release/src/router/vsftpd/main.c

   1 /*
   2  * Part of Very Secure FTPd
   3  * Licence: GPL v2
   4  * Author: Chris Evans
   5  * main.c
   6  */
   7
   8 #include "session.h"
   9 #include "utility.h"
  10 #include "tunables.h"
  11 #include "logging.h"
  12 #include "str.h"
  13 #include "filestr.h"
  14 #include "ftpcmdio.h"
  15 #include "sysutil.h"
  16 #include "sysdeputil.h"
  17 #include "defs.h"
  18 #include "parseconf.h"
  19 #include "oneprocess.h"
  20 #include "twoprocess.h"
  21 #include "standalone.h"
  22 #include "tcpwrap.h"
  23 #include "vsftpver.h"
  24 #include "ssl.h"
  25
  26 /*
  27  * Forward decls of helper functions
  28  */
  29 static void die_unless_privileged(void);
  30 static void do_sanity_checks(void);
  31 static void session_init(struct vsf_session* p_sess);
  32 static void env_init(void);
  33 static void limits_init(void);
  34
  35 int
  36 main(int argc, const char* argv[])
  37 {
  38   struct vsf_session the_session =
  39   {
  40     /* Control connection */
  41     0, 0, 0,
  42     /* Data connection */
  43     -1, 0, -1, 0, 0, 0, 0,
  44     /* Login */
  45     1, 0, INIT_MYSTR, INIT_MYSTR,
  46     /* Protocol state */
  47     0, 1, INIT_MYSTR, 0, 0,
  48     /* HTTP hacks */
  49     0, INIT_MYSTR,
  50     /* Session state */
  51     0,
  52     /* Userids */
  53     -1, -1, -1,
  54     /* Pre-chroot() cache */
  55     INIT_MYSTR, INIT_MYSTR, INIT_MYSTR, INIT_MYSTR, 1,
  56     /* Logging */
  57     -1, -1, INIT_MYSTR, 0, 0, 0, INIT_MYSTR, 0,
  58     /* Buffers */
  59     INIT_MYSTR, INIT_MYSTR,
  60     /* Parent <-> child comms */
  61     -1, -1,
  62     /* Number of clients */
  63     0, 0,
  64     /* Home directory */
  65     INIT_MYSTR,
  66     /* Secure connection state */
  67     0, 0, 0, 0, 0, INIT_MYSTR, 0, -1, -1,
  68     /* Login fails */
  69     0
  70   };
  71   int config_loaded = 0;
  72   int i;
  73   tunables_load_defaults();
  74   /* This might need to open /dev/zero on systems lacking MAP_ANON. Needs
  75    * to be done early (i.e. before config file parse, which may use
  76    * anonymous pages
  77    */
  78   vsf_sysutil_map_anon_pages_init();
  79   /* Argument parsing. Any argument not starting with "-" is a config file,
  80    * loaded in the order encountered. -o opt=value options are loading in the
  81    * order encountered, including correct ordering with respect intermingled
  82    * config files.
  83    * If we see -v (version) or an unknown option, parsing bails and exits.
  84    */
  85   if (argc == 0)
  86   {
  87     die("vsftpd: missing argv[0]");
  88   }
  89   for (i = 1; i < argc; ++i)
  90   {
  91     const char* p_arg = argv[i];
  92     if (p_arg[0] != '-')
  93     {
  94       config_loaded = 1;
  95       vsf_parseconf_load_file(p_arg, 1);
  96     }
  97     else
  98     {
  99       if (p_arg[1] == 'v')
 100       {
 101         vsf_exit("vsftpd: version " VSF_VERSION "\n");
 102       }
 103       else if (p_arg[1] == 'o')
 104       {
 105         vsf_parseconf_load_setting(&p_arg[2], 1);
 106       }
 107       else
 108       {
 109         die2("unrecognise option: ", p_arg);
 110       }
 111     }
 112   }
 113   /* Parse default config file if necessary */
 114   if (!config_loaded) {
 115     struct vsf_sysutil_statbuf* p_statbuf = 0;
 116     int retval = vsf_sysutil_stat(VSFTP_DEFAULT_CONFIG, &p_statbuf);
 117     if (!vsf_sysutil_retval_is_error(retval))
 118     {
 119       vsf_parseconf_load_file(VSFTP_DEFAULT_CONFIG, 1);
 120     }
 121     vsf_sysutil_free(p_statbuf);
 122   }
 123   /* Resolve pasv_address if required */
 124   if (tunable_pasv_address && tunable_pasv_addr_resolve)
 125   {
 126     struct vsf_sysutil_sockaddr* p_addr = 0;
 127     const char* p_numeric_addr;
 128     vsf_sysutil_dns_resolve(&p_addr, tunable_pasv_address);
 129     vsf_sysutil_free((char*) tunable_pasv_address);
 130     p_numeric_addr = vsf_sysutil_inet_ntop(p_addr);
 131     tunable_pasv_address = vsf_sysutil_strdup(p_numeric_addr);
 132     vsf_sysutil_free(p_addr);
 133   }
 134   if (!tunable_run_as_launching_user)
 135   {
 136     /* Just get out unless we start with requisite privilege */
 137     die_unless_privileged();
 138   }
 139   if (tunable_setproctitle_enable)
 140   {
 141     /* Warning -- warning -- may nuke argv, environ */
 142     vsf_sysutil_setproctitle_init(argc, argv);
 143   }
 144   /* Initialize the SSL system here if needed - saves the overhead of each
 145    * child doing this itself.
