- update to latest upstream release
- cleanup the spec file
- drop patches fixed upstream: vsftpd-1.0.1-missingok.patch
vsftpd-1.2.1-nonrootconf.patch vsftpd-2.0.1-tcp_wrappers.patch
vsftpd-2.0.2-signal.patch vsftpd-2.0.3-daemonize_fds.patch
vsftpd-2.0.5-correct_comments.patch vsftpd-2.0.5-pasv_dot.patch
vsftpd-2.0.5-write_race.patch vsftpd-2.0.5-fix_unique.patch
vsftpd-2.0.5-uname_size.patch vsftpd-2.0.5-bind_denied.patch
vsftpd-2.0.5-pam_end.patch vsftpd-2.0.5-underscore_uname.patch
vsftpd-2.0.6-listen.patch
- join all configuration patches into one: vsftpd-1.1.3-rh.patch
vsftpd-1.2.1-conffile.patch vsftpd-2.0.1-dir.patch
vsftpd-2.0.1-server_args.patch vsftpd-2.0.3-background.patch
vsftpd-2.0.5-default_ipv6.patch vsftpd-2.0.5-add_ipv6_option.patch
vsftpd-2.0.5-man.patch
This commit is contained in:
Martin Nagy
parent
6872c7137e
commit
3572541ce7
@ -1 +1 @@
|
||||
vsftpd-2.0.7.tar.gz
|
||||
vsftpd-2.1.0pre3.tar.gz
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
3e39cb7b0bee306ad7df8e3552e15297 vsftpd-2.0.7.tar.gz
|
||||
6e968036b3575253f384e06f7b4ddd57 vsftpd-2.1.0pre3.tar.gz
|
||||
|
||||
@ -1,8 +0,0 @@
|
||||
--- vsftpd-1.0.1/RedHat/vsftpd.log.checkfile Thu Feb 28 12:34:34 2002
|
||||
+++ vsftpd-1.0.1/RedHat/vsftpd.log Thu Feb 28 12:35:03 2002
|
||||
@@ -1,4 +1,5 @@
|
||||
/var/log/vsftpd.log {
|
||||
# ftpd doesn't handle SIGHUP properly
|
||||
nocompress
|
||||
+ missingok
|
||||
}
|
||||
@ -1,38 +0,0 @@
|
||||
--- vsftpd-1.0.1/vsftpd.conf.rh Mon Jul 30 17:51:07 2001
|
||||
+++ vsftpd-1.0.1/vsftpd.conf Wed Nov 28 14:38:36 2001
|
||||
@@ -7,14 +7,14 @@
|
||||
anonymous_enable=YES
|
||||
#
|
||||
# Uncomment this to allow local users to log in.
|
||||
-#local_enable=YES
|
||||
+local_enable=YES
|
||||
#
|
||||
# Uncomment this to enable any form of FTP write command.
|
||||
-#write_enable=YES
|
||||
+write_enable=YES
|
||||
#
|
||||
# Default umask for local users is 077. You may wish to change this to 022,
|
||||
# if your users expect that (022 is used by most other ftpd's)
|
||||
-#local_umask=022
|
||||
+local_umask=022
|
||||
#
|
||||
# Uncomment this to allow the anonymous FTP user to upload files. This only
|
||||
# has an effect if the above global write enable is activated. Also, you will
|
||||
@@ -46,7 +46,7 @@
|
||||
#xferlog_file=/var/log/vsftpd.log
|
||||
#
|
||||
# If you want, you can have your log file in standard ftpd xferlog format
|
||||
-#xferlog_std_format=YES
|
||||
+xferlog_std_format=YES
|
||||
#
|
||||
# You may change the default value for timing out an idle session.
|
||||
#idle_session_timeout=600
|
||||
@@ -98,3 +98,8 @@
|
||||
# the presence of the "-R" option, so there is a strong case for enabling it.
|
||||
#ls_recurse_enable=YES
|
||||
|
||||
+pam_service_name=vsftpd
|
||||
+userlist_enable=YES
|
||||
+#enable for standalone mode
|
||||
+listen=YES
|
||||
+tcp_wrappers=YES
|
||||
@ -1,110 +0,0 @@
|
||||
--- vsftpd-1.2.1/FAQ.foo 2004-05-03 18:06:26.051315979 -0400
|
||||
+++ vsftpd-1.2.1/FAQ 2004-05-03 18:08:27.168746928 -0400
|
||||
@@ -33,7 +33,7 @@
|
||||
Q) Help! Local users cannot log in.
|
||||
A) There are various possible problems.
|
||||
A1) By default, vsftpd disables any logins other than anonymous logins. Put
|
||||
-local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.
|
||||
+local_enable=YES in your /etc/vsftpd/vsftpd.conf to allow local users to log in.
|
||||
A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to
|
||||
find out whether this has happened or not). If vsftpd links with PAM, then
|
||||
you will need to have a PAM file installed for the vsftpd service. There is
|
||||
@@ -45,12 +45,12 @@
|
||||
A4) If you are not using PAM, then vsftpd will do its own check for a valid
|
||||
user shell in /etc/shells. You may need to disable this if you use an invalid
|
||||
shell to disable logins other than FTP logins. Put check_shell=NO in your
|
||||
-/etc/vsftpd.conf.
|
||||
+/etc/vsftpd/vsftpd.conf.
|
||||
|
||||
Q) Help! Uploads or other write commands give me "500 Unknown command.".
|
||||
A) By default, write commands, including uploads and new directories, are
|
||||
disabled. This is a security measure. To enable writes, put write_enable=YES
|
||||
-in your /etc/vsftpd.conf.
|
||||
+in your /etc/vsftpd/vsftpd.conf.
|
||||
|
||||
Q) Help! What are the security implications referred to in the
|
||||
"chroot_local_user" option?
|
||||
@@ -86,7 +86,7 @@
|
||||
mode. Use "listen_address=x.x.x.x" to set the virtual IP.
|
||||
|
||||
Q) Help! Does vsftpd support virtual users?
|
||||
-A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This
|
||||
+A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd/vsftpd.conf. This
|
||||
has the effect of mapping every non-anonymous successful login to the local
|
||||
username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb
|
||||
module to provide authentication against an external (i.e. non-/etc/passwd)
|
||||
--- vsftpd-1.2.1/defs.h.foo 2004-05-03 18:06:29.771837724 -0400
|
||||
+++ vsftpd-1.2.1/defs.h 2004-05-03 18:07:51.356350436 -0400
|
||||
@@ -1,7 +1,7 @@
|
||||
#ifndef VSF_DEFS_H
|
||||
#define VSF_DEFS_H
|
||||
|
||||
-#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf"
|
||||
+#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf"
|
||||
|
||||
#define VSFTP_COMMAND_FD 0
|
||||
|
||||
--- vsftpd-1.2.1/INSTALL.foo 2004-05-03 18:06:33.061414865 -0400
|
||||
+++ vsftpd-1.2.1/INSTALL 2004-05-03 18:08:57.133895056 -0400
|
||||
@@ -63,7 +63,7 @@
|
||||
vsftpd can run standalone or via an inetd (such as inetd or xinetd). You will
|
||||
typically get more control running vsftpd from an inetd. But first we will run
|
||||
it without, so we can check things are going well so far.
|
||||
-Edit /etc/vsftpd.conf, and add this line at the bottom:
|
||||
+Edit /etc/vsftpd/vsftpd.conf, and add this line at the bottom:
|
||||
|
||||
listen=YES
|
||||
|
||||
@@ -135,11 +135,11 @@
|
||||
Step 7) Customize your configuration
|
||||
|
||||
As well as the above three pre-requisites, you are recommended to install a
|
||||
-config file. The default location for the config file is /etc/vsftpd.conf.
|
||||
+config file. The default location for the config file is /etc/vsftpd/vsftpd.conf.
|
||||
There is a sample vsftpd.conf in the distribution tarball. You probably want
|
||||
-to copy that to /etc/vsftpd.conf as a basis for modification, i.e.:
|
||||
+to copy that to /etc/vsftpd/vsftpd.conf as a basis for modification, i.e.:
|
||||
|
||||
-cp vsftpd.conf /etc
|
||||
+cp vsftpd.conf /etc/vsftpd/
|
||||
|
||||
The default configuration allows neither local user logins nor anonymous
|
||||
uploads. You may wish to change these defaults.
|
||||
--- vsftpd-1.2.1/vsftpd.8.foo 2004-05-03 18:06:40.593446659 -0400
|
||||
+++ vsftpd-1.2.1/vsftpd.8 2004-05-03 18:09:04.438956026 -0400
|
||||
@@ -21,7 +21,7 @@
|
||||
recommended. It is activated by setting
|
||||
.Pa listen=YES
|
||||
in
|
||||
-.Pa /etc/vsftpd.conf .
|
||||
+.Pa /etc/vsftpd/vsftpd.conf .
|
||||
Direct execution of the
|
||||
.Nm vsftpd
|
||||
binary will then launch the FTP service ready for immediate client connections.
|
||||
@@ -29,6 +29,6 @@
|
||||
An optional
|
||||
.Op configuration file
|
||||
may be given on the command line. The default configuration file is
|
||||
-.Pa /etc/vsftpd.conf .
|
||||
+.Pa /etc/vsftpd/vsftpd.conf .
|
||||
.Sh SEE ALSO
|
||||
.Xr vsftpd.conf 5
|
||||
--- vsftpd-1.2.1/vsftpd.conf.foo 2004-05-03 18:06:55.217566800 -0400
|
||||
+++ vsftpd-1.2.1/vsftpd.conf 2004-05-03 18:09:28.049920952 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-# Example config file /etc/vsftpd.conf
|
||||
+# Example config file /etc/vsftpd/vsftpd.conf
|
||||
#
|
||||
# The default compiled in settings are fairly paranoid. This sample file
|
||||
# loosens things up a bit, to make the ftp daemon more usable.
|
||||
--- vsftpd-1.2.1/vsftpd.conf.5.foo 2004-05-03 18:07:06.184157099 -0400
|
||||
+++ vsftpd-1.2.1/vsftpd.conf.5 2004-05-03 18:09:20.649872192 -0400
|
||||
@@ -4,7 +4,7 @@
|
||||
.SH DESCRIPTION
|
||||
vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By
|
||||
default, vsftpd looks for this file at the location
|
||||
-.BR /etc/vsftpd.conf .
|
||||
+.BR /etc/vsftpd/vsftpd.conf .
|
||||
However, you may override this by specifying a command line argument to
|
||||
vsftpd. The command line argument is the pathname of the configuration file
|
||||
for vsftpd. This behaviour is useful because you may wish to use an advanced
|
||||
@ -1,77 +0,0 @@
|
||||
diff -up vsftpd-2.0.6/parseconf.c.nonrootconf vsftpd-2.0.6/parseconf.c
|
||||
--- vsftpd-2.0.6/parseconf.c.nonrootconf 2008-02-12 05:53:32.000000000 +0100
|
||||
+++ vsftpd-2.0.6/parseconf.c 2008-07-01 12:28:12.000000000 +0200
|
||||
@@ -15,6 +15,7 @@
|
||||
#include "defs.h"
|
||||
#include "sysutil.h"
|
||||
#include "utility.h"
|
||||
+#include "sysstr.h"
|
||||
|
||||
static const char* s_p_saved_filename;
|
||||
static int s_strings_copied;
|
||||
@@ -182,6 +183,8 @@ vsf_parseconf_load_file(const char* p_fi
|
||||
struct mystr config_file_str = INIT_MYSTR;
|
||||
struct mystr config_setting_str = INIT_MYSTR;
|
||||
struct mystr config_value_str = INIT_MYSTR;
|
||||
+ struct vsf_sysutil_statbuf* p_statbuf = 0;
|
||||
+
|
||||
unsigned int str_pos = 0;
|
||||
int retval;
|
||||
if (!p_filename)
|
||||
@@ -210,7 +213,9 @@ vsf_parseconf_load_file(const char* p_fi
|
||||
copy_string_settings();
|
||||
}
|
||||
retval = str_fileread(&config_file_str, p_filename, VSFTP_CONF_FILE_MAX);
|
||||
- if (vsf_sysutil_retval_is_error(retval))
|
||||
+ (int)vsf_sysutil_stat(p_filename, &p_statbuf);
|
||||
+ /* Security - die unless the conf file is owned by root */
|
||||
+ if (vsf_sysutil_retval_is_error(retval) || vsf_sysutil_statbuf_get_uid(p_statbuf) != VSFTP_ROOT_UID)
|
||||
{
|
||||
if (errs_fatal)
|
||||
{
|
||||
@@ -221,6 +226,7 @@ vsf_parseconf_load_file(const char* p_fi
|
||||
return;
|
||||
}
|
||||
}
|
||||
+ vsf_sysutil_free(p_statbuf);
|
||||
while (str_getline(&config_file_str, &config_setting_str, &str_pos))
|
||||
{
|
||||
if (str_isempty(&config_setting_str) ||
|
||||
diff -up vsftpd-2.0.6/twoprocess.c.nonrootconf vsftpd-2.0.6/twoprocess.c
|
||||
--- vsftpd-2.0.6/twoprocess.c.nonrootconf 2008-02-12 04:18:34.000000000 +0100
|
||||
+++ vsftpd-2.0.6/twoprocess.c 2008-07-01 12:21:28.000000000 +0200
|
||||
@@ -423,11 +423,17 @@ handle_per_user_config(const struct myst
|
||||
str_append_char(&filename_str, '/');
|
||||
str_append_str(&filename_str, p_user_str);
|
||||
retval = str_stat(&filename_str, &p_statbuf);
|
||||
- /* Security - ignore unless owned by root */
|
||||
- if (!vsf_sysutil_retval_is_error(retval) &&
|
||||
- vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID)
|
||||
+ /* Security - die unless owned by root */
|
||||
+ if (!vsf_sysutil_retval_is_error(retval))
|
||||
{
|
||||
- vsf_parseconf_load_file(str_getbuf(&filename_str), 1);
|
||||
+ if (vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID)
|
||||
+ {
|
||||
+ vsf_parseconf_load_file(str_getbuf(&filename_str), 1);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ die("reading non-root config file");
|
||||
+ }
|
||||
}
|
||||
str_free(&filename_str);
|
||||
vsf_sysutil_free(p_statbuf);
|
||||
diff -up vsftpd-2.0.6/vsftpd.8.nonrootconf vsftpd-2.0.6/vsftpd.8
|
||||
--- vsftpd-2.0.6/vsftpd.8.nonrootconf 2008-07-01 12:21:28.000000000 +0200
|
||||
+++ vsftpd-2.0.6/vsftpd.8 2008-07-01 12:21:28.000000000 +0200
|
||||
@@ -28,7 +28,8 @@ binary will then launch the FTP service
|
||||
.Sh OPTIONS
|
||||
An optional
|
||||
.Op configuration file
|
||||
-may be given on the command line. The default configuration file is
|
||||
+may be given on the command line. This configuration files has to be owned by
|
||||
+root. The default configuration file is
|
||||
.Pa /etc/vsftpd/vsftpd.conf .
