10,12 → 10,12 |
diff -Naru vsftpd-2.2.2.orig/Makefile vsftpd-2.2.2/Makefile |
--- vsftpd-2.2.2.orig/Makefile 2009-05-22 21:44:52.000000000 +0200 |
+++ vsftpd-2.2.2/Makefile 2010-04-29 19:46:54.435448038 +0200 |
@@ -19,7 +19,7 @@ |
@@ -14,7 +14,7 @@ |
banner.o filestr.o parseconf.o secutil.o \ |
ascii.o oneprocess.o twoprocess.o privops.o standalone.o hash.o \ |
tcpwrap.o ipaddrparse.o access.o features.o readwrite.o opts.o \ |
ssl.o sslslave.o ptracesandbox.o ftppolicy.o sysutil.o sysdeputil.o \ |
- seccompsandbox.o |
+ seccompsandbox.o clamav.o |
- ssl.o sslslave.o ptracesandbox.o ftppolicy.o sysutil.o sysdeputil.o |
+ ssl.o sslslave.o ptracesandbox.o ftppolicy.o sysutil.o sysdeputil.o clamav.o |
|
|
.c.o: |
263,7 → 263,7 |
diff -Naru vsftpd-2.2.2.orig/main.c vsftpd-2.2.2/main.c |
--- vsftpd-2.2.2.orig/main.c 2009-07-18 07:55:53.000000000 +0200 |
+++ vsftpd-2.2.2/main.c 2010-04-29 19:46:54.435448038 +0200 |
@@ -66,7 +66,9 @@ |
@@ -64,7 +64,9 @@ |
/* Secure connection state */ |
0, 0, 0, 0, 0, INIT_MYSTR, 0, -1, -1, |
/* Login fails */ |
277,15 → 277,15 |
diff -Naru vsftpd-2.2.2.orig/parseconf.c vsftpd-2.2.2/parseconf.c |
--- vsftpd-2.2.2.orig/parseconf.c 2009-08-07 20:46:40.000000000 +0200 |
+++ vsftpd-2.2.2/parseconf.c 2010-04-29 19:46:54.435448038 +0200 |
@@ -101,6 +101,7 @@ |
@@ -100,6 +100,7 @@ |
{ "delete_failed_uploads", &tunable_delete_failed_uploads }, |
{ "implicit_ssl", &tunable_implicit_ssl }, |
{ "ptrace_sandbox", &tunable_ptrace_sandbox }, |
{ "sandbox", &tunable_sandbox }, |
+ { "av_enable", &tunable_av_enable }, |
{ "require_ssl_reuse", &tunable_require_ssl_reuse }, |
{ "isolate", &tunable_isolate }, |
{ "isolate_network", &tunable_isolate_network }, |
@@ -138,6 +139,7 @@ |
@@ -133,6 +134,7 @@ |
{ "delay_successful_login", &tunable_delay_successful_login }, |
{ "max_login_fails", &tunable_max_login_fails }, |
{ "chown_upload_mode", &tunable_chown_upload_mode }, |
293,7 → 293,7 |
{ 0, 0 } |
}; |
|
@@ -180,6 +182,10 @@ |
@@ -175,6 +177,10 @@ |
{ "dsa_private_key_file", &tunable_dsa_private_key_file }, |
{ "ca_certs_file", &tunable_ca_certs_file }, |
{ "cmds_denied", &tunable_cmds_denied }, |
315,7 → 315,7 |
|
/* Private local functions */ |
static void handle_pwd(struct vsf_session* p_sess); |
@@ -1009,12 +1010,15 @@ |
@@ -972,12 +973,15 @@ |
static struct vsf_sysutil_statbuf* s_p_statbuf; |
static struct mystr s_filename; |
struct mystr* p_filename; |
331,7 → 331,7 |
filesize_t offset = p_sess->restart_pos; |
p_sess->restart_pos = 0; |
if (!data_transfer_checks_ok(p_sess)) |
@@ -1028,6 +1032,7 @@ |
@@ -991,6 +995,7 @@ |
get_unique_filename(&s_filename, p_filename); |
p_filename = &s_filename; |
} |
339,7 → 339,7 |
vsf_log_start_entry(p_sess, kVSFLogEntryUpload); |
str_copy(&p_sess->log_str, &p_sess->ftp_arg_str); |
prepend_path_to_filename(&p_sess->log_str); |
@@ -1059,6 +1064,24 @@ |
