Example #1
0
int
vsf_privop_get_ftp_port_sock(struct vsf_session* p_sess,
                             unsigned short remote_port,
                             int use_port_sockaddr)
{
  static struct vsf_sysutil_sockaddr* p_sockaddr;
  const struct vsf_sysutil_sockaddr* p_connect_to;
  int retval;
  int i;
  int s = vsf_sysutil_get_ipsock(p_sess->p_local_addr);
  int port = 0;
  if (vsf_sysutil_is_port_reserved(remote_port))
  {
    die("Illegal port request");
  }
  if (tunable_connect_from_port_20)
  {
    port = tunable_ftp_data_port;
  }
  vsf_sysutil_activate_reuseaddr(s);
  /* A report of failure here on Solaris, presumably buggy address reuse
   * support? We'll retry.
   */
  for (i = 0; i < 2; ++i)
  {
    double sleep_for;
    vsf_sysutil_sockaddr_clone(&p_sockaddr, p_sess->p_local_addr);
    vsf_sysutil_sockaddr_set_port(p_sockaddr, port);
    retval = vsf_sysutil_bind(s, p_sockaddr);
    if (retval == 0)
    {
      break;
    }
    if (vsf_sysutil_get_error() != kVSFSysUtilErrADDRINUSE || i == 1)
    {
      die("vsf_sysutil_bind");
    }
    sleep_for = vsf_sysutil_get_random_byte();
    sleep_for /= 256.0;
    sleep_for += 1.0;
    vsf_sysutil_sleep(sleep_for);
  }
  if (use_port_sockaddr)
  {
    p_connect_to = p_sess->p_port_sockaddr;
  }
  else
  {
    vsf_sysutil_sockaddr_set_port(p_sess->p_remote_addr, remote_port);
    p_connect_to = p_sess->p_remote_addr;
  }
  retval = vsf_sysutil_connect_timeout(s, p_connect_to,
                                       tunable_connect_timeout);
  if (vsf_sysutil_retval_is_error(retval))
  {
    vsf_sysutil_close(s);
    s = -1;
  }
  return s;
}
Example #2
0
int
vsf_privop_get_ftp_port_sock(struct vsf_session* p_sess)
{
  static struct vsf_sysutil_sockaddr* p_sockaddr;
  int retval;
  int s = vsf_sysutil_get_ipsock(p_sess->p_local_addr);
  vsf_sysutil_activate_reuseaddr(s);
  vsf_sysutil_sockaddr_clone(&p_sockaddr, p_sess->p_local_addr);
  vsf_sysutil_sockaddr_set_port(p_sockaddr, tunable_ftp_data_port);
  retval = vsf_sysutil_bind(s, p_sockaddr);
  if (retval != 0)
  {
    die("vsf_sysutil_bind");
  }
  return s;
}
Example #3
0
int
vsf_ftpdataio_get_port_fd(struct vsf_session* p_sess)
{
    int retval;
    int remote_fd;
    if (tunable_connect_from_port_20)
    {
        if (tunable_one_process_model)
        {
            remote_fd = vsf_one_process_get_priv_data_sock(p_sess);
        }
        else
        {
            remote_fd = vsf_two_process_get_priv_data_sock(p_sess);
        }
    }
    else
    {
        remote_fd = vsf_sysutil_get_ipsock(p_sess->p_port_sockaddr);
        if (vsf_sysutil_sockaddr_same_family(p_sess->p_port_sockaddr,
                                             p_sess->p_local_addr))
        {
            static struct vsf_sysutil_sockaddr* s_p_addr;
            vsf_sysutil_sockaddr_clone(&s_p_addr, p_sess->p_local_addr);
            retval = vsf_sysutil_bind(remote_fd, s_p_addr);
            if (retval != 0)
            {
