Hello community,
here is the log from the commit of package vsftpd for openSUSE:Factory
checked in at Fri Aug 13 02:40:08 CEST 2010.
--------
--- vsftpd/vsftpd.changes 2010-05-25 15:05:53.000000000 +0200
+++ /mounts/work_src_done/STABLE/vsftpd/vsftpd.changes 2010-08-10 06:57:32.000000000 +0200
@@ -1,0 +2,20 @@
+Tue Aug 10 04:55:16 UTC 2010 - cristian.rodriguez@opensuse.org
+
+- Update to 2.3.0
+- Add extremely simply HTTP support. It's very experimental, ignorant of HTTP
+protocol and headers, and likely has all sorts of other issues. The use case
+it might satisfy is if you need to serve simple static unathenticated content
+with large levels of paranoia.
+- Fix port_promiscuous breakage.
+- Minor FAQ update.
+- Use a larger address space limit if using text_userdb_names=YES
+- Always use CLONE_NEWNET if possible when in HTTP mode.
+- Change REST + STOR so that it's possible to overwrite part of file without
+truncating it.
+- Boot the session if we see a USER where encryption was required. May prevent
+the transmission of plaintext passwords by buggy clients.
+- Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n
+fixups.
+
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
vsftpd-2.2.2.tar.bz2
New:
----
vsftpd-2.3.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ vsftpd.spec ++++++
--- /var/tmp/diff_new_pack.hsxnIk/_old 2010-08-13 02:39:24.000000000 +0200
+++ /var/tmp/diff_new_pack.hsxnIk/_new 2010-08-13 02:39:24.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package vsftpd (Version 2.2.2)
+# spec file for package vsftpd (Version 2.3.0)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -25,8 +25,8 @@
%else
BuildRequires: libcap-devel
%endif
-Version: 2.2.2
-Release: 2
+Version: 2.3.0
+Release: 1
Summary: Very Secure FTP Daemon - Written from Scratch
License: GPLv2+
Group: Productivity/Networking/Ftp/Servers
@@ -49,6 +49,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq /usr/sbin/useradd
+Requires: logrotate
%description
Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure.
@@ -63,13 +64,13 @@
%prep
%setup -q
-%patch1 -p1
-%patch3 -p1
+%patch1
+%patch3
%patch4
%patch5
%patch6
%patch7
-%patch8 -p1
+%patch8
%patch9
%build
@@ -100,6 +101,9 @@
%preun
%stop_on_removal %name
+%post
+%{fillup_and_insserv -f %{name}}
+
%postun
%insserv_cleanup
%restart_on_update %name
@@ -111,7 +115,7 @@
%defattr(-,root,root)
/usr/sbin/%name
/usr/sbin/rc%name
-/etc/init.d/%name
+%config /etc/init.d/%name
%_datadir/omc/svcinfo.d/vsftpd.xml
%dir /usr/share/empty
%config(noreplace) /etc/xinetd.d/%name
++++++ vsftpd-2.0.4-conf.diff ++++++
--- /var/tmp/diff_new_pack.hsxnIk/_old 2010-08-13 02:39:24.000000000 +0200
+++ /var/tmp/diff_new_pack.hsxnIk/_new 2010-08-13 02:39:24.000000000 +0200
@@ -1,7 +1,7 @@
Index: vsftpd.conf
===================================================================
---- vsftpd.conf.orig
-+++ vsftpd.conf
+--- vsftpd.conf.orig 2009-10-19 04:04:23.000000000 +0200
++++ vsftpd.conf 2010-08-10 06:51:08.357391000 +0200
@@ -4,23 +4,89 @@
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
++++++ vsftpd-2.0.4-dmapi.patch ++++++
--- /var/tmp/diff_new_pack.hsxnIk/_old 2010-08-13 02:39:24.000000000 +0200
+++ /var/tmp/diff_new_pack.hsxnIk/_new 2010-08-13 02:39:24.000000000 +0200
@@ -1,8 +1,8 @@
Index: postlogin.c
===================================================================
---- postlogin.c.orig
-+++ postlogin.c
-@@ -1015,6 +1015,11 @@ handle_upload_common(struct vsf_session*
+--- postlogin.c.orig 2010-03-26 05:01:06.000000000 +0100
++++ postlogin.c 2010-08-10 06:51:06.796475000 +0200
+@@ -1036,6 +1036,11 @@ handle_upload_common(struct vsf_session*
{
do_truncate = 1;
