fixes #753365 - multiple issues with vsftpd's systemd unit

removes exclusivity between listen and listen_ipv6 BZ#450853 ls wildchars supports square brackets
2011-11-15 13:34:41 +01:00 · 2011-11-15 13:34:41 +01:00 · 09c09a59c9
commit 09c09a59c9
parent 80f6d3e480
5 changed files with 301 additions and 67 deletions
--- a/vsftpd-2.2.2-v6only.patch
+++ b/vsftpd-2.2.2-v6only.patch
@ -1,44 +0,0 @@
 diff -up vsftpd-2.2.2/standalone.c.v6only vsftpd-2.2.2/standalone.c
 --- vsftpd-2.2.2/standalone.c.v6only	2010-05-14 16:09:38.181388723 +0200
 +++ vsftpd-2.2.2/standalone.c	2010-05-14 16:09:38.207398800 +0200
@@ -77,6 +77,7 @@ vsf_standalone_main(void)
   else
   {
     listen_sock = vsf_sysutil_get_ipv6_sock();
 +    vsf_sysutil_v6only(listen_sock);
   }
   vsf_sysutil_activate_reuseaddr(listen_sock);
 diff -up vsftpd-2.2.2/sysutil.c.v6only vsftpd-2.2.2/sysutil.c
 --- vsftpd-2.2.2/sysutil.c.v6only	2010-05-17 09:09:59.848587511 +0200
 +++ vsftpd-2.2.2/sysutil.c	2010-05-17 09:11:04.965806472 +0200
@@ -649,6 +649,18 @@ vsf_sysutil_wait_get_exitcode(const stru
   status = ((struct vsf_sysutil_wait_retval*) p_waitret)->exit_status;
   return WEXITSTATUS(status);
 }
 + 
 +void
 +vsf_sysutil_v6only(int fd)
 +{
 +  int v6only = 1;
 +  int retval = setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &v6only,
 +                          sizeof(v6only));
 +  if (retval != 0)
 +  {
 +    die("setsockopt: ipv6_v6only");
 +  }
 +}
 void
 vsf_sysutil_activate_keepalive(int fd)
 diff -up vsftpd-2.2.2/sysutil.h.v6only vsftpd-2.2.2/sysutil.h
 --- vsftpd-2.2.2/sysutil.h.v6only	2010-05-17 09:10:04.021567360 +0200
 +++ vsftpd-2.2.2/sysutil.h	2010-05-17 09:11:24.343557618 +0200
@@ -264,6 +264,7 @@ int vsf_sysutil_connect_timeout(int fd,
 void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr,
                              const char* p_name);
 /* Option setting on sockets */
 +void vsf_sysutil_v6only(int fd);
 void vsf_sysutil_activate_keepalive(int fd);
 void vsf_sysutil_set_iptos_throughput(int fd);
 void vsf_sysutil_activate_reuseaddr(int fd);
--- a/vsftpd-2.3.4-noexclusive.patch
+++ b/vsftpd-2.3.4-noexclusive.patch
@ -0,0 +1,13 @@
 diff -up vsftpd-2.3.4/vsftpd.conf.5.noexclusive vsftpd-2.3.4/vsftpd.conf.5
 --- vsftpd-2.3.4/vsftpd.conf.5.noexclusive	2011-11-15 12:56:01.777161200 +0100
 +++ vsftpd-2.3.4/vsftpd.conf.5	2011-11-15 12:59:22.037565778 +0100
@@ -284,8 +284,7 @@ Default: NO
 .TP
 .B listen_ipv6
 Like the listen parameter, except vsftpd will listen on an IPv6 socket instead
 -of an IPv4 one. This parameter and the listen parameter are mutually
 -exclusive.
 +of an IPv4 one.
 Default: NO
 .TP
--- a/vsftpd-2.3.4-sd.patch
+++ b/vsftpd-2.3.4-sd.patch
@ -1,38 +1,34 @@
 diff -up vsftpd-2.3.4/vsftpd.8.sd vsftpd-2.3.4/vsftpd.8
--- vsftpd-2.3.4/vsftpd.8.sd	2011-08-03 11:02:30.509291451 +0200
+--- vsftpd-2.3.4/vsftpd.8.sd	2011-11-14 15:22:50.363265369 +0100
-+++ vsftpd-2.3.4/vsftpd.8	2011-08-03 15:50:00.024014865 +0200
+++ vsftpd-2.3.4/vsftpd.8	2011-11-15 08:32:55.270895429 +0100
@@ -25,6 +25,8 @@ in
 Direct execution of the
 .Nm vsftpd
 binary will then launch the FTP service ready for immediate client connections.
