Subversion Repositories vsftpd-clamav

Compare Revisions

Ignore whitespace Rev 2 → Rev 3

/vsftpd-clamav.patch
1,3 → 1,11
#! /bin/sh /usr/share/dpatch/dpatch-run
## clamav-integration.dpatch by <marco@debiansqueeze64>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
 
@DPATCH@
 
Add support for scanning uploaded files with clamav. Not all features are
implemented (ex. file inclusion/exclusion for scanning). Every uploaded file is
saved in random named file, and moved to destination file after scanning. Side
10,12 → 18,12
diff -Naru vsftpd-2.2.2.orig/Makefile vsftpd-2.2.2/Makefile
--- vsftpd-2.2.2.orig/Makefile 2009-05-22 21:44:52.000000000 +0200
+++ vsftpd-2.2.2/Makefile 2010-04-29 19:46:54.435448038 +0200
@@ -14,7 +14,7 @@
banner.o filestr.o parseconf.o secutil.o \
@@ -19,7 +19,7 @@
ascii.o oneprocess.o twoprocess.o privops.o standalone.o hash.o \
tcpwrap.o ipaddrparse.o access.o features.o readwrite.o opts.o \
- ssl.o sslslave.o ptracesandbox.o ftppolicy.o sysutil.o sysdeputil.o
+ ssl.o sslslave.o ptracesandbox.o ftppolicy.o sysutil.o sysdeputil.o clamav.o
ssl.o sslslave.o ptracesandbox.o ftppolicy.o sysutil.o sysdeputil.o \
- seccompsandbox.o
+ seccompsandbox.o clamav.o
.c.o:
280,12 → 288,12
@@ -101,6 +101,7 @@
{ "delete_failed_uploads", &tunable_delete_failed_uploads },
{ "implicit_ssl", &tunable_implicit_ssl },
{ "sandbox", &tunable_sandbox },
{ "ptrace_sandbox", &tunable_ptrace_sandbox },
+ { "av_enable", &tunable_av_enable },
{ "require_ssl_reuse", &tunable_require_ssl_reuse },
{ "isolate", &tunable_isolate },
{ "isolate_network", &tunable_isolate_network },
@@ -136,6 +137,7 @@
@@ -138,6 +139,7 @@
{ "delay_successful_login", &tunable_delay_successful_login },
{ "max_login_fails", &tunable_max_login_fails },
{ "chown_upload_mode", &tunable_chown_upload_mode },
293,7 → 301,7
{ 0, 0 }
};
@@ -178,6 +180,10 @@
@@ -180,6 +182,10 @@
{ "dsa_private_key_file", &tunable_dsa_private_key_file },
{ "ca_certs_file", &tunable_ca_certs_file },
{ "cmds_denied", &tunable_cmds_denied },
315,7 → 323,7
/* Private local functions */
static void handle_pwd(struct vsf_session* p_sess);
@@ -993,12 +994,15 @@
@@ -1009,12 +1010,15 @@
static struct vsf_sysutil_statbuf* s_p_statbuf;
static struct mystr s_filename;
struct mystr* p_filename;
331,7 → 339,7
filesize_t offset = p_sess->restart_pos;
p_sess->restart_pos = 0;
if (!data_transfer_checks_ok(p_sess))
@@ -1012,6 +1016,7 @@
@@ -1028,6 +1032,7 @@
get_unique_filename(&s_filename, p_filename);
p_filename = &s_filename;
}
339,7 → 347,7
vsf_log_start_entry(p_sess, kVSFLogEntryUpload);
str_copy(&p_sess->log_str, &p_sess->ftp_arg_str);
prepend_path_to_filename(&p_sess->log_str);
@@ -1043,6 +1048,24 @@
@@ -1059,6 +1064,24 @@
return;
}
created = 1;
364,7 → 372,7
vsf_sysutil_fstat(new_file_fd, &s_p_statbuf);
if (vsf_sysutil_statbuf_is_regfile(s_p_statbuf))
{
@@ -1068,6 +1091,8 @@
@@ -1084,6 +1107,8 @@
if (tunable_lock_upload_files)
{
vsf_sysutil_lock_file_write(new_file_fd);
373,7 → 381,7
}
/* Must truncate the file AFTER locking it! */
if (do_truncate)
@@ -1075,6 +1100,22 @@
@@ -1091,6 +1116,22 @@
vsf_sysutil_ftruncate(new_file_fd);
vsf_sysutil_lseek_to(new_file_fd, 0);
}
396,7 → 404,7
if (!is_append && offset != 0)
{
/* XXX - warning, allows seek past end of file! Check for seek > size? */
@@ -1098,6 +1139,7 @@
@@ -1114,6 +1155,7 @@
}
if (vsf_sysutil_retval_is_error(remote_fd))
{
404,7 → 412,7
goto port_pasv_cleanup_out;
}
if (tunable_ascii_upload_enable && p_sess->is_ascii)
@@ -1118,7 +1160,6 @@
@@ -1134,7 +1176,6 @@
if (trans_ret.retval == 0)
{
success = 1;
412,7 → 420,7
}
if (trans_ret.retval == -1)
{
@@ -1130,7 +1171,43 @@
@@ -1150,7 +1191,43 @@
}
else
{
457,7 → 465,7
}
check_abor(p_sess);
port_pasv_cleanup_out:
