- Added userlist_log option.
This commit is contained in:
parent
81eb0daf5e
commit
c200c77a74
112
vsftpd-2.0.5-userlist_log.patch
Normal file
112
vsftpd-2.0.5-userlist_log.patch
Normal file
@ -0,0 +1,112 @@
|
||||
diff -up vsftpd-2.0.5/tunables.c.userlist_log vsftpd-2.0.5/tunables.c
|
||||
--- vsftpd-2.0.5/tunables.c.userlist_log 2007-11-30 12:44:22.000000000 +0100
|
||||
+++ vsftpd-2.0.5/tunables.c 2007-11-30 12:46:52.000000000 +0100
|
||||
@@ -71,6 +71,7 @@ int tunable_force_anon_data_ssl = 0;
|
||||
int tunable_mdtm_write = 1;
|
||||
int tunable_lock_upload_files = 1;
|
||||
int tunable_pasv_addr_resolve = 0;
|
||||
+int tunable_userlist_log = 0;
|
||||
|
||||
unsigned int tunable_accept_timeout = 60;
|
||||
unsigned int tunable_connect_timeout = 60;
|
||||
diff -up vsftpd-2.0.5/parseconf.c.userlist_log vsftpd-2.0.5/parseconf.c
|
||||
--- vsftpd-2.0.5/parseconf.c.userlist_log 2007-11-30 12:44:48.000000000 +0100
|
||||
+++ vsftpd-2.0.5/parseconf.c 2007-11-30 12:46:50.000000000 +0100
|
||||
@@ -100,6 +100,7 @@ parseconf_bool_array[] =
|
||||
{ "mdtm_write", &tunable_mdtm_write },
|
||||
{ "lock_upload_files", &tunable_lock_upload_files },
|
||||
{ "pasv_addr_resolve", &tunable_pasv_addr_resolve },
|
||||
+ { "userlist_log", &tunable_userlist_log },
|
||||
{ 0, 0 }
|
||||
};
|
||||
|
||||
diff -up vsftpd-2.0.5/prelogin.c.userlist_log vsftpd-2.0.5/prelogin.c
|
||||
--- vsftpd-2.0.5/prelogin.c.userlist_log 2007-11-30 12:43:45.000000000 +0100
|
||||
+++ vsftpd-2.0.5/prelogin.c 2007-11-30 12:46:41.000000000 +0100
|
||||
@@ -189,6 +189,20 @@ handle_user_command(struct vsf_session*
|
||||
(!located && !tunable_userlist_deny))
|
||||
{
|
||||
vsf_cmdio_write(p_sess, FTP_LOGINERR, "Permission denied.");
|
||||
+ if (tunable_userlist_log)
|
||||
+ {
|
||||
+ struct mystr str_log_line = INIT_MYSTR;
|
||||
+ if (tunable_userlist_deny)
|
||||
+ {
|
||||
+ str_alloc_text(&str_log_line, "User is in the deny user list.");
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ str_alloc_text(&str_log_line, "User is not in the allow user list.");
|
||||
+ }
|
||||
+ vsf_log_failed_line(p_sess, kVSFLogEntryLogin, &str_log_line);
|
||||
+ str_free(&str_log_line);
|
||||
+ }
|
||||
str_empty(&p_sess->user_str);
|
||||
return;
|
||||
}
|
||||
diff -up vsftpd-2.0.5/tunables.h.userlist_log vsftpd-2.0.5/tunables.h
|
||||
--- vsftpd-2.0.5/tunables.h.userlist_log 2007-11-30 12:44:28.000000000 +0100
|
||||
+++ vsftpd-2.0.5/tunables.h 2007-11-30 12:46:46.000000000 +0100
|
||||
@@ -67,6 +67,7 @@ extern int tunable_force_anon_data_ssl;
|
||||
extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */
|
||||
extern int tunable_lock_upload_files; /* Lock uploading files */
|
||||
extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */
|
||||
+extern int tunable_userlist_log; /* Log every failed login attempt */
|
||||
|
||||
/* Integer/numeric defines */
|
||||
extern unsigned int tunable_accept_timeout;
|
||||
diff -up vsftpd-2.0.5/logging.h.userlist_log vsftpd-2.0.5/logging.h
|
||||
--- vsftpd-2.0.5/logging.h.userlist_log 2007-11-30 12:44:05.000000000 +0100
|
||||
+++ vsftpd-2.0.5/logging.h 2007-11-30 12:46:43.000000000 +0100
|
||||
@@ -73,5 +73,16 @@ void vsf_log_do_log(struct vsf_session*
|
||||
void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
|
||||
struct mystr* p_str);
|
||||
|
||||
+/* vsf_log_failed_line()
|
||||
+ * PURPOSE
|
||||
+ * Same as vsf_log_line(), except that it logs the line as failed operation.