|
||||
.Sh SEE ALSO
|
||||
.Xr vsftpd.conf 5
|
||||
@ -1,12 +0,0 @@
|
||||
diff -up vsftpd-2.0.6/builddefs.h.build_ssl vsftpd-2.0.6/builddefs.h
|
||||
--- vsftpd-2.0.6/builddefs.h.build_ssl 2008-09-08 23:28:16.000000000 -0400
|
||||
+++ vsftpd-2.0.6/builddefs.h 2008-09-08 23:29:04.000000000 -0400
|
||||
@@ -3,7 +3,7 @@
|
||||
|
||||
#define VSF_BUILD_TCPWRAPPERS
|
||||
#define VSF_BUILD_PAM
|
||||
-#undef VSF_BUILD_SSL
|
||||
+#define VSF_BUILD_SSL
|
||||
|
||||
#endif /* VSF_BUILDDEFS_H */
|
||||
|
||||
@ -1,160 +0,0 @@
|
||||
--- vsftpd-2.0.1/README.dir 2004-07-02 02:34:35.000000000 +0200
|
||||
+++ vsftpd-2.0.1/README 2004-11-11 12:33:02.114458576 +0100
|
||||
@@ -35,3 +35,8 @@
|
||||
Various example configurations are discussed in the EXAMPLE directory.
|
||||
Frequently asked questions are tackled in the FAQ file.
|
||||
|
||||
+Important Note
|
||||
+==============
|
||||
+The location of configuration files was changed to /etc/vsftpd/. If you want
|
||||
+to migrate your old conf files from /etc (files vsftpd.xxxx.rpmsave) use
|
||||
+/etc/vsfptd/vsftpd_conf_migrate.sh
|
||||
--- vsftpd-2.0.1/EXAMPLE/INTERNET_SITE_NOINETD/README.dir 2002-11-09 17:07:09.000000000 +0100
|
||||
+++ vsftpd-2.0.1/EXAMPLE/INTERNET_SITE_NOINETD/README 2004-11-11 12:26:59.331609952 +0100
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
To use this example config:
|
||||
|
||||
-1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf.
|
||||
+1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf.
|
||||
|
||||
2) Start up vsftpd, e.g.
|
||||
vsftpd &
|
||||
@@ -51,5 +51,5 @@
|
||||
listen_address=192.168.1.2
|
||||
|
||||
And launch vsftpd with a specific config file like this:
|
||||
-vsftpd /etc/vsftpd.conf.site1 &
|
||||
+vsftpd /etc/vsftpd/vsftpd.conf.site1 &
|
||||
|
||||
--- vsftpd-2.0.1/EXAMPLE/INTERNET_SITE/vsftpd.xinetd.dir 2002-07-31 00:57:21.000000000 +0200
|
||||
+++ vsftpd-2.0.1/EXAMPLE/INTERNET_SITE/vsftpd.xinetd 2004-11-11 12:26:59.331609952 +0100
|
||||
@@ -9,7 +9,7 @@
|
||||
per_source = 5
|
||||
instances = 200
|
||||
no_access = 192.168.1.3
|
||||
- banner_fail = /etc/vsftpd.busy_banner
|
||||
+ banner_fail = /etc/vsftpd/busy_banner
|
||||
log_on_success += PID HOST DURATION
|
||||
log_on_failure += HOST
|
||||
}
|
||||
--- vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/vsftpd.pam.dir 2002-07-30 20:36:38.000000000 +0200
|
||||
+++ vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/vsftpd.pam 2004-11-11 12:26:59.377602960 +0100
|
||||
@@ -1,2 +1,2 @@
|
||||
-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
|
||||
-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
|
||||
+auth required /lib/security/pam_userdb.so db=/etc/vsftpd/login
|
||||
+account required /lib/security/pam_userdb.so db=/etc/vsftpd/login
|
||||
--- vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/README.dir 2003-11-05 01:27:48.000000000 +0100
|
||||
+++ vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/README 2004-11-11 12:26:59.377602960 +0100
|
||||
@@ -15,7 +15,7 @@
|
||||
"fred" with password "bar".
|
||||
Whilst logged in as root, create the actual database file like this:
|
||||
|
||||
-db_load -T -t hash -f logins.txt /etc/vsftpd_login.db
|
||||
+db_load -T -t hash -f logins.txt /etc/vsftpd/login.db
|
||||
(Requires the Berkeley db program installed).
|
||||
NOTE: Many systems have multiple versions of "db" installed, so you may
|
||||
need to use e.g. db3_load for correct operation. This is known to affect
|
||||
@@ -23,10 +23,10 @@
|
||||
database to be a specific db version (often db3, whereas db4 may be installed
|
||||
on your system).
|
||||
|
||||
-This will create /etc/vsftpd_login.db. Obviously, you may want to make sure
|
||||
+This will create /etc/vsftpd/login.db. Obviously, you may want to make sure
|
||||
the permissions are restricted:
|
||||
|
||||
-chmod 600 /etc/vsftpd_login.db
|
||||
+chmod 600 /etc/vsftpd/login.db
|
||||
|
||||
For more information on maintaing your login database, look around for
|
||||
documentation on "Berkeley DB", e.g.
|
||||
@@ -37,8 +37,8 @@
|
||||
|
||||
See the example file vsftpd.pam. It contains two lines:
|
||||
|
||||
-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
|
||||
-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
|
||||
+auth required /lib/security/pam_userdb.so db=/etc/vsftpd/login
|
||||
+account required /lib/security/pam_userdb.so db=/etc/vsftpd/login
|
||||
|
||||
This tells PAM to authenticate users using our new database. Copy this PAM
|
||||
file to the PAM directory - typically /etc/pam.d/
|
||||
@@ -105,9 +105,9 @@
|
||||
These put a port range on passive FTP incoming requests - very useful if
|
||||
you are configuring a firewall.
|
||||
|
||||
-Copy the example vsftpd.conf file to /etc:
|
||||
+Copy the example vsftpd.conf file to /etc/vsftpd:
|
||||
|
||||
-cp vsftpd.conf /etc/
|
||||
+cp vsftpd.conf /etc/vsftpd/
|
||||
|
||||
|
||||
Step 5) Start up vsftpd.
|
||||
--- vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/README.dir 2002-11-09 17:16:12.000000000 +0100
|
||||
+++ vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/README 2004-11-11 12:26:59.377602960 +0100
|
||||
@@ -20,7 +20,7 @@
|
||||
|
||||
Let's have a look at the example:
|
||||
|
||||
-vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
|
||||
+vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/tcp_wrap.conf
|
||||
vsftpd: 192.168.1.4: DENY
|
||||
|
||||
The first line:
|
||||
--- vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/hosts.allow.dir 2002-11-09 17:04:24.000000000 +0100
|
||||
+++ vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/hosts.allow 2004-11-11 12:26:59.378602808 +0100
|
||||
@@ -4,6 +4,6 @@
|
||||
# by the '/usr/sbin/tcpd' server.
|
||||
#
|
||||
|
||||
-vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
|
||||
+vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/tcp_wrap.conf
|
||||
vsftpd: 192.168.1.4: DENY
|
||||
|
||||
--- vsftpd-2.0.1/tunables.c.dir 2004-07-02 13:26:17.000000000 +0200
|
||||
+++ vsftpd-2.0.1/tunables.c 2004-11-11 12:26:59.378602808 +0100
|
||||
@@ -95,11 +95,11 @@
|
||||
const char* tunable_message_file = ".message";
|
||||
const char* tunable_nopriv_user = "nobody";
|
||||
const char* tunable_ftpd_banner = 0;
|
||||
-const char* tunable_banned_email_file = "/etc/vsftpd.banned_emails";
|
||||
-const char* tunable_chroot_list_file = "/etc/vsftpd.chroot_list";
|
||||
+const char* tunable_banned_email_file = "/etc/vsftpd/banned_emails";
|
||||
+const char* tunable_chroot_list_file = "/etc/vsftpd/chroot_list";
|
||||
const char* tunable_pam_service_name = "ftp";
|
||||
const char* tunable_guest_username = "ftp";
|
||||
-const char* tunable_userlist_file = "/etc/vsftpd.user_list";
|
||||
+const char* tunable_userlist_file = "/etc/vsftpd/user_list";
|
||||
const char* tunable_anon_root = 0;
|
||||
const char* tunable_local_root = 0;
|
||||
const char* tunable_banner_file = 0;
|
||||
@@ -111,7 +111,7 @@
|
||||
const char* tunable_hide_file = 0;
|
||||
const char* tunable_deny_file = 0;
|
||||
const char* tunable_user_sub_token = 0;
|
||||
-const char* tunable_email_password_file = "/etc/vsftpd.email_passwords";
|
||||
+const char* tunable_email_password_file = "/etc/vsftpd/email_passwords";
|
||||
const char* tunable_rsa_cert_file = "/usr/share/ssl/certs/vsftpd.pem";
|
||||
const char* tunable_dsa_cert_file = 0;
|
||||
const char* tunable_ssl_ciphers = "DES-CBC3-SHA";
|
||||
--- vsftpd-2.0.1/vsftpd.conf.dir 2004-11-11 12:26:59.231625152 +0100
|
||||
+++ vsftpd-2.0.1/vsftpd.conf 2004-11-11 12:26:59.380602504 +0100
|
||||
@@ -88,14 +88,14 @@
|
||||
# useful for combatting certain DoS attacks.
|
||||
#deny_email_enable=YES
|
||||
# (default follows)
|
||||
-#banned_email_file=/etc/vsftpd.banned_emails
|
||||
+#banned_email_file=/etc/vsftpd/banned_emails
|
||||
#
|
||||
# You may specify an explicit list of local users to chroot() to their home
|
||||
# directory. If chroot_local_user is YES, then this list becomes a list of
|
||||
# users to NOT chroot().
|
||||
#chroot_list_enable=YES
|
||||
# (default follows)
|
||||
-#chroot_list_file=/etc/vsftpd.chroot_list
|
||||
+#chroot_list_file=/etc/vsftpd/chroot_list
|
||||
#
|
||||
# You may activate the "-R" option to the builtin ls. This is disabled by
|
||||
# default to avoid remote users being able to cause excessive I/O on large
|
||||
@ -1,11 +0,0 @@
|
||||
--- vsftpd-2.0.1/xinetd.d/vsftpd.server_args 2001-10-11 21:40:17.000000000 +0200
|
||||
+++ vsftpd-2.0.1/xinetd.d/vsftpd 2004-10-01 14:52:28.171052120 +0200
|
||||
@@ -9,7 +9,7 @@
|
||||
wait = no
|
||||
user = root
|
||||
server = /usr/local/sbin/vsftpd
|
||||
-# server_args =
|
||||
+ server_args = /etc/vsftpd/vsftpd.conf
|
||||
# log_on_success += DURATION USERID
|
||||
# log_on_failure += USERID
|
||||
nice = 10
|
||||
@ -1,29 +0,0 @@
|
||||
--- vsftpd-1.2.0/tcpwrap.c.tcp_wrappers2 2003-01-13 20:55:21.000000000 -0500
|
||||
+++ vsftpd-1.2.0/tcpwrap.c 2003-06-24 21:36:04.000000000 -0400
|
||||
@@ -31,12 +31,15 @@
|
||||
vsf_tcp_wrapper_ok(int remote_fd)
|
||||
{
|
||||
struct request_info req;
|
||||
+ openlog("vsftpd", LOG_PID, LOG_FTP);
|
||||
request_init(&req, RQ_DAEMON, "vsftpd", RQ_FILE, remote_fd, 0);
|
||||
fromhost(&req);
|
||||
if (!hosts_access(&req))
|
||||
{
|
||||
+ closelog();
|
||||
return 0;
|
||||
}
|
||||
+ closelog();
|
||||
return 1;
|
||||
}
|
||||
|
||||
--- vsftpd-work/builddefs.h.tcp_wrappers 2004-08-20 09:57:08.000000000 +0200
|
||||
+++ vsftpd-work/builddefs.h 2004-08-20 10:09:11.619830424 +0200
|
||||
@@ -1,7 +1,7 @@
|
||||
#ifndef VSF_BUILDDEFS_H
|
||||
#define VSF_BUILDDEFS_H
|
||||
|
||||
-#undef VSF_BUILD_TCPWRAPPERS
|
||||
+#define VSF_BUILD_TCPWRAPPERS
|
||||
#define VSF_BUILD_PAM
|
||||
#undef VSF_BUILD_SSL
|
||||
|
||||
@ -1,41 +0,0 @@
|
||||
--- vsftpd-2.0.2/standalone.c.signal 2004-07-02 13:25:37.000000000 +0200
|
||||
+++ vsftpd-2.0.2/standalone.c 2005-03-14 09:37:12.937643960 +0100
|
||||
@@ -134,12 +134,8 @@
|
||||
void* p_raw_addr;
|
||||
int new_child;
|
||||
int new_client_sock;
|
||||
- vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
|
||||
- vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP);
|
||||
new_client_sock = vsf_sysutil_accept_timeout(
|
||||
listen_sock, p_accept_addr, 0);
|
||||
- vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
|
||||
- vsf_sysutil_block_sig(kVSFSysUtilSigHUP);
|
||||
if (vsf_sysutil_retval_is_error(new_client_sock))
|
||||
{
|
||||
continue;
|
||||
--- vsftpd-2.0.2/sysutil.c.signal 2005-03-03 00:48:02.000000000 +0100
|
||||
+++ vsftpd-2.0.2/sysutil.c 2005-03-14 09:41:34.992805520 +0100
|
||||
@@ -1623,7 +1623,11 @@
|
||||
timeout.tv_usec = 0;
|
||||
do
|
||||
{
|
||||
+ vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
|
||||
+ vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP);
|
||||
retval = select(fd + 1, &accept_fdset, NULL, NULL, &timeout);
|
||||
+ vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
|
||||
+ vsf_sysutil_block_sig(kVSFSysUtilSigHUP);
|
||||
saved_errno = errno;
|
||||
vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
|
||||
} while (retval < 0 && saved_errno == EINTR);
|
||||
@@ -1633,7 +1637,11 @@
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
+ vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
|
||||
+ vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP);
|
||||
retval = accept(fd, &remote_addr.u.u_sockaddr, &socklen);
|
||||
+ vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
|
||||
+ vsf_sysutil_block_sig(kVSFSysUtilSigHUP);
|
||||
vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
|
||||
if (retval < 0)
|
||||
{
|
||||
@ -1,22 +0,0 @@
|
||||
--- vsftpd-2.0.3/tunables.c.background 2005-06-30 09:51:51.000000000 +0200
|
||||
+++ vsftpd-2.0.3/tunables.c 2005-06-30 09:57:29.000000000 +0200
|
||||
@@ -49,7 +49,7 @@
|
||||
int tunable_listen_ipv6 = 0;
|
||||
int tunable_dual_log_enable = 0;
|
||||
int tunable_syslog_enable = 0;
|
||||
-int tunable_background = 0;
|
||||
+int tunable_background = 1;
|
||||
int tunable_virtual_use_local_privs = 0;
|
||||
int tunable_session_support = 0;
|
||||
int tunable_download_enable = 1;
|
||||
--- vsftpd-2.0.3/vsftpd.conf.5.background 2005-06-30 09:51:51.000000000 +0200
|
||||
+++ vsftpd-2.0.3/vsftpd.conf.5 2005-06-30 09:58:28.000000000 +0200
|
||||
@@ -108,7 +108,7 @@
|
||||
the listener process. i.e. control will immediately be returned to the shell
|
||||
which launched vsftpd.
