|
 |
d83721 |
diff -up vsftpd-3.0.2/parseconf.c.lookup vsftpd-3.0.2/parseconf.c
|
|
|
d83721 |
--- vsftpd-3.0.2/parseconf.c.lookup 2014-04-17 10:01:50.862951491 +0200
|
|
|
d83721 |
+++ vsftpd-3.0.2/parseconf.c 2014-04-17 10:02:42.343955443 +0200
|
|
|
d83721 |
@@ -91,6 +91,7 @@ parseconf_bool_array[] =
|
|
|
d83721 |
{ "mdtm_write", &tunable_mdtm_write },
|
|
|
d83721 |
{ "lock_upload_files", &tunable_lock_upload_files },
|
|
|
d83721 |
{ "pasv_addr_resolve", &tunable_pasv_addr_resolve },
|
|
|
d83721 |
+ { "reverse_lookup_enable", &tunable_reverse_lookup_enable },
|
|
|
d83721 |
{ "userlist_log", &tunable_userlist_log },
|
|
|
d83721 |
{ "debug_ssl", &tunable_debug_ssl },
|
|
|
d83721 |
{ "require_cert", &tunable_require_cert },
|
|
|
d83721 |
diff -up vsftpd-3.0.2/sysdeputil.c.lookup vsftpd-3.0.2/sysdeputil.c
|
|
|
d83721 |
--- vsftpd-3.0.2/sysdeputil.c.lookup 2014-04-17 09:57:02.111933144 +0200
|
|
|
d83721 |
+++ vsftpd-3.0.2/sysdeputil.c 2014-04-17 10:01:31.069950498 +0200
|
|
|
d83721 |
@@ -354,12 +354,16 @@ vsf_sysdep_check_auth(struct mystr* p_us
|
|
|
d83721 |
return 0;
|
|
|
d83721 |
}
|
|
|
d83721 |
#ifdef PAM_RHOST
|
|
|
d83721 |
- sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
|
|
|
d83721 |
- host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
|
|
|
d83721 |
- if (host != (struct hostent*)0)
|
|
|
d83721 |
- retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
|
|
|
d83721 |
- else
|
|
|
d83721 |
+ if (tunable_reverse_lookup_enable) {
|
|
|
d83721 |
+ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
|
|
|
d83721 |
+ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
|
|
|
d83721 |
+ if (host != (struct hostent*)0)
|
|
|
d83721 |
+ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
|
|
|
d83721 |
+ else
|
|
|
d83721 |
+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
|
|
d83721 |
+ } else {
|
|
|
d83721 |
retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
|
|
d83721 |
+ }
|
|
|
d83721 |
if (retval != PAM_SUCCESS)
|
|
|
d83721 |
{
|
|
|
d83721 |
(void) pam_end(s_pamh, retval);
|
|
|
d83721 |
diff -up vsftpd-3.0.2/tunables.c.lookup vsftpd-3.0.2/tunables.c
|
|
|
d83721 |
--- vsftpd-3.0.2/tunables.c.lookup 2014-04-17 10:03:22.766958324 +0200
|
|
|
d83721 |
+++ vsftpd-3.0.2/tunables.c 2014-04-17 10:04:52.004964675 +0200
|
|
|
d83721 |
@@ -72,6 +72,7 @@ int tunable_force_anon_data_ssl;
|
|
|
d83721 |
int tunable_mdtm_write;
|
|
|
d83721 |
int tunable_lock_upload_files;
|
|
|
d83721 |
int tunable_pasv_addr_resolve;
|
|
|
d83721 |
+int tunable_reverse_lookup_enable;
|
|
|
d83721 |
int tunable_userlist_log;
|
|
|
d83721 |
int tunable_debug_ssl;
|
|
|
d83721 |
int tunable_require_cert;
|
|
|
d83721 |
@@ -213,6 +214,7 @@ tunables_load_defaults()
|
|
|
d83721 |
tunable_mdtm_write = 1;
|
|
|
d83721 |
tunable_lock_upload_files = 1;
|
|
|
d83721 |
tunable_pasv_addr_resolve = 0;
|
|
|
d83721 |
+ tunable_reverse_lookup_enable = 1;
|
|
|
d83721 |
tunable_userlist_log = 0;
|
|
|
d83721 |
tunable_debug_ssl = 0;
|
|
|
d83721 |
tunable_require_cert = 0;
|
|
|
d83721 |
diff -up vsftpd-3.0.2/tunables.h.lookup vsftpd-3.0.2/tunables.h
|
|
|
d83721 |
--- vsftpd-3.0.2/tunables.h.lookup 2014-04-17 10:03:27.405958676 +0200
|
|
|
d83721 |
+++ vsftpd-3.0.2/tunables.h 2014-04-17 10:04:22.763963824 +0200
|
|
|
d83721 |
@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl;
|
|
|
d83721 |
extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */
|
|
|
d83721 |
extern int tunable_lock_upload_files; /* Lock uploading files */
|
|
|
d83721 |
extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */
|
|
|
d83721 |
+extern int tunable_reverse_lookup_enable; /* Get hostname before pam auth */
|
|
|
d83721 |
extern int tunable_userlist_log; /* Log every failed login attempt */
|
|
|
d83721 |
extern int tunable_debug_ssl; /* Verbose SSL logging */
|
|
|
d83721 |
extern int tunable_require_cert; /* SSL client cert required */
|
|
|
d83721 |
diff -up vsftpd-3.0.2/vsftpd.conf.5.lookup vsftpd-3.0.2/vsftpd.conf.5
|
|
|
d83721 |
--- vsftpd-3.0.2/vsftpd.conf.5.lookup 2014-04-17 10:05:30.956969003 +0200
|
|
|
d83721 |
+++ vsftpd-3.0.2/vsftpd.conf.5 2014-04-17 10:06:36.586971828 +0200
|
|
|
d83721 |
@@ -425,6 +425,15 @@ http://scarybeastsecurity.blogspot.com/2
|
|
|
d83721 |
|
|
|
d83721 |
Default: YES
|
|
|
d83721 |
.TP
|
|
|
d83721 |
+.B reverse_lookup_enable
|
|
|
d83721 |
+Set to YES if you want vsftpd to transform the ip address into the hostname,
|
|
|
d83721 |
+before pam authentication. This is useful if you use pam_access including the
|
|
|
d83721 |
+hostname. If you want vsftpd to run on the environment where the reverse lookup
|
|
|
d83721 |
+for some hostname is available and the name server doesn't respond for a while,
|
|
|
d83721 |
+you should set this to NO to avoid a performance issue.
|
|
|
d83721 |
+
|
|
|
d83721 |
+Default: YES
|
|
|
d83721 |
+.TP
|
|
|
d83721 |
.B run_as_launching_user
|
|
|
d83721 |
Set to YES if you want vsftpd to run as the user which launched vsftpd. This is
|
|
|
d83721 |
useful where root access is not available. MASSIVE WARNING! Do NOT enable this
|