search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vsftpd 2.3.5
[tomato.git] / release / src-rt-6.x.4708 / router / vsftpd / sysdeputil.c
blob9dc8a5e7d927f517857caf23161843c02f6691b1
1 /*
2 * Part of Very Secure FTPd
3 * Licence: GPL v2
4 * Author: Chris Evans
5 * sysdeputil.c
6 *
7 * Highly system dependent utilities - e.g. authentication, capabilities.
8 */
9
10 #include "sysdeputil.h"
11 #include "str.h"
12 #include "sysutil.h"
13 #include "utility.h"
14 #include "secbuf.h"
15 #include "defs.h"
16 #include "tunables.h"
17 #include "builddefs.h"
18
19 /* For Linux, this adds nothing :-) */
20 #include "port/porting_junk.h"
21
22 #if (defined(__FreeBSD__) && __FreeBSD__ >= 3)
23 #define _FILE_OFFSET_BITS 64
24 #define _LARGEFILE_SOURCE 1
25 #define _LARGEFILE64_SOURCE 1
26 #endif
27
28 /* For INT_MAX */
29 #include <limits.h>
30
31 /* For fd passing */
32 #include <sys/types.h>
33 #include <sys/socket.h>
34 /* For FreeBSD */
35 #include <sys/param.h>
36 #include <sys/uio.h>
37
38 #include <sys/prctl.h>
39 #include <signal.h>
40
41 /* Configuration.. here are the possibilities */
42 #undef VSF_SYSDEP_HAVE_CAPABILITIES
43 #undef VSF_SYSDEP_HAVE_SETKEEPCAPS
44 #undef VSF_SYSDEP_HAVE_SETPDEATHSIG
45 #undef VSF_SYSDEP_HAVE_LINUX_SENDFILE
46 #undef VSF_SYSDEP_HAVE_FREEBSD_SENDFILE
47 #undef VSF_SYSDEP_HAVE_HPUX_SENDFILE
48 #undef VSF_SYSDEP_HAVE_AIX_SENDFILE
49 #undef VSF_SYSDEP_HAVE_SETPROCTITLE
50 #undef VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK
51 #undef VSF_SYSDEP_HAVE_HPUX_SETPROCTITLE
52 #undef VSF_SYSDEP_HAVE_MAP_ANON
53 #undef VSF_SYSDEP_NEED_OLD_FD_PASSING
54 #undef VSF_SYSDEP_HAVE_LINUX_CLONE
55 #ifdef VSF_BUILD_PAM
56 #define VSF_SYSDEP_HAVE_PAM
57 #endif
58 #define VSF_SYSDEP_HAVE_SHADOW
59 #define VSF_SYSDEP_HAVE_USERSHELL
60 #define VSF_SYSDEP_HAVE_LIBCAP
61 #define VSF_SYSDEP_HAVE_UTMPX
62
63 #define __USE_GNU
64 #include <utmpx.h>
65
66 /* BEGIN config */
67 #if defined(__linux__)
68 #include <errno.h>
69 #include <syscall.h>
70 #define VSF_SYSDEP_HAVE_LINUX_CLONE
71 #include <sched.h>
72 #ifndef CLONE_NEWPID
73 #define CLONE_NEWPID 0x20000000
74 #endif
75 #ifndef CLONE_NEWIPC
76 #define CLONE_NEWIPC 0x08000000
77 #endif
78 #ifndef CLONE_NEWNET
79 #define CLONE_NEWNET 0x40000000
80 #endif
81 #include <linux/unistd.h>
82 #include <errno.h>
83 #include <syscall.h>
84 #endif
85
86 #if defined(__linux__) && !defined(__ia64__) && !defined(__s390__)
87 #define VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK
88 #include <linux/version.h>
89 #if defined(LINUX_VERSION_CODE) && defined(KERNEL_VERSION)
90 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,0))
91 #define VSF_SYSDEP_HAVE_CAPABILITIES
92 #define VSF_SYSDEP_HAVE_LINUX_SENDFILE
93 #ifdef PR_SET_KEEPCAPS
94 #define VSF_SYSDEP_HAVE_SETKEEPCAPS
95 #endif
96 #ifdef PR_SET_PDEATHSIG
97 #define VSF_SYSDEP_HAVE_SETPDEATHSIG
98 #endif
99 #endif
100 #endif
101 #endif
102
103 #if (defined(__FreeBSD__) && __FreeBSD__ >= 3)
104 #define VSF_SYSDEP_HAVE_FREEBSD_SENDFILE
105 #define VSF_SYSDEP_HAVE_SETPROCTITLE
106 #endif
107
108 #if defined(__NetBSD__)
109 #include <stdlib.h>
110 #define VSF_SYSDEP_HAVE_SETPROCTITLE
111 #include <sys/param.h>
112 #if __NetBSD_Version__ >= 106070000
113 #define WTMPX_FILE _PATH_WTMPX
114 #else
115 #undef VSF_SYSDEP_HAVE_UTMPX
116 #endif
117 #endif
118
119 #ifdef __hpux
120 #include <sys/socket.h>
121 #ifdef SF_DISCONNECT
122 #define VSF_SYSDEP_HAVE_HPUX_SENDFILE
123 #endif
124 #include <sys/param.h>
125 #include <sys/pstat.h>
126 #ifdef PSTAT_SETCMD
127 #define VSF_SYSDEP_HAVE_HPUX_SETPROCTITLE
128 #endif
129 #undef VSF_SYSDEP_HAVE_UTMPX
130 #endif
131
132 #include <unistd.h>
133 #include <sys/mman.h>
134 #ifdef MAP_ANON
135 #define VSF_SYSDEP_HAVE_MAP_ANON
136 #endif
137
138 #ifdef __sgi
139 #undef VSF_SYSDEP_HAVE_USERSHELL
140 #undef VSF_SYSDEP_HAVE_LIBCAP
141 #endif
142
143 #ifdef _AIX
144 #undef VSF_SYSDEP_HAVE_USERSHELL
145 #undef VSF_SYSDEP_HAVE_LIBCAP
146 #undef VSF_SYSDEP_HAVE_UTMPX
147 #undef VSF_SYSDEP_HAVE_PAM
148 #undef VSF_SYSDEP_HAVE_SHADOW
149 #undef VSF_SYSDEP_HAVE_SETPROCTITLE
150 #define VSF_SYSDEP_HAVE_AIX_SENDFILE
151 #define VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK
152 #define VSF_SYSDEP_HAVE_MAP_ANON