@@ -1022,6 +1027,24 @@ |
return; |
} |
created = 1; |
364,7 → 364,7 |
vsf_sysutil_fstat(new_file_fd, &s_p_statbuf); |
if (vsf_sysutil_statbuf_is_regfile(s_p_statbuf)) |
{ |
@@ -1084,6 +1107,8 @@ |
@@ -1047,6 +1070,8 @@ |
if (tunable_lock_upload_files) |
{ |
vsf_sysutil_lock_file_write(new_file_fd); |
373,7 → 373,7 |
} |
/* Must truncate the file AFTER locking it! */ |
if (do_truncate) |
@@ -1091,6 +1116,22 @@ |
@@ -1054,6 +1079,22 @@ |
vsf_sysutil_ftruncate(new_file_fd); |
vsf_sysutil_lseek_to(new_file_fd, 0); |
} |
396,7 → 396,7 |
if (!is_append && offset != 0) |
{ |
/* XXX - warning, allows seek past end of file! Check for seek > size? */ |
@@ -1114,6 +1155,7 @@ |
@@ -1077,6 +1118,7 @@ |
} |
if (vsf_sysutil_retval_is_error(remote_fd)) |
{ |
404,7 → 404,7 |
goto port_pasv_cleanup_out; |
} |
if (tunable_ascii_upload_enable && p_sess->is_ascii) |
@@ -1134,7 +1176,6 @@ |
@@ -1097,7 +1139,6 @@ |
if (trans_ret.retval == 0) |
{ |
success = 1; |
412,7 → 412,7 |
} |
if (trans_ret.retval == -1) |
{ |
@@ -1150,7 +1191,43 @@ |
@@ -1109,7 +1150,43 @@ |
} |
else |
{ |
457,7 → 457,7 |
} |
check_abor(p_sess); |
port_pasv_cleanup_out: |
@@ -1158,9 +1235,15 @@ |
@@ -1117,9 +1194,15 @@ |
pasv_cleanup(p_sess); |
if (tunable_delete_failed_uploads && created && !success) |
{ |
474,6 → 474,12 |
} |
|
static void |
@@ -1898,3 +1981,5 @@ |
{ |
vsf_cmdio_write(p_sess, FTP_LOGINOK, "Already logged in."); |
} |
+ |
+// vim: sw=2: |
diff -Naru vsftpd-2.2.2.orig/secutil.c vsftpd-2.2.2/secutil.c |
--- vsftpd-2.2.2.orig/secutil.c 2009-05-27 08:20:36.000000000 +0200 |
+++ vsftpd-2.2.2/secutil.c 2010-04-29 19:46:54.438781445 +0200 |
488,7 → 494,7 |
diff -Naru vsftpd-2.2.2.orig/session.h vsftpd-2.2.2/session.h |
--- vsftpd-2.2.2.orig/session.h 2008-02-12 03:39:38.000000000 +0100 |
+++ vsftpd-2.2.2/session.h 2010-04-29 19:46:54.438781445 +0200 |
@@ -99,6 +99,10 @@ |
@@ -93,6 +93,10 @@ |
int ssl_slave_fd; |
int ssl_consumer_fd; |
unsigned int login_fails; |
502,15 → 508,16 |
diff -Naru vsftpd-2.2.2.orig/tunables.c vsftpd-2.2.2/tunables.c |
--- vsftpd-2.2.2.orig/tunables.c 2009-07-15 22:08:27.000000000 +0200 |
+++ vsftpd-2.2.2/tunables.c 2010-04-29 19:48:44.265437093 +0200 |
@@ -89,6 +89,7 @@ |
int tunable_http_enable; |
int tunable_seccomp_sandbox; |
int tunable_allow_writeable_chroot; |
@@ -85,6 +85,8 @@ |
int tunable_isolate; |
int tunable_isolate_network; |
|
+int tunable_av_enable; |
|
+ |
unsigned int tunable_accept_timeout; |
unsigned int tunable_connect_timeout; |
@@ -110,6 +111,7 @@ |
unsigned int tunable_local_umask; |
@@ -105,6 +107,7 @@ |
unsigned int tunable_delay_successful_login; |
unsigned int tunable_max_login_fails; |
unsigned int tunable_chown_upload_mode; |
518,7 → 525,7 |
|
const char* tunable_secure_chroot_dir; |
const char* tunable_ftp_username; |
@@ -144,6 +147,11 @@ |
@@ -139,6 +142,11 @@ |
