Attachment #252767 for bug #261730




  status = ((struct vsf_sysutil_wait_retval*) p_waitret)->exit_status;
  return WEXITSTATUS(status);
}
 
void
vsf_sysutil_v6only(int fd)
{
  int v6only = 1;
  int retval = setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &v6only,
                          sizeof(v6only));
  if (retval != 0)
  {
    die("setsockopt: ipv6_v6only");
  }
}

void
vsf_sysutil_activate_keepalive(int fd)




 * tunables.c
 */

#include "builddefs.h"
#include "tunables.h"
#include "sysutil.h"


int tunable_require_ssl_reuse;
int tunable_isolate;
int tunable_isolate_network;
int tunable_convert_charset_enable;
int tunable_local_codepage;
int tunable_remote_codepage;
int tunable_anon_delete_enable;
int tunable_add_default_rule;
int tunable_chown_by_ip;
int tunable_tpm_allow_anon_root_access;
int tunable_double_377;
int tunable_anon_rxtx_rate;
int tunable_local_rxtx_rate;
int tunable_chown_group;
int tunable_anti_bruteforce;


  tunable_require_ssl_reuse = 1;
  tunable_isolate = 1;
  tunable_isolate_network = 1;
  tunable_convert_charset_enable = 0;
  tunable_local_codepage = 0;
  tunable_remote_codepage = 0;
  tunable_anon_delete_enable = 1;
  tunable_add_default_rule = 0;
  tunable_chown_by_ip = 0;
  tunable_tpm_allow_anon_root_access = 0;
  tunable_double_377 = 1;
  tunable_anon_rxtx_rate = 0;
  tunable_local_rxtx_rate = 0;
  tunable_chown_group = 0;
  tunable_anti_bruteforce = 0;


  tunable_pasv_min_port = 5001;
  tunable_pasv_max_port = 0;
  tunable_anon_max_rate = 0;
  tunable_anon_max_rate_rx = 0;
  tunable_anon_max_rate_tx = 0;
  tunable_local_max_rate = 0;
  tunable_local_max_rate_rx = 0;
  tunable_local_max_rate_tx = 0;
  /* IPPORT_FTP */
  tunable_listen_port = 21;
  tunable_max_clients = 2000;

  install_str_setting(".message", &tunable_message_file);
  install_str_setting("nobody", &tunable_nopriv_user);
  install_str_setting(0, &tunable_ftpd_banner);
  install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "banned_emails", &tunable_banned_email_file);
  install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "chroot_list", &tunable_chroot_list_file);
  install_str_setting("ftp", &tunable_pam_service_name);
  install_str_setting("ftp", &tunable_guest_username);
  install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "user_list", &tunable_userlist_file);
  install_str_setting(0, &tunable_anon_root);
  install_str_setting(0, &tunable_local_root);
  install_str_setting(0, &tunable_banner_file);

  install_str_setting(0, &tunable_hide_file);
  install_str_setting(0, &tunable_deny_file);
  install_str_setting(0, &tunable_user_sub_token);
  install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "email_passwords",
                      &tunable_email_password_file);
  install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
                      &tunable_rsa_cert_file);

  install_str_setting(0, &tunable_ca_certs_file);
  install_str_setting("NONE", &tunable_local_charset);
  install_str_setting("NONE", &tunable_remote_charset);
  install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "pasv_rules", &tunable_pasv_addr_rules);
  install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "users_ip", &tunable_users_access_ip);
  install_str_setting(0, &tunable_anti_bruteforce_banner);
}


Lines 268-273 Link Here

(-)sysutil.h (+1 lines)
268	const char* p_name);	268	const char* p_name);
269	int vsf_sysutil_inet_addr_to_int(struct vsf_sysutil_sockaddr* p_addr);	269	int vsf_sysutil_inet_addr_to_int(struct vsf_sysutil_sockaddr* p_addr);
270	/* Option setting on sockets */	270	/* Option setting on sockets */
		271	void vsf_sysutil_v6only(int fd);
271	void vsf_sysutil_activate_keepalive(int fd);	272	void vsf_sysutil_activate_keepalive(int fd);
272	void vsf_sysutil_set_iptos_throughput(int fd);	273	void vsf_sysutil_set_iptos_throughput(int fd);
273	void vsf_sysutil_activate_reuseaddr(int fd);	274	void vsf_sysutil_activate_reuseaddr(int fd);