 +.Pp
-+Systemd changes the vsftpd start-up. When the SysV initscript attempts to start one instance of the vsftpd daemon for each of /etc/vsftpd/*.conf file, each configuration file requires a correct symbolic link to the vsftpd@.service file.The name of the symbolic link must contain the name of the configuration file. See systemd.unit(5) for details. Each instance of the vsftpd daemon is started separately. See systemd.unit(5).
+Systemd changes the vsftpd start-up. When the SysV initscript attempts to start one instance of the vsftpd daemon for each of /etc/vsftpd/*.conf file, each configuration file requires a proper unit file. Each instance of the vsftpd daemon is started separately. See systemd.unit(5).
 .Sh OPTIONS
 An optional
 configuration file or files
-@@ -55,6 +57,11 @@ the "ftpd_banner" setting is set to "bla
+@@ -55,6 +57,9 @@ the "ftpd_banner" setting is set to "bla
 setting and any identical setting that was in the config file.
 .Sh FILES
 .Pa /etc/vsftpd/vsftpd.conf
 +.Pp
-+.Pa /lib/systemd/system/vsftpd@.conf
+.Pa /lib/systemd/system/vsftpd.service
 +.Pp
 +.Pa /lib/systemd/system/vsftpd@vsftpd.conf
 .Sh SEE ALSO
 .Xr vsftpd.conf 5
 +.Xr systemd.unit 5
 .end
 diff -up vsftpd-2.3.4/vsftpd.conf.5.sd vsftpd-2.3.4/vsftpd.conf.5
--- vsftpd-2.3.4/vsftpd.conf.5.sd	2011-08-03 11:02:37.480372306 +0200
+--- vsftpd-2.3.4/vsftpd.conf.5.sd	2011-11-14 15:22:50.546267713 +0100
-+++ vsftpd-2.3.4/vsftpd.conf.5	2011-08-03 15:50:29.435371891 +0200
+++ vsftpd-2.3.4/vsftpd.conf.5	2011-11-15 08:48:42.872580090 +0100
-@@ -13,6 +13,11 @@ inetd such as
+@@ -13,6 +13,9 @@ inetd such as
 to launch vsftpd with different configuration files on a per virtual host
 basis.
 +Systemd changes the vsftpd daemon start-up. Each configuration file 
-+requires a correct symbolic link to the vsftpd@.service file. The name 
+requires a proper unit file that can be obtained by cloning and modifying default vsftpd.service. This additional unit file should be placed to /etc/systemd/system. See systemd.unit(5) for details.
 +of the symbolic link must contain the name of the configuration file. 
 +See systemd.unit(5) for details.
