http://w.atwiki.jp/feedback1970/ feedback1970 @ ウィキ ja 2009-03-04T01:12:48+09:00 1236096768 https://w.atwiki.jp/feedback1970/pages/71.html **source twoprocess.c **line 243 - 315 **概要 static void common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str, int do_chroot, int anon) **処理の流れ 246 { 247 int was_anon = anon; 248 const struct mystr* p_orig_user_str = p_user_str; 249 int newpid; 250 vsf_sysutil_install_null_sighandler(kVSFSysUtilSigCHLD); 251 /* Asks the pre-login child to go away (by exiting) */ 252 priv_sock_send_result(p_sess, PRIV_SOCK_RESULT_OK); 253 (void) vsf_sysutil_wait(); 254 /* Absorb the SIGCHLD */ 255 vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD); 256 /* Handle loading per-user config options */ 257 handle_per_user_config(p_user_str); 258 /* Set this before we fork */ 259 p_sess->is_anonymous = anon; 260 vsf_sysutil_install_async_sighandler(kVSFSysUtilSigCHLD, handle_sigchld); 261 newpid = vsf_sysutil_fork(); 262 if (newpid == 0) 263 { 2009-03-04T01:12:48+09:00 1236096768 https://w.atwiki.jp/feedback1970/pages/70.html **source twoprocess.c **line 171 - 241 **処理の流れ 171 static void 172 process_login_req(struct vsf_session* p_sess) 173 { 174 enum EVSFPrivopLoginResult e_login_result = kVSFLoginNull; 175 char cmd; 176 vsf_sysutil_unblock_sig(kVSFSysUtilSigCHLD); 177 /* Blocks */ 178 cmd = priv_sock_get_cmd(p_sess); 179 vsf_sysutil_block_sig(kVSFSysUtilSigCHLD); 180 if (cmd != PRIV_SOCK_LOGIN) 181 { 182 die("bad request"); 183 } 184 /* Get username and password - we must distrust these */ 185 { 186 struct mystr password_str = INIT_MYSTR; 187 priv_sock_get_str(p_sess, &p_sess->user_str); 188 priv_sock_get_str(p_sess, &password_str); 189 e_login_result = vsf_privop_do_login(p_sess, &password_str); 190 str_free(&password_str); 191 } 192 switch (e_login_result) 193 { 194 case kVSFLoginFail: 195 priv_sock_send_resul 2009-03-04T01:04:24+09:00 1236096264 https://w.atwiki.jp/feedback1970/pages/69.html **source sysutil.c **line 2329 - 2339 **処理の流れ 2329 void 2330 vsf_sysutil_make_session_leader(void) 2331 { 2332 /* This makes us the leader if we are not already */ 2333 (void) setsid(); 2334 /* Check we're the leader */ 2335 if (getpid() != getpgrp()) 2336 { 2337 die("not session leader"); 2338 } 2339 } **function 2329 void 2330 vsf_sysutil_make_session_leader(void) 2331 { 2332 /* This makes us the leader if we are not already */ 2333 (void) setsid(); 2334 /* Check we're the leader */ 2335 if (getpid() != getpgrp()) 2336 { 2337 die("not session leader"); 2338 } 2339 } 2009-03-01T22:30:13+09:00 1235914213 https://w.atwiki.jp/feedback1970/pages/68.html **source main.c **line 233 - 243 **概要 static void env_init(void) **処理の流れ 233 static void 234 env_init(void) 235 { 236 vsf_sysutil_make_session_leader(); 237 /* Set up a secure umask - we'll set the proper one after login */ 238 vsf_sysutil_set_umask(VSFTP_SECURE_UMASK); 239 /* Fire up libc's timezone initialisation, before we chroot()! */ 240 vsf_sysutil_tzset(); 241 /* Signals. We'll always take -EPIPE rather than a rude signal, thanks */ 242 vsf_sysutil_install_null_sighandler(kVSFSysUtilSigPIPE); 243 } **function 233 static void 234 env_init(void) 235 { 236 vsf_sysutil_make_session_leader(); 237 /* Set up a secure umask - we'll set the proper one after login */ 238 vsf_sysutil_set_umask(VSFTP_SECURE_UMASK); 239 /* Fire up libc's timezone initialisation, before we chroot()! */ 240 vsf_sysutil_tzset(); 241 /* Signals. We'll always take 2009-03-01T22:23:09+09:00 1235913789 https://w.atwiki.jp/feedback1970/pages/67.html **source prelogin.c **line 95 - 121 **概要 static void parse_username_password(struct vsf_session* p_sess) **処理の流れ 95 static void 96 parse_username_password(struct vsf_session* p_sess) 97 { 98 while (1) 99 { 100 vsf_cmdio_get_cmd_and_arg(p_sess, &p_sess->ftp_cmd_str, 101 &p_sess->ftp_arg_str, 1); - 102 if (str_equal_text(&p_sess->ftp_cmd_str, "USER")) 103 { 104 handle_user_command(p_sess); 105 } - 106 else if (str_equal_text(&p_sess->ftp_cmd_str, "PASS")) 107 { 108 handle_pass_command(p_sess); 109 } - 110 else if (str_equal_text(&p_sess->ftp_cmd_str, "QUIT")) 111 { 112 vsf_cmdio_write(p_sess, FTP_GOODBYE, "Goodbye."); 113 vsf_sysutil_exit(0); 114 } - 115 else 116 { 117 vsf_cmdio_write(p_sess, FTP_LOGINERR, 118 2009-03-01T16:35:52+09:00 1235892952 https://w.atwiki.jp/feedback1970/pages/66.html **source prelogin.c **line 28 - 43 **概要 static void handle_pass_command(struct vsf_session* p_sess) **処理の流れ 28 static void handle_pass_command(struct vsf_session* p_sess); 29 30 void 31 init_connection(struct vsf_session* p_sess) 32 { 33 if (tunable_setproctitle_enable) 34 { 35 vsf_sysutil_setproctitle("not logged in"); 36 } 37 /* Before we talk to the remote, make sure an alarm is set up in case 38 * writing the initial greetings should block. 