|
||||
|
||||
-Default: NO
|
||||
+Default: YES
|
||||
.TP
|
||||
.B check_shell
|
||||
Note! This option only has an effect for non-PAM builds of vsftpd. If disabled,
|
||||
@ -1,70 +0,0 @@
|
||||
diff -up vsftpd-2.0.6/standalone.c.fds vsftpd-2.0.6/standalone.c
|
||||
--- vsftpd-2.0.6/standalone.c.fds 2008-09-08 23:29:23.000000000 -0400
|
||||
+++ vsftpd-2.0.6/standalone.c 2008-09-08 23:30:16.000000000 -0400
|
||||
@@ -57,6 +57,7 @@ vsf_standalone_main(void)
|
||||
vsf_sysutil_close_failok(1);
|
||||
vsf_sysutil_close_failok(2);
|
||||
vsf_sysutil_make_session_leader();
|
||||
+ vsf_sysutil_reopen_standard_fds();
|
||||
}
|
||||
if (tunable_listen)
|
||||
{
|
||||
diff -up vsftpd-2.0.6/sysutil.c.fds vsftpd-2.0.6/sysutil.c
|
||||
--- vsftpd-2.0.6/sysutil.c.fds 2008-09-08 23:29:23.000000000 -0400
|
||||
+++ vsftpd-2.0.6/sysutil.c 2008-09-08 23:32:26.000000000 -0400
|
||||
@@ -2457,6 +2457,44 @@ vsf_sysutil_make_session_leader(void)
|
||||
}
|
||||
|
||||
void
|
||||
+vsf_sysutil_reopen_standard_fds(void)
|
||||
+{
|
||||
+ /* This reopens STDIN, STDOUT and STDERR to /dev/null */
|
||||
+
|
||||
+ int fd;
|
||||
+
|
||||
+ if ( (fd = open("/dev/null", O_RDWR, 0)) == -1 )
|
||||
+ {
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
+ if ( dup2(fd, STDIN_FILENO) == -1 )
|
||||
+ {
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
+ if ( dup2(fd, STDOUT_FILENO) == -1 )
|
||||
+ {
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
+ if ( dup2(fd, STDERR_FILENO) == -1 )
|
||||
+ {
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
+ if ( fd > 2 )
|
||||
+ {
|
||||
+ (void) close(fd);
|
||||
+ }
|
||||
+
|
||||
+ return;
|
||||
+
|
||||
+error:
|
||||
+ die("reopening standard file descriptors to /dev/null failed");
|
||||
+}
|
||||
+
|
||||
+void
|
||||
vsf_sysutil_tzset(void)
|
||||
{
|
||||
int retval;
|
||||
diff -up vsftpd-2.0.6/sysutil.h.fds vsftpd-2.0.6/sysutil.h
|
||||
--- vsftpd-2.0.6/sysutil.h.fds 2008-02-01 20:30:39.000000000 -0500
|
||||
+++ vsftpd-2.0.6/sysutil.h 2008-09-08 23:29:24.000000000 -0400
|
||||
@@ -293,6 +293,7 @@ unsigned char vsf_sysutil_get_random_byt
|
||||
unsigned int vsf_sysutil_get_umask(void);
|
||||
void vsf_sysutil_set_umask(unsigned int umask);
|
||||
void vsf_sysutil_make_session_leader(void);
|
||||
+void vsf_sysutil_reopen_standard_fds(void);
|
||||
void vsf_sysutil_tzset(void);
|
||||
const char* vsf_sysutil_get_current_date(void);
|
||||
void vsf_sysutil_qsort(void* p_base, unsigned int num_elem,
|
||||
@ -1,37 +0,0 @@
|
||||
--- vsftpd-2.0.3/sysdeputil.c.old 2004-09-14 03:18:54.000000000 +0200
|
||||
+++ vsftpd-2.0.3/sysdeputil.c 2005-09-09 12:09:10.000000000 +0200
|
||||
@@ -16,6 +17,9 @@
|
||||
#include "tunables.h"
|
||||
#include "builddefs.h"
|
||||
|
||||
+/* For gethostbyaddr, inet_addr */
|
||||
+#include <netdb.h>
|
||||
+
|
||||
/* For Linux, this adds nothing :-) */
|
||||
#include "port/porting_junk.h"
|
||||
|
||||
@@ -284,6 +288,10 @@
|
||||
const struct mystr* p_remote_host)
|
||||
{
|
||||
int retval;
|
||||
+#ifdef PAM_RHOST
|
||||
+ struct sockaddr_in sin;
|
||||
+ struct hostent *host;
|
||||
+#endif
|
||||
struct pam_conv the_conv =
|
||||
{
|
||||
&pam_conv_func,
|
||||
@@ -302,7 +310,12 @@
|
||||
return 0;
|
||||
}
|
||||
#ifdef PAM_RHOST
|
||||
- retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
||||
+ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
|
||||
+ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
|
||||
+ if (host != (struct hostent*)0)
|
||||
+ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
|
||||
+ else
|
||||
+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
(void) pam_end(s_pamh, 0);
|
||||
@ -1,16 +0,0 @@
|
||||
--- vsftpd-2.0.5/vsftpd.conf.old 2006-08-01 13:56:18.000000000 +0200
|
||||
+++ vsftpd-2.0.5/vsftpd.conf 2006-08-01 13:59:15.000000000 +0200
|
||||
@@ -103,7 +103,11 @@
|
||||
|
||||
pam_service_name=vsftpd
|
||||
userlist_enable=YES
|
||||
-#enable for standalone mode
|
||||
+# When enabled, vsftpd runs in standalone mode, but listen only to IPv6 sockets.
|
||||
+# This directive cannot be used in conjunction with the listen directive.
|
||||
+# Make sure, that one of listen options are commited
|
||||
+# enable for standalone mode
|
||||
listen=YES
|
||||
-listen_ipv6=YES
|
||||
+#listen_ipv6=YES
|
||||
+
|
||||
tcp_wrappers=YES
|
||||
@ -1,39 +0,0 @@
|
||||
diff -up vsftpd-2.0.7/postlogin.c.bind_denied vsftpd-2.0.7/postlogin.c
|
||||
--- vsftpd-2.0.7/postlogin.c.bind_denied 2008-07-29 21:51:09.000000000 -0400
|
||||
+++ vsftpd-2.0.7/postlogin.c 2008-09-08 23:39:28.000000000 -0400
|
||||
@@ -574,7 +574,8 @@ handle_pasv(struct vsf_session* p_sess,
|
||||
break;
|
||||
}
|
||||
}
|
||||
- if (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE)
|
||||
+ if ( (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE) ||
|
||||
+ (vsf_sysutil_get_error() == kVSFSysUtilErrEACCES) )
|
||||
{
|
||||
continue;
|
||||
}
|
||||
diff -up vsftpd-2.0.7/sysutil.c.bind_denied vsftpd-2.0.7/sysutil.c
|
||||
--- vsftpd-2.0.7/sysutil.c.bind_denied 2008-09-08 23:38:10.000000000 -0400
|
||||
+++ vsftpd-2.0.7/sysutil.c 2008-09-08 23:38:10.000000000 -0400
|
||||
@@ -1561,6 +1561,9 @@ vsf_sysutil_get_error(void)
|
||||
case EOPNOTSUPP:
|
||||
retval = kVSFSysUtilErrOPNOTSUPP;
|
||||
break;
|
||||
+ case EACCES:
|
||||
+ retval = kVSFSysUtilErrEACCES;
|
||||
+ break;
|
||||
}
|
||||
return retval;
|
||||
}
|
||||
diff -up vsftpd-2.0.7/sysutil.h.bind_denied vsftpd-2.0.7/sysutil.h
|
||||
--- vsftpd-2.0.7/sysutil.h.bind_denied 2008-09-08 23:38:10.000000000 -0400
|
||||
+++ vsftpd-2.0.7/sysutil.h 2008-09-08 23:38:10.000000000 -0400
|
||||
@@ -16,7 +16,8 @@ enum EVSFSysUtilError
|
||||
kVSFSysUtilErrNOSYS,
|
||||
kVSFSysUtilErrINTR,
|
||||
kVSFSysUtilErrINVAL,
|
||||
- kVSFSysUtilErrOPNOTSUPP
|
||||
+ kVSFSysUtilErrOPNOTSUPP,
|
||||
+ kVSFSysUtilErrEACCES
|
||||
};
|
||||
enum EVSFSysUtilError vsf_sysutil_get_error(void);
|
||||
|
||||
@ -1,37 +0,0 @@
|
||||
--- vsftpd-2.0.5/vsftpd.conf.comments 2007-07-10 16:12:51.000000000 +0200
|
||||
+++ vsftpd-2.0.5/vsftpd.conf 2007-07-10 16:15:18.000000000 +0200
|
||||
@@ -50,7 +50,8 @@
|
||||
# below.
|
||||
#xferlog_file=/var/log/vsftpd.log
|
||||
#
|
||||
-# If you want, you can have your log file in standard ftpd xferlog format
|
||||
+# If you want, you can have your log file in standard ftpd xferlog format.
|
||||
+# Note that the default log file location is /var/log/xferlog in this case.
|
||||
xferlog_std_format=YES
|
||||
#
|
||||
# You may change the default value for timing out an idle session.
|
||||
@@ -100,14 +101,17 @@
|
||||
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
|
||||
# the presence of the "-R" option, so there is a strong case for enabling it.
|
||||
#ls_recurse_enable=YES
|
||||
-
|
||||
-pam_service_name=vsftpd
|
||||
-userlist_enable=YES
|
||||
-# When enabled, vsftpd runs in standalone mode, but listen only to IPv6 sockets.
|
||||
-# This directive cannot be used in conjunction with the listen directive.
|
||||
-# Make sure, that one of listen options are commited
|
||||
-# enable for standalone mode
|
||||
+#
|
||||
+# When "listen" directive is enabled, vsftpd runs in standalone mode and
|
||||
+# listens on IPv4 sockets. This directive cannot be used in conjunction
|
||||
+# with the listen_ipv6 directive.
|
||||
listen=YES
|
||||
+#
|
||||
+# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
|
||||
+# sockets, you must run two copies of vsftpd whith two configuration files.
|
||||
+# Make sure, that one of the listen options is commented !!
|
||||
#listen_ipv6=YES
|
||||
|
||||
+pam_service_name=vsftpd
|
||||
+userlist_enable=YES
|
||||
tcp_wrappers=YES
|
||||
@ -1,8 +0,0 @@
|
||||
--- vsftpd-2.0.5/vsftpd.conf.ipv6 2006-07-12 15:34:13.000000000 +0200
|
||||
+++ vsftpd-2.0.5/vsftpd.conf 2006-07-17 11:16:10.000000000 +0200
|
||||
@@ -105,4 +105,5 @@
|
||||
userlist_enable=YES
|
||||
#enable for standalone mode
|
||||
listen=YES
|
||||
+listen_ipv6=YES
|
||||
tcp_wrappers=YES
|
||||
@ -1,16 +0,0 @@
|
||||
diff -up vsftpd-2.0.5/postlogin.c.fix_unique vsftpd-2.0.5/postlogin.c
|
||||
--- vsftpd-2.0.5/postlogin.c.fix_unique 2007-11-30 11:16:10.000000000 +0100
|
||||
+++ vsftpd-2.0.5/postlogin.c 2007-11-30 11:23:57.000000000 +0100
|
||||
@@ -1701,6 +1701,12 @@ get_unique_filename(struct mystr* p_outs
|
||||
static struct vsf_sysutil_statbuf* s_p_statbuf;
|
||||
unsigned int suffix = 1;
|
||||
int retval;
|
||||
+ retval = str_stat(p_base_str, &s_p_statbuf);
|
||||
+ if (vsf_sysutil_retval_is_error(retval))
|
||||
+ {
|
||||
+ str_copy(p_outstr, p_base_str);
|
||||
+ return;
|
||||
+ }
|
||||
while (1)
|
||||
{
|
||||
str_copy(p_outstr, p_base_str);
|
||||
@ -1,65 +0,0 @@
|
||||
--- vsftpd-2.0.5/vsftpd.conf.5.old 2006-08-22 10:53:57.000000000 +0200
|
||||
+++ vsftpd-2.0.5/vsftpd.conf.5 2006-08-22 10:57:24.000000000 +0200
|
||||
@@ -138,7 +138,7 @@
|
||||
different if chroot_local_user is set to YES. In this case, the list becomes
|
||||
a list of users which are NOT to be placed in a chroot() jail.