 146    */
 147   if (tunable_ssl_enable)
 148   {
 149     ssl_init(&the_session);
 150   }
 151   if (tunable_listen || tunable_listen_ipv6)
 152   {
 153     /* Standalone mode */
 154     struct vsf_client_launch ret = vsf_standalone_main();
 155     the_session.num_clients = ret.num_children;
 156     the_session.num_this_ip = ret.num_this_ip;
 157   }
 158   if (tunable_tcp_wrappers)
 159   {
 160     the_session.tcp_wrapper_ok = vsf_tcp_wrapper_ok(VSFTP_COMMAND_FD);
 161   }
 162   {
 163     const char* p_load_conf = vsf_sysutil_getenv("VSFTPD_LOAD_CONF");
 164     if (p_load_conf)
 165     {
 166       vsf_parseconf_load_file(p_load_conf, 1);
 167     }
 168   }
 169   /* Sanity checks - exit with a graceful error message if our STDIN is not
 170    * a socket. Also check various config options don't collide.
 171    */
 172   do_sanity_checks();
 173   /* Initializes session globals - e.g. IP addr's etc. */
 174   session_init(&the_session);
 175   /* Set up "environment", e.g. process group etc. */
 176   env_init();
 177   /* Set up resource limits. */
 178   limits_init();
 179   /* Set up logging - must come after global init because we need the remote
 180    * address to convert into text
 181    */
 182   vsf_log_init(&the_session);
 183   str_alloc_text(&the_session.remote_ip_str,
 184                  vsf_sysutil_inet_ntop(the_session.p_remote_addr));
 185   /* Set up options on the command socket */
 186   vsf_cmdio_sock_setup();
 187   if (tunable_setproctitle_enable)
 188   {
 189     vsf_sysutil_set_proctitle_prefix(&the_session.remote_ip_str);
 190     vsf_sysutil_setproctitle("connected");
 191   }
 192   /* We might chroot() very soon (one process model), so we need to open
 193    * any required config files here.
 194    */
 195   /* SSL may have been enabled by a per-IP configuration.. */
 196   if (tunable_ssl_enable)
 197   {
 198     ssl_init(&the_session);
 199     ssl_add_entropy(&the_session);
 200   }
 201   if (tunable_deny_email_enable)
 202   {
 203     int retval = str_fileread(&the_session.banned_email_str,
 204                               tunable_banned_email_file, VSFTP_CONF_FILE_MAX);
 205     if (vsf_sysutil_retval_is_error(retval))
 206     {
 207       die2("cannot read anon e-mail list file:", tunable_banned_email_file);
 208     }
 209   }
 210   if (tunable_banner_file)
 211   {
 212     int retval = str_fileread(&the_session.banner_str, tunable_banner_file,
 213                               VSFTP_CONF_FILE_MAX);
 214     if (vsf_sysutil_retval_is_error(retval))
 215     {
 216       die2("cannot read banner file:", tunable_banner_file);
 217     }
 218   }
 219   if (tunable_secure_email_list_enable)
 220   {
 221     int retval = str_fileread(&the_session.email_passwords_str,
 222                               tunable_email_password_file,
 223                               VSFTP_CONF_FILE_MAX);
 224     if (vsf_sysutil_retval_is_error(retval))
 225     {
 226       die2("cannot read email passwords file:", tunable_email_password_file);
 227     }
 228   }
 229   if (tunable_run_as_launching_user)
 230   {
 231     tunable_one_process_model = 1;
 232     if (!vsf_sysutil_running_as_root())
 233     {
 234       tunable_connect_from_port_20 = 0;
 235       tunable_chown_uploads = 0;
 236     }
 237   }
 238   if (tunable_one_process_model)
 239   {
 240     vsf_one_process_start(&the_session);
 241   }
 242   else
 243   {
 244     vsf_two_process_start(&the_session);
 245   }
 246   /* NOTREACHED */
 247   bug("should not get here: main");
 248   return 1;
 249 }
 250
 251 static void
 252 die_unless_privileged(void)
 253 {