153 #endif
154
155 #ifdef __osf__
156 #undef VSF_SYSDEP_HAVE_USERSHELL
157 #endif
158
159 #if (defined(__sgi) || defined(__hpux) || defined(__osf__))
160 #define VSF_SYSDEP_NEED_OLD_FD_PASSING
161 #endif
162
163 #ifdef __sun
164 #define VSF_SYSDEP_HAVE_SOLARIS_SENDFILE
165 #endif
166 /* END config */
167
168 /* PAM support - we include our own dummy version if the system lacks this */
169 #include <security/pam_appl.h>
170
171 /* No PAM? Try getspnam() with a getpwnam() fallback */
172 #ifndef VSF_SYSDEP_HAVE_PAM
173 /* This may hit our own "dummy" include and undef VSF_SYSDEP_HAVE_SHADOW */
174 #include <shadow.h>
175 #include <pwd.h>
176 #include <unistd.h>
177 #include <crypt.h>
178 #endif
179
180 /* Prefer libcap based capabilities over raw syscall capabilities */
181 #include <sys/capability.h>
182
183 #if defined(VSF_SYSDEP_HAVE_CAPABILITIES) && !defined(VSF_SYSDEP_HAVE_LIBCAP)
184 #include <linux/unistd.h>
185 #include <linux/capability.h>
186 #include <errno.h>
187 #include <syscall.h>
188 int capset(cap_user_header_t header, const cap_user_data_t data)
189 {
190 return syscall(__NR_capset, header, data);
191 }
192 /* Gross HACK to avoid warnings - linux headers overlap glibc headers */
193 #undef __NFDBITS
194 #undef __FDMASK
195 #endif /* VSF_SYSDEP_HAVE_CAPABILITIES */
196
197 #if defined(VSF_SYSDEP_HAVE_LINUX_SENDFILE) || \
198 defined(VSF_SYSDEP_HAVE_SOLARIS_SENDFILE)
199 #include <sys/sendfile.h>
200 #elif defined(VSF_SYSDEP_HAVE_FREEBSD_SENDFILE)
201 #include <sys/types.h>
202 #include <sys/socket.h>
203 #elif defined(VSF_SYSDEP_HAVE_HPUX_SENDFILE)
204 #include <sys/socket.h>
205 #else /* VSF_SYSDEP_HAVE_LINUX_SENDFILE */
206 #include <unistd.h>
207 #endif /* VSF_SYSDEP_HAVE_LINUX_SENDFILE */
208
209 #ifdef VSF_SYSDEP_HAVE_SETPROCTITLE
210 #include <sys/types.h>
211 #include <unistd.h>
212 #endif
213
214 #ifdef VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK
215 extern char** environ;
216 static unsigned int s_proctitle_space = 0;
217 static int s_proctitle_inited = 0;
218 static char* s_p_proctitle = 0;
219 #endif
220
221 #ifndef VSF_SYSDEP_HAVE_MAP_ANON
222 #include <sys/types.h>
223 #include <sys/stat.h>
224 #include <fcntl.h>
225 static int s_zero_fd = -1;
226 #endif
227
228 /* File private functions/variables */
229 static int do_sendfile(const int out_fd, const int in_fd,
230 unsigned int num_send, filesize_t start_pos);
231 static void vsf_sysutil_setproctitle_internal(const char* p_text);
232 static struct mystr s_proctitle_prefix_str;
233
234 /* These two aren't static to avoid OpenBSD build warnings. */
235 void vsf_insert_uwtmp(const struct mystr* p_user_str,
236 const struct mystr* p_host_str);
237 void vsf_remove_uwtmp(void);
238
239 #ifndef VSF_SYSDEP_HAVE_PAM
240 int
241 vsf_sysdep_check_auth(struct mystr* p_user_str,
242 const struct mystr* p_pass_str,
243 const struct mystr* p_remote_host)
244 {
245 const char* p_crypted;
246 const struct passwd* p_pwd = getpwnam(str_getbuf(p_user_str));
247 (void) p_remote_host;
248 if (p_pwd == NULL)
249 {
250 return 0;
251 }
252 #ifdef VSF_SYSDEP_HAVE_USERSHELL
253 if (tunable_check_shell)
254 {
255 const char* p_shell;
256 while ((p_shell = getusershell()) != NULL)
257 {
258 if (!vsf_sysutil_strcmp(p_shell, p_pwd->pw_shell))
259 {
260 break;
261 }
262 }
263 endusershell();
264 if (p_shell == NULL)
265 {
266 return 0;
267 }
268 }
269 #endif
270 #ifdef VSF_SYSDEP_HAVE_SHADOW
271 {
272 const struct spwd* p_spwd = getspnam(str_getbuf(p_user_str));
273 if (p_spwd != NULL)
274 {
275 long curr_time = vsf_sysutil_get_time_sec();
276 int days;
277 days = curr_time / (60 * 60 * 24);
278 if (p_spwd->sp_expire > 0 && p_spwd->sp_expire < days)
279 {
280 return 0;
281 }
282 if (p_spwd->sp_lstchg > 0 && p_spwd->sp_max > 0 &&
283 p_spwd->sp_lstchg + p_spwd->sp_max < days)
284 {
285 return 0;
286 }
287 p_crypted = crypt(str_getbuf(p_pass_str), p_spwd->sp_pwdp);
288 if (!vsf_sysutil_strcmp(p_crypted, p_spwd->sp_pwdp))
289 {
290 return 1;
291 }
292 }
293 }
294 #endif /* VSF_SYSDEP_HAVE_SHADOW */
295 p_crypted = crypt(str_getbuf(p_pass_str), p_pwd->pw_passwd);
296 if (!vsf_sysutil_strcmp(p_crypted, p_pwd->pw_passwd))
297 {
298 return 1;
299 }
300 return 0;
301 }
302
