[Git][debian-proftpd-team/proftpd-mod-vroot][upstream] New upstream version 0.9.11
Hilmar Preuße (@hilmar-guest)
gitlab at salsa.debian.org
Tue Nov 15 07:21:15 GMT 2022
Hilmar Preuße pushed to branch upstream at Debian ProFTPD Team / proftpd-mod-vroot
Commits:
1f38897e by Hilmar Preusse at 2022-11-15T07:54:27+01:00
New upstream version 0.9.11
- - - - -
2 changed files:
- mod_vroot.c
- mod_vroot.h.in
Changes:
=====================================
mod_vroot.c
=====================================
@@ -1,7 +1,7 @@
/*
* ProFTPD: mod_vroot -- a module implementing a virtual chroot capability
* via the FSIO API
- * Copyright (c) 2002-2021 TJ Saunders
+ * Copyright (c) 2002-2022 TJ Saunders
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -498,7 +498,49 @@ MODRET vroot_post_mkd(cmd_rec *cmd) {
return PR_DECLINED(cmd);
}
-MODRET vroot_pre_pass(cmd_rec *cmd) {
+MODRET vroot_post_pass(cmd_rec *cmd) {
+ if (vroot_engine == FALSE) {
+ return PR_DECLINED(cmd);
+ }
+
+ /* If not chrooted, umount our vroot FS. */
+ if (session.chroot_path == NULL) {
+ pr_fs_t *fs;
+
+ fs = pr_unmount_fs("/", "vroot");
+ if (fs != NULL) {
+ destroy_pool(fs->fs_pool);
+ pr_log_debug(DEBUG5, MOD_VROOT_VERSION ": vroot unmounted");
+ pr_fs_setcwd(pr_fs_getvwd());
+ pr_fs_clear_cache();
+
+ } else {
+ pr_log_debug(DEBUG2, MOD_VROOT_VERSION
+ ": error unmounting vroot: %s", strerror(errno));
+ }
+
+ } else {
+ config_rec *c;
+
+ /* Otherwise, lookup and process any VRootOptions. */
+ c = find_config(main_server->conf, CONF_PARAM, "VRootOptions", FALSE);
+ if (c != NULL) {
+ vroot_opts = *((unsigned int *) c->argv[0]);
+ }
+
+ /* XXX This needs to be in the PRE_CMD PASS handler, as when
+ * VRootServer is used, so that a real chroot(2) occurs.
+ */
+ handle_vrootaliases();
+ }
+
+ return PR_DECLINED(cmd);
+}
+
+/* Event listeners
+ */
+
+static void vroot_chroot_ev(const void *event_data, void *user_data) {
pr_fs_t *fs = NULL;
int *use_vroot = NULL;
@@ -506,7 +548,7 @@ MODRET vroot_pre_pass(cmd_rec *cmd) {
if (use_vroot == NULL ||
*use_vroot == FALSE) {
vroot_engine = FALSE;
- return PR_DECLINED(cmd);
+ return;
}
/* First, make sure that we have not already registered our FS object. */
@@ -519,7 +561,7 @@ MODRET vroot_pre_pass(cmd_rec *cmd) {
if (fs == NULL) {
pr_log_debug(DEBUG3, MOD_VROOT_VERSION ": error registering fs: %s",
strerror(errno));
- return PR_DECLINED(cmd);
+ return;
}
pr_log_debug(DEBUG5, MOD_VROOT_VERSION ": vroot registered");
@@ -555,98 +597,8 @@ MODRET vroot_pre_pass(cmd_rec *cmd) {
fs->rmdir = vroot_fsio_rmdir;
vroot_engine = TRUE;
- return PR_DECLINED(cmd);
-}
-
-MODRET vroot_post_pass(cmd_rec *cmd) {
- if (vroot_engine == TRUE) {
-
- /* If not chrooted, unregister vroot. */
- if (session.chroot_path == NULL) {
- if (pr_unregister_fs("/") < 0) {
- pr_log_debug(DEBUG2, MOD_VROOT_VERSION
- ": error unregistering vroot: %s", strerror(errno));
-
- } else {
- pr_log_debug(DEBUG5, MOD_VROOT_VERSION ": vroot unregistered");
- pr_fs_setcwd(pr_fs_getvwd());
- pr_fs_clear_cache();
- }
-
- } else {
- config_rec *c;
-
- /* Otherwise, lookup and process any VRootOptions. */
- c = find_config(main_server->conf, CONF_PARAM, "VRootOptions", FALSE);
- if (c != NULL) {
- vroot_opts = *((unsigned int *) c->argv[0]);
- }
-
- /* XXX This needs to be in the PRE_CMD PASS handler, as when
- * VRootServer is used, so that a real chroot(2) occurs.
