- update to latest upstream release

- cleanup the spec file
- drop patches fixed upstream: vsftpd-1.0.1-missingok.patch
    vsftpd-1.2.1-nonrootconf.patch vsftpd-2.0.1-tcp_wrappers.patch
    vsftpd-2.0.2-signal.patch vsftpd-2.0.3-daemonize_fds.patch
    vsftpd-2.0.5-correct_comments.patch vsftpd-2.0.5-pasv_dot.patch
    vsftpd-2.0.5-write_race.patch vsftpd-2.0.5-fix_unique.patch
    vsftpd-2.0.5-uname_size.patch vsftpd-2.0.5-bind_denied.patch
    vsftpd-2.0.5-pam_end.patch vsftpd-2.0.5-underscore_uname.patch
    vsftpd-2.0.6-listen.patch
- join all configuration patches into one: vsftpd-1.1.3-rh.patch
    vsftpd-1.2.1-conffile.patch vsftpd-2.0.1-dir.patch
    vsftpd-2.0.1-server_args.patch vsftpd-2.0.3-background.patch
    vsftpd-2.0.5-default_ipv6.patch vsftpd-2.0.5-add_ipv6_option.patch
    vsftpd-2.0.5-man.patch
This commit is contained in:
Martin Nagy 2009-01-16 17:23:12 +00:00
parent 6872c7137e
commit 3572541ce7
35 changed files with 668 additions and 1171 deletions

View File

@ -1 +1 @@
vsftpd-2.0.7.tar.gz
vsftpd-2.1.0pre3.tar.gz

View File

@ -1 +1 @@
3e39cb7b0bee306ad7df8e3552e15297 vsftpd-2.0.7.tar.gz
6e968036b3575253f384e06f7b4ddd57 vsftpd-2.1.0pre3.tar.gz

View File

@ -1,8 +0,0 @@
--- vsftpd-1.0.1/RedHat/vsftpd.log.checkfile Thu Feb 28 12:34:34 2002
+++ vsftpd-1.0.1/RedHat/vsftpd.log Thu Feb 28 12:35:03 2002
@@ -1,4 +1,5 @@
/var/log/vsftpd.log {
# ftpd doesn't handle SIGHUP properly
nocompress
+ missingok
}

View File

@ -1,38 +0,0 @@
--- vsftpd-1.0.1/vsftpd.conf.rh Mon Jul 30 17:51:07 2001
+++ vsftpd-1.0.1/vsftpd.conf Wed Nov 28 14:38:36 2001
@@ -7,14 +7,14 @@
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
-#local_enable=YES
+local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
-#write_enable=YES
+write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
-#local_umask=022
+local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
@@ -46,7 +46,7 @@
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
-#xferlog_std_format=YES
+xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
@@ -98,3 +98,8 @@
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
+pam_service_name=vsftpd
+userlist_enable=YES
+#enable for standalone mode
+listen=YES
+tcp_wrappers=YES

View File

@ -1,110 +0,0 @@
--- vsftpd-1.2.1/FAQ.foo 2004-05-03 18:06:26.051315979 -0400
+++ vsftpd-1.2.1/FAQ 2004-05-03 18:08:27.168746928 -0400
@@ -33,7 +33,7 @@
Q) Help! Local users cannot log in.
A) There are various possible problems.
A1) By default, vsftpd disables any logins other than anonymous logins. Put
-local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.
+local_enable=YES in your /etc/vsftpd/vsftpd.conf to allow local users to log in.
A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to
find out whether this has happened or not). If vsftpd links with PAM, then
you will need to have a PAM file installed for the vsftpd service. There is
@@ -45,12 +45,12 @@
A4) If you are not using PAM, then vsftpd will do its own check for a valid
user shell in /etc/shells. You may need to disable this if you use an invalid
shell to disable logins other than FTP logins. Put check_shell=NO in your
-/etc/vsftpd.conf.
+/etc/vsftpd/vsftpd.conf.
Q) Help! Uploads or other write commands give me "500 Unknown command.".
A) By default, write commands, including uploads and new directories, are
disabled. This is a security measure. To enable writes, put write_enable=YES
-in your /etc/vsftpd.conf.
+in your /etc/vsftpd/vsftpd.conf.
Q) Help! What are the security implications referred to in the
"chroot_local_user" option?
@@ -86,7 +86,7 @@
mode. Use "listen_address=x.x.x.x" to set the virtual IP.
Q) Help! Does vsftpd support virtual users?
-A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This
+A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd/vsftpd.conf. This
has the effect of mapping every non-anonymous successful login to the local
username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb
module to provide authentication against an external (i.e. non-/etc/passwd)
--- vsftpd-1.2.1/defs.h.foo 2004-05-03 18:06:29.771837724 -0400
+++ vsftpd-1.2.1/defs.h 2004-05-03 18:07:51.356350436 -0400
@@ -1,7 +1,7 @@
#ifndef VSF_DEFS_H
#define VSF_DEFS_H
-#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf"
+#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf"
#define VSFTP_COMMAND_FD 0
--- vsftpd-1.2.1/INSTALL.foo 2004-05-03 18:06:33.061414865 -0400
+++ vsftpd-1.2.1/INSTALL 2004-05-03 18:08:57.133895056 -0400
@@ -63,7 +63,7 @@
vsftpd can run standalone or via an inetd (such as inetd or xinetd). You will
typically get more control running vsftpd from an inetd. But first we will run
it without, so we can check things are going well so far.
-Edit /etc/vsftpd.conf, and add this line at the bottom:
+Edit /etc/vsftpd/vsftpd.conf, and add this line at the bottom:
listen=YES
@@ -135,11 +135,11 @@
Step 7) Customize your configuration
As well as the above three pre-requisites, you are recommended to install a
-config file. The default location for the config file is /etc/vsftpd.conf.
+config file. The default location for the config file is /etc/vsftpd/vsftpd.conf.
There is a sample vsftpd.conf in the distribution tarball. You probably want
-to copy that to /etc/vsftpd.conf as a basis for modification, i.e.:
+to copy that to /etc/vsftpd/vsftpd.conf as a basis for modification, i.e.:
-cp vsftpd.conf /etc
+cp vsftpd.conf /etc/vsftpd/
The default configuration allows neither local user logins nor anonymous
uploads. You may wish to change these defaults.
--- vsftpd-1.2.1/vsftpd.8.foo 2004-05-03 18:06:40.593446659 -0400
+++ vsftpd-1.2.1/vsftpd.8 2004-05-03 18:09:04.438956026 -0400
@@ -21,7 +21,7 @@
recommended. It is activated by setting
.Pa listen=YES
in
-.Pa /etc/vsftpd.conf .
+.Pa /etc/vsftpd/vsftpd.conf .
Direct execution of the
.Nm vsftpd
binary will then launch the FTP service ready for immediate client connections.
@@ -29,6 +29,6 @@
An optional
.Op configuration file
may be given on the command line. The default configuration file is
-.Pa /etc/vsftpd.conf .
+.Pa /etc/vsftpd/vsftpd.conf .
.Sh SEE ALSO
.Xr vsftpd.conf 5
--- vsftpd-1.2.1/vsftpd.conf.foo 2004-05-03 18:06:55.217566800 -0400
+++ vsftpd-1.2.1/vsftpd.conf 2004-05-03 18:09:28.049920952 -0400
@@ -1,4 +1,4 @@
-# Example config file /etc/vsftpd.conf
+# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
--- vsftpd-1.2.1/vsftpd.conf.5.foo 2004-05-03 18:07:06.184157099 -0400
+++ vsftpd-1.2.1/vsftpd.conf.5 2004-05-03 18:09:20.649872192 -0400
@@ -4,7 +4,7 @@
.SH DESCRIPTION
vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By
default, vsftpd looks for this file at the location
-.BR /etc/vsftpd.conf .
+.BR /etc/vsftpd/vsftpd.conf .
However, you may override this by specifying a command line argument to
vsftpd. The command line argument is the pathname of the configuration file
for vsftpd. This behaviour is useful because you may wish to use an advanced

View File

@ -1,77 +0,0 @@
diff -up vsftpd-2.0.6/parseconf.c.nonrootconf vsftpd-2.0.6/parseconf.c
--- vsftpd-2.0.6/parseconf.c.nonrootconf 2008-02-12 05:53:32.000000000 +0100
+++ vsftpd-2.0.6/parseconf.c 2008-07-01 12:28:12.000000000 +0200
@@ -15,6 +15,7 @@
#include "defs.h"
#include "sysutil.h"
#include "utility.h"
+#include "sysstr.h"
static const char* s_p_saved_filename;
static int s_strings_copied;
@@ -182,6 +183,8 @@ vsf_parseconf_load_file(const char* p_fi
struct mystr config_file_str = INIT_MYSTR;
struct mystr config_setting_str = INIT_MYSTR;
struct mystr config_value_str = INIT_MYSTR;
+ struct vsf_sysutil_statbuf* p_statbuf = 0;
+
unsigned int str_pos = 0;
int retval;
if (!p_filename)
@@ -210,7 +213,9 @@ vsf_parseconf_load_file(const char* p_fi
copy_string_settings();
}
retval = str_fileread(&config_file_str, p_filename, VSFTP_CONF_FILE_MAX);
- if (vsf_sysutil_retval_is_error(retval))
+ (int)vsf_sysutil_stat(p_filename, &p_statbuf);
+ /* Security - die unless the conf file is owned by root */
+ if (vsf_sysutil_retval_is_error(retval) || vsf_sysutil_statbuf_get_uid(p_statbuf) != VSFTP_ROOT_UID)
{
if (errs_fatal)
{
@@ -221,6 +226,7 @@ vsf_parseconf_load_file(const char* p_fi
return;
}
}
+ vsf_sysutil_free(p_statbuf);
while (str_getline(&config_file_str, &config_setting_str, &str_pos))
{
if (str_isempty(&config_setting_str) ||
diff -up vsftpd-2.0.6/twoprocess.c.nonrootconf vsftpd-2.0.6/twoprocess.c
--- vsftpd-2.0.6/twoprocess.c.nonrootconf 2008-02-12 04:18:34.000000000 +0100
+++ vsftpd-2.0.6/twoprocess.c 2008-07-01 12:21:28.000000000 +0200
@@ -423,11 +423,17 @@ handle_per_user_config(const struct myst
str_append_char(&filename_str, '/');
str_append_str(&filename_str, p_user_str);
retval = str_stat(&filename_str, &p_statbuf);
- /* Security - ignore unless owned by root */
- if (!vsf_sysutil_retval_is_error(retval) &&
- vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID)
+ /* Security - die unless owned by root */
+ if (!vsf_sysutil_retval_is_error(retval))
{
- vsf_parseconf_load_file(str_getbuf(&filename_str), 1);
+ if (vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID)
+ {
+ vsf_parseconf_load_file(str_getbuf(&filename_str), 1);
+ }
+ else
+ {
+ die("reading non-root config file");
+ }
}
str_free(&filename_str);
vsf_sysutil_free(p_statbuf);
diff -up vsftpd-2.0.6/vsftpd.8.nonrootconf vsftpd-2.0.6/vsftpd.8
--- vsftpd-2.0.6/vsftpd.8.nonrootconf 2008-07-01 12:21:28.000000000 +0200
+++ vsftpd-2.0.6/vsftpd.8 2008-07-01 12:21:28.000000000 +0200
@@ -28,7 +28,8 @@ binary will then launch the FTP service
.Sh OPTIONS
An optional
.Op configuration file
-may be given on the command line. The default configuration file is
+may be given on the command line. This configuration files has to be owned by
+root. The default configuration file is
.Pa /etc/vsftpd/vsftpd.conf .
.Sh SEE ALSO
.Xr vsftpd.conf 5

