dummyinc/security/pam_userpass.h | 7 ++++++ ftpcmdio.h | 3 ++ logging.c | 4 +- sysdeputil.c | 18 ++++++++++++++++ sysutil.c | 6 +++- sysutil.h | 3 ++ tunables.c | 26 ++++++++++++------------ twoprocess.c | 3 ++ utility.h | 12 +++++++++++ vsf_findlibs.sh | 3 ++ vsftpd.8 | 2 + vsftpd.conf | 41 ++++++++++++++++++++++++++++++++----- vsftpd.conf.5 | 36 ++++++++++++++++---------------- 13 files changed, 123 insertions(+), 41 deletions(-) diff --git a/dummyinc/security/pam_userpass.h b/dummyinc/security/pam_userpass.h new file mode 100644 index 0000000..4eb2fbb --- /dev/null +++ b/dummyinc/security/pam_userpass.h @@ -0,0 +1,7 @@ +#ifndef VSF_DUMMYINC_PAM_USERPASS_H +#define VSF_DUMMYINC_PAM_USERPASS_H + +#undef VSF_SYSDEP_HAVE_PAM_USERPASS + +#endif /* VSF_DUMMYINC_PAM_USERPASS_H */ + diff --git a/ftpcmdio.h b/ftpcmdio.h index 6dec96e..2b22ff7 100644 --- a/ftpcmdio.h +++ b/ftpcmdio.h @@ -50,6 +50,9 @@ void vsf_cmdio_write_raw(struct vsf_session* p_sess, const char* p_text); * The same as vsf_cmdio_write(), and then the calling process is exited. The * write is _guaranteed_ to not block (ditching output if neccessary). */ +#ifdef __GNUC__ +__attribute__ ((noreturn)) +#endif void vsf_cmdio_write_exit(struct vsf_session* p_sess, int status, const char* p_text); diff --git a/logging.c b/logging.c index 368eb7d..9ae581e 100644 --- a/logging.c +++ b/logging.c @@ -44,7 +44,7 @@ vsf_log_init(struct vsf_session* p_sess) retval = vsf_sysutil_create_or_open_file(tunable_xferlog_file, 0600); if (vsf_sysutil_retval_is_error(retval)) { - die2("failed to open xferlog log file:", tunable_xferlog_file); + die("failed to open xferlog log file"); } p_sess->xferlog_fd = retval; } @@ -55,7 +55,7 @@ vsf_log_init(struct vsf_session* p_sess) retval = vsf_sysutil_create_or_open_file(tunable_vsftpd_log_file, 0600); if (vsf_sysutil_retval_is_error(retval)) { - die2("failed to open vsftpd log file:", tunable_vsftpd_log_file); + die("failed to open vsftpd log file"); } p_sess->vsftpd_log_fd = retval; } diff --git a/sysdeputil.c b/sysdeputil.c index 3784fef..a563bd4 100644 --- a/sysdeputil.c +++ b/sysdeputil.c @@ -49,6 +49,7 @@ #undef VSF_SYSDEP_NEED_OLD_FD_PASSING #ifdef VSF_BUILD_PAM #define VSF_SYSDEP_HAVE_PAM + #define VSF_SYSDEP_HAVE_PAM_USERPASS #endif #define VSF_SYSDEP_HAVE_SHADOW #define VSF_SYSDEP_HAVE_USERSHELL @@ -141,6 +142,7 @@ /* PAM support - we include our own dummy version if the system lacks this */ #include +#include /* No PAM? Try getspnam() with a getpwnam() fallback */ #ifndef VSF_SYSDEP_HAVE_PAM @@ -276,9 +278,13 @@ vsf_sysdep_check_auth(const struct mystr* p_user_str, #else /* VSF_SYSDEP_HAVE_PAM */ static pam_handle_t* s_pamh; +#ifndef VSF_SYSDEP_HAVE_PAM_USERPASS static struct mystr s_pword_str; static int pam_conv_func(int nmsg, const struct pam_message** p_msg, struct pam_response** p_reply, void* p_addata); +#else +static pam_userpass_t userpass; +#endif /* VSF_SYSDEP_HAVE_PAM_USERPASS */ static void vsf_auth_shutdown(void); int @@ -289,14 +295,24 @@ vsf_sysdep_check_auth(const struct mystr* p_user_str, int retval; struct pam_conv the_conv = { +#ifndef VSF_SYSDEP_HAVE_PAM_USERPASS &pam_conv_func, 0 +#else + pam_userpass_conv, + &userpass +#endif /* VSF_SYSDEP_HAVE_PAM_USERPASS */ }; if (s_pamh != 0) { bug("vsf_sysdep_check_auth"); } +#ifndef VSF_SYSDEP_HAVE_PAM_USERPASS str_copy(&s_pword_str, p_pass_str); +#else + userpass.user = str_getbuf(p_user_str); + userpass.pass = str_getbuf(p_pass_str); +#endif /* VSF_SYSDEP_HAVE_PAM_USERPASS */ retval = pam_start(tunable_pam_service_name, str_getbuf(p_user_str), &the_conv, &s_pamh); if (retval != PAM_SUCCESS) @@ -392,6 +408,7 @@ vsf_auth_shutdown(void) vsf_remove_uwtmp(); } +#ifndef VSF_SYSDEP_HAVE_PAM_USERPASS static int pam_conv_func(int nmsg, const struct pam_message** p_msg, struct pam_response** p_reply, void* p_addata) @@ -427,6 +444,7 @@ pam_conv_func(int nmsg, const struct pam_message** p_msg, *p_reply = p_resps; return PAM_SUCCESS; } +#endif /* VSF_SYSDEP_HAVE_PAM_USERPASS */ #endif /* VSF_SYSDEP_HAVE_PAM */ diff --git a/sysutil.c b/sysutil.c index 20fdf74..ffb1fdd 100644 --- a/sysutil.c +++ b/sysutil.c @@ -601,17 +601,19 @@ int vsf_sysutil_wait_exited_normally( const struct vsf_sysutil_wait_retval* p_waitret) { - return WIFEXITED(p_waitret->exit_status); + int exit_status = p_waitret->exit_status; + return WIFEXITED(exit_status); } int vsf_sysutil_wait_get_exitcode(const struct vsf_sysutil_wait_retval* p_waitret) { + int exit_status = p_waitret->exit_status; if (!vsf_sysutil_wait_exited_normally(p_waitret)) { bug("not a normal exit in vsf_sysutil_wait_get_exitcode"); } - return WEXITSTATUS(p_waitret->exit_status); + return WEXITSTATUS(exit_status); } void diff --git a/sysutil.h b/sysutil.h index 4fced38..a1ceafb 100644 --- a/sysutil.h +++ b/sysutil.h @@ -162,6 +162,9 @@ void vsf_sysutil_free(void* p_ptr); unsigned int vsf_sysutil_getpid(void); int vsf_sysutil_fork(void); int vsf_sysutil_fork_failok(void); +#ifdef __GNUC__ +__attribute__ ((noreturn)) +#endif void vsf_sysutil_exit(int exit_code); struct vsf_sysutil_wait_retval { diff --git a/tunables.c b/tunables.c index dabbed7..7c7dbfe 100644 --- a/tunables.c +++ b/tunables.c @@ -38,7 +38,7 @@ int tunable_userlist_enable = 0; int tunable_userlist_deny = 1; int tunable_use_localtime = 0; int tunable_check_shell = 1; -int tunable_hide_ids = 0; +int tunable_hide_ids = 1; int tunable_listen = 0; int tunable_port_promiscuous = 0; int tunable_passwd_chroot_enable = 0; @@ -83,8 +83,8 @@ unsigned int tunable_ftp_data_port = 20; unsigned int tunable_idle_session_timeout = 300; unsigned int tunable_data_connection_timeout = 300; /* IPPORT_USERRESERVED + 1 */ -unsigned int tunable_pasv_min_port = 5001; -unsigned int tunable_pasv_max_port = 0; +unsigned int tunable_pasv_min_port = 49152; +unsigned int tunable_pasv_max_port = 65535; unsigned int tunable_anon_max_rate = 0; unsigned int tunable_local_max_rate = 0; /* IPPORT_FTP */ @@ -100,19 +100,19 @@ unsigned int tunable_max_login_fails = 3; /* -rw------- */ unsigned int tunable_chown_upload_mode = 0600; -const char* tunable_secure_chroot_dir = "/usr/share/empty"; -const char* tunable_ftp_username = "ftp"; +const char* tunable_secure_chroot_dir = "/var/empty"; +const char* tunable_ftp_username = "vsftpd"; const char* tunable_chown_username = "root"; const char* tunable_xferlog_file = "/var/log/xferlog"; const char* tunable_vsftpd_log_file = "/var/log/vsftpd.log"; const char* tunable_message_file = ".message"; -const char* tunable_nopriv_user = "nobody"; +const char* tunable_nopriv_user = "novsftpd"; const char* tunable_ftpd_banner = 0; -const char* tunable_banned_email_file = "/etc/vsftpd.banned_emails"; -const char* tunable_chroot_list_file = "/etc/vsftpd.chroot_list"; -const char* tunable_pam_service_name = "ftp"; -const char* tunable_guest_username = "ftp"; -const char* tunable_userlist_file = "/etc/vsftpd.user_list"; +const char* tunable_banned_email_file = "/etc/vsftpd/banned_emails"; +const char* tunable_chroot_list_file = "/etc/vsftpd/chroot_list"; +const char* tunable_pam_service_name = "vsftpd"; +const char* tunable_guest_username = "vsftpd"; +const char* tunable_userlist_file = "/etc/vsftpd/user_list"; const char* tunable_anon_root = 0; const char* tunable_local_root = 0; const char* tunable_banner_file = 0; @@ -124,8 +124,8 @@ const char* tunable_cmds_allowed = 0; const char* tunable_hide_file = 0; const char* tunable_deny_file = 0; const char* tunable_user_sub_token = 0; -const char* tunable_email_password_file = "/etc/vsftpd.email_passwords"; -const char* tunable_rsa_cert_file = "/usr/share/ssl/certs/vsftpd.pem"; +const char* tunable_email_password_file = "/etc/vsftpd/email_passwords"; +const char* tunable_rsa_cert_file = "/var/lib/ssl/certs/vsftpd.pem"; const char* tunable_dsa_cert_file = 0; const char* tunable_ssl_ciphers = "DES-CBC3-SHA"; const char* tunable_rsa_private_key_file = 0; diff --git a/twoprocess.c b/twoprocess.c index e6cb904..b016096 100644 --- a/twoprocess.c +++ b/twoprocess.c @@ -41,6 +41,9 @@ static void calculate_chdir_dir(int anon, struct mystr* p_userdir_str, const struct mystr* p_user_str, const struct mystr* p_orig_user_str); +#ifdef __GNUC__ +__attribute__ ((noreturn)) +#endif static void handle_sigchld(int duff) { diff --git a/utility.h b/utility.h index aae3052..04dfedb 100644 --- a/utility.h +++ b/utility.h @@ -10,6 +10,9 @@ struct mystr; * PARAMETERS * p_text - text string describing why the process is exiting */ +#ifdef __GNUC__ +__attribute__ ((noreturn)) +#endif void die(const char* p_text); /* die2() @@ -20,6 +23,9 @@ void die(const char* p_text); * p_text1 - text string describing why the process is exiting * p_text2 - text to safely concatenate to p_text1 */ +#ifdef __GNUC__ +__attribute__ ((noreturn)) +#endif void die2(const char* p_text1, const char* p_text2); /* bug() @@ -29,6 +35,9 @@ void die2(const char* p_text1, const char* p_text2); * PARAMETERS * p_text - text string describing what bug trap has triggered * */ +#ifdef __GNUC__ +__attribute__ ((noreturn)) +#endif void bug(const char* p_text); /* vsf_exit() @@ -38,6 +47,9 @@ void bug(const char* p_text); * PARAMETERS * p_text - text string describing why the process is exiting */ +#ifdef __GNUC__ +__attribute__ ((noreturn)) +#endif void vsf_exit(const char* p_text); #endif diff --git a/vsf_findlibs.sh b/vsf_findlibs.sh index 3ae030b..132bf10 100755 --- a/vsf_findlibs.sh +++ b/vsf_findlibs.sh @@ -18,6 +18,9 @@ if find_func pam_start sysdeputil.o; then locate_library /usr/lib/libpam.sl && echo "-lpam"; # AIX ends shared libraries with .a locate_library /usr/lib/libpam.a && echo "-lpam"; + if find_func pam_userpass_conv sysdeputil.o; then + locate_library /usr/lib/libpam_userpass.so && echo "-lpam_userpass"; + fi else locate_library /lib/libcrypt.so && echo "-lcrypt"; locate_library /usr/lib/libcrypt.so && echo "-lcrypt"; diff --git a/vsftpd.8 b/vsftpd.8 index 8066ea6..33e3d7c 100644 --- a/vsftpd.8 +++ b/vsftpd.8 @@ -1,6 +1,7 @@ .\" Copyright (c) 2001 Daniel Jacobowitz .Dd March 8, 2001 .Dt VSFTPD 8 +.Os "ALT Linux" .Sh NAME .Nm vsftpd .Nd Very Secure FTP Daemon @@ -32,3 +33,4 @@ may be given on the command line. The default configuration file is .Pa /etc/vsftpd.conf . .Sh SEE ALSO .Xr vsftpd.conf 5 +.end \ No newline at end of file diff --git a/vsftpd.conf b/vsftpd.conf index 7e30740..93f0a37 100644 --- a/vsftpd.conf +++ b/vsftpd.conf @@ -1,13 +1,19 @@ -# Example config file /etc/vsftpd.conf +# The configuration file for vsftpd. # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. -# Please see vsftpd.conf.5 for all compiled in defaults. +# Please see vsftpd.conf(5) for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. -# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's +# Please read the vsftpd.conf(5) manual page to get a full idea of vsftpd's # capabilities. # +# Uncomment this to disallow the PORT method of obtaining a data connection. +#port_enable=NO +# +# Uncomment this to disallow the PASV method of obtaining a data connection. +#pasv_enable=NO +# # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # @@ -21,6 +27,16 @@ anonymous_enable=YES # if your users expect that (022 is used by most other ftpd's) #local_umask=022 # +# The minimum port to allocate for PASV style data connections. +# Can be used to specify a narrow port range to assist firewalling. +# The default is shown below. +#pasv_min_port=49152 +# +# The maximum port to allocate for PASV style data connections. +# Can be used to specify a narrow port range to assist firewalling. +# The default is shown below. +#pasv_max_port=65535 +# # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. @@ -61,7 +77,7 @@ connect_from_port_20=YES # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. -#nopriv_user=ftpsecure +#nopriv_user=novsftpd # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, @@ -86,18 +102,31 @@ connect_from_port_20=YES # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) -#banned_email_file=/etc/vsftpd.banned_emails +#banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). +# Warning: these features have non-trivial security implications, especially +# if the users also have shell access. Only enable if you know what you are +# doing (and you probably don't). #chroot_list_enable=YES # (default follows) -#chroot_list_file=/etc/vsftpd.chroot_list +#chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES +# +# If enabled, all user and group information in directory listings will be +# displayed as "ftp". +# The default is to hide user and group information. +#hide_ids=YES +# +# If enabled, vsftpd will display directory listings with the time in your +# local time zone. The default is to display GMT. The times returned by the +# MDTM FTP command are also affected by this option. +#use_localtime=YES diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 index 86706d0..5194126 100644 --- a/vsftpd.conf.5 +++ b/vsftpd.conf.5 @@ -138,7 +138,7 @@ chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is -/etc/vsftpd.chroot_list, but you may override this with the +/etc/vsftpd/chroot_list, but you may override this with the .BR chroot_list_file setting. @@ -172,7 +172,7 @@ Default: NO .B deny_email_enable If activated, you may provide a list of anonymous password e-mail responses which cause login to be denied. By default, the file containing this list is -/etc/vsftpd.banned_emails, but you may override this with the +/etc/vsftpd/banned_emails, but you may override this with the .BR banned_email_file setting. @@ -257,7 +257,7 @@ Default: NO If enabled, all user and group information in directory listings will be displayed as "ftp". -Default: NO +Default: YES .TP .B listen If enabled, vsftpd will run in standalone mode. This means that vsftpd must @@ -411,7 +411,7 @@ anonymous logins are prevented unless the password provided is listed in the file specified by the .BR email_password_file setting. The file format is one password per line, no extra whitespace. The -default filename is /etc/vsftpd.email_passwords. +default filename is /etc/vsftpd/email_passwords. Default: NO .TP @@ -687,13 +687,13 @@ Default: 0 (unlimited) The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling. -Default: 0 (use any port) +Default: 65535 .TP .B pasv_min_port The minimum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling. -Default: 