Log error messages to syslog

Add config option log_die allowing to pass error messages to syslog.
Add config option bind_retries allowing to change the max number
of attempts to find a listening port for the PASV/EPSV command.

Resolves: rhbz#1318198

0001-Log-die-calls-to-syslog.patch

@@ -0,0 +1,206 @@
+From ee6af258e8cb1a7fada5e6d3e54429b89f12b158 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Fri, 15 Jun 2018 12:02:21 +0200
+Subject: [PATCH 1/3] Log die() calls to syslog
+
+Pass messages given to die(), die2() and bug() to syslog. Currently this
+functionality requires waiting for a short amount of time (1 second is
+used) after logging the message and before exiting. This is a workaround
+for the following systemd bug:
+https://github.com/systemd/systemd/issues/2913
+
+The need for this workaround is the main reason why I decided not to
+enable this functionality by default.
+
+Resolves: rhbz#1318198
+Resolves: rhbz#1582672
+---
+ logging.c     | 13 +++++++++----
+ logging.h     |  2 ++
+ main.c        |  4 ++++
+ parseconf.c   |  1 +
+ tcpwrap.c     |  3 ---
+ tunables.c    |  2 ++
+ tunables.h    |  2 ++
+ utility.c     | 11 +++++++++++
+ vsftpd.conf.5 | 10 ++++++++++
+ 9 files changed, 41 insertions(+), 7 deletions(-)
+
+diff --git a/logging.c b/logging.c
+index c4461f7..9e86808 100644
+--- a/logging.c
++++ b/logging.c
+@@ -30,10 +30,6 @@ static void vsf_log_do_log_to_file(int fd, struct mystr* p_str);
+ void
+ vsf_log_init(struct vsf_session* p_sess)
+ {
+-  if (tunable_syslog_enable || tunable_tcp_wrappers)
+-  {
+-    vsf_sysutil_openlog(0);
+-  }
+   if (!tunable_xferlog_enable && !tunable_dual_log_enable)
+   {
+     return;
+@@ -389,3 +385,12 @@ vsf_log_do_log_vsftpd_format(struct vsf_session* p_sess, struct mystr* p_str,
+   }
+ }
+ 
++void
++vsf_log_die(const char* p_text)
++{
++  struct mystr log_str = INIT_MYSTR;
++
++  str_append_text(&log_str, "ERROR: ");
++  str_append_text(&log_str, p_text);
++  str_syslog(&log_str, 1);
++}
+diff --git a/logging.h b/logging.h
+index 1ff57d1..75f06c1 100644
+--- a/logging.h
++++ b/logging.h
+@@ -91,5 +91,7 @@ void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
+ void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
+                   struct mystr* p_str);
+ 
++void vsf_log_die(const char* p_text);
++
+ #endif /* VSF_LOGGING_H */
+ 
+diff --git a/main.c b/main.c
+index f039081..1178d44 100644
+--- a/main.c
++++ b/main.c
+@@ -120,6 +120,10 @@ main(int argc, const char* argv[])
+     }
+     vsf_sysutil_free(p_statbuf);
+   }
++  if (tunable_log_die || tunable_syslog_enable || tunable_tcp_wrappers)
++  {
++    vsf_sysutil_openlog(0);
++  }
+   /* Resolve pasv_address if required */
+   if (tunable_pasv_address && tunable_pasv_addr_resolve)
+   {
+diff --git a/parseconf.c b/parseconf.c
+index 47b54f1..aeb401a 100644
+--- a/parseconf.c
++++ b/parseconf.c
+@@ -112,6 +112,7 @@ parseconf_bool_array[] =
+   { "seccomp_sandbox", &tunable_seccomp_sandbox },
+   { "allow_writeable_chroot", &tunable_allow_writeable_chroot },
+   { "better_stou", &tunable_better_stou },
++  { "log_die", &tunable_log_die },
+   { 0, 0 }
+ };
+ 
+diff --git a/tcpwrap.c b/tcpwrap.c
+index 5bf57d3..132b771 100644
+--- a/tcpwrap.c
++++ b/tcpwrap.c
+@@ -27,15 +27,12 @@ int