View File

@ -1,12 +0,0 @@
diff -up vsftpd-2.0.6/builddefs.h.build_ssl vsftpd-2.0.6/builddefs.h
--- vsftpd-2.0.6/builddefs.h.build_ssl 2008-09-08 23:28:16.000000000 -0400
+++ vsftpd-2.0.6/builddefs.h 2008-09-08 23:29:04.000000000 -0400
@@ -3,7 +3,7 @@
#define VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
-#undef VSF_BUILD_SSL
+#define VSF_BUILD_SSL
#endif /* VSF_BUILDDEFS_H */

View File

@ -1,160 +0,0 @@
--- vsftpd-2.0.1/README.dir 2004-07-02 02:34:35.000000000 +0200
+++ vsftpd-2.0.1/README 2004-11-11 12:33:02.114458576 +0100
@@ -35,3 +35,8 @@
Various example configurations are discussed in the EXAMPLE directory.
Frequently asked questions are tackled in the FAQ file.
+Important Note
+==============
+The location of configuration files was changed to /etc/vsftpd/. If you want
+to migrate your old conf files from /etc (files vsftpd.xxxx.rpmsave) use
+/etc/vsfptd/vsftpd_conf_migrate.sh
--- vsftpd-2.0.1/EXAMPLE/INTERNET_SITE_NOINETD/README.dir 2002-11-09 17:07:09.000000000 +0100
+++ vsftpd-2.0.1/EXAMPLE/INTERNET_SITE_NOINETD/README 2004-11-11 12:26:59.331609952 +0100
@@ -17,7 +17,7 @@
To use this example config:
-1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf.
+1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf.
2) Start up vsftpd, e.g.
vsftpd &
@@ -51,5 +51,5 @@
listen_address=192.168.1.2
And launch vsftpd with a specific config file like this:
-vsftpd /etc/vsftpd.conf.site1 &
+vsftpd /etc/vsftpd/vsftpd.conf.site1 &
--- vsftpd-2.0.1/EXAMPLE/INTERNET_SITE/vsftpd.xinetd.dir 2002-07-31 00:57:21.000000000 +0200
+++ vsftpd-2.0.1/EXAMPLE/INTERNET_SITE/vsftpd.xinetd 2004-11-11 12:26:59.331609952 +0100
@@ -9,7 +9,7 @@
per_source = 5
instances = 200
no_access = 192.168.1.3
- banner_fail = /etc/vsftpd.busy_banner
+ banner_fail = /etc/vsftpd/busy_banner
log_on_success += PID HOST DURATION
log_on_failure += HOST
}
--- vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/vsftpd.pam.dir 2002-07-30 20:36:38.000000000 +0200
+++ vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/vsftpd.pam 2004-11-11 12:26:59.377602960 +0100
@@ -1,2 +1,2 @@
-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
+auth required /lib/security/pam_userdb.so db=/etc/vsftpd/login
+account required /lib/security/pam_userdb.so db=/etc/vsftpd/login
--- vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/README.dir 2003-11-05 01:27:48.000000000 +0100
+++ vsftpd-2.0.1/EXAMPLE/VIRTUAL_USERS/README 2004-11-11 12:26:59.377602960 +0100
@@ -15,7 +15,7 @@
"fred" with password "bar".
Whilst logged in as root, create the actual database file like this:
-db_load -T -t hash -f logins.txt /etc/vsftpd_login.db
+db_load -T -t hash -f logins.txt /etc/vsftpd/login.db
(Requires the Berkeley db program installed).
NOTE: Many systems have multiple versions of "db" installed, so you may
need to use e.g. db3_load for correct operation. This is known to affect
@@ -23,10 +23,10 @@
database to be a specific db version (often db3, whereas db4 may be installed
on your system).
-This will create /etc/vsftpd_login.db. Obviously, you may want to make sure
+This will create /etc/vsftpd/login.db. Obviously, you may want to make sure
the permissions are restricted:
-chmod 600 /etc/vsftpd_login.db
+chmod 600 /etc/vsftpd/login.db
For more information on maintaing your login database, look around for
documentation on "Berkeley DB", e.g.
@@ -37,8 +37,8 @@
See the example file vsftpd.pam. It contains two lines:
-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
+auth required /lib/security/pam_userdb.so db=/etc/vsftpd/login
+account required /lib/security/pam_userdb.so db=/etc/vsftpd/login
This tells PAM to authenticate users using our new database. Copy this PAM
file to the PAM directory - typically /etc/pam.d/
@@ -105,9 +105,9 @@
These put a port range on passive FTP incoming requests - very useful if
you are configuring a firewall.
-Copy the example vsftpd.conf file to /etc:
+Copy the example vsftpd.conf file to /etc/vsftpd:
-cp vsftpd.conf /etc/
+cp vsftpd.conf /etc/vsftpd/
Step 5) Start up vsftpd.
--- vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/README.dir 2002-11-09 17:16:12.000000000 +0100
+++ vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/README 2004-11-11 12:26:59.377602960 +0100
@@ -20,7 +20,7 @@
Let's have a look at the example:
-vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
+vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/tcp_wrap.conf
vsftpd: 192.168.1.4: DENY
The first line:
--- vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/hosts.allow.dir 2002-11-09 17:04:24.000000000 +0100
+++ vsftpd-2.0.1/EXAMPLE/PER_IP_CONFIG/hosts.allow 2004-11-11 12:26:59.378602808 +0100
@@ -4,6 +4,6 @@
# by the '/usr/sbin/tcpd' server.
#
-vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
+vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/tcp_wrap.conf
vsftpd: 192.168.1.4: DENY
--- vsftpd-2.0.1/tunables.c.dir 2004-07-02 13:26:17.000000000 +0200
+++ vsftpd-2.0.1/tunables.c 2004-11-11 12:26:59.378602808 +0100
@@ -95,11 +95,11 @@
const char* tunable_message_file = ".message";
const char* tunable_nopriv_user = "nobody";
const char* tunable_ftpd_banner = 0;
-const char* tunable_banned_email_file = "/etc/vsftpd.banned_emails";
-const char* tunable_chroot_list_file = "/etc/vsftpd.chroot_list";
+const char* tunable_banned_email_file = "/etc/vsftpd/banned_emails";
+const char* tunable_chroot_list_file = "/etc/vsftpd/chroot_list";
const char* tunable_pam_service_name = "ftp";
const char* tunable_guest_username = "ftp";
-const char* tunable_userlist_file = "/etc/vsftpd.user_list";
+const char* tunable_userlist_file = "/etc/vsftpd/user_list";
const char* tunable_anon_root = 0;
const char* tunable_local_root = 0;
const char* tunable_banner_file = 0;
@@ -111,7 +111,7 @@
const char* tunable_hide_file = 0;
const char* tunable_deny_file = 0;
const char* tunable_user_sub_token = 0;
-const char* tunable_email_password_file = "/etc/vsftpd.email_passwords";
+const char* tunable_email_password_file = "/etc/vsftpd/email_passwords";
const char* tunable_rsa_cert_file = "/usr/share/ssl/certs/vsftpd.pem";
const char* tunable_dsa_cert_file = 0;
const char* tunable_ssl_ciphers = "DES-CBC3-SHA";
--- vsftpd-2.0.1/vsftpd.conf.dir 2004-11-11 12:26:59.231625152 +0100
+++ vsftpd-2.0.1/vsftpd.conf 2004-11-11 12:26:59.380602504 +0100
@@ -88,14 +88,14 @@
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
-#banned_email_file=/etc/vsftpd.banned_emails
+#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
-#chroot_list_file=/etc/vsftpd.chroot_list
+#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large

View File

@ -1,11 +0,0 @@
--- vsftpd-2.0.1/xinetd.d/vsftpd.server_args 2001-10-11 21:40:17.000000000 +0200
+++ vsftpd-2.0.1/xinetd.d/vsftpd 2004-10-01 14:52:28.171052120 +0200
@@ -9,7 +9,7 @@
wait = no
user = root
server = /usr/local/sbin/vsftpd
-# server_args =
+ server_args = /etc/vsftpd/vsftpd.conf
# log_on_success += DURATION USERID
# log_on_failure += USERID
nice = 10

View File

@ -1,29 +0,0 @@
--- vsftpd-1.2.0/tcpwrap.c.tcp_wrappers2 2003-01-13 20:55:21.000000000 -0500
+++ vsftpd-1.2.0/tcpwrap.c 2003-06-24 21:36:04.000000000 -0400
@@ -31,12 +31,15 @@
vsf_tcp_wrapper_ok(int remote_fd)
{
struct request_info req;
+ openlog("vsftpd", LOG_PID, LOG_FTP);
request_init(&req, RQ_DAEMON, "vsftpd", RQ_FILE, remote_fd, 0);
fromhost(&req);
if (!hosts_access(&req))
{
+ closelog();
return 0;
}
+ closelog();
return 1;
}
--- vsftpd-work/builddefs.h.tcp_wrappers 2004-08-20 09:57:08.000000000 +0200
+++ vsftpd-work/builddefs.h 2004-08-20 10:09:11.619830424 +0200
@@ -1,7 +1,7 @@
#ifndef VSF_BUILDDEFS_H
#define VSF_BUILDDEFS_H
-#undef VSF_BUILD_TCPWRAPPERS
+#define VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
#undef VSF_BUILD_SSL

View File

@ -1,41 +0,0 @@
--- vsftpd-2.0.2/standalone.c.signal 2004-07-02 13:25:37.000000000 +0200
+++ vsftpd-2.0.2/standalone.c 2005-03-14 09:37:12.937643960 +0100
@@ -134,12 +134,8 @@
void* p_raw_addr;
int new_child;
int new_client_sock;
- vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
- vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP);
new_client_sock = vsf_sysutil_accept_timeout(
listen_sock, p_accept_addr, 0);
- vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
- vsf_sysutil_block_sig(kVSFSysUtilSigHUP);
if (vsf_sysutil_retval_is_error(new_client_sock))
{
continue;
--- vsftpd-2.0.2/sysutil.c.signal 2005-03-03 00:48:02.000000000 +0100
+++ vsftpd-2.0.2/sysutil.c 2005-03-14 09:41:34.992805520 +0100
@@ -1623,7 +1623,11 @@
timeout.tv_usec = 0;
do
{
+ vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
+ vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP);
retval = select(fd + 1, &accept_fdset, NULL, NULL, &timeout);
+ vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
+ vsf_sysutil_block_sig(kVSFSysUtilSigHUP);
saved_errno = errno;
vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
} while (retval < 0 && saved_errno == EINTR);
@@ -1633,7 +1637,11 @@
return -1;
}
}
+ vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
+ vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP);
retval = accept(fd, &remote_addr.u.u_sockaddr, &socklen);
+ vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
+ vsf_sysutil_block_sig(kVSFSysUtilSigHUP);
vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
if (retval < 0)
{