303 #else /* VSF_SYSDEP_HAVE_PAM */
304
305 #if (defined(__sun) || defined(__hpux)) && \
306 !defined(LINUX_PAM) && !defined(_OPENPAM)
307 /* Sun's PAM doesn't use const here, while Linux-PAM and OpenPAM do */
308 #define lo_const
309 #else
310 #define lo_const const
311 #endif
312 typedef lo_const void* pam_item_t;
313
314 static pam_handle_t* s_pamh;
315 static struct mystr s_pword_str;
316 static int pam_conv_func(int nmsg, const struct pam_message** p_msg,
317 struct pam_response** p_reply, void* p_addata);
318 static void vsf_auth_shutdown(void);
319
320 int
321 vsf_sysdep_check_auth(struct mystr* p_user_str,
322 const struct mystr* p_pass_str,
323 const struct mystr* p_remote_host)
324 {
325 int retval;
326 pam_item_t item;
327 const char* pam_user_name = 0;
328 struct pam_conv the_conv =
329 {
330 &pam_conv_func,
331 0
332 };
333 if (s_pamh != 0)
334 {
335 bug("vsf_sysdep_check_auth");
336 }
337 str_copy(&s_pword_str, p_pass_str);
338 retval = pam_start(tunable_pam_service_name,
339 str_getbuf(p_user_str), &the_conv, &s_pamh);
340 if (retval != PAM_SUCCESS)
341 {
342 s_pamh = 0;
343 return 0;
344 }
345 #ifdef PAM_RHOST
346 retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
347 if (retval != PAM_SUCCESS)
348 {
349 (void) pam_end(s_pamh, retval);
350 s_pamh = 0;
351 return 0;
352 }
353 #endif
354 #ifdef PAM_TTY
355 retval = pam_set_item(s_pamh, PAM_TTY, "ftp");
356 if (retval != PAM_SUCCESS)
357 {
358 (void) pam_end(s_pamh, retval);
359 s_pamh = 0;
360 return 0;
361 }
362 #endif
363 #ifdef PAM_RUSER
364 retval = pam_set_item(s_pamh, PAM_RUSER, str_getbuf(p_user_str));
365 if (retval != PAM_SUCCESS)
366 {
367 (void) pam_end(s_pamh, retval);
368 s_pamh = 0;
369 return 0;
370 }
371 #endif
372 retval = pam_authenticate(s_pamh, 0);
373 if (retval != PAM_SUCCESS)
374 {
375 (void) pam_end(s_pamh, retval);
376 s_pamh = 0;
377 return 0;
378 }
379 #ifdef PAM_USER
380 retval = pam_get_item(s_pamh, PAM_USER, &item);
381 if (retval != PAM_SUCCESS)
382 {
383 (void) pam_end(s_pamh, retval);
384 s_pamh = 0;
385 return 0;
386 }
387 pam_user_name = item;
388 str_alloc_text(p_user_str, pam_user_name);
389 #endif
390 retval = pam_acct_mgmt(s_pamh, 0);
391 if (retval != PAM_SUCCESS)
392 {
393 (void) pam_end(s_pamh, retval);
394 s_pamh = 0;
395 return 0;
396 }
397 retval = pam_setcred(s_pamh, PAM_ESTABLISH_CRED);
398 if (retval != PAM_SUCCESS)
399 {
400 (void) pam_end(s_pamh, retval);
401 s_pamh = 0;
402 return 0;
403 }
404 if (!tunable_session_support)
405 {
406 /* You're in already! */
407 (void) pam_end(s_pamh, retval);
408 s_pamh = 0;
409 return 1;
410 }
411 /* Must do this BEFORE opening a session for pam_limits to count us */
412 vsf_insert_uwtmp(p_user_str, p_remote_host);
413 retval = pam_open_session(s_pamh, 0);
414 if (retval != PAM_SUCCESS)
415 {
416 vsf_remove_uwtmp();
417 (void) pam_setcred(s_pamh, PAM_DELETE_CRED);
418 (void) pam_end(s_pamh, retval);
419 s_pamh = 0;
420 return 0;
421 }
422 /* We MUST ensure the PAM session, utmp, wtmp etc. are cleaned up, however
423 * we exit.
424 */
425 vsf_sysutil_set_exit_func(vsf_auth_shutdown);
426 /* You're in dude */
427 return 1;
428 }
429
430 static void
431 vsf_auth_shutdown(void)
432 {
433 if (s_pamh == 0)
434 {
435 bug("vsf_auth_shutdown");
436 }
437 (void) pam_close_session(s_pamh, 0);
438 (void) pam_setcred(s_pamh, PAM_DELETE_CRED);
439 (void) pam_end(s_pamh, PAM_SUCCESS);
440 s_pamh = 0;
441 vsf_remove_uwtmp();
442 }
443
444 static int
445 pam_conv_func(int nmsg, const struct pam_message** p_msg,
446 struct pam_response** p_reply, void* p_addata)
447 {
448 int i;
449 struct pam_response* p_resps = 0;
450 (void) p_addata;
451 if (nmsg < 0)
452 {
453 bug("dodgy nmsg in pam_conv_func");
454 }
455 p_resps = vsf_sysutil_malloc(sizeof(struct pam_response) * nmsg);
456 for (i=0; i<nmsg; i++)
457 {
458 switch (p_msg[i]->msg_style)
459 {
460 case PAM_PROMPT_ECHO_OFF:
461 p_resps[i].resp_retcode = PAM_SUCCESS;
462 p_resps[i].resp = (char*) str_strdup(&s_pword_str);
463 break;
464 case PAM_TEXT_INFO:
465 case PAM_ERROR_MSG:
466 p_resps[i].resp_retcode = PAM_SUCCESS;
467 p_resps[i].resp = 0;
468 break;
469 case PAM_PROMPT_ECHO_ON:
470 default:
471 vsf_sysutil_free(p_resps);
472 return PAM_CONV_ERR;
473 break;
474 }