|
||||
By default, the file containing this list is
|
||||
-/etc/vsftpd.chroot_list, but you may override this with the
|
||||
+/etc/vsftpd/chroot_list, but you may override this with the
|
||||
.BR chroot_list_file
|
||||
setting.
|
||||
|
||||
@@ -166,7 +166,7 @@
|
||||
.B deny_email_enable
|
||||
If activated, you may provide a list of anonymous password e-mail responses
|
||||
which cause login to be denied. By default, the file containing this list is
|
||||
-/etc/vsftpd.banned_emails, but you may override this with the
|
||||
+/etc/vsftpd/banned_emails, but you may override this with the
|
||||
.BR banned_email_file
|
||||
setting.
|
||||
|
||||
@@ -396,7 +396,7 @@
|
||||
file specified by the
|
||||
.BR email_password_file
|
||||
setting. The file format is one password per line, no extra whitespace. The
|
||||
-default filename is /etc/vsftpd.email_passwords.
|
||||
+default filename is /etc/vsftpd/email_passwords.
|
||||
|
||||
Default: NO
|
||||
.TP
|
||||
@@ -691,7 +691,7 @@
|
||||
.BR deny_email_enable
|
||||
is enabled.
|
||||
|
||||
-Default: /etc/vsftpd.banned_emails
|
||||
+Default: /etc/vsftpd/banned_emails
|
||||
.TP
|
||||
.B banner_file
|
||||
This option is the name of a file containing text to display when someone
|
||||
@@ -720,7 +720,7 @@
|
||||
is enabled, then the list file becomes a list of users to NOT place in a
|
||||
chroot() jail.
|
||||
|
||||
-Default: /etc/vsftpd.chroot_list
|
||||
+Default: /etc/vsftpd/chroot_list
|
||||
.TP
|
||||
.B cmds_allowed
|
||||
This options specifies a comma separated list of allowed FTP commands (post
|
||||
@@ -772,7 +772,7 @@
|
||||
.BR secure_email_list_enable
|
||||
setting.
|
||||
|
||||
-Default: /etc/vsftpd.email_passwords
|
||||
+Default: /etc/vsftpd/email_passwords
|
||||
.TP
|
||||
.B ftp_username
|
||||
This is the name of the user we use for handling anonymous FTP. The home
|
||||
@@ -934,7 +934,7 @@
|
||||
.BR userlist_enable
|
||||
option is active.
|
||||
|
||||
-Default: /etc/vsftpd.user_list
|
||||
+Default: /etc/vsftpd/user_list
|
||||
.TP
|
||||
.B vsftpd_log_file
|
||||
This option is the name of the file to which we write the vsftpd style
|
||||
@ -1,81 +0,0 @@
|
||||
diff -up vsftpd-2.0.5/sysdeputil.c.pam_end vsftpd-2.0.5/sysdeputil.c
|
||||
--- vsftpd-2.0.5/sysdeputil.c.pam_end 2007-11-02 15:53:20.000000000 +0100
|
||||
+++ vsftpd-2.0.5/sysdeputil.c 2007-11-08 13:49:44.000000000 +0100
|
||||
@@ -320,7 +320,7 @@ vsf_sysdep_check_auth(const struct mystr
|
||||
retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
- (void) pam_end(s_pamh, 0);
|
||||
+ (void) pam_end(s_pamh, retval);
|
||||
s_pamh = 0;
|
||||
return 0;
|
||||
}
|
||||
@@ -329,7 +329,7 @@ vsf_sysdep_check_auth(const struct mystr
|
||||
retval = pam_set_item(s_pamh, PAM_TTY, "ftp");
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
- (void) pam_end(s_pamh, 0);
|
||||
+ (void) pam_end(s_pamh, retval);
|
||||
s_pamh = 0;
|
||||
return 0;
|
||||
}
|
||||
@@ -338,7 +338,7 @@ vsf_sysdep_check_auth(const struct mystr
|
||||
retval = pam_set_item(s_pamh, PAM_RUSER, str_getbuf(p_user_str));
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
- (void) pam_end(s_pamh, 0);
|
||||
+ (void) pam_end(s_pamh, retval);
|
||||
s_pamh = 0;
|
||||
return 0;
|
||||
}
|
||||
@@ -346,28 +346,28 @@ vsf_sysdep_check_auth(const struct mystr
|
||||
retval = pam_authenticate(s_pamh, 0);
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
- (void) pam_end(s_pamh, 0);
|
||||
+ (void) pam_end(s_pamh, retval);
|
||||
s_pamh = 0;
|
||||
return 0;
|
||||
}
|
||||
retval = pam_acct_mgmt(s_pamh, 0);
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
- (void) pam_end(s_pamh, 0);
|
||||
+ (void) pam_end(s_pamh, retval);
|
||||
s_pamh = 0;
|
||||
return 0;
|
||||
}
|
||||
retval = pam_setcred(s_pamh, PAM_ESTABLISH_CRED);
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
- (void) pam_end(s_pamh, 0);
|
||||
+ (void) pam_end(s_pamh, retval);
|
||||
s_pamh = 0;
|
||||
return 0;
|
||||
}
|
||||
if (!tunable_session_support)
|
||||
{
|
||||
/* You're in already! */
|
||||
- (void) pam_end(s_pamh, 0);
|
||||
+ (void) pam_end(s_pamh, retval);
|
||||
s_pamh = 0;
|
||||
return 1;
|
||||
}
|
||||
@@ -378,7 +378,7 @@ vsf_sysdep_check_auth(const struct mystr
|
||||
{
|
||||
vsf_remove_uwtmp();
|
||||
(void) pam_setcred(s_pamh, PAM_DELETE_CRED);
|
||||
- (void) pam_end(s_pamh, 0);
|
||||
+ (void) pam_end(s_pamh, retval);
|
||||
s_pamh = 0;
|
||||
return 0;
|
||||
}
|
||||
@@ -399,7 +399,7 @@ vsf_auth_shutdown(void)
|
||||
}
|
||||
(void) pam_close_session(s_pamh, 0);
|
||||
(void) pam_setcred(s_pamh, PAM_DELETE_CRED);
|
||||
- (void) pam_end(s_pamh, 0);
|
||||
+ (void) pam_end(s_pamh, PAM_SUCCESS);
|
||||
s_pamh = 0;
|
||||
vsf_remove_uwtmp();
|
||||
}
|
||||
@ -1,11 +0,0 @@
|
||||
--- vsftpd-2.0.5/postlogin.c.old 2007-06-29 11:32:01.000000000 +0200
|
||||
+++ vsftpd-2.0.5/postlogin.c 2007-06-29 11:32:13.000000000 +0200
|
||||
@@ -607,7 +607,7 @@
|
||||
str_append_ulong(&s_pasv_res_str, the_port >> 8);
|
||||
str_append_text(&s_pasv_res_str, ",");
|
||||
str_append_ulong(&s_pasv_res_str, the_port & 255);
|
||||
- str_append_text(&s_pasv_res_str, ")");
|
||||
+ str_append_text(&s_pasv_res_str, ").");
|
||||
vsf_cmdio_write_str(p_sess, FTP_PASVOK, &s_pasv_res_str);
|
||||
}
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
--- vsftpd-2.0.5/defs.h.uname_size 2007-04-13 15:15:54.000000000 +1000
|
||||
+++ vsftpd-2.0.5/defs.h 2007-04-13 15:19:14.000000000 +1000
|
||||
@@ -6,7 +6,7 @@
|
||||
#define VSFTP_COMMAND_FD 0
|
||||
|
||||
#define VSFTP_PASSWORD_MAX 128
|
||||
-#define VSFTP_USERNAME_MAX 32
|
||||
+#define VSFTP_USERNAME_MAX 128
|
||||
#define VSFTP_MAX_COMMAND_LINE 4096
|
||||
#define VSFTP_DATA_BUFSIZE 65536
|
||||
#define VSFTP_DIR_BUFSIZE 16384
|
||||
@ -1,12 +0,0 @@
|
||||
diff -up vsftpd-2.0.5/sysutil.c.underscore_uname vsftpd-2.0.5/sysutil.c
|
||||
--- vsftpd-2.0.5/sysutil.c.underscore_uname 2007-11-30 13:14:50.000000000 +0100
|
||||
+++ vsftpd-2.0.5/sysutil.c 2007-11-30 13:12:25.000000000 +0100
|
||||
@@ -905,7 +905,7 @@ vsf_sysutil_isprint(int the_char)
|
||||
int
|
||||
vsf_sysutil_isalnum(int the_char)
|
||||
{
|
||||
- return isalnum(the_char);
|
||||
+ return isalnum(the_char) || the_char == '_' || the_char == '.';
|
||||
}
|
||||
|
||||
int
|
||||
@ -1,68 +0,0 @@
|
||||
diff -up vsftpd-2.0.7/postlogin.c.write_race vsftpd-2.0.7/postlogin.c
|
||||
--- vsftpd-2.0.7/postlogin.c.write_race 2008-09-08 23:39:58.000000000 -0400
|
||||
+++ vsftpd-2.0.7/postlogin.c 2008-09-08 23:47:27.000000000 -0400
|
||||
@@ -982,6 +982,7 @@ handle_upload_common(struct vsf_session*
|
||||
struct vsf_transfer_ret trans_ret;
|
||||
int new_file_fd;
|
||||
int remote_fd;
|
||||
+ int truncit = 0;
|
||||
int success = 0;
|
||||
int created = 0;
|
||||
filesize_t offset = p_sess->restart_pos;
|
||||
@@ -1018,7 +1019,15 @@ handle_upload_common(struct vsf_session*
|
||||
/* For non-anonymous, allow open() to overwrite or append existing files */
|
||||
if (!is_append && offset == 0)
|
||||
{
|
||||
- new_file_fd = str_create_overwrite(p_filename);
|
||||
+ if (tunable_lock_upload_files)
|
||||
+ {
|
||||
+ new_file_fd = str_create_append(p_filename);
|
||||
+ truncit = 1;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ new_file_fd = str_create_overwrite(p_filename);
|
||||
+ }
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -1056,6 +1065,11 @@ handle_upload_common(struct vsf_session*
|
||||
if (tunable_lock_upload_files)
|
||||
{
|
||||
vsf_sysutil_lock_file_write(new_file_fd);
|
||||
+ if (truncit)
|
||||
+ {
|
||||
+ vsf_sysutil_truncate(new_file_fd, 0);
|
||||
+ vsf_sysutil_lseek_to(new_file_fd, 0);
|
||||
+ }
|
||||
}
|
||||
if (!is_append && offset != 0)
|
||||
{
|
||||
diff -up vsftpd-2.0.7/sysutil.c.write_race vsftpd-2.0.7/sysutil.c
|
||||
--- vsftpd-2.0.7/sysutil.c.write_race 2008-09-08 23:39:58.000000000 -0400
|
||||
+++ vsftpd-2.0.7/sysutil.c 2008-09-08 23:39:58.000000000 -0400
|
||||
@@ -1200,6 +1200,12 @@ vsf_sysutil_close_failok(int fd)
|
||||
}
|
||||
|
||||
int
|
||||
+vsf_sysutil_truncate(int fd, filesize_t length)
|
||||
+{
|
||||
+ return ftruncate(fd, length);
|
||||
+}
|
||||
+
|
||||
+int
|
||||
vsf_sysutil_unlink(const char* p_dead)
|
||||
{
|
||||
return unlink(p_dead);
|
||||
diff -up vsftpd-2.0.7/sysutil.h.write_race vsftpd-2.0.7/sysutil.h
|
||||
--- vsftpd-2.0.7/sysutil.h.write_race 2008-09-08 23:39:58.000000000 -0400
|
||||
+++ vsftpd-2.0.7/sysutil.h 2008-09-08 23:39:58.000000000 -0400
|
||||
@@ -91,6 +91,8 @@ void vsf_sysutil_close(int fd);
|
||||
int vsf_sysutil_close_failok(int fd);
|
||||
int vsf_sysutil_unlink(const char* p_dead);
|
||||
int vsf_sysutil_write_access(const char* p_filename);
|
||||
+/* Trucate after open */
|
||||
+int vsf_sysutil_truncate(int fd, filesize_t length);
|
||||
|
||||
/* Reading and writing */
|
||||
void vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos);
|
||||
@ -1,24 +0,0 @@
|
||||
diff -up vsftpd-2.0.6/tunables.c.listen vsftpd-2.0.6/tunables.c
|
||||
--- vsftpd-2.0.6/tunables.c.listen 2008-03-31 22:28:07.000000000 +0200
|
||||
+++ vsftpd-2.0.6/tunables.c 2008-03-31 22:28:25.000000000 +0200
|
||||
@@ -39,7 +39,7 @@ int tunable_userlist_deny = 1;
|
||||
int tunable_use_localtime = 0;
|
||||
int tunable_check_shell = 1;
|
||||
int tunable_hide_ids = 0;
|
||||
-int tunable_listen = 0;
|
||||
+int tunable_listen = 1;
|
||||
int tunable_port_promiscuous = 0;
|
||||
int tunable_passwd_chroot_enable = 0;
|
||||
int tunable_no_anon_password = 0;
|
||||
diff -up vsftpd-2.0.6/vsftpd.conf.5.listen vsftpd-2.0.6/vsftpd.conf.5
|
||||
--- vsftpd-2.0.6/vsftpd.conf.5.listen 2008-03-31 22:38:00.000000000 +0200
|
||||
+++ vsftpd-2.0.6/vsftpd.conf.5 2008-03-31 22:38:24.000000000 +0200
|
||||
@@ -265,7 +265,7 @@ not be run from an inetd of some kind. I
|
||||
run once directly. vsftpd itself will then take care of listening for and
|
||||
handling incoming connections.
