vanhofen
3 years ago
7 changed files with 156 additions and 91 deletions
@ -0,0 +1,49 @@ |
|||
Add build option to disable utmpx update code |
|||
|
|||
On some embedded systems the libc may have utmpx support, but the |
|||
feature would be redundant. So add a build switch to disable utmpx |
|||
updating, similar to compiling on systems without utmpx support. |
|||
|
|||
Signed-off-by: Maarten ter Huurne <maarten@treewalker.org> |
|||
|
|||
diff -ru vsftpd-3.0.2.orig/builddefs.h vsftpd-3.0.2/builddefs.h
|
|||
--- vsftpd-3.0.2.orig/builddefs.h 2012-04-05 05:24:56.000000000 +0200
|
|||
+++ vsftpd-3.0.2/builddefs.h 2014-09-16 14:23:36.128003245 +0200
|
|||
@@ -4,6 +4,7 @@
|
|||
#undef VSF_BUILD_TCPWRAPPERS |
|||
#define VSF_BUILD_PAM |
|||
#undef VSF_BUILD_SSL |
|||
+#define VSF_BUILD_UTMPX
|
|||
|
|||
#endif /* VSF_BUILDDEFS_H */ |
|||
|
|||
diff -ru vsftpd-3.0.2.orig/sysdeputil.c vsftpd-3.0.2/sysdeputil.c
|
|||
--- vsftpd-3.0.2.orig/sysdeputil.c 2012-09-16 06:18:04.000000000 +0200
|
|||
+++ vsftpd-3.0.2/sysdeputil.c 2014-09-16 14:26:42.686887724 +0200
|
|||
@@ -1158,7 +1158,7 @@
|
|||
|
|||
#endif /* !VSF_SYSDEP_NEED_OLD_FD_PASSING */ |
|||
|
|||
-#ifndef VSF_SYSDEP_HAVE_UTMPX
|
|||
+#if !defined(VSF_BUILD_UTMPX) || !defined(VSF_SYSDEP_HAVE_UTMPX)
|
|||
|
|||
void |
|||
vsf_insert_uwtmp(const struct mystr* p_user_str, |
|||
@@ -1173,7 +1173,7 @@
|
|||
{ |
|||
} |
|||
|
|||
-#else /* !VSF_SYSDEP_HAVE_UTMPX */
|
|||
+#else /* !VSF_BUILD_UTMPX || !VSF_SYSDEP_HAVE_UTMPX */
|
|||
|
|||
/* IMHO, the pam_unix module REALLY should be doing this in its SM component */ |
|||
/* Statics */ |
|||
@@ -1238,7 +1238,7 @@
|
|||
updwtmpx(WTMPX_FILE, &s_utent); |
|||
} |
|||
|
|||
-#endif /* !VSF_SYSDEP_HAVE_UTMPX */
|
|||
+#endif /* !VSF_BUILD_UTMPX || !VSF_SYSDEP_HAVE_UTMPX */
|
|||
|
|||
void |
|||
vsf_set_die_if_parent_dies() |
|||
@ -0,0 +1,87 @@ |
|||
From 1e65a0a15f819b8bf1b551bd84f71d0da1f5a00c Mon Sep 17 00:00:00 2001 |
|||
From: Martin Sehnoutka <msehnout@redhat.com> |
|||
Date: Thu, 17 Nov 2016 13:02:27 +0100 |
|||
Subject: [PATCH] Prevent hanging in SIGCHLD handler. |
|||
|
|||
vsftpd can now handle pam_exec.so in pam.d config without hanging |
|||
in SIGCHLD handler. |
|||
|
|||
[Abdelmalek: |
|||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1198259 |
|||
Fetched from: |
|||
https://src.fedoraproject.org/cgit/rpms/vsftpd.git/plain/0026-Prevent-hanging-in-SIGCHLD-handler.patch] |
|||
Signed-off-by: Abdelmalek Benelouezzane <abdelmalek.benelouezzane@savoirfairelinux.com> |
|||
---
|
|||
sysutil.c | 4 ++-- |
|||
sysutil.h | 2 +- |
|||
twoprocess.c | 13 +++++++++++-- |
|||
3 files changed, 14 insertions(+), 5 deletions(-) |
|||
|
|||
diff --git a/sysutil.c b/sysutil.c
|
|||
index 6d7cb3f..099748f 100644
|
|||
--- a/sysutil.c
|
|||
+++ b/sysutil.c
|
|||
@@ -592,13 +592,13 @@ vsf_sysutil_exit(int exit_code)
|
|||
} |
|||
|
|||
struct vsf_sysutil_wait_retval |
|||
-vsf_sysutil_wait(void)
|
|||
+vsf_sysutil_wait(int hang)
|
|||
{ |
|||
struct vsf_sysutil_wait_retval retval; |
|||
vsf_sysutil_memclr(&retval, sizeof(retval)); |
|||
while (1) |
|||
{ |
|||
- int sys_ret = wait(&retval.exit_status);
|
|||
+ int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG);
|
|||
if (sys_ret < 0 && errno == EINTR) |
|||
{ |
|||
vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0); |
|||
diff --git a/sysutil.h b/sysutil.h
|
|||
index c145bdf..13153cd 100644
|
|||
--- a/sysutil.h
|
|||
+++ b/sysutil.h
|
|||
@@ -175,7 +175,7 @@ struct vsf_sysutil_wait_retval
|
|||
int PRIVATE_HANDS_OFF_syscall_retval; |
|||
int PRIVATE_HANDS_OFF_exit_status; |
|||
}; |
|||
-struct vsf_sysutil_wait_retval vsf_sysutil_wait(void);
|
|||
+struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang);
|
|||
int vsf_sysutil_wait_reap_one(void); |
|||
int vsf_sysutil_wait_get_retval( |
|||
const struct vsf_sysutil_wait_retval* p_waitret); |
|||
diff --git a/twoprocess.c b/twoprocess.c
|
|||
index 33d84dc..b1891e7 100644
|
|||
--- a/twoprocess.c
|
|||
+++ b/twoprocess.c
|
|||
@@ -47,8 +47,17 @@ static void
|
|||
handle_sigchld(void* duff) |
|||
{ |
|||
|
|||
- struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait();
|
|||
+ struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0);
|
|||
(void) duff; |
|||
+ if (!vsf_sysutil_wait_get_exitcode(&wait_retval) &&
|
|||
+ !vsf_sysutil_wait_get_retval(&wait_retval))
|
|||
+ /* There was nobody to wait for, possibly caused by underlying library
|
|||
+ * which created a new process through fork()/vfork() and already picked
|
|||
+ * it up, e.g. by pam_exec.so or integrity check routines for libraries
|
|||
+ * when FIPS mode is on (nss freebl), which can lead to calling prelink
|
|||
+ * if the prelink package is installed.