                die("vsf_sysutil_bind");
            }
        }
    }
    retval = vsf_sysutil_connect_timeout(remote_fd, p_sess->p_port_sockaddr,
                                         tunable_connect_timeout);
    if (vsf_sysutil_retval_is_error(retval))
    {
        vsf_cmdio_write(p_sess, FTP_BADSENDCONN,
                        "Failed to establish connection.");
        vsf_sysutil_close(remote_fd);
        return -1;
    }
    init_data_sock_params(p_sess, remote_fd);
    return remote_fd;
}
Example #4
0
static void
handle_pasv(struct vsf_session* p_sess)
{
  static struct mystr s_pasv_res_str;
  static struct vsf_sysutil_sockaddr* s_p_sockaddr;
  struct vsf_sysutil_ipv4port listen_port;
  struct vsf_sysutil_ipv4addr listen_ipaddr;
  int bind_retries = 10;
  pasv_cleanup(p_sess);
  port_cleanup(p_sess);
  p_sess->pasv_listen_fd = vsf_sysutil_get_ipv4_sock();
  while (--bind_retries)
  {
    int retval;
    unsigned short the_port;
    double scaled_port;
    /* IPPORT_RESERVED */
    unsigned short min_port = 1024;
    unsigned short max_port = 65535;
    if (tunable_pasv_min_port > min_port && tunable_pasv_min_port < max_port)
    {
      min_port = tunable_pasv_min_port;
    }
    if (tunable_pasv_max_port > min_port && tunable_pasv_max_port < max_port)
    {
      max_port = tunable_pasv_max_port;
    }
    the_port = vsf_sysutil_get_random_byte();
    the_port <<= 8;
    the_port |= vsf_sysutil_get_random_byte();
    scaled_port = (double) min_port;
    scaled_port += ((double) the_port / (double) 65535) *
                   ((double) max_port - min_port);
    the_port = (unsigned short) scaled_port;
    vsf_sysutil_sockaddr_alloc_ipv4(&s_p_sockaddr);
    vsf_sysutil_sockaddr_set_port(s_p_sockaddr,
                                  vsf_sysutil_ipv4port_from_int(the_port));
    /* Bind to same address we got the incoming connect on */
    vsf_sysutil_sockaddr_set_ipaddr(s_p_sockaddr,
      vsf_sysutil_sockaddr_get_ipaddr(p_sess->p_local_addr));
    retval = vsf_sysutil_bind(p_sess->pasv_listen_fd, s_p_sockaddr);
    if (!vsf_sysutil_retval_is_error(retval))
    {
      break;
    }
    if (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE)
    {
      continue;
    }
    die("vsf_sysutil_bind");
  }
  if (!bind_retries)
  {
    die("vsf_sysutil_bind");
  }
  vsf_sysutil_listen(p_sess->pasv_listen_fd, 1);
  /* Get the address of the bound socket, for the port */
  vsf_sysutil_getsockname(p_sess->pasv_listen_fd, &s_p_sockaddr);
  if (tunable_pasv_address != 0)
  {
    /* Report passive address as specified in configuration */
    if (vsf_sysutil_inet_aton(tunable_pasv_address, &listen_ipaddr) == 0)
    {
      die("invalid pasv_address");
    }
  }
  else
  {
    /* Use address of bound socket for passive address */
    listen_ipaddr = vsf_sysutil_sockaddr_get_ipaddr(s_p_sockaddr);
  }
  listen_port = vsf_sysutil_sockaddr_get_port(s_p_sockaddr);
  str_alloc_text(&s_pasv_res_str, "Entering Passive Mode (");
