mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
ftpd(8): fix user context handling.
Apply authenticated user context after update of wtmp(5) at start of session, so that ftpd process is not killed by kernel with SIGXFSZ when user has "filesize" limit lower than size of system wtmp file. Same applies to session finalization: revert to super-user context before update of wtmp. If ftpd hits limit while writing a file at user request, do not get killed with SIGXFSZ instantly but apparently ignore the signal, process error and report it to the user, and continue with the session. PR: 143570 Approved by: avg (mentor), mav (mentor) MFC after: 1 week
This commit is contained in:
parent
31329820e5
commit
de8d85c908
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=324364
|
@ -430,6 +430,10 @@ main(int argc, char *argv[], char **envp)
|
|||
}
|
||||
}
|
||||
|
||||
/* handle filesize limit gracefully */
|
||||
sa.sa_handler = SIG_IGN;
|
||||
(void)sigaction(SIGXFSZ, &sa, NULL);
|
||||
|
||||
if (daemon_mode) {
|
||||
int *ctl_sock, fd, maxfd = -1, nfds, i;
|
||||
fd_set defreadfds, readfds;
|
||||
|
@ -1196,14 +1200,14 @@ end_login(void)
|
|||
#endif
|
||||
|
||||
(void) seteuid(0);
|
||||
if (logged_in && dowtmp)
|
||||
ftpd_logwtmp(wtmpid, NULL, NULL);
|
||||
pw = NULL;
|
||||
#ifdef LOGIN_CAP
|
||||
setusercontext(NULL, getpwuid(0), 0, LOGIN_SETALL & ~(LOGIN_SETLOGIN |
|
||||
LOGIN_SETUSER | LOGIN_SETGROUP | LOGIN_SETPATH |
|
||||
LOGIN_SETENV));
|
||||
#endif
|
||||
if (logged_in && dowtmp)
|
||||
ftpd_logwtmp(wtmpid, NULL, NULL);
|
||||
pw = NULL;
|
||||
#ifdef USE_PAM
|
||||
if (pamh) {
|
||||
if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
|
||||
|
@ -1478,7 +1482,7 @@ pass(char *passwd)
|
|||
}
|
||||
}
|
||||
setusercontext(lc, pw, 0, LOGIN_SETALL &
|
||||
~(LOGIN_SETUSER | LOGIN_SETPATH | LOGIN_SETENV));
|
||||
~(LOGIN_SETRESOURCES | LOGIN_SETUSER | LOGIN_SETPATH | LOGIN_SETENV));
|
||||
#else
|
||||
setlogin(pw->pw_name);
|
||||
(void) initgroups(pw->pw_name, pw->pw_gid);
|
||||
|
@ -1520,6 +1524,10 @@ pass(char *passwd)
|
|||
(struct sockaddr *)&his_addr);
|
||||
logged_in = 1;
|
||||
|
||||
#ifdef LOGIN_CAP
|
||||
setusercontext(lc, pw, 0, LOGIN_SETRESOURCES);
|
||||
#endif
|
||||
|
||||
if (guest && stats && statfd < 0)
|
||||
#ifdef VIRTUAL_HOSTING
|
||||
statfd = open(thishost->statfile, O_WRONLY|O_APPEND);
|
||||
|
@ -2770,6 +2778,11 @@ dologout(int status)
|
|||
|
||||
if (logged_in && dowtmp) {
|
||||
(void) seteuid(0);
|
||||
#ifdef LOGIN_CAP
|
||||
setusercontext(NULL, getpwuid(0), 0, LOGIN_SETALL & ~(LOGIN_SETLOGIN |
|
||||
LOGIN_SETUSER | LOGIN_SETGROUP | LOGIN_SETPATH |
|
||||
LOGIN_SETENV));
|
||||
#endif
|
||||
ftpd_logwtmp(wtmpid, NULL, NULL);
|
||||
}
|
||||
/* beware of flushing buffers after a SIGPIPE */
|
||||
|
|
Loading…
Reference in a new issue