View File

@ -1,22 +0,0 @@
--- vsftpd-2.0.3/tunables.c.background 2005-06-30 09:51:51.000000000 +0200
+++ vsftpd-2.0.3/tunables.c 2005-06-30 09:57:29.000000000 +0200
@@ -49,7 +49,7 @@
int tunable_listen_ipv6 = 0;
int tunable_dual_log_enable = 0;
int tunable_syslog_enable = 0;
-int tunable_background = 0;
+int tunable_background = 1;
int tunable_virtual_use_local_privs = 0;
int tunable_session_support = 0;
int tunable_download_enable = 1;
--- vsftpd-2.0.3/vsftpd.conf.5.background 2005-06-30 09:51:51.000000000 +0200
+++ vsftpd-2.0.3/vsftpd.conf.5 2005-06-30 09:58:28.000000000 +0200
@@ -108,7 +108,7 @@
the listener process. i.e. control will immediately be returned to the shell
which launched vsftpd.
-Default: NO
+Default: YES
.TP
.B check_shell
Note! This option only has an effect for non-PAM builds of vsftpd. If disabled,

View File

@ -1,70 +0,0 @@
diff -up vsftpd-2.0.6/standalone.c.fds vsftpd-2.0.6/standalone.c
--- vsftpd-2.0.6/standalone.c.fds 2008-09-08 23:29:23.000000000 -0400
+++ vsftpd-2.0.6/standalone.c 2008-09-08 23:30:16.000000000 -0400
@@ -57,6 +57,7 @@ vsf_standalone_main(void)
vsf_sysutil_close_failok(1);
vsf_sysutil_close_failok(2);
vsf_sysutil_make_session_leader();
+ vsf_sysutil_reopen_standard_fds();
}
if (tunable_listen)
{
diff -up vsftpd-2.0.6/sysutil.c.fds vsftpd-2.0.6/sysutil.c
--- vsftpd-2.0.6/sysutil.c.fds 2008-09-08 23:29:23.000000000 -0400
+++ vsftpd-2.0.6/sysutil.c 2008-09-08 23:32:26.000000000 -0400
@@ -2457,6 +2457,44 @@ vsf_sysutil_make_session_leader(void)
}
void
+vsf_sysutil_reopen_standard_fds(void)
+{
+ /* This reopens STDIN, STDOUT and STDERR to /dev/null */
+
+ int fd;
+
+ if ( (fd = open("/dev/null", O_RDWR, 0)) == -1 )
+ {
+ goto error;
+ }
+
+ if ( dup2(fd, STDIN_FILENO) == -1 )
+ {
+ goto error;
+ }
+
+ if ( dup2(fd, STDOUT_FILENO) == -1 )
+ {
+ goto error;
+ }
+
+ if ( dup2(fd, STDERR_FILENO) == -1 )
+ {
+ goto error;
+ }
+
+ if ( fd > 2 )
+ {
+ (void) close(fd);
+ }
+
+ return;
+
+error:
+ die("reopening standard file descriptors to /dev/null failed");
+}
+
+void
vsf_sysutil_tzset(void)
{
int retval;
diff -up vsftpd-2.0.6/sysutil.h.fds vsftpd-2.0.6/sysutil.h
--- vsftpd-2.0.6/sysutil.h.fds 2008-02-01 20:30:39.000000000 -0500
+++ vsftpd-2.0.6/sysutil.h 2008-09-08 23:29:24.000000000 -0400
@@ -293,6 +293,7 @@ unsigned char vsf_sysutil_get_random_byt
unsigned int vsf_sysutil_get_umask(void);
void vsf_sysutil_set_umask(unsigned int umask);
void vsf_sysutil_make_session_leader(void);
+void vsf_sysutil_reopen_standard_fds(void);
void vsf_sysutil_tzset(void);
const char* vsf_sysutil_get_current_date(void);
void vsf_sysutil_qsort(void* p_base, unsigned int num_elem,

View File

@ -1,37 +0,0 @@
--- vsftpd-2.0.3/sysdeputil.c.old 2004-09-14 03:18:54.000000000 +0200
+++ vsftpd-2.0.3/sysdeputil.c 2005-09-09 12:09:10.000000000 +0200
@@ -16,6 +17,9 @@
#include "tunables.h"
#include "builddefs.h"
+/* For gethostbyaddr, inet_addr */
+#include <netdb.h>
+
/* For Linux, this adds nothing :-) */
#include "port/porting_junk.h"
@@ -284,6 +288,10 @@
const struct mystr* p_remote_host)
{
int retval;
+#ifdef PAM_RHOST
+ struct sockaddr_in sin;
+ struct hostent *host;
+#endif
struct pam_conv the_conv =
{
&pam_conv_func,
@@ -302,7 +310,12 @@
return 0;
}
#ifdef PAM_RHOST
- retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
+ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
+ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
+ if (host != (struct hostent*)0)
+ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
+ else
+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
if (retval != PAM_SUCCESS)
{
(void) pam_end(s_pamh, 0);

View File

@ -1,16 +0,0 @@
--- vsftpd-2.0.5/vsftpd.conf.old 2006-08-01 13:56:18.000000000 +0200
+++ vsftpd-2.0.5/vsftpd.conf 2006-08-01 13:59:15.000000000 +0200
@@ -103,7 +103,11 @@
pam_service_name=vsftpd
userlist_enable=YES
-#enable for standalone mode
+# When enabled, vsftpd runs in standalone mode, but listen only to IPv6 sockets.
+# This directive cannot be used in conjunction with the listen directive.
+# Make sure, that one of listen options are commited
+# enable for standalone mode
listen=YES
-listen_ipv6=YES
+#listen_ipv6=YES
+
tcp_wrappers=YES

View File

@ -1,39 +0,0 @@
diff -up vsftpd-2.0.7/postlogin.c.bind_denied vsftpd-2.0.7/postlogin.c
--- vsftpd-2.0.7/postlogin.c.bind_denied 2008-07-29 21:51:09.000000000 -0400
+++ vsftpd-2.0.7/postlogin.c 2008-09-08 23:39:28.000000000 -0400
@@ -574,7 +574,8 @@ handle_pasv(struct vsf_session* p_sess,
break;
}
}
- if (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE)
+ if ( (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE) ||
+ (vsf_sysutil_get_error() == kVSFSysUtilErrEACCES) )
{
continue;
}
diff -up vsftpd-2.0.7/sysutil.c.bind_denied vsftpd-2.0.7/sysutil.c
--- vsftpd-2.0.7/sysutil.c.bind_denied 2008-09-08 23:38:10.000000000 -0400
+++ vsftpd-2.0.7/sysutil.c 2008-09-08 23:38:10.000000000 -0400
@@ -1561,6 +1561,9 @@ vsf_sysutil_get_error(void)
case EOPNOTSUPP:
retval = kVSFSysUtilErrOPNOTSUPP;
break;
+ case EACCES:
+ retval = kVSFSysUtilErrEACCES;
+ break;
}
return retval;
}
diff -up vsftpd-2.0.7/sysutil.h.bind_denied vsftpd-2.0.7/sysutil.h
--- vsftpd-2.0.7/sysutil.h.bind_denied 2008-09-08 23:38:10.000000000 -0400
+++ vsftpd-2.0.7/sysutil.h 2008-09-08 23:38:10.000000000 -0400
@@ -16,7 +16,8 @@ enum EVSFSysUtilError
kVSFSysUtilErrNOSYS,
kVSFSysUtilErrINTR,
kVSFSysUtilErrINVAL,
- kVSFSysUtilErrOPNOTSUPP
+ kVSFSysUtilErrOPNOTSUPP,
+ kVSFSysUtilErrEACCES
};
enum EVSFSysUtilError vsf_sysutil_get_error(void);

View File

@ -1,37 +0,0 @@
--- vsftpd-2.0.5/vsftpd.conf.comments 2007-07-10 16:12:51.000000000 +0200
+++ vsftpd-2.0.5/vsftpd.conf 2007-07-10 16:15:18.000000000 +0200
@@ -50,7 +50,8 @@
# below.
#xferlog_file=/var/log/vsftpd.log
#
-# If you want, you can have your log file in standard ftpd xferlog format
+# If you want, you can have your log file in standard ftpd xferlog format.
+# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
@@ -100,14 +101,17 @@
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
-
-pam_service_name=vsftpd
-userlist_enable=YES
-# When enabled, vsftpd runs in standalone mode, but listen only to IPv6 sockets.
-# This directive cannot be used in conjunction with the listen directive.
-# Make sure, that one of listen options are commited
-# enable for standalone mode
+#
+# When "listen" directive is enabled, vsftpd runs in standalone mode and
+# listens on IPv4 sockets. This directive cannot be used in conjunction
+# with the listen_ipv6 directive.
listen=YES
+#
+# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
+# sockets, you must run two copies of vsftpd whith two configuration files.
+# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
+pam_service_name=vsftpd
+userlist_enable=YES
tcp_wrappers=YES

View File

@ -1,8 +0,0 @@
--- vsftpd-2.0.5/vsftpd.conf.ipv6 2006-07-12 15:34:13.000000000 +0200
+++ vsftpd-2.0.5/vsftpd.conf 2006-07-17 11:16:10.000000000 +0200
@@ -105,4 +105,5 @@
userlist_enable=YES
#enable for standalone mode
listen=YES
+listen_ipv6=YES
tcp_wrappers=YES

View File

@ -1,16 +0,0 @@
diff -up vsftpd-2.0.5/postlogin.c.fix_unique vsftpd-2.0.5/postlogin.c
--- vsftpd-2.0.5/postlogin.c.fix_unique 2007-11-30 11:16:10.000000000 +0100
+++ vsftpd-2.0.5/postlogin.c 2007-11-30 11:23:57.000000000 +0100
@@ -1701,6 +1701,12 @@ get_unique_filename(struct mystr* p_outs
static struct vsf_sysutil_statbuf* s_p_statbuf;
unsigned int suffix = 1;
int retval;
+ retval = str_stat(p_base_str, &s_p_statbuf);
+ if (vsf_sysutil_retval_is_error(retval))
+ {
+ str_copy(p_outstr, p_base_str);
+ return;
+ }
while (1)
{
str_copy(p_outstr, p_base_str);

