diff --git a/SOURCES/0001-Add-new-filename-generation-algorithm-for-STOU-comma.patch b/SOURCES/0001-Add-new-filename-generation-algorithm-for-STOU-comma.patch new file mode 100644 index 0000000..6a557b7 --- /dev/null +++ b/SOURCES/0001-Add-new-filename-generation-algorithm-for-STOU-comma.patch @@ -0,0 +1,328 @@ +From ec60588d36f06acdd6a1b3c5959d2102f4f5b230 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 6 Feb 2018 13:30:44 +0100 +Subject: [PATCH] Add new filename generation algorithm for STOU command + +A new configuration option 'better_stou' can be used to enable +a better algorithm for generating unique filenames. + +Resolves: rhbz#1479237 +--- + parseconf.c | 1 + + postlogin.c | 177 +++++++++++++++++++++++++++++++++++++++++++++++++--------- + sysutil.c | 3 + + sysutil.h | 3 +- + tunables.c | 2 + + tunables.h | 3 + + vsftpd.conf.5 | 10 ++++ + 7 files changed, 172 insertions(+), 27 deletions(-) + +diff --git a/parseconf.c b/parseconf.c +index 33a1349..47b54f1 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -111,6 +111,7 @@ parseconf_bool_array[] = + { "http_enable", &tunable_http_enable }, + { "seccomp_sandbox", &tunable_seccomp_sandbox }, + { "allow_writeable_chroot", &tunable_allow_writeable_chroot }, ++ { "better_stou", &tunable_better_stou }, + { 0, 0 } + }; + +diff --git a/postlogin.c b/postlogin.c +index 869c2a2..3b50af2 100644 +--- a/postlogin.c ++++ b/postlogin.c +@@ -29,6 +29,7 @@ + #include "opts.h" + + #include ++#include + + /* Private local functions */ + static void handle_pwd(struct vsf_session* p_sess); +@@ -1021,6 +1022,115 @@ handle_stor(struct vsf_session* p_sess) + handle_upload_common(p_sess, 0, 0); + } + ++/* Based on __gen_tempname() from glibc - thanks, glibc! Relicensed ++ * from LGPL2.1+ to GPL2. ++ */ ++static int ++create_unique_file(struct vsf_session* p_sess, struct mystr* p_outstr, ++ const struct mystr* p_base_str, ++ int (*access_checker)(const struct mystr*)) ++{ ++ struct mystr s_result = INIT_MYSTR; ++ const int suffix_len = 6; ++ unsigned int count; ++ static unsigned long long int value; ++ unsigned long long int random_time_bits; ++ int fd = -1; ++ /* These are the characters used in temporary file names. */ ++ struct mystr s_letters = INIT_MYSTR; ++ unsigned int s_letters_len; ++ int base_len; ++ ++ str_alloc_text(&s_letters, ++ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"); ++ s_letters_len = str_getlen(&s_letters); ++ ++ /* A lower bound on the number of temporary files to attempt to ++ generate. The maximum total number of temporary file names that ++ can exist for a given template is 62**6. It should never be ++ necessary to try all of these combinations. Instead if a reasonable ++ number of names is tried (we define reasonable as 62**3) fail to ++ give the system administrator the chance to remove the problems. */ ++#define ATTEMPTS_MIN (62 * 62 * 62) ++ ++ /* The number of times to attempt to generate a temporary file. */ ++#if ATTEMPTS_MIN < TMP_MAX ++ unsigned int attempts = TMP_MAX; ++#else ++ unsigned int attempts = ATTEMPTS_MIN; ++#endif ++#undef ATTEMPTS_MIN ++ ++ { ++ long sec = vsf_sysutil_get_time_sec(); ++ long usec = vsf_sysutil_get_time_usec(); ++ random_time_bits = ((unsigned long long int) usec << 16) ^ sec; ++ value += random_time_bits ^ vsf_sysutil_getpid(); ++ } ++ ++ if (str_isempty(p_base_str)) ++ { ++ const char *base = "STOU."; ++ base_len = vsf_sysutil_strlen(base); ++ str_reserve(&s_result, base_len + suffix_len); ++ str_alloc_text(&s_result, base); ++ } ++ else ++ { ++ str_reserve(&s_result, str_getlen(p_base_str) + suffix_len + 1); ++ str_copy(&s_result, p_base_str); ++ str_append_char(&s_result, '.'); ++ base_len = str_getlen(&s_result); ++ } ++ ++ for (count = 0; count < attempts; value += 7777, ++count) ++ { ++ unsigned long long v = value; ++ int i; ++ str_trunc(&s_result, base_len); ++ for (i = 0; i < suffix_len; ++i) ++ { ++ char c; ++ c = str_get_char_at(&s_letters, v % s_letters_len); ++ v /= s_letters_len; ++ str_append_char(&s_result, c); ++ } ++ if (!access_checker(&s_result)) ++ { ++ /* If we generate a filename which is not allowed, we fail immediatelly, ++ * without trying any other possibilities. This is to prevent attackers ++ * from keeping us busy. ++ */ ++ vsf_cmdio_write(p_sess, FTP_NOPERM, "Permission denied."); ++ break; ++ } ++ fd = str_create_exclusive(&s_result); ++ if (vsf_sysutil_retval_is_error(fd)) ++ { ++ if (kVSFSysUtilErrEXIST == vsf_sysutil_get_error()) ++ { ++ continue; ++ } ++ else ++ { ++ vsf_cmdio_write(p_sess, FTP_UPLOADFAIL, "Could not create file."); ++ break; ++ } ++ } ++ else ++ { ++ break; ++ } ++ } ++ if (!vsf_sysutil_retval_is_error(fd)) ++ { ++ str_copy(p_outstr, &s_result); ++ } ++ str_free(&s_letters); ++ str_free(&s_result); ++ return fd; ++} ++ + static void + handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) + { +@@ -1042,41 +1152,56 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique) + return; + } + resolve_tilde(&p_sess->ftp_arg_str, p_sess); +- p_filename = &p_sess->ftp_arg_str; +- if (is_unique) +- { +- get_unique_filename(&s_filename, p_filename); +- p_filename = &s_filename; +- } + vsf_log_start_entry(p_sess, kVSFLogEntryUpload); + str_copy(&p_sess->log_str, &p_sess->ftp_arg_str); + prepend_path_to_filename(&p_sess->log_str); +- if (!vsf_access_check_file(p_filename)) +- { +- vsf_cmdio_write(p_sess, FTP_NOPERM, "Permission denied."); +- return; +- } +- /* NOTE - actual file permissions will be governed by the tunable umask */ +- /* XXX - do we care about race between create and chown() of anonymous +- * upload? +- */ +- if (is_unique || (p_sess->is_anonymous && !tunable_anon_other_write_enable)) ++ p_filename = &p_sess->ftp_arg_str; ++ if (is_unique && tunable_better_stou) + { +- new_file_fd = str_create_exclusive(p_filename); ++ new_file_fd = create_unique_file(p_sess, &s_filename, p_filename, ++ vsf_access_check_file); ++ if (vsf_sysutil_retval_is_error(new_file_fd)) ++ { ++ return; ++ } ++ p_filename = &s_filename; + } + else + { +- /* For non-anonymous, allow open() to overwrite or append existing files */ +- new_file_fd = str_create(p_filename); +- if (!is_append && offset == 0) ++ if (is_unique) + { +- do_truncate = 1; ++ get_unique_filename(&s_filename, p_filename); ++ p_filename = &s_filename; ++ } ++ if (!vsf_access_check_file(p_filename)) ++ { ++ vsf_cmdio_write(p_sess, FTP_NOPERM, "Permission denied."); ++ return; ++ } ++ /* NOTE - actual file permissions will be governed by the tunable umask */ ++ /* XXX - do we care about race between create and chown() of anonymous ++ * upload? ++ */ ++ if (is_unique || (p_sess->is_anonymous && !tunable_anon_other_write_enable)) ++ { ++ new_file_fd = str_create_exclusive(p_filename); ++ } ++ else ++ { ++ /* For non-anonymous, allow open() to overwrite or append existing ++ * files ++ */ ++ new_file_fd = str_create(p_filename); ++ if (!is_append && offset == 0) ++ { ++ do_truncate = 1; ++ } ++ } ++ if (vsf_sysutil_retval_is_error(new_file_fd)) ++ { ++ vsf_cmdio_write(p_sess, FTP_UPLOADFAIL, "Could not create file."); ++ return; + } +- } +- if (vsf_sysutil_retval_is_error(new_file_fd)) +- { +- vsf_cmdio_write(p_sess, FTP_UPLOADFAIL, "Could not create file."); +- return; + } + created = 1; + vsf_sysutil_fstat(new_file_fd, &s_p_statbuf); +diff --git a/sysutil.c b/sysutil.c +index e97f3bd..e6d88dc 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -1663,6 +1663,9 @@ vsf_sysutil_get_error(void) + case ENOENT: + retval = kVSFSysUtilErrNOENT; + break; ++ case EEXIST: ++ retval = kVSFSysUtilErrEXIST; ++ break; + default: + break; + } +diff --git a/sysutil.h b/sysutil.h +index b745d4a..15d4020 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -18,7 +18,8 @@ enum EVSFSysUtilError + kVSFSysUtilErrINVAL, + kVSFSysUtilErrOPNOTSUPP, + kVSFSysUtilErrACCES, +- kVSFSysUtilErrNOENT ++ kVSFSysUtilErrNOENT, ++ kVSFSysUtilErrEXIST + }; + enum EVSFSysUtilError vsf_sysutil_get_error(void); + +diff --git a/tunables.c b/tunables.c +index 9680528..5ec2bdc 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -92,6 +92,7 @@ int tunable_ftp_enable; + int tunable_http_enable; + int tunable_seccomp_sandbox; + int tunable_allow_writeable_chroot; ++int tunable_better_stou; + + unsigned int tunable_accept_timeout; + unsigned int tunable_connect_timeout; +@@ -239,6 +240,7 @@ tunables_load_defaults() + tunable_http_enable = 0; + tunable_seccomp_sandbox = 0; + tunable_allow_writeable_chroot = 0; ++ tunable_better_stou = 0; + + tunable_accept_timeout = 60; + tunable_connect_timeout = 60; +diff --git a/tunables.h b/tunables.h +index a466427..85ea1a8 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -93,6 +93,9 @@ extern int tunable_ftp_enable; /* Allow FTP protocol */ + extern int tunable_http_enable; /* Allow HTTP protocol */ + extern int tunable_seccomp_sandbox; /* seccomp filter sandbox */ + extern int tunable_allow_writeable_chroot; /* Allow misconfiguration */ ++extern int tunable_better_stou; /* Use better file name generation ++ * algorithm for the STOU command ++ */ + + /* Integer/numeric defines */ + extern unsigned int tunable_accept_timeout; +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 43b0435..e9ae474 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -65,6 +65,16 @@ creates an 'etc' directory in the new root directory, they could potentially + trick the C library into loading a user-created configuration file from the + /etc/ directory. + ++Default: NO ++.TP ++.B better_stou ++Use a better file name generation algorithm for the STOU command. The default ++original algorithm simply adds an increasing number suffix to the file name, ++which is prone to race conditions if multiple uploaders use the STOU command ++with the same file name simultaneously, which can result in failure of the ++command. The new algorithm adds a unique random six character suffix to ++the file name, which works much better in face of concurrent uploads. ++ + Default: NO + .TP + .B anon_mkdir_write_enable +-- +2.14.3 + diff --git a/SOURCES/0001-Document-allow_writeable_chroot-in-the-man-page.patch b/SOURCES/0001-Document-allow_writeable_chroot-in-the-man-page.patch new file mode 100644 index 0000000..e07a0ac --- /dev/null +++ b/SOURCES/0001-Document-allow_writeable_chroot-in-the-man-page.patch @@ -0,0 +1,32 @@ +From 35ec3be5427a54facd5f6299fda2da4c146d4846 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 24 Nov 2017 11:22:43 +0100 +Subject: [PATCH] Document allow_writeable_chroot in the man page + +--- + vsftpd.conf.5 | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 45b3f9c..d1f0db5 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -56,6 +56,15 @@ Only applies if + is active. If set to YES, anonymous users will be allowed to use secured SSL + connections. + ++Default: NO ++.TP ++.B allow_writeable_chroot ++Allow chroot()'ing a user to a directory writable by that user. Note that ++setting this to YES is potentially dangerous. For example, if the user ++creates an 'etc' directory in the new root directory, they could potentially ++trick the C library into loading a user-created configuration file from the ++/etc/ directory. ++ + Default: NO + .TP + .B anon_mkdir_write_enable +-- +2.14.3 + diff --git a/SOURCES/0001-Document-the-relationship-of-text_userdb_names-and-c.patch b/SOURCES/0001-Document-the-relationship-of-text_userdb_names-and-c.patch new file mode 100644 index 0000000..2f0c21a --- /dev/null +++ b/SOURCES/0001-Document-the-relationship-of-text_userdb_names-and-c.patch @@ -0,0 +1,29 @@ +From 221f35f302d53f5a89f8e79592492e7cb322e81a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 26 Oct 2017 13:08:32 +0200 +Subject: [PATCH] Document the relationship of text_userdb_names and + chroot_local_user + +Note in vsftpd.conf(5) that text_userdb_names may not work when +chroot_local_user is set to YES. +--- + vsftpd.conf.5 | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index a3d569e..45b3f9c 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -578,6 +578,9 @@ Default: NO + By default, numeric IDs are shown in the user and group fields of directory + listings. You can get textual names by enabling this parameter. It is off + by default for performance reasons. ++Note that textual names are not guaranteed when ++.BR chroot_local_user ++is set to YES. + + Default: NO + .TP +-- +2.14.3 + diff --git a/SOURCES/0001-Fix-rDNS-with-IPv6.patch b/SOURCES/0001-Fix-rDNS-with-IPv6.patch new file mode 100644 index 0000000..f52df92 --- /dev/null +++ b/SOURCES/0001-Fix-rDNS-with-IPv6.patch @@ -0,0 +1,195 @@ +From 01b646d2af0ed885d01d31a6479898a3c423a630 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 26 Apr 2018 10:00:19 +0200 +Subject: [PATCH] Fix rDNS with IPv6 + +Previously IPv6 addresses were not translated to hostnames for PAM to use. +--- + privops.c | 3 ++- + sysdeputil.c | 28 +++++++++++++++------------- + sysdeputil.h | 5 ++++- + sysutil.c | 35 +++++++++++++++++++++++++++++++++++ + sysutil.h | 4 ++++ + 5 files changed, 60 insertions(+), 15 deletions(-) + +diff --git a/privops.c b/privops.c +index f27c5c4..e577a27 100644 +--- a/privops.c ++++ b/privops.c +@@ -383,7 +383,8 @@ handle_local_login(struct vsf_session* p_sess, + struct mystr* p_user_str, + const struct mystr* p_pass_str) + { +- if (!vsf_sysdep_check_auth(p_user_str, p_pass_str, &p_sess->remote_ip_str)) ++ if (!vsf_sysdep_check_auth(p_sess, p_user_str, p_pass_str, ++ &p_sess->remote_ip_str)) + { + return kVSFLoginFail; + } +diff --git a/sysdeputil.c b/sysdeputil.c +index 2063c87..4fe56c2 100644 +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -16,10 +16,6 @@ + #include "tunables.h" + #include "builddefs.h" + +-/* For gethostbyaddr, inet_addr */ +-#include +-#include +- + /* For Linux, this adds nothing :-) */ + #include "port/porting_junk.h" + +@@ -242,13 +238,15 @@ void vsf_remove_uwtmp(void); + + #ifndef VSF_SYSDEP_HAVE_PAM + int +-vsf_sysdep_check_auth(struct mystr* p_user_str, ++vsf_sysdep_check_auth(struct vsf_session* p_sess, ++ struct mystr* p_user_str, + const struct mystr* p_pass_str, + const struct mystr* p_remote_host) + { + const char* p_crypted; + const struct passwd* p_pwd = getpwnam(str_getbuf(p_user_str)); + (void) p_remote_host; ++ (void) p_sess; + if (p_pwd == NULL) + { + return 0; +@@ -322,14 +320,14 @@ static int pam_conv_func(int nmsg, const struct pam_message** p_msg, + static void vsf_auth_shutdown(void); + + int +-vsf_sysdep_check_auth(struct mystr* p_user_str, ++vsf_sysdep_check_auth(struct vsf_session* p_sess, ++ struct mystr* p_user_str, + const struct mystr* p_pass_str, + const struct mystr* p_remote_host) + { + int retval = -1; + #ifdef PAM_RHOST +- struct sockaddr_in sin; +- struct hostent *host; ++ struct mystr hostname = INIT_MYSTR; + #endif + pam_item_t item; + const char* pam_user_name = 0; +@@ -354,13 +352,17 @@ vsf_sysdep_check_auth(struct mystr* p_user_str, + return 0; + } + #ifdef PAM_RHOST +- if (tunable_reverse_lookup_enable) { +- sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host)); +- host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET); +- if (host != (struct hostent*)0) +- retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name); ++ if (tunable_reverse_lookup_enable) ++ { ++ if (vsf_sysutil_get_hostname(p_sess->p_remote_addr, &hostname) == 0) ++ { ++ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(&hostname)); ++ str_free(&hostname); ++ } + else ++ { + retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); ++ } + } else { + retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); + } +diff --git a/sysdeputil.h b/sysdeputil.h +index 3b6b30a..6f2aa0a 100644 +--- a/sysdeputil.h ++++ b/sysdeputil.h +@@ -5,6 +5,8 @@ + #include "filesize.h" + #endif + ++#include "session.h" ++ + /* VSF_SYSDEPUTIL_H: + * Support for highly system dependent features, and querying for support + * or lack thereof +@@ -15,7 +17,8 @@ struct mystr; + + /* Authentication of local users */ + /* Return 0 for fail, 1 for success */ +-int vsf_sysdep_check_auth(struct mystr* p_user, ++int vsf_sysdep_check_auth(struct vsf_session* p_sess, ++ struct mystr* p_user, + const struct mystr* p_pass, + const struct mystr* p_remote_host); + +diff --git a/sysutil.c b/sysutil.c +index e847650..b68583b 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -2356,6 +2356,41 @@ vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, + } + } + ++int ++vsf_sysutil_get_hostname(struct vsf_sysutil_sockaddr *p_addr, ++ struct mystr* p_str) ++{ ++ struct sockaddr *sa; ++ socklen_t sa_len = 0; ++ char hostname[NI_MAXHOST]; ++ int res; ++ ++ sa = &p_addr->u.u_sockaddr; ++ if (sa->sa_family == AF_INET) ++ { ++ sa_len = sizeof(struct sockaddr_in); ++ } ++ else if (sa->sa_family == AF_INET6) ++ { ++ sa_len = sizeof(struct sockaddr_in6); ++ } ++ else ++ { ++ die("can only support ipv4 and ipv6 currently"); ++ } ++ res = getnameinfo(sa, sa_len, hostname, sizeof(hostname), NULL, 0, ++ NI_NAMEREQD); ++ if (res == 0) ++ { ++ str_alloc_text(p_str, hostname); ++ return 0; ++ } ++ else ++ { ++ return -1; ++ } ++} ++ + struct vsf_sysutil_user* + vsf_sysutil_getpwuid(const unsigned int uid) + { +diff --git a/sysutil.h b/sysutil.h +index 7a59f13..2df14ed 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -7,6 +7,8 @@ + #include "filesize.h" + #endif + ++#include "str.h" ++ + /* Return value queries */ + int vsf_sysutil_retval_is_error(int retval); + enum EVSFSysUtilError +@@ -266,6 +268,8 @@ int vsf_sysutil_connect_timeout(int fd, + unsigned int wait_seconds); + void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, + const char* p_name); ++int vsf_sysutil_get_hostname(struct vsf_sysutil_sockaddr *p_addr, ++ struct mystr* p_str); + /* Option setting on sockets */ + void vsf_sysutil_activate_keepalive(int fd); + void vsf_sysutil_rcvtimeo(int fd); +-- +2.14.3 + diff --git a/SOURCES/0001-Improve-documentation-of-ascii_-options.patch b/SOURCES/0001-Improve-documentation-of-ascii_-options.patch new file mode 100644 index 0000000..7a9e2d7 --- /dev/null +++ b/SOURCES/0001-Improve-documentation-of-ascii_-options.patch @@ -0,0 +1,64 @@ +From a423831f25396c54f92cdfc6f92a104ed77c2ee6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 24 Nov 2017 11:26:37 +0100 +Subject: [PATCH] Improve documentation of ascii_* options + +Resolves: rhbz#1517227 +--- + vsftpd.conf | 3 ++- + vsftpd.conf.5 | 20 ++++++++++++++++++++ + 2 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/vsftpd.conf b/vsftpd.conf +index 39d1955..acbc1e9 100644 +--- a/vsftpd.conf ++++ b/vsftpd.conf +@@ -73,7 +73,8 @@ xferlog_std_format=YES + # + # By default the server will pretend to allow ASCII mode but in fact ignore + # the request. Turn on the below options to have the server actually do ASCII +-# mangling on files when in ASCII mode. ++# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains ++# the behaviour when these options are disabled. + # Beware that on some FTP servers, ASCII support allows a denial of service + # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd + # predicted this attack and has always been safe, reporting the size of the +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index d1f0db5..b6ddf05 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -113,11 +113,31 @@ Default: YES + .TP + .B ascii_download_enable + When enabled, ASCII mode data transfers will be honoured on downloads. ++When disabled, the server will pretend to allow ASCII mode but in fact ++ignore requests to activate it. So the client will think the ASCII mode ++is active and therefore may still translate any ++.BR ++character sequences in the received file. See the following article for ++a detailed explanation of the behaviour: ++https://access.redhat.com/articles/3250241. ++ ++Turn this option on to have the server actually do ++ASCII mangling on files when in ASCII mode. + + Default: NO + .TP + .B ascii_upload_enable + When enabled, ASCII mode data transfers will be honoured on uploads. ++When disabled, the server will pretend to allow ASCII mode but in fact ++ignore requests to activate it. So the client will think the ASCII mode ++is active and will translate native line terminators to the standard ++.BR ++line terminators for transmission, but the server will not do ++any translation. See the following article for a detailed explanation ++of the behaviour: https://access.redhat.com/articles/3250241. ++ ++Turn this option on to have the server actually do ++ASCII mangling on files when in ASCII mode. + + Default: NO + .TP +-- +2.14.3 + diff --git a/SOURCES/0001-Log-die-calls-to-syslog.patch b/SOURCES/0001-Log-die-calls-to-syslog.patch new file mode 100644 index 0000000..d6aa2f8 --- /dev/null +++ b/SOURCES/0001-Log-die-calls-to-syslog.patch @@ -0,0 +1,206 @@ +From ee6af258e8cb1a7fada5e6d3e54429b89f12b158 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 15 Jun 2018 12:02:21 +0200 +Subject: [PATCH 1/3] Log die() calls to syslog + +Pass messages given to die(), die2() and bug() to syslog. Currently this +functionality requires waiting for a short amount of time (1 second is +used) after logging the message and before exiting. This is a workaround +for the following systemd bug: +https://github.com/systemd/systemd/issues/2913 + +The need for this workaround is the main reason why I decided not to +enable this functionality by default. + +Resolves: rhbz#1318198 +Resolves: rhbz#1582672 +--- + logging.c | 13 +++++++++---- + logging.h | 2 ++ + main.c | 4 ++++ + parseconf.c | 1 + + tcpwrap.c | 3 --- + tunables.c | 2 ++ + tunables.h | 2 ++ + utility.c | 11 +++++++++++ + vsftpd.conf.5 | 10 ++++++++++ + 9 files changed, 