  str_append_ulong(&s_pasv_res_str, listen_ipaddr.data[0]);
  str_append_text(&s_pasv_res_str, ",");
  str_append_ulong(&s_pasv_res_str, listen_ipaddr.data[1]);
  str_append_text(&s_pasv_res_str, ",");
  str_append_ulong(&s_pasv_res_str, listen_ipaddr.data[2]);
  str_append_text(&s_pasv_res_str, ",");
  str_append_ulong(&s_pasv_res_str, listen_ipaddr.data[3]);
  str_append_text(&s_pasv_res_str, ",");
  str_append_ulong(&s_pasv_res_str, listen_port.data[0]);
  str_append_text(&s_pasv_res_str, ",");
  str_append_ulong(&s_pasv_res_str, listen_port.data[1]);
  str_append_text(&s_pasv_res_str, ")");
  vsf_cmdio_write_str(p_sess, FTP_PASVOK, &s_pasv_res_str);
}
Example #5
0
static void
handle_pasv(struct vsf_session* p_sess, int is_epsv)
{
  static struct mystr s_pasv_res_str;
  static struct vsf_sysutil_sockaddr* s_p_sockaddr;
  int bind_retries = 10;
  unsigned short the_port = 0;
  int is_ipv6 = vsf_sysutil_sockaddr_is_ipv6(p_sess->p_local_addr);
  if (is_epsv && !str_isempty(&p_sess->ftp_arg_str))
  {
    int argval;
    str_upper(&p_sess->ftp_arg_str);
    if (str_equal_text(&p_sess->ftp_arg_str, "ALL"))
    {
      p_sess->epsv_all = 1;
      vsf_cmdio_write(p_sess, FTP_EPSVALLOK, "EPSV ALL ok.");
      return;
    }
    argval = vsf_sysutil_atoi(str_getbuf(&p_sess->ftp_arg_str));
    if (!is_ipv6 || argval != 2)
    {
      vsf_cmdio_write(p_sess, FTP_EPSVBAD, "Bad network protocol.");
      return;
    }
  }
  pasv_cleanup(p_sess);
  port_cleanup(p_sess);
  if (is_epsv && is_ipv6)
  {
    p_sess->pasv_listen_fd = vsf_sysutil_get_ipv6_sock();
  }
  else
  {
    p_sess->pasv_listen_fd = vsf_sysutil_get_ipv4_sock();
  }
  vsf_sysutil_activate_reuseaddr(p_sess->pasv_listen_fd);
  while (--bind_retries)
  {
    int retval;
    double scaled_port;
    /* IPPORT_RESERVED */
    unsigned short min_port = 1024;
    unsigned short max_port = 65535;
    if (tunable_pasv_min_port > min_port && tunable_pasv_min_port <= max_port)
    {
      min_port = tunable_pasv_min_port;
    }
    if (tunable_pasv_max_port >= min_port && tunable_pasv_max_port < max_port)
    {
      max_port = tunable_pasv_max_port;
    }
    the_port = vsf_sysutil_get_random_byte();
    the_port <<= 8;
    the_port |= vsf_sysutil_get_random_byte();
    scaled_port = (double) min_port;
    scaled_port += ((double) the_port / (double) 65536) *
                   ((double) max_port - min_port + 1);
    the_port = (unsigned short) scaled_port;
    vsf_sysutil_sockaddr_clone(&s_p_sockaddr, p_sess->p_local_addr);
    vsf_sysutil_sockaddr_set_port(s_p_sockaddr, the_port);
    retval = vsf_sysutil_bind(p_sess->pasv_listen_fd, s_p_sockaddr);
    if (!vsf_sysutil_retval_is_error(retval))
    {
      break;
    }
    if (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE)
    {
      continue;
    }
    die("vsf_sysutil_bind");
  }
  if (!bind_retries)
  {
    die("vsf_sysutil_bind");
  }
  vsf_sysutil_listen(p_sess->pasv_listen_fd, 1);
  if (is_epsv)