475 }
476 *p_reply = p_resps;
477 return PAM_SUCCESS;
478 }
479
480 #endif /* VSF_SYSDEP_HAVE_PAM */
481
482 /* Capabilities support (or lack thereof) */
483 void
484 vsf_sysdep_keep_capabilities(void)
485 {
486 if (!vsf_sysdep_has_capabilities_as_non_root())
487 {
488 bug("asked to keep capabilities, but no support exists");
489 }
490 #ifdef VSF_SYSDEP_HAVE_SETKEEPCAPS
491 {
492 int retval = prctl(PR_SET_KEEPCAPS, 1);
493 if (vsf_sysutil_retval_is_error(retval))
494 {
495 die("prctl");
496 }
497 }
498 #endif /* VSF_SYSDEP_HAVE_SETKEEPCAPS */
499 }
500 #if !defined(VSF_SYSDEP_HAVE_CAPABILITIES) && !defined(VSF_SYSDEP_HAVE_LIBCAP)
501
502 int
503 vsf_sysdep_has_capabilities(void)
504 {
505 return 0;
506 }
507
508 int
509 vsf_sysdep_has_capabilities_as_non_root(void)
510 {
511 return 0;
512 }
513
514 void
515 vsf_sysdep_adopt_capabilities(unsigned int caps)
516 {
517 (void) caps;
518 bug("asked to adopt capabilities, but no support exists");
519 }
520
521 #else /* VSF_SYSDEP_HAVE_CAPABILITIES || VSF_SYSDEP_HAVE_LIBCAP */
522
523 static int do_checkcap(void);
524
525 int
526 vsf_sysdep_has_capabilities_as_non_root(void)
527 {
528 static int s_prctl_checked;
529 static int s_runtime_prctl_works;
530 if (!s_prctl_checked)
531 {
532 #ifdef VSF_SYSDEP_HAVE_SETKEEPCAPS
533 /* Clarity: note embedded call to prctl() syscall */
534 if (!vsf_sysutil_retval_is_error(prctl(PR_SET_KEEPCAPS, 0)))
535 {
536 s_runtime_prctl_works = 1;
537 }
538 #endif /* VSF_SYSDEP_HAVE_SETKEEPCAPS */
539 s_prctl_checked = 1;
540 }
541 return s_runtime_prctl_works;
542 }
543
544 int
545 vsf_sysdep_has_capabilities(void)
546 {
547 /* Even though compiled with capabilities, the runtime system may lack them.
548 * Also, RH7.0 kernel headers advertise a 2.4.0 box, but on a 2.2.x kernel!
549 */
550 static int s_caps_checked;
551 static int s_runtime_has_caps;
552 if (!s_caps_checked)
553 {
554 s_runtime_has_caps = do_checkcap();
555 s_caps_checked = 1;
556 }
557 return s_runtime_has_caps;
558 }
559
560 #ifndef VSF_SYSDEP_HAVE_LIBCAP
561 static int
562 do_checkcap(void)
563 {
564 /* EFAULT (EINVAL if page 0 mapped) vs. ENOSYS */
565 int retval = capset(0, 0);
566 if (!vsf_sysutil_retval_is_error(retval) ||
567 vsf_sysutil_get_error() != kVSFSysUtilErrNOSYS)
568 {
569 return 1;
570 }
571 return 0;
572 }
573
574 void
575 vsf_sysdep_adopt_capabilities(unsigned int caps)
576 {
577 /* n.b. yes I know I should be using libcap!! */
578 int retval;
579 struct __user_cap_header_struct cap_head;
580 struct __user_cap_data_struct cap_data;
581 __u32 cap_mask = 0;
582 if (!caps)
583 {
584 bug("asked to adopt no capabilities");
585 }
586 vsf_sysutil_memclr(&cap_head, sizeof(cap_head));
587 vsf_sysutil_memclr(&cap_data, sizeof(cap_data));
588 cap_head.version = _LINUX_CAPABILITY_VERSION;
589 cap_head.pid = 0;
590 if (caps & kCapabilityCAP_CHOWN)
591 {
592 cap_mask |= (1 << CAP_CHOWN);
593 }
594 if (caps & kCapabilityCAP_NET_BIND_SERVICE)
595 {
596 cap_mask |= (1 << CAP_NET_BIND_SERVICE);
597 }
598 cap_data.effective = cap_data.permitted = cap_mask;
599 cap_data.inheritable = 0;
600 retval = capset(&cap_head, &cap_data);
601 if (retval != 0)
602 {
603 die("capset");
604 }
605 }
606
607 #else /* VSF_SYSDEP_HAVE_LIBCAP */
608 static int
609 do_checkcap(void)
610 {
611 cap_t current_caps = cap_get_proc();
612 cap_free(current_caps);
613 if (current_caps != NULL)
614 {
615 return 1;
616 }
617 return 0;
618 }
619
620 void
621 vsf_sysdep_adopt_capabilities(unsigned int caps)
622 {
623 int retval;
624 cap_value_t cap_value;
625 cap_t adopt_caps = cap_init();
626 if (caps & kCapabilityCAP_CHOWN)
627 {
628 cap_value = CAP_CHOWN;
629 cap_set_flag(adopt_caps, CAP_EFFECTIVE, 1, &cap_value, CAP_SET);
630 cap_set_flag(adopt_caps, CAP_PERMITTED, 1, &cap_value, CAP_SET);
631 }
632 if (caps & kCapabilityCAP_NET_BIND_SERVICE)
633 {
634 cap_value = CAP_NET_BIND_SERVICE;
635 cap_set_flag(adopt_caps, CAP_EFFECTIVE, 1, &cap_value, CAP_SET);
636 cap_set_flag(adopt_caps, CAP_PERMITTED, 1, &cap_value, CAP_SET);
637 }
638 retval = cap_set_proc(adopt_caps);
639 if (retval != 0)
640 {
641 die("cap_set_proc");
642 }
643 cap_free(adopt_caps);
644 }
645
646 #endif /* !VSF_SYSDEP_HAVE_LIBCAP */
647 #endif /* VSF_SYSDEP_HAVE_CAPABILITIES || VSF_SYSDEP_HAVE_LIBCAP */