Lines 5-9 Link Here

(-)builddefs.h (+5 lines)
5	#define VSF_BUILD_PAM	5	#define VSF_BUILD_PAM
6	#undef VSF_BUILD_SSL	6	#undef VSF_BUILD_SSL
7		7
		8	#define VSF_CONFIG_PATH "/etc/vsftpd/"
		9	#define VSF_CONFIG_PREFIX ""
		10	//#define VSF_CONFIG_PATH "/etc/"
		11	//#define VSF_CONFIG_PREFIX "vsftpd."
		12
8	#endif /* VSF_BUILDDEFS_H */	13	#endif /* VSF_BUILDDEFS_H */
9		14

Lines 1276-1282 Link Here

(-)sysdeputil.c (-2 / +2 lines)
1276	static int cloneflags_work = 1;	1276	static int cloneflags_work = 1;
1277	if (cloneflags_work)	1277	if (cloneflags_work)
1278	{	1278	{
1279	int ret = syscall(__NR_clone, CLONE_NEWPID \| CLONE_NEWIPC \| SIGCHLD, NULL);	1279	int ret = clone(NULL, NULL, CLONE_NEWPID \| CLONE_NEWIPC \| SIGCHLD, NULL);
1280	if (ret != -1 \|\| (errno != EINVAL && errno != EPERM))	1280	if (ret != -1 \|\| (errno != EINVAL && errno != EPERM))
1281	{	1281	{
1282	if (ret == 0)	1282	if (ret == 0)
Lines 1298-1304 Link Here
1298	static int cloneflags_work = 1;	1298	static int cloneflags_work = 1;
1299	if (cloneflags_work)	1299	if (cloneflags_work)
1300	{	1300	{
1301	int ret = syscall(__NR_clone, CLONE_NEWNET \| SIGCHLD, NULL);	1301	int ret = clone(NULL, NULL, CLONE_NEWNET \| SIGCHLD, NULL);
1302	if (ret != -1 \|\| (errno != EINVAL && errno != EPERM))	1302	if (ret != -1 \|\| (errno != EINVAL && errno != EPERM))
1303	{	1303	{
1304	if (ret == 0)	1304	if (ret == 0)

Lines 1162-1171 Link Here

(-)vsftpd.conf.5 (-2 / +2 lines)
1162	with an example. If you set	1162	with an example. If you set
1163	.BR user_config_dir	1163	.BR user_config_dir
1164	to be	1164	to be
1165	.BR /etc/vsftpd_user_conf	1165	.BR /etc/vsftpd/user_conf
1166	and then log on as the user "chris", then vsftpd will apply the settings in	1166	and then log on as the user "chris", then vsftpd will apply the settings in
1167	the file	1167	the file
1168	.BR /etc/vsftpd_user_conf/chris	1168	.BR /etc/vsftpd/user_conf/chris
1169	for the duration of the session. The format of this file is as detailed in	1169	for the duration of the session. The format of this file is as detailed in
1170	this manual page! PLEASE NOTE that not all settings are effective on a	1170	this manual page! PLEASE NOTE that not all settings are effective on a
1171	per-user basis. For example, many settings only prior to the user's session	1171	per-user basis. For example, many settings only prior to the user's session

Lines 1-4 Link Here

(-)vsftpd.conf (-3 / +3 lines)
1	# Example config file /etc/vsftpd.conf	1	# Example config file /etc/vsftpd/vsftpd.conf
2	#	2	#
3	# The default compiled in settings are fairly paranoid. This sample file	3	# The default compiled in settings are fairly paranoid. This sample file
4	# loosens things up a bit, to make the ftp daemon more usable.	4	# loosens things up a bit, to make the ftp daemon more usable.
Lines 87-93 Link Here
87	# useful for combatting certain DoS attacks.	87	# useful for combatting certain DoS attacks.
88	#deny_email_enable=YES	88	#deny_email_enable=YES
89	# (default follows)	89	# (default follows)
90	#banned_email_file=/etc/vsftpd.banned_emails	90	#banned_email_file=/etc/vsftpd/banned_emails
91	#	91	#
92	# You may specify an explicit list of local users to chroot() to their home	92	# You may specify an explicit list of local users to chroot() to their home
93	# directory. If chroot_local_user is YES, then this list becomes a list of	93	# directory. If chroot_local_user is YES, then this list becomes a list of
Lines 95-101 Link Here
95	#chroot_local_user=YES	95	#chroot_local_user=YES
96	#chroot_list_enable=YES	96	#chroot_list_enable=YES
97	# (default follows)	97	# (default follows)
98	#chroot_list_file=/etc/vsftpd.chroot_list	98	#chroot_list_file=/etc/vsftpd/chroot_list
99	#	99	#
100	# You may activate the "-R" option to the builtin ls. This is disabled by	100	# You may activate the "-R" option to the builtin ls. This is disabled by
101	# default to avoid remote users being able to cause excessive I/O on large	101	# default to avoid remote users being able to cause excessive I/O on large