 +
 .SH FORMAT
 The format of vsftpd.conf is very simple. Each line is either a comment or
--- a/vsftpd-2.3.4-sqb.patch
+++ b/vsftpd-2.3.4-sqb.patch
@ -0,0 +1,264 @@
 diff -up vsftpd-2.3.4/ls.c.sqb vsftpd-2.3.4/ls.c
 --- vsftpd-2.3.4/ls.c.sqb	2011-09-13 10:37:05.222089078 +0200
 +++ vsftpd-2.3.4/ls.c	2011-09-13 10:59:19.550508941 +0200
@@ -245,7 +245,7 @@ vsf_filename_passes_filter(const struct 
   int ret = 0;
   char last_token = 0;
   int must_match_at_current_pos = 1;
 -  
 +  int matched = 0;
   str_copy(&filter_remain_str, p_filter_str);
@@ -275,7 +275,7 @@ vsf_filename_passes_filter(const struct 
     static struct mystr s_match_needed_str;
     /* Locate next special token */
     struct str_locate_result locate_result =
 -      str_locate_chars(&filter_remain_str, "*?{");
 +      str_locate_chars(&filter_remain_str, "*?{[");
     (*iters)++;
     /* Isolate text leading up to token (if any) - needs to be matched */
     if (locate_result.found)
@@ -293,94 +293,170 @@ vsf_filename_passes_filter(const struct 
       str_empty(&filter_remain_str);
       last_token = 0;
     }
 -    if (!str_isempty(&s_match_needed_str))
 -    {
 -      /* Need to match something.. could be a match which has to start at
 -       * current position, or we could allow it to start anywhere
 -       */
 -      unsigned int indexx;
 -      locate_result = str_locate_str(&name_remain_str, &s_match_needed_str);
 -      if (!locate_result.found)
 -      {
 -        /* Fail */
 -        goto out;
 -      }
 -      indexx = locate_result.index;
 -      if (must_match_at_current_pos && indexx > 0)
 -      {
 -        goto out;
 -      }
 -      if (!must_match_at_current_pos && last_token == 0)
 -      {
 -        struct mystr last_str = INIT_MYSTR;
 -        str_mid_to_end(&name_remain_str, &last_str,
 -          str_getlen(&name_remain_str) - str_getlen(&s_match_needed_str));
 -        locate_result = str_locate_str(&last_str, &s_match_needed_str);
 -        str_free(&last_str);
 -        if (locate_result.found)
 +    matched = 0;
 +    do {
 +      if (!str_isempty(&s_match_needed_str))
 +      {
 +        if (!matched)
 +        {
 +          matched = 1;
 +        }
 +        /* Need to match something.. could be a match which has to start at
 +         * current position, or we could allow it to start anywhere
 +         */
 +        unsigned int indexx;
 +        locate_result = str_locate_str(&name_remain_str, &s_match_needed_str);
 +        if (!locate_result.found)
 +        {
 +          /* Fail */
 +          goto out;
 +        }
 +        indexx = locate_result.index;
 +        if (must_match_at_current_pos && indexx > 0)
         {
 -          ret = 1;
 +          goto out;
         }
 -        goto out;
 +        if (!must_match_at_current_pos && last_token == 0)
 +        {
 +          struct mystr last_str = INIT_MYSTR;
 +          str_mid_to_end(&name_remain_str, &last_str,
 +            str_getlen(&name_remain_str) - str_getlen(&s_match_needed_str));
 +          locate_result = str_locate_str(&last_str, &s_match_needed_str);
 +          str_free(&last_str);
 +
 +          if (locate_result.found)
 +          {
 +            ret = 1;
 +          }
 +          goto out;
 +        }
 +        /* Chop matched string out of remainder */
 +        str_mid_to_end(&name_remain_str, &temp_str,
 +                       indexx + str_getlen(&s_match_needed_str));
 +        str_copy(&name_remain_str, &temp_str);
       }
 -      /* Chop matched string out of remainder */
 -      str_mid_to_end(&name_remain_str, &temp_str,
 -                     indexx + str_getlen(&s_match_needed_str));
 -      str_copy(&name_remain_str, &temp_str);
 -    }
 -    if (last_token == '?')
 -    {
 -      if (str_isempty(&name_remain_str))
 +      if (last_token == '?')