View File

@ -1,65 +0,0 @@
--- vsftpd-2.0.5/vsftpd.conf.5.old 2006-08-22 10:53:57.000000000 +0200
+++ vsftpd-2.0.5/vsftpd.conf.5 2006-08-22 10:57:24.000000000 +0200
@@ -138,7 +138,7 @@
different if chroot_local_user is set to YES. In this case, the list becomes
a list of users which are NOT to be placed in a chroot() jail.
By default, the file containing this list is
-/etc/vsftpd.chroot_list, but you may override this with the
+/etc/vsftpd/chroot_list, but you may override this with the
.BR chroot_list_file
setting.
@@ -166,7 +166,7 @@
.B deny_email_enable
If activated, you may provide a list of anonymous password e-mail responses
which cause login to be denied. By default, the file containing this list is
-/etc/vsftpd.banned_emails, but you may override this with the
+/etc/vsftpd/banned_emails, but you may override this with the
.BR banned_email_file
setting.
@@ -396,7 +396,7 @@
file specified by the
.BR email_password_file
setting. The file format is one password per line, no extra whitespace. The
-default filename is /etc/vsftpd.email_passwords.
+default filename is /etc/vsftpd/email_passwords.
Default: NO
.TP
@@ -691,7 +691,7 @@
.BR deny_email_enable
is enabled.
-Default: /etc/vsftpd.banned_emails
+Default: /etc/vsftpd/banned_emails
.TP
.B banner_file
This option is the name of a file containing text to display when someone
@@ -720,7 +720,7 @@
is enabled, then the list file becomes a list of users to NOT place in a
chroot() jail.
-Default: /etc/vsftpd.chroot_list
+Default: /etc/vsftpd/chroot_list
.TP
.B cmds_allowed
This options specifies a comma separated list of allowed FTP commands (post
@@ -772,7 +772,7 @@
.BR secure_email_list_enable
setting.
-Default: /etc/vsftpd.email_passwords
+Default: /etc/vsftpd/email_passwords
.TP
.B ftp_username
This is the name of the user we use for handling anonymous FTP. The home
@@ -934,7 +934,7 @@
.BR userlist_enable
option is active.
-Default: /etc/vsftpd.user_list
+Default: /etc/vsftpd/user_list
.TP
.B vsftpd_log_file
This option is the name of the file to which we write the vsftpd style

View File

@ -1,81 +0,0 @@
diff -up vsftpd-2.0.5/sysdeputil.c.pam_end vsftpd-2.0.5/sysdeputil.c
--- vsftpd-2.0.5/sysdeputil.c.pam_end 2007-11-02 15:53:20.000000000 +0100
+++ vsftpd-2.0.5/sysdeputil.c 2007-11-08 13:49:44.000000000 +0100
@@ -320,7 +320,7 @@ vsf_sysdep_check_auth(const struct mystr
retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
if (retval != PAM_SUCCESS)
{
- (void) pam_end(s_pamh, 0);
+ (void) pam_end(s_pamh, retval);
s_pamh = 0;
return 0;
}
@@ -329,7 +329,7 @@ vsf_sysdep_check_auth(const struct mystr
retval = pam_set_item(s_pamh, PAM_TTY, "ftp");
if (retval != PAM_SUCCESS)
{
- (void) pam_end(s_pamh, 0);
+ (void) pam_end(s_pamh, retval);
s_pamh = 0;
return 0;
}
@@ -338,7 +338,7 @@ vsf_sysdep_check_auth(const struct mystr
retval = pam_set_item(s_pamh, PAM_RUSER, str_getbuf(p_user_str));
if (retval != PAM_SUCCESS)
{
- (void) pam_end(s_pamh, 0);
+ (void) pam_end(s_pamh, retval);
s_pamh = 0;
return 0;
}
@@ -346,28 +346,28 @@ vsf_sysdep_check_auth(const struct mystr
retval = pam_authenticate(s_pamh, 0);
if (retval != PAM_SUCCESS)
{
- (void) pam_end(s_pamh, 0);
+ (void) pam_end(s_pamh, retval);
s_pamh = 0;
return 0;
}
retval = pam_acct_mgmt(s_pamh, 0);
if (retval != PAM_SUCCESS)
{
- (void) pam_end(s_pamh, 0);
+ (void) pam_end(s_pamh, retval);
s_pamh = 0;
return 0;
}
retval = pam_setcred(s_pamh, PAM_ESTABLISH_CRED);
if (retval != PAM_SUCCESS)
{
- (void) pam_end(s_pamh, 0);
+ (void) pam_end(s_pamh, retval);
s_pamh = 0;
return 0;
}
if (!tunable_session_support)
{
/* You're in already! */
- (void) pam_end(s_pamh, 0);
+ (void) pam_end(s_pamh, retval);
s_pamh = 0;
return 1;
}
@@ -378,7 +378,7 @@ vsf_sysdep_check_auth(const struct mystr
{
vsf_remove_uwtmp();
(void) pam_setcred(s_pamh, PAM_DELETE_CRED);
- (void) pam_end(s_pamh, 0);
+ (void) pam_end(s_pamh, retval);
s_pamh = 0;
return 0;
}
@@ -399,7 +399,7 @@ vsf_auth_shutdown(void)
}
(void) pam_close_session(s_pamh, 0);
(void) pam_setcred(s_pamh, PAM_DELETE_CRED);
- (void) pam_end(s_pamh, 0);
+ (void) pam_end(s_pamh, PAM_SUCCESS);
s_pamh = 0;
vsf_remove_uwtmp();
}

View File

@ -1,11 +0,0 @@
--- vsftpd-2.0.5/postlogin.c.old 2007-06-29 11:32:01.000000000 +0200
+++ vsftpd-2.0.5/postlogin.c 2007-06-29 11:32:13.000000000 +0200
@@ -607,7 +607,7 @@
str_append_ulong(&s_pasv_res_str, the_port >> 8);
str_append_text(&s_pasv_res_str, ",");
str_append_ulong(&s_pasv_res_str, the_port & 255);
- str_append_text(&s_pasv_res_str, ")");
+ str_append_text(&s_pasv_res_str, ").");
vsf_cmdio_write_str(p_sess, FTP_PASVOK, &s_pasv_res_str);
}

View File

@ -1,11 +0,0 @@
--- vsftpd-2.0.5/defs.h.uname_size 2007-04-13 15:15:54.000000000 +1000
+++ vsftpd-2.0.5/defs.h 2007-04-13 15:19:14.000000000 +1000
@@ -6,7 +6,7 @@
#define VSFTP_COMMAND_FD 0
#define VSFTP_PASSWORD_MAX 128
-#define VSFTP_USERNAME_MAX 32
+#define VSFTP_USERNAME_MAX 128
#define VSFTP_MAX_COMMAND_LINE 4096
#define VSFTP_DATA_BUFSIZE 65536
#define VSFTP_DIR_BUFSIZE 16384

View File

@ -1,12 +0,0 @@
diff -up vsftpd-2.0.5/sysutil.c.underscore_uname vsftpd-2.0.5/sysutil.c
--- vsftpd-2.0.5/sysutil.c.underscore_uname 2007-11-30 13:14:50.000000000 +0100
+++ vsftpd-2.0.5/sysutil.c 2007-11-30 13:12:25.000000000 +0100
@@ -905,7 +905,7 @@ vsf_sysutil_isprint(int the_char)
int
vsf_sysutil_isalnum(int the_char)
{
- return isalnum(the_char);
+ return isalnum(the_char) || the_char == '_' || the_char == '.';
}
int

View File

@ -1,68 +0,0 @@
diff -up vsftpd-2.0.7/postlogin.c.write_race vsftpd-2.0.7/postlogin.c
--- vsftpd-2.0.7/postlogin.c.write_race 2008-09-08 23:39:58.000000000 -0400
+++ vsftpd-2.0.7/postlogin.c 2008-09-08 23:47:27.000000000 -0400
@@ -982,6 +982,7 @@ handle_upload_common(struct vsf_session*
struct vsf_transfer_ret trans_ret;
int new_file_fd;
int remote_fd;
+ int truncit = 0;
int success = 0;
int created = 0;
filesize_t offset = p_sess->restart_pos;
@@ -1018,7 +1019,15 @@ handle_upload_common(struct vsf_session*
/* For non-anonymous, allow open() to overwrite or append existing files */
if (!is_append && offset == 0)
{
- new_file_fd = str_create_overwrite(p_filename);
+ if (tunable_lock_upload_files)
+ {
+ new_file_fd = str_create_append(p_filename);
+ truncit = 1;
+ }
+ else
+ {
+ new_file_fd = str_create_overwrite(p_filename);
+ }
}
else
{
@@ -1056,6 +1065,11 @@ handle_upload_common(struct vsf_session*
if (tunable_lock_upload_files)
{
vsf_sysutil_lock_file_write(new_file_fd);
+ if (truncit)
+ {
+ vsf_sysutil_truncate(new_file_fd, 0);
+ vsf_sysutil_lseek_to(new_file_fd, 0);
+ }
}
if (!is_append && offset != 0)
{
diff -up vsftpd-2.0.7/sysutil.c.write_race vsftpd-2.0.7/sysutil.c
--- vsftpd-2.0.7/sysutil.c.write_race 2008-09-08 23:39:58.000000000 -0400
+++ vsftpd-2.0.7/sysutil.c 2008-09-08 23:39:58.000000000 -0400
@@ -1200,6 +1200,12 @@ vsf_sysutil_close_failok(int fd)
}
int
+vsf_sysutil_truncate(int fd, filesize_t length)
+{
+ return ftruncate(fd, length);
+}
+
+int
vsf_sysutil_unlink(const char* p_dead)
{
return unlink(p_dead);
diff -up vsftpd-2.0.7/sysutil.h.write_race vsftpd-2.0.7/sysutil.h
--- vsftpd-2.0.7/sysutil.h.write_race 2008-09-08 23:39:58.000000000 -0400
+++ vsftpd-2.0.7/sysutil.h 2008-09-08 23:39:58.000000000 -0400
@@ -91,6 +91,8 @@ void vsf_sysutil_close(int fd);
int vsf_sysutil_close_failok(int fd);
int vsf_sysutil_unlink(const char* p_dead);
int vsf_sysutil_write_access(const char* p_filename);
+/* Trucate after open */
+int vsf_sysutil_truncate(int fd, filesize_t length);
/* Reading and writing */
void vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos);

View File

@ -1,24 +0,0 @@
diff -up vsftpd-2.0.6/tunables.c.listen vsftpd-2.0.6/tunables.c
--- vsftpd-2.0.6/tunables.c.listen 2008-03-31 22:28:07.000000000 +0200
+++ vsftpd-2.0.6/tunables.c 2008-03-31 22:28:25.000000000 +0200
@@ -39,7 +39,7 @@ int tunable_userlist_deny = 1;
int tunable_use_localtime = 0;
int tunable_check_shell = 1;
int tunable_hide_ids = 0;
-int tunable_listen = 0;
+int tunable_listen = 1;
int tunable_port_promiscuous = 0;
int tunable_passwd_chroot_enable = 0;
int tunable_no_anon_password = 0;
diff -up vsftpd-2.0.6/vsftpd.conf.5.listen vsftpd-2.0.6/vsftpd.conf.5
--- vsftpd-2.0.6/vsftpd.conf.5.listen 2008-03-31 22:38:00.000000000 +0200
+++ vsftpd-2.0.6/vsftpd.conf.5 2008-03-31 22:38:24.000000000 +0200
@@ -265,7 +265,7 @@ not be run from an inetd of some kind. I
run once directly. vsftpd itself will then take care of listening for and
handling incoming connections.
-Default: NO
+Default: YES
.TP
.B listen_ipv6
Like the listen parameter, except vsftpd will listen on an IPv6 socket instead