}
++++++ vsftpd-2.0.4-enable-ssl.patch ++++++
--- /var/tmp/diff_new_pack.hsxnIk/_old 2010-08-13 02:39:24.000000000 +0200
+++ /var/tmp/diff_new_pack.hsxnIk/_new 2010-08-13 02:39:24.000000000 +0200
@@ -1,7 +1,7 @@
Index: builddefs.h
===================================================================
---- builddefs.h.orig
-+++ builddefs.h
+--- builddefs.h.orig 2010-08-06 02:50:31.000000000 +0200
++++ builddefs.h 2010-08-10 06:51:06.520558000 +0200
@@ -3,7 +3,7 @@
#undef VSF_BUILD_TCPWRAPPERS
++++++ vsftpd-2.0.4-lib64.diff ++++++
--- /var/tmp/diff_new_pack.hsxnIk/_old 2010-08-13 02:39:24.000000000 +0200
+++ /var/tmp/diff_new_pack.hsxnIk/_new 2010-08-13 02:39:24.000000000 +0200
@@ -1,7 +1,7 @@
-Index: vsftpd-2.2.2/vsf_findlibs.sh
+Index: vsf_findlibs.sh
===================================================================
---- vsftpd-2.2.2.orig/vsf_findlibs.sh
-+++ vsftpd-2.2.2/vsf_findlibs.sh
+--- vsf_findlibs.sh.orig 2009-10-19 04:05:21.000000000 +0200
++++ vsf_findlibs.sh 2010-08-10 06:51:05.899564000 +0200
@@ -14,6 +14,7 @@ fi
# crypt library.
if find_func pam_start sysdeputil.o; then
++++++ vsftpd-2.0.4-xinetd.diff ++++++
--- /var/tmp/diff_new_pack.hsxnIk/_old 2010-08-13 02:39:24.000000000 +0200
+++ /var/tmp/diff_new_pack.hsxnIk/_new 2010-08-13 02:39:24.000000000 +0200
@@ -1,7 +1,7 @@
-Index: vsftpd-2.2.2/xinetd.d/vsftpd
+Index: xinetd.d/vsftpd
===================================================================
---- vsftpd-2.2.2.orig/xinetd.d/vsftpd
-+++ vsftpd-2.2.2/xinetd.d/vsftpd
+--- xinetd.d/vsftpd.orig 2008-02-02 02:30:40.000000000 +0100
++++ xinetd.d/vsftpd 2010-08-10 06:51:06.236565000 +0200
@@ -1,18 +1,23 @@
-# default: on
+# default: off
++++++ vsftpd-2.0.5-enable-debuginfo.patch ++++++
--- /var/tmp/diff_new_pack.hsxnIk/_old 2010-08-13 02:39:24.000000000 +0200
+++ /var/tmp/diff_new_pack.hsxnIk/_new 2010-08-13 02:39:24.000000000 +0200
@@ -1,7 +1,7 @@
Index: Makefile
===================================================================
---- Makefile.orig
-+++ Makefile
+--- Makefile.orig 2009-05-22 21:44:52.000000000 +0200
++++ Makefile 2010-08-10 06:51:07.756405000 +0200
@@ -6,7 +6,7 @@ IFLAGS = -idirafter dummyinc
CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion
++++++ vsftpd-2.0.5-utf8-log-names.patch ++++++
--- /var/tmp/diff_new_pack.hsxnIk/_old 2010-08-13 02:39:24.000000000 +0200
+++ /var/tmp/diff_new_pack.hsxnIk/_new 2010-08-13 02:39:24.000000000 +0200
@@ -1,7 +1,7 @@
-Index: vsftpd-2.2.2/str.c
+Index: str.c
===================================================================
---- vsftpd-2.2.2.orig/str.c
-+++ vsftpd-2.2.2/str.c
+--- str.c.orig 2008-12-17 06:54:16.000000000 +0100
++++ str.c 2010-08-10 06:51:08.032395000 +0200
@@ -27,6 +27,24 @@ static int str_equal_internal(const char
const char* p_buf2, unsigned int buf2_len);
@@ -91,10 +91,10 @@
}
}
}
-Index: vsftpd-2.2.2/str.h
+Index: str.h
===================================================================
---- vsftpd-2.2.2.orig/str.h
-+++ vsftpd-2.2.2/str.h
+--- str.h.orig 2008-12-17 06:53:23.000000000 +0100
++++ str.h 2010-08-10 06:51:08.037398000 +0200
@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str);
void str_trunc(struct mystr* p_str, unsigned int trunc_len);
void str_reserve(struct mystr* p_str, unsigned int res_len);
++++++ vsftpd-2.0.5-vuser.patch ++++++
--- /var/tmp/diff_new_pack.hsxnIk/_old 2010-08-13 02:39:24.000000000 +0200
+++ /var/tmp/diff_new_pack.hsxnIk/_new 2010-08-13 02:39:24.000000000 +0200
@@ -1,7 +1,7 @@
Index: EXAMPLE/VIRTUAL_USERS/vsftpd.pam
===================================================================
---- EXAMPLE/VIRTUAL_USERS/vsftpd.pam.orig
-+++ EXAMPLE/VIRTUAL_USERS/vsftpd.pam
+--- EXAMPLE/VIRTUAL_USERS/vsftpd.pam.orig 2008-02-02 02:30:40.000000000 +0100
++++ EXAMPLE/VIRTUAL_USERS/vsftpd.pam 2010-08-10 06:51:07.074476000 +0200
@@ -1,2 +1,2 @@
-auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
-account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
++++++ vsftpd-2.2.2.tar.bz2 -> vsftpd-2.3.0.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/Changelog new/vsftpd-2.3.0/Changelog
--- old/vsftpd-2.2.2/Changelog 2009-11-17 21:16:26.000000000 +0100
+++ new/vsftpd-2.3.0/Changelog 2010-08-06 02:50:15.000000000 +0200
@@ -1213,3 +1213,24 @@
At this point: v2.2.2 released!