41 insertions(+), 7 deletions(-) + +diff --git a/logging.c b/logging.c +index c4461f7..9e86808 100644 +--- a/logging.c ++++ b/logging.c +@@ -30,10 +30,6 @@ static void vsf_log_do_log_to_file(int fd, struct mystr* p_str); + void + vsf_log_init(struct vsf_session* p_sess) + { +- if (tunable_syslog_enable || tunable_tcp_wrappers) +- { +- vsf_sysutil_openlog(0); +- } + if (!tunable_xferlog_enable && !tunable_dual_log_enable) + { + return; +@@ -389,3 +385,12 @@ vsf_log_do_log_vsftpd_format(struct vsf_session* p_sess, struct mystr* p_str, + } + } + ++void ++vsf_log_die(const char* p_text) ++{ ++ struct mystr log_str = INIT_MYSTR; ++ ++ str_append_text(&log_str, "ERROR: "); ++ str_append_text(&log_str, p_text); ++ str_syslog(&log_str, 1); ++} +diff --git a/logging.h b/logging.h +index 1ff57d1..75f06c1 100644 +--- a/logging.h ++++ b/logging.h +@@ -91,5 +91,7 @@ void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, + void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what, + struct mystr* p_str); + ++void vsf_log_die(const char* p_text); ++ + #endif /* VSF_LOGGING_H */ + +diff --git a/main.c b/main.c +index f039081..1178d44 100644 +--- a/main.c ++++ b/main.c +@@ -120,6 +120,10 @@ main(int argc, const char* argv[]) + } + vsf_sysutil_free(p_statbuf); + } ++ if (tunable_log_die || tunable_syslog_enable || tunable_tcp_wrappers) ++ { ++ vsf_sysutil_openlog(0); ++ } + /* Resolve pasv_address if required */ + if (tunable_pasv_address && tunable_pasv_addr_resolve) + { +diff --git a/parseconf.c b/parseconf.c +index 47b54f1..aeb401a 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -112,6 +112,7 @@ parseconf_bool_array[] = + { "seccomp_sandbox", &tunable_seccomp_sandbox }, + { "allow_writeable_chroot", &tunable_allow_writeable_chroot }, + { "better_stou", &tunable_better_stou }, ++ { "log_die", &tunable_log_die }, + { 0, 0 } + }; + +diff --git a/tcpwrap.c b/tcpwrap.c +index 5bf57d3..132b771 100644 +--- a/tcpwrap.c ++++ b/tcpwrap.c +@@ -27,15 +27,12 @@ int + vsf_tcp_wrapper_ok(int remote_fd) + { + struct request_info req; +- vsf_sysutil_openlog(0); + request_init(&req, RQ_DAEMON, "vsftpd", RQ_FILE, remote_fd, 0); + fromhost(&req); + if (!hosts_access(&req)) + { +- vsf_sysutil_closelog(); + return 0; + } +- vsf_sysutil_closelog(); + return 1; + } + +diff --git a/tunables.c b/tunables.c +index 5ec2bdc..63de8e6 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -93,6 +93,7 @@ int tunable_http_enable; + int tunable_seccomp_sandbox; + int tunable_allow_writeable_chroot; + int tunable_better_stou; ++int tunable_log_die; + + unsigned int tunable_accept_timeout; + unsigned int tunable_connect_timeout; +@@ -241,6 +242,7 @@ tunables_load_defaults() + tunable_seccomp_sandbox = 0; + tunable_allow_writeable_chroot = 0; + tunable_better_stou = 0; ++ tunable_log_die = 0; + + tunable_accept_timeout = 60; + tunable_connect_timeout = 60; +diff --git a/tunables.h b/tunables.h +index 85ea1a8..8a4b8b2 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -96,6 +96,8 @@ extern int tunable_allow_writeable_chroot; /* Allow misconfiguration */ + extern int tunable_better_stou; /* Use better file name generation + * algorithm for the STOU command + */ ++extern int tunable_log_die; /* Log calls to die(), die2() ++ * and bug() */ + + /* Integer/numeric defines */ + extern unsigned int tunable_accept_timeout; +diff --git a/utility.c b/utility.c +index 5fd714d..75e5bdd 100644 +--- a/utility.c ++++ b/utility.c +@@ -9,6 +9,8 @@ + #include "sysutil.h" + #include "str.h" + #include "defs.h" ++#include "logging.h" ++#include "tunables.h" + + #define DIE_DEBUG + +@@ -41,11 +43,20 @@ void + bug(const char* p_text) + { + /* Rats. Try and write the reason to the network for diagnostics */ ++ if (tunable_log_die) ++ { ++ vsf_log_die(p_text); ++ } + vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD); + (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10); + (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text, + vsf_sysutil_strlen(p_text)); + (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2); ++ if (tunable_log_die) ++ { ++ /* Workaround for https://github.com/systemd/systemd/issues/2913 */ ++ vsf_sysutil_sleep(1.0); ++ } + vsf_sysutil_exit(2); + } + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index e9ae474..f246906 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -358,6 +358,16 @@ wanting to e.g. append a file. + + Default: YES + .TP ++.B log_die ++Log an error to syslog when some error condition occurs and vsftpd decides ++to quit. Internally, the error messages given to the functions die(), die2() ++and bug() are passed to syslog. Currently this functionality requires waiting ++for a short amount of time (1 second is used) after logging the message and ++before exiting. This is a workaround for the following systemd bug: ++https://github.com/systemd/systemd/issues/2913 ++ ++Default: NO ++.TP + .B log_ftp_protocol + When enabled, all FTP requests and responses are logged, providing the option + xferlog_std_format is not enabled. Useful for debugging. +-- +2.14.4 + diff --git a/SOURCES/0001-Redefine-VSFTP_COMMAND_FD-to-1.patch b/SOURCES/0001-Redefine-VSFTP_COMMAND_FD-to-1.patch new file mode 100644 index 0000000..f1003e8 --- /dev/null +++ b/SOURCES/0001-Redefine-VSFTP_COMMAND_FD-to-1.patch @@ -0,0 +1,29 @@ +From 18e0ab25a0d66088728b506cf64f5545637eda26 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Tue, 5 Sep 2017 14:26:08 +0200 +Subject: [PATCH] Redefine VSFTP_COMMAND_FD to 1 + +Redefine VSFTP_COMMAND_FD to 1 (stdout) so that error messages generated +during startup are picked up by systemd. + +Resolves: rhbz#1443055 +--- + defs.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/defs.h b/defs.h +index bde3232..315f0f0 100644 +--- a/defs.h ++++ b/defs.h +@@ -3,7 +3,7 @@ + + #define VSFTP_DEFAULT_CONFIG "/etc/vsftpd/vsftpd.conf" + +-#define VSFTP_COMMAND_FD 0 ++#define VSFTP_COMMAND_FD 1 + + #define VSFTP_PASSWORD_MAX 128 + #define VSFTP_USERNAME_MAX 128 +-- +2.14.3 + diff --git a/SOURCES/0002-Improve-error-message-when-max-number-of-bind-attemp.patch b/SOURCES/0002-Improve-error-message-when-max-number-of-bind-attemp.patch new file mode 100644 index 0000000..221a2de --- /dev/null +++ b/SOURCES/0002-Improve-error-message-when-max-number-of-bind-attemp.patch @@ -0,0 +1,27 @@ +From 380e40930661d643c865bace4e1791ca8f9d74cf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 18 Jun 2018 14:01:46 +0200 +Subject: [PATCH 2/3] Improve error message when max number of bind attempts is + exceeded + +Resolves: rhbz#1318198 +--- + privops.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/privops.c b/privops.c +index e577a27..010d28d 100644 +--- a/privops.c ++++ b/privops.c +@@ -183,7 +183,7 @@ vsf_privop_pasv_listen(struct vsf_session* p_sess) + } + if (!bind_retries) + { +- die("vsf_sysutil_bind"); ++ die("vsf_sysutil_bind, maximum number of attempts to find a listening port exceeded"); + } + return the_port; + } +-- +2.14.4 + diff --git a/SOURCES/0003-Make-the-max-number-of-bind-retries-tunable.patch b/SOURCES/0003-Make-the-max-number-of-bind-retries-tunable.patch new file mode 100644 index 0000000..533bd29 --- /dev/null +++ b/SOURCES/0003-Make-the-max-number-of-bind-retries-tunable.patch @@ -0,0 +1,103 @@ +From be7c2d639127dd8af0139caf94f8c29f431d3753 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Mon, 18 Jun 2018 10:13:48 +0200 +Subject: [PATCH 3/3] Make the max number of bind retries tunable + +Resolves: rhbz#1318198 +--- + parseconf.c | 1 + + privops.c | 8 ++++++-- + tunables.c | 2 ++ + tunables.h | 1 + + vsftpd.conf.5 | 5 +++++ + 5 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/parseconf.c b/parseconf.c +index aeb401a..3cfe7da 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -143,6 +143,7 @@ parseconf_uint_array[] = + { "delay_successful_login", &tunable_delay_successful_login }, + { "max_login_fails", &tunable_max_login_fails }, + { "chown_upload_mode", &tunable_chown_upload_mode }, ++ { "bind_retries", &tunable_bind_retries }, + { 0, 0 } + }; + +diff --git a/privops.c b/privops.c +index 010d28d..83b25c7 100644 +--- a/privops.c ++++ b/privops.c +@@ -120,8 +120,8 @@ unsigned short + vsf_privop_pasv_listen(struct vsf_session* p_sess) + { + static struct vsf_sysutil_sockaddr* s_p_sockaddr; +- int bind_retries = 10; +- unsigned short the_port; ++ int bind_retries = tunable_bind_retries + 1; ++ unsigned short the_port = 0; + /* IPPORT_RESERVED */ + unsigned short min_port = 1024; + unsigned short max_port = 65535; +@@ -131,6 +131,10 @@ vsf_privop_pasv_listen(struct vsf_session* p_sess) + die("listed fd already active"); + } + ++ if (bind_retries < 