fixes #753365 - multiple issues with vsftpd's systemd unit

removes exclusivity between listen and listen_ipv6 BZ#450853
ls wildchars supports square brackets
This commit is contained in:
Jiri Skala 2011-11-15 13:34:41 +01:00
parent 80f6d3e480
commit 09c09a59c9
5 changed files with 301 additions and 67 deletions

View File

@ -1,44 +0,0 @@
diff -up vsftpd-2.2.2/standalone.c.v6only vsftpd-2.2.2/standalone.c
--- vsftpd-2.2.2/standalone.c.v6only 2010-05-14 16:09:38.181388723 +0200
+++ vsftpd-2.2.2/standalone.c 2010-05-14 16:09:38.207398800 +0200
@@ -77,6 +77,7 @@ vsf_standalone_main(void)
else
{
listen_sock = vsf_sysutil_get_ipv6_sock();
+ vsf_sysutil_v6only(listen_sock);
}
vsf_sysutil_activate_reuseaddr(listen_sock);
diff -up vsftpd-2.2.2/sysutil.c.v6only vsftpd-2.2.2/sysutil.c
--- vsftpd-2.2.2/sysutil.c.v6only 2010-05-17 09:09:59.848587511 +0200
+++ vsftpd-2.2.2/sysutil.c 2010-05-17 09:11:04.965806472 +0200
@@ -649,6 +649,18 @@ vsf_sysutil_wait_get_exitcode(const stru
status = ((struct vsf_sysutil_wait_retval*) p_waitret)->exit_status;
return WEXITSTATUS(status);
}
+
+void
+vsf_sysutil_v6only(int fd)
+{
+ int v6only = 1;
+ int retval = setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &v6only,
+ sizeof(v6only));
+ if (retval != 0)
+ {
+ die("setsockopt: ipv6_v6only");
+ }
+}
void
vsf_sysutil_activate_keepalive(int fd)
diff -up vsftpd-2.2.2/sysutil.h.v6only vsftpd-2.2.2/sysutil.h
--- vsftpd-2.2.2/sysutil.h.v6only 2010-05-17 09:10:04.021567360 +0200
+++ vsftpd-2.2.2/sysutil.h 2010-05-17 09:11:24.343557618 +0200
@@ -264,6 +264,7 @@ int vsf_sysutil_connect_timeout(int fd,
void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr,
const char* p_name);
/* Option setting on sockets */
+void vsf_sysutil_v6only(int fd);
void vsf_sysutil_activate_keepalive(int fd);
void vsf_sysutil_set_iptos_throughput(int fd);
void vsf_sysutil_activate_reuseaddr(int fd);

View File

@ -0,0 +1,13 @@
diff -up vsftpd-2.3.4/vsftpd.conf.5.noexclusive vsftpd-2.3.4/vsftpd.conf.5
--- vsftpd-2.3.4/vsftpd.conf.5.noexclusive 2011-11-15 12:56:01.777161200 +0100
+++ vsftpd-2.3.4/vsftpd.conf.5 2011-11-15 12:59:22.037565778 +0100
@@ -284,8 +284,7 @@ Default: NO
.TP
.B listen_ipv6
Like the listen parameter, except vsftpd will listen on an IPv6 socket instead
-of an IPv4 one. This parameter and the listen parameter are mutually
-exclusive.
+of an IPv4 one.
Default: NO
.TP