===============================
+
+- Add extremely simply HTTP support. It's very experimental, ignorant of HTTP
+protocol and headers, and likely has all sorts of other issues. The use case
+it might satisfy is if you need to serve simple static unathenticated content
+with large levels of paranoia.
+- Fix port_promiscuous breakage. Report from Soeren .
+(v2.3.0pre1)
+- Minor FAQ update.
+- Use a larger address space limit if using text_userdb_names=YES
+- Always use CLONE_NEWNET if possible when in HTTP mode.
+- Change REST + STOR so that it's possible to overwrite part of file without
+truncating it.
+(v2.3.0pre2)
+- Boot the session if we see a USER where encryption was required. May prevent
+the transmission of plaintext passwords by buggy clients. Idea from
+Marcin Hlybin .
+- Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n
+fixups.
+
+At this point: v2.3.0 released!
+===============================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/FAQ new/vsftpd-2.3.0/FAQ
--- old/vsftpd-2.2.2/FAQ 2009-02-18 23:33:04.000000000 +0100
+++ new/vsftpd-2.3.0/FAQ 2010-03-26 04:05:20.000000000 +0100
@@ -253,6 +253,12 @@
FTP clients reuse sessions (e.g. curl). You can disable this requirement by
changing require_ssl_reuse to NO.
+Q) Help! My LDAP / mysql / etc. authentication and / or username lookup are
+failing!
+A) As of v2.2.0, the built-in sandboxing uses network isolation on Linux. This
+may be interfering with any module that needs to use the network to perform
+operations or lookups. Try changing isolate_network to NO.
+
Q) Blah.. blah..
A) For a good idea of what vsftpd can do, read the vsftpd.conf.5 man page
and the EXAMPLES.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/README new/vsftpd-2.3.0/README
--- old/vsftpd-2.2.2/README 2009-11-07 05:46:42.000000000 +0100
+++ new/vsftpd-2.3.0/README 2010-03-17 03:41:17.000000000 +0100
@@ -1,4 +1,4 @@
-This is vsftpd, version 2.2.2
+This is vsftpd, version 2.3.0
Author: Chris Evans
Contact: scarybeasts@gmail.com
Website: http://vsftpd.beasts.org/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/defs.h new/vsftpd-2.3.0/defs.h
--- old/vsftpd-2.2.2/defs.h 2009-01-07 21:22:22.000000000 +0100
+++ new/vsftpd-2.3.0/defs.h 2010-08-06 02:43:50.000000000 +0200
@@ -15,9 +15,10 @@
#define VSFTP_LISTEN_BACKLOG 32
#define VSFTP_SECURE_UMASK 077
#define VSFTP_ROOT_UID 0
-/* Must be greater than both VSFTP_MAX_COMMAND_LINE and VSFTP_DIR_BUFSIZE */
-#define VSFTP_PRIVSOCK_MAXSTR VSFTP_DATA_BUFSIZE
-#define VSFTP_AS_LIMIT 100 * 1024 * 1024
+/* Must be at least the size of VSFTP_MAX_COMMAND_LINE, VSFTP_DIR_BUFSIZE and
+ VSFTP_DATA_BUFSIZE*2 */
+#define VSFTP_PRIVSOCK_MAXSTR VSFTP_DATA_BUFSIZE * 2
+#define VSFTP_AS_LIMIT 100UL * 1024 * 1024
#endif /* VSF_DEFS_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/main.c new/vsftpd-2.3.0/main.c
--- old/vsftpd-2.2.2/main.c 2009-07-18 07:55:53.000000000 +0200
+++ new/vsftpd-2.3.0/main.c 2010-03-26 04:14:45.000000000 +0100
@@ -45,6 +45,8 @@
1, 0, INIT_MYSTR, INIT_MYSTR,
/* Protocol state */
0, 1, INIT_MYSTR, 0, 0,
+ /* HTTP hacks */
+ 0, INIT_MYSTR,
/* Session state */
0,
/* Userids */
@@ -282,6 +284,14 @@
{
die("vsftpd: both local and anonymous access disabled!");
}
+ if (!tunable_ftp_enable && !tunable_http_enable)
+ {
+ die("vsftpd: both FTP and HTTP disabled!");
+ }
+ if (tunable_http_enable && !tunable_one_process_model)
+ {
+ die("vsftpd: HTTP needs 'one_process_model' for now");
+ }
}
static void
@@ -299,7 +309,15 @@
static void
limits_init(void)
{
- vsf_sysutil_set_address_space_limit(VSFTP_AS_LIMIT);
+ unsigned long limit = VSFTP_AS_LIMIT;
+ if (tunable_text_userdb_names)
+ {
+ /* Turns out, LDAP lookups for lots of userid -> name mappings can really
+ * bloat memory usage.