2) ++ { ++ bind_retries = 2; ++ } + if (tunable_pasv_min_port > min_port && tunable_pasv_min_port <= max_port) + { + min_port = (unsigned short) tunable_pasv_min_port; +diff --git a/tunables.c b/tunables.c +index 63de8e6..a7ce9c8 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -115,6 +115,7 @@ unsigned int tunable_delay_failed_login; + unsigned int tunable_delay_successful_login; + unsigned int tunable_max_login_fails; + unsigned int tunable_chown_upload_mode; ++unsigned int tunable_bind_retries; + + const char* tunable_secure_chroot_dir; + const char* tunable_ftp_username; +@@ -268,6 +269,7 @@ tunables_load_defaults() + tunable_max_login_fails = 3; + /* -rw------- */ + tunable_chown_upload_mode = 0600; ++ tunable_bind_retries = 9; + + install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); + install_str_setting("ftp", &tunable_ftp_username); +diff --git a/tunables.h b/tunables.h +index 8a4b8b2..029d645 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -120,6 +120,7 @@ extern unsigned int tunable_delay_failed_login; + extern unsigned int tunable_delay_successful_login; + extern unsigned int tunable_max_login_fails; + extern unsigned int tunable_chown_upload_mode; ++extern unsigned int tunable_bind_retries; + + /* String defines */ + extern const char* tunable_secure_chroot_dir; +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index f246906..ce3fba3 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -760,6 +760,11 @@ value will be treated as a base 10 integer! + + Default: 077 + .TP ++.B bind_retries ++Maximum number of attempts to find a free listening port in passive mode. ++ ++Default: 9 ++.TP + .B chown_upload_mode + The file mode to force for chown()ed anonymous uploads. (Added in v2.0.6). + +-- +2.14.4 + diff --git a/SPECS/vsftpd.spec b/SPECS/vsftpd.spec index 5b0bdfe..ad95d44 100644 --- a/SPECS/vsftpd.spec +++ b/SPECS/vsftpd.spec @@ -3,7 +3,7 @@ Name: vsftpd Version: 3.0.2 -Release: 22%{?dist} +Release: 25%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -76,6 +76,15 @@ Patch38: vsftpd-2.2.2-syslog.patch Patch39: vsftpd-3.0.2-docupd.patch Patch40: vsftpd-2.2.2-tlsv1_2.patch Patch41: vsftpd-3.0.2-defaulttls.patch +Patch42: 0001-Redefine-VSFTP_COMMAND_FD-to-1.patch +Patch43: 0001-Document-the-relationship-of-text_userdb_names-and-c.patch +Patch44: 0001-Document-allow_writeable_chroot-in-the-man-page.patch +Patch45: 0001-Improve-documentation-of-ascii_-options.patch +Patch46: 0001-Add-new-filename-generation-algorithm-for-STOU-comma.patch +Patch47: 0001-Fix-rDNS-with-IPv6.patch +Patch48: 0001-Log-die-calls-to-syslog.patch +Patch49: 0002-Improve-error-message-when-max-number-of-bind-attemp.patch +Patch50: 0003-Make-the-max-number-of-bind-retries-tunable.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -132,6 +141,15 @@ cp %{SOURCE1} . %patch39 -p1 -b .docup %patch40 -p1 -b .tls_version %patch41 -p1 -b .defaulttls +%patch42 -p1 -b .command-fd +%patch43 -p1 -b .text-userdb-names +%patch44 -p1 -b .allow-writeable-chroot +%patch45 -p1 -b .ascii +%patch46 -p1 -b .better-stou +%patch47 -p1 -b .ipv6-rdns +%patch48 -p1 -b .errors-to-syslog +%patch49 -p1 -b .improve-error-message +%patch50 -p1 -b .bind-retries-configurable %build %ifarch s390x sparcv9 sparc64 @@ -202,6 +220,28 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/rc.d/init.d/vsftpd %changelog +* Thu Jun 21 2018 Ondřej Lysoněk - 3.0.2-25 +- Add config option log_die allowing to pass error messages to syslog +- Add config option bind_retries allowing to change the max number +- of attempts to find a listening port for the PASV/EPSV command +- Resolves: rhbz#1318198 + +* Wed May 16 2018 Ondřej Lysoněk - 3.0.2-24 +- Fix reverse hostname lookup with IPv6 +- Resolves: rhbz#1576705 + +* Thu Apr 05 2018 Ondřej Lysoněk - 3.0.2-23 +- Redefine VSFTP_COMMAND_FD to 1 +- Resolves: rhbz#1443055 +- Document the relationship of text_userdb_names and chroot_local_user +- Resolves: rhbz#1508021 +- Document allow_writeable_chroot in the man page +- Resolves: rhbz#1508022 +- Improve documentation of ascii_* options +- Resolves: rhbz#1517227 +- Add new filename generation algorithm for STOU command +- Resolves: rhbz#1479237 + * Thu Mar 23 2017 Zdenek Dohnal - 3.0.2-22 - Resolves: #1432054 - secure ftp stopped working with default TLS settings in the new vsftpd package