    if (str_get_char_at(p_filter_str, 0) == '/') {
      if (str_get_char_at(p_filename_str, 0) != '/') {
        str_getcwd (&name_remain_str);

        if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
          str_append_char (&name_remain_str, '/');

        str_append_str (&name_remain_str, p_filename_str);
      }
      else

    }
  } else
    str_copy(&name_remain_str, p_filename_str);

  while (!str_isempty(&filter_remain_str))
  {
    static struct mystr s_match_needed_str;

Lines 1-8 Link Here

(-)defs.h (-1 / +3 lines)
1	#ifndef VSF_DEFS_H	1	#ifndef VSF_DEFS_H
2	#define VSF_DEFS_H	2	#define VSF_DEFS_H
3		3
4	#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf"	4	#include "builddefs.h"
5		5
		6	#define VSFTP_DEFAULT_CONFIG VSF_CONFIG_PATH "vsftpd.conf"
		7
6	#define VSFTP_COMMAND_FD 0	8	#define VSFTP_COMMAND_FD 0
7		9
8	#define VSFTP_PASSWORD_MAX 128	10	#define VSFTP_PASSWORD_MAX 128

Lines 81-86 Link Here

(-)standalone.c (+1 lines)
81	else	81	else
82	{	82	{
83	listen_sock = vsf_sysutil_get_ipv6_sock();	83	listen_sock = vsf_sysutil_get_ipv6_sock();
		84	vsf_sysutil_v6only(listen_sock);
84	}	85	}
85	vsf_sysutil_activate_reuseaddr(listen_sock);	86	vsf_sysutil_activate_reuseaddr(listen_sock);
86		87




as a config file that will be loaded. Note that config files are loaded in the
strict order that they are encountered on the command line.
If no config files are specified, the default configuration file of
.Pa /etc/vsftpd/vsftpd.conf
will be loaded, after all other command line options are processed.
.Pp
Supported options are:

vsftpd -olisten=NO /etc/vsftpd/vsftpd.conf -oftpd_banner=blah
.Pp
That example overrides vsftpd's built-in default for the "listen" option to be
NO, but then loads /etc/vsftpd/vsftpd.conf which may override that setting.
Finally, the "ftpd_banner" setting is set to "blah", which overrides any default
vsftpd setting and any identical setting that was in the config file.
.Sh FILES
.Pa /etc/vsftpd/vsftpd.conf
.Sh SEE ALSO

Return to bug 261730

Lines 693-698 Link Here

(-)sysutil.c (+12 lines)
693	status = ((struct vsf_sysutil_wait_retval*) p_waitret)->exit_status;	693	status = ((struct vsf_sysutil_wait_retval*) p_waitret)->exit_status;
694	return WEXITSTATUS(status);	694	return WEXITSTATUS(status);
695	}	695	}
		696
		697	void
		698	vsf_sysutil_v6only(int fd)
		699	{
		700	int v6only = 1;
		701	int retval = setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &v6only,
		702	sizeof(v6only));
		703	if (retval != 0)
		704	{
		705	die("setsockopt: ipv6_v6only");
		706	}
		707	}
696		708
697	void	709	void
698	vsf_sysutil_activate_keepalive(int fd)	710	vsf_sysutil_activate_keepalive(int fd)