+ */
+ limit *= 3;
+ }
+ vsf_sysutil_set_address_space_limit(limit);
}
static void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/oneprocess.c new/vsftpd-2.3.0/oneprocess.c
--- old/vsftpd-2.2.2/oneprocess.c 2009-07-07 19:52:21.000000000 +0200
+++ new/vsftpd-2.3.0/oneprocess.c 2010-03-18 06:16:05.000000000 +0100
@@ -129,7 +129,7 @@
vsf_one_process_get_priv_data_sock(struct vsf_session* p_sess)
{
unsigned short port = vsf_sysutil_sockaddr_get_port(p_sess->p_port_sockaddr);
- return vsf_privop_get_ftp_port_sock(p_sess, port);
+ return vsf_privop_get_ftp_port_sock(p_sess, port, 1);
}
void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/parseconf.c new/vsftpd-2.3.0/parseconf.c
--- old/vsftpd-2.2.2/parseconf.c 2009-08-07 20:46:40.000000000 +0200
+++ new/vsftpd-2.3.0/parseconf.c 2010-03-17 03:45:36.000000000 +0100
@@ -103,6 +103,8 @@
{ "require_ssl_reuse", &tunable_require_ssl_reuse },
{ "isolate", &tunable_isolate },
{ "isolate_network", &tunable_isolate_network },
+ { "ftp_enable", &tunable_ftp_enable },
+ { "http_enable", &tunable_http_enable },
{ 0, 0 }
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/postlogin.c new/vsftpd-2.3.0/postlogin.c
--- old/vsftpd-2.2.2/postlogin.c 2009-11-07 05:55:12.000000000 +0100
+++ new/vsftpd-2.3.0/postlogin.c 2010-03-26 05:01:06.000000000 +0100
@@ -32,7 +32,7 @@
static void handle_pwd(struct vsf_session* p_sess);
static void handle_cwd(struct vsf_session* p_sess);
static void handle_pasv(struct vsf_session* p_sess, int is_epsv);
-static void handle_retr(struct vsf_session* p_sess);
+static void handle_retr(struct vsf_session* p_sess, int is_http);
static void handle_cdup(struct vsf_session* p_sess);
static void handle_list(struct vsf_session* p_sess);
static void handle_type(struct vsf_session* p_sess);
@@ -60,6 +60,7 @@
static void handle_stat_file(struct vsf_session* p_sess);
static void handle_logged_in_user(struct vsf_session* p_sess);
static void handle_logged_in_pass(struct vsf_session* p_sess);
+static void handle_http(struct vsf_session* p_sess);
static int pasv_active(struct vsf_session* p_sess);
static int port_active(struct vsf_session* p_sess);
@@ -93,6 +94,12 @@
vsf_sysutil_set_umask(tunable_local_umask);
p_sess->bw_rate_max = tunable_local_max_rate;
}
+ if (p_sess->is_http)
+ {
+ handle_http(p_sess);
+ bug("should not be reached");
+ }
+
if (tunable_async_abor_enable)
{
vsf_sysutil_install_sighandler(kVSFSysUtilSigURG, handle_sigurg, p_sess, 0);
@@ -101,6 +108,7 @@
/* Handle any login message */
vsf_banner_dir_changed(p_sess, FTP_LOGINOK);
vsf_cmdio_write(p_sess, FTP_LOGINOK, "Login successful.");
+
while(1)
{
int cmd_ok = 1;
@@ -204,7 +212,7 @@
else if (tunable_download_enable &&
str_equal_text(&p_sess->ftp_cmd_str, "RETR"))
{
- handle_retr(p_sess);
+ handle_retr(p_sess, 0);
}
else if (str_equal_text(&p_sess->ftp_cmd_str, "NOOP"))
{
@@ -621,7 +629,7 @@
}
static void
-handle_retr(struct vsf_session* p_sess)
+handle_retr(struct vsf_session* p_sess, int is_http)
{
static struct mystr s_mark_str;
static struct vsf_sysutil_statbuf* s_p_statbuf;
@@ -631,7 +639,7 @@
int is_ascii = 0;
filesize_t offset = p_sess->restart_pos;
p_sess->restart_pos = 0;
- if (!data_transfer_checks_ok(p_sess))
+ if (!is_http && !data_transfer_checks_ok(p_sess))
{
return;
}
@@ -708,14 +716,23 @@
str_append_filesize_t(&s_mark_str,
vsf_sysutil_statbuf_get_size(s_p_statbuf));
str_append_text(&s_mark_str, " bytes).");
- remote_fd = get_remote_transfer_fd(p_sess, str_getbuf(&s_mark_str));
- if (vsf_sysutil_retval_is_error(remote_fd))
+ if (is_http)
{
- goto port_pasv_cleanup_out;
+ remote_fd = VSFTP_COMMAND_FD;
+ }
+ else
+ {
+ remote_fd = get_remote_transfer_fd(p_sess, str_getbuf(&s_mark_str));
+ if (vsf_sysutil_retval_is_error(remote_fd))
+ {
+ goto port_pasv_cleanup_out;
+ }
}
trans_ret = vsf_ftpdataio_transfer_file(p_sess, remote_fd,
opened_file, 0, is_ascii);
- if (vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 && trans_ret.retval == 0)
+ if (!is_http &&
+ vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 &&
+ trans_ret.retval == 0)
{
trans_ret.retval = -2;
}
@@ -725,6 +742,10 @@
{
vsf_log_do_log(p_sess, 1);
}
+ if (is_http)
+ {
+ goto file_close_out;
+ }
/* Emit status message _after_ blocking dispose call to avoid buggy FTP
* clients truncating the transfer.