+ vsf_tcp_wrapper_ok(int remote_fd)
+ {
+   struct request_info req;
+-  vsf_sysutil_openlog(0);
+   request_init(&req, RQ_DAEMON, "vsftpd", RQ_FILE, remote_fd, 0);
+   fromhost(&req);
+   if (!hosts_access(&req))
+   {
+-    vsf_sysutil_closelog();
+     return 0;
+   }
+-  vsf_sysutil_closelog();
+   return 1;
+ }
+ 
+diff --git a/tunables.c b/tunables.c
+index 5ec2bdc..63de8e6 100644
+--- a/tunables.c
++++ b/tunables.c
+@@ -93,6 +93,7 @@ int tunable_http_enable;
+ int tunable_seccomp_sandbox;
+ int tunable_allow_writeable_chroot;
+ int tunable_better_stou;
++int tunable_log_die;
+ 
+ unsigned int tunable_accept_timeout;
+ unsigned int tunable_connect_timeout;
+@@ -241,6 +242,7 @@ tunables_load_defaults()
+   tunable_seccomp_sandbox = 0;
+   tunable_allow_writeable_chroot = 0;
+   tunable_better_stou = 0;
++  tunable_log_die = 0;
+ 
+   tunable_accept_timeout = 60;
+   tunable_connect_timeout = 60;
+diff --git a/tunables.h b/tunables.h
+index 85ea1a8..8a4b8b2 100644
+--- a/tunables.h
++++ b/tunables.h
+@@ -96,6 +96,8 @@ extern int tunable_allow_writeable_chroot;    /* Allow misconfiguration */
+ extern int tunable_better_stou;               /* Use better file name generation
+                                                * algorithm for the STOU command
+ 					       */
++extern int tunable_log_die;                   /* Log calls to die(), die2()
++                                               * and bug() */
+ 
+ /* Integer/numeric defines */
+ extern unsigned int tunable_accept_timeout;
+diff --git a/utility.c b/utility.c
+index 5fd714d..75e5bdd 100644
+--- a/utility.c
++++ b/utility.c
+@@ -9,6 +9,8 @@
+ #include "sysutil.h"
+ #include "str.h"
+ #include "defs.h"
++#include "logging.h"
++#include "tunables.h"
+ 
+ #define DIE_DEBUG
+ 
+@@ -41,11 +43,20 @@ void
+ bug(const char* p_text)
+ {
+   /* Rats. Try and write the reason to the network for diagnostics */
++  if (tunable_log_die)
++  {
++    vsf_log_die(p_text);
++  }
+   vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD);
+   (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10);
+   (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text,
+                                 vsf_sysutil_strlen(p_text));
+   (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2);
++  if (tunable_log_die)
++  {
++    /* Workaround for https://github.com/systemd/systemd/issues/2913 */
++    vsf_sysutil_sleep(1.0);
++  }
+   vsf_sysutil_exit(2);
+ }
+ 
+diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
+index e9ae474..f246906 100644
+--- a/vsftpd.conf.5
++++ b/vsftpd.conf.5
+@@ -358,6 +358,16 @@ wanting to e.g. append a file.
+ 
+ Default: YES
+ .TP
++.B log_die
++Log an error to syslog when some error condition occurs and vsftpd decides
++to quit. Internally, the error messages given to the functions die(), die2()
++and bug() are passed to syslog. Currently this functionality requires waiting
++for a short amount of time (1 second is used) after logging the message and
++before exiting. This is a workaround for the following systemd bug:
++https://github.com/systemd/systemd/issues/2913
++
++Default: NO
++.TP
+ .B log_ftp_protocol
+ When enabled, all FTP requests and responses are logged, providing the option
+ xferlog_std_format is not enabled. Useful for debugging.
+-- 
+2.14.4
+