|
||||
|
||||
-Default: NO
|
||||
+Default: YES
|
||||
.TP
|
||||
.B listen_ipv6
|
||||
Like the listen parameter, except vsftpd will listen on an IPv6 socket instead
|
||||
12
vsftpd-2.1.0-build_ssl.patch
Normal file
12
vsftpd-2.1.0-build_ssl.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up vsftpd-2.1.0/builddefs.h.build_ssl vsftpd-2.1.0/builddefs.h
|
||||
--- vsftpd-2.1.0/builddefs.h.build_ssl 2009-01-08 18:49:33.000000000 +0100
|
||||
+++ vsftpd-2.1.0/builddefs.h 2009-01-08 18:49:41.000000000 +0100
|
||||
@@ -3,7 +3,7 @@
|
||||
|
||||
#undef VSF_BUILD_TCPWRAPPERS
|
||||
#define VSF_BUILD_PAM
|
||||
-#undef VSF_BUILD_SSL
|
||||
+#define VSF_BUILD_SSL
|
||||
|
||||
#endif /* VSF_BUILDDEFS_H */
|
||||
|
||||
395
vsftpd-2.1.0-configuration.patch
Normal file
395
vsftpd-2.1.0-configuration.patch
Normal file
@ -0,0 +1,395 @@
|
||||
diff -up vsftpd-2.1.0/defs.h.configuration vsftpd-2.1.0/defs.h
|
||||
--- vsftpd-2.1.0/defs.h.configuration 2009-01-08 18:01:13.000000000 +0100
|
||||
+++ vsftpd-2.1.0/defs.h 2009-01-08 18:01:23.000000000 +0100
|
||||
@@ -1,7 +1,7 @@
|
||||
#ifndef VSF_DEFS_H
|
||||
#define VSF_DEFS_H
|
||||
|
||||
-#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf"
|
||||
+#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf"
|
||||
|
||||
#define VSFTP_COMMAND_FD 0
|
||||
|
||||
diff -up vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README
|
||||
--- vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration 2009-01-08 18:17:07.000000000 +0100
|
||||
+++ vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README 2009-01-08 18:15:07.000000000 +0100
|
||||
@@ -17,7 +17,7 @@ even per-connect-IP configurability.
|
||||
|
||||
To use this example config:
|
||||
|
||||
-1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf.
|
||||
+1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf.
|
||||
|
||||
2) Start up vsftpd, e.g.
|
||||
vsftpd &
|
||||
@@ -51,5 +51,5 @@ in the vsftpd.conf:
|
||||
listen_address=192.168.1.2
|
||||
|
||||
And launch vsftpd with a specific config file like this:
|
||||
-vsftpd /etc/vsftpd.conf.site1 &
|
||||
+vsftpd /etc/vsftpd/vsftpd.conf.site1 &
|
||||
|
||||
diff -up vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README.configuration vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README
|
||||
--- vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README.configuration 2009-01-08 18:15:29.000000000 +0100
|
||||
+++ vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README 2009-01-08 18:16:13.000000000 +0100
|
||||
@@ -41,13 +41,13 @@ no_access = 192.168.1.3
|
||||
As an example of how to ban certain sites from connecting, 192.168.1.3 will
|
||||
be denied access.
|
||||
|
||||
-banner_fail = /etc/vsftpd.busy_banner
|
||||
+banner_fail = /etc/vsftpd/busy_banner
|
||||
|
||||
This is the file to display to users if the connection is refused for whatever
|
||||
reason (too many users, IP banned).
|
||||
|
||||
Example of how to populate it:
|
||||
-echo "421 Server busy, please try later." > /etc/vsftpd.busy_banner
|
||||
+echo "421 Server busy, please try later." > /etc/vsftpd/busy_banner
|
||||
|
||||
log_on_success += PID HOST DURATION
|
||||
log_on_failure += HOST
|
||||
@@ -62,7 +62,7 @@ Step 2) Set up your vsftpd configuration
|
||||
|
||||
An example file is supplied. Install it like this:
|
||||
|
||||
-cp vsftpd.conf /etc
|
||||
+cp vsftpd.conf /etc/vsftpd
|
||||
|
||||
Let's example the contents of the file:
|
||||
|
||||
diff -up vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README.configuration vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README
|
||||
--- vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README.configuration 2009-01-08 18:19:14.000000000 +0100
|
||||
+++ vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README 2009-01-08 18:19:35.000000000 +0100
|
||||
@@ -20,12 +20,12 @@ directory: hosts.allow. It lives at /etc
|
||||
|
||||
Let's have a look at the example:
|
||||
|
||||
-vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
|
||||
+vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/tcp_wrap.conf
|
||||
vsftpd: 192.168.1.4: DENY
|
||||
|
||||
The first line:
|
||||
If a client connects from 192.168.1.3, then vsftpd will apply the vsftpd
|
||||
-config file /etc/vsftpd_tcp_wrap.conf to the session! These settings are
|
||||
+config file /etc/vsftpd/tcp_wrap.conf to the session! These settings are
|
||||
applied ON TOP of the default vsftpd.conf.
|
||||
This is obviously very powerful. You might use this to apply different
|
||||
access restrictions for some IPs (e.g. the ability to upload).
|
||||
diff -up vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README.configuration vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README
|
||||
--- vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README.configuration 2009-01-08 18:18:04.000000000 +0100
|
||||
+++ vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README 2009-01-08 18:18:53.000000000 +0100
|
||||
@@ -15,7 +15,7 @@ See example file "logins.txt" - this spe
|
||||
"fred" with password "bar".
|
||||
Whilst logged in as root, create the actual database file like this:
|
||||
|
||||
-db_load -T -t hash -f logins.txt /etc/vsftpd_login.db
|
||||
+db_load -T -t hash -f logins.txt /etc/vsftpd/login.db
|
||||
(Requires the Berkeley db program installed).
|
||||
NOTE: Many systems have multiple versions of "db" installed, so you may
|
||||
need to use e.g. db3_load for correct operation. This is known to affect
|
||||
@@ -23,10 +23,10 @@ some Debian systems. The core issue is t
|
||||
database to be a specific db version (often db3, whereas db4 may be installed
|
||||
on your system).
|
||||
|
||||
-This will create /etc/vsftpd_login.db. Obviously, you may want to make sure
|
||||
+This will create /etc/vsftpd/login.db. Obviously, you may want to make sure
|
||||
the permissions are restricted:
|
||||
|
||||
-chmod 600 /etc/vsftpd_login.db
|
||||
+chmod 600 /etc/vsftpd/login.db
|
||||
|
||||
For more information on maintaing your login database, look around for
|
||||
documentation on "Berkeley DB", e.g.
|
||||
@@ -37,8 +37,8 @@ Step 2) Create a PAM file which uses you
|
||||
|
||||
See the example file vsftpd.pam. It contains two lines:
|
||||
|
||||
-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
|
||||
-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
|
||||
+auth required /lib/security/pam_userdb.so db=/etc/vsftpd/login
|
||||
+account required /lib/security/pam_userdb.so db=/etc/vsftpd/login
|
||||
|
||||
This tells PAM to authenticate users using our new database. Copy this PAM
|
||||
file to the PAM directory - typically /etc/pam.d/
|
||||
@@ -108,9 +108,9 @@ pasv_max_port=30999
|
||||
These put a port range on passive FTP incoming requests - very useful if
|
||||
you are configuring a firewall.
|
||||
|
||||
-Copy the example vsftpd.conf file to /etc:
|
||||
+Copy the example vsftpd.conf file to /etc/vsftpd:
|
||||
|
||||
-cp vsftpd.conf /etc/
|
||||
+cp vsftpd.conf /etc/vsftpd/
|
||||
|
||||
|
||||
Step 5) Start up vsftpd.
|
||||
diff -up vsftpd-2.1.0/FAQ.configuration vsftpd-2.1.0/FAQ
|
||||
--- vsftpd-2.1.0/FAQ.configuration 2009-01-08 17:58:39.000000000 +0100
|
||||
+++ vsftpd-2.1.0/FAQ 2009-01-08 18:01:04.000000000 +0100
|
||||
@@ -34,7 +34,7 @@ needs this user to run bits of itself wi
|
||||
Q) Help! Local users cannot log in.
|
||||
A) There are various possible problems.
|
||||
A1) By default, vsftpd disables any logins other than anonymous logins. Put
|
||||
-local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.
|
||||
+local_enable=YES in your /etc/vsftpd/vsftpd.conf to allow local users to log in.
|
||||
A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to
|
||||
find out whether this has happened or not). If vsftpd links with PAM, then
|
||||
you will need to have a PAM file installed for the vsftpd service. There is
|
||||
@@ -46,12 +46,12 @@ system have a "shadow.h" file in the inc
|
||||
A4) If you are not using PAM, then vsftpd will do its own check for a valid
|
||||
user shell in /etc/shells. You may need to disable this if you use an invalid
|
||||
shell to disable logins other than FTP logins. Put check_shell=NO in your
|
||||
-/etc/vsftpd.conf.
|
||||
+/etc/vsftpd/vsftpd.conf.
|
||||
|
||||
Q) Help! Uploads or other write commands give me "500 Unknown command.".
|
||||
A) By default, write commands, including uploads and new directories, are
|
||||
disabled. This is a security measure. To enable writes, put write_enable=YES
|
||||
-in your /etc/vsftpd.conf.
|
||||
+in your /etc/vsftpd/vsftpd.conf.
|
||||
|
||||
Q) Help! What are the security implications referred to in the
|
||||
"chroot_local_user" option?
|
||||
@@ -87,7 +87,7 @@ A2) Alternatively, run as many copies as
|
||||
mode. Use "listen_address=x.x.x.x" to set the virtual IP.
|
||||
|
||||
Q) Help! Does vsftpd support virtual users?
|
||||
-A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This
|
||||
+A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd/vsftpd.conf. This
|
||||
has the effect of mapping every non-anonymous successful login to the local
|
||||
username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb
|
||||
module to provide authentication against an external (i.e. non-/etc/passwd)
|
||||
diff -up vsftpd-2.1.0/INSTALL.configuration vsftpd-2.1.0/INSTALL
|
||||
--- vsftpd-2.1.0/INSTALL.configuration 2009-01-08 18:01:36.000000000 +0100
|
||||
+++ vsftpd-2.1.0/INSTALL 2009-01-08 18:03:30.000000000 +0100
|
||||
@@ -56,14 +56,14 @@ cp vsftpd.8 /usr/local/man/man8
|
||||
|
||||
"make install" doesn't copy the sample config file. It is recommended you
|
||||
do this:
|
||||
-cp vsftpd.conf /etc
|
||||
+cp vsftpd.conf /etc/vsftpd
|
||||
|
||||
Step 4) Smoke test (without an inetd).
|
||||
|
||||
vsftpd can run standalone or via an inetd (such as inetd or xinetd). You will
|
||||
typically get more control running vsftpd from an inetd. But first we will run
|
||||
it without, so we can check things are going well so far.
|
||||
-Edit /etc/vsftpd.conf, and add this line at the bottom:
|
||||
+Edit /etc/vsftpd/vsftpd.conf, and add this line at the bottom:
|
||||
|
||||
listen=YES
|
||||
|
||||
@@ -135,11 +135,11 @@ cp RedHat/vsftpd.pam /etc/pam.d/ftp
|
||||
Step 7) Customize your configuration
|
||||
|
||||
As well as the above three pre-requisites, you are recommended to install a
|
||||
-config file. The default location for the config file is /etc/vsftpd.conf.
|
||||
+config file. The default location for the config file is /etc/vsftpd/vsftpd.conf.
|
||||
There is a sample vsftpd.conf in the distribution tarball. You probably want
|
||||
-to copy that to /etc/vsftpd.conf as a basis for modification, i.e.:
|
||||
+to copy that to /etc/vsftpd/vsftpd.conf as a basis for modification, i.e.:
|
||||
|
||||
-cp vsftpd.conf /etc
|
||||
+cp vsftpd.conf /etc/vsftpd
|
||||
|
||||
The default configuration allows neither local user logins nor anonymous
|
||||
uploads. You may wish to change these defaults.
|
||||
diff -up vsftpd-2.1.0/README.configuration vsftpd-2.1.0/README
|
||||
--- vsftpd-2.1.0/README.configuration 2009-01-08 18:13:37.000000000 +0100
|
||||
+++ vsftpd-2.1.0/README 2009-01-08 18:14:21.000000000 +0100
|
||||
@@ -37,3 +37,8 @@ All configuration options are documented
|
||||
Various example configurations are discussed in the EXAMPLE directory.
|
||||
Frequently asked questions are tackled in the FAQ file.
