Date: Tue, 31 Jan 2006 03:36:51 GMT From: Joe Doupnik <jrd@cc.usu.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/92579: VSFTPD goes to 100% cpu util when exiting, if PAM support enabled Message-ID: <200601310336.k0V3ap8J093286@www.freebsd.org> Resent-Message-ID: <200601310340.k0V3e2Oc018327@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 92579
>Category: ports
>Synopsis: VSFTPD goes to 100% cpu util when exiting, if PAM support enabled
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 31 03:40:02 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Joe Doupnik
>Release: FBSD 6.0, recently cvsup'd
>Organization:
Utah State University
>Environment:
# uname -a
FreeBSD netlab1.usu.edu 6.0-STABLE FreeBSD 6.0-STABLE #2: Sat Jan 28 09:47:12 MS
T 2006 root@netlab1.usu.edu:/usr/obj/usr/src/sys/JRD i386
>Description:
For about two years vsftpd has has partial support for PAM to log sessions. I submitted a patch to the author back then, which got not action. Here we are again but with a more serious problem. With PAM session support vsftpd goes to 100% utilization and will not exit (from inetd) when the session is closed.
The fix listed below solves the cpu and exiting problem, and provides PAM session support.
>How-To-Repeat:
Add these three items to vsftpd.conf, start an ftp session, watch with top,
exit the session, see 100% cpu assigned to vsftpd which does not exit.
session_support=YES
syslog_enable=YES
pam_service_name=ftp
>Fix:
The patch material below solves this problem and provides full PAM session support (so that "last" work, etc). sysdeputil.c.orig is in the most recent vsftpd in the ports collection.
# diff -u sysdeputil.c.orig sysdeputil.c > sysdeputil.diff
# cat sysdeputil.diff
--- sysdeputil.c.orig Mon May 23 16:34:23 2005
+++ sysdeputil.c Mon Jan 30 20:17:40 2006
@@ -6,6 +6,10 @@
*
* Highly system dependent utilities - e.g. authentication, capabilities.
*/
+/* Modifications by Joe R. Doupnik, jrd@cc.usu.edu, marked as JRD, for
+PAM support on recent FreeBSD systems. Does wtmp entries for last_log.
+Most recently tested on FBSD v6.0
+*/
#include "sysdeputil.h"
#include "str.h"
@@ -34,6 +38,9 @@
/* For FreeBSD */
#include <sys/param.h>
#include <sys/uio.h>
+#include <stdio.h> /* JRD */
+#include <syslog.h> /* JRD */
+#include <utmp.h> /* JRD */
/* Configuration.. here are the possibilities */
#undef VSF_SYSDEP_HAVE_CAPABILITIES
@@ -302,15 +309,21 @@
s_pamh = 0;
return 0;
}
-#ifdef PAM_RHOST
- retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
+
+/*was JRD #ifdef PAM_RHOST */
+ {
+ char buf[UT_HOSTSIZE]; /* restrict to normal system buf size */
+ snprintf(buf, sizeof(buf), "%s", str_getbuf(p_remote_host));
+ retval = pam_set_item(s_pamh, PAM_RHOST, buf);
+ }
+/*was JRD retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
*/
if (retval != PAM_SUCCESS)
{
(void) pam_end(s_pamh, 0);
s_pamh = 0;
return 0;
}
-#endif
+/*was JRD #endif */
retval = pam_authenticate(s_pamh, 0);
if (retval != PAM_SUCCESS)
{
@@ -341,6 +354,14 @@
}
/* Must do this BEFORE opening a session for pam_limits to count us */
vsf_insert_uwtmp(p_user_str, p_remote_host);
+/* JRD Tell PAM our "PAM_TTY" */
+ {
+ char ttyline[UT_LINESIZE];
+ (void)snprintf(ttyline, sizeof(ttyline), "ftp%d", getpid());
+ pam_set_item(s_pamh, PAM_TTY, ttyline);
+ }
+/* JRD end */
+
retval = pam_open_session(s_pamh, 0);
if (retval != PAM_SUCCESS)
{
#
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601310336.k0V3ap8J093286>