1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
/*
* Part of Very Secure FTPd
* Licence: GPL v2
* Author: Chris Evans
* postprivparent.c
*
* This file contains all privileged parent services offered after logging
* in. This includes e.g. chown() of uploaded files, issuing of port 20
* sockets.
*/
#include "postprivparent.h"
#include "session.h"
#include "privops.h"
#include "privsock.h"
#include "utility.h"
#include "tunables.h"
#include "defs.h"
#include "sysutil.h"
#include "str.h"
#include "secutil.h"
#include "sysstr.h"
#include "sysdeputil.h"
static void minimize_privilege(struct vsf_session* p_sess);
static void process_post_login_req(struct vsf_session* p_sess);
static void cmd_process_chown(struct vsf_session* p_sess);
static void cmd_process_get_data_sock(struct vsf_session* p_sess);
void
vsf_priv_parent_postlogin(struct vsf_session* p_sess)
{
minimize_privilege(p_sess);
/* We're still here... */
while (1)
{
process_post_login_req(p_sess);
}
}
static void
process_post_login_req(struct vsf_session* p_sess)
{
char cmd;
vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
/* Blocks */
cmd = priv_sock_get_cmd(p_sess->parent_fd);
vsf_sysutil_block_sig(kVSFSysUtilSigCHLD);
if (tunable_chown_uploads && cmd == PRIV_SOCK_CHOWN)
{
cmd_process_chown(p_sess);
}
else if (tunable_connect_from_port_20 && cmd == PRIV_SOCK_GET_DATA_SOCK)
{
cmd_process_get_data_sock(p_sess);
}
else
{
die("bad request in process_post_login_req");
}
}
static void
minimize_privilege(struct vsf_session* p_sess)
{
/* So, we logged in and forked a totally unprivileged child. Our job
* now is to minimize the privilege we need in order to act as a helper
* to the child.
*
* In some happy circumstances, we can exit and be done with root
* altogether.
*/
if (!p_sess->is_anonymous && tunable_session_support)
{
/* Need to hang around to update logs, utmp, wtmp etc. on logout.
* Need to keep privs to do this. */
return;
}
if (!tunable_chown_uploads && !tunable_connect_from_port_20 &&
!tunable_max_per_ip && !tunable_max_clients)
{
/* Cool. We're outta here. */
vsf_sysutil_exit(0);
}
{
unsigned int caps = 0;
struct mystr user_str = INIT_MYSTR;
struct mystr dir_str = INIT_MYSTR;
str_alloc_text(&user_str, tunable_nopriv_user);
str_alloc_text(&dir_str, tunable_secure_chroot_dir);
if (tunable_chown_uploads)
{
caps |= kCapabilityCAP_CHOWN;
}
if (tunable_connect_from_port_20)
{
caps |= kCapabilityCAP_NET_BIND_SERVICE;
}
vsf_secutil_change_credentials(&user_str, &dir_str, 0, caps,
VSF_SECUTIL_OPTION_CHROOT);
str_free(&user_str);
str_free(&dir_str);
}
}
static void
cmd_process_chown(struct vsf_session* p_sess)
{
int the_fd = priv_sock_recv_fd(p_sess->parent_fd);
vsf_privop_do_file_chown(p_sess, the_fd);
vsf_sysutil_close(the_fd);
priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK);
}
static void
cmd_process_get_data_sock(struct vsf_session* p_sess)
{
int sock_fd = vsf_privop_get_ftp_port_sock(p_sess);
priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK);
priv_sock_send_fd(p_sess->parent_fd, sock_fd);
vsf_sysutil_close(sock_fd);
}
|