- */
- handle_vrootaliases();
- }
- }
-
- return PR_DECLINED(cmd);
}
-MODRET vroot_post_pass_err(cmd_rec *cmd) {
- if (vroot_engine == TRUE) {
- const void *hint;
-
- /* Look for any notes/hints attached to this command which might indicate
- * that it is not a real PASS command error, but rather a fake command
- * dispatched for e.g. logging/handling by other modules. We pay attention
- * to this here due to e.g. AIX loginfailed(3) semantics (Issue #693).
- */
- hint = pr_table_get(cmd->notes, "mod_sftp.nonfatal-attempt", NULL);
-
- /* NOTE: The "mod_sftp.nonfatal-attempt" note was added in 1.3.7b. So
- * if our version is older than that, we expect this hint to be null,
- * and need to unregister ourselves.
- *
- * On the other hand, if our version is newer than that, and hint is NOT
- * null, then we need to unregister ourselves. Why? The PRE_CMD PASS
- * handler will re-register this FS at that time.
- */
-
-#if PROFTPD_VERSION_NUMBER < 0x0001030707
- if (hint == NULL) {
-#else
- if (hint != NULL) {
-#endif /* ProFTPD 1.3.7b or later */
- /* If not chrooted, unregister vroot. */
- if (session.chroot_path == NULL) {
- /* Due to interactions with mod_auth_file and mod_ifsession, it is
- * possible for AuthUserFile/AuthGroupFile to currently be opened with
- * pr_fh_t from the vroot FSIO, as from previous authentication
- * attempts (particularly for SSH logins). So we try to ensure those
- * are closed, as the pr_fh_t pool will be issued from the vroot FSIO
- * pool. Failure to do so could lead to inexplicable segfaults and or
- * "attempt to free already freed block" log messages.
- */
- pr_auth_endpwent(cmd->tmp_pool);
- pr_auth_endgrent(cmd->tmp_pool);
-
- if (pr_unregister_fs("/") < 0) {
- pr_log_debug(DEBUG2, MOD_VROOT_VERSION
- ": error unregistering vroot: %s", strerror(errno));
-
- } else {
- pr_log_debug(DEBUG5, MOD_VROOT_VERSION ": vroot unregistered");
- }
- }
- }
- }
-
- return PR_DECLINED(cmd);
-}
-
-/* Event listeners
- */
-
static void vroot_exit_ev(const void *event_data, void *user_data) {
vroot_alias_free();
vroot_fsio_free();
@@ -696,6 +648,8 @@ static int vroot_sess_init(void) {
vroot_alias_init(session.pool);
vroot_fsio_init(session.pool);
+
+ pr_event_register(&vroot_module, "core.chroot", vroot_chroot_ev, NULL);
pr_event_register(&vroot_module, "core.exit", vroot_exit_ev, NULL);
return 0;
@@ -714,9 +668,7 @@ static conftable vroot_conftab[] = {
};
static cmdtable vroot_cmdtab[] = {
- { PRE_CMD, C_PASS, G_NONE, vroot_pre_pass, FALSE, FALSE },
{ POST_CMD, C_PASS, G_NONE, vroot_post_pass, FALSE, FALSE },
- { POST_CMD_ERR, C_PASS, G_NONE, vroot_post_pass_err, FALSE, FALSE },
{ PRE_CMD, C_MKD, G_NONE, vroot_pre_mkd, FALSE, FALSE },
{ POST_CMD, C_MKD, G_NONE, vroot_post_mkd, FALSE, FALSE },
=====================================
mod_vroot.h.in
=====================================
@@ -27,7 +27,7 @@
#include "conf.h"
-#define MOD_VROOT_VERSION "mod_vroot/0.9.10"
+#define MOD_VROOT_VERSION "mod_vroot/0.9.11"
/* Make sure the version of proftpd is as necessary. */
#if PROFTPD_VERSION_NUMBER < 0x0001030602
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd-mod-vroot/-/commit/1f38897ea17210b75293fe694708e726e32c2fe3
--
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd-mod-vroot/-/commit/1f38897ea17210b75293fe694708e726e32c2fe3
You're receiving this email because of your account on salsa.debian.org.
More information about the Pkg-proftpd-maintainers
mailing list