 254   if (!vsf_sysutil_running_as_root())
 255   {
 256     die("vsftpd: must be started as root (see run_as_launching_user option)");
 257   }
 258 }
 259
 260 static void
 261 do_sanity_checks(void)
 262 {
 263   {
 264     struct vsf_sysutil_statbuf* p_statbuf = 0;
 265     vsf_sysutil_fstat(VSFTP_COMMAND_FD, &p_statbuf);
 266     if (!vsf_sysutil_statbuf_is_socket(p_statbuf))
 267     {
 268       die("vsftpd: not configured for standalone, must be started from inetd");
 269     }
 270     vsf_sysutil_free(p_statbuf);
 271   }
 272   if (tunable_one_process_model)
 273   {
 274     if (tunable_local_enable)
 275     {
 276       die("vsftpd: security: 'one_process_model' is anonymous only");
 277     }
 278     if (!vsf_sysdep_has_capabilities_as_non_root())
 279     {
 280       die("vsftpd: security: 'one_process_model' needs a better OS");
 281     }
 282   }
 283   if (!tunable_local_enable && !tunable_anonymous_enable)
 284   {
 285     die("vsftpd: both local and anonymous access disabled!");
 286   }
 287   if (!tunable_ftp_enable && !tunable_http_enable)
 288   {
 289     die("vsftpd: both FTP and HTTP disabled!");
 290   }
 291   if (tunable_http_enable && !tunable_one_process_model)
 292   {
 293     die("vsftpd: HTTP needs 'one_process_model' for now");
 294   }
 295 }
 296
 297 static void
 298 env_init(void)
 299 {
 300   vsf_sysutil_make_session_leader();
 301   /* Set up a secure umask - we'll set the proper one after login */
 302   vsf_sysutil_set_umask(VSFTP_SECURE_UMASK);
 303   /* Fire up libc's timezone initialisation, before we chroot()! */
 304   vsf_sysutil_tzset();
 305   /* Signals. We'll always take -EPIPE rather than a rude signal, thanks */
 306   vsf_sysutil_install_null_sighandler(kVSFSysUtilSigPIPE);
 307 }
 308
 309 static void
 310 limits_init(void)
 311 {
 312   unsigned long limit = VSFTP_AS_LIMIT;
 313   if (tunable_text_userdb_names)
 314   {
 315     /* Turns out, LDAP lookups for lots of userid -> name mappings can really
 316      * bloat memory usage.
 317      */
 318     limit *= 3;
 319   }
 320   vsf_sysutil_set_address_space_limit(limit);
 321 }
 322
 323 static void
 324 session_init(struct vsf_session* p_sess)
 325 {
 326   /* Get the addresses of the control connection */
 327   vsf_sysutil_getpeername(VSFTP_COMMAND_FD, &p_sess->p_remote_addr);
 328   vsf_sysutil_getsockname(VSFTP_COMMAND_FD, &p_sess->p_local_addr);
 329   /* If anonymous mode is active, fetch the uid of the anonymous user */
 330   if (tunable_anonymous_enable)
 331   {
 332     const struct vsf_sysutil_user* p_user =
 333       vsf_sysutil_getpwnam(tunable_ftp_username);
 334     if (p_user == 0)
 335     {
 336       die2("vsftpd: cannot locate user specified in 'ftp_username':",
 337            tunable_ftp_username);
 338     }
 339     p_sess->anon_ftp_uid = vsf_sysutil_user_getuid(p_user);
 340   }
 341   if (tunable_guest_enable)
 342   {
 343     const struct vsf_sysutil_user* p_user =
 344       vsf_sysutil_getpwnam(tunable_guest_username);
 345     if (p_user == 0)
 346     {
 347       die2("vsftpd: cannot locate user specified in 'guest_username':",
 348            tunable_guest_username);
 349     }
 350     p_sess->guest_user_uid = vsf_sysutil_user_getuid(p_user);
 351   }
 352   if (tunable_chown_uploads)
 353   {
 354     const struct vsf_sysutil_user* p_user =
 355       vsf_sysutil_getpwnam(tunable_chown_username);
 356     if (p_user == 0)
 357     {
 358       die2("vsftpd: cannot locate user specified in 'chown_username':",
 359            tunable_chown_username);
 360     }
 361     p_sess->anon_upload_chown_uid = vsf_sysutil_user_getuid(p_user);
 362   }
 363 }
 364