39 */ 40 vsf_cmdio_set_alarm(p_sess); 41 emit_greeting(p_sess); 42 parse_username_password(p_sess); 43 } **function 28 static void handle_pass_command(struct vsf_session* p_sess); 29 30 void 31 init_connection(struct vsf_session* p_sess) 32 { 33 if (tunable_setproctitle_enable) 34 { 35 vsf_sysutil_setproctitle("not logged in"); 36 } 2009-03-01T16:34:59+09:00 1235892899 https://w.atwiki.jp/feedback1970/pages/65.html **source prelogin.c **line 123 - 166 **概要 static void handle_user_command(struct vsf_session* p_sess) **処理の流れ 123 static void 124 handle_user_command(struct vsf_session* p_sess) 125 { 126 /* SECURITY: If we're in anonymous only-mode, immediately reject 127 * non-anonymous usernames in the hope we save passwords going plaintext 128 * over the network 129 */ 130 int is_anon = 1; 131 str_copy(&p_sess->user_str, &p_sess->ftp_arg_str); 132 str_upper(&p_sess->ftp_arg_str); 133 if (!str_equal_text(&p_sess->ftp_arg_str, "FTP") && 134 !str_equal_text(&p_sess->ftp_arg_str, "ANONYMOUS")) 135 { 136 is_anon = 0; 137 } 138 if (!tunable_local_enable && !is_anon) 139 { 140 vsf_cmdio_write(p_sess, FTP_LOGINERR, 141 "This FTP server is anonymous only."); 142 str_empty(&p_sess->user_str); 143 return; 144 } 2009-03-01T16:31:03+09:00 1235892663 https://w.atwiki.jp/feedback1970/pages/64.html **source prelogin.c **line 30 - 93 **概要 void emit_greeting(struct vsf_session* p_sess) **処理の流れ 48 struct mystr str_log_line = INIT_MYSTR; -/* Check for client limits (standalone mode only) */ -- 50 if (tunable_max_clients > 0 && 51 p_sess->num_clients > tunable_max_clients) 52 { 53 str_alloc_text(&str_log_line, "Connection refused: too many sessions."); 54 vsf_log_line(p_sess, kVSFLogEntryConnection, &str_log_line); 55 vsf_cmdio_write_noblock(p_sess, FTP_TOO_MANY_USERS, 56 "There are too many connected users, please try later."); 57 vsf_sysutil_exit(0); 58 } -- 59 if (tunable_max_per_ip > 0 && 60 p_sess->num_this_ip > tunable_max_per_ip) 61 { 62 str_alloc_text(&str_log_line, 63 "Connection refused: too many sessions for this address."); 64 vsf_log_line(p_sess, kVSFLogEntryConnec 2009-02-22T22:10:30+09:00 1235308230 https://w.atwiki.jp/feedback1970/pages/63.html **source prelogin.c **line 30 - 93 **概要 void init_connection(struct vsf_session* p_sess) **処理の流れ -tunable_setproctitle_enable が有効の場合 tunable_setproctitle_enable が設定されている場合（デフォルトは 0） tunable_setproctitle_enable 可能にされると、vsftpdは、システムプロセスのセッション状態情報がリストアップされているのを示してみるでしょう。 言い換えれば、プロセスの報告された名前は、vsftpdセッションがしていることを反映するために変化するでしょう(怠けてください、などをダウンロードして)。 あなたはセキュリティ目的のためにたぶんこれをやめたがっています。 35 vsf_sysutil_setproctitle("not logged in"); 36 } -/* Before we talk to the remote, make sure an alarm is set up in case * writing the initial greetings should block. 40 vsf_cmdio_set_alarm(p_sess); - 41 emit_greeting(p_sess); -username と password 処理 42 parse_username_password(p_sess); **function 30 void 31 init_connection(struct vsf_session* p_sess) 32 { 33 if (tunable_setproctitle_enable) 34 { 35 vsf_sysutil_setproctitle("not logged in"); 36 } 37 / 2009-03-01T16:14:00+09:00 1235891640 https://w.atwiki.jp/feedback1970/pages/62.html **source twoprocess.c **line 61 - 92 **概要 vsf_two_process_start(struct vsf_session* p_sess) **処理の流れ -/* Create the comms channel between privileged parent and no-priv child */ 64 priv_sock_init(p_sess); 65 vsf_sysutil_install_async_sighandler(kVSFSysUtilSigCHLD, handle_sigchld); 66 { 67 int newpid = vsf_sysutil_fork(); 68 if (newpid != 0) 69 { 70 /* Parent - go into pre-login parent process mode */ 71 while (1) 72 { 73 process_login_req(p_sess); 74 } 75 } 76 } -/* Child process - time to lose as much privilege as possible and do the login processing 80 if (tunable_local_enable && tunable_userlist_enable) 81 { 82 int retval = str_fileread(&p_sess->userlist_str, tunable_userlist_file, 83 VSFTP_CONF_FILE_MAX); 84 if (vsf_sysutil_retval_is_error(retval)) 2009-02-22T21:47:58+09:00 1235306878