1/* 2 * Part of Very Secure FTPd 3 * Licence: GPL v2 4 * Author: Chris Evans 5 * oneprocess.c 6 * 7 * Code for the "one process" security model. The one process security model 8 * is born for the purposes of raw speed at the expense of compromising the 9 * purity of the security model. 10 * The one process model will typically be disabled, for security reasons. 11 * Only sites with huge numbers of concurrent users are likely to feel the 12 * pain of two processes per session. 13 */ 14 15#include "prelogin.h" 16#include "postlogin.h" 17#include "privops.h" 18#include "session.h" 19#include "secutil.h" 20#include "str.h" 21#include "tunables.h" 22#include "utility.h" 23#include "sysstr.h" 24#include "sysdeputil.h" 25 26void 27vsf_one_process_start(struct vsf_session* p_sess) 28{ 29 unsigned int caps = 0; 30 if (tunable_chown_uploads) 31 { 32 caps |= kCapabilityCAP_CHOWN; 33 } 34 if (tunable_connect_from_port_20) 35 { 36 caps |= kCapabilityCAP_NET_BIND_SERVICE; 37 } 38 { 39 struct mystr user_name = INIT_MYSTR; 40 struct mystr chdir_str = INIT_MYSTR; 41 str_alloc_text(&user_name, tunable_ftp_username); 42 if (tunable_anon_root) 43 { 44 str_alloc_text(&chdir_str, tunable_anon_root); 45 } 46 if (tunable_run_as_launching_user) 47 { 48 if (!str_isempty(&chdir_str)) 49 { 50 (void) str_chdir(&chdir_str); 51 } 52 } 53 else 54 { 55 vsf_secutil_change_credentials(&user_name, 0, &chdir_str, caps, 56 VSF_SECUTIL_OPTION_CHROOT | VSF_SECUTIL_OPTION_USE_GROUPS); 57 } 58 str_free(&user_name); 59 str_free(&chdir_str); 60 } 61 init_connection(p_sess); 62} 63 64void 65vsf_one_process_login(struct vsf_session* p_sess, 66 const struct mystr* p_pass_str) 67{ 68 enum EVSFPrivopLoginResult login_result = 69 vsf_privop_do_login(p_sess, p_pass_str); 70 switch (login_result) 71 { 72 case kVSFLoginFail: 73 return; 74 break; 75 case kVSFLoginAnon: 76 p_sess->is_anonymous = 1; 77 process_post_login(p_sess); 78 break; 79 default: 80 bug("bad state in vsf_one_process_login"); 81 break; 82 } 83} 84 85int 86vsf_one_process_get_priv_data_sock(struct vsf_session* p_sess) 87{ 88 return vsf_privop_get_ftp_port_sock(p_sess); 89} 90 91void 92vsf_one_process_chown_upload(struct vsf_session* p_sess, int fd) 93{ 94 vsf_privop_do_file_chown(p_sess, fd); 95} 96 97