*/
@@ -1057,12 +1078,12 @@
if (!is_append && offset != 0)
{
/* XXX - warning, allows seek past end of file! Check for seek > size? */
- /* XXX - also, currently broken as the O_APPEND flag will always write
- * at the end of file. No known complaints yet; can easily fix if one
- * comes in.
- */
vsf_sysutil_lseek_to(new_file_fd, offset);
}
+ else if (is_append)
+ {
+ vsf_sysutil_lseek_end(new_file_fd);
+ }
if (is_unique)
{
struct mystr resp_str = INIT_MYSTR;
@@ -1898,3 +1919,53 @@
{
vsf_cmdio_write(p_sess, FTP_LOGINOK, "Already logged in.");
}
+
+static void
+handle_http(struct vsf_session* p_sess)
+{
+ /* Warning: Doesn't respect cmds_allowed etc. because there is currently only
+ * one command (GET)!
+ * HTTP likely doesn't respect other important FTP options. I don't think
+ * logging works.
+ */
+ if (!tunable_download_enable)
+ {
+ bug("HTTP needs download - fix your config");
+ }
+ /* Eat the HTTP headers, which we don't care about. */
+ do
+ {
+ vsf_cmdio_get_cmd_and_arg(p_sess, &p_sess->ftp_cmd_str,
+ &p_sess->ftp_arg_str, 1);
+ }
+ while (!str_isempty(&p_sess->ftp_cmd_str) ||
+ !str_isempty(&p_sess->ftp_arg_str));
+ vsf_cmdio_write_raw(p_sess, "HTTP/1.1 200 OK\r\n");
+ vsf_cmdio_write_raw(p_sess, "Server: vsftpd\r\n");
+ vsf_cmdio_write_raw(p_sess, "Connection: close\r\n");
+ vsf_cmdio_write_raw(p_sess, "X-Frame-Options: SAMEORIGIN\r\n");
+ vsf_cmdio_write_raw(p_sess, "X-Content-Type-Options: nosniff\r\n");
+ /* Split the path from the HTTP/1.x */
+ str_split_char(&p_sess->http_get_arg, &p_sess->ftp_arg_str, ' ');
+ str_copy(&p_sess->ftp_arg_str, &p_sess->http_get_arg);
+ str_split_char(&p_sess->http_get_arg, &p_sess->ftp_cmd_str, '.');
+ str_upper(&p_sess->ftp_cmd_str);
+ if (str_equal_text(&p_sess->ftp_cmd_str, "HTML") ||
+ str_equal_text(&p_sess->ftp_cmd_str, "HTM"))
+ {
+ vsf_cmdio_write_raw(p_sess, "Content-Type: text/html\r\n");
+ }
+ else
+ {
+ vsf_cmdio_write_raw(p_sess, "Content-Type: dunno\r\n");
+ }
+ vsf_cmdio_write_raw(p_sess, "\r\n");
+ p_sess->is_ascii = 0;
+ p_sess->restart_pos = 0;
+ handle_retr(p_sess, 1);
+ if (vsf_log_entry_pending(p_sess))
+ {
+ vsf_log_do_log(p_sess, 0);
+ }
+ vsf_sysutil_exit(0);
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/postprivparent.c new/vsftpd-2.3.0/postprivparent.c
--- old/vsftpd-2.2.2/postprivparent.c 2009-07-14 07:15:30.000000000 +0200
+++ new/vsftpd-2.3.0/postprivparent.c 2010-03-18 06:17:17.000000000 +0100
@@ -125,7 +125,7 @@
cmd_process_get_data_sock(struct vsf_session* p_sess)
{
unsigned short port = (unsigned short) priv_sock_get_int(p_sess->parent_fd);
- int sock_fd = vsf_privop_get_ftp_port_sock(p_sess, port);
+ int sock_fd = vsf_privop_get_ftp_port_sock(p_sess, port, 0);
if (sock_fd == -1)
{
priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_BAD);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/prelogin.c new/vsftpd-2.3.0/prelogin.c
--- old/vsftpd-2.2.2/prelogin.c 2009-10-19 05:50:08.000000000 +0200
+++ new/vsftpd-2.3.0/prelogin.c 2010-08-06 01:31:04.000000000 +0200
@@ -31,6 +31,7 @@
static void parse_username_password(struct vsf_session* p_sess);
static void handle_user_command(struct vsf_session* p_sess);
static void handle_pass_command(struct vsf_session* p_sess);
+static void handle_get(struct vsf_session* p_sess);
static void check_login_delay();
static void check_login_fails(struct vsf_session* p_sess);
@@ -54,7 +55,10 @@
{
ssl_control_handshake(p_sess);
}
- emit_greeting(p_sess);
+ if (tunable_ftp_enable)
+ {
+ emit_greeting(p_sess);
+ }
parse_username_password(p_sess);
}
@@ -117,54 +121,81 @@
{
vsf_cmdio_get_cmd_and_arg(p_sess, &p_sess->ftp_cmd_str,
&p_sess->ftp_arg_str, 1);
- if (str_equal_text(&p_sess->ftp_cmd_str, "USER"))
- {
- handle_user_command(p_sess);
- }
- else if (str_equal_text(&p_sess->ftp_cmd_str, "PASS"))
- {