648
649 int
650 vsf_sysutil_sendfile(const int out_fd, const int in_fd,
651 filesize_t* p_offset, filesize_t num_send,
652 unsigned int max_chunk)
653 {
654 /* Grr - why is off_t signed? */
655 if (*p_offset < 0 || num_send < 0)
656 {
657 die("invalid offset or send count in vsf_sysutil_sendfile");
658 }
659 if (max_chunk == 0)
660 {
661 max_chunk = INT_MAX;
662 }
663 while (num_send > 0)
664 {
665 int retval;
666 unsigned int send_this_time;
667 if (num_send > max_chunk)
668 {
669 send_this_time = max_chunk;
670 }
671 else
672 {
673 send_this_time = (unsigned int) num_send;
674 }
675 /* Keep input file position in line with sendfile() calls */
676 vsf_sysutil_lseek_to(in_fd, *p_offset);
677 retval = do_sendfile(out_fd, in_fd, send_this_time, *p_offset);
678 if (vsf_sysutil_retval_is_error(retval) || retval == 0)
679 {
680 return retval;
681 }
682 num_send -= retval;
683 *p_offset += retval;
684 }
685 return 0;
686 }
687
688 static int do_sendfile(const int out_fd, const int in_fd,
689 unsigned int num_send, filesize_t start_pos)
690 {
691 /* Probably should one day be shared with instance in ftpdataio.c */
692 static char* p_recvbuf;
693 unsigned int total_written = 0;
694 int retval;
695 enum EVSFSysUtilError error;
696 (void) start_pos;
697 (void) error;
698 #if defined(VSF_SYSDEP_HAVE_LINUX_SENDFILE) || \
699 defined(VSF_SYSDEP_HAVE_FREEBSD_SENDFILE) || \
700 defined(VSF_SYSDEP_HAVE_HPUX_SENDFILE) || \
701 defined(VSF_SYSDEP_HAVE_AIX_SENDFILE) || \
702 defined(VSF_SYSDEP_HAVE_SOLARIS_SENDFILE)
703 if (tunable_use_sendfile)
704 {
705 static int s_sendfile_checked;
706 static int s_runtime_sendfile_works;
707 if (!s_sendfile_checked || s_runtime_sendfile_works)
708 {
709 do
710 {
711 #ifdef VSF_SYSDEP_HAVE_LINUX_SENDFILE
712 retval = sendfile(out_fd, in_fd, NULL, num_send);
713 #elif defined(VSF_SYSDEP_HAVE_FREEBSD_SENDFILE)
714 {
715 /* XXX - start_pos will truncate on 32-bit machines - can we
716 * say "start from current pos"?
717 */
718 off_t written = 0;
719 retval = sendfile(in_fd, out_fd, start_pos, num_send, NULL,
720 &written, 0);
721 /* Translate to Linux-like retval */
722 if (written > 0)
723 {
724 retval = (int) written;
725 }
726 }
727 #elif defined(VSF_SYSDEP_HAVE_SOLARIS_SENDFILE)
728 {
729 size_t written = 0;
730 struct sendfilevec the_vec;
731 vsf_sysutil_memclr(&the_vec, sizeof(the_vec));
732 the_vec.sfv_fd = in_fd;
733 the_vec.sfv_off = start_pos;
734 the_vec.sfv_len = num_send;
735 retval = sendfilev(out_fd, &the_vec, 1, &written);
736 /* Translate to Linux-like retval */
737 if (written > 0)
738 {
739 retval = (int) written;
740 }
741 }
742 #elif defined(VSF_SYSDEP_HAVE_AIX_SENDFILE)
743 {
744 struct sf_parms sf_iobuf;
745 vsf_sysutil_memclr(&sf_iobuf, sizeof(sf_iobuf));
746 sf_iobuf.header_data = NULL;
747 sf_iobuf.header_length = 0;
748 sf_iobuf.trailer_data = NULL;
749 sf_iobuf.trailer_length = 0;
750 sf_iobuf.file_descriptor = in_fd;
751 sf_iobuf.file_offset = start_pos;
752 sf_iobuf.file_bytes = num_send;
753
754 retval = send_file((int*)&out_fd, &sf_iobuf, 0);
755 if (retval >= 0)
756 {
757 retval = sf_iobuf.bytes_sent;
758 }
759 }
760 #else /* must be VSF_SYSDEP_HAVE_HPUX_SENDFILE */
761 {
762 retval = sendfile(out_fd, in_fd, start_pos, num_send, NULL, 0);
763 }
764 #endif /* VSF_SYSDEP_HAVE_LINUX_SENDFILE */
765 error = vsf_sysutil_get_error();
766 vsf_sysutil_check_pending_actions(kVSFSysUtilIO, retval, out_fd);
767 }
768 while (vsf_sysutil_retval_is_error(retval) &&
769 error == kVSFSysUtilErrINTR);
770 if (!s_sendfile_checked)
771 {
772 s_sendfile_checked = 1;
773 if (!vsf_sysutil_retval_is_error(retval) ||
774 error != kVSFSysUtilErrNOSYS)
775 {
776 s_runtime_sendfile_works = 1;
777 }
778 }
779 if (!vsf_sysutil_retval_is_error(retval))
780 {
781 return retval;
782 }
783 if (s_runtime_sendfile_works && error != kVSFSysUtilErrINVAL &&
784 error != kVSFSysUtilErrOPNOTSUPP)
785 {
786 return retval;
787 }
788 /* Fall thru to normal implementation. We won't check again. NOTE -
789 * also falls through if sendfile() is OK but it returns EINVAL. For
790 * Linux this means the file was not page cache backed. Original
791 * complaint was trying to serve files from an NTFS filesystem!