View File

@ -1,38 +1,34 @@
diff -up vsftpd-2.3.4/vsftpd.8.sd vsftpd-2.3.4/vsftpd.8
--- vsftpd-2.3.4/vsftpd.8.sd 2011-08-03 11:02:30.509291451 +0200
+++ vsftpd-2.3.4/vsftpd.8 2011-08-03 15:50:00.024014865 +0200
--- vsftpd-2.3.4/vsftpd.8.sd 2011-11-14 15:22:50.363265369 +0100
+++ vsftpd-2.3.4/vsftpd.8 2011-11-15 08:32:55.270895429 +0100
@@ -25,6 +25,8 @@ in
Direct execution of the
.Nm vsftpd
binary will then launch the FTP service ready for immediate client connections.
+.Pp
+Systemd changes the vsftpd start-up. When the SysV initscript attempts to start one instance of the vsftpd daemon for each of /etc/vsftpd/*.conf file, each configuration file requires a correct symbolic link to the vsftpd@.service file.The name of the symbolic link must contain the name of the configuration file. See systemd.unit(5) for details. Each instance of the vsftpd daemon is started separately. See systemd.unit(5).
+Systemd changes the vsftpd start-up. When the SysV initscript attempts to start one instance of the vsftpd daemon for each of /etc/vsftpd/*.conf file, each configuration file requires a proper unit file. Each instance of the vsftpd daemon is started separately. See systemd.unit(5).
.Sh OPTIONS
An optional
configuration file or files
@@ -55,6 +57,11 @@ the "ftpd_banner" setting is set to "bla
@@ -55,6 +57,9 @@ the "ftpd_banner" setting is set to "bla
setting and any identical setting that was in the config file.
.Sh FILES
.Pa /etc/vsftpd/vsftpd.conf
+.Pp
+.Pa /lib/systemd/system/vsftpd@.conf
+.Pp
+.Pa /lib/systemd/system/vsftpd@vsftpd.conf
+.Pa /lib/systemd/system/vsftpd.service
.Sh SEE ALSO
.Xr vsftpd.conf 5
+.Xr systemd.unit 5
.end
diff -up vsftpd-2.3.4/vsftpd.conf.5.sd vsftpd-2.3.4/vsftpd.conf.5
--- vsftpd-2.3.4/vsftpd.conf.5.sd 2011-08-03 11:02:37.480372306 +0200
+++ vsftpd-2.3.4/vsftpd.conf.5 2011-08-03 15:50:29.435371891 +0200
@@ -13,6 +13,11 @@ inetd such as
--- vsftpd-2.3.4/vsftpd.conf.5.sd 2011-11-14 15:22:50.546267713 +0100
+++ vsftpd-2.3.4/vsftpd.conf.5 2011-11-15 08:48:42.872580090 +0100
@@ -13,6 +13,9 @@ inetd such as
to launch vsftpd with different configuration files on a per virtual host
basis.
+Systemd changes the vsftpd daemon start-up. Each configuration file
+requires a correct symbolic link to the vsftpd@.service file. The name
+of the symbolic link must contain the name of the configuration file.
+See systemd.unit(5) for details.
+requires a proper unit file that can be obtained by cloning and modifying default vsftpd.service. This additional unit file should be placed to /etc/systemd/system. See systemd.unit(5) for details.
+
.SH FORMAT
The format of vsftpd.conf is very simple. Each line is either a comment or