View File

@ -0,0 +1,12 @@
diff -up vsftpd-2.1.0/builddefs.h.build_ssl vsftpd-2.1.0/builddefs.h
--- vsftpd-2.1.0/builddefs.h.build_ssl 2009-01-08 18:49:33.000000000 +0100
+++ vsftpd-2.1.0/builddefs.h 2009-01-08 18:49:41.000000000 +0100
@@ -3,7 +3,7 @@
#undef VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
-#undef VSF_BUILD_SSL
+#define VSF_BUILD_SSL
#endif /* VSF_BUILDDEFS_H */

View File

@ -0,0 +1,395 @@
diff -up vsftpd-2.1.0/defs.h.configuration vsftpd-2.1.0/defs.h
--- vsftpd-2.1.0/defs.h.configuration 2009-01-08 18:01:13.000000000 +0100
+++ vsftpd-2.1.0/defs.h 2009-01-08 18:01:23.000000000 +0100
@@ -1,7 +1,7 @@
#ifndef VSF_DEFS_H
#define VSF_DEFS_H
-#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd.conf"
+#define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf"
#define VSFTP_COMMAND_FD 0
diff -up vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README
--- vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README.configuration 2009-01-08 18:17:07.000000000 +0100
+++ vsftpd-2.1.0/EXAMPLE/INTERNET_SITE_NOINETD/README 2009-01-08 18:15:07.000000000 +0100
@@ -17,7 +17,7 @@ even per-connect-IP configurability.
To use this example config:
-1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf.
+1) Copy the vsftpd.conf file in this directory to /etc/vsftpd/vsftpd.conf.
2) Start up vsftpd, e.g.
vsftpd &
@@ -51,5 +51,5 @@ in the vsftpd.conf:
listen_address=192.168.1.2
And launch vsftpd with a specific config file like this:
-vsftpd /etc/vsftpd.conf.site1 &
+vsftpd /etc/vsftpd/vsftpd.conf.site1 &
diff -up vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README.configuration vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README
--- vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README.configuration 2009-01-08 18:15:29.000000000 +0100
+++ vsftpd-2.1.0/EXAMPLE/INTERNET_SITE/README 2009-01-08 18:16:13.000000000 +0100
@@ -41,13 +41,13 @@ no_access = 192.168.1.3
As an example of how to ban certain sites from connecting, 192.168.1.3 will
be denied access.
-banner_fail = /etc/vsftpd.busy_banner
+banner_fail = /etc/vsftpd/busy_banner
This is the file to display to users if the connection is refused for whatever
reason (too many users, IP banned).
Example of how to populate it:
-echo "421 Server busy, please try later." > /etc/vsftpd.busy_banner
+echo "421 Server busy, please try later." > /etc/vsftpd/busy_banner
log_on_success += PID HOST DURATION
log_on_failure += HOST
@@ -62,7 +62,7 @@ Step 2) Set up your vsftpd configuration
An example file is supplied. Install it like this:
-cp vsftpd.conf /etc
+cp vsftpd.conf /etc/vsftpd
Let's example the contents of the file:
diff -up vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README.configuration vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README
--- vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README.configuration 2009-01-08 18:19:14.000000000 +0100
+++ vsftpd-2.1.0/EXAMPLE/PER_IP_CONFIG/README 2009-01-08 18:19:35.000000000 +0100
@@ -20,12 +20,12 @@ directory: hosts.allow. It lives at /etc
Let's have a look at the example:
-vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
+vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/tcp_wrap.conf
vsftpd: 192.168.1.4: DENY
The first line:
If a client connects from 192.168.1.3, then vsftpd will apply the vsftpd
-config file /etc/vsftpd_tcp_wrap.conf to the session! These settings are
+config file /etc/vsftpd/tcp_wrap.conf to the session! These settings are
applied ON TOP of the default vsftpd.conf.
This is obviously very powerful. You might use this to apply different
access restrictions for some IPs (e.g. the ability to upload).
diff -up vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README.configuration vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README
--- vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README.configuration 2009-01-08 18:18:04.000000000 +0100
+++ vsftpd-2.1.0/EXAMPLE/VIRTUAL_USERS/README 2009-01-08 18:18:53.000000000 +0100
@@ -15,7 +15,7 @@ See example file "logins.txt" - this spe
"fred" with password "bar".
Whilst logged in as root, create the actual database file like this:
-db_load -T -t hash -f logins.txt /etc/vsftpd_login.db
+db_load -T -t hash -f logins.txt /etc/vsftpd/login.db
(Requires the Berkeley db program installed).
NOTE: Many systems have multiple versions of "db" installed, so you may
need to use e.g. db3_load for correct operation. This is known to affect
@@ -23,10 +23,10 @@ some Debian systems. The core issue is t
database to be a specific db version (often db3, whereas db4 may be installed
on your system).
-This will create /etc/vsftpd_login.db. Obviously, you may want to make sure
+This will create /etc/vsftpd/login.db. Obviously, you may want to make sure
the permissions are restricted:
-chmod 600 /etc/vsftpd_login.db
+chmod 600 /etc/vsftpd/login.db
For more information on maintaing your login database, look around for
documentation on "Berkeley DB", e.g.
@@ -37,8 +37,8 @@ Step 2) Create a PAM file which uses you
See the example file vsftpd.pam. It contains two lines:
-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
+auth required /lib/security/pam_userdb.so db=/etc/vsftpd/login
+account required /lib/security/pam_userdb.so db=/etc/vsftpd/login
This tells PAM to authenticate users using our new database. Copy this PAM
file to the PAM directory - typically /etc/pam.d/
@@ -108,9 +108,9 @@ pasv_max_port=30999
These put a port range on passive FTP incoming requests - very useful if
you are configuring a firewall.
-Copy the example vsftpd.conf file to /etc:
+Copy the example vsftpd.conf file to /etc/vsftpd:
-cp vsftpd.conf /etc/
+cp vsftpd.conf /etc/vsftpd/
Step 5) Start up vsftpd.
diff -up vsftpd-2.1.0/FAQ.configuration vsftpd-2.1.0/FAQ
--- vsftpd-2.1.0/FAQ.configuration 2009-01-08 17:58:39.000000000 +0100
+++ vsftpd-2.1.0/FAQ 2009-01-08 18:01:04.000000000 +0100
@@ -34,7 +34,7 @@ needs this user to run bits of itself wi
Q) Help! Local users cannot log in.
A) There are various possible problems.
A1) By default, vsftpd disables any logins other than anonymous logins. Put
-local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.
+local_enable=YES in your /etc/vsftpd/vsftpd.conf to allow local users to log in.
A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to
find out whether this has happened or not). If vsftpd links with PAM, then
you will need to have a PAM file installed for the vsftpd service. There is
@@ -46,12 +46,12 @@ system have a "shadow.h" file in the inc
A4) If you are not using PAM, then vsftpd will do its own check for a valid
user shell in /etc/shells. You may need to disable this if you use an invalid
shell to disable logins other than FTP logins. Put check_shell=NO in your
-/etc/vsftpd.conf.
+/etc/vsftpd/vsftpd.conf.
Q) Help! Uploads or other write commands give me "500 Unknown command.".
A) By default, write commands, including uploads and new directories, are
disabled. This is a security measure. To enable writes, put write_enable=YES
-in your /etc/vsftpd.conf.
+in your /etc/vsftpd/vsftpd.conf.
Q) Help! What are the security implications referred to in the
"chroot_local_user" option?
@@ -87,7 +87,7 @@ A2) Alternatively, run as many copies as
mode. Use "listen_address=x.x.x.x" to set the virtual IP.
Q) Help! Does vsftpd support virtual users?
-A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This
+A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd/vsftpd.conf. This
has the effect of mapping every non-anonymous successful login to the local
username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb
module to provide authentication against an external (i.e. non-/etc/passwd)
diff -up vsftpd-2.1.0/INSTALL.configuration vsftpd-2.1.0/INSTALL
--- vsftpd-2.1.0/INSTALL.configuration 2009-01-08 18:01:36.000000000 +0100
+++ vsftpd-2.1.0/INSTALL 2009-01-08 18:03:30.000000000 +0100
@@ -56,14 +56,14 @@ cp vsftpd.8 /usr/local/man/man8
"make install" doesn't copy the sample config file. It is recommended you
do this:
-cp vsftpd.conf /etc
+cp vsftpd.conf /etc/vsftpd
Step 4) Smoke test (without an inetd).
vsftpd can run standalone or via an inetd (such as inetd or xinetd). You will
typically get more control running vsftpd from an inetd. But first we will run
it without, so we can check things are going well so far.
-Edit /etc/vsftpd.conf, and add this line at the bottom:
+Edit /etc/vsftpd/vsftpd.conf, and add this line at the bottom:
listen=YES
@@ -135,11 +135,11 @@ cp RedHat/vsftpd.pam /etc/pam.d/ftp
Step 7) Customize your configuration
As well as the above three pre-requisites, you are recommended to install a
-config file. The default location for the config file is /etc/vsftpd.conf.
+config file. The default location for the config file is /etc/vsftpd/vsftpd.conf.
There is a sample vsftpd.conf in the distribution tarball. You probably want
-to copy that to /etc/vsftpd.conf as a basis for modification, i.e.:
+to copy that to /etc/vsftpd/vsftpd.conf as a basis for modification, i.e.:
-cp vsftpd.conf /etc
+cp vsftpd.conf /etc/vsftpd
The default configuration allows neither local user logins nor anonymous
uploads. You may wish to change these defaults.
diff -up vsftpd-2.1.0/README.configuration vsftpd-2.1.0/README
--- vsftpd-2.1.0/README.configuration 2009-01-08 18:13:37.000000000 +0100
+++ vsftpd-2.1.0/README 2009-01-08 18:14:21.000000000 +0100
@@ -37,3 +37,8 @@ All configuration options are documented
Various example configurations are discussed in the EXAMPLE directory.
Frequently asked questions are tackled in the FAQ file.
+Important Note
+==============
+The location of configuration files was changed to /etc/vsftpd/. If you want
+to migrate your old conf files from /etc (files vsftpd.xxxx.rpmsave) use
+/etc/vsfptd/vsftpd_conf_migrate.sh
diff -up vsftpd-2.1.0/tunables.c.configuration vsftpd-2.1.0/tunables.c
--- vsftpd-2.1.0/tunables.c.configuration 2009-01-08 18:20:05.000000000 +0100
+++ vsftpd-2.1.0/tunables.c 2009-01-08 18:22:13.000000000 +0100
@@ -184,7 +184,7 @@ tunables_load_defaults()
tunable_listen_ipv6 = 0;
tunable_dual_log_enable = 0;
tunable_syslog_enable = 0;
- tunable_background = 0;
+ tunable_background = 1;
tunable_virtual_use_local_privs = 0;
tunable_session_support = 0;
tunable_download_enable = 1;
@@ -250,11 +250,11 @@ tunables_load_defaults()
install_str_setting(".message", &tunable_message_file);
install_str_setting("nobody", &tunable_nopriv_user);
install_str_setting(0, &tunable_ftpd_banner);
- install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
- install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
+ install_str_setting("/etc/vsftpd/banned_emails", &tunable_banned_email_file);
+ install_str_setting("/etc/vsftpd/chroot_list", &tunable_chroot_list_file);
install_str_setting("ftp", &tunable_pam_service_name);
install_str_setting("ftp", &tunable_guest_username);
- install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
+ install_str_setting("/etc/vsftpd/user_list", &tunable_userlist_file);
install_str_setting(0, &tunable_anon_root);
install_str_setting(0, &tunable_local_root);
install_str_setting(0, &tunable_banner_file);
@@ -267,7 +267,7 @@ tunables_load_defaults()
install_str_setting(0, &tunable_hide_file);
install_str_setting(0, &tunable_deny_file);
install_str_setting(0, &tunable_user_sub_token);
- install_str_setting("/etc/vsftpd.email_passwords",
+ install_str_setting("/etc/vsftpd/email_passwords",
&tunable_email_password_file);
install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
&tunable_rsa_cert_file);
diff -up vsftpd-2.1.0/vsftpd.8.configuration vsftpd-2.1.0/vsftpd.8
--- vsftpd-2.1.0/vsftpd.8.configuration 2009-01-08 18:03:47.000000000 +0100
+++ vsftpd-2.1.0/vsftpd.8 2009-01-08 18:04:02.000000000 +0100
@@ -21,7 +21,7 @@ itself will listen on the network. This
recommended. It is activated by setting
.Pa listen=YES
in
-.Pa /etc/vsftpd.conf .
+.Pa /etc/vsftpd/vsftpd.conf .
Direct execution of the
.Nm vsftpd
binary will then launch the FTP service ready for immediate client connections.
@@ -30,6 +30,6 @@ An optional
.Op configuration file
may be given on the command line. This file must be owned as root if running as
root. The default configuration file is
-.Pa /etc/vsftpd.conf .
+.Pa /etc/vsftpd/vsftpd.conf .
.Sh SEE ALSO
.Xr vsftpd.conf 5
diff -up vsftpd-2.1.0/vsftpd.conf.5.configuration vsftpd-2.1.0/vsftpd.conf.5
--- vsftpd-2.1.0/vsftpd.conf.5.configuration 2009-01-08 18:04:53.000000000 +0100
+++ vsftpd-2.1.0/vsftpd.conf.5 2009-01-08 18:29:33.000000000 +0100
@@ -4,7 +4,7 @@ vsftpd.conf \- config file for vsftpd
.SH DESCRIPTION
vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By
default, vsftpd looks for this file at the location
-.BR /etc/vsftpd.conf .
+.BR /etc/vsftpd/vsftpd.conf .
However, you may override this by specifying a command line argument to
vsftpd. The command line argument is the pathname of the configuration file
for vsftpd. This behaviour is useful because you may wish to use an advanced
@@ -110,7 +110,7 @@ When enabled, and vsftpd is started in "
the listener process. i.e. control will immediately be returned to the shell
which launched vsftpd.
-Default: NO
+Default: YES
.TP
.B check_shell
Note! This option only has an effect for non-PAM builds of vsftpd. If disabled,
@@ -138,7 +138,7 @@ chroot() jail in their home directory up
different if chroot_local_user is set to YES. In this case, the list becomes
a list of users which are NOT to be placed in a chroot() jail.
By default, the file containing this list is
-/etc/vsftpd.chroot_list, but you may override this with the
+/etc/vsftpd/chroot_list, but you may override this with the
.BR chroot_list_file
setting.
@@ -177,7 +177,7 @@ Default: NO
.B deny_email_enable
If activated, you may provide a list of anonymous password e-mail responses
which cause login to be denied. By default, the file containing this list is
-/etc/vsftpd.banned_emails, but you may override this with the
+/etc/vsftpd/banned_emails, but you may override this with the
.BR banned_email_file
setting.
@@ -430,7 +430,7 @@ anonymous logins are prevented unless th
file specified by the
.BR email_password_file
setting. The file format is one password per line, no extra whitespace. The
-default filename is /etc/vsftpd.email_passwords.
+default filename is /etc/vsftpd/email_passwords.
Default: NO
.TP
@@ -761,7 +761,7 @@ passwords which are not permitted. This
.BR deny_email_enable
is enabled.
-Default: /etc/vsftpd.banned_emails
+Default: /etc/vsftpd/banned_emails
.TP
.B banner_file
This option is the name of a file containing text to display when someone
@@ -798,7 +798,7 @@ is enabled. If the option
is enabled, then the list file becomes a list of users to NOT place in a
chroot() jail.
-Default: /etc/vsftpd.chroot_list
+Default: /etvsftpd.confc/vsftpd.chroot_list
.TP
.B cmds_allowed
This options specifies a comma separated list of allowed FTP commands (post
@@ -859,7 +859,7 @@ This option can be used to provide an al
.BR secure_email_list_enable
setting.
-Default: /etc/vsftpd.email_passwords
+Default: /etc/vsftpd/email_passwords
.TP
.B ftp_username
This is the name of the user we use for handling anonymous FTP. The home
@@ -982,10 +982,10 @@ the manual page, on a per-user basis. Us
with an example. If you set
.BR user_config_dir
to be
-.BR /etc/vsftpd_user_conf
+.BR /etc/vsftpd/user_conf
and then log on as the user "chris", then vsftpd will apply the settings in
the file
-.BR /etc/vsftpd_user_conf/chris
+.BR /etc/vsftpd/user_conf/chris
for the duration of the session. The format of this file is as detailed in
this manual page! PLEASE NOTE that not all settings are effective on a
per-user basis. For example, many settings only prior to the user's session
@@ -1021,7 +1021,7 @@ This option is the name of the file load
.BR userlist_enable
option is active.
-Default: /etc/vsftpd.user_list
+Default: /etc/vsftpd/user_list
.TP
.B vsftpd_log_file
This option is the name of the file to which we write the vsftpd style
diff -up vsftpd-2.1.0/vsftpd.conf.configuration vsftpd-2.1.0/vsftpd.conf
--- vsftpd-2.1.0/vsftpd.conf.configuration 2009-01-08 17:54:33.000000000 +0100
+++ vsftpd-2.1.0/vsftpd.conf 2009-01-08 18:20:55.000000000 +0100
@@ -1,4 +1,4 @@
-# Example config file /etc/vsftpd.conf
+# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
@@ -87,14 +87,14 @@ connect_from_port_20=YES
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
-#banned_email_file=/etc/vsftpd.banned_emails
+#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
-#chroot_list_file=/etc/vsftpd.chroot_list
+#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
@@ -111,3 +111,7 @@ listen=YES
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
+
+pam_service_name=vsftpd
+userlist_enable=YES
+tcp_wrappers=YES