0002-Improve-error-message-when-max-number-of-bind-attemp.patch

@@ -0,0 +1,27 @@
+From 380e40930661d643c865bace4e1791ca8f9d74cf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Mon, 18 Jun 2018 14:01:46 +0200
+Subject: [PATCH 2/3] Improve error message when max number of bind attempts is
+ exceeded
+
+Resolves: rhbz#1318198
+---
+ privops.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/privops.c b/privops.c
+index e577a27..010d28d 100644
+--- a/privops.c
++++ b/privops.c
+@@ -183,7 +183,7 @@ vsf_privop_pasv_listen(struct vsf_session* p_sess)
+   }
+   if (!bind_retries)
+   {
+-    die("vsf_sysutil_bind");
++    die("vsf_sysutil_bind, maximum number of attempts to find a listening port exceeded");
+   }
+   return the_port;
+ }
+-- 
+2.14.4
+

0003-Make-the-max-number-of-bind-retries-tunable.patch

@@ -0,0 +1,103 @@
+From be7c2d639127dd8af0139caf94f8c29f431d3753 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Mon, 18 Jun 2018 10:13:48 +0200
+Subject: [PATCH 3/3] Make the max number of bind retries tunable
+
+Resolves: rhbz#1318198
+---
+ parseconf.c   | 1 +
+ privops.c     | 8 ++++++--
+ tunables.c    | 2 ++
+ tunables.h    | 1 +
+ vsftpd.conf.5 | 5 +++++
+ 5 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/parseconf.c b/parseconf.c
+index aeb401a..3cfe7da 100644
+--- a/parseconf.c
++++ b/parseconf.c
+@@ -143,6 +143,7 @@ parseconf_uint_array[] =
+   { "delay_successful_login", &tunable_delay_successful_login },
+   { "max_login_fails", &tunable_max_login_fails },
+   { "chown_upload_mode", &tunable_chown_upload_mode },
++  { "bind_retries", &tunable_bind_retries },
+   { 0, 0 }
+ };
+ 
+diff --git a/privops.c b/privops.c
+index 010d28d..83b25c7 100644
+--- a/privops.c
++++ b/privops.c
+@@ -120,8 +120,8 @@ unsigned short
+ vsf_privop_pasv_listen(struct vsf_session* p_sess)
+ {
+   static struct vsf_sysutil_sockaddr* s_p_sockaddr;
+-  int bind_retries = 10;
+-  unsigned short the_port;
++  int bind_retries = tunable_bind_retries + 1;
++  unsigned short the_port = 0;
+   /* IPPORT_RESERVED */
+   unsigned short min_port = 1024;
+   unsigned short max_port = 65535;
+@@ -131,6 +131,10 @@ vsf_privop_pasv_listen(struct vsf_session* p_sess)
+     die("listed fd already active");
+   }
+ 
++  if (bind_retries < 2)
++  {
++    bind_retries = 2;
++  }
+   if (tunable_pasv_min_port > min_port && tunable_pasv_min_port <= max_port)
+   {
+     min_port = (unsigned short) tunable_pasv_min_port;
+diff --git a/tunables.c b/tunables.c
+index 63de8e6..a7ce9c8 100644
+--- a/tunables.c
++++ b/tunables.c
+@@ -115,6 +115,7 @@ unsigned int tunable_delay_failed_login;
+ unsigned int tunable_delay_successful_login;
+ unsigned int tunable_max_login_fails;
+ unsigned int tunable_chown_upload_mode;
++unsigned int tunable_bind_retries;
+ 
+ const char* tunable_secure_chroot_dir;
+ const char* tunable_ftp_username;
+@@ -268,6 +269,7 @@ tunables_load_defaults()
+   tunable_max_login_fails = 3;
+   /* -rw------- */
+   tunable_chown_upload_mode = 0600;
++  tunable_bind_retries = 9;
+ 
+   install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
+   install_str_setting("ftp", &tunable_ftp_username);
+diff --git a/tunables.h b/tunables.h
+index 8a4b8b2..029d645 100644
+--- a/tunables.h
++++ b/tunables.h
+@@ -120,6 +120,7 @@ extern unsigned int tunable_delay_failed_login;
+ extern unsigned int tunable_delay_successful_login;
+ extern unsigned int tunable_max_login_fails;
+ extern unsigned int tunable_chown_upload_mode;
++extern unsigned int tunable_bind_retries;
+ 
+ /* String defines */
+ extern const char* tunable_secure_chroot_dir;
+diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
+index f246906..ce3fba3 100644
+--- a/vsftpd.conf.5
++++ b/vsftpd.conf.5
+@@ -760,6 +760,11 @@ value will be treated as a base 10 integer!
+ 
+ Default: 077
+ .TP
++.B bind_retries
++Maximum number of attempts to find a free listening port in passive mode.
++
++Default: 9
++.TP
+ .B chown_upload_mode
+ The file mode to force for chown()ed anonymous uploads. (Added in v2.0.6).
+ 
+-- 
+2.14.4
+

vsftpd.spec

@@ -2,7 +2,7 @@
 
 Name:    vsftpd
 Version: 3.0.3
-Release: 24%{?dist}
+Release: 25%{?dist}
 Summary: Very Secure Ftp Daemon
 
 Group:    System Environment/Daemons
@@ -84,6 +84,9 @@ Patch52: 0001-Fix-rDNS-with-IPv6.patch
 Patch53: 0002-Always-do-chdir-after-chroot.patch
 Patch54: 0003-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch
 Patch55: 0004-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch
+Patch56: 0001-Log-die-calls-to-syslog.patch
+Patch57: 0002-Improve-error-message-when-max-number-of-bind-attemp.patch
+Patch58: 0003-Make-the-max-number-of-bind-retries-tunable.patch
 
 %description
 vsftpd is a Very Secure FTP daemon. It was written completely from
@@ -153,6 +156,12 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
 %{_var}/ftp
 
 %changelog
+* Tue Jun 19 2018 Ondřej Lysoněk <olysonek@redhat.com> - 3.0.3-25
+- Add config option log_die allowing to pass error messages to syslog
+- Add config option bind_retries allowing to change the max number
+- of attempts to find a listening port for the PASV/EPSV command
+- Resolves: rhbz#1318198
+
 * Fri Jun 01 2018 Ondřej Lysoněk <olysonek@redhat.com> - 3.0.3-24
 - Fix filename expansion in vsftpd_conf_migrate.sh ... again