|
||||
|
||||
+Important Note
|
||||
+==============
|
||||
+The location of configuration files was changed to /etc/vsftpd/. If you want
|
||||
+to migrate your old conf files from /etc (files vsftpd.xxxx.rpmsave) use
|
||||
+/etc/vsfptd/vsftpd_conf_migrate.sh
|
||||
diff -up vsftpd-2.1.0/tunables.c.configuration vsftpd-2.1.0/tunables.c
|
||||
--- vsftpd-2.1.0/tunables.c.configuration 2009-01-08 18:20:05.000000000 +0100
|
||||
+++ vsftpd-2.1.0/tunables.c 2009-01-08 18:22:13.000000000 +0100
|
||||
@@ -184,7 +184,7 @@ tunables_load_defaults()
|
||||
tunable_listen_ipv6 = 0;
|
||||
tunable_dual_log_enable = 0;
|
||||
tunable_syslog_enable = 0;
|
||||
- tunable_background = 0;
|
||||
+ tunable_background = 1;
|
||||
tunable_virtual_use_local_privs = 0;
|
||||
tunable_session_support = 0;
|
||||
tunable_download_enable = 1;
|
||||
@@ -250,11 +250,11 @@ tunables_load_defaults()
|
||||
install_str_setting(".message", &tunable_message_file);
|
||||
install_str_setting("nobody", &tunable_nopriv_user);
|
||||
install_str_setting(0, &tunable_ftpd_banner);
|
||||
- install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
|
||||
- install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
|
||||
+ install_str_setting("/etc/vsftpd/banned_emails", &tunable_banned_email_file);
|
||||
+ install_str_setting("/etc/vsftpd/chroot_list", &tunable_chroot_list_file);
|
||||
install_str_setting("ftp", &tunable_pam_service_name);
|
||||
install_str_setting("ftp", &tunable_guest_username);
|
||||
- install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
|
||||
+ install_str_setting("/etc/vsftpd/user_list", &tunable_userlist_file);
|
||||
install_str_setting(0, &tunable_anon_root);
|
||||
install_str_setting(0, &tunable_local_root);
|
||||
install_str_setting(0, &tunable_banner_file);
|
||||
@@ -267,7 +267,7 @@ tunables_load_defaults()
|
||||
install_str_setting(0, &tunable_hide_file);
|
||||
install_str_setting(0, &tunable_deny_file);
|
||||
install_str_setting(0, &tunable_user_sub_token);
|
||||
- install_str_setting("/etc/vsftpd.email_passwords",
|
||||
+ install_str_setting("/etc/vsftpd/email_passwords",
|
||||
&tunable_email_password_file);
|
||||
install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
|
||||
&tunable_rsa_cert_file);
|
||||
diff -up vsftpd-2.1.0/vsftpd.8.configuration vsftpd-2.1.0/vsftpd.8
|
||||
--- vsftpd-2.1.0/vsftpd.8.configuration 2009-01-08 18:03:47.000000000 +0100
|
||||
+++ vsftpd-2.1.0/vsftpd.8 2009-01-08 18:04:02.000000000 +0100
|
||||
@@ -21,7 +21,7 @@ itself will listen on the network. This
|
||||
recommended. It is activated by setting
|
||||
.Pa listen=YES
|
||||
in
|
||||
-.Pa /etc/vsftpd.conf .
|
||||
+.Pa /etc/vsftpd/vsftpd.conf .
|
||||
Direct execution of the
|
||||
.Nm vsftpd
|
||||
binary will then launch the FTP service ready for immediate client connections.
|
||||
@@ -30,6 +30,6 @@ An optional
|
||||
.Op configuration file
|
||||
may be given on the command line. This file must be owned as root if running as
|
||||
root. The default configuration file is
|
||||
-.Pa /etc/vsftpd.conf .
|
||||
+.Pa /etc/vsftpd/vsftpd.conf .
|
||||
.Sh SEE ALSO
|
||||
.Xr vsftpd.conf 5
|
||||
diff -up vsftpd-2.1.0/vsftpd.conf.5.configuration vsftpd-2.1.0/vsftpd.conf.5
|
||||
--- vsftpd-2.1.0/vsftpd.conf.5.configuration 2009-01-08 18:04:53.000000000 +0100
|
||||
+++ vsftpd-2.1.0/vsftpd.conf.5 2009-01-08 18:29:33.000000000 +0100
|
||||
@@ -4,7 +4,7 @@ vsftpd.conf \- config file for vsftpd
|
||||
.SH DESCRIPTION
|
||||
vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By
|
||||
default, vsftpd looks for this file at the location
|
||||
-.BR /etc/vsftpd.conf .
|
||||
+.BR /etc/vsftpd/vsftpd.conf .
|
||||
However, you may override this by specifying a command line argument to
|
||||
vsftpd. The command line argument is the pathname of the configuration file
|
||||
for vsftpd. This behaviour is useful because you may wish to use an advanced
|
||||
@@ -110,7 +110,7 @@ When enabled, and vsftpd is started in "
|
||||
the listener process. i.e. control will immediately be returned to the shell
|
||||
which launched vsftpd.
|
||||
|
||||
-Default: NO
|
||||
+Default: YES
|
||||
.TP
|
||||
.B check_shell
|
||||
Note! This option only has an effect for non-PAM builds of vsftpd. If disabled,
|
||||
@@ -138,7 +138,7 @@ chroot() jail in their home directory up
|
||||
different if chroot_local_user is set to YES. In this case, the list becomes
|
||||
a list of users which are NOT to be placed in a chroot() jail.
|
||||
By default, the file containing this list is
|
||||
-/etc/vsftpd.chroot_list, but you may override this with the
|
||||
+/etc/vsftpd/chroot_list, but you may override this with the
|
||||
.BR chroot_list_file
|
||||
setting.
|
||||
|
||||
@@ -177,7 +177,7 @@ Default: NO
|
||||
.B deny_email_enable
|
||||
If activated, you may provide a list of anonymous password e-mail responses
|
||||
which cause login to be denied. By default, the file containing this list is
|
||||
-/etc/vsftpd.banned_emails, but you may override this with the
|
||||
+/etc/vsftpd/banned_emails, but you may override this with the
|
||||
.BR banned_email_file
|
||||
setting.
|
||||
|
||||
@@ -430,7 +430,7 @@ anonymous logins are prevented unless th
|
||||
file specified by the
|
||||
.BR email_password_file
|
||||
setting. The file format is one password per line, no extra whitespace. The
|
||||
-default filename is /etc/vsftpd.email_passwords.
|
||||
+default filename is /etc/vsftpd/email_passwords.
|
||||
|
||||
Default: NO
|
||||
.TP
|
||||
@@ -761,7 +761,7 @@ passwords which are not permitted. This
|
||||
.BR deny_email_enable
|
||||
is enabled.
|
||||
|
||||
-Default: /etc/vsftpd.banned_emails
|
||||
+Default: /etc/vsftpd/banned_emails
|
||||
.TP
|
||||
.B banner_file
|
||||
This option is the name of a file containing text to display when someone
|
||||
@@ -798,7 +798,7 @@ is enabled. If the option
|
||||
is enabled, then the list file becomes a list of users to NOT place in a
|
||||
chroot() jail.
|
||||
|
||||
-Default: /etc/vsftpd.chroot_list
|
||||
+Default: /etvsftpd.confc/vsftpd.chroot_list
|
||||
.TP
|
||||
.B cmds_allowed
|
||||
This options specifies a comma separated list of allowed FTP commands (post
|
||||
@@ -859,7 +859,7 @@ This option can be used to provide an al
|
||||
.BR secure_email_list_enable
|
||||
setting.
|
||||
|
||||
-Default: /etc/vsftpd.email_passwords
|
||||
+Default: /etc/vsftpd/email_passwords
|
||||
.TP
|
||||
.B ftp_username
|
||||
This is the name of the user we use for handling anonymous FTP. The home
|
||||
@@ -982,10 +982,10 @@ the manual page, on a per-user basis. Us
|
||||
with an example. If you set
|
||||
.BR user_config_dir
|
||||
to be
|
||||
-.BR /etc/vsftpd_user_conf
|
||||
+.BR /etc/vsftpd/user_conf
|
||||
and then log on as the user "chris", then vsftpd will apply the settings in
|
||||
the file
|
||||
-.BR /etc/vsftpd_user_conf/chris
|
||||
+.BR /etc/vsftpd/user_conf/chris
|
||||
for the duration of the session. The format of this file is as detailed in
|
||||
this manual page! PLEASE NOTE that not all settings are effective on a
|
||||
per-user basis. For example, many settings only prior to the user's session
|
||||
@@ -1021,7 +1021,7 @@ This option is the name of the file load
|
||||
.BR userlist_enable
|
||||
option is active.
|
||||
|
||||
-Default: /etc/vsftpd.user_list
|
||||
+Default: /etc/vsftpd/user_list
|
||||
.TP
|
||||
.B vsftpd_log_file
|
||||
This option is the name of the file to which we write the vsftpd style
|
||||
diff -up vsftpd-2.1.0/vsftpd.conf.configuration vsftpd-2.1.0/vsftpd.conf
|
||||
--- vsftpd-2.1.0/vsftpd.conf.configuration 2009-01-08 17:54:33.000000000 +0100
|
||||
+++ vsftpd-2.1.0/vsftpd.conf 2009-01-08 18:20:55.000000000 +0100
|
||||
@@ -1,4 +1,4 @@
|
||||
-# Example config file /etc/vsftpd.conf
|
||||
+# Example config file /etc/vsftpd/vsftpd.conf
|
||||
#
|
||||
# The default compiled in settings are fairly paranoid. This sample file
|
||||
# loosens things up a bit, to make the ftp daemon more usable.
|
||||
@@ -87,14 +87,14 @@ connect_from_port_20=YES
|
||||
# useful for combatting certain DoS attacks.
|
||||
#deny_email_enable=YES
|
||||
# (default follows)
|
||||
-#banned_email_file=/etc/vsftpd.banned_emails
|
||||
+#banned_email_file=/etc/vsftpd/banned_emails
|
||||
#
|
||||
# You may specify an explicit list of local users to chroot() to their home
|
||||
# directory. If chroot_local_user is YES, then this list becomes a list of
|
||||
# users to NOT chroot().
|
||||
#chroot_list_enable=YES
|
||||
# (default follows)
|
||||
-#chroot_list_file=/etc/vsftpd.chroot_list
|
||||
+#chroot_list_file=/etc/vsftpd/chroot_list
|
||||
#
|
||||
# You may activate the "-R" option to the builtin ls. This is disabled by
|
||||
# default to avoid remote users being able to cause excessive I/O on large
|
||||
@@ -111,3 +111,7 @@ listen=YES
|
||||
# sockets, you must run two copies of vsftpd whith two configuration files.
|
||||
# Make sure, that one of the listen options is commented !!
|
||||
#listen_ipv6=YES
|
||||
+
|
||||
+pam_service_name=vsftpd
|
||||
+userlist_enable=YES
|
||||
+tcp_wrappers=YES
|
||||
@ -1,6 +1,7 @@
|
||||
--- vsftpd-2.0.4/ls.c.orig 2005-05-23 23:55:00.000000000 +0200
|
||||
+++ vsftpd-2.0.4/ls.c 2006-07-11 01:02:21.000000000 +0200
|
||||
@@ -239,9 +239,31 @@
|
||||
diff -up vsftpd-2.1.0/ls.c.filter vsftpd-2.1.0/ls.c
|
||||
--- vsftpd-2.1.0/ls.c.filter 2008-02-02 02:30:41.000000000 +0100
|
||||
+++ vsftpd-2.1.0/ls.c 2009-01-08 19:31:15.000000000 +0100
|
||||
@@ -239,9 +239,31 @@ vsf_filename_passes_filter(const struct
|
||||
int ret = 0;
|
||||
char last_token = 0;
|
||||
int must_match_at_current_pos = 1;
|
||||
@ -34,20 +35,10 @@
|
||||
while (!str_isempty(&filter_remain_str))
|
||||
{
|
||||
static struct mystr s_match_needed_str;
|
||||
--- vsftpd-2.0.4/str.h.orig 2004-06-04 18:35:00.000000000 +0200
|
||||
+++ vsftpd-2.0.4/str.h 2006-07-11 00:59:59.000000000 +0200
|
||||
@@ -96,6 +96,8 @@
|
||||
int str_contains_space(const struct mystr* p_str);
|
||||
int str_contains_unprintable(const struct mystr* p_str);
|
||||
void str_replace_unprintable(struct mystr* p_str, char new_char);
|
||||
+void str_basename (struct mystr* d_str, const struct mystr* path);
|
||||
+
|
||||
int str_atoi(const struct mystr* p_str);
|
||||
filesize_t str_a_to_filesize_t(const struct mystr* p_str);
|
||||
unsigned int str_octal_to_uint(const struct mystr* p_str);
|
||||
--- vsftpd-2.0.4/str.c.orig 2004-07-12 19:58:39.000000000 +0200
|
||||
+++ vsftpd-2.0.4/str.c 2006-07-11 00:59:59.000000000 +0200
|
||||
@@ -662,3 +662,14 @@
|
||||
diff -up vsftpd-2.1.0/str.c.filter vsftpd-2.1.0/str.c
|
||||