View File

@ -1,6 +1,7 @@
--- vsftpd-2.0.4/ls.c.orig 2005-05-23 23:55:00.000000000 +0200
+++ vsftpd-2.0.4/ls.c 2006-07-11 01:02:21.000000000 +0200
@@ -239,9 +239,31 @@
diff -up vsftpd-2.1.0/ls.c.filter vsftpd-2.1.0/ls.c
--- vsftpd-2.1.0/ls.c.filter 2008-02-02 02:30:41.000000000 +0100
+++ vsftpd-2.1.0/ls.c 2009-01-08 19:31:15.000000000 +0100
@@ -239,9 +239,31 @@ vsf_filename_passes_filter(const struct
int ret = 0;
char last_token = 0;
int must_match_at_current_pos = 1;
@ -34,20 +35,10 @@
while (!str_isempty(&filter_remain_str))
{
static struct mystr s_match_needed_str;
--- vsftpd-2.0.4/str.h.orig 2004-06-04 18:35:00.000000000 +0200
+++ vsftpd-2.0.4/str.h 2006-07-11 00:59:59.000000000 +0200
@@ -96,6 +96,8 @@
int str_contains_space(const struct mystr* p_str);
int str_contains_unprintable(const struct mystr* p_str);
void str_replace_unprintable(struct mystr* p_str, char new_char);
+void str_basename (struct mystr* d_str, const struct mystr* path);
+
int str_atoi(const struct mystr* p_str);
filesize_t str_a_to_filesize_t(const struct mystr* p_str);
unsigned int str_octal_to_uint(const struct mystr* p_str);
--- vsftpd-2.0.4/str.c.orig 2004-07-12 19:58:39.000000000 +0200
+++ vsftpd-2.0.4/str.c 2006-07-11 00:59:59.000000000 +0200
@@ -662,3 +662,14 @@
diff -up vsftpd-2.1.0/str.c.filter vsftpd-2.1.0/str.c
--- vsftpd-2.1.0/str.c.filter 2008-12-17 06:54:16.000000000 +0100
+++ vsftpd-2.1.0/str.c 2009-01-08 19:31:15.000000000 +0100
@@ -680,3 +680,14 @@ str_replace_unprintable(struct mystr* p_
}
}
@ -62,3 +53,14 @@
+ if (str_isempty(d_str))
+ str_copy (d_str, path);
+}
diff -up vsftpd-2.1.0/str.h.filter vsftpd-2.1.0/str.h
--- vsftpd-2.1.0/str.h.filter 2008-12-17 06:53:23.000000000 +0100
+++ vsftpd-2.1.0/str.h 2009-01-08 19:32:14.000000000 +0100
@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst
int str_atoi(const struct mystr* p_str);
filesize_t str_a_to_filesize_t(const struct mystr* p_str);
unsigned int str_octal_to_uint(const struct mystr* p_str);
+void str_basename (struct mystr* d_str, const struct mystr* path);
/* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
* buffer, starting at character position 'p_pos'. The extracted line will

View File

@ -1,11 +1,11 @@
--- vsftpd-1.2.1/Makefile.rh1 2003-11-25 15:58:11.000000000 +0100
+++ vsftpd-1.2.1/Makefile 2003-11-25 15:58:33.000000000 +0100
@@ -5,7 +5,8 @@
diff -up vsftpd-2.1.0/Makefile.libs vsftpd-2.1.0/Makefile
--- vsftpd-2.1.0/Makefile.libs 2009-01-08 18:55:39.000000000 +0100
+++ vsftpd-2.1.0/Makefile 2009-01-08 18:55:57.000000000 +0100
@@ -5,7 +5,7 @@ IFLAGS = -idirafter dummyinc
#CFLAGS = -g
CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion
-LIBS = `./vsf_findlibs.sh`
+#LIBS = `./vsf_findlibs.sh`
+LIBS = -lwrap -lnsl -lpam -lcap -ldl
LINK = -Wl,-s

