1/*
2 * Part of Very Secure FTPd
3 * Licence: GPL v2
4 * Author: Chris Evans
5 * oneprocess.c
6 *
7 * Code for the "one process" security model. The one process security model
8 * is born for the purposes of raw speed at the expense of compromising the
9 * purity of the security model.
10 * The one process model will typically be disabled, for security reasons.
11 * Only sites with huge numbers of concurrent users are likely to feel the
12 * pain of two processes per session.
13 */
14
15#include "prelogin.h"
16#include "postlogin.h"
17#include "privops.h"
18#include "session.h"
19#include "secutil.h"
20#include "str.h"
21#include "tunables.h"
22#include "utility.h"
23#include "sysstr.h"
24#include "sysdeputil.h"
25
26void
27vsf_one_process_start(struct vsf_session* p_sess)
28{
29  unsigned int caps = 0;
30  if (tunable_chown_uploads)
31  {
32    caps |= kCapabilityCAP_CHOWN;
33  }
34  if (tunable_connect_from_port_20)
35  {
36    caps |= kCapabilityCAP_NET_BIND_SERVICE;
37  }
38  {
39    struct mystr user_name = INIT_MYSTR;
40    struct mystr chdir_str = INIT_MYSTR;
41    str_alloc_text(&user_name, tunable_ftp_username);
42    if (tunable_anon_root)
43    {
44      str_alloc_text(&chdir_str, tunable_anon_root);
45    }
46    if (tunable_run_as_launching_user)
47    {
48      if (!str_isempty(&chdir_str))
49      {
50        (void) str_chdir(&chdir_str);
51      }
52    }
53    else
54    {
55      vsf_secutil_change_credentials(&user_name, 0, &chdir_str, caps,
56          VSF_SECUTIL_OPTION_CHROOT | VSF_SECUTIL_OPTION_USE_GROUPS);
57    }
58    str_free(&user_name);
59    str_free(&chdir_str);
60  }
61  init_connection(p_sess);
62}
63
64void
65vsf_one_process_login(struct vsf_session* p_sess,
66                      const struct mystr* p_pass_str)
67{
68  enum EVSFPrivopLoginResult login_result =
69    vsf_privop_do_login(p_sess, p_pass_str);
70  switch (login_result)
71  {
72    case kVSFLoginFail:
73      return;
74      break;
75    case kVSFLoginAnon:
76      p_sess->is_anonymous = 1;
77      process_post_login(p_sess);
78      break;
79    default:
80      bug("bad state in vsf_one_process_login");
81      break;
82  }
83}
84
85int
86vsf_one_process_get_priv_data_sock(struct vsf_session* p_sess)
87{
88  return vsf_privop_get_ftp_port_sock(p_sess);
89}
90
91void
92vsf_one_process_chown_upload(struct vsf_session* p_sess, int fd)
93{
94  vsf_privop_do_file_chown(p_sess, fd);
95}
96
97