- handle_pass_command(p_sess);
- }
- else if (str_equal_text(&p_sess->ftp_cmd_str, "QUIT"))
- {
- vsf_cmdio_write_exit(p_sess, FTP_GOODBYE, "Goodbye.");
- }
- else if (str_equal_text(&p_sess->ftp_cmd_str, "FEAT"))
- {
- handle_feat(p_sess);
- }
- else if (str_equal_text(&p_sess->ftp_cmd_str, "OPTS"))
- {
- handle_opts(p_sess);
- }
- else if (tunable_ssl_enable &&
- str_equal_text(&p_sess->ftp_cmd_str, "AUTH") &&
- !p_sess->control_use_ssl)
- {
- handle_auth(p_sess);
- }
- else if (tunable_ssl_enable && str_equal_text(&p_sess->ftp_cmd_str, "PBSZ"))
+ if (tunable_ftp_enable)
{
- handle_pbsz(p_sess);
- }
- else if (tunable_ssl_enable && str_equal_text(&p_sess->ftp_cmd_str, "PROT"))
- {
- handle_prot(p_sess);
- }
- else if (str_isempty(&p_sess->ftp_cmd_str) &&
- str_isempty(&p_sess->ftp_arg_str))
- {
- /* Deliberately ignore to avoid NAT device bugs. ProFTPd does the same. */
- }
- else
- {
- vsf_cmdio_write(p_sess, FTP_LOGINERR,
- "Please login with USER and PASS.");
+ if (str_equal_text(&p_sess->ftp_cmd_str, "USER"))
+ {
+ handle_user_command(p_sess);
+ }
+ else if (str_equal_text(&p_sess->ftp_cmd_str, "PASS"))
+ {
+ handle_pass_command(p_sess);
+ }
+ else if (str_equal_text(&p_sess->ftp_cmd_str, "QUIT"))
+ {
+ vsf_cmdio_write_exit(p_sess, FTP_GOODBYE, "Goodbye.");
+ }
+ else if (str_equal_text(&p_sess->ftp_cmd_str, "FEAT"))
+ {
+ handle_feat(p_sess);
+ }
+ else if (str_equal_text(&p_sess->ftp_cmd_str, "OPTS"))
+ {
+ handle_opts(p_sess);
+ }
+ else if (tunable_ssl_enable &&
+ str_equal_text(&p_sess->ftp_cmd_str, "AUTH") &&
+ !p_sess->control_use_ssl)
+ {
+ handle_auth(p_sess);
+ }
+ else if (tunable_ssl_enable &&
+ str_equal_text(&p_sess->ftp_cmd_str, "PBSZ"))
+ {
+ handle_pbsz(p_sess);
+ }
+ else if (tunable_ssl_enable &&
+ str_equal_text(&p_sess->ftp_cmd_str, "PROT"))
+ {
+ handle_prot(p_sess);
+ }
+ else if (str_isempty(&p_sess->ftp_cmd_str) &&
+ str_isempty(&p_sess->ftp_arg_str))
+ {
+ /* Deliberately ignore to avoid NAT device bugs, as per ProFTPd. */
+ }
+ else
+ {
+ vsf_cmdio_write(p_sess, FTP_LOGINERR,
+ "Please login with USER and PASS.");
+ }
+ }
+ else if (tunable_http_enable)
+ {
+ if (str_equal_text(&p_sess->ftp_cmd_str, "GET"))
+ {
+ handle_get(p_sess);
+ }
+ else
+ {
+ vsf_cmdio_write(p_sess, FTP_LOGINERR, "Bad HTTP verb.");
+ }
+ vsf_sysutil_exit(0);
}
}
}
static void
+handle_get(struct vsf_session* p_sess)
+{
+ p_sess->is_http = 1;
+ str_copy(&p_sess->http_get_arg, &p_sess->ftp_arg_str);
+ str_alloc_text(&p_sess->user_str, "FTP");
+ str_alloc_text(&p_sess->ftp_arg_str, "<http>");
+ handle_pass_command(p_sess);
+}
+
+static void
handle_user_command(struct vsf_session* p_sess)
{
/* SECURITY: If we're in anonymous only-mode, immediately reject
@@ -199,16 +230,14 @@
{
vsf_cmdio_write(
p_sess, FTP_LOGINERR, "Non-anonymous sessions must use encryption.");
- str_empty(&p_sess->user_str);
- return;
+ vsf_sysutil_exit(0);
}
if (tunable_ssl_enable && is_anon && !p_sess->control_use_ssl &&
tunable_force_anon_logins_ssl)
{
vsf_cmdio_write(
p_sess, FTP_LOGINERR, "Anonymous sessions must use encryption.");
- str_empty(&p_sess->user_str);
- return;
+ vsf_sysutil_exit(0);
}
if (tunable_userlist_enable)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/privops.c new/vsftpd-2.3.0/privops.c
--- old/vsftpd-2.2.2/privops.c 2009-10-19 05:51:33.000000000 +0200
+++ new/vsftpd-2.3.0/privops.c 2010-03-18 06:29:44.000000000 +0100
@@ -33,9 +33,11 @@
int
vsf_privop_get_ftp_port_sock(struct vsf_session* p_sess,
- unsigned short remote_port)
+ unsigned short remote_port,
+ int use_port_sockaddr)
{
static struct vsf_sysutil_sockaddr* p_sockaddr;
+ const struct vsf_sysutil_sockaddr* p_connect_to;
int retval;
int i;
int s = vsf_sysutil_get_ipsock(p_sess->p_local_addr);
@@ -71,8 +73,16 @@
sleep_for += 1.0;
vsf_sysutil_sleep(sleep_for);
}