View File

@ -0,0 +1,57 @@
diff -up vsftpd-2.1.0/sysdeputil.c.pam_hostname vsftpd-2.1.0/sysdeputil.c
--- vsftpd-2.1.0/sysdeputil.c.pam_hostname 2008-12-17 22:40:56.000000000 +0100
+++ vsftpd-2.1.0/sysdeputil.c 2009-01-15 15:38:14.000000000 +0100
@@ -16,6 +16,10 @@
#include "tunables.h"
#include "builddefs.h"
+/* For gethostbyaddr, inet_addr */
+#include <netdb.h>
+#include <arpa/inet.h>
+
/* For Linux, this adds nothing :-) */
#include "port/porting_junk.h"
@@ -296,6 +300,10 @@ vsf_sysdep_check_auth(const struct mystr
const struct mystr* p_remote_host)
{
int retval;
+#ifdef PAM_RHOST
+ struct sockaddr_in sin;
+ struct hostent *host;
+#endif
struct pam_conv the_conv =
{
&pam_conv_func,
@@ -314,7 +322,12 @@ vsf_sysdep_check_auth(const struct mystr
return 0;
}
#ifdef PAM_RHOST
- retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
+ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
+ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
+ if (host != (struct hostent*)0)
+ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
+ else
+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
if (retval != PAM_SUCCESS)
{
(void) pam_end(s_pamh, retval);
@@ -516,7 +529,7 @@ vsf_sysdep_has_capabilities(void)
}
return s_runtime_has_caps;
}
-
+
#ifndef VSF_SYSDEP_HAVE_LIBCAP
static int
do_checkcap(void)
@@ -1038,7 +1051,7 @@ vsf_sysutil_recv_fd(const int sock_fd)
msg.msg_flags = 0;
/* In case something goes wrong, set the fd to -1 before the syscall */
p_fd = (int*)CMSG_DATA(CMSG_FIRSTHDR(&msg));
- *p_fd = -1;
+ *p_fd = -1;
retval = recvmsg(sock_fd, &msg, 0);
if (retval != 1)
{

View File

@ -0,0 +1,12 @@
diff -up vsftpd-2.1.0/builddefs.h.tcp_wrappers vsftpd-2.1.0/builddefs.h
--- vsftpd-2.1.0/builddefs.h.tcp_wrappers 2009-01-08 18:52:46.000000000 +0100
+++ vsftpd-2.1.0/builddefs.h 2009-01-08 18:52:56.000000000 +0100
@@ -1,7 +1,7 @@
#ifndef VSF_BUILDDEFS_H
#define VSF_BUILDDEFS_H
-#undef VSF_BUILD_TCPWRAPPERS
+#define VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
#define VSF_BUILD_SSL

View File

@ -1,18 +1,44 @@
diff -up vsftpd-2.0.6/tunables.c.userlist_log vsftpd-2.0.6/tunables.c
--- vsftpd-2.0.6/tunables.c.userlist_log 2008-02-22 12:49:36.000000000 +0100
+++ vsftpd-2.0.6/tunables.c 2008-02-22 12:56:49.000000000 +0100
@@ -71,6 +71,7 @@ int tunable_force_anon_data_ssl = 0;
int tunable_mdtm_write = 1;
int tunable_lock_upload_files = 1;
int tunable_pasv_addr_resolve = 0;
+int tunable_userlist_log = 0;
int tunable_debug_ssl = 0;
int tunable_require_cert = 0;
int tunable_validate_cert = 0;
diff -up vsftpd-2.0.6/parseconf.c.userlist_log vsftpd-2.0.6/parseconf.c
--- vsftpd-2.0.6/parseconf.c.userlist_log 2008-02-22 12:49:36.000000000 +0100
+++ vsftpd-2.0.6/parseconf.c 2008-02-22 12:58:19.000000000 +0100
@@ -100,6 +100,7 @@ parseconf_bool_array[] =
diff -up vsftpd-2.1.0/logging.c.userlist_log vsftpd-2.1.0/logging.c
--- vsftpd-2.1.0/logging.c.userlist_log 2008-12-17 20:56:45.000000000 +0100
+++ vsftpd-2.1.0/logging.c 2009-01-08 19:33:29.000000000 +0100
@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess,
vsf_log_common(p_sess, 1, what, p_str);
}
+void
+vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
+ struct mystr* p_str)
+{
+ vsf_log_common(p_sess, 0, what, p_str);
+}
+
int
vsf_log_entry_pending(struct vsf_session* p_sess)
{
diff -up vsftpd-2.1.0/logging.h.userlist_log vsftpd-2.1.0/logging.h
--- vsftpd-2.1.0/logging.h.userlist_log 2008-07-30 03:29:21.000000000 +0200
+++ vsftpd-2.1.0/logging.h 2009-01-08 19:33:29.000000000 +0100
@@ -80,5 +80,16 @@ void vsf_log_do_log(struct vsf_session*
void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
struct mystr* p_str);
+/* vsf_log_failed_line()
+ * PURPOSE
+ * Same as vsf_log_line(), except that it logs the line as failed operation.
+ * PARAMETERS
+ * p_sess - the current session object
+ * what - the type of operation to log
+ * p_str - the string to log
+ */
+void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
+ struct mystr* p_str);
+
#endif /* VSF_LOGGING_H */
diff -up vsftpd-2.1.0/parseconf.c.userlist_log vsftpd-2.1.0/parseconf.c
--- vsftpd-2.1.0/parseconf.c.userlist_log 2008-12-18 07:21:41.000000000 +0100
+++ vsftpd-2.1.0/parseconf.c 2009-01-08 19:33:29.000000000 +0100
@@ -96,6 +96,7 @@ parseconf_bool_array[] =
{ "mdtm_write", &tunable_mdtm_write },
{ "lock_upload_files", &tunable_lock_upload_files },
{ "pasv_addr_resolve", &tunable_pasv_addr_resolve },
@ -20,10 +46,10 @@ diff -up vsftpd-2.0.6/parseconf.c.userlist_log vsftpd-2.0.6/parseconf.c
{ "debug_ssl", &tunable_debug_ssl },
{ "require_cert", &tunable_require_cert },
{ "validate_cert", &tunable_validate_cert },
diff -up vsftpd-2.0.6/prelogin.c.userlist_log vsftpd-2.0.6/prelogin.c
--- vsftpd-2.0.6/prelogin.c.userlist_log 2008-02-12 04:57:07.000000000 +0100
+++ vsftpd-2.0.6/prelogin.c 2008-02-22 12:49:36.000000000 +0100
@@ -194,6 +194,20 @@ handle_user_command(struct vsf_session*
diff -up vsftpd-2.1.0/prelogin.c.userlist_log vsftpd-2.1.0/prelogin.c
--- vsftpd-2.1.0/prelogin.c.userlist_log 2008-12-04 05:03:27.000000000 +0100
+++ vsftpd-2.1.0/prelogin.c 2009-01-08 19:33:29.000000000 +0100
@@ -216,6 +216,20 @@ handle_user_command(struct vsf_session*
(!located && !tunable_userlist_deny))
{
vsf_cmdio_write(p_sess, FTP_LOGINERR, "Permission denied.");
@ -44,10 +70,29 @@ diff -up vsftpd-2.0.6/prelogin.c.userlist_log vsftpd-2.0.6/prelogin.c
str_empty(&p_sess->user_str);
return;
}
diff -up vsftpd-2.0.6/tunables.h.userlist_log vsftpd-2.0.6/tunables.h
--- vsftpd-2.0.6/tunables.h.userlist_log 2008-02-12 05:52:49.000000000 +0100
+++ vsftpd-2.0.6/tunables.h 2008-02-22 12:59:01.000000000 +0100
@@ -67,6 +67,7 @@ extern int tunable_force_anon_data_ssl;
diff -up vsftpd-2.1.0/tunables.c.userlist_log vsftpd-2.1.0/tunables.c
--- vsftpd-2.1.0/tunables.c.userlist_log 2009-01-08 19:33:28.000000000 +0100
+++ vsftpd-2.1.0/tunables.c 2009-01-08 19:35:00.000000000 +0100
@@ -72,6 +72,7 @@ int tunable_force_anon_data_ssl;
int tunable_mdtm_write;
int tunable_lock_upload_files;
int tunable_pasv_addr_resolve;
+int tunable_userlist_log;
int tunable_debug_ssl;
int tunable_require_cert;
int tunable_validate_cert;
@@ -206,6 +207,7 @@ tunables_load_defaults()
tunable_mdtm_write = 1;
tunable_lock_upload_files = 1;
tunable_pasv_addr_resolve = 0;
+ tunable_userlist_log = 0;
tunable_debug_ssl = 0;
tunable_require_cert = 0;
tunable_validate_cert = 0;
diff -up vsftpd-2.1.0/tunables.h.userlist_log vsftpd-2.1.0/tunables.h
--- vsftpd-2.1.0/tunables.h.userlist_log 2008-12-17 06:47:11.000000000 +0100
+++ vsftpd-2.1.0/tunables.h 2009-01-08 19:33:29.000000000 +0100
@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl;
extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */
extern int tunable_lock_upload_files; /* Lock uploading files */
extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */
@ -55,30 +100,10 @@ diff -up vsftpd-2.0.6/tunables.h.userlist_log vsftpd-2.0.6/tunables.h
extern int tunable_debug_ssl; /* Verbose SSL logging */
extern int tunable_require_cert; /* SSL client cert required */
extern int tunable_validate_cert; /* SSL certs must be valid */
diff -up vsftpd-2.0.6/logging.h.userlist_log vsftpd-2.0.6/logging.h
--- vsftpd-2.0.6/logging.h.userlist_log 2008-02-08 02:29:59.000000000 +0100
+++ vsftpd-2.0.6/logging.h 2008-02-22 12:49:36.000000000 +0100
@@ -80,5 +80,16 @@ void vsf_log_do_log(struct vsf_session*
void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
struct mystr* p_str);
+/* vsf_log_failed_line()
+ * PURPOSE
+ * Same as vsf_log_line(), except that it logs the line as failed operation.
+ * PARAMETERS
+ * p_sess - the current session object
+ * what - the type of operation to log
+ * p_str - the string to log
+ */
+void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
+ struct mystr* p_str);
+
#endif /* VSF_LOGGING_H */
diff -up vsftpd-2.0.6/vsftpd.conf.5.userlist_log vsftpd-2.0.6/vsftpd.conf.5
--- vsftpd-2.0.6/vsftpd.conf.5.userlist_log 2008-02-22 12:49:36.000000000 +0100
+++ vsftpd-2.0.6/vsftpd.conf.5 2008-02-22 12:49:36.000000000 +0100
@@ -541,6 +541,14 @@ Self-signed certs do not constitute OK v
diff -up vsftpd-2.1.0/vsftpd.conf.5.userlist_log vsftpd-2.1.0/vsftpd.conf.5
--- vsftpd-2.1.0/vsftpd.conf.5.userlist_log 2009-01-08 19:33:28.000000000 +0100
+++ vsftpd-2.1.0/vsftpd.conf.5 2009-01-08 19:33:29.000000000 +0100
@@ -585,6 +585,14 @@ Self-signed certs do not constitute OK v
Default: NO
.TP
@ -93,20 +118,3 @@ diff -up vsftpd-2.0.6/vsftpd.conf.5.userlist_log vsftpd-2.0.6/vsftpd.conf.5
.B virtual_use_local_privs
If enabled, virtual users will use the same privileges as local users. By
default, virtual users will use the same privileges as anonymous users, which
diff -up vsftpd-2.0.6/logging.c.userlist_log vsftpd-2.0.6/logging.c
--- vsftpd-2.0.6/logging.c.userlist_log 2008-02-08 02:30:40.000000000 +0100
+++ vsftpd-2.0.6/logging.c 2008-02-22 12:49:36.000000000 +0100
@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess,
vsf_log_common(p_sess, 1, what, p_str);
}
+void
+vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
+ struct mystr* p_str)
+{
+ vsf_log_common(p_sess, 0, what, p_str);
+}
+
int
vsf_log_entry_pending(struct vsf_session* p_sess)
{