Lines 5-10 Link Here

(-)tunables.c (-30 / +31 lines)
5	* tunables.c	5	* tunables.c
6	*/	6	*/
7		7
		8	#include "builddefs.h"
8	#include "tunables.h"	9	#include "tunables.h"
9	#include "sysutil.h"	10	#include "sysutil.h"
10		11
Lines 85-100 Link Here
85	int tunable_require_ssl_reuse;	86	int tunable_require_ssl_reuse;
86	int tunable_isolate;	87	int tunable_isolate;
87	int tunable_isolate_network;	88	int tunable_isolate_network;
88	int tunable_convert_charset_enable;	89	int tunable_convert_charset_enable;
89	int tunable_local_codepage;	90	int tunable_local_codepage;
90	int tunable_remote_codepage;	91	int tunable_remote_codepage;
91	int tunable_anon_delete_enable;	92	int tunable_anon_delete_enable;
92	int tunable_add_default_rule;	93	int tunable_add_default_rule;
93	int tunable_chown_by_ip;	94	int tunable_chown_by_ip;
94	int tunable_tpm_allow_anon_root_access;	95	int tunable_tpm_allow_anon_root_access;
95	int tunable_double_377;	96	int tunable_double_377;
96	int tunable_anon_rxtx_rate;	97	int tunable_anon_rxtx_rate;
97	int tunable_local_rxtx_rate;	98	int tunable_local_rxtx_rate;
98	int tunable_chown_group;	99	int tunable_chown_group;
99	int tunable_anti_bruteforce;	100	int tunable_anti_bruteforce;
100		101
Lines 243-258 Link Here
243	tunable_require_ssl_reuse = 1;	244	tunable_require_ssl_reuse = 1;
244	tunable_isolate = 1;	245	tunable_isolate = 1;
245	tunable_isolate_network = 1;	246	tunable_isolate_network = 1;
246	tunable_convert_charset_enable = 0;	247	tunable_convert_charset_enable = 0;
247	tunable_local_codepage = 0;	248	tunable_local_codepage = 0;
248	tunable_remote_codepage = 0;	249	tunable_remote_codepage = 0;
249	tunable_anon_delete_enable = 1;	250	tunable_anon_delete_enable = 1;
250	tunable_add_default_rule = 0;	251	tunable_add_default_rule = 0;
251	tunable_chown_by_ip = 0;	252	tunable_chown_by_ip = 0;
252	tunable_tpm_allow_anon_root_access = 0;	253	tunable_tpm_allow_anon_root_access = 0;
253	tunable_double_377 = 1;	254	tunable_double_377 = 1;
254	tunable_anon_rxtx_rate = 0;	255	tunable_anon_rxtx_rate = 0;
255	tunable_local_rxtx_rate = 0;	256	tunable_local_rxtx_rate = 0;
256	tunable_chown_group = 0;	257	tunable_chown_group = 0;
257	tunable_anti_bruteforce = 0;	258	tunable_anti_bruteforce = 0;
258		259
Lines 267-277 Link Here
267	tunable_pasv_min_port = 5001;	268	tunable_pasv_min_port = 5001;
268	tunable_pasv_max_port = 0;	269	tunable_pasv_max_port = 0;
269	tunable_anon_max_rate = 0;	270	tunable_anon_max_rate = 0;
270	tunable_anon_max_rate_rx = 0;	271	tunable_anon_max_rate_rx = 0;
271	tunable_anon_max_rate_tx = 0;	272	tunable_anon_max_rate_tx = 0;
272	tunable_local_max_rate = 0;	273	tunable_local_max_rate = 0;
273	tunable_local_max_rate_rx = 0;	274	tunable_local_max_rate_rx = 0;
274	tunable_local_max_rate_tx = 0;	275	tunable_local_max_rate_tx = 0;
275	/* IPPORT_FTP */	276	/* IPPORT_FTP */
276	tunable_listen_port = 21;	277	tunable_listen_port = 21;
277	tunable_max_clients = 2000;	278	tunable_max_clients = 2000;
Lines 293-303 Link Here
293	install_str_setting(".message", &tunable_message_file);	294	install_str_setting(".message", &tunable_message_file);
294	install_str_setting("nobody", &tunable_nopriv_user);	295	install_str_setting("nobody", &tunable_nopriv_user);
295	install_str_setting(0, &tunable_ftpd_banner);	296	install_str_setting(0, &tunable_ftpd_banner);
296	install_str_setting("/etc/vsftpd/banned_emails", &tunable_banned_email_file);	297	install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "banned_emails", &tunable_banned_email_file);
297	install_str_setting("/etc/vsftpd/chroot_list", &tunable_chroot_list_file);	298	install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "chroot_list", &tunable_chroot_list_file);
298	install_str_setting("ftp", &tunable_pam_service_name);	299	install_str_setting("ftp", &tunable_pam_service_name);
299	install_str_setting("ftp", &tunable_guest_username);	300	install_str_setting("ftp", &tunable_guest_username);
300	install_str_setting("/etc/vsftpd/user_list", &tunable_userlist_file);	301	install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "user_list", &tunable_userlist_file);
301	install_str_setting(0, &tunable_anon_root);	302	install_str_setting(0, &tunable_anon_root);
302	install_str_setting(0, &tunable_local_root);	303	install_str_setting(0, &tunable_local_root);
303	install_str_setting(0, &tunable_banner_file);	304	install_str_setting(0, &tunable_banner_file);
Lines 310-316 Link Here
310	install_str_setting(0, &tunable_hide_file);	311	install_str_setting(0, &tunable_hide_file);
311	install_str_setting(0, &tunable_deny_file);	312	install_str_setting(0, &tunable_deny_file);
312	install_str_setting(0, &tunable_user_sub_token);	313	install_str_setting(0, &tunable_user_sub_token);
313	install_str_setting("/etc/vsftpd/email_passwords",	314	install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "email_passwords",
314	&tunable_email_password_file);	315	&tunable_email_password_file);
315	install_str_setting("/usr/share/ssl/certs/vsftpd.pem",	316	install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
316	&tunable_rsa_cert_file);	317	&tunable_rsa_cert_file);
Lines 321-328 Link Here
321	install_str_setting(0, &tunable_ca_certs_file);	322	install_str_setting(0, &tunable_ca_certs_file);
322	install_str_setting("NONE", &tunable_local_charset);	323	install_str_setting("NONE", &tunable_local_charset);
323	install_str_setting("NONE", &tunable_remote_charset);	324	install_str_setting("NONE", &tunable_remote_charset);
324	install_str_setting("/etc/vsftpd/pasv_rules", &tunable_pasv_addr_rules);	325	install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "pasv_rules", &tunable_pasv_addr_rules);
325	install_str_setting("/etc/vsftpd/users_ip", &tunable_users_access_ip);	326	install_str_setting(VSF_CONFIG_PATH VSF_CONFIG_PREFIX "users_ip", &tunable_users_access_ip);
326	install_str_setting(0, &tunable_anti_bruteforce_banner);	327	install_str_setting(0, &tunable_anti_bruteforce_banner);
327	}	328	}
328		329

