From c200c77a747e9c3165fbd9dfe51d78bfad0e0882 Mon Sep 17 00:00:00 2001 From: Martin Nagy Date: Fri, 30 Nov 2007 12:03:00 +0000 Subject: [PATCH] - Added userlist_log option. --- vsftpd-2.0.5-userlist_log.patch | 112 ++++++++++++++++++++++++++++++++ vsftpd.spec | 3 + 2 files changed, 115 insertions(+) create mode 100644 vsftpd-2.0.5-userlist_log.patch diff --git a/vsftpd-2.0.5-userlist_log.patch b/vsftpd-2.0.5-userlist_log.patch new file mode 100644 index 0000000..bcbe589 --- /dev/null +++ b/vsftpd-2.0.5-userlist_log.patch @@ -0,0 +1,112 @@ +diff -up vsftpd-2.0.5/tunables.c.userlist_log vsftpd-2.0.5/tunables.c +--- vsftpd-2.0.5/tunables.c.userlist_log 2007-11-30 12:44:22.000000000 +0100 ++++ vsftpd-2.0.5/tunables.c 2007-11-30 12:46:52.000000000 +0100 +@@ -71,6 +71,7 @@ int tunable_force_anon_data_ssl = 0; + int tunable_mdtm_write = 1; + int tunable_lock_upload_files = 1; + int tunable_pasv_addr_resolve = 0; ++int tunable_userlist_log = 0; + + unsigned int tunable_accept_timeout = 60; + unsigned int tunable_connect_timeout = 60; +diff -up vsftpd-2.0.5/parseconf.c.userlist_log vsftpd-2.0.5/parseconf.c +--- vsftpd-2.0.5/parseconf.c.userlist_log 2007-11-30 12:44:48.000000000 +0100 ++++ vsftpd-2.0.5/parseconf.c 2007-11-30 12:46:50.000000000 +0100 +@@ -100,6 +100,7 @@ parseconf_bool_array[] = + { "mdtm_write", &tunable_mdtm_write }, + { "lock_upload_files", &tunable_lock_upload_files }, + { "pasv_addr_resolve", &tunable_pasv_addr_resolve }, ++ { "userlist_log", &tunable_userlist_log }, + { 0, 0 } + }; + +diff -up vsftpd-2.0.5/prelogin.c.userlist_log vsftpd-2.0.5/prelogin.c +--- vsftpd-2.0.5/prelogin.c.userlist_log 2007-11-30 12:43:45.000000000 +0100 ++++ vsftpd-2.0.5/prelogin.c 2007-11-30 12:46:41.000000000 +0100 +@@ -189,6 +189,20 @@ handle_user_command(struct vsf_session* + (!located && !tunable_userlist_deny)) + { + vsf_cmdio_write(p_sess, FTP_LOGINERR, "Permission denied."); ++ if (tunable_userlist_log) ++ { ++ struct mystr str_log_line = INIT_MYSTR; ++ if (tunable_userlist_deny) ++ { ++ str_alloc_text(&str_log_line, "User is in the deny user list."); ++ } ++ else ++ { ++ str_alloc_text(&str_log_line, "User is not in the allow user list."); ++ } ++ vsf_log_failed_line(p_sess, kVSFLogEntryLogin, &str_log_line); ++ str_free(&str_log_line); ++ } + str_empty(&p_sess->user_str); + return; + } +diff -up vsftpd-2.0.5/tunables.h.userlist_log vsftpd-2.0.5/tunables.h +--- vsftpd-2.0.5/tunables.h.userlist_log 2007-11-30 12:44:28.000000000 +0100 ++++ vsftpd-2.0.5/tunables.h 2007-11-30 12:46:46.000000000 +0100 +@@ -67,6 +67,7 @@ extern int tunable_force_anon_data_ssl; + extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */ + extern int tunable_lock_upload_files; /* Lock uploading files */ + extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */ ++extern int tunable_userlist_log; /* Log every failed login attempt */ + + /* Integer/numeric defines */ + extern unsigned int tunable_accept_timeout; +diff -up vsftpd-2.0.5/logging.h.userlist_log vsftpd-2.0.5/logging.h +--- vsftpd-2.0.5/logging.h.userlist_log 2007-11-30 12:44:05.000000000 +0100 ++++ vsftpd-2.0.5/logging.h 2007-11-30 12:46:43.000000000 +0100 +@@ -73,5 +73,16 @@ void vsf_log_do_log(struct vsf_session* + void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, + struct mystr* p_str); + ++/* vsf_log_failed_line() ++ * PURPOSE ++ * Same as vsf_log_line(), except that it logs the line as failed operation. ++ * PARAMETERS ++ * p_sess - the current session object ++ * what - the type of operation to log ++ * p_str - the string to log ++ */ ++void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, ++ struct mystr* p_str); ++ + #endif /* VSF_LOGGING_H */ + +diff -up vsftpd-2.0.5/vsftpd.conf.5.userlist_log vsftpd-2.0.5/vsftpd.conf.5 +--- vsftpd-2.0.5/vsftpd.conf.5.userlist_log 2007-11-30 12:45:07.000000000 +0100 ++++ vsftpd-2.0.5/vsftpd.conf.5 2007-11-30 12:46:48.000000000 +0100 +@@ -520,6 +520,14 @@ cleartext passwords being transmitted. S + + Default: NO + .TP ++.B userlist_log ++This option is examined if ++.BR userlist_enable ++is activated. If enabled, every login denial based on the user list will be ++logged. ++ ++Default: NO ++.TP + .B virtual_use_local_privs + If enabled, virtual users will use the same privileges as local users. By + default, virtual users will use the same privileges as anonymous users, which +diff -up vsftpd-2.0.5/logging.c.userlist_log vsftpd-2.0.5/logging.c +--- vsftpd-2.0.5/logging.c.userlist_log 2007-11-30 12:43:30.000000000 +0100 ++++ vsftpd-2.0.5/logging.c 2007-11-30 12:46:39.000000000 +0100 +@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess, + vsf_log_common(p_sess, 1, what, p_str); + } + ++void ++vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, ++ struct mystr* p_str) ++{ ++ vsf_log_common(p_sess, 0, what, p_str); ++} ++ + int + vsf_log_entry_pending(struct vsf_session* p_sess) + { diff --git a/vsftpd.spec b/vsftpd.spec index fc5d33e..7d01a0c 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -44,6 +44,7 @@ Patch29: vsftpd-2.0.5-pasv_dot.patch Patch30: vsftpd-2.0.5-pam_end.patch Patch31: vsftpd-2.0.5-write_race.patch Patch32: vsftpd-2.0.5-fix_unique.patch +Patch33: vsftpd-2.0.5-userlist_log.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root %if %{tcp_wrappers} @@ -102,6 +103,7 @@ cp %{SOURCE1} . %patch30 -p1 -b .pam_end %patch31 -p1 -b .write_race %patch32 -p1 -b .fix_unique +%patch33 -p1 -b .userlist_log %build %ifarch s390x @@ -165,6 +167,7 @@ fi - Correct create/lock race condition, original patch by (#240550). - Fix bad handling of unique files (#392231). +- Added userlist_log option. * Thu Nov 08 2007 Martin Nagy - 2.0.5-20 - Correct calling of pam_end (#235843).