  {
    str_alloc_text(&s_pasv_res_str, "Entering Extended Passive Mode (|||");
    str_append_ulong(&s_pasv_res_str, (unsigned long) the_port);
    str_append_text(&s_pasv_res_str, "|)");
    vsf_cmdio_write_str(p_sess, FTP_EPSVOK, &s_pasv_res_str);
    return;
  }
  if (tunable_pasv_address != 0)
  {
    /* Report passive address as specified in configuration */
    if (vsf_sysutil_inet_aton(tunable_pasv_address, s_p_sockaddr) == 0)
    {
      die("invalid pasv_address");
    }
  }
  str_alloc_text(&s_pasv_res_str, "Entering Passive Mode (");
  if (!is_ipv6)
  {
    str_append_text(&s_pasv_res_str, vsf_sysutil_inet_ntop(s_p_sockaddr));
  }
  else
  {
    const void* p_v4addr = vsf_sysutil_sockaddr_ipv6_v4(s_p_sockaddr);
    if (p_v4addr)
    {
      str_append_text(&s_pasv_res_str, vsf_sysutil_inet_ntoa(p_v4addr));
    }
  }
  str_replace_char(&s_pasv_res_str, '.', ',');
  str_append_text(&s_pasv_res_str, ",");
  str_append_ulong(&s_pasv_res_str, the_port >> 8);
  str_append_text(&s_pasv_res_str, ",");
  str_append_ulong(&s_pasv_res_str, the_port & 255);
  str_append_text(&s_pasv_res_str, ")");
  vsf_cmdio_write_str(p_sess, FTP_PASVOK, &s_pasv_res_str);
}
Example #6
0
unsigned short
vsf_privop_pasv_listen(struct vsf_session* p_sess)
{
  static struct vsf_sysutil_sockaddr* s_p_sockaddr;
  int bind_retries = 10;
  unsigned short the_port = 0;
  /* IPPORT_RESERVED */
  unsigned short min_port = 1024;
  unsigned short max_port = 65535;
  int is_ipv6 = vsf_sysutil_sockaddr_is_ipv6(p_sess->p_local_addr);
  if (is_ipv6)
  {
    p_sess->pasv_listen_fd = vsf_sysutil_get_ipv6_sock();
  }
  else
  {
    p_sess->pasv_listen_fd = vsf_sysutil_get_ipv4_sock();
  }
  vsf_sysutil_activate_reuseaddr(p_sess->pasv_listen_fd);

  if (tunable_pasv_min_port > min_port && tunable_pasv_min_port <= max_port)
  {
    min_port = tunable_pasv_min_port;
  }
  if (tunable_pasv_max_port >= min_port && tunable_pasv_max_port < max_port)
  {
    max_port = tunable_pasv_max_port;
  }

  while (--bind_retries)
  {
    int retval;
    double scaled_port;
    the_port = vsf_sysutil_get_random_byte();
    the_port <<= 8;
    the_port |= vsf_sysutil_get_random_byte();
    scaled_port = (double) min_port;
    scaled_port += ((double) the_port / (double) 65536) *
                   ((double) max_port - min_port + 1);
    the_port = (unsigned short) scaled_port;
    vsf_sysutil_sockaddr_clone(&s_p_sockaddr, p_sess->p_local_addr);
    vsf_sysutil_sockaddr_set_port(s_p_sockaddr, the_port);
    retval = vsf_sysutil_bind(p_sess->pasv_listen_fd, s_p_sockaddr);
    if (!vsf_sysutil_retval_is_error(retval))
    {
      retval = vsf_sysutil_listen(p_sess->pasv_listen_fd, 1);
      if (!vsf_sysutil_retval_is_error(retval))
      {
        break;
      }
    }
    /* SELinux systems can give you an inopportune EACCES, it seems. */
    if (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE ||
        vsf_sysutil_get_error() == kVSFSysUtilErrACCES)
    {
