BuildRoot: /var/tmp/%{name}-%{version}-root
Requires: xinetd, /etc/pam.d/system-auth, logrotate
Provides: ftpserver
%description
A Very Secure FTP Daemon - written from scratch - by Chris "One Man Security
Audit Team" Evans
%prep
%setup -q -n %{name}-%{version}
%build
make
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/local/sbin
mkdir -p $RPM_BUILD_ROOT/usr/share/empty
mkdir -p $RPM_BUILD_ROOT/etc
mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
install -m 755 vsftpd $RPM_BUILD_ROOT/usr/local/sbin/vsftpd
install -m 600 vsftpd.conf $RPM_BUILD_ROOT/etc/vsftpd.conf
install -m 644 RedHat/vsftpd.pam $RPM_BUILD_ROOT/etc/pam.d/ftp
install -m 644 xinetd.d/vsftpd $RPM_BUILD_ROOT/etc/xinetd.d/vsftpd
install -m 644 vsftpd.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5/vsftpd.conf.5
install -m 644 vsftpd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/vsftpd.8
install -m 644 RedHat/vsftpd.log $RPM_BUILD_ROOT/etc/logrotate.d/vsftpd.log
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
/usr/local/sbin/vsftpd
%dir /usr/share/empty
%config /etc/vsftpd.conf
%config /etc/xinetd.d/vsftpd
%config /etc/pam.d/ftp
%config /etc/logrotate.d/vsftpd.log
%{_mandir}/man5/vsftpd.conf.*
%{_mandir}/man8/vsftpd.*
%doc %attr(755,root,root)INSTALL BUGS AUDIT Changelog LICENSE README README.security REWARD SPEED TODO SECURITY/ TUNING SIZE
%changelog
* Thu Mar 22 2001 Seth Vidal <skvidal@phy.duke.edu>
- updated to 0.0.15
- added entry for vsftpd.8 man page
- added entry for vsftpd.log logrotate file
- added TUNING file to docs list
* Wed Mar 7 2001 Seth Vidal <skvidal@phy.duke.edu>
- updated to 0.0.14
- added entry for man page
* Wed Feb 21 2001 Seth Vidal <skvidal@phy.duke.edu>
- Update to 0.0.13
* Mon Feb 12 2001 Seth Vidal <skvidal@phy.duke.edu>
- Update to 0.0.12
* Wed Feb 7 2001 Seth Vidal <skvidal@phy.duke.edu>
- Update to 0.0.11
- Use vsftpd provided xinetd.d file
* Fri Feb 2 2001 Seth Vidal <skvidal@phy.duke.edu>
- Update to 0.0.10
* Thu Feb 1 2001 Seth Vidal <skvidal@phy.duke.edu>
- First RPM packaging
- Stolen items from wu-ftpd's pam setup
- Separated rh 7 and rh 6.X's packages
- fixed xinetd startup - duh!

2
SECURITY/IMPLEMENTATION
View File

@ -29,7 +29,7 @@ safely go through the API. If this sounds familiar, it is because what vsftpd
implements is very similar to a C++ string class. You can do OO programming
in C too, you know ;-)
A key point of having the buffer API is place is that is it MORE DIFFICULT to
A key point of having the buffer API in place is that it is MORE DIFFICULT to
abuse the API than it is to use it properly. Try and create a buffer memory
corruption or overflow scenario using just the buffer API.

9
TODO
View File

@ -3,10 +3,19 @@ CRITICAL
- Improve FAQ, docs (ongoing..)
- Integrated test suite (I'm so lazy..)
- Allow easy disabling of log file lock (Solaris / Veritas Cluster Service bug?)
NOT SO CRITICAL
===============
- Consider CWD ~
- Log DELE (and chmod, rnto, etc.)
- Allow space in username.
- Max OSX setgroups() issue.
- Minor: background should happen after listen has completed so that failure
can result in a non-zero exit code.
- Better reporting of failed uploads due to out of device space or quota all
used.
- OpenSSL support.
- Fix for systems with no IPv6 (e.g. Solaris 7).
- PASV auto address guessing?

