From ee6af258e8cb1a7fada5e6d3e54429b89f12b158 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Fri, 15 Jun 2018 12:02:21 +0200 Subject: [PATCH 56/59] Log die() calls to syslog Pass messages given to die(), die2() and bug() to syslog. Currently this functionality requires waiting for a short amount of time (1 second is used) after logging the message and before exiting. This is a workaround for the following systemd bug: https://github.com/systemd/systemd/issues/2913 The need for this workaround is the main reason why I decided not to enable this functionality by default. Resolves: rhbz#1318198 Resolves: rhbz#1582672 --- logging.c | 13 +++++++++---- logging.h | 2 ++ main.c | 4 ++++ parseconf.c | 1 + tcpwrap.c | 3 --- tunables.c | 2 ++ tunables.h | 2 ++ utility.c | 11 +++++++++++ vsftpd.conf.5 | 10 ++++++++++ 9 files changed, 41 insertions(+), 7 deletions(-) diff --git a/logging.c b/logging.c index c4461f7..9e86808 100644 --- a/logging.c +++ b/logging.c @@ -30,10 +30,6 @@ static void vsf_log_do_log_to_file(int fd, struct mystr* p_str); void vsf_log_init(struct vsf_session* p_sess) { - if (tunable_syslog_enable || tunable_tcp_wrappers) - { - vsf_sysutil_openlog(0); - } if (!tunable_xferlog_enable && !tunable_dual_log_enable) { return; @@ -389,3 +385,12 @@ vsf_log_do_log_vsftpd_format(struct vsf_session* p_sess, struct mystr* p_str, } } +void +vsf_log_die(const char* p_text) +{ + struct mystr log_str = INIT_MYSTR; + + str_append_text(&log_str, "ERROR: "); + str_append_text(&log_str, p_text); + str_syslog(&log_str, 1); +} diff --git a/logging.h b/logging.h index 1ff57d1..75f06c1 100644 --- a/logging.h +++ b/logging.h @@ -91,5 +91,7 @@ void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, struct mystr* p_str); +void vsf_log_die(const char* p_text); + #endif /* VSF_LOGGING_H */ diff --git a/main.c b/main.c index f039081..1178d44 100644 --- a/main.c +++ b/main.c @@ -120,6 +120,10 @@ main(int argc, const char* argv[]) } vsf_sysutil_free(p_statbuf); } + if (tunable_log_die || tunable_syslog_enable || tunable_tcp_wrappers) + { + vsf_sysutil_openlog(0); + } /* Resolve pasv_address if required */ if (tunable_pasv_address && tunable_pasv_addr_resolve) { diff --git a/parseconf.c b/parseconf.c index 47b54f1..aeb401a 100644 --- a/parseconf.c +++ b/parseconf.c @@ -112,6 +112,7 @@ parseconf_bool_array[] = { "seccomp_sandbox", &tunable_seccomp_sandbox }, { "allow_writeable_chroot", &tunable_allow_writeable_chroot }, { "better_stou", &tunable_better_stou }, + { "log_die", &tunable_log_die }, { 0, 0 } }; diff --git a/tcpwrap.c b/tcpwrap.c index 5bf57d3..132b771 100644 --- a/tcpwrap.c +++ b/tcpwrap.c @@ -27,15 +27,12 @@ int vsf_tcp_wrapper_ok(int remote_fd) { struct request_info req; - vsf_sysutil_openlog(0); request_init(&req, RQ_DAEMON, "vsftpd", RQ_FILE, remote_fd, 0); fromhost(&req); if (!hosts_access(&req)) { - vsf_sysutil_closelog(); return 0; } - vsf_sysutil_closelog(); return 1; } diff --git a/tunables.c b/tunables.c index 5ec2bdc..63de8e6 100644 --- a/tunables.c +++ b/tunables.c @@ -93,6 +93,7 @@ int tunable_http_enable; int tunable_seccomp_sandbox; int tunable_allow_writeable_chroot; int tunable_better_stou; +int tunable_log_die; unsigned int tunable_accept_timeout; unsigned int tunable_connect_timeout; @@ -241,6 +242,7 @@ tunables_load_defaults() tunable_seccomp_sandbox = 0; tunable_allow_writeable_chroot = 0; tunable_better_stou = 0; + tunable_log_die = 0; tunable_accept_timeout = 60; tunable_connect_timeout = 60; diff --git a/tunables.h b/tunables.h index 85ea1a8..8a4b8b2 100644 --- a/tunables.h +++ b/tunables.h @@ -96,6 +96,8 @@ extern int tunable_allow_writeable_chroot; /* Allow misconfiguration */ extern int tunable_better_stou; /* Use better file name generation * algorithm for the STOU command */ +extern int tunable_log_die; /* Log calls to die(), die2() + * and bug() */ /* Integer/numeric defines */ extern unsigned int tunable_accept_timeout; diff --git a/utility.c b/utility.c index 5fd714d..75e5bdd 100644 --- a/utility.c +++ b/utility.c @@ -9,6 +9,8 @@ #include "sysutil.h" #include "str.h" #include "defs.h" +#include "logging.h" +#include "tunables.h" #define DIE_DEBUG @@ -41,11 +43,20 @@ void bug(const char* p_text) { /* Rats. Try and write the reason to the network for diagnostics */ + if (tunable_log_die) + { + vsf_log_die(p_text); + } vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD); (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10); (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text, vsf_sysutil_strlen(p_text)); (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2); + if (tunable_log_die) + { + /* Workaround for https://github.com/systemd/systemd/issues/2913 */ + vsf_sysutil_sleep(1.0); + } vsf_sysutil_exit(2); } diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 index e9ae474..f246906 100644 --- a/vsftpd.conf.5 +++ b/vsftpd.conf.5 @@ -358,6 +358,16 @@ wanting to e.g. append a file. Default: YES .TP +.B log_die +Log an error to syslog when some error condition occurs and vsftpd decides +to quit. Internally, the error messages given to the functions die(), die2() +and bug() are passed to syslog. Currently this functionality requires waiting +for a short amount of time (1 second is used) after logging the message and +before exiting. This is a workaround for the following systemd bug: +https://github.com/systemd/systemd/issues/2913 + +Default: NO +.TP .B log_ftp_protocol When enabled, all FTP requests and responses are logged, providing the option xferlog_std_format is not enabled. Useful for debugging. -- 2.14.4