@@ -1138,9 +1215,15 @@
@@ -1158,9 +1235,15 @@
pasv_cleanup(p_sess);
if (tunable_delete_failed_uploads && created && !success)
{
488,7 → 496,7
diff -Naru vsftpd-2.2.2.orig/session.h vsftpd-2.2.2/session.h
--- vsftpd-2.2.2.orig/session.h 2008-02-12 03:39:38.000000000 +0100
+++ vsftpd-2.2.2/session.h 2010-04-29 19:46:54.438781445 +0200
@@ -97,6 +97,10 @@
@@ -99,6 +99,10 @@
int ssl_slave_fd;
int ssl_consumer_fd;
unsigned int login_fails;
502,16 → 510,15
diff -Naru vsftpd-2.2.2.orig/tunables.c vsftpd-2.2.2/tunables.c
--- vsftpd-2.2.2.orig/tunables.c 2009-07-15 22:08:27.000000000 +0200
+++ vsftpd-2.2.2/tunables.c 2010-04-29 19:48:44.265437093 +0200
@@ -88,6 +88,8 @@
int tunable_ftp_enable;
@@ -89,6 +89,7 @@
int tunable_http_enable;
int tunable_seccomp_sandbox;
int tunable_allow_writeable_chroot;
+int tunable_av_enable;
+int tunable_av_enable;
+
unsigned int tunable_accept_timeout;
unsigned int tunable_connect_timeout;
unsigned int tunable_local_umask;
@@ -108,6 +110,7 @@
@@ -110,6 +111,7 @@
unsigned int tunable_delay_successful_login;
unsigned int tunable_max_login_fails;
unsigned int tunable_chown_upload_mode;
519,7 → 526,7
const char* tunable_secure_chroot_dir;
const char* tunable_ftp_username;
@@ -142,6 +145,11 @@
@@ -144,6 +147,11 @@
const char* tunable_dsa_private_key_file;
const char* tunable_ca_certs_file;
531,8 → 538,8
static void install_str_setting(const char* p_value, const char** p_storage);
void
@@ -223,9 +231,10 @@
tunable_sandbox = 0;
@@ -225,11 +227,12 @@
tunable_ptrace_sandbox = 0;
tunable_require_ssl_reuse = 1;
tunable_isolate = 1;
- tunable_isolate_network = 1;
539,11 → 546,13
+ tunable_isolate_network = 0;
tunable_ftp_enable = 1;
tunable_http_enable = 0;
tunable_seccomp_sandbox = 1;
tunable_allow_writeable_chroot = 0;
+ tunable_av_enable = 0;
tunable_accept_timeout = 60;
tunable_connect_timeout = 60;
@@ -251,6 +260,7 @@
@@ -255,6 +263,7 @@
tunable_max_login_fails = 3;
/* -rw------- */
tunable_chown_upload_mode = 0600;
551,7 → 560,7
install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
install_str_setting("ftp", &tunable_ftp_username);
@@ -286,6 +296,11 @@
@@ -290,6 +299,11 @@
install_str_setting(0, &tunable_rsa_private_key_file);
install_str_setting(0, &tunable_dsa_private_key_file);
install_str_setting(0, &tunable_ca_certs_file);
568,13 → 577,13
+++ vsftpd-2.2.2/tunables.h 2010-04-29 19:46:54.438781445 +0200
@@ -84,6 +84,7 @@
extern int tunable_implicit_ssl; /* Use implicit SSL protocol */
extern int tunable_sandbox; /* Deploy ptrace sandbox */
extern int tunable_ptrace_sandbox; /* DEPRECATED ptrace sandbox */
extern int tunable_require_ssl_reuse; /* Require re-used data conn */
+extern int tunable_av_enable; /* Scan av incomming files */
extern int tunable_isolate; /* Use container clone() flags */
extern int tunable_isolate_network; /* Use CLONE_NEWNET */
extern int tunable_ftp_enable; /* Allow FTP protocol */
@@ -110,6 +111,7 @@
@@ -112,6 +113,7 @@
extern unsigned int tunable_delay_successful_login;
extern unsigned int tunable_max_login_fails;
extern unsigned int tunable_chown_upload_mode;
582,7 → 591,7
/* String defines */
extern const char* tunable_secure_chroot_dir;
@@ -144,6 +146,10 @@
@@ -146,6 +148,10 @@
extern const char* tunable_dsa_private_key_file;
extern const char* tunable_ca_certs_file;
extern const char* tunable_cmds_denied;
596,7 → 605,7
diff -Naru vsftpd-2.2.2.orig/twoprocess.c vsftpd-2.2.2/twoprocess.c
--- vsftpd-2.2.2.orig/twoprocess.c 2009-07-18 07:56:44.000000000 +0200
+++ vsftpd-2.2.2/twoprocess.c 2010-04-29 19:46:54.438781445 +0200
@@ -430,6 +430,13 @@
@@ -457,6 +457,13 @@
p_user_str, p_orig_user_str);
vsf_secutil_change_credentials(p_user_str, &userdir_str, &chroot_str,
0, secutil_option);