       {
 -        goto out;
 +        if (str_isempty(&name_remain_str))
 +        {
 +          goto out;
 +        }
 +        str_right(&name_remain_str, &temp_str, str_getlen(&name_remain_str) - 1);
 +        str_copy(&name_remain_str, &temp_str);
 +        must_match_at_current_pos = 1;
       }
 -      str_right(&name_remain_str, &temp_str, str_getlen(&name_remain_str) - 1);
 -      str_copy(&name_remain_str, &temp_str);
 -      must_match_at_current_pos = 1;
 -    }
 -    else if (last_token == '{')
 -    {
 -      struct str_locate_result end_brace =
 -        str_locate_char(&filter_remain_str, '}');
 -      must_match_at_current_pos = 1;
 -      if (end_brace.found)
 +      else if (last_token == '{')
       {
 -        str_split_char(&filter_remain_str, &temp_str, '}');
 -        str_copy(&brace_list_str, &filter_remain_str);
 -        str_copy(&filter_remain_str, &temp_str);
 -        str_split_char(&brace_list_str, &temp_str, ',');
 -        while (!str_isempty(&brace_list_str))
 -        {
 -          str_copy(&new_filter_str, &brace_list_str);
 -          str_append_str(&new_filter_str, &filter_remain_str);
 -          if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
 -                                         iters))
 +        struct str_locate_result end_brace =
 +          str_locate_char(&filter_remain_str, '}');
 +        must_match_at_current_pos = 1;
 +        if (end_brace.found)
 +        {
 +          str_split_char(&filter_remain_str, &temp_str, '}');
 +          str_copy(&brace_list_str, &filter_remain_str);
 +          str_copy(&filter_remain_str, &temp_str);
 +          str_split_char(&brace_list_str, &temp_str, ',');
 +          while (!str_isempty(&brace_list_str))
           {
 -            ret = 1;
 -            goto out;
 +            str_empty(&new_filter_str);
 +            if (!matched)
 +            {
 +              str_append_char(&new_filter_str, '*');
 +            }
 +            str_append_str(&new_filter_str, &brace_list_str);
 +            str_append_str(&new_filter_str, &filter_remain_str);
 +            if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
 +                                           iters))
 +            {
 +              ret = 1;
 +              goto out;
 +            }
 +            str_copy(&brace_list_str, &temp_str);
 +            str_split_char(&brace_list_str, &temp_str, ',');
           }
 -          str_copy(&brace_list_str, &temp_str);
 -          str_split_char(&brace_list_str, &temp_str, ',');
 +          goto out;
 +        }
 +        else if (str_isempty(&name_remain_str) ||
 +                 str_get_char_at(&name_remain_str, 0) != '{')
 +        {
 +          goto out;
 +        }
 +        else
 +        {
 +          str_right(&name_remain_str, &temp_str,
 +                    str_getlen(&name_remain_str) - 1);
 +          str_copy(&name_remain_str, &temp_str);
         }
 -        goto out;
       }
 -      else if (str_isempty(&name_remain_str) ||
 -               str_get_char_at(&name_remain_str, 0) != '{')
 +      else if (last_token == '[')
       {
 -        goto out;
 +        struct str_locate_result end_sqb =
 +          str_locate_char(&filter_remain_str, ']');
 +        must_match_at_current_pos = 1;
 +        if (end_sqb.found)
 +        {
 +          unsigned int cur_pos;
 +          char stch, ench;
 +          const char *p_brace;
 +
 +          str_split_char(&filter_remain_str, &temp_str, ']');
 +          str_copy(&brace_list_str, &filter_remain_str);
 +          str_copy(&filter_remain_str, &temp_str);
 +          p_brace = str_getbuf(&brace_list_str);
 +          for (cur_pos = 0; cur_pos < str_getlen(&brace_list_str);)
 +          {
 +            stch = p_brace[cur_pos];
 +            // char vers. range
 +            if (cur_pos + 2 < str_getlen(&brace_list_str) &&
 +                p_brace[cur_pos+1] == '-')
 +            {
 +              ench = p_brace[cur_pos+2];
 +              cur_pos += 3;
 +            }
 +            else
 +            {
 +              ench = stch;
 +              cur_pos++;
 +            }
 +            // expand char[s]
 +            for (;stch <= ench && !str_isempty(&brace_list_str); stch++)
 +            {
 +              str_empty(&new_filter_str);
 +              if (!matched)
 +              {
 +                str_append_char(&new_filter_str, '*');
 +              }
 +              str_append_char(&new_filter_str, stch);
 +              str_append_str(&new_filter_str, &filter_remain_str);
 +              if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
 +                                             iters))
 +              {
 +                ret = 1;
 +                goto out;
 +              }
 +            }
 +          }
 +          goto out;
 +        }
 +        else if (str_isempty(&name_remain_str) ||
 +                 str_get_char_at(&name_remain_str, 0) != '[')
 +        {
 +          goto out;
 +        }
 +        else
 +        {
 +          str_right(&name_remain_str, &temp_str,
 +                    str_getlen(&name_remain_str) - 1);
 +          str_copy(&name_remain_str, &temp_str);
 +        }
       }
       else
       {
 -        str_right(&name_remain_str, &temp_str,
 -                  str_getlen(&name_remain_str) - 1);
 -        str_copy(&name_remain_str, &temp_str);
 +        must_match_at_current_pos = 0;
       }
 -    }
 -    else
 -    {
 -      must_match_at_current_pos = 0;
 -    }
 +    } while (locate_result.found &&
 +             str_getlen(&name_remain_str) > 0 && last_token != '*');
   }
   /* Any incoming string left means no match unless we ended on the correct
    * type of wildcard.