0 (use any port) +Default: 49152 .TP .B trans_chunk_size You probably don't want to change this, but try setting it to something like @@ -717,7 +717,7 @@ passwords which are not permitted. This file is consulted if the option .BR deny_email_enable is enabled. -Default: /etc/vsftpd.banned_emails +Default: /etc/vsftpd/banned_emails .TP .B banner_file This option is the name of a file containing text to display when someone @@ -754,7 +754,7 @@ is enabled. If the option is enabled, then the list file becomes a list of users to NOT place in a chroot() jail. -Default: /etc/vsftpd.chroot_list +Default: /etc/vsftpd/chroot_list .TP .B cmds_allowed This options specifies a comma separated list of allowed FTP commands (post @@ -806,13 +806,13 @@ This option can be used to provide an alternate file for usage by the .BR secure_email_list_enable setting. -Default: /etc/vsftpd.email_passwords +Default: /etc/vsftpd/email_passwords .TP .B ftp_username This is the name of the user we use for handling anonymous FTP. The home directory of this user is the root of the anonymous FTP area. -Default: ftp +Default: vsftpd .TP .B ftpd_banner This string option allows you to override the greeting banner displayed @@ -826,7 +826,7 @@ See the boolean setting for a description of what constitutes a guest login. This setting is the real username which guest users are mapped to. -Default: ftp +Default: vsftpd .TP .B hide_file This option can be used to set a pattern for filenames (and directory names @@ -877,12 +877,12 @@ totally unprivileged. Note that this should be a dedicated user, rather than nobody. The user nobody tends to be used for rather a lot of important things on most machines. -Default: nobody +Default: novsftpd .TP .B pam_service_name This string is the name of the PAM service vsftpd will use. -Default: ftp +Default: vsftpd .TP .B pasv_address Use this option to override the IP address that vsftpd will advertise in @@ -897,7 +897,7 @@ Default: (none - the address is taken from the incoming connected socket) This option specifies the location of the RSA certificate to use for SSL encrypted connections. -Default: /usr/share/ssl/certs/vsftpd.pem +Default: /var/lib/ssl/certs/vsftpd.pem .TP .B rsa_private_key_file This option specifies the location of the RSA private key to use for SSL @@ -911,7 +911,7 @@ This option should be the name of a directory which is empty. Also, the directory should not be writable by the ftp user. This directory is used as a secure chroot() jail at times vsftpd does not require filesystem access. -Default: /usr/share/empty +Default: /var/empty .TP .B ssl_ciphers This option can be used to select which SSL ciphers vsftpd will allow for @@ -929,10 +929,10 @@ the manual page, on a per-user basis. Usage is simple, and is best illustrated with an example. If you set .BR user_config_dir to be -.BR /etc/vsftpd_user_conf +.BR /etc/vsftpd/user_conf and then log on as the user "chris", then vsftpd will apply the settings in the file -.BR /etc/vsftpd_user_conf/chris +.BR /etc/vsftpd/user_conf/chris for the duration of the session. The format of this file is as detailed in this manual page! PLEASE NOTE that not all settings are effective on a per-user basis. For example, many settings only prior to the user's session @@ -968,7 +968,7 @@ This option is the name of the file loaded when the .BR userlist_enable option is active. -Default: /etc/vsftpd.user_list +Default: /etc/vsftpd/user_list .TP .B vsftpd_log_file This option is the name of the file to which we write the vsftpd style