15
ftpdataio.c
View File

@ -71,14 +71,16 @@ vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess)
int
vsf_ftpdataio_get_pasv_fd(struct vsf_session* p_sess)
{
static struct vsf_sysutil_sockaddr* s_p_accept_addr = 0;
int remote_fd = vsf_sysutil_accept_timeout(p_sess->pasv_listen_fd,
&s_p_accept_addr,
tunable_accept_timeout);
int remote_fd;
struct vsf_sysutil_sockaddr* p_accept_addr = 0;
vsf_sysutil_sockaddr_alloc(&p_accept_addr);
remote_fd = vsf_sysutil_accept_timeout(p_sess->pasv_listen_fd, p_accept_addr,
tunable_accept_timeout);
if (vsf_sysutil_retval_is_error(remote_fd))
{
vsf_cmdio_write(p_sess, FTP_BADSENDCONN,
"Failed to establish connection.");
vsf_sysutil_sockaddr_clear(&p_accept_addr);
return remote_fd;
}
/* SECURITY:
@ -87,14 +89,15 @@ vsf_ftpdataio_get_pasv_fd(struct vsf_session* p_sess)
*/
if (!tunable_pasv_promiscuous)
{
if (!vsf_sysutil_sockaddr_addr_equal(p_sess->p_remote_addr,
s_p_accept_addr))
if (!vsf_sysutil_sockaddr_addr_equal(p_sess->p_remote_addr, p_accept_addr))
{
vsf_cmdio_write(p_sess, FTP_BADSENDCONN, "Security: Bad IP connecting.");
vsf_sysutil_close(remote_fd);
vsf_sysutil_sockaddr_clear(&p_accept_addr);
return -1;
}
}
vsf_sysutil_sockaddr_clear(&p_accept_addr);
init_data_sock_params(p_sess, remote_fd);
return remote_fd;
}

18
main.c
View File

@ -20,6 +20,7 @@
#include "twoprocess.h"
#include "standalone.h"
#include "tcpwrap.h"
#include "vsftpver.h"
/*
* Forward decls of helper functions
@ -72,11 +73,13 @@ main(int argc, const char* argv[])
}
if (argc == 2)
{
if (!vsf_sysutil_strcmp(argv[1], "-v"))
{
vsf_exit("vsftpd: version " VSF_VERSION "\n");
}
p_config_name = argv[1];
config_specified = 1;
}
/* Just get out unless we start with requisite privilege */
die_unless_privileged();
/* This might need to open /dev/zero on systems lacking MAP_ANON. Needs
* to be done early (i.e. before config file parse, which may use
* anonymous pages
@ -96,6 +99,11 @@ main(int argc, const char* argv[])
}
vsf_sysutil_free(p_statbuf);
}
if (!tunable_run_as_launching_user)
{
/* Just get out unless we start with requisite privilege */
die_unless_privileged();
}
if (tunable_setproctitle_enable)
{
/* Warning -- warning -- may nuke argv, environ */
@ -179,6 +187,10 @@ main(int argc, const char* argv[])
{
tunable_one_process_model = 1;
}
if (tunable_run_as_launching_user)
{
tunable_one_process_model = 1;
}
if (tunable_one_process_model)
{
vsf_one_process_start(&the_session);
@ -209,7 +221,7 @@ do_sanity_checks(void)
vsf_sysutil_fstat(VSFTP_COMMAND_FD, &p_statbuf);
if (!vsf_sysutil_statbuf_is_socket(p_statbuf))
{
die("vsftpd: does not run standalone, must be started from inetd");
die("vsftpd: not configured for standalone, must be started from inetd");
}
vsf_sysutil_free(p_statbuf);
}

15
oneprocess.c
View File

@ -20,6 +20,7 @@
#include "str.h"
#include "tunables.h"
#include "utility.h"
#include "sysstr.h"
#include "sysdeputil.h"
void
@ -42,8 +43,18 @@ vsf_one_process_start(struct vsf_session* p_sess)
{
str_alloc_text(&chdir_str, tunable_anon_root);
}
vsf_secutil_change_credentials(&user_name, 0, &chdir_str, caps,
VSF_SECUTIL_OPTION_CHROOT | VSF_SECUTIL_OPTION_USE_GROUPS);
if (tunable_run_as_launching_user)
{
if (!str_isempty(&chdir_str))
{
str_chdir(&chdir_str);
}
}
else
{
vsf_secutil_change_credentials(&user_name, 0, &chdir_str, caps,
VSF_SECUTIL_OPTION_CHROOT | VSF_SECUTIL_OPTION_USE_GROUPS);
}
str_free(&user_name);
str_free(&chdir_str);
}

