rpms/vsftpd/devel vsftpd-2.0.5-userlist_log.patch, NONE, 1.1 vsftpd.spec, 1.69, 1.70

Fri Nov 30 12:03:32 UTC 2007

Author: mnagy

Update of /cvs/extras/rpms/vsftpd/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4173

Modified Files:
	vsftpd.spec 
Added Files:
	vsftpd-2.0.5-userlist_log.patch 
Log Message:
* Fri Nov 30 2007 Martin Nagy <mnagy at redhat.com> - 2.0.5-21
- Added userlist_log option.


vsftpd-2.0.5-userlist_log.patch:

--- NEW FILE vsftpd-2.0.5-userlist_log.patch ---
diff -up vsftpd-2.0.5/tunables.c.userlist_log vsftpd-2.0.5/tunables.c
--- vsftpd-2.0.5/tunables.c.userlist_log	2007-11-30 12:44:22.000000000 +0100
+++ vsftpd-2.0.5/tunables.c	2007-11-30 12:46:52.000000000 +0100
@@ -71,6 +71,7 @@ int tunable_force_anon_data_ssl = 0;
 int tunable_mdtm_write = 1;
 int tunable_lock_upload_files = 1;
 int tunable_pasv_addr_resolve = 0;
+int tunable_userlist_log = 0;
 
 unsigned int tunable_accept_timeout = 60;
 unsigned int tunable_connect_timeout = 60;
diff -up vsftpd-2.0.5/parseconf.c.userlist_log vsftpd-2.0.5/parseconf.c
--- vsftpd-2.0.5/parseconf.c.userlist_log	2007-11-30 12:44:48.000000000 +0100
+++ vsftpd-2.0.5/parseconf.c	2007-11-30 12:46:50.000000000 +0100
@@ -100,6 +100,7 @@ parseconf_bool_array[] =
   { "mdtm_write", &tunable_mdtm_write },
   { "lock_upload_files", &tunable_lock_upload_files },
   { "pasv_addr_resolve", &tunable_pasv_addr_resolve },
+  { "userlist_log", &tunable_userlist_log },
   { 0, 0 }
 };
 
diff -up vsftpd-2.0.5/prelogin.c.userlist_log vsftpd-2.0.5/prelogin.c
--- vsftpd-2.0.5/prelogin.c.userlist_log	2007-11-30 12:43:45.000000000 +0100
+++ vsftpd-2.0.5/prelogin.c	2007-11-30 12:46:41.000000000 +0100
@@ -189,6 +189,20 @@ handle_user_command(struct vsf_session* 
         (!located && !tunable_userlist_deny))
     {
       vsf_cmdio_write(p_sess, FTP_LOGINERR, "Permission denied.");
+      if (tunable_userlist_log)
+      {
+        struct mystr str_log_line = INIT_MYSTR;
+        if (tunable_userlist_deny)
+        {
+          str_alloc_text(&str_log_line, "User is in the deny user list.");
+        }
+        else
+        {
+          str_alloc_text(&str_log_line, "User is not in the allow user list.");
+        }
+        vsf_log_failed_line(p_sess, kVSFLogEntryLogin, &str_log_line);
+        str_free(&str_log_line);
+      }
       str_empty(&p_sess->user_str);
       return;
     }
diff -up vsftpd-2.0.5/tunables.h.userlist_log vsftpd-2.0.5/tunables.h
--- vsftpd-2.0.5/tunables.h.userlist_log	2007-11-30 12:44:28.000000000 +0100
+++ vsftpd-2.0.5/tunables.h	2007-11-30 12:46:46.000000000 +0100
@@ -67,6 +67,7 @@ extern int tunable_force_anon_data_ssl; 
 extern int tunable_mdtm_write;                /* Allow MDTM to set timestamps */
 extern int tunable_lock_upload_files;         /* Lock uploading files */
 extern int tunable_pasv_addr_resolve;         /* DNS resolve pasv_addr */
+extern int tunable_userlist_log;              /* Log every failed login attempt */
 
