From owner-svn-src-head@freebsd.org  Fri Oct  6 13:46:06 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72DDEE37D73;
 Fri,  6 Oct 2017 13:46:06 +0000 (UTC)
 (envelope-from eugen@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 46C24256;
 Fri,  6 Oct 2017 13:46:06 +0000 (UTC)
 (envelope-from eugen@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v96Dk5gQ082197;
 Fri, 6 Oct 2017 13:46:05 GMT (envelope-from eugen@FreeBSD.org)
Received: (from eugen@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v96Dk56n082196;
 Fri, 6 Oct 2017 13:46:05 GMT (envelope-from eugen@FreeBSD.org)
Message-Id: <201710061346.v96Dk56n082196@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: eugen set sender to
 eugen@FreeBSD.org using -f
From: Eugene Grosbein <eugen@FreeBSD.org>
Date: Fri, 6 Oct 2017 13:46:05 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r324364 - head/libexec/ftpd
X-SVN-Group: head
X-SVN-Commit-Author: eugen
X-SVN-Commit-Paths: head/libexec/ftpd
X-SVN-Commit-Revision: 324364
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2017 13:46:06 -0000

Author: eugen (ports committer)
Date: Fri Oct  6 13:46:05 2017
New Revision: 324364
URL: https://svnweb.freebsd.org/changeset/base/324364

Log:
  ftpd(8): fix user context handling.
  
  Apply authenticated user context after update of wtmp(5) at start of session,
  so that ftpd process is not killed by kernel with SIGXFSZ when user has
  "filesize" limit lower than size of system wtmp file. Same applies
  to session finalization: revert to super-user context before update of wtmp.
  
  If ftpd hits limit while writing a file at user request,
  do not get killed with SIGXFSZ instantly but apparently ignore the signal,
  process error and report it to the user, and continue with the session.
  
  PR:		143570
  Approved by:	avg (mentor), mav (mentor)
  MFC after:	1 week

Modified:
  head/libexec/ftpd/ftpd.c

Modified: head/libexec/ftpd/ftpd.c
==============================================================================
--- head/libexec/ftpd/ftpd.c	Fri Oct  6 13:43:16 2017	(r324363)
+++ head/libexec/ftpd/ftpd.c	Fri Oct  6 13:46:05 2017	(r324364)
@@ -430,6 +430,10 @@ main(int argc, char *argv[], char **envp)
 		}
 	}
 
+	/* handle filesize limit gracefully */
+	sa.sa_handler = SIG_IGN;
+	(void)sigaction(SIGXFSZ, &sa, NULL);
+
 	if (daemon_mode) {
 		int *ctl_sock, fd, maxfd = -1, nfds, i;
 		fd_set defreadfds, readfds;
@@ -1196,14 +1200,14 @@ end_login(void)
 #endif
 
 	(void) seteuid(0);
-	if (logged_in && dowtmp)
-		ftpd_logwtmp(wtmpid, NULL, NULL);
-	pw = NULL;
 #ifdef	LOGIN_CAP
 	setusercontext(NULL, getpwuid(0), 0, LOGIN_SETALL & ~(LOGIN_SETLOGIN |
 		       LOGIN_SETUSER | LOGIN_SETGROUP | LOGIN_SETPATH |
 		       LOGIN_SETENV));
 #endif
+	if (logged_in && dowtmp)
+		ftpd_logwtmp(wtmpid, NULL, NULL);
+	pw = NULL;
 #ifdef USE_PAM
 	if (pamh) {
 		if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
@@ -1478,7 +1482,7 @@ skip:
 		}
 	}
 	setusercontext(lc, pw, 0, LOGIN_SETALL &
-		       ~(LOGIN_SETUSER | LOGIN_SETPATH | LOGIN_SETENV));
+		       ~(LOGIN_SETRESOURCES | LOGIN_SETUSER | LOGIN_SETPATH | LOGIN_SETENV));
 #else
 	setlogin(pw->pw_name);
 	(void) initgroups(pw->pw_name, pw->pw_gid);
@@ -1520,6 +1524,10 @@ skip:
 		    (struct sockaddr *)&his_addr);
 	logged_in = 1;
 
+#ifdef	LOGIN_CAP
+	setusercontext(lc, pw, 0, LOGIN_SETRESOURCES);
+#endif
+
 	if (guest && stats && statfd < 0)
 #ifdef VIRTUAL_HOSTING
 		statfd = open(thishost->statfile, O_WRONLY|O_APPEND);
@@ -2770,6 +2778,11 @@ dologout(int status)
 
 	if (logged_in && dowtmp) {
 		(void) seteuid(0);
+#ifdef		LOGIN_CAP
+ 	        setusercontext(NULL, getpwuid(0), 0, LOGIN_SETALL & ~(LOGIN_SETLOGIN |
+		       LOGIN_SETUSER | LOGIN_SETGROUP | LOGIN_SETPATH |
+		       LOGIN_SETENV));
+#endif
 		ftpd_logwtmp(wtmpid, NULL, NULL);
 	}
 	/* beware of flushing buffers after a SIGPIPE */