1
parseconf.c
View File

@ -84,6 +84,7 @@ parseconf_bool_array[] =
{ "dirlist_enable", &tunable_dirlist_enable },
{ "chmod_enable", &tunable_chmod_enable },
{ "secure_email_list_enable", &tunable_secure_email_list_enable },
{ "run_as_launching_user", &tunable_run_as_launching_user },
{ 0, 0 }
};

5
port/solaris_bogons.h
View File

@ -7,6 +7,11 @@
/* This bogon prevents _XPG4_2 breaking the include of signal.h! */
#define __EXTENSIONS__
/* Safe to always enable 64-bit file support. */
#define _FILE_OFFSET_BITS 64
#define _LARGEFILE_SOURCE 1
#define _LARGEFILE64_SOURCE 1
/* Need dirfd() */
#include "dirfd_extras.h"

11
postlogin.c
View File

@ -424,15 +424,8 @@ handle_cwd(struct vsf_session* p_sess)
static void
handle_cdup(struct vsf_session* p_sess)
{
int retval = vsf_sysutil_chdir("..");
if (retval == 0)
{
vsf_cmdio_write(p_sess, FTP_CWDOK, "Directory successfully changed.");
}
else
{
vsf_cmdio_write(p_sess, FTP_FILEFAIL, "Failed to change directory.");
}
str_alloc_text(&p_sess->ftp_arg_str, "..");
handle_cwd(p_sess);
}
static int

5
standalone.c
View File

@ -36,6 +36,7 @@ static unsigned int hash_pid(unsigned int buckets, void* p_key);
struct vsf_client_launch
vsf_standalone_main(void)
{
struct vsf_sysutil_sockaddr* p_accept_addr = 0;
int listen_sock = -1;
int retval;
s_ipaddr_size = vsf_sysutil_get_ipaddr_size();
@ -126,17 +127,17 @@ vsf_standalone_main(void)
}
}
vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG);
vsf_sysutil_sockaddr_alloc(&p_accept_addr);
while (1)
{
struct vsf_client_launch child_info;
static struct vsf_sysutil_sockaddr* p_accept_addr;
void* p_raw_addr;
int new_child;
int new_client_sock;
vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP);
new_client_sock = vsf_sysutil_accept_timeout(
listen_sock, &p_accept_addr, 0);
listen_sock, p_accept_addr, 0);
vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
vsf_sysutil_block_sig(kVSFSysUtilSigHUP);
if (vsf_sysutil_retval_is_error(new_client_sock))

10
sysdeputil.c
View File

@ -18,6 +18,12 @@
/* For Linux, this adds nothing :-) */
#include "port/porting_junk.h"
#if (defined(__FreeBSD__) && __FreeBSD__ >= 3)
#define _FILE_OFFSET_BITS 64
#define _LARGEFILE_SOURCE 1
#define _LARGEFILE64_SOURCE 1
#endif
/* For INT_MAX */
#include <limits.h>
@ -28,7 +34,6 @@
#include <sys/param.h>
#include <sys/uio.h>
/* Configuration.. here are the possibilities */
#undef VSF_SYSDEP_HAVE_CAPABILITIES
#undef VSF_SYSDEP_HAVE_SETKEEPCAPS
@ -146,6 +151,7 @@
#include <sys/capability.h>
#if defined(VSF_SYSDEP_HAVE_CAPABILITIES) && !defined(VSF_SYSDEP_HAVE_LIBCAP)
#include <linux/unistd.h>
#include <linux/capability.h>
#include <errno.h>
#include <syscall.h>
@ -645,7 +651,7 @@ static int do_sendfile(const int out_fd, const int in_fd,
}
#elif defined(VSF_SYSDEP_HAVE_SOLARIS_SENDFILE)
{
off_t written = 0;
size_t written = 0;
struct sendfilevec the_vec;
vsf_sysutil_memclr(&the_vec, sizeof(the_vec));
the_vec.sfv_fd = in_fd;

