static void die_unless_privileged(void) { if (!vsf_sysutil_running_as_root()) { die("vsftpd: must be started as root (see run_as_launching_user option)"); } }
static void die_unless_privileged(void) { if (!vsf_sysutil_running_as_root()) { die("vsftpd: must be started as root"); } }
int main(int argc, const char* argv[]) { struct vsf_session the_session = { /* Control connection */ 0, 0, 0, 0, 0, /* Data connection */ -1, 0, -1, 0, 0, 0, 0, /* Login */ 1, 0, INIT_MYSTR, INIT_MYSTR, /* Protocol state */ 0, 1, INIT_MYSTR, 0, 0, /* HTTP hacks */ 0, INIT_MYSTR, /* Session state */ 0, /* Userids */ -1, -1, -1, /* Pre-chroot() cache */ INIT_MYSTR, INIT_MYSTR, INIT_MYSTR, INIT_MYSTR, 1, /* Logging */ -1, -1, INIT_MYSTR, 0, 0, 0, INIT_MYSTR, 0, /* Buffers */ INIT_MYSTR, INIT_MYSTR, 0, INIT_MYSTR, /* Parent <-> child comms */ -1, -1, /* Number of clients */ 0, 0, /* Home directory */ INIT_MYSTR, /* Secure connection state */ 0, 0, 0, 0, 0, INIT_MYSTR, 0, -1, -1, /* Login fails */ 0, /* write_enable */ 0 }; int config_loaded = 0; int i; tunables_load_defaults(); /* This might need to open /dev/zero on systems lacking MAP_ANON. Needs * to be done early (i.e. before config file parse, which may use * anonymous pages */ vsf_sysutil_map_anon_pages_init(); /* Argument parsing. Any argument not starting with "-" is a config file, * loaded in the order encountered. -o opt=value options are loading in the * order encountered, including correct ordering with respect intermingled * config files. * If we see -v (version) or an unknown option, parsing bails and exits. */ if (argc == 0) { die("vsftpd: missing argv[0]"); } for (i = 1; i < argc; ++i) { const char* p_arg = argv[i]; if (p_arg[0] != '-') { config_loaded = 1; vsf_parseconf_load_file(p_arg, 1); } else { if (p_arg[1] == 'v') { vsf_exit("vsftpd: version " VSF_VERSION "\n"); } else if (p_arg[1] == 'o') { vsf_parseconf_load_setting(&p_arg[2], 1); } else { die2("unrecognise option: ", p_arg); } } } /* Parse default config file if necessary */ if (!config_loaded) { struct vsf_sysutil_statbuf* p_statbuf = 0; int retval = vsf_sysutil_stat(VSFTP_DEFAULT_CONFIG, &p_statbuf); if (!vsf_sysutil_retval_is_error(retval)) { vsf_parseconf_load_file(VSFTP_DEFAULT_CONFIG, 1); } vsf_sysutil_free(p_statbuf); } /* Resolve pasv_address if required */ if (tunable_pasv_address && tunable_pasv_addr_resolve) { struct vsf_sysutil_sockaddr* p_addr = 0; const char* p_numeric_addr; vsf_sysutil_dns_resolve(&p_addr, tunable_pasv_address); vsf_sysutil_free((char*) tunable_pasv_address); p_numeric_addr = vsf_sysutil_inet_ntop(p_addr); tunable_pasv_address = vsf_sysutil_strdup(p_numeric_addr); vsf_sysutil_free(p_addr); } if (!tunable_run_as_launching_user) { /* Just get out unless we start with requisite privilege */ die_unless_privileged(); } if (tunable_setproctitle_enable) { /* Warning -- warning -- may nuke argv, environ */ vsf_sysutil_setproctitle_init(argc, argv); } /* Initialize the SSL system here if needed - saves the overhead of each * child doing this itself. */ if (tunable_ssl_enable) { ssl_init(&the_session); } if (tunable_listen || tunable_listen_ipv6) { /* Standalone mode */ struct vsf_client_launch ret = vsf_standalone_main(); the_session.num_clients = ret.num_children; the_session.num_this_ip = ret.num_this_ip; } if (tunable_tcp_wrappers) { the_session.tcp_wrapper_ok = vsf_tcp_wrapper_ok(VSFTP_COMMAND_FD); } { const char* p_load_conf = vsf_sysutil_getenv("VSFTPD_LOAD_CONF"); if (p_load_conf) { vsf_parseconf_load_file(p_load_conf, 1); } } /* Sanity checks - exit with a graceful error message if our STDIN is not * a socket. Also check various config options don't collide. */ do_sanity_checks(); /* Initializes session globals - e.g. IP addr's etc. */ session_init(&the_session); /* Set up "environment", e.g. process group etc. */ env_init(); /* Set up resource limits. */ limits_init(); /* Set up logging - must come after global init because we need the remote * address to convert into text */ vsf_log_init(&the_session); str_alloc_text(&the_session.remote_ip_str, vsf_sysutil_inet_ntop(the_session.p_remote_addr)); /* Set up options on the command socket */ vsf_cmdio_sock_setup(); if (tunable_setproctitle_enable) { vsf_sysutil_set_proctitle_prefix(&the_session.remote_ip_str); vsf_sysutil_setproctitle("connected"); } /* We might chroot() very soon (one process model), so we need to open * any required config files here. */ /* SSL may have been enabled by a per-IP configuration.. */ if (tunable_ssl_enable) { ssl_init(&the_session); ssl_add_entropy(&the_session); } if (tunable_deny_email_enable) { int retval = -1; if (tunable_banned_email_file) { retval = str_fileread(&the_session.banned_email_str, tunable_banned_email_file, VSFTP_CONF_FILE_MAX); } if (vsf_sysutil_retval_is_error(retval)) { die2("cannot read anon e-mail list file:", tunable_banned_email_file); } } if (tunable_banner_file) { int retval = str_fileread(&the_session.banner_str, tunable_banner_file, VSFTP_CONF_FILE_MAX); if (vsf_sysutil_retval_is_error(retval)) { die2("cannot read banner file:", tunable_banner_file); } } if (tunable_secure_email_list_enable) { int retval = -1; if (tunable_email_password_file) { retval = str_fileread(&the_session.email_passwords_str, tunable_email_password_file, VSFTP_CONF_FILE_MAX); } if (vsf_sysutil_retval_is_error(retval)) { die2("cannot read email passwords file:", tunable_email_password_file); } } if (tunable_run_as_launching_user) { tunable_one_process_model = 1; if (!vsf_sysutil_running_as_root()) { tunable_connect_from_port_20 = 0; tunable_chown_uploads = 0; } } if (tunable_one_process_model) { vsf_one_process_start(&the_session); } else { vsf_two_process_start(&the_session); } /* NOTREACHED */ bug("should not get here: main"); return 1; }
int main(int argc, const char* argv[]) { struct vsf_session the_session = { /* Control connection */ 0, 0, 0, /* Data connection */ -1, 0, -1, 0, 0, 0, 0, /* Login */ 1, INIT_MYSTR, INIT_MYSTR, /* Protocol state */ 0, 1, INIT_MYSTR, 0, 0, /* Session state */ 0, /* Userids */ -1, -1, -1, /* Pre-chroot() cache */ INIT_MYSTR, INIT_MYSTR, INIT_MYSTR, INIT_MYSTR, 1, /* Logging */ -1, -1, INIT_MYSTR, 0, 0, 0, INIT_MYSTR, 0, /* Buffers */ INIT_MYSTR, INIT_MYSTR, /* Parent <-> child comms */ -1, -1, /* Number of clients */ 0, 0, /* Home directory */ INIT_MYSTR, /* Secure connection state */ 0, 0, 0, 0, 0, 0, -1, -1 }; int config_specified = 0; const char* p_config_name = VSFTP_DEFAULT_CONFIG; /* Zero or one argument supported. If one argument is passed, it is the * path to the config file */ if (argc > 2) { die("vsftpd: too many arguments (I take an optional config file only)"); } else if (argc == 0) { die("vsftpd: missing argv[0]"); } if (argc == 2) { if (!vsf_sysutil_strcmp(argv[1], "-v")) { vsf_exit("vsftpd: version " VSF_VERSION "\n"); } p_config_name = argv[1]; config_specified = 1; } /* This might need to open /dev/zero on systems lacking MAP_ANON. Needs * to be done early (i.e. before config file parse, which may use * anonymous pages */ vsf_sysutil_map_anon_pages_init(); /* Parse config file if it's there */ { struct vsf_sysutil_statbuf* p_statbuf = 0; int retval = vsf_sysutil_stat(p_config_name, &p_statbuf); if (!vsf_sysutil_retval_is_error(retval)) { vsf_parseconf_load_file(p_config_name, 1); } else if (config_specified) { die2("vsftpd: cannot open config file:", p_config_name); } vsf_sysutil_free(p_statbuf); } if (!tunable_run_as_launching_user) { /* Just get out unless we start with requisite privilege */ die_unless_privileged(); } if (tunable_setproctitle_enable) { /* Warning -- warning -- may nuke argv, environ */ vsf_sysutil_setproctitle_init(argc, argv); } /* Initialize the SSL system here if needed - saves the overhead of each * child doing this itself. */ if (tunable_ssl_enable) { ssl_init(&the_session); } if (tunable_listen || tunable_listen_ipv6) { /* Standalone mode */ struct vsf_client_launch ret = vsf_standalone_main(); the_session.num_clients = ret.num_children; the_session.num_this_ip = ret.num_this_ip; } /* Sanity checks - exit with a graceful error message if our STDIN is not * a socket. Also check various config options don't collide. */ do_sanity_checks(); /* Initializes session globals - e.g. IP addr's etc. */ session_init(&the_session); /* Set up "environment", e.g. process group etc. */ env_init(); /* Set up logging - must come after global init because we need the remote * address to convert into text */ vsf_log_init(&the_session); str_alloc_text(&the_session.remote_ip_str, vsf_sysutil_inet_ntop(the_session.p_remote_addr)); /* Set up options on the command socket */ vsf_cmdio_sock_setup(); if (tunable_setproctitle_enable) { vsf_sysutil_set_proctitle_prefix(&the_session.remote_ip_str); vsf_sysutil_setproctitle("connected"); } /* We might chroot() very soon (one process model), so we need to open * any required config files here. */ if (tunable_tcp_wrappers) { the_session.tcp_wrapper_ok = vsf_tcp_wrapper_ok(VSFTP_COMMAND_FD); } { const char* p_load_conf = vsf_sysutil_getenv("VSFTPD_LOAD_CONF"); if (p_load_conf) { vsf_parseconf_load_file(p_load_conf, 1); } } /* SSL may have been enabled by a per-IP configuration.. */ if (tunable_ssl_enable) { ssl_init(&the_session); } if (tunable_deny_email_enable) { int retval = str_fileread(&the_session.banned_email_str, tunable_banned_email_file, VSFTP_CONF_FILE_MAX); if (vsf_sysutil_retval_is_error(retval)) { die2("cannot open anon e-mail list file:", tunable_banned_email_file); } } if (tunable_banner_file) { int retval = str_fileread(&the_session.banner_str, tunable_banner_file, VSFTP_CONF_FILE_MAX); if (vsf_sysutil_retval_is_error(retval)) { die2("cannot open banner file:", tunable_banner_file); } } if (tunable_secure_email_list_enable) { int retval = str_fileread(&the_session.email_passwords_str, tunable_email_password_file, VSFTP_CONF_FILE_MAX); if (vsf_sysutil_retval_is_error(retval)) { die2("cannot open email passwords file:", tunable_email_password_file); } } /* Special case - can force one process model if we've got a setup * needing _no_ privs */ if (!tunable_local_enable && !tunable_connect_from_port_20 && !tunable_chown_uploads) { tunable_one_process_model = 1; } if (tunable_run_as_launching_user) { tunable_one_process_model = 1; if (!vsf_sysutil_running_as_root()) { tunable_connect_from_port_20 = 0; tunable_chown_uploads = 0; } } if (tunable_one_process_model) { vsf_one_process_start(&the_session); } else { vsf_two_process_start(&the_session); } /* NOTREACHED */ bug("should not get here: main"); return 1; }
void vsf_secutil_change_credentials(const struct mystr* p_user_str, const struct mystr* p_dir_str, const struct mystr* p_ext_dir_str, unsigned int caps, unsigned int options) { struct vsf_sysutil_user* p_user; if (!vsf_sysutil_running_as_root()) { bug("vsf_secutil_change_credentials: not running as root"); } p_user = str_getpwnam(p_user_str); if (p_user == 0) { die2("cannot locate user entry:", str_getbuf(p_user_str)); } { struct mystr dir_str = INIT_MYSTR; /* Work out where the chroot() jail is */ if (p_dir_str == 0 || str_isempty(p_dir_str)) { str_alloc_text(&dir_str, vsf_sysutil_user_get_homedir(p_user)); } else { str_copy(&dir_str, p_dir_str); } /* Sort out supplementary groups before the chroot(). We need to access * /etc/groups */ if (options & VSF_SECUTIL_OPTION_USE_GROUPS) { vsf_sysutil_initgroups(p_user); } else { vsf_sysutil_clear_supp_groups(); } /* Always do the chdir() regardless of whether we are chroot()'ing */ { /* Do chdir() with the target effective IDs to cater for NFS mounted * home directories. */ int saved_euid = 0; int saved_egid = 0; int retval; if (options & VSF_SECUTIL_OPTION_CHANGE_EUID) { saved_euid = vsf_sysutil_geteuid(); saved_egid = vsf_sysutil_getegid(); vsf_sysutil_setegid(p_user); vsf_sysutil_seteuid(p_user); } retval = str_chdir(&dir_str); if (retval != 0) { die2("cannot change directory:", str_getbuf(&dir_str)); } if (p_ext_dir_str && !str_isempty(p_ext_dir_str)) { retval = str_chdir(p_ext_dir_str); /* Failure on the extra directory is OK as long as we're not in * chroot() mode */ if (retval != 0 && !