vsftpd_1.2.1_twoprocess.c_common_do_login

source

twoprocess.c

line

243 - 315

概要

static void common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str, int do_chroot, int anon)

処理の流れ

   246 {
   247   int was_anon = anon;
   248   const struct mystr* p_orig_user_str = p_user_str;
   249   int newpid;

   250   vsf_sysutil_install_null_sighandler(kVSFSysUtilSigCHLD);
   251   /* Asks the pre-login child to go away (by exiting) */

   252   priv_sock_send_result(p_sess, PRIV_SOCK_RESULT_OK);
   253   (void) vsf_sysutil_wait();

   254   /* Absorb the SIGCHLD */
   255   vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);

   256   /* Handle loading per-user config options */
   257   handle_per_user_config(p_user_str);

   258   /* Set this before we fork */
   259   p_sess->is_anonymous = anon;

   260   vsf_sysutil_install_async_sighandler(kVSFSysUtilSigCHLD, handle_sigchld);

   261   newpid = vsf_sysutil_fork();
   262   if (newpid == 0)
   263   {
   264     struct mystr guest_user_str = INIT_MYSTR;
   265     struct mystr chroot_str = INIT_MYSTR;
   266     struct mystr chdir_str = INIT_MYSTR;
   267     struct mystr userdir_str = INIT_MYSTR;
   268     unsigned int secutil_option = VSF_SECUTIL_OPTION_USE_GROUPS;
   269     /* Child - drop privs and start proper FTP! */
   270     if (tunable_guest_enable && !anon)

   271     {
   272       /* Remap to the guest user */
   273       str_alloc_text(&guest_user_str, tunable_guest_username);
   274       p_user_str = &guest_user_str;

   275       if (!tunable_virtual_use_local_privs)
   276       {
   277         anon = 1;
   278         do_chroot = 1;
   279       }
   280     }

   281     if (do_chroot)
   282     {
   283       secutil_option |= VSF_SECUTIL_OPTION_CHROOT;
   284     }

   285     if (!anon)
   286     {
   287       secutil_option |= VSF_SECUTIL_OPTION_CHANGE_EUID;
   288     }

   289     calculate_chdir_dir(was_anon, &userdir_str, &chroot_str, &chdir_str,
   290                         p_user_str, p_orig_user_str);

   291     vsf_secutil_change_credentials(p_user_str, &userdir_str, &chroot_str,
   292                                    0, secutil_option);

   293     if (!str_isempty(&chdir_str))
   294     {
   295       (void) str_chdir(&chdir_str);
   296     }

   297     str_free(&guest_user_str);
   298     str_free(&chroot_str);
   299     str_free(&chdir_str);
   300     str_free(&userdir_str);

   301     /* Guard against the config error of having the anonymous ftp tree owned
   302      * by the user we are running as
   303      */
   304     if (was_anon && vsf_sysutil_write_access("/"))
   305     {
   306       die("vsftpd: refusing to run with writable anonymous root");
   307     }

   308     p_sess->is_anonymous = anon;
   309     process_post_login(p_sess);
   310     bug("should not get here: common_do_login");
   311   }

   312   /* Parent */
   313   vsf_priv_parent_postlogin(p_sess);
   314   bug("should not get here in common_do_login");
   315 }

function

   243 static void
   244 common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str,
   245                 int do_chroot, int anon)
   246 {
   247   int was_anon = anon;
   248   const struct mystr* p_orig_user_str = p_user_str;
   249   int newpid;
   250   vsf_sysutil_install_null_sighandler(kVSFSysUtilSigCHLD);
   251   /* Asks the pre-login child to go away (by exiting) */
   252   priv_sock_send_result(p_sess, PRIV_SOCK_RESULT_OK);
   253   (void) vsf_sysutil_wait();
   254   /* Absorb the SIGCHLD */
   255   vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD);
   256   /* Handle loading per-user config options */
   257   handle_per_user_config(p_user_str);
   258   /* Set this before we fork */
   259   p_sess->is_anonymous = anon;
   260   vsf_sysutil_install_async_sighandler(kVSFSysUtilSigCHLD, handle_sigchld);
   261   newpid = vsf_sysutil_fork();
   262   if (newpid == 0)
   263   {
   264     struct mystr guest_user_str = INIT_MYSTR;
   265     struct mystr chroot_str = INIT_MYSTR;
   266     struct mystr chdir_str = INIT_MYSTR;
   267     struct mystr userdir_str = INIT_MYSTR;
   268     unsigned int secutil_option = VSF_SECUTIL_OPTION_USE_GROUPS;
   269     /* Child - drop privs and start proper FTP! */
   270     if (tunable_guest_enable && !anon)
   271     {
   272       /* Remap to the guest user */
   273       str_alloc_text(&guest_user_str, tunable_guest_username);
   274       p_user_str = &guest_user_str;
   275       if (!tunable_virtual_use_local_privs)
   276       {
   277         anon = 1;
   278         do_chroot = 1;
   279       }
   280     }
   281     if (do_chroot)
   282     {
   283       secutil_option |= VSF_SECUTIL_OPTION_CHROOT;
   284     }
   285     if (!anon)
   286     {
   287       secutil_option |= VSF_SECUTIL_OPTION_CHANGE_EUID;
   288     }
   289     calculate_chdir_dir(was_anon, &userdir_str, &chroot_str, &chdir_str,
   290                         p_user_str, p_orig_user_str);
   291     vsf_secutil_change_credentials(p_user_str, &userdir_str, &chroot_str,
   292                                    0, secutil_option);
   293     if (!str_isempty(&chdir_str))
   294     {
   295       (void) str_chdir(&chdir_str);
   296     }
   297     str_free(&guest_user_str);
   298     str_free(&chroot_str);
   299     str_free(&chdir_str);
   300     str_free(&userdir_str);
   301     /* Guard against the config error of having the anonymous ftp tree owned
   302      * by the user we are running as
   303      */
   304     if (was_anon && vsf_sysutil_write_access("/"))
   305     {
   306       die("vsftpd: refusing to run with writable anonymous root");
   307     }
   308     p_sess->is_anonymous = anon;
   309     process_post_login(p_sess);
   310     bug("should not get here: common_do_login");
   311   }
   312   /* Parent */
   313   vsf_priv_parent_postlogin(p_sess);
   314   bug("should not get here in common_do_login");
   315 }