      continue;
    }
    die("vsf_sysutil_bind / listen");
  }
  if (!bind_retries)
  {
    die("vsf_sysutil_bind");
  }
  return the_port;
}
Example #7
0
struct vsf_client_launch
vsf_standalone_main(void)
{
  struct vsf_sysutil_sockaddr* p_sockaddr = 0;
  struct vsf_sysutil_ipv4addr listen_ipaddr;
  int listen_sock = vsf_sysutil_get_ipv4_sock();
  int retval;
  s_p_ip_count_hash = hash_alloc(256, sizeof(struct vsf_sysutil_ipv4addr),
                                 sizeof(unsigned int), hash_ip);
  s_p_pid_ip_hash = hash_alloc(256, sizeof(int),
                               sizeof(struct vsf_sysutil_ipv4addr), hash_pid);
  if (tunable_setproctitle_enable)
  {
    vsf_sysutil_setproctitle("LISTENER");
  }
  vsf_sysutil_install_sighandler(kVSFSysUtilSigCHLD, handle_sigchld, 0);
  vsf_sysutil_install_async_sighandler(kVSFSysUtilSigHUP, handle_sighup);

  vsf_sysutil_activate_reuseaddr(listen_sock);
  vsf_sysutil_sockaddr_alloc_ipv4(&p_sockaddr);
  vsf_sysutil_sockaddr_set_port(
      p_sockaddr, vsf_sysutil_ipv4port_from_int(tunable_listen_port));
  if (!tunable_listen_address ||
      vsf_sysutil_inet_aton(tunable_listen_address, &listen_ipaddr) == 0)
  {
    listen_ipaddr = vsf_sysutil_sockaddr_get_any();
  }
  vsf_sysutil_sockaddr_set_ipaddr(p_sockaddr, listen_ipaddr);
  retval = vsf_sysutil_bind(listen_sock, p_sockaddr);
  
  vsf_sysutil_free(p_sockaddr);

  if (vsf_sysutil_retval_is_error(retval))
  {
    die("could not bind listening socket");
  }
  vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG);

  while (1)
  {
    struct vsf_client_launch child_info;
    static struct vsf_sysutil_sockaddr* p_accept_addr;
    int new_child;
    struct vsf_sysutil_ipv4addr ip_addr;
    /* NOTE - wake up every 10 seconds to make sure we notice child exit
     * in a timely manner (the sync signal framework race)
     */
    int new_client_sock = vsf_sysutil_accept_timeout(
        listen_sock, &p_accept_addr, 10);
    if (s_reload_needed)
    {
      s_reload_needed = 0;
      do_reload();
    }
    if (vsf_sysutil_retval_is_error(new_client_sock))
    {
      continue;
    }
    ip_addr = vsf_sysutil_sockaddr_get_ipaddr(p_accept_addr);
    ++s_children;
    child_info.num_children = s_children;
    child_info.num_this_ip = handle_ip_count(&ip_addr);
    new_child = vsf_sysutil_fork_failok();
    if (new_child != 0)
    {
      /* Parent context */
      vsf_sysutil_close(new_client_sock);
      if (new_child > 0)
      {
        hash_add_entry(s_p_pid_ip_hash, (void*)&new_child, (void*)&ip_addr);
      }
      else
      {
        /* fork() failed, clear up! */
        --s_children;
        drop_ip_count(&ip_addr);
      }
      /* Fall through to while() loop and accept() again */
    }
    else
    {
      /* Child context */
      vsf_sysutil_close(listen_sock);
      prepare_child(new_client_sock);
      /* By returning here we "launch" the child process with the same
       * contract as xinetd would provide.