(options & VSF_SECUTIL_OPTION_CHROOT)) { retval = 0; } } if (retval != 0) { die2("cannot change directory:", str_getbuf(p_ext_dir_str)); } if (options & VSF_SECUTIL_OPTION_CHANGE_EUID) { vsf_sysutil_seteuid_numeric(saved_euid); vsf_sysutil_setegid_numeric(saved_egid); } /* Do the chroot() if required */ if (options & VSF_SECUTIL_OPTION_CHROOT) { vsf_sysutil_chroot("."); } } str_free(&dir_str); } if (options & VSF_SECUTIL_OPTION_NO_FDS) { vsf_sysutil_set_no_fds(); } /* Handle capabilities */ if (caps) { if (!vsf_sysdep_has_capabilities()) { /* Need privilege but OS has no capabilities - have to keep root */ return; } if (!vsf_sysdep_has_capabilities_as_non_root()) { vsf_sysdep_adopt_capabilities(caps); return; } vsf_sysdep_keep_capabilities(); } /* Set group id */ vsf_sysutil_setgid(p_user); /* Finally set user id */ vsf_sysutil_setuid(p_user); if (caps) { vsf_sysdep_adopt_capabilities(caps); } if (options & VSF_SECUTIL_OPTION_NO_PROCS) { vsf_sysutil_set_no_procs(); } // check removed (for now) as tomato lacks of other users then root // /* Misconfiguration check: don't ever chroot() to a directory writable by // * the current user. // */ // if ((options & VSF_SECUTIL_OPTION_CHROOT) && // !(options & VSF_SECUTIL_OPTION_ALLOW_WRITEABLE_ROOT)) // { // if (vsf_sysutil_write_access("/")) // { // die("vsftpd: refusing to run with writable root inside chroot()"); // } // } }
void vsf_secutil_change_credentials(const struct mystr* p_user_str, const struct mystr* p_dir_str, const struct mystr* p_ext_dir_str, unsigned int caps, unsigned int options) { struct vsf_sysutil_user* p_user; if (!vsf_sysutil_running_as_root()) { bug("vsf_secutil_change_credentials: not running as root"); } p_user = str_getpwnam(p_user_str); if (p_user == 0) { die2("cannot locate user entry:", str_getbuf(p_user_str)); } { struct mystr dir_str = INIT_MYSTR; /* Work out where the chroot() jail is */ if (p_dir_str == 0 || str_isempty(p_dir_str)) { str_alloc_text(&dir_str, vsf_sysutil_user_get_homedir(p_user)); } else { str_copy(&dir_str, p_dir_str); } /* Sort out supplementary groups before the chroot(). We need to access * /etc/groups */ if (options & VSF_SECUTIL_OPTION_USE_GROUPS) { vsf_sysutil_initgroups(p_user); } else { vsf_sysutil_clear_supp_groups(); } /* Always do the chdir() regardless of whether we are chroot()'ing */ { /* Do chdir() with the target effective IDs to cater for NFS mounted * home directories. */ int saved_euid = 0; int saved_egid = 0; int retval; if (options & VSF_SECUTIL_OPTION_CHANGE_EUID) { saved_euid = vsf_sysutil_geteuid(); saved_egid = vsf_sysutil_getegid(); vsf_sysutil_setegid(p_user); vsf_sysutil_seteuid(p_user); } retval = str_chdir(&dir_str); if (retval != 0) { die2("cannot change directory:", str_getbuf(&dir_str)); } if (p_ext_dir_str && !str_isempty(p_ext_dir_str)) { retval = str_chdir(p_ext_dir_str); /* Failure on the extra directory is OK as long as we're not in * chroot() mode */ if (retval != 0 && !(options & VSF_SECUTIL_OPTION_CHROOT)) { retval = 0; } } if (retval != 0) { die2("cannot change directory:", str_getbuf(p_ext_dir_str)); } if (options & VSF_SECUTIL_OPTION_CHANGE_EUID) { vsf_sysutil_seteuid_numeric(saved_euid); vsf_sysutil_setegid_numeric(saved_egid); } // 2007.05 James { /* Do the chroot() if required */ //if (options & VSF_SECUTIL_OPTION_CHROOT) //{ // vsf_sysutil_chroot("."); //} // 2007.05 James } } str_free(&dir_str); } /* Handle capabilities */ if (caps) { if (!vsf_sysdep_has_capabilities()) { /* Need privilege but OS has no capabilities - have to keep root */ return; } if (!vsf_sysdep_has_capabilities_as_non_root()) { vsf_sysdep_adopt_capabilities(caps); return; } vsf_sysdep_keep_capabilities(); } /* Set group id */ vsf_sysutil_setgid(p_user); /* Finally set user id */ vsf_sysutil_setuid(p_user); if (caps) { vsf_sysdep_adopt_capabilities(caps); } }