--- a/vsftpd.spec
+++ b/vsftpd.spec
@ -2,7 +2,7 @@
 Name: vsftpd
 Version: 2.3.4
-Release: 5%{?dist}
+Release: 6%{?dist}
 Summary: Very Secure Ftp Daemon
 Group: System Environment/Daemons
@ -16,7 +16,7 @@ Source3: vsftpd.ftpusers
 Source4: vsftpd.user_list
 Source5: vsftpd.init
 Source6: vsftpd_conf_migrate.sh
-Source7: vsftpd@.service
+Source7: vsftpd.service
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -51,9 +51,10 @@ Patch13: vsftpd-2.2.0-openssl.patch
 Patch14: vsftpd-2.2.0-wildchar.patch
 Patch16: vsftpd-2.2.2-clone.patch
 Patch17: vsftpd-2.2.2-v6only.patch
 Patch18: vsftpd-2.3.4-tout.patch
 Patch19: vsftpd-2.3.4-sd.patch
 Patch20: vsftpd-2.3.4-sqb.patch
 Patch21: vsftpd-2.3.4-noexclusive.patch
 %description
 vsftpd is a Very Secure FTP daemon. It was written completely from
@ -88,9 +89,10 @@ cp %{SOURCE1} .
 %patch13 -p1 -b .openssl
 %patch14 -p1 -b .wildchar
 %patch16 -p1 -b .clone
 %patch17 -p1 -b .v6only
 %patch18 -p1 -b .tout
 %patch19 -p1 -b .sd
 %patch20 -p1 -b .sqb
 %patch21 -p1 -b .noexclusive
 %build
 %ifarch s390x sparcv9 sparc64
@ -119,7 +121,6 @@ install -m 600 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/user_list
 install -m 755 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/vsftpd
 install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh
 install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/lib/systemd/system/
 ln -s /lib/systemd/system/vsftpd@.service $RPM_BUILD_ROOT/lib/systemd/system/vsftpd@vsftpd.service
 mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
@ -131,8 +132,8 @@ rm -rf $RPM_BUILD_ROOT
 %preun
 if [ $1 = 0 ]; then
-	/bin/systemctl disable vsftpd@vsftpd.service > /dev/null 2>&1 || :
+	/bin/systemctl disable vsftpd.service > /dev/null 2>&1 || :
-	/bin/systemctl stop vsftpd@vsftpd.service > /dev/null 2>&1 || :
+	/bin/systemctl stop vsftpd.service > /dev/null 2>&1 || :
 fi
 %postun
@ -140,15 +141,14 @@ fi
 %triggerun --  %{name} < 2.3.4-5
 	/sbin/chkconfig --del vsftpd >/dev/null 2>&1 || :
-	/bin/systemctl try-restart vsftpd@vsftpd.service >/dev/null 2>&1 || :
+	/bin/systemctl try-restart vsftpd.service >/dev/null 2>&1 || :
 %triggerpostun -n %{name}-sysvinit -- %{name} < 2.3.4-5
 	/sbin/chkconfig --add vsftpd >/dev/null 2>&1 || :
 %files
 %defattr(-,root,root,-)
-/lib/systemd/system/vsftpd@.service
+/lib/systemd/system/vsftpd.service
 /lib/systemd/system/vsftpd@vsftpd.service
 %{_sbindir}/vsftpd
 %dir %{_sysconfdir}/vsftpd
 %{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh
@ -167,6 +167,11 @@ fi
 %{_sysconfdir}/rc.d/init.d/vsftpd
 %changelog
 * Tue Nov 15 2011 Jiri Skala <jskala@redhat.com> - 2.3.4-6
 - fixes #753365 - multiple issues with vsftpd's systemd unit
 - removes exclusivity between listen and listen_ipv6 BZ#450853
 - ls wildchars supports square brackets
 * Wed Aug 03 2011 Jiri Skala <jskala@redhat.com> - 2.3.4-5
 - fixes #719434 - Provide native systemd unit file
 - moving SysV initscript into subpackage