static void
handle_port(struct vsf_session* p_sess)
{
static struct mystr s_tmp_str;
unsigned short the_port;
unsigned char vals[6];
int i;
pasv_cleanup(p_sess);
port_cleanup(p_sess);
str_copy(&s_tmp_str, &p_sess->ftp_arg_str);
for (i=0; i<6; i++)
{
static struct mystr s_rhs_comma_str;
int this_number;
/* This puts a single , delimited field in tmp_str */
str_split_char(&s_tmp_str, &s_rhs_comma_str, ',');
/* Sanity - check for too many or two few commas! */
if ( (i<5 && str_isempty(&s_rhs_comma_str)) ||
(i==5 && !str_isempty(&s_rhs_comma_str)))
{
vsf_cmdio_write(p_sess, FTP_BADCMD, "Illegal PORT command.");
return;
}
this_number = str_atoi(&s_tmp_str);
if (this_number < 0 || this_number > 255)
{
vsf_cmdio_write(p_sess, FTP_BADCMD, "Illegal PORT command.");
return;
}
/* If this truncates from int to uchar, we don't care */
vals[i] = (unsigned char) this_number;
/* The right hand side of the comma now becomes the new string to
* breakdown
*/
str_copy(&s_tmp_str, &s_rhs_comma_str);
}
the_port = vals[4] << 8;
the_port |= vals[5];
vsf_sysutil_sockaddr_alloc_ipv4(&p_sess->p_port_sockaddr);
vsf_sysutil_sockaddr_set_ipv4addr(p_sess->p_port_sockaddr, vals);
vsf_sysutil_sockaddr_set_port(p_sess->p_port_sockaddr, the_port);
/* SECURITY:
* 1) Reject requests not connecting to the control socket IP
* 2) Reject connects to privileged ports
*/
if (!tunable_port_promiscuous)
{
if (!vsf_sysutil_sockaddr_addr_equal(p_sess->p_remote_addr,
p_sess->p_port_sockaddr) ||
vsf_sysutil_is_port_reserved(the_port))
{
vsf_cmdio_write(p_sess, FTP_BADCMD, "Illegal PORT command.");
port_cleanup(p_sess);
return;
}
}
vsf_cmdio_write(p_sess, FTP_PORTOK,
"PORT command successful. Consider using PASV.");
}
static void
handle_pasv(struct vsf_session* p_sess)
{
static struct mystr s_pasv_res_str;
static struct vsf_sysutil_sockaddr* s_p_sockaddr;
struct vsf_sysutil_ipv4port listen_port;
struct vsf_sysutil_ipv4addr listen_ipaddr;
int bind_retries = 10;
pasv_cleanup(p_sess);
port_cleanup(p_sess);
p_sess->pasv_listen_fd = vsf_sysutil_get_ipv4_sock();
while (--bind_retries)
{
int retval;
unsigned short the_port;
double scaled_port;
/* IPPORT_RESERVED */
unsigned short min_port = 1024;
unsigned short max_port = 65535;
if (tunable_pasv_min_port > min_port && tunable_pasv_min_port < max_port)
{
min_port = tunable_pasv_min_port;
}
if (tunable_pasv_max_port > min_port && tunable_pasv_max_port < max_port)
{
max_port = tunable_pasv_max_port;
}
the_port = vsf_sysutil_get_random_byte();
the_port <<= 8;
the_port |= vsf_sysutil_get_random_byte();
scaled_port = (double) min_port;
scaled_port += ((double) the_port / (double) 65535) *
((double) max_port - min_port);
the_port = (unsigned short) scaled_port;
vsf_sysutil_sockaddr_alloc_ipv4(&s_p_sockaddr);
vsf_sysutil_sockaddr_set_port(s_p_sockaddr,
vsf_sysutil_ipv4port_from_int(the_port));
/* Bind to same address we got the incoming connect on */
vsf_sysutil_sockaddr_set_ipaddr(s_p_sockaddr,
vsf_sysutil_sockaddr_get_ipaddr(p_sess->p_local_addr));
retval = vsf_sysutil_bind(p_sess->pasv_listen_fd, s_p_sockaddr);
if (!vsf_sysutil_retval_is_error(retval))
{
break;
}
if (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE)
{
continue;
}
die("vsf_sysutil_bind");
}
if (!bind_retries)
{
die("vsf_sysutil_bind");
}
vsf_sysutil_listen(p_sess->pasv_listen_fd, 1);
/* Get the address of the bound socket, for the port */
vsf_sysutil_getsockname(p_sess->pasv_listen_fd, &s_p_sockaddr);
if (tunable_pasv_address != 0)
{