792 */
793 }
794 }
795 #endif /* VSF_SYSDEP_HAVE_LINUX_SENDFILE || VSF_SYSDEP_HAVE_FREEBSD_SENDFILE */
796 if (p_recvbuf == 0)
797 {
798 vsf_secbuf_alloc(&p_recvbuf, VSFTP_DATA_BUFSIZE);
799 }
800 while (1)
801 {
802 unsigned int num_read;
803 unsigned int num_written;
804 unsigned int num_read_this_time = VSFTP_DATA_BUFSIZE;
805 if (num_read_this_time > num_send)
806 {
807 num_read_this_time = num_send;
808 }
809 retval = vsf_sysutil_read(in_fd, p_recvbuf, num_read_this_time);
810 if (retval < 0)
811 {
812 return retval;
813 }
814 else if (retval == 0)
815 {
816 return -1;
817 }
818 num_read = (unsigned int) retval;
819 retval = vsf_sysutil_write_loop(out_fd, p_recvbuf, num_read);
820 if (retval < 0)
821 {
822 return retval;
823 }
824 num_written = (unsigned int) retval;
825 total_written += num_written;
826 if (num_written != num_read)
827 {
828 return num_written;
829 }
830 if (num_written > num_send)
831 {
832 bug("num_written bigger than num_send in do_sendfile");
833 }
834 num_send -= num_written;
835 if (num_send == 0)
836 {
837 /* Bingo! */
838 return total_written;
839 }
840 }
841 }
842
843 void
844 vsf_sysutil_set_proctitle_prefix(const struct mystr* p_str)
845 {
846 str_copy(&s_proctitle_prefix_str, p_str);
847 }
848
849 /* This delegation is common to all setproctitle() implementations */
850 void
851 vsf_sysutil_setproctitle_str(const struct mystr* p_str)
852 {
853 vsf_sysutil_setproctitle(str_getbuf(p_str));
854 }
855
856 void
857 vsf_sysutil_setproctitle(const char* p_text)
858 {
859 struct mystr proctitle_str = INIT_MYSTR;
860 str_copy(&proctitle_str, &s_proctitle_prefix_str);
861 if (!str_isempty(&proctitle_str))
862 {
863 str_append_text(&proctitle_str, ": ");
864 }
865 str_append_text(&proctitle_str, p_text);
866 vsf_sysutil_setproctitle_internal(str_getbuf(&proctitle_str));
867 str_free(&proctitle_str);
868 }
869
870 #ifdef VSF_SYSDEP_HAVE_SETPROCTITLE
871 void
872 vsf_sysutil_setproctitle_init(int argc, const char* argv[])
873 {
874 (void) argc;
875 (void) argv;
876 }
877
878 void
879 vsf_sysutil_setproctitle_internal(const char* p_buf)
880 {
881 setproctitle("%s", p_buf);
882 }
883 #elif defined(VSF_SYSDEP_HAVE_HPUX_SETPROCTITLE)
884 void
885 vsf_sysutil_setproctitle_init(int argc, const char* argv[])
886 {
887 (void) argc;
888 (void) argv;
889 }
890
891 void
892 vsf_sysutil_setproctitle_internal(const char* p_buf)
893 {
894 struct mystr proctitle_str = INIT_MYSTR;
895 union pstun p;
896 str_alloc_text(&proctitle_str, "vsftpd: ");
897 str_append_text(&proctitle_str, p_buf);
898 p.pst_command = str_getbuf(&proctitle_str);
899 pstat(PSTAT_SETCMD, p, 0, 0, 0);
900 str_free(&proctitle_str);
901 }
902 #elif defined(VSF_SYSDEP_TRY_LINUX_SETPROCTITLE_HACK)
903 void
904 vsf_sysutil_setproctitle_init(int argc, const char* argv[])
905 {
906 int i;
907 char** p_env = environ;
908 if (s_proctitle_inited)
909 {
910 bug("vsf_sysutil_setproctitle_init called twice");
911 }
912 s_proctitle_inited = 1;
913 if (argv[0] == 0)
914 {
915 die("no argv[0] in vsf_sysutil_setproctitle_init");
916 }
917 for (i=0; i<argc; i++)
918 {
919 s_proctitle_space += vsf_sysutil_strlen(argv[i]) + 1;
920 if (i > 0)
921 {
922 argv[i] = 0;
923 }
924 }
925 while (*p_env != 0)
926 {
927 s_proctitle_space += vsf_sysutil_strlen(*p_env) + 1;
928 p_env++;
929 }
930 /* Oops :-) */
931 environ = 0;
932 s_p_proctitle = (char*) argv[0];
933 vsf_sysutil_memclr(s_p_proctitle, s_proctitle_space);
934 }
935
936 void
937 vsf_sysutil_setproctitle_internal(const char* p_buf)
938 {
939 struct mystr proctitle_str = INIT_MYSTR;
940 unsigned int to_copy;
941 if (!s_proctitle_inited)
942 {
943 bug("vsf_sysutil_setproctitle: not initialized");
944 }
945 vsf_sysutil_memclr(s_p_proctitle, s_proctitle_space);
946 if (s_proctitle_space < 32)
947 {
948 return;
949 }
950 str_alloc_text(&proctitle_str, "vsftpd: ");
951 str_append_text(&proctitle_str, p_buf);
952 to_copy = str_getlen(&proctitle_str);
953 if (to_copy > s_proctitle_space - 1)
954 {
955 to_copy = s_proctitle_space - 1;
956 }
957 vsf_sysutil_memcpy(s_p_proctitle, str_getbuf(&proctitle_str), to_copy);
958 str_free(&proctitle_str);
959 s_p_proctitle[to_copy] = '\0';
960 }
961 #else /* VSF_SYSDEP_HAVE_SETPROCTITLE */
962 void
963 vsf_sysutil_setproctitle_init(int argc, const char* argv[])
964 {
965 (void) argc;
966 (void) argv;
967 }
968
969 void
970 vsf_sysutil_setproctitle_internal(const char* p_buf)
971 {
972 (void) p_buf;
973 }
974 #endif /* VSF_SYSDEP_HAVE_SETPROCTITLE */
