Date: Tue, 31 Jan 2006 03:36:51 GMT From: Joe Doupnik <jrd@cc.usu.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/92579: VSFTPD goes to 100% cpu util when exiting, if PAM support enabled Message-ID: <200601310336.k0V3ap8J093286@www.freebsd.org> Resent-Message-ID: <200601310340.k0V3e2Oc018327@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 92579 >Category: ports >Synopsis: VSFTPD goes to 100% cpu util when exiting, if PAM support enabled >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 31 03:40:02 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Joe Doupnik >Release: FBSD 6.0, recently cvsup'd >Organization: Utah State University >Environment: # uname -a FreeBSD netlab1.usu.edu 6.0-STABLE FreeBSD 6.0-STABLE #2: Sat Jan 28 09:47:12 MS T 2006 root@netlab1.usu.edu:/usr/obj/usr/src/sys/JRD i386 >Description: For about two years vsftpd has has partial support for PAM to log sessions. I submitted a patch to the author back then, which got not action. Here we are again but with a more serious problem. With PAM session support vsftpd goes to 100% utilization and will not exit (from inetd) when the session is closed. The fix listed below solves the cpu and exiting problem, and provides PAM session support. >How-To-Repeat: Add these three items to vsftpd.conf, start an ftp session, watch with top, exit the session, see 100% cpu assigned to vsftpd which does not exit. session_support=YES syslog_enable=YES pam_service_name=ftp >Fix: The patch material below solves this problem and provides full PAM session support (so that "last" work, etc). sysdeputil.c.orig is in the most recent vsftpd in the ports collection. # diff -u sysdeputil.c.orig sysdeputil.c > sysdeputil.diff # cat sysdeputil.diff --- sysdeputil.c.orig Mon May 23 16:34:23 2005 +++ sysdeputil.c Mon Jan 30 20:17:40 2006 @@ -6,6 +6,10 @@ * * Highly system dependent utilities - e.g. authentication, capabilities. */ +/* Modifications by Joe R. Doupnik, jrd@cc.usu.edu, marked as JRD, for +PAM support on recent FreeBSD systems. Does wtmp entries for last_log. +Most recently tested on FBSD v6.0 +*/ #include "sysdeputil.h" #include "str.h" @@ -34,6 +38,9 @@ /* For FreeBSD */ #include <sys/param.h> #include <sys/uio.h> +#include <stdio.h> /* JRD */ +#include <syslog.h> /* JRD */ +#include <utmp.h> /* JRD */ /* Configuration.. here are the possibilities */ #undef VSF_SYSDEP_HAVE_CAPABILITIES @@ -302,15 +309,21 @@ s_pamh = 0; return 0; } -#ifdef PAM_RHOST - retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); + +/*was JRD #ifdef PAM_RHOST */ + { + char buf[UT_HOSTSIZE]; /* restrict to normal system buf size */ + snprintf(buf, sizeof(buf), "%s", str_getbuf(p_remote_host)); + retval = pam_set_item(s_pamh, PAM_RHOST, buf); + } +/*was JRD retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); */ if (retval != PAM_SUCCESS) { (void) pam_end(s_pamh, 0); s_pamh = 0; return 0; } -#endif +/*was JRD #endif */ retval = pam_authenticate(s_pamh, 0); if (retval != PAM_SUCCESS) { @@ -341,6 +354,14 @@ } /* Must do this BEFORE opening a session for pam_limits to count us */ vsf_insert_uwtmp(p_user_str, p_remote_host); +/* JRD Tell PAM our "PAM_TTY" */ + { + char ttyline[UT_LINESIZE]; + (void)snprintf(ttyline, sizeof(ttyline), "ftp%d", getpid()); + pam_set_item(s_pamh, PAM_TTY, ttyline); + } +/* JRD end */ + retval = pam_open_session(s_pamh, 0); if (retval != PAM_SUCCESS) { # >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601310336.k0V3ap8J093286>