Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 887162 Details for
Bug 1087834
missing reverse_lookup_enable option
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
The patch adds reverse_lookup_enable option and its handling
vsftpd-3.0.2-lookup.patch (text/plain), 4.02 KB, created by
Jiri Skala
on 2014-04-17 12:17:02 UTC
(
hide
)
Description:
The patch adds reverse_lookup_enable option and its handling
Filename:
MIME Type:
Creator:
Jiri Skala
Created:
2014-04-17 12:17:02 UTC
Size:
4.02 KB
patch
obsolete
>diff -up vsftpd-3.0.2/parseconf.c.lookup vsftpd-3.0.2/parseconf.c >--- vsftpd-3.0.2/parseconf.c.lookup 2014-04-17 10:01:50.862951491 +0200 >+++ vsftpd-3.0.2/parseconf.c 2014-04-17 10:02:42.343955443 +0200 >@@ -91,6 +91,7 @@ parseconf_bool_array[] = > { "mdtm_write", &tunable_mdtm_write }, > { "lock_upload_files", &tunable_lock_upload_files }, > { "pasv_addr_resolve", &tunable_pasv_addr_resolve }, >+ { "reverse_lookup_enable", &tunable_reverse_lookup_enable }, > { "userlist_log", &tunable_userlist_log }, > { "debug_ssl", &tunable_debug_ssl }, > { "require_cert", &tunable_require_cert }, >diff -up vsftpd-3.0.2/sysdeputil.c.lookup vsftpd-3.0.2/sysdeputil.c >--- vsftpd-3.0.2/sysdeputil.c.lookup 2014-04-17 09:57:02.111933144 +0200 >+++ vsftpd-3.0.2/sysdeputil.c 2014-04-17 10:01:31.069950498 +0200 >@@ -354,12 +354,16 @@ vsf_sysdep_check_auth(struct mystr* p_us > return 0; > } > #ifdef PAM_RHOST >- sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host)); >- host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET); >- if (host != (struct hostent*)0) >- retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name); >- else >+ if (tunable_reverse_lookup_enable) { >+ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host)); >+ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET); >+ if (host != (struct hostent*)0) >+ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name); >+ else >+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); >+ } else { > retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); >+ } > if (retval != PAM_SUCCESS) > { > (void) pam_end(s_pamh, retval); >diff -up vsftpd-3.0.2/tunables.c.lookup vsftpd-3.0.2/tunables.c >--- vsftpd-3.0.2/tunables.c.lookup 2014-04-17 10:03:22.766958324 +0200 >+++ vsftpd-3.0.2/tunables.c 2014-04-17 10:04:52.004964675 +0200 >@@ -72,6 +72,7 @@ int tunable_force_anon_data_ssl; > int tunable_mdtm_write; > int tunable_lock_upload_files; > int tunable_pasv_addr_resolve; >+int tunable_reverse_lookup_enable; > int tunable_userlist_log; > int tunable_debug_ssl; > int tunable_require_cert; >@@ -213,6 +214,7 @@ tunables_load_defaults() > tunable_mdtm_write = 1; > tunable_lock_upload_files = 1; > tunable_pasv_addr_resolve = 0; >+ tunable_reverse_lookup_enable = 1; > tunable_userlist_log = 0; > tunable_debug_ssl = 0; > tunable_require_cert = 0; >diff -up vsftpd-3.0.2/tunables.h.lookup vsftpd-3.0.2/tunables.h >--- vsftpd-3.0.2/tunables.h.lookup 2014-04-17 10:03:27.405958676 +0200 >+++ vsftpd-3.0.2/tunables.h 2014-04-17 10:04:22.763963824 +0200 >@@ -73,6 +73,7 @@ extern int tunable_force_anon_data_ssl; > extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */ > extern int tunable_lock_upload_files; /* Lock uploading files */ > extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */ >+extern int tunable_reverse_lookup_enable; /* Get hostname before pam auth */ > extern int tunable_userlist_log; /* Log every failed login attempt */ > extern int tunable_debug_ssl; /* Verbose SSL logging */ > extern int tunable_require_cert; /* SSL client cert required */ >diff -up vsftpd-3.0.2/vsftpd.conf.5.lookup vsftpd-3.0.2/vsftpd.conf.5 >--- vsftpd-3.0.2/vsftpd.conf.5.lookup 2014-04-17 10:05:30.956969003 +0200 >+++ vsftpd-3.0.2/vsftpd.conf.5 2014-04-17 10:06:36.586971828 +0200 >@@ -425,6 +425,15 @@ http://scarybeastsecurity.blogspot.com/2 > > Default: YES > .TP >+.B reverse_lookup_enable >+Set to YES if you want vsftpd to transform the ip address into the hostname, >+before pam authentication. This is useful if you use pam_access including the >+hostname. If you want vsftpd to run on the environment where the reverse lookup >+for some hostname is available and the name server doesn't respond for a while, >+you should set this to NO to avoid a performance issue. >+ >+Default: YES >+.TP > .B run_as_launching_user > Set to YES if you want vsftpd to run as the user which launched vsftpd. This is > useful where root access is not available. MASSIVE WARNING! Do NOT enable this
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=887162">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1087834
: 887162