975
976 #ifdef VSF_SYSDEP_HAVE_MAP_ANON
977 void
978 vsf_sysutil_map_anon_pages_init(void)
979 {
980 }
981
982 void*
983 vsf_sysutil_map_anon_pages(unsigned int length)
984 {
985 char* retval = mmap(0, length, PROT_READ | PROT_WRITE,
986 MAP_PRIVATE | MAP_ANON, -1, 0);
987 if (retval == MAP_FAILED)
988 {
989 die("mmap");
990 }
991 return retval;
992 }
993 #else /* VSF_SYSDEP_HAVE_MAP_ANON */
994 void
995 vsf_sysutil_map_anon_pages_init(void)
996 {
997 if (s_zero_fd != -1)
998 {
999 bug("vsf_sysutil_map_anon_pages_init called twice");
1000 }
1001 s_zero_fd = open("/dev/zero", O_RDWR);
1002 if (s_zero_fd < 0)
1003 {
1004 die("could not open /dev/zero");
1005 }
1006 }
1007
1008 void*
1009 vsf_sysutil_map_anon_pages(unsigned int length)
1010 {
1011 char* retval = mmap(0, length, PROT_READ | PROT_WRITE,
1012 MAP_PRIVATE, s_zero_fd, 0);
1013 if (retval == MAP_FAILED)
1014 {
1015 die("mmap");
1016 }
1017 return retval;
1018 }
1019 #endif /* VSF_SYSDEP_HAVE_MAP_ANON */
1020
1021 #ifndef VSF_SYSDEP_NEED_OLD_FD_PASSING
1022
1023 void
1024 vsf_sysutil_send_fd(int sock_fd, int send_fd)
1025 {
1026 int retval;
1027 struct msghdr msg;
1028 struct cmsghdr* p_cmsg;
1029 struct iovec vec;
1030 char cmsgbuf[CMSG_SPACE(sizeof(send_fd))];
1031 int* p_fds;
1032 char sendchar = 0;
1033 msg.msg_control = cmsgbuf;
1034 msg.msg_controllen = sizeof(cmsgbuf);
1035 p_cmsg = CMSG_FIRSTHDR(&msg);
1036 p_cmsg->cmsg_level = SOL_SOCKET;
1037 p_cmsg->cmsg_type = SCM_RIGHTS;
1038 p_cmsg->cmsg_len = CMSG_LEN(sizeof(send_fd));
1039 p_fds = (int*)CMSG_DATA(p_cmsg);
1040 *p_fds = send_fd;
1041 msg.msg_controllen = p_cmsg->cmsg_len;
1042 msg.msg_name = NULL;
1043 msg.msg_namelen = 0;
1044 msg.msg_iov = &vec;
1045 msg.msg_iovlen = 1;
1046 msg.msg_flags = 0;
1047 /* "To pass file descriptors or credentials you need to send/read at
1048 * least on byte" (man 7 unix)
1049 */
1050 vec.iov_base = &sendchar;
1051 vec.iov_len = sizeof(sendchar);
1052 retval = sendmsg(sock_fd, &msg, 0);
1053 if (retval != 1)
1054 {
1055 die("sendmsg");
1056 }
1057 }
1058
1059 int
1060 vsf_sysutil_recv_fd(const int sock_fd)
1061 {
1062 int retval;
1063 struct msghdr msg;
1064 char recvchar;
1065 struct iovec vec;
1066 int recv_fd;
1067 char cmsgbuf[CMSG_SPACE(sizeof(recv_fd))];
1068 struct cmsghdr* p_cmsg;
1069 int* p_fd;
1070 vec.iov_base = &recvchar;
1071 vec.iov_len = sizeof(recvchar);
1072 msg.msg_name = NULL;
1073 msg.msg_namelen = 0;
1074 msg.msg_iov = &vec;
1075 msg.msg_iovlen = 1;
1076 msg.msg_control = cmsgbuf;
1077 msg.msg_controllen = sizeof(cmsgbuf);
1078 msg.msg_flags = 0;
1079 /* In case something goes wrong, set the fd to -1 before the syscall */
1080 p_fd = (int*)CMSG_DATA(CMSG_FIRSTHDR(&msg));
1081 *p_fd = -1;
1082 retval = recvmsg(sock_fd, &msg, 0);
1083 if (retval != 1)
1084 {
1085 die("recvmsg");
1086 }
1087 p_cmsg = CMSG_FIRSTHDR(&msg);
1088 if (p_cmsg == NULL)
1089 {
1090 die("no passed fd");
1091 }
1092 /* We used to verify the returned cmsg_level, cmsg_type and cmsg_len here,
1093 * but Linux 2.0 totally uselessly fails to fill these in.
1094 */
1095 p_fd = (int*)CMSG_DATA(p_cmsg);
1096 recv_fd = *p_fd;
1097 if (recv_fd == -1)
1098 {
1099 die("no passed fd");
1100 }
1101 return recv_fd;
1102 }
1103
1104 #else /* !VSF_SYSDEP_NEED_OLD_FD_PASSING */
1105
1106 void
1107 vsf_sysutil_send_fd(int sock_fd, int send_fd)
1108 {
1109 int retval;
1110 char send_char = 0;
1111 struct msghdr msg;
1112 struct iovec vec;
1113 vec.iov_base = &send_char;
1114 vec.iov_len = 1;
1115 msg.msg_name = NULL;
1116 msg.msg_namelen = 0;
1117 msg.msg_iov = &vec;
1118 msg.msg_iovlen = 1;
1119 msg.msg_accrights = (caddr_t) &send_fd;
1120 msg.msg_accrightslen = sizeof(send_fd);
1121 retval = sendmsg(sock_fd, &msg, 0);
1122 if (retval != 1)
1123 {
1124 die("sendmsg");
1125 }
1126 }
1127
1128 int
1129 vsf_sysutil_recv_fd(int sock_fd)
1130 {
1131 int retval;
1132 struct msghdr msg;
1133 struct iovec vec;
1134 char recv_char;
1135 int recv_fd = -1;
1136 vec.iov_base = &recv_char;
1137 vec.iov_len = 1;
1138 msg.msg_name = NULL;
1139 msg.msg_namelen = 0;
1140 msg.msg_iov = &vec;
1141 msg.msg_iovlen = 1;
1142 msg.msg_accrights = (caddr_t) &recv_fd;
1143 msg.msg_accrightslen = sizeof(recv_fd);
1144 retval = recvmsg(sock_fd, &msg, 0);
1145 if (retval != 1)
1146 {
1147 die("recvmsg");
1148 }
1149 if (recv_fd == -1)
1150 {
1151 die("no passed fd");
1152 }
1153 return recv_fd;
1154 }
1155
1156 #endif /* !VSF_SYSDEP_NEED_OLD_FD_PASSING */
1157