View File

@ -0,0 +1,12 @@
diff -up vsftpd-2.1.0/ptracesandbox.c.warnings vsftpd-2.1.0/ptracesandbox.c
--- vsftpd-2.1.0/ptracesandbox.c.warnings 2009-01-15 15:31:26.000000000 +0100
+++ vsftpd-2.1.0/ptracesandbox.c 2009-01-15 15:32:56.000000000 +0100
@@ -1146,6 +1146,7 @@ int
ptrace_sandbox_run_processes(struct pt_sandbox* p_sandbox)
{
(void) p_sandbox;
+ return -1;
}
void
diff -up vsftpd-2.1.0/sysdeputil.c.warnings vsftpd-2.1.0/sysdeputil.c

View File

@ -1,115 +1,86 @@
%{!?tcp_wrappers:%define tcp_wrappers 1}
Summary: Very Secure Ftp Daemon
Name: vsftpd
Version: 2.0.7
Release: 1%{?dist}
Version: 2.1.0
Release: 0.1.pre3%{?dist}
Summary: Very Secure Ftp Daemon
Group: System Environment/Daemons
# OpenSSL link exception
License: GPLv2 with exceptions
Group: System Environment/Daemons
URL: http://vsftpd.beasts.org/
Source: ftp://vsftpd.beasts.org/users/cevans/%{name}-%{version}.tar.gz
Source0: ftp://vsftpd.beasts.org/users/cevans/%{name}-%{version}pre3.tar.gz
Source1: vsftpd.xinetd
Source2: vsftpd.pam
Source3: vsftpd.ftpusers
Source4: vsftpd.user_list
Source5: vsftpd.init
Source6: vsftpd_conf_migrate.sh
Patch1: vsftpd-1.1.3-rh.patch
Patch2: vsftpd-1.0.1-missingok.patch
Patch3: vsftpd-2.0.1-tcp_wrappers.patch
Patch4: vsftpd-1.5.1-libs.patch
Patch5: vsftpd-2.0.2-signal.patch
Patch6: vsftpd-1.2.1-conffile.patch
Patch7: vsftpd-2.0.1-build_ssl.patch
Patch8: vsftpd-2.0.1-server_args.patch
Patch9: vsftpd-2.0.1-dir.patch
Patch11: vsftpd-1.2.1-nonrootconf.patch
Patch13: vsftpd-2.0.3-background.patch
Patch14: vsftpd-2.0.3-daemonize_fds.patch
Patch17: vsftpd-2.0.3-pam_hostname.patch
Patch18: vsftpd-close-std-fds.patch
Patch19: vsftpd-2.0.5-default_ipv6.patch
Patch20: vsftpd-2.0.5-add_ipv6_option.patch
Patch21: vsftpd-2.0.5-correct_comments.patch
Patch22: vsftpd-2.0.5-man.patch
Patch23: vsftpd-2.0.4-filter.patch
Patch26: vsftpd-2.0.5-bind_denied.patch
Patch29: vsftpd-2.0.5-pasv_dot.patch
Patch30: vsftpd-2.0.5-pam_end.patch
Patch31: vsftpd-2.0.5-write_race.patch
Patch32: vsftpd-2.0.5-fix_unique.patch
Patch34: vsftpd-2.0.5-underscore_uname.patch
Patch35: vsftpd-2.0.5-uname_size.patch
Patch36: vsftpd-2.0.5-greedy.patch
Patch37: vsftpd-2.0.6-userlist_log.patch
Patch38: vsftpd-2.0.6-listen.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pam-devel
BuildRequires: libcap-devel
BuildRequires: openssl-devel
%if %{tcp_wrappers}
BuildRequires: tcp_wrappers-devel
%endif
BuildRequires: pam-devel
Requires: /%{_lib}/security/pam_loginuid.so
BuildRequires: libcap-devel
BuildRequires: openssl-devel
Requires: libcap
# for -fpie
BuildRequires: gcc > 3.2.3-13, binutils > 2.14.90.0.4-24, glibc-devel >= 2.3.2-45
Requires: logrotate
Requires (preun): /sbin/chkconfig
Requires (preun): /sbin/service
Requires (post): /sbin/chkconfig
#Obsoletes: anonftp
#Provides: ftpserver
# Build patches
Patch1: vsftpd-2.1.0-libs.patch
Patch2: vsftpd-2.1.0-build_ssl.patch
Patch3: vsftpd-2.1.0-tcp_wrappers.patch
# Use /etc/vsftpd/ instead of /etc/
Patch4: vsftpd-2.1.0-configuration.patch
# These need review
Patch5: vsftpd-2.1.0-pam_hostname.patch
Patch6: vsftpd-close-std-fds.patch
Patch7: vsftpd-2.1.0-filter.patch
Patch8: vsftpd-2.0.5-greedy.patch
Patch9: vsftpd-2.1.0-userlist_log.patch
# Sent upstream on 2009-01-16 via email
Patch10: vsftpd-2.1.0-warnings.patch
%description
vsftpd is a Very Secure FTP daemon. It was written completely from
scratch.
%prep
%setup -q -n %{name}-%{version}
%patch1 -p1 -b .rh
%patch2 -p1 -b .mok
cp %{SOURCE1} .
%patch1 -p1 -b .libs
%patch2 -p1 -b .build_ssl
%if %{tcp_wrappers}
%patch3 -p1 -b .tcp_wrappers
%endif
%patch4 -p1 -b .libs
cp %{SOURCE1} .
%patch5 -p1 -b .signal
%patch6 -p1
%patch7 -p1 -b .build_ssl
%patch8 -p1 -b .server_args
%patch9 -p1 -b .dir
%patch11 -p1 -b .nonrootconf
%patch13 -p1 -b .background
%patch14 -p1 -b .fds
%patch17 -p1 -b .old-pam
%patch18 -p1 -b .close-fds
%patch19 -p1 -b .ipv6
%patch20 -p1 -b .ipv6opt
%patch21 -p1 -b .comments
%patch22 -p1 -b .manp
%patch23 -p1 -b .filter
%patch26 -p1 -b .bind_denied
%patch29 -p1 -b .pasv_dot
%patch30 -p1 -b .pam_end
%patch31 -p1 -b .write_race
%patch32 -p1 -b .fix_unique
%patch34 -p1 -b .underscore_uname
%patch35 -p1 -b .uname_size
%patch36 -p1 -b .greedy
%patch37 -p1 -b .userlist_log
%patch38 -p1 -b .listen
%patch4 -p1 -b .configuration
%patch5 -p1 -b .pam_hostname
%patch6 -p1 -b .close_fds
%patch7 -p1 -b .filter
%patch8 -p1 -b .greedy
%patch9 -p1 -b .userlist_log
%patch10 -p1 -b .warnings
%build
%ifarch s390x sparcv9 sparc64
make CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe" \
make CFLAGS="$RPM_OPT_FLAGS -fPIE -pipe -Wextra -Werror" \
%else
make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe" \
make CFLAGS="$RPM_OPT_FLAGS -fpie -pipe -Wextra -Werror" \
%endif
LINK="-pie -lssl" \
%{?_smp_mflags}
LINK="-pie -lssl" %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
@ -130,13 +101,16 @@ install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd_conf_migra
mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
%clean
rm -rf $RPM_BUILD_ROOT
%post
/sbin/chkconfig --add vsftpd
#/usr/sbin/usermod -d /var/ftp ftp >/dev/null 2>&1 || :
%preun
if [ $1 = 0 ]; then
/sbin/service vsftpd stop > /dev/null 2>&1
@ -145,10 +119,9 @@ fi
%files
%defattr(-,root,root)
%defattr(-,root,root,-)
%{_sbindir}/vsftpd
%{_sysconfdir}/rc.d/init.d/vsftpd
#%config(noreplace) /etc/vsftpd.*
%dir %{_sysconfdir}/vsftpd
%config(noreplace) %{_sysconfdir}/vsftpd/*
%config(noreplace) %{_sysconfdir}/pam.d/vsftpd
@ -158,7 +131,36 @@ fi
%{_mandir}/man8/vsftpd.*
%{_var}/ftp
%changelog
* Fri Jan 16 2009 Martin Nagy <mnagy@redhat.com> - 2.1.0-0.1.pre3
- update to latest upstream release
- cleanup the spec file
- drop patches fixed upstream:
vsftpd-1.0.1-missingok.patch
vsftpd-1.2.1-nonrootconf.patch
vsftpd-2.0.1-tcp_wrappers.patch
vsftpd-2.0.2-signal.patch
vsftpd-2.0.3-daemonize_fds.patch
vsftpd-2.0.5-correct_comments.patch
vsftpd-2.0.5-pasv_dot.patch
vsftpd-2.0.5-write_race.patch
vsftpd-2.0.5-fix_unique.patch
vsftpd-2.0.5-uname_size.patch
vsftpd-2.0.5-bind_denied.patch
vsftpd-2.0.5-pam_end.patch
vsftpd-2.0.5-underscore_uname.patch
vsftpd-2.0.6-listen.patch
- join all configuration patches into one:
vsftpd-1.1.3-rh.patch
vsftpd-1.2.1-conffile.patch
vsftpd-2.0.1-dir.patch
vsftpd-2.0.1-server_args.patch
vsftpd-2.0.3-background.patch
vsftpd-2.0.5-default_ipv6.patch
vsftpd-2.0.5-add_ipv6_option.patch
vsftpd-2.0.5-man.patch
* Mon Sep 8 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.7-1
- fix license tag
- update to 2.0.7