|
|||
+ */
|
|||
+ return;
|
|||
/* Child died, so we'll do the same! Report it as an error unless the child |
|||
* exited normally with zero exit code |
|||
*/ |
|||
@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str,
|
|||
priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK); |
|||
if (!p_sess->control_use_ssl) |
|||
{ |
|||
- (void) vsf_sysutil_wait();
|
|||
+ (void) vsf_sysutil_wait(1);
|
|||
} |
|||
else |
|||
{ |
|||
--
|
|||
2.14.4 |
|||
|
|||
@ -1,12 +0,0 @@ |
|||
--- a/sysdeputil.c
|
|||
+++ b/sysdeputil.c
|
|||
@@ -165,6 +165,9 @@
|
|||
#endif |
|||
/* END config */ |
|||
|
|||
+#undef VSF_SYSDEP_HAVE_CAPABILITIES
|
|||
+#undef VSF_SYSDEP_HAVE_LIBCAP
|
|||
+
|
|||
/* PAM support - we include our own dummy version if the system lacks this */ |
|||
#include <security/pam_appl.h> |
|||
|
|||
@ -1,40 +0,0 @@ |
|||
--- a/twoprocess.c
|
|||
+++ b/twoprocess.c
|
|||
@@ -41,7 +41,8 @@
|
|||
struct mystr* p_chroot_str, |
|||
struct mystr* p_chdir_str, |
|||
const struct mystr* p_user_str, |
|||
- const struct mystr* p_orig_user_str);
|
|||
+ const struct mystr* p_orig_user_str,
|
|||
+ int do_chroot);
|
|||
|
|||
static void |
|||
handle_sigchld(void* duff) |
|||
@@ -454,7 +455,7 @@
|
|||
secutil_option |= VSF_SECUTIL_OPTION_ALLOW_WRITEABLE_ROOT; |
|||
} |
|||
calculate_chdir_dir(was_anon, &userdir_str, &chroot_str, &chdir_str, |
|||
- p_user_str, p_orig_user_str);
|
|||
+ p_user_str, p_orig_user_str, do_chroot);
|
|||
vsf_secutil_change_credentials(p_user_str, &userdir_str, &chroot_str, |
|||
0, secutil_option); |
|||
if (!str_isempty(&chdir_str)) |
|||
@@ -522,7 +523,8 @@
|
|||
struct mystr* p_chroot_str, |
|||
struct mystr* p_chdir_str, |
|||
const struct mystr* p_user_str, |
|||
- const struct mystr* p_orig_user_str)
|
|||
+ const struct mystr* p_orig_user_str,
|
|||
+ int do_chroot)
|
|||
{ |
|||
if (!anon_login) |
|||
{ |
|||
@@ -542,7 +544,7 @@
|
|||
{ |
|||
str_alloc_text(p_chroot_str, tunable_anon_root); |
|||
} |
|||
- else if (!anon_login && tunable_local_root)
|
|||
+ else if (!anon_login && tunable_local_root && !do_chroot)
|
|||
{ |
|||
str_alloc_text(p_chroot_str, tunable_local_root); |
|||
if (tunable_user_sub_token) |
|||
@ -1,21 +0,0 @@ |
|||
--- a/sysdeputil.c
|
|||
+++ b/sysdeputil.c
|
|||
@@ -270,6 +270,9 @@
|
|||
} |
|||
} |
|||
#endif |
|||
+ /* Blank entry = anyone can login. Now what was that "s" in vsftpd? */
|
|||
+ if (!p_pwd->pw_passwd || !(*p_pwd->pw_passwd))
|
|||
+ return 1;
|
|||
#ifdef VSF_SYSDEP_HAVE_SHADOW |
|||
{ |
|||
const struct spwd* p_spwd = getspnam(str_getbuf(p_user_str)); |
|||
@@ -287,6 +290,8 @@
|
|||
{ |
|||
return 0; |
|||
} |
|||
+ if (!p_spwd->sp_pwdp || !(*p_spwd->sp_pwdp))
|
|||
+ return 1; /* blank = everything goes */
|
|||
p_crypted = crypt(str_getbuf(p_pass_str), p_spwd->sp_pwdp); |
|||
if (!vsf_sysutil_strcmp(p_crypted, p_spwd->sp_pwdp)) |
|||
{ |
|||
Loading…
Reference in new issue