29
sysutil.c
View File

@ -16,10 +16,10 @@
#include "utility.h"
#include "tunables.h"
/* Activate 64-bit file support on Linux/32bit */
/* Activate 64-bit file support on Linux/32bit plus others */
#define _FILE_OFFSET_BITS 64
/* And Solaris.. */
/*#define _LARGEFILE64_SOURCE 1*/
#define _LARGEFILE_SOURCE 1
#define _LARGEFILE64_SOURCE 1
/* For Linux, this adds nothing :-) */
#include "port/porting_junk.h"
@ -93,8 +93,7 @@ static int vsf_sysutil_translate_memprot(
static int vsf_sysutil_translate_openmode(
const enum EVSFSysUtilOpenMode mode);
static void vsf_sysutil_alloc_statbuf(struct vsf_sysutil_statbuf** p_ptr);
static void vsf_sysutil_sockaddr_alloc(
struct vsf_sysutil_sockaddr** p_sockptr);
void vsf_sysutil_sockaddr_alloc(struct vsf_sysutil_sockaddr** p_sockptr);
static void
vsf_sysutil_common_sighandler(int signum)
@ -1403,7 +1402,7 @@ vsf_sysutil_statbuf_get_sortkey_mtime(
* more recent dates appear later in the alphabet! Most notably, we must
* make sure we pad to the same length with 0's
*/
snprintf(intbuf, sizeof(intbuf), "%030ld", p_stat->st_mtime);
snprintf(intbuf, sizeof(intbuf), "%030ld", (long) p_stat->st_mtime);
return intbuf;
}
@ -1585,8 +1584,11 @@ vsf_sysutil_listen(int fd, const unsigned int backlog)
}
}
/* Warning: callers of this function assume it does NOT make use of any
* non re-entrant calls such as malloc().
*/
int
vsf_sysutil_accept_timeout(int fd, struct vsf_sysutil_sockaddr** p_sockptr,
vsf_sysutil_accept_timeout(int fd, struct vsf_sysutil_sockaddr* p_sockaddr,
unsigned int wait_seconds)
{
struct vsf_sysutil_sockaddr remote_addr;
@ -1594,9 +1596,9 @@ vsf_sysutil_accept_timeout(int fd, struct vsf_sysutil_sockaddr** p_sockptr,
fd_set accept_fdset;
struct timeval timeout;
unsigned int socklen = sizeof(remote_addr);
if (p_sockptr)
if (p_sockaddr)
{
vsf_sysutil_sockaddr_clear(p_sockptr);
vsf_sysutil_memclr(p_sockaddr, sizeof(*p_sockaddr));
}
if (wait_seconds > 0)
{
@ -1631,19 +1633,18 @@ vsf_sysutil_accept_timeout(int fd, struct vsf_sysutil_sockaddr** p_sockptr,
{
die("can only support ipv4 and ipv6 currently");
}
if (p_sockptr)
if (p_sockaddr)
{
vsf_sysutil_sockaddr_alloc(p_sockptr);
if (remote_addr.u.u_sockaddr.sa_family == AF_INET)
{
vsf_sysutil_memclr(&remote_addr.u.u_sockaddr_in.sin_zero,
sizeof(remote_addr.u.u_sockaddr_in.sin_zero));
vsf_sysutil_memcpy(*p_sockptr, &remote_addr.u.u_sockaddr_in,
vsf_sysutil_memcpy(p_sockaddr, &remote_addr.u.u_sockaddr_in,
sizeof(remote_addr.u.u_sockaddr_in));
}
else
{
vsf_sysutil_memcpy(*p_sockptr, &remote_addr.u.u_sockaddr_in6,
vsf_sysutil_memcpy(p_sockaddr, &remote_addr.u.u_sockaddr_in6,
sizeof(remote_addr.u.u_sockaddr_in6));
}
}
@ -1780,7 +1781,7 @@ vsf_sysutil_sockaddr_clear(struct vsf_sysutil_sockaddr** p_sockptr)
}
}
static void
void
vsf_sysutil_sockaddr_alloc(struct vsf_sysutil_sockaddr** p_sockptr)
{
vsf_sysutil_sockaddr_clear(p_sockptr);