264
vsftpd-2.3.4-sqb.patch Normal file
View File

@ -0,0 +1,264 @@
diff -up vsftpd-2.3.4/ls.c.sqb vsftpd-2.3.4/ls.c
--- vsftpd-2.3.4/ls.c.sqb 2011-09-13 10:37:05.222089078 +0200
+++ vsftpd-2.3.4/ls.c 2011-09-13 10:59:19.550508941 +0200
@@ -245,7 +245,7 @@ vsf_filename_passes_filter(const struct
int ret = 0;
char last_token = 0;
int must_match_at_current_pos = 1;
-
+ int matched = 0;
str_copy(&filter_remain_str, p_filter_str);
@@ -275,7 +275,7 @@ vsf_filename_passes_filter(const struct
static struct mystr s_match_needed_str;
/* Locate next special token */
struct str_locate_result locate_result =
- str_locate_chars(&filter_remain_str, "*?{");
+ str_locate_chars(&filter_remain_str, "*?{[");
(*iters)++;
/* Isolate text leading up to token (if any) - needs to be matched */
if (locate_result.found)
@@ -293,94 +293,170 @@ vsf_filename_passes_filter(const struct
str_empty(&filter_remain_str);
last_token = 0;
}
- if (!str_isempty(&s_match_needed_str))
- {
- /* Need to match something.. could be a match which has to start at
- * current position, or we could allow it to start anywhere
- */
- unsigned int indexx;
- locate_result = str_locate_str(&name_remain_str, &s_match_needed_str);
- if (!locate_result.found)
- {
- /* Fail */
- goto out;
- }
- indexx = locate_result.index;
- if (must_match_at_current_pos && indexx > 0)
- {
- goto out;
- }
- if (!must_match_at_current_pos && last_token == 0)
- {
- struct mystr last_str = INIT_MYSTR;
- str_mid_to_end(&name_remain_str, &last_str,
- str_getlen(&name_remain_str) - str_getlen(&s_match_needed_str));
- locate_result = str_locate_str(&last_str, &s_match_needed_str);
- str_free(&last_str);
- if (locate_result.found)
+ matched = 0;
+ do {
+ if (!str_isempty(&s_match_needed_str))
+ {
+ if (!matched)
+ {
+ matched = 1;
+ }
+ /* Need to match something.. could be a match which has to start at
+ * current position, or we could allow it to start anywhere
+ */
+ unsigned int indexx;
+ locate_result = str_locate_str(&name_remain_str, &s_match_needed_str);
+ if (!locate_result.found)
+ {
+ /* Fail */
+ goto out;
+ }
+ indexx = locate_result.index;
+ if (must_match_at_current_pos && indexx > 0)
{
- ret = 1;
+ goto out;
}
- goto out;
+ if (!must_match_at_current_pos && last_token == 0)
+ {
+ struct mystr last_str = INIT_MYSTR;
+ str_mid_to_end(&name_remain_str, &last_str,
+ str_getlen(&name_remain_str) - str_getlen(&s_match_needed_str));
+ locate_result = str_locate_str(&last_str, &s_match_needed_str);
+ str_free(&last_str);
+
+ if (locate_result.found)
+ {
+ ret = 1;
+ }
+ goto out;
+ }
+ /* Chop matched string out of remainder */
+ str_mid_to_end(&name_remain_str, &temp_str,
+ indexx + str_getlen(&s_match_needed_str));
+ str_copy(&name_remain_str, &temp_str);
}
- /* Chop matched string out of remainder */
- str_mid_to_end(&name_remain_str, &temp_str,
- indexx + str_getlen(&s_match_needed_str));
- str_copy(&name_remain_str, &temp_str);
- }
- if (last_token == '?')
- {
- if (str_isempty(&name_remain_str))
+ if (last_token == '?')
{
- goto out;
+ if (str_isempty(&name_remain_str))
+ {
+ goto out;
+ }
+ str_right(&name_remain_str, &temp_str, str_getlen(&name_remain_str) - 1);
+ str_copy(&name_remain_str, &temp_str);
+ must_match_at_current_pos = 1;
}
- str_right(&name_remain_str, &temp_str, str_getlen(&name_remain_str) - 1);
- str_copy(&name_remain_str, &temp_str);
- must_match_at_current_pos = 1;
- }
- else if (last_token == '{')
- {
- struct str_locate_result end_brace =
- str_locate_char(&filter_remain_str, '}');