--- vsftpd-2.1.0/str.c.filter 2008-12-17 06:54:16.000000000 +0100
|
||||
+++ vsftpd-2.1.0/str.c 2009-01-08 19:31:15.000000000 +0100
|
||||
@@ -680,3 +680,14 @@ str_replace_unprintable(struct mystr* p_
|
||||
}
|
||||
}
|
||||
|
||||
@ -62,3 +53,14 @@
|
||||
+ if (str_isempty(d_str))
|
||||
+ str_copy (d_str, path);
|
||||
+}
|
||||
diff -up vsftpd-2.1.0/str.h.filter vsftpd-2.1.0/str.h
|
||||
--- vsftpd-2.1.0/str.h.filter 2008-12-17 06:53:23.000000000 +0100
|
||||
+++ vsftpd-2.1.0/str.h 2009-01-08 19:32:14.000000000 +0100
|
||||
@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst
|
||||
int str_atoi(const struct mystr* p_str);
|
||||
filesize_t str_a_to_filesize_t(const struct mystr* p_str);
|
||||
unsigned int str_octal_to_uint(const struct mystr* p_str);
|
||||
+void str_basename (struct mystr* d_str, const struct mystr* path);
|
||||
|
||||
/* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
|
||||
* buffer, starting at character position 'p_pos'. The extracted line will
|
||||
@ -1,11 +1,11 @@
|
||||
--- vsftpd-1.2.1/Makefile.rh1 2003-11-25 15:58:11.000000000 +0100
|
||||
+++ vsftpd-1.2.1/Makefile 2003-11-25 15:58:33.000000000 +0100
|
||||
@@ -5,7 +5,8 @@
|
||||
diff -up vsftpd-2.1.0/Makefile.libs vsftpd-2.1.0/Makefile
|
||||
--- vsftpd-2.1.0/Makefile.libs 2009-01-08 18:55:39.000000000 +0100
|
||||
+++ vsftpd-2.1.0/Makefile 2009-01-08 18:55:57.000000000 +0100
|
||||
@@ -5,7 +5,7 @@ IFLAGS = -idirafter dummyinc
|
||||
#CFLAGS = -g
|
||||
CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion
|
||||
|
||||
-LIBS = `./vsf_findlibs.sh`
|
||||
+#LIBS = `./vsf_findlibs.sh`
|
||||
+LIBS = -lwrap -lnsl -lpam -lcap -ldl
|
||||
LINK = -Wl,-s
|
||||
|
||||
57
vsftpd-2.1.0-pam_hostname.patch
Normal file
57
vsftpd-2.1.0-pam_hostname.patch
Normal file
@ -0,0 +1,57 @@
|
||||
diff -up vsftpd-2.1.0/sysdeputil.c.pam_hostname vsftpd-2.1.0/sysdeputil.c
|
||||
--- vsftpd-2.1.0/sysdeputil.c.pam_hostname 2008-12-17 22:40:56.000000000 +0100
|
||||
+++ vsftpd-2.1.0/sysdeputil.c 2009-01-15 15:38:14.000000000 +0100
|
||||
@@ -16,6 +16,10 @@
|
||||
#include "tunables.h"
|
||||
#include "builddefs.h"
|
||||
|
||||
+/* For gethostbyaddr, inet_addr */
|
||||
+#include <netdb.h>
|
||||
+#include <arpa/inet.h>
|
||||
+
|
||||
/* For Linux, this adds nothing :-) */
|
||||
#include "port/porting_junk.h"
|
||||
|
||||
@@ -296,6 +300,10 @@ vsf_sysdep_check_auth(const struct mystr
|
||||
const struct mystr* p_remote_host)
|
||||
{
|
||||
int retval;
|
||||
+#ifdef PAM_RHOST
|
||||
+ struct sockaddr_in sin;
|
||||
+ struct hostent *host;
|
||||
+#endif
|
||||
struct pam_conv the_conv =
|
||||
{
|
||||
&pam_conv_func,
|
||||
@@ -314,7 +322,12 @@ vsf_sysdep_check_auth(const struct mystr
|
||||
return 0;
|
||||
}
|
||||
#ifdef PAM_RHOST
|
||||
- retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
||||
+ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
|
||||
+ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
|
||||
+ if (host != (struct hostent*)0)
|
||||
+ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
|
||||
+ else
|
||||
+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
(void) pam_end(s_pamh, retval);
|
||||
@@ -516,7 +529,7 @@ vsf_sysdep_has_capabilities(void)
|
||||
}
|
||||
return s_runtime_has_caps;
|
||||
}
|
||||
-
|
||||
+
|
||||
#ifndef VSF_SYSDEP_HAVE_LIBCAP
|
||||
static int
|
||||
do_checkcap(void)
|
||||
@@ -1038,7 +1051,7 @@ vsf_sysutil_recv_fd(const int sock_fd)
|
||||
msg.msg_flags = 0;
|
||||
/* In case something goes wrong, set the fd to -1 before the syscall */
|
||||
p_fd = (int*)CMSG_DATA(CMSG_FIRSTHDR(&msg));
|
||||
- *p_fd = -1;
|
||||
+ *p_fd = -1;
|
||||
retval = recvmsg(sock_fd, &msg, 0);
|
||||
if (retval != 1)
|
||||
{
|
||||
12
vsftpd-2.1.0-tcp_wrappers.patch
Normal file
12
vsftpd-2.1.0-tcp_wrappers.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up vsftpd-2.1.0/builddefs.h.tcp_wrappers vsftpd-2.1.0/builddefs.h
|
||||
--- vsftpd-2.1.0/builddefs.h.tcp_wrappers 2009-01-08 18:52:46.000000000 +0100
|
||||
+++ vsftpd-2.1.0/builddefs.h 2009-01-08 18:52:56.000000000 +0100
|
||||
@@ -1,7 +1,7 @@
|
||||
#ifndef VSF_BUILDDEFS_H
|
||||
#define VSF_BUILDDEFS_H
|
||||
|
||||
-#undef VSF_BUILD_TCPWRAPPERS
|
||||
+#define VSF_BUILD_TCPWRAPPERS
|
||||
#define VSF_BUILD_PAM
|
||||
#define VSF_BUILD_SSL
|
||||
|
||||
@ -1,18 +1,44 @@
|
||||
diff -up vsftpd-2.0.6/tunables.c.userlist_log vsftpd-2.0.6/tunables.c
|
||||
--- vsftpd-2.0.6/tunables.c.userlist_log 2008-02-22 12:49:36.000000000 +0100
|
||||
+++ vsftpd-2.0.6/tunables.c 2008-02-22 12:56:49.000000000 +0100
|
||||
@@ -71,6 +71,7 @@ int tunable_force_anon_data_ssl = 0;
|
||||
int tunable_mdtm_write = 1;
|
||||
int tunable_lock_upload_files = 1;
|
||||
int tunable_pasv_addr_resolve = 0;
|
||||
+int tunable_userlist_log = 0;
|
||||
int tunable_debug_ssl = 0;
|
||||
int tunable_require_cert = 0;
|
||||
int tunable_validate_cert = 0;
|
||||
diff -up vsftpd-2.0.6/parseconf.c.userlist_log vsftpd-2.0.6/parseconf.c
|
||||
--- vsftpd-2.0.6/parseconf.c.userlist_log 2008-02-22 12:49:36.000000000 +0100
|
||||
+++ vsftpd-2.0.6/parseconf.c 2008-02-22 12:58:19.000000000 +0100
|
||||
@@ -100,6 +100,7 @@ parseconf_bool_array[] =
|
||||
diff -up vsftpd-2.1.0/logging.c.userlist_log vsftpd-2.1.0/logging.c
|
||||
--- vsftpd-2.1.0/logging.c.userlist_log 2008-12-17 20:56:45.000000000 +0100
|
||||
+++ vsftpd-2.1.0/logging.c 2009-01-08 19:33:29.000000000 +0100
|
||||
@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess,
|
||||
vsf_log_common(p_sess, 1, what, p_str);
|
||||
}
|
||||
|
||||
+void
|
||||
+vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
|
||||
+ struct mystr* p_str)
|
||||
+{
|
||||
+ vsf_log_common(p_sess, 0, what, p_str);
|
||||
+}
|
||||
+
|
||||
int
|
||||
vsf_log_entry_pending(struct vsf_session* p_sess)
|
||||
{
|
||||
diff -up vsftpd-2.1.0/logging.h.userlist_log vsftpd-2.1.0/logging.h
|
||||
--- vsftpd-2.1.0/logging.h.userlist_log 2008-07-30 03:29:21.000000000 +0200
|
||||
+++ vsftpd-2.1.0/logging.h 2009-01-08 19:33:29.000000000 +0100
|
||||
@@ -80,5 +80,16 @@ void vsf_log_do_log(struct vsf_session*
|
||||
void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
|
||||
struct mystr* p_str);
|
||||
|
||||
+/* vsf_log_failed_line()
|
||||
+ * PURPOSE
|
||||
+ * Same as vsf_log_line(), except that it logs the line as failed operation.
|
||||
+ * PARAMETERS
|
||||
+ * p_sess - the current session object
|
||||
+ * what - the type of operation to log
|
||||
+ * p_str - the string to log
|
||||
+ */
|
||||
+void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
|
||||
+ struct mystr* p_str);
|
||||
+
|
||||
#endif /* VSF_LOGGING_H */
|
||||
|
||||
diff -up vsftpd-2.1.0/parseconf.c.userlist_log vsftpd-2.1.0/parseconf.c
|
||||
--- vsftpd-2.1.0/parseconf.c.userlist_log 2008-12-18 07:21:41.000000000 +0100
|
||||
+++ vsftpd-2.1.0/parseconf.c 2009-01-08 19:33:29.000000000 +0100
|
||||
@@ -96,6 +96,7 @@ parseconf_bool_array[] =
|
||||
{ "mdtm_write", &tunable_mdtm_write },
|
||||
{ "lock_upload_files", &tunable_lock_upload_files },
|
||||
{ "pasv_addr_resolve", &tunable_pasv_addr_resolve },
|
||||
@ -20,10 +46,10 @@ diff -up vsftpd-2.0.6/parseconf.c.userlist_log vsftpd-2.0.6/parseconf.c
|
||||
{ "debug_ssl", &tunable_debug_ssl },
|
||||
{ "require_cert", &tunable_require_cert },
|
||||
{ "validate_cert", &tunable_validate_cert },
|
||||
diff -up vsftpd-2.0.6/prelogin.c.userlist_log vsftpd-2.0.6/prelogin.c
|
||||
--- vsftpd-2.0.6/prelogin.c.userlist_log 2008-02-12 04:57:07.000000000 +0100
|
||||
+++ vsftpd-2.0.6/prelogin.c 2008-02-22 12:49:36.000000000 +0100
|
||||
@@ -194,6 +194,20 @@ handle_user_command(struct vsf_session*
|
||||
diff -up vsftpd-2.1.0/prelogin.c.userlist_log vsftpd-2.1.0/prelogin.c
|
||||
--- vsftpd-2.1.0/prelogin.c.userlist_log 2008-12-04 05:03:27.000000000 +0100
|
||||
+++ vsftpd-2.1.0/prelogin.c 2009-01-08 19:33:29.000000000 +0100
|
||||
@@ -216,6 +216,20 @@ handle_user_command(struct vsf_session*
|
||||
(!located && !tunable_userlist_deny))
|
||||
{
|
||||
vsf_cmdio_write(p_sess, FTP_LOGINERR, "Permission denied.");
|
||||
@ -44,10 +70,29 @@ diff -up vsftpd-2.0.6/prelogin.c.userlist_log vsftpd-2.0.6/prelogin.c
|
||||
str_empty(&p_sess->user_str);
|
||||
return;
|
||||
}
|
||||
diff -up vsftpd-2.0.6/tunables.h.userlist_log vsftpd-2.0.6/tunables.h
|
||||
--- vsftpd-2.0.6/tunables.h.userlist_log 2008-02-12 05:52:49.000000000 +0100
|
||||
+++ vsftpd-2.0.6/tunables.h 2008-02-22 12:59:01.000000000 +0100
|
||||
@@ -67,6 +67,7 @@ extern int tunable_force_anon_data_ssl;
|
||||
diff -up vsftpd-2.1.0/tunables.c.userlist_log vsftpd-2.1.0/tunables.c
|
||||
--- vsftpd-2.1.0/tunables.c.userlist_log 2009-01-08 19:33:28.000000000 +0100
|
||||
+++ vsftpd-2.1.0/tunables.c 2009-01-08 19:35:00.000000000 +0100
|
||||
@@ -72,6 +72,7 @@ int tunable_force_anon_data_ssl;
|
||||
int tunable_mdtm_write;
|
||||
int tunable_lock_upload_files;
|
||||
int tunable_pasv_addr_resolve;
|
||||
+int tunable_userlist_log;
|
||||
int tunable_debug_ssl;
|
||||
int tunable_require_cert;
|
||||
int tunable_validate_cert;
|
||||
@@ -206,6 +207,7 @@ tunables_load_defaults()
|
||||
tunable_mdtm_write = 1;
|
||||
tunable_lock_upload_files = 1;
|
||||
tunable_pasv_addr_resolve = 0;
|
||||
+ tunable_userlist_log = 0;
|
||||
tunable_debug_ssl = 0;
|
||||
tunable_require_cert = 0;
|
||||
tunable_validate_cert = 0;
|
||||
diff -up vsftpd-2.1.0/tunables.h.userlist_log vsftpd-2.1.0/tunables.h
|
||||
--- vsftpd-2.1.0/tunables.h.userlist_log 2008-12-17 06:47:11.000000000 +0100
|
||||
+++ vsftpd-2.1.0/tunables.h 2009-01-08 19:33:29.000000000 +0100
|
||||
@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl;
|
||||
extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */
|
||||
extern int tunable_lock_upload_files; /* Lock uploading files */
|
||||
extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */
|
||||
@ -55,30 +100,10 @@ diff -up vsftpd-2.0.6/tunables.h.userlist_log vsftpd-2.0.6/tunables.h
|
||||
extern int tunable_debug_ssl; /* Verbose SSL logging */
|
||||
extern int tunable_require_cert; /* SSL client cert required */
|
||||
extern int tunable_validate_cert; /* SSL certs must be valid */
|
||||
diff -up vsftpd-2.0.6/logging.h.userlist_log vsftpd-2.0.6/logging.h
|
||||
--- vsftpd-2.0.6/logging.h.userlist_log 2008-02-08 02:29:59.000000000 +0100
|
||||
+++ vsftpd-2.0.6/logging.h 2008-02-22 12:49:36.000000000 +0100
|
||||
@@ -80,5 +80,16 @@ void vsf_log_do_log(struct vsf_session*
|
||||
void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
|
||||
struct mystr* p_str);
|
||||
|
||||
+/* vsf_log_failed_line()
|
||||
+ * PURPOSE
|
||||
+ * Same as vsf_log_line(), except that it logs the line as failed operation.