 /* Integer/numeric defines */
 extern unsigned int tunable_accept_timeout;
diff -up vsftpd-2.0.5/logging.h.userlist_log vsftpd-2.0.5/logging.h
--- vsftpd-2.0.5/logging.h.userlist_log	2007-11-30 12:44:05.000000000 +0100
+++ vsftpd-2.0.5/logging.h	2007-11-30 12:46:43.000000000 +0100
@@ -73,5 +73,16 @@ void vsf_log_do_log(struct vsf_session* 
 void vsf_log_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
                   struct mystr* p_str);
 
+/* vsf_log_failed_line()
+ * PURPOSE
+ * Same as vsf_log_line(), except that it logs the line as failed operation.
+ * PARAMETERS
+ * p_sess       - the current session object
+ * what         - the type of operation to log
+ * p_str        - the string to log
+ */
+void vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
+                  struct mystr* p_str);
+
 #endif /* VSF_LOGGING_H */
 
diff -up vsftpd-2.0.5/vsftpd.conf.5.userlist_log vsftpd-2.0.5/vsftpd.conf.5
--- vsftpd-2.0.5/vsftpd.conf.5.userlist_log	2007-11-30 12:45:07.000000000 +0100
+++ vsftpd-2.0.5/vsftpd.conf.5	2007-11-30 12:46:48.000000000 +0100
@@ -520,6 +520,14 @@ cleartext passwords being transmitted. S
 
 Default: NO
 .TP
+.B userlist_log
+This option is examined if
+.BR userlist_enable
+is activated. If enabled, every login denial based on the user list will be
+logged.
+
+Default: NO
+.TP
 .B virtual_use_local_privs
 If enabled, virtual users will use the same privileges as local users. By
 default, virtual users will use the same privileges as anonymous users, which
diff -up vsftpd-2.0.5/logging.c.userlist_log vsftpd-2.0.5/logging.c
--- vsftpd-2.0.5/logging.c.userlist_log	2007-11-30 12:43:30.000000000 +0100
+++ vsftpd-2.0.5/logging.c	2007-11-30 12:46:39.000000000 +0100
@@ -95,6 +95,13 @@ vsf_log_line(struct vsf_session* p_sess,
   vsf_log_common(p_sess, 1, what, p_str);
 }
 
+void
+vsf_log_failed_line(struct vsf_session* p_sess, enum EVSFLogEntryType what,
+             struct mystr* p_str)
+{
+  vsf_log_common(p_sess, 0, what, p_str);
+}
+
 int
 vsf_log_entry_pending(struct vsf_session* p_sess)
 {


Index: vsftpd.spec
===================================================================
RCS file: /cvs/extras/rpms/vsftpd/devel/vsftpd.spec,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- vsftpd.spec	30 Nov 2007 11:22:50 -0000	1.69
+++ vsftpd.spec	30 Nov 2007 12:03:00 -0000	1.70
@@ -44,6 +44,7 @@
 Patch30: vsftpd-2.0.5-pam_end.patch
 Patch31: vsftpd-2.0.5-write_race.patch
 Patch32: vsftpd-2.0.5-fix_unique.patch
+Patch33: vsftpd-2.0.5-userlist_log.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 %if %{tcp_wrappers}
@@ -102,6 +103,7 @@
 %patch30 -p1 -b .pam_end
 %patch31 -p1 -b .write_race
 %patch32 -p1 -b .fix_unique
+%patch33 -p1 -b .userlist_log
 
 %build
 %ifarch s390x
@@ -165,6 +167,7 @@
 - Correct create/lock race condition, original patch by <mpoole at redhat.com>
   (#240550).
 - Fix bad handling of unique files (#392231).
+- Added userlist_log option.
 
 * Thu Nov 08 2007 Martin Nagy <mnagy at redhat.com> - 2.0.5-20
 - Correct calling of pam_end (#235843).