Lines 251-260 Link Here

(-)ls.c (-3 / +3 lines)
251	if (str_get_char_at(p_filter_str, 0) == '/') {	251	if (str_get_char_at(p_filter_str, 0) == '/') {
252	if (str_get_char_at(p_filename_str, 0) != '/') {	252	if (str_get_char_at(p_filename_str, 0) != '/') {
253	str_getcwd (&name_remain_str);	253	str_getcwd (&name_remain_str);
254		254
255	if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */	255	if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
256	str_append_char (&name_remain_str, '/');	256	str_append_char (&name_remain_str, '/');
257		257
258	str_append_str (&name_remain_str, p_filename_str);	258	str_append_str (&name_remain_str, p_filename_str);
259	}	259	}
260	else	260	else
Lines 267-273 Link Here
267	}	267	}
268	} else	268	} else
269	str_copy(&name_remain_str, p_filename_str);	269	str_copy(&name_remain_str, p_filename_str);
270		270
271	while (!str_isempty(&filter_remain_str))	271	while (!str_isempty(&filter_remain_str))
272	{	272	{
273	static struct mystr s_match_needed_str;	273	static struct mystr s_match_needed_str;

Lines 33-39 Link Here

(-)vsftpd.8 (-4 / +4 lines)
33	as a config file that will be loaded. Note that config files are loaded in the	33	as a config file that will be loaded. Note that config files are loaded in the
34	strict order that they are encountered on the command line.	34	strict order that they are encountered on the command line.
35	If no config files are specified, the default configuration file of	35	If no config files are specified, the default configuration file of
36	.Pa /etc/vsftpd.conf	36	.Pa /etc/vsftpd/vsftpd.conf
37	will be loaded, after all other command line options are processed.	37	will be loaded, after all other command line options are processed.
38	.Pp	38	.Pp
39	Supported options are:	39	Supported options are:
Lines 50-58 Link Here
50	vsftpd -olisten=NO /etc/vsftpd/vsftpd.conf -oftpd_banner=blah	50	vsftpd -olisten=NO /etc/vsftpd/vsftpd.conf -oftpd_banner=blah
51	.Pp	51	.Pp
52	That example overrides vsftpd's built-in default for the "listen" option to be	52	That example overrides vsftpd's built-in default for the "listen" option to be
53	NO, but then loads /etc/vsftpd.conf which may override that setting. Finally,	53	NO, but then loads /etc/vsftpd/vsftpd.conf which may override that setting.
54	the "ftpd_banner" setting is set to "blah", which overrides any default vsftpd	54	Finally, the "ftpd_banner" setting is set to "blah", which overrides any default
55	setting and any identical setting that was in the config file.	55	vsftpd setting and any identical setting that was in the config file.
56	.Sh FILES	56	.Sh FILES
57	.Pa /etc/vsftpd/vsftpd.conf	57	.Pa /etc/vsftpd/vsftpd.conf
58	.Sh SEE ALSO	58	.Sh SEE ALSO