3
sysutil.h
View File

@ -203,6 +203,7 @@ struct vsf_sysutil_socketpair_retval
int socket_one;
int socket_two;
};
void vsf_sysutil_sockaddr_alloc(struct vsf_sysutil_sockaddr** p_sockptr);
void vsf_sysutil_sockaddr_clear(struct vsf_sysutil_sockaddr** p_sockptr);
void vsf_sysutil_sockaddr_alloc_ipv4(struct vsf_sysutil_sockaddr** p_sockptr);
void vsf_sysutil_sockaddr_alloc_ipv6(struct vsf_sysutil_sockaddr** p_sockptr);
@ -238,7 +239,7 @@ int vsf_sysutil_bind(int fd, const struct vsf_sysutil_sockaddr* p_sockptr);
void vsf_sysutil_listen(int fd, const unsigned int backlog);
void vsf_sysutil_getsockname(int fd, struct vsf_sysutil_sockaddr** p_sockptr);
void vsf_sysutil_getpeername(int fd, struct vsf_sysutil_sockaddr** p_sockptr);
int vsf_sysutil_accept_timeout(int fd, struct vsf_sysutil_sockaddr** p_sockptr,
int vsf_sysutil_accept_timeout(int fd, struct vsf_sysutil_sockaddr* p_sockaddr,
unsigned int wait_seconds);
int vsf_sysutil_connect_timeout(int fd,
const struct vsf_sysutil_sockaddr* p_sockaddr,

1
tunables.c
View File

@ -56,6 +56,7 @@ int tunable_download_enable = 1;
int tunable_dirlist_enable = 1;
int tunable_chmod_enable = 1;
int tunable_secure_email_list_enable = 0;
int tunable_run_as_launching_user = 0;
unsigned int tunable_accept_timeout = 60;
unsigned int tunable_connect_timeout = 60;

1
tunables.h
View File

@ -52,6 +52,7 @@ extern int tunable_download_enable; /* Can download anything? */
extern int tunable_dirlist_enable; /* Can see any dirs? */
extern int tunable_chmod_enable; /* Is CHMOD allowed? (local) */
extern int tunable_secure_email_list_enable; /* Require specific anon email */
extern int tunable_run_as_launching_user; /* Runs as launching user */
/* Integer/numeric defines */
extern unsigned int tunable_accept_timeout;

8
utility.c
View File

@ -42,3 +42,11 @@ bug(const char* p_text)
vsf_sysutil_exit(1);
}
void
vsf_exit(const char* p_text)
{
(void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text,
vsf_sysutil_strlen(p_text));
vsf_sysutil_exit(0);
}

9
utility.h
View File

@ -31,5 +31,14 @@ void die2(const char* p_text1, const char* p_text2);
* */
void bug(const char* p_text);
/* vsf_exit()
* PURPOSE
* Terminate execution of the process, writing out the specified text string
* in the process.
* PARAMETERS
* p_text - text string describing why the process is exiting
*/
void vsf_exit(const char* p_text);
#endif

19
vsftpd.conf.5
View File

@ -1,6 +1,6 @@
.TH VSFTPD.CONF 5
.SH NAME
vsftpd.conf, the config file for vsftpd
vsftpd.conf \- config file for vsftpd
.SH DESCRIPTION
vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By
default, vsftpd looks for this file at the location
@ -296,6 +296,23 @@ Set to YES if you want to disable the PORT security check that ensures that
outgoing data connections can only connect to the client. Only enable if
you know what you are doing!
Default: NO
.TP
.B run_as_launching_user
Set to YES if you want vsftpd to run as the user which launched vsftpd. This is
useful where root access is not available. MASSIVE WARNING! Do NOT enable this
option unless you totally know what you are doing, as naive use of this option
can create massive security problems. Specifically, vsftpd does not / cannot
use chroot technology to restrict file access when this option is set (even if
launched by root). A poor substitute could be to use a
.BR deny_file
setting such as {/*,*..*}, but the reliability of this cannot compare to
chroot, and should not be relied on.
If using this option, many restrictions on other options
apply. For example, options requiring privilege such as non-anonymous logins,
upload ownership changing, connecting from port 20 and listen ports less than
1024 are not expected to work. Other options may be impacted.
Default: NO
.TP
.B secure_email_list_enable

2
vsftpver.h
View File

@ -1,7 +1,7 @@
#ifndef VSF_VERSION_H
#define VSF_VERSION_H
#define VSF_VERSION "1.2.1"
#define VSF_VERSION "1.2.2"
#endif /* VSF_VERSION_H */