- vsf_sysutil_sockaddr_set_port(p_sess->p_remote_addr, remote_port);
- retval = vsf_sysutil_connect_timeout(s, p_sess->p_remote_addr,
+ if (use_port_sockaddr)
+ {
+ p_connect_to = p_sess->p_port_sockaddr;
+ }
+ else
+ {
+ vsf_sysutil_sockaddr_set_port(p_sess->p_remote_addr, remote_port);
+ p_connect_to = p_sess->p_remote_addr;
+ }
+ retval = vsf_sysutil_connect_timeout(s, p_connect_to,
tunable_connect_timeout);
if (vsf_sysutil_retval_is_error(retval))
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/privops.h new/vsftpd-2.3.0/privops.h
--- old/vsftpd-2.2.2/privops.h 2009-07-07 19:45:50.000000000 +0200
+++ new/vsftpd-2.3.0/privops.h 2010-03-18 06:18:50.000000000 +0100
@@ -9,8 +9,9 @@
* Return a network socket potentially bound to a privileged port (less than
* 1024) and connected to the remote.
* PARAMETERS
- * p_sess - the current session object
- * remote_port - the remote port to connect to
+ * p_sess - the current session object
+ * remote_port - the remote port to connect to
+ * use_port_sockaddr - true if we should use the specific sockaddr for connect
* RETURNS
* A file descriptor which is a socket bound to the privileged port, and
* connected to the remote on the specified port.
@@ -18,7 +19,8 @@
* Returns -1 if the bind() worked but the connect() was not possible.
*/
int vsf_privop_get_ftp_port_sock(struct vsf_session* p_sess,
- unsigned short remote_port);
+ unsigned short remote_port,
+ int use_port_sockaddr);
/* vsf_privop_pasv_cleanup()
* PURPOSE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/session.h new/vsftpd-2.3.0/session.h
--- old/vsftpd-2.2.2/session.h 2008-02-12 03:39:38.000000000 +0100
+++ new/vsftpd-2.3.0/session.h 2010-03-17 06:05:53.000000000 +0100
@@ -44,6 +44,10 @@
int abor_received;
int epsv_all;
+ /* HTTP hacks */
+ int is_http;
+ struct mystr http_get_arg;
+
/* Details of FTP session state */
struct mystr_list* p_visited_dir_list;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/standalone.c new/vsftpd-2.3.0/standalone.c
--- old/vsftpd-2.2.2/standalone.c 2009-11-12 04:16:26.000000000 +0100
+++ new/vsftpd-2.3.0/standalone.c 2010-03-26 04:25:17.000000000 +0100
@@ -153,7 +153,14 @@
child_info.num_this_ip = handle_ip_count(p_raw_addr);
if (tunable_isolate)
{
- new_child = vsf_sysutil_fork_isolate_failok();
+ if (tunable_http_enable && tunable_isolate_network)
+ {
+ new_child = vsf_sysutil_fork_isolate_all_failok();
+ }
+ else
+ {
+ new_child = vsf_sysutil_fork_isolate_failok();
+ }
}
else
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/sysdeputil.c new/vsftpd-2.3.0/sysdeputil.c
--- old/vsftpd-2.2.2/sysdeputil.c 2009-11-12 04:16:15.000000000 +0100
+++ new/vsftpd-2.3.0/sysdeputil.c 2010-03-26 04:25:33.000000000 +0100
@@ -1260,6 +1260,30 @@
}
int
+vsf_sysutil_fork_isolate_all_failok()
+{
+#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
+ static int cloneflags_work = 1;
+ if (cloneflags_work)
+ {
+ int ret = syscall(__NR_clone,
+ CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,
+ NULL);
+ if (ret != -1 || (errno != EINVAL && errno != EPERM))
+ {
+ if (ret == 0)
+ {
+ vsf_sysutil_post_fork();
+ }
+ return ret;
+ }
+ cloneflags_work = 0;
+ }
+#endif
+ return vsf_sysutil_fork_isolate_failok();
+}
+
+int
vsf_sysutil_fork_isolate_failok()
{
#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/sysdeputil.h new/vsftpd-2.3.0/sysdeputil.h
--- old/vsftpd-2.2.2/sysdeputil.h 2009-07-14 05:16:07.000000000 +0200
+++ new/vsftpd-2.3.0/sysdeputil.h 2010-03-26 04:22:51.000000000 +0100
@@ -63,6 +63,10 @@
/* If supported, the ability to fork into different secure namespaces (PID
* and IPC. Fails back to normal fork() */
int vsf_sysutil_fork_isolate_failok();
+/* Same as above, but in addition tries to fork into an empty network
+ * namespace. Falls back to vsf_sysutil_fork_isolate_failok then normal fork().