const char* tunable_dsa_private_key_file; |
const char* tunable_ca_certs_file; |
|
530,8 → 537,8 |
static void install_str_setting(const char* p_value, const char** p_storage); |
|
void |
@@ -225,11 +227,12 @@ |
tunable_ptrace_sandbox = 0; |
@@ -219,9 +227,10 @@ |
tunable_sandbox = 0; |
tunable_require_ssl_reuse = 1; |
tunable_isolate = 1; |
- tunable_isolate_network = 1; |
538,21 → 545,19 |
+ tunable_isolate_network = 0; |
tunable_ftp_enable = 1; |
tunable_http_enable = 0; |
tunable_seccomp_sandbox = 1; |
tunable_allow_writeable_chroot = 0; |
+ tunable_av_enable = 0; |
|
tunable_accept_timeout = 60; |
tunable_connect_timeout = 60; |
@@ -255,6 +263,7 @@ |
@@ -245,6 +254,7 @@ |
tunable_max_login_fails = 3; |
/* -rw------- */ |
tunable_chown_upload_mode = 0600; |
+ tunable_av_clamd_port = 3310; |
|
install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir); |
install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); |
install_str_setting("ftp", &tunable_ftp_username); |
@@ -290,6 +299,11 @@ |
@@ -280,6 +290,11 @@ |
install_str_setting(0, &tunable_rsa_private_key_file); |
install_str_setting(0, &tunable_dsa_private_key_file); |
install_str_setting(0, &tunable_ca_certs_file); |
567,15 → 572,15 |
diff -Naru vsftpd-2.2.2.orig/tunables.h vsftpd-2.2.2/tunables.h |
--- vsftpd-2.2.2.orig/tunables.h 2009-07-07 03:37:28.000000000 +0200 |
+++ vsftpd-2.2.2/tunables.h 2010-04-29 19:46:54.438781445 +0200 |
@@ -84,6 +84,7 @@ |
@@ -83,6 +83,7 @@ |
extern int tunable_implicit_ssl; /* Use implicit SSL protocol */ |
extern int tunable_ptrace_sandbox; /* DEPRECATED ptrace sandbox */ |
extern int tunable_sandbox; /* Deploy ptrace sandbox */ |
extern int tunable_require_ssl_reuse; /* Require re-used data conn */ |
+extern int tunable_av_enable; /* Scan av incomming files */ |
extern int tunable_isolate; /* Use container clone() flags */ |
extern int tunable_isolate_network; /* Use CLONE_NEWNET */ |
extern int tunable_ftp_enable; /* Allow FTP protocol */ |
@@ -112,6 +113,7 @@ |
|
@@ -107,6 +108,7 @@ |
extern unsigned int tunable_delay_successful_login; |
extern unsigned int tunable_max_login_fails; |
extern unsigned int tunable_chown_upload_mode; |
583,7 → 588,7 |
|
/* String defines */ |
extern const char* tunable_secure_chroot_dir; |
@@ -146,6 +148,10 @@ |
@@ -141,6 +143,10 @@ |
extern const char* tunable_dsa_private_key_file; |
extern const char* tunable_ca_certs_file; |
extern const char* tunable_cmds_denied; |
597,7 → 602,7 |
diff -Naru vsftpd-2.2.2.orig/twoprocess.c vsftpd-2.2.2/twoprocess.c |
--- vsftpd-2.2.2.orig/twoprocess.c 2009-07-18 07:56:44.000000000 +0200 |
+++ vsftpd-2.2.2/twoprocess.c 2010-04-29 19:46:54.438781445 +0200 |
@@ -457,6 +457,13 @@ |
@@ -428,6 +428,13 @@ |
p_user_str, p_orig_user_str); |
vsf_secutil_change_credentials(p_user_str, &userdir_str, &chroot_str, |
0, secutil_option); |