system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-15 12:54:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

ftpd(8): fix user context handling.

Browse source 
Apply authenticated user context after update of wtmp(5) at start of session,
so that ftpd process is not killed by kernel with SIGXFSZ when user has
"filesize" limit lower than size of system wtmp file. Same applies
to session finalization: revert to super-user context before update of wtmp.

If ftpd hits limit while writing a file at user request,
do not get killed with SIGXFSZ instantly but apparently ignore the signal,
process error and report it to the user, and continue with the session.

PR:		143570
Approved by:	avg (mentor), mav (mentor)
MFC after:	1 week
This commit is contained in:
Eugene Grosbein 2017-10-06 13:46:05 +00:00
parent 31329820e5
commit de8d85c908
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=324364
1 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
libexec/ftpd/ftpd.c
View file

@ -430,6 +430,10 @@ main(int argc, char *argv[], char **envp)
}
}
/* handle filesize limit gracefully */
sa.sa_handler = SIG_IGN;
(void)sigaction(SIGXFSZ, &sa, NULL);
if (daemon_mode) {
int *ctl_sock, fd, maxfd = -1, nfds, i;
fd_set defreadfds, readfds;
@ -1196,14 +1200,14 @@ end_login(void)
#endif
(void) seteuid(0);
if (logged_in && dowtmp)
ftpd_logwtmp(wtmpid, NULL, NULL);
pw = NULL;
#ifdef LOGIN_CAP
setusercontext(NULL, getpwuid(0), 0, LOGIN_SETALL & ~(LOGIN_SETLOGIN |
LOGIN_SETUSER | LOGIN_SETGROUP | LOGIN_SETPATH |
LOGIN_SETENV));
#endif
if (logged_in && dowtmp)
ftpd_logwtmp(wtmpid, NULL, NULL);
pw = NULL;
#ifdef USE_PAM
if (pamh) {
if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
@ -1478,7 +1482,7 @@ pass(char *passwd)
}
}
setusercontext(lc, pw, 0, LOGIN_SETALL &
~(LOGIN_SETUSER | LOGIN_SETPATH | LOGIN_SETENV));
~(LOGIN_SETRESOURCES | LOGIN_SETUSER | LOGIN_SETPATH | LOGIN_SETENV));
#else
setlogin(pw->pw_name);
(void) initgroups(pw->pw_name, pw->pw_gid);
@ -1520,6 +1524,10 @@ pass(char *passwd)
(struct sockaddr *)&his_addr);
logged_in = 1;
#ifdef LOGIN_CAP
setusercontext(lc, pw, 0, LOGIN_SETRESOURCES);
#endif
if (guest && stats && statfd < 0)
#ifdef VIRTUAL_HOSTING
statfd = open(thishost->statfile, O_WRONLY|O_APPEND);
@ -2770,6 +2778,11 @@ dologout(int status)
if (logged_in && dowtmp) {
(void) seteuid(0);
#ifdef LOGIN_CAP
setusercontext(NULL, getpwuid(0), 0, LOGIN_SETALL & ~(LOGIN_SETLOGIN |
LOGIN_SETUSER | LOGIN_SETGROUP | LOGIN_SETPATH |
LOGIN_SETENV));
#endif
ftpd_logwtmp(wtmpid, NULL, NULL);
}
/* beware of flushing buffers after a SIGPIPE */