+ */
+int vsf_sysutil_fork_isolate_all_failok();
/* If supported, the ability to fork into an empty network namespace.
* Fails back to normal fork() */
int vsf_sysutil_fork_newnet();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/sysutil.c new/vsftpd-2.3.0/sysutil.c
--- old/vsftpd-2.2.2/sysutil.c 2009-11-12 03:03:19.000000000 +0100
+++ new/vsftpd-2.3.0/sysutil.c 2010-03-26 05:03:49.000000000 +0100
@@ -485,6 +485,17 @@
}
}
+void
+vsf_sysutil_lseek_end(const int fd)
+{
+ filesize_t retval;
+ retval = lseek(fd, 0, SEEK_END);
+ if (retval < 0)
+ {
+ die("lseek");
+ }
+}
+
void*
vsf_sysutil_malloc(unsigned int size)
{
@@ -1183,7 +1194,7 @@
int
vsf_sysutil_create_or_open_file(const char* p_filename, unsigned int mode)
{
- return open(p_filename, O_CREAT | O_WRONLY | O_APPEND | O_NONBLOCK, mode);
+ return open(p_filename, O_CREAT | O_WRONLY | O_NONBLOCK, mode);
}
void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/sysutil.h new/vsftpd-2.3.0/sysutil.h
--- old/vsftpd-2.2.2/sysutil.h 2009-11-12 01:48:37.000000000 +0100
+++ new/vsftpd-2.3.0/sysutil.h 2010-03-26 05:04:01.000000000 +0100
@@ -98,6 +98,7 @@
/* Reading and writing */
void vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos);
+void vsf_sysutil_lseek_end(const int fd);
filesize_t vsf_sysutil_get_file_offset(const int file_fd);
int vsf_sysutil_read(const int fd, void* p_buf, const unsigned int size);
int vsf_sysutil_write(const int fd, const void* p_buf,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/tunables.c new/vsftpd-2.3.0/tunables.c
--- old/vsftpd-2.2.2/tunables.c 2009-07-15 22:08:27.000000000 +0200
+++ new/vsftpd-2.3.0/tunables.c 2010-03-17 03:44:31.000000000 +0100
@@ -84,6 +84,8 @@
int tunable_require_ssl_reuse;
int tunable_isolate;
int tunable_isolate_network;
+int tunable_ftp_enable;
+int tunable_http_enable;
unsigned int tunable_accept_timeout;
unsigned int tunable_connect_timeout;
@@ -220,6 +222,8 @@
tunable_require_ssl_reuse = 1;
tunable_isolate = 1;
tunable_isolate_network = 1;
+ tunable_ftp_enable = 1;
+ tunable_http_enable = 0;
tunable_accept_timeout = 60;
tunable_connect_timeout = 60;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/tunables.h new/vsftpd-2.3.0/tunables.h
--- old/vsftpd-2.2.2/tunables.h 2009-07-07 03:37:28.000000000 +0200
+++ new/vsftpd-2.3.0/tunables.h 2010-03-17 03:43:01.000000000 +0100
@@ -85,6 +85,8 @@
extern int tunable_require_ssl_reuse; /* Require re-used data conn */
extern int tunable_isolate; /* Use container clone() flags */
extern int tunable_isolate_network; /* Use CLONE_NEWNET */
+extern int tunable_ftp_enable; /* Allow FTP protocol */
+extern int tunable_http_enable; /* Allow HTTP protocol */
/* Integer/numeric defines */
extern unsigned int tunable_accept_timeout;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vsftpd-2.2.2/vsftpver.h new/vsftpd-2.3.0/vsftpver.h
--- old/vsftpd-2.2.2/vsftpver.h 2009-11-07 05:46:49.000000000 +0100
+++ new/vsftpd-2.3.0/vsftpver.h 2010-03-17 03:40:58.000000000 +0100
@@ -1,7 +1,7 @@
#ifndef VSF_VERSION_H
#define VSF_VERSION_H
-#define VSF_VERSION "2.2.2"
+#define VSF_VERSION "2.3.0"
#endif /* VSF_VERSION_H */
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org