|
||||
+ * PARAMETERS
|
||||
+ * p_sess - the current session object
|
||||
+ * what - the type of operation to log
|
||||
+ * p_str - the string to log
|
||||
+ */
|
||||
+void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
|
||||
+ struct mystr* p_str);
|
||||
+
|
||||
#endif /* VSF_LOGGING_H */
|
||||
|
||||
diff -up vsftpd-2.0.5/vsftpd.conf.5.userlist_log vsftpd-2.0.5/vsftpd.conf.5
|
||||
--- vsftpd-2.0.5/vsftpd.conf.5.userlist_log 2007-11-30 12:45:07.000000000 +0100
|
||||
+++ vsftpd-2.0.5/vsftpd.conf.5 2007-11-30 12:46:48.000000000 +0100
|
||||
@@ -520,6 +520,14 @@ cleartext passwords being transmitted. S
|
||||
|
||||
Default: NO
|
||||
.TP
|
||||
+.B userlist_log
|
||||
+This option is examined if
|
||||
+.BR userlist_enable
|
||||
+is activated. If enabled, every login denial based on the user list will be
|
||||
+logged.
|
||||
+
|
||||
+Default: NO
|
||||
+.TP
|
||||
.B virtual_use_local_privs
|
||||
If enabled, virtual users will use the same privileges as local users. By
|
||||
default, virtual users will use the same privileges as anonymous users, which
|
||||
diff -up vsftpd-2.0.5/logging.c.userlist_log vsftpd-2.0.5/logging.c
|
||||
--- vsftpd-2.0.5/logging.c.userlist_log 2007-11-30 12:43:30.000000000 +0100
|
||||
+++ vsftpd-2.0.5/logging.c 2007-11-30 12:46:39.000000000 +0100
|
||||
@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess,
|
||||
vsf_log_common(p_sess, 1, what, p_str);
|
||||
}
|
||||
|
||||
+void
|
||||
+vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
|
||||
+ struct mystr* p_str)
|
||||
+{
|
||||
+ vsf_log_common(p_sess, 0, what, p_str);
|
||||
+}
|
||||
+
|
||||
int
|
||||
vsf_log_entry_pending(struct vsf_session* p_sess)
|
||||
{
|
@ -44,6 +44,7 @@ Patch29: vsftpd-2.0.5-pasv_dot.patch
|
||||
Patch30: vsftpd-2.0.5-pam_end.patch
|
||||
Patch31: vsftpd-2.0.5-write_race.patch
|
||||
Patch32: vsftpd-2.0.5-fix_unique.patch
|
||||
Patch33: vsftpd-2.0.5-userlist_log.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
%if %{tcp_wrappers}
|
||||
@ -102,6 +103,7 @@ cp %{SOURCE1} .
|
||||
%patch30 -p1 -b .pam_end
|
||||
%patch31 -p1 -b .write_race
|
||||
%patch32 -p1 -b .fix_unique
|
||||
%patch33 -p1 -b .userlist_log
|
||||
|
||||
%build
|
||||
%ifarch s390x
|
||||
@ -165,6 +167,7 @@ fi
|
||||
- Correct create/lock race condition, original patch by <mpoole@redhat.com>
|
||||
(#240550).
|
||||
- Fix bad handling of unique files (#392231).
|
||||
- Added userlist_log option.
|
||||
|
||||
* Thu Nov 08 2007 Martin Nagy <mnagy@redhat.com> - 2.0.5-20
|
||||
- Correct calling of pam_end (#235843).
|
||||
|
Loading…
Reference in New Issue
Block a user