|
||||
+ * PARAMETERS
|
||||
+ * p_sess - the current session object
|
||||
+ * what - the type of operation to log
|
||||
+ * p_str - the string to log
|
||||
+ */
|
||||
+void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
|
||||
+ struct mystr* p_str);
|
||||
+
|
||||
#endif /* VSF_LOGGING_H */
|
||||
|
||||
diff -up vsftpd-2.0.6/vsftpd.conf.5.userlist_log vsftpd-2.0.6/vsftpd.conf.5
|
||||
--- vsftpd-2.0.6/vsftpd.conf.5.userlist_log 2008-02-22 12:49:36.000000000 +0100
|
||||
+++ vsftpd-2.0.6/vsftpd.conf.5 2008-02-22 12:49:36.000000000 +0100
|
||||
@@ -541,6 +541,14 @@ Self-signed certs do not constitute OK v
|
||||
diff -up vsftpd-2.1.0/vsftpd.conf.5.userlist_log vsftpd-2.1.0/vsftpd.conf.5
|
||||
--- vsftpd-2.1.0/vsftpd.conf.5.userlist_log 2009-01-08 19:33:28.000000000 +0100
|
||||
+++ vsftpd-2.1.0/vsftpd.conf.5 2009-01-08 19:33:29.000000000 +0100
|
||||
@@ -585,6 +585,14 @@ Self-signed certs do not constitute OK v
|
||||
|
||||
Default: NO
|
||||
.TP
|
||||
@ -93,20 +118,3 @@ diff -up vsftpd-2.0.6/vsftpd.conf.5.userlist_log vsftpd-2.0.6/vsftpd.conf.5
|
||||
.B virtual_use_local_privs
|
||||
If enabled, virtual users will use the same privileges as local users. By
|
||||
default, virtual users will use the same privileges as anonymous users, which
|
||||
diff -up vsftpd-2.0.6/logging.c.userlist_log vsftpd-2.0.6/logging.c
|
||||
--- vsftpd-2.0.6/logging.c.userlist_log 2008-02-08 02:30:40.000000000 +0100
|
||||
+++ vsftpd-2.0.6/logging.c 2008-02-22 12:49:36.000000000 +0100
|
||||
@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess,
|
||||
vsf_log_common(p_sess, 1, what, p_str);
|
||||
}
|
||||
|
||||
+void
|
||||
+vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
|
||||
+ struct mystr* p_str)
|
||||
+{
|
||||
+ vsf_log_common(p_sess, 0, what, p_str);
|
||||
+}
|
||||
+
|
||||
int
|
||||
vsf_log_entry_pending(struct vsf_session* p_sess)
|
||||
{
|
||||
12
vsftpd-2.1.0-warnings.patch
Normal file
12
vsftpd-2.1.0-warnings.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up vsftpd-2.1.0/ptracesandbox.c.warnings vsftpd-2.1.0/ptracesandbox.c
|
||||
--- vsftpd-2.1.0/ptracesandbox.c.warnings 2009-01-15 15:31:26.000000000 +0100
|
||||
+++ vsftpd-2.1.0/ptracesandbox.c 2009-01-15 15:32:56.000000000 +0100
|
||||
@@ -1146,6 +1146,7 @@ int
|
||||
ptrace_sandbox_run_processes(struct pt_sandbox* p_sandbox)
|
||||
{
|
||||
(void) p_sandbox;
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
void
|
||||
diff -up vsftpd-2.1.0/sysdeputil.c.warnings vsftpd-2.1.0/sysdeputil.c
|
||||
164
vsftpd.spec
164
vsftpd.spec
@ -1,115 +1,86 @@
|
||||
%{!?tcp_wrappers:%define tcp_wrappers 1}
|
||||
|
||||
Summary: Very Secure Ftp Daemon
|
||||
Name: vsftpd
|
||||
Version: 2.0.7
|
||||
Release: 1%{?dist}
|
||||
Version: 2.1.0
|
||||
Release: 0.1.pre3%{?dist}
|
||||
Summary: Very Secure Ftp Daemon
|
||||
|
||||
Group: System Environment/Daemons
|
||||
# OpenSSL link exception
|
||||
License: GPLv2 with exceptions
|
||||
Group: System Environment/Daemons
|
||||
URL: http://vsftpd.beasts.org/
|
||||
Source: ftp://vsftpd.beasts.org/users/cevans/%{name}-%{version}.tar.gz
|
||||
Source0: ftp://vsftpd.beasts.org/users/cevans/%{name}-%{version}pre3.tar.gz
|
||||
Source1: vsftpd.xinetd
|
||||
Source2: vsftpd.pam
|
||||
Source3: vsftpd.ftpusers
|
||||
Source4: vsftpd.user_list
|
||||
Source5: vsftpd.init
|
||||
Source6: vsftpd_conf_migrate.sh
|
||||
Patch1: vsftpd-1.1.3-rh.patch
|
||||
Patch2: vsftpd-1.0.1-missingok.patch
|
||||
Patch3: vsftpd-2.0.1-tcp_wrappers.patch
|
||||
Patch4: vsftpd-1.5.1-libs.patch
|
||||
Patch5: vsftpd-2.0.2-signal.patch
|
||||
Patch6: vsftpd-1.2.1-conffile.patch
|
||||
Patch7: vsftpd-2.0.1-build_ssl.patch
|
||||
Patch8: vsftpd-2.0.1-server_args.patch
|
||||
Patch9: vsftpd-2.0.1-dir.patch
|
||||
Patch11: vsftpd-1.2.1-nonrootconf.patch
|
||||
Patch13: vsftpd-2.0.3-background.patch
|
||||
Patch14: vsftpd-2.0.3-daemonize_fds.patch
|
||||
Patch17: vsftpd-2.0.3-pam_hostname.patch
|
||||
Patch18: vsftpd-close-std-fds.patch
|
||||
Patch19: vsftpd-2.0.5-default_ipv6.patch
|
||||
Patch20: vsftpd-2.0.5-add_ipv6_option.patch
|
||||
Patch21: vsftpd-2.0.5-correct_comments.patch
|
||||
Patch22: vsftpd-2.0.5-man.patch
|
||||
Patch23: vsftpd-2.0.4-filter.patch
|
||||
Patch26: vsftpd-2.0.5-bind_denied.patch
|
||||
Patch29: vsftpd-2.0.5-pasv_dot.patch
|
||||
Patch30: vsftpd-2.0.5-pam_end.patch
|
||||
Patch31: vsftpd-2.0.5-write_race.patch
|
||||
Patch32: vsftpd-2.0.5-fix_unique.patch
|
||||
Patch34: vsftpd-2.0.5-underscore_uname.patch
|
||||
Patch35: vsftpd-2.0.5-uname_size.patch
|
||||
Patch36: vsftpd-2.0.5-greedy.patch
|
||||
Patch37: vsftpd-2.0.6-userlist_log.patch
|
||||
Patch38: vsftpd-2.0.6-listen.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: libcap-devel
|
||||
BuildRequires: openssl-devel
|
||||
%if %{tcp_wrappers}
|
||||
BuildRequires: tcp_wrappers-devel
|
||||
%endif
|
||||
BuildRequires: pam-devel
|
||||
Requires: /%{_lib}/security/pam_loginuid.so
|
||||
BuildRequires: libcap-devel
|
||||
BuildRequires: openssl-devel
|
||||
Requires: libcap
|
||||
# for -fpie
|
||||
BuildRequires: gcc > 3.2.3-13, binutils > 2.14.90.0.4-24, glibc-devel >= 2.3.2-45
|
||||
|
||||
Requires: logrotate
|
||||
Requires (preun): /sbin/chkconfig
|
||||
Requires (preun): /sbin/service
|
||||
Requires (post): /sbin/chkconfig
|
||||
#Obsoletes: anonftp
|
||||
#Provides: ftpserver
|
||||
|
||||
# Build patches
|
||||
Patch1: vsftpd-2.1.0-libs.patch
|
||||
Patch2: vsftpd-2.1.0-build_ssl.patch
|
||||
Patch3: vsftpd-2.1.0-tcp_wrappers.patch
|
||||
|
||||
# Use /etc/vsftpd/ instead of /etc/
|
||||
Patch4: vsftpd-2.1.0-configuration.patch
|
||||
|
||||
# These need review
|
||||
Patch5: vsftpd-2.1.0-pam_hostname.patch
|
||||
Patch6: vsftpd-close-std-fds.patch
|
||||
Patch7: vsftpd-2.1.0-filter.patch
|
||||
Patch8: vsftpd-2.0.5-greedy.patch
|
||||
Patch9: vsftpd-2.1.0-userlist_log.patch
|
||||
|
||||
# Sent upstream on 2009-01-16 via email
|
||||
Patch10: vsftpd-2.1.0-warnings.patch
|
||||
|
||||
|
||||
%description
|
||||
vsftpd is a Very Secure FTP daemon. It was written completely from
|
||||
scratch.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%patch1 -p1 -b .rh
|
||||
%patch2 -p1 -b .mok
|
||||
cp %{SOURCE1} .
|
||||
|
||||
%patch1 -p1 -b .libs
|
||||
%patch2 -p1 -b .build_ssl
|
||||
%if %{tcp_wrappers}
|
||||
%patch3 -p1 -b .tcp_wrappers
|
||||
%endif
|
||||
%patch4 -p1 -b .libs
|
||||
cp %{SOURCE1} .
|
||||
%patch5 -p1 -b .signal
|
||||
%patch6 -p1
|
||||
%patch7 -p1 -b .build_ssl
|
||||
%patch8 -p1 -b .server_args
|
||||
%patch9 -p1 -b .dir
|
||||
%patch11 -p1 -b .nonrootconf
|
||||
%patch13 -p1 -b .background
|
||||
%patch14 -p1 -b .fds
|
||||
%patch17 -p1 -b .old-pam
|
||||
%patch18 -p1 -b .close-fds
|
||||
%patch19 -p1 -b .ipv6
|
||||
%patch20 -p1 -b .ipv6opt
|
||||
%patch21 -p1 -b .comments
|
||||
%patch22 -p1 -b .manp
|
||||
%patch23 -p1 -b .filter
|
||||
%patch26 -p1 -b .bind_denied
|
||||
%patch29 -p1 -b .pasv_dot
|
||||
%patch30 -p1 -b .pam_end
|
||||
%patch31 -p1 -b .write_race
|
||||
%patch32 -p1 -b .fix_unique
|
||||
%patch34 -p1 -b .underscore_uname
|
||||
%patch35 -p1 -b .uname_size
|
||||
%patch36 -p1 -b .greedy
|
||||
%patch37 -p1 -b .userlist_log
|
||||
%patch38 -p1 -b .listen
|
||||
%patch4 -p1 -b .configuration
|
||||
%patch5 -p1 -b .pam_hostname
|
||||
%patch6 -p1 -b .close_fds
|
||||
%patch7 -p1 -b .filter
|
||||
%patch8 -p1 -b .greedy
|
||||
%patch9 -p1 -b .userlist_log
|
||||
%patch10 -p1 -b .warnings
|
||||
|
||||
|
||||
%build
|
||||
%ifarch s390x sparcv9 sparc64
|
||||
make CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe" \
|
||||
make CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror" \
|
||||
%else
|
||||
make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe" \
|
||||
make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \
|
||||
%endif
|
||||
LINK="-pie -lssl" \
|
||||
%{?_smp_mflags}
|
||||
LINK="-pie -lssl" %{?_smp_mflags}
|
||||
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
@ -130,13 +101,16 @@ install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migra
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
|
||||
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%post
|
||||
/sbin/chkconfig --add vsftpd
|
||||
#/usr/sbin/usermod -d /var/ftp ftp >/dev/null 2>&1 || :
|
||||
|
||||
|
||||
%preun
|
||||
if [ $1 = 0 ]; then
|
||||
/sbin/service vsftpd stop > /dev/null 2>&1
|
||||
@ -145,10 +119,9 @@ fi
|
||||
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%defattr(-,root,root,-)
|
||||
%{_sbindir}/vsftpd
|
||||
%{_sysconfdir}/rc.d/init.d/vsftpd
|
||||
#%config(noreplace) /etc/vsftpd.*
|
||||
%dir %{_sysconfdir}/vsftpd
|
||||
%config(noreplace) %{_sysconfdir}/vsftpd/*
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/vsftpd
|
||||
@ -158,7 +131,36 @@ fi
|
||||
%{_mandir}/man8/vsftpd.*
|
||||
%{_var}/ftp
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jan 16 2009 Martin Nagy <mnagy@redhat.com> - 2.1.0-0.1.pre3
|
||||
- update to latest upstream release
|
||||
- cleanup the spec file
|
||||
- drop patches fixed upstream:
|
||||
vsftpd-1.0.1-missingok.patch
|
||||
vsftpd-1.2.1-nonrootconf.patch
|
||||
vsftpd-2.0.1-tcp_wrappers.patch
|
||||
vsftpd-2.0.2-signal.patch
|
||||
vsftpd-2.0.3-daemonize_fds.patch
|
||||
vsftpd-2.0.5-correct_comments.patch
|
||||
vsftpd-2.0.5-pasv_dot.patch
|
||||
vsftpd-2.0.5-write_race.patch
|
||||
vsftpd-2.0.5-fix_unique.patch
|
||||
vsftpd-2.0.5-uname_size.patch
|
||||
vsftpd-2.0.5-bind_denied.patch
|
||||
vsftpd-2.0.5-pam_end.patch
|
||||
vsftpd-2.0.5-underscore_uname.patch
|
||||
vsftpd-2.0.6-listen.patch
|
||||
- join all configuration patches into one:
|
||||
vsftpd-1.1.3-rh.patch
|
||||
vsftpd-1.2.1-conffile.patch
|
||||
vsftpd-2.0.1-dir.patch
|
||||
vsftpd-2.0.1-server_args.patch
|
||||
vsftpd-2.0.3-background.patch
|
||||
vsftpd-2.0.5-default_ipv6.patch
|
||||
vsftpd-2.0.5-add_ipv6_option.patch
|
||||
vsftpd-2.0.5-man.patch
|
||||
|
||||
* Mon Sep 8 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.7-1
|
||||
- fix license tag
|
||||
- update to 2.0.7
|
||||
@ -250,10 +252,10 @@ fi
|
||||
* Tue Aug 22 2006 Maros Barabas <mbarabas@redhat.com> - 2.0.5-7
|
||||
- correct paths of configuration files on man pages
|
||||
|
||||
* Tue Aug 15 2006 Maros Barabas <mbarabas@redhat.com> - 2.0.5-6
|
||||
* Tue Aug 15 2006 Maros Barabas <mbarabas@redhat.com> - 2.0.5-6
|
||||
- correct comments
|
||||
|
||||
* Tue Aug 08 2006 Maros Barabas <mbarabas@redhat.com> - 2.0.5-5
|
||||
* Tue Aug 08 2006 Maros Barabas <mbarabas@redhat.com> - 2.0.5-5
|
||||
- option to change listening to IPv6 protocol
|
||||
|
||||
* Thu Aug 01 2006 Maros Barabas <mbarabas@redhat.com> - 2.0.5-4
|
||||
|
||||
Loading…
Reference in New Issue
Block a user