- must_match_at_current_pos = 1;
- if (end_brace.found)
+ else if (last_token == '{')
{
- str_split_char(&filter_remain_str, &temp_str, '}');
- str_copy(&brace_list_str, &filter_remain_str);
- str_copy(&filter_remain_str, &temp_str);
- str_split_char(&brace_list_str, &temp_str, ',');
- while (!str_isempty(&brace_list_str))
- {
- str_copy(&new_filter_str, &brace_list_str);
- str_append_str(&new_filter_str, &filter_remain_str);
- if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
- iters))
+ struct str_locate_result end_brace =
+ str_locate_char(&filter_remain_str, '}');
+ must_match_at_current_pos = 1;
+ if (end_brace.found)
+ {
+ str_split_char(&filter_remain_str, &temp_str, '}');
+ str_copy(&brace_list_str, &filter_remain_str);
+ str_copy(&filter_remain_str, &temp_str);
+ str_split_char(&brace_list_str, &temp_str, ',');
+ while (!str_isempty(&brace_list_str))
{
- ret = 1;
- goto out;
+ str_empty(&new_filter_str);
+ if (!matched)
+ {
+ str_append_char(&new_filter_str, '*');
+ }
+ str_append_str(&new_filter_str, &brace_list_str);
+ str_append_str(&new_filter_str, &filter_remain_str);
+ if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
+ iters))
+ {
+ ret = 1;
+ goto out;
+ }
+ str_copy(&brace_list_str, &temp_str);
+ str_split_char(&brace_list_str, &temp_str, ',');
}
- str_copy(&brace_list_str, &temp_str);
- str_split_char(&brace_list_str, &temp_str, ',');
+ goto out;
+ }
+ else if (str_isempty(&name_remain_str) ||
+ str_get_char_at(&name_remain_str, 0) != '{')
+ {
+ goto out;
+ }
+ else
+ {
+ str_right(&name_remain_str, &temp_str,
+ str_getlen(&name_remain_str) - 1);
+ str_copy(&name_remain_str, &temp_str);
}
- goto out;
}
- else if (str_isempty(&name_remain_str) ||
- str_get_char_at(&name_remain_str, 0) != '{')
+ else if (last_token == '[')
{
- goto out;
+ struct str_locate_result end_sqb =
+ str_locate_char(&filter_remain_str, ']');
+ must_match_at_current_pos = 1;
+ if (end_sqb.found)
+ {
+ unsigned int cur_pos;
+ char stch, ench;
+ const char *p_brace;
+
+ str_split_char(&filter_remain_str, &temp_str, ']');
+ str_copy(&brace_list_str, &filter_remain_str);
+ str_copy(&filter_remain_str, &temp_str);
+ p_brace = str_getbuf(&brace_list_str);
+ for (cur_pos = 0; cur_pos < str_getlen(&brace_list_str);)
+ {
+ stch = p_brace[cur_pos];
+ // char vers. range
+ if (cur_pos + 2 < str_getlen(&brace_list_str) &&
+ p_brace[cur_pos+1] == '-')
+ {
+ ench = p_brace[cur_pos+2];
+ cur_pos += 3;
+ }
+ else
+ {
+ ench = stch;
+ cur_pos++;
+ }
+ // expand char[s]
+ for (;stch <= ench && !str_isempty(&brace_list_str); stch++)
+ {
+ str_empty(&new_filter_str);
+ if (!matched)
+ {
+ str_append_char(&new_filter_str, '*');
+ }
+ str_append_char(&new_filter_str, stch);
+ str_append_str(&new_filter_str, &filter_remain_str);
+ if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
+ iters))
+ {
+ ret = 1;
+ goto out;
+ }
+ }
+ }
+ goto out;
+ }
+ else if (str_isempty(&name_remain_str) ||
+ str_get_char_at(&name_remain_str, 0) != '[')
+ {
+ goto out;
+ }
+ else
+ {
+ str_right(&name_remain_str, &temp_str,
+ str_getlen(&name_remain_str) - 1);
+ str_copy(&name_remain_str, &temp_str);
+ }
}
else
{
- str_right(&name_remain_str, &temp_str,
- str_getlen(&name_remain_str) - 1);
- str_copy(&name_remain_str, &temp_str);
+ must_match_at_current_pos = 0;
}
- }
- else
- {
- must_match_at_current_pos = 0;
- }
+ } while (locate_result.found &&
+ str_getlen(&name_remain_str) > 0 && last_token != '*');
}
/* Any incoming string left means no match unless we ended on the correct
* type of wildcard.