/* Report passive address as specified in configuration */
if (vsf_sysutil_inet_aton(tunable_pasv_address, &listen_ipaddr) == 0)
{
die("invalid pasv_address");
}
}
else
{
/* Use address of bound socket for passive address */
listen_ipaddr = vsf_sysutil_sockaddr_get_ipaddr(s_p_sockaddr);
}
listen_port = vsf_sysutil_sockaddr_get_port(s_p_sockaddr);
str_alloc_text(&s_pasv_res_str, "Entering Passive Mode (");
str_append_ulong(&s_pasv_res_str, listen_ipaddr.data[0]);
str_append_text(&s_pasv_res_str, ",");
str_append_ulong(&s_pasv_res_str, listen_ipaddr.data[1]);
str_append_text(&s_pasv_res_str, ",");
str_append_ulong(&s_pasv_res_str, listen_ipaddr.data[2]);
str_append_text(&s_pasv_res_str, ",");
str_append_ulong(&s_pasv_res_str, listen_ipaddr.data[3]);
str_append_text(&s_pasv_res_str, ",");
str_append_ulong(&s_pasv_res_str, listen_port.data[0]);
str_append_text(&s_pasv_res_str, ",");
str_append_ulong(&s_pasv_res_str, listen_port.data[1]);
str_append_text(&s_pasv_res_str, ")");
vsf_cmdio_write_str(p_sess, FTP_PASVOK, &s_pasv_res_str);
}
struct vsf_client_launch
vsf_standalone_main(void)
{
struct vsf_sysutil_sockaddr* p_sockaddr = 0;
struct vsf_sysutil_ipv4addr listen_ipaddr;
int listen_sock = vsf_sysutil_get_ipv4_sock();
int retval;
s_p_ip_count_hash = hash_alloc(256, sizeof(struct vsf_sysutil_ipv4addr),
sizeof(unsigned int), hash_ip);
s_p_pid_ip_hash = hash_alloc(256, sizeof(int),
sizeof(struct vsf_sysutil_ipv4addr), hash_pid);
if (tunable_setproctitle_enable)
{
vsf_sysutil_setproctitle("LISTENER");
}
vsf_sysutil_install_sighandler(kVSFSysUtilSigCHLD, handle_sigchld, 0);
vsf_sysutil_install_async_sighandler(kVSFSysUtilSigHUP, handle_sighup);
vsf_sysutil_activate_reuseaddr(listen_sock);
vsf_sysutil_sockaddr_alloc_ipv4(&p_sockaddr);
vsf_sysutil_sockaddr_set_port(
p_sockaddr, vsf_sysutil_ipv4port_from_int(tunable_listen_port));
if (!tunable_listen_address ||
vsf_sysutil_inet_aton(tunable_listen_address, &listen_ipaddr) == 0)
{
listen_ipaddr = vsf_sysutil_sockaddr_get_any();
}
vsf_sysutil_sockaddr_set_ipaddr(p_sockaddr, listen_ipaddr);
retval = vsf_sysutil_bind(listen_sock, p_sockaddr);
vsf_sysutil_free(p_sockaddr);
if (vsf_sysutil_retval_is_error(retval))
{
die("could not bind listening socket");
}
vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG);
while (1)
{
struct vsf_client_launch child_info;
static struct vsf_sysutil_sockaddr* p_accept_addr;
int new_child;
struct vsf_sysutil_ipv4addr ip_addr;
/* NOTE - wake up every 10 seconds to make sure we notice child exit
* in a timely manner (the sync signal framework race)
*/
int new_client_sock = vsf_sysutil_accept_timeout(
listen_sock, &p_accept_addr, 10);
if (s_reload_needed)
{
s_reload_needed = 0;
do_reload();
}
if (vsf_sysutil_retval_is_error(new_client_sock))
{
continue;
}
ip_addr = vsf_sysutil_sockaddr_get_ipaddr(p_accept_addr);
++s_children;
child_info.num_children = s_children;
child_info.num_this_ip = handle_ip_count(&ip_addr);
new_child = vsf_sysutil_fork_failok();
if (new_child != 0)
{
/* Parent context */
vsf_sysutil_close(new_client_sock);
if (new_child > 0)
{
hash_add_entry(s_p_pid_ip_hash, (void*)&new_child, (void*)&ip_addr);
}
else
{
/* fork() failed, clear up! */
--s_children;
drop_ip_count(&ip_addr);
}
/* Fall through to while() loop and accept() again */
}
else
{
/* Child context */
vsf_sysutil_close(listen_sock);
prepare_child(new_client_sock);
/* By returning here we "launch" the child process with the same
* contract as xinetd would provide.