       */
      return child_info;
    }
  }
}
Example #8
0
struct vsf_client_launch
vsf_standalone_main(void)
{
    struct vsf_sysutil_sockaddr* p_accept_addr = 0;
    int listen_sock = -1;
    int retval;
    s_ipaddr_size = vsf_sysutil_get_ipaddr_size();
    if (tunable_listen && tunable_listen_ipv6)
    {
        die("run two copies of vsftpd for IPv4 and IPv6");
    }
    if (tunable_background)
    {
        int forkret = vsf_sysutil_fork();
        if (forkret > 0)
        {
            /* Parent, just exit */
            vsf_sysutil_exit(0);
        }
        vsf_sysutil_make_session_leader();
    }
    if (tunable_listen)
    {
        listen_sock = vsf_sysutil_get_ipv4_sock();
    }
    else
    {
        listen_sock = vsf_sysutil_get_ipv6_sock();
    }
    vsf_sysutil_activate_reuseaddr(listen_sock);

    s_p_ip_count_hash = hash_alloc(256, s_ipaddr_size,
                                   sizeof(unsigned int), hash_ip);
    s_p_pid_ip_hash = hash_alloc(256, sizeof(int),
                                 s_ipaddr_size, hash_pid);
    if (tunable_setproctitle_enable)
    {
        vsf_sysutil_setproctitle("LISTENER");
    }
    vsf_sysutil_install_async_sighandler(kVSFSysUtilSigCHLD, handle_sigchld);
    vsf_sysutil_install_async_sighandler(kVSFSysUtilSigHUP, handle_sighup);
    if (tunable_listen)
    {
        struct vsf_sysutil_sockaddr* p_sockaddr = 0;
        vsf_sysutil_sockaddr_alloc_ipv4(&p_sockaddr);
        vsf_sysutil_sockaddr_set_port(p_sockaddr, tunable_listen_port);
        if (!tunable_listen_address)
        {
            vsf_sysutil_sockaddr_set_any(p_sockaddr);
        }
        else
        {
            if (!vsf_sysutil_inet_aton(tunable_listen_address, p_sockaddr))
            {
                die2("bad listen_address: ", tunable_listen_address);
            }
        }
        retval = vsf_sysutil_bind(listen_sock, p_sockaddr);
        vsf_sysutil_free(p_sockaddr);
        if (vsf_sysutil_retval_is_error(retval))
        {
            die("could not bind listening IPv4 socket");
        }
    }
    else
    {
        struct vsf_sysutil_sockaddr* p_sockaddr = 0;
        vsf_sysutil_sockaddr_alloc_ipv6(&p_sockaddr);
        vsf_sysutil_sockaddr_set_port(p_sockaddr, tunable_listen_port);
        if (!tunable_listen_address6)
        {
            vsf_sysutil_sockaddr_set_any(p_sockaddr);
        }
        else
        {
            struct mystr addr_str = INIT_MYSTR;
            const unsigned char* p_raw_addr;
            str_alloc_text(&addr_str, tunable_listen_address6);
            p_raw_addr = vsf_sysutil_parse_ipv6(&addr_str);
            str_free(&addr_str);
            if (!p_raw_addr)
            {
                die2("bad listen_address6: ", tunable_listen_address6);
            }
            vsf_sysutil_sockaddr_set_ipv6addr(p_sockaddr, p_raw_addr);
        }
        retval = vsf_sysutil_bind(listen_sock, p_sockaddr);
        vsf_sysutil_free(p_sockaddr);
        if (vsf_sysutil_retval_is_error(retval))
        {
            die("could not bind listening IPv6 socket");
        }
    }
    vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG);
    vsf_sysutil_sockaddr_alloc(&p_accept_addr);
    while (1)
    {
        struct vsf_client_launch child_info;
        void* p_raw_addr;
        int new_child;
        int new_client_sock;
        vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
        vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP);
        new_client_sock = vsf_sysutil_accept_timeout(
                              listen_sock, p_accept_addr, 0);
        vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
        vsf_sysutil_block_sig(kVSFSysUtilSigHUP);
        if (vsf_sysutil_retval_is_error(new_client_sock))
        {
            continue;
        }
        ++s_children;
        child_info.num_children = s_children;
        child_info.num_this_ip = 0;
        p_raw_addr = vsf_sysutil_sockaddr_get_raw_addr(p_accept_addr);
        child_info.num_this_ip = handle_ip_count(p_raw_addr);
        new_child = vsf_sysutil_fork_failok();
        if (new_child != 0)
        {
            /* Parent context */
            vsf_sysutil_close(new_client_sock);
            if (new_child > 0)
            {
                hash_add_entry(s_p_pid_ip_hash, (void*)&new_child, p_raw_addr);
            }
            else
            {
                /* fork() failed, clear up! */
                --s_children;
                drop_ip_count(p_raw_addr);
            }
            /* Fall through to while() loop and accept() again */
        }
        else
        {
            /* Child context */
            vsf_sysutil_close(listen_sock);
            prepare_child(new_client_sock);
            /* By returning here we "launch" the child process with the same
             * contract as xinetd would provide.
             */
            return child_info;
        }
    }
}