1158 #ifndef VSF_SYSDEP_HAVE_UTMPX
1159
1160 void
1161 vsf_insert_uwtmp(const struct mystr* p_user_str,
1162 const struct mystr* p_host_str)
1163 {
1164 (void) p_user_str;
1165 (void) p_host_str;
1166 }
1167
1168 void
1169 vsf_remove_uwtmp(void)
1170 {
1171 }
1172
1173 #else /* !VSF_SYSDEP_HAVE_UTMPX */
1174
1175 /* IMHO, the pam_unix module REALLY should be doing this in its SM component */
1176 /* Statics */
1177 static int s_uwtmp_inserted;
1178 static struct utmpx s_utent;
1179
1180 void
1181 vsf_insert_uwtmp(const struct mystr* p_user_str,
1182 const struct mystr* p_host_str)
1183 {
1184 if (sizeof(s_utent.ut_line) < 16)
1185 {
1186 return;
1187 }
1188 if (s_uwtmp_inserted)
1189 {
1190 bug("vsf_insert_uwtmp");
1191 }
1192 {
1193 struct mystr line_str = INIT_MYSTR;
1194 str_alloc_text(&line_str, "vsftpd:");
1195 str_append_ulong(&line_str, vsf_sysutil_getpid());
1196 if (str_getlen(&line_str) >= sizeof(s_utent.ut_line))
1197 {
1198 str_free(&line_str);
1199 return;
1200 }
1201 vsf_sysutil_strcpy(s_utent.ut_line, str_getbuf(&line_str),
1202 sizeof(s_utent.ut_line));
1203 str_free(&line_str);
1204 }
1205 s_uwtmp_inserted = 1;
1206 s_utent.ut_type = USER_PROCESS;
1207 s_utent.ut_pid = vsf_sysutil_getpid();
1208 vsf_sysutil_strcpy(s_utent.ut_user, str_getbuf(p_user_str),
1209 sizeof(s_utent.ut_user));
1210 vsf_sysutil_strcpy(s_utent.ut_host, str_getbuf(p_host_str),
1211 sizeof(s_utent.ut_host));
1212 s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec();
1213 setutxent();
1214 (void) pututxline(&s_utent);
1215 endutxent();
1216 updwtmpx(WTMPX_FILE, &s_utent);
1217 }
1218
1219 void
1220 vsf_remove_uwtmp(void)
1221 {
1222 if (!s_uwtmp_inserted)
1223 {
1224 return;
1225 }
1226 s_uwtmp_inserted = 0;
1227 s_utent.ut_type = DEAD_PROCESS;
1228 vsf_sysutil_memclr(s_utent.ut_user, sizeof(s_utent.ut_user));
1229 vsf_sysutil_memclr(s_utent.ut_host, sizeof(s_utent.ut_host));
1230 s_utent.ut_tv.tv_sec = 0;
1231 setutxent();
1232 (void) pututxline(&s_utent);
1233 endutxent();
1234 s_utent.ut_tv.tv_sec = vsf_sysutil_get_time_sec();
1235 updwtmpx(WTMPX_FILE, &s_utent);
1236 }
1237
1238 #endif /* !VSF_SYSDEP_HAVE_UTMPX */
1239
1240 void
1241 vsf_set_die_if_parent_dies()
1242 {
1243 #ifdef VSF_SYSDEP_HAVE_SETPDEATHSIG
1244 if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0) != 0)
1245 {
1246 die("prctl");
1247 }
1248 #endif
1249 }
1250
1251 void
1252 vsf_set_term_if_parent_dies()
1253 {
1254 #ifdef VSF_SYSDEP_HAVE_SETPDEATHSIG
1255 if (prctl(PR_SET_PDEATHSIG, SIGTERM, 0, 0, 0) != 0)
1256 {
1257 die("prctl");
1258 }
1259 #endif
1260 }
1261
1262 int
1263 vsf_sysutil_fork_isolate_all_failok()
1264 {
1265 #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
1266 static int cloneflags_work = 1;
1267 if (cloneflags_work)
1268 {
1269 int ret = syscall(__NR_clone,
1270 CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,
1271 NULL);
1272 if (ret != -1 || (errno != EINVAL && errno != EPERM))
1273 {
1274 if (ret == 0)
1275 {
1276 vsf_sysutil_post_fork();
1277 }
1278 return ret;
1279 }
1280 cloneflags_work = 0;
1281 }
1282 #endif
1283 return vsf_sysutil_fork_isolate_failok();
1284 }
1285
1286 int
1287 vsf_sysutil_fork_isolate_failok()
1288 {
1289 #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
1290 static int cloneflags_work = 1;
1291 if (cloneflags_work)
1292 {
1293 int ret = syscall(__NR_clone, CLONE_NEWPID | CLONE_NEWIPC | SIGCHLD, NULL);
1294 if (ret != -1 || (errno != EINVAL && errno != EPERM))
1295 {
1296 if (ret == 0)
1297 {
1298 vsf_sysutil_post_fork();
1299 }
1300 return ret;
1301 }
1302 cloneflags_work = 0;
1303 }
1304 #endif
1305 return vsf_sysutil_fork_failok();
1306 }
1307
1308 int
1309 vsf_sysutil_fork_newnet()
1310 {
1311 #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
1312 static int cloneflags_work = 1;
1313 if (cloneflags_work)
1314 {
1315 int ret = syscall(__NR_clone, CLONE_NEWNET | SIGCHLD, NULL);
1316 if (ret != -1 || (errno != EINVAL && errno != EPERM))
1317 {
1318 if (ret == 0)
1319 {
1320 vsf_sysutil_post_fork();
1321 }
1322 return ret;
1323 }
1324 cloneflags_work = 0;
1325 }
1326 #endif
1327 return vsf_sysutil_fork();
1328 }
1329
1330 int
1331 vsf_sysutil_getpid_nocache(void)
1332 {
1333 #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
1334 /* Need to defeat the glibc pid caching because we need to hit a raw
1335 * sys_clone() above.
1336 */
1337 return syscall(__NR_getpid);
1338 #else
1339 return getpid();
1340 #endif
1341 }
Tomato firmware and modifications.