*/
return child_info;
}
}
}
struct vsf_client_launch
vsf_standalone_main(void)
{
struct vsf_sysutil_sockaddr* p_accept_addr = 0;
int listen_sock = -1;
int retval;
s_ipaddr_size = vsf_sysutil_get_ipaddr_size();
if (tunable_listen && tunable_listen_ipv6)
{
die("run two copies of vsftpd for IPv4 and IPv6");
}
if (tunable_background)
{
int forkret = vsf_sysutil_fork();
if (forkret > 0)
{
/* Parent, just exit */
vsf_sysutil_exit(0);
}
vsf_sysutil_make_session_leader();
}
if (tunable_listen)
{
listen_sock = vsf_sysutil_get_ipv4_sock();
}
else
{
listen_sock = vsf_sysutil_get_ipv6_sock();
}
vsf_sysutil_activate_reuseaddr(listen_sock);
s_p_ip_count_hash = hash_alloc(256, s_ipaddr_size,
sizeof(unsigned int), hash_ip);
s_p_pid_ip_hash = hash_alloc(256, sizeof(int),
s_ipaddr_size, hash_pid);
if (tunable_setproctitle_enable)
{
vsf_sysutil_setproctitle("LISTENER");
}
vsf_sysutil_install_async_sighandler(kVSFSysUtilSigCHLD, handle_sigchld);
vsf_sysutil_install_async_sighandler(kVSFSysUtilSigHUP, handle_sighup);
if (tunable_listen)
{
struct vsf_sysutil_sockaddr* p_sockaddr = 0;
vsf_sysutil_sockaddr_alloc_ipv4(&p_sockaddr);
vsf_sysutil_sockaddr_set_port(p_sockaddr, tunable_listen_port);
if (!tunable_listen_address)
{
vsf_sysutil_sockaddr_set_any(p_sockaddr);
}
else
{
if (!vsf_sysutil_inet_aton(tunable_listen_address, p_sockaddr))
{
die2("bad listen_address: ", tunable_listen_address);
}
}
retval = vsf_sysutil_bind(listen_sock, p_sockaddr);
vsf_sysutil_free(p_sockaddr);
if (vsf_sysutil_retval_is_error(retval))
{
die("could not bind listening IPv4 socket");
}
}
else
{
struct vsf_sysutil_sockaddr* p_sockaddr = 0;
vsf_sysutil_sockaddr_alloc_ipv6(&p_sockaddr);
vsf_sysutil_sockaddr_set_port(p_sockaddr, tunable_listen_port);
if (!tunable_listen_address6)
{
vsf_sysutil_sockaddr_set_any(p_sockaddr);
}
else
{
struct mystr addr_str = INIT_MYSTR;
const unsigned char* p_raw_addr;
str_alloc_text(&addr_str, tunable_listen_address6);
p_raw_addr = vsf_sysutil_parse_ipv6(&addr_str);
str_free(&addr_str);
if (!p_raw_addr)
{
die2("bad listen_address6: ", tunable_listen_address6);
}
vsf_sysutil_sockaddr_set_ipv6addr(p_sockaddr, p_raw_addr);
}
retval = vsf_sysutil_bind(listen_sock, p_sockaddr);
vsf_sysutil_free(p_sockaddr);
if (vsf_sysutil_retval_is_error(retval))
{
die("could not bind listening IPv6 socket");
}
}
vsf_sysutil_listen(listen_sock, VSFTP_LISTEN_BACKLOG);
vsf_sysutil_sockaddr_alloc(&p_accept_addr);
while (1)
{
struct vsf_client_launch child_info;
void* p_raw_addr;
int new_child;
int new_client_sock;
vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
vsf_sysutil_unblock_sig(kVSFSysUtilSigHUP);
new_client_sock = vsf_sysutil_accept_timeout(
listen_sock, p_accept_addr, 0);
vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
vsf_sysutil_block_sig(kVSFSysUtilSigHUP);
if (vsf_sysutil_retval_is_error(new_client_sock))
{
continue;
}
++s_children;
child_info.num_children = s_children;
child_info.num_this_ip = 0;
p_raw_addr = vsf_sysutil_sockaddr_get_raw_addr(p_accept_addr);
child_info.num_this_ip = handle_ip_count(p_raw_addr);
new_child = vsf_sysutil_fork_failok();
if (new_child != 0)
{
/* Parent context */
vsf_sysutil_close(new_client_sock);
if (new_child > 0)
{
hash_add_entry(s_p_pid_ip_hash, (void*)&new_child, p_raw_addr);
}
else
{
/* fork() failed, clear up! */
--s_children;
drop_ip_count(p_raw_addr);
}
/* Fall through to while() loop and accept() again */
}
else
{
/* Child context */
vsf_sysutil_close(listen_sock);
prepare_child(new_client_sock);
/* By returning here we "launch" the child process with the same
* contract as xinetd would provide.
*/
return child_info;
}
}
}