View File

@ -2,7 +2,7 @@
Name: vsftpd
Version: 2.3.4
Release: 5%{?dist}
Release: 6%{?dist}
Summary: Very Secure Ftp Daemon
Group: System Environment/Daemons
@ -16,7 +16,7 @@ Source3: vsftpd.ftpusers
Source4: vsftpd.user_list
Source5: vsftpd.init
Source6: vsftpd_conf_migrate.sh
Source7: vsftpd@.service
Source7: vsftpd.service
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -51,9 +51,10 @@ Patch13: vsftpd-2.2.0-openssl.patch
Patch14: vsftpd-2.2.0-wildchar.patch
Patch16: vsftpd-2.2.2-clone.patch
Patch17: vsftpd-2.2.2-v6only.patch
Patch18: vsftpd-2.3.4-tout.patch
Patch19: vsftpd-2.3.4-sd.patch
Patch20: vsftpd-2.3.4-sqb.patch
Patch21: vsftpd-2.3.4-noexclusive.patch
%description
vsftpd is a Very Secure FTP daemon. It was written completely from
@ -88,9 +89,10 @@ cp %{SOURCE1} .
%patch13 -p1 -b .openssl
%patch14 -p1 -b .wildchar
%patch16 -p1 -b .clone
%patch17 -p1 -b .v6only
%patch18 -p1 -b .tout
%patch19 -p1 -b .sd
%patch20 -p1 -b .sqb
%patch21 -p1 -b .noexclusive
%build
%ifarch s390x sparcv9 sparc64
@ -119,7 +121,6 @@ install -m 600 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/user_list
install -m 755 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/vsftpd
install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/lib/systemd/system/
ln -s /lib/systemd/system/vsftpd@.service $RPM_BUILD_ROOT/lib/systemd/system/vsftpd@vsftpd.service
mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
@ -131,8 +132,8 @@ rm -rf $RPM_BUILD_ROOT
%preun
if [ $1 = 0 ]; then
/bin/systemctl disable vsftpd@vsftpd.service > /dev/null 2>&1 || :
/bin/systemctl stop vsftpd@vsftpd.service > /dev/null 2>&1 || :
/bin/systemctl disable vsftpd.service > /dev/null 2>&1 || :
/bin/systemctl stop vsftpd.service > /dev/null 2>&1 || :
fi
%postun
@ -140,15 +141,14 @@ fi
%triggerun -- %{name} < 2.3.4-5
/sbin/chkconfig --del vsftpd >/dev/null 2>&1 || :
/bin/systemctl try-restart vsftpd@vsftpd.service >/dev/null 2>&1 || :
/bin/systemctl try-restart vsftpd.service >/dev/null 2>&1 || :
%triggerpostun -n %{name}-sysvinit -- %{name} < 2.3.4-5
/sbin/chkconfig --add vsftpd >/dev/null 2>&1 || :
%files
%defattr(-,root,root,-)
/lib/systemd/system/vsftpd@.service
/lib/systemd/system/vsftpd@vsftpd.service
/lib/systemd/system/vsftpd.service
%{_sbindir}/vsftpd
%dir %{_sysconfdir}/vsftpd
%{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh
@ -167,6 +167,11 @@ fi
%{_sysconfdir}/rc.d/init.d/vsftpd
%changelog
* Tue Nov 15 2011 Jiri Skala <jskala@redhat.com> - 2.3.4-6
- fixes #753365 - multiple issues with vsftpd's systemd unit
- removes exclusivity between listen and listen_ipv6 BZ#450853
- ls wildchars supports square brackets
* Wed Aug 03 2011 Jiri Skala <jskala@redhat.com> - 2.3.4-5
- fixes #719434